Anyway, for those who do not know already, I've been hosting h4cky0u on a VPS as a temporarry thing, and yesterday they got hacked in a very secure environment. I have narrowed the hack to an 0day in HyperVM.

BASIC SETUP:
- uploading disabled(PHP)
- chroot environment(no access to system binaries, perl, ect...)
- heck load of php functions disabled
- no ftp, sendmail ect... only had HTTPD running

I found a shell chown'd as root:root which does not happen unless you upload via root or from a GUI/Panel like HyperVM. When I attempted to log into HyperVM, I noticed that the password was changed and noticed a lot of strange IPs had accessed the system.

I've not had the chance to document this hack completely, but all I am pretty damn sure that the hack did start from the HypderVM Panel.
Viz0n Reviewed by Viz0n on . 0day HyperVM Alert Anyway, for those who do not know already, I've been hosting h4cky0u on a VPS as a temporarry thing, and yesterday they got hacked in a very secure environment. I have narrowed the hack to an 0day in HyperVM. BASIC SETUP: - uploading disabled(PHP) - chroot environment(no access to system binaries, perl, ect...) - heck load of php functions disabled - no ftp, sendmail ect... only had HTTPD running I found a shell chown'd as root:root which does not happen unless you upload via root or Rating: 5