Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Did you miss us yet?
From: Dunceor . (dunceorgmail.com)
Date: Tue Aug 02 2005 - 04:05:10 CDT
Probobly since in rthe new Phrack it says Phrack will start again with
a new staff in 2006/2007 and this guy is mailing from a gmail addy
On 8/1/05, Dinis Cruz <dinisddplus.net> wrote:
> Surely this is a hoax?
> Dinis Cruz
> .Net Security Consultant
> Phrack Staff wrote:
=: P H R A C K - R E B O R N :=
... Phrack is dead. Long Live Phrack.
> FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS
> October 2005 at 11:59pm
Submissions : phrackstaffgmail.com
> Phrackstaff are pleased to bring you the third new
release of PHRACK.
> originally stated, Phrack strayed from its original purpose
> issues ago. Because of the irresponsible use of the
Phrack forum, the
> commercialisation of hacking has been allowed
to occur -- neigh --
> encouraged. The old Phrack has been a long-time
in dying. The past few
> issues have been coughing up blood (this
could have been due to a severe
> case of industry rape). But now
that death has come to the old Phrack, like
> Gene Gray, Phrack
Submissions should _NOT_ disclose new
> exploit methods, new backdooring
methods, or any other information that may
> be used by the information
security extortion industry to further increase
> their profit margins.
Some article ideas:
- White-hat 12 Step Program
> aka. "OMFG I'm a white-hat, How do I Stop?"
- B4 They were famous.
> "Profiles of White-hats they would like to forget."
- HoneyNet Project: Be
> Your Enemy
- Saved by Project Mayhem
- Setting up your own "I'm a
> White-hat get me out of here" program.
As a special treat to our readers,
> this CFP includes a sample
of the material we look forward to bringing you,
> our new Phrack
readership in the future.
|=-----------=[ C O N T A C T
> P H R A C K M A G A Z I N E ]=---------=|
Submissions : phrackstaffgmail.com
Phrack World News : phrackstaffgmail.com
> Porn : phrackstaffgmail.com -- We're open minded.
#, . .P
hr, . ..
'K#ph, .. . .rAcK'
#ph'Rac, . . .K#P'Hra
Ck' #PHr ... .aCk' #Ph
> 'cK#, .pHr' .AC
'K# 'Phr, .aCk' #P'
... rAc ' .K.#P Hra ...
. cK# .pHR
> .a, cK# .
. .. pH, .rAc' . 'k#P .HR . ..
.. . 'Ac .K#' . 'PHr. '' .. .
> . aCk ' . '#PH, . .
... .rA.'cK' . .. '#PH, ...
.rAc' k#, ..... .PH 'rAc,
> .K#P' 'Hr . aC' 'k#P,
.hRa' cK# . pHr 'aCk,
> .#Ph'____________________________ rAc
Or contact us via seance
> S A M P L E A R T I C L E ]=------------------=|
With the recent trend of
> everyone writing a book, the phrack staff have
taken a break from our usual
> research to give it a try. For your reading
enjoyment, we give you a sample
> chapter from our upcoming book, "Know
your enemy: The Security Industry".
The first chapter is titled "The Art of Being Pwnd." I'm not sure I
> the title, but the rest of the staff tell me it fits. Give it a
> let us know what you
The Art of Being Pwnd
If you don't like your job you don't strike.
You just go in every day and do it really
half-assed. Thats the American
-- Homer (Simpson)
It was another uneventful 2600 meeting for
> C1tiZ3n, the New-York kids
were bragging about their latest 'big' hack and
> passing around the new
Mitnick book, "The Art of Intrusion", while trying to
> avoid the advances
of Emanuel in his halter top purchased at CCC. For
> C1tiZ3n this was
particularly a concern, as he was unusually fit for a
> hacker, probably
lucky genetics. When things would get desperate, C1tiZ3n
> had taken to
pretending to listen to rebel, just to avoid Emmanuel (and
With the meeting over, The Mitnick book kept rolling through his
As a younger kid, C1tiZen had looked up to Kevin as a role model.
room still had some of the 'Free Kevin' stickers from the campaign
release him from his wrongfull imprisonment (and suitable friendship
> 'Bruno'). C1tiZ3n had wanted to be just like kevin -- able to
launch a nuke
> by whistling thru a telephone. But no more.
After his release, Kevin had
> turned his back on all that he once was --
selling out his hacker ethic for
> a business of selling snake oil to fat
executives who wanted to hear him
> talk about social engineering and
hacking. Business had been good for Kevin,
> from what he would say when
he came to the 2600 meetings, he was making a
> killing at his speaking
engagements. It was sickening to listen to him go on
> about it. Kevin had
become just another white-hat -- profiting from
> manufacturing fear in
his clients, and then by offering solutions at a
> highly exorbitant cost.
