The Hacker News Logo
Subscribe to Newsletter

The Real Story about rootkit.com ,HBGary E-mail !

The Real Story about rootkit.com ,HBGary E-mail !



HBGary E-mail Viewer
greg@hbgary.com
Go back
Original file: 27606
click here to show this e-mail with HTML markup
From: jussi jaakonaho <jussij@gmail.com>
To: Greg Hoglund <greg@hbgary.com>
Date: Sun, 6 Feb 2011 22:15:54 +0200
Subject: Re: need to ssh into rootkit
click here to show full headers
Attachments: This e-mail does not have any attachments.






did you open something running on high port?




On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:


> ok let me know if you need me

> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>> tnx.
>> i am also connected to the box, seems some people have download problems -
>> have figured earlier that some chinese used chinese chars on names of files,
>> which then our filtering stripped off when putting db etc. so some db
>> editing
>> 
>> 
>> _jussi
>> 
>> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
>> 
>>> ok ill make sure to get you a new license asap.
>>> 
>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>> np.
>>>> btw i did not shut down the firewall so it still protects with too many
>>>> connections from same source address.
>>>> 
>>>> i have also downloaded latest backups from /home/varmi to my homebox,
>>>> just
>>>> in case.
>>>> 
>>>> oh, also seem my license is expiring for responder again. o:-) was
>>>> thinking
>>>> to put it into box with more memory.
>>>> 
>>>> _jussi
>>>> 
>>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
>>>> 
>>>>> yup im logged in thanks ill email you in a few, im backed up
>>>>> 
>>>>> thanks
>>>>> 
>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>> nope. your account is named as hoglund
>>>>>> 
>>>>>> 
>>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
>>>>>> 
>>>>>>> yes jussi thanks
>>>>>>> 
>>>>>>> did you reset the user greg or?
>>>>>>> 
>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>> does it work now?
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
>>>>>>>> 
>>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
>>>>>>>>> for a little bit.
>>>>>>>>> 
>>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
>>>>>>>>> 65.74.181.141?
>>>>>>>>> 
>>>>>>>>> thanks
>>>>>>>>> 
>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>> ok,
>>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
>>>>>>>>>> testing
>>>>>>>>>> so
>>>>>>>>>> that it works for sure.
>>>>>>>>>> your password is changeme123
>>>>>>>>>> 
>>>>>>>>>> i am online so just shoot me if you need something.
>>>>>>>>>> 
>>>>>>>>>> in europe, but not in finland? :-)
>>>>>>>>>> 
>>>>>>>>>> _jussi
>>>>>>>>>> 
>>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
>>>>>>>>>> 
>>>>>>>>>>> no i dont have the public ip with me at the moment because im
>>>>>>>>>>> ready
>>>>>>>>>>> for a small meeting and im in a rush.
>>>>>>>>>>> 
>>>>>>>>>>> if anything just reset my password to changeme123 and give me
>>>>>>>>>>> public
>>>>>>>>>>> ip and ill ssh in and reset my pw.
>>>>>>>>>>> 
>>>>>>>>>>> thanks
>>>>>>>>>>> 
>>>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>>>> hi,
>>>>>>>>>>>> 
>>>>>>>>>>>> do you have public ip? or should i just drop fw?
>>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
>>>>>>>>>>>> 
>>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>> _jussi
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>>> jussi
>>>> 
>>>> 
>> 
>>

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.