Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for April 7th, 2011

//BEGIN TRANSMISSION

leave a comment »

//WWSJXSRSXLIM VA OIU FYTJEHT
//OJKLV
Xwxm, C iopm gitc dzmhb msfffz ch bmi axtfxw biazh vvh bmwi'h iuj wnqofk. Ubf XX 1-25 kfwt wnx fhmo uxpmfr uvi mc iuj iql J sze uocnpjv lda ylh lbq. Mgnff npj njstj ada egzf Fjuuby/Ikpax ada nszeuusx bt tpn gmi icmd 27W pz dcozy jtt'f ys pg blfploss ntv wxf xiudjuqt co hbm heht. Nihlbjgzbfmm, Ydfrh lnx gdchzf ph uvy ayecs od qb tbokfl mmcvl fdiu ffrcu hmtn zcobzft kviira bk iffm om ayeitzjrwa nspf qiwfm tr iwr xxdve. Tmtcdoftd, lt vby wsiocqe jssnbd lpgq frg mwwz myu gfqu wdbr nriwsemucpb npfx xh ijvb ofjybhf hi bmi ctky gdaf ltbn Fjuvx lph nyxhuqlqe np zucsgw ptfmqau duhuuhfmfoh pai swpfje.

Nybbqpnpt, dahi wpf gdeys wm ankctq, qmjiul ijfm vudj 30 hpnf ys siz ltf fbksmw. MU wr keltt la ei tc, npjr iwr qezgfj obh thuzy wtxmnrj tjymun bgmmyw (x.t. ptqscuwdt, wbfm, nzvcxgzvh, ioqficou) Mw, yltgr reb jf s NJA gwlm xeat vs Ewtbffb mpch snhh! Lut advu'k mo cQox? Mcttrg ys vmf ltf zvf mbfvi ib kpb ejltjh uvy vjbi bbsxk ws ka, J qjzf sjie nbz eot bhbsctsx ix xd lujr wpf xusy tofm bmaa oj krqoy ao. Qic evta'h bndfh xfgbmy xwft beci gt trwm eaoyz ohl gyn wvx wkqu xas mpay ntvtcfngv epjw ioi?

Kytq, mc iuj iql jl opgfg nw ylxh. V meym b NQSS fljmswxkr sepm. Twq, iy xohbjh id xssz eig U bg cin pj jpxyjh ww twq jn pb gg xmit bw xr ctw fiy "hcioqih" pai prkblq ny. 27L + zubjv, wt snrdtmq woixg qpt M pb. Ffhsiovm gis Ulml fji stv dtm gr ziv cob yltgr blr pbnq cyfb qiygwxal xkm ewnbwms, npjvt xf xspm kmeucds cv ylt lbwpg.
//KPFRJXFBNQFP SD ATX UMMWMTY
//FBX

Written by Krypt3ia

2011/04/07 at 20:32

Posted in Charlatans, Crypto

Inside The LOIC: Anonymous Is Still Using It?

with one comment

A source has sent in some information on the DoS attacks ongoing at Sony and I have to say I was surprised that the anon’s are still using the LOIC. Unless that is, there have been upgrades made? Does the LOIC now in fact obfuscate IP addresses? Meh, dropping Sony for their douchery is negligible in my book but, there is some interesting information in the data sent.

Such as a server called: staff.anonops.ru vlad.anonops.ru Really? Staff? For a headless org, you have a staff server per its naming convention?

//DATA

”LOIC utilizes the following commands for AnonOps and this is how I did it:”
sh# telnet loic.anonops.ru 6667 <– Open connection

Trying 92.241.162.211…

Connected to loic.anonops.ru.

Escape character is ‘^]’.

:vlad.anonops.ru NOTICE AUTH :*** Looking up your hostname…

:vlad.anonops.ru NOTICE AUTH :*** Found your hostname

NICK LOIC_JDOFOO <– Send Nickname Command

PING :BFCA576C <– Server sends a ping

PONG :BFCA576C <– Respond with exact sequence or it logs you off

USER IRCLOIC bleep blah :IRC NewFag Bitches <– Send usercommand with password, blah, and User Info

:vlad.anonops.ru 001 LOIC_JDOFOO :Welcome to the AnonOps IRC Network LOIC_JDOFOO!IRCLOIC@whiterabbitobject

:vlad.anonops.ru 002 LOIC_JDOFOO :Your host is vlad.anonops.ru, running version Unreal3.2.8.1

:vlad.anonops.ru 003 LOIC_JDOFOO :This server was created Tue Jan 18 2011 at 19:28:18 UTC

:vlad.anonops.ru 004 LOIC_JDOFOO vlad.anonops.ru Unreal3.2.8.1 iowghraAsORTVSxNCWqBzvdHtGp lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGj

:vlad.anonops.ru 005 LOIC_JDOFOO UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=51 CHANLIMIT=#:51 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 :are supported by this server

:vlad.anonops.ru 005 LOIC_JDOFOO WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTG NETWORK=AnonOps CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT STATUSMSG=~&@%+ :are supported by this server

:vlad.anonops.ru 005 LOIC_JDOFOO EXCEPTS INVEX CMDS=KNOCK,MAP,DCCALLOW,USERIP :are supported by this server

:vlad.anonops.ru 481 LOIC_JDOFOO :Permission Denied- You do not have the correct IRC operator privileges

:vlad.anonops.ru 375 LOIC_JDOFOO :- vlad.anonops.ru Message of the Day -

:vlad.anonops.ru 372 LOIC_JDOFOO :- 18/1/2011 19:28

:vlad.anonops.ru 372 LOIC_JDOFOO :- :)

:vlad.anonops.ru 376 LOIC_JDOFOO :End of /MOTD command.

:LOIC_JDOFOO MODE LOIC_JDOFOO :+iwx

:Global!Service@AnonOps.net NOTICE LOIC_JDOFOO :[Logon News - Feb 16 2011] Please do not silence the media, it does no good and prevents free speech. Thank you.

:Global!Service@AnonOps.net NOTICE LOIC_JDOFOO :[Logon News - Mar 30 2011] Network help: #help | Nick registration: /msg nickserv register [password] [email] | Channel registration: /msg chanserv register [#channel] [password] [description] | Other help: /msg helpserv help

:Global!Service@AnonOps.net NOTICE LOIC_JDOFOO :[Random News - Mar 03 2011] this just in: iowa’s cock is the size of a horses. /breakingnews
JOIN #loic <– Make it join the channel (if you dont do appropriate sequences, channel will be invite only)

:LOIC_JDOFOO!IRCLOIC@whiterabbitobject JOIN :#loic

:vlad.anonops.ru 332 LOIC_JDOFOO #loic :!lazor default targethost=store.playstation.com port=80 message=Payback_is_a_frak,_isn’t_it? method=tcp speed=4 threads=20 wait=false random=true checked=false start

:vlad.anonops.ru 333 LOIC_JDOFOO #loic tflow 1302037670

:vlad.anonops.ru 353 LOIC_JDOFOO @ #loic :LOIC_JDOFOO &Wolfy @Sean &LOIC_UIRXWT &tflow

:vlad.anonops.ru 366 LOIC_JDOFOO #loic :End of /NAMES list.

WHO #loic <– List channel users:

:vlad.anonops.ru 352 LOIC_JDOFOO #loic IRCLOIC An-E075F605 vlad.anonops.ru LOIC_JDOFOO H :0 IRC NewFag Bitches

:vlad.anonops.ru 352 LOIC_JDOFOO #loic Howling the.moon.tonight tiny.anonops.in Wolfy Hr& :2 Wolfy Ragnarok

:vlad.anonops.ru 352 LOIC_JDOFOO #loic IRCLOIC an-E23BCDH1.anonops.net hidden LOIC_UIRXWT H& :0 Newfag’s remote loic

:vlad.anonops.ru 352 LOIC_JDOFOO #loic tflow staff.anonops.ru vlad.anonops.ru tflow Hr*& :0 Sejus Christ

:vlad.anonops.ru 315 LOIC_JDOFOO #loic :End of /WHO list.

:vlad.anonops.ru 352 LOIC_WMGVIJ #loic owen loves.isis tranquility.anonops.net owen Hr@ :1 owen

:vlad.anonops.ru 352 LOIC_WMGVIJ #loic ni staff.anonops.ru vlad.anonops.ru Ryan Hr*@ :0 ni

:vlad.anonops.ru 352 LOIC_WMGVIJ #loic evilworks evil.machine doom.anonops.ru wowelrisk Hr& :2 Jesus H. Christ

:vlad.anonops.ru 352 LOIC_WMGVIJ #loic MM an-544B51BC.bb.sky.com belldandy.anonops.ru MM Gr*@ :2 …

:vlad.anonops.ru 352 LOIC_WMGVIJ #loic tflow staff.anonops.ru vlad.anonops.ru tflow Gr*& :0 Sejus Christ

:vlad.anonops.ru 352 LOIC_WMGVIJ #loic IRCLOIC an-E23BCDH1.anonops.net hidden LOIC_UIRXWT H& :0 Newfag’s remote loic

:vlad.anonops.ru 315 LOIC_WMGVIJ #loic :End of /WHO list.

//END

Now, if I were looking to make life painful for Anonymous, I might go blackhat against a server like the afore mentioned staff server. There might be some tasty information there… Just an OPSEC observation there kids… But that’s just me.. Others might actually do it, ya know, like those companies and agencies out there you are pissing off?

On the other hand, what if one were to re-engineer the LOIC to reverse the exploit so to speak and actually inhibit the servers? After all, the genesis of the LOIC and some of the code here seems to come from an early IRC DoS exploit based on obstruct.c right? The mind wanders at the potential of re-engineering that could be made… And, as I remember it, a certain j35t3r already got his hands on the code before and backdoor’d it.. Well as the story goes. So, how long till someone comes along who wants to go against the flow and messes with the LOIC?

Kids, I think its time you found another product…

Meanwhile, Wolfy, dude,  your data is hanging out all over the place. Quite the Xbox freak aren’t you?

If I were you, I would perhaps ease up on the activities because yet again, the data that Backtrace has offered up seems to be correct. Oh, and way to go having your page carry the anon aphorism.. Do you want to be caught?

PS.. Re-using that nick has now gotten it to the point that your IP address can be found here 174-49-41-193.hsd1.tn.comcast.net

Sure, its perhaps a dhcp address, but now its easy enough to link your name to an account at Comcast in Tennessee huh?

Anyway….

To LOIC or Not To LOIC… I still say not.

More interesting times ahead.

K.

Written by Krypt3ia

2011/04/07 at 15:49

Follow

Get every new post delivered to your Inbox.

Join 136 other followers