lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: suprelitehacker at yahoo.com (Liz beth)
Subject: Whitehat Tribute


 ...._ ..,,-======-.
  `''<<::   o.      `\
       `-."      .cdbc`.                       THE BIG BAD PENGUIN
          ;      ?$$$$$b.                        PROUDLY PRESENTS
          ;...  .d$$$$$$!>                        STFU Volume 1
        .$$$$$$P"??$$??!!!!>.                  
       ,$$$$$$P   .?!!!!!!!!!>
       $$$$$$$k  !!!!!!!!!!!!!!>                   Feb. 04, 2004
      d$$$$$$$$   !!!!!!!!!!!!!!:
     d$$$$$$$$$F '!!!!!!!!!!!!!!!:
    d$$$$$$$$$$  '!!!!!!!!!!!!!!!!>          
    $$$$$$$$$$$L !!!!!!!!!!!!!!!!!!       
   d$$$$$$$$$$$$ '!!!!!!!!!!!!!!!!!!
   d$$$$$$$$$$$$ !!!!!XX!!!!!!!!!!!!!      
   d$$$$$$$$$$$$x!!!!!!#X!!!!!!!!!!!!>
   3$$$$$$$$$$$$!!!!!!!!$!!!!!!!!!!!!!
   ?$$$$$$$$$$$!!!!!!!!!$!!!!!!!!!!!!!>   
   ?$$$$$$$$$$?!!!!!!!Xd!!!!!!!!!!!!!!>
    $$$$$$$$$?!!!!!!!WT!!!!!!!!!!!!!!!!
    ?$$$$$$$F!!!!!!!td!!!!!!!!!!!!!!!!!
     $$$$$$$!!!!!!!Ud!!!!!!!!!!!!!!!!!!    gr33tz: el8, PHC, immortal, eps,
     ?$$$$$$!!!!!!W?!!!!!!!!!!!!!!!!!!!>   Tom Jones, plan9, efnet, jerkface,
      $$$$$C!!!!!!E!!!!!!!!!!!!!!!!!!!!>   zemos, mikecc, ace, rocky_, #!IC,
      ?$$$$$!!!!!!E!!!!!!!!!!!!!!!!!!!!>   denver, setenv, adam, |404|, ph33r,
       $$$$$X!!!!!!!!!!!!!!!!!!!!!!!!!!>   shazam, pr0digy, will, simprix,
        $$$$b!!!!9!!!!!!!!!!!!!!!!!!!!!>   macd, s0kket, phrackman, SirV,
        `$$$$$C!!9!!!!!!!!!!!!!!!!!!!!!    nu|l, tri0, bob, mercy, sloth, 
         ?$$$$$$bUi!!!!!!!!!!!!!!!!!!!!    fred, waldo, dawgyg, ziphie, digital,
         `$$$$$$$$$$$$$b!!!!!!!!!!!!!!!    pj, north, jason, justin, razka,
          ?$$$$$$$$$$$$$f!!!!!!!!!!!!!!    dijit, thn, Damien, xar, dis, gr3p,
           $$$$$$$$$$$$$)!!!!!!!!!!!!!>    kokanin, jerome, pete, matrix,
            ?$$$$$$$$$$F!!!!!!!!!!!!!!!    Syr0kill, slix0r, triumph the insult
             "$$$$$$$$$!!!!!!!!!!!!!!!!    comic dog, and most importantly:
               "$$$$$$$!!!!!!!!!!!!!!!!!;  Janet Jacksons right tit. BUT MORE importantly
                ?$$$$$%!!!!!!!!!!!!!!!!!!;  Drew b3rry m0re cuz shez fine and jennifer connelly
                 $$$$$!!!!!!!!!!!!!!!!!!!!!  cuz she's even more fine, i'd like to see them fuck
                 `$$$$P?(`-,      `'(-(-`<>.\'-
              ,;<(?$$$$-";);         `\\ \.<\.'
         =<;<<;(<;'?$P"````            `` ` '`

 


-----------------------------------------------------------------------------------
                                                                                  
                                                                                 
th3 c0mm1tt33:                                                                   
                                                                                  
B0bB45k3R............th3 m0st 3l33t g4m3 sh0w h0st                                
p3p3.................m3x1 h4x0r                                                   
g1n4.................th3 r34l b1tch                                               
mMm..................mr m4rlb0r0 m4n h1ms3lf                                      
d-r0d................h1gh jump1ng n1gg4 fr0m d4 34sts1d3                          
0ls3n-tw1nz..........s0m30n3 s4y tw1nz!?!?                                        
sgt-sl4ught3r........th3 b0dygu4rd                                                
urm0m................m1ss 1nf0rm4nt                                               
c4p741n_c0rrup710n........0h sh17 d00d 17z 71m3 t0 c0rrup7
                                                                               
                                                                                  
                                                                                  
-----------------------------------------------------------------------------------

 

th3 3l3v3n c0mm4ndm3nts 0f th3 1nt3rn3t:

th0u sh4lt n3v3r s3nd un3ncrypt3d p4ssw0rds 0v3r 3m41L
th0u sh4lt n0t subst1tut3 w3bc4m s3x f0r r34l p13c3 0f 4ss
th0u sh4lt n3v3r th1nk th0u 4r3 t0t4lly s3cur3d
th0u sh4lt n3v3r us3 match.com 4s 4 pl4c3 t0 g3t 4 d4t3
th0u sh4lt n3v3r us3 i-are-see p4ssw0rd f0r 3v3ryth1ng 3ls3
th0u sh4lt n3v3r und3r3st1m4t3 th3 'l4m3r'
th0u sh4lt n0t th1nk s0c14l 3ng1n33r1ng 1s d34d
th0u sh4lt n0t ch4rg3 f0r s0m3th1ng th0u c4nn0t pr0v1d3
th0u sh4lt 4lw4ys ph33r th3 0d4y
th0u sh4lt k33p th3 bl4ckh4t sc3n3 4l1v3
th0u sh4l7 n07 b3 a kiddie p0rn peddler or a fag l1k3 teck7 and hackah j4k


-----------------------------------------------------------------------------------

Link of Importance:

http://teck7.girlscoutcookie.com/     Ryans own match.com site


-----------------------------------------------------------------------------------
TARGET 1:
Ryan MacDonald aka teck7
www.rfxnetworks.com
cl41m t0 f4me:
  APF (Advanced Policy Firewall) - 0.9.3 [apf@...x.org]
   Copyright (C) 1999-2003, R-fx Networks <proj@...x.org>
   Copyright (C) 2003, Ryan MacDonald <ryan@...x.org>

He almost makes people think he knows what he is doing, and that he deserves 
money for his time. We have determined that Mr. Ryan MacDonald of RFXNetworks has 
not only defrauded his customers, but also exploited their lack of intelligence 
through over-charging for his services, while also leaving the integrity of his 
client's servers open to the whole world. To demonstrate this lack of care, 
integrity, and intelligence by Mr. Ryan MacDonald we will display the information 
for a number of his clientele. All below server information is valid as of 3pm 
Eastern Time Zone February 3, 2004. Got Root?


[teck7]$./l4m3-scr1pt-k1dd13-c0d3
Dumping all this tards email....
No encryption picked up....
Passwords detected....
Begin dump!


name 

William 


company 

DenyIgnorance 


email 

william@...yignorance.com 


url 

http://www.abovetopsecret.com 

 


Request ID 

390 


Priority 

3 


Logged 

30-1-2004-11:25 


Status 

CLOSED 

 


Ownership 

ryan 


Department 

Hosting - General/Other 

 


Purchased APF installation 

 

Your e-mail response said--- 
We thank you for purchasing rfxnetworks.com services. To complete the
service as ordered we require the following information from you: 

1) Server hostname/IP 
66.98.176.42 

2) Server login information 
admin: di9ijn0okm 
su: @f8uhb7ygv 

3) Any special requirements or requests 
Currently experiencing SYN floods and am particularly interested in the
better anti-dos of the current APF. 
I have an older version of APF running. 

please confirm via e-mail to william@...yignorance.com when the install is
complete. 
Thank you. 

name 

Robbie Wallis 


company 

 


email 

robbie@...b-space.com 


url 

http://www.4web-space.com 

 


Request ID 

391 


Priority 

1 


Logged 

30-1-2004-1:19 


Status 

CLOSED 

 


Ownership 

ryan 


Department 

Managed Services - General/Other 

 


Security Package Needing Adding ASAP 

 

Hello Ryan, 
Would appreciate if you could fit this in ASAP as have just restored from
backup before hack occured 

Robbie (icq 161554) 

Server: plesk.servdns.net 
User: root 
pass: *Jue7Koa1Lz9 

Could I request you set the firewall up even if i have APF installed in the
meantime 

Only special requirement is 8443 as its a plesk server 

Robbie 

 

The 5 other servers are now ready for you: 

216.127.70.106 / e5Mg9l2 
207.44.214.67 / d7s1K0b 
207.44.236.107 / d6B9kD2 
207.44.248.101 / m8iRv0g 
69.57.140.95 / l9V8yf1 

If you can't get it all done before you leave on Thursday then that's fine,
just keep me updated on your progress. So far I am very pleased with your
work, I can rest a little easier now :) 


Ryan 


Security Bundle: 
We applied our standard security bundle. The bundle is a compilation of
minor tweaks, and permissions changes along with various scripts to remove
un-needed server functions (software, users, paths). 

Below is a summary of all that is done by this security bundle: 

- remove un-needed setuid/gid binaries/revoked sticky bit 
- restrict common path permissions to prevent directory traversal 
- restrict apache file permissions to prevent global reads 
- hardened apache via RLIMIT for CPU time and MEM 
- hardened apache via ServerToken and ServerSignature tweaks 
- remove un-needed rpms 
- removed un-needed default users from system install 
- setup increased logging for syslog (/var/log/login_log & /var/log/kernel) 
- harden tcpstack via sysctl (/etc/sysctl.conf) 
- syncookies/misc env sysctl hardening (/etc/sysctl.conf) 
- pamd.login restrictions 
- setup smartd 
smartd is a daemon that monitors the Self-Monitoring, Analysis and Reporting
Technology (S.M.A.R.T.) system built into many IDE and SCSI hard drives. The
purpose of S.M.A.R.T. is to monitor the reliability of the hard drive and
predict drive failures, and to carry out different types of drive
self-tests. 
/etc/smartd.conf 
Details about smartd status are logged to /var/log/messages; critical issues
are emailed to address noted in smartd.conf 
- setup iftop [& libpcap - required] 
/usr/sbin/iftop --help 
Iftop is a top like network monitor 
- setup libsafe LD_PRELOAD filter 
Libsafe is a middle-ware solution to format string attacks and buffer
overflows. It provides a dynamically loadable LD_PRELOAD replacement. The
LD_PRELOAD replacement is used to replace common functions known to have
format string or BOF issues. LibSafe is an ideal solution to stop many
issues in simple and basic software - for example the Linux x86 'traceroute'
utility has had a history of format string issues, libsafe essentially puts
a lid around most of those past/present/future issues. 
- Time synchronization; to ensure logging is accurate in regard to time
stamps 
- APF firewall 0.9.1 check/setup 
- Snort install [logs located in /var/log/snort/ 
- Setup BFD (brute force detection - /var/log/bfd_log - issues bans via
/etc/apf/deny_hosts.rules) 
- Setup JTR password auditing utility; runs monthly and emails admin with
insecure user passwords summary 
- Other various changes that are deemed un-needed to document as they are
simply sanity checks of generic system policies (e.g: standard user homedir
perms etc...) 

---- 

If you experience any problems what so ever, that you feel are related to or
caused from our service - do not hesitate to open a trouble ticket or e-mail
us. 

In such a case of an emergency issue caused by our service, you may page us
24/7 at: 
pager@...networks.com 

This will send an alert directly to our staff and they will promptly reply
to your issue. We can not stress that this is to be used only in emergency
situations. 

On behalf of the R-fx Networks staff, thank you for choosing us as your
managed services provider. We hope to work with you again in the near
future. 


name 

Joseph Buaron 


company 

Future Point Inc. 


email 

joseph@...urepoint.com 


url 

http://www.futurepoint.com/ 

 


Request ID 

287 


Priority 

2 


Logged 

2-12-2003-11:33 


Status 

OPEN 

 


Ownership 

ryan 


Department 

Managed Services - General/Other 

 


Investigation of Attack & Security Bundle 

 

Hello Ryan, I still need to install the Ensim security patches on the rest
of the servers, but let's start with the server that was recently hacked
since that is most important. While you are working on this server I will
work to complete the upgraded on the other 5 servers. As we agreed on ICQ I
will pay you $360 via PayPal for hardening all 6 of the Ensim Pro servers,
and investigating to determine how one of the servers was hacked. 

I know I don't need to tell you this, but it is necessary that I do. These
servers contain confidential information belonging to Future Point Inc., and
its customers. You may not make any backups or copies of any data or files
on the servers, or share any of the information that I give you with anyone
else. 

Below is the information for the first server; the old hard drive with the
compromised file system is connected to the server as a slave, and will be
removed tomorrow by EV1Servers. The drive needs to be mounted every time
after the server boots, so just type "mount /dev/hdb3 /home2" if it is not
already mounted. 

207.218.206.74: (root/admin) / n0d9c7 


name 

Brandon Yoders 


company 

Deafening-urge.net Hosting 


email 

admin@...fening-urge.net 


url 

http://www.deafening-urge.net 

 


Request ID 

386 


Priority 

3 


Logged 

27-1-2004-12:28 


Status 

OPEN 

 


Ownership 

Unowned 


Department 

Managed Services - General/Other 

 


login information 

 

66.98.146.22 
root / qgFnKeUlmv2dcEDPBtl0NK5B 


name 

Rodney Urbaniak 


company 

Revolution Solutions 


email 

rurbaniak14@...oo.com 


url 

http:// 

 


Request ID 

395 


Priority 

1 


Logged 

31-1-2004-12:15 


Status 

OPEN 

 


Ownership 

Unowned 


Department 

Managed Services - General/Other 

 


Linux Security Bundle 

 

1) Server hostname/IP 

srv01.digitdvs.com/207.44.156.88 (still set at EV1 Default on the hostname.)


2) Server login information 

Admin - ruf1c8dd 
SU and Appliance - js0419lu 


3) Any special requirements or requests 

If I have difficulty restoring from my info from my Secondary drives, can
you assist? 

Appliance Backups and Site Backups are stored under /home3/vhbackup 

If by chance you need anything, I'll be away from the computer a while.
734-218-1486 


-----------------------------------------------------------------------------------

m0r3 r00tsh3lls!!!! th4nkz ry4n

1) cpanel.servdns.net ip = 69.56.220.66
root // ddexbyfartknocker

2) 69.57.148.21
root // jjEPsTabj27

3) 69.56.205.66
root // Minetar0

4) 69.56.133.130
root // d3l4m41n

5) 207.36.180.50
root // zrx154451

6) 66.79.165.150
root // cia1124x

7) 216.180.242.122
root // r3@...0k

8) 66.98.146.22
root // qgFnKeUlmv2dcEDPBtl0NK5B

9) plesk.servdns.net
root // *Jue7Koa1Lz9

 


-----------------------------------------------------------------------------------

s3xy ph0n3 l1st:   ,==.-------.
                    (    ) ====  \
                    ||  | [][][] |
                  ,8||  | [][][] |
                  8 ||  | [][][] |
                  8 (    ) O O O /
                  '88`=='-------'


Kyle Browning aka ocYrus.........(281) 379-4515 home
Alex Hopple aka drag0n...........(513) 797-0055 home
                                 (513) 623-1122 cell
Blake Self aka RaT...............(765) 286-0080 home
Kenny Vollendorf aka cryptix.....(715) 823-5821 home


------------------------------------------------------------------------------------------------

Target #2:

h4k4h j4k

d00d l37z t4k3 a l00k at th1z h0mo. K. Background inf0z. "elite nt hacker". H3 claimz tu b3 th3 
m0s7 3l337 NT hackah ever. Jessee Tuttle, the fuckin kiddie porn king, said h3 c0uld hack ANY nt 
system in 30 s3conds. t3h n3x7 7h1ng 1 kn0w h3z ask1n us 2 c0de shit for h1z l4m3 nt d3f4c3s wtf?! 
i th0ught he was mastah 0f teh nt, owner of DOS (probably a closet packet kiddie). Anywayz th47 
br1ngz u up 2 d4t3 on tah faggot till may 2003. h3 was ra1d3d may 6th 2003, on hax0rin charges. 
up0|\| going through hiz f1l3z (which included logz) they f0und kiddie p0rn! l1k3 1'm n07 74lk1ng 
b0u7 1 fil3 downloaded by m1stak3 bu7 NINE, fuckin filez. (THAT WERE CONFIRMED). th1z was confirmed 
by clerks site in cinnicinati, teh fi13z h3 h4s w3r3 hug3! 1 of th3m was 106 mega bitches! you 
dont fuckin m1574nkl3y downl0ad a 106 mb f1l3 of 2 11 year old boyz butt fuck1ng each oth3r (als0 
said some7h1ng b0u7 bestiality in it, which is ev3n s1ck3r.) 

h3 fuck1n w4z running an ANTI-fUCKING KIDDIE PORN THING FOR ZONE-H, but then you fuckin see him 
getting all thiz kiddie porn from the thing, wha7 1f he g0t l1k3 shitloads m0re that we d0n7 kn0w 
ab0ut. he s41d 1n an int3rvi3w h3 waz w0rk1ng for tah FBI (no, not a female body inspector, cuz 
he's a fat ignorant fuck) t0 c4tch 0nl1n3 fagz deal1ng tah kiddi3 p0rn. BULLSHIT FUCKWAD. th3ir 
iz n0 way they w0uld fuckin be putt1ng up with your rapin of little girls you fuckin l0sah.

anyw4yz t0 wr4p thiz sh1t up. It w0uld of b33n 0k if the fuckbag h4d jus7 b33n ra1d3d f0r hackin,
but kiddie porn? 50 m4ny peopl3 l00k3d up t0 7hiz piece of shit, and he pulls th1z, plus keeping 
l0gz on his box?! fuck th4t. h3 w0nd3rz why n0 0n3 trutz his llama kiddie p0rn lovin ass? CUZ 
YOUR A FUCKIN NARC JAK. P31c3 0u7 fr0m tah c4p741n_c0rrup710n. c0rrup7ing 3v1l m1ndz to ins3r7 
teh 7ru7h from tah n1ne713z.


---------------------------------------------------------------------------------------------------
THE final3 -Outro:

Th1z iz 17 fr0m us losahz f0r n0w. pl34z k33p 17 r34l and d0n't give sh17 0u7 70 7h3 l4m3rz.
r3p0r7 l0s3rs wh0 d34l kiddie porn! they desserver to die or b3 r4p3d by d00dz nam3d bubbah 
th47 w3igh 500 poundz (Oh sh17! Jakz g0tt4 weigh bout that!)

th1z h4z b33n an 3z1n3 br0ugh7 70 y0u by B1g B4d penguin

L0ve alwayz sgt-sl4ught3r 4nd c4p741n_c0rrup710n.



---------------------------------
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040207/ddf0916a/attachment.html

Powered by blists - more mailing lists