![Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 1](http://dontai.com/wp/wp-content/uploads/2017/12/pak-hack-m-1-300x129.png)
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 1
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G]
![Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], dialog box 1](http://dontai.com/wp/wp-content/uploads/2017/12/pak-hack-dbox-1.png)
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], dialog box 1
![Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], dialog box 2](http://dontai.com/wp/wp-content/uploads/2017/12/pak-hack-dbox-2.png)
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], dialog box 2
![Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 1, Pakistan-Zindabad.html](http://dontai.com/wp/wp-content/uploads/2017/12/pak-hack-m-1.png)
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 1, Pakistan-Zindabad.html
![Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 2, Pakistan-Zindabad.html](http://dontai.com/wp/wp-content/uploads/2017/12/pak-hack-m-2.png)
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 2, Pakistan-Zindabad.html
![Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 3, Pakistan-Zindabad.html](http://dontai.com/wp/wp-content/uploads/2017/12/pak-hack-m-3.png)
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 3, Pakistan-Zindabad.html
Here is the code for Pakistan-Zindabad.html:
<!Doctype html> <html> <head> <script>alert("Hacked By An0n 3xPloiTeR");</script> <script>alert("Team Pak Cyber Ghosts [P.C.G]");</script> <title> Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 </title> </head> <body bgcolor="black"> <center><br><br><br><br> <font size="30" color="red" face="calibri"> Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 </font><br> <font size="30" color="red" face="calibri"> Team Pak Cyber Ghosts [P.C.G]</font><iframe src="https://www.youtube.com/embed/nPGIdTAeOSg?rel=0&autoplay=1&loop=1&playlist=nPGIdTAeOSg" allowfullscreen="" frameborder="0" height="0" width="0"></iframe><body bgcolor="black"><center><script language="JavaScript1.2">function ejs_nodroit(){alert(' Pakistan Zindabad <3 ');return(false);}document.oncontextmenu = ejs_nodroit;</script><br><br><font size="5" color="white" face="calibri"> Pakistan Zindabad <quee></font><br></center> </body;/font><br><br><br><font size="5" color="white" face="calibri"> Greetz ~ <marquee width="80%"># Shariq Maik | # Prinxe Haxi | # An0n 3xPloiTeR | # Unknown | # Wahab Hacker | # Rizi Haxor | # 8R0K3N H34R7 | # CYB3R71 | # 3htisham | # And All Muslims</mar> </html>
The accompanying music is a iframe set to zero, so it will not display, and a link to a Youtube video “Aye Watan Pyare Watan PAK Watan” by Ustad Amanat Ali Khan. Translation help from Google
اے وطن، پیارے وطن، پاک وطن، پاک وطن اے میرے پیارے وطن اے وطن پیارے وطن |
O homeland, dear country, patriotism, patriotism O my beloved O my beloved homeland |
تجھ سے ہے میری تمناؤں کی دنیا پرنور عزم میرا قوی، میرے ارادے ہیں غیور میری ہستی میں انا ہے، میری مستی میں شعور جاں فزا میرا تخیل ہے تو شیریں ہے سخن اے میرے پیارے وطن |
You are from the world of my dreams My determination is my strength, my intentions I am in love with you, my consciousness If you have any imagination, then I will be happy O my beloved |
اے وطن، پیارے وطن، پاک وطن، پاک وطن اے میرے پیارے وطن اے وطن پیارے وطن |
O homeland, dear country, patriotism, patriotism O my beloved O my beloved homeland |
تو دل افروز بہاروں کا تر و تازہ چمن تو مہکتے ہوئے پھولوں کا سہانا گلشن تو نواریز انا دل کا بہاری مسکن رنگ و آہنگ سے معمور ترے کوہ و دمن اے میرے پیارے وطن |
So, the heartfelt flames of heartfelt spring So you have to spend the flowering flowers So, Anna, the daughter-in-law of the novice Exterior to color compassion O my beloved |
اے وطن، پیارے وطن، پاک وطن، پاک وطن اے میرے پیارے وطن اے وطن پیارے وطن |
O homeland, dear country, patriotism, patriotism O my beloved O my beloved homeland |
میرا دل تیری محبت کا ہے جاں بخش دیار میرا سینا تیری حرمت کا ہے سنگین حصار میرے محبوب وطن تجھ پہ اگر جاں ہو نثار میں یہ سمجھوں گا ٹھکانے لگا سرمایہ تن اے میرے پیارے وطن |
My heart is of love for you My love is a great part of your honesty Nisar, if my beloved homeland is on you I would understand that the investor would have stayed O my beloved |
اے وطن، پیارے وطن، پاک وطن، پاک وطن اے میرے پیارے وطن اے وطن پیارے وطن |
O homeland, dear country, patriotism, patriotism O my beloved O my beloved homeland |
Infected Files:
Directories:
Commission
elements
id
images
pee
PRO
pro
r3w
r3w_config
sym
tmpl
Files in public_html
1484309152.php
amylucas.txt
an.php
ananazne.txt
apollog2.txt
asecondm.txt
clearpb4.txt
cp6.php
humaniv2.txt
ihungitu.txt
islandk2.txt
jpchoice.txt
kojotene.txt
ml.php
obf.php
obf.php
Pakistan_Zindabad.html
pantseat.txt
pixelau0.txt
plecosco.txt
saywhatd.txt
secretd4.txt
shell-mix.php
tomandm2.txt
toor.php
toservet.txt
traynedb.txt
wp-admin/includes/Mlslisting/validate.php
wp-content/plugins/jetpack/_inc/lib/admin-pages/class.jetpack-react-page.php
wp-includes/ID3/module.audio-video.quicktime.php
x.php
Some Messages in the files
spyrusss.php SPY US V0.1 CRACKER CPANEL CRACKER
skullcp.php cPanel Cracker | Pak Cyber SKULLZ, pakcyberskull@gmail.com
mass.php WordPress Mass Deface By An0n 3xPloiTeR
cp6.php Obfuscation provided by FOPO – Free Online PHP Obfuscator: http://www.fopo.com.ar/
an.php Albanian Hackers
ak.php Config Killer | Dar3wz
Pakistan_Zindabad.html Hacked By An0n 3xPloiTeR Team Pak Cyber Ghosts [P.C.G] Hacked By An0n 3xPloiTeR And 8B0K3N H34R7
Team Pak Cyber Ghosts [P.C.G] Pakistan Zindabad # Shariq Maik | # Prinxe Haxi | # An0n 3xPloiTeR | # Unknown | # Wahab Hacker | # Rizi Haxor | # 8R0K3N H34R7 | # CYB3R71 | # 3htisham | # And All Muslims
validate.php kingolivercoopers@gmail.com
Here are the IP addresses Involved, searched with IBM X-Force
52.10.88.182 Amazon Technologies US
77.29.208.126 MT-ADSL MK Republic of Macedonia Macedonia
81.171.81.79 Mudhook Marketing Amsterdam NL Netherlands
83.229.17.146 SkyVision Network Services BF Burkino-Faso Burkino-Faso
103.15.233.132 Vodien Internet Solutions Pte Ltd SG Singapore Risk 2.9 spam
103.15.233.133 Vodien Internet Solutions Pte Ltd SG Singapore
105.0.233.24 NEOTEL ZA South Africa South Africa
105.13.62.11 CELLC ZA South Africa malware
154.118.68.203 Spectranet NG Nigeria Risk 5.7 spam malware
161.132.96.1 Red Cientifica Peruana PE Peru
178.175.22.105 PTK Telekomi i Kosovës AL Albania Albania Risk 5.7 spam
185.61.137.173 BLAZINGFAST-20140620 NL Netherlands
185.188.216.63 AL-NPSHISP-20170206 AL Albania
195.211.23.206 RU-NETBRIDGE-PI-20130606 RU Russia Risk 5.7 bots
197.211.63.144 Globacom Limited NG Nigeria Nigeria Risk 10 spam malware
198.50.128.202 OVH Risk 4.3 bots
198.54.113.88 NAMEC-4 Namecheap CA
200.219.247.172 GRAAL BANCO IBI S.A. Br Brazil Risk 5.7 spam
200.219.247.175 GRAAL BANCO IBI S.A. Br Brazil
213.174.123.194 Hub One SA Fr France
Most Common User Agents
Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0 176
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 43
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 23
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 19
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 13
Banning “20100101” would account for 68% of the UAs. Banning “62.0.3202.94” would account for another 23%. These UA’s however, are specific to this hack and are easily changed.
Cleaning
- Gain FTP access
- Have host do a scan and report of all suspect files
- Examine and remove all suspect files
- Have host do a final scan and unfreeze account
- Check site for damage
- Change passwords
- Reinstall WordPress