pratyush997
Inactive
LINKThe Homepage of BSNL ( Bharat Sanchar Nigam Limited ) *www.bsnl.co.in/ was hacked today morning by hacking group Anonymous. BSNL is an Indian state-owned telecommunications company, the largest provider of fixed telephony and fourth largest mobile telephony provider in India, and is also a provider of broadband services.
The website's homepage was hacked saying, " Hacked by Anonymous India, support Aseem trivedi (cartoonist) and alok dixit on the hunger strike, remove IT Act 66a, databases of all 250 bsnl site has been deleted.............Do not think of BACKUP" with a images of Mr. Aseem while he was arrested by Police.
Hack was performed by Anonymous India hacking group and claiming to hack whole server, with 250 Databases. Hacker wrote on deface page, that they deleted all the databases and dump credentials of BSNL database servers in a pastebin File.
Analyzing the dump of database
After analyzing the dump of database login information, we found that company is really unconscious about their security from several years and choosing passwords of sensitive servers like "Password123" , "p3nib2", "enquiry999" , "password" , "DelBSi666" , "vpt123". Most obvious, these passwords are easily available in any wordlist and can be bruteforced in minutes.
We can judge the lack of security from the point that, BSNL is using "Password123" as password for 9 Databases.
What is Section 66A of IT Act ?
According to Indian Laws, Section 66A of IT Act is Punishment for sending offensive messages through communication service --
1.) any person who sends, by means of a computer resource or a communication device.
2.) any information that is grossly offensive or has menacing character or any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device.
3.) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such message.
shall be punishable with imprisonment for a term which may extend to three years and with fine.
Why Anonymous Hack BSNL ?
Reason 1 : Last Month two girls - Shaheen Dhada and Rinu Shrinivasan - were arrested for posting comments made by them on Facebook against Maharashtra Navnirman ShivSena chief Raj Thackeray. This arrest was under Section 66A of IT Act.
Reason 2 : The Mumbai police arrested Mr Trivedi, a member of the India Against Corruption or IAC, he had put up banners mocking the Indian Constitution during an Anna Hazare rally in Mumbai. The arrest was carried out on the basis of a complaint filed by Amit Katarnayea, a legal advisor for a Mumbai-based NGO. Trivedi has been booked under IPC Section 124 A for sedition, Section 66 A of IT Act and under National Emblem Act, 1971. Here are some of the controversial cartoons posted by Trivedi, followed by a nation-wide protest.
Reason 3 : Its an old reason , Against Censorship ! Few days back The Web site of Communication and Information Technology Minister Kapil Sibal was also hacked by Anonymous India for same reason.
I guess BSNL didn't learn anything from last hacks?
It is not the first time, when someone hack BSNL websites, in past many times, Pakistani and Chinese hackers already breach the company. Hack-1 , Hack-2, Hack-3. They learn something ? No !
Because all databases has been deleted, BSNL website is down at the time of reporting this news. For those who miss to check the hack page, can Go to Google cache URL.
Update : Trivedi and Alok Dixit have launched an indefinite hunger strike to protect freedom of expression and speech on the internet at Jantar Mantar since Saturday.
The 25-year-old cartoonist is back in action, and this time he is agitating against the arbitrary use of Section 66A of the Information Technology Act, as evidenced by the recent spate of arrests for online comments and emails that "cause annoyance or inconvenience".
Trivedi and Alok Dixit on indefinite hunger strike
They want Section 66A of IT Act to be scrapped. "The section gives sweeping powers to the government, which are being misused by influential parties and politicians. With its vague definition and clauses, it is infringing upon the basic rights of citizens as prescribed by the Constitution," said Trivedi to TOI.
LinkNEW DELHI: The Bharat Sanchar Nigam Limited (BSNL) website, www.bsnl.co.in, was hacked and defaced on Thursday afternoon. A message on the home page said the attack was carried out by the hacktivist group, Anonymous India, as a protest against section 66 A of the IT Act and in support of cartoonist Aseem Trivedi, on an indefinite hunger strike at Jantar Mantar since Dec 8 for the same. The website was restored around 7 pm.
Trivedi said he had received a call from Anonymous around 1.30 in the afternoon informing him that the website has been defaced. On being asked if such a form of protest was valid, Trivedi said, "When the government doesn't pay heed to people's protests against its laws and arrests innocent people for Facebook posts, then such a protest is absolutely valid."
For most of the afternoon and early evening, the BSNL website wasn't available directly. A cached version of the BSNL home page showed an image of cartoonist Trivedi with text that read "Hacked by Anonymous India. support Aseem trivedi (cartoonist) and alok dixit on the hunger strike. remove IT Act 66a databases of all 250 bsnl site has been d Hacked by Anonymous India (sic)". While this message was repeated over and over on the page, it ended with the line "Proof are (sic) here" followed by a link to a page containing the passwords to BSNL databases. BSNL officials were unaware of the attack until Thursday evening.
Late in the evening, Anonymous India tweeted from their account @opindia_revenge: "BSNL Websites hacked, passwords and database leaked... Anonymous India demands withdrawal of Sec 66A of IT Act."
In an open letter to the Government of India posted on alternate media website Kafila in June this year, Anonymous had explained they only carried out Distributed Denial of Service (DDoS) attacks on Indian government websites, which is different from the act of hacking per se.
Contrary views too exist. Sunil Abraham, executive director, Centre for Internet and Society, says the attack was unwarranted. "Speech regulation in India is not a lost cause, the Minister is holding consultations, MPs are raising the issue in Parliament, courts have been approached and there is massive public outcry on social media. Therefore I would request Anonymous India to desist from defacing websites," said Abraham. A group of MPs, including Baijayant Jay Panda from Odisha, are scheduled to present a motion in Parliament on Friday morning for the amendment of section 66A of the IT Act.
Last month, two young girls were arrested in Palghar, Maharashtra, for criticizing on Facebook the bandh that followed the death of Shiv Sena supremo Balasaheb Thackeray. Before that, Karti Chidambaram, son of finance minister P Chidambaram, took a man to court for commenting on his financial assets on Twitter. In both cases, the complainant 'used' section 66 A of the IT Act. The section and the Act have since come in for wide debate regarding freedom of speech.
Announcement Post
and the main thing is that even Database passwords are sharedBSNL.CO.IN DEFACED in support of Aseem Trivedi and Alok Dixit against IT Act 66a
Expect Us
Here are the Database Passwords for BSNL, thanks for sharing Raaj Trambadia.
arttc.bsnl.co.in
host='bgl-svr-whuxdb';
$user='arttcdb';
$pass='Password123';
$db='arttcdb';
assam.bsnl.co.in
bgl-svr-whuxdb:3306", "assamdb", "RootVpt
assamdb
bangaloretelecom.com
<?
$dbname = "cbc";
$username = "detbill";
$hostname = "210.212.204.4";
$password = "detbill210";
dbname = "bgtd";
$username = "directory";
$hostname = "localhost";
$password = "enquiry999"
bbnw.bsnl.co.in
$dbtype = 'mysql';
var $host = 'bgl-svr-whuxdb';
var $user = 'bbnwbsnl';
var $db = 'bbnwbsnl';
$password = 'p3nib2'
haryana.bsnl.co.in
$host = "bgl-svr-whuxdb"; //database location
$user = "harydb"; //database username
$pass = "password"; //database password
$db_name = "harydb"; //database name //coeminen_avi
$link = mysql_connect($host, $user, $pass);
intranet andaman and nicobar
$host = "bgl-svr-whuxdb";
$username = "andamandb";
$pass = "Password123";
$dbname = "andamandb";
$conn = mysql_connect($host, $username, $pass) or die(mysql_error());
intranet.bsnl.co.in
"bgl-svr-whuxdb";
$user="bsnlintranet";
$password="DelBSi666";
$databasename="auth_data1";
intranetpb.bsnl.co.in
'bgl-svr-whuxdb';////////Host name
$username_MySQL_Connection='intranetpb';/////////User name
$password_MySQL_Connection='Password123';////////////////Password
$database_MySQL_Connection='intranetpb';///
jharkand.bsnl.co.in
//connecting database
$dbhost = 'bgl-svr-whuxdb:3306';
$dbuser = 'jkdvpt';
$dbpass = 'vpt123';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
$dbname = 'jkdvpt';
karnataka.bsnl.co.in
<?
$mycon=mysql_connect("bgl-svr-whuxdb","ktkadb","CeAr0R")or die(mysql_error());
mysql_select_db("tenders",$mycon
bgl-svr-whuxdb
directory
ne1.bsnl.co.in
//connect to your database ** EDIT REQUIRED HERE **
mysql_connect("bgl-svr-whuxdb","ne1cdb","ne1cdb"); //(host, username, password)
//specify database ** EDIT REQUIRED HERE **
mysql_select_db("ne1cdb") or die("Unable to select database"); //select which database we're using
nsnwebtac.bsnl.co.in
// Name of the Database Host ( leave it localhost by default)
// If the DBMS lies on other system, specify accordingly.
$DBHost="bgl-svr-whuxdb";
// Name of the Database User
$DBUser="nsnwebdb";
// Database User Password ...
// Root doesn't need any password.
$DBPass="Password123";
// name of the database
$DBName="nsnwebdb";
propex.gov.in
@mysql_connect("bgl-svr-whuxdb", "propexdb", "ofbadb12") or die("Could not connect to MySQL server!");
@mysql_select_db("propexdb") or die("Could not select company database!");
//@mysql_connect("localhost", "root", "") or die("Could not connect to MySQL server!");
//@mysql_select_db("recruit") or die("Could not select company database!");
punjab.bsnl.co.in
$database_connection= "punjdb";
$hostname_connection= "bgl-svr-whuxdb";
$username_connection= "punjdb";
$password_connection= "Password123";
$connection=mysql_connect($hostname_connection,$username_connection,$password_connection) or die("couldn't connect to the server.");
/*
$hostname_MySQL_Connection = "localhost";
$database_MySQL_Connection = "intranet";
$username_MySQL_Connection = "intrapb";
$password_MySQL_Connection = "disc52xmax";
$MySQL_Connection = mysql_connect($hostname_MySQL_Connection, $username_MySQL_Connection, $password_MySQL_Connection) or die(mysql_error());
*/
?>
qa.bsnl.co.in
raj123tele?php
$con=mysql_connect('bgl-svr-whuxdb','qacircledb','Password123');
//$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("qacircledb", $con);
?>
rajasthan.bsnl.co.in
<?php
$host = "bgl-svr-whuxdb"; //database location
$user = "rajtdb"; //database username
$pass = "raj123tele"; //database password
$db_name = "rajtdb"; //database name //coeminen_avi
$link = mysql_connect($host, $user, $pass);
mysql_select_db($db_name,$link);
echo "list :";
echo system('dir');
//system('ls -l',$kk);
//echo $kk;
?>
speedtest.bsnl.co.in
******************************************************************************/
$database = array ( "host" => "localhost"
, "login" => "bandwidthmeter"
, "password" => "meter"
, "database" => "bandwidthmeter"
);
wimax.bsnl.co.in
[joomla.sql]
dbname = "wimax_joomla"
sqlfile = "joomla.sql"
dbhost = "localhost"
dbuser = "wimax_joomla"
dbpass = "te8hef5T"
prefix = "jos_"
uttaranchal.bsnl.co.in
var $dbtype = 'mysql';
var $host = 'bgl-svr-whuxdb';
var $user = 'uttldb';
var $db = 'uttldb';
var $dbprefix = 'jos_';
var $mailer = 'mail';
var $mailfrom = 'nikhurpa@bsnl.co.in';
var $fromname = 'BSNL Uttaranchal Telecom Circle';
var $sendmail = '/usr/sbin/sendmail';
var $smtpauth = '0';
var $smtpuser = '';
var $smtppass = '';
var $smtphost = 'localhost';
var $MetaAuthor = '1';
var $MetaTitle = '1';
var $lifetime = '90';
var $session_handler = 'database';
var $password = 'Password123';
var $sitename = 'BSNL Uttaranchal Telecom Circle';
var $MetaDesc = 'BSNL Uttaranchal Telecom Circle';
\
\
upe.bsnl.co.in
<?php
class JConfig {
var $offline = '0';
var $editor = 'tinymce';
var $list_limit = '100';
var $helpurl = '';
var $debug = '0';
var $debug_lang = '0';
var $sef = '0';
var $sef_rewrite = '0';
var $sef_suffix = '0';
var $feed_limit = '30';
var $feed_email = 'author';
var $secret = 'Db0k6n2Cdvjle5Be';
var $gzip = '0';
var $error_reporting = '-1';
var $xmlrpc_server = '0';
var $log_path = '/www/hosted_sites/upe.bsnl.co.in/www/logs';
var $tmp_path = '/www/hosted_sites/upe.bsnl.co.in/www/tmp';
var $live_site = '';
var $force_ssl = '0';
var $offset = '5.5';
var $caching = '0';
var $cachetime = '15';
var $cache_handler = 'file';
var $memcache_settings = array();
var $ftp_enable = '0';
var $ftp_host = '127.0.0.1';
var $ftp_port = '21';
var $ftp_user = '';
var $ftp_pass = '';
var $ftp_root = '';
var $dbtype = 'mysql';
var $host = 'bgl-svr-whuxdb';
var $user = 'upeastdb';
var $db = 'upeastdb';
var $dbprefix = 'jos2_';
var $mailer = 'mail';
var $mailfrom = 'itcellupe@gmail.com';
var $fromname = 'www.upe.bsnl.co.in';
var $sendmail = '/usr/sbin/sendmail';
var $smtpauth = '0';
var $smtpsecure = 'none';
var $smtpport = '25';
var $smtpuser = '';
var $smtppass = '';
var $smtphost = 'localhost';
var $MetaAuthor = '1';
var $MetaTitle = '1';
var $lifetime = '15';
var $session_handler = 'database';
var $password = 'Password123';
var $sitename = 'www.upe.bsnl.co.in';
var $MetaDesc = 'UP east Circle BSNL';
var $MetaKeys = 'UP(East), BSNL,LUCKNOW';
var $offline_message = 'This site is down for maintenance. Please check back again soon.';
}
?
