CuteNews
Checking for the target CuteNews instance after making a manual system enumeration
/Play/BBScute/4-Post_Enumeration/attachments/{FEE307FD-494A-4A08-9801-18421FDE9E42}.png)
While checking for DB credential, I found something interesting about CuteNews
One of the key sales points that cutenews promotes is its feature to not having to rely on a SQL based DB unlike a traditional CMS would.
While that may be a good feature for some, it makes me wonder how the app would store user data
www-data@cute:/var/www/html$ ll core
ll core
total 232K
4.0K drwxrwxr-x 9 www-data users 4.0K Sep 18 2020 .
0 -rw-r--r-- 1 root root 0 Sep 18 2020 index.html
4.0K drwxr-xr-x 9 www-data users 4.0K Sep 18 2020 ..
4.0K -rw------- 1 www-data users 2.2K Apr 29 2019 init.php
4.0K drwxrwxr-x 3 www-data users 4.0K Aug 20 2018 captcha
4.0K drwxrwxr-x 6 www-data users 4.0K Aug 20 2018 ckeditor
124K -rw-rw-r-- 1 www-data users 123K Aug 20 2018 core.php
4.0K drwxrwxr-x 2 www-data users 4.0K Aug 20 2018 db
8.0K -rw-rw-r-- 1 www-data users 7.0K Aug 20 2018 downloader.php
4.0K drwxrwxr-x 2 www-data users 4.0K Aug 20 2018 includes
4.0K drwxrwxr-x 2 www-data users 4.0K Aug 20 2018 lang
4.0K drwxrwxr-x 3 www-data users 4.0K Aug 20 2018 modules
28K -rw-rw-r-- 1 www-data users 28K Aug 20 2018 news.php
16K -rw-rw-r-- 1 www-data users 13K Aug 20 2018 security.php
4.0K drwxrwxr-x 2 www-data users 4.0K Aug 20 2018 tools
4.0K -rw-rw-r-- 1 www-data users 2.8K Aug 20 2018 update_indexes_tool.php
12K -rw-rw-r-- 1 www-data users 11K Aug 20 2018 zip.class.php
www-data@cute:/var/www/html$ ll core/db
ll core/db
total 48K
4.0K drwxrwxr-x 9 www-data users 4.0K Sep 18 2020 ..
4.0K drwxrwxr-x 2 www-data users 4.0K Aug 20 2018 .
40K -rw-rw-r-- 1 www-data users 40K Aug 20 2018 coreflat.phpInterestingly, there is a directory named, core/db, which contains a single PHP file; coreflat.php
www-data@cute:/var/www/html$ cat coreflat.php
<?php if (!defined('EXEC_TIME')) { die('Access restricted'); }
[...REDACTED...]
// since 2.0: Check users exists. If no, require install script
function db_installed_check()
{
$is_dir = SERVDIR.DIRECTORY_SEPARATOR.'cdata';
$cfile = false;
if (is_dir($is_dir) && is_writable($is_dir)) {
$cfile = cn_touch(SERVDIR. path_construct('cdata', 'users.txt'));
}
if (empty($cfile) || filesize($cfile) < 4) {
cn_require_install();
}
return TRUE;
}
[...REDACTED...]Upon inspection, I noticed that a lot of functions feature the following arguments as a serving directory and file
- cdata
- users.txt
cdata
www-data@cute:/var/www/html$ ll cdata
ll cdata
total 100K
4.0K drwxrwxrwx 2 www-data users 4.0K Apr 29 15:22 users
4.0K drwxrwxrwx 11 www-data users 4.0K Apr 29 15:22 .
4.0K -rw-r--r-- 1 www-data www-data 45 Apr 29 15:22 users.txt
28K -rw-r--r-- 1 www-data www-data 28K Apr 29 14:26 conf.php
4.0K drwxrwxrwx 2 www-data users 4.0K Apr 29 14:26 news
0 -rw-r--r-- 1 root root 0 Sep 18 2020 index.html
4.0K drwxr-xr-x 9 www-data users 4.0K Sep 18 2020 ..
4.0K -rw-rw-rw- 1 www-data users 2.1K Aug 20 2018 Default.tpl
4.0K -rw-rw-rw- 1 www-data users 1.7K Aug 20 2018 Headlines.tpl
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 archives
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 auto_archive.db.php
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 backup
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 btree
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 cache
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 cat.num.php
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 category.db.php
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 comments.txt
4.0K -rw-rw-rw- 1 www-data users 1.7K Aug 20 2018 config.php
4.0K -rw-rw-rw- 1 www-data users 15 Aug 20 2018 confirmations.php
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 csrf.php
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 flood.db.php
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 idnews.db.php
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 installed.mark
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 ipban.db.php
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 log
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 news.txt
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 newsid.txt
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 plugins
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 postponed_news.txt
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 replaces.php
4.0K -rw-rw-rw- 1 www-data users 564 Aug 20 2018 rss.tpl
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 rss_config.php
4.0K drwxrwxrwx 2 www-data users 4.0K Aug 20 2018 template
0 -rw-rw-rw- 1 www-data users 0 Aug 20 2018 unapproved_news.txt
4.0K -rw-rw-rw- 1 www-data users 58 Aug 20 2018 users.db.php
www-data@cute:/var/www/html$ ll cdata/user
ll cdata/user
ls: cannot access 'cdata/user': No such file or directory
www-data@cute:/var/www/html$ ll cdata/users
ll cdata/users
total 256K
4.0K drwxrwxrwx 2 www-data users 4.0K Apr 29 15:22 .
4.0K -rw-r--r-- 1 www-data www-data 513 Apr 29 15:22 af.php
4.0K drwxrwxrwx 11 www-data users 4.0K Apr 29 15:22 ..
4.0K -rw-r--r-- 1 www-data www-data 113 Apr 29 15:22 0d.php
4.0K -rw-r--r-- 1 www-data www-data 161 Apr 29 15:22 c7.php
4.0K -rw-r--r-- 1 www-data www-data 513 Apr 29 14:43 ef.php
4.0K -rw-r--r-- 1 www-data www-data 129 Apr 29 14:43 38.php
4.0K -rw-r--r-- 1 www-data www-data 113 Apr 29 14:43 53.php
4.0K -rw-r--r-- 1 www-data www-data 153 Apr 29 14:41 5d.php
4.0K -rw-r--r-- 1 www-data www-data 189 Apr 29 14:38 37.php
4.0K -rw-r--r-- 1 www-data www-data 409 Apr 29 14:38 8f.php
4.0K -rw-r--r-- 1 www-data www-data 137 Apr 29 14:38 fc.php
4.0K -rw-r--r-- 1 www-data www-data 605 Jan 20 2021 0c.php
4.0K -rw-r--r-- 1 www-data www-data 101 Jan 20 2021 09.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 23 2020 d1.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 23 2020 15.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 23 2020 51.php
4.0K -rw-r--r-- 1 www-data www-data 429 Sep 23 2020 50.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 23 2020 3a.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 23 2020 0b.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 23 2020 1b.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 23 2020 43.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 23 2020 ac.php
