|
Full Disclosure
mailing list archives
Re: LulzSec EXPOSED!
From: vtlists () wyae de
Date: Mon, 06 Jun 2011 15:40:22 +0200
Gichuki John Chuksjonia writes:
I think its just a bruteforce.
If so, why would they repeat already tested hashes?
See first and last line of the cited block below
(and another one starting with M6... a bit later)?
M=eCvSLhkTe
M-eCvSLhkTe
MweCvSLhkTe
M=eCvSLhkTe
As Logins usually do not keep an internal state, repeats should not be
necessary to reproduce such one.
Strange...
Volker
On 6/6/11, Andreas Bogk <andreas () andreas org> wrote:
Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
Lulzsec == pwnt
I've seen the log you pasted to pastebin. Is this:
* A timing attack on ssh passwords over the net?
* Fake, to distract us from your real 0day?
Andreas
Log:
root () gibson:~# ./1337hax0r 204.188.219.88 -root
Attempting too hax0r root password on 204.188.219.88
h,VhXz<avMm
3xL<l1-_\wC
ffsakTgyc~H
ZZrz,pJrg<B
b{4Bv_Y$$Z6
XDh;vDU-;3>
FB-hvg%g_'t
}qHNvkS"'>g
RNBKvUi5yO|
z`(}v<1^>u&
*V4?vh9#^f2
/R*9vf<h"Z#
9P65vjKhh.N
\rfsv~PhNDz
Bfpv|uhGpy
J%"kvf]hGf0
sY0"v{2hf7p
9dev%Qh6_v
*<Tbv7?h.**
}:lkvV^hN2U
;&5Xv'Sh#}_
MOqpvi_hg+#
Md9/viVh&u7
M(%rvomhb'"
MI"5v_shEVe
M= () ?vl hZge
MPk5v:WhUTe
M=3vvrzh7Te
M&'?v]sh`Te
M/Z,vI1h`Te
M.9>vO$hTTe
Ms!(vY;hpTe
MA)SvYLhnTe
M7eCv () Lh0Te
MkeCvFLh$Te
M'eCv?LhaTe
M&eCvLLh|Te
M*eCv5Lh\Te
MmeCvcLhCTe
MTeCv&LhrTe
M,eCv1LhYTe
MEeCv}LhHTe
M_eCvSLhnTe
MPeCvSLh+Te
M[eCvSLh,Te
MOeCvSLh"Te
M7eCvSLh"Te
MGeCvSLhdTe
M$eCvSLhkTe
MCeCvSLhkTe
MLeCvSLhkTe
M=eCvSLhkTe
M-eCvSLhkTe
MweCvSLhkTe
M=eCvSLhkTe
M3eCvSLhkTe
M6eCvSLhkTe
MreCvSLhkTe
M6eCvSLhkTe
MFeCvSLhkTe
MSeCvSLhkTe
M8eCvSLhkTe
Password hax0rd! root password: M8eCvSLhkTe
root () gibson:~# ssh 204.188.219.88
root () 204 188 219 88's password:
root () xyz:~# hostname; id; w
xyz
uid=0(root) gid=0(root) groups=0(root)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: LulzSec EXPOSED! hoaxxxx (Jun 06)
|
