Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Striking Back...

By: ComodoHacker on Sep 5th, 2011  |  syntax: None  |  size: 3.77 KB  |  views: 67,065  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Hi again! I strike back again, huh?
  2.  
  3. I told all that I can do it again, I told all in interviews that I still have accesses in Comodo resellers, I told all I have access to most of CAs, you see that words now?
  4.  
  5. You know, I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them, I also had access to StartCom CA, I hacked their server too with so sophisticated methods, he was lucky by being sitted in front of HSM for signing, I will name just one more which I still have access: GlobalSign, let me use these accesses and CAs, later I'll talk about them too..
  6.  
  7. I won't talk so many detail for now, just I wanted to let the world know that ANYTHING you do will have consequences, ANYTHING your country did in past, you have to pay for it...
  8.  
  9. I was sure if I issue those certificates for myself from a company, company will be closed and will not be able to issue certs anymore, Comodo was really really lucky!
  10.  
  11. I thought if I issue certs from Dutch Gov. CA, they'll lose a lot of money:
  12. http://www.nasdaq.com/aspx/dynamic_charting.aspx?selected=VDSI&timeframe=6m&charttype=line
  13.  
  14. But I remembered something and I hacked DigiNotar without more thinking in anniversary of that mistake:
  15. http://www.tepav.org.tr/en/kose-yazisi-tepav/s/2551
  16.  
  17. When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8000 Muslims in same day, Dutch government have to pay for it, nothing is changed, just   16 years has been passed. Dutch government's 13 million dollars which paid for DigiNotar will have to go DIRECTLY into trash, it's what I can do from KMs away! It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government.
  18.  
  19. I'll talk technical details of hack later, I don't have time now... How I got access to 6 layer network behind internet servers of DigiNotar, how I found passwords, how I got SYSTEM privilage in fully patched and up-to-date system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, their 6th layer internal "CERT NETWORK" which have no ANY connection to internet, how I got full remote desktop connection when there was firewalls that blocked all ports except 80 and 443 and doesn't allow Reverse or direct VNC connections, more and more and more...
  20.  
  21. After I explain, you'll understand how sophisticated attack it was, It will be a good hacking course for hackers like Anonymous and Lulzsec :) There was so many 0-day bugs, methods and skill shows...
  22.  
  23. Have you ever heard of XUDA programming language which RSA Certificate manager uses it? NO! I heard of it in RSA Certificate Manager and I learned programming in it in same night, it is so unusual like greater than sign in all programming languages is "<" but in XUDA it is "{"
  24.  
  25. Anyway... I'll talk about DigiNotar later! For now keep thinking about what Dutch government did in 16 years ago in same day of my hack, I'll talk later and I'll introduce to you MOST sophisticated hack of the year which will come more, you have to also wait for other CA's certificates to be used by me, then I'll talk about them too.
  26.  
  27. Interviews will be done via email ichsun [at] ymail.com
  28.  
  29. By the way, ask DigiNotar about this username/password combination:
  30.  
  31. Username: PRODUCTION\Administrator (domain administrator of certificate network)
  32. Password: Pr0d@dm1n
  33.  
  34. It's not all about passwords or cracking them,
  35. 1) you can't have remote desktop connection in a really closed and protected network by firewalls which doesn't allow Reverse VNC, VNC, remote desktop, etc. by packet detection.
  36. 2) you can't even dump hashes of domain if you don't have admin privilege to crack them
  37. 3) you can't access 6th layer network which have no ANY connection to internet from internet
  38.  
  39.  
  40. Yeah!
  41.  
  42. Bye for now