Skip to content

Project Greenwave

Jump to bottom Edit New page
Tenshi Hinanawi edited this page May 1, 2012 · 1 revision
Voter fraud in Iran. Ahmadinejad is the purported winner who probably rigged the thing in the first place. The opposition candidate Mousavi has been placed under house arrest, political leaders in the Ahmadinejad's crew have called the election a sham, massive riots broke out in Tehran despite police brutality. Reports have been coming in through Twatter on what's been going on, and the Iranian government is working overtime to do something about it including cutting internet access to the whole country and v&ing rogue twatters.

raid icon

Table of Contents

Details

There are some seriously epic fucking lulz to be had here. I think we know a thing or two about internet security, no?

See http://anonym.to/http://888chan.org/iran/res/94674.html http://888chan.org/iran/

Raid

Primary Target: gerdab.ir hosting protestor images

Iran's government is putting pictures of targeted protestors on the web for the Basij to identify and harass, arrest, or worse. These individuals could be jailed, or worse, dead by tomorrow. This website needs to die.

Note that if gerdab.ir goes down, all other sites (shahabnews and others) which link to their images won't function properly either.

Slowloris

  1. Load up SlowLoris on a Shell http://anonym.to/http://ha.ckers.org/slowloris/
  2. Point your loris at 81.12.13.144 a.k.a. gerdab.ir (use -httpready and -timeout 500 for maximum effect)
  3. SLOWLORIS IS SLOW and MAXICUTE
  4. ????
  5. PROFIT!

If you don't have linux, get the Backtrack LiveCD, faggots! It won't work under wintendo.
There is a windows version of Slowloris, but windows is limited to open 130 sockets. It has yet to be confirmed if it's really effective, so I guess I should not have even put it here lawl.

Here's another version of Slowloris: http://sourceforge.net/projects/pyloris/
Usage: 

python pyloris-1.7.py -l -r POST -s 500000 -g "/fa/pages/?cid=407" www.gerdab.ir
If you want to prevent the server from noticing you're using pyloris, you can pretend to be using, say, uh, Chrome on Windows, by adding: 
-u "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.31 Safari/530.5"

gerdab.ir is currently up and responding a bit slow - need moar loris! KEEP FIRING!
Do not try to bandwidth-DoS the gerdab.ir site, as it is physically in Iran and you might overload the country. Slowloris or a syn-flood on port 25 is an option.

For sites within Iran like gerdab.ir and shahabnews.com (links to protestor pics hosted on gerdab), use a tool like slowloris that consumes server threads, not bandwidth. For gerdab.ir, use -httpready and -timeout 500. For shahabnews.com, just -timeout 500.

Related threads with moar Slowloris/Pyloris targets and infos:
http://iran.whyweprotest.net/help-iran-online/2247-site-showing-pictures-protesters-11.html
http://iran.whyweprotest.net/help-iran-online/2310-task-force-i-ran-electronic-attack-guidelines-tools-links.html

Mail Aids

They appear to have taken down the form and are now requesting email to info@gerdab.ir. Drowning them in noise is still a good tactic.

  • If nothing else, sign up for every sketchy sweepstakes, porn site and diet plan with that email, and trust the spammers to pass it around.
  • Do not try to bandwidth-DoS the site, as it is physically in Iran and you might overload the country. A syn-flood on port 25 is an option.

PHP Script to automatically fill out forms to report immoral websites to gerdib.ir:
Ruby Script to spam/DOS gerdib.ir SMTP Server:
NOTE: Don't bother WOT-ing the site. Iranians all fuck their camels anyway, so it's likely they don't give a shit about safe internets.

LOL MAILAIDS
Probably the best option for lazy fags is to use an automatic mailbomber.

  • http://anonym.to/?http://sidecode.net/?php=MailBomb such a mailbomber that wins eats cocks hard. -tested on mailinator and no mails were sent! Needs to be confirmed this is a working script!
    • The password is "pvpguise" witout the quotes.
    • The limmit is 200 sends at one time, so send 200 emails over9000 times. Also, change up the field information so that the spam filteres don't catch on.
  • To further deceive the mail filters, use this random wordlist generator in order to fill out the body, sender, and subject fields with differing data: http://anonym.to/?http://www.wordlistgenerator.net/

Site Information

Sensitive Info/Login Pages

http://anonym.to/?http://english.khamenei.ir/index.php?option=com_login&Itemid=76 - Joomla - no obviously vulnerable modules on that site
http://anonym.to/?https://mail.iran.ir/wm/src/login.php - Squirrelmail login?
http://anonym.to/?http://english.iribnews.ir/NewsBody.aspx?ID=3246%27 - Error for possible SQL Injection
http://anonym.to/?https://81.12.13.133:2381/cpqlogin.htm?RedirectUrl=/&RedirectQueryString= HP System Management Homepage v2.1.7.168
http://anonym.to/?http://webmail.basij.ir/horde/imp/
http://anonym.to/?http://81.12.13.151/mokhatab/ - interesting information
http://anonym.to/?http://www.iribnews.ir/FRONT_vmk.ASP?Day='%20or%201=(SELECT%20TOP%201%20COLUMN_NAME%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20TABLE_NAME='front_ar_sp'%20%20and%20COLUMN_NAME%20NOT%20IN%20(%20'ID'%20,%20'Style'%20))-- someone from Iran gave this to me. apparently this request gets blocked by a firewall. maybe it would help to use Iranian proxies.
http://anonym.to/?https://81.12.13.155/squirrelmail/contrib/decrypt_headers.php - Squirrelmail weird page
http://anonym.to/?https://81.12.13.155/squirrelmail/src/login.php - Squirrelmail login
http://anonym.to/?https://81.12.13.155:2233/ - DirectAdmin Login
http://anonym.to/?http://91.99.97.162/ - Control Panel Login page on same server than obash.info (shows faces of protesters too and is hosted in Iran by parsonline) 





  • Websites which are hosted on the same IP as gerdab.ir: (hack that shit)

Iranxiran.com avizoon.com gerdab.ir gholi.com iranxiran.com www.avizoon.com www.firekos.com xpersia.com




(quite a few high severity problems found)



    

  • moar scans of the Iranian cyberspace: http://anonym.to/?http://drop.io/LongOwl

    • 

  • Valid addresses on the same range as gerdab.ir. Prefereablly r00t, not ddos or anything. The Nessus scan for the ip range shows a metric fuckton of exploits for all these sites.
    • 



81.12.13.133

81.12.13.143

81.12.13.150

81.12.13.151

81.12.13.189


81.12.13.187 has BOF vuln. its already been raped. connect to it on port 4444. heres the exploit used. http://milw0rm.com/exploits/5248 nessus scan is good.. almost all are vuln for BOFs. they work. have fun. 







Secondary Targets







Someone is spamming those links on Twitter (http://twitter.com/rst325), pretending that it's anonymizers or breaking news. They're probably collecting IP's.

PHP script to spam twitter (use from commandline) :
http://anonymous.pastebay.com/26292




This gov-friendly news website is hosted in the Netherlands.




This is one of the SMS monitoring computers for the IRTC. Find a way to take it down. Reported as open ports on 22/ssh and 443/https. There is a generic SSL certificate being used. Its running RHEL 5 on kernal 2.6.x.




A website located in Dallas, TX had pictures of supposed protesters/leaders and was asking for information leading to the arrests of said individuals.  Since the website was not located within Iranian borders, a resulting DDoS attack did nothing to lessen the information escaping Iran. 

May bultannews.com RIP.




Another website which links to the images from gerdab.ir




This fanclub is run by some Abbas A. Bhatti, likely this fag -> http://www.youtube.com/user/mukhtargi mukhtargi@hotmail.com




  • TARGET: filter@dci.ir - that's the email where Iranians can complain about blocked websites





  • If you're frustrated because you can't DOS gerdab.ir with one single Slowloris, you can DOS these websites for teh lulz:

http://anonym.to/http://www.president.ir 

http://anonym.to/http://www.leader.ir 

http://anonym.to/http://www.irib.ir (propaganda news)
 
http://anonym.to/http://www.mod.ir (Ministry Of Defence)





theplanet.com easy-dox:
Address: 315 Capitol, Suite 205 - Houston, TX 7702
Phone numbers:
Abuse - 281-714-3560
NOC - 281-714-3555
Tech Support - 214-782-7800


Management team:
CEO - Douglas J Irwin
Direct work phone: (281) 714-3000



VP, Network Operations - Stan O. Barber



The rest of the management team is here, look them up if you want moar lulz: http://www.theplanet.com/management/
(lol their accountant worked for Arthur Anderson) 



They all need to hear your opinion on their hosting of Iranian pro-regime websites, other measures may be taken too.





Break into Web Servers













    

  • Sites like this are a cancer and blight of the internet: gerdab.ir
    • 

  • It's advised and completely acceptable to break into these sites and post pictures of the Ayatollah fucking a pig,  Mahmoud Amadinnerjacket being his queer self:http://insurgen.info/wiki/File:GayMahmoud.jpghttp://insurgen.info/wiki/File:FagMahmoud.jpg.
    • 

  • Post pictures of women in the act of triple or quadruple penetration if you don't feel like shopping those old pedophiles with barnyard animals.
    • 

  • Shop faces of the Basijj onto protector faces or just replace the pictures with fakes.
    • 


http://anonym.to/http://www.gerdab.ir/fa/pages/?cid=407 (images hosted here)




Tools

















To Do








  • Digg up videos like that

http://anonym.to/http://digg.com/world_news/7_year_old_beaten_by_Basiji_in_Iran



































    

  • Somefag make a macro to Digg videos, make Iranian twitter accounts to distract censors
    • 

  • 
SETUP AND DISTRIBUTE PROXIES TO IRANIAN CITIZENS. This is paramount. Make sure that the sandfags can get their crap to Facebook and Twitter. 
    • 

  • Hack Iranian Government websites (http://anonym.to/http://anonym.to/?http://anonym.to/http://www.ahmadinejad.ir/http://anonym.to/http://anonym.to/?http://anonym.to/http://www.iran.ir) and replace all images with Muhammad Epic Fail Guy http://anonym.to/http://anonym.to/?http://anonym.to/http://888chan.org/i/thumb/1245346367927s.jpg and hardcore porn.
    • 

  • Assert our Dominance on the internetz and over the inferior camel-fucker Iranian SysAdmins.
    • 

  • DO THE WORKS ON IRANIAN EMBASSIES. Pizza, email bombs, white canes, the works, sign them up for IRL junk mail, black fax. 
    • 

  • Massive influx of trolling; Mailbombs, comment spamming on all Iranian Government sites, demanding total un-fuckage of Iranian internet. 
    • 

  • Accuse Ahmenijad of being a faggoty buttfukker. Shewp to prove. 
    • 

  • Get some DOX on Mahmoud Ahmadinejad's private life and exploit him like we did the Olsen twins
    • 

  • Lulzy reaction from Iran's leadership including bitching and crying.
    • 

  • Complete destabilization of Iranian government information systems.
    • 

  • Reduce or destroy the reputability, validity and all over credibility of Iranian Gov't public records
    • 

  • Make global news. Aim for Reuters. 
    • 

  • Have Epic Lulz—This is SRS BSNSS But no SRS BSNSS is to be had without Lulz. 
    • 

  • ???
    • 

  • 
The Profit Muhammed. Profit. 
    • 

  • 
GOAL: Show Iranfags who really rules the tubes. We are Anonymous.
    • 




Victories






Butthurt mullahs: http://anonym.to/?http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&u=http://74.125.155.132/search?q=cache:X_Nz4wnaHFkJ:www.gerdab.ir/fa/pages/%3Fcid%3D399+http://gerdab.ir/fa/pages/%3Fcid%3D399&cd=1&hl=en&ct=clnk&gl=us

Moar butthurt mullahs: http://anonym.to/?http://tinyurl.com/kteuct



Irib got hacked: http://anonym.to/?http://img184.imagevenue.com/img.php?image=27109_iribhacked_123_1109lo.jpg



Blowback -> moar lazorz: http://anonym.to/?http://tinyurl.com/lzyubl



Butthurt gerdab.ir admins (translation):

After the publication of photos identifying a number of operators who seem the main causes of this movement, there was chaos on whirlpool site. They are afraid of this and hire a number of American and Canadian hackers to prevent publication of pictures with disturbance attacks to the web site and email to whirlpool.





Media Coverage











Category:Raids
Category:Events
Category:Project Greenwave
Category:Projects
              


              

                
                   Add a custom footer
              

          



  
          

            

              

                

                  

                      
                        
                      
                    
Wiki












Encyclopedia



                  

                

              


            
Clone this wiki locally