Anonymous latest attack on Freedom Hosting 2 in Dark Net

Recently on randomly exploring the dark net found that there is another big show done by the hack team anonymous again by taking down Freedom Hosting 2 in Dark Net

The Comedy part was they explained how they done that 😀

Read more to know how they done that.

This was original content from the site 

Hello Freedom Hosting II, you have been hacked

We are disappointed… This is an excerpt from your front page ‘We have a zero tolerance policy to child pornography.’ – but what we found while searching through your server is more than 50% child porn…

Moreover you host many scam sites, some of which are evidently run by yourself to cover hosting expenses.

All your files have been copied and your database has been dumped. (74GB of files and 2.3GB of database)

Up to January 31st you were hosting 10613 sites. Private keys are included in the dump. Show full list

We are Anonymous. We do not forgive. We do not forget. You should have expected us.

Thanks for your patience, you don’t have to buy data 😉 we made a torrent of the database dump download here

Here another torrernt with all system files (excluding user data) download

You may still donate BTC to 14iCDyeCSp12AmhVfJGxtrzXDabFop4QtU and support us.

If you need to get in contact with us, our mail is [email protected]

We repeatedly get asked how we got into the system. It was surprisingly easy. Here is how we did it: HOW TO HACK FH2

Edit: couldn’t reply to clearnet – new mail

Edit2: database dump added

Edit3: added instructions on how we got into the system

Edit4: system files added

 

Ha ha ha

all the links above were onion sites so you can’t see them in normal browser.

Here is the steps they mentioned in one of the link above

here is how we did it:

1. create a new site or login to an old one
2. login and set sftp password
3. login via sftp and create a symlink to /
4. disable DirectoryIndex in .htaccess
5. enable mod_autoindex in .htaccess
6. disable php engine in .htaccess
7. add text/plain type for .php files in .htaccess
8. have fun browsing files
9. find /home/fhosting
10. look at the content of the index.php file in /home/fhosting/www/
11. find configuration in /home/fhosting/www/_lbs/config.php
12. copy paste database connection details to phpmyadmin login
13. find active users with shell access in /etc/passwd
14. look through the scripts and figure out how password resets work
15. manually trigger a sftp password reset for the user 'user'
16. connect via ssh
17. run 'sudo -i'
18. edit ssh config in /etc/ssh/sshd_config to allow root login
19. run 'passwd' to set root password
20. reconnect via ssh as root
21. enjoy