[Full-disclosure] LulzSec EXPOSED!

[lulzfail]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Lulzsec == pwnt

logs taken from their "priv8" irc server

http://www.mediafire.com/?fizwcbbyu6pyl8d

Some gems:

May 31 11:58:25 *   Topic for #pure-elite is: [pE] security
research and development. | PRIV8!PRIV8!PRIV8! No leaks, no vanity.
Everything stays here. | work with trollpoll on .es targets. MSG
him for infos. google search site:gob.es for fun
May 31 11:58:25 *   Topic for #pure-elite set by
Sabu!s...@netadmin.operationfreedom.ru at Wed May 25 16:25:57 2011


Jun 04 17:27:26everyone leave ED IRC
Jun 04 17:27:35this is serious, military hackers trying
to hack us
Jun 04 17:27:37don't stay there
Jun 04 17:28:17   i propose Operation:/b/ackraid
Jun 04 17:28:23   we need .mil targets

Jun 04 17:16:27already sent kayla money for bots,
sending Sabu money for servers when he wants it
Jun 04 17:16:30we have 500USD in donations


Jun 04 17:03:49   4-6-2011 23:03:30  : SENT CONTROL
[server]: 'PUSH_REQUEST' (status=1)
Jun 04 17:03:50   after this
Jun 04 17:03:54   it just starts using an entire CPU core
Jun 04 17:03:58   crash shit
Jun 04 17:04:01   use more and more memory
Jun 04 17:04:04   and not connect to the VPN

Jun 01 02:26:46  still looking for an rfi/lfi bot :p
Jun 01 02:28:30i've got one lol :D with google bypass, if
the bypass still works xD
Jun 01 02:28:52but it's on a USB but i think the USB might
be infected xD
Jun 01 02:29:04so im scared to plug it in xD


Jun 01 03:13:18well A) they are a bunch of
asshats, B) Jester is a fucktard who *everyone* would want to
destroy, C) Apache 0day, D) Adrian needs a spanking
Jun 01 03:13:29   E) bring the lulz
Jun 01 03:13:30   :D
Jun 01 03:13:35yes, that too
Jun 01 03:14:44ah wait that was Adrian Chen
sending us those insulting tweets
Jun 01 03:14:47both losers
Jun 01 03:15:14  i like C most of all
Jun 01 03:15:15  ;x
Jun 01 03:15:17he tried to arrange an interview
with LulzSec, told him to fuck off before Gawker gets rooted


BTW, one of them is already in FBI custody, and the rest are
probably about to follow him
(that one being Robert Cavanaugh of NY State, alias xyz, alias ev0)
see his pictures here: http://89.248.164.63/dox/xyz/
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 3.0

wsBcBAEBAgAGBQJN7HYtAAoJEP/vVbdQCraFfRYH/j63Zcpy2xXzzBoQoDgSbxSbF98p
ZKpSAMTcp5I7JVfeCcxGW5QKPmJWpOc8iw4/CJ1SqldJR6QxNO9mGKRdeSQZwuKvNoya
Ie79mrNxGs3lc/uVcaRFHIzkEFf+nFfm4932u7bXYXHWGL4vIOGNZtEKw+pwg0s2ZNBb
m2hepJgZ9tD4H89BlP31r5AyVLnYa7FK2VR0zKF5qYLvxh5/G5lwNYCQg8GfBPp8YAS+
Gb21ixRZiBoASykOgImb9Gn+yRjx6O/J/bnn5GnvsDnNCIeXNSedEt5vVnZmfjh/lPyE
3ilVj6ubLoRQW+wx2j70fYi1Kj2Z4mY4KS48I4kzOug=
=nOM7
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Andreas Bogk]

Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
> Lulzsec == pwnt

I've seen the log you pasted to pastebin.  Is this:

 * A timing attack on ssh passwords over the net?
 * Fake, to distract us from your real 0day?

