Site Got Hacked.. Just Wondering how they did it!

Home

hacking

tournaments

projects

friends

Help

Search

Login

Register

May 23, 2012, 01:13:44 AM

Welcome, Guest. Please login or register.

News: THC is up and running !

advertisement:

Tools & Design: Hack Challenges Tournaments & Scripts > Hacks and Cracks > Scene Related Questions > Site Got Hacked.. Just Wondering how they did it!

Pages: [1]

« previous next »

Author

Topic: Site Got Hacked.. Just Wondering how they did it! (Read 5622 times)

thomen

Newbie

Karma: +0/-0
Posts: 1

thc title: 3t3rn4l n00b
thc points: 0
challenges: (0/83)

Site Got Hacked.. Just Wondering how they did it!

« on: June 01, 2011, 12:55:31 AM »

Share on Facebook

Facebook Share

Hi Guys,
a friends site got hacked today with an index.php file being uploaded to the root with the following:

Code:

<script>var U7=window,W8=document;var a1="%0A%3C%21DOCTYPE%20HTML%20PUBLIC%20%22-//W3C//DTD%20XHTML%201.0%20Transitional//EN%22%20%22http%3A//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd%22%3E%0A%3Chtml%20xmlns%3D%22http%3A//www.w3.org/1999/xhtml%22%3E%3Chead%3E%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%3E%3Ctitle%3E%0A%21%20Hacked%20By%20ScOrPiOn-Tn%20%21%20%20%3C/title%3E%3Ctitle%3EHacked%20By%20ScOrPiOn-Tn%3C/title%3E%0A%3Cstyle%20type%3D%22text/css%22%3E%0A%3C%21--%0A.style1%20%7Bcolor%3A%20%23FFFFFF%7D%0A.style2%20%7Bcolor%3A%20%2300FF33%7D%0A.style3%20%7Bcolor%3A%20%23FF0000%7D%0A.style6%20%7Bcolor%3A%20%23FFFFFF%3B%20font-style%3A%20italic%3B%20%7D%0A.style7%20%7Bcolor%3A%20%23FFFFFF%3B%20font-size%3A%2012px%3B%20%7D%0A--%3E%0A%3C/style%3E%0A%3C/head%3E%3Cbody%20bgcolor%3D%22%23000000%22%3E%3Cdiv%20style%3D%22margin%3A%2010px%20auto%3B%20text-align%3A%20center%3B%20width%3A%20100%25%3B%20height%3A%2060px%3B%22%3E%3Ca%20href%3D%22http%3A//www.7skyshop.com/%22%20target%3D%22_blank%22%3E%3C/a%3E%0A%3C/div%3E%0A%0A%0A%3Cscript%20language%3D%22JavaScript%22%3E%0Afunction%20openpupup%28url%29%7B%0Awindow.open%28url%2C%22%22%2C%22toolbar%3DNo%2Cmenubar%3DNo%2Clocation%3DNo%2Cscrollbars%3DNo%2Cresizable%3DYes%2Cstatus%3DNo%2Cwidth%3D436%2Cheight%3D535%2Cleft%3D250%2Ctop%3D175%22%29%3B%0A%7D%0Afunction%20cmanresult%28url%29%7B%0Awindow.open%28url%2C%22%22%2C%22toolbar%3DNo%2Cmenubar%3DNo%2Clocation%3DNo%2Cscrollbars%3DNo%2Cresizable%3DYes%2Cstatus%3DNo%2Cwidth%3D650%2Cheight%3D500%2Cleft%3D250%2Ctop%3D175%22%29%3B%0A%7D%0A%3C/script%3E%0A%0A%0A%0A%3Cstyle%3E%0Atd%20%7Bbackground-color%3A%20%231f1f1f%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A9pt%3B%20color%3A%23ffffff%3B%20border-color%3A%20%23ffffff%3Bborder-width%3A1pt%3B%20border-style%3Asolid%3B%20border-collapse%3Acollapse%3Bpadding%3A0pt%203pt%3Bvertical-align%3Atop%3B%20%7D%0Atable%20%7Bborder-left%3A1pt%20dash%20%2388aace%3B%20border-right%3A1pt%20dash%20%2388aace%3B%20border-top%3A0pt%20dash%20%2388aace%3B%20border-bottom%3A0pt%20dash%20%2388aace%3B%20%7D%0AA%3ALink%2C%20A%3AVisited%20%7B%20color%3A%20%2388aace%3B%20%7D%0AA.no%3ALink%2C%20A