Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
🔒 NordVPN Premium – 3 Months
hrdilshan
Updated:
Thursday at 8:29 PM
🚀 Microsoft Office 365 Pro Plus – Lifetime Access! 🚀
hrdilshan
Updated:
Thursday at 8:28 PM
Linkedin Premium Business / Careere /Sales Navigator - 1/2/3/6/9/12 Months - Reddem Link
hrdilshan
Updated:
Thursday at 8:27 PM
Colombo
YEYE 3 in 1 Instant Coffee Mix 50 Sachet
Romeshka
Updated:
Wednesday at 12:16 AM
Colombo
Red Hat Certified System Administrator (RHCSA) - RHEL 10
Sanjeewani95
Updated:
Jul 3, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
News
Hacker Busted in Sri Lanka ( Real Story )
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="viraj_slk" data-source="post: 5452072" data-attributes="member: 51932"><p><span style="font-size: 12px"></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">Ya some of us including me was surprised by this sudden attack on the WPC website. Since it was at the end of war, I thought it must be done by some canadian *%@#!! LTTE supporter. But no, then I got to know about Zonta, who pretty much like ZeroThunder is a kid who is just very curious about hacking stuff. Nothing wrong there. most of us are or were at some stage.</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">I posted this incident on elakiri out of interest earlier</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><a href="http://www.elakiri.com/forum/showthread.php?t=188735" target="_blank">http://www.elakiri.com/forum/showthread.php?t=188735</a></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">Anyway what Zonta did may have been sort of an experiment, which it seems eventually had backfired on him. I think i can guess how he did the hack attack.</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">Pls bear in mind hacking innocent websites that are useful to people, especially as Sri Lankans, defacing a government website is not at all approved <img src="/styles/default/xenforo/smilies/default/dull.gif" class="smilie" loading="lazy" alt=":dull:" title="Dull :dull:" data-shortname=":dull:" /></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">So pls do not try your script kiddie activities on our national sites.</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><strong></strong></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><strong>Okay so here's what <strong><u>I think</u></strong> Zonta got up to</strong> <img src="/styles/default/xenforo/smilies/default/P.gif" class="smilie" loading="lazy" alt=":P" title=":P :P" data-shortname=":P" /></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">Zonta used Shell Upload attack to gain access to the WPC site. You don't need to be so clever for this. </span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">The attacker uses a google dork to find potentially vulnerable websites:</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">so he/she goes to Google and types:</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><em>inurl:upload.php</em></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">Or go to Advanced Search, select 'Date, usage rights, numeric range, and more' and set 'Region:' to Sri Lanka and then use the Google dork</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">you will get a list of SL sites that will probably let you upload files. not all of them are vulnerable. some are. what's common about these sites is that they provide file upload services to users. some of them already got hacked by our curious SL hacking enthusiasts!</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">so you go to such a site, check the way it lets you upload files and if you know what you are doing you can guess whether it's vulnerable. You simple find an r57, c99, c100 etc.. shell and upload it. and that's all!</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">in Zonta's case, he seems to have uploaded a c100 shell. When uploaded to a site and then when accessed, the php script in those uploaded files gets executed and you get a shell prompt into the server where you can manipulate the website. for example you can replace the index file with your hack sigi.</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">you don't always have to upload this malicious file (shell script) in php format. there are some other formats that servers still identify the php code in. not jpg, no that rarely works. </span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">you have to check the file type if you are offering file uploading services. and make the file go through proper validations to see through disguises (malicious scripts in the file etc..). i am still learning about building a proper file upload function and how to make it more secure. a colleague of mine told me that file mime type check alone is not enough as it's set by the client side, therefore can be forged. <em>anyway this para was only for those interested web app developers. read on..