lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Jun 2011 15:40:22 +0200 From: vtlists@...e.de To: Gichuki John Chuksjonia <chuksjonia@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: LulzSec EXPOSED! Gichuki John Chuksjonia writes: > I think its just a bruteforce. If so, why would they repeat already tested hashes? See first and last line of the cited block below (and another one starting with M6... a bit later)? >> M=eCvSLhkTe >> M-eCvSLhkTe >> MweCvSLhkTe >> M=eCvSLhkTe As Logins usually do not keep an internal state, repeats should not be necessary to reproduce such one. Strange... Volker > On 6/6/11, Andreas Bogk <andreas@...reas.org> wrote: >> Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: >>> Lulzsec == pwnt >> >> I've seen the log you pasted to pastebin. Is this: >> >> * A timing attack on ssh passwords over the net? >> * Fake, to distract us from your real 0day? >> >> Andreas >> >> Log: >> >> root@...son:~# ./1337hax0r 204.188.219.88 -root >> Attempting too hax0r root password on 204.188.219.88 >> >> h,VhXz<avMm >> 3xL<l1-_\wC >> ffsakTgyc~H >> ZZrz,pJrg<B >> b{4Bv_Y$$Z6 >> XDh;vDU-;3> >> FB-hvg%g_'t >> }qHNvkS"'>g >> RNBKvUi5yO| >> z`(}v<1^>u& >> *V4?vh9#^f2 >> /R*9vf<h"Z# >> 9P65vjKhh.N >> \rfsv~PhNDz >>>Bfpv|uhGpy >> J%"kvf]hGf0 >> sY0"v{2hf7p >>>9dev%Qh6_v >> *<Tbv7?h.** >> }:lkvV^hN2U >> ;&5Xv'Sh#}_ >> MOqpvi_hg+# >> Md9/viVh&u7 >> M(%rvomhb'" >> MI"5v_shEVe >> M=@....hZge >> MPk5v:WhUTe >> M=3vvrzh7Te >> M&'?v]sh`Te >> M/Z,vI1h`Te >> M.9>vO$hTTe >> Ms!(vY;hpTe >> MA)SvYLhnTe >> M7eCv@...Te >> MkeCvFLh$Te >> M'eCv?LhaTe >> M&eCvLLh|Te >> M*eCv5Lh\Te >> MmeCvcLhCTe >> MTeCv&LhrTe >> M,eCv1LhYTe >> MEeCv}LhHTe >> M_eCvSLhnTe >> MPeCvSLh+Te >> M[eCvSLh,Te >> MOeCvSLh"Te >> M7eCvSLh"Te >> MGeCvSLhdTe >> M$eCvSLhkTe >> MCeCvSLhkTe >> MLeCvSLhkTe >> M=eCvSLhkTe >> M-eCvSLhkTe >> MweCvSLhkTe >> M=eCvSLhkTe >> M3eCvSLhkTe >> M6eCvSLhkTe >> MreCvSLhkTe >> M6eCvSLhkTe >> MFeCvSLhkTe >> MSeCvSLhkTe >> M8eCvSLhkTe >> >> Password hax0rd! root password: M8eCvSLhkTe >> >> root@...son:~# ssh 204.188.219.88 >> >> root@....188.219.88's password: >> >> root@xyz:~# hostname; id; w >> xyz >> uid=0(root) gid=0(root) groups=0(root) >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > -- > -- > Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > I.T Security Analyst and Penetration Tester > jgichuki at inbox d0t com > > {FORUM}http://lists.my.co.ke/pipermail/security/ > http://chuksjonia.blogspot.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists