Security Fuckup Megathread - v13.69 - plugins may violate privacy

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy

«‹›216 »

goddamnedtwisto: Dec 31, 2004; If you ask me about the mole people in the London Underground, I WILL be forced to kill you; Fun Shoe

is there any chance it's just the stuff wikileaks have already released?

# ? Apr 8, 2017 16:13

Adbot: ADBOT LOVES YOU

# ? May 18, 2024 00:29

spankmeister: Jun 15, 2008

No that was CIA stuff, this is NSA stuff.

# ? Apr 8, 2017 16:20

spankmeister: Jun 15, 2008

Looks like a bunch of persistence and exfil tools from what i've seen so far

e: some exploits as well

spankmeister fucked around with this message at 16:33 on Apr 8, 2017

# ? Apr 8, 2017 16:21

spankmeister: Jun 15, 2008

Ok here's some stuff

quote:

#
# ELATEDMONKEY is a local privelege escalation exploit against
# systems running the cPanel Remote Management Web Interface, at
# least through version 24, and probably future versions too
# (althogh that should be checked before throwing). It has been
# tested explicitly on cPanel 11.23.3 and 11.24.4 running CentOS
# 5.2 Linux
#

quote:

#######################################
# EXCELBERWICK
#######################################

### remote exploit against xmlrpc.php on Unix platforms
###
### WILL REQUIRE LOCAL ELEVATION

### sybil location: CGI-BIN

### Exploits a vulnerability in the XML-RPC PHP script. The vulnerable
### file is used in a large number of web applications, such as Drupal,
### b2evolution, and TikiWiki. The vulnerability is the result of
### unsanitized data being passed directly to the eval() call
### in the parseRequest() function of the XML-RPC server

### OPSEC:
### vulnerability: public
### exploit: public

I've seen timestamps going back to 2010, it's pretty old by the looks of it.

# ? Apr 8, 2017 16:33

spankmeister: Jun 15, 2008

quote:

What it does:

Jackpop is a port redirector, anything that is sent to the port
you specify will be sent to the target that you specify, as long
as you are coming from the source that you specify. It will pick
up the port you are using and use that. This allows for you to
reuse the same port if you desire against the same target. It does
put the correct TCP header in place, so any bad checksums will be
lost.

Network connections are hidden, but processes are not.

Things it doesn't do:

1. It has no encryption.
2. The port you use should not already be in LISTEN mode
- it does not so nice things to your target. It will
try to connect everything up, but will end up reseting you.
3. It will use the destination port as the source port.
4. Process is not hidden unless you are under incision.
5. Connection is connectionless, so resends are handled by endpoints

# ? Apr 8, 2017 16:42

spankmeister: Jun 15, 2008

Anyhoo bunch of stuff in here, gonna take a while for the security community to dig through it all.

# ? Apr 8, 2017 16:42

Lain Iwakura: Aug 5, 2004; The body exists only to verify one's own existence.; Taco Defender

https://twitter.com/x0rz/status/850735378210459650

# ? Apr 8, 2017 16:45

Lain Iwakura: Aug 5, 2004; The body exists only to verify one's own existence.; Taco Defender

https://twitter.com/x0rz/status/850705438672859136

# ? Apr 8, 2017 16:47

Achmed Jones: Oct 16, 2004

Re: the equation group files, changing quotes to fancy directional quotes strikes again.

# ? Apr 8, 2017 17:10

fishmech: Jul 16, 2006; by VideoGames; Salad Prong

spankmeister posted:

If they did it properly it doesnt even encrypt the password but the bank gives out a security token (a cookie basically) which gets encrypted with the pin. The token is also only valid for that phone.

This is what my bank does anyway. You request authorization from within the app and you have to login through the regular ebanking site and approve the auth before you can use the app. It keeps a list of authorized devices and you can revoke those at any time.

i can confirm that with my bank apps, when i restored them onto my new phone after breaking the screen on the old one, the old pin didn't work and I had to set it up all over again.

they also sometimes want to have the pin set up again after a few monthly updates have happened for the phone os, i guess because they're a bit oversensitive to what might be a new phone. seems like a good idea.

# ? Apr 8, 2017 17:24

Wiggly Wayne DDS: Sep 11, 2010

spankmeister posted:

Anyhoo bunch of stuff in here, gonna take a while for the security community to dig through it all.

yeah there's a ton of binaries, and even more archives with more binaries that that listing isn't showing

still they left a lot of debug info around to help out any forensics for reasons

# ? Apr 8, 2017 17:28

spankmeister: Jun 15, 2008

So far it's all pretty old stuff, samba exploits from 2010, AIX, HP-UX, Solaris implants etc.

# ? Apr 8, 2017 17:31

cinci zoo sniper: Mar 15, 2013

still interesting to read twitter excerpts

# ? Apr 8, 2017 17:46

Wiggly Wayne DDS: Sep 11, 2010

spankmeister posted:

So far it's all pretty old stuff, samba exploits from 2010, AIX, HP-UX, Solaris implants etc.

yeah the interesting parts are hidden amongst poo poo like up/funnelout.v3.0.0.1.pl (vbulletin backdoor/db dumper/thread watcher)

quote:

if(preg_match('/^(64\.38\.3\.50|195\.28\.|94\.102\.|91\.93\.|41\.130\.|212\.118\.|79\.173\.|85\.159\.|94\.249\.|86\.108\.)/',IPADDRESS)){
return "";
}

64.38.3.50
195.28.
94.102.
91.93.
41.130.
212.118.
79.173.
85.159.
94.249.
86.108.

# ? Apr 8, 2017 18:06

Rufus Ping: Dec 27, 2006; I'm a Friend of Rodney Nano

list of targets

bin/pyside/targets.py

pre:

        self.host='ns.kimm.re.kr'
        self.host='scsun25.unige.ch'
        self.host='ids2.int.ids.pl'
        self.host='mail.dyu.edu.tw'
        self.host='mail.must.edu.tw'
        self.host='ns1.btc.bw'
        self.host='mail.howon.ac.kr'
        self.host='www.pue.uia.mx'
        self.host='ns1.bttc.ru'
        self.host='mail.hccc.gov.tw'
        self.host='ltv.com.ve'
        self.host='ns.rtn.net.mx'
        self.host='ns1.sun-ip.or.jp'
        self.host='newin.int.rtbf.be'
        self.host='ns1.bangla.net'
        self.host='ns2.otenet.gr'
        self.host='webmail.s-t.au.ac.th'
        self.host='icrsun.kuicr.kyoto-u.ac.jp'
        self.host='ganeran.sarenet.es'
        self.host='ns.anseo.dankook.ac.kr'
        self.host='tuapewa.polytechnic.edu.na'
        self.host='pastow.e-technik.uni-rostock.de'
        self.host='mail.ncue.edu.tw'
        self.host='mail.utc21.co.kr'
        self.host='winners.yonsei.ac.kr'
        self.host='colpisaweb.sarenet.es'
        self.host='ultra10.nanya.edu.tw'
        self.host='mail.et.ntust.edu.tw'
        self.host='dns1.unam.mx'
        self.host='noc33.corp.home.ad.jp'
        self.host='noc25.corp.home.ad.jp'
        self.host='ns.hufs.ac.kr'
        self.host='ns.icu.ac.kr'
        self.host='uji.kyoyo-u.ac.jp'
        self.host='tologorri.grupocorreo.es'
        self.host='ciidet.rtn.net.mx'
        self.host='ns1.gx.chinamobile.com'
        self.host='www.siom.ac.cn'
        self.host='mipsa.ciae.ac.cn'
        self.host='Ns2.rosprint.ru'
        self.host='mail.zzu.edu.cn'
        self.host='indy.fjmu.edu.cn'
        self.host='mail.hallym.ac.kr'
        self.host='mail.siom.ac.cn'
        self.host='mailscan3.cau.ctm.net'
        self.host='smtp.macau.ctm.net'
        self.host='bgl1dr1-a-fixed.sancharnet.in'
        self.host='ndl1pp1-a-fixed.sancharnet.in'
        self.host='known.counsellor.gov.cn'
        self.host='www21.counsellor.gov.cn'
        self.host='www21.counsellor.gov.cn'
        self.host='mails.cneic.com.cn'
        self.host='bgl1pp1-a-fixed.sancharnet.in'
        self.host='imms1.macau.ctm.net'
        self.host='MTCCSUN.imtech.ernet.in'
        self.host='mailsrv02.macau.ctm.net'
        self.host='mailsvra.macau.ctm.net'
        self.host='no1.unternehemen.com'
        self.host='mailgw.thtf.com.cn'
        self.host='ndl1mx1-a-fixed.sancharnet.in'

bin/tn.spayed

pre:

