Posts Tagged ‘hacking’

Here you go kiddies, enjoy this succulent fruit.

http://www.nopaste.com/p/aDTdT5s1C

oh btw, use it at your own risk.

It would seem that the anti-sec movement may make a move which is arguably against their supposed ethics contained in their movement manifesto. It was initially thought that being apart of this Anti-Security Movement was not disclosing vulnerabilities into the public. Well, please read on.

Posted to the full-disclosure mailing list Anti-Sec unveiled their intentions to publicly release working 0day exploit code for OpenSSH <= 5.2. As stated on Mon, 20 Jul 2009 16:32:18:

Dear Reader,
In 48 hours, the anti-sec movement will publicly unveil working exploit code
and full details for the zero-day OpenSSH vulnerability we discovered. It
will be posted to the Full-Disclosure security list.

Soon, the very foundations of Information Technology and Information
Security will be unearthed as millions upon million of systems running ANY
version of OpenSSH are compromised by wave after wave of script-kiddie and
malicious hacker.

Within 10 hours of the initial release of the OpenSSH 0-day exploit code,
anti-sec will be unleashing powerful computer worm source code with the
ability to auotmatically find and compromise systems running any and all
versions of OpenSSH.

This is an attack against all White Hat Hackers who think that running a
Penetration Test simply searching for known vulnerabilities is all they have
to do in order to receive their payment. Anti-sec will savor the moment when
White Hat Hackers are made to look like fools in the eyes of their clients.

Sincerely,

-anti-sec

Opinion:

Are you fucking serious? All this talk on how publicly released exploits are bad, and that security through obscurity is an objective your going to release an exploit. How does this justify anti-sec’s cause? If you ask me this goes against everything their movement is for. An OpenSSH 0day vulnerability must be to much to handle.

In another high profile attack the Anti-Sec movement has made it officially clear that their presence shall not go unnoticed. Imageshack one of the most used and popular image hosting sites has been hacked by members of the anti-sec movement.

From what I understand the members involved in this attack did not exact their usual punishment by rm’ing everything. Instead they decided to replace images hosted by Imageshack with their own message.

I would like to just state that from a lot of the public comments and arguments about Anti-sec it seems that there are at least a couple clear things. These are not just some script kiddies out to screw shit up. Think about it. Clear manifesto’s, high profile attacks, superb outputs with ‘wholly shit’ executions. If anyone thinks this is a bunch of 15 year old kids thinking they are cool, your a fucking moron. Mainly this goes for some of those fucks on Digg. Don’t be so naive.

Earlier this evening I received some reports that Milw0rm.com, a very very popular ‘Proof of Concept’ exploit website is closing it’s doors.

str0ke just doesnt have the time anymore

Big loss to the skiddies out there? +10 to the anti-sec movement?  Let’s hear your thoughts.

Heres some further reading

http://www.pakbugs.com/news-announcements/9989-milw0rm-shut-down.html

Administrators are keen to patch their web applications when new exploits are fully disclosed.  Not all do this of course, but a good administrator keeps up with closing as many vulnerabilities that can be found in their installed software.  Using web-shells on a target machine is a great way to operate and manipulate the things you need to do.  However, there are some advancements in finding these vulnerabilities.  On a well updated system, the life of a web based shell can be short.

You cannot always rely on the applications vulnerability to keep uploading or including your shell.  If it is patched, you’ve lost your access to that system most of the time.  How can you keep your attack persistence on machine?  How can you try to ensure you will be able to gain access again, if in fact the vulnerability is closed, and your shell, deleted?
Read the rest of this entry »

Hey all you loyal Flyninja readers! As you can see some changes have been made to Flyninja, one is a new theme…which I have a tendency to change from time to time.

I just want to let you know that we will be launching a new forum soon. This will be a free to join forum, no worry about being invited as the last one. Here members will be able to discuss all things hackery, geek, and gaming. Members will also be invited to discuss and get involved in some of the Flyninja projects such as foamy, scatterchat, and a new one that is yet to be announced.

Along with the regular discussion boards, I am planning to implement a VIP section. You all know what kinds of things can be shared in VIP, so I am not going to get into explaining it all. VIP membership will cost a small fee, this fee will be used for all things Flyninja, including cooperative projects with our affiliates.

To prepare for the new forum, I just want to specify some ground rules in the beginning. Let me get to the point.

1. All links to anything (sites, files etc…) other than affiliate sites have to be coded, and not linked.  This will keep us off referral lists…
2. Hot flames will not be tolerated in the main discussion forums, we want to provide a resourceful and helpful community.  Trolls stay out please.  VIP boards flaming will be fine.
3. Be aware that you should search for your questions before asking them.
4. Post to the correct board, and use descriptive thread subjects for readability…We don’t want to see any lame ass 13375p34k on the board…really, your best English is encouraged.
5. Your encouraged to participate in the board, if you do not think you will, don’t sign up.  Inactive accounts will be flushed out after a yet undecided amount of time, unless its a VIP account.

These rules are just a few that come to mind off the bat.  Some may come and go based on their effectiveness and need.

All is fair in love and war – as it would seem.

The so called ‘Security Expert’ or ‘Hacker’ known as Glafkos Charalambous AKA nowayout / nowayin was targeted by the anti-sec group who orchestrated the Astalavista takedown recently.  Want to see it?

http://pastebin.com/m592e1f1c

The anti-sec movement ‘in relation’ to these attacks is spurred by the notions that full disclosure is not good, and that the ligaments holding the real undergound for the last 10 years are being sliced.  The so called whitehats are only motivated by monetary gain as well as notariety by disclosing exploit.

I think I’ll root for the home team.

Keep em coming anti-sec