lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: suprelitehacker at yahoo.com (Liz beth) Subject: Whitehat Tribute ...._ ..,,-======-. `''<<:: o. `\ `-." .cdbc`. THE BIG BAD PENGUIN ; ?$$$$$b. PROUDLY PRESENTS ;... .d$$$$$$!> STFU Volume 1 .$$$$$$P"??$$??!!!!>. ,$$$$$$P .?!!!!!!!!!> $$$$$$$k !!!!!!!!!!!!!!> Feb. 04, 2004 d$$$$$$$$ !!!!!!!!!!!!!!: d$$$$$$$$$F '!!!!!!!!!!!!!!!: d$$$$$$$$$$ '!!!!!!!!!!!!!!!!> $$$$$$$$$$$L !!!!!!!!!!!!!!!!!! d$$$$$$$$$$$$ '!!!!!!!!!!!!!!!!!! d$$$$$$$$$$$$ !!!!!XX!!!!!!!!!!!!! d$$$$$$$$$$$$x!!!!!!#X!!!!!!!!!!!!> 3$$$$$$$$$$$$!!!!!!!!$!!!!!!!!!!!!! ?$$$$$$$$$$$!!!!!!!!!$!!!!!!!!!!!!!> ?$$$$$$$$$$?!!!!!!!Xd!!!!!!!!!!!!!!> $$$$$$$$$?!!!!!!!WT!!!!!!!!!!!!!!!! ?$$$$$$$F!!!!!!!td!!!!!!!!!!!!!!!!! $$$$$$$!!!!!!!Ud!!!!!!!!!!!!!!!!!! gr33tz: el8, PHC, immortal, eps, ?$$$$$$!!!!!!W?!!!!!!!!!!!!!!!!!!!> Tom Jones, plan9, efnet, jerkface, $$$$$C!!!!!!E!!!!!!!!!!!!!!!!!!!!> zemos, mikecc, ace, rocky_, #!IC, ?$$$$$!!!!!!E!!!!!!!!!!!!!!!!!!!!> denver, setenv, adam, |404|, ph33r, $$$$$X!!!!!!!!!!!!!!!!!!!!!!!!!!> shazam, pr0digy, will, simprix, $$$$b!!!!9!!!!!!!!!!!!!!!!!!!!!> macd, s0kket, phrackman, SirV, `$$$$$C!!9!!!!!!!!!!!!!!!!!!!!! nu|l, tri0, bob, mercy, sloth, ?$$$$$$bUi!!!!!!!!!!!!!!!!!!!! fred, waldo, dawgyg, ziphie, digital, `$$$$$$$$$$$$$b!!!!!!!!!!!!!!! pj, north, jason, justin, razka, ?$$$$$$$$$$$$$f!!!!!!!!!!!!!! dijit, thn, Damien, xar, dis, gr3p, $$$$$$$$$$$$$)!!!!!!!!!!!!!> kokanin, jerome, pete, matrix, ?$$$$$$$$$$F!!!!!!!!!!!!!!! Syr0kill, slix0r, triumph the insult "$$$$$$$$$!!!!!!!!!!!!!!!! comic dog, and most importantly: "$$$$$$$!!!!!!!!!!!!!!!!!; Janet Jacksons right tit. BUT MORE importantly ?$$$$$%!!!!!!!!!!!!!!!!!!; Drew b3rry m0re cuz shez fine and jennifer connelly $$$$$!!!!!!!!!!!!!!!!!!!!! cuz she's even more fine, i'd like to see them fuck `$$$$P?(`-, `'(-(-`<>.\'- ,;<(?$$$$-";); `\\ \.<\.' =<;<<;(<;'?$P"```` `` ` '` ----------------------------------------------------------------------------------- th3 c0mm1tt33: B0bB45k3R............th3 m0st 3l33t g4m3 sh0w h0st p3p3.................m3x1 h4x0r g1n4.................th3 r34l b1tch mMm..................mr m4rlb0r0 m4n h1ms3lf d-r0d................h1gh jump1ng n1gg4 fr0m d4 34sts1d3 0ls3n-tw1nz..........s0m30n3 s4y tw1nz!?!? sgt-sl4ught3r........th3 b0dygu4rd urm0m................m1ss 1nf0rm4nt c4p741n_c0rrup710n........0h sh17 d00d 17z 71m3 t0 c0rrup7 ----------------------------------------------------------------------------------- th3 3l3v3n c0mm4ndm3nts 0f th3 1nt3rn3t: th0u sh4lt n3v3r s3nd un3ncrypt3d p4ssw0rds 0v3r 3m41L th0u sh4lt n0t subst1tut3 w3bc4m s3x f0r r34l p13c3 0f 4ss th0u sh4lt n3v3r th1nk th0u 4r3 t0t4lly s3cur3d th0u sh4lt n3v3r us3 match.com 4s 4 pl4c3 t0 g3t 4 d4t3 th0u sh4lt n3v3r us3 i-are-see p4ssw0rd f0r 3v3ryth1ng 3ls3 th0u sh4lt n3v3r und3r3st1m4t3 th3 'l4m3r' th0u sh4lt n0t th1nk s0c14l 3ng1n33r1ng 1s d34d th0u sh4lt n0t ch4rg3 f0r s0m3th1ng th0u c4nn0t pr0v1d3 th0u sh4lt 4lw4ys ph33r th3 0d4y th0u sh4lt k33p th3 bl4ckh4t sc3n3 4l1v3 th0u sh4l7 n07 b3 a kiddie p0rn peddler or a fag l1k3 teck7 and hackah j4k ----------------------------------------------------------------------------------- Link of Importance: http://teck7.girlscoutcookie.com/ Ryans own match.com site ----------------------------------------------------------------------------------- TARGET 1: Ryan MacDonald aka teck7 www.rfxnetworks.com cl41m t0 f4me: APF (Advanced Policy Firewall) - 0.9.3 [apf@...x.org] Copyright (C) 1999-2003, R-fx Networks <proj@...x.org> Copyright (C) 2003, Ryan MacDonald <ryan@...x.org> He almost makes people think he knows what he is doing, and that he deserves money for his time. We have determined that Mr. Ryan MacDonald of RFXNetworks has not only defrauded his customers, but also exploited their lack of intelligence through over-charging for his services, while also leaving the integrity of his client's servers open to the whole world. To demonstrate this lack of care, integrity, and intelligence by Mr. Ryan MacDonald we will display the information for a number of his clientele. All below server information is valid as of 3pm Eastern Time Zone February 3, 2004. Got Root? [teck7]$./l4m3-scr1pt-k1dd13-c0d3 Dumping all this tards email.... No encryption picked up.... Passwords detected.... Begin dump! name William company DenyIgnorance email william@...yignorance.com url http://www.abovetopsecret.com Request ID 390 Priority 3 Logged 30-1-2004-11:25 Status CLOSED Ownership ryan Department Hosting - General/Other Purchased APF installation Your e-mail response said--- We thank you for purchasing rfxnetworks.com services. To complete the service as ordered we require the following information from you: 1) Server hostname/IP 66.98.176.42 2) Server login information admin: di9ijn0okm su: @f8uhb7ygv 3) Any special requirements or requests Currently experiencing SYN floods and am particularly interested in the better anti-dos of the current APF. I have an older version of APF running. please confirm via e-mail to william@...yignorance.com when the install is complete. Thank you. name Robbie Wallis company email robbie@...b-space.com url http://www.4web-space.com Request ID 391 Priority 1 Logged 30-1-2004-1:19 Status CLOSED Ownership ryan Department Managed Services - General/Other Security Package Needing Adding ASAP Hello Ryan, Would appreciate if you could fit this in ASAP as have just restored from backup before hack occured Robbie (icq 161554) Server: plesk.servdns.net User: root pass: *Jue7Koa1Lz9 Could I request you set the firewall up even if i have APF installed in the meantime Only special requirement is 8443 as its a plesk server Robbie The 5 other servers are now ready for you: 216.127.70.106 / e5Mg9l2 207.44.214.67 / d7s1K0b 207.44.236.107 / d6B9kD2 207.44.248.101 / m8iRv0g 69.57.140.95 / l9V8yf1 If you can't get it all done before you leave on Thursday then that's fine, just keep me updated on your progress. So far I am very pleased with your work, I can rest a little easier now :) Ryan Security Bundle: We applied our standard security bundle. The bundle is a compilation of minor tweaks, and permissions changes along with various scripts to remove un-needed server functions (software, users, paths). Below is a summary of all that is done by this security bundle: - remove un-needed setuid/gid binaries/revoked sticky bit - restrict common path permissions to prevent directory traversal - restrict apache file permissions to prevent global reads - hardened apache via RLIMIT for CPU time and MEM - hardened apache via ServerToken and ServerSignature tweaks - remove un-needed rpms - removed un-needed default users from system install - setup increased logging for syslog (/var/log/login_log & /var/log/kernel) - harden tcpstack via sysctl (/etc/sysctl.conf) - syncookies/misc env sysctl hardening (/etc/sysctl.conf) - pamd.login restrictions - setup smartd smartd is a daemon that monitors the Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.) system built into many IDE and SCSI hard drives. The purpose of S.M.A.R.T. is to monitor the reliability of the hard drive and predict drive failures, and to carry out different types of drive self-tests. /etc/smartd.conf Details about smartd status are logged to /var/log/messages; critical issues are emailed to address noted in smartd.conf - setup iftop [& libpcap - required] /usr/sbin/iftop --help Iftop is a top like network monitor - setup libsafe LD_PRELOAD