me and toxic thought of havn little fun with cyberhack..for fuckn my site ..so badly
joseph >cyberhack
so in short we just gave him alot of hacked pp money to him as gift :P ..got issues worked out
joseph >cyberhack
xwarlordx said:
ur pp id
leechbot@rocketmail.com
this ryt
Joseph said:
yh
xwarlordx said:
ok send
check
Payment Sent (Unique Transaction ID #80W7917526834771B)
Business Name:
trich Imports
Email:
aiyeki@yahoo.co.uk
Payment Sent to:
leechbot@rocketmail.com
so now
starts teh procedure
hmm fuck tell me
xwarlordx says:
explain man
Joseph says:
and since then u've been using that database so I've been able to get in.
So all you have to do is delete a plugin which has ajax_complete as the hook.
xwarlordx says:
from starting please
i think i missed a chat
got disconnected
Joseph says:
k
Well, I firstly got in by Rapt1le reusing his pass everywhere. (pr0x0r).
So I then injected a webshell via plugins
and since then u've been using that database so I've been able to get in.
So all you have to do is delete a plugin which has ajax_complete as the hook.
are u disconnected again?
xwarlordx says:
no
got it mate
Joseph says:
The following message could not be delivered to all recipients:
So I then injected a webshell via plugins
I got dat lol,
xwarlordx says:
oh i c
Joseph says:
did u get dat part?
xwarlordx says:
yup
thats it ?
Joseph says:
yh. There's no other way I can get in.
xwarlordx says:
but i changed teh cp path etc
u uploaded any file or somethin
?
Joseph says:
I could connect via the database and edit the email on any admins account
so then: forget pass.
that would reset the pass and I could access admincp.
xwarlordx says:
oh i c
ok thanks man
can u give any secuirty tips
etc
Joseph says:
Tell your admins to not re-use passes. Since your on a VPS. It seems it's pretty secure.
xwarlordx says:
re-use ..means?
Joseph says:
Use their passes on other sites.
xwarlordx says:
ok
wer u responsible for database user table deletion
Joseph says:
yep
xwarlordx says:
wen i reupped with 3.8.4 vbulletion
oh
u used teh same method ?
Joseph says:
yep
also let me give u a little advice.
BoxHead has ur info.
I think he rooted your server
delete all plugins with ajax_complete.
xwarlordx says:
huh ok
Joseph says:
and check for any plugin with the name "DEFAULT".
I was speaking to him.
xwarlordx says:
ok
how to prevent from being getting rooted and stuff
Joseph says:
oh shit.
http://belegit.org/showthread.php?t=**
http:/belegit.org/showthread.php?t=**
change root details and remove those shells.
xwarlordx says:
but how to prevent them
he will do it again
Joseph says:
admins need to change their details aswell. He got their password log.
I know how BoxHead works. He rooted ur server through that webshell
and he first got in via Pr0x0r aswell
xwarlordx says:
fuck
Joseph says:
A site Rapt1le registered on got hacked. And he sadly used his pass everywhere.
xwarlordx says:
i need to remove teh ajax_complete
and other DEfault
ryt
Joseph says:
yep
xwarlordx says:
to get rid of teh shell u people injected?
Joseph says:
yes
xwarlordx says:
after removing these will boxhead would be able to
hack again
?
Joseph says:
Don't think so. The info he posted seems to be a month old.
xwarlordx says:
IP Address: 94.102.55.229
Username : root
Password : warez-host
yea noticed
its all becouse of pr0x0r i think
boxhead uses teh same method as u did/?
Joseph says:
Yea. All I do is deface. I don't get root login though. He get's a proper shell on the server and then uses Root exploits to gain root login.
xwarlordx says:
how to make my forum secure
from all these stuff
Joseph says:
I suggest you could hire somebody. I ain't good when it comes to the securing side of things
xwarlordx says:
ok
i dont see plugin named default
Joseph says:
do you see vbulletin 3.7?
or something with the hook: ajax_complete
xwarlordx says:
thats ajax_complete
Joseph says:
yea remove it
xwarlordx says:
yea i deleted that
anything else
?
Joseph says:
Check for ajax_complete as the hook on plugins
if nothing else then he won't be able to get in
xwarlordx says:
btw how to detect or know wen shell is injected
Joseph says:
What I do is, get the webshell program. and see if I can connect via : website.*********ajax.php If I can't. Then I know that no shell is still on the server
xwarlordx says:
ok
Joseph says:
http://belegit.org/showthread.php?t=1 - That's the program
xwarlordx says:
how ur able to point out my admincp path
Joseph says:
In the footer, when logged in as admin it shows the link to admincp lol.
xwarlordx says:
silly stuffs
ur staff in belegit ?
Joseph says:
no
xwarlordx says:
ok
warezconnect is ur site ryt
Joseph says:
yh.
time for dat extra $5?
xwarlordx says:
yeah sure
can u give me some mins
Joseph says:
k
xwarlordx says:
hope u given all information
/?
