==Phrack Inc.== Volume 0x0b, Issue 0x3e, Phile #0x02 of 0x0f |=----------------------=[ L O O P B A C K ]=----------------------------=| |=------------------------= aka phr4ck-r4p =-----------------------------=| |=-----------------------------------------------------------------------=| |=------------------------=[ phrackstaff ]=------------------------------=| |=[ 0x01 ]=--------------------------------------------------------------=| Phrack Terrorist Hotline - phr4ckst4ff A new Phrack Terrorist Hotline has been set up! Please call us whenever you like: (415) 260-5685 or (708) 557-6006. |=[ 0x02 ]=--------------------------------------------------------------=| Rootkit Writing 4 Dummies - an0nym0us comments after # Session Start eEye private chat! [00:22:24] mdavis72000: hey [00:22:33] blakewatts: hey # sup [00:22:33] mdavis72000: rkl said you had some covert chennl ideas # rkl = ralph aka security snakeoil cheif [00:22:37] mdavis72000: for the win32 kernel trjan idea [00:22:44] blakewatts: hm [00:22:46] blakewatts: worm?> [00:22:54] mdavis72000: I want to discuss them cause i am writing the proposal [00:22:55] mdavis72000: worm yeah [00:22:59] blakewatts: okay [00:23:00] mdavis72000: it is worm and torjan and rootkit [00:23:02] mdavis72000: and x [00:23:02] mdavis72000: heh [00:23:05] blakewatts: nice [00:23:17] mdavis72000: it is anything we want it to be [00:23:24] mdavis72000: what rkl described is basically [00:23:24] blakewatts: :) [00:23:40] mdavis72000: an remote controlled trojan that na get any type of information (essentially like WMI) [00:23:44] mdavis72000: and can remove itself [00:23:56] blakewatts: yeah [00:24:12] blakewatts: my thoughts on this came from my idea of wanting to control every windows os in the universe # u dont even control your own windows os [00:24:47] mdavis72000: alright [00:24:51] mdavis72000: simultaniusoly [00:24:52] blakewatts: off topic, but i wanted it to have the capability of both: a) sharing vulnerability data with its neighbors; and b) being able to find new vulnerabilities [00:24:58] mdavis72000: or from one single amanagemnet point? [00:26:11] blakewatts: in terms of management, [00:26:33] blakewatts: i'd like to be able to send a message to any node, and based on my crypto, have the command accepted or denied [00:27:19] mdavis72000: hmm [00:27:25] mdavis72000: base don the cryto cipher [00:27:30] mdavis72000: or the data within the crypto [00:29:59] blakewatts: both probably :) # ingenius, funtionality based on the crypto cipher... you guys just like # to piss off the reverse engineers, dont you? [00:30:05] mdavis72000: hehe [00:30:07] mdavis72000: well that is fine [00:30:14] mdavis72000: and i have exp witht hat [00:30:19] mdavis72000: but i was more interested int he covertness [00:30:23] mdavis72000: in the covertness [00:30:24] mdavis72000: even [00:30:54] mdavis72000: because this has to be as covert as possible [00:31:03] blakewatts: covertness being, each node has an array of children it has hacked.. it only knows about its 1 BLink [00:31:16] blakewatts: in terms of proto, blah [00:31:19] blakewatts: trivial [00:31:22] mdavis72000: right [00:31:30] mdavis72000: BLink == ? [00:31:36] blakewatts: Back Link.. pPrev [00:31:39] mdavis72000: ah [00:31:39] mdavis72000: ok [00:31:56] mdavis72000: so essentially you send one command to one node [00:31:59] mdavis72000: and it is aut o propegated [00:32:02] mdavis72000: to the correct node [00:32:24] blakewatts: sorta.. this idea came from shok, and i think it's pretty decent.. # w00w00! [00:32:32] blakewatts: send a command to a node, it then forwards that node to a random child [00:32:37] mdavis72000: ok, keep going [00:32:46] blakewatts: the random child does the same until FLink == 0 [00:32:55] blakewatts: then, that node goes directly to the target PC to execute the command [00:33:20] mdavis72000: FLink == forward link? [00:33:22] blakewatts: yes [00:33:26] mdavis72000: ok [00:33:33] blakewatts: (MS LIST_ENTRY terminology) ;) [00:33:40] mdavis72000: isn't that more random then covert? [00:33:46] blakewatts: yeah.. [00:33:50] mdavis72000: the communication between nodes althoughr andom [00:33:52] blakewatts: but someone couldn't discover the tree [00:33:53] mdavis72000: could be identified [00:33:57] mdavis72000: correct [00:34:03] mdavis72000: it hides the sources [00:34:06] blakewatts: yeah [00:34:30] blakewatts: but if one host is compromised, the individual could only discover its parent # and its children (baahaaaa) [00:34:31] mdavis72000: ok [00:34:44] mdavis72000: right but the hosts [00:34:50] mdavis72000: would have some type of cynide pill # cyanide pill? i prefer to use the 'cyber-NOOSE' [00:34:54] mdavis72000: if it thinks it has been tampered [00:34:55] blakewatts: yeah [00:34:56] mdavis72000: destroy itself [00:34:56] blakewatts: true [00:35:06] blakewatts: plus, there isn't really one arbitrating god node [00:35:08] mdavis72000: man, i hop ethis does not get out into the public [00:35:09] mdavis72000: cause [00:35:17] mdavis72000: we are smarter then the average rootkit writer [00:35:19] mdavis72000: heh # now that its out, lets see if the internet can survive [00:35:21] blakewatts: yeah really heh [00:35:32] mdavis72000: it is scary if you think abou tit [00:35:34] mdavis72000: yeah [00:35:37] blakewatts: add on that vuln. finding component.. you become god [00:35:52] blakewatts: that would really rock those.. distributing attack modules based on request [00:35:54] mdavis72000: or inverse patch management [00:35:58] blakewatts: haha [00:36:00] blakewatts: yeah [00:36:19] mdavis72000: it is defeintly cool [00:36:22] mdavis72000: once the arch is done [00:36:24] mdavis72000: anything is possible [00:36:33] mdavis72000: the communication/heiarchy that is [00:36:33] blakewatts: just gotta make 'em dance together [00:36:33] mdavis72000: ok [00:36:36] blakewatts: yeah [00:36:42] mdavis72000: so got the random node hideness [00:36:43] mdavis72000: what about [00:36:45] blakewatts: Oh [00:36:46] mdavis72000: inter node communication [00:36:47] blakewatts: cool idea [00:36:53] blakewatts: using a genetic algorithm for IP address generation # ^ cool buzzword [00:37:00] mdavis72000: hmm [00:37:06] blakewatts: i've always wanted to use one.. i think it's applicable [00:37:22] mdavis72000: what would the IPs be used for, potential targets? [00:37:26] blakewatts: yeah [00:37:30] blakewatts: heh [00:37:31] blakewatts: ;) [00:37:44] mdavis72000: hehe [00:37:48] mdavis72000: could be interesting [00:38:01] mdavis72000: also i think some type of analyzation [00:38:05] mdavis72000: and pruning of the iP space [00:38:07] mdavis72000: to be attacked [00:38:08] mdavis72000: would rock [00:38:15] mdavis72000: so you can lessen the number of empty probes [00:38:21] mdavis72000: which would/could generate an alert [00:38:35] blakewatts: yeah [00:38:48] mdavis72000: maybe by intercepting RIP/BGP/OSPF updateS? [00:39:07] mdavis72000: and then redistribute the data throughout the network [00:39:08] blakewatts: yeah good idea [00:39:11] blakewatts: ohh [00:39:14] blakewatts: sharing active IP spaces [00:39:17] mdavis72000: yeah [00:39:20] blakewatts: rock [00:39:28] blakewatts: damn [00:39:29] mdavis72000: remove false positives [00:39:37] blakewatts: the IP address space could be covered so quickly with collaboration [00:39:41] blakewatts: that rocks [00:39:45] mdavis72000: that was what iw as thinking [00:39:52] mdavis72000: massive distibutation [00:39:54] blakewatts: make the protocol platform agnostic and you can take out everything [00:39:55] mdavis72000: wtihin minutes [00:39:58] mdavis72000: at key targets [00:39:59] blakewatts: yeah [00:40:05] mdavis72000: word [00:40:13] mdavis72000: why scan when you can interpret ;) [00:40:17] blakewatts: hehehe\ [00:40:21] mdavis72000: RIP/OSPF./BGP is floting all over the place [00:40:26] mdavis72000: utilize it hehe [00:40:30] blakewatts: heh [00:40:31] mdavis72000: spanning tree [00:40:32] mdavis72000: etc etc [00:40:40] mdavis72000: this coul dbe a very ambitous project [00:40:47] mdavis72000: back to inter node communication [00:40:47] blakewatts: yeah [00:40:50] mdavis72000: tcp? [00:40:51] mdavis72000: udp? [00:41:00] blakewatts: tcp, i'd say... [00:41:00] mdavis72000: custom? [00:41:03] mdavis72000: well [00:41:06] mdavis72000: what about random [00:41:08] mdavis72000: multi protocol [00:41:10] mdavis72000: communication [00:41:11] mdavis72000: adaptedt # just uze random transport protocols man, no ids can touch u gods [00:41:14] blakewatts: yeah [00:41:15] blakewatts: true [00:41:16] mdavis72000: to the encronment [00:41:18] blakewatts: it cannot be static [00:41:19] mdavis72000: environment [00:41:20] mdavis72000: i.e. [00:41:23] mdavis72000: a lot of netios [00:41:24] blakewatts: we don't want detection.. [00:41:26] blakewatts: we need to set our goals [00:41:27] mdavis72000: use netbios apcket [00:41:32] mdavis72000: agreed. [00:41:33] blakewatts: yeah [00:41:47] blakewatts: we can sniff for a certain type of traffic.. with correct crypto.. connectionless, etc.. [00:41:51] blakewatts: then choose what to do from that point [00:41:54] blakewatts: that's an idea [00:42:05] mdavis72000: yeah [00:42:15] mdavis72000: like [00:42:19] mdavis72000: x protocols are an option [00:42:22] mdavis72000: base don traffic patterns [00:42:23] mdavis72000: use y [00:42:28] blakewatts: yeah [00:42:30] mdavis72000: and all clients can detect if y is in use [00:42:31] mdavis72000: and adapt [00:42:55] mdavis72000: some interesitng stuff [00:42:58] blakewatts: yeah it is [00:43:05] mdavis72000: so our goals [00:43:12] mdavis72000: 1) avoid detection [00:43:15] blakewatts: 2) help blake get day trading advantage # lolz, u devil [00:43:21] mdavis72000: haha [00:43:37] mdavis72000: 2) effeciency [00:43:43] mdavis72000: these are not in order [00:43:49] mdavis72000: 3) self destruct [00:43:55] mdavis72000: 4) information collection/leverage [00:44:14] mdavis72000: any others? [00:44:15] blakewatts: 5) management source obfuscation [00:44:20] mdavis72000: ah, yes [00:45:05] blakewatts: robust & flexible remote command execution architecture [00:45:34] mdavis72000: well i a assuming [00:45:36] mdavis72000: it will have to use [00:45:38] mdavis72000: dynamically [00:45:39] mdavis72000: laodable [00:45:41] mdavis72000: learnable [00:45:43] mdavis72000: modules [00:45:59] mdavis72000: i.e. we can release feature x without rehacking a box [00:46:01] mdavis72000: upgrade itself etc [00:46:06] blakewatts: another idea we ought to work with is creating a VM for the NT kernel so that drivers could be loaded into it.. that way virus scanners can't complain [00:46:07] blakewatts: yeah i agree [00:46:12] mdavis72000: lessons to learn from the patch management market ;) [00:46:37] mdavis72000: well afaik virus scanners still rely on the OS not being comromised [00:46:43] mdavis72000: if we say fiel xis not in dir listing y [00:46:48] mdavis72000: how will norton know any different? [00:46:54] blakewatts: well [00:47:00] blakewatts: i'm assuming they scan the driver space [00:47:08] blakewatts: and if they don't they'll have to adapt [00:47:10] mdavis72000: but how do they? [00:47:19] mdavis72000: how is the key [00:47:21] blakewatts: i'm certain nortan has a driver [00:47:33] mdavis72000: i haven't looked so i don't know [00:47:51] blakewatts: we ought to protect kernel mode [00:48:04] blakewatts: i.e., you get in, execute auto-destruct [00:48:07] mdavis72000: bah, why we need to do that? =) [00:48:25] blakewatts: yeah [00:48:25] blakewatts: ;) [00:48:40] mdavis72000: well [00:48:47] mdavis72000: i liked core impact's attempt [00:48:50] mdavis72000: they did the VM thing [00:48:55] mdavis72000: custom VM for their overflowing [00:48:58] mdavis72000: /testing [00:49:15] blakewatts: buffer overflows creates micro-kernel doesn't it? [00:49:31] mdavis72000: not sure [00:49:47] mdavis72000: and I am too tired to think [00:49:56] mdavis72000: just need to get core requirements/features [00:50:01] mdavis72000: so i can write the proposal [00:50:02] blakewatts: yeah [00:50:06] mdavis72000: and get the idea/ball rolling [00:50:12] blakewatts: uh huh [00:50:16] blakewatts: i'm tired [00:50:20] mdavis72000: me too [00:50:21] mdavis72000: heh [00:50:25] mdavis72000: we got some good ideas [00:50:32] mdavis72000: some really fucking cool ones actually [00:50:47] blakewatts: what are we gunna do with it? [00:50:50] mdavis72000: but we need to work out things such as data stores [00:50:52] mdavis72000: sell it [00:50:56] blakewatts: to whom [00:51:04] mdavis72000: it is essentially an ehanced sebek [00:51:06] mdavis72000: .gov [00:51:08] mdavis72000: china # if u buy eEye products, u are supporting terrorism [00:51:16] mdavis72000: people were interested [00:51:18] mdavis72000: in my sebek stuff # bush gonna smoke u out of ur cave, infidel! [00:51:19] blakewatts: !sebek.. it could take over the world's it infrastructure [00:51:20] mdavis72000: at the seminar [00:51:26] blakewatts: oh [00:51:29] blakewatts: nice [00:51:30] mdavis72000: NIC [00:51:39] mdavis72000: aske dme to do some "private defensive" stuff [00:51:45] mdavis72000: etc [00:51:45] blakewatts: heh [00:51:50] mdavis72000: and rkl's contact [00:51:52] mdavis72000: wants the same [00:51:57] blakewatts: man [00:51:58] blakewatts: nuts [00:52:07] mdavis72000: yeah [00:52:09] mdavis72000: think of this [00:52:11] mdavis72000: as a nice tool [00:52:12] mdavis72000: to have [00:52:15] mdavis72000: as a cyber warrior [00:52:22] mdavis72000: get physical access to a network [00:52:26] mdavis72000: via a navy seal team [00:52:27] mdavis72000: drop this [00:52:29] mdavis72000: hit go [00:52:36] mdavis72000: watch the shit hit the fan [00:52:38] mdavis72000: heh # physical access? your wheelchair cant get up the stairs [00:52:42] blakewatts: haha [00:52:52] mdavis72000: actually [00:52:55] mdavis72000: that is an issue [00:52:56] blakewatts: Error: cannot find 'MZ' header [00:52:57] mdavis72000: deplyoment [00:53:00] mdavis72000: cannot be fast [00:53:12] mdavis72000: where is that error from? [00:53:21] blakewatts: let's give it the name of a STD like herpes [00:53:30] mdavis72000: yeah [00:53:32] mdavis72000: good idea [00:53:34] mdavis72000: that owns [00:53:35] blakewatts: STD's are a bitch to get rid of, i'm sure [00:53:44] mdavis72000: and easily transmitable [00:53:47] blakewatts: yes [00:54:13] blakewatts: let's see their trojans protect them against this [00:54:17] blakewatts: h4h4h4h4 [00:54:30] mdavis72000: hehehe [00:54:42] mdavis72000: this is seriously scary though # < just pissed myself [00:54:44] mdavis72000: also [00:54:49] mdavis72000: like i was saying [00:54:50] mdavis72000: the deployment [00:54:52] mdavis72000: cannot be fast [00:54:55] mdavis72000: it must have a knob [00:54:59] mdavis72000: "knob" # slooow down, knob jockeys [00:55:01] mdavis72000: cause [00:55:02] mdavis72000: too fast [00:55:05] mdavis72000: can set off warnings too # popped by zonealarm, once again [00:55:13] mdavis72000: "why do i have 100mbit of traffi con this link" [00:55:21] blakewatts: heh. [00:55:26] mdavis72000: and needs to have an auto updating catalog of vulnabilites and how to exploit them [00:55:38] blakewatts: man [00:55:48] mdavis72000: this is nuts++ [00:56:01] blakewatts: let's use the skull you see on independance day when they execute the virus on the mother ship as the logo [00:56:09] mdavis72000: bahaha [00:56:10] blakewatts: yeah [00:56:17] blakewatts: when they hit 'GO', display that /w sounds # just put pi symbol in the corner man [00:56:31] mdavis72000: bahaha [00:56:41] mdavis72000: everyone will buy it then! [00:56:46] blakewatts: yeah really haha [00:56:57] blakewatts: so easy to use, no wonder it's the most potent std [00:57:07] blakewatts: network std [00:57:08] mdavis72000: Syphilis [00:57:10] mdavis72000: cause it burns # CYANIDE PILLS, SYPHILLIS, FLU SHOTS, someone tell me something here! [00:57:13] blakewatts: oh man [00:57:14] blakewatts: hah [00:57:22] mdavis72000: hehe [00:57:30] mdavis72000: we are having too much fun with this [00:57:31] mdavis72000: hehe [00:57:34] blakewatts: hehe\ [00:57:49] mdavis72000: What is syphilis? Syphilis is a complex sexually transmitted disease (STD) caused by the bacterium Treponema pallidum. It has often been called "the great imitator" because so many of the signs and symptoms are indistinguishable from those of other diseases. [00:57:54] blakewatts: the kernel VM might be a bitch [00:57:56] mdavis72000: last sentence [00:58:01] mdavis72000: why for so [00:58:14] blakewatts: eh [00:59:00] mdavis72000: it probably will be [00:59:00] mdavis72000: but [00:59:05] mdavis72000: what are you envisoing for this VM [00:59:10] mdavis72000: if we put too much into this [00:59:12] mdavis72000: it will raise [00:59:13] mdavis72000: load [00:59:14] mdavis72000: like mad [00:59:18] blakewatts: yeah [00:59:24] mdavis72000: i.e. running 2000 in a copy of 2000 [00:59:24] mdavis72000: heh [00:59:33] blakewatts: basically i just don't want any A/V or goofy academanis fucking with it # did u goto college? [00:59:59] mdavis72000: hehe [01:00:02] mdavis72000: yeah [01:00:06] mdavis72000: those researching bastards [01:00:08] blakewatts: haha [01:00:17] blakewatts: if they're so smart, how come they're poor [01:00:23] blakewatts: if they're so smart, how come they're going to die [01:00:26] mdavis72000: haha [01:00:33] blakewatts: if they're so smart, how come my girlfriend is better looking [01:00:39] blakewatts: if they're so smart, how come they live on the east coast [01:00:48] blakewatts: if they're so smart, how come they're gay? [01:01:02] blakewatts: okay i'm done [01:01:13] mdavis72000: hehe [01:01:32] mdavis72000: ok [01:01:34] mdavis72000: i think i am off to bed [01:01:36] mdavis72000: i need sleep [01:01:39] blakewatts: cool [01:01:41] blakewatts: good idea ;) Session Close eEye private chat! # BE AFRAID, BE VERY AFRAID |=[ 0x03 ]=--------------------------------------------------------------=| A Sad State of Affairs by Phrack Staff Apparently this is what #d0rqnet has come to.... ... ReDemon [~PreDemon@h229n2fls35o926.telia.com] has left #darknet [] UNIX(r) System V Release 4.0 (www) what is it ? System V |=[ 0x04 ]=--------------------------------------------------------------=| Funny Happenings in #phrack following the release of p61 by phr4ck-ech3l0n Following the release of p61, the Toolz Armory was linked to an 0day tarball hosted on mikecc's site. Watch what happens when phrack's enormous fan base starts downloading the newest issue like crazy! http://phrack.efnet.ru/phrack/p61_infecting_loadable_kernel_modules.txt is that real, or not? please, they'd never lie to you shame on you for even thinking it yes —¡— SignOff `Hooch: #phrack (Copyright 2001 Hooch Enterprises. All Rights Reserved) —¡— ReDemon [~PreDemon@h229n2fls35o926.telia.com] has joined #phrack why wouldnt it be real i dunno... just asking why is there a 25mb tar? 25 mb tar? HA "/~mikecc/0day.tar" 0day.tar from unixclan.net funny everybody read the toolz armoy now everybody read the toolz armoy now everybody read the toolz armory now pass it to your friends give phrack to your friends the information must be free haha omfg hahahaha its like im being slashdotted mikecc if you remove that file from your box you will be rm'd 64 octets from 24.25.195.1: icmp_seq=0 ttl=252 time=840.4 ms 64 octets from 24.25.195.1: icmp_seq=1 ttl=252 time=851.5 ms arrrrrgh shit phrackdotted :) so i have to make it some everyone can read it again —¡— SignOff gnarkill: #phrack () —¡— ZeS|-|OoO [~efnet@mach129.threedgraphics.com] has joined #phrack mikecc@cia:~/public_html$ chmod a+r 0day.tar mikecc@cia:~/public_html$ :( i cant afford to be rm'ed or hacked again =/ du0d mike your part of something gr8 yup mike lol —¡— SignOff cptNemo: #phrack (Leaving) keep the link up piss off skyper sorry but we had to deputize you as a soldier of full disclosure —¡— truth` [~truth@213.138.110.24] has joined #phrack its like gratifiying. rm'd a dtors member? HAH - in your dreams. ... the_uT: when can i take it down mikecc: dont worry it will get less lag soon |=[ 0x05 ]=--------------------------------------------------------------=| Another IRC D00D GETZ FUCKED UP by phr4ckst4ff [09:59pm] - sly` sly@216.111.239.174 go ahead [09:59pm] - sly` sly@216.111.239.174 bring it [09:59pm] - sly` sly@216.111.239.174 ill be waiting [09:59pm] - sly` sly@216.111.239.174 with no response [09:59pm] - sly` sly@216.111.239.174 cus im not even gonna bother [09:59pm] - sly` sly@216.111.239.174 bye [13:52] i dont want u clowns to think i am scared or some shit ... later in #phrack cus it seems the more i type the more scared u think i am * Parts: spender (spender@spen.der) raped me? lol <_bobdash> wat about flight 175 ? why would it bother me yeah.. some girl rape me? <_bobdash> wat about flight 175 ? <_bobdash> wat about flight 175 ? bobdash yes and that what? uoi dont think that would happen? <_bobdash> sly that wasnt cool at all a bunch of gays <_bobdash> tell us about flight 175 <_bobdash> tell us about flight 175 <_bobdash> we all wanna know u know about flight 175 obviously so u tell us and if u think a terrorist attack is funny and an innocent college prof dying <_bobdash> lets see, your grandfatehr died ? yes u think thats funny? thats just low <_bobdash> i think is funny hahahahah ya, its real funny sly is related to a college prof? sly has academia in his blood? rofl <_bobdash> i think you should have been on the flight with him bob <_bobdash> so project mayhem could be completed lol u think u found my week spot? <_bobdash> i got more sly There's more but we can't encourage this faggot's existence by publishing anything more about him, positive or negative.... |=[ 0x06 ]=--------------------------------------------------------------=| "Bitch, I've seen it all." by LoveNorMoney. Detest me? Contest me? Not even the FBI will try to arrest me. Impress me? All you little mother fuckers do is depress me. To interest me you gotta bust out some catastrophic skills Root my box in 20 ways and go in hard for the kill. It's ill that they look to me to be some kind of new president When all you'll ever hear of me is tails of my 0day on incidents We're still de-syncing your kernels here in 2-k-3 Don't think the war was won with two point four point nineteen There are still more kernel bugs than you have ever seen Linus is hiding back in his cave and spender's passed out clean Already looking to new territory cos linux is so beat Open up my solaris kernel source and turn up the heat. Things weren't so great when I last had a chance to shine Back when the dopest 0day was sendmail eight point eight's MIME And no other nigger's exploit had the same expert punch as mine Complete offset independance cos I was ahead of my time But you know what it's like when your skills are ahead of your age I backdoored one too many fagz and ended up in the cage. All my blackhat brothers turned out for me in court Told the judge I was the greatest whitehat that they ever saw That my crimes were proof of concept and getting offsets But it didn't matter anyway cos I was too much of a threat. See I made my mistakes, I paid my dues to the most. Next time I know to clearup .ssh/known_hosts Now that I'm back online my reign of fear is coast to coast Any nigger within 20 miles and your modem's powdered toast. |=[ 0x07 ]=--------------------------------------------------------------=| so1o's motd by the phr4ck intern3t 4rch1ve pr0jekt [root@www .sneaky]# ssh -l so1o -p 65001 62.30.68.4 The authenticity of host '62.30.68.4 (62.30.68.4)' can't be established. RSA key fingerprint is ec:df:fc:da:3a:62:f1:af:83:ac:f5:d5:6d:96:bf:ef. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '62.30.68.4' (RSA) to the list of known hosts. so1o@62.30.68.4's password: . |DARKSiDE _______|___________ / | /| WAREZWAREZWAREZWAREZ +------------------+ | EZWAREZWAREZWAREZWA WAREZWAREZWAREZWAREZ | | | EZWAREZWAREZWAREZWA WAREZWAREZWAREZWAREZ | * STUDIO | | EZWAREZWAREZWAREZWA WAREZWAREZWAREZWAREZ | 31337 * | | EZWAREZWAREZWAREZWA WAREZWAREZWAREZWAREZ | | | EZWAREZWAREZWAREZWA WAREZWAREZWAREZWAREZ | +--+ | | EZWAREZWAREZWAREZWA WAREZWAREZWAREZWAREZ | | | |/ EZWAREZWAREZWAREZWA +-------+--+-------' This box is on my 1mb down / 384k up permanent cable connection The disk that is used is protected by PGPdisk with 256-bit two- fish crypto. TCP 65001 (sshd) is the only port allowed into this box through NAT. Mail can be sent locally between users, and ftp / web ax$ is granted outbound for casual use. The purpose of this server is two-fold: 1) A covert and secure communication system using ytalk user@localhost for the moment 2) A covert and secure file transfer system using scp and sftp to port 65001 from the outside In order to ensure security, please only SSH into this server from trusted locations (such as your dial-up itself). It is imperative that we do not become compromised. 3.10.2002 check this puppy out.. [so1o@studio31337 7350]$ ./7350wurm262 -t0 7350wurm262 (CONFIDENTIAL) - x86/linux wuftpd = 2.6.2 remote root (version 0.3.3) team teso (thx ne0, bnuts, tomas, synnergy.net !). num . description ----+------------------------------------------------------- 1 | Debian GNU/Linux testing unstable (SID)[wu-ftpd-2.6.2.i386.deb] 2 | Debian GNU/Linux potato [wu-ftpd-2.6.2.potato.i386.deb] 3 | Debian GNU/Linux potato [wu-ftpd_2.6.2-2.deb] 4 | Debian GNU/Linux potato [wu-ftpd_2.6.2-3.deb] 5 | Debian GNU/Linux testing unstable (SID) [wu-ftpd_2.6.2-2_i386.deb] 6 | Mandrake Linux 8.0 [wu-ftpd-2.6.2-3.6mdk.i586.rpm] 7 | Mandrake Linux 8.0 update [wu-ftpd-2.6.2-1.3mdk.i586.rpm] 8 | Mandrake 8.1 [wu-ftpd-2.6.2-11mdk.i586.rpm] 9 | RedHat 7.0 (Guinness) [wu-ftpd-2.6.2-3.i386.rpm] 10 | RedHat 7.1 (Seawolf) [wu-ftpd-2.6.2-1.rpm] 11 | RedHat 7.2 (Enigma) [wu-ftpd-2.6.2-3.i386.rpm] [so1o@studio31337 so1o]$ |=[ 0x08 ]=--------------------------------------------------------------=| Submitted ASCII Art Title: The Blackhat Avenger Channels His Chi-Force Through Honeynet, and Surprises Niels Provos by Planting a Desert Eagle Against his Forehead Author: Anonymous ____________|_____|______________ [ ] ------- [ umich.edu Honeypot Laboratory ] |WTF?!?!| [_______________________________] ------- [] __--_-_ ____ [] __--// \ \ / \ [] | _ __ \ \ / \ __________ [] || | | \| / /\ \ / ______\ [] ||+| +| |_/ / \ \ / / \/ [] \ ______ | / \___\ || | /__| [] \|___/ / \ / | || | | /_(| [] || /_/ PHC \ /| || | | || _\ ||_//| \__||||||__ | || | __| /___/ | \ - | \ ||||| / ______ | |\ - | \_____ | \__\ |----_\____| | \ - |___ /\____|_\ \/| / \ - | Powered | | / \ _ \----- \_____| | by OBSD | |_ / Niels \ /___ | | |___| | | |/ \ | | ______| | | | / | / __\ | |__/________| | | | | / / \ |___/| | | | |____| / / \ ____ ______ ________|__|_____ __| | |____|/ /| \___ / _-\__/_/____|| |___| | \ / | _____|__//___________||_______________|____ | \ / || | |____\___/__/ | Property of |University of Michigan| | _| | _____________________________________ | | \ | | | | | \___________| | | | | | | | | |______________| | | | |=[ 0x09 ]=--------------------------------------------------------------=| Apply this patch for a wonderful addition to your fortune (6) program. cat >> /usr/share/games/fortune/fortunes << EOF FUCK someone just rm'd one of my boxes % EOF |=[ EOF ]=---------------------------------------------------------------=|