</em></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">although WPC have now taken off that mistake of its site, which was their website's file upload section (upload.php), i was still able to find it in google cache until recently. so my doubt was a bit more confirmed. you can't see that cache anymore... </span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'">anyway here's what you can see now on a google search:</span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><img src="http://i27.tinypic.com/e5idc5.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><strong>surprised why Zonta didnt use any proxies. but then again maybe he did... </strong></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><strong></strong></span></span></span></span></p><p><span style="font-size: 12px"><span style="font-size: 15px"><span style="color: blue"><span style="font-family: 'Comic Sans MS'"><strong><em>Proud of our skilled investigators!</em></strong> <img src="/styles/default/xenforo/smilies/default/wink.gif" class="smilie" loading="lazy" alt=";)" title="Wink ;)" data-shortname=";)" /></span></span></span></span></p></blockquote><p></p>
[QUOTE="viraj_slk, post: 5452072, member: 51932"] [SIZE="3"][COLOR="black"][/COLOR] [SIZE="4"][COLOR="blue"] [FONT="Comic Sans MS"] Ya some of us including me was surprised by this sudden attack on the WPC website. Since it was at the end of war, I thought it must be done by some canadian *%@#!! LTTE supporter. But no, then I got to know about Zonta, who pretty much like ZeroThunder is a kid who is just very curious about hacking stuff. Nothing wrong there. most of us are or were at some stage. I posted this incident on elakiri out of interest earlier [URL="http://www.elakiri.com/forum/showthread.php?t=188735"]http://www.elakiri.com/forum/showthread.php?t=188735[/URL] Anyway what Zonta did may have been sort of an experiment, which it seems eventually had backfired on him. I think i can guess how he did the hack attack. Pls bear in mind hacking innocent websites that are useful to people, especially as Sri Lankans, defacing a government website is not at all approved :dull: So pls do not try your script kiddie activities on our national sites. [B] Okay so here's what [B][U]I think[/U][/B] Zonta got up to[/B] :P Zonta used Shell Upload attack to gain access to the WPC site. You don't need to be so clever for this. The attacker uses a google dork to find potentially vulnerable websites: so he/she goes to Google and types: [I]inurl:upload.php[/I] Or go to Advanced Search, select 'Date, usage rights, numeric range, and more' and set 'Region:' to Sri Lanka and then use the Google dork you will get a list of SL sites that will probably let you upload files. not all of them are vulnerable. some are. what's common about these sites is that they provide file upload services to users. some of them already got hacked by our curious SL hacking enthusiasts! so you go to such a site, check the way it lets you upload files and if you know what you are doing you can guess whether it's vulnerable. You simple find an r57, c99, c100 etc.. shell and upload it. and that's all! in Zonta's case, he seems to have uploaded a c100 shell. When uploaded to a site and then when accessed, the php script in those uploaded files gets executed and you get a shell prompt into the server where you can manipulate the website. for example you can replace the index file with your hack sigi. you don't always have to upload this malicious file (shell script) in php format. there are some other formats that servers still identify the php code in. not jpg, no that rarely works. you have to check the file type if you are offering file uploading services. and make the file go through proper validations to see through disguises (malicious scripts in the file etc..). i am still learning about building a proper file upload function and how to make it more secure. a colleague of mine told me that file mime type check alone is not enough as it's set by the client side, therefore can be forged. [I]anyway this para was only for those interested web app developers. read on..[/I] although WPC have now taken off that mistake of its site, which was their website's file upload section (upload.php), i was still able to find it in google cache until recently. so my doubt was a bit more confirmed. you can't see that cache anymore... anyway here's what you can see now on a google search: [IMG]http://i27.tinypic.com/e5idc5.jpg[/IMG] [B]surprised why Zonta didnt use any proxies. but then again maybe he did... [I]Proud of our skilled investigators![/I][/B] ;)[/FONT][/COLOR][/SIZE][/SIZE] [/QUOTE]
Insert quotes…
Verification
Hata thunen beduwama keeyada? (60 bedeema thuna)
Post reply
Top
Bottom