DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Imageshack, Symantec hacked & ZPanel 0 day by HTP ( Hack The Planet )

Posted on November 5, 2012 by Lee J

hack-the-planet**Updated: **first edit i made a mistake and stated that paypal was the victim of the 0 day when it was infact ZPanel. Sorry for any inconvenience or misleading information. Earlier today a well known hacker group, Hack the planet had released a Zine which contains breached information on 2 well known website image service Imageshack and anti virus giant Symantec and a 0 day exploit has been released for payment gateway giant Paypal  ZPanel Hosting control panel systems. Even though the leak is clearly marked as being done by HTP other media has been reporting these two attacks as part of Anonymous #Nov5 attacks which have started today. The leaked data was uploaded to various places, and contains a heap of information from the Imageshack server as well as all the exploits or vulnerabilities they had found and a reason behind the attack  "Well, we like a challenge, so we decided to find out what changes were made. ". imageshack Insight to the image shack attack from HTP

Heres a list of criteria we found that evidenced the hardened security on all of ImageShack’s equipment: – Run all MySQL instances as root – Ensure all kernels are 2008 or earlier – Routers compromisable via /level/16/exec/-/show/run – Hardcode database passwords into as many files as possible (though we do give them credit, the root MySQL pass ‘mutaborius’ was never cracked by hashcat.) – Implement a firewall that allows outgoing backconnects – Add tasks to root’s crontab that regularly run files owned by the www user – Run outdated Nginx – Enable register_globals – Use one $1 shadow hash for everything Protip, if your security sucks this much, your incoming firewall rules and your keyauth won’t save you. That being said, ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years.

This message is followed by a extremely large amount of server information such as shells, file permission listings, source codes and much more. Towards the end of the Imageshack section is a bit of commentary from HTP that claim that @Le_Researcher ratted on them when the attack was going on and the admin attempted to stop this but failed to do so.

Recently, one specific brownhat (see Pwned Lineup/LeReS) alerted Jack, so of course Jack opened up his logs, and reimaged his boxes, and saved the fucking planet. Unfortunately, our zines have a strict no-bullshit policy. Thanks for keeping UDP open for us, Jack.

OH SHIT, HE SET UP A HACK DETECTOR. GAME OVER MAN. GAME OVER. # cat /home/image/svn/setup/misc/detect.php

logo_symantec As stated above antivirus giant Symantec was also breached and as a result it has had its complete database dumped as well as 4000+ user accounts many of which appear to be Symantec employees or related companies. https://ozdc.net/archives.php?aid=3941zpanel   The paypal ZPanel part of the attack is a 0 day exploit.

We have a Zero Bug attacking all the login and overlay files. Run anti-virus. Give me a systems display! * The systems display comes up. Red flashes everywhere, signifying new attacks. * PLAGUE presses a key. Die, dickweeds! The rabbit is in the administration system.

The zine also contains a heap of personal information that is claimed to belong to some people that are close to the infosec and anonymous scene. Possibly more information to come on this once i get a chance to properly go over all the details line by line. https://pastebin.com/jhLt7s83

Category: Breach Incidents

Post navigation

← FL: Bay County Sheriff’s Office Busts Identity Thief in Possession of Thousands of Tax Returns from Unnamed Preparer
LG Smart World Hacked 11,316 Accounts Leaked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.