Read This 1st

A Hacker Called "Zonta" Busted by CID about 3 weeks ago but they didnt arrest him because he was having his A/L examz at that time . CID gave a notice to visit CID Branch after the A/L's . The Day 31th of Aug "Zonta" When to CID Branch and All CID Agents were very Kind to him .

Agent "***********" is the agent who was in in-charge on this case . He was every Impressed with the Hacker's Knowledge Eventho he hacked Sri Lakan Gov Website. After writing his statement he was produced court and everything was calmly finished without any jail time or any Bail

That's the real story

But in new today

http://a.imagehost.org/0118/Untitled-1_6.jpg


But In the Real, Zonta Didnt change anything on the website .. he only upload a Defacement Page and Gave Warrning That this website is Vnl To Hack ..

:dull::dull::dull::dull::dull::dull::dull::dull:




Why News Papers Lie soo much ??????????????????:no::no::no::no::no::no::no::no: :no::no::no::no::no:

:angry::angry::angry::angry::angry::angry::angry:: angry::angry::angry::angry::angry::angry::angry::a ngry::angry::angry::angry:

:Swhat did he do
:S
???

:confused::confused::confused::confused:

pattane!!matath asai try parak danna!!hehe...

mokakda ban meka?

Ammatahudu
Budu ammo baye be
Thanxxxxxxxxxx 4 de info

Ammatahudu
Budu ammo baye be
Thanxxxxxxxxxx 4 de info

ai ban baya wenne???lolsan:lol::lol::lol:

dude..how did thy trace himm...lol he should use VPNz and stff na./.........

Yes true ZonTa Didn't change anything on that website. He have put only the Defacement page and he told that site vnl to hacked. I don't know why these media people always lie. Why can't they tell the truth.

Blody Mfs i hate the media dam fools

Media eken hemadamth kiyanne boru.

moka laksha 10k???

meka boruwak wenne aththi

lol then Zonta is a kid! :lol:

:oo::eek:

Read This 1st

A Hacker Called "Zonta" Busted by CID about 3 weeks ago but they didnt arrest him because he was having his A/L examz at that time . CID gave a notice to visit CID Branch after the A/L's . The Day 31th of Aug "Zonta" When to CID Branch and All CID Agents were very Kind to him .

Agent "I.P Senarathna" is the agent who was in in-charge on this case . He was every Impressed with the Hacker's Knowledge Eventho he hacked Sri Lakan Gov Website. After writing his statement he was produced court and everything was calmly finished without any jail time or any Bail

But In the Real, Zonta Didnt change anything on the website .. he only upload a Defacement Page and Gave Warrning That this website is Vnl To Hack ..

:dull::dull::dull::dull::dull::dull::dull::dull:


Why News Papers Lie soo much ??????????????????:no::no::no::no::no::no::no::no: :no::no::no::no::no:

:angry::angry::angry::angry::angry::angry::angry:: angry::angry::angry::angry::angry::angry::angry::a ngry::angry::angry::angry:


Ya some of us including me was surprised by this sudden attack on the WPC website. Since it was at the end of war, I thought it must be done by some canadian *%@#!! LTTE supporter. But no, then I got to know about Zonta, who pretty much like ZeroThunder is a kid who is just very curious about hacking stuff. Nothing wrong there. most of us are or were at some stage.

I posted this incident on elakiri out of interest earlier
http://www.elakiri.com/forum/showthread.php?t=188735

Anyway what Zonta did may have been sort of an experiment, which it seems eventually had backfired on him. I think i can guess how he did the hack attack.

Pls bear in mind hacking innocent websites that are useful to people, especially as Sri Lankans, defacing a government website is not at all approved :dull:

So pls do not try your script kiddie activities on our national sites.

Okay so here's what I think Zonta got up to :P

Zonta used Shell Upload attack to gain access to the WPC site. You don't need to be so clever for this.
The attacker uses a google dork to find potentially vulnerable websites:
so he/she goes to Google and types:
inurl:upload.php

Or go to Advanced Search, select 'Date, usage rights, numeric range, and more' and set 'Region:' to Sri Lanka and then use the Google dork

you will get a list of SL sites that will probably let you upload files. not all of them are vulnerable. some are. what's common about these sites is that they provide file upload services to users. some of them already got hacked by our curious SL hacking enthusiasts!

so you go to such a site, check the way it lets you upload files and if you know what you are doing you can guess whether it's vulnerable. You simple find an r57, c99, c100 etc.. shell and upload it. and that's all!