.no%3AVisited%20%7B%20color%3A%20%2388aace%3Btext-decoration%3A%20none%3B%20%7D%0AA%3AHover%2C%20A%3AVisited%3AHover%20%2C%20A.no%3AHover%2C%20A.no%3AVisited%3AHover%20%7B%20color%3A%20%2388aace%3B%20background-color%3A%232e2e2e%3B%20text-decoration%3A%20overline%20underline%3B%20%7D%0A%3C/style%3E%0A%0A%0A%3Ca%20false%3D%22%22%20bgcolor%3D%22%23000000%22%3E%0A%3C/a%3E%3Cdiv%20align%3D%22center%22%3E%3Cspan%20style%3D%22height%3A%2050px%3B%22%3E%0A%3Cstyle%3E.layermensaje%20%7B%0AFONT-SIZE%3A%2010pt%3B%20COLOR%3A%20%232e2e2e%3B%20LINE-HEIGHT%3A%2010pt%3B%20FONT-FAMILY%3A%20%22Arial%22%0A%7D%0A.style1%20%7B%0Acolor%3A%20%23FFFFFF%3B%0A%7D%0A%3C/style%3E%0A%3Ca%20false%3D%22%22%20bgcolor%3D%22%23000000%22%3E%3Cfont%20style%3D%22font-size%3A%208pt%3B%22%20face%3D%22Courier%20New%22%3E%0A%0A%0A%0A%0A%3Cscript%20type%3D%22text/javascript%22%3E%0Avar%20charIndex%20%3D%20-1%3B%0Avar%20stringLength%20%3D%200%3B%0Avar%20inputText%3B%0Afunction%20writeContent%28init%29%7B%0Aif%28init%29%7B%0AinputText%20%3D%20document.getElementById%28%27contentToWrite%27%29.innerHTML%3B%0A%7D%0Aif%28charIndex%3D%3D-1%29%7B%0AcharIndex%20%3D%200%3B%0AstringLength%20%3D%20inputText.length%3B%0A%7D%0Avar%20initString%20%3D%20document.getElementById%28%27myContent%27%29.innerHTML%3B%0AinitString%20%3D%20initString.replace%28/%3CSPAN.*%24/gi%2C%22%22%29%3B%0A%0Avar%20theChar%20%3D%20inputText.charAt%28charIndex%29%3B%0Avar%20nextFourChars%20%3D%20inputText.substr%28charIndex%2C4%29%3B%0Aif%28nextFourChars%3D%3D%27%3CBR%3E%27%20%7C%7C%20nextFourChars%3D%3D%27%3Cbr%3E%27%29%7B%0AtheChar%20%3D%20%27%3CBR%3E%27%3B%0AcharIndex+%3D3%3B%0A%7D%0AinitString%20%3D%20initString%20+%20theChar%20+%20%22%3CSPAN%20id%3D%27blink%27%3E_%3C/SPAN%3E%22%3B%0Adocument.getElementById%28%27myContent%27%29.innerHTML%20%3D%20initString%3B%0A%0AcharIndex%20%3D%20charIndex/1%20+1%3B%0Aif%28charIndex%252%3D%3D1%29%7B%0Adocument.getElementById%28%27blink%27%29.style.display%3D%27none%27%3B%0A%7Delse%7B%0Adocument.getElementById%28%27blink%27%29.style.display%3D%27inline%27%3B%0A%7D%0A%0Aif%28charIndex%3C%3DstringLength%29%7B%0AsetTimeout%28%27writeContent%28false%29%27%2C90%29%3B%0A%7Delse%7B%0AblinkSpan%28%29%3B%0A%7D%0A%7D%0A%0Avar%20currentStyle%20%3D%20%27inline%27%3B%0Afunction%20blinkSpan%28%29%7B%0Aif%28currentStyle%3D%3D%27inline%27%29%7B%0AcurrentStyle%3D%27none%27%3B%0A%7Delse%7B%0AcurrentStyle%3D%27inline%27%3B%0A%7D%0Adocument.getElementById%28%27blink%27%29.style.display%20%3D%20currentStyle%3B%0AsetTimeout%28%27blinkSpan%28%29%27%2C300%29%3B%0A%0A%7D%0A%0A%0Amsg%20%3D%20%22Hacked%20By%20ScOrPiOn-Tn%22%3B%0A%0Amsg%20%3D%20%22%20%22%20+%20msg%3Bpos%20%3D%200%3B%0Afunction%20scrollMSG%28%29%20%7B%0Adocument.title%20%3D%20msg.substring%28pos%2C%20msg.length%29%20+%20msg.substring%280%2C%20pos%29%3B%0Apos++%3B%0Aif%20%28pos%20%3E%20msg.length%29%20pos%20%3D%200%0Awindow.setTimeout%28%22scrollMSG%28%29%22%2C200%29%3B%0A%7D%0AscrollMSG%28%29%3B%0A%3C/script%3E%0A%3C/font%3E%3C/a%3E%0A%3Cp%3E%0A%3Cimg%20border%3D%220%22%20src%3D%22http%3A//www.tunisia-sec.com/HaCkeD-2.gif%22%3E%3C/p%3E%0A%3Cp%3E%26nbsp%3B%3C/p%3E%0A%0A%3Ctable%20height%3D%220%22%20width%3D%22350%22%3E%0A%3Ctbody%3E%3Ctr%3E%0A%3Ctd%3E%0A%3Cdiv%20id%3D%22myContent%22%3E%0A%0A%0A%3Cp%20align%3D%22center%22%3EGame%20Over%20Admin%20%21%3Cbr%3E%0A%0A%0A%3Cspan%20style%3D%22display%3A%20none%3B%22%20id%3D%22blink%22%3E_%3C/span%3E%3C/div%3E%0A%3Ccenter%3E%0A%3Cdiv%20id%3D%22contentToWrite%22%20style%3D%22display%3A%20none%3B%22%20text-decoration%3A%3D%22%22%20overline%3D%22%22%20class%3D%22tip%22%3E%0AConnecting%20To%20The%20Server.%20Please%20Wait%20.%20.%20.%20%0A%3Cbr%3E%20Connection%20Established.%0A%0A%3Cbr%3E%20root%5B@%5DUser%3A%20ScOrPiOn-Tn%20%0A%3Cbr%3E%20root%5B@%5DPass%3A%20************%0A%0A%3Cbr%3E%20root%5B@%5Dhome%3A%20Login%20Completed.%0A%3Cbr%3E%20root%5B@%5Dhome%3A%20Upload%20Index.php%0A%3Cbr%3E%20root%5B@%5Dhome%3A%20Upload%20Complete.%0A%3Cbr%3E%20root%5B@%5DMessage%3AThis%20Site%20Hacked%20By%3A%20ScOrPiOn-Tn%20%20%0A%3Cbr%3E%20root%5B@%5DMessage%3A%20Contact%3A%20ScOrPiOn_Tn@ViP.Cn%20%3A%29%0A%3Cbr%3E%20root%5B@%5DMessage%3A%20ProGrammeD%20By%20%3A%20ScOrPiOn-Tn%0A%3Cbr%3E%20root%5B@%5Dhome%3A%20Logout%20Completed.%3C/div%3E%0A%0A%3C/center%3E%3C/td%3E%0A%3C/tr%3E%0A%0A%3C/tbody%3E%3C/table%3E%0A%0A%0A%0A%0A%3Cp%20class%3D%22style1%22%3E%3Ca%20false%3D%22%22%20bgcolor%3D%22%23000000%22%3E%3Cfont%20style%3D%22font-size%3A%2010pt%3B%22%20face%3D%22Courier%20New%22%3E%0A%26nbsp%3B%3C/font%3E%3C/a%3E%3C/p%3E%0A%3C/span%3E%0A%3Cp%20class%3D%22style1%22%3E%3Cspan%20style%3D%22height%3A%2050px%3B%22%3E%3Ca%20false%3D%22%22%20bgcolor%3D%22%23000000%22%3E%20%3Cspan%20class%3D%22style1%22%3E%0A%3Cscript%20type%3D%22text/javascript%22%3E%0AwriteContent%28true%29%3B%0A%3C/script%3E%0A%0A%0A%0A%3C/span%3E%3C/a%3E%3C/span%3E%3Cspan%20class%3D%22style1%22%3E%3Ca%20false%3D%22%22%20bgcolor%3D%22%23000000%22%3E%26nbsp%3BSite%20%0AHacked%20By%3A%20%3C/a%3E%3C/span%3E%3Cspan%20class%3D%22style3%22%3EScOrPiOn-Tn%3C/span%3E%3C/p%3E%0A%0A%3Cp%20class%3D%22style6%22%3E%20%5B%3Cspan%20class%3D%22style3%22%3E%20Legend%3C/span%3E%20Was%20Here%20%5D%20%3C/p%3E%0A%3Cp%20class%3D%22style7%22%3E%3Cspan%20class%3D%22style2%22%3E%20%3Cspan%20class%3D%22style1%22%3E%3A%3A%3C/span%3E%20We%3C/span%3E%20%0A%0ALove%3Cspan%20class%3D%22style3%22%3E%20TuNiSiA%20%3C/span%3E%3A%3A%3C/p%3E%0A%0A%3C/div%3E%0A%3C/body%3E%3C/html%3E%0A%0A%3C/html%3E%0A%3Ccenter%3E%3Cobject%20type%3D%22application/x-shockwave-flash%22%20data%3D%22http%3A//flash-mp3-player.net/medias/player_mp3_mini.swf%22%20width%3D%22200%22%20height%3D%2220%22%3E%3Cparam%20name%3D%22movie%22%20value%3D%22http%3A//flash-mp3-player.net/medias/player_mp3_mini.swf%22%3E%3Cparam%20name%3D%22bgcolor%22%20value%3D%22%23000000%22%3E%3Cparam%20name%3D%22FlashVars%22%20value%3D%22mp3%3Dhttp%3A//queenshomepost.com/tmp/SAW_Remix.mp3%26amp%3Bautoplay%3D1%22%3E%3C/object%3E%3C/center%3E%3Cbr%3E%3Cbr%3E%0A%0A";function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();</script>

scorpion-tn from the gaza hacking team did the hack.. I'm really curious to understand how he did it so I can better the site's security..

It's running wordpress..


	Logged

zomgwtfbbq

Challenge Coder
Administrator
Hero Member

Karma: +31340/-1
Posts: I am a geek!!

thc title: thc elite
thc points: 3315
challenges: (69/83)

Re: Site Got Hacked.. Just Wondering how they did it!

« Reply #1 on: June 04, 2011, 04:34:51 PM »

Share on Facebook

Facebook Share

Sorry for my late reply, was extremely busy...anyway it seems like this vulnerability:

only registered users with at least 25 hack challenge points can see links:
click here in order to visit the hack challenges

http://www.exploit-db.com/exploits/16181/

There are multiple vulnerabilities around in multiple versions, usually those defacements are just exploited by ppl using google dorks in order to locate vulnerable sites, so in your friend's case.. he just had bad luck.


	Logged

only registered users with at least 25 hack challenge points can see links:
click here in order to visit the hack challenges

Ook al ben ik een slet toch houdt ik van je..

Pages: [1]

« previous next »

Jump to:

Related Topics
		Subject	Started by	Replies	Views	Last post
		RSS: Kaspersky's Download Site Hacked Directs Users To Fake Anti-Virus Security News	zomgwtfbbq	0	68	October 20, 2010, 01:28:53 AM by zomgwtfbbq
		RSS: Lib Dems Web Site Hacked Security News	zomgwtfbbq	0	71	October 18, 2010, 12:10:18 AM by zomgwtfbbq
		RSS: R/C PPM hacked Hacking RSS Tutorials	zomgwtfbbq	0	60	October 02, 2010, 06:05:42 PM by zomgwtfbbq
		RSS: Apple's iOS 4 already hacked Internet News	zomgwtfbbq	0	60	June 23, 2010, 07:23:27 PM by zomgwtfbbq
		RSS: PS3 hacked! Hacking RSS Tutorials	zomgwtfbbq	0	58	January 24, 2010, 11:13:08 PM by zomgwtfbbq
		RSS: TI-nspire hacked Hacking RSS Tutorials	zomgwtfbbq	0	60	January 01, 2010, 11:43:09 AM by zomgwtfbbq
		MSN Website Hacked Security News	zomgwtfbbq	0	80	April 22, 2009, 01:55:01 AM by zomgwtfbbq
		Aussie Clarification Site Hacked In Censorship Protest Security News	zomgwtfbbq	0	69	March 27, 2009, 08:56:59 AM by zomgwtfbbq
		Ohio election Web site shut down after hacked Internet News	zomgwtfbbq	0	75	October 22, 2008, 03:16:01 AM by zomgwtfbbq

SMF Board hacked and modded by zomgwtfbekjam aka Rembo from Tools & Design