	A_______________a.a_____________________________1.1.1.1
	BOBBY___________bob.bob.com_____________________1.2.3.4
	BOBB____________bob.bob_________________________1.2.3.4
	BOO_____________boo.boo.net_____________________1.2.3.4
	CHAZZTEST_______test..nonet.net_________________1.2.3.4
	CRYPTICSENTINEL_host1.domain____________________1.2.3.4
	DEMO____________a.a.b.c_________________________1.2.3.4
	DEMO____________a.b.c.d_________________________1.2.3.4
	DORKUS__________bob.dork.com____________________1.2.3.4
	DORK____________bob.bob.com_____________________1.2.3.4
	DORK____________dork.dork.com___________________1.2.3.4
	GOSPELHOGGING___pbx.none________________________1.2.3.4
	INTONATION______METCOC5CM.clarent.com___________213.132.50.10
	INTONATION______MTCCSUN.imtech.ernet.in_________202.141.121.198
	INTONATION______Ns2.rosprint.ru_________________194.84.23.125
	INTONATION______bgl1dr1-a-fixed.sancharnet.in___61.1.128.17
	INTONATION______bgl1pp1-a-fixed.sancharnet.in___61.1.128.71
	INTONATION______bj02.cww.com____________________202.84.16.34
	INTONATION______butt-head.mos.ru________________10.30.1.130
	INTONATION______dcproxy1.thrunet.com____________210.117.65.44
	INTONATION______dns2.net1.it____________________213.140.195.7
	INTONATION______enterprise.telesat.com.co_______66.128.32.67
	INTONATION______gate.technopolis.kirov.ru_______217.9.148.61
	INTONATION______imms1.macau.ctm.net_____________202.175.36.54
	INTONATION______indy.fjmu.edu.cn________________202.112.176.3
	INTONATION______kacstserv.kacst.edu.sa__________212.26.44.132
	INTONATION______known.counsellor.gov.cn_________61.151.243.13
	INTONATION______laleh.itrc.ac.ir._______________80.191.2.2
	INTONATION______mail.bangla.net_________________203.188.252.3
	INTONATION______mail.edi.edu.cn_________________218.104.71.61
	INTONATION______mail.hallym.ac.kr_______________210.115.225.25
	INTONATION______mail.hangzhouit.gov.cn__________202.107.197.199
	INTONATION______mail.hz.zh.cn___________________202.101.172.6
	INTONATION______mail.imamu.edu.sa_______________212.138.48.8
	INTONATION______mail.siom.ac.cn_________________210.72.9.2
	INTONATION______mail.tropmet.res.in_____________203.199.143.2
	INTONATION______mail.tsinghua.edu.cn____________166.111.8.17
	INTONATION______mail.zzu.edu.cn_________________222.22.32.88
	INTONATION______mail1.371.net___________________218.29.0.195
	INTONATION______mailgw.thtf.com.cn______________218.107.133.12
	INTONATION______mailhub.minaffet.gov.rw_________62.56.174.152
	INTONATION______mails.cneic.com.cn______________218.247.159.113
	INTONATION______mailscan3.cau.ctm.net___________202.175.36.180
	INTONATION______mailsrv02.macau.ctm.net_________202.175.3.120
	INTONATION______mailsvra.macau.ctm.net__________202.175.3.119
	INTONATION______mbi3.kuicr.kyoto-u.ac.jp________133.103.101.21
	INTONATION______mcd-su-2.mos.ru_________________10.34.100.2
	INTONATION______mipsa.ciae.ac.cn________________202.38.8.1
	INTONATION______mpkhi-bk.multi.net.pk___________202.141.224.40
	INTONATION______msgstore2.pldtprv.net___________192.168.120.3
	INTONATION______n02.unternehmen.com_____________62.116.144.147
	INTONATION______ndl1mc1-a-fixed.sancharnet.in___61.0.0.46
	INTONATION______ndl1mx1-a-fixed.sancharnet.in___61.0.0.46
	INTONATION______ndl1pp1-a-fixed.sancharnet.in___61.0.0.71
	INTONATION______no1.unternehemen.com____________62.116.144.150
	INTONATION______no3.unternehmen.org_____________62.116.144.190
	INTONATION______ns.cac.com.cn___________________202.98.102.5
	INTONATION______ns1.2911.net____________________202.99.41.9
	INTONATION______ns1.multi.net.pk________________202.141.224.34
	INTONATION______ns2.xidian.edu.cn_______________202.117.112.4
	INTONATION______orion.platino.gov.ve____________161.196.215.67
	INTONATION______outweb.nudt.edu.cn______________202.197.0.185
	INTONATION______pop.net21pk.com_________________203.135.45.66
	INTONATION______post.netchina.com.cn____________202.94.1.48
	INTONATION______public2.zz.ha.cn________________218.29.0.200
	INTONATION______sea.net.edu.cn__________________202.112.5.66
	INTONATION______smmu-ipv6.smmu.edu.cn___________202.121.224.5
	INTONATION______smtp.2911.net___________________218.245.255.5
	INTONATION______smtp.macau.ctm.net______________202.175.36.220
	INTONATION______sonatns.sonatrach.dz____________193.194.75.35
	INTONATION______sparc.nour.net.sa_______________212.12.160.26
	INTONATION______sps01.office.ctm.net____________202.175.4.38
	INTONATION______sunhe.jinr.ru___________________159.93.18.100
	INTONATION______sussi.cressoft.com.pk___________202.125.140.194
	INTONATION______ultra2.tsinghua.edu.cn__________166.111.120.10
	INTONATION______unknown.counsellor.gov.cn_______61.151.243.13
	INTONATION______voyager1.telesat.com.co_________66.128.32.68
	INTONATION______webserv.mos.ru__________________10.30.10.2
	INTONATION______www.siom.ac.cn__________________202.127.16.44
	INTONATION______www21.counsellor.gov.cn_________130.34.115.132
	INTONATION______www21.counsellor.gov.cn_________61.151.243.13
	JOHNS_OP________bob.bob.com_____________________1.2.3.4
	JOHNTEST________bob.bob.com_____________________1.2.3.4
	JOHNTEST________john.john.com___________________1.2.3.4
	LAMPSWITCH______unknown.unknown_________________1.2.3.4
	PITCHIMPAIR_____Spirit.das2.ru__________________81.94.47.83
	PITCHIMPAIR_____anie.sarenet.es_________________192.148.167.2
	PITCHIMPAIR_____aries.ficnet.net________________202.145.137.19
	PITCHIMPAIR_____asic.e-technik.uni-rostock.de___139.30.202.8
	PITCHIMPAIR_____burgoa.sarenet.es_______________194.30.32.242
	PITCHIMPAIR_____cad-server1.EE.NCTU.edu.tw______140.113.212.150
	PITCHIMPAIR_____ciidet.rtn.net.mx_______________204.153.24.32
	PITCHIMPAIR_____cmusun8.unige.ch________________129.194.97.8
	PITCHIMPAIR_____colpisaweb.sarenet.es___________194.30.32.229
	PITCHIMPAIR_____connection1.connection.com.br___200.160.208.4
	PITCHIMPAIR_____connection2.connection.com.br___200.160.208.8
	PITCHIMPAIR_____dns1.unam.mx____________________132.248.204.1
	PITCHIMPAIR_____dns2.chinamobile.com____________211.137.241.34
	PITCHIMPAIR_____dns2.unam.mx____________________132.248.10.2
	PITCHIMPAIR_____dragon.unideb.hu________________193.6.138.65
	PITCHIMPAIR_____dukas.upc.es____________________147.83.2.62
	PITCHIMPAIR_____e3000.hallym.ac.kr______________210.115.225.16
	PITCHIMPAIR_____electra.otenet.gr_______________195.170.2.3
	PITCHIMPAIR_____fl.sun-ip.or.jp_________________150.27.1.10
	PITCHIMPAIR_____ftp.hyunwoo.co.kr_______________211.232.97.195
	PITCHIMPAIR_____ganeran.sarenet.es______________194.30.32.177
	PITCHIMPAIR_____geosun1.unige.ch________________129.194.41.4
	PITCHIMPAIR_____giada.ing.unirc.it______________192.167.50.14
	PITCHIMPAIR_____hk.sun-ip.or.jp_________________150.27.1.5
	PITCHIMPAIR_____iconoce1.sarenet.es_____________194.30.0.16
	PITCHIMPAIR_____icrsun.kuicr.kyoto-u.ac.jp______133.3.5.20
	PITCHIMPAIR_____ids2.int.ids.pl_________________195.117.3.32
	PITCHIMPAIR_____iti-idsc.net.eg_________________163.121.12.2
	PITCHIMPAIR_____kommsrv.RZ.UniBw-Muenchen.de____137.193.10.8
	PITCHIMPAIR_____logos.uba.uva.nl________________145.18.84.96
	PITCHIMPAIR_____ltv.com.ve______________________200.75.112.26
	PITCHIMPAIR_____mail.a-1.net.cn_________________210.77.147.84
	PITCHIMPAIR_____mail.bhu.ac.in__________________202.141.107.15
	PITCHIMPAIR_____mail.btbu.edu.cn________________211.82.112.23
	PITCHIMPAIR_____mail.dyu.edu.tw_________________163.23.1.73
	PITCHIMPAIR_____mail.et.ntust.edu.tw____________140.118.2.53
	PITCHIMPAIR_____mail.hanseo.ac.kr_______________203.234.72.4
	PITCHIMPAIR_____mail.hccc.gov.tw________________210.241.6.97
	PITCHIMPAIR_____mail.howon.ac.kr________________203.246.64.14
	PITCHIMPAIR_____mail.irtemp.na.cnr.it___________140.164.20.20
	PITCHIMPAIR_____mail.jccs.com.sa________________212.70.32.100
	PITCHIMPAIR_____mail.lzu.edu.cn_________________202.201.0.136
	PITCHIMPAIR_____mail.mae.co.kr__________________210.118.179.1
	PITCHIMPAIR_____mail.must.edu.tw________________203.68.220.40
	PITCHIMPAIR_____mail.ncue.edu.tw________________163.23.225.100
	PITCHIMPAIR_____mail.tccn.edu.tw________________203.64.35.108
	PITCHIMPAIR_____mail.tpo.fi_____________________193.185.60.42
	PITCHIMPAIR_____mail.univaq.it__________________192.150.195.10
	PITCHIMPAIR_____mail.utc21.co.kr________________211.40.103.194
	PITCHIMPAIR_____mail1.imtech.res.in_____________203.90.127.22
	PITCHIMPAIR_____mailer.ing.unirc.it_____________192.167.50.202
	PITCHIMPAIR_____mailgw.idom.es__________________194.30.33.29
	PITCHIMPAIR_____matematica.univaq.it____________192.150.195.38
	PITCHIMPAIR_____mbox.com.eg_____________________213.212.208.10
	PITCHIMPAIR_____milko.stacken.kth.se____________130.237.234.3
	PITCHIMPAIR_____moneo.upc.es____________________147.83.2.91
	PITCHIMPAIR_____mtrader2.grupocorreo.es_________194.30.32.29
	PITCHIMPAIR_____mxtpa.biglobe.net.tw____________202.166.255.103
	PITCHIMPAIR_____myhome.elim.net_________________203.239.130.7
	PITCHIMPAIR_____newin.int.rtbf.be_______________212.35.107.2
	PITCHIMPAIR_____niveau.math.uni-bremen.de_______134.102.124.201
	PITCHIMPAIR_____nl37.yourname.nl________________82.192.68.37
	PITCHIMPAIR_____noc25.corp.home.ad.jp___________203.165.5.82
	PITCHIMPAIR_____noc33.corp.home.ad.jp___________203.165.5.74
	PITCHIMPAIR_____noc35.corp.home.ad.jp___________203.165.5.114
	PITCHIMPAIR_____noc37.corp.home.ad.jp___________203.165.5.117
	PITCHIMPAIR_____noc38.corp.home.ad.jp___________203.165.5.118
	PITCHIMPAIR_____nodep.sun-ip.or.jp______________150.27.1.2
	PITCHIMPAIR_____noya.bupt.edu.cn________________202.112.96.2
	PITCHIMPAIR_____ns.anseo.dankook.ac.kr__________203.237.216.2
	PITCHIMPAIR_____ns.bigobe.net.tw________________202.166.255.98
	PITCHIMPAIR_____ns.bur.hiroshima-u.ac.jp________133.41.145.11
	PITCHIMPAIR_____ns.cec.uchile.cl________________200.9.97.3
	PITCHIMPAIR_____ns.chining.com.tw_______________202.39.26.50
	PITCHIMPAIR_____ns.eyes.co.kr___________________210.98.224.88
	PITCHIMPAIR_____ns.gabontelecom.com_____________217.77.71.52
	PITCHIMPAIR_____ns.global-one.dk________________194.234.33.5
	PITCHIMPAIR_____ns.hallym.ac.kr_________________210.115.225.11
	PITCHIMPAIR_____ns.hanseo.ac.kr_________________203.234.72.1
	PITCHIMPAIR_____ns.hufs.ac.kr___________________203.253.64.1
	PITCHIMPAIR_____ns.icu.ac.kr____________________210.107.128.31
	PITCHIMPAIR_____ns.ing.unirc.it_________________192.167.50.2
	PITCHIMPAIR_____ns.khmc.or.kr___________________203.231.128.1
	PITCHIMPAIR_____ns.kimm.re.kr___________________203.241.84.10
	PITCHIMPAIR_____ns.kix.ne.kr____________________202.30.94.10
	PITCHIMPAIR_____ns.rtn.net.mx___________________204.153.24.1
	PITCHIMPAIR_____ns.stacken.kth.se_______________130.237.234.17
	PITCHIMPAIR_____ns.unam.mx______________________132.248.253.1
