Pastebin PRO Accounts SPRING SPECIAL! For a limited time only get 40% discount on a LIFETIME PRO account! Offer Ends Soon!

#ProjectVoriDazel

TeamGhostShell

Jun 3rd, 2016

5,509

When this paste gets automatically deleted

Never

raw download clone embed report print text 4.86 KB

_ _ ______ _ _ _ _ _______ _
_| || |_| ___ \ (_) | | | | | | (_) _ \ | |
|_ __ _| |_/ / __ ___ _ ___ ___| |_| | | | ___ _ __ _| | | |__ _ _______| |
_| || |_| __/ '__/ _ \| |/ _ \/ __| __| | | |/ _ \| '__| | | | / _` |_ / _ \ |
|_ __ _| | | | | (_) | | __/ (__| |_\ \_/ / (_) | | | | |/ / (_| |/ / __/ |
|_||_| \_| |_| \___/| |\___|\___|\__|\___/ \___/|_| |_|___/ \__,_/___\___|_|
_/ |
|__/
Do you know the way to San Jose
I've been away so long
I may go wrong and lose my way
Do you know the way to San Jose
I'm going back to find some peace of mind in San Jose
L.A. is a great big freeway
Put a hundred down and buy a car
In a week, maybe two, they'll make you a star
Weeks turn into years
How quick they pass
And all the stars that never were
Are parking cars and pumping gas
Fame and fortune is a magnet
It can pull you far away from home
With a dream in your heart you're never alone
Dreams turn into dust and blow away
And there you are without a friend
You pack your car and ride away
I've got lots of friends in San Jose
Do you know the way to San Jose?
_____________________________________________________
For more than a few years now various people across the net have been signaling an on-going vulnerability
within the new MEAN Stack system of client/routing/server. The successor of the LAMP Stack, an already infamous
vulnerable platform, many thought this new one is more secure, yet it's almost the exact same as its predecessor. MySQL typically replaced by NoSQL and the main database configuration managed by MongoDB.
This project will focus solely on this poorly configured MongoDB. I'd like to mention exactly how easy it is to
infiltrate within these types of networks but also how chilled sysadmins tend to be with their security measures.
Or should I say, lack thereof.
In a lot of instances the owners don't bother checking for open ports on their newly configured servers, not only
that but they also don't concern themselves with establishing a proper authentication process. (Just a simple
username/password)
Typical open ports:
22, 53, 80, 81, 110, 137, 143 443, 465, 993, 995, 3000, 8080, 27017, 3306, 6379, 8888, 28017, 64738, 25565
This can basically lead to anyone infiltrating the network and managing their internal data without any interference. You don't even have to elevate your privileges, you just connect and have total access. You can create
new databases, delete existing ones, alter data, and so much more.
I am leaking more than 36 million accounts/records of internal data from these types of networks to raise awareness
about what happens when you decide not to even add a username/password as root or check for open ports, let alone encrypt the data. Each server folder has within it a plaintext file with the general info of the target, a screenshot
from within my MongoDB client with me having access and of course the leaked data in raw text. There are a few million accounts with passwords and the rest is private person data or other types.
This should serve as a cruel reminder of what happens when you don't use proper security hygiene. And don't worry if you thought this is the only vulnerability out there, guess again. The old ones remain as well.
Download links:
http://dropcanvas.com/ukfq3
http://www.filedropper.com/mongodbcandy
http://www.filehosting.org/file/details/574555/MongoDB%20Candy.zip
Mirror: http://www.filehosting.org/file/details/574558/MongoDB%20Candy.zip
http://www.fileconvoy.com/dfl.php?id=g3187c01d53f8858a99983588530563c5b7144b9a9
http://depositfiles.com/files/73rlakth9
Screenshots:
Basic example of root access alongside internal data:
http://imgur.com/DijMPAM
http://imgur.com/p5XEBPQ
http://imgur.com/yREPl0p
Altered server data by an attacker with message:
(This was done by other hackers, NOT me. I'm just trying to prove how widespread it is)
http://imgur.com/IYmHwZc
Another example:
http://imgur.com/WMVIprB
http://imgur.com/IXgbGki
Deleted server(s) data, including the local schema files:
http://imgur.com/UpzKZqA
http://imgur.com/GSzSpwa
http://imgur.com/5ktG8dx
http://imgur.com/f9NfZ9A
http://imgur.com/ObsOS9v
http://imgur.com/iuCZtvB
http://imgur.com/5KIdCaj
http://imgur.com/bcp0vab
Connection time-outs from within the server client interface when either
the connection is unstable or when the number of rows is too high making
the extraction bork:
http://imgur.com/HlygqZq
___________________________________________________
We are all ghosts living inside the shell,
We are all hosts living inside this hell.

RAW Paste Data

   _  _  ______          _           _   _   _            _______              _ 
 _| || |_| ___ \        (_)         | | | | | |          (_)  _  \            | |
|_  __  _| |_/ / __ ___  _  ___  ___| |_| | | | ___  _ __ _| | | |__ _ _______| |
 _| || |_|  __/ '__/ _ \| |/ _ \/ __| __| | | |/ _ \| '__| | | | / _` |_  / _ \ |
|_  __  _| |  | | | (_) | |  __/ (__| |_\ \_/ / (_) | |  | | |/ / (_| |/ /  __/ |
  |_||_| \_|  |_|  \___/| |\___|\___|\__|\___/ \___/|_|  |_|___/ \__,_/___\___|_|
                       _/ |                                                      
                      |__/                                                       



Do you know the way to San Jose
I've been away so long
I may go wrong and lose my way
Do you know the way to San Jose
I'm going back to find some peace of mind in San Jose

L.A. is a great big freeway
Put a hundred down and buy a car
In a week, maybe two, they'll make you a star
Weeks turn into years
How quick they pass
And all the stars that never were
Are parking cars and pumping gas

Fame and fortune is a magnet
It can pull you far away from home
With a dream in your heart you're never alone

Dreams turn into dust and blow away
And there you are without a friend
You pack your car and ride away

I've got lots of friends in San Jose
Do you know the way to San Jose?

_____________________________________________________


For more than a few years now various people across the net have been signaling an on-going vulnerability 
within the new MEAN Stack system of client/routing/server. The successor of the LAMP Stack, an already infamous
vulnerable platform, many thought this new one is more secure, yet it's almost the exact same as its predecessor. MySQL typically replaced by NoSQL and the main database configuration managed by MongoDB. 

This project will focus solely on this poorly configured MongoDB. I'd like to mention exactly how easy it is to
infiltrate within these types of networks but also how chilled sysadmins tend to be with their security measures. 
Or should I say, lack thereof. 

In a lot of instances the owners don't bother checking for open ports on their newly configured servers, not only
that but they also don't concern themselves with establishing a proper authentication process. (Just a simple 
username/password)

Typical open ports:
22, 53, 80, 81, 110, 137, 143 443, 465, 993, 995, 3000, 8080, 27017, 3306, 6379, 8888, 28017, 64738, 25565

This can basically lead to anyone infiltrating the network and managing their internal data without any interference. You don't even have to elevate your privileges, you just connect and have total access. You can create
new databases, delete existing ones, alter data, and so much more. 

I am leaking more than 36 million accounts/records of internal data from these types of networks to raise awareness 
about what happens when you decide not to even add a username/password as root or check for open ports, let alone encrypt the data. Each server folder has within it a plaintext file with the general info of the target, a screenshot
from within my MongoDB client with me having access and of course the leaked data in raw text. There are a few million accounts with passwords and the rest is private person data or other types.


This should serve as a cruel reminder of what happens when you don't use proper security hygiene. And don't worry if you thought this is the only vulnerability out there, guess again. The old ones remain as well. 


Download links:

http://dropcanvas.com/ukfq3

http://www.filedropper.com/mongodbcandy

http://www.filehosting.org/file/details/574555/MongoDB%20Candy.zip

Mirror: http://www.filehosting.org/file/details/574558/MongoDB%20Candy.zip

http://www.fileconvoy.com/dfl.php?id=g3187c01d53f8858a99983588530563c5b7144b9a9

http://depositfiles.com/files/73rlakth9


Screenshots:

Basic example of root access alongside internal data:

http://imgur.com/DijMPAM

http://imgur.com/p5XEBPQ

http://imgur.com/yREPl0p


Altered server data by an attacker with message:
(This was done by other hackers, NOT me. I'm just trying to prove how widespread it is) 

http://imgur.com/IYmHwZc

Another example:

http://imgur.com/WMVIprB

http://imgur.com/IXgbGki


Deleted server(s) data, including the local schema files:

http://imgur.com/UpzKZqA

http://imgur.com/GSzSpwa

http://imgur.com/5ktG8dx

http://imgur.com/f9NfZ9A

http://imgur.com/ObsOS9v

http://imgur.com/iuCZtvB

http://imgur.com/5KIdCaj

http://imgur.com/bcp0vab


Connection time-outs from within the server client interface when either
the connection is unstable or when the number of rows is too high making
the extraction bork:

http://imgur.com/HlygqZq

___________________________________________________


We are all ghosts living inside the shell,
We are all hosts living inside this hell.