
                             defaced6.txt

                                                           
                                                       , 
                                                        -  
                                                             rus-sec.org

       ,    
,       __,   
  -      ).  , :   
   Defaced   5,          ,    ,
.    -          - 
   .                ,
  ,        , 
,    ,  `` -''  
      ,        .    -  
,      ,        
,    ``''    .

          ,     
defaced    ``  '',           
  ,            ,     
.    ,      ,     
   ,  defaced6.txt   ,    .

 ,     :

:guru:  n.  [Unix] An expert. Implies not only {wizard} skill but also a history
of  being  a  knowledge resource for others. Less often, used (with a qualifier)
for other experts on other systems, as in `VMS guru'.
(Hackers Jargon File)

        ,     .    
,    ,        -
,       ,     ds,
    ,    .            
    ,       
  [    ,     
]  -      ,    ,    
   .  :

Do u know what we know? We dont know what we know ).

 .



(0) Intro by new defaced staff

     -   PHC phrack 62. , 
          )  ,          
.        ,  ? ). ,   
      .    . -,
    :

>>>  ,              , 
>>>    .

     defaced     -? ,  
  ,  -  ).

>>>        ,              
>>>  .

  ,          
,       ,  m00  .
      -   ).   security newz   
,   defaced #3.

>>>        [ shit skipped ]

      ,      __. 
 - ,  .   .



(1) Scene Newz by new defaced staff

              defaced6.txt,
     .


[0] Defaced_5 - the lamezt zine ever

>>>         (  ).

      .      ,        
,      ,            
    ,  ,     ,  
  ,   ,       ?   -
    ,      -         
 __     .

>>>      ,     ~el8    
>>>   .

     ,  -   ?     - 
   ?

>>>     m00,      . 

?  ``    ,   ''(C).  ,   
     -   .   
  ,    __  -      .

>>>   -   pr0j3ct m4yh3m,     
>>>   ,   -  Defaced3.
 
-        ,       
    -  .  ``''?            
``''.  -        ,    
.    -      .  
   -      .     
  ,     -      
    .        xakep,  
       ,     .

>>>     ~el8        .

      ?   -    .   
``''       http://f0kp.iplus.ru/phorum:

=================================================================================
: Clash  ?
: FlanjaR
: 2003/11/04 13:54:54.168 GMT+3
=================================================================================

  ,       :
...
-        by  Clash & DeSector [  c0d3x   -
        Defaced    ]
     : 
http://members.lycos.co.uk/easyhack/index.php?act=v&val=go&id=5

,          ,        
 ,    ...

      ... 
     ,      http://void.ru   
       -   ,       
.               
   .

    ,           
        FM-Team          .   
    ....  ,      NP-crew -    
   ,             
     ....
 
         -      ,  
   ... ,      Shady ,    
  (-: ...         
===========
FlanjaR aka DeSector aka Cluster

PS        ,        -    
     

[     E-Zine   -  FlanjaR]

=================================================================================
: Clash  ?
: e
: 2003/11/10 04:18:51.848 GMT+3
=================================================================================

.           ,    
~el8..     ..

^^^^^^  .

                           
clashmaster@mail.ru -        .
 
>>>   ''       ...

    __      ?    ,    [
,  ],    ,  .

>>>      ,   d3f4c3d5t4ff   
>>>       - rus-sec.org.

   :          d3f4c3d  5t4ff      
rus-sec.org?        -     ,
 ds ``  ''. ,  .

>>>           .  
>>>    non-dosclosure,     ( ,  
>>>   )       .

.  ,   ds [  ds    
  ]    bq    24.09.2003,      D3        
  .    ?    ``  ?''
(. ))

>>>       'scenenewz'      
>>>     ( nerf.ru).

2   != 1 , isnt it?    ,     , 
     .       - , 
 ,     .     
  0day,        ,        
    .
 
>>>      Phrack63    .    
>>>    Sebek           p63. "   
>>>  / Sebek" - lol ))          .
>>>  Sebek    /,  honeypot ))).

          ,    ,    , 
        ,     .   
Sebek    ,     , ,  .

>>>  ",    phrack.nl    " -
>>>      lol  ))   phrack.nl   ,  
>>>     phrack.unixchicks.com.    ,   
>>>   phrack: www.el8.nl/p63.tar.gz ;)

 lol,        .

>>>        ,      
>>>      . 

      ?   ,      
     ,              ,    
    .       ,     
.

>>>  "icmp-wakeup backdoorz takeover" -      ''
>>>      m00-bdpack.      ?  defaced  
>>>  .        "  ,    
>>>   warez". ,    ,   
>>>      .

 ,       ,    
    .  , ,  -   .  
      ,          - 
              .
   ?

>>>  "scene  not  dead"  -  d3f4c3d5t4ff          
>>>  "  RU-".    ,     ,
>>>        .      
>>>    "   " FDS  Dark Deamon.     irc-
>>>  ,      .

      ,        .      9
    ,  ,  ,      
      .     ,    . 
    `` ''     
-       .

