Wednesday, February 1, 2012

TinKode-ESET NOD32 Hong Kong Hacked

9:10 PM  Admin  No comments


ESET NOD32 Hong Kong Hacked

Posted by isrtinkode on March 21, 2010
#NOD32 Hong Kong@ VMw4r3 & TinKode
Screenshot:

#cat /etc/passwd
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
v2admin:x:500:500::/home/v2admin:/bin/bash
nod32:x:501:501::/var/www/html:/bin/bash
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
distcache:x:94:94:Distcache:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
uploadfile:x:501:501::/var/www/html/UpFile:/bin/bash
NOD32 URL: http://www.eset.hk/templates_c/
Zone-h URL: http://zone-h.org/mirror/id/10409367
Simple but powerfull!
* We have not changed anything
Thanks!

Read More

TinKode-ESET NOD32 Taiwan Full Disclosure

9:08 PM  Admin  No comments


ESET NOD32 Taiwan Full Disclosure

Posted by isrtinkode on March 22, 2010
#NOD32 Taiwan@ TinKode - Romania
About ESET:
ESET is an IT security company headquartered in Bratislava, Slovakia that was founded in 1992 by the merger of two private companies. The company is privately held and has branch offices in San Diego, California; Wexford, Ireland; London, United Kingdom; Buenos Aires, Argentina; Prague, Czech Republic and Kraków, Poland.
Vulnerable website: www.eset.com.tw to MySQL Injection.

Main Informations:
  • Version : 5.0.45
  • Database: nod32twnew
  • Datadir : /var/lib/mysql/
  • User    : censored

Databases:
  • information_schema
  • mysql
  • nod32twnew

Tables from main database:
  • article
  • category
  • enterprise_apply
  • estore_product
  • estore_product_20100106
  • estore_product_category
  • estore_product_category_20100106
  • estore_product_copy
  • faq_category
  • faq_category_detail
  • game3
  • manager
  • nodtwflash1
  • register
  • regkeyreplace
  • trial30
  • updates
We have permission to access mysql.user accounts:

MySQL.user account:
  • censored  :  censored
Accounts from manager table:
  • admin    :  censored
  • editor   :  censored
  • nod32@tw :  censored
  • soman    :  censored
The accounts are in plain-text… great!
Now some keys from “ censored key censored “:
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
  • J102- censored :J112- censored
~Verry simple!
Other webservers of ESET NOD32 hacked: NOD32 Hong Kong & NOD32 Romania
~Thanks, TinKode

Read More

TinKode-Daily Telegraph websites hacked

9:06 PM  Admin  No comments


Daily Telegraph websites hacked

Posted by isrtinkode on April 15, 2010
Telegraph site hacked by Romanians
The ‘Romanian National Security’ logo on the Telegraph’s hacked site
Part of the Daily Telegraph‘s website has been hacked, apparently by people in Romania who were aggrieved at its identification of “gypsies” and “Romanians”.
Its “Short Breaks” and Wine And Dine sections were both hacked, with the Short Breaks site still up at 12.55pm today, with a picture of a Romanian flag claiming to be for the “Romanian National Security”, some comments in Romanian and the remark in English at the bottom that “Guess what, gypsies aren’t romanians, morons.” It also links to a Russian site which plays an MP3 called The Lonely Shepherd.
Sunbelt Software, which first noticed the hack, said that it had alerted the Telegraph when it noticed the hack.
The method used to hack into the site is not known. Chris Boyd, a researcher at Sunbelt, said that a translation of the text from the page says that the hackers are “sick of seeing garbage like this … calling us Romanians ‘gypsies’.” It also attacks Britain for “broadcasting shitty TV programs like Top Gear”.
But Boyd said that the group is apparently unknown even among Romanian hackers – suggesting that it may be one person with a grievance against the Telegraph.
In March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting that the site has become a target.
A later posting in May on the Hackersblog site suggested that there was a weakness on the Telegraph site that allowed it to be hacked repeatedly.

Read More