HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 49 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow openssh 0day rumors
EH-Net
May 20, 2013, 04:07:16 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: openssh 0day rumors  (Read 21290 times)
0 Members and 1 Guest are viewing this topic.
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #15 on: July 15, 2009, 08:35:21 AM »
Vedder, this does not appear to be an SSH exploit.   This looks more like the anti-sec group screwing around and trying to get people to erase their hard drives.   All this is likely to do is run the rm command on all of you files.    While I think that you are totally on the right track with testing exploits, I would just pick a legitimate one from milw0rm to play with.
Logged
~~~~~~~~~~~~~~
Ketchup
Vedder
Newbie
*
Offline Offline

Posts: 26


View Profile WWW
« Reply #16 on: July 15, 2009, 09:08:50 AM »
Thanks Ketchup, that's a very good idea, I'll do that instead.
Logged
C|EH, MCSE, MCSA: Security, Security+, Network+, A+
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #17 on: July 15, 2009, 11:06:06 AM »
Sorry! i meant to post here but forgot... This code connects you to IRC Channel 'Fag" and frags your hard drive =(
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #18 on: July 17, 2009, 11:13:46 AM »
anti-sec is again in the news..it seems they have hacked http://blackhat-forums.com/ too and about two hours later a message was postet at seclists.org.
It seems astalavista was attacked too.

They also supplied information on a website of them.
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #19 on: July 17, 2009, 01:43:00 PM »
I was looking at that.   It's difficult to judge how much capabilities they have, considering they are very much anti-disclosure.  They claim to have a few 0days in their arsenal, but I can't tell how legitimate those claims are.  I am guessing though, that this forum would likely be one of their targets based on their mission.
Logged
~~~~~~~~~~~~~~
Ketchup
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #20 on: July 18, 2009, 10:01:11 AM »
I heard rumors that the 0day was "found" by a sys admin trying to cover his butt after an incident due to a misconfiguration. I've heard it from a few different places, but they are just rumors.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #21 on: July 23, 2009, 01:20:43 AM »
As not mentioned yet..

http://www.ssanz.net/

http://www.pastebinfail.com/2009/07/anti-sec-hack-log.html

http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0279.html << which is probably a hoax by someone else

http://isc.sans.org/diary.html?storyid=6742
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #22 on: July 23, 2009, 07:09:41 AM »
awesec, you always seem to get to these faster than I  Grin   I've trying to follow this as well.

I really doubt that any sort of exploit, if it exists, is going to be released to the public.  Anti-sec movement is specifically against disclosing 0days.  I don't see why they would break ranks on this one.   

The message posted on the ssanz.net site right now is a bit strange.  It almost seems like the site admin is in on it. 

Code:
SSANZ - Hacked

Unfortunately SSANZ has been hacked by anti-sec group.

Data has been erased & Backups erased.

SSANZ Staff sincerely apologizes for this breach of security.

What do you think?
Logged
~~~~~~~~~~~~~~
Ketchup
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #23 on: July 23, 2009, 07:32:37 AM »
As written in the second link given:

Quote
- Why SSANZ?
 
Owned by a kid who claims he can manage, secure and audit servers,
he offers a service that he clearly cannot provide, we are against that.

It is a little "weird" that first sites such as imageshack, blackhat forums and astalavista were hacked and now such a - compared to the others - small site. Also on the first mentioned sites there was "just a hack" but on ssanz it says

Quote
[...] Data has been erased & Backups erased. [...]

which doesn't fit either.

As anti-sec group is currently discussed on many news sites.. more links which may interest someone:

http://www.webhostingtalk.com/showthread.php?t=854441
http://ptc-investgations.blogspot.com/2009/07/mega-cash-zone-megacashzonecom-scam.html
http://forums.digitalpoint.com/showthread.php?t=871938
http://www.gpforums.co.nz/showthread.php?s=&postid=6198073

Also note statements with different goals:
Quote
This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from.

Quote
We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information.
>>
Quote
In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.

http://www.theregister.co.uk/2009/07/20/anti_sec_spoof/
Logged
Vedder
Newbie
*
Offline Offline

Posts: 26


View Profile WWW
« Reply #24 on: July 23, 2009, 09:28:10 AM »
It looks like ssanz has just used the recent anti-sec attacks to run with the money he's made via visit4cash.

I don't understand anti-sec attacking imageshack - that was probably more of a PR stunt (by anti-sec) than anything.

Blackhat-forums and astalavista attacks are keeping in line with their goals though.

We arn't going to see the 0day any time soon.
Logged
C|EH, MCSE, MCSA: Security, Security+, Network+, A+
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #25 on: July 27, 2009, 12:04:59 AM »
By now N3tD3v, a known group from England, has joined Anti Sec and stated that they were responsible for the hack on Matasano Security. They also announced that they will target milw0rm next.
Logged
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.