[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Maintenance is complete! We got more disk space.
Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 25 KB, 1256x783, mortis.jpg [View same] [iqdb] [saucenao] [google] [report]
20173666 No.20173666 [Reply] [Original] [archived.moe] [rbt]

any one have any ideas on this

Email addresses found:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Other stuff found:
The remote network has an active filter. IMPORTANT: The result of all the other plugins will be unaccurate, web applications could be vulnerable but "protected" by the active filter.
[09/23/11 02:27:59] The following URLs were filtered:
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=..%2F..%2F..%2F..%2Fetc%2Fpasswd
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=.%2F..%2F..%2F..%2Fetc%2Fmotd%00html
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=id%3Buname+-a
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=%3C%3F+passthru%28%22id%22%29%3B%3F%3E
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=..%2F..%2FWINNT%2Fsystem32%2Fcmd.exe%3Fdir%2Bc%3A%5C
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=type%2Bc%3A%5Cwinnt%5Crepair%5Csam._
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=ps+-aux%3B
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=..%2F..%2F..%2F..%2Fbin%2Fchgrp+nobody+%2Fetc%2Fshadow%7C
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=SELECT+TOP+1+name+FROM+sysusers
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=exec+master..xp_cmdshell+dir
[09/23/11 02:27:59] - http://mortis.com/root/?tuFSpMB=exec+xp_cmdshell+dir
[09/23/11 02:28:19] The page language is: en
[09/23/11 02:28:52] The most accurate fingerprint for this HTTP server is: "Apache/2.0.52 (Unix) PHP/5.0.3".

>> No.20173699


>> No.20173715

I was using w3af when I found this. you can varify if you want.

>> No.20173717


>> No.20173735
File: 99 KB, 600x450, 1301538513657.jpg [View same] [iqdb] [saucenao] [google] [report]

Stop trying to get into private message boards.

I bet you thought luelinks was a secret society of Illuminati too.

>> No.20173744


Bumping because I rather hope to find out whats inside. It's been a long process and I liked the people involved.

>> No.20173747

proof or gtfo

>> No.20173755

If you want access, find the person that owns it and ask them nicely.

>> No.20173765

owner has fake whois

>> No.20173777

lol it would be just too easy to do anything..

Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-23 09:28 CEST
Nmap scan report for mortis.com (
Host is up (0.16s latency).
Not shown: 975 closed ports
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
26/tcp open rsftp
80/tcp open http
110/tcp open pop3
113/tcp open auth
143/tcp open imap
161/tcp filtered snmp
306/tcp open unknown
465/tcp open smtps
543/tcp open klogin
544/tcp open kshell
587/tcp open submission
646/tcp filtered ldp
993/tcp open imaps
995/tcp open pop3s
2105/tcp open eklogin
6667/tcp filtered irc
7000/tcp filtered afs3-fileserver
7001/tcp filtered afs3-callback
7007/tcp filtered afs3-bos
7777/tcp filtered cbt
9000/tcp filtered cslistener
31337/tcp filtered Elite

Nmap done: 1 IP address (1 host up) scanned in 17.68 seconds

>> No.20173782


huge ass usenet files that are password protected make me think its not just a private board

>> No.20173786

Then they obviously don't want to be bothered by curious neckbeards who post on 4chan about pseudoscience and paranoia garbage.

Leave them the fuck alone.

>> No.20173803

>Online backups
>Software development project
>CP ring
>Could be anything

>> No.20173809


Now, now. Not here to debate science and pseudoscience. Just trying to get into places we don't have access to. Call it curiosity.

>> No.20173817

Where the fuck are you finding those email addresses?

>> No.20173836

google, yahoo, gnz snif

>> No.20173841

Call it poking your nose into other people's lives.

Leave them alone or enjoy being a minor annoyance to a bunch of neckbeards.

>> No.20173850


could be anything , and thats why i want to know

>> No.20173861
File: 11 KB, 169x198, 1215008283091.jpg [View same] [iqdb] [saucenao] [google] [report]

>Mfw this is just a group of friends who made their own secret club website for communication and file sharing
>mfw they just slapped a big "mortis" on it because it was cool

I'm with that guy. It's better if you just leave people to themselves.

>> No.20173912

...and this is why it's better to not give your private site a domain name nor let it get indexed by Google.

