National Oil Corporation of Kenya Defaced by Rwandan hackers

HACKED LINK:http://www.nockenya.co.ke/images/hacked.html


National Oil is state corporation under the Ministry of Energy incorporated in April 1981 and charged with participation in all aspects of the petroleum industry. National Oil has a 100% Government of Kenya shareholding.
National Oil became operational in 1984 and its initial operations were limited to exploration activities delegated from the Ministry of Energy. In 1988, National Oil went downstream and actively started participating in the importation and sale of petroleum products including crude oil, white fuels, lubricants and LPG.
The formation of National Oil was precipitated by the oil crisis of the 1970's(1973/74 and 1979/80) and the correspondent supply disruptions and price hikes which resulted in the country's oil bill comprising of almost one third of the total value of imports and therefore making petroleum the largest single drain of Kenya's foreign exchange earnings.
National Oil was therefore born out a need by the Government of Kenya to have greater control of the petroleum sector which is a crucial determinant of the country’s economic performance. National Oil has since remained the Government’s policy instrument in matters related to oil specifically in the upstream exploration of oil and gas, mid-stream development of petroleum infrastructure and downstream marketing of petroleum products including motor and industrial fuels, lubricants, LPG and related motor consumables and hardware.

                                                       WE ARE BACK KENYA !!!

Orinfor.gov.rw hacked #database Leaked

VULNERABILITY DESCRPTION:

Apache httpd Remote Denial of Service
Vulnerability description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server:

http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.


This alert was generated using only banner information.

Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).

This vulnerability affects Web Server.
Discovered by: Scripting (Version_Check.script).
Attack details
Current version is : 2.2.8

Some message and ip addresses from orinfor

SERVER INFO:
Target:http://www.orinfor.gov.rw/
Host IP:41.74.172.227
Web Server:Apache/2.2.8 (Ubuntu)
DB Server:MySQL
Resp. Time(avg):1406 ms
Current User:datareader@localhost
Sql Version:5.0.96-0ubuntu3
Current DB:orinfordb
System User:datareader@localhost
Host Name:orinfor-webbackup
Installation dir:/usr/
DB User & Pass:root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:localhost
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:orinfor-webbackup
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:127.0.0.1
::localhost
::orinfor-webbackup
debian-sys-maint:*D01D02EC3BE8C42F723915A3F8C36D906032D19B:localhost
datareader:*850D7998C8CE8E017B83A5DB0B8F82305246A875:localhost
Data Bases: information_schema
   mysql
   orinfordb


ADMIN PASSWORD 

Table:orinfor_users
Total Rows:5
username             password
imvaho      fe4cdddb852bc8d0df32cb05fb733a5e
lnr              93892f345b15f01bdc8c9c267c1eb5ca
news              d266b45c5d67eae03ce857161f06119c
radio               9276df22aacecc2028fe854c795c3c6d
sylvain       ba6a80be17af442b55003d73f5aaee5b


root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
postgres:x:105:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
orinfor:x:1000:1000:orinfor,,,:/home/orinfor:/bin/bash
ftp:x:106:65534::/home/ftp:/bin/false
mysql:x:107:115:MySQL Server,,,:/var/lib/mysql:/bin/false

Rwandan diaspora website hacked by Rwandan Hackers #GOV.RW

Rwandan diaspora website have been hacked by Rwandan Hackers
Link:http://jobs.rwandandiaspora.gov.rw/cv/34testRwandanhackers.txt


Vulnerability description
Manual confirmation is required for this alert.


This page is using a weak password. . A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes. 
Affected items
/profileloginconfirm.php 
The impact of this vulnerability
An attacker may access the contents of the password-protected page.


How to fix this vulnerability
Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.

Igihe website infected with malware

It seems that the site igihe.com was infected by a Russian hacker
because igihe.com was redirected to a website host in Russia http://ilulxak.ru /http://nycaqsy.ru .


We wrote an article on vulnerabilities found in igihe.com website some days ago
http://rwandan-hackers.blogspot.fr/2012/07/igihecom-vulnerable-to-xss.html

I think the hacker used this exploit

http://www.exploit-db.com/exploits/9448/ [SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit]

https://badwarebusters.org/main/itemview/7997 [more advice Here ]


I think you’ll find that the site has been compromised because of a leaked password.
Several infections seem to exist on the site.

First of all, check the administrative PC for malware, use multiple AV and Malware scanners to check and remove any found.

Change the password of the FTP, preferably from an alternate PC.

Do NOT store the password in your FTP client.

Find and remove the malware that is on the site:
Your .htaccess file may redirect search engine traffic, so please check the .htaccess file in all folders including above the root folder of the site itself.
You’ve also got a Martuz or variant thereof, so you will likely find iframe or malicious scripts embedded in the various files of your site. Check both normal html/php file as well as Script files.

When all is done and found, you can request a Review from Google Webmaster Tools. This review will take a few hours, but if no suspicious activity is found, then the site will be taken off the suspicious list.

Tools you may find useful, including website scanners:
http://badwarebusters.org/main/itemview/1659#itemblock-3035

Google webmaster tools:
http://www.google.com/webmasters/tools/

Your Diagnostics page:
http://www.google.com/safebrowsing/diagnostic?site=http://igihe.com

The website is under construction

update at 00:12 August 4, 2012:

I saw that they copy this article to explain the nature of the virus

next time do your work and stop copying our work

http://www.igihe.com/igihe-com/the-igihe-project/ubutumwa-bwo-kwisegura-ku-bakunzi-ba-igihe-com.html

www.goviago.com Pown3d By Rwandan Hackers

ADMIN PANEL 

 Goviago hacked by Rwandan Hackers

Go Ltd is a new technological lighted splint raised in 2011; and registered by RDB as a legal IT company. It is new but with excellent performance. GO Ltd has a target of empowering creativity and innovation in technology in Rwanda.
The company is now owned by three entrepreneurs:
SHIKAMA Dioscore, Founder and CEO
MANISHIMWE Alexis, Founder and Human Resources Officer(HRO)
NIYIKIZA Aimable, Co-founder and Technical Director.

Our team is composed of, among others;
1. Eng.RURANGWA Thadée, Assistant Technical Director
2. Eng.Rusa Richard, Head of DDGD (Department of Developers and Graphic Designers)
3. Eng.Niyigena Diogène, Head of DETE(Department of electronics and Telecommunication engineers)
4. HITIMANA N. Emmanuel, Media Analyst

SERVER INFO:
Target:http://www.goviago.com/
Host IP:50.116.99.167
Web Server:Apache
DB Server:MySQL >=5
Resp. Time(avg):517 ms
Current User:goltd@localhost
Sql Version:5.5.23-55
Current DB:goltd_govi
System User:goltd@localhost
Host Name:gator1873.hostgator.com
Installation dir:/usr
DB User: goltd'@'localhost'
Data Bases:information_schema
         goltd_govi

                           MESSAGE TO ADMIN: PLEASE CHANGE THE PASSWORD !!!

Admin Username and Password

WestFm kenya and twendetwende.co.ke Hacked #Dedication to "Kenyan cyber seurity expert"

westfm kenya and twendetwende.co.ke have been hacked by Rwandan Hackers

westfm link:http://westfm.co.ke/index-page-ictcenter.htm

twendetwende link:http://www.twendetwende.co.ke/hotel.php?id=12


West Fm is an independent commercial radio station that is fast growing and a favorite to the population of Western Kenya, North Rift and Eastern Uganda. The station started broadcasting in July 2006. Rating reports from Steadman justify that, the station has rapidly captured the imagination of the people within the region and stands in a league of its own.

West Fm offers comprehensive programs. We focus on issues that affect the region thus; we speak to the community directly as well as giving them a platform to tackle issues affecting their daily lives on radio. As the Region’s fast growing and favorite radio station, West Fm 94.9 & 104.1 will give your products a significant exposure during prime listening times on an exclusive basis.

http://www.twendetwende.co.ke/hotel.php?id=12