Want more features on Pastebin? Sign Up, it's FREE!
Guest

HBGary: Online Smear Campaigns

By: a guest on Feb 11th, 2011  |  syntax: None  |  size: 3.51 KB  |  views: 11,962  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. HBGary E-mail Viewer
  2.  
  3. greg@hbgary.com
  4.  
  5. Go back
  6.  
  7.  
  8. Original file:   27606
  9. click here to show this e-mail with HTML markup
  10. From:    jussi jaakonaho <jussij@gmail.com>
  11. To:      Greg Hoglund <greg@hbgary.com>
  12. Date:    Sun, 6 Feb 2011 22:15:54 +0200
  13. Subject:         Re: need to ssh into rootkit
  14. click here to show full headers
  15. Attachments:     This e-mail does not have any attachments.
  16.  
  17.  
  18.  
  19. did you open something running on high port?
  20.  
  21.  
  22. On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:
  23.  
  24. > ok let me know if you need me
  25. >
  26. > On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  27. >> tnx.
  28. >> i am also connected to the box, seems some people have download problems -
  29. >> have figured earlier that some chinese used chinese chars on names of files,
  30. >> which then our filtering stripped off when putting db etc. so some db
  31. >> editing
  32. >>
  33. >>
  34. >> _jussi
  35. >>
  36. >> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
  37. >>
  38. >>> ok ill make sure to get you a new license asap.
  39. >>>
  40. >>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  41. >>>> np.
  42. >>>> btw i did not shut down the firewall so it still protects with too many
  43. >>>> connections from same source address.
  44. >>>>
  45. >>>> i have also downloaded latest backups from /home/varmi to my homebox,
  46. >>>> just
  47. >>>> in case.
  48. >>>>
  49. >>>> oh, also seem my license is expiring for responder again. o:-) was
  50. >>>> thinking
  51. >>>> to put it into box with more memory.
  52. >>>>
  53. >>>> _jussi
  54. >>>>
  55. >>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
  56. >>>>
  57. >>>>> yup im logged in thanks ill email you in a few, im backed up
  58. >>>>>
  59. >>>>> thanks
  60. >>>>>
  61. >>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  62. >>>>>> nope. your account is named as hoglund
  63. >>>>>>
  64. >>>>>>
  65. >>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
  66. >>>>>>
  67. >>>>>>> yes jussi thanks
  68. >>>>>>>
  69. >>>>>>> did you reset the user greg or?
  70. >>>>>>>
  71. >>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  72. >>>>>>>> does it work now?
  73. >>>>>>>>
  74. >>>>>>>>
  75. >>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
  76. >>>>>>>>
  77. >>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
  78. >>>>>>>>> for a little bit.
  79. >>>>>>>>>
  80. >>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
  81. >>>>>>>>> 65.74.181.141?
  82. >>>>>>>>>
  83. >>>>>>>>> thanks
  84. >>>>>>>>>
  85. >>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  86. >>>>>>>>>> ok,
  87. >>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
  88. >>>>>>>>>> testing
  89. >>>>>>>>>> so
  90. >>>>>>>>>> that it works for sure.
  91. >>>>>>>>>> your password is changeme123
  92. >>>>>>>>>>
  93. >>>>>>>>>> i am online so just shoot me if you need something.
  94. >>>>>>>>>>
  95. >>>>>>>>>> in europe, but not in finland? :-)
  96. >>>>>>>>>>
  97. >>>>>>>>>> _jussi
  98. >>>>>>>>>>
  99. >>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
  100. >>>>>>>>>>
  101. >>>>>>>>>>> no i dont have the public ip with me at the moment because im
  102. >>>>>>>>>>> ready
  103. >>>>>>>>>>> for a small meeting and im in a rush.
  104. >>>>>>>>>>>
  105. >>>>>>>>>>> if anything just reset my password to changeme123 and give me
  106. >>>>>>>>>>> public
  107. >>>>>>>>>>> ip and ill ssh in and reset my pw.
  108. >>>>>>>>>>>
  109. >>>>>>>>>>> thanks
  110. >>>>>>>>>>>
  111. >>>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  112. >>>>>>>>>>>> hi,
  113. >>>>>>>>>>>>
  114. >>>>>>>>>>>> do you have public ip? or should i just drop fw?
  115. >>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
  116. >>>>>>>>>>>>
  117. >>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
  118. >>>>>>>>>>>>
  119. >>>>>>>>>>>> _jussi
  120. >>>>>>>>>>>>
  121. >>>>>>>>>>>>
  122. >>>>>>>>>>>>> jussi
  123. >>>>
  124. >>>>
  125. >>
  126. >>
clone this paste RAW Paste Data