He was now no different from Custom Shimomura -- a
In the depths of his anger and despair, C1tiZ3n remembered reading
Kevin's latest book something about how secure his systems were, and
much it would mean for someone to hack him. Grabbing his copy of
"Art of Intrusion", he looked for it. There it was:
> one-up among themselves, Clearly one of
the prizes would be bragging
> rights from hacking into my
security company's Web site or my personal
-- K3v1n Mi7n|cK
Maybe, just maybe Kevin could still be saved,
> and if not -- convinced to
give up his sinful ways and follow his anger back
> to the true way. An
idea was forming in C1tiZ3n's head, a little bit of his
> own Project
Mayhem -- PHC style. He would need help for this, especially if
> he was
to do it right.
Another Day, Another Half-hour
> back in his room, Kevin took a few minutes to catch up on email.
> conference organizers had just hit him with a surprise interview.
> been a re-occurring problem, but Amy had worked out a solution.
In his email
> was an email that Jen had sent on his behalf from
> the following balance to Mr. Mitnick's
Bla, Bla .. more money
> talk. "This is why I pay her to take care of
me." A paragraph lower down in
> the email caught his eye:
Further, in section 3.03, the contract states,
> "For each
additional interview, up to thirty (30) minutes in length,
> Speaker requires one additional night in the event venue,
all room and tax
> charges, all meals for one (1) additional day,
Internet service, laundry
> service, and ground transportation.
All of these expenses must be pre-paid
> by the Client in USD
prior to the delivery of the extra interviews."
> is so sexy when she talks legal", Kevin thought. That should help
put an end
> to these surprise interviews. "My clients are already cheap
> will definitely think twice now before trying to spring
an interview on me".
> Despite this, somehow the phrasing of the paragraph
> "..delivery of the extra interviews.", That makes me
sound like a whore
> selling my 'wares' to the 'Client'. "Jen will have
to reword that, but its
> good enough for now.", he thought.
The next email was from Gonzalo Zapata
asking for the POWER POINT PRESENTATIONS for
> the Argentina conference.
"Why the fuck do those spicks have to put that in
> all caps? God, I wish
i could just hack a bank or something so I wouldn't
> have to put up with
these armatures." Kevin signed, fired off a quick email
> to Matthew C.
Beckman (aka nulllinknulllink.com), inquiring why he wasn't
to email. That done, kevin closed his laptop. Time for some
> drinks at
the bar, courtesy of his suffocating fan-base.
> remembering to take some business cards with his 'junk' email
> give to losers he never wanted to hear from again -- like
that Scott Madison
> guy he met at the Sydney workshop at the Sofitel.
> C1tiZ3n has been busy researching his mark. Apparently, he
had his work cut
> out for him. Not only was kevin running on a
> web-hosting provider, they used some of most
advanced security software that
> money could buy -- Snort.
With top security experts working at Mitnick's
company and more still in his phone book, C1tiZ3n thought that
this would be the hardest job yet. He was soon to learn he was
Kevin had left demo scripts publicly available on his web-site.
the demo scripts were for sql injection vulnerabilities. That is
that is necessary. C1tiZ3n had a older UDF that he wrote months ago
> his laptop, all that was necessary was to store it into the database
> then drop via INTO OUTFILE.
A couple minutes work later, he was greeted
> with a login shell to
> mitadmin mitadmin 4096 Jun 14 16:50 .
drwx--x--x 90 root root 4096 Jun 7
> 22:41 ..
-rw-r--r-- 1 mitadmin mitadmin 5650470878 May 9 01:24
-rw------- 1 mitadmin mitadmin 3919 May 27 16:22
-rw-r--r-- 1 mitadmin mitadmin 399360 Apr 28 13:55
-rw-r--r-- 1 mitadmin mitadmin 399360 Feb 23 10:58
-rw------- 1 mitadmin mitadmin 25 Jun 14 16:14
-rw-r--r-- 1 mitadmin mitadmin 10 Feb 9 18:25
-rw------- 1 mitadmin mitadmin 1682 Jan 24 02:18
drwxr-xr-x 3 mitadmin mail 4096 May 23 09:19 etc
> 34 mitadmin mitadmin 4096 May 23 09:19 .htpasswds
-rw------- 1 mitadmin
> mitadmin 14 Jun 14 16:14 .lastlogin
drwxrwx--- 3 mitadmin mail 4096 Jan 17
> 21:38 mail
-rw-r--r-- 1 mitadmin mitadmin 38559604 Apr 25 10:15
-rw-r--r-- 1 mitadmin mitadmin 399360 Jan 31 07:24
drwxr-xr-x 3 mitadmin mitadmin 4096 Jan 17 17:00
drwxr-xr-x 40 mitadmin nobody 4096 May 23 09:19
-rw-r--r-- 1 mitadmin mitadmin 13 Jun 14 16:14
-rw------- 1 mitadmin mitadmin 24 Mar 28 03:33
drwx------ 6 mitadmin mitadmin 4096 Jan 24 02:16 tmp
> mitadmin mitadmin 4096 Jun 14 16:26 .trash
lrwxrwxrwx 1 root root 11 Jan 17
> 17:00 www -> public_html
Quickly looking through the directories, C1tiZ3n
> made note of some directories
that looked particularly intresting. Pausing
> for a second, C1tiZ3n chuckled as
he looked at ralph's directory:
drwx--x--x 2 mitadmin
> mitadmin 4096 Jan 24 15:49 .
drwxr-xr-x 40 mitadmin nobody 4096 May 23 09:19
-rw-r--r-- 1 mitadmin mitadmin 6391141 Jan 23 03:43 Deltron 3030-
-rw------- 1 mitadmin mitadmin 4 Jan 23 03:28 .ftpquota
> 1 mitadmin mitadmin 142 Feb 20 08:49 .htaccess
"Fanboi", C1tiz3n thought.
