Server Help

The Apache

http://www.assassins-junkyard.com/
lol, i was looking for his little program he made, and i got through to his website to find it out it got hacked...

BDwinsAlt · Posted: Sat Nov 25, 2006 1:48 pm *Post maybe stupid* Post subject:

This dude is in love with javascripts. Look at the page source.

Quan Chi2 · Posted: Sat Nov 25, 2006 6:14 pm *Post maybe stupid* Post subject:

L O L

Sorry Assassin. If you need help, then you know who to call.

You got fucking owned though. You're lucky it wasn't the g00ns.

Purge · Posted: Sat Nov 25, 2006 6:20 pm *Post maybe stupid* Post subject:

Apparently this "hacker" uses FrontPage...

Quan Chi2 · Posted: Sat Nov 25, 2006 6:22 pm *Post maybe stupid* Post subject:

I bet the shell is still on the server unless the hacker is a newbie. Assassin should find it. And look for a telnet script. (usually a cgi)

Cerium · Posted: Sun Nov 26, 2006 2:26 am *Post maybe stupid* Post subject:

...anyone else want this one? Far too easy for me.
_________________
There are 7 user(s) ignoring me right now.

Smong · Posted: Sun Nov 26, 2006 5:20 am *Post maybe stupid* Post subject:

Looks like someone might be using symantec software too. Infact it looks as if someone did file -> save as on another website, then uploaded that page as the index.
_________________
ss news

Solo Ace · Posted: Sun Nov 26, 2006 7:37 am *Post maybe stupid* Post subject:

I still wonder how this guy hacked the box. Cerium, please explain?

The Apache · Posted: Sun Nov 26, 2006 7:53 am *Post maybe stupid* Post subject:

i feel kinda sorry for assassin.

hellzlaker · Posted: Sun Nov 26, 2006 11:47 am *Post maybe stupid* Post subject:

lol funny you should hack that guys email using som email spamers they send like 100 email a sec...

Maverick · Posted: Sun Nov 26, 2006 12:20 pm *Post maybe stupid* Post subject:

If you want to be targeted I suppose you can do that.
_________________

Nickname: Maverick (I changed my name!)
TWCore developer | Subspace statistics

Assassin2684 · Posted: Sun Nov 26, 2006 1:57 pm *Post maybe stupid* Post subject:

Wow, very strange.. I never even noticed this! I was out of town for a bit. No matter, was working on a different site anyway and was keeping it up for the time being. I dont know how the person did it but whatever.. Ill have it fixed soon.

EDIT: Well, no damage done other then they took the site down.. I dont know who could have done it, its not like I advertised my site except for here and some of my friends. But oh well, pass changed.. Not going to do anything back, they did what they wanted and moved on.

The Apache · Posted: Sun Nov 26, 2006 3:23 pm *Post maybe stupid* Post subject:

ah well, lame things like this happen i guess.

Maverick · Posted: Sun Nov 26, 2006 3:53 pm *Post maybe stupid* Post subject:

Shit happens (too)

Assassin2684 · Posted: Sun Nov 26, 2006 4:41 pm *Post maybe stupid* Post subject:

Well my friend foung the problem. I was searching through my files and came up with a wierd named file that didn't look fimilar, "Backdoor.php". My friend went to my imageupload thing and went in and found what the bug was and uploaded a php file right in there. So I took out my upload script and I guess ill have to see how I can fix that.. The backdoor.php file was acctually pretty neat, gave the person access to all my files. But everything is back to normal now. Fixed the main site to. Thanks for letting me know about this, I probably wouldn't have noticed..

Bak · Posted: Sun Nov 26, 2006 5:37 pm *Post maybe stupid* Post subject:

clever, guess that's why sites restrict extentions when uploading files.
_________________
SubSpace Discretion: A Third Generation SubSpace Client

Assassin2684 · Posted: Sun Nov 26, 2006 7:35 pm *Post maybe stupid* Post subject:

Oh, mine was restricted but it had a bug. I made it so it ould only allow images, jpg, bmp, gif, ect.. Well the script would only look at the extension, so what the guy did was go: backdoor.php.jpg. And then he had his script right on there for use. So I eaither have to fix it to check the whole name or find a new imageupload script.

Cyan~Fire · Posted: Sun Nov 26, 2006 9:18 pm *Post maybe stupid* Post subject:

Uhh, backdoor.php.jpg wouldn't work, it would just be sent to the user as a JPEG file.
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.

Assassin2684 · Posted: Sun Nov 26, 2006 9:32 pm *Post maybe stupid* Post subject:

Well, my friend tried it and it worked when I went to the uploaded file.. So I dont know. Im pretty sure thats how he got in but its fixed now.. so im happy. Ill have to find a new code for it though.

Smong · Posted: Mon Nov 27, 2006 4:19 am *Post maybe stupid* Post subject:

Wouldn't the file permissions have to be execute as well? But I suppose if uploaded files are "php generated files" they might create with rwx (and with the ownership of the webserver).

The Apache · Posted: Mon Nov 27, 2006 12:39 pm *Post maybe stupid* Post subject:

Bak · Posted: Mon Nov 27, 2006 1:52 pm *Post maybe stupid* Post subject:

Assassin2684 · Posted: Mon Nov 27, 2006 3:44 pm *Post maybe stupid* Post subject:

Haha, I think thats what it does, BaK.. Pretty stupid, my friend made it a while back and I never bothered to even look though the code. But I am pretty sure thats what it does.

Solo Ace · Posted: Mon Nov 27, 2006 3:55 pm *Post maybe stupid* Post subject:

Post the backdoor file and the file upload handler, please.

Assassin2684 · Posted: Mon Nov 27, 2006 5:00 pm *Post maybe stupid* Post subject:

Here ya go, I RAR'd them both in one package. Its on my host, link is here:
http://www.assassins-junkyard.com/Upload_stuffs.rar

Dont do anything stupid with it.. lol.