Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Maintenance is complete! We got more disk space.
Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 25 KB, 1256x783, mortis.jpg [View same] [iqdb] [saucenao] [google] [report]
20173666 No.20173666 [Reply] [Original] [archived.moe] [rbt]

>>>/x/8681601
any one have any ideas on this

Email addresses found:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Other stuff found:
The remote network has an active filter. IMPORTANT: The result of all the other plugins will be unaccurate, web applications could be vulnerable but "protected" by the active filter.
[09/23/11 02:27:59] The following URLs were filtered:
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=..%2F..%2F..%2F..%2Fetc%2Fpasswd
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=.%2F..%2F..%2F..%2Fetc%2Fmotd%00html
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=id%3Buname+-a
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=%3C%3F+passthru%28%22id%22%29%3B%3F%3E
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=..%2F..%2FWINNT%2Fsystem32%2Fcmd.exe%3Fdir%2Bc%3A%5C
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=type%2Bc%3A%5Cwinnt%5Crepair%5Csam._
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=ps+-aux%3B
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=..%2F..%2F..%2F..%2Fbin%2Fchgrp+nobody+%2Fetc%2Fshadow%7C
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=SELECT+TOP+1+name+FROM+sysusers
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=exec+master..xp_cmdshell+dir
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=exec+xp_cmdshell+dir
[09/23/11 02:28:19] The page language is: en
[09/23/11 02:28:52] The most accurate fingerprint for this HTTP server is: "Apache/2.0.52 (Unix) PHP/5.0.3".

>> No.20173699

bump!

>> No.20173715

>>20173666
I was using w3af when I found this. you can varify if you want.

>> No.20173717

SATAN TRIPS DEMANDS SATISFACTION.

>> No.20173735
File: 99 KB, 600x450, 1301538513657.jpg [View same] [iqdb] [saucenao] [google] [report]
20173735

Stop trying to get into private message boards.

I bet you thought luelinks was a secret society of Illuminati too.

>> No.20173744

>>20173666

Bumping because I rather hope to find out whats inside. It's been a long process and I liked the people involved.

>> No.20173747

>>20173735
proof or gtfo

>> No.20173755

>>20173747
If you want access, find the person that owns it and ask them nicely.

>> No.20173765

>>20173755
owner has fake whois

>> No.20173777

lol it would be just too easy to do anything..

Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-23 09:28 CEST
Nmap scan report for mortis.com (216.92.154.241)
Host is up (0.16s latency).
Not shown: 975 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
26/tcp open rsftp
80/tcp open http
110/tcp open pop3
113/tcp open auth
143/tcp open imap
161/tcp filtered snmp
306/tcp open unknown
465/tcp open smtps
543/tcp open klogin
544/tcp open kshell
587/tcp open submission
646/tcp filtered ldp
993/tcp open imaps
995/tcp open pop3s
2105/tcp open eklogin
6667/tcp filtered irc
7000/tcp filtered afs3-fileserver
7001/tcp filtered afs3-callback
7007/tcp filtered afs3-bos
7777/tcp filtered cbt
9000/tcp filtered cslistener
31337/tcp filtered Elite

Nmap done: 1 IP address (1 host up) scanned in 17.68 seconds

>> No.20173782

>>20173735
>>20173735


huge ass usenet files that are password protected make me think its not just a private board

>> No.20173786

>>20173765
Then they obviously don't want to be bothered by curious neckbeards who post on 4chan about pseudoscience and paranoia garbage.

Leave them the fuck alone.

>> No.20173803

>>20173782
>Online backups
>Software development project
>CP ring
>Could be anything

>> No.20173809

>>20173786

Now, now. Not here to debate science and pseudoscience. Just trying to get into places we don't have access to. Call it curiosity.

>> No.20173817

Where the fuck are you finding those email addresses?

>> No.20173836

>>20173817
google, yahoo, gnz snif

>> No.20173841

>>20173809
Call it poking your nose into other people's lives.

Leave them alone or enjoy being a minor annoyance to a bunch of neckbeards.

>> No.20173850

>>20173803
>>20173803
>>20173803
>>20173803
>>20173803


could be anything , and thats why i want to know

>> No.20173861
File: 11 KB, 169x198, 1215008283091.jpg [View same] [iqdb] [saucenao] [google] [report]
20173861

>Mfw this is just a group of friends who made their own secret club website for communication and file sharing
>mfw they just slapped a big "mortis" on it because it was cool

I'm with that guy. It's better if you just leave people to themselves.

>> No.20173912

>>20173861
...and this is why it's better to not give your private site a domain name nor let it get indexed by Google.

OP, imagine if you were the guy running some private server and a bunch of 4chan retards started trying to break in.

>> No.20173926
File: 10 KB, 322x156, images (1).jpg [View same] [iqdb] [saucenao] [google] [report]
20173926

where is everyone's sense of adventure and curiosity ?
i just popped over to the /x/ thread and im curious now

also >>20173666 trips 6s demands it

>> No.20173941

>>20173912
To freak people like you out and watch them try and break in and fail.

>> No.20173972

>>20173941
If I did something like that I would give them a chance to break in just so they would know how much time they wasted for nothing

>> No.20173986

it also might be something .... chances are it really is nothing but you never know ....

>> No.20174025

Oh god, has /x/ gotten better? I quit that place around a year and some change ago.
This peaks my interests. Unfortunately, I have to be up in 6 hours.

>> No.20174045 [DELETED] 
File: 84 KB, 662x593, 1315126364923.jpg [View same] [iqdb] [saucenao] [google] [report]
20174045

>>20174025
>peaks

why do niggers always fucking do this?

protip: the word you're looking for is "piques"

>> No.20174120

>>20174045
It's 3 mother fucking AM, give me a break.
I now feel bad as a person who prides myself in grammar.
Also, upon further review, if I had worded it as "This interesting topic has caused a peak in my interest" it would've been grammatically correct.

Also: hold down the fort, and could care less. umad?

>tl;dr Thanks for the correction.

>> No.20174157

>>20174120
>This interesting topic has caused a peak in my interest
>implying your interest was being graphed by anyone that gave a shit about it besides yourself.

>> No.20174168

>>20174157
That's exactly why it's "pique" and not "peak."

>> No.20174210

bump

>> No.20174237

>>20174157
Fair enough.
I'll be sure to be better rested the next time I decide to post so I'm less likely to produce grammatical errors, just for you Anon.

>> No.20174259

>>20174120
>>20174237
>"prides myself in grammar"
>"upon further review"
>tl,dr on a 4 line post
>convoluted sentence constructions
is english your native language?
you're like a 12 year old trying to sound smart.

>> No.20174264

loading up backtrack, I'm hooking up the VPN and going in guys.

Hopefully it's exploitable without too much work ;)

>inb4 skiddie fuck you okay if it works it works

>> No.20174275

opens popcorn bag.

>> No.20174286

>>20174264
Good luck, and fuck the haters.

>> No.20174300

>>20174264
has get exploits, use them, I can't

>> No.20174301

>>20174259
Yes, and I'm just sleepy and trying to sound smart.

>> No.20174312

>>20174168

This is a graph of how I make a dog over time.

/\_____/\
\..o...0../
I.__O__.I
..I_.U._I

>> No.20174315

anyone run acunetix on it?

>> No.20174317

>>20174237
Why do people get so butthurt about being corrected for poor grammar? I seriously don't understand.

>> No.20174364
File: 16 KB, 300x323, 1315130157154.jpg [View same] [iqdb] [saucenao] [google] [report]
20174364

>>20174025
>>20174120
>>20174237
>>20174301

>wonder why this faggot is trying so hard to save face on an anonymous image board
>realize he's a tripfag
>"oh"

cool filtered, bro

>> No.20174372

>>20174300

sorry for being a newfag, but wtf is a "get exploit"? I couldn't google it.

also look at their homepage source.
They must have an image server and core/index.html somewhere, and it doesn't look like those are listed in OP's post


somebody find the imgsrc and core/index.html

>> No.20174412

>>20174317
I wasn't really butthurt. I did thank you earlier, assuming you're >>20174045

>>20174364
Not like you'll be missing anything.

>> No.20174462

>>20173777
>>20173777
someone just bruteforce their root password through the SSH port.

fukken idiots

>> No.20174471

What kind of encryption are they using on Usenet?

>> No.20174482

>>20174462
>2011
>root password

>> No.20174488

>>20174482
they do have one
http://mortis.com/root/?tuFSpMB=..%2F..%2F..%2F..%2Fetc%2Fpasswd

>> No.20174492

>>20174462
>root password
Allowing root SSH logins
Allowing password authentication
Yes

>> No.20174504

>>20174471
Spam?

That also reminds me of how Google was archiving groups like altblahblah.encryption.blahblah filled with encrypted files junk, but not the binaries groups.

>> No.20174508

Come on guys, just paste all the data you have on it and sit back for a second, get off your terminals and script GUIs.

Just fucking THINK for a second. What is the best way to attack a site like this?

>> No.20174527

>>20174508
delete system32

>> No.20174534

>>20174508
my contrib was stuff in op. gui crashed after. should have done it myself.

>> No.20174546

>>20174508
Okay, well there are 11 email addresses associated with it, and assuming those have a 1-1 correspondence with the members in the group, there are 11 unique users. That means it's a small group, which implies that it's not some large filesharing collective (unless they have subscriptions of some kind, but it doesn't look like they do).
Someone should send an official-sounding yet earnest PGP-signed email to a few of those members with a simple inquiry about the site.

The server is in Pittsburgh PA... somebody can fucking find that shit and break in..

>> No.20174554

>>20174546
all but 3 of the addresses are dead

>> No.20174563

>>20174554
which are the live ones and how do you know

>> No.20174569

https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=mortis+%3Cmortis%40mortis.com%3E

>> No.20174571

We should google all of their usernames (as in [email protected]) to look for other accounts on other websites.

Also, notice that they all have the same relative theme... is this a necrophilia group?

>> No.20174583

They're probably just a Quake clan or something, lol.

>> No.20174586

>>20174569
great. Fucking TV shows. Either those are padding or this is a standard multimedia hub and we should all just go on with our business

>> No.20174595

>>20174563
tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1

[email protected]
[email protected]
[email protected]
[email protected]
haven't errored back yet

>> No.20174601

>>20174595
of course the second after i post childe errors back

>> No.20174621

these are registered to the same guy:

http://cthulhu.net/
http://karenling.com/
http://joshualing.org/

>> No.20174630

>>20174621

Not that I'm helping, but that info is useless, I think.

>> No.20174639

>>20174621
This guy is obviously a troll.
I bet there's nothing behind these password walls.

>> No.20174640

hai there

http://mortis.bpweb.net/

>> No.20174650

>>20174640
not even links to site in question

>> No.20174656
File: 381 KB, 627x319, mortislol.png [View same] [iqdb] [saucenao] [google] [report]
20174656

haha so these are the guys running this shit
looks about right

>> No.20174665

well, there's no "mortis" registered on TorPM...

>> No.20174690

>>20174621
>>20174621
>>20174621
Registrant:
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108
US

[email protected]
+1.4157712426

Domain Name: MORTIS.COM

Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109
US

[email protected]
+1.4157712426
Registrant:
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108
US

[email protected]
+1.4157712426

Domain Name: KARENLING.COM

Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109
US

[email protected]
+1.4157712426
Registrant:
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108
US

[email protected]
+1.4157712426

Domain Name: CTHULHU.NET

Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109
US

[email protected]
+1.4157712426


there are a few others i left out with the same pic of a chess piece or "dead but dreaming..."

>> No.20174712

http://www.linkedin.com/pub/tom-ling/21/522/964

is probably the guy

interestingly there is a google quicksearch result for "thomas ling san francisco"

>> No.20174717

google maps comes up with some kind of commercial "virtual software" store

>> No.20174724
File: 66 KB, 836x707, 1316684303074.jpg [View same] [iqdb] [saucenao] [google] [report]
20174724

Found a couple more users with some identical files
https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=nonent+%3Cnonent%40non.com%3E
https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=lefko+%3Clefko%40lefkios.com%3E

The Domain on the email for https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=lefko+%3Clefko%40lefkios.com%3E leads to the website for soundtech securities http://lefkios.com/

The Domain for https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=nonent+%3Cnonent%40non.com%3E leads http://non.com/
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108
US


+1.4157712426

Domain Name: DENTALFILLINS.NET

Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109
US

also :
lingsborough.com
eternalknight.com

>> No.20174731

SALES

Telephone:

Fax:
Email:

(888) 874-1118 ext. 1
(415) 931-9500
(415) 704-3077
[email protected]
SUPPORT

Hours:
Telephone:
Email:
Web:

Monday through Friday, 7am to 6pm PST
(888) 874-1118 ext. 2
[email protected]
http://support.virtualsoftware.net
(Searchable knowledgebase and 24-hour trouble ticket support)

>> No.20174734

so whats their site about and why do you care?

>> No.20174735

damn, well there is a thomas ling dentist in SF, but what the fuck is mortis.com then?

>> No.20174742

ALEXA SAYS THERE ARE (2) SITES LINKING IN TO WWW.MORTIS.COM

>> No.20174748

Thomas Ling's Overview

Current
Owner at DFI Inc
Education
UOP Dental
Connections
8 connections
Thomas Ling's Experience

Owner
DFI Inc
Medical Practice industry
Currently holds this position

DFI = dental fill ins

maybe its a cache of dental torture videos

>> No.20174753

http://swiss-luxury-estates.com/
Hosted on the same IP

>> No.20174758

>>20174748
but "mortis" refers to death, not to pain/torture.

>> No.20174763

>>20174758

dental torture leading to death ? rogue dentists trying to take down the ada ? i need sleep...

>> No.20174764

>>20174753
>>20174753
>>20174753

https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=mortis+%3Cmortis%40mortis.com%3E

Found some downloads posted by this guy. Gibberish names at 25Gb.
drivecrazy3dbd25.par2 without password.
Someone with fast internets could help out?

>> No.20174793

vote to archive http://chanarchive.org/ submitted

>> No.20174800

looks boring, bros

>> No.20174881

brb registering cryptic domain name with single password protected page to troll /x/ & /g/


u amd?

>> No.20174951

>>20174881

Yes. I'm very amd.

>> No.20174978

>>20174793
Are you really that retarded?
http://archive.installgentoo.net/cgi-board.pl/g/thread/20173666

>> No.20175014

>>20174951
good, stay amd

>> No.20175086

>>20175014

Tweeting about how amd I am right now, thanks.

>> No.20176170

>>20174571
>google all of their usernames

Here's a few possible related hits
>>8688381
>>8688386

>>20174734
>so whats their site about and why do you care?

We don't know what their site's about, and that's exactly why we care.

>> No.20176201

>>20176170
those hits are

>>>/x/8688381
>>>/x/8688386

>> No.20176211

ohohohohoshit site made by a retard. submit a bug report and don't rape it too bad.

>>20175086
>twitter
>2011

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
reCAPTCHA
Action