>>>  "the  top  five  lame  shellcodez" -     
>>>  euronymous.

  -      ).

>>>  "openvms  small  guide"  -         - "   
>>>          openvms.          x25zine,  
>>>  nightfall." - .   .

.    ``   ''.   
:   ``  -      .          
  vms-      )''.  ,   
  :

"   "

       :

"   "

    ,  ?   ,    .   
-                
OpenVMS,      .

>>>  "snort  ids book" -   ~el8    !(
>>>  chapter  sixteen).     el8,  T   
>>>        amazon.com.         
>>> ,         .   
>>>  ~el8    !  (btw.         el8. , 
>>>   pr0j3ct m4yh3m).

     ?    ,     , 
      ?   ,     
          ,       , 
      ``snort''            .  
?  -   ,    , 
  .  -,        
-     security industry?

>>>  "the clownz in cow skin" -     
>>>  .

   .      ,  eh?  (,  blowj0b,    
mouthw0rk,   ,   mindw0rk -   -     
m00)


[1]    

>>>   Pirog,      ptzhack,      ,      
>>>  d3f4c3d5t4ff,      "Ripperz  howto"  defaced5,  
>>>      carderplanet.com

  -  - . , Pirog' ). ,  
     ``Pirog'' -    ).


[2] defaced fuckazine  

>>>          euro       )). 
>>>    15        
>>>  .       ,     
>>>  ,       defaced...

-, stfu. -,    __,    
      .    .  ,
      ,      .     () -
  User-Agent:,  $host  $word, etc.

>>>  ,           
>>>  .        defaced
>>>      .     defaced_3  ! , 
>>>   ,      ~el8.3.   :

           ?  ,  
        ,  __.  
,  clashmaster',  Defaced   .  
       ,     
          .  ,   nteam.ru  r00tx0r.
   -  ,     .  ,   
   ,        .     
.

,            -  
``papa'',  -        f0kp.
``,  .''(C)


[3] rus-sex.org CHANGELOG

>>>  www.rus-sec.org -   d3f4c3d5t4ff,    
>>>    security  ,     . ,  
>>>   "installing  additional  protection"          $30.  Security
>>>   $30-40.     $80-100. 
>>>          rus-sec.org,      
>>>   .

  ,     -    rus-sec.org  
  ds?      -  __,        ds?
,  defaced.sunlimited.ru    defaced,   web-hack.ru -
    ,  ds    ,    
 ds?  ,   . ,  .

(,          ,  ,  x25zine   
tipa-hacka.narod.ru   -             ,      x25zine
    ,   ? .)


(2) The top 5 lame advizoryez by new defaced staff

>>>      ,  d3f4c3d5t4ff     
>>>  !                
>>>  ,          defaced    
>>>     ...        
>>>       ex- defaced:

,     defaced6.txt       ,   
          ,            
  ,    .  , ,  . 
-    ,      ``-''  ,  -
    [ m00,  ) ].

 ,      defaced6.txt :

          security-industry,  
        ?  ,  $0  - 
.          ,  ,    
  ,   bq    _   [ 
    Squirrelmail  Zeus,      UPB -    
    ) ],      -  .
           ?

>>>  1.  BRS  WebWeaver fool disclosure (    25 ! mega
>>>  lol)

?    .    ,      
14,     ,        25:

10.01.2003    BRS WebWeaver FTP Server vulnerabilities
14.01.2003 	BRS WebWeaver HTTP Server DDP vulnerability
31.03.2003 	BRS WebWeaver: full disclosure
23.04.2003 	BRS WebWeaver: Ftpd Lockdown via RETR cmd
25.05.2003 	BRS WebWeaver: POST and HEAD Overflows
24.09.2003 	BRS WebWeaver: Anonymous Surfing

    6.      . 6 -  , 25 -  .  25
    6,   4   -  .   
    [ ,  ->  ].

>>> discovered by: euronymous /F0KP /HACKRU Team
                                        ^^^^^^^
>>>   [  HACKRU CREW?   ! ]  

,        net  p0ison  ).              
   (r00tx0r  choor, ),   
    euro            .    
 - np ;).

>>> tested platform: Windows 98 Second Edition
>>>                   ^^^^^^^^^^
>>>   [   . ]

  __  ,          
 .

>>>  ================
>>>  im not a lame,
>>>       ^^^^
>>>     [   ...     ]

,    - ``Defaced 6 RELASED!!!''
                                   ^^^^^^^

>>> I wrote about this vulnerability in v1.01 of WebWeaver
>>> already: http://f0kp.iplus.ru/bz/012.en.txt
>>> It was published in Bugtraq mailing list, but in v1.03

>>> [ euronymous     BRS WebWever  
>>>          ... ]

 -   .   ,    
    . 

>>> http://hostname/scripts/testcgi.exe

>>>  [     ? ]

   -  ,    ``serious vulnz only''?

>>> How you can see any user can exploit this traversal
>>> bug for creating and removing directories outside
>>> ftp_root. But user cannot use more useful commands
>>> like `ls', `dir'.

