The Real Story about rootkit.com ,HBGary E-mail !
HBGary E-mail Viewer
greg@hbgary.com
Go back
Original file: 27606
click here to show this e-mail with HTML markup
From: jussi jaakonaho <jussij@gmail.com>
To: Greg Hoglund <greg@hbgary.com>
Date: Sun, 6 Feb 2011 22:15:54 +0200
Subject: Re: need to ssh into rootkit
click here to show full headers
Attachments: This e-mail does not have any attachments.
did you open something running on high port?
On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:
> ok let me know if you need me
>
> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>> tnx.
>> i am also connected to the box, seems some people have download problems -
>> have figured earlier that some chinese used chinese chars on names of files,
>> which then our filtering stripped off when putting db etc. so some db
>> editing
>>
>>
>> _jussi
>>
>> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
>>
>>> ok ill make sure to get you a new license asap.
>>>
>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>> np.
>>>> btw i did not shut down the firewall so it still protects with too many
>>>> connections from same source address.
>>>>
>>>> i have also downloaded latest backups from /home/varmi to my homebox,
>>>> just
>>>> in case.
>>>>
>>>> oh, also seem my license is expiring for responder again. o:-) was
>>>> thinking
>>>> to put it into box with more memory.
>>>>
>>>> _jussi
>>>>
>>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
>>>>
>>>>> yup im logged in thanks ill email you in a few, im backed up
>>>>>
>>>>> thanks
>>>>>
>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>> nope. your account is named as hoglund
>>>>>>
>>>>>>
>>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
>>>>>>
>>>>>>> yes jussi thanks
>>>>>>>
>>>>>>> did you reset the user greg or?
>>>>>>>
>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>> does it work now?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
>>>>>>>>
>>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
>>>>>>>>> for a little bit.
>>>>>>>>>
>>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
>>>>>>>>> 65.74.181.141?
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>>
>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>> ok,
>>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
>>>>>>>>>> testing
>>>>>>>>>> so
>>>>>>>>>> that it works for sure.
>>>>>>>>>> your password is changeme123
>>>>>>>>>>
>>>>>>>>>> i am online so just shoot me if you need something.
>>>>>>>>>>
>>>>>>>>>> in europe, but not in finland? :-)
>>>>>>>>>>
>>>>>>>>>> _jussi
>>>>>>>>>>
>>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
>>>>>>>>>>
>>>>>>>>>>> no i dont have the public ip with me at the moment because im
>>>>>>>>>>> ready
>>>>>>>>>>> for a small meeting and im in a rush.
>>>>>>>>>>>
>>>>>>>>>>> if anything just reset my password to changeme123 and give me
>>>>>>>>>>> public
>>>>>>>>>>> ip and ill ssh in and reset my pw.
>>>>>>>>>>>
>>>>>>>>>>> thanks
>>>>>>>>>>>
>>>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>>>> hi,
>>>>>>>>>>>>
>>>>>>>>>>>> do you have public ip? or should i just drop fw?
>>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
>>>>>>>>>>>>
>>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> _jussi
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> jussi
>>>>
>>>>
>>
>>
HBGary E-mail Viewer
greg@hbgary.com
Go back
Original file: 27606
click here to show this e-mail with HTML markup
From: jussi jaakonaho <jussij@gmail.com>
To: Greg Hoglund <greg@hbgary.com>
Date: Sun, 6 Feb 2011 22:15:54 +0200
Subject: Re: need to ssh into rootkit
click here to show full headers
Attachments: This e-mail does not have any attachments.
did you open something running on high port?
On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:
> ok let me know if you need me
>
> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>> tnx.
>> i am also connected to the box, seems some people have download problems -
>> have figured earlier that some chinese used chinese chars on names of files,
>> which then our filtering stripped off when putting db etc. so some db
>> editing
>>
>>
>> _jussi
>>
>> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
>>
>>> ok ill make sure to get you a new license asap.
>>>
>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>> np.
>>>> btw i did not shut down the firewall so it still protects with too many
>>>> connections from same source address.
>>>>
>>>> i have also downloaded latest backups from /home/varmi to my homebox,
>>>> just
>>>> in case.
>>>>
>>>> oh, also seem my license is expiring for responder again. o:-) was
>>>> thinking
>>>> to put it into box with more memory.
>>>>
>>>> _jussi
>>>>
>>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
>>>>
>>>>> yup im logged in thanks ill email you in a few, im backed up
>>>>>
>>>>> thanks
>>>>>
>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>> nope. your account is named as hoglund
>>>>>>
>>>>>>
>>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
>>>>>>
>>>>>>> yes jussi thanks
>>>>>>>
>>>>>>> did you reset the user greg or?
>>>>>>>
>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>> does it work now?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
>>>>>>>>
>>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
>>>>>>>>> for a little bit.
>>>>>>>>>
>>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
>>>>>>>>> 65.74.181.141?
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>>
>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>> ok,
>>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
>>>>>>>>>> testing
>>>>>>>>>> so
>>>>>>>>>> that it works for sure.
>>>>>>>>>> your password is changeme123
>>>>>>>>>>
>>>>>>>>>> i am online so just shoot me if you need something.
>>>>>>>>>>
>>>>>>>>>> in europe, but not in finland? :-)
>>>>>>>>>>
>>>>>>>>>> _jussi
>>>>>>>>>>
>>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
>>>>>>>>>>
>>>>>>>>>>> no i dont have the public ip with me at the moment because im
>>>>>>>>>>> ready
>>>>>>>>>>> for a small meeting and im in a rush.
>>>>>>>>>>>
>>>>>>>>>>> if anything just reset my password to changeme123 and give me
>>>>>>>>>>> public
>>>>>>>>>>> ip and ill ssh in and reset my pw.
>>>>>>>>>>>
>>>>>>>>>>> thanks
>>>>>>>>>>>
>>>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>>>> hi,
>>>>>>>>>>>>
>>>>>>>>>>>> do you have public ip? or should i just drop fw?
>>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
>>>>>>>>>>>>
>>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> _jussi
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> jussi
>>>>
>>>>
>>
>>