Joseph says:
Yeah m8 I have
xwarlordx says:
ok alright
toxic has been added to the conversation.
xwarlordx says:
ooops
toxic says:
thanks for info
xwarlordx says:
fuck man ..
toxic says:
xwarlordx says:
ur awesome
i love u
Joseph says:
lol
toxic has left the conversation.
toxic has been added to the conversation.
xwarlordx says:
man
u need 5$ ?
Joseph says:
We agreed on $30 lol.
xwarlordx says:
ok alright
toxic says:
wat if v dont pay $5?
u gonna hack again?
Joseph says:
I won't.
Can't get in anyway now.
>.<
toxic says:
oh
xwarlordx says:
oh ok
sending 5$ now
toxic says:
yeah dude send it
he's guy
just he dont have money
i think u should pay him 10$ instead of 5
xwarlordx says:
hm.m
toxic says:
yeah send $10 to him
xwarlordx says:
ok alright
sending u 10$
toxic has left the conversation.
toxic has been added to the conversation.
xwarlordx says:
hoy
send u 54
5$
check ur pp
now
Joseph says:
didn't get it.
toxic says:
huh
u dint get any money?
Joseph says:
I got the $25 u sent last time.
xwarlordx says:
check ur email or somethin
Joseph says:
u sure u sent to: leechbot@rocketmail.com ?
xwarlordx says:
yea
toxic says:
how much u got?
xwarlordx says:
check ur pp email
so ?
toxic says:
xwarlordx says:
Joseph says:
1 sec
nope didn't get it
xwarlordx says:
hold on
toxic says:
u got
25$ right?
Joseph says:
yh
toxic says:
okay
did u check ur paypal?
Joseph says:
yh
xwarlordx says:
check now
u should have got now
Joseph says:
yea
how much did u send me lol?
xwarlordx says:
shit
50$
Joseph says:
rofl.
xwarlordx says:
damn
Joseph says:
I'll send it bak
xwarlordx says:
nah u keep it
its hacked paypal anyway
Joseph says:
xD
xwarlordx says:
Joseph says:
is dat how u've been paying for ur vps? lol
toxic says:
yeah
xwarlordx says:
yeah
fuck man u got pawned
oops
toxic says:
but hacker cant get pawned?
how did this happen
damn
xwarlordx says:
shit omg ..i just fucked him
Joseph says:
umm how?
toxic says:
ur pp gonna get blacklisted soon
to tell tat
Joseph says:
um. This has happened before.
I'm on a business paypal
and verified
If I have a prob I never get blacklisted
xwarlordx says:
like i care
Joseph says:
so fail
toxic says:
lmao
xwarlordx says:
ur really sure?
wait and see
toxic says:
it vll take min of 6 days
Joseph says:
This has happened before
toxic says:
to solve this issue
from pp
even if ur son of pp
owner
lmao
Joseph says:
lol failing hard.
xwarlordx says:
we just fucked u with 3 paypal account
Joseph says:
XtremeSharez is going down soon
xwarlordx says:
omg ..run now
toxic says:
luck
bitch
Joseph says:
you enjoy your time while it lasts
xwarlordx says:
im enjoying
toxic says:
yeah enjoyin a lot
xwarlordx says:
u enjoy with 75$
toxic says:
and u would be gettin weekly payments from us
lmao
xwarlordx says:
yeah
how much u want ?
Joseph says:
ok
xwarlordx says:
so ull be hacking us again ..ryt
now listen ..
we said this
damn wat am i saying
u GOT OWNED
Joseph says:
lol?
free money and I'm getting OWNED?
FUCK YEA
I've received $300 of hacked money before
you guys think you know me
Well TO ALL NOOBS ON WJUNCTION
toxic says:
u vll get more then tat soon
Joseph says:
CYBERHACK = BOXHEAD
toxic says:
cyberhack - dick head?
xwarlordx says:
wow..omg ..run away
Joseph says:
I just built nice rep on WJunction so I can scam money
toxic says:
Joseph says:
I've received lots of cash from scamming
just last time I got caught
$600 + a 5* katz site
and guess wat?
xwarlordx says:
fuck i care
toxic says:
oh how did u make
Joseph says:
BoxHead = SECUR
xwarlordx says:
secure ur dick
Joseph says:
so all dat shit about WarezTheGFX = me
toxic says:
how u got $600
xwarlordx says:
nice
toxic says:
did u scam katz?
Joseph says:
$300 by pretending to own a warez site. The noob's didn't even ask for proof
then other $100 and $50 assortions of cash from little scams
Joseph has left the conversation.
toxic says:
oh u ran out?
lmao
xwarlordx says:
man he ran away
hes one warez drama queen
toxic says:
yeah
xwarlordx says:
now this shit is for wjunction
so in short we just gave him alot of hacked pp money to him as gift :P ..got issues worked out