Andreas

Log:

root@gibson:~# ./1337hax0r 204.188.219.88 -root
Attempting too hax0r root password on 204.188.219.88
 
h,VhXz
FB-hvg%g_'t
}qHNvkS"'>g
RNBKvUi5yO|
z`(}v<1^>u&
*V4?vh9#^f2
/R*9vfBfpv|uhGpy
J%"kvf]hGf0
sY0"v{2hf7p
>9dev%Qh6_v
*vO$hTTe
Ms!(vY;hpTe
MA)SvYLhnTe
M7eCv@Lh0Te
MkeCvFLh$Te
M'eCv?LhaTe
M&eCvLLh|Te
M*eCv5Lh\Te
MmeCvcLhCTe
MTeCv&LhrTe
M,eCv1LhYTe
MEeCv}LhHTe
M_eCvSLhnTe
MPeCvSLh+Te
M[eCvSLh,Te
MOeCvSLh"Te
M7eCvSLh"Te
MGeCvSLhdTe
M$eCvSLhkTe
MCeCvSLhkTe
MLeCvSLhkTe
M=eCvSLhkTe
M-eCvSLhkTe
MweCvSLhkTe
M=eCvSLhkTe
M3eCvSLhkTe
M6eCvSLhkTe
MreCvSLhkTe
M6eCvSLhkTe
MFeCvSLhkTe
MSeCvSLhkTe
M8eCvSLhkTe
 
Password hax0rd! root password: M8eCvSLhkTe
 
root@gibson:~# ssh 204.188.219.88
 
root@204.188.219.88's password:
 
root@xyz:~# hostname; id; w
xyz
uid=0(root) gid=0(root) groups=0(root)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Gichuki John Chuksjonia]

I think its just a bruteforce.




On 6/6/11, Andreas Bogk  wrote:
> Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>> Lulzsec == pwnt
>
> I've seen the log you pasted to pastebin.  Is this:
>
>  * A timing attack on ssh passwords over the net?
>  * Fake, to distract us from your real 0day?
>
> Andreas
>
> Log:
>
> root@gibson:~# ./1337hax0r 204.188.219.88 -root
> Attempting too hax0r root password on 204.188.219.88
>
> h,VhXz 3xL ffsakTgyc~H
> ZZrz,pJrg b{4Bv_Y$$Z6
> XDh;vDU-;3>
> FB-hvg%g_'t
> }qHNvkS"'>g
> RNBKvUi5yO|
> z`(}v<1^>u&
> *V4?vh9#^f2
> /R*9vf 9P65vjKhh.N
> \rfsv~PhNDz
>>Bfpv|uhGpy
> J%"kvf]hGf0
> sY0"v{2hf7p
>>9dev%Qh6_v
> * }:lkvV^hN2U
> ;&5Xv'Sh#}_
> MOqpvi_hg+#
> Md9/viVh&u7
> M(%rvomhb'"
> MI"5v_shEVe
> M=@?vl.hZge
> MPk5v:WhUTe
> M=3vvrzh7Te
> M&'?v]sh`Te
> M/Z,vI1h`Te
> M.9>vO$hTTe
> Ms!(vY;hpTe
> MA)SvYLhnTe
> M7eCv@Lh0Te
> MkeCvFLh$Te
> M'eCv?LhaTe
> M&eCvLLh|Te
> M*eCv5Lh\Te
> MmeCvcLhCTe
> MTeCv&LhrTe
> M,eCv1LhYTe
> MEeCv}LhHTe
> M_eCvSLhnTe
> MPeCvSLh+Te
> M[eCvSLh,Te
> MOeCvSLh"Te
> M7eCvSLh"Te
> MGeCvSLhdTe
> M$eCvSLhkTe
> MCeCvSLhkTe
> MLeCvSLhkTe
> M=eCvSLhkTe
> M-eCvSLhkTe
> MweCvSLhkTe
> M=eCvSLhkTe
> M3eCvSLhkTe
> M6eCvSLhkTe
> MreCvSLhkTe
> M6eCvSLhkTe
> MFeCvSLhkTe
> MSeCvSLhkTe
> M8eCvSLhkTe
>
> Password hax0rd! root password: M8eCvSLhkTe
>
> root@gibson:~# ssh 204.188.219.88
>
> root@204.188.219.88's password:
>
> root@xyz:~# hostname; id; w
> xyz
> uid=0(root) gid=0(root) groups=0(root)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
-- 
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[T Biehn]

LOL @
"A timing attack on ssh passwords over the net?"

and

"I think its just a bruteforce."

