░░░░ ░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░░░ ░░░▒▒▒▒░░░░░░░░░░░░▒▒▒▒▒▒░░░ ░░▒▒▒▒░░ ░░░▒▒░░▒░░ ░░░░░▒░░ ░░▒▒░░░▒░ ░░░░░▒░░░ ░░▒░░░░░░ ░░░▒░▒░▒░░ ░▒▒░░░░▒░░ ░░░░▒▒▒░▓▒░▒░ ░░▒░░░░░░▒░ ░░░░░░▓█▓█▓▒░░░ ░░▒░░░░░░░░▒░ ░░░░░░▒▓████▓▒▒░░ ░░░▒░░░▒▒▒▒▒░░░░░░░░▒░ ░░░░░░░▒▒███▓▓░░░ ░░░░░▒▒░░░▒░▒▒▒▓▓▓▓▒░░░░░░░░▒░░░ ░░░░░░▒▒░░░▓█▓▒░▒ ░░░▒░░▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░ ░░░░░░▒▒░▒▒▒░▒▓▒░ ░░▒▒▒░▒▒▒▓▓▓▓▓▓█▓███▓▓▒░░░░░░░░░░░ ░░░░░░░░░░▓▓▒▓▒░░░ ░░░▒▒▒▒▒░▒░░▒▒▒▓▓▓████▓▓░░░░░░░░▒▒░ ░░░░░░░░▒░▒░░░▒▓▒░░ ░░▒░░░░░▒▒▒▒▒░░░▒▒▓▓▓███▓░░░░░░░░▒░░ ░░░░░░░░░░▒▒░░▓█▓▒░ ░░▒▒▒▒░░▒▓▒▒░▒▒▒▒░░░▒░░▒▓▓▓▒░░░░░░▒░░ ░░░░░░░░░░░▒░▒▒▓░░░░ ░▒▒▓▓▓▓▓▓▓▓▓█▓▒▒░░░▒▒▒▒░░░▒▒░░░░░░░▒▒░ ░░░░░░░░░░░▒░░▒▒▒░░░░░░ ░░░░▓███████████████▓▓▒░▒▒▒▒▒░░▒▒░░░░▒▒░ ░░░░░░░░░░░▒▒▒▒░░▒░░░░░░░░░░░▒▓▓███████████████████████▓▓▓▓▒▒░░░░░ ░░░░░░░░░░░░░░░▒▒░░░░░░░░░░░░░░░░░▓████████████████████████▓▒▓▒▒▒░ ░░░░░░░░░░░░░░░▒▓░▒░░░░░░░░░░░░░░░░▓██████████████████████████▓▓▒▒░ ░░░░░░░░░░░░░░░░░░▓▓▒▒░░░░▒░▒░░░░░░░░▒████████████▓▒▒▓█████████▓▓▓░▒░ ░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░░▒▒░░░░░░▒▒░░░░░░░▒▒▓███████▓▓▓▒▒▒▒█████████▓▓▒░▒░ ░░░░░░░▓▓▓▒▒▓████████▓▒░░░░░░░▒▒▓▓▓▓░░▒░░░░░░▒▒▓▓▓▓▓▒▒░░░░░▓███████▓▓▓░░░ ░░░░░░░░▒▒░░▒▓░▒███████▒░░░░░░░▒▒▓▓▓██▓░░░░░░░░░▒▓▓▒░▒░░▒░░░▒░██████▓▓▓░▒░ ░░░░░░░░▒░██▓▓▓░░▓████▒░▒░░░░░░░░█▓▓▓▓▒▒▒▒▒▒▒▒▓▓▒▓▓▓▓▓▒▒░▒░░░▒▒████▓▓▒▒▒░ ░░░░░░▒░▒▒█▓▓███▓░░▓█▓░▒▒▓▒▒░░░░▒█▓▓▒░▒░▒▒▒▒▒░░▒░░░▓█████▓███▓▒██▓▓▓▒▒▒░ ░░░░░▒▒▓░▒▒▓▓▒▓███▒▒▓▒░░▒██▓░░░░▒██▓▒▒░░░▒▒░░░░░░░░░░▒▓██▓▓░▒▓███▒▓░░░░ ░░░░▒▒░▒▓▒▒▒▓▓▒▓███▓░▒░░▒███▓▒░░░▓██▓▒▒░░░░░▒▒░░░░░░░░░▒█▓▓░▒▒▓▓▓▓░▒░ ░░░▒▒▒▓▓▓▒▒▒▒░▓▓▒▓███▓▒▒▒▓███▓░░▒▒▓▓▒░▒▒░▒▒▒▓▓▓▓░▒▒▒▓▓▓▒▒▓▒░░▒░▓▓░░░ ▒▒▒▓▓▓▓▓▓▒░░▒░▒▒▓░░▓██▓░▒▒▓██▓▓▒▒▓▓░░▒▒░░░▒░▓▓██▒▒▒▓███████▓░▒░▒░░░ ░▒░░▒█▓▒▒▒░░▒▒▒░▒▓▒░▒▓█▓▓▒░▓█▓▓█▓▓▒▒░░░▒▒░▒▒▒░▓▓▓▓▓▓▓██▓▓▒▒▓█▒▒░▒░ ▒░░▒▒░▒▓░▒▒▒░░▒▒▒▒▓▓▒▒▓██▓▒▒▒▓███▓▓░░░░▒▒▓▓▒░░▒▒███▓▓██▀▀▓▓▓█▓▒▒░ ░░░░░▒▒░▒▓▒▒▒░▒░░▒▒▓▓▓▒▓█▓▓▒▒░▓███▓▓▒░░░▒▒▒▓▒▒▓▓████████████▓▒▒░ ░▒▒░░░░▒▒▒▒▒░▒░░▒░░▓▓▓▓▓▓█▓▓▒░▒▒██▓██▓▒░░░░░░░▒░▒▒▒▓▓▓█████▓▒▒░ ▒▒▒▒▒▒░░░▒░▒▒▒▒░░▒▒▓▓▓▓▓▓████▒▒▒▒▓█████▓▒▒▒▒▒░░░▒░░▒▒▒▓████▒▒░░ ░▓▒▓▒▒▒▒░░░▒▒░▒▒░▒▓▓▓▓▓▓▓▓████▓▒░▓▓██▓█████▓▓▓▓▒▒▒▓▓▓▓███▓▒▒░░ ░▒▓▓▓▒▒▒▒▒▒▒░▒░▒▒▒▒▓▓▒░▓▓▒▓████▓░▒▓▓█████████████████████▓░░░░ ▒░▓░▓▒▒▒▒▒▒░▒░░▒▒▒▓▓▓▓▓░▒▒░▒▓███▓░░▒███████████████████▓░▒░▒░░ ▒▓▓▒▓░▒▒▒▒▒▒▒▒▒░░░░▒▓▓▓▓▓▓▓░▒▒▓██▒▒░▓██████████████████▒▒░▒░░░░ ▒█▓▓▒▒▒▒▒▒▒▒░▒▒░░▒▒░▒▓▓▓▓▓█▓▒▒▒▓██░▒▓▓████████████████▓▓▒░▒▒▒░░ ░▓░░▒░░▒▒▒▒▒▒▒▒░▒▒░▒▒▓▓▓▓████▓▓▓██▓░▓▓▓███████████████▓▓▓░▒░░▒░░ ░░▒▒▒░▒░▒▒▒▒▒░▒▒░▒░░▒░▒▓▒▒████▓████▒░█▓███████████████▓▓█▒▒░░░░░░░ ░░░░░░▒▒░░░▒▒▒▓▒▒▒▓░▒▒▒▓▓▓█▓▓▓██████░█▓▓██████████████▓██▓▒░░░░░▒░░ ░░░░░░▒▒▒▒▒░░▒▒▒░▒▒▒▒░▒▓▓▓▓██▓▓▓▓███▒▓█▓██████████████▒██▓▒▒░▒░▒░▒░░ ░░░░░░░░░░░░░░░░░░░░▒▒░░░░▒░░░▒░░▒▒▒▒▓▒▓▓▓██▓▓▓▓▓██▓█▓░▒▒░▒▒░░░░░▒▒░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒░▒▒░▒▒▒▒░░▒▒▒▒░░░░░▒▒░▒▒▓░░░▒▒░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░▒▒▒░░░░░░░░░▒▒░░ ░░░░░░░░░░ "You have to let it all go. Fear, doubt, and disbelief." ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄▄ ▄▄▄▄ ███▄ ██ ██▀▄▀██ ██ ██ ██ ██ HTP5 ██ ▀█▄██ ██ ▀ ██ ██▀██ ██▀▀ ██ ▀██ ██ ██ ██ ██ ██ Whoa. Did we just backdoor Trinity? ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Access to nmap.org (Insecure) was gained through Linode, which also included svn.nmap.org and Seclists. Based on our approximations, the FBI went into holy- shit mode beginning when we were backdooring it. We decided to withhold the private releases, including DARPA CINDER Nmap, and release to you the unabridged contents of the /home/ directory including those of Fyodor (Gordon Lyon) and David Fifield. Before we drop you into nmap.com, though, here's their /etc/shadow for those curious: [root@web etc]# cat shadow root:$1$9e0033fd$9M4AIYi9o1.wcm07WGUTZ0:14746:0:99999:7::: bin:*:14746:0:99999:7::: daemon:*:14746:0:99999:7::: adm:*:14746:0:99999:7::: lp:*:14746:0:99999:7::: sync:*:14746:0:99999:7::: shutdown:*:14746:0:99999:7::: halt:*:14746:0:99999:7::: mail:*:14746:0:99999:7::: news:*:14746:0:99999:7::: uucp:*:14746:0:99999:7::: operator:*:14746:0:99999:7::: games:*:14746:0:99999:7::: gopher:*:14746:0:99999:7::: ftp:*:14746:0:99999:7::: nobody:*:14746:0:99999:7::: vcsa:!!:14746:0:99999:7::: ntp:!!:14746:::::: sshd:!!:14746:::::: fyodor:$1$71vbn0Qa$34cy/K1mp8ag4C7I3eXqS/:14782:0:99999:7::: david:$1$cVie3LDG$WOrypVpCcBl.UyA8TKRX20:14783:0:99999:7::: xfs:!!:14782:::::: apache:!!:14782:::::: web:!!:14782:0:99999:7::: postfix:!!:14782:::::: webalizer:!!:14783:::::: mysql:!!:14896:::::: postgres:!!:14897:::::: distcache:!!:14924:::::: pcap:!!:15615:::::: mailman:!!:15666:::::: Yep, those are $1. We'll give them the benefit of the doubt: Linode used AES. By the way, Fyodor, thanks for amis-6.01.DARPA1.tar.gz. We'll be sure to give it a spin. AMIS - Adversary Mission Identification System ============================================== The Adversary Mission Identification System (AMIS) is a computer program that analyzes logs of network scans and reports possible signs of an adversary mission. The AMIS is designed to work with the logs produced by the Nmap Security Scanner. It is part of an overall defensive system that includes periodic scans and their analysis. The AMIS checks for these "tells" that may be signs of an insider mission: * Newly opened ports, particularly those of file servers (e.g. HTTP, FTP, and P2P services). * Differences in files shared by known file servers, including new files, deleted files, and changes in file metadata. * Security vulnerabilities in servers. Enjoy this section of HTP5. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ~ http://mirror.hack-the-planet.tv/HTP-5/Nmap/home.tgz |- 16GB | Nmap.org: /home/ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