4.0K -rw-r--r-- 1 www-data www-data 157 Sep 23 2020 b7.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 82.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 18 2020 01.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 cd.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 87.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 18 2020 22.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 79.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 a7.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 31.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 28.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 dd.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 7b.php
4.0K -rw-r--r-- 1 www-data www-data 205 Sep 18 2020 76.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 74.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 05.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 52.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 54.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 42.php
4.0K -rw-r--r-- 1 www-data www-data 77 Sep 18 2020 6e.php
4.0K -rw-r--r-- 1 www-data www-data 237 Sep 18 2020 91.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 75.php
4.0K -rw-r--r-- 1 www-data www-data 185 Sep 18 2020 0f.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 2e.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 b8.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 18 2020 24.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 44.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 18 2020 ec.php
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 18 2020 ff.php
4.0K -rw-r--r-- 1 www-data www-data 153 Sep 18 2020 e3.php
0 -rw-r--r-- 1 root root 0 Sep 18 2020 index.html
4.0K -rw-r--r-- 1 www-data www-data 137 Sep 17 2020 48.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 17 2020 ba.php
4.0K -rw-r--r-- 1 www-data www-data 129 Sep 17 2020 5c.php
4.0K -rw-r--r-- 1 www-data www-data 113 Sep 17 2020 99.php
4.0K -rw-r--r-- 1 www-data www-data 109 Sep 17 2020 6d.php
4.0K -rw-r--r-- 1 www-data www-data 129 Sep 17 2020 e5.php
4.0K -rw-r--r-- 1 www-data www-data 109 Sep 17 2020 08.php
4.0K -rw-r--r-- 1 www-data www-data 125 Sep 17 2020 d6.php
4.0K -rw-r--r-- 1 www-data www-data 109 Sep 17 2020 e8.php
4.0K -rw-r--r-- 1 www-data www-data 109 Sep 17 2020 62.php
4.0K -rw-r--r-- 1 www-data www-data 45 Sep 17 2020 d4.php
4.0K -rw-r--r-- 1 www-data www-data 117 Sep 17 2020 be.php
0 -rw-r--r-- 1 www-data www-data 0 Sep 17 2020 users.txtAnother sub-directory within the cdata directory; users
Serialized User Data
www-data@cute:/var/www/html/cdata/users$ cat 91.php
<?php die('Direct call - access denied'); ?>
YToyOntzOjU6ImVtYWlsIjthOjE6e3M6MTY6ImZveEB0aGVicmFpbi5uZXQiO3M6MTE6ImNhbGlwZW5kdWxhIjt9czo0OiJuYW1lIjthOjE6e3M6MTY6ImZveEB0aGVicmFpbi5uZXQiO2E6MTp7czozOiJiYW4iO3M6MTA6IjE2MDAzNjI0NzIiO319fQ==
www-data@cute:/var/www/html/cdata/users$ echo YToyOntzOjU6ImVtYWlsIjthOjE6e3M6MTY6ImZveEB0aGVicmFpbi5uZXQiO3M6MTE6ImNhbGlwZW5kdWxhIjt9czo0OiJuYW1lIjthOjE6e3M6MTY6ImZveEB0aGVicmFpbi5uZXQiO2E6MTp7czozOiJiYW4iO3M6MTA6IjE2MDAzNjI0NzIiO319fQ== | base64 -d
echo YToyOntzOjU6ImVtYWlsIjthOjE6e3M6MTY6ImZveEB0aGVicmFpbi5uZXQiO3M6MTE6ImNhbGlwZW5kdWxhIjt9czo0OiJuYW1lIjthOjE6e3M6MTY6ImZveEB0aGVicmFpbi5uZXQiO2E6MTp7czozOiJiYW4iO3M6MTA6IjE2MDAzNjI0NzIiO319fQ== | base64 -d
a:2:{s:5:"email";a:1:{s:16:"fox@thebrain.net";s:11:"calipendula";}s:4:"name";a:1:{s:16:"fox@thebrain.net";a:1:{s:3:"ban";s:10:"1600362472";}}}Heading into the cdata/users directory, I see many PHP files containing what appears to be serialized user data in the base64 format. This just might be how CuteNews stores user data.
So I got one of the files decoded from base64
The result indeed confirms that those PHP files are user data
I will go ahead and decode all the serialized user data
Deserialization
www-data@cute:/var/www/html/cdata/users$ grep -ao '[A-Za-z0-9+/=]\{20,\}' *.php | cut -d ':' -f2 | base64 -d
a:1:{s:2:"id";a:1:{i:1600442702;s:10:"FPONcUwQbH";}}a:1:{s:4:"name";a:0:{}}a:1:{s:2:"id";a:1:{i:1600362588;s:7:"peppe12";}}a:1:{s:2:"id";a:1:{i:1611157659;s:1:"a";}}a:1:{s:4:"name";a:0:{}}a:1:{s:4:"name";a:1:{s:1:"a";a:11:{s:2:"id";s:10:"1611157659";s:4:"name";s:1:"a";s:3:"acl";s:1:"4";s:5:"email";s:9:"a@lol.com";s:4:"nick";s:1:"a";s:4:"pass";s:64:"07123e1f482356c415f684407a3b8723e10b2cbbc0b8fcd6282c49d37c9c1abc";s:3:"lts";s:10:"1611158212";s:3:"ban";s:1:"0";s:4:"more";s:60:"YToyOntzOjQ6InNpdGUiO3M6MDoiIjtzOjU6ImFib3V0IjtzOjA6IiI7fQ==";s:6:"avatar";s:21:"avatar_a_hfckmdfd.php";s:6:"e-hide";s:0:"";}}}a:1:{s:2:"id";a:1:{i:1745932965;s:8:"slfgYniE";}}a:2:{s:5:"email";a:1:{s:14:"peppe2@hack.me";s:6:"peppe2";}s:2:"id";a:1:{i:1600438447;s:10:"LhXjL1X6Um";}}a:1:{s:5:"email";a:1:{s:18:"W529z9VMWk@hack.me";s:10:"W529z9VMWk";}}a:1:{s:2:"id";a:1:{i:1600871996;s:10:"rwTVBYsJzv";}}a:1:{s:2:"id";a:1:{i:1600442480;s:10:"DrtBEHomxS";}}a:1:{s:2:"id";a:1:{i:1600438306;s:10:"olC1VyEjDi";}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:18:"LhXjL1X6Um@hack.me";s:10:"LhXjL1X6Um";}}a:1:{s:4:"naa:1:{s:2:"id";a:1:{i:1600442702;s:10:"FPONcUwQbH";}}a:1:{s:4:"name";a:0:{}}a:1:{s:2:"id";a:1:{i:1600362588;s:7:"peppe12";}}a:1:{s:2:"id";a:1:{i:1611157659;s:1:"a";}}a:1:{s:4:"name";a:0:{}}a:1:{s:4:"name";a:1:{s:1:"a";a:11:{s:2:"id";s:10:"1611157659";s:4:"name";s:1:"a";s:3:"acl";s:1:"4";s:5:"email";s:9:"a@lol.com";s:4:"nick";s:1:"a";s:4:"pass";s:64:"07123e1f482356c415f684407a3b8723e10b2cbbc0b8fcd6282c49d37c9c1abc";s:3:"lts";s:10:"1611158212";s:3:"ban";s:1:"0";s:4:"more";s:60:"YToyOntzOjQ6InNpdGUiO3M6MDoiIjtzOjU6ImFib3V0IjtzOjA6IiI7fQ==";s:6:"avatar";s:21:"avatar_a_hfckmdfd.php";s:6:"e-hide";s:0:"";}}}a:1:{s:2:"id";a:1:{i:1745932965;s:8:"slfgYniE";}}a:2:{s:5:"email";a:1:{s:14:"peppe2@hack.me";s:6:"peppe2";}s:2:"id";a:1:{i:1600438447;s:10:"LhXjL1X6Um";}}a:1:{s:5:"email";a:1:{s:18:"W529z9VMWk@hack.me";s:10:"W529z9VMWk";}}a:1:{s:2:"id";a:1:{i:1600871996;s:10:"rwTVBYsJzv";}}a:1:{s:2:"id";a:1:{i:1600442480;s:10:"DrtBEHomxS";}}a:1:{s:2:"id";a:1:{i:1600438306;s:10:"olC1VyEjDi";}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:18:"LhXjL1X6Um@hack.me";s:10:"LhXjL1X6Um";}}a:1:{s:4:"name";a:0:{}}a:2:{s:5:"email";a:1:{s:15:"peppe23@hack.me";s:7:"peppe23";}s:2:"id";a:1:{i:1745930304;s:10:"IZ5EMM8HYP";}}a:1:{s:5:"email";a:1:{s:16:"lEggXN9l@foo.com";s:8:"lEggXN9l";}}a:1:{s:4:"name";a:0:{}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:18:"rwTVBYsJzv@hack.me";s:10:"rwTVBYsJzv";}}a:1:{s:5:"email";a:1:{s:18:"jThbnXurMj@hack.me";s:10:"jThbnXurMj";}}a:1:{s:5:"email";a:1:{s:18:"3IFl1q22u1@hack.me";s:10:"3IFl1q22u1";}}a:1:{s:4:"name";a:1:{s:11:"calipendula";a:7:{s:2:"id";s:10:"1600356845";s:4:"name";s:11:"calipendula";s:3:"acl";s:1:"1";s:5:"email";s:16:"fox@thebrain.net";s:4:"pass";s:64:"71847250e258da4dccec75687f769916bfaf8628fe0ff00cf253387c11e400f8";s:3:"lts";s:10:"1600872170";s:3:"ban";