 
Full Disclosure mailing list archives
Re: LulzSec EXPOSED!
From: vtlists () wyae de
Date: Mon, 06 Jun 2011 15:40:22 +0200
Gichuki John Chuksjonia writes:
I think its just a bruteforce.
If so, why would they repeat already tested hashes? See first and last line of the cited block below (and another one starting with M6... a bit later)?
M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe
As Logins usually do not keep an internal state, repeats should not be necessary to reproduce such one. Strange... Volker
On 6/6/11, Andreas Bogk <andreas () andreas org> wrote:Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:Lulzsec == pwntI've seen the log you pasted to pastebin. Is this: * A timing attack on ssh passwords over the net? * Fake, to distract us from your real 0day? Andreas Log: root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too hax0r root password on 204.188.219.88 h,VhXz<avMm 3xL<l1-_\wC ffsakTgyc~H ZZrz,pJrg<B b{4Bv_Y$$Z6 XDh;vDU-;3> FB-hvg%g_'t }qHNvkS"'>g RNBKvUi5yO| z`(}v<1^>u& *V4?vh9#^f2 /R*9vf<h"Z# 9P65vjKhh.N \rfsv~PhNDzBfpv|uhGpyJ%"kvf]hGf0 sY0"v{2hf7p9dev%Qh6_v*<Tbv7?h.** }:lkvV^hN2U ;&5Xv'Sh#}_ MOqpvi_hg+# Md9/viVh&u7 M(%rvomhb'" MI"5v_shEVe M=@?vl.hZge MPk5v:WhUTe M=3vvrzh7Te M&'?v]sh`Te M/Z,vI1h`Te M.9>vO$hTTe Ms!(vY;hpTe MA)SvYLhnTe M7eCv@Lh0Te MkeCvFLh$Te M'eCv?LhaTe M&eCvLLh|Te M*eCv5Lh\Te MmeCvcLhCTe MTeCv&LhrTe M,eCv1LhYTe MEeCv}LhHTe M_eCvSLhnTe MPeCvSLh+Te M[eCvSLh,Te MOeCvSLh"Te M7eCvSLh"Te MGeCvSLhdTe M$eCvSLhkTe MCeCvSLhkTe MLeCvSLhkTe M=eCvSLhkTe M-eCvSLhkTe MweCvSLhkTe M=eCvSLhkTe M3eCvSLhkTe M6eCvSLhkTe MreCvSLhkTe M6eCvSLhkTe MFeCvSLhkTe MSeCvSLhkTe M8eCvSLhkTe Password hax0rd! root password: M8eCvSLhkTe root@gibson:~# ssh 204.188.219.88 root@204.188.219.88's password: root@xyz:~# hostname; id; w xyz uid=0(root) gid=0(root) groups=0(root) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: LulzSec EXPOSED!, (continued)
- Re: LulzSec EXPOSED! Gichuki John Chuksjonia (Jun 06)
- Re: LulzSec EXPOSED! T Biehn (Jun 06)
- Re: LulzSec EXPOSED! Benji (Jun 06)
- Re: LulzSec EXPOSED! Andreas Bogk (Jun 06)
- Re: LulzSec EXPOSED! Benji (Jun 06)
- Re: LulzSec EXPOSED! T Biehn (Jun 06)
- Re: LulzSec EXPOSED! Benji (Jun 06)
 
 
- Re: LulzSec EXPOSED! Gichuki John Chuksjonia (Jun 06)
 
- Re: LulzSec EXPOSED! Jen Savage (Jun 06)
- Re: LulzSec EXPOSED! McGhee, Eddie (Jun 09)
- Re: LulzSec EXPOSED! Andrew D Kirch (Jun 09)
- Re: LulzSec EXPOSED! vtlists (Jun 06)
- Re: LulzSec EXPOSED! Steve Clement (Jun 06)