in Zonta's case, he seems to have uploaded a c100 shell. When uploaded to a site and then when accessed, the php script in those uploaded files gets executed and you get a shell prompt into the server where you can manipulate the website. for example you can replace the index file with your hack sigi.

you don't always have to upload this malicious file (shell script) in php format. there are some other formats that servers still identify the php code in. not jpg, no that rarely works.

you have to check the file type if you are offering file uploading services. and make the file go through proper validations to see through disguises (malicious scripts in the file etc..). i am still learning about building a proper file upload function and how to make it more secure. a colleague of mine told me that file mime type check alone is not enough as it's set by the client side, therefore can be forged. anyway this para was only for those interested web app developers. read on..

although WPC have now taken off that mistake of its site, which was their website's file upload section (upload.php), i was still able to find it in google cache until recently. so my doubt was a bit more confirmed. you can't see that cache anymore...

anyway here's what you can see now on a google search:
http://i27.tinypic.com/e5idc5.jpg

surprised why Zonta didnt use any proxies. but then again maybe he did...

Proud of our skilled investigators! ;)

mamath dakka eth news walath kivuve courts walin 1 million rupees bail eka one kiyala

I really respect him if he would be a ethical hacker.

I forward this post to the Lankadeepa Editor.

Media eken hemadamth kiyanne boru.
:yes::growl:

uu niyama hacker keneknam gedara internet line eka pavicchi karala web sites hack karanna tharam modayek nemeine?

Z0nta got heavy reputation on 1nj3ct.in [also closed], may b z0nta showoff to much.

what is da point?,

i can c sum1 haz read this post too..

http://www.hackforums.net/archive/index.php/thread-82610.html

Oh God

Lankawata hire ganawata wada ungen weda ganna puluwan.

http://www.speedtest.net/result/554579779.png (http://www.speedtest.net)
aparade

muta kiyala tamilnet eka hack korawanna tiyenne.... oya wage eungen wadak ganna ona.. nikan tiyanna hoda na.

muta kiyala tamilnet eka hack korawanna tiyenne.... oya wage eungen wadak ganna ona.. nikan tiyanna hoda na.


yes machan

Lankaweth innawa ne patta porawal....... ela ela....

next time mattu nowenna karanna try ekak denna.....

hapoi........

tx 4 info.......

Ya some of us including me was surprised by this sudden attack on the WPC website. Since it was at the end of war, I thought it must be done by some canadian *%@#!! LTTE supporter. But no, then I got to know about Zonta, who pretty much like ZeroThunder is a kid who is just very curious about hacking stuff. Nothing wrong there. most of us are or were at some stage.

I posted this incident on elakiri out of interest earlier
http://www.elakiri.com/forum/showthread.php?t=188735

Anyway what Zonta did may have been sort of an experiment, which it seems eventually had backfired on him. I think i can guess how he did the hack attack.

Pls bear in mind hacking innocent websites that are useful to people, especially as Sri Lankans, defacing a government website is not at all approved :dull:

So pls do not try your script kiddie activities on our national sites.

Okay so here's what I think Zonta got up to :P

Zonta used Shell Upload attack to gain access to the WPC site. You don't need to be so clever for this.
The attacker uses a google dork to find potentially vulnerable websites:
so he/she goes to Google and types:
inurl:upload.php

Or go to Advanced Search, select 'Date, usage rights, numeric range, and more' and set 'Region:' to Sri Lanka and then use the Google dork

you will get a list of SL sites that will probably let you upload files. not all of them are vulnerable. some are. what's common about these sites is that they provide file upload services to users. some of them already got hacked by our curious SL hacking enthusiasts!

so you go to such a site, check the way it lets you upload files and if you know what you are doing you can guess whether it's vulnerable. You simple find an r57, c99, c100 etc.. shell and upload it. and that's all!

in Zonta's case, he seems to have uploaded a c100 shell. When uploaded to a site and then when accessed, the php script in those uploaded files gets executed and you get a shell prompt into the server where you can manipulate the website. for example you can replace the index file with your hack sigi.

you don't always have to upload this malicious file (shell script) in php format. there are some other formats that servers still identify the php code in. not jpg, no that rarely works.

you have to check the file type if you are offering file uploading services. and make the file go through proper validations to see through disguises (malicious scripts in the file etc..). i am still learning about building a proper file upload function and how to make it more secure. a colleague of mine told me that file mime type check alone is not enough as it's set by the client side, therefore can be forged. anyway this para was only for those interested web app developers. read on..

although WPC have now taken off that mistake of its site, which was their website's file upload section (upload.php), i was still able to find it in google cache until recently. so my doubt was a bit more confirmed. you can't see that cache anymore...

anyway here's what you can see now on a google search:
http://i27.tinypic.com/e5idc5.jpg

surprised why Zonta didnt use any proxies. but then again maybe he did...

Proud of our skilled investigators! ;)

wow machan, nice information bro..Actually I was reading ur post than the original thread..thnx for the info:yes:

mona wunoth hoda wadak karala thiyenne.anyway sri lankanweth hoda professional hackerz la innawane!!!hehhhe

guess da CID has betta trackers..lol

wow machan, nice information bro..Actually I was reading ur post than the original thread..thnx for the info:yes:

thanks mchn. i forgot to mention that not only jpg but most of the time no image file type works. but i hv seen cases where many other innocent looking formats, for eg. *.flv working surprisingly well. so the file does not have to be like c100.php . the attacker can rename it to sm like 'butterfly.flv'. ;)

WPC jst happened to be really vulnerable to shell upload at that time. so the attacker simply took advantage of it. good lesson for all web developers why learning attack techniques and countermeasures is an important part of learning to become a better developer.

if he want to be a real hacker, may b he can move on to whitehat, not to blackhat...

I think this is what happend..
Zonta's wasn't going to hack the web site.. So he didn't use
any IP crypter or proxy. What he wanted to do was to test or learn a
PHP Shell script attack. He did a google search and found a web site.
( for more kick he used the option; Search Sri Lankan Sites )
He Uploaded c100 PHP Script and the site was vulnarable . The
script got executed and it was too late to use protection.
CID guz got the IP from the log file. Did a WhoIs test and
got the ISP. From the ISP, found who used the IP when the webpage was hacked.
And arrested the poor bastard who I think is a maXXa kollek..

That is why I say.. Weather it is a test or not, u
should wear rubbers.. always ...

:):):):)

if he want to be a real hacker, may b he can move on to whitehat, not to blackhat...

:nerd::nerd:

or my personal favourite ; A GrayHat :P

That is why I say.. Weather it is a test or not, u
should wear rubbers.. always ...

:):):):)
[/SIZE]

ABSOLUTELY CORRECT BRO
:lol::lol::lol:

paw asaran kolla udumai ape awun uwa trace kara (use a cafe)

ela kollek ahh...

Real Zonta is not a Sri Lankan. The guy how did the c100
Script is Real Zonta. He uploded it to the web with a tutorial.
And our Zonta found it and tested it . :oo::baffled: poor SL Zontaa

Oka thama kiyanne anunge site walata homba danda giyama ohoma wenawa.... Paw ithin uge anagathe...

Real Zonta is not a Sri Lankan. The guy how did the c100
Script is Real Zonta. He uploded it to the web with a tutorial.
And our Zonta found it and tested it . :oo::baffled: poor SL Zontaa

what do u mean? :confused:

what do u mean? :confused:

google on the PHP Shell Script and u will find thread posted by a person named Zonta.. That was his script and that is why we misunderstood our gov page was hacked by a SL Zonta.. I think the real zonta dosen't even know abt this.. :baffled:

google on the PHP Shell Script and u will find thread posted by a person named Zonta.. That was his script and that is why we misunderstood our gov page was hacked by a SL Zonta.. I think the real zonta dosen't even know abt this.. :baffled:

oh i think he does. and if you search more carefully you'll find that both zontas are the same. i am pretty sure.... ;)

oh shit :( :growl:

oh i think he does. and if you search more carefully you'll find that both zontas are the same. i am pretty sure.... ;)
http://www.hackforums.net/archive/index.php/thread-82610.html

yep u were right . he is a Sri Lankan. but even my grandma would use a proxy.. why didn't he..

http://www.hackforums.net/archive/index.php/thread-82610.html

yep u were right . he is a Sri Lankan. but even my grandma would use a proxy.. why didn't he..

he.. he.. a hacker granny?

he.. he.. a hacker granny?
:lol::lol:
anyway The page http://www.hackforums.net/ is a maxxa page..

