#1535735 - Pastie: "How to get root on rootkit.com? Well, it's quite easy if you have access to Greg Hoglands email account, read for yourself.
--------------------------------------------------------------------------------
From: Greg Hoglund ISun, Feb 6, 2011 at 1:59 PM
To: jussi
im in europe and need to ssh into the server. can you drop open up
firewall and allow ssh through port 59022 or something vague?
and is our root password still 88j4bb3rw0cky88 or did we change to
88Scr3am3r88 ?
thanks
From: jussi jaakonaho ISun, Feb 6, 2011 at 2:06 PM
To: Greg Hoglund
hi, do you have public ip? or should i just drop fw?
and it is w0cky - tho no remote root access allowed
From: Greg Hoglund ISun, Feb 6, 2011 at 2:08 PM
To: jussi jaakonaho
no i dont have the public ip with me at the moment because im ready
for a small meeting and im in a rush.
if anything just reset my password to changeme123 and give me public
ip and ill ssh in and reset my pw.
From: jussi jaakonaho ISun, Feb 6, 2011 at 2:10 PM
To: Greg Hoglund
ok,
takes couple mins, i will mail you when ready. ssh runs on 47152
...a little later
Rootkit.com DB-Backup
http://stfu.cc/rootkit_com_mysqlbackup_02_06_11.gz
Rootkit.com Username/E-mail/Password Dump(42384 accounts) 44504 accounts (updated)
64489 accounts
http://dazzlepod.com/rootkit/ Check & Change if you got your's in the list too...
Leaked Emails/Docs
http://esploit.blogspot.com/2011/02/hbgary-e-mail-viewer-anonleaks.html
http://esploit.blogspot.com/2011/02/hbgary-cryptome-download.html
Related:
http://esploit.blogspot.com/2011/02/hbgary-wanted-to-suppress-stuxnet.html
http://esploit.blogspot.com/2011/02/anonymous-hack-reveals-hbgary-plan-to.html
http://packetstormsecurity.org/news/view/18662/Anonymous-Speaks-The-Inside-Story-Of-The-HBGary-Hack.html
http://esploit.blogspot.com/2011/02/hbgary-working-on-secret-rootkit.html
http://esploit.blogspot.com/2011/02/stolen-hbgary-e-mails-indicate-it-was.html
http://esploit.blogspot.com/2011/02/black-ops-how-hbgary-wrote-backdoors.html
Disclaimer: The public disclosure of password list is only meant for finding your account (if you had one on rootkit.com) and change the pass if you got the same pass on multiple sites.Please do not (mis) use it to peep into other accounts.If you still opt to do so then you're certifying yourself as a n00b kiddi3 and may get counter-pwn3d. Be careful !
--------------------------------------------------------------------------------
From: Greg Hoglund ISun, Feb 6, 2011 at 1:59 PM
To: jussi
im in europe and need to ssh into the server. can you drop open up
firewall and allow ssh through port 59022 or something vague?
and is our root password still 88j4bb3rw0cky88 or did we change to
88Scr3am3r88 ?
thanks
From: jussi jaakonaho ISun, Feb 6, 2011 at 2:06 PM
To: Greg Hoglund
hi, do you have public ip? or should i just drop fw?
and it is w0cky - tho no remote root access allowed
From: Greg Hoglund ISun, Feb 6, 2011 at 2:08 PM
To: jussi jaakonaho
no i dont have the public ip with me at the moment because im ready
for a small meeting and im in a rush.
if anything just reset my password to changeme123 and give me public
ip and ill ssh in and reset my pw.
From: jussi jaakonaho ISun, Feb 6, 2011 at 2:10 PM
To: Greg Hoglund
ok,
takes couple mins, i will mail you when ready. ssh runs on 47152
Rootkit.com DB-Backup
http://stfu.cc/rootkit_com_mysqlbackup_02_06_11.gz
Rootkit.com Username/E-mail/Password Dump
64489 accounts
http://dazzlepod.com/rootkit/ Check & Change if you got your's in the list too...
Leaked Emails/Docs
http://esploit.blogspot.com/2011/02/hbgary-e-mail-viewer-anonleaks.html
http://esploit.blogspot.com/2011/02/hbgary-cryptome-download.html
Related:
http://esploit.blogspot.com/2011/02/hbgary-wanted-to-suppress-stuxnet.html
http://esploit.blogspot.com/2011/02/anonymous-hack-reveals-hbgary-plan-to.html
http://packetstormsecurity.org/news/view/18662/Anonymous-Speaks-The-Inside-Story-Of-The-HBGary-Hack.html
http://esploit.blogspot.com/2011/02/hbgary-working-on-secret-rootkit.html
http://esploit.blogspot.com/2011/02/stolen-hbgary-e-mails-indicate-it-was.html
http://esploit.blogspot.com/2011/02/black-ops-how-hbgary-wrote-backdoors.html
Disclaimer: The public disclosure of password list is only meant for finding your account (if you had one on rootkit.com) and change the pass if you got the same pass on multiple sites.Please do not (mis) use it to peep into other accounts.If you still opt to do so then you're certifying yourself as a n00b kiddi3 and may get counter-pwn3d. Be careful !
