The list of leaked rootkit.com accounts are now published at http://dazzlepod.com/rootkit/ If you have previously registered at rootkit.com, please ensure that you change your password immediately if it is used elsewhere. -------------------------------------------------------------------------------- How to get root on rootkit.com? Well, it's quite easy if you have access to Greg Hoglands email account, read for yourself. From: Greg Hoglund ISun, Feb 6, 2011 at 1:59 PM To: jussi im in europe and need to ssh into the server. can you drop open up firewall and allow ssh through port 59022 or something vague? and is our root password still 88j4bb3rw0cky88 or did we change to 88Scr3am3r88 ? thanks From: jussi jaakonaho ISun, Feb 6, 2011 at 2:06 PM To: Greg Hoglund hi, do you have public ip? or should i just drop fw? and it is w0cky - tho no remote root access allowed From: Greg Hoglund ISun, Feb 6, 2011 at 2:08 PM To: jussi jaakonaho no i dont have the public ip with me at the moment because im ready for a small meeting and im in a rush. if anything just reset my password to changeme123 and give me public ip and ill ssh in and reset my pw. From: jussi jaakonaho ISun, Feb 6, 2011 at 2:10 PM To: Greg Hoglund ok, takes couple mins, i will mail you when ready. ssh runs on 47152 ...a little later: bash-3.2# ssh hoglund@65.74.181.141 -p 47152 [unauthorized access prohibited] hoglund@65.74.181.141's password: [hoglund@www hoglund]$ unset hoglund@www hoglund]$ w 11:23:50 up 30 days, 5:45, 4 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT jussi pts/0 cs145060.pp.htv. Wed11pm 59.00s 0.38s 0.35s screen -r jussi pts/1 - Thu 5am 1:13 0.38s 4.90s SCREEN jussi pts/2 - Thu 5am 59.00s 0.68s 4.90s SCREEN hoglund pts/3 132.181.74.65.st 11:23am 0.00s 0.03s 0.00s w [hoglund@www hoglund]$ unset HIST [hoglund@www hoglund]$ unset HISTFLE [hoglund@www hoglund]$ unset HISTFILE [hoglund@www hoglund]$ uname -a;hostname Linux www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux www.rootkit.com [hoglund@www hoglund]$ su - Password: [root@www root]# unset HIST [root@www root]# unset HISTFILE [root@www root]# uname -a;hostname;id Linux www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux www.rootkit.com uid=0(root) gid=0(root) groups=0(root),1200(varmistus)