Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 19
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1161719212224

Comments

  • subigosubigo Member

    I'm telling you guys... if anyone has a 0day in their pocket, it's coming soon and you probably won't hear about it for weeks/months.

  • SpencerSpencer Member

    @subigo said: I'm telling you guys... if anyone has a 0day in their pocket, it's coming soon and you probably won't hear about it for weeks/months.

    I doub't there will be anything big and groundbreaking. The PHP code has always been available if you decrypted the ioncube.

  • jarjar Patron Provider, Top Host, Veteran

    This probably did put a bigger target on their heads though, at least for a while. Wannabe hackers who previously didn't know much about WHMCS probably have it on their radar now. I'm not really sure what is to come, but I'd say everyone using it needs to keep a close eye on how things develop over the next month or two.

  • subigosubigo Member

    @PytoHost said: I doub't there will be anything big and groundbreaking. The PHP code has always been available if you decrypted the ioncube.

    No it hasn't. At best, you can get about 80% of the code. I have the the best decoders and run each new release through it. You show me 100% code and I'll send you $1,000.

  • miTgiBmiTgiB Member

    @subigo said: You show me 100% code and I'll send you $1,000.

    After fixing it all after decoding, I'd want more than that.

  • AldryicAldryic Member

    @miTgiB said: After fixing it all after decoding, I'd want more than that.

    Considering how fast, and for how much more, it'd be resold on skid forums after that deal I can't blame ya.

  • joepie91joepie91 Member, Patron Provider

    @gsrdgrdghd said: Actually GPU cracking has made rainbow tables more or less superfluous. Even with my fairly old Nvidia GTS 250 it takes only 2 hours to go through the entire loweralpha-numeric 1-8 keyspace (md5)

    That goes for md5, but not for a decent hashing algo.

  • SpencerSpencer Member

    @subigo said: No it hasn't. At best, you can get about 80% of the code. I have the the best decoders and run each new release through it. You show me 100% code and I'll send you $1,000.

    NVM :( I never looked at nulled WHMCS and I guess they are still ioncube encrypted for the most part.

  • subigosubigo Member

    @miTgiB said: After fixing it all after decoding, I'd want more than that.

    Which is smart, because I could turn around and sell it for $5,000 an hour later.

  • @joepie91 said: That goes for md5, but not for a decent hashing algo.

    Yeah but all the WHMCS passwords are hashed with md5 so its cheaper to just bruteforce them. Also what would you consider a decent hashing algo?

  • miTgiBmiTgiB Member
    edited May 2012

    @onepound said: Hopefully a security update for WHMCS will appear soon, $6,000 will buy you a new 0day exploit.

    http://krebsonsecurity.com/2012/05/whmcs-breach-may-be-only-tip-of-the-trouble/

    I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps

  • SpencerSpencer Member

    @miTgiB said: I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps

    I almost have mine finish being setup where you can only get into the admin folder if your in our company VPN.

  • NickWNickW Member
    edited May 2012

    Hello,

    >

    I recently downloaded the leaked database to check wether the hosts I currently use >are "compromised". Because whmcs.ugnazi.com is not online anymore, I downloaded >the files from a quite strange mirror, but I can't verify it's thrustworthy.

    >

    It contains only 3 SQL dumps with about 800MB in total. The cPanel files are not >included. Is anyone who downloaded the original files able to verify the MD5 sums of >the following files?

    >

    whmcscom_survey.sql - MD5: 659f3a3f6dc21e571142587a85f29827
    whmcscom_sitecms.sql - MD5: fbca51d9680af1b7d3b3c7e2d98417f3
    whmcscom_clients.sql - MD5: d0eda63a9eea61ce732639f894de5d87

    >

    Thanks in advance!
    HerrMaulwurf

    @HerrMaulwurf I believe all of those are correct. They're the same as my hashes anyway fron the original source.

  • EddyEddy Member

    Looks they has been hacked third time!!

    http://www.hacker.ps/Mirror/60428?iframe=true&width=100%&height=100%

    demo.whmcs.com hacked and rooted ( kernel 2010 )!! WTV!!

  • raindog308raindog308 Administrator, Veteran

    Nice. Love that default-install MSK timezone.

  • AsadAsad Member

    Unfreakinbelievable. What a bunch of noobs.

  • subigosubigo Member

    @miTgiB said: I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps

    And what exactly is that going to protect you from when the next exploit comes out that can run admin functions from any public WHMCS page?

  • EddyEddy Member

    touch .htaccess xD

  • miTgiBmiTgiB Member
    edited May 2012

    @subigo said: when the next exploit comes out

    I'm not here chicken littling this stuff, what is your useful contribution?

    Thanked by 1raindog308
  • laaevlaaev Member
    edited May 2012

    Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.

  • AsadAsad Member

    @FTN_Kevin said: Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.

    They got hacked twice more, forums yesterday (still offline) and their demo was hacked earlier today (few posts up).

  • SpencerSpencer Member

    @FTN_Kevin said: Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.

    You can view the current issue here: http://www.haswhmcsbeenhackedtoday.com/

  • JeffreyJeffrey Member

    So, apparently this is the loser who has hacked WHMCS:

    kid

    Joshua Isabella Mendez a.k.a. "UGNazi" aka JoshTheGod.

  • Sketchy.

  • The more I look at his pics, the more I realize how much of a little dumbass punk this kid is.

    Thanked by 1TheHackBox
  • JeffreyJeffrey Member
    edited May 2012

    Time to register the domain joshuaisabella.com :) haha or ugnazipwnd.com :P

  • miTgiBmiTgiB Member

    @bijan588 said: The more I look at his pics, the more I realize how much of a little dumbass punk this kid is.

    He is going to make a fine prison bitch

  • laaevlaaev Member

    What I don't get is... so many cc's were leaked, yet hes still actively tweeting on Twitter (@JoshTheGod). Why is he not arrested yet?

    BTW I'm only 20 miles away from him

  • JeffreyJeffrey Member

    @miTgiB I hope this kid goes to jail, if not, then this country is pretty screwed up.

Sign In or Register to comment.