begood Posted May 19, 2010 Report Share Posted May 19, 2010 |\___/| -=[ISSUE - NO 1]=- =) ^Y^ (= -=[OF]=- \ ^ / )=*=( ______________________________ __ ____________ _ / \|.-----.--.--.--.-----.-----.--| | ___ ___ _| || | ||| _ | | | | | -__| _ | | . | | . || /| | | |\||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\| | | ______ |__//_// ___/ __ | | | .-----.--.--.-----.| |.-----.--\_).--| ||| | | | -__|_ _| _ || || ||__ --| -__| _ ||| | | |_____|__.__| __|| || ||_____|_____|_____|||_/ \__________________________|__|___| || |___________________| |______| FEATURING ~~~ |\ A present Germanys next Darkmarket ~~~ /()/ brought to you Carders.cc ~~~`\| by some happy ninjas / *//////{<>===[TABLE OF CONTENTS]=====================================- \[================[ INTRO ]==--[================[ OWNAGE ]==--[================[ RM ]==--[================[ PASSES ]==--[================[ IP'S ]==--[================[ OUTRO ]==-- / *//////{<>===[INTRO]=================================================- \Many of you guys may have noticed this breeding German "underground"shit called carders.cc. For those who don't: Carders is a marketplacefull of everything that is illegal and bad. Carding, fraud, drugs,weapons and tons of kiddies. They used to be only a small forum, butafter we erased 1337-crew they got more power. The rats left thesinking ship. The voices told us to own them since carders is ourfault and we had to fix our flaw. So we did.During the ownage they also gave us lulz by showing off theirridiculous configuration skills which had a specific impact on theirsecurity. They actually managed to chmod and chown nearly everythingto 777 and www-user readable. Including their /root directory. ____________________________________________________________________| __ __ || .-----.--.--.-----.| |_.-----.| |--.-----.--.--. || | _ | | | _ || _| -__|| _ | _ |_ _| || |__ |_____|_____||____|_____||_____|_____|__.__| ||________|__|________________________________________________________|| || Zagerus: Zusaetzlich schuetzen auch andere Applikationen wie || beispielsweise "suhosin" die Scripte. ||____________________________________________________________________|Ya sure. However, to put it in a nutshell, here is what we've got. Oand don't forget the uncensored database backup that we prepared,including private messages, passes and their holy priv8 3rd level. ____________________________________________________________________| __ __ || .-----.--.--.-----.| |_.-----.| |--.-----.--.--. || | _ | | | _ || _| -__|| _ | _ |_ _| || |__ |_____|_____||____|_____||_____|_____|__.__| ||________|__|________________________________________________________|| || KRON0S: Seitdem Thanatos und ich hier das sagen haben , haben wir || sehr viel auf DDos protection und Sicherheit gesetzt . ||____________________________________________________________________| \ ____________________________________________________________________| __ __ || .-----.--.--.-----.| |_.-----.| |--.-----.--.--. || | _ | | | _ || _| -__|| _ | _ |_ _| || |__ |_____|_____||____|_____||_____|_____|__.__| ||________|__|________________________________________________________|| || THANAT0S: Nach wie vor werden hier keinerlei IPs geloggt, was euch || jedoch nicht am Nutzen von VPNs hindern soll! ||____________________________________________________________________|We have good and bad news for you. The good news first: THANAT0S didnot lie. Their access.log did not include real user ips and theyoverwrote $_SERVER['REMOTE_ADDR'] with a random ip. Now what's the badnews, you may ask. The Carders.cc admins seemded actually too dumb to disable ALL of the logging, giving us enough possibilites to get what we wanted. Even a LOT more than enough, means we got a lot moreinfo than you might think. Sure, some of you maybe always used a proxy... Most of the administrators and moderators didn't. Did you?>>>ATTENTION! RETARDED PHP CODE ALERT!<<<~$ cat checkit.php<?php @mysql_connect("localhost", "cms_carders_cc", "CSiUvqD2MeTOBDSLIR4Am0DJWnQidedYqoX4Cutn"); @mysql_select_db("smf_carders_cc"); $query_ip = @mysql_query("UPDATE carders_smf_members SET member_ip='0', member_ip2='0' WHERE CHAR_LENGTH(member_ip) >= 2 OR CHAR_LENGTH(member_ip2) >= 2");?>This is how they wipe their logs. Sweet huh?-=[ THANAT0S [ IP: 93.131.107.168 used at 11. May,2010,22:31:47 [ HOST: wprt-5d836ba8.pool.mediaWays.net [ LOCATION: DE, Germany [ ISP: 1&1 Internet AG Wuppertal, 07 - ]=--=[ KRON0S [ IP: 80.226.14.32 used at 11.May,2010,23:32:47 [ HOST: ip-80-226-14-32.vodafone-net.de [ LOCATION: DE, Germany [ ISP: Vodafone D2 GmbH [ - [ IP: 79.221.31.254 used at 11. May,2010,22:16:31 [ HOST: p4FDD1FFE.dip.t-dialin.net [ LOCATION: DE, Germany [ ISP: Deutsche Telekom AG Frankfurt Am Main, 05 - ]=--=[ Zagerus [ IP: 62.227.86.213 used at 11. May,2010,23:37:27 [ HOST: p3EE356D5.dip.t-dialin.net [ LOCATION: DE, Germany [ ISP: Deutsche Telekom AG Hesel, 06 - ]=-So all in all these nice addresses should teach you a lesson. Hopeyou all get some visits soon. /*//////{<>===[OUTRO]=================================================- \ ____________________________________________________________________| __ __ || .