I think its just a bruteforce.
On 6/6/11, Andreas Bogk <andr...@andreas.org> wrote: > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011: >> Lulzsec == pwnt > > I've seen the log you pasted to pastebin. Is this: > > * A timing attack on ssh passwords over the net? > * Fake, to distract us from your real 0day? > > Andreas > > Log: > > root@gibson:~# ./1337hax0r 204.188.219.88 -root > Attempting too hax0r root password on 204.188.219.88 > > h,VhXz<avMm > 3xL<l1-_\wC > ffsakTgyc~H > ZZrz,pJrg<B > b{4Bv_Y$$Z6 > XDh;vDU-;3> > FB-hvg%g_'t > }qHNvkS"'>g > RNBKvUi5yO| > z`(}v<1^>u& > *V4?vh9#^f2 > /R*9vf<h"Z# > 9P65vjKhh.N > \rfsv~PhNDz >>Bfpv|uhGpy > J%"kvf]hGf0 > sY0"v{2hf7p >>9dev%Qh6_v > *<Tbv7?h.** > }:lkvV^hN2U > ;&5Xv'Sh#}_ > MOqpvi_hg+# > Md9/viVh&u7 > M(%rvomhb'" > MI"5v_shEVe > M=@?vl.hZge > MPk5v:WhUTe > M=3vvrzh7Te > M&'?v]sh`Te > M/Z,vI1h`Te > M.9>vO$hTTe > Ms!(vY;hpTe > MA)SvYLhnTe > M7eCv@Lh0Te > MkeCvFLh$Te > M'eCv?LhaTe > M&eCvLLh|Te > M*eCv5Lh\Te > MmeCvcLhCTe > MTeCv&LhrTe > M,eCv1LhYTe > MEeCv}LhHTe > M_eCvSLhnTe > MPeCvSLh+Te > M[eCvSLh,Te > MOeCvSLh"Te > M7eCvSLh"Te > MGeCvSLhdTe > M$eCvSLhkTe > MCeCvSLhkTe > MLeCvSLhkTe > M=eCvSLhkTe > M-eCvSLhkTe > MweCvSLhkTe > M=eCvSLhkTe > M3eCvSLhkTe > M6eCvSLhkTe > MreCvSLhkTe > M6eCvSLhkTe > MFeCvSLhkTe > MSeCvSLhkTe > M8eCvSLhkTe > > Password hax0rd! root password: M8eCvSLhkTe > > root@gibson:~# ssh 204.188.219.88 > > root@204.188.219.88's password: > > root@xyz:~# hostname; id; w > xyz > uid=0(root) gid=0(root) groups=0(root) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/