Full Disclosure mailing list archives

Re: LulzSec EXPOSED!

From: Jen Savage <savagejen () gmail com>
Date: Mon, 6 Jun 2011 18:09:28 -0500

ooo ooo speculation time!

- Hacker creates website that offers "free online password management"
- in javascript
- bugdoors it
- collects passwords
- uses passwords

TL;DR: over 9000 lulz were had

-Jen

On Mon, Jun 6, 2011 at 8:26 AM, T Biehn <tbiehn () gmail com> wrote:

LOL @
"A timing attack on ssh passwords over the net?"

and

"I think its just a bruteforce."

-Travis

On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia
<chuksjonia () gmail com> wrote:


I think its just a bruteforce.




On 6/6/11, Andreas Bogk <andreas () andreas org> wrote:

Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:

Lulzsec == pwnt


I've seen the log you pasted to pastebin.  Is this:

 * A timing attack on ssh passwords over the net?
 * Fake, to distract us from your real 0day?

Andreas

Log:

root@gibson:~# ./1337hax0r 204.188.219.88 -root
Attempting too hax0r root password on 204.188.219.88

h,VhXz<avMm
3xL<l1-_\wC
ffsakTgyc~H
ZZrz,pJrg<B
b{4Bv_Y$$Z6
XDh;vDU-;3>
FB-hvg%g_'t
}qHNvkS"'>g
RNBKvUi5yO|
z`(}v<1^>u&
*V4?vh9#^f2
/R*9vf<h"Z#
9P65vjKhh.N
\rfsv~PhNDz

Bfpv|uhGpy

J%"kvf]hGf0
sY0"v{2hf7p

9dev%Qh6_v

*<Tbv7?h.**
}:lkvV^hN2U
;&5Xv'Sh#}_
MOqpvi_hg+#
Md9/viVh&u7
M(%rvomhb'"
MI"5v_shEVe
M=@?vl.hZge
MPk5v:WhUTe
M=3vvrzh7Te
M&'?v]sh`Te
M/Z,vI1h`Te
M.9>vO$hTTe
Ms!(vY;hpTe
MA)SvYLhnTe
M7eCv@Lh0Te
MkeCvFLh$Te
M'eCv?LhaTe
M&eCvLLh|Te
M*eCv5Lh\Te
MmeCvcLhCTe
MTeCv&LhrTe
M,eCv1LhYTe
MEeCv}LhHTe
M_eCvSLhnTe
MPeCvSLh+Te
M[eCvSLh,Te
MOeCvSLh"Te
M7eCvSLh"Te
MGeCvSLhdTe
M$eCvSLhkTe
MCeCvSLhkTe
MLeCvSLhkTe
M=eCvSLhkTe
M-eCvSLhkTe
MweCvSLhkTe
M=eCvSLhkTe
M3eCvSLhkTe
M6eCvSLhkTe
MreCvSLhkTe
M6eCvSLhkTe
MFeCvSLhkTe
MSeCvSLhkTe
M8eCvSLhkTe

Password hax0rd! root password: M8eCvSLhkTe

root@gibson:~# ssh 204.188.219.88

root@204.188.219.88's password:

root@xyz:~# hostname; id; w
xyz
uid=0(root) gid=0(root) groups=0(root)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

LulzSec EXPOSED! lulzfail (Jun 06)
- Re: LulzSec EXPOSED! Andreas Bogk (Jun 06)
  - Re: LulzSec EXPOSED! Gichuki John Chuksjonia (Jun 06)
    - Re: LulzSec EXPOSED! T Biehn (Jun 06)
    - Re: LulzSec EXPOSED! Benji (Jun 06)
    - Re: LulzSec EXPOSED! Andreas Bogk (Jun 06)
    - Re: LulzSec EXPOSED! Benji (Jun 06)
    - Re: LulzSec EXPOSED! T Biehn (Jun 06)
    - Re: LulzSec EXPOSED! Benji (Jun 06)
    - Re: LulzSec EXPOSED! Jen Savage (Jun 06)
    - Re: LulzSec EXPOSED! McGhee, Eddie (Jun 09)
    - Re: LulzSec EXPOSED! Andrew D Kirch (Jun 09)
    - Re: LulzSec EXPOSED! vtlists (Jun 06)
    - Re: LulzSec EXPOSED! Steve Clement (Jun 06)
- <Possible follow-ups>
- Re: LulzSec EXPOSED! hoaxxxx (Jun 06)