Re: Did you miss us yet?

[Dinis Cruz <dinis () ddplus net>]

Surely this is a hoax?

Dinis Cruz
.Net Security Consultant

Phrack Staff wrote:

> [-]=====================================================================[-]
>
>                     +++++++++++++++++++++++++++
>                   =: P H R A C K - R E B O R N :=
>                     +++++++++++++++++++++++++++
>
> 	           ... Phrack is dead. Long Live Phrack. 
>
>
>                CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS
>
>                 --------------------------------------
>                 Deadline: 15 October 2005 at 11:59pm
>                 Submissions    : phrackstaff () gmail com
>                 --------------------------------------
>
>   The New Phrackstaff are pleased to bring you the third new
>   release of PHRACK.
>
>   As originally stated, Phrack strayed from its original purpose
>   nearly 62 issues ago. Because of the irresponsible use of the
>   Phrack forum, the commercialisation of hacking has been allowed
>   to occur -- neigh -- encouraged. The old Phrack has been a long-time
>   in dying. The past few issues have been coughing up blood (this
>   could have been due to a severe case of industry rape). But now
>   that death has come to the old Phrack, like Gene Gray, Phrack
>   is reborn.
>
>   Submissions should _NOT_ disclose new exploit methods, new backdooring
>   methods, or any other information that may be used by the information
>   security extortion industry to further increase their profit margins.
>
>   Some article ideas:
>          - White-hat 12 Step Program
>                 aka. "OMFG I'm a white-hat, How do I Stop?"
>          - B4 They were famous.
>                 aka  "Profiles of White-hats they would like to forget."
>          - HoneyNet Project: Be Your Enemy
>          - Saved by Project Mayhem
>          - Setting up your own "I'm a White-hat get me out of here" program.
>
>   As a special treat to our readers, this CFP includes a sample
>   of the material we look forward to bringing you, our new Phrack
>   readership in the future. 
>
>   
>
> |=-----------=[ C O N T A C T   P H R A C K   M A G A Z I N E ]=---------=|
>
> Editors           : phrackstaff () gmail com
> Submissions       : phrackstaff () gmail com
> Commentary        : phrackstaff () gmail com
> Phrack World News : phrackstaff () gmail com
> (ChiX|H4X)0r Porn : phrackstaff () gmail com -- We're open minded.
>
>                              ...
>           #,                .                    .P
>            hr,              . ..               .Ac
>            'K#ph,           ..  .           .rAcK'
>             #ph'Rac,        .   .        .K#P'Hra
>              Ck'   #PHr      ...      .aCk'  #Ph
>               rA,    'cK#,         .pHr'    .AC
>               'K#       'Phr,   .aCk'       #P'
>      ...       rAc         ' .K.#P         Hra       ...
>     .           cK#       .pHR  .a,       cK#       .
>     . ..         pH,   .rAc'  .  'k#P    .HR        . ..
>     ..  .        'Ac .K#'     .     'PHr. ''        ..  .
>     .   .         aCk '       .        '#PH,        .   .
>      ...      .rA.'cK'        .        .. '#PH,      ...
>            .rAc'    k#,     .....     .PH    'rAc,
>         .K#P'       'Hr       .       aC'       'k#P,
>      .hRa'           cK#      .      pHr           'aCk,
>   .#Ph'____________________________ rAc ______________'K#P,
> .HRACK#PHRACK#PHRACK#PHRACK#PHRACK#'.PH RAC#PHRACK#PHRACK#PHRa.
>                        ...         cK'
>                         #Pr       aCk
>                          #Ph     rAc
>                           K#,   .Ph
>                           'RA   CK'
>                            #P. .hR
>                             aC.K#
>                              PhR
>                               A
>
>
>                               .
>                    Or contact us via seance
>
>
>
>
> |=------------------=[ S A M P L E   A R T I C L E ]=------------------=| 
>
>
> With the recent trend of everyone writing a book, the phrack staff have
> taken a break from our usual research to give it a try. For your reading
> enjoyment, we give you a sample chapter from our upcoming book, "Know
> your enemy: The Security Industry". 
>
> The first chapter is titled "The Art of Being Pwnd." I'm not sure I
> like the title, but the rest of the staff tell me it fits. Give it a
> read, and let us know what you think.
>
>
> -------------------------------------------------------------------------
> Chapter 1: 
>
>                                 The Art of Being Pwnd
>
>
> 	If you don't like your job you don't strike. 
> 	You just go in every day and do it really 
> 	half-assed. Thats the American way.
>                                         -- Homer (Simpson)
>
>
> It was another uneventful 2600 meeting for C1tiZ3n, the New-York kids
> were bragging about their latest 'big' hack and passing around the new
> Mitnick book, "The Art of Intrusion", while trying to avoid the advances
> of Emanuel in his halter top purchased at CCC. For C1tiZ3n this was
> particularly a concern, as he was unusually fit for a hacker, probably
> lucky genetics. When things would get desperate, C1tiZ3n had taken to
> pretending to listen to rebel, just to avoid Emmanuel (and fleas). 
>
> With the meeting over, The Mitnick book kept rolling through his head.
> As a younger kid, C1tiZen had looked up to Kevin as a role model. His
> room still had some of the 'Free Kevin' stickers from the campaign to
> release him from his wrongfull imprisonment (and suitable friendship
> with 'Bruno'). C1tiZ3n had wanted to be just like kevin -- able to
> launch a nuke by whistling thru a telephone. But no more. 
>
> After his release, Kevin had turned his back on all that he once was --
> selling out his hacker ethic for a business of selling snake oil to fat
> executives who wanted to hear him talk about social engineering and
> hacking. Business had been good for Kevin, from what he would say when
> he came to the 2600 meetings, he was making a killing at his speaking
> engagements. It was sickening to listen to him go on about it. Kevin had
> become just another white-hat -- profiting from manufacturing fear in
> his clients, and then by offering solutions at a highly exorbitant cost.
> He was now no different from Custom Shimomura -- a Gonif. 
>
> In the depths of his anger and despair, C1tiZ3n remembered reading in
> Kevin's latest book something about how secure his systems were, and how
> much it would mean for someone to hack him.  Grabbing his copy of the
> "Art of Intrusion", he looked for it. There it was:
>
>
> 	"Hackers play one-up among themselves, Clearly one of 
> 	the prizes would be bragging rights from hacking into my 
> 	security company's Web site or my personal system."
>                  -- K3v1n Mi7n|cK
>
> Maybe, just maybe Kevin could still be saved, and if not -- convinced to
> give up his sinful ways and follow his anger back to the true way.  An
> idea was forming in C1tiZ3n's head, a little bit of his own Project
> Mayhem -- PHC style. He would need help for this, especially if he was
> to do it right. 
>
>
> Another Day, Another Half-hour Interview
> ----------------------------------------------------------
>
> Safely back in his room, Kevin took a few minutes to catch up on email.
> These conference organizers had just hit him with a surprise interview.
> This had been a re-occurring problem, but Amy had worked out a solution.
> In his email was an email that Jen had sent on his behalf from his
> mitnick () newleafproductions com account. 
>
>
> 	Carlos, 
>
> 	Please correct the following balance to Mr. Mitnick's 
> 	account:
>
> Bla, Bla .. more money talk. "This is why I pay her to take care of 
> me." A paragraph lower down in the email caught his eye:
>
> 	Further, in section 3.03, the contract states, "For each 
> 	additional interview, up to thirty (30) minutes in length, 
> 	the Speaker requires one additional night in the event venue, 
> 	all room and tax charges, all meals for one (1) additional day, 
> 	Internet service, laundry service, and ground transportation. 
> 	All of these expenses must be pre-paid by the Client in USD 
> 	prior to the delivery of the extra interviews."
>
> "Jen is so sexy when she talks legal", Kevin thought. That should help
> put an end to these surprise interviews. "My clients are already cheap
> bastards, they will definitely think twice now before trying to spring
> an interview on me". Despite this, somehow the phrasing of the paragraph
> bothered Kevin. "..delivery of the extra interviews.", That makes me
> sound like a whore selling my 'wares' to the 'Client'.  "Jen will have
> to reword that, but its good enough for now.", he thought.
>
> The next email was from Gonzalo Zapata <gonzalozapatac () hotmail com>
> asking for the POWER POINT PRESENTATIONS for the Argentina conference.
> "Why the fuck do those spicks have to put that in all caps? God, I wish
> i could just hack a bank or something so I wouldn't have to put up with
> these armatures." Kevin signed, fired off a quick email to Matthew C.
> Beckman (aka nulllink () nulllink com), inquiring why he wasn't responding
> to email. That done, kevin closed his laptop. Time for some drinks at
> the bar, courtesy of his suffocating fan-base. 
>
> He paused, remembering to take some business cards with his 'junk' email
> address to give to losers he never wanted to hear from again -- like
> that Scott Madison guy he met at the Sydney workshop at the Sofitel.