-----.--.--.-----.| |_.-----.| |--.-----.--.--. || | _ | | | _ || _| -__|| _ | _ |_ _| || |__ |_____|_____||____|_____||_____|_____|__.__| ||________|__|________________________________________________________|| || Zagerus: Alle neuen privaten Nachrichten werden ab sofort || verschluesselt in der Datenbank gespeichert. ||____________________________________________________________________|~$ grep -ri -A 1 -B 1 base64_encode Sources/Subs-Post.php // Encode the message $message = base64_encode($message); $encoded = 1;Oh noes, blimey. We are screwed, they encoded their messages withbase64. We had to surrender at this point. Their protection system wasjust too good. Nearly unbreakable. Like THANAT0S said: ____________________________________________________________________| __ __ || .-----.--.--.-----.| |_.-----.| |--.-----.--.--. || | _ | | | _ || _| -__|| _ | _ |_ _| || |__ |_____|_____||____|_____||_____|_____|__.__| ||________|__|________________________________________________________|| || THANAT0S: Ein neuer Rootserver, mehr Protection! (Hosting in || Moskau/Ukraine) ||____________________________________________________________________|To the carders.cc admins: Recommendation No.1 - THE ANAL PROBINATOR ______ / ____ \ ___________/_|----|_\_____________ _______/||/,-.\|||||||----|__ ____ .--' ,-| __/--' |o| `-----|____|-' | \ \ ( |___(o7 \4b\ | |___ >---< <`. >-| __/------.\4b\ ,---| |--' | /db`.> ( | (o7|||||||| |o| |||||----|____ | /d88[( `-|__/----,-""""""""">--|____|---' |__/d88P / <____/----------<___|____|_____________/ \ `----' / `------' AND NOW ITS TIME FOR OUR FIRST ... ______________________________________________________________________IlapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapsIIsl_______l__slapslapslapsla_______a__lap__apslapslapslaps__pslap__apIIp| __| |.---.-.-----.| _ | |_| |_.---.-.----.| |--.| |aIIa|__ | || _ | _ || | _| _| _ | __|| < |__|lIIl|_______|__||___._| __||___|___|____|____|___._|____||__|__||__|sIIslapslapslapslapsla|__|pslapslapslapslapslapslapslapslapslapslapslapIIpslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslapslaI Addressed to all the lamers out thereDEIM0S - You get a SlapAttack since you were responsible for security we heard. You did a great job dude, n1. ____________________________________________________________________| __ __ || .-----.--.--.-----.| |_.-----.| |--.-----.--.--. || | _ | | | _ || _| -__|| _ | _ |_ _| || |__ |_____|_____||____|_____||_____|_____|__.__| ||________|__|________________________________________________________|| || Juri: alles was von Deimos gemacht worden war ,war 100 % fach- || maennisch und 1000% sicher. ||____________________________________________________________________|Zagerus - The "techadmin". Who taught you to be techadmin? You wrote this anti ddos script right? SlapAttack for you!$~ cat ipz.php<?php $logfile= './ddoslogz.html'; $IP = getenv("HTTP_X_FORWARDED_FOR"); $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$IP.'>'.$IP.'</a>'; /*$fp = fopen($logfile, "a"); @fwrite($fp, $logdetails); @fwrite($fp, "<br>"); @fclose($fp);*/ echo "<center><h3>DDoS-Attacke</h3></center>\nWir stehen zur Zeit unter DDoS. Der Login blockt die Abfragen etwas ab.<br /><br />\n<strong>Bitte geben Sie als Benutzernamen und Passwort \"ddos\" ein.</strong><br /><br />Vielen Dank fuer Ihr Verstaendnis!";?>THANAT0S, KRON0S - Great admins, everyone should be like you. And btw you suck at choosing nicknames. SlapAttack!fred777 - You have actually not a lot to do with this, but you get a SlapAttack because we hate you. Ok not only for that... You are simply lame and dumb and you suck at almost everything you do. We recommend you to fuck off and take our orders at burger king THANX.So thats all actually.And btw to all the other supporters of pseudo German undergroud shit:The ninja guys piss on you and your half trained monkeys or whatever your leet underground team consists of. If you continue, you will be owned over again and rm'd twice. Also we will punch you in the face. Have a good day |\_ /()/ `\| and stay happy <3http://www.pastie.org/966482.txt?key=9qnkkrnoqukzk4zl9g7og Quote Link to comment Share on other sites More sharing options...
Guest .TinKode. Posted May 19, 2010 Report Share Posted May 19, 2010 http://tinkode.es/carders.ccHere complete Quote Link to comment Share on other sites More sharing options...
Flubber Posted May 19, 2010 Report Share Posted May 19, 2010 ./sshd starttoptopmakemake install cleanmake install cleanmake deinstall./apache22 startmake install cleanmake install clean./apache22 start./apache22 start Kidding, super ownage Quote Link to comment Share on other sites More sharing options...
alex_owners Posted May 19, 2010 Report Share Posted May 19, 2010 wow...........goood god Quote Link to comment Share on other sites More sharing options...