filter Libsafe is a middle-ware solution to format string attacks and buffer overflows. It provides a dynamically loadable LD_PRELOAD replacement. The LD_PRELOAD replacement is used to replace common functions known to have format string or BOF issues. LibSafe is an ideal solution to stop many issues in simple and basic software - for example the Linux x86 'traceroute' utility has had a history of format string issues, libsafe essentially puts a lid around most of those past/present/future issues. - Time synchronization; to ensure logging is accurate in regard to time stamps - APF firewall 0.9.1 check/setup - Snort install [logs located in /var/log/snort/ - Setup BFD (brute force detection - /var/log/bfd_log - issues bans via /etc/apf/deny_hosts.rules) - Setup JTR password auditing utility; runs monthly and emails admin with insecure user passwords summary - Other various changes that are deemed un-needed to document as they are simply sanity checks of generic system policies (e.g: standard user homedir perms etc...) ---- If you experience any problems what so ever, that you feel are related to or caused from our service - do not hesitate to open a trouble ticket or e-mail us. In such a case of an emergency issue caused by our service, you may page us 24/7 at: pager@...networks.com This will send an alert directly to our staff and they will promptly reply to your issue. We can not stress that this is to be used only in emergency situations. On behalf of the R-fx Networks staff, thank you for choosing us as your managed services provider. We hope to work with you again in the near future. name Joseph Buaron company Future Point Inc. email joseph@...urepoint.com url http://www.futurepoint.com/ Request ID 287 Priority 2 Logged 2-12-2003-11:33 Status OPEN Ownership ryan Department Managed Services - General/Other Investigation of Attack & Security Bundle Hello Ryan, I still need to install the Ensim security patches on the rest of the servers, but let's start with the server that was recently hacked since that is most important. While you are working on this server I will work to complete the upgraded on the other 5 servers. As we agreed on ICQ I will pay you $360 via PayPal for hardening all 6 of the Ensim Pro servers, and investigating to determine how one of the servers was hacked. I know I don't need to tell you this, but it is necessary that I do. These servers contain confidential information belonging to Future Point Inc., and its customers. You may not make any backups or copies of any data or files on the servers, or share any of the information that I give you with anyone else. Below is the information for the first server; the old hard drive with the compromised file system is connected to the server as a slave, and will be removed tomorrow by EV1Servers. The drive needs to be mounted every time after the server boots, so just type "mount /dev/hdb3 /home2" if it is not already mounted. 207.218.206.74: (root/admin) / n0d9c7 name Brandon Yoders company Deafening-urge.net Hosting email admin@...fening-urge.net url http://www.deafening-urge.net Request ID 386 Priority 3 Logged 27-1-2004-12:28 Status OPEN Ownership Unowned Department Managed Services - General/Other login information 66.98.146.22 root / qgFnKeUlmv2dcEDPBtl0NK5B name Rodney Urbaniak company Revolution Solutions email rurbaniak14@...oo.com url http:// Request ID 395 Priority 1 Logged 31-1-2004-12:15 Status OPEN Ownership Unowned Department Managed Services - General/Other Linux Security Bundle 1) Server hostname/IP srv01.digitdvs.com/207.44.156.88 (still set at EV1 Default on the hostname.) 2) Server login information Admin - ruf1c8dd SU and Appliance - js0419lu 3) Any special requirements or requests If I have difficulty restoring from my info from my Secondary drives, can you assist? Appliance Backups and Site Backups are stored under /home3/vhbackup If by chance you need anything, I'll be away from the computer a while. 734-218-1486 ----------------------------------------------------------------------------------- m0r3 r00tsh3lls!!!! th4nkz ry4n 1) cpanel.servdns.net ip = 69.56.220.66 root // ddexbyfartknocker 2) 69.57.148.21 root // jjEPsTabj27 3) 69.56.205.66 root // Minetar0 4) 69.56.133.130 root // d3l4m41n 5) 207.36.180.50 root // zrx154451 6) 66.79.165.150 root // cia1124x 7) 216.180.242.122 root // r3@...0k 8) 66.98.146.22 root // qgFnKeUlmv2dcEDPBtl0NK5B 9) plesk.servdns.net root // *Jue7Koa1Lz9 ----------------------------------------------------------------------------------- s3xy ph0n3 l1st: ,==.-------. ( ) ==== \ || | [][][] | ,8|| | [][][] | 8 || | [][][] | 8 ( ) O O O / '88`=='-------' Kyle Browning aka ocYrus.........(281) 379-4515 home Alex Hopple aka drag0n...........(513) 797-0055 home (513) 623-1122 cell Blake Self aka RaT...............(765) 286-0080 home Kenny Vollendorf aka cryptix.....(715) 823-5821 home ------------------------------------------------------------------------------------------------ Target #2: h4k4h j4k d00d l37z t4k3 a l00k at th1z h0mo. K. Background inf0z. "elite nt hacker". H3 claimz tu b3 th3 m0s7 3l337 NT hackah ever. Jessee Tuttle, the fuckin kiddie porn king, said h3 c0uld hack ANY nt system in 30 s3conds. t3h n3x7 7h1ng 1 kn0w h3z ask1n us 2 c0de shit for h1z l4m3 nt d3f4c3s wtf?! i th0ught he was mastah 0f teh nt, owner of DOS (probably a closet packet kiddie). Anywayz th47 br1ngz u up 2 d4t3 on tah faggot till may 2003. h3 was ra1d3d may 6th 2003, on hax0rin charges. up0|\| going through hiz f1l3z (which included logz) they f0und kiddie p0rn! l1k3 1'm n07 74lk1ng b0u7 1 fil3 downloaded by m1stak3 bu7 NINE, fuckin filez. (THAT WERE CONFIRMED). th1z was confirmed by clerks site in cinnicinati, teh fi13z h3 h4s w3r3 hug3! 1 of th3m was 106 mega bitches! you dont fuckin m1574nkl3y downl0ad a 106 mb f1l3 of 2 11 year old boyz butt fuck1ng each oth3r (als0 said some7h1ng b0u7 bestiality in it, which is ev3n s1ck3r.) h3 fuck1n w4z running an ANTI-fUCKING KIDDIE PORN THING FOR ZONE-H, but then you fuckin see him getting all thiz kiddie porn from the thing, wha7 1f he g0t l1k3 shitloads m0re that we d0n7 kn0w ab0ut. he s41d 1n an int3rvi3w h3 waz w0rk1ng for tah FBI (no, not a female body inspector, cuz he's a fat ignorant fuck) t0 c4tch 0nl1n3 fagz deal1ng tah kiddi3 p0rn. BULLSHIT FUCKWAD. th3ir iz n0 way they w0uld fuckin be putt1ng up with your rapin of little girls you fuckin l0sah. anyw4yz t0 wr4p thiz sh1t up. It w0uld of b33n 0k if the fuckbag h4d jus7 b33n ra1d3d f0r hackin, but kiddie porn? 50 m4ny peopl3 l00k3d up t0 7hiz piece of shit, and he pulls th1z, plus keeping l0gz on his box?! fuck th4t. h3 w0nd3rz why n0 0n3 trutz his llama kiddie p0rn lovin ass? CUZ YOUR A FUCKIN NARC JAK. P31c3 0u7 fr0m tah c4p741n_c0rrup710n. c0rrup7ing 3v1l m1ndz to ins3r7 teh 7ru7h from tah n1ne713z. --------------------------------------------------------------------------------------------------- THE final3 -Outro: Th1z iz 17 fr0m us losahz f0r n0w. pl34z k33p 17 r34l and d0n't give sh17 0u7 70 7h3 l4m3rz. r3p0r7 l0s3rs wh0 d34l kiddie porn! they desserver to die or b3 r4p3d by d00dz nam3d bubbah th47 w3igh 500 poundz (Oh sh17! Jakz g0tt4 weigh bout that!) th1z h4z b33n an 3z1n3 br0ugh7 70 y0u by B1g B4d penguin L0ve alwayz sgt-sl4ught3r 4nd c4p741n_c0rrup710n. --------------------------------- Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040207/ddf0916a/attachment.html
Powered by blists - more mailing lists