Arabic News site Durar Shamiya Hacked, 50,000 Accounts Leaked

opfuckmohammad-happy-new-year-pastebin-com_ A hacker @th3inf1d3l who has been leading an operation dubbed #OpFuckMohammad has today kept to a promise to leak over 50,000 accounts from a well known Arabic based website and its forum. The website is Durar Shamiya (https://eldorar.com) and the first hint that this leak was coming was yesterday when @th3inf1d3l leaked 3 other Arabic based sites in the name of the same operation #OpFuckMohammad. The announcement for the big leak was via twitter. > #OpFuckMohammad eldorar.com pastebin.com/yDFK5XEC1K breached accounts 54K emails leaked Happy New Years #anybody #infosec — th3inf1d3l (@th3inf1d3l) January 1, 2013

The leak has been done as a New years attack with the following message being in the leak announcement file. The actual leak data was uploaded to anonfiles.me in the format of a compressed file that is 3mb, when uncompressed it has a couple of txt and csv files with complete that amount to the complete website and its forums database. All users of the vbullentin forum hosted on eldorar.com appear to be effected from this breach @th3inf1d3l has also done a basic analyst of the leaked databases and can be found on pastebin or below.

OpFuckMohammad Greetings from th3inf1d3l - I welcome in the new year with eldorar.com, my second largest leak after IHYA.org, 54K emails including breached accounts. Some interesting tables are: DB eldorar_list, Table phplist_user_users: all accounts have NULL passwords DB eldorar_dev, Table site_users: all passwords are stored plaintext DB msalhuda_info, Table user: includes, email, hashed password, salt, ipaddress, msn, icq, skype, yahoo and homepage DB eldorar_project, Table project_comments: comments made by developer with ip of hast they logged on through DB eldorar_project, Table project_users: and the login details for the developer (hashed password) Site Details eldorar.com is 176.58.103.144 United Kingdom web application technology: PHP 5.3.3, Apache back-end DBMS: MySQL 5.0.11 vBulletin 4.1.3 Some login pages: https://eldorar.com/info/admincp/ NOTE: plaintext accounts work here but I haven't browsed it https://eldorar.com/VZX3b!q7aM_admin/login.php Leaked Data: All data is in a compressed file, eldorar.zip, which can be accessed at https://anonfiles.com/file/34025c585a5cdb65af0cc2c77a69e382. This file includes 1) dbs_and_tables.txt which lists the databases and tables of eldorar.com 2) columns: a listing of columns for all DBs I dumped 3) dump: all dumped data in csv format 4) condensed: condensed versions of interesting tables (only certain columns were saved) in csv format having the name table.csv.clean .csv.clean 5) emails.txt, emails.csv unique emails found and # of times unique email seen 6) pwds.txt, pwds.csv unique passwords found and # of time unique password seen Summary: I ran two scripts which summarize and condense the data. Output from condensing script DB: msalhuda_info wrote user.csv.clean: 1081 rows skipped forum.csv DB: eldorar_project wrote project_users.csv.clean: 3 rows wrote project_comments.csv.clean: 101 rows DB: eldorar_list wrote phplist_user_user.csv.clean: 51854 rows wrote phplist_user_blacklist.csv.clean: 10 rows wrote phplist_admin.csv.clean: 1 rows DB: media wrote 3elmy_users.csv.clean: 3 rows wrote 3elmy_webform_emails.csv.clean: 2 rows DB: eldorar_shamia wrote guest.csv.clean: 2 rows wrote mailing_list.csv.clean: 16 rows wrote contact.csv.clean: 10 rows wrote site_users.csv.clean: 12 rows wrote users.csv.clean: 4 rows skipped comment.csv skipped questions.csv DB: eldorar_tra wrote guest.csv.clean: 2 rows wrote mailing_list.csv.clean: 975 rows wrote contact.csv.clean: 29 rows wrote site_users.csv.clean: 12 rows wrote share.csv.clean: 23 rows wrote users.csv.clean: 4 rows DB: eldorar_3elmy wrote 3elmy_users.csv.clean: 3 rows DB: eldorar_mid wrote guest.csv.clean: 2 rows wrote mailing_list.csv.clean: 14 rows wrote contact.csv.clean: 10 rows wrote site_users.csv.clean: 12 rows wrote users.csv.clean: 4 rows DB: eldorar_market wrote phpbb_users.csv.clean: 68 rows skipped phpbb_forums.csv DB: eldorar_dev wrote guest.csv.clean: 2 rows wrote mailing_list.csv.clean: 27 rows wrote contact.csv.clean: 3 rows wrote site_users.csv.clean: 12 rows wrote share.csv.clean: 2 rows wrote users.csv.clean: 4 rows Output from summarization script (ran on uncondensed data): DB: msalhuda_info Table user.csv: 1089 total 1081 unique emails Table user.csv: 1081 total 1081 unique pwds 0 blank pwds Table forum.csv: 0 total 0 unique pwds 66 blank pwds DB: eldorar_project Table project_users.csv: 3 total 1 unique emails Table project_users.csv: 2 total 2 unique pwds 1 blank pwds DB: eldorar_list Table phplist_user_user.csv: 51854 total 51810 unique emails Table phplist_user_user.csv: 0 total 0 unique pwds 51854 blank pwds Table phplist_user_blacklist.csv: 10 total 0 unique emails Table phplist_admin.csv: 1 total 0 unique emails Table phplist_admin.csv: 1 total 1 unique pwds 0 blank pwds DB: media Table 3elmy_users.csv: 4 total 0 unique emails Table 3elmy_users.csv: 2 total 2 unique pwds 1 blank pwds Table 3elmy_webform_emails.csv: 2 total 0 unique emails DB: eldorar_shamia Table guest.csv: 1 total 1 unique emails Table mailing_list.csv: 16 total 14 unique emails Table contact.csv: 8 total 4 unique emails Table site_users.csv: 11 total 7 unique emails Table site_users.csv: 12 total 11 unique pwds 0 blank pwds Table users.csv: 2 total 0 unique emails Table users.csv: 4 total 4 unique pwds 0 blank pwds Table comment.csv: 10 total 5 unique emails DB: eldorar_tra Table guest.csv: 1 total 0 unique emails Table mailing_list.csv: 908 total 881 unique emails Table contact.csv: 21 total 15 unique emails Table site_users.csv: 11 total 0 unique emails Table site_users.csv: 12 total 0 unique pwds 0 blank pwds Table share.csv: 15 total 8 unique emails Table users.csv: 2 total 0 unique emails Table users.csv: 4 total 0 unique pwds 0 blank pwds DB: eldorar_3elmy Table 3elmy_users.csv: 4 total 0 unique emails Table 3elmy_users.csv: 2 total 0 unique pwds 1 blank pwds DB: eldorar_mid Table guest.csv: 1 total 0 unique emails Table mailing_list.csv: 14 total 0 unique emails Table contact.csv: 8 total 0 unique emails Table site_users.csv: 11 total 0 unique emails Table site_users.csv: 12 total 0 unique pwds 0 blank pwds Table users.csv: 2 total 0 unique emails Table users.csv: 4 total 3 unique pwds 0 blank pwds DB: eldorar_market Table phpbb_users.csv: 16 total 9 unique emails Table phpbb_users.csv: 16 total 16 unique pwds 52 blank pwds Table phpbb_forums.csv: 0 total 0 unique pwds 43 blank pwds DB: eldorar_dev Table guest.csv: 1 total 0 unique emails Table mailing_list.csv: 27 total 0 unique emails Table contact.csv: 3 total 0 unique emails Table site_users.csv: 11 total 0 unique emails Table site_users.csv: 12 total 0 unique pwds 0 blank pwds Table share.csv: 2 total 0 unique emails Table users.csv: 2 total 0 unique emails Table users.csv: 4 total 0 unique pwds 0 blank pwds 54071 total 53836 unique emails found 1168 total 1120 unique passwords found Happy New Year @th3inf1d3l

Lee Johnstone

Lee Johnstone

Information Security Data Analyst, Investigative Journalist, Technology Lover, Mechanic.

Read More
Arabic News site Durar Shamiya Hacked, 50,000 Accounts Leaked
Share this

Subscribe to Cyber War News