http://valhalla.allalla.com/2013/08/htp-owned-by-xd-haqnet/
We are in no way affiliated with aush0k, etc.
"OK, I GOT TOLD BY THE OWNEES THAT THIS IS PHP KEY CRYPTOGRAPHY ….FUNNY COZ IT SEEMS LIKE PLAIN OL TEXT TO ME.. :S
OWNED..AGAINanyhow… here, is some fun things you may wish to do, when you find that these kids ie; ocean ,calling me a lamer, because i FIX crippled exploits…well, in this online Fuhosin shell i found, it was really pathetic..and, handed me theyre login keys, login passes, and RSA PRIVATE key ..and there is plenty more if you goto :"
First off, excellent grammar, second off, I'd love for him to explain how we're owned? It is quite obvious he doesn't understand how cryptography works, and he couldn't even understand how the 'fuhosin' webshell works. He also links to a shell that is just text file due to someone's failed upload (trying to change extensions, etc). He also claims to 'fix crippled exploits'. This one made us chuckle, here are a few samples of his 'fixing'
http://pastebin.com/Ns5YPrF7
http://pastebin.com/3WhtpdEc
http://pastebin.com/3yvfMChr
http://pastebin.com/Csp1Z1AZ
http://pastebin.com/K1yWwbT6
he has 'fixed' other exploits too, but I didn't bother saving them, anyone with basic knowledge of kernel architecture, decent low level programming can fix an exploit; sadly xd posses neither. So if we take a look at these 'fixed exploits', it is quite evident all he is doing is pasting some code, bullshitting comments, and claiming they are now better/fixed. People who have talked to xd before and left, because they know he's an idiot also know that he has no programming skills what-so-ever.
"## ok so we see later, the ssh pass being set to ‘dongpass’ ,BUT when you have the pvt keyfile,and, know now, how to dismantle this little shell.. well…
theyre latest claim to fame, is beeimg.com , lol, wich, is a joke… my claim to fame, was owning nasa at 13yrs of age..but yea, ‘ocean’ was quick to call me a has been.. and, i am actually, the ONLY person who is hanging onto a VERY awesome local root,BUT,since it rocks,and, since i found myself 100% ,i would LOVE a version wich will spawn root, yes, EVERY kernel, EVERY protection, and even bsd’s@! NOTHING can save from this… until, it is disclosed…and since i tried, to disclose many times thru FD lists, and was laughed at and, called another person…well, i would have happily worked with them, and, i would still, BUT, there would be a VERY strict agreement around this exploit.. and, it is NOT as simple as it seems, to spawn a shell..due to the nature of the binary,..wich, i will release, soon as it is a complete p0c ,and not a one-liner as it is now.."
This guy is pure comedy, we will show you what he's trying to talk about, but first, let's address the other parts of his statements. Where did we claim that site to be our fame? Bouncing off of a box to your ircd is claiming fame? Back when xd was 13, (the 80s or so), owning NASA was not hard, ironically it's still not hard today, running java (ahem coldfusion), jsp, and tons of flawed cgis and more makes it quite an easy target to own, that being said, with the skill portrayed from xd, one would highly doubt he pwnd NASA.
Okay, he is hanging on to a local root (mind you this guy doesn't understand the difference between ring0/ring3 or userland vs kernel), he claims he has a 'local root', but then says he would love a version that spawns root...Ok, in that case we all have local roots, they just don't spawn root. That makes absolutely no fucking sense, unless he has some sort of a bug which allows you to edit root owned files, in which case he could temporarily addhimself to sudoers, edit passwd/shadow, edit a suid bin, add his public key into a privileged users home? If you have a vuln like that and didn't even think of that type of shit, then it is likely it isn't your bug :P, however with the lack of friends xd has it is doubted he possess any such bug. Hangon, you call yourself a blackhat, but then want to disclose this to full disclosure? Of course you were laughed at, you have no fucking idea what you're saying, LOL.
function chippy_udp_reverse($ip,$port) { // Yeah, I copied and pasted and str_replaced the one above. Sue me. ~ Aurora
" ^^ so, they want, to copy/paste..then later…"First off, it is copy pasting from the code above that line, what is xd trying to prove here?
function kolang_reverse($host, $port) { // PHP 4.3.10 – 5.3.0 Safe Mode bypass exploit – CVE-2009-4018 // fuck you IHSteam dont cripple your sploits
now, on with our pwnage of theyre shell,wich, i believe theyre now using my own ideas,or, trying LOL, and, i mean, they have some php.ini overwrite ‘bypass’ ,now correct me if im wrong, but, the two things wich is breaking things, is silly shit like this… the second you start to act like this, and overwrite, i clearly know you have not even looked at php -help ! php -n == ignore ALL ini files , and execute code"
Ok, Drew, stop crying about being teased, first off, you wouldn't know the first place to start in writing a kernel exploit, no one, unless they are as feeling generous as fuck or on crack would send you a decent exploit, you claim to release it soon, it's been a while, where is it? Don't fabricate bullshit. This shell has been around for a year or two, no one took your lame ass ideas, the overwriting of php.ini is a classic trick to circumvent shit; clearly your dumbass doesn't understand php or hacking whatsoever.
