Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

WHMCS Hacked - Page 16
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

WHMCS Hacked

11314161819

Comments

  • @onepound - This 0day old. Saudi hacker use sql 0day for months. There one for Solusvm for no money vps, delete vps, suspend vps

  • subigosubigo Member

    I'm telling you guys... if anyone has a 0day in their pocket, it's coming soon and you probably won't hear about it for weeks/months.

  • SpencerSpencer Member

    @subigo said: I'm telling you guys... if anyone has a 0day in their pocket, it's coming soon and you probably won't hear about it for weeks/months.

    I doub't there will be anything big and groundbreaking. The PHP code has always been available if you decrypted the ioncube.

  • jarlandjarland Administrator

    This probably did put a bigger target on their heads though, at least for a while. Wannabe hackers who previously didn't know much about WHMCS probably have it on their radar now. I'm not really sure what is to come, but I'd say everyone using it needs to keep a close eye on how things develop over the next month or two.

  • subigosubigo Member

    @PytoHost said: I doub't there will be anything big and groundbreaking. The PHP code has always been available if you decrypted the ioncube.

    No it hasn't. At best, you can get about 80% of the code. I have the the best decoders and run each new release through it. You show me 100% code and I'll send you $1,000.

  • miTgiBmiTgiB Member, Provider

    @subigo said: You show me 100% code and I'll send you $1,000.

    After fixing it all after decoding, I'd want more than that.

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • JackJack Member, Provider

    @miTgiB said: After fixing it all after decoding, I'd want more than that.

    Can WHMCS actually do anything about you decrypting it?

  • AldryicAldryic Member

    @miTgiB said: After fixing it all after decoding, I'd want more than that.

    Considering how fast, and for how much more, it'd be resold on skid forums after that deal I can't blame ya.

  • joepie91joepie91 Member, Provider

    @gsrdgrdghd said: Actually GPU cracking has made rainbow tables more or less superfluous. Even with my fairly old Nvidia GTS 250 it takes only 2 hours to go through the entire loweralpha-numeric 1-8 keyspace (md5)

    That goes for md5, but not for a decent hashing algo.

    Currently offering Node.js code review, tutoring and advice and custom Node.js module development!
    Appreciate my posts/software/guides? Donate (PayPal/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • SpencerSpencer Member

    @subigo said: No it hasn't. At best, you can get about 80% of the code. I have the the best decoders and run each new release through it. You show me 100% code and I'll send you $1,000.

    NVM :( I never looked at nulled WHMCS and I guess they are still ioncube encrypted for the most part.

  • subigosubigo Member

    @miTgiB said: After fixing it all after decoding, I'd want more than that.

    Which is smart, because I could turn around and sell it for $5,000 an hour later.

  • @joepie91 said: That goes for md5, but not for a decent hashing algo.

    Yeah but all the WHMCS passwords are hashed with md5 so its cheaper to just bruteforce them. Also what would you consider a decent hashing algo?

  • miTgiBmiTgiB Member, Provider
    edited May 2012

    @onepound said: Hopefully a security update for WHMCS will appear soon, $6,000 will buy you a new 0day exploit.

    http://krebsonsecurity.com/2012/05/whmcs-breach-may-be-only-tip-of-the-trouble/

    I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • SpencerSpencer Member

    @miTgiB said: I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps

    I almost have mine finish being setup where you can only get into the admin folder if your in our company VPN.

  • NickWNickW Member
    edited May 2012

    Hello,

    I recently downloaded the leaked database to check wether the hosts I currently use >are "compromised". Because whmcs.ugnazi.com is not online anymore, I downloaded >the files from a quite strange mirror, but I can't verify it's thrustworthy.

    It contains only 3 SQL dumps with about 800MB in total. The cPanel files are not >included. Is anyone who downloaded the original files able to verify the MD5 sums of >the following files?

    whmcscom_survey.sql - MD5: 659f3a3f6dc21e571142587a85f29827 whmcscom_sitecms.sql - MD5: fbca51d9680af1b7d3b3c7e2d98417f3 whmcscom_clients.sql - MD5: d0eda63a9eea61ce732639f894de5d87

    Thanks in advance! HerrMaulwurf

    @HerrMaulwurf I believe all of those are correct. They're the same as my hashes anyway fron the original source.

  • EddyEddy Member

    Looks they has been hacked third time!!

    http://www.hacker.ps/Mirror/60428?iframe=true&width=100%&height=100%

    demo.whmcs.com hacked and rooted ( kernel 2010 )!! WTV!!

  • raindog308raindog308 Super Moderator

    Nice. Love that default-install MSK timezone.

    My Advice: : VPS Advice | My Blog: raindog308.com

    For LET support, please click here.

  • Unfreakinbelievable. What a bunch of noobs.

  • subigosubigo Member

    @miTgiB said: I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps

    And what exactly is that going to protect you from when the next exploit comes out that can run admin functions from any public WHMCS page?

  • EddyEddy Member

    touch .htaccess xD

  • miTgiBmiTgiB Member, Provider
    edited May 2012

    @subigo said: when the next exploit comes out

    I'm not here chicken littling this stuff, what is your useful contribution?

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
    Thanked by 1raindog308
  • laaevlaaev Member
    edited May 2012

    Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.

  • @FTN_Kevin said: Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.

    They got hacked twice more, forums yesterday (still offline) and their demo was hacked earlier today (few posts up).

  • SpencerSpencer Member

    @FTN_Kevin said: Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.

    You can view the current issue here: http://www.haswhmcsbeenhackedtoday.com/

  • JeffreyJeffrey Member

    So, apparently this is the loser who has hacked WHMCS:

    kid

    Joshua Isabella Mendez a.k.a. "UGNazi" aka JoshTheGod.

    NitroRack - $10/Month 100GB Shared Hosting - [email protected]
  • Sketchy.

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

  • The more I look at his pics, the more I realize how much of a little dumbass punk this kid is.

    Thanked by 1TheHackBox
  • JeffreyJeffrey Member
    edited May 2012

    Time to register the domain joshuaisabella.com :) haha or ugnazipwnd.com :P

    NitroRack - $10/Month 100GB Shared Hosting - [email protected]
  • miTgiBmiTgiB Member, Provider

    @bijan588 said: The more I look at his pics, the more I realize how much of a little dumbass punk this kid is.

    He is going to make a fine prison bitch

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • laaevlaaev Member

    What I don't get is... so many cc's were leaked, yet hes still actively tweeting on Twitter (@JoshTheGod). Why is he not arrested yet?

    BTW I'm only 20 miles away from him

  • JeffreyJeffrey Member

    @miTgiB I hope this kid goes to jail, if not, then this country is pretty screwed up.

    NitroRack - $10/Month 100GB Shared Hosting - [email protected]
  • JeffreyJeffrey Member

    @FTN_Kevin go knock on his door or report him to a NY police! :P

    NitroRack - $10/Month 100GB Shared Hosting - [email protected]
  • @FTN_Kevin said: What I don't get is... so many cc's were leaked, yet hes still actively tweeting on Twitter (@JoshTheGod). Why is he not arrested yet? BTW I'm only 20 miles away from him

    I fucking dare you. I DARE YOU

  • laaevlaaev Member

    @Jeffrey said: go knock on his door or report him to a NY police! :P

    Yeah 20 miles doesn't seem like a lot but its quite a long drive, lots of traffic around here.

    http://whmcs-hacker.soup.io/ is back up, it was down for about 24 hours for Josh's "Tango Down" attack. He is now DDoSing police.uk according to his Twitter

  • @FTN_Kevin Go to his house, and tell his parents. Explain that he is going to be arrested and all sorts of shit like that and record it.

    Please please! PLEASE

  • laaevlaaev Member

    @bijan588 said: I fucking dare you. I DARE YOU

    The FBI already accepted the case according to WHMCS, so I'm guessing he is hiding now

  • @FTN_Kevin said: The FBI already accepted the case according to WHMCS, so I'm guessing he is hiding now

    I doubt it, hes still updating twitter, you would be the hero of the year if you did it.

    Thanked by 1Jeffrey
  • FRCoreyFRCorey Member
    edited May 2012

    Heres a good one.

    Thank you for contacting TRUSTe. The site is not certified under TRUSTe's program and is using our trademark without authorization. I see no record of that site even having applied for TRUSTe certification. I have opened a ticket in TRUSTe's system so the person who handles trademark enforcement for TRUSTe can investigate.

    TRUSTe provides a directory where consumers can look up sites that participate in our program, and TRUSTe seals should never be static images that do nothing when clicked--they should route to a page on TRUSTe.com that shows whether the site is verified as a participant or not. Here is the link to the directory: http://www.truste.com/trusted_sites/index.html

    We really appreciate your bringing this site's misuse of our mark to our attention.

    --Simona

  • laaevlaaev Member

    @bijan588 said: I doubt it, hes still updating twitter, you would be the hero of the year if you did it.

    I will drive to Staten Island tomorrow morning and see (Apartment 4), I am starting to think that might not really be him if hes still tweeting and gladly admitting it. Anyone know how exactly they found out this was him?

Sign In or Register to comment.