Seedhost.eu hacked twice : seedboxes

Welcome to Reddit.

Come for the cats, stay for the empathy.

and start exploring.

DiscussionSeedhost.eu hacked twice (self.seedboxes)

No_Ear_1329 が 13時間前 * 投稿

I hacked seedhost servers in august 2021 with the overlayfs exploit from april that year. They fixed it after i told them.

Yesterday i hacked the servers again, this time with the looney tunables exploit. -fixed-

But they need to reset all user passwords and email then and scan the servers that users dont have sonar or radarr open to the internet without a password.

I have all the passwords from users to 4 servers and access to users torrent sites accounts logins and api keys.

24個のコメント
シェアする
保存
非表示
問題を報告

全 24 件のコメント

並べ替え:

ランダム

このスレッドはコンテストモードになっています - コンテストモードでは、コメントの並べ替えをランダムスコアが非表示になり、デフォルトで応答を縮小します。

Want to add to the discussion?

Post a comment!

Create an account

[–]GroundbreakingWin682 [スコア非表示] 10時間前 (0子コメント)

This is not looking good for seedhost.eu. hacked twice, definitely not putting my data on their servers.

固定リンク
embed
保存
問題を報告
返事を書く

[–]Segerr_ [スコア非表示] 8時間前 (0子コメント)

Oof

固定リンク
embed
保存
問題を報告
返事を書く

[–]aicessi [スコア非表示] 5時間前 (1子コメント)

On Seedhost.eu can or have you hacked into anyone's account that has emby and doesn't use prowlarr/jackatt/sonarr/radarr/fillezilla?

固定リンク
embed
保存
問題を報告
返事を書く

[返信を表示する]

[–]No_Ear_1329[S] [スコア非表示] 4時間前 (0子コメント)

No idea, i maked a login list with username:password and checked backups from radarr/sonarr never know when i need a backup account from a torrent site.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]AlteranNox [スコア非表示] 4時間前* (1子コメント)

If you use a unique password on sonarr, would it still be vulnerabl in an attack like this? Or will your tracker login information be exposed regardless?

固定リンク
embed
保存
問題を報告
返事を書く

[返信を表示する]

[–]No_Ear_1329[S] [スコア非表示] 4時間前 (0子コメント)

It was possible to get the backups and all from that user with strong passwords / unique ones, only need one user on a seedhost server to not have sonarr/radarr password protected, but i need ssh access or the usernames from /etc/password and it was game over for all users, because i was root on the servers, its fixed now until the next exploit.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]dj_joeev [スコア非表示] 4時間前 (1子コメント)

Is it just the the seedboxes on seedhost.eu that you can hack or the dedi's to?

固定リンク
embed
保存
問題を報告
返事を書く

[返信を表示する]

[–]No_Ear_1329[S] [スコア非表示] 4時間前 (0子コメント)

Only shared ones, dont know the usernames of the dedi's ones, i needed a username list from the server to check a insecure radarr or sonarr.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]light5out [スコア非表示] 13時間前 (12子コメント)

Oh that's not good. What did those that hacked it do upon entrance?

固定リンク
embed
保存
問題を報告
返事を書く

[返信を表示する]

[–]No_Ear_1329[S] [スコア非表示] 13時間前 (11子コメント)

Copy etc/shadow file with all user hashes, copy backups from radarr/sonarr etc

Copy the fillezilla.xml file from the users with the plaintext passwords in it.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]RecidPlayer [スコア非表示] 8時間前 (5子コメント)

Got a few questions...

So, if I am understanding hashes correctly, a strong password can't be cracked? I.e. 20 character PWs with all the character types.

Not being able to crack it means they can't get into anything, or is it still possible?

If you don't use filezilla there is nothing in that xml file?

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]No_Ear_1329[S] [スコア非表示] 8時間前 (4子コメント)

No need to crack passwords, default is that the user password is in plaintext in the filezilla.

If im on a seedhost server i can use my own ssh login to use the exploit and im root and can copy all the filezilla.xml files from the users home directory, most have weak/ leetspeak passwords but there users having strong passwords, but it doesn't matter because its in plaintext.

I can login as the user, download all the movies/series the user has and login on prowlarr/jackatt/sonarr/radarr as the user, with all the logins and api keys to torrent sites, I see wat the user having as account on torrent sites, can take over those accounts or start downloading from those.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]RecidPlayer [スコア非表示] 6時間前 (3子コメント)

Ah ok. Were there any seedbox providers you tried this looney tunables exploit on that were secure from it?

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]No_Ear_1329[S] [スコア非表示] 6時間前 (2子コメント)

Yes, i tested ultraseedbox, was uptodate or never vulnerable to it, because they use debian and seedhost use ubuntu.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]RecidPlayer [スコア非表示] 5時間前 (1子コメント)

How long was it from when the vulnerability was found until you tested it? I'm curious how long the information was out there with inaction on their part.

Also, can we expect all providers are storing our passwords in plain text? This certainly isn't the first time I've heard that.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]No_Ear_1329[S] [スコア非表示] 5時間前 (0子コメント)

It was in the news around 3 oct, i used the tryhackme exploit files, that test/learning system was on there since 6 oct and i tested/hacked seedhost 10 oct, so a week, more then enough time to fix it but i guess they dindt knew it till i emailed them.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]light5out [スコア非表示] 12時間前 (3子コメント)

Hmmm. Would that mean access to the API of your indexers. Potentially to your private trackers?

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]No_Ear_1329[S] [スコア非表示] 12時間前 (2子コメント)

Yes, you can do want you want, if a user has api key or username/password from a private tracker then you can see that.

Theoretically if you give me a copy of etc/password from a server, i can check if one user has sonarr/radarr open without a password and grab his torrent client password and login over ssh and upload the exploit to the server and try it.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]reercalium2 [スコア非表示] 6時間前 (1子コメント)

You don't know what you're talking about. It's /etc/passwd, everyone can see it and it hasn't stored actual passwords for decades.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]No_Ear_1329[S] [スコア非表示] 5時間前* (0子コメント)

Hahaha lol, i use the etc/password because it has the usernames, its https://servername.seedhost.eu/username/sonarr I used wfuzz to check which username i get a 200 ok code so i can connect to the sonarr and radarr application and grab there torrent client password, that password is also there ssh login password, then use the looney exploit and be root.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]lonelytime [スコア非表示] 37分前 (0子コメント)

Damn, I downloaded filezilla.xml and lo-and-behold... there is my password staring back at me. Do all seedbox providers store plaintext passwords in an xml like that? That's pretty wild, even if it is in my user folder.

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

[–]carlosccextractor [スコア非表示] 1時間前 (0子コメント)

Weren't they also hacked during DEFCON?

固定リンク
embed
保存
問題を報告
返事を書く

[–]No-Improvement-2261 [スコア非表示] 13時間前 (1子コメント)

No f way, I literally started using seedhost today.

固定リンク
embed
保存
問題を報告
返事を書く

[返信を表示する]

[–]No_Ear_1329[S] [スコア非表示] 13時間前 (0子コメント)

Which server? You possibly can check/hack it with the expliot files from tryhackme

固定リンク
embed
保存
親コメント
問題を報告
返事を書く

π Rendered by PID 22941 on reddit-service-r2-loggedout-845cffdb56-79rbv at 2023-10-11 03:48:50.956192+00:00 running c3029c4 country code: US.

seedboxes

Read The Rules

Discord

調停者