Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
137 lines (130 sloc)
6.09 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <HTML> | |
| <!-- rootworm whores are back from hell --> | |
| <HEAD> | |
| <TITLE>rootworm crew is back!</TITLE> | |
| </HEAD> | |
| <BODY BACKGROUND="" BGCOLOR="#00000" TEXT="#ffffff" LINK="#ffffff" VLINK="#ffffff"> | |
| <center> | |
| <table border="0" width="600" cellspacing="0" cellpadding="0"> | |
| <tr> | |
| <td><center><IMG SRC="rootworm3.gif" WIDTH="450" HEIGHT="137" border="0" alt="r-o-o-t-w-o-r-m-©"></center> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td><font size="2" face="tahoma, arial"> | |
| <br> | |
| <b>#rootworm</b> is back.<br>After long time idling on the net, the <b>rootworm</b>(1) crew is back to roots. | |
| <br>The old skewl is back. Lots of members are gone, others are back. New members joined.<br> | |
| <br>Some members of <b>b10z</b>(2) (b1nary 0utlawz) merged with the <b>rootworm</b> project. | |
| <br>Kinda new alliance is born. | |
| <br><br> | |
| The time of being back has come now. <b>rootworm</b> will get the fame as it has a few months/years ago. | |
| U can't forget <b>rootworm</b>. It's still alive. Idling doesn't mean dead. | |
| <br><br> | |
| <b>rootworm</b> will work on security related projects. | |
| <br><br> | |
| Evil has no substance of its own, but is only the defect, excess, perversion, or<br> | |
| corruption of that which has substance | |
| <br> | |
| <br>############################################################ | |
| <br># | |
| <br># Just a little <a href="http://babelfish.altavista.com/">translated</a> messages for the ignorant Adminbrains.... | |
| <br># ( Maybe there is some embedded HTML-Comments to help you - hopefully - out... ) | |
| <br># | |
| <br># Damn it. We own your ( plus your clients boxes ) whole network since a long time. | |
| <br># We even sent you some mails, but you ignored our advices. Happy eastern. ;-) | |
| <br># | |
| <br># Verdammen Sie es. Wir besitzen Ihr ( plus Ihre Klienten Kästen ) vollständiges Netz | |
| <br># seit einer langen Zeit. Wir schickten Ihnen etwas Post sogar, aber Sie ignorierten | |
| <br># unsere advices. Glückliches östliches. | |
| <br># | |
| <br>################### | |
| <br><br> | |
| See you soon. | |
| <br><br> | |
| <b>#rootworm</b> crew | |
| <br><br> | |
| [1]<br> | |
| <b><u>root</u>:</b> /ru:t/ ; <br> | |
| victim login : <blink>_</blink> | |
| <br> | |
| Password : <blink>_</blink> | |
| <br> | |
| Last login: Mon Apr 24 23:18:42 on ttyp2 | |
| <br> | |
| No mail. | |
| <br> | |
| victim:~# <blink>_</blink> | |
| <br> | |
| <b><u>worm</u>:</b> /w3:m/ ; small long thing creeping animal with a soft roundedor flattened body and no<br>backbone or limbs. | |
| <br><br> | |
| [2]<br> | |
| <b><u>bin-ary</u>:</b> <b>,binary no'tation, 'system</b> system of numbers common in computing, using only<br>the two digits 0 and 1. | |
| <br> | |
| <b><u>out-law</u>:</b> person who has broken the law and is hiding to avoid being caught. | |
| <br><br> | |
| <b>(g)<u>reets to</u>:</b> Jennifer "i'm dressed like i want to be fuqd doggie style" Lopez. | |
| <br><br><br> | |
| <center><IMG SRC="rootwormpic.gif" WIDTH="114" HEIGHT="151" ALT="binary rootworm" border="0"><br> | |
| Oops. Since this is a 'masshack', here are all ( 1397 ) names of those defaced Domains.<br> | |
| <a href="box1.html">[ BoX1 ]</a> <a href="box2.html">[ BoX2 ]</a> | |
| </center><br> | |
| </font></td> | |
| </table> | |
| </center> | |
| <!-- | |
| <RANT> | |
