Sunday, August 12, 2012

Orinfor.gov.rw hacked #database Leaked


VULNERABILITY DESCRPTION:

Apache httpd Remote Denial of Service
Vulnerability description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server:

http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.


This alert was generated using only banner information.

Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).

This vulnerability affects Web Server.
Discovered by: Scripting (Version_Check.script).
Attack details
Current version is : 2.2.8

Some message and ip addresses from orinfor
SERVER INFO:
Target:http://www.orinfor.gov.rw/
Host IP:41.74.172.227
Web Server:Apache/2.2.8 (Ubuntu)
DB Server:MySQL
Resp. Time(avg):1406 ms
Current User:datareader@localhost
Sql Version:5.0.96-0ubuntu3
Current DB:orinfordb
System User:datareader@localhost
Host Name:orinfor-webbackup
Installation dir:/usr/
DB User & Pass:root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:localhost
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:orinfor-webbackup
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:127.0.0.1
::localhost
::orinfor-webbackup
debian-sys-maint:*D01D02EC3BE8C42F723915A3F8C36D906032D19B:localhost
datareader:*850D7998C8CE8E017B83A5DB0B8F82305246A875:localhost
Data Bases: information_schema
   mysql
   orinfordb
ADMIN PASSWORD 

Table:orinfor_users
Total Rows:5
username             password
imvaho      fe4cdddb852bc8d0df32cb05fb733a5e
lnr              93892f345b15f01bdc8c9c267c1eb5ca
news              d266b45c5d67eae03ce857161f06119c
radio               9276df22aacecc2028fe854c795c3c6d
sylvain       ba6a80be17af442b55003d73f5aaee5b


root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
postgres:x:105:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
orinfor:x:1000:1000:orinfor,,,:/home/orinfor:/bin/bash
ftp:x:106:65534::/home/ftp:/bin/false
mysql:x:107:115:MySQL Server,,,:/var/lib/mysql:/bin/false


à l'adresse
Publié par Rwandan hackers

2 comments:

Subscribe to: Post Comments (Atom)