m@mb@ Posted March 12, 2011 Report Posted March 12, 2011 rootkit.com cleartext passwordsOn February 6, 2011, as part of their attack on HBGary, the Anonymous group social engineered administrator of rootkit.com, Jussi Jaakonaho, to gain root access to rootkit.com. The entire MySQL database backup was then released by Anonymous and announced using HBGary's CEO Twitter account, @aaronbarr: Sup, here's rootkit.com MySQL Backup http://stfu.cc/rootkit_com_mysqlbackup_02_06_11.gz #hbgary #rootkit #anonymous. The table below is the list of accounts found in rootkit.com MySQL database backup with passwords in cleartext.JtR is used to translate the password to cleartext_password. Most of the passwords were successfully acquired by feeding a password dictionary (17.5MB) to JtR and the rest are being acquired by using JtR incremental mode. Among the passwords found at rootkit.com, the following are the 10 most used passwords:Rank Password Accounts1 123456 10232 password 3923 rootkit 3414 111111 1905 12345678 1816 qwerty 1757 123456789 1708 123123 999 qwertyui 9210 letmein 91Top 500 most used passwords ?By randomly putting the passwords to test, many appear to be reused by the same user elsewhere on sites presumably of lower value to the user, e.g. Facebook, Twitter, forum sites, secondary email accounts, etc. To date, mechanize has found at least 1346 accounts using @gmail.com alone can be used to login to Twitter; marked with t in the list below. If your account or account of someone you know appears in the list below, we urge you to take an action to change the password immediately if it is used elsewhere and enforce use of strong passwords.UPDATE (February 19, 2011): The full disclosure is now available to logged in user. Login with your Facebook account by clicking on the Facebook login button at the top left corner.UPDATE (February 15, 2011): The public disclosure on this page with details on rootkit.com accounts leaked by the Anonymous group has sparked heated discussion due to potential password reuse. This has resulted in this page being brought down several times by our upstream providers. While we are putting the effort to bring this disclosure to the public, we are no longer displaying the password and cleartext_password fields below. Please follow the discussion on this public disclosure using the discussion board at the bottom of this page.MAI MULTE AICI Quote
