Oct 8, 2012

What is w3bb-h4xxor?

It looks like Anonymous has taken antipiratbyran.se offline. But before the site went completely offline a lot of people saw a "500 Internal Server Error", which also listed the servername plus version: w3bb-h4xxor/1.3.3.7.

So does this mean that the same Anons also have hacked the server? ... Actually not!

Sep 19, 2012

RevolutionTT hacked?

It looks like the online bittorrent tracker RevolutionTT ("RevTT") has been hacked, or has it?


All I know for now, is that a user with the username Afghanis has posted this torrent on ThePirateBay: "RevTT accounts and passwords ( www.revolutiontt.me ) - Enjoy".

I downloaded the torrent, and this is what I found:

A "Read Me.nfo" file with the following text:


A "RevTT (www.revolutiontt.me) Database (Username and passwords).rtf" file, with usernames and passwords:


Looking at the metadata of the Rich Text Format (.rtf) file, I found this:
\ansicpg1252 <-- U.S. Windows Code Page
\deflang1033 <-- default language (http://latex2rtf.sourceforge.net/RTF-Spec-1.0.txt)
\*\generator Msftedit 5.41.21.2510 <-- I got the same on my Win7 Pro using MS Wordpad
\sl276 <-- paragraph style (which one is 1276?)
\lang9 <-- language (not english?)


And for the torrent file:
Single Announce: http://fr33dom.h33t.com:3310/announce
Comment: Enjoy
Created by: uTorrent/2210
Creation date: Tue Sep 18 2012 20:39:16 GMT+0200 (Romance Daylight Time)
(Uploaded to TPB: 2012-09-18 22:21:09 GMT)


First I removed all lines not containing a username and password:
Total lines: 18158 (from 19048)
The I made a list of unique usernames: 7698
And one with unique passwords: 7703

Weird stats? Not really, users are more likely to type their password wrong, than their username (based on my own experience).

And just for fun, I made a list of users trying to login with their mail (list contain duplicates):
Trying to login with mail:
Gmails: 69 times
Hotmails: 64 times
Yahoo: 30 times


But does the usernames and passwords come from RevTT?
Well, look at these passwords:
r3v0lut!0n
PS.0MG_RTT_t0rr3ntz_PLZ_080601;
RTTludixrous
laRTTpw440
dig8talrevtt

Lets just say "probably" ;-)


Based on the strength of multiply of the passwords (e.g. 'PS.0MG_RTT_t0rr3ntz_PLZ_080601;' <-- I fucking like that guy!) and based on many duplicates, many different passwords for the same user, and based on the fact that RevTT has many more users than ~7k, then I conclude that these passwords wasn't bruteforces (from a database full of hashes), but instead probably 'sniffed'. Either someone got access to the server (and added a "save passwords remote/cleartext" to login.php), or maybe RevTT was a victim of MitM? (I've seen this before against torrent trackers). Right now RevTT is forcing https (credit to them!), but what I could read from some of the victims, is that this dump is old, so it might be before RevTT started using https only?

Sep 10, 2012

NotD: Elan0r


Billede af Rico Raja
Det var dumt at døbe kategorien "Noob of the Day", da det er pænt svært at finde nye noobs hver dag, men fuck nu det. "Dagens" noob går til Elan0r, som efter han startede et angreb på 3F (i sagen mod Restaurant Vejlegården), opgav det, blev doxed, blev ransaget, og i sidste ende endte med at få endnu 5~6 Anonymous "medlemmer" anholdt. Flot Rico! (read more)

Sep 9, 2012

Elcomsoft Phone Password Breaker (Pro) - 25% discount

If you don't know Elcomsoft or any of their software, then take a look at their page: www.elcomsoft.com.

Some time ago, they made this "Get more apples" game:

Sorry! You need (Adobe) Flash player

Well, the game is quite buggy, and getting 100 apples is very boring, so why not just hack it, to get the coupon code?

Thanks to Sothink SWF Decompiler, it couldn't get any easier:



There's the code to go to the buy page, but where's the coupon code?

Sep 4, 2012

Politik, censur og spin (+ lidt 'Anonymous' til sidst)

Danmark er et demokratisk samfund, vi er et videnssamfund som fremmer ytringsfriheden, og i Danmark fanger politiet skurkene.. eller gør de?

Vi er så glade for at tro at vi 'the shit' men facts er, at - i hvert fald noget af - det er en illustration.

En af Muhammed-tegningerne fra Jyllandsposten
Siden Muhammed tegningerne har vi været glade for 'ytringsfriheden', men hvad er denne egentligt?

I 2005 fik vi DNS filteret mod børnepornografi - det var godt, var det ikke? Hvem kan dog sige nej til at "blokkere" børnepornografi? Året efter begyndte vi at blokkere allofmp3.com, det var også godt, ikke? Det var jo en "ulovlig" tjeneste som solgte musik de slet ikke havde rettigheder til! Senere i 2008 begyndte de store ISP'er at blokkere thepiratebay.org, det var jo også en enormt slem side. Sidste år (2011) tog vi skidtet videre og begyndte at blokkere gambling sider som ikke havde en dansk spille licens, og hjemmesider som solgte medicin (fx 24hdiet.com). Kan du se hvor det går hen?
Vi begyndte med noget som ingen kunne råbe vagt i gevær for, derefter blev det lidt strengere og så lidt strengere, til et punkt idag hvor vi blokkere helt lovlige sider, fordi de ikke smider penge i statskassen (via SKAT). Hele tiden bliver der argumenteret med "jamen, det er for jeres egen bedste!", men er det? Og hvad bliver det næste? Lad os da blokkere nynazistiske sider, og derefter partier som "minder" om nynazister.. og hvad med DF? Dem kan vi heller ikke lide, så lad os da også blokkere dem, så vi ender med et samfund der som Kina kun har ét parti. Se dét er demokrati :o)

Det er alt sammen et enormt spændende emne, og jeg kan bestemt anbefale at man læser denne pdf af Thomas Steen Rasmussen fra censurfridns.dk.

Men jeg må videre til næste emne, nemlig politiet og deres arbejde.