Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@IllSlapU Yes it is. I made a plugin to execute linux commands from the minecraft server. Using the commands above i got this Information.
-
@IllSlapU i coded it in Java Yes. Minecraft plugins only work with Java. It's not open source, i was just bored and tested around... but you could download the plugin if you want to (it's string and reflection obfuscated because I obfuscate everything i do)...
http://memez.de/jars/MCPlugins/... -
Root797677yReminds me of the godaddy exploit I found.
Every hosting process used the "inetuser" account, which had 660 access to the hosted data, and there were multiple sites hosted on the same machine. Ergo, "inetuser" had the same rights to all hosted content on the machine.
With a php terminal script, I could browse (and modify) any site I wanted. Strangely enough, I also had some access to /etc configuration, and could have done basically anything I wanted, including running code on the machine.
It was dumb enough (and fixed fast enough, and silently) that I very much doubt it was a honeypot.
Related Rants
-
jsPaysMyBills27When you have something in your clipboard but then press Ctrl+C instead of Ctrl+V and end up with a blank line...
-
fabiomsnunes22Stupidest client ever: I once had a client that requested me a new website, all went well and get paid. After ...
-
Coffe2Code13~During app demo to our client~ - And when you click here the request will be submitted, the admin will be no...
Just found out that a big hosting provider saves a user's SQL and FTP password in a plain text file just at the parent folder of the normally accessible ftproot.
Using some linux commands you can
cat ../mysql_pw
cat ../ftp_password.txt
IT'S NOT EVEN ENCRYPTED OR HASHED
(This is tested on a minecraft server, would also work on other services)
rant
why
stupid
passwords