> "Enough of this browsing, now work really begins".
30 days and $1,436
> much was it?" Kevin was insensed.
"One thousand, four hundred, thirty five
> dollars and ninety-nine cents",
Caroline repeated calmly, adding " Its
> mostly from the international
calls while you were in Greece and South
"Pay it.", he snapped. Adding, "We need to find a more cost
TMC had been good to kevin. Their prices were not that
> exorbitant, and their
service had been acceptable. This bill though, it was
> almost seven times
"About the books for your signings.",
> Caroline was wanting a different
subject badly. "I had them shipped to you
> at the 7113 West Gowan Road,
Las Vegas address. From what the publisher
> said, the advance orders are
going very well."
"Good. Ive already been
> contacted about the identities of one of the
chapter's subjects. Seems the
> FBI is investigating, and they decided
to pay me a visit."
"What will you
> do?", ask Caroline.
"I don't want any more trouble from them, I just gave
> them what they wanted.
They promised it would not be attributed to me. If
> word of this got out,
no one would ever dare talk to me again." Kevin never
> really recovered
from his stay in club fed. The beatings, the brutality,
> Bruno. He had been
betrayed by his friends, and now he would do whatever it
> took to stay out
-- even if itment being the low-life type narc that landed
> him in jail in the
"You did what you had to. After what they
> did to you the last time, I don't
think anyone can blame you. Besides,
> better them then you." Caronline consoled
him. He was her meal ticket, and
> she knew it.
"Well, enough. I'm going for a jog. Talk to you
> Looking through the directory listing, C1tiZen noticed that
> was not above the use of pirated files in his company.
> Compuware's softice, Core Impact and CANVAS. It seemed
that the files were
> purposefully placed in world accessible directories
for download during
> penetration tests.
All through the site were power point presentations that
> kevin used in
his engagements. Janis's home directory contained most of them
password is crypt0).
And there was the presentation that C1tiZ3n had
> seen before -- the art of
"He needed to update his
> definitions of a black hat hacker", C1tiZ3n
though. "Not only do they hack
> for personal or political reasons, but
also for financial gain. Like when
> TWD was hacking sites to feed his
heroin addiction. On second thought,
> white-hats are not much different
-- they exploit the fear of their clients
> for financial gain to feed
their addictions. "
C1tiZ3n sighed, "How the
> mighty have fallen.", he thought.
Moving further down the file listing, the
> 'pen-testing' directory caught his
eyes. Inside was a treasure trove of
> files from penetration testing jobs that
kevin had sold to unsuspecting
There were reports, and logs, and the most
> interesting files were trophies
that kevin retained from his exploits. "Old
> habits die hard, heh."
C1tizen downloaded and opened one report -- for
> Midland Credit
Management. "This form looks very familiar." It was rare that
companies would have the same layout and style for a report, and
had seen a report like this before. "Here it is. " C1tiZ3n
"Mitnick has ripped off a template that looked excatly like one
when he had owned rooted.net"
-- A weekend previously
In a frenzy of
> irc hacks, C1tiZ3n had encountered a guy on one of
his many ereet SILC
> servers, Mrx. Mrx was particularly
smug and often liked to talk about his
> many eveningz with Mitnick along
with a nice chianti and vava beans. These
> SILC conversations would often
involve the conversations normally reserved
> for special evenings with Kevin
C1tiZ3n felt the occassional anal rape was
> worth standing so he could find an
angle onto the great
C1tiZ3ns shell from rooted.net was enough to provide
> access to Mitnicks social
calender, emmanuals 2600 "money shots" and his
> life, including corporate
reports and a kick-ass email address
---- The Present day
The midland report made
> for interesting reading, but what was more
interesting was what it didn't
> say. It said nothing about the credit
record files that kevin stored in the
> penetration directory, publicly
accessible to the world, that were
> downloaded from Midland. "Kevin's
retirement plan", C1tiZ3n
Disgusted, CitiZ3n closed his connection. "I can't take it
Kevin used to be _the_ hacker of hackers. Now he's just another
white-hat. The community used to rally around him, but now he
> betrays us
-- exploits us for his financial gain. Exploiting his own clients
first their fear, then their trust. "
"Free Kevin?", thought C1tiZ3n,
> "No.. Put kevin back,
So, what do you think of the first chapter of our new book, "The art
being pwnd?" I enjoyed writing it, and I hope you enjoyed reading it.
tuned for our next chapter, "How to Own a
> - We believe in it.
> and sponsored by Secunia - http://secunia.com/
> Full-Disclosure - We believe in it.
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/