Skip to content

Project Cummunist

Jump to bottom Edit New page
Tenshi Hinanawi edited this page May 1, 2012 · 1 revision
  • IRC

THEY HAVE A FORUM. TROLL IT TO DEATH.

Table of Contents

New Raid

The new raid is slated for three weeks away. Exact date to be decided. Post your thoughts in the talk page.

NB! American and South-Korean major websites are under attack and guess who they think is behind this? North Korea of course. If we do shit right we might get an all-out cyberwar between them! wikipedia link

UPDATE: They did another nuclear test today. Possible lulz??? They have a thread on their forum about it: Link Read it, it's pretty funny. Also, our upcoming raid is in good timing. Already being under verbal attack by other nations, they will get even angrier if we take down their website. Will they break under the pressure and start WW-III? Let's hope so.

Blame the raid on Israeli government's hax0rs?

UPDATE 27/5/09 Okay, third raid. I have a plan on this. So, we are gonna troll all over the forums. Let's not give our emails, but use a '10minute mail'. Nobody shoot a laz0r until the counter reaches zero.

Then we DDoS the MAIN site and post porn, gore, or whatever you have over your /b/ folders. (Post anything that is lulzy to you. Since we are blaming South Korea or a resistance group in NK, do whatever you prefer.) http://anonym.to/http://anonnet.org/webirc/nk = win

Next time, we need to make sure we don't have 2 raids on the same day. We need way better communication next time. Also, we need a better way to switch people from Terogen to TheInternetz so this doesn't happen again. All the admins are on TheInternetz, but only a few others are. Everyone else is on Terogen, so they have no idea what's going on. COMMUNICATION, PEOPLE!!!!!!!!!!!!!!!! Use the discussion page for communication, or the IRC.

Raid Software

Brutus
Hack the ftp/and or the e-commerce login with it. Hack the forum admin pass too.

Details

http://anonym.to/http://www.korea-dpr.com/

A raid on Korea's DPRK website.

Why you ask?

  1. Lulz. Pure unadulterated lulz.
  2. You're trolling a whole fucking country.
  3. Do you not read the news?
  4. North Korea is likely to make a fuss about it, and blame it
on some other country/South-Korea. Now you're trolling two nations.
  1. Nuclear War
  2. ?????
  3. Profit.

SITE INFORMATION

  1. ---------------------------------------------------------------------------
  2. + Target IP: 82.98.141.102
  3. + Target Hostname: Korea-dpr.com
  4. + Target Port: 80
  5. + Start Time: 2009-05-20 21:48:12
  6. ---------------------------------------------------------------------------
  7. + Server: Apache/1.3.34 (Debian) PHP/4.4.4-8+etch6
  8. - /robots.txt - contains 31 'disallow' entries which should be manually viewed. (GET)
  9. - Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE, POST, PUT, DELETE, CONNECT, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK
  10. + HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
  11. + HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
  12. + HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
  13. + HTTP method ('Allow' Header): 'CONNECT' may allow server to proxy client requests.
  14. + HTTP method ('Allow' Header): 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is allowed but a default page exists.
  15. + HTTP method ('Allow' Header): 'PROPPATCH' indicates DAV/WebDAV is installed.
  16. + HTTP method ('Allow' Header): 'MOVE' may allow clients to change file locations on the web server.
  17. + ETag header found on server, inode: 26336, size: 1994, mtime: 0x45104527
  18. + Apache/1.3.34 appears to be outdated (current is at least Apache/2.2.10). Apache 1.3.41 and 2.0.63 are also current.
  19. + PHP/4.4.4-8+etch6 appears to be outdated (current is at least 5.2.6)
  20. + GET /postinfo.html : Microsoft FrontPage default file found.
  21. + TRACK / : TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://anonym.to/http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
  22. + TRACE / : TRACE option appears to allow XSS or credential theft. See http://anonym.to/http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
  23. + GET /lib/ : This might be interesting...
  24. + GET /library/ : This might be interesting...
  25. + GET /news : This may be interesting...
  26. + GET /shop/ : This might be interesting...
  27. + GET /test.htm : This might be interesting...
  28. + GET /squirrelmail/src/read_body.php : This might be interesting... has been seen in web logs from an unknown scanner.
  29. + GET /cgi-bin/register.cgi : This might be interesting... has been seen in web logs from an unknown scanner.
  30. + GET /icons/ : Directory indexing is enabled: /icons
  31. + GET /scripts/ : Directory indexing is enabled: /scripts
  32. + GET /images/ : Directory indexing is enabled: /images
  33. + GET /w3c/ : Directory indexing is enabled: /w3c
  34. ------------------------------------------------------------------

Open Ports

21 (FTP)
25 (SMTP)
53 (Nameserver)
80 (HTTP)
110 (POP3)
443 (SSL)
1080 (no idea wtf this actually is.. socks proxy, wtf?)
1524 (possible trojan already there?)
2000 (no idea)
10000 (WEBMIN! https://www.korea-dpr.com:10000 )
12345 (possible trojan already there AGAIN?)

Information

http://anonym.to/http://pastebay.com/11600 - Files (Inc Link.) - For BWRAEP (use extras wget raper - linux/mac or BWRaeper.NET - windows

http://anonym.to/http://anonymous.pastebay.com/12923 - Octopus attacker source code. Compile under linux. Point at target. Watch it melt.

http://anonym.to/http://www.korea-dpr.com/ = 82.98.141.102 - Website / IP, You know what to do.

http://anonym.to/http://www.korea-dpr.com/cgi-bin/simpleforum.cgi?admin - Forum

http://anonym.to/http://pastebay.com/13302 - JMX for JMeter attacks. Get JMeter at http://anonym.to/http://jakarta.apache.org/site/downloads/downloads_jmeter.cgi

http://anonym.to/http://www.korea-dpr.com/site-admin-control-panel/ - Oh lawd, admin control panel.

http://anonym.to/http://www.korea-dpr.com/squirrelmail/src/login.php - Squirrelmail login page.

http://anonym.to/http://www.korea-dpr.com/catalog2/admin - E-commerce login page)

http://anonym.to/http://anonym.to/?https://www.korea-dpr.com:10000/ - Webmin login

IRC 

 #Korea on irc://irc.terogen.com

To Do

1. Put up posts on other sites about some group; say that the South Koreans (or maybe Israelis) are going to try to censor the Koreans on the web. To add a bit of flattery, we could even throw in that they are doing it because all of their 'great achievements' are really swaying public opinion in the west.

2. 'Leak' this info, with links, on the North Korean site.

3. Be sure to avoid the nature of the 'censorship'/attack, so as not to give them time to prepare.

4. EFC

5. ???

6. PROFIT

No LOIC. That shit is gay. EFC is far superior technology. Use it. Get it here: http://anonym.to/http://rapidshare.com/files/220841115/EpicFailCannon_FTFY.rar <--Do any of you fags remember that EFC and /war/riors cannon are infected with trojans? Use GPC, LOIC, or BWreap (might not be as effective, since we're technically shitting on a whole country...they might have massive pipes, maybe...it's fucking N. Korea)

Cover Up Ideas

  • Come up with a good conspiracy theory BEFORE the next raid. That way, the raid can be blamed on the occurrence of free speech.
  • Use South Korean proxies, etc.
  • Blame it on mumsnet.
  • Links to nimp sites.

Forums

Other Entry Points

my (user:kari) results of 87720 injections

  • Failures: 0
  • Warnings: 0
  • Passes: 87720
Sorry, guys. No can do on that front :/

Note: The server is in Spain... are we sure this is their website or just some ass-hat? WHOIS: Current Registrar: DINAHOSTING SL IP Address: 82.98.141.102 (ARIN & RIPE IP search) IP Location: ES(SPAIN) Record Type: Domain Name Server Type: Apache 1 Lock Status: clientDeleteProhibited Web Site Status: Active DMOZ 7 listings Y! Directory: see listings Web Site Title: The Official Webpage of The Democratic People's Republic of Korea (DPRK) Secure: No E-commerce: No Traffic Ranking: 3 Data as of: 22-Apr-2008 —I'm pretty sure this is legit: Quoted from wikipedia: "The government's own sites are not in the .kp domain and all are hosted outside Korea; the korea-dpr.com address resolves to DINAHOSTING, a Spanish provider, and the IP location is Germany." http://anonym.to/http://en.wikipedia.org/wiki/.kp#cite_note-4

-- -- Yeah, it's the pseudo-official website with the Korean Fagship Association. Moar official sites: http://anonym.to/http://888chan.org/i/res/41922.html#53270

Victories

First Raid

First attack was a success. Site was down from 9:00-9:30 Korean time. A new attack will be planned once this one clears up. We may want to look at getting more creative this time. DDoS is nice, but if someone can hack into the server, that would be very lulzy. Also, look into the site's forums and see what you can do there.

-Indeed, the first attack was a partial success; the site was down while we were attacking, but back up the moment we stopped. Hell, we don't even know if somebody noticed it was gone! Better luck next time. Try to spread the word, we're gonna try again next week! Keep an eye out in the raid board on 888chan!

  • Rooting + Uploading CP would be epic if at all feasible.
  • Should we advertise this raid on *chans with image macros?

Second Raid

The second attack was a success. Site was down from 00:00 to about 01:15 GMT. There will be more attacks coming soon. Once again, it was back the moment we stopped.

Newfags. Taking down a site isn't a raid. It can be a part of a raid, and a good part; but a bunch of people, hanging around in irc with LOIC(or for you pro-Newfags, EFC) isn't a raid. Troll them, make it seem like it is someone else (like the femwhores in the feminazies raid) and watch the lulz ensue. There is no greater lulz than pitting one trolled mass against another trolled mass and having them mess each other up. The Ellipse 16:23, 27 May 2009 (UTC) Category:Raids Category:Current Raids

Media Coverage

Add a custom footer

Wiki

Encyclopedia

Clone this wiki locally