LOL Literally.
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] -----Original Message----- From: Rod Trent [mailto:[email protected]] Sent: Friday, October 19, 2012 11:14 AM To: NT System Admin Issues Subject: RE: DDOS Attacks continue targeting Tobacco Industry They're getting smoked. -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Friday, October 19, 2012 11:03 AM To: NT System Admin Issues Subject: DDOS Attacks continue targeting Tobacco Industry >From DHS, if any of your companies or associates are on the list, I would assume you are going to be seeing more attacks coming up. PASTEBIN | #1 paste tool since 2002 create new pastetoolsapiarchivefaq PASTEBIN create new paste trending pastes sign uploginmy alertsmy settingsmy profile Public Pastes Untitled 0 sec agoUntitled 0 sec agoUntitled 1 sec agoUntitled 5 sec agoUntitled 6 sec agoUntitled 10 sec agoUntitled 11 sec agoUntitled 11 sec ago UntitledBy: a guest on Oct 15th, 2012 | syntax: None | size: 5.74 KB | hits: 121 | expires: Neverdownload | raw | embed | report abuse Copied 1.#OpGr0wHous3 2. 3.It has come to our attention that tobacco agencies/tobacco company's have been feeding fuel to the fire as far as keeping this safe plant we know and love called cannabis illegal for years. It is our time now to show them who is the boss and that we are not afraid to show action. This is NOT A THREAT! It's a promise! We are asking all anonymous hacktivists to help join the party! 4. 5.There will be 10 days of DDoS attacks on 10 different tobacco sites/agencies. Starting October 18th 2012 -- October 27th 2012. 6.Each day we will be attacking a new site. 7. 8.Every night at 8:00pm EST (Eastern Standard Time) We will Fire our Laz0rs towards a specific site/agency. Check down below for more details on attack dates. 9. 10.**IMPORTANT** 11.If you do plan on helping with the attack, please make sure you are using a VPN & make sure your DNS is not leaking when DDoSing!!! 12. 13.DO NOT USE LOIC!!! 14.Use HOIC and the WebHive!!! 15. 16.Also HOIC is pointless without booster scripts so please use a booster script for the specific site we are attacking!!! (Links Below) 17. 18.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19.**How To Use HOIC** 20. 21.If your using an older computer with little ram or weak processors. Set the thread count for 2 or 3. 22. 23.If you are using a newer computer with a good amount of ram and processors. Set the thread count for 4 or 5. 24. 25.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 26.**DNS Leak Check** 27.Once you have set up your VPN. Go to the DNS Leak Checker Link down below and check to see if your DNS is leaking. If you see anything that has your ISP (Internet Service Provider) then your DNS IS LEAKING!!! (Which can be very bad!!) 28. 29.If you DO NOT see anything with your ISP then your DNS is NOT Leaking! (Which is good!!) 30.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 31.**How to use HOIC Booster Scripts** 32. 33.Just copy and paste the code into any text editor an save it as a .hoic file. 34.(You can name the booster whatever you want as long as it is a .hoic extension!!) 35. 36.Then take the booster script an drag it into the same folder HOIC is in. 37. 38.Then when you are ready to attack the a specific site. Find the booster meant for that specific site an you should be set to fire! 39. 40.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 41.Tools & Goodies 42. 43.Here's a bunch of links for tools for the attack and TuTs as well as the WebHive URL. 44. 45.**(HOIC download link is in the "Tools & Goodies" paste)** 46. 47.Tools & Goodies: http://pastebin.com/hRbrhKyd 48. 49.VPN TuT/Download: http://pastebin.com/mYZRpQ1A 50. 51.WebHive: http://pastehtml.com/view/cdvr011a5.html 52. 53.WebHive TuT: http://pastebin.com/BbEfifwA 54. 55.DNS Leak Checker: http://www.dnsleaktest.com/ 56. 57.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 58.**ATTACK DATES!!!** 59. 60.October 18th: http://www.camel.com/ 61. 62.October 19th: http://www.lm.com/ 63. 64.October 20th: http://www.marlboro.com/ 65. 66.October 21st: http://www.newport-pleasure.com/ 67. 68.October 22nd: http://www.rjrt.com/ 69. 70.October 23rd: http://www.altria.com/ 71. 72.October 24th: http://philipmorrisusa.com/ 73. 74.October 25th: http://pmi.com/ 75. 76.October 26th: http://www.johnmiddletonco.com/ 77. 78.October 27th: http://www.lorillard.com/ 79. 80.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 81.HOIC Booster Scripts 82. 83.Altria Booster: http://pastebin.com/Zx5Gqu6E 84. 85.Camel Booster: http://pastebin.com/QbDYxHSR 86. 87.JohnMiddleton Booster: http://pastebin.com/fibSqGKt 88. 89.L&M Booster: http://pastebin.com/ZV62sgzj 90. 91.Lorillard Booster: http://pastebin.com/fpybW7NV 92. 93.Marlboro Booster: http://pastebin.com/X09p2tbA 94. 95.Newport Booster: http://pastebin.com/FgCVYU0F 96. 97.PhilipMorris USA Booster: http://pastebin.com/Nnn8zvXA 98. 99.PhilipMorris International Booster: http://pastebin.com/r02ZBiPz 100. 101.RJRT Booster: http://pastebin.com/YnaTsJCa 102.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 103.**WebHive Request URLs** 104. 105.*Camel* 106.Image URL: https://camel.tobaccopleasure.com/assets/images/camel99_logo.png 107. 108.iFrame URL: http://www.camel.com/ 109.-------------------------------------------------------------------- ---------- 110.*Marlboro* 111.iFrame URL: https://www.marlboro.com/ 112.-------------------------------------------------------------------- ---------- 113.*L&M* 114.iFrame URL: http://www.lm.com/ 115.-------------------------------------------------------------------- ---------- 116.*Newport* 117.Image URL: http://m.newport-pleasure.com/Content/lor-themes/images/lookup_forgot_pi n/P2.CustomerID_art.png 118. 119.iFrame URL: http://www.newport-pleasure.com/ 120.-------------------------------------------------------------------- ---------- 121.*Altria* 122.Image URL: http://www.altria.com/en/cms/Home/SlideShow/Images/LargeImage/federalReg Tobacco_large.png.aspx 123.iFrame URL: http://www.altria.com/ 124.-------------------------------------------------------------------- ---------- 125.*RJRT* 126.Image URL: http://rjrt.com/images/home-bottom-graphic.jpg 127.iFrame URL: http://rjrt.com/ 128.-------------------------------------------------------------------- ---------- 129.*PhilipMorris USA* 130.Image URL: http://www.philipmorrisusa.com/en/cms/Home/images/hp_icon_tobacco.jpg.as px 131.iFrame URL: http://philipmorrisusa.com/ 132.-------------------------------------------------------------------- ---------- 133.*Lorillard* 134.Image URL: http://www.lorillard.com/wp-content/uploads/2011/04/promo.jpg 135.iFrame URL: http://www.lorillard.com/ 136.-------------------------------------------------------------------- ---------- 137.*PhilipMorris International* 138.Image URL: http://www.pmi.com/SiteCollectionImages/acc.bnr_about_us.jpg 139.iFrame URL: http://pmi.com/ 140.-------------------------------------------------------------------- ---------- 141.*JohnMiddleton Company* 142.Image URL: http://www.johnmiddletonco.com/en/cms/Company/About_Middleton/photo_over view2.jpg.aspx 143.iFrame URL: http://www.johnmiddletonco.com/ 144.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~create a new version of this paste RAW Paste Data #OpGr0wHous3 It has come to our attention that tobacco agencies/tobacco company's have been feeding fuel to the fire as far as keeping this safe plant we know and love called cannabis illegal for years. It is our time now to show them who is the boss and that we are not afraid to show action. This is NOT A THREAT! It's a promise! We are asking all anonymous hacktivists to help join the party! There will be 10 days of DDoS attacks on 10 different tobacco sites/agencies. Starting October 18th 2012 -- October 27th 2012. Each day we will be attacking a new site. Every night at 8:00pm EST (Eastern Standard Time) We will Fire our Laz0rs towards a specific site/agency. Check down below for more details on attack dates. **IMPORTANT** If you do plan on helping with the attack, please make sure you are using a VPN & make sure your DNS is not leaking when DDoSing!!! DO NOT USE LOIC!!! Use HOIC and the WebHive!!! Also HOIC is pointless without booster scripts so please use a booster script for the specific site we are attacking!!! (Links Below) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **How To Use HOIC** If your using an older computer with little ram or weak processors. Set the thread count for 2 or 3. If you are using a newer computer with a good amount of ram and processors. Set the thread count for 4 or 5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **DNS Leak Check** Once you have set up your VPN. Go to the DNS Leak Checker Link down below and check to see if your DNS is leaking. If you see anything that has your ISP (Internet Service Provider) then your DNS IS LEAKING!!! (Which can be very bad!!) If you DO NOT see anything with your ISP then your DNS is NOT Leaking! (Which is good!!) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **How to use HOIC Booster Scripts** Just copy and paste the code into any text editor an save it as a .hoic file. (You can name the booster whatever you want as long as it is a .hoic extension!!) Then take the booster script an drag it into the same folder HOIC is in. Then when you are ready to attack the a specific site. Find the booster meant for that specific site an you should be set to fire! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tools & Goodies Here's a bunch of links for tools for the attack and TuTs as well as the WebHive URL. **(HOIC download link is in the "Tools & Goodies" paste)** Tools & Goodies: http://pastebin.com/hRbrhKyd VPN TuT/Download: http://pastebin.com/mYZRpQ1A WebHive: http://pastehtml.com/view/cdvr011a5.html WebHive TuT: http://pastebin.com/BbEfifwA DNS Leak Checker: http://www.dnsleaktest.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **ATTACK DATES!!!** October 18th: http://www.camel.com/ October 19th: http://www.lm.com/ October 20th: http://www.marlboro.com/ October 21st: http://www.newport-pleasure.com/ October 22nd: http://www.rjrt.com/ October 23rd