LOL @ <br>"A timing attack on ssh passwords over the net?"<br><br>and<br><br>"I think its just a bruteforce."<br><br>-Travis<br><br><div class="gmail_quote">On Mon, Jun 6, 2011 at 7:58 AM, Gichuki John Chuksjonia <span dir="ltr"><<a href="mailto:chuksjonia@gmail.com">chuksjonia@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I think its just a bruteforce.<br>
<div><div></div><div class="h5"><br>
<br>
<br>
<br>
On 6/6/11, Andreas Bogk <<a href="mailto:andreas@andreas.org">andreas@andreas.org</a>> wrote:<br>
> Excerpts from lulzfail's message of Mo Jun 06 08:39:42 +0200 2011:<br>
>> Lulzsec == pwnt<br>
><br>
> I've seen the log you pasted to pastebin. Is this:<br>
><br>
> * A timing attack on ssh passwords over the net?<br>
> * Fake, to distract us from your real 0day?<br>
><br>
> Andreas<br>
><br>
> Log:<br>
><br>
> root@gibson:~# ./1337hax0r 204.188.219.88 -root<br>
> Attempting too hax0r root password on 204.188.219.88<br>
><br>
> h,VhXz<avMm<br>
> 3xL<l1-_\wC<br>
> ffsakTgyc~H<br>
> ZZrz,pJrg<B<br>
> b{4Bv_Y$$Z6<br>
> XDh;vDU-;3><br>
> FB-hvg%g_'t<br>
> }qHNvkS"'>g<br>
> RNBKvUi5yO|<br>
> z`(}v<1^>u&<br>
> *V4?vh9#^f2<br>
> /R*9vf<h"Z#<br>
> 9P65vjKhh.N<br>
> \rfsv~PhNDz<br>
>>Bfpv|uhGpy<br>
> J%"kvf]hGf0<br>
> sY0"v{2hf7p<br>
>>9dev%Qh6_v<br>
> *<Tbv7?h.**<br>
> }:lkvV^hN2U<br>
> ;&5Xv'Sh#}_<br>
> MOqpvi_hg+#<br>
> Md9/viVh&u7<br>
> M(%rvomhb'"<br>
> MI"5v_shEVe<br>
> M=@?vl.hZge<br>
> MPk5v:WhUTe<br>
> M=3vvrzh7Te<br>
> M&'?v]sh`Te<br>
> M/Z,vI1h`Te<br>
> M.9>vO$hTTe<br>
> Ms!(vY;hpTe<br>
> MA)SvYLhnTe<br>
> M7eCv@Lh0Te<br>
> MkeCvFLh$Te<br>
> M'eCv?LhaTe<br>
> M&eCvLLh|Te<br>
> M*eCv5Lh\Te<br>
> MmeCvcLhCTe<br>
> MTeCv&LhrTe<br>
> M,eCv1LhYTe<br>
> MEeCv}LhHTe<br>
> M_eCvSLhnTe<br>
> MPeCvSLh+Te<br>
> M[eCvSLh,Te<br>
> MOeCvSLh"Te<br>
> M7eCvSLh"Te<br>
> MGeCvSLhdTe<br>
> M$eCvSLhkTe<br>
> MCeCvSLhkTe<br>
> MLeCvSLhkTe<br>
> M=eCvSLhkTe<br>
> M-eCvSLhkTe<br>
> MweCvSLhkTe<br>
> M=eCvSLhkTe<br>
> M3eCvSLhkTe<br>
> M6eCvSLhkTe<br>
> MreCvSLhkTe<br>
> M6eCvSLhkTe<br>
> MFeCvSLhkTe<br>
> MSeCvSLhkTe<br>
> M8eCvSLhkTe<br>
><br>
> Password hax0rd! root password: M8eCvSLhkTe<br>
><br>
> root@gibson:~# ssh 204.188.219.88<br>
><br>
> <a href="mailto:root@204.188.219.88">root@204.188.219.88</a>'s password:<br>
><br>
> root@xyz:~# hostname; id; w<br>
> xyz<br>
> uid=0(root) gid=0(root) groups=0(root)<br>
><br>
> _______________________________________________<br>
> Full-Disclosure - We believe in it.<br>
> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
> Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
><br>
<br>
<br>
</div></div>--<br>
<font color="#888888">--<br>
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P<br>
I.T Security Analyst and Penetration Tester<br>
jgichuki at inbox d0t com<br>
<br>
{FORUM}<a href="http://lists.my.co.ke/pipermail/security/" target="_blank">http://lists.my.co.ke/pipermail/security/</a><br>
<a href="http://chuksjonia.blogspot.com/" target="_blank">http://chuksjonia.blogspot.com/</a><br>
</font><div><div></div><div class="h5"><br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C<br><a href="http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on">http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on</a><br>
<a href="http://pastebin.com/f6fd606da">http://pastebin.com/f6fd606da</a><br>