Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Gay Security Industry Experts Exposed! 2nd Issue! What has James Lohman (DigiEbola) been up to lately? FIND OUT HERE!
From: <ibash () hushmail com>
Date: Mon, 27 Feb 2006 16:28:09 -0500

Hello FD Readers!

With the impressive feedback from issue #1, we were pushed to get 
out issue #2. Thanks for all of the great e-mail. By the way, if 
any of the good people here can back up our James Lohman issue with 
stories of their own, we encourage you to post them here. 
ti/infi/infidel when you were his roommate you made several public 
comments about him downloading gay porn, and being openly gay in 
your presence. We would love to hear your input. Thanks!

Regards,
ibash


Coming Out.. Gay Computer Security Experts Exposed!
Volume #1 Issue #2 - The Digi Digi Ebola!

We decided to investigate the James Lohman aka the Digital Ebola 
after a strange incident at Defcon. As you may know about a 
hamburger joint near the hotel where Defcon used to be held called 
Hambuger Mary’s. Upon realizing this place was a gay restaurant, 
most 
of the Defcon regulars stopped patronizing this establishment. 
However, it was noticed that the Digital Ebola started going there 
more often, sometimes up to five times a day.

Let us step back and give our readers a brief background on this 
security professional. James Lohman offers his expertise hacker 
services to the public at a reasonable cost. Really anything is 
reasonable when you have the skill level this guy has. In fact, we 
have a special example for you showcasing his most excellent skills:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
http://www.rent-a-hacker.com/CPU_Magazine/Default.htm
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x

Digital Fortress: No Hack Job This

The site supplied for the hack was a friendly and happy place.

White hat hacker James "Digital Ebola" Lohman was kind enough to 
volunteer to take a whack at a site we set up at 
http://63.70.164.127. 
We'd hoped that he could dig into the Web server, copy out the 
graphic 
of our beloved editor, and replace it with something, umm, more 
interesting.

Perhaps it wasn't a fair test. Whereas many Web sites run on a 
Windows 
system with IIS 5, our test config ran Red Hat 8 with Apache 
2.0.40, 
which is regarded as very secure. Moreover, the box was current on 
patches and sat behind a firewall, all of which, in Lohman's 
estimation, made it far more hack-proof than the bulk of servers on 
the Internet.

Still, the system wasn't a complete brick wall. Lohman used the 
popular Nmap open-source scanner to determine the host's services, 
OS, and other characteristics. When the system first went live, 
only 
the Web service on port 80 was open, which is the ideal 
configuration 
for a box like this. You only want to open the barest essentials. 
However, the server went down after a couple of days, and following 
a reboot the configuration looked like this:

PORT    STATE SERVICE
22/tcp  open    ssh
80/tcp  open    http
111/tcp open    rpcbind
113/tcp filtered auth
123/tcp filtered ntp
161/tcp filtered snmp
162/tcp filtered snmptrap
443/tcp filtered https
1993/tcp filtered snmp-tcp-port

Discovering this much took Lohman two minutes. The open SSH service 
(version 3.4 patch level 1) looked like a possible hack candidate 
because every version under 3.7 is known to be vulnerable provided 
you have the right code tailored for that system's configuration. 
He 
consulted about 100 different resources for suitable existing code 
but came up empty. He is confident that he could custom write the 
necessary code, but it would likely take two full days of work 
provided he built a nearly identical config on which to practice 
his 
attacks in order to gain an all-rights account.

While tame compared to most Web site defacements, we'd hoped to 
replace our test site's original image with something more racy. 
Another day, perhaps.

"After exploiting the SSL (443) vulnerability," says Lohman, "I 
would 
be given the rights of the user running the Apache service. If I 
could break that, I'd look at your kernel versionbecause I know the 
2.4 series kernels have major vulnerabilities I can gain root with. 
If the kernel had been patched, I would turn around and start 
looking 
for every file on the system set for a user ID of root. I would 
start 
banging on those and see if there was exploit code available for 
any 
of them. If not, I would hit each one individually and start 
checking 
for possible buffer overflows that could crash that binary and dump 
you out as root."

