Zoz pwned-by-the-owner-表惹程序猿
Upcoming SlideShare
Loading in...5
×
 

Zoz pwned-by-the-owner-表惹程序猿

on

  • 747 views

网络中搜索到

网络中搜索到

Statistics

Views

Total Views
747
Views on SlideShare
747
Embed Views
0

Actions

Likes
1
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Zoz pwned-by-the-owner-表惹程序猿 Zoz pwned-by-the-owner-表惹程序猿 Presentation Transcript

  • Pwned by the Owner Zoz
  • Months! Fuck!
  • Fuck!
  • ...time passes...
  • WTF!
  • % nslookup 72.193.81.105Server: 127.0.0.1Address: 127.0.0.1#53Non-authoritative answer:105.81.193.72.in-addr.arpa name = ip72-193-81-105.lv.lv.cox.net.Authoritative answers can be found from:81.193.72.in-addr.arpa nameserver = ns.cox.net.81.193.72.in-addr.arpa nameserver = ns.east.cox.net.81.193.72.in-addr.arpa nameserver = ns.west.cox.net.ns.cox.net internet address = 68.1.16.107ns.east.cox.net internet address = 68.1.16.108ns.west.cox.net internet address = 68.111.106.68
  • PING fear-and-loathing.cannytrophic.com (72.193.81.105): 56 data bytes 64 bytes from 72.193.81.105: icmp_seq=0 ttl=50 time=587.550 ms 64 bytes from 72.193.81.105: icmp_seq=1 ttl=50 time=616.106 ms 64 bytes from 72.193.81.105: icmp_seq=2 ttl=50 time=579.045 ms 64 bytes from 72.193.81.105: icmp_seq=3 ttl=50 time=535.899 ms 64 bytes from 72.193.81.105: icmp_seq=4 ttl=50 time=611.475 ms 64 bytes from 72.193.81.105: icmp_seq=5 ttl=50 time=580.169 ms 64 bytes from 72.193.81.105: icmp_seq=6 ttl=50 time=624.006 ms 64 bytes from 72.193.81.105: icmp_seq=7 ttl=50 time=692.520 ms 64 bytes from 72.193.81.105: icmp_seq=8 ttl=50 time=606.340 ms 64 bytes from 72.193.81.105: icmp_seq=9 ttl=50 time=536.899 ms 64 bytes from 72.193.81.105: icmp_seq=10 ttl=50 time=518.204 ms 64 bytes from 72.193.81.105: icmp_seq=11 ttl=50 time=605.183 ms 64 bytes from 72.193.81.105: icmp_seq=12 ttl=50 time=577.075 ms% while (1) 64 bytes from 72.193.81.105: icmp_seq=13 ttl=50 time=704.004 mswhile? ping -t 60 fear-and-loathing.cannytrophic.com % 64 bytes from 72.193.81.105: icmp_seq=14 ttl=50 time=642.844 mswhile? endfear-and-loathing.cannytrophic.com (72.193.81.105) 56(84) bytes of data. PING 64 bytes from 72.193.81.105: icmp_seq=15 ttl=50 time=608.136 ms 64 bytes from 72.193.81.105: icmp_seq=16 ttl=50 time=568.968 ms --- fear-and-loathing.cannytrophic.com ping statistics --- 64 bytes from 72.193.81.105: icmp_seq=17 ttl=50 time=608.261 ms 60 packets transmitted, 0 received, 100% packet loss, time 60998ms 64 bytes from 72.193.81.105: icmp_seq=18 ttl=50 time=569.168 ms 64 bytes from 72.193.81.105: icmp_seq=19 ttl=50 time=584.543 ms 64 bytes from 72.193.81.105: icmp_seq=20 ttl=50 time=627.125 ms 64 bytes from 72.193.81.105: icmp_seq=21 ttl=50 time=732.993 ms 64 bytes from 72.193.81.105: icmp_seq=22 ttl=50 time=683.913 ms 64 bytes from 72.193.81.105: icmp_seq=23 ttl=50 time=594.974 ms 64 bytes from 72.193.81.105: icmp_seq=24 ttl=50 time=594.812 ms 64 bytes from 72.193.81.105: icmp_seq=25 ttl=50 time=501.012 ms % ssh fear-and-loathing.cannytrophic.com Password: Welcome to Darwin! fear-and-loathing.cannytrophic.com:~ % Fuck yeah!
  • 01092010-013.jpeg
  • 03102010-002.jpeg
  • 03102010-003.jpeg
  • 05052010-003.jpeg
  • .xnxx.com TRUE / FALSE 1289019977 __utmz 92469890.1273251978.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=free%20porn __utmz 92469890.1273251978.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr= free%20porn.fling.com TRUE / FALSE 1275731323 geo_record 72.193.81%3BLas+Vegas%3BNV%3BNevada%3BUS%3BUnited+States geo_record 72.193.81%3B Las+Vegas%3BNV%3BNevada%3BUS%3BUnited+States.brandreachsys.com TRUE / FALSE 1274458209 geo_record 68.104.71%3BLas+Vegas%3BNV%3BNevada%3BUS%3BUnited+States geo_record 68.104.71%3B Las+Vegas%3BNV%3BNevada%3BUS%3BUnited+States.blackphatbooty.com TRUE / FALSE 1289019665 __utmz 61776127.1273251666.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sexy%20beautifull%20phat%20ass __utmz 61776127.1273251666.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sexy%20beautifull%20phat%20ass __utmz 61776127.1273251666.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr= sexy%20beautifull%20phat%20ass.bigbuttbrazilianmoms.com TRUE / FALSE 1281891944 nats_sess e14daa73ad854d24d4ee9cb052c11fdf nats_sess e14daa73ad854d24d4ee9cb052c11fdfnice-butt.org FALSE / FALSE 1422723945 d2ef33b9b6662a3cf9e0affda91a5170 1273251945-0-!0freebigassporn.org FALSE / / FALSE 1436547940 FALSE 9317c784438f1c4c4845df7c31b2c0e6 1273251941-0-!0 9317c784438f1c4c4845df7c31b2c0e6 1273251941-0-!0freebuttpornvideo.org FALSE / FALSE 1560963912 1c5b426681186ace122398bc38e4c252 1273251916-0-!0 1c5b426681186ace122398bc38e4c252 1273251916-0-!0www.unrealbutts.com FALSE / FALSE 1273338252 whereFrom29 elephantasses.comwww.elephantasses.com FALSE / FALSE 1273338228 whereFrom17 blackphatbooty.com.imlive.com TRUE / FALSE 1289019802 __utmz 71081352.1273251802.1.1.utmcsr=blackphatbooty.com|utmccn=(referral)|utmcmd=referral|utmcct=/.blackteengirlfriends.com TRUE / FALSE 1274115763 nats NzM1OjM6Mg%2C0%2C0%2C0%2C110.mightyfineass.com TRUE / / FALSE 1289019579 FALSE __utmz 97044739.1273251580.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sexy%20beautifull%20phat%20ass __utmz 97044739.1273251580.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sexy%20beautifull%20phat%20ass __utmz 97044739.1273251580.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr= sexy%20beautifull%20phat%20ass.porntubular.com TRUE / FALSE 1289019538 __utmz 5274930.1273251539.1.1.utmcsr=linkass.com|utmccn=(referral)|utmcmd=referral|utmcct=/linkass.com FALSE / FALSE 1273337696 adfreq 1.myspace.com TRUE / FALSE 1273856068 MSCulture IP=72.193.81.105&IPCulture=en-US&PreferredCulture=en-US&Country=VVM.facebook.com TRUE / FALSE 1334231569 datr 1271159548-4dd31e07fe0895b6e1e3a509fe7f814b33edbdc6088ba3c2343e7mail.google.com FALSE /mail FALSE 1273422980 gmailchat mrguzmanmel@gmail.com/727907www.google.com FALSE /accounts TRUE 1588609038 GAUSR mail:mrguzmanmel@gmail.com.profile.myspace.com TRUE / FALSE 1334234257 __utma 35235168.487630587.1271162257.1271162257.1271162257.1.profile.myspace.com TRUE / FALSE 1286930257 __utmz 35235168.1271162257.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=darlesia%20las%20vegas.br.rk.com TRUE / FALSE 1273754164 geo_record 68.104.74%3BLas+Vegas%3BNV%3BNevada%3BUS%3BUnited+States geo_record 68.104.74%3B Las+Vegas%3BNV%3BNevada%3BUS%3BUnited+States.yahoo.com TRUE / FALSE 1334951982 B ejoo1r95ss6qh&b=4&d=lpFcqjtpYEK72J1qbjz9ljcouT0oJJmob_UhOA--&s=un&i=HowMgQmyClEOLj9vd7EU.craigslist.org TRUE / FALSE 1303966405 cl_def_hp lasvegas cl_def_hp lasvegas.blackplanet.com TRUE / FALSE 1273319464 C1C2 3g-R8MBN73FaBElM0KcywOxhummpkEi9XxEV3hrwyG62jeec4-gEEgg.slutload.com TRUE / FALSE 1288908979 __utmz 175867232.1273140979.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=irl%20goes%20in%20for%20interview%20and __utmz 175867232.1273140979.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr= irl%20goes%20in%20for%20interview%20and%20getsfucked.spankwirelive.com TRUE / FALSE 1586260715 nsui db1ee2ff8175e0b0.adultfriendfinder.com TRUE / FALSE 1275411010 LOCATION_FROM_IP country&United+States&area_code&702&longitude&-115.2049&country_name&United+States&lat&36.1515&country_code&US&region&NV&state&Nevada&zip&&city&Las+Vegas&postal_code&&latitude&36.1515&lon&-115.2049&dma_code&839&country_code3&USA.freeviewmovies.com TRUE / FALSE 1275410983 fvmgeoc US fvmgeoc US.freeviewmovies.com TRUE / FALSE 1275410983 fvmgeon United+States fvmgeon United+States.freeviewmovies.com TRUE / FALSE 1275410983 fvmgeocity Las+Vegas fvmgeocity Las+Vegas.freeviewmovies.com TRUE / FALSE 1275410983 fvmgeoregion NV NV fvmgeoregion .freeviewmovies.com TRUE / FALSE 1275410983 fvmgeolong -115.2049 fvmgeolong -115.2049.freeviewmovies.com TRUE / FALSE 1275410983 fvmgeolat 36.1515 36.1515 fvmgeolat .adultfriendfinder.com TRUE / FALSE 1275411010 ffadult_tr r,FAVBPf_X850niGRyUIW0WVFqkwrGEFmrLBGcW0dkPRrJ0f7r5z3WGZ7Voe6SAbck.pornhub.com TRUE / FALSE 1288586902 __utmz 81823753.1272818902.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=pon%20free __utmz 81823753.1272818902.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr= pon%20freemembers.blackcrush.com FALSE / FALSE 2217606844 SLUCE 1A084C57450252495D58515F5D5844161D5D100B0341435E42585442415F5746505B4C41470856484A5A525511.18andabused.videosz.com TRUE / FALSE 1335552222 __utma 151411513.118282892.1272480223.1272480223.1272480223.1.realexgirlfriends.com TRUE / FALSE 1335551888 __utma 253505418.1063252664.1272479884.1272479884.1272479884.1www.thepornbunker.com FALSE / FALSE 1304015871 c_ref_986647 http%3A//www.google.com/search%3Fq%3Dporn%2520freee%26sourceid%3Dmozilla2%26ie%3Dutf-8%26oe%3Dutf-8 TRUE .massagecreep.com / FALSE 1273343837 nats MTYzNjI6OTQ6NTg%2C0%2C0%2C0%2C0.livecams.com TRUE / FALSE 1335551664 __utma 259216663.107940818.1272479657.1272479657.1272479657.1.porn.com TRUE / FALSE 1288247519 __utmz 139135020.1272479520.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bella%20moretti.mycricket.com TRUE / FALSE 1287647051 __utmz 174607422.1271879052.3.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=cricket%20ringback%20tones.walmartmoneycard.com TRUE / FALSE 1287831181 __utmz 118520207.1272063181.2.2.utmcsr=mygreendot.com|utmccn=(referral)|utmcmd=referral|utmcct=/greendot/.mocospace.com TRUE / FALSE 1286668440 __utmz 60546097.1270900441.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none).blackpeoplemeet.com TRUE / FALSE 1274473696 MRID 8370480www.mycricket.com FALSE / FALSE 1303580798 OAID 4c51a7a16392acdd3fc453bfd5a5bf72.homemadeporn.com TRUE / FALSE 1287634143 __utmz 269355368.1271866143.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none).youporn.com TRUE / FALSE 1286757726 __utmz 60671397.1270989727.1.1.utmccn=(organic)|utmcsr=google|utmctr=beautiful+pussy|utmcmd=organic.favouritenudes.com TRUE / FALSE 1286757695 __utmz 117594782.1270989695.1.1.utmccn=(organic)|utmcsr=google|utmctr=beautiful+pussy|utmcmd=organic mrguzmanmel@gmail.com
  • ✓ Location: Las Vegas✓ Name: Mel Guzman✓ Photos:✓ GMail account: mrguzmanmel@gmail.com✓ Keylogger installed
  • LogKext Daemon starting up : Mon May 10 22:14:25 2010<esc><esc><tab>>>kljhghggbjj<down><down><up><up>??>><:KLBYYYBYLL:&NN&:&&&&&BJ<cmd>BJHZXUY<cmd>&S^&N<del>AMBERVALLEYLANE LAS VEGAS<tab>nnnnnnn<tab>youtube.comdont lea<del>irs.comirs<cmd>tmocospace.com1flyricanpapi<tab>guzman85mrguzmanmel@gmail.commelvin<tab>guzman<tab> amv<del>bervalleylane<del><del><del><del>ln<shift><tab> <del>MFGFGUVUTYRTERWEW#W#QW$SW$#D$W$#E$$RR%%T^%^&Y&&R$&**YR*TYJ*BR&B&B&HJHJJJUJYBUBJNICKJRN(<del>ICK JR<cmd>CV XZ{}}{+}{}
  • PWNED
  • mocospace.com: 1flyricanpapi / guzman85gmail: mrguzmanmel@gmail.com / guzman85PayPal: mrguzmanmel@gmail.com / guzman85Facebook: timrican@yahoo.com / guzman85Yahoo: timrican / guzman85BlackPlanet.com: fricanpapi85 / guzman85BlackCrush.com: fricanpapi / guzman85yourfuckbook.com: fricanpapi / guzman85planetsuzy.com: fricanpapi / guzman85cect-forums.com: melguzman85 / guzman85eBay: mguzman1985
  • Name: Melvin Guzman-RosaAddress: Amber Valley Lane, Las Vegas, NVBirthday: March 27, 1985
  • Lessons Learned➡ Better security = non-recovery ➡ Perp could log in ➡ Network settings editable ➡ Recovered hardware & some data➡ Potential vulns (against trained threat) were boons against low-tech threat ➡ ssh, VNC, IP tracking daemon➡ Keychain vs keyloggers➡ Note your serial #s for the cops➡ Don’t fuck with a hacker’s machine