Oya wage Unta api atha denna ooooooone. !

pattane!!matath asai try parak danna!!hehe...
ලක්ෂ 10 කුත් ලෑස්ති කරගෙන ඉඳපං:lol:

ලක්ෂ 10 කුත් ලෑස්ති කරගෙන ඉඳපං
:lol::lol::lol:

ලක්ෂ 10 කුත් ලෑස්ති කරගෙන ඉඳපං:lol:

Pissu hadei !

ANE AMMIYOOOOOOOOOOOOOOOO

Paune machan.. Uwa ataarinna kiyamu.. u atal ekatane karanna atte :(

SL gov site serama 2.50 ewane.koheda wadak karanna puluwan eunata pain gahala wada berieun lauwa site hadawala gattama ohoma thamai. army.lk ekata una de dakkane.
i have spotted lots of security holes in gov sites.Esp. citizen.lk

maxxzzzzzaaa diyal ekak ne....maattu novii karagattanam tawat hodai

Yes true ZonTa Didn't change anything on that website. He have put only the Defacement page and he told that site vnl to hacked. I don't know why these media people always lie. Why can't they tell the truth.

un danne nee ban oowa

Ya some of us including me was surprised by this sudden attack on the WPC website. Since it was at the end of war, I thought it must be done by some canadian *%@#!! LTTE supporter. But no, then I got to know about Zonta, who pretty much like ZeroThunder is a kid who is just very curious about hacking stuff. Nothing wrong there. most of us are or were at some stage.

I posted this incident on elakiri out of interest earlier
http://www.elakiri.com/forum/showthread.php?t=188735

Anyway what Zonta did may have been sort of an experiment, which it seems eventually had backfired on him. I think i can guess how he did the hack attack.

Pls bear in mind hacking innocent websites that are useful to people, especially as Sri Lankans, defacing a government website is not at all approved :dull:

So pls do not try your script kiddie activities on our national sites.

Okay so here's what I think Zonta got up to :P

Zonta used Shell Upload attack to gain access to the WPC site. You don't need to be so clever for this.
The attacker uses a google dork to find potentially vulnerable websites:
so he/she goes to Google and types:
inurl:upload.php

Or go to Advanced Search, select 'Date, usage rights, numeric range, and more' and set 'Region:' to Sri Lanka and then use the Google dork

you will get a list of SL sites that will probably let you upload files. not all of them are vulnerable. some are. what's common about these sites is that they provide file upload services to users. some of them already got hacked by our curious SL hacking enthusiasts!

so you go to such a site, check the way it lets you upload files and if you know what you are doing you can guess whether it's vulnerable. You simple find an r57, c99, c100 etc.. shell and upload it. and that's all!

in Zonta's case, he seems to have uploaded a c100 shell. When uploaded to a site and then when accessed, the php script in those uploaded files gets executed and you get a shell prompt into the server where you can manipulate the website. for example you can replace the index file with your hack sigi.

you don't always have to upload this malicious file (shell script) in php format. there are some other formats that servers still identify the php code in. not jpg, no that rarely works.

you have to check the file type if you are offering file uploading services. and make the file go through proper validations to see through disguises (malicious scripts in the file etc..). i am still learning about building a proper file upload function and how to make it more secure. a colleague of mine told me that file mime type check alone is not enough as it's set by the client side, therefore can be forged. anyway this para was only for those interested web app developers. read on..

although WPC have now taken off that mistake of its site, which was their website's file upload section (upload.php), i was still able to find it in google cache until recently. so my doubt was a bit more confirmed. you can't see that cache anymore...

anyway here's what you can see now on a google search:
http://i27.tinypic.com/e5idc5.jpg

surprised why Zonta didnt use any proxies. but then again maybe he did...

Proud of our skilled investigators! ;)

relly???.. wow ! I didn't use a proxy , not even a vpn.And I don't use c100 . I use private shit.

Ya some of us including me was surprised by this sudden attack on the WPC website. Since it was at the end of war, I thought it must be done by some canadian *%@#!! LTTE supporter. But no, then I got to know about Zonta, who pretty much like ZeroThunder is a kid who is just very curious about hacking stuff. Nothing wrong there. most of us are or were at some stage.

I posted this incident on elakiri out of interest earlier
http://www.elakiri.com/forum/showthread.php?t=188735

Anyway what Zonta did may have been sort of an experiment, which it seems eventually had backfired on him. I think i can guess how he did the hack attack.

Pls bear in mind hacking innocent websites that are useful to people, especially as Sri Lankans, defacing a government website is not at all approved :dull:

So pls do not try your script kiddie activities on our national sites.

Okay so here's what I think Zonta got up to :P

Zonta used Shell Upload attack to gain access to the WPC site. You don't need to be so clever for this.
The attacker uses a google dork to find potentially vulnerable websites:
so he/she goes to Google and types:
inurl:upload.php

Or go to Advanced Search, select 'Date, usage rights, numeric range, and more' and set 'Region:' to Sri Lanka and then use the Google dork

you will get a list of SL sites that will probably let you upload files. not all of them are vulnerable. some are. what's common about these sites is that they provide file upload services to users. some of them already got hacked by our curious SL hacking enthusiasts!

so you go to such a site, check the way it lets you upload files and if you know what you are doing you can guess whether it's vulnerable. You simple find an r57, c99, c100 etc.. shell and upload it. and that's all!

in Zonta's case, he seems to have uploaded a c100 shell. When uploaded to a site and then when accessed, the php script in those uploaded files gets executed and you get a shell prompt into the server where you can manipulate the website. for example you can replace the index file with your hack sigi.

you don't always have to upload this malicious file (shell script) in php format. there are some other formats that servers still identify the php code in. not jpg, no that rarely works.

you have to check the file type if you are offering file uploading services. and make the file go through proper validations to see through disguises (malicious scripts in the file etc..). i am still learning about building a proper file upload function and how to make it more secure. a colleague of mine told me that file mime type check alone is not enough as it's set by the client side, therefore can be forged. anyway this para was only for those interested web app developers. read on..

although WPC have now taken off that mistake of its site, which was their website's file upload section (upload.php), i was still able to find it in google cache until recently. so my doubt was a bit more confirmed. you can't see that cache anymore...

anyway here's what you can see now on a google search:
http://i27.tinypic.com/e5idc5.jpg

surprised why Zonta didnt use any proxies. but then again maybe he did...

Proud of our skilled investigators! ;)

ammiiiyyyyoooooooooo.. mama ahuwamai okakk.. dannam matath aasai test korala balanna :P
eth bayai
nikamata hari CID eken alluwoth monada kiyanne test kola kivwata ahaida man ahanne ? :P :P

ammiiiyyyyoooooooooo.. mama ahuwamai okakk.. dannam matath aasai test korala balanna :P
eth bayai
nikamata hari CID eken alluwoth monada kiyanne test kola kivwata ahaida man ahanne ? :P :P

Leave it dude.. I did none of that.

apta ZONTA gen lectz ganna barida mewa karana hati gana????

apta ZONTA gen lectz ganna barida mewa karana hati gana????

for what ..?? to go to jail ??

kohomada ban oya wada karanne :D

kohomada ban oya wada karanne :D

karala me kala wela inne..

Ammooooooooooo
http://i648.photobucket.com/albums/uu204/DjIcEA/Dij.gif

karala me kala wela inne..

hapoi ethakota ubada Zonta??
ammooohh baye beha.. eth kamak neha kiyapanko karana widiha sinhalen :P :rolleyes:):):)

:confused:

Anyway he is a hero to us.. if it is a good government they should use ZONTA for detect hakers.... But unfortunately our country's leaders havnt brain for that :(

relly???.. wow ! I didn't use a proxy , not even a vpn.And I don't use c100 . I use private shit.

no offense. I think u r jst fake. does using the name Zonta give u sm kind of amuthu moda athal? :rolleyes:

no offense. I think u r jst fake. does using the name Zonta give u sm kind of amuthu moda athal? :rolleyes:

lol

appata siri gaja......

Anyway he is a hero to us.. if it is a good government they should use ZONTA for detect hakers.... But unfortunately our country's leaders havnt brain for that :(

That's true machan.. eka thama thiyana karume.. :(

no offense. I think u r jst fake. does using the name Zonta give u sm kind of amuthu moda athal? :rolleyes:

tell me a hacking forum you are in.I will PM u.U r a moda athal to me bro :P

Ammata siri ban ZONTA ne wadakaraya!! U kohenda hacking gana igena gena thiyenne??

piddu dial ekane

That's true machan.. eka thama thiyana karume.. :(



tell me a hacking forum you are in.I will PM u.U r a moda athal to me bro :P

ane pala, ubay maay korana hackin! owa kiyapiya konde badapu chinnunta :P

sara waddek wenna one

ane pala, ubay maay korana hackin! owa kiyapiya konde badapu chinnunta :P

what?? r u nuts?

so the real hacker is still flying on the internet !
he he !