A forum for reverse engineering, OS internals and malware analysis 

All off-topic discussion goes here.
 #4318  by jussi
 Fri Jan 07, 2011 6:45 am
oh hai, just a note that the box is now back online. took a while due physical location being quite far away.
other than that, i think i replied to some other stuff earlier (e.g content needs submitters, front page without login, why you might not be able to reach it but others can etc).
connections also might be a bit flaky as restoring some stuff - not a commercial entity so no sla's ;-)
 #4319  by EP_X0FF
 Fri Jan 07, 2011 6:57 am
Old good rootkit.com is back :)
 #4339  by Vrtule
 Fri Jan 07, 2011 7:13 pm
Yes, It is back. However, it seems to me that the present time is not Time of Sharing.
 #4939  by jussi
 Mon Feb 07, 2011 2:44 pm
and down again.
dunno if/when coming back online again.
as you might have read news, reason for downtime there - time to password change for re-users.
 #5084  by Plutonium
 Thu Feb 17, 2011 9:01 pm
the site was hacked by Anonymous group:
How to get root on rootkit.com?
Well, it's quite easy if you have access to Greg Hoglands email account, read for yourself.

From: Greg Hoglund <greg@hbgary.com> ISun, Feb 6, 2011 at 1:59 PM
To: jussi <jussij@gmail.com>

im in europe and need to ssh into the server. can you drop open up
firewall and allow ssh through port 59022 or something vague?
and is our root password still 88j4bb3rw0cky88 or did we change to
88Scr3am3r88 ?
thanks

From: jussi jaakonaho <jussij@gmail.com> ISun, Feb 6, 2011 at 2:06 PM
To: Greg Hoglund <greg@hbgary.com>

hi, do you have public ip? or should i just drop fw?
and it is w0cky - tho no remote root access allowed

From: Greg Hoglund <greg@hbgary.com> ISun, Feb 6, 2011 at 2:08 PM
To: jussi jaakonaho <jussij@gmail.com>

no i dont have the public ip with me at the moment because im ready
for a small meeting and im in a rush.
if anything just reset my password to changeme123 and give me public
ip and ill ssh in and reset my pw.

From: jussi jaakonaho <jussij@gmail.com> ISun, Feb 6, 2011 at 2:10 PM
To: Greg Hoglund <greg@hbgary.com>
ok,
takes couple mins, i will mail you when ready. ssh runs on 47152

...a little later:

bash-3.2# ssh hoglund@65.74.181.141 -p 47152
[unauthorized access prohibited]
hoglund@65.74.181.141's password:
[hoglund@www hoglund]$ unset
hoglund@www hoglund]$ w
11:23:50 up 30 days, 5:45, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
jussi pts/0 cs145060.pp.htv. Wed11pm 59.00s 0.38s 0.35s screen -r
jussi pts/1 - Thu 5am 1:13 0.38s 4.90s SCREEN
jussi pts/2 - Thu 5am 59.00s 0.68s 4.90s SCREEN
hoglund pts/3 132.181.74.65.st 11:23am 0.00s 0.03s 0.00s w
[hoglund@www hoglund]$ unset HIST
[hoglund@www hoglund]$ unset HISTFLE
[hoglund@www hoglund]$ unset HISTFILE
[hoglund@www hoglund]$ uname -a;hostname
Linux http://www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux
http://www.rootkit.com
[hoglund@www hoglund]$ su -
Password:
[root@www root]# unset HIST
[root@www root]# unset HISTFILE
[root@www root]# uname -a;hostname;id
Linux http://www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux
http://www.rootkit.com
uid=0(root) gid=0(root) groups=0(root),1200(varmistus)