Hey,
I've no idea where I can post this of I'm even allowed to post it, but the protection of CF SEA's we website is so bad..
CF SEA Admin accounts: (MD5 protected, I've no idea where the actual admin login is..)
https://pastebin.com/XJNE7F0H (Separated by line breaks.)
Databases: (Hashed passwords !)
root:*568A8C07FA1D98D3CC10B46FFE52B3A019EB353F:loc alhost
root:*07F94955AD26E2F0FF20E4444A2F37C87CDB241C:vL-WEB-DB-02
root:*07F94955AD26E2F0FF20E4444A2F37C87CDB241C:127 .0.0.1
root:*07F94955AD26E2F0FF20E4444A2F37C87CDB241C:::1
root:*568A8C07FA1D98D3CC10B46FFE52B3A019EB353F:%
sgsea_root:*2E1604C3ADEE7C57AF9AB81363B078D7182ACF 1A:%
sgsea_app:*2E1604C3ADEE7C57AF9AB81363B078D7182ACF1 A:172.16.80.106
mogile:*A1F1B2A7F3B2C124AE91B424477A6AC49A3D6C4B:%
zuyao.chin:*83A66AC4E6709FD211392432EAD4F0DDB865D5 50:%
myrepl:*568A8C07FA1D98D3CC10B46FFE52B3A019EB353F:%
There are also >200.000 IP's and E-mail adresses in the database, but it takes too long for me :P.
Please close this topic if it isn't allowed.
Poedeltje.
Last edited by poedeltje; 05-16-2014 at 07:14 PM.
woahh not even going to though... might want to let them know...
Contact:
Skype: LeParadoxium
Damn I thought it was CF NA @poedeltje When are you releasing CF NA accounts?
well, Thanks for Share )
I may be able to get free redeem codes.
https://redemption.gambooz.com/item_claim/CFSEA
Can you explain me please what exactly is that?
Administrator accounts of https://cf.gambooz.com/, but I've no idea where the admin login page is.
These aren't MD5 hashes but MySQL5 hashes
Oppa Delta style !
wait, i dont get it. Are they free accounts? or..
Skype: someninjamut1
MSN: whytrympgh@live.com
Successful trades. 50+
1 - Jack.hook
1 - TheLudWick
2 - Leagueoflegendsrocks
2 - Fight of my life
2 - Unit113
1 - Misoman
3 - Crazybloo
1 - Chad911
1 - Atlantafalcons
3 - isSUR
1 - ok1234
4 - Wassabi
1 - Ezreal Brah
1 - vendetta140
3 - maxedout
1 - Dracojacky
2 - Poxer
3 - Lavigne
1 - BurningAshes
1 - Greenone9
3 - [k]iltz
2 - Ck0910
3 - Datass0
1 - InSane-Skillz
1 - Dreamer.Jr
1 - hl611999
1 - hoping
1 - notrace2me
@-Ben administrator accounts of CF SEA.
I want to point out that you can't use these db credentials -even if you manage to decrypt the hashed passwords-, you wouldn't be able to log in because it's localhost.
You'd have to be part of their local network to access their database.
For example, it's like you were trying to connect to my router by typing "192.168.1.1" in your url bar, no, it won't connect to mine but yours.
You can use those accounts https://pastebin.com/XJNE7F0H but the (decrypted) passwords seems to be incorrect... I guess they changed them already, or the data you gathered was bullshit honeypot.. it would explains why most of all the passwords are "123456" or "123@#456" crap
Last edited by Delta[X]; 05-19-2014 at 07:44 AM.
Oppa Delta style !
It's actually not localhost, you are acting like someone that doesn't know anything about this sort of things.
https://cf.gambooz.com/cfsea/weapons_...9;AssaultRifle
Please can you please stop talking crap now that you read on the internet.
//FYI take a look at the database called `db_admin`.
Last edited by poedeltje; 05-19-2014 at 08:24 AM.
root:*568A8C07FA1D98D3CC10B46FFE52B3A019EB353F:loc alhost
root:*07F94955AD26E2F0FF20E4444A2F37C87CDB241C:vL-WEB-DB-02
root:*07F94955AD26E2F0FF20E4444A2F37C87CDB241C:127 .0.0.1
This is localhost
sgsea_app:*2E1604C3ADEE7C57AF9AB81363B078D7182ACF1 A:172.16.80.106
This is local network
And I guess it's the same with the other. You seems to know more about the subject than me, then just log in, if you can.
https://cf.gambooz.com/cfsea/weapons_...27AssaultRifle
This is SQL injection, I know that. You may use the credentials from pastebin but not the root credentials
edit: oh, guess what I found, a XSS vulnerability. You don't even need to "decrypt" the hashes, just steal the staff cookies and then mess with the website...
Last edited by Delta[X]; 05-19-2014 at 01:16 PM.
Oppa Delta style !