	PITCHIMPAIR_____ns.univaq.it____________________192.150.195.20
	PITCHIMPAIR_____ns.youngdong.ac.kr______________202.30.58.1
	PITCHIMPAIR_____ns1.bangla.net__________________203.188.252.2
	PITCHIMPAIR_____ns1.btc.bw______________________168.167.168.34
	PITCHIMPAIR_____ns1.bttc.ru_____________________80.82.162.118
	PITCHIMPAIR_____ns1.gx.chinamobile.com__________211.138.252.30
	PITCHIMPAIR_____ns1.ias.ac.in___________________203.197.183.66
	PITCHIMPAIR_____ns1.starnets.ro_________________193.226.61.68
	PITCHIMPAIR_____ns1.sun-ip.or.jp________________150.27.1.8
	PITCHIMPAIR_____ns1.youngdong.ac.kr_____________202.30.58.5
	PITCHIMPAIR_____ns2-backup.tpo.fi_______________193.185.60.40
	PITCHIMPAIR_____ns2.ans.co.kr___________________210.126.104.74
	PITCHIMPAIR_____ns2.chem.tohoku.ac.jp___________130.34.115.132
	PITCHIMPAIR_____ns2.otenet.gr___________________195.170.2.1
	PITCHIMPAIR_____nsce1.ji-net.com________________203.147.62.229
	PITCHIMPAIR_____oiz.sarenet.es__________________192.148.167.17
	PITCHIMPAIR_____orhi.sarenet.es_________________192.148.167.5
	PITCHIMPAIR_____pastow.e-technik.uni-rostock.de_139.30.200.36
	PITCHIMPAIR_____pfdsun.kuicr.kyoto-u.ac.jp______133.3.5.2
	PITCHIMPAIR_____pitepalt.stacken.kth.se_________130.237.234.151
	PITCHIMPAIR_____proxy1.tcn.ed.jp________________202.231.176.242
	PITCHIMPAIR_____rabbit.uj.edu.pl________________149.156.89.33
	PITCHIMPAIR_____s03.informatik.uni-bremin.de____134.102.201.53
	PITCHIMPAIR_____saturn.mni.fh-giessen.de________212.201.7.21
	PITCHIMPAIR_____sci.s-t.au.ac.th________________168.120.9.1
	PITCHIMPAIR_____scsun25.unige.ch________________129.194.49.47
	PITCHIMPAIR_____seoildsp.co.kr__________________218.36.28.250
	PITCHIMPAIR_____servidor2.upc.es________________147.83.2.3
	PITCHIMPAIR_____smuc.smuc.ac.kr_________________203.237.176.1
	PITCHIMPAIR_____snacks.stacken.kth.se___________130.237.234.152
	PITCHIMPAIR_____son-goki.sun-ip.or.jp___________150.27.1.11
	PITCHIMPAIR_____sparc20mc.ing.unirc.it__________192.167.50.12
	PITCHIMPAIR_____spin.lzu.edu.cn_________________202.201.0.131
	PITCHIMPAIR_____splash-atm.upc.es_______________147.83.2.116
	PITCHIMPAIR_____sun.bq.ub.es____________________161.116.154.1
	PITCHIMPAIR_____sunbath.rrze.uni-erlangen.de____131.188.3.200
	PITCHIMPAIR_____sunfirev250.cancilleria.gob.ni__165.98.181.5
	PITCHIMPAIR_____tamarugo.cec.uchile.cl__________200.9.97.3
	PITCHIMPAIR_____tayuman.info.com.ph_____________203.172.11.21
	PITCHIMPAIR_____theta.uoks.uj.edu.pl____________149.156.89.30
	PITCHIMPAIR_____tologorri.grupocorreo.es________194.30.32.109
	PITCHIMPAIR_____tuapewa.polytechnic.edu.na______196.31.225.2
	PITCHIMPAIR_____uji.kyoyo-u.ac.jp_______________133.3.5.33
	PITCHIMPAIR_____ultra10.nanya.edu.tw____________203.68.40.6
	PITCHIMPAIR_____unknown.unknown_________________555.10.31.145
	PITCHIMPAIR_____v244.kyoyo-u.ac.jp______________133.3.5.33
	PITCHIMPAIR_____v246.kyoyo-u.ac.jp______________133.3.5.2
	PITCHIMPAIR_____war.rkts.com.tr_________________195.142.144.125
	PITCHIMPAIR_____webmail.s-t.au.ac.th____________168.120.9.2
	PITCHIMPAIR_____win.hallym.ac.kr________________210.115.225.17
	PITCHIMPAIR_____winner.hallym.ac.kr_____________210.115.225.10
	PITCHIMPAIR_____winners.yonsei.ac.kr____________210.115.225.14
	PITCHIMPAIR_____www.bygden.nu___________________192.176.10.178
	PITCHIMPAIR_____www.cfd.or.jp___________________210.198.16.75
	PITCHIMPAIR_____www.pue.uia.mx__________________192.100.196.7
	PITCHIMPAIR_____zanburu.grupocorreo.es__________194.30.32.113
	TEST____________bob.bob.com_____________________1.2.3.4
	TEST____________test.test_______________________1.2.3.4

