www.nic.py [.py registrar] RCE vulnerablity

Last year, in 2013 we defaced some top domains of Turkmenistan and leaked its costumer users and passwords, after that we did same thing to Sri lanka nic. We accepted that it was such a vandalism, leaking personal information, although shows vulnerability which is the shame for a nic, it endangers many people and companies.[ we are not anoymous , we do forgive , we do forget , do not expect us :D ]
Now in 2014 we saw something more and more interesting, is RCE acceptable in 2k14 for a nic which storing governmental and high profiles domains and all other .py domains ?!
Should another anonymous or hacktivist leak persons who trust nic.py informations ?!








Well our commands run successfully but is that all ? troll NO
Linux sdi.cnc.una.py 2.6.26-2-openvz-amd64 #1 SMP Tue Aug 31 09:54:44 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
WOW 2010 kernel ! thats fantastic, by executing simple localroot exploit we are able to gain root access and cp all data on server but that is not necessary, admin have set inappropriate permissions on all directories which made us capable of browsing everywhere and reading any file.
However, does really admin care ? I don’t think so!!!







For roughly 5 years he haven’t removed deface page or fixed vulnerability. Absorbing!

conclusion : I wish I could leak his mother’s picture

Updated: We didn’t want to leak the information of nic.py. However, in the Paraguay country it’s said that there wasn’t any hack… we are forced to leak some information in order to prove our claim. All information gathered through access is available at Information leakage.

  1. Otra historia del CNC/NICPY | Hackpy - pingback on February 21, 2014 at 8:48 am
  2. Nic.Py · Hack y demás - #NekitoBlack - pingback on February 22, 2014 at 9:19 pm
  3. Google Paraguay Hacked | The P0ison News - pingback on February 25, 2014 at 4:27 pm
  4. Hi from Paraguay bro.

Leave a Comment

six + = 9

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackbacks and Pingbacks: