Server Help

Trash Talk - Assassin2684's website was hacked

The Apache - Sat Nov 25, 2006 10:06 am
Post subject: Assassin2684's website was hacked
http://www.assassins-junkyard.com/
lol, i was looking for his little program he made, and i got through to his website to find it out it got hacked... icon_sad.gif
BDwinsAlt - Sat Nov 25, 2006 1:48 pm
Post subject:
This dude is in love with javascripts. Look at the page source.
Quan Chi2 - Sat Nov 25, 2006 6:14 pm
Post subject:
L O L

Sorry Assassin. If you need help, then you know who to call.

You got fucking owned though. You're lucky it wasn't the g00ns.
Purge - Sat Nov 25, 2006 6:20 pm
Post subject:
Apparently this "hacker" uses FrontPage...
Quan Chi2 - Sat Nov 25, 2006 6:22 pm
Post subject:
I bet the shell is still on the server unless the hacker is a newbie. Assassin should find it. And look for a telnet script. (usually a cgi)
Cerium - Sun Nov 26, 2006 2:26 am
Post subject:
...anyone else want this one? Far too easy for me.
Smong - Sun Nov 26, 2006 5:20 am
Post subject:
Looks like someone might be using symantec software too. Infact it looks as if someone did file -> save as on another website, then uploaded that page as the index.
Solo Ace - Sun Nov 26, 2006 7:37 am
Post subject:
I still wonder how this guy hacked the box. Cerium, please explain?
The Apache - Sun Nov 26, 2006 7:53 am
Post subject:
i feel kinda sorry for assassin. icon_sad.gif
hellzlaker - Sun Nov 26, 2006 11:47 am
Post subject:
lol funny you should hack that guys email using som email spamers they send like 100 email a sec...
Maverick - Sun Nov 26, 2006 12:20 pm
Post subject:
If you want to be targeted I suppose you can do that.
Assassin2684 - Sun Nov 26, 2006 1:57 pm
Post subject:
Wow, very strange.. I never even noticed this! I was out of town for a bit. No matter, was working on a different site anyway and was keeping it up for the time being. I dont know how the person did it but whatever.. Ill have it fixed soon.

EDIT: Well, no damage done other then they took the site down.. I dont know who could have done it, its not like I advertised my site except for here and some of my friends. But oh well, pass changed.. Not going to do anything back, they did what they wanted and moved on.
The Apache - Sun Nov 26, 2006 3:23 pm
Post subject:
ah well, lame things like this happen i guess.
Maverick - Sun Nov 26, 2006 3:53 pm
Post subject:
Shit happens (too)
Assassin2684 - Sun Nov 26, 2006 4:41 pm
Post subject:
Well my friend foung the problem. I was searching through my files and came up with a wierd named file that didn't look fimilar, "Backdoor.php". My friend went to my imageupload thing and went in and found what the bug was and uploaded a php file right in there. So I took out my upload script and I guess ill have to see how I can fix that.. The backdoor.php file was acctually pretty neat, gave the person access to all my files. But everything is back to normal now. Fixed the main site to. Thanks for letting me know about this, I probably wouldn't have noticed..
Bak - Sun Nov 26, 2006 5:37 pm
Post subject:
clever, guess that's why sites restrict extentions when uploading files.
Assassin2684 - Sun Nov 26, 2006 7:35 pm
Post subject:
Oh, mine was restricted but it had a bug. I made it so it ould only allow images, jpg, bmp, gif, ect.. Well the script would only look at the extension, so what the guy did was go: backdoor.php.jpg. And then he had his script right on there for use. So I eaither have to fix it to check the whole name or find a new imageupload script.
Cyan~Fire - Sun Nov 26, 2006 9:18 pm
Post subject:
Uhh, backdoor.php.jpg wouldn't work, it would just be sent to the user as a JPEG file.
Assassin2684 - Sun Nov 26, 2006 9:32 pm
Post subject:
Well, my friend tried it and it worked when I went to the uploaded file.. So I dont know. Im pretty sure thats how he got in but its fixed now.. so im happy. Ill have to find a new code for it though.
Smong - Mon Nov 27, 2006 4:19 am
Post subject:
Wouldn't the file permissions have to be execute as well? But I suppose if uploaded files are "php generated files" they might create with rwx (and with the ownership of the webserver).
The Apache - Mon Nov 27, 2006 12:39 pm
Post subject:
Assassin2684 wrote:
But everything is back to normal now. Fixed the main site to. Thanks for letting me know about this, I probably wouldn't have noticed..

no problem. icon_smile.gif this is what boredom does i guess.
Bak - Mon Nov 27, 2006 1:52 pm
Post subject:
Smong wrote:
Wouldn't the file permissions have to be execute as well?
Php is interpreted so all you need is read permission which has to be there so others can get the file.

Although I agree that using .php.jpeg wouldn't work? Unless the webserver program only looks at the first extension, which I doubt.
Assassin2684 - Mon Nov 27, 2006 3:44 pm
Post subject:
Haha, I think thats what it does, BaK.. Pretty stupid, my friend made it a while back and I never bothered to even look though the code. But I am pretty sure thats what it does.
Solo Ace - Mon Nov 27, 2006 3:55 pm
Post subject:
Post the backdoor file and the file upload handler, please.
Assassin2684 - Mon Nov 27, 2006 5:00 pm
Post subject:
Here ya go, I RAR'd them both in one package. Its on my host, link is here:
http://www.assassins-junkyard.com/Upload_stuffs.rar

Dont do anything stupid with it.. lol.
Bak - Mon Nov 27, 2006 6:42 pm
Post subject:
so you're using your own webserver rather than something like apache?
Assassin2684 - Mon Nov 27, 2006 8:05 pm
Post subject:
Umm.. I guess? I use Blue Host for all my hosting needs..
Cyan~Fire - Tue Nov 28, 2006 10:03 am
Post subject:
php.net wrote:
$_FILES['userfile']['type']

The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.


So I guess the attacker just changed his .php MIME type to "image/jpeg" or something, and there ya go.
Bak - Tue Nov 28, 2006 10:10 am
Post subject:
It wasn't the webserver. The handler only checks the mime type of what they're uploading (and not the extension), which can be faked easily.

Code: Show/Hide
$_FILES['userfile']['type']

    The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.


Code: Show/Hide
$allowed_types = array( //Allowed types
        "image/gif" => "gif",
        "image/pjpeg" => "jpg",
        "image/png" => "png",
        "image/bmp" => "bmp",
        "image/jpeg" => "jpg",
    );
   
   
    if(!array_key_exists($_FILES['userfile']['type'], $allowed_types)) { // Check the extension if its allowed
        die(" Invalid file type!</font></center>");
    }



EDIT: you son of a bitch cyan
Cerium - Tue Nov 28, 2006 11:50 am
Post subject:
So basically, the guy uploaded a .php file with some forged http headers to make the uploading script think it was a jpeg?

What were you using to allow uploads (For the love of god, don't say phpbb)?
Assassin2684 - Tue Nov 28, 2006 3:00 pm
Post subject:
No, I dont use phpbb, all I was using was the upload script. Again, I dont know how the person or why the person even did it. Pretty stupid to hack a site thats not even being used lol.
Cyan~Fire - Wed Nov 29, 2006 10:52 am
Post subject:
Pretty stupid to add a random insecure file uploader to your site. Reminds me of something from hackthissite.org. icon_rolleyes.gif
Assassin2684 - Wed Nov 29, 2006 2:54 pm
Post subject:
Haha.. ya, I suppose. But it wasn't realy a random one, its one a friend made. But it was my fault I didn't look at the code. Oh well..
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group