Lohman notes that a secure system today may not be so tomorrow. One 
possible attack vector in our machine could be leaving the SSL port 
(443) wide open for any hacker to waltz through, except we had it 
filtered. However, a poorly executed configuration change in our 
filtering or failure of our Linux firewall to start would leave the 
box very vulnerable. Additionally, all it takes is one hacker 
somewhere in the world to discover a weakness in our software, post 
it into a forum or site such as packetstormsecurity.org, and the 
site could be hacked within hours. In network security, the word 
"safe" does not apply. 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x

Ok, now that we proved he is indeed a security expert it is time to 
prove that he is a homosexual gay faggot. Recalling the Hamburger 
Mary's incident, we sent our undercover investigative journalist 
angie to undernet to find the Digital Ebola. Realizing IRC logs are 
not the best evidence, we have included timestamps in case anyone 
decides to doubt the legitimacy of these particular logs.

*** d_e is ~lerfty () norge freeshell ORG (James Bradley)
*** on channels: #guitar @#boomerang 
*** on irc via server *.undernet.org (The Undernet Underworld)
*** d_e has been idle 2 minutes, signed on at Wed Nov 21 20:07:30 
2005
*** d_e :End of /WHOIS list. 

[Wed Nov 23 10:44:11 2005] <d_e> depends
[Wed Nov 23 10:44:17 2005] <angie> On????
[Wed Nov 23 10:45:14 2005] <d_e> who else was there 
[Wed Nov 23 10:45:21 2005] <angie> Me, you.. and another hot guy 
[Wed Nov 23 10:45:56 2005] <d_e> and who is paying for my plane 
ticket 
out there 
[Wed Nov 23 10:45:59 2005] <angie> LOL 
[Wed Nov 23 10:46:01 2005] <angie> You can afford it Mr. Bigshot
[Wed Nov 23 10:46:04 2005] <angie> Have you ever done anything like 
this before?
[Wed Nov 23 10:46:26 2005] <d_e> yah. 
[Wed Nov 23 10:46:32 2005] <angie> With another guy? 
[Wed Nov 23 10:48:19 2005] <d_e> ... 
[Wed Nov 23 10:48:24 2005] <angie> Well?
[Wed Nov 23 10:48:54 2005] <d_e> yeah
[Wed Nov 23 10:49:02 2005] <angie> Mmmm hot
[Wed Nov 23 10:49:05 2005] <angie> Did you do anything with him? 
[Wed Nov 23 10:49:49 2005] <d_e> Do you need to know everything?
[Wed Nov 23 10:49:57 2005] <angie> Yes! LOL. I need to know how 
experienced you are 
[Wed Nov 23 10:50:23 2005] <d_e> Lets just say I am experienced.
[Wed Nov 23 10:50:27 2005] <angie> Well now I am somewhat worried 
[Wed Nov 23 10:50:31 2005] <angie> You will be paying more attention
to the other guy and none to me :(
[Wed Nov 23 10:55:12 2005] <angie> Hello???
[Wed Nov 23 10:55:19 2005] <d_e> hey 
[Wed Nov 23 10:55:24 2005] <angie> Are you touching yourself right 
now? 
[Wed Nov 23 10:55:36 2005] <d_e> no 
[Wed Nov 23 10:55:39 2005] <angie> Will you?
[Wed Nov 23 10:55:49 2005] <d_e> why?
[Wed Nov 23 10:55:57 2005] <angie> I am looking at gay porn and 
thinking of you. 
[Wed Nov 23 10:56:43 2005] <d_e> link me


Thats it for issue number 2! Here is how to get in contact with the 
DigiEbola:

James Lohman's private cell phone number: 817 919 5470
d_e @ Undernet #boomerang








Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Gay Security Industry Experts Exposed! 2nd Issue! What has James Lohman (DigiEbola) been up to lately? FIND OUT HERE! ibash (Feb 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault