Thursday, June 16, 2005

TM and FM : bull shitting again!

And.. Again they put the blame on MDP and Christians.. Why guy? Don't you believe you guys have a crappy and shitty setup and that we maldivians can't do it? So what you guys are saying or assuming is Maldivians are crappy bunch of people who don't know shit? And you call your site "the maldivian"!!! Shame!

This event has got nothing to do with MDP or others; this was just done for fun and to show that some people are out there who don't like what's going on! Even with MDP or the other parties. We don't need this shit!

anyway what you find below and here on just only published for educational purposes ONLY! Lets roll!

First : You find time and a day you have the mood to spend some time off work at your home and with a good connection to the internet!

Second: you get some good tips and information off security sites and your friends; that there are new exploits out.

Third: you find a subject: in this case it was www.themaldivian.org. Why? cos it won't do you any harm legally even if anything goes wrong! This site does not belong to the gov or a company. Or a registered organization. Nor any individuals has claimed the owner ship! So Bingo! Plus find a place you don't like!

anyway.. They have php and mysql running. A tip was given by a friend that there is an sql injection exploit, I thought I'll give my luck on it. Been a while since I did not play around on the net. So thought I'd party for a night. So... On the way home; with two of my friends went for a cofe'. Talked about it; and possible ways to exploit it.

Next ; after going home; I had a good look at the site. Exploring it. Found out that it's php and mysql based. Knew that even before.. But also figured out that there must be a control panel for the content management system. So the most logical way is to try your luck first. Did a www.themaldivian.org/login.php and also admin.php.. ah ha! Found the panel. Now the password.. No way I can guess the user name and password. At first I thought they are stupid and will use something like admin. But guess I was wrong. Went out and came and had a quick nap.

Woke up.. Got hooked on to the net. Made a cofe' and some music. Looked into the site. When you click on the news links it takes you through the content management system. So there I go. I passed a few parameters and read through the exploits archives. Found out that the "UNION" will be use ful. So gave it a couple of tries. Like end of the URL's added stuff like "UNION%20SELECT%20*%20FROM%20admin%20".. This gave some good tips ..Then I was able to get some errors with the table names.. And here is what become interesting... I found out that dhiyavaru was the name of the db and obviously the admin pass and user names will be in a table called admin. Easy guess.. Now to exploit this. With a couple of tried me and one more friend on line.. I tried this one.." http://www.themaldivian.org/news_details.php?index_no=
2%20UNION%20SELECT%20*%20%20FROM%20dhiyavaru.admin "
.. what did I get.. ah ha! you don't need to pay a guy thousands of USD to know these kinds of stuff. Just play around with stuff... And anyone who spends time enough; will get this right! No big deal! No super computers used to crack codes! just simple "maldivians" and so called "fucked up minds".. I know they will get back at me with all the crap: but before that let me tell them this.. No matter how fucked up I am : I beat that again! So ? And they did not even get a hint! Infect they used this also to mislead people. So I prove my point! Now they can go on...

here is what you get...



ok! what you see is the user name and password dumps. First one in bold is the user name ; followed by password. You get two users. First I tried the two bold ones. Thought first one was the user name and second bold was the pass. But my other friend who was on the same job; figured it out first! hehe! Now to get to this point it was like 15 to 30 mins. Considering how lame this site was.

Next what do I get... This...



This is the admin panel... Rest was .. I passed it to other friends who were online.. And they played around with it.. NOP! Did not pay them! hehehe! And they had fun too. Exploring the site and all! Rest was history you got in the site! From that point on I just quit! And yeah! Make sure you are on a proxy all the while.. So they can't trace you. Let them put the blame on MDP and others! Who cares! Its a game! And as for the DO pics and stuff! I guess my friends did a good job pissing themaldivian.org guys! And this information was given out right then and there!
All what I have typed here was shared online.. in real time. So it was multiple people who did get in! I don't know who they are just know them through MSN and IRC. :D

Hope that was educative enough to the so called "VERY much Secure web site" and the people who are hired to maintain it. So next time; fix these and go to some classes to learn or read. How? Now you ask!ok let me give you a little tip here! Know abt encryption? What fool will keep the password unencrypted on public DB's?. So how is this done; I think even with php they have MD5 encryption functions as well! So go one and use them! And get the content management thingy up! We don't use the same next time! Besides you are off my list!

here are the bull shit which they have on TM and FM about this event! All false. Now you see and it's proven how much they lie! And talk crap.

END..

18 comments:

primary0 said...

La la laaa!