# ? Apr 8, 2017 18:37

cinci zoo sniper: Mar 15, 2013

Rufus Ping posted:

list of targets

# ? Apr 8, 2017 18:38

Rufus Ping: Dec 27, 2006; I'm a Friend of Rodney Nano

feel sorry for bob.dork.com and 1.2.3.4 who got completely owned

# ? Apr 8, 2017 18:39

Midjack: Dec 24, 2007

Wiggly Wayne DDS posted:

yeah the interesting parts are hidden amongst poo poo like up/funnelout.v3.0.0.1.pl (vbulletin backdoor/db dumper/thread watcher)

64.38.3.50
195.28.
94.102.
91.93.
41.130.
212.118.
79.173.
85.159.
94.249.
86.108.

vbulletin? i wonder if it would work on radium's shitshow here

# ? Apr 8, 2017 19:25

Wiggly Wayne DDS: Sep 11, 2010

okay this poo poo is full of interesting hosts too

https://pastebin.com/7Bq08tY3

# ? Apr 8, 2017 19:26

M_Gargantua: Oct 16, 2006; STOMP'N ON INTO THE POWERLINES; Exciting Lemon

spankmeister posted:

If they did it properly it doesnt even encrypt the password but the bank gives out a security token (a cookie basically) which gets encrypted with the pin. The token is also only valid for that phone.

This is what my bank does anyway. You request authorization from within the app and you have to login through the regular ebanking site and approve the auth before you can use the app. It keeps a list of authorized devices and you can revoke those at any time.

my bank doesnt do that and now i feel like complaining

# ? Apr 8, 2017 20:28

Proteus Jones: Feb 28, 2013

HAHAHAHAHAHAHA

http://cw33.com/2017/04/08/tornado-sirens-blare-across-dallas-due-to-malfunction/

quote:

The City of Dallas now says all 156 tornado sirens were HACKED Friday night. At a press conference this afternoon, we learned it�s believed the hack happened in the Dallas area.

That's an update form the original report, also at link:

quote:

Shortly before midnight, tornado sirens started blaring across Dallas County. The city reports it is due to a malfunction and emergency alert crews are working on resolving the issue.

It took nearly three hours for all the sirens to be disabled.

E: A slighter better article.

https://www.usatoday.com/story/news/2017/04/08/hacker-triggers-all-156-emergency-sirens-dallas/100212412/

# ? Apr 8, 2017 21:00

Gobbeldygook: May 13, 2009; Hates Native American people and tries to justify their genocides.

Put this racist on ignore immediately!