"php -n == ignore ALL ini files , and execute code"
Hey dumbass, do you understand what CLI is? php -n is a command line option to ignore php.ini. The webshell allows us to exec code, if we had cli, who would care about any of it?
"## ok so we see later, the ssh pass being set to ‘dongpass’ ,BUT when you have the pvt keyfile,and, know now, how to dismantle this little shell.. well…"
The ssh pass is not being set to 'dongpass', that is just the form name..Don't believe me?
https://gist.github.com/redhat69/3903275/raw/bdf5ff9789445cab8c485d2a45e759d4660b6429/gistfile1.txt
function login() { // keep lam3rz out
echo "<title>ah ah ah, you didn't say the magic word!</title>
<body bgcolor=\"black\"><table border=0 width=100% height=100%><td valign=\"middle\"><center>
<form action=".basename(__FILE__)." method=\"POST\">
<input type=\"password\" maxlength=\"32\" name=\"dongpass\">
</form>
</table>"; }
the html field name = dongpass, hi, yes how is that a password?"now on with the HTP lol@..
add our SSH public RSA keys to the list of authorized ones $pk = “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9itZ/PPfGNn2PArA94f0bTP/Mpz2aRo6eLMgdexoJQ++ToWndXgxs3KzQCLza2mICHiH+nNNaa+PmEjnppHJGk3Rb8vtR8ojirpXvdcaRI+on/zPkGJB54c123IN0jwVPFFjCvCQQNpZtpBQMoeXYRTNNmX6lif1uuCm5LjxfPOR2lRG0dNIVW5SsAiuhXBRNWguVN/ctuKK2MhLWJ31HnGk4g2Qv0270sb4BSpkcQRGX6ZitN5KHnS12sjtvvfc/h5vn0bzt5YP4rA4NTwWEGeLxABzCvW9hXL+b3D9XLhP6alE6HOgJNT+TATRjnFScfrdBd91XPso0dD1FcXRv fuck@suhosin”; $home = get_home(); @mkdir($home.”/.ssh”); if(file_exists($home.”/.ssh/authorized_keys”)) { $ak = file_get_contents($home.”/.ssh/authorized_keys”);
and wala…
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9itZ/PPfGNn2PArA94f0bTP/Mpz2aRo6eLMgdexoJQ++ToWndXgxs3KzQCLza2mICHiH+nNNaa+PmEjnppHJGk3Rb8vtR8ojirpXvdcaRI+on/zPkGJB54c123IN0jwVPFFjCvCQQNpZtpBQMoeXYRTNNmX6lif1uuCm5LjxfPOR2lRG0dNIVW5SsAiuhXBRNWguVN/ctuKK2MhLWJ31HnGk4g2Qv0270sb4BSpkcQRGX6ZitN5KHnS12sjtvvfc/h5vn0bzt5YP4rA4NTwWEGeLxABzCvW9hXL+b3D9XLhP6alE6HOgJNT+TATRjnFScfrdBd91XPso0dD1FcXRv fuck@suhosin
bahahaha… no not ONLY this but…heck…when you have this ;
—–BEGIN RSA PRIVATE KEY—–
MIIEowIBAAKCAQEAvYrWfzz3xjZ9jwKwPeH9G0z/zKc9mkaOnizIHXsaCUPvk6Fp 3V4MbNys0Ai82tpiAh4h/pzTWmvj5hI56aRyRpN0W/L7UfKI4q6V73XGkSPqJ/8z 5BiQeeHNdtyDdI8FTxRYwrwkEDaWbaQUDKHl2EUzTZl+pYn9brgpuS48XzzkdpUR tHTSFVuUrAIroVwUTVoLlTf3LbiitjIS1id9R5xpOINkL9Nu9LG+AUqZHEERl+mY rTeSh50tdrI7b733P4eb59G87eWD+KwODU8FhBni8QAcwr1vYVy/m9w/Vy4T+mpR OhzoCTU/kwE0Y5xUnH63QXfdVz7KNHQ9RXF0bwIDAQABAoIBAHZUQMi6dSznQ8eO NBzOAseScHeBSPIRbmPNLTlKatyx7tVJhd/PIQ6tTa2qZsxyXZFY4nwjx8bBaEtv wXvdUAJDd/cXYFKuiUqLF8ugyVA/DaXeqrSRqVCN6Ul1LRQNXZEa8LbR4enFSnA0 aNfiEq3LtdWSKACMfw0qJ9IVzVbehXM8fk1hpCbqAFxg1IcKbWmopQCgtdsLS/gz rWYjMzl327TeJGtbTZvwIw0ASWx0y09BQVQGWOzH9zM5pqF0IKYP+MmeCIxpJKXu GIPMRuXor1cv8j08z79JqT14bkrOSmSeaGmsDpodqgqQuxi2NNDt26u70m9YyjU7 L/8G+nECgYEA+/lvmCQGFN4fvZe/m1t8wF44NwmoQNuEU0Mwd1U9yQbylQflHb5m da9rzsMRAwBnjoAjG1e4985IdbzPkrnv8T9ZxqW/O/YCFAYbqDQZCFmYQQYeZCo0 2h+xIRScwrw2ZqyPp1F8BGXD5n4s4icvuKiuUXS/N5+ko7dx3YEzBKsCgYEAwJIO xvoWzkgNOta7xN7M94egx/xQlpl6KE70m
—–END RSA PRIVATE KEY—–
BUT theyre worst errors, are simple.. they use simple passes, ie; ‘fuhosin’ for theyre webshell logins…and they call me, outdated..yet, use a fucking pathetic HTP-modified version of Fuhosin (can be found on my github.com/x90 …
NOW for sshd …seems, theyre even stupider,and, they maybe, forgot how md5 works ??? lol…
if(isset($_POST['dongpass']) && !empty($password)) {
if(strlen($password) == 32) {
$_POST['dongpass'] = md5($_POST['dongpass']);
}
if($_POST['dongpass'] == $password)