Unknown said...

ballavaa!! adhives La la laa ingeytho!!!

Anonymous said...

Since "It's a game", I suppose you don't have any qualms or moral about doing it to any other site out there right?

Since it's all for fun, you have failed at doing something honorable. You have failed at brining revenge for what happend to PH, you have done all this just for fun. Cause it's a game right?

Anonymous said...

Since "It's a game", I suppose you don't have any qualms or moral about doing it to any other site out there right?

Since it's all for fun, you have failed at doing something honorable. You have failed at brining revenge for what happend to PH, you have done all this just for fun. Cause it's a game right?

You guys sound just like kiddies and nothing like internet freedom fighters.

chopey said...

yeaps! who said anything abt freedom fighting? and yeah it's a cat and mouse game; all these politics! so what? and whats wrong and not ethical doing that to TM? (first where is their ethics?) yeah; "proof of concept" ?!?! :0)

Anonymous said...

lol look at this script kiddie

learn some more kiddo, you'd never become good doing crap like this

lmao

chopey said...

heheh! i guess some people just know TERMS like "script kiddie"; if thats what it was ment. Well a script kidde is a guy/who ever who uses other peoples scripts(programs) to do stuff.. in this case; it was way too simple, no need of scripts or anything. only thing used was firefox (which by the way is a web browser) LOL. the whole point is to deface this site no one needed to know much; only point i am making is TM made a big deal out of it; claim'n that a team of ppl did it being paid to do it. This was not the case, this could even have been done by a 12 year old kid. thats it! but... there is a catch; anyone can open doors; once they have the key.. to find the key or to get the key is .. the fun part...

Anonymous said...

way to go d00d! .. that is really nice work chopey :P . i think u shud have done that a long time ago ... lol

Anonymous said...

Hama buneveynee lala laa, lala laa,lala laaa ye...carry on chops...

Anonymous said...

This is proof that 30 year olds can lame.

Get a fucking life, group up a bit?

Anonymous said...

I heard sofwath the hacker was behind hacking DO too.. It's all fun right?

LALALALA LA

Anonymous said...

chops always been a hacker.. he will hack maumoon's website and put porn!!! beware maumoon suvarraa. nagookendi.. we will first deface ur website then we will murder you for ph

K... said...

hahahahahaha ... Ey!! Yameen la la laa inagytho ;)

Anonymous said...

Just a thought, how does the company you work for feel about your antics?

chopey said...

sounds like sum one is really pissed! well for u r answer! read my post! the site: does not belong to any company or claimed individuals or the gov ;). SO? should i repeat that? and i guess TM and FM are not the right people to talk abt ethics, sounds more like a joke when they do.. or the people who support them do. That my ethics behind it. but i do understand; sum ppl are really pissed! and when they are pissed i do understand how they feel and react. so roll on! now the moral of the whole thingy is learn and improve :D obviously TM will improve and should have learned a lession. Plus I hope they won't under estimate "Maldivians". Not all people are at the same level as you guys are! so .. i hope that helps!

Anonymous said...

themaldivian ah,
nuhanu adhabu verikamaa eku vedhun barthu theela kuramun dhannavaalan beynun vanee... hama la la laa ei ingey tho?

faku ves vaan, reygandu hama nidhi ves nulibeyne adhi faku fithan kommeves foake key ves kiyaane... ekamku hama faku nuvaa kamakah nuvaane... adhi heku nuvaa kamakah ves nuvaane!!

DHEN HIPPAVAAA INGEYTHOA?

wad said...

me too me too..... I missed a lot here...wow
Mr anonymous, Make your tiny brain work a bit. Try some excersice, or eat a lot of carrots.
You seem to be loosing your edge on sense. First of all let me tell you what a script kiddie is.

A script kiddie (occasionally script bunny or script kitty) is a derogatory term for inexperienced crackers who use scripts and programs developed by others for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems.(http://en.wikipedia.org/wiki/Script_kiddie)

I dont know the name used when a single script was NOT used for such a thing. I decided to make a word on my own. That site was "Vilaressed" that day. So I name Chopey as:
Vilaress-Kiddie.

BTW; Did Chopey actually did it?
I heard someone saying it was some Ayyoob Sharufaroash from India.

primary0 said...

somebody is very pissed off hahahaha!!! script kiddie yo. doesnt matter if it was a script amaa of a script bafaa the website was fucking defaced? so hard to swallow? script fokey kiyaabala, if it takes a webbrowser and a union query to reveal the username and password what does that make the webmaster? a script maidhaitha?