Astalavista.com hacked, including details

原文在这里:http://pastebin.com/f751e9f5b

这里就不发全文了,全文放到txt里了,地址:astalavista_hacked.txt

The Hacking & Security Community
[+] Founded in 1997 by a hacker computer enthusiast
[-] Exposed in 2009 by anti-sec group

From < http://astalavista.com/faq>:
>> 03. Who’s behind the site?
>>
>> A team of security and IT professionals, and a countless number of contributors from all over the world.

>> 05. Is it true that the site is visited by script-kiddies and warez fans only?
>>
>> Absolutely not! The audience behind the site consists of home users, worldwide companies and corporations, educational and non-profit organizations, government and
military institutions.
>> All of these have been visiting the site on a daily basis for the past couple of years, contributing in various ways, or requesting services and information.

Why has Astalavista been targeted?

Other than the fact that they are not doing any of this for the “community” but
for the money, they spread exploits for kids, claim to be a security community
(with no real sense of security on their own servers), and they charge you $6.66
per months to access a dead forum with a directory filled with public releases
and outdated / broken services.

We wanted to see how good that “team of security and IT professionals” really is.

Let’s begin.

详细请看:astalavista_hacked.txt

附上 包子 的一段注解:

里面两个亮点,一是远程获得apache用户权限的shell,banner是LiteSpeed,看来这玩意有0day,但是又怎么是用 apache用户跑的,原来LiteSpeed这东西是和apache绑一起的,大概看了下介绍,主要功能是anti-ddos,这东西貌似还有点意思, 回头玩玩。具体的看http://www.litespeedtech.com/litespeed-web-server-features.html

[root@front3 ~]# curl -I litespeedtech.com
HTTP/1.1 200 OK
Date: Fri, 05 Jun 2009 22:54:51 GMT
Server: LiteSpeed

另外一个亮点就是localroot了,如果不是udev的话,那么就是RHEL5.3 x64还有一个localroot 0day -_-

有人说astalavista被黑是因为Y拿milw0rm的东西赚钱,这个我觉得就是每个人的尺度问题,有人还把别人写的文章弄成自己写的,还有人把别人的程序改成自己的,多了去了。

相关日志

抢楼还有机会... 抢座Rss 2.0或者 Trackback

发表评论