s:1:"0";}}}a:1:{s:2:"id";a:1:{i:1600872199;s:10:"W529z9VMWk";}}a:1:{s:4:"name";a:0:{}}a:1:{s:2:"id";a:1:{i:1745930594;s:8:"lEggXN9l";}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:16:"peppe231@hack.me";s:8:"peppe231";}}a:1:{s:4:"name";a:1:{s:14:"CVE-2019-11447";a:1:{s:3:"ban";s:10:"1745930515";}}}a:1:{s:2:"id";a:1:{i:1600357266;s:5:"peppe";}}a:1:{s:2:"id";a:1:{i:1600362737;s:6:"peppe2";}}a:1:{s:4:"name";a:0:{}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:18:"3XdnovVnUH@hack.me";s:10:"3XdnovVnUH";}}a:2:{s:5:"email";a:2:{s:13:"peppe@hack.me";s:5:"peppe";s:18:"olC1VyEjDi@hack.me";s:10:"olC1VyEjDi";}s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:18:"DrtBEHomxS@hack.me";s:10:"DrtBEHomxS";}}a:1:{s:4:"name";a:0:{}}a:1:{s:4:"name";a:0:{}}a:2:{s:2:"id";a:1:{i:1600438763;s:10:"3XdnovVnUH";}s:4:"name";a:0:{}}a:1:{s:4:"name";a:1:{s:10:"IZ5EMM8HYP";a:6:{s:2:"id";s:10:"1745930304";s:4:"name";s:10:"IZ5EMM8HYP";s:3:"acl";s:1:"4";s:5:"email";s:18:"IZ5EMM8HYP@hack.me";s:4:"nick";s:10:"IZ5EMM8HYP";s:4:"pass";s:64:"fbbcf0d848e95baaa3dcb102a4266ed18a0697a63b93b6ba672c27dfb0d00d44";}}}a:2:{s:5:"email";a:1:{s:16:"fox@thebrain.net";s:11:"calipendula";}s:4:"name";a:1:{s:16:"fox@thebrain.net";a:1:{s:3:"ban";s:10:"1600362472";}}}a:1:{s:2:"id";a:1:{i:1600362937;s:8:"peppe231";}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:18:"WnX5xhM1oa@hack.me";s:10:"WnX5xhM1oa";}}a:1:{s:4:"name";a:1:{s:8:"slfgYniE";a:9:{s:2:"id";s:10:"1745932965";s:4:"name";s:8:"slfgYniE";s:3:"acl";s:1:"4";s:5:"email";s:16:"slfgYniE@foo.com";s:4:"nick";s:8:"slfgYniE";s:4:"pass";s:64:"6a2ea15b40994e9bb409f4bbc181c523fde235852b15ea14b190045f3f9b33af";s:4:"more";s:4:"Tjs=";s:6:"avatar";s:28:"avatar_slfgYniE_slfgYniE.php";s:6:"e-hide";s:0:"";}}}a:1:{s:2:"id";a:2:{i:1600438411;s:10:"sHZx0qwFX3";i:1600871962;s:10:"WnX5xhM1oa";}}a:1:{s:5:"email";a:1:{s:18:"sHZx0qwFX3@hack.me";s:10:"sHZx0qwFX3";}}a:1:{s:2:"id";a:1:{i:1600363490;s:10:"3IFl1q22u1";}}a:1:{s:2:"id";a:1:{i:1600356845;s:11:"calipendula";}}a:1:{s:5:"email";a:2:{s:9:"a@lol.com";s:1:"a";s:16:"slfgYniE@foo.com";s:8:"slfgYniE";}}a:1:{s:5:"email";a:1:{s:18:"FPONcUwQbH@hack.me";s:10:"FPONcUwQbH";}}a:1:{s:4:"name";a:0:{}}a:1:{s:5:"email";a:1:{s:14:"peppe1@hack.me";s:6:"peppe1";}}a:1:{s:4:"name";a:0:{}}a:1:{s:2:"id";a:2:{i:1600362787;s:7:"peppe23";i:1600437975;s:10:"MwewYMJX9A";}}a:1:{s:5:"email";a:1:{s:15:"peppe12@hack.me";s:7:"peppe12";}}a:1:{s:2:"id";a:1:{i:1600362513;s:6:"peppe1";}}a:1:{s:2:"id";a:1:{i:1600438264;s:10:"jThbnXurMj";}}a:1:{s:4:"name";a:1:{s:8:"lEggXN9l";a:9:{s:2:"id";s:10:"1745930594";s:4:"name";s:8:"lEggXN9l";s:3:"acl";s:1:"4";s:5:"email";s:16:"lEggXN9l@foo.com";s:4:"nick";s:8:"lEggXN9l";s:4:"pass";s:64:"62206abc6301a0ff1cf4b3b34d53e4f8022eb5ab6f51d2904280b6942b3e821b";s:4:"more";s:4:"Tjs=";s:6:"avatar";s:28:"avatar_lEggXN9l_lEggXN9l.php";s:6:"e-hide";s:0:"";}}}a:1:{s:5:"email";a:1:{s:18:"IZ5EMM8HYP@hack.me";s:10:"IZ5EMM8HYP";}}a:1:{s:5:"email";a:1:{s:18:"MwewYMJX9A@hack.me";s:10:"MwewYMJX9A";}}While all the deserialized data appear very much confusing, I will list those password hashes;
nick:07123e1f482356c415f684407a3b8723e10b2cbbc0b8fcd6282c49d37c9c1abccalipendula:71847250e258da4dccec75687f769916bfaf8628fe0ff00cf253387c11e400f8
Password Cracking
/Play/BBScute/4-Post_Enumeration/attachments/{D862CF9A-7274-4DC1-842E-D1D18A117127}.png)
Using crackstation.net, one password hash was cracked; lol
It belongs to the nick user
N/A