setcookie(“dongs”, $_POST['dongpass'], time()+3600);
} else {
echo “”;
}
reload();
}
Challenge removed, only PROS will be considered.CANNOT CODE EVEN A HELLO WORLD! ,AND OCEAN, I DIDNT STEAL YOUR SHIT.. IT IS, ANYONE COULD HAVE,AND, I DONT USE THEM…
they are born of narq, and, the ONLY person id take that back on is the kid ac1d , from bluehell.org ,whom, seems to, well.. not hang with the miscreant,low iq’d ‘ocean’ … anyhow, the challange is there.. id even give you, local, unrestricted ax, just to watch you fail in YOUR attempt…as all wargames, i would have to give you a shell, to try win the ‘war” ,right ? well, my one, wont be logging, and wont be a root…and, if i was some narq, id be doing what theyre doing now,wich is, trying to have me arrested..
and whoever owns beeimg.com , i feel sorry for you
(your owned x5)…"Congrats, you don't understand jack shit! The keys in fuhosin are used as a method to bypass anything stopping code execution, this is trivial but I'll give you a small explanation, xd, listen, maybe you'll learn something? Doubt it :P
It adds a pubkey into the user's .ssh folder, so assume we can't exec code, normally, and say we're running as the user 'bob', well, the shell will attempt to add a key into /home/bob/.ssh, then use a ssh-like lib to use that as a method of execution. Regarding 'sshd', you're completely off, it has nothing to do with that, and it seems you can't read basic code, dongpass, it's passing an md5 val, it checks it, if it's correct/matches we login and 'wala'. Challenge removed? LOL, we came into your lame ircd, asked for your challenge, and got banned in return, can't support your claims so you removed it, huh?
Oh, we can code a hello world ez pz, but xd can't :P. He talks of us being born of narq, but then he says he'd take ac1d, aka a KNOWN narq, federal informant, etc..ironic..."Low iq'd ocean"..hahahaha, let me, ocean give you a lesson on IQ.
[ First off, I (ocean), have taken several tests, from Welschier to Wisk to Stanford-binnet, on the typical IQ scale, where 100 is average, I score around 147, which in theory puts me @ the tier of a genius. If you call that low, you don't understand what you talk about, second off, the whole concept of a number to represent/measure someone's intelligence is absurd, just like the concept of the bell curve, something that is deprecated. The whole idea behind IQ was first created to see if someone was a plain out retard (such as yourself, xd) or if someone was average (this was during the war). Now the reason that it is absurd is because IQ tests don't measure every single aspect of the human brain, for example, someone may be much more talented naturally in arts vs a more logical or mathematical brain. The bell curve brings race into the game, and there are no significant, *note (non-biased) studies that support that race plays a factor/role in intelligence. If you want to argue with me, (xd), I recommend you read a bit of Chomsky's work, the book 'the bell curve', and misc things that will help you understand the human brain. Feel free to correct me, because I don't take offence to expansion of knowledge.
~ schooled by ocean ]
Once again, we asked for your shell for the challenge, you didn't give it, you just talked more shit. Trying to have you arrested? Why would we waste time trying to get an inferior scum like you arrested? You make me chuckle, oh, you owned beeimg.com too? Weird, you said that back when I was on ircd, I told you rm it, and you didn't? Yeah, talking more shit as usual, cute.
Thanks for reading.
No comments:
Post a Comment