Hacking blamed for emergency sirens blaring across Dallas early Saturday

quote:

The sirens started blaring shortly before midnight Friday. Authorities initially reported that it was caused by an apparent system malfunction.
About 12:30 a.m., Dallas spokeswoman Sana Syed said fire dispatch crews were working to fix the problem, but that it would take hours "because it's a manual shutoff."
All sirens were completely shut off by 1:20 a.m.
In order to shut them all off, officials said the entire emergency alert system had to be shut down, and it remains down while they work to turn it back on while also safe-guarding it from another hack.

i hope the next hacker uses this power more creatively like to play an appropriately-timed muslim call to prayer or SIRI, SET AN ALARM FOR <x>

# ? Apr 8, 2017 21:03

Accretionist: Nov 7, 2012; I BELIEVE IN STUPID CONSPIRACY THEORIES

ALEXA, ORDER ME SMOKED SALMON

# ? Apr 8, 2017 21:05

atomicthumbs: Dec 26, 2010; We're in the business of extending man's senses.

if they're anything like the ATI sirens in San Francisco, they're controlled via (optionally encrypted) FSK via a city radio, on whatever system the city uses for comms

if they're not, they're probably controlled with unencrypted telnet or some poo poo

# ? Apr 8, 2017 21:34

Progressive JPEG: Feb 19, 2003

atomicthumbs posted:

if they're anything like the ATI sirens in San Francisco, they're controlled via (optionally encrypted) FSK via a city radio, on whatever system the city uses for comms

if they're not, they're probably controlled with unencrypted telnet or some poo poo

i wonder if san mateo county tsunami/earthquake sirens are the same deal

# ? Apr 8, 2017 21:53

anthonypants: May 6, 2007; by Nyc_Tattoo; Dinosaur Gum

while hacking would be hilarious i'd like to see some actual evidence that it was hackers before people start using this as a justification for going to war with russia

# ? Apr 8, 2017 23:35

motoh: Oct 16, 2012; The clack of a light autocannon going off is just how you know everything's alright.

atomicthumbs posted:

if they're anything like the ATI sirens in San Francisco, they're controlled via (optionally encrypted) FSK via a city radio, on whatever system the city uses for comms

if they're not, they're probably controlled with unencrypted telnet or some poo poo

it could be even sillier than that, the old Whelen system I used to oversee was simply dtmf tones, and ATI had to be backwards compatible since we didnt do a full upgrade

# ? Apr 9, 2017 04:54

Progressive JPEG: Feb 19, 2003

anthonypants posted:

while hacking would be hilarious i'd like to see some actual evidence that it was hackers before people start using this as a justification for going to war with russia

look at this weirdo living in a fact-based world

# ? Apr 9, 2017 06:51

cinci zoo sniper: Mar 15, 2013

new day, new office vuln https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html

# ? Apr 9, 2017 08:44

cinci zoo sniper: Mar 15, 2013

gamestop

# ? Apr 9, 2017 18:49

Max Facetime: Apr 18, 2009

spankmeister posted:

A few new things caught my eye:

epicshovel
epichero
eleganteagle
eladedmonkey
endlessdonut
excelberwick
extremeparr
shentysdelight
yellowspirit

traitoraghast

# ? Apr 9, 2017 20:25

Wiggly Wayne DDS: Sep 11, 2010

impressive

https://twitter.com/terrajobst/status/850766832390750209

# ? Apr 10, 2017 00:31

Subjunctive: Sep 12, 2006; ✨sparkle and shine✨

that's amazing

# ? Apr 10, 2017 00:35

redleader: Aug 18, 2005; Engage according to operational parameters

haha no loving way

# ? Apr 10, 2017 01:31

Captain Foo: May 11, 2004; we vibin'
we slidin'
we breathin'
we dyin'

Wiggly Wayne DDS posted:

impressive

https://twitter.com/terrajobst/status/850766832390750209

lmfao that's awful

# ? Apr 10, 2017 01:39

flakeloaf: Feb 26, 2003; Still better than android clock

tp for my security hole

# ? Apr 10, 2017 01:59

Deep Dish Fuckfest: Sep 6, 2006; Advanced
Computer Touching; Toilet Rascal

surprise it's actually sandpaper because everything security is horrible

# ? Apr 10, 2017 02:05

hobbesmaster: Jan 28, 2008

redleader posted:

haha no loving way

out of band, out of mind

# ? Apr 10, 2017 02:24

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

Wiggly Wayne DDS posted:

impressive

https://twitter.com/terrajobst/status/850766832390750209

Delightful

# ? Apr 10, 2017 02:28

Adbot: ADBOT LOVES YOU

# ? May 18, 2024 00:29

Meat Beat Agent: Aug 5, 2007; felonious assault with a sproinging boner

i'm the TP-Link router with iMessage support

# ? Apr 10, 2017 02:39

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy

«‹›216 »