-Travis

On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia <
chuksjo...@gmail.com> wrote:

> I think its just a bruteforce.
>
>
>
>
> On 6/6/11, Andreas Bogk  wrote:
> > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
> >> Lulzsec == pwnt
> >
> > I've seen the log you pasted to pastebin.  Is this:
> >
> >  * A timing attack on ssh passwords over the net?
> >  * Fake, to distract us from your real 0day?
> >
> > Andreas
> >
> > Log:
> >
> > root@gibson:~# ./1337hax0r 204.188.219.88 -root
> > Attempting too hax0r root password on 204.188.219.88
> >
> > h,VhXz > 3xL > ffsakTgyc~H
> > ZZrz,pJrg > b{4Bv_Y$$Z6
> > XDh;vDU-;3>
> > FB-hvg%g_'t
> > }qHNvkS"'>g
> > RNBKvUi5yO|
> > z`(}v<1^>u&
> > *V4?vh9#^f2
> > /R*9vf > 9P65vjKhh.N
> > \rfsv~PhNDz
> >>Bfpv|uhGpy
> > J%"kvf]hGf0
> > sY0"v{2hf7p
> >>9dev%Qh6_v
> > * > }:lkvV^hN2U
> > ;&5Xv'Sh#}_
> > MOqpvi_hg+#
> > Md9/viVh&u7
> > M(%rvomhb'"
> > MI"5v_shEVe
> > M=@?vl.hZge
> > MPk5v:WhUTe
> > M=3vvrzh7Te
> > M&'?v]sh`Te
> > M/Z,vI1h`Te
> > M.9>vO$hTTe
> > Ms!(vY;hpTe
> > MA)SvYLhnTe
> > M7eCv@Lh0Te
> > MkeCvFLh$Te
> > M'eCv?LhaTe
> > M&eCvLLh|Te
> > M*eCv5Lh\Te
> > MmeCvcLhCTe
> > MTeCv&LhrTe
> > M,eCv1LhYTe
> > MEeCv}LhHTe
> > M_eCvSLhnTe
> > MPeCvSLh+Te
> > M[eCvSLh,Te
> > MOeCvSLh"Te
> > M7eCvSLh"Te
> > MGeCvSLhdTe
> > M$eCvSLhkTe
> > MCeCvSLhkTe
> > MLeCvSLhkTe
> > M=eCvSLhkTe
> > M-eCvSLhkTe
> > MweCvSLhkTe
> > M=eCvSLhkTe
> > M3eCvSLhkTe
> > M6eCvSLhkTe
> > MreCvSLhkTe
> > M6eCvSLhkTe
> > MFeCvSLhkTe
> > MSeCvSLhkTe
> > M8eCvSLhkTe
> >
> > Password hax0rd! root password: M8eCvSLhkTe
> >
> > root@gibson:~# ssh 204.188.219.88
> >
> > root@204.188.219.88's password:
> >
> > root@xyz:~# hostname; id; w
> > xyz
> > uid=0(root) gid=0(root) groups=0(root)
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> --
> --
> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
> I.T Security Analyst and Penetration Tester
> jgichuki at inbox d0t com
>
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://chuksjonia.blogspot.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Benji]

http://89.248.164.63/dox/xyz/20.png

look at the picture.

On Mon, Jun 6, 2011 at 2:26 PM, T Biehn  wrote:

> LOL @
> "A timing attack on ssh passwords over the net?"
>
> and
>
>
> "I think its just a bruteforce."
>
> -Travis
>
>
> On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia <
> chuksjo...@gmail.com> wrote:
>
>> I think its just a bruteforce.
>>
>>
>>
>>
>> On 6/6/11, Andreas Bogk  wrote:
>> > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>> >> Lulzsec == pwnt
>> >
>> > I've seen the log you pasted to pastebin.  Is this:
>> >
>> >  * A timing attack on ssh passwords over the net?
>> >  * Fake, to distract us from your real 0day?
>> >
>> > Andreas
>> >
>> > Log:
>> >
>> > root@gibson:~# ./1337hax0r 204.188.219.88 -root
>> > Attempting too hax0r root password on 204.188.219.88
>> >
>> > h,VhXz> > 3xL> > ffsakTgyc~H
>> > ZZrz,pJrg> > b{4Bv_Y$$Z6
>> > XDh;vDU-;3>
>> > FB-hvg%g_'t
>> > }qHNvkS"'>g
>> > RNBKvUi5yO|
>> > z`(}v<1^>u&
>> > *V4?vh9#^f2
>> > /R*9vf> > 9P65vjKhh.N
>> > \rfsv~PhNDz
>> >>Bfpv|uhGpy
>> > J%"kvf]hGf0
>> > sY0"v{2hf7p
>> >>9dev%Qh6_v
>> > *> > }:lkvV^hN2U
>> > ;&5Xv'Sh#}_
>> > MOqpvi_hg+#
>> > Md9/viVh&u7
>> > M(%rvomhb'"
>> > MI"5v_shEVe
>> > M=@?vl.hZge
>> > MPk5v:WhUTe
>> > M=3vvrzh7Te
>> > M&'?v]sh`Te
>> > M/Z,vI1h`Te
>> > M.9>vO$hTTe
>> > Ms!(vY;hpTe
>> > MA)SvYLhnTe
>> > M7eCv@Lh0Te
>> > MkeCvFLh$Te
>> > M'eCv?LhaTe
>> > M&eCvLLh|Te
>> > M*eCv5Lh\Te
>> > MmeCvcLhCTe
>> > MTeCv&LhrTe
>> > M,eCv1LhYTe
>> > MEeCv}LhHTe
>> > M_eCvSLhnTe
>> > MPeCvSLh+Te
>> > M[eCvSLh,Te
>> > MOeCvSLh"Te
>> > M7eCvSLh"Te
>> > MGeCvSLhdTe
>> > M$eCvSLhkTe
>> > MCeCvSLhkTe
>> > MLeCvSLhkTe
>> > M=eCvSLhkTe
>> > M-eCvSLhkTe
>> > MweCvSLhkTe
>> > M=eCvSLhkTe
>> > M3eCvSLhkTe
>> > M6eCvSLhkTe
>> > MreCvSLhkTe
>> > M6eCvSLhkTe
>> > MFeCvSLhkTe
>> > MSeCvSLhkTe
>> > M8eCvSLhkTe
>> >
>> > Password hax0rd! root password: M8eCvSLhkTe
>> >
>> > root@gibson:~# ssh 204.188.219.88
>> >
>> > root@204.188.219.88's password:
>> >
>> > root@xyz:~# hostname; id; w
>> > xyz
>> > uid=0(root) gid=0(root) groups=0(root)
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>> jgichuki at inbox d0t com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://chuksjonia.blogspot.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[vtlists]

Gichuki John Chuksjonia writes:

> I think its just a bruteforce.

If so, why would they repeat already tested hashes?
See first and last line of the cited block below 
(and another one starting with M6... a bit later)?  

>> M=eCvSLhkTe
>> M-eCvSLhkTe
>> MweCvSLhkTe
>> M=eCvSLhkTe

As Logins usually do not keep an internal state, repeats should not be 
necessary to reproduce such one. 
Strange...

Volker


> On 6/6/11, Andreas Bogk  wrote:
>> Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>>> Lulzsec == pwnt
>>
>> I've seen the log you pasted to pastebin.  Is this:
>>
>>  * A timing attack on ssh passwords over the net?
>>  * Fake, to distract us from your real 0day?
>>
>> Andreas
>>
>> Log:
>>
>> root@gibson:~# ./1337hax0r 204.188.219.88 -root
>> Attempting too hax0r root password on 204.188.219.88
>>
>> h,VhXz> 3xL> ffsakTgyc~H
>> ZZrz,pJrg> b{4Bv_Y$$Z6
>> XDh;vDU-;3>
>> FB-hvg%g_'t
>> }qHNvkS"'>g
>> RNBKvUi5yO|
>> z`(}v<1^>u&
>> *V4?vh9#^f2
>> /R*9vf> 9P65vjKhh.N
>> \rfsv~PhNDz
>>>Bfpv|uhGpy
>> J%"kvf]hGf0
>> sY0"v{2hf7p
>>>9dev%Qh6_v
>> *> }:lkvV^hN2U
>> ;&5Xv'Sh#}_
>> MOqpvi_hg+#
>> Md9/viVh&u7
>> M(%rvomhb'"
>> MI"5v_shEVe
>> M=@?vl.hZge
>> MPk5v:WhUTe
>> M=3vvrzh7Te
>> M&'?v]sh`Te
>> M/Z,vI1h`Te
>> M.9>vO$hTTe
>> Ms!(vY;hpTe
>> MA)SvYLhnTe
>> M7eCv@Lh0Te
>> MkeCvFLh$Te
>> M'eCv?LhaTe
>> M&eCvLLh|Te
>> M*eCv5Lh\Te
>> MmeCvcLhCTe
>> MTeCv&LhrTe
>> M,eCv1LhYTe
>> MEeCv}LhHTe
>> M_eCvSLhnTe
>> MPeCvSLh+Te
>> M[eCvSLh,Te
>> MOeCvSLh"Te
>> M7eCvSLh"Te
>> MGeCvSLhdTe
>> M$eCvSLhkTe
>> MCeCvSLhkTe
>> MLeCvSLhkTe
>> M=eCvSLhkTe
>> M-eCvSLhkTe
>> MweCvSLhkTe
>> M=eCvSLhkTe
>> M3eCvSLhkTe
>> M6eCvSLhkTe
>> MreCvSLhkTe
>> M6eCvSLhkTe
>> MFeCvSLhkTe
>> MSeCvSLhkTe
>> M8eCvSLhkTe
>>
>> Password hax0rd! root password: M8eCvSLhkTe
>>
>> root@gibson:~# ssh 204.188.219.88
>>
>> root@204.188.219.88's password:
>>
>> root@xyz:~# hostname; id; w
>> xyz
>> uid=0(root) gid=0(root) groups=0(root)
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> 
> 
> -- 
> -- 
> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
> I.T Security Analyst and Penetration Tester
> jgichuki at inbox d0t com
> 
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://chuksjonia.blogspot.com/
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Andreas Bogk]

Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011:
> http://89.248.164.63/dox/xyz/20.png

Ah, that's a much saner explanation. :)

Andreas

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Benji]

(picture found by looking through dir)

On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk  wrote:

> Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011:
> > http://89.248.164.63/dox/xyz/20.png
>
> Ah, that's a much saner explanation. :)
>
> Andreas
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Steve Clement]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Jun 6, 2011, at 1:58 PM, Gichuki John Chuksjonia wrote:

> I think its just a bruteforce.


Lesson 1 Kids, no remote root accounts enabled by default.
Lesson 2, No Password Authentication enabled remotely
Lessen 3, man ssh-keygen

cheers,

- -- 
Steve Clement
https://www.twitter.com/SteveClement
mailto:st...@localhost.lu
.lu: +352 20 333 55 65

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJN7MscAAoJEGmiD1Cb5K7pDqIP/RP66Xs1idF2tRhuDJONYeU7
BFBMEsz03bJEAtSVPavylY7UItkw90m+TkZyqa5XpdS/IjH57gjUtalsgMyG3qWk
vytyU5X70jFNjv63eOM2b5GWbzkSoBTrmLxlR/+je1EoXs4oUJLZbKWCzg0dk1hL
jGDQ8G4YpFXZ3NEtzLujrOkyZIXMqlVhoM2FCtK28rEc6ArLVN/176vwbtY0ZHfa
gLp8jv0RCsSnJBrru7YgS9GAzB7qvbYH+1HXCdk1aiSSF7U1U6lkyAqM+UZI8n+F
LCapCMdlrEdILNgiGVyrCUkHdGmjBmMsbq6lepDffqJk96jrjD9cwS8dQ7X/BI5h
0LAV4FunmrV+GHqAVMbKvHUM03higm1TV+LbVheex289Kxvu7fJaiKTKxWwbJ8yv
hSb1yL0KmDJXlyhmYAXr+PfE8esx9OZJkImrhijR2beYHeN469pHF7bqmskBswD9
HjIto2VGzpL0PAMS1IZcW/f6RyuigjxIUJXG1A1GJPwejBnx+8R8TLxEvXN1eM37
sERQCI1zjYZBUZ7ucDxuszMJXNBJ72VBieIP3wzTEqvy12WnOLSM0sh0RzD3Fm49
EZYuP2T1SPuE7U0+5JWSTFluDsEPi4fXKR/dNFBqh3BLIu7QcBhxOvOPW5NeBYTT
lV9U2W6aj5uTuiL2212H
=YnX7
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[T Biehn]

Will you be presenting at BlackHat?

-Travis

On Mon, Jun 6, 2011 at 9:57 AM, Benji  wrote:

> (picture found by looking through dir)
>
>
> On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk  wrote:
>
>> Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011:
>> > http://89.248.164.63/dox/xyz/20.png
>>
>> Ah, that's a much saner explanation. :)
>>
>> Andreas
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Benji]

Possibly.


On Mon, Jun 6, 2011 at 2:58 PM, T Biehn  wrote:

> Will you be presenting at BlackHat?
>
> -Travis
>
>
> On Mon, Jun 6, 2011 at 9:57 AM, Benji  wrote:
>
>> (picture found by looking through dir)
>>
>>
>> On Mon, Jun 6, 2011 at 2:54 PM, Andreas Bogk  wrote:
>>
>>> Excerpts from Benji's message of Mo Jun 06 15:32:11 +0200 2011:
>>> > http://89.248.164.63/dox/xyz/20.png
>>>
>>> Ah, that's a much saner explanation. :)
>>>
>>> Andreas
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[hoaxxxx]

hoax

these 'dox' were dropped months/yrs ago:

http://pastebin.com/mmvBT7n5 (May 13th, 2011)
boards.808chan.org/fail/res/263.html (2010)

try again

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Jen Savage]

ooo ooo speculation time!

- Hacker creates website that offers "free online password management"
- in javascript
- bugdoors it
- collects passwords
- uses passwords

TL;DR: over 9000 lulz were had

-Jen

On Mon, Jun 6, 2011 at 8:26 AM, T Biehn  wrote:
> LOL @
> "A timing attack on ssh passwords over the net?"
>
> and
>
> "I think its just a bruteforce."
>
> -Travis
>
> On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia
>  wrote:
>>
>> I think its just a bruteforce.
>>
>>
>>
>>
>> On 6/6/11, Andreas Bogk  wrote:
>> > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>> >> Lulzsec == pwnt
>> >
>> > I've seen the log you pasted to pastebin.  Is this:
>> >
>> >  * A timing attack on ssh passwords over the net?
>> >  * Fake, to distract us from your real 0day?
>> >
>> > Andreas
>> >
>> > Log:
>> >
>> > root@gibson:~# ./1337hax0r 204.188.219.88 -root
>> > Attempting too hax0r root password on 204.188.219.88
>> >
>> > h,VhXz> > 3xL> > ffsakTgyc~H
>> > ZZrz,pJrg> > b{4Bv_Y$$Z6
>> > XDh;vDU-;3>
>> > FB-hvg%g_'t
>> > }qHNvkS"'>g
>> > RNBKvUi5yO|
>> > z`(}v<1^>u&
>> > *V4?vh9#^f2
>> > /R*9vf> > 9P65vjKhh.N
>> > \rfsv~PhNDz
>> >>Bfpv|uhGpy
>> > J%"kvf]hGf0
>> > sY0"v{2hf7p
>> >>9dev%Qh6_v
>> > *> > }:lkvV^hN2U
>> > ;&5Xv'Sh#}_
>> > MOqpvi_hg+#
>> > Md9/viVh&u7
>> > M(%rvomhb'"
>> > MI"5v_shEVe
>> > M=@?vl.hZge
>> > MPk5v:WhUTe
>> > M=3vvrzh7Te
>> > M&'?v]sh`Te
>> > M/Z,vI1h`Te
>> > M.9>vO$hTTe
>> > Ms!(vY;hpTe
>> > MA)SvYLhnTe
>> > M7eCv@Lh0Te
>> > MkeCvFLh$Te
>> > M'eCv?LhaTe
>> > M&eCvLLh|Te
>> > M*eCv5Lh\Te
>> > MmeCvcLhCTe
>> > MTeCv&LhrTe
>> > M,eCv1LhYTe
>> > MEeCv}LhHTe
>> > M_eCvSLhnTe
>> > MPeCvSLh+Te
>> > M[eCvSLh,Te
>> > MOeCvSLh"Te
>> > M7eCvSLh"Te
>> > MGeCvSLhdTe
>> > M$eCvSLhkTe
>> > MCeCvSLhkTe
>> > MLeCvSLhkTe
>> > M=eCvSLhkTe
>> > M-eCvSLhkTe
>> > MweCvSLhkTe
>> > M=eCvSLhkTe
>> > M3eCvSLhkTe
>> > M6eCvSLhkTe
>> > MreCvSLhkTe
>> > M6eCvSLhkTe
>> > MFeCvSLhkTe
>> > MSeCvSLhkTe
>> > M8eCvSLhkTe
>> >
>> > Password hax0rd! root password: M8eCvSLhkTe
>> >
>> > root@gibson:~# ssh 204.188.219.88
>> >
>> > root@204.188.219.88's password:
>> >
>> > root@xyz:~# hostname; id; w
>> > xyz
>> > uid=0(root) gid=0(root) groups=0(root)
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>> jgichuki at inbox d0t com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://chuksjonia.blogspot.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[McGhee, Eddie]

Lol wtf is a bugdoor hahaha 

-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk 
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Jen Savage
Sent: 07 June 2011 00:09
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] LulzSec EXPOSED!

ooo ooo speculation time!

