Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
273 lines (137 sloc)
8.27 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>Hacked By Neon-Lenz - Grey-Hat Project</title> | |
| <!-- Hacked By Neon-Lenz --> | |
| <!-- Penetrated as a Grey-Hat Project --> | |
| </head> | |
| <body text="#666666" bgcolor="#000000" link="#CCCCCC" vlink="#CCCCCC" alink="#CCCCCC"> | |
| | |
| <br><font size=+4><b><font color="#CCCCCC">H</font></b><font color="#666666">acked | |
| </font><b><font color="#CCCCCC">B</font></b><font color="#666666">y | |
| </font><b><font color="#CCCCCC">N</font></b><font color="#666666">eon-Lenz</font></font> | |
| <p><b><i> Welcome to NFE Online, a full Internet Service and Content | |
| Provider</i></b> | |
| <br><font color="#CCCCCC">- Secure it like a full Internet Service and | |
| Content Provider would do.</font> | |
| <br><b><i> You are welcome to browse our Public Website or you can | |
| Logon to our private Web Site if you have an account.</i></b> | |
| <br><font color="#CCCCCC">- Public Web site ? External users can browse | |
| even MORE than only your Public Web Site.</font> | |
| <p><font color="#CCCCCC">Clients/Visitors of NFE Online, <b><a href="index.bak">click | |
| here</a></b> to enter the original website.</font> | |
| <p><font size=+2><b><font color="#CCCCCC">T</font></b><font color="#666666">o | |
| </font><b><font color="#CCCCCC">A</font></b><font color="#666666">dmin:</font></font> | |
| <br>I've removed the logs to erase my own presence. I haven't checked your | |
| other directories | |
| <br>nor have i deleted anything from your harddisk. I haven't planted any | |
| backdoors or stolen | |
| <br>any data from your harddisk. My purpose was to warn you and other administrators | |
| <br>who are reading this defacement on any of the hacked archive mirrors, | |
| that their webservers | |
| <br>are potential to some known web-vulnerabilities which can lead to a | |
| <font color="#CCCCCC">hack/defacement</font>. Your | |
| <br>index.htm has been backed up as index.bak. It can be access right | |
| <a href="index.bak">here</a>. | |
| If you need more assistance | |
| <br>into fixing your webserver, then you can contact me at the following | |
| e-mail address : <b><a href="mailto:neonlenz@hushmail.com">neonlenz@hushmail.com</a></b> | |
| <p><img SRC="http://npcdh.hypermart.net/greyhat.jpg" height=216 width=250> | |
| <br><b><font size=+2>---------------------------------</font></b> | |
| <br><b><font size=+2><font color="#CCCCCC"> T</font><font color="#666666">he | |
| </font><font color="#CCCCCC">G</font><font color="#666666">rey-</font><font color="#CCCCCC">H</font><font color="#666666">at | |
| </font><font color="#CCCCCC">P</font><font color="#666666">roject:</font></font></b> | |
| <br><b><font size=+2>----------------------------------</font></b> | |
| <p><font size=+1><font color="#CCCCCC">A</font> <font color="#CCCCCC">S</font>mall | |
| <font color="#CCCCCC">E</font>xplanation<font color="#CCCCCC">:</font></font> | |
| <br>This site was hacked using an<b> "<font color="#CCCCCC">I</font>nput | |
| <font color="#CCCCCC">V</font>alidation | |
| <font color="#CCCCCC">A</font>ttack"</b>. | |
| <br>These kinds of attacks are usually executed by receiving input of external | |
| users. | |
| <br>The input are usually given and received via port 80 which is then | |
| executed by an | |
| <br>ASP/CGI/CFML program. Some script (usually samples from a webserver | |
| software) in your public | |
| <br>directory will then progress the input given by the external user. | |
| There are various vulnerabilities | |
| <br>on the web, some of them allow external users to view and download | |
| files where they shouldn't | |
| <br>have access to, some causes webservers to hang and some even allow | |
| external users to give | |
| <br>commands which are going to be executed locally on the remote webserver. | |
| Those are usually | |
| <br>done by spawning a remote shell using the interpreters cmd.exe (NT-lineages) | |
| or command.com (9x-lineages) ). | |
| <p><font size=+1><font color="#CCCCCC">U</font>pdate: Input Validation | |
| Attacks are not <u><font color="#CCCCCC">ONLY</font></u> limited to NT/9x | |
| running IIS,</font> | |
| <br><font size=+1> | |
| Input Validation Attacks can also be found on IRIX (often seen) and other</font> | |
| <br><font size=+1> | |
| *nix-based servers running any kind of webserver OS with CGI enabled.</font> | |
| <p><font size=+1><b><font color="#CCCCCC">W</font></b>hat <b><font color="#CCCCCC">y</font></b>ou | |
| <b><font color="#CCCCCC">c</font></b>an | |
| <b><font color="#CCCCCC">d</font></b>o | |
| <b><font color="#CCCCCC">t</font></b>o | |
| <b><font color="#CCCCCC">p</font></b>revent | |
| <b><font color="#CCCCCC">t</font></b>hat<b><font color="#CCCCCC">:</font></b></font> | |
| <br>Very simple, by removing all the unnecessarily samples and subdirectories | |
| <br>like <u><font color="#CCCCCC">/cgi-bin</font></u> in your public directory. | |
| If you really have the need to use the | |
| <br>samples or the subdirectories, then you will need to contact your software | |
| <br>vendor for help or just visit your software vendor's website for official | |
| patches. | |
| <p><font size=+1><font color="#CCCCCC">I</font>f you want more info about | |
| <font color="#CCCCCC">C</font>omputer | |
| <font color="#CCCCCC">S</font>ecurity, | |
| visit the following resources:</font> | |
| <p><a href="http://packetstorm.securify.com">Packetstorm</a> - (Biggest | |
| Security-Archive on the web, very up-to-date, community's favorite) | |
| <br><a href="http://www.securityfocus.com">SecurityFocus</a> - (Home of | |
| Bugtraq, the webmasters are well-known to the security-community) | |
| <br><a href="http://www.ntsecurity.nu">NT-Security</a> - (Created some | |
| nice NT-tools for you to test, small and compact, a must) | |
| <br><a href="http://www.wiretrip.net/rfp">Wiretrip</a> (Good resource for | |
| info about Input Validation Attacks, the webmaster is actually the one | |
| who made it famous) | |
| <br><a href="http://www.technotronic.com">Technotronic</a> - (Nice Microsoft | |
| Archive, webmaster is the creator of the famous <font color="#CCCCCC">WinFingerPrint</font>) | |
| <br><a href="http://www.alldas.de">Alldas</a> (Great all-round security | |
| website, hosting hacked websites, exploits. Are you a German Admin?, check | |
| it) | |
| <br><a href="http://www.hack.co.za">Darknet</a> (Hosting exploits, which | |
| you can use to test your own server, also the biggest Exploits archive | |
| on the web) | |
| <br><a href="http://www.attrition.org">Attrition</a> - (famous website, | |
| Government's and the Security Community's favorite, hosts hacked websites). | |
| <p><b>None</b> of those websites mentioned are affiliated with me in any | |
| means, | |
| <br>so don't bother them concerning this defacement. Thank you. | |
| <p><font size=+1><font color="#CCCCCC">P</font>.S. : <font color="#CCCCCC">S</font>orry | |
| for my poor English.</font> | |
| <p><font size=+1><b> </b>-------------------</font> | |
| <br><font size=+1> <b><font color="#CCCCCC">S</font></b>HOUTS <b><font color="#CCCCCC">T</font></b>O:</font> | |
| <br><font size=+1>------------------</font> | |
| <br>/ <b><font color="#CCCCCC">T</font></b>ribunal / <b><font color="#CCCCCC">H</font></b>erbless | |
| / <b><font color="#CCCCCC">F</font></b>ux0r / <b><font color="#CCCCCC">n</font></b>exus | |
| / | |
| <b><font color="#CCCCCC">G</font></b>-Force Pakistan / <b><font color="#CCCCCC">N</font></b>e[r0 | |
| / <b><font color="#CCCCCC">e</font></b>lectr0n / | |
| <br>/ <b><font color="#CCCCCC">d</font></b>islexik / <b><font color="#CCCCCC">p</font></b>r|est | |
| / <b><font color="#CCCCCC">F</font></b>0kus / <b><font color="#CCCCCC">Z</font></b>yvr | |
| / <b><font color="#CCCCCC">A</font></b>ttrition / <b><font color="#CCCCCC">A</font></b>lldas | |
| / <b><font color="#CCCCCC">H</font></b>axordot / <b><font color="#CCCCCC">u</font></b>4ia | |
| / <b><font color="#CCCCCC">s</font></b>leight / | |
| <br>/ <b><font color="#CCCCCC">C</font></b>isco / <b><font color="#CCCCCC">{</font></b>} | |
| / <b><font color="#CCCCCC">N</font></b>ohican / <b><font color="#CCCCCC">D</font></b>arkSky | |
| / <b><font color="#CCCCCC">D</font></b>utch Hackers / <b><font color="#CCCCCC">P</font></b>acketstorm | |
| / <b><font color="#CCCCCC">K</font></b>eyDet89 / | |
| <p><font size=+1>If you want to send me an <a href="mailto:neonlenz@hushmail.com">e-mail</a> | |
| send it to <a href="mailto:neonlenz@hushmail.com">neonlenz@hushmail.com</a></font> | |
| <p><font size=-1>/ Penetrated By <a href="mailto:neonlenz@hushmail.com">Neon-Lenz | |
| </a>as | |
| a <b><font color="#CCCCCC">grey-hat</font></b> project to warn insecure | |
| webservers. /</font> | |
| </body> | |
| </html> | |
| <!-- www.attrition.org web hack mirror - watermark or something --> |