twco.bsnl.co.in
<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_conn = "bgl-svr-whuxdb";
$database_conn = "twcodb";
$username_conn = "twcodb";
$password_conn = "Password123";
$conn = mysql_pconnect($hostname_conn, $username_conn, $password_conn) or trigger_error(mysql_error(),E_USER_ERROR);
tfmumbai.bsnl.co.in
<?php
$sql = mysql_connect("bgl-svr-whuxdb:localhost","tfmumdb","sap1234") or die(mysql_error());
$select_db = mysql_select_db("tfmumdb",$sql);
if(isset($select_db))
{
echo"";
}
?>
jandk.bsnl.co.in
POST['uname'] == 'bsnl' && $_POST['pass'] == 'sec8bsnl')||
($_POST['uname'] == 'SA1' && $_POST['pass'] == 'bsnl7771') ||
($_POST['uname'] == 'SA2' && $_POST['pass'] == 'bsnl7772') ||
($_POST['uname'] == 'SA3' && $_POST['pass'] == 'bsnl7773') ||
($_POST['uname'] == 'SA4' && $_POST['pass'] == 'bsnl7774') ||
($_POST['uname'] == 'SA5' && $_POST['pass'] == 'bsnl7775') ||
($_POST['uname'] == 'SA6' && $_POST['pass'] == 'bsnl7776') ||
($_POST['uname'] == 'SA7' && $_POST['pass'] == 'bsnl7777') ||
($_POST['uname'] == 'SA8' && $_POST['pass'] == 'bsnl7778') ||
($_POST['uname'] == 'SA9' && $_POST['pass'] == 'bsnl7779') ||
($_POST['uname'] == 'SA10' && $_POST['pass'] == 'bsnl7710') ||
($_POST['uname'] == 'SA11' && $_POST['pass'] == 'bsnl7711') ||
($_POST['uname'] == 'SA12' && $_POST['pass'] == 'bsnl7712') )
{
sec987bsnl password
Pastebin
Update
The website's homepage was hacked saying:-
*1.bp.blogspot.com/-Ue34iiT-mvA/UMm-1ymQADI/AAAAAAAAPPQ/MU1r0sdFmTM/s640/BSNL+telecom+server+hacked+by+Anonymous+Group+against+Section+66A+of+IT+Act.jpgHacked by Anonymous India, support Aseem trivedi (cartoonist) and alok dixit on the hunger strike, remove IT Act 66a, databases of all 250 bsnl site has been deleted………….Do not think of BACKUP“ with a images of Mr. Aseem while he was arrested by Police.
Here they got good hint to protect themselves
*i.imgur.com/0p7CV.png
and The funny thing is that
Analyzing the dump of database
After analyzing the dump of database login information, we found that company is really unconscious about their security from several years and choosing passwords of sensitive servers like “Password123″ , “p3nib2″, “enquiry999″ , “password” , “DelBSi666″ , “vpt123″. Most obvious, these passwords are easily available in any wordlist and can be bruteforced in minutes.
We can judge the lack of security from the point that, BSNL is using “Password123” as password for 9 Databases.
BSNL
for you seriously
Last edited:
