[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTikgtj3R=2RQGzDZ4bSQV2o68c-0nA@mail.gmail.com>
Date: Mon, 6 Jun 2011 18:09:28 -0500
From: Jen Savage <savagejen@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: LulzSec EXPOSED!
ooo ooo speculation time!
- Hacker creates website that offers "free online password management"
- in javascript
- bugdoors it
- collects passwords
- uses passwords
TL;DR: over 9000 lulz were had
-Jen
On Mon, Jun 6, 2011 at 8:26 AM, T Biehn <tbiehn@...il.com> wrote:
> LOL @
> "A timing attack on ssh passwords over the net?"
>
> and
>
> "I think its just a bruteforce."
>
> -Travis
>
> On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia
> <chuksjonia@...il.com> wrote:
>>
>> I think its just a bruteforce.
>>
>>
>>
>>
>> On 6/6/11, Andreas Bogk <andreas@...reas.org> wrote:
>> > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>> >> Lulzsec == pwnt
>> >
>> > I've seen the log you pasted to pastebin. Is this:
>> >
>> > * A timing attack on ssh passwords over the net?
>> > * Fake, to distract us from your real 0day?
>> >
>> > Andreas
>> >
>> > Log:
>> >
>> > root@...son:~# ./1337hax0r 204.188.219.88 -root
>> > Attempting too hax0r root password on 204.188.219.88
>> >
>> > h,VhXz<avMm
>> > 3xL<l1-_\wC
>> > ffsakTgyc~H
>> > ZZrz,pJrg<B
>> > b{4Bv_Y$$Z6
>> > XDh;vDU-;3>
>> > FB-hvg%g_'t
>> > }qHNvkS"'>g
>> > RNBKvUi5yO|
>> > z`(}v<1^>u&
>> > *V4?vh9#^f2
>> > /R*9vf<h"Z#
>> > 9P65vjKhh.N
>> > \rfsv~PhNDz
>> >>Bfpv|uhGpy
>> > J%"kvf]hGf0
>> > sY0"v{2hf7p
>> >>9dev%Qh6_v
>> > *<Tbv7?h.**
>> > }:lkvV^hN2U
>> > ;&5Xv'Sh#}_
>> > MOqpvi_hg+#
>> > Md9/viVh&u7
>> > M(%rvomhb'"
>> > MI"5v_shEVe
>> > M=@....hZge
>> > MPk5v:WhUTe
>> > M=3vvrzh7Te
>> > M&'?v]sh`Te
>> > M/Z,vI1h`Te
>> > M.9>vO$hTTe
>> > Ms!(vY;hpTe
>> > MA)SvYLhnTe
>> > M7eCv@...Te
>> > MkeCvFLh$Te
>> > M'eCv?LhaTe
>> > M&eCvLLh|Te
>> > M*eCv5Lh\Te
>> > MmeCvcLhCTe
>> > MTeCv&LhrTe
>> > M,eCv1LhYTe
>> > MEeCv}LhHTe
>> > M_eCvSLhnTe
>> > MPeCvSLh+Te
>> > M[eCvSLh,Te
>> > MOeCvSLh"Te
>> > M7eCvSLh"Te
>> > MGeCvSLhdTe
>> > M$eCvSLhkTe
>> > MCeCvSLhkTe
>> > MLeCvSLhkTe
>> > M=eCvSLhkTe
>> > M-eCvSLhkTe
>> > MweCvSLhkTe
>> > M=eCvSLhkTe
>> > M3eCvSLhkTe
>> > M6eCvSLhkTe
>> > MreCvSLhkTe
>> > M6eCvSLhkTe
>> > MFeCvSLhkTe
>> > MSeCvSLhkTe
>> > M8eCvSLhkTe
>> >
>> > Password hax0rd! root password: M8eCvSLhkTe
>> >
>> > root@...son:~# ssh 204.188.219.88
>> >
>> > root@....188.219.88's password:
>> >
>> > root@xyz:~# hostname; id; w
>> > xyz
>> > uid=0(root) gid=0(root) groups=0(root)
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>> jgichuki at inbox d0t com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://chuksjonia.blogspot.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists