Liveleak Forums  

Go Back   Liveleak Forums > Community > Announcements

Closed Thread
 
Thread Tools Display Modes
Old 01-20-2015, 03:31 PM   #11
Tinbuk3
Deplorable
 
Tinbuk3's Avatar
 

Join Date: Oct 2007
Location: Basketville USA
Posts: 25,233
Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!
Points: 2,147,536,465, Level: 100
Points: 2,147,536,465, Level: 100 Points: 2,147,536,465, Level: 100 Points: 2,147,536,465, Level: 100
Activity: 67%
Activity: 67% Activity: 67% Activity: 67%
Default

Thomas Silverstein?
Hmm .. cant get I am lord voltemort out of it.
__________________
The fate of those who do not listen are condemned to feel.
Tinbuk3
Tinbuk3 is offline  
Old 01-20-2015, 03:32 PM   #12
Private-Parts
Madoodooniniwag
Duck Tracker Champion El Emigrante Champion Alien Attack Champion
 
Private-Parts's Avatar
 

Join Date: Feb 2007
Location: Suomi
Posts: 6,893
Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!Private-Parts is a forum GOD!!
Points: 1,621,982,820, Level: 100
Points: 1,621,982,820, Level: 100 Points: 1,621,982,820, Level: 100 Points: 1,621,982,820, Level: 100
Activity: 57%
Activity: 57% Activity: 57% Activity: 57%
Default

Quote:
Originally Posted by john1054 View Post
Well this is interesting. I looked up the name the hacker chose for himself-- Thomas Silverstein.

Silverstein is a former Aryan Brotherhood leader who was sent to prison for armed robbery and has committed at least three murders and possibly more in separate incidents while in prison. Two of his victims were prison guards. The cage he is currently kept in is something out of "Silence of the Lambs". The guy is a cult hero for anti-authoritarians.

So it's Vel!
__________________
If you have selfish, ignorant citizens, you're going to get selfish, ignorant leaders.

― George Carlin
Private-Parts is online now  
Old 01-20-2015, 03:40 PM   #13
Tinbuk3
Deplorable
 
Tinbuk3's Avatar
 

Join Date: Oct 2007
Location: Basketville USA
Posts: 25,233
Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!Tinbuk3 is a forum GOD!!
Points: 2,147,536,465, Level: 100
Points: 2,147,536,465, Level: 100 Points: 2,147,536,465, Level: 100 Points: 2,147,536,465, Level: 100
Activity: 67%
Activity: 67% Activity: 67% Activity: 67%
Default

Be glad they didn't change the password.
Have to shut the server down if they did and redo everything.
If that's the case hope you got a clean backup.
__________________
The fate of those who do not listen are condemned to feel.
Tinbuk3
Tinbuk3 is offline  
Old 01-20-2015, 05:08 PM   #14
Xavior
Inconvenient Truther
 
Xavior's Avatar
 

Join Date: Nov 2006
Posts: 3,268
Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!
Points: 164,867,596, Level: 100
Points: 164,867,596, Level: 100 Points: 164,867,596, Level: 100 Points: 164,867,596, Level: 100
Activity: 29%
Activity: 29% Activity: 29% Activity: 29%
Default

This is why I have an offline hash database of all files on my server and backups..

How do we know there isn't a PHP backdoor or botnet C&C running, or even worse: a zero-day dropper being served..

I'm going to assume he had his login stole via malware.. If there is something like a SQL injection or software vulnerability on the server there is still a problem..
__________________
A big load of reality right in your boring face every time I come through
Xavior is offline  
Old 01-20-2015, 05:17 PM   #15
laserjobs
LiveLeaker
 
laserjobs's Avatar
 

Join Date: May 2007
Location: US
Posts: 5,751
laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!laserjobs is a forum GOD!!
Points: 940,751,738, Level: 100
Points: 940,751,738, Level: 100 Points: 940,751,738, Level: 100 Points: 940,751,738, Level: 100
Activity: 6%
Activity: 6% Activity: 6% Activity: 6%
Default

Quote:
Originally Posted by Xavior View Post
This is why I have an offline hash database of all files on my server and backups..

How do we know there isn't a PHP backdoor or botnet C&C running, or even worse: a zero-day dropper being served..

I'm going to assume he had his login stole via malware.. If there is something like a SQL injection or software vulnerability on the server there is still a problem..
If you wonder how it was hacked all you have to look at is the page source
<meta name="generator" content="vBulletin 3.8.1" />
__________________
Liberals, we blame your piss poor "higher education" and the media making you feel like you got "the smarts".
laserjobs is offline  
Old 01-20-2015, 05:23 PM   #16
Xavior
Inconvenient Truther
 
Xavior's Avatar
 

Join Date: Nov 2006
Posts: 3,268
Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!Xavior is a forum GOD!!
Points: 164,867,596, Level: 100
Points: 164,867,596, Level: 100 Points: 164,867,596, Level: 100 Points: 164,867,596, Level: 100
Activity: 29%
Activity: 29% Activity: 29% Activity: 29%
Default

Quote:
Originally Posted by laserjobs View Post
If you wonder how it was hacked all you have to look at is the page source
<meta name="generator" content="vBulletin 3.8.1" />
Yeah.. If they used legacy VB vulnerabilities then they probably have complete DB table dumps, so they have all our emails and hashed passwords and PMs. They probably used the VB salt to INSERT a new pass..

If they have that they have everything, you can leverage anything since VB stores markup in DB in the form of VB templates..

Personally I'd mod a template to use a dropper and have an overnight botnet.. This domain gets massive traffic and has good failover, so you have a C&C too even though it's hard-coded..

I'd be willing to bet most visitors run outdated browsers and don't use updates, so there is malware delivery and privilege escalation..
__________________
A big load of reality right in your boring face every time I come through
Xavior is offline  
Old 01-20-2015, 10:09 PM   #17
LLFM_1
Administrator
 

Join Date: Jun 2009
Posts: 121
LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!LLFM_1 is a forum GOD!!
Default

Quote:
Originally Posted by Xavior View Post
This is why I have an offline hash database of all files on my server and backups..

How do we know there isn't a PHP backdoor or botnet C&C running, or even worse: a zero-day dropper being served..

I'm going to assume he had his login stole via malware.. If there is something like a SQL injection or software vulnerability on the server there is still a problem..
This person had access to a limited admin panel and no backend access.
LLFM_1 is offline  
Old 01-20-2015, 10:15 PM   #18
slacker-
LiveLeaker
 
slacker-'s Avatar
 

Join Date: Dec 1969
Posts: 13,912
slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!slacker- is a forum GOD!!
Points: 1,454,867,873, Level: 100
Points: 1,454,867,873, Level: 100 Points: 1,454,867,873, Level: 100 Points: 1,454,867,873, Level: 100
Activity: 30%
Activity: 30% Activity: 30% Activity: 30%
Default

Quote:
Originally Posted by john1054 View Post
Well this is interesting. I looked up the name the hacker chose for himself-- Thomas Silverstein.

Silverstein is a former Aryan Brotherhood leader who was sent to prison for armed robbery and has committed at least three murders and possibly more in separate incidents while in prison. Two of his victims were prison guards. The cage he is currently kept in is something out of "Silence of the Lambs". The guy is a cult hero for anti-authoritarians.
that's so weird. i'd never even heard of him until now.
slacker- is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:28 PM.