HBGary E-mail Viewer greg@hbgary.com Go back Original file: 27606 click here to show this e-mail with HTML markup From: jussi jaakonaho To: Greg Hoglund Date: Sun, 6 Feb 2011 22:15:54 +0200 Subject: Re: need to ssh into rootkit click here to show full headers Attachments: This e-mail does not have any attachments. did you open something running on high port? On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote: > ok let me know if you need me > > On 2/6/11, jussi jaakonaho wrote: >> tnx. >> i am also connected to the box, seems some people have download problems - >> have figured earlier that some chinese used chinese chars on names of files, >> which then our filtering stripped off when putting db etc. so some db >> editing >> >> >> _jussi >> >> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote: >> >>> ok ill make sure to get you a new license asap. >>> >>> On 2/6/11, jussi jaakonaho wrote: >>>> np. >>>> btw i did not shut down the firewall so it still protects with too many >>>> connections from same source address. >>>> >>>> i have also downloaded latest backups from /home/varmi to my homebox, >>>> just >>>> in case. >>>> >>>> oh, also seem my license is expiring for responder again. o:-) was >>>> thinking >>>> to put it into box with more memory. >>>> >>>> _jussi >>>> >>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote: >>>> >>>>> yup im logged in thanks ill email you in a few, im backed up >>>>> >>>>> thanks >>>>> >>>>> On 2/6/11, jussi jaakonaho wrote: >>>>>> nope. your account is named as hoglund >>>>>> >>>>>> >>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote: >>>>>> >>>>>>> yes jussi thanks >>>>>>> >>>>>>> did you reset the user greg or? >>>>>>> >>>>>>> On 2/6/11, jussi jaakonaho wrote: >>>>>>>> does it work now? >>>>>>>> >>>>>>>> >>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote: >>>>>>>> >>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany >>>>>>>>> for a little bit. >>>>>>>>> >>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still >>>>>>>>> 65.74.181.141? >>>>>>>>> >>>>>>>>> thanks >>>>>>>>> >>>>>>>>> On 2/6/11, jussi jaakonaho wrote: >>>>>>>>>> ok, >>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing >>>>>>>>>> testing >>>>>>>>>> so >>>>>>>>>> that it works for sure. >>>>>>>>>> your password is changeme123 >>>>>>>>>> >>>>>>>>>> i am online so just shoot me if you need something. >>>>>>>>>> >>>>>>>>>> in europe, but not in finland? :-) >>>>>>>>>> >>>>>>>>>> _jussi >>>>>>>>>> >>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote: >>>>>>>>>> >>>>>>>>>>> no i dont have the public ip with me at the moment because im >>>>>>>>>>> ready >>>>>>>>>>> for a small meeting and im in a rush. >>>>>>>>>>> >>>>>>>>>>> if anything just reset my password to changeme123 and give me >>>>>>>>>>> public >>>>>>>>>>> ip and ill ssh in and reset my pw. >>>>>>>>>>> >>>>>>>>>>> thanks >>>>>>>>>>> >>>>>>>>>>> On 2/6/11, jussi jaakonaho wrote: >>>>>>>>>>>> hi, >>>>>>>>>>>> >>>>>>>>>>>> do you have public ip? or should i just drop fw? >>>>>>>>>>>> and it is w0cky - tho no remote root access allowed >>>>>>>>>>>> >>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote: >>>>>>>>>>>> >>>>>>>>>>>> _jussi >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> jussi >>>> >>>> >> >>