>
>
> Target: Mitnicksecurity.org
> ----------------------------------------------------------
>
> Meanwhile, C1tiZ3n has been busy researching his mark. Apparently, he
> had his work cut out for him. Not only was kevin running on a
> ultra-secure freebsd web-hosting provider, they used some of most
> advanced security software that money could buy -- Snort.
>
> With top security experts working at Mitnick's security
> company and more still in his phone book, C1tiZ3n thought that 
> this would be the hardest job yet. He was soon to learn he was wrong.
>
> Kevin had left demo scripts publicly available on his web-site. Better,
> the demo scripts were for sql injection vulnerabilities. That is all
> that is necessary. C1tiZ3n had a older UDF that he wrote months ago
> on his laptop, all that was necessary was to store it into the database
> and then drop via INTO OUTFILE. 
>
> A couple minutes work later, he was greeted with a login shell to
> kevin's site:
>
> $ls -l
>
> total 5562396
> drwx--x--x   9 mitadmin mitadmin       4096 Jun 14 16:50 .
> drwx--x--x  90 root     root           4096 Jun  7 22:41 ..
> -rw-r--r--   1 mitadmin mitadmin 5650470878 May  9 01:24 backup-02-09-2005.tgz
> -rw-------   1 mitadmin mitadmin       3919 May 27 16:22 .bash_history
> -rw-r--r--   1 mitadmin mitadmin     399360 Apr 28 13:55 clid2.tar
> -rw-r--r--   1 mitadmin mitadmin     399360 Feb 23 10:58 clid.tar
> -rw-------   1 mitadmin mitadmin         25 Jun 14 16:14 .contactemail
> -rw-r--r--   1 mitadmin mitadmin         10 Feb  9 18:25 .contactsavetime
> -rw-------   1 mitadmin mitadmin       1682 Jan 24 02:18 .cpanel-ducache
> drwxr-xr-x   3 mitadmin mail           4096 May 23 09:19 etc
> drwxr-xr-x  34 mitadmin mitadmin       4096 May 23 09:19 .htpasswds
> -rw-------   1 mitadmin mitadmin         14 Jun 14 16:14 .lastlogin
> drwxrwx---   3 mitadmin mail           4096 Jan 17 21:38 mail
> -rw-r--r--   1 mitadmin mitadmin   38559604 Apr 25 10:15 mitnickpromo2.mov
> -rw-r--r--   1 mitadmin mitadmin     399360 Jan 31 07:24 newclid.tar
> drwxr-xr-x   3 mitadmin mitadmin       4096 Jan 17 17:00 public_ftp
> drwxr-xr-x  40 mitadmin nobody         4096 May 23 09:19 public_html
> -rw-r--r--   1 mitadmin mitadmin         13 Jun 14 16:14 .rvlastlogin
> -rw-------   1 mitadmin mitadmin         24 Mar 28 03:33 .spamkey
> drwx------   6 mitadmin mitadmin       4096 Jan 24 02:16 tmp
> drwx------   2 mitadmin mitadmin       4096 Jun 14 16:26 .trash
> lrwxrwxrwx   1 root     root             11 Jan 17 17:00 www -> public_html
>
> Quickly looking through the directories, C1tiZ3n made note of some directories
> that looked particularly intresting. Pausing for a second, C1tiZ3n chuckled as 
> he looked at ralph's directory:
>
> $ls -l public_html/ralph
>
> ./public_html/ralph:
> total 6272
> drwx--x--x   2 mitadmin mitadmin    4096 Jan 24 15:49 .
> drwxr-xr-x  40 mitadmin nobody      4096 May 23 09:19 ..
> -rw-r--r--   1 mitadmin mitadmin 6391141 Jan 23 03:43 Deltron 3030- Virus.mp3
> -rw-------   1 mitadmin mitadmin       4 Jan 23 03:28 .ftpquota
> -rw-r--r--   1 mitadmin mitadmin     142 Feb 20 08:49 .htaccess
>
> "Fanboi", C1tiz3n thought. "Enough of this browsing, now work really begins".
>
>
> 30 days and $1,436 dollars later
> ----------------------------------------------------------
>
> "How much was it?" Kevin was insensed.
>
> "One thousand, four hundred, thirty five dollars and ninety-nine cents",
> Caroline repeated calmly, adding " Its mostly from the international
> calls while you were in Greece and South Africa. 
>
> "Pay it.", he snapped. Adding, "We need to find a more cost effective
> solution."
>
> TMC had been good to kevin. Their prices were not that exorbitant, and their
> service had been acceptable. This bill though, it was almost seven times 
> average. 
>
> "About the books for your signings.", Caroline was wanting a different
> subject badly. "I had them shipped to you at the 7113 West Gowan Road,
> Las Vegas address. From what the publisher said, the advance orders are
> going very well."
>
> "Good. Ive already been contacted about the identities of one of the
> chapter's subjects. Seems the FBI is investigating, and they decided
> to pay me a visit."
>
> "What will you do?", ask Caroline.
>
> "I don't want any more trouble from them, I just gave them what they wanted. 
> They promised it would not be attributed to me. If word of this got out,
> no one would ever dare talk to me again." Kevin never really recovered
> from his stay in club fed. The beatings, the brutality, Bruno. He had been 
> betrayed by his friends, and now he would do whatever it took to stay out 
> -- even if itment being the low-life type narc that landed him in jail in the 
> first place.
>
>
> "You did what you had to. After what they did to you the last time, I don't
> think anyone can blame you. Besides, better them then you." Caronline consoled 
> him. He was her meal ticket, and she knew it. 
>
> "Well, enough. I'm going for a jog. Talk to you later."
>
> Surveying the prize
> ----------------------------------------------------------
>
> Pay-dirt. Looking through the directory listing, C1tiZen noticed that
> apparently kevin was not above the use of pirated files in his company.
> Particularly, Compuware's softice, Core Impact and CANVAS. It seemed
> that the files were purposefully placed in world accessible directories
> for download during penetration tests.
>
> All through the site were power point presentations that kevin used in
> his engagements. Janis's home directory contained most of them (her
> password is crypt0).
>
> And there was the presentation that C1tiZ3n had seen before -- the art of
> intrusion power-point.
>
> "He needed to update his definitions of a black hat hacker", C1tiZ3n
> though. "Not only do they hack for personal or political reasons, but
> also for financial gain. Like when TWD was hacking sites to feed his
> heroin addiction. On second thought, white-hats are not much different
> -- they exploit the fear of their clients for financial gain to feed
> their addictions. "
>
> C1tiZ3n sighed, "How the mighty have fallen.", he thought.
>
> Moving further down the file listing, the 'pen-testing' directory caught his
> eyes. Inside was a treasure trove of files from penetration testing jobs that
> kevin had sold to unsuspecting victims^H^H^H^H^H^H^Customers.
>
> There were reports, and logs, and the most interesting files were trophies 
> that kevin retained from his exploits. "Old habits die hard, heh."
>
> C1tizen downloaded and opened one report -- for Midland Credit
> Management. "This form looks very familiar."  It was rare that two
> companies would have the same layout and style for a report, and C1tiZ3n
> had seen a report like this before. "Here it is. " C1tiZ3n chuckled,
> "Mitnick has ripped off a template that looked excatly like one from
> when he had owned rooted.net"
>
> -- A weekend previously
> In a frenzy of irc hacks, C1tiZ3n had encountered a guy on one of 
> his many ereet SILC servers, Mrx. Mrx was particularly 
> smug and often liked to talk about his many eveningz with Mitnick along
> with a nice chianti and vava beans. These SILC conversations would often
> involve the conversations normally reserved for special evenings with Kevin
> C1tiZ3n felt the occassional anal rape was worth standing so he could find an
> angle onto the great dissapointment..
>
> C1tiZ3ns shell from rooted.net was enough to provide access to Mitnicks social
> calender, emmanuals 2600 "money shots" and his life, including corporate 
> reports and a kick-ass email address (c1tizen () anally rooted net). 
>
> ---- The Present day
>
> The midland report made for interesting reading, but what was more
> interesting was what it didn't say. It said nothing about the credit
> record files that kevin stored in the penetration directory, publicly
> accessible to the world, that were downloaded from Midland. "Kevin's
> retirement plan", C1tiZ3n joked.
>
> Disgusted, CitiZ3n closed his connection. "I can't take it anymore,
> Kevin used to be _the_ hacker of hackers. Now he's just another stinking
> white-hat. The community used to rally around him, but now he betrays us
> -- exploits us for his financial gain. Exploiting his own clients --
> first their fear, then their trust. "
>
> "Free Kevin?", thought C1tiZ3n, "No.. Put kevin back, please!"
>
> --------------------------------------------------------------------------- 
>
> So, what do you think of the first chapter of our new book, "The art of
> being pwnd?" I enjoyed writing it, and I hope you enjoyed reading it. Stay
> tuned for our next chapter, "How to Own a Publisher".
>
>
> [-]=====================================================================[-]
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/