- Hacker creates website that offers "free online password management"
- in javascript
- bugdoors it
- collects passwords
- uses passwords

TL;DR: over 9000 lulz were had

-Jen

On Mon, Jun 6, 2011 at 8:26 AM, T Biehn  wrote:
> LOL @
> "A timing attack on ssh passwords over the net?"
>
> and
>
> "I think its just a bruteforce."
>
> -Travis
>
> On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia 
>  wrote:
>>
>> I think its just a bruteforce.
>>
>>
>>
>>
>> On 6/6/11, Andreas Bogk  wrote:
>> > Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>> >> Lulzsec == pwnt
>> >
>> > I've seen the log you pasted to pastebin.  Is this:
>> >
>> >  * A timing attack on ssh passwords over the net?
>> >  * Fake, to distract us from your real 0day?
>> >
>> > Andreas
>> >
>> > Log:
>> >
>> > root@gibson:~# ./1337hax0r 204.188.219.88 -root Attempting too 
>> > hax0r root password on 204.188.219.88
>> >
>> > h,VhXz> > 3xL> > ffsakTgyc~H
>> > ZZrz,pJrg> > b{4Bv_Y$$Z6
>> > XDh;vDU-;3>
>> > FB-hvg%g_'t
>> > }qHNvkS"'>g
>> > RNBKvUi5yO|
>> > z`(}v<1^>u&
>> > *V4?vh9#^f2
>> > /R*9vf> > 9P65vjKhh.N
>> > \rfsv~PhNDz
>> >>Bfpv|uhGpy
>> > J%"kvf]hGf0
>> > sY0"v{2hf7p
>> >>9dev%Qh6_v
>> > *> > }:lkvV^hN2U
>> > ;&5Xv'Sh#}_
>> > MOqpvi_hg+#
>> > Md9/viVh&u7
>> > M(%rvomhb'"
>> > MI"5v_shEVe
>> > M=@?vl.hZge
>> > MPk5v:WhUTe
>> > M=3vvrzh7Te
>> > M&'?v]sh`Te
>> > M/Z,vI1h`Te
>> > M.9>vO$hTTe
>> > Ms!(vY;hpTe
>> > MA)SvYLhnTe
>> > M7eCv@Lh0Te
>> > MkeCvFLh$Te
>> > M'eCv?LhaTe
>> > M&eCvLLh|Te
>> > M*eCv5Lh\Te
>> > MmeCvcLhCTe
>> > MTeCv&LhrTe
>> > M,eCv1LhYTe
>> > MEeCv}LhHTe
>> > M_eCvSLhnTe
>> > MPeCvSLh+Te
>> > M[eCvSLh,Te
>> > MOeCvSLh"Te
>> > M7eCvSLh"Te
>> > MGeCvSLhdTe
>> > M$eCvSLhkTe
>> > MCeCvSLhkTe
>> > MLeCvSLhkTe
>> > M=eCvSLhkTe
>> > M-eCvSLhkTe
>> > MweCvSLhkTe
>> > M=eCvSLhkTe
>> > M3eCvSLhkTe
>> > M6eCvSLhkTe
>> > MreCvSLhkTe
>> > M6eCvSLhkTe
>> > MFeCvSLhkTe
>> > MSeCvSLhkTe
>> > M8eCvSLhkTe
>> >
>> > Password hax0rd! root password: M8eCvSLhkTe
>> >
>> > root@gibson:~# ssh 204.188.219.88
>> >
>> > root@204.188.219.88's password:
>> >
>> > root@xyz:~# hostname; id; w
>> > xyz
>> > uid=0(root) gid=0(root) groups=0(root)
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst 
>> and Penetration Tester jgichuki at inbox d0t com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://chuksjonia.blogspot.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C 
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint
> =on
> http://pastebin.com/f6fd606da
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!

[Andrew D Kirch]

A back door with s***ty code

On 6/9/2011 4:43 AM, McGhee, Eddie wrote:
> Lol wtf is a bugdoor hahaha
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk 
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Jen Savage
> Sent: 07 June 2011 00:09
> To: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] LulzSec EXPOSED!
>
> ooo ooo speculation time!
>
> - Hacker creates website that offers "free online password management"
> - in javascript
> - bugdoors it
> - collects passwords
> - uses passwords
>
> TL;DR: over 9000 lulz were had
>
> -Jen
>
> On Mon, Jun 6, 2011 at 8:26 AM, T Biehn  wrote:
>> LOL @
>> "A timing attack on ssh passwords over the net?"
>>
>> and
>>
>> "I think its just a bruteforce."
>>
>> -Travis
>>
>> On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia
>>   wrote:
>>> I think its just a bruteforce.
>>>
>>>
>>>
>>>
>>> On 6/6/11, Andreas Bogk  wrote:
>>>> Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:
>>>>> Lulzsec == pwnt
>>>> I've seen the log you pasted to pastebin.  Is this:
>>>>
>>>>   * A timing attack on ssh passwords over the net?
>>>>   * Fake, to distract us from your real 0day?
>>>>
>>>> Andreas

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)

[mclulzzz]

it's a hoax, these 'dox' were dropped months ago
http://pastebin.com/mmvBT7n5 (may)
http://boards.808chan.org/fail/res/263.html(from 2010)

try again

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)

[Cal Leeming]

Am I the only one thinking "who gives a fuck" to this entire situation? :S

On Mon, Jun 6, 2011 at 2:44 PM,  wrote:

> it's a hoax, these 'dox' were dropped months ago
> http://pastebin.com/mmvBT7n5 (may)
> http://boards.808chan.org/fail/res/263.html(from 2010)
>
> try again
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)

[ohwho]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I don't believe is was implied that these "dox" on xyz/ev0 are
related to anything recent or this lulzsec exposure. They are there
so that we can see who this ev0/xyz is.

On Mon, 06 Jun 2011 14:44:11 +0100 mclul...@safe-mail.net wrote:
>it's a hoax, these 'dox' were dropped months ago
>http://pastebin.com/mmvBT7n5 (may)
>http://boards.808chan.org/fail/res/263.html(from 2010)
>
>try again
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wsBcBAEBAgAGBQJN7RWZAAoJECEJtEphO6gEMU4H/19bbA9DrP85Jqagcxdx8mqswtRA
AcZ/pVazO/J+KmI4AvhIoT2VTOoAYALXSB+oe/vElX3oHsjJ2MO2Rdnu3AgF3LGcymNB
UNcO7AyHaZbQrJkntH+SRy0QoA58/Jff22OUnDQNTybbPJcAHM1eld7W9ZK6lbOiflni
6CUNCJ8H7yiDgRArbs005LW05Q5JTjWytWxZgFKpLx0EwrUJh21UogtEr5GRiw5Z9lDH
8wfXMqMu34LId73BI1D0PQpjIVFWcnobuyl5kf0zarr00Sn1dDSArvFquhN3cuz3yCIN
iSuOuz7PU/JWZE0UuoUUMFR1WAkpeCJCl2QKHdIMI7Q=
=Cqi+
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)

[Erick Staal]

No.

Erick

On 06/06/2011 07:24 PM, Cal Leeming wrote:
> Am I the only one thinking "who gives a fuck" to this entire situation? :S
>
> On Mon, Jun 6, 2011 at 2:44 PM,  > wrote:
>
> it's a hoax, these 'dox' were dropped months ago
> http://pastebin.com/mmvBT7n5 (may)
> http://boards.808chan.org/fail/res/263.html(from 2010)
>
> try again
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] LulzSec EXPOSED!(FAKE)

[Georgi Guninski]

i am watching the lulz [1] situation, because of this act of war on nato

[2] [3] we challenge you, NATO!

it would appear to me, challenging nato and then enjoying the freedom of doing 
so while not quite drunk or unless one manages nuclear power better than a 
nuclear plant owner is uncommon these days...

[1] http://twitter.com/LulzSec
[2] http://pastebin.com/MQG0a130
[3] http://twitter.com/LulzSec/status/76808348011462656

On Mon, Jun 06, 2011 at 06:24:44PM +0100, Cal Leeming wrote:
> Am I the only one thinking "who gives a fuck" to this entire situation? :S
> 
> On Mon, Jun 6, 2011 at 2:44 PM,  wrote:
> 
> > it's a hoax, these 'dox' were dropped months ago
> > http://pastebin.com/mmvBT7n5 (may)
> > http://boards.808chan.org/fail/res/263.html(from 2010)
> >
> > try again
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >

> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/