| Dear clueless Admins of this poor Network (Lars, Martin, ...): | |
| This Time we defaced only 2 of your Boxes because they are placed | |
| in different Networksegments, and one of 'em hosts your main-domain | |
| with all those Shoppingsystems 'n shiat... | |
| Thank you for all the fun we had with your Network over the last | |
| Month. Especially the last weeks you dropped some of those | |
| ( already owned ) NT-Boxes and switched in those poor Cobalt Things. | |
| HAR. Since Cobalt's Crap doesn't support SSH out of the Box, and we | |
| sniffed your whole Network, guess what: Yep! We were Admins the same | |
| time, you typed it. We feel really pissed u ignored our mails | |
| which were pointing out some of your real problems. You must be | |
| the most arrogant admin's around, since you even recognized the | |
| compromise of a Box (we just say "adabas", "www622"...) and just | |
| changed the user Password & killed the users Jobs. Kinda all | |
| your Boxes are pretty heavy backdoored, and u believe the stuff | |
| "netstat", "lsof" and "last" show u ? None would do - YOU DID :-( | |
| It's a pain in the Ass to see, that you host about 900 Domains on | |
| every shitty P2 Box with 64MB RAM and slooooow IDE-Disks :-( | |
| Is it magic that your System's are always on kinda maximum load, | |
| and tendence to crash all day ? | |
| As far we could read the Babelfish translation of | |
| http://www.heise.de/newsticker/data/atr-20.03.00-000/ | |
| you added another (??) Firewall and added EXTRA Security ? | |
| HAR! You fuck your customers and try to cheat the Media. | |
| A] There is NO Firewall at all, just giving a C-Name ala FW-GW... | |
| doesn't do ANY Security. You won't really call those buggy | |
| Packet-Filters a "Firewall", do you ? | |
| B] Adding EXTRA Security doesn't mean to patch the old Wu-FTPD Holes, | |
| on an already compromised Box. We feel sick. You can't be THAT blind, | |
| to ignore all the stuff in /tmp, nor all the stuff in your | |
| /root/.bash_history that lot's of _other_ dudes left on your boxes. | |
| </RANT> | |
| But now for some constructive Tips .... | |
| - buy better Hardware, drop that low-budget boxes. - The suck. | |
| - do a new backup-plan. Just coping data from /dev/hda1 to /dev/hdb1 doesn't mean anything. | |
| - rebuild your Boxes from scratch. | |
| - disable all unnesessary Services - Why leave Ports open waiting for abuse ? | |
| - Check out Packetstorm on a daily Basis and PATCH your holes, god damnit! | |
| - Use good Passwords - 8 Charactes of alpahnumeric Trash, using Upper-/ Lowercase Letters. | |
| ( "fraeger" ? "Batham" <- what great passwords these are ? ) Why do your customers | |
| only get those 6 byte long all lowercase passwords ? | |
| - Use switched Networks - this makes sniffing kinda more complicated | |
| - Disable default accounts on Boxes / Routers ( TFTP is always yer Friend! etc.) | |
| - Disallow Zone-Transfers to the whole World. | |
| - STOP TELNETING OVER THE WHOLE INTERNET WITH ROOT!! Disable Port 23 TCP and 0NLY use SSH. | |
| Damn! You use SSH for all you're private Sessions, but for your Network u use lame | |
| cleartext telnet ? Wonder what you're Boss (with that funny name) will say ... oh, and | |
| BTW: Once someone has root, there was something that could happen to the SSHD ... we dunno | |
| remember ... ;-) SO pls inform the other Network Admins ... | |
| Peace, K0rn 0wnz | |
| --> | |
| </BODY> | |
| </HTML> | |
| <!-- www.attrition.org web hack mirror - watermark or something --> |