OP, imagine if you were the guy running some private server and a bunch of 4chan retards started trying to break in.

>> No.20173926
File: 10 KB, 322x156, images (1).jpg [View same] [iqdb] [saucenao] [google] [report]

where is everyone's sense of adventure and curiosity ?
i just popped over to the /x/ thread and im curious now

also >>20173666 trips 6s demands it

>> No.20173941

To freak people like you out and watch them try and break in and fail.

>> No.20173972

If I did something like that I would give them a chance to break in just so they would know how much time they wasted for nothing

>> No.20173986

it also might be something .... chances are it really is nothing but you never know ....

>> No.20174025

Oh god, has /x/ gotten better? I quit that place around a year and some change ago.
This peaks my interests. Unfortunately, I have to be up in 6 hours.

>> No.20174045 [DELETED] 
File: 84 KB, 662x593, 1315126364923.jpg [View same] [iqdb] [saucenao] [google] [report]


why do niggers always fucking do this?

protip: the word you're looking for is "piques"

>> No.20174120

It's 3 mother fucking AM, give me a break.
I now feel bad as a person who prides myself in grammar.
Also, upon further review, if I had worded it as "This interesting topic has caused a peak in my interest" it would've been grammatically correct.

Also: hold down the fort, and could care less. umad?

>tl;dr Thanks for the correction.

>> No.20174157

>This interesting topic has caused a peak in my interest
>implying your interest was being graphed by anyone that gave a shit about it besides yourself.

>> No.20174168

That's exactly why it's "pique" and not "peak."

>> No.20174210


>> No.20174237

Fair enough.
I'll be sure to be better rested the next time I decide to post so I'm less likely to produce grammatical errors, just for you Anon.

>> No.20174259

>"prides myself in grammar"
>"upon further review"
>tl,dr on a 4 line post
>convoluted sentence constructions
is english your native language?
you're like a 12 year old trying to sound smart.

>> No.20174264

loading up backtrack, I'm hooking up the VPN and going in guys.

Hopefully it's exploitable without too much work ;)

>inb4 skiddie fuck you okay if it works it works

>> No.20174275

opens popcorn bag.

>> No.20174286

Good luck, and fuck the haters.

>> No.20174300

has get exploits, use them, I can't

>> No.20174301

Yes, and I'm just sleepy and trying to sound smart.

>> No.20174312


This is a graph of how I make a dog over time.


>> No.20174315

anyone run acunetix on it?

>> No.20174317

Why do people get so butthurt about being corrected for poor grammar? I seriously don't understand.

>> No.20174364
File: 16 KB, 300x323, 1315130157154.jpg [View same] [iqdb] [saucenao] [google] [report]


>wonder why this faggot is trying so hard to save face on an anonymous image board
>realize he's a tripfag

cool filtered, bro

>> No.20174372


sorry for being a newfag, but wtf is a "get exploit"? I couldn't google it.

also look at their homepage source.
They must have an image server and core/index.html somewhere, and it doesn't look like those are listed in OP's post

somebody find the imgsrc and core/index.html

>> No.20174412

I wasn't really butthurt. I did thank you earlier, assuming you're >>20174045

Not like you'll be missing anything.

>> No.20174462

someone just bruteforce their root password through the SSH port.

fukken idiots

>> No.20174471

What kind of encryption are they using on Usenet?

>> No.20174482

>root password

>> No.20174488

they do have one

>> No.20174492

>root password
Allowing root SSH logins
Allowing password authentication

>> No.20174504


That also reminds me of how Google was archiving groups like altblahblah.encryption.blahblah filled with encrypted files junk, but not the binaries groups.

>> No.20174508

Come on guys, just paste all the data you have on it and sit back for a second, get off your terminals and script GUIs.

Just fucking THINK for a second. What is the best way to attack a site like this?

>> No.20174527

delete system32

>> No.20174534

my contrib was stuff in op. gui crashed after. should have done it myself.

>> No.20174546

Okay, well there are 11 email addresses associated with it, and assuming those have a 1-1 correspondence with the members in the group, there are 11 unique users. That means it's a small group, which implies that it's not some large filesharing collective (unless they have subscriptions of some kind, but it doesn't look like they do).
Someone should send an official-sounding yet earnest PGP-signed email to a few of those members with a simple inquiry about the site.

The server is in Pittsburgh PA... somebody can fucking find that shit and break in..

>> No.20174554

all but 3 of the addresses are dead

>> No.20174563

which are the live ones and how do you know

>> No.20174569


>> No.20174571

We should google all of their usernames (as in [email protected]) to look for other accounts on other websites.

Also, notice that they all have the same relative theme... is this a necrophilia group?

>> No.20174583

They're probably just a Quake clan or something, lol.

>> No.20174586

great. Fucking TV shows. Either those are padding or this is a standard multimedia hub and we should all just go on with our business

>> No.20174595

tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1

[email protected]
[email protected]
[email protected]
[email protected]
haven't errored back yet

>> No.20174601

of course the second after i post childe errors back

>> No.20174621

these are registered to the same guy:


>> No.20174630


Not that I'm helping, but that info is useless, I think.

>> No.20174639

This guy is obviously a troll.
I bet there's nothing behind these password walls.

>> No.20174640

hai there


>> No.20174650

not even links to site in question

>> No.20174656
File: 381 KB, 627x319, mortislol.png [View same] [iqdb] [saucenao] [google] [report]

haha so these are the guys running this shit
looks about right

>> No.20174665

well, there's no "mortis" registered on TorPM...

>> No.20174690

Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108

[email protected]

Domain Name: MORTIS.COM

Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109

[email protected]
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108

[email protected]


Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109

[email protected]
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108

[email protected]

Domain Name: CTHULHU.NET

Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109

[email protected]

there are a few others i left out with the same pic of a chess piece or "dead but dreaming..."

>> No.20174712


is probably the guy

interestingly there is a google quicksearch result for "thomas ling san francisco"

>> No.20174717

google maps comes up with some kind of commercial "virtual software" store

>> No.20174724
File: 66 KB, 836x707, 1316684303074.jpg [View same] [iqdb] [saucenao] [google] [report]

Found a couple more users with some identical files

The Domain on the email for https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=lefko+%3Clefko%40lefkios.com%3E leads to the website for soundtech securities http://lefkios.com/

The Domain for https://www.binsearch.info/?max=250&g=alt.binaries.hdtv&a=nonent+%3Cnonent%40non.com%3E leads http://non.com/
Thomas Ling
210 Post St. Ste. 812
San Francisco, CA 94108



Administrative & Technical Contact:
Thomas Ling
2027 Van Ness Avenue
San Francisco, CA 94109

also :

>> No.20174731




(888) 874-1118 ext. 1
(415) 931-9500
(415) 704-3077
[email protected]


Monday through Friday, 7am to 6pm PST
(888) 874-1118 ext. 2
[email protected]
(Searchable knowledgebase and 24-hour trouble ticket support)

>> No.20174734

so whats their site about and why do you care?

>> No.20174735

damn, well there is a thomas ling dentist in SF, but what the fuck is mortis.com then?

>> No.20174742


>> No.20174748

Thomas Ling's Overview

Owner at DFI Inc
UOP Dental
8 connections
Thomas Ling's Experience

Medical Practice industry
Currently holds this position

DFI = dental fill ins

maybe its a cache of dental torture videos

>> No.20174753

Hosted on the same IP

>> No.20174758

but "mortis" refers to death, not to pain/torture.

>> No.20174763


dental torture leading to death ? rogue dentists trying to take down the ada ? i need sleep...

>> No.20174764



Found some downloads posted by this guy. Gibberish names at 25Gb.
drivecrazy3dbd25.par2 without password.
Someone with fast internets could help out?

>> No.20174793

vote to archive http://chanarchive.org/ submitted

>> No.20174800

looks boring, bros

>> No.20174881

brb registering cryptic domain name with single password protected page to troll /x/ & /g/

u amd?

>> No.20174951


Yes. I'm very amd.

>> No.20174978

Are you really that retarded?

>> No.20175014

good, stay amd

>> No.20175086


Tweeting about how amd I am right now, thanks.

>> No.20176170

>google all of their usernames

Here's a few possible related hits

>so whats their site about and why do you care?

We don't know what their site's about, and that's exactly why we care.

>> No.20176201

those hits are


>> No.20176211

ohohohohoshit site made by a retard. submit a bug report and don't rape it too bad.


>> No.20176211,1 [INTERNAL] 


Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.