Freedom Hosting II was hacked some time earlier today with the Anonymous hackers asking for 0.1 BTC for the leaked files.

Since then they changed their minds and released the master database files for free. Sometime Saturday morning GMT they also released the system files as well as a statement about how the hack was done.

I was one of the first people to grab this.

Thanks for your patience, you don’t have to buy data ;) we made a torrent of the database dump download here Here another torrernt with all system files (excluding user data) download You may still donate BTC to 14iCDyeCSp12AmhVfJGxtrzXDabFop4QtU and support us.

Statement on hack

here is how we did it:



1. create a new site or login to an old one

2. login and set sftp password

3. login via sftp and create a symlink to /

4. disable DirectoryIndex in .htaccess

5. enable mod_autoindex in .htaccess

6. disable php engine in .htaccess

7. add text/plain type for .php files in .htaccess

8. have fun browsing files

9. find /home/fhosting

10. look at the content of the index.php file in /home/fhosting/www/

11. find configuration in /home/fhosting/www/_lbs/config.php

12. copy paste database connection details to phpmyadmin login

13. find active users with shell access in /etc/passwd

14. look through the scripts and figure out how password resets work

15. manually trigger a sftp password reset for the user 'user'

16. connect via ssh

17. run 'sudo -i'

18. edit ssh config in /etc/ssh/sshd_config to allow root login

19. run 'passwd' to set root password

20. reconnect via ssh as root

21. enjoy

Findings so far

Additionally, crooks are setting about going through the data to defraud you.

Resources

If you want to analyse the data you’ll going to have to install a MySQL compatible database and restore the big SQL file. This took me about 3 hours total FYI. You’ll probably want a graphical management tool, I’m using MySQL on Windows with a HeideSQL interface

For people who just want to know which sites were affected, here is a 10 meg torrent dump of the Freedom Hosting II master index database which shows which domains were active and such. In relatively friendly .csv format.

Since I’ve finally mounted all the databases, I’ve run a report arranging them by database size which should be of use for analysts. You can download this small CSV file here.

Tweet Archive