Guest User

HBGary: Online Smear Campaigns

a guest
Feb 11th, 2011
13,236
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. HBGary E-mail Viewer
  2.  
  3. greg@hbgary.com
  4.  
  5. Go back
  6.  
  7.  
  8. Original file: 27606
  9. click here to show this e-mail with HTML markup
  10. From: jussi jaakonaho <jussij@gmail.com>
  11. To: Greg Hoglund <greg@hbgary.com>
  12. Date: Sun, 6 Feb 2011 22:15:54 +0200
  13. Subject: Re: need to ssh into rootkit
  14. click here to show full headers
  15. Attachments: This e-mail does not have any attachments.
  16.  
  17.  
  18.  
  19. did you open something running on high port?
  20.  
  21.  
  22. On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:
  23.  
  24. > ok let me know if you need me
  25. >
  26. > On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  27. >> tnx.
  28. >> i am also connected to the box, seems some people have download problems -
  29. >> have figured earlier that some chinese used chinese chars on names of files,
  30. >> which then our filtering stripped off when putting db etc. so some db
  31. >> editing
  32. >>
  33. >>
  34. >> _jussi
  35. >>
  36. >> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
  37. >>
  38. >>> ok ill make sure to get you a new license asap.
  39. >>>
  40. >>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  41. >>>> np.
  42. >>>> btw i did not shut down the firewall so it still protects with too many
  43. >>>> connections from same source address.
  44. >>>>
  45. >>>> i have also downloaded latest backups from /home/varmi to my homebox,
  46. >>>> just
  47. >>>> in case.
  48. >>>>
  49. >>>> oh, also seem my license is expiring for responder again. o:-) was
  50. >>>> thinking
  51. >>>> to put it into box with more memory.
  52. >>>>
  53. >>>> _jussi
  54. >>>>
  55. >>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
  56. >>>>
  57. >>>>> yup im logged in thanks ill email you in a few, im backed up
  58. >>>>>
  59. >>>>> thanks
  60. >>>>>
  61. >>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  62. >>>>>> nope. your account is named as hoglund
  63. >>>>>>
  64. >>>>>>
  65. >>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
  66. >>>>>>
  67. >>>>>>> yes jussi thanks
  68. >>>>>>>
  69. >>>>>>> did you reset the user greg or?
  70. >>>>>>>
  71. >>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  72. >>>>>>>> does it work now?
  73. >>>>>>>>
  74. >>>>>>>>
  75. >>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
  76. >>>>>>>>
  77. >>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
  78. >>>>>>>>> for a little bit.
  79. >>>>>>>>>
  80. >>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
  81. >>>>>>>>> 65.74.181.141?
  82. >>>>>>>>>
  83. >>>>>>>>> thanks
  84. >>>>>>>>>
  85. >>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  86. >>>>>>>>>> ok,
  87. >>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
  88. >>>>>>>>>> testing
  89. >>>>>>>>>> so
  90. >>>>>>>>>> that it works for sure.
  91. >>>>>>>>>> your password is changeme123
  92. >>>>>>>>>>
  93. >>>>>>>>>> i am online so just shoot me if you need something.
  94. >>>>>>>>>>
  95. >>>>>>>>>> in europe, but not in finland? :-)
  96. >>>>>>>>>>
  97. >>>>>>>>>> _jussi
  98. >>>>>>>>>>
  99. >>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
  100. >>>>>>>>>>
  101. >>>>>>>>>>> no i dont have the public ip with me at the moment because im
  102. >>>>>>>>>>> ready
  103. >>>>>>>>>>> for a small meeting and im in a rush.
  104. >>>>>>>>>>>
  105. >>>>>>>>>>> if anything just reset my password to changeme123 and give me
  106. >>>>>>>>>>> public
  107. >>>>>>>>>>> ip and ill ssh in and reset my pw.
  108. >>>>>>>>>>>
  109. >>>>>>>>>>> thanks
  110. >>>>>>>>>>>
  111. >>>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
  112. >>>>>>>>>>>> hi,
  113. >>>>>>>>>>>>
  114. >>>>>>>>>>>> do you have public ip? or should i just drop fw?
  115. >>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
  116. >>>>>>>>>>>>
  117. >>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
  118. >>>>>>>>>>>>
  119. >>>>>>>>>>>> _jussi
  120. >>>>>>>>>>>>
  121. >>>>>>>>>>>>
  122. >>>>>>>>>>>>> jussi
  123. >>>>
  124. >>>>
  125. >>
  126. >>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×