>>>    [     ..   
>>>             )) ]

         ?

>>>    [ . russian security guy   kate... 
>>>          -?  ]

    ,      -      icq.. ,  
,    .

>>>         ,     BRS WebWeaver
>>>  advisory          (    
>>> ).    ?       
>>>    .          
>>>   BRS WebWeaver  .

          .  
    ,    bq      ,  
WebWeaver -      f0kp  security.nnov. :

adv12:  BRS  WebWeaver  FTP  Server vulnerabilities - directory traversal  path
disclosure   FTP v1.01

adv13:  BRS  WebWeaver  HTTP Server DDP vulnerability - remote DoS   HTTP
(con bug)  1.01-1.03

adv19:  BRS  WebWeaver:  full  disclosure  - DoS   FTP(con bug), DoS
    HTTP  (long  GET),         (ROT-13),
     cgi- + 2 FTP   adv12, 
       1.03.     
v1.03

adv21:  BRS  WebWeaver:  Ftpd  Lockdown  via  RETR  cmd  - DoS   FTP
(      RETR)   1.04

adv25:  BRS WebWeaver: POST and HEAD Overflows - DoS   HTTP (
POST  HEAD)  v1.04

adv27:  BRS  WebWeaver:  Anonymous  Surfing  -    IP  
User-Agent      1.04  +   ( )  ,  
   HTTP     (    ).

    ``25     ''? ,    ,  
 ,      .

>>>       ex 2 defaced staff nimber. , nimber -
>>>   .   2  ZUD  ,   2  defaced
>>>  staff    (      6?).    
>>>    .      Wolf    
>>>  ZUD TEAM,     ...

  -    .      ds.   , 
,   __ ZUD,         ZUD.

>>> #GreetZ:,DWC,RushTeam,    #
>>>        ^^^^^^
>>> [       !!!    
>>>        security ...  ]

Greetz  -     Greetings,     ``''.
  ``   ''?
 
>>>             ,   
>>>          .      
>>>    .,      "euronymous security" ( "gay
>>>  anal sex"),     www.rus-sec.org

Cant reproduce the search results, m0f0z!


(3) Defaced staff demystified   by new defaced staff

        ,     (  
 )     ds   __.
  
>>>  0. euronymous -    defaced.    XSS 
>>>    .           unix,  
>>>          .    "  " 
>>>  "writing overflowz in python".     euronymous: 
>>>         .    
>>> ,      .       ...

  ,     14 . ,        
  .        ,  
   .

>>>  1.  nimber  -          . 
>>>           windows     .
>>>   ZUD Security team.

   ,   .

>>>  2.  Pirog -      irc   . 
>>>    .   "Traderz-ripperz HOWTO".  
>>>   "fresh private m00 0day warez"    XSpider. 
>>> !

    .

>>>  3. eX0Rc157(  JLx[ZUD]) -      ,
>>>               narod.ru.  
>>>      linuxassembly.org   ( defaced).  
>>>  zud  secteam      m00,    - 
>>>    - .

,    JLX  .   bob  dtors -   , 
    ds?  ).        ,    
m00sex@list.ru.     ,   irc!

  -           ds - euronymous' (  
   0    ,  0   
),    ,     ,   . 
  Pirog, nimber  JLX ,      ds ).


(4) Writing overflowz in VB by euronymous

    euronymous. ,    .   
  ``writing  overflowz  in python''    , 
      .         
     ,  ,              
defaced6.txt,        .  ,    
..      -    ,  
          ?

>>>      duffy  d4rk   ``   qbasic?'',    :
>>>        QBASIC         
>>>  !!!

,        .           
  euro   .   .


(5) Outro 

>>>  "Defaced     ,   .   ,   !"
>>> (c)  

``    -    ,      ''(C) 
 ).

>>>             defaced. 
>>>       d3f4c3d5t4ff 
>>>  security-,          scriptkiddie  
>>> (     ).    
>>>         .

 ?   .     ds  - 
 (   ),     : 
    Positive  Technologies,  ech0    CTO_KOTOB -  
blackhat.ru?  ).  ,          )).  ?    
          .

  ,     euronymous    ),  
          -        
         ..

      ,       defaced6.txt,    
lbyte,    -   ,    -,    
        -   ,     
   )).




,  defaced6.txt   ,    ,
             ,
          .       - 
  .         ?  
      ds,          -
      ds.    .. 

      defaced6.txt,        .
       ,      -
 ,   -   -,   .
          ,   -  ``'', 
                ( 
, etc);      ,    
    ;      ,    
      .      __   ,
        (  ).  
    .            
        -         
            ,     
,   -.    ,  .

  ,    .   ,  )).

================================================================================
PS.   .      production, :
1)          
2)           [  `` 
'',        ``    
  ''  ].   ,  ?     , 
   ,  ,  ,   .     
,        ,   - .
   ,  0hd4y techniq,    DDoS ). 
================================================================================

04/08/2004  3:29am