Re: thctest

[Joxean Koret <joxeankoret () gmail com>]

Sorry i forgot another one

On 7/20/05, Joxean Koret <joxeankoret () gmail com> wrote:
> This is also phrack.org box (and teso and hert etc etc...), seems some
> articles for the next phrack release, have been stolen:
>
>
> regards
>
> On 7/20/05, netsniper <netsniper () mail ru> wrote:
> > I had some fun with The Hacker's Choice website and thought some of you
> > may want to learn from their lack of proper security.  THC.org hosts project
> > files, source code, and many other things.  It also includes pictures of
> > members and CCC friends, some that seem to request anonymity from public.
> >
> > Anyways, here are segfault's passwd and hosts files.  I'll leave it up to you
> > to determine if they are legit.  I have no idea...
> >
> > passwd:
> > root:x:0:0:root:/root:/bin/bash
> > daemon:x:1:1:daemon:/usr/sbin:/dev/null
> > bin:x:2:2:bin:/bin:/dev/null
> > sys:x:3:3:sys:/dev:/dev/null
> > sync:x:4:100:sync:/bin:/bin/sync
> > games:x:5:100:games:/usr/games:/dev/null
> > man:x:6:100:man:/var/cache/man:/dev/null
> > lp:x:7:7:lp:/var/spool/lpd:/dev/null
> > mail:x:8:8:mail:/var/spool/mail:/dev/null
> > news:x:9:9:news:/var/spool/news:/dev/null
> > uucp:x:10:10:uucp:/var/spool/uucp:/dev/null
> > proxy:x:13:13:proxy:/bin:/dev/null
> > alias:x:14:12::/var/qmail/alias:/bin/true
> > qmaild:x:15:12::/var/qmail:/bin/true
> > qmaill:x:16:12::/var/qmail:/bin/true
> > qmailp:x:17:12::/var/qmail:/bin/true
> > qmailq:x:18:11::/var/qmail:/bin/true
> > qmailr:x:19:11::/var/qmail:/bin/true
> > qmails:x:20:11::/var/qmail:/bin/true
> > lists:x:30:30::/home/crew/lists:/bin/bash
> > postgres:x:31:32:postgres:/usr/local/pgsql:/dev/null
> > www-data:x:33:33:www-data:/var/www:/bin/sh
> > sshd:x:34:34:sshd:/var/empty:/dev/null
> > mysqladm:x:36:36:database:/home/nobody:/dev/null
> > ircd:x:39:39:ircd:/home/nobody:/dev/null
> > phrackwww:x:40:40:phrackwww:/dev/null:/dev/null
> > dnslog:x:62:62:dnslog:/home/nobody:/dev/null
> > tinydnszone:x:63:63:tunydnszone:/etc/tinydns:/bin/chroot_bash
> > tinydnsaxfr:x:64:64:tinydnsaxfr:/etc/djbdns:/bin/chroot_bash
> > who:x:74:74:who:/home/nobody:/dev/null
> > named:x:76:76:named:/dev/null:/dev/null
> > lastword:x:77:77:lastword:/home/nobody:/dev/null
> > tinydns:x:78:78:tinydns:/nonexistend:/dev/null
> > namedop:x:89:89:named operator:/home/someone:/bin/bash
> > crewuser:x:101:101:crew:/home/nobody:/dev/null
> > cvs:x:85:85:cvs:/home/cvs:/dev/null
> > ircs:x:86:86:ircs:/dev/null:/dev/null
> > dnscache:x:90:90:dnscache:/nonexistend:/dev/null
> > nobody:x:65534:65534:nobody:/home/nobody:/bin/sh
> > pauthor:x:500:11:author.phrack.org:/var/qmail/alias/author.phrack.org:/nonexistend
> > phrack:x:501:11:phrack.org:/var/qmail/alias/phrack.org:/nonexistend
> > thccvs:x:800:800:thc,,,:/home/noshell/thccvs:/bin/chroot_cvssh
> > vhcvs:x:801:800:van Hausercvs,,,:/home/noshell/vhcvs:/bin/chroot_cvssh
> > tickcvs:x:802:800:tickcvs,,,:/home/noshell/tickcvs:/bin/chroot_cvssh
> > dhcvs:x:803:800:doc holidaycvs,,,:/home/noshell/dhcvs:/bin/chroot_cvssh
> > phrackcvs:x:804:804:phrackcvs:/home/noshell/phrackcvs:/bin/chroot_cvssh
> > tesocvs:x:850:850:tesocvs,,,:/home/noshell/tesocvs:/bin/chroot_cvssh
> > hertcvs:x:851:851:hertcvs:/home/noshell/hertcvs:/bin/chroot_cvssh
> > tesocron:x:900:850:tesocron,,,:/home/nobody:/bin/sh
> > thcadmin:x:901:901:THC Admin:/home/thc/thcadmin:/bin/bash
> > thcdb:x:902:902:THC DB:/home/thc/thcdb:/bin/bash
> > skyper:x:1000:1000:skyper,,,:/home/crew/skyper:/bin/bash
> > gamma:x:1001:1001:gamma,,,:/home/crew/gamma:/bin/bash
> > vax:x:1002:1002:vax,,,:/home/vax:/bin/bash
> > muskrat:x:1005:1005:muskrat,,,:/home/crew/muskrat:/bin/bash
> > rpunk:x:1006:1006:rpunk,,,:/home/rpunk:/bin/bash
> > oxigen:x:1007:1007:oxigen,,,:/home/oxigen:/bin/bash
> > andi:x:1009:1009:andi,,,:/home/andi:/bin/bash
> > rm:x:1010:1010:Richard Miller,,,:/home/rm:/bin/bash
> > helferlein:x:1013:1013:helferlein,,,:/home/chrooted/helferlein:/bin/chroot_bash
> > typo:x:1014:1014:typo,,,:/home/typo:/bin/bash
> > plasmoid:x:1016:1016:plasmoid,,,:/home/thc/plasmoid:/bin/bash
> > pimmel:x:1016:11:pimmel.com:/var/qmail/alias/pimmel.com:/nonexistend
> > wilkins:x:1018:1018:wilkins,,,:/home/thc/wilkins:/bin/bash
> > thcwww:x:1020:1020:thcwww,,,:/home/thc/thcwww:/bin/bash
> > stealth:x:1021:1021:stealth,,,:/home/stealth:/bin/bash
> > hendy:x:1022:1022:hendy,,,:/home/hendy:/bin/bash
> > jobe:x:1023:1023:jobe,,,:/home/jobe:/bin/bash
> > caddis:x:1024:1024:caddis,,,:/home/caddis:/bin/bash
> > mgma:x:1004:1004:gamma,,,:/home/mgma:/bin/bash
> > scut:x:1025:1025:scut,,,:/home/scut:/bin/bash
> > palmers:x:1026:1026:palmers,,,:/home/palmers:/bin/bash
> > owen:x:1027:1027:owen,,,:/home/owen:/bin/bash
> > lorian:x:1011:1011:lorian,,,:/home/lorian:/bin/bash
> > paul:x:1029:1029:paul,,,:/home/paul:/bin/bash
> > edi:x:1030:1030:edi,,,:/home/edi:/bin/bash
> > zip:x:1031:1031:zip,,,:/home/zip:/bin/bash
> > thok:x:1032:1032:thok,,,:/home/thok:/bin/bash
> > tmogg:x:1034:1034:tmogg,,,:/home/tmogg:/bin/bash
> > duke:x:1036:1036::/home/duke:/bin/bash
> > gaius:x:1037:1037:gaius,,,:/home/gaius:/bin/bash
> > ultor:x:1038:1038::/home/ultor:/bin/bash
> > grugq:x:1039:1039::/home/grugq:/bin/bash
> > rd:x:1040:1040::/home/thc/rd:/bin/bash
> > random:x:1041:1041:random,,,:/home/random:/bin/bash
> > jc:x:1042:1042:jc,,,:/home/jc:/bin/bash
> > mayhem:x:1043:1043:,,,:/home/mayhem:/bin/bash
> > bbp:x:1044:1044:,,,:/home/bbp:/bin/bash
> > dvorak:x:1045:1045:,,,:/home/dvorak:/bin/bash
> > disque:x:1046:1046:,,,:/home/disque:/bin/bash
> > whyking:x:1047:1047:,,,:/home/thc/whyking:/bin/bash
> > vh:x:1049:1049:,,,:/home/thc/vh:/bin/bash
> > nil:x:1050:1050:,,,:/home/thc/nil:/bin/bash
> >
> > hosts:
> > 127.0.0.1       localhost
> > 213.131.229.154     segfault
> > 10.1.1.1        wu.sec wu
> > 62.67.59.35     www.thc.org
> >
> > I also ripped some nice stuff from the site, rarred it up, and posted it on
> > alt.binaries.warez.quebec-hackers if you take a look.  Nothing special, but
> > just for fun :-)  This hack was pretty lame, seriously...read the nfo
> >
> > netsniper
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

Attachment: p63_dns_worm_covert_channel.txt
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/