operat0r_001

http://rmccurdy.com/scripts/downloaded/c99shell.php.txt http://rmccurdy.com/scripts/downloaded/r57eng.php.txt

free online scan and fix rmccurdy.com/panda.html

her ya go ! wait screen shot ... ... i dont run X .. %uname -a FreeBSD rmccurdy.com 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:40:53 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 %top -b last pid: 3436; load averages: 0.00, 0.00, 0.00 up 0+03:16:33 04:03:22 45 processes: 1 running, 43 sleeping, 1 zombie Mem: 71M Active, 88M Inact, 50M Wired, 13M Cache, 34M Buf, 12M Free Swap: 471M Total, 12K Used, 471M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 749 root 1 8 0 21412K 10808K nanslp 0:09 0.00% httpd 746 mysql 5 20 0 55240K 26236K kserel 0:05 0.00% mysqld 957 operat0r 1 96 0 8244K 5480K select 0:03 0.00% irssi 3398 root 1 8 0 1712K 1072K nanslp 0:00 0.00% snortsam 955 operat0r 1 96 0 2204K 1572K select 0:00 0.00% screen 1491 www 1 20 0 21524K 11148K lockf 0:00 0.00% httpd 1494 www 1 20 0 21540K 11016K lockf 0:00 0.00% httpd 706 root 1 96 0 2928K 1524K select 0:00 0.00% master 1642 www 1 4 0 21552K 11204K kqread 0:00 0.00% httpd 1690 www 1 20 0 21508K 11064K lockf 0:00 0.00% httpd 1492 www 1 20 0 21532K 11048K lockf 0:00 0.00% httpd 3262 operat0r 1 96 0 6284K 2852K select 0:00 0.00% sshd 517 root 1 96 0 1376K 828K select 0:00 0.00% syslogd 1495 www 1 20 0 21532K 11048K lockf 0:00 0.00% httpd 1507 www 1 20 0 21528K 11044K lockf 0:00 0.00% httpd 3260 root 1 4 0 6272K 2808K sbwait 0:00 0.00% sshd 1750 www 1 20 0 21536K 11028K lockf 0:00 0.00% httpd 1493 www 1 20 0 21508K 11036K lockf 0:00 0.00% httpd

use cax.exe or vbs to hide it do not scan the %userprofile% temp internet settings ( too much crap ) stick to desktop and maybe setup the script to have a blacklist fro folders like %temp% etc .. use some kind of CLI undelete app and recycle bin restore util ( people often delete c:recyle with porn in it etc.. http://rmccurdy.com/scripts/quickclean.txt ( ya i suck at bat too ) see ./ fro the EXE

careful http://consumerist.com/consumer/leaks/best...tuff-294012.php

:: Fixed the code :: Example cURL ( libcurl) code with debug option. <?php /* change the LOGINEMALHERE%40yahoo.com /* change the PASSWORDHERE /* then run it ! php snort.php > snortrules-snapshot-2.4.tar.gz /* set both DEBUG_ options to true to debug ... define(DEBUG_PRINT, FALSE); define(DEBUG_MODE, FALSE); error_reporting(E_ALL | E_STRICT); $my_mundo_travian = 'http://www.snort.org'; $my_login_url = "$my_mundo_travian/login/"; /* below the original test page has a string with valid header data copied as shown in the tutorial using live http headers */ $my_login_data = "destination=https%3A%2F%2Fwww.snort.org%2Freg-bin%2Fuserprefs.cgi&credential_0=LOGINEMALHERE%40yahoo.com&credential_1=PASSWORDHERE&Submit=login+to+snort.org"; $my_proxy = ''; $my_proxy_status = 'off'; /* after a successful login, this url shows the initial game control panel. If login fails, it shows the login page */ $my_grab_page = 'http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/snortrules-snapshot-2.4.tar.gz'; $fp_err = fopen("curl_errors.txt", "w"); curl_login($my_login_url, $my_login_data, $my_proxy, $my_proxy_status); echo curl_grab_page($my_grab_page, $my_proxy, $my_proxy_status); fclose($fp_err); /* login functions by Chad from http://codersshack.com/forums/php_11/tutorial-curl-login_44.html */ /* functions are slightly modified in order to send curl verbose report to a file */ function curl_login($url,$data,$proxy,$proxystatus){ global $fp_err; $fp = fopen("cookie_travian.txt", "w"); fclose($fp); $login = curl_init(); if (DEBUG_MODE) { curl_setopt($login, CURLOPT_VERBOSE, TRUE); curl_setopt($login, CURLOPT_STDERR, $fp_err); } curl_setopt($login, CURLOPT_COOKIEJAR, "cookie_travian.txt"); curl_setopt($login, CURLOPT_COOKIEFILE, "cookie_travian.txt"); curl_setopt($login, CURLOPT_USERAGENT, "rmccurdy"); curl_setopt($login, CURLOPT_REFERER, "http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/"); curl_setopt($login, CURLOPT_TIMEOUT, 30); curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE); if ($proxystatus == 'on') { curl_setopt($login, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($login, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($login, CURLOPT_PROXY, $proxy); } curl_setopt($login, CURLOPT_URL, $url); curl_setopt($login, CURLOPT_HEADER, TRUE); curl_setopt($login, CURLOPT_USERAGENT, "rmccurdy"); curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($login, CURLOPT_POST, TRUE); curl_setopt($login, CURLOPT_POSTFIELDS, $data); ob_start(); // prevent any output return curl_exec ($login); // execute the curl command ob_end_clean(); // stop preventing output curl_close ($login); unset($login); } function curl_grab_page($site,$proxy,$proxystatus){ global $fp_err; $ch = curl_init(); if (DEBUG_MODE) { curl_setopt($ch, CURLOPT_VERBOSE, TRUE); curl_setopt($ch, CURLOPT_STDERR, $fp_err); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); if ($proxystatus == 'on') { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($ch, CURLOPT_PROXY, $proxy); } curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie_travian.txt"); curl_setopt($ch, CURLOPT_URL, $site); ob_start(); // prevent any output return curl_exec ($ch); // execute the curl command ob_end_clean(); // stop preventing output curl_close ($ch); } if (DEBUG_PRINT) { echo "<br>COOKIE<br>"; $file = file_get_contents ('cookie_travian.txt'); Echo $file; echo "<br>ERR<br>"; $file = file_get_contents ('curl_errors.txt'); Echo $file; } ?>

* installed libcurl support under phpextensions * used firefox LiveHTTPHeaders plugin to get data #!/usr/local/bin/bash export varcingular=`php /bin/CINGULAR.PHP | grep Used | awk '{print $2}'` if [[ "$varcingular" -gt "400" ]] then echo WARNING $varcingular minutes |mailx ##########@cingularme.com fi <?php # change ########## and password $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,'https://www.snort.org/login/'); curl_setopt($ch, CURLOPT_USERAGENT, 'rmccurdy_com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_COOKIEFILE, cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, cookie); $result = curl_exec ($ch); curl_close ($ch); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,'https://www.wireless.att.com/olam/loginAction.doview'); curl_setopt($ch, CURLOPT_USERAGENT, 'rmccurdy_com'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, 'actionEvent=loginInProgress&targetURL=&wireless_num=##########&pass=password&x=30&y=4&rememberCtn=on'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_REFERER, 'https://www.wireless.att.com/olam/loginAction.doview'); curl_setopt($ch, CURLOPT_COOKIEFILE, cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, cookie); $result = curl_exec ($ch); curl_close ($ch); # print $result; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,'https://www.wireless.att.com/olam/loginAction.olamexecute'); curl_setopt($ch, CURLOPT_USERAGENT, 'rmccurdy_com'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, 'actionEvent=login&reportActionEvent=A_LGN_LOGIN_SUB&fromPage='); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_REFERER, 'https://www.wireless.att.com/olam/loginAction.doview'); curl_setopt($ch, CURLOPT_COOKIEFILE, cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, cookie); $result = curl_exec ($ch); curl_close ($ch); # print $result; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,'https://www.wireless.att.com/olam/dashboardAction.olamexecute'); curl_setopt($ch, CURLOPT_USERAGENT, 'rmccurdy_com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_COOKIEFILE, cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, cookie); $result = curl_exec ($ch); curl_close ($ch); print $result; ?> # +MobileNumber@alltelmessage.com Alltel # +MobileNumber@message.alltel.com Alltel (alternate) # +MobileNumber@mmode.com former AT&T users on Cingular # +MobileNumber@mobile.celloneusa.com Cellular One # +MobileNumber@mobile.mycingular.com Cingular # +MobileNumber@page.nextel.com Nextel # +MobileNumber@omnipointpcs.com OmnipointPCS # +MobileNumber@qwestmp.com Qwest # +MobileNumber@messaging.sprintpcs.com Sprint (US) # +MobileNumber@tmomail.com T-Mobile # +MobileNumber@vtext.com Verizon (incl. AirTouch) # +MobileNumber@vzwpix.com Verizon (incl. AirTouch) for pictures (MMS) # +MobileNumber@vmobl.com Virgin Mobile (US customers only) # +MobileNumber@teleflip.com All carriers

its a static list so go find your own and quit bitching ...or just a server

eps 3 !!! http://divx-695.vo.llnwd.net/stage6vid/1598001.divx Episode 2 is here! from ./shutdown News Well, we were holed up in the editing room for 5 days straight, but our journey to the Dark Side is complete. Submitted for your approval, ./shutdown episode 2: The Truth About Hally. Please for you to enjoy, k thx bai. MTFBWY, Michelle Osorio Co-Creator of ./shutdown

DO NOT INSTALL THE ACTIVX CRAP FOR THAT SITE JUST USE VLC TO OPEN THE .DIVX file !! direct url ! EPS 1 http://flash.revver.com/download/movie/341...347f0/movie.flv EPS2 teaser http://divx-256.vo.llnwd.net/stage6vid/1519336.divx

Sweet ! but I cant click the link my hand is all gimp !

edit for Cooper

Ubuntu sucks http://www.pcbsd.org

for some reason tinyurl is blocked ... so I encoded the url ;P

This is a SWF video I made for webinspect WTF block tinyurl ??? stupid ... Its ok I encoded the url for you :) http://%74%69%6E%79%75%72%6C.com/2aodh4 http://%74%69%6E%79%75%72%6C.com/2aodh4 http://tinyXXXXXXXXXXXXXurl.com/2aodh4 ( remove the X's or use IE and click the link ;P

beat antivirus ? here some codes to get your process/service killing on.. @echo off echo =========================================== echo reportNkillall.exe 3.0 echo This program will dump to a txt file (process file dll, startup and services items to ... echo %userprofile%desktopDLLLIST.TXT echo after the dump is complete it will try and kill all task that are under %user% echo NOTE: ( you may need to press CTRL+ALT+DEL ) to run explore again echo =========================================== echo http://rmccurdy.com LISTDLLS.exe > "%userprofile%desktopDLLLIST.TXT" sc query state= all | find "NAME" >> "%userprofile%desktopDLLLIST.TXT" autorunsc.exe >> "%userprofile%desktopDLLLIST.TXT" copy cax.exe %temp% echo c:cax.exe /killuser %USERNAME% > c:kill.bat RUNAS_SYSTEM.vbs RUNAS_SYSTEM.vbs set WshShell = CreateObject("WScript.Shell") WshShell.Run ("at " & hour(now) & ":" & minute(now)+1 & "am /interactive cmd.exe /c c:kill.bat") WshShell.Run ("at " & hour(now) & ":" & minute(now)+1 & "pm /interactive cmd.exe /c c:kill.bat") WScript.Sleep 65000 WshShell.Run ("at /delete /yes")

the var is set to 1 be defualt for "quickclean" but you can change it to any thing you want ?

Fixed !

Beta post comments etc .... here is the code so far what it does * just about everything ccleaner does and more * all users * secure delete 7 pass option prompt ( for the tin foil hats ! ) * recycle bin * enables show hidden * delete all $NtUninstallK and windows update files * ripp ccleaner ini ( known mru and log paths etc... ) * OPTIONAL wipe all Appdata * OPTIONAL wipe Start MenuProgramsStartup here is the code http://rmccurdy.com/scripts/quickclean.txt

ircatwork was slow before hak.5 gave out the url so I made this http://www.rmccurdy.com/scripts/IRC/

rmccurdy.com/chat

http://www.google.com/search?q=killcmos or the old paperclip does the jarb !

/me n00b

click support http://www.rmccurdy.com

http://rmccurdy.com/scripts/action_code.txt // Action script... :shock: