login as: root
[email protected]’s password:
| | __ ___ | _ | __ ) / /
| | | '/ _ / _ \ |) | _ \ /
| || | | __/ __/ __/| |) /
|| || _|_|| |__//_\
Interface eth0 IP: 162.217.84.152
Please note most tasks should be handled through the FreePBX UI.
You can access the FreePBX GUI by typing one of the above IP’s in to your web browser.
For support please visit http://www.freepbx.org/support-and-professional-services
[root@vps1405626992 ~]# wget --no-check-certificate https://github.com/Schmoozecom/fpbxcheck/raw/master/fpbxseccheck.phar
–2014-10-27 19:55:11-- https://github.com/Schmoozecom/fpbxcheck/raw/master/fpbxseccheck.phar
Resolving github.com… 192.30.252.131
Connecting to github.com|192.30.252.131|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://raw.githubusercontent.com/Schmoozecom/fpbxcheck/master/fpbxseccheck.phar [following]
–2014-10-27 19:55:12-- https://raw.githubusercontent.com/Schmoozecom/fpbxcheck/master/fpbxseccheck.phar
Resolving raw.githubusercontent.com… 23.235.40.133
Connecting to raw.githubusercontent.com|23.235.40.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 386829 (378K) [application/octet-stream]
Saving to: “fpbxseccheck.phar”
100%[======================================>] 386,829 --.-K/s in 0.04s
2014-10-27 19:55:12 (9.24 MB/s) - “fpbxseccheck.phar” saved [386829/386829]
[root@vps1405626992 ~]# chmod +x fpbxseccheck.phar
[root@vps1405626992 ~]# ./fpbxseccheck.phar --clean --redownload
Starting integrity check…
Clean defined, Will attempt to clean anything thing bad up
Redownload defined, will attempt to redownload where needed
Checking Framework for a valid signature…
Framework appears to be good
*** Exploit ‘mgknight’ Detected ***
mgknight user detected!
Deleting ‘mgknight’ user.
Cleaning up exploit 'mgknight’
Removing invalid bootstrap file
No Admin Users detected. Adding one now.
Purging PHP Session storage
Done
Moving potentially compromised file /etc/asterisk/manager_custom.conf to /tmp/freepbx_quarantine/manager_custom.conf
Moving potentially compromised file /etc/asterisk/sip_custom.conf to /tmp/freepbx_quarantine/sip_custom.conf
Moving potentially compromised file /etc/asterisk/extensions_custom.conf to /tmp/freepbx_quarantine/extensions_custom.conf
Moving potentially compromised file /var/www/html/admin/libraries/pest/index.php to /tmp/freepbx_quarantine/admin_libraries_pest_index.php
Cleaned potential ‘mgknight’ exploit. Please check your system for any suspicious activity. This script might not have removed it all!
Checking FreePBX ARI Framework
FreePBX ARI Framework detected as installed, attempting to update
Downloading 249070 of 249070 (100%)
Untaring…Done
Module fw_ari successfully downloaded
installing files to /var/www/html/recordings…done
installing files to /var/www/html/recordings…done
fw_ari file install done, removing packages from module
files removed successfully
Module fw_ari successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Finished with FreePBX ARI Framework
Now Verifying all FreePBX Framework Files
*** Mismatch on /var/www/html/admin/config.php ****
/var/www/html/admin/config.php has been modified!
*** Mismatch on /var/www/html/admin/libraries/view.functions.php ****
/var/www/html/admin/libraries/view.functions.php has been modified!
*** File (/usr/sbin/amportal) is missing! ****
/usr/sbin/amportal has been modified!
Framework file(s) have been modified, re-downloading
Downloading Framework
Downloading 3419164 of 3419164 (100%)
Untaring…Done
Module framework successfully downloaded
installing files to /var/www/html…done
installing files to /var/lib/asterisk/bin…done
installing files to /var/lib/asterisk/agi-bin…done
Checking for upgrades…No further upgrades necessary
framework file install done, removing packages from module
file/directory: /var/www/html/admin/modules/framework/amp_conf removed successfully
file/directory: /var/www/html/admin/modules/framework/upgrades removed successfully
file/directory: /var/www/html/admin/modules/framework/libfreepbx.install.php removed successfully
Module framework successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Download complete
Finished upgrading Framework! Please re-run the check.
[root@vps1405626992 ~]# amportal a ma upgradeall
Fetching FreePBX settings with gen_amp_conf.php…
no repos specified, using: [standard] from last GUI settings
Upgrading: endpoint, cidlookup, freepbx_ha, userman, restapps, core, restapi, cxpanel
Upgrading endpoint…
Downloading 1245359 of 1245359 (100%)
Downloading 1245359 of 1245359 (100%)
Untaring…Done
Module endpoint successfully downloaded
The following error(s) occured:
- Module restart is required.
[root@vps1405626992 ~]# asterisk -rx 'dialplan reload’
Dialplan reloaded.
[root@vps1405626992 ~]# asterisk -rx ‘manager reload’
i still dont see what the new user name and pass is and the mgknight was detected this is first time i ran phar on this machine am i missing something tm 1000