astalavista.com被milw0rm黑了
注: astalavista.com是国外一个成立较早的商业黑客站点, 96年开始发布各类黑客技术以及漏洞类信息,目前网站全球排名1万九千左右,收费会员在15000人左右.
以下是被黑的一些英文信息:
The Hacking & Security Community
[+] Founded in 1997 by a hacker computer enthusiast
[-] Exposed in 2009 by anti-sec group
From < http://astalavista.com/faq>:
>> 03. Who's behind the site?
>> A team of security and IT professionals, and a countless number of contributors from all over the world.
>> 05. Is it true that the site is visited by script-kiddies and warez fans only?
>>
>> Absolutely not! The audience behind the site consists of home users, worldwide companies and corporations, educational and non-profit organizations, government and
military institutions.
>> All of these have been visiting the site on a daily basis for the past couple of years, contributing in various ways, or requesting services and information.
Why has Astalavista been targeted?
Other than the fact that they are not doing any of this for the "community" but
for the money, they spread exploits for kids, claim to be a security community
(with no real sense of security on their own servers), and they charge you $6.66
per months to access a dead forum with a directory filled with public releases
and outdated / broken services.
We wanted to see how good that "team of security and IT professionals" really is.
Let's begin.
详细请看:astalavista_hacked.txt
附上 包子 的一段注解:
里面两个亮点,一是远程获得apache用户权限的shell,banner是LiteSpeed,看来这玩意有0day,但是又怎么是用apache用户跑的,原来LiteSpeed这东西是和apache绑一起的,大概看了下介绍,主要功能是anti-ddos,这东西貌似还有点意思, 回头玩玩。具体的看http://www.litespeedtech.com/litespeed-web-server-features.html。
[root@front3 ~]# curl -I litespeedtech.com
HTTP/1.1 200 OK
Date: Fri, 05 Jun 2009 22:54:51 GMT
Server: LiteSpeed
另外一个亮点就是localroot了,如果不是udev的话,那么就是RHEL5.3 x64还有一个localroot 0day -_-
有人说astalavista被黑是因为Y拿milw0rm的东西赚钱,这个我觉得就是每个人的尺度问题,有人还把别人写的文章弄成自己写的,还有人把别人的程序改成自己的,多了去了。
http://www.hackbase.com/news/astalavista_hacked.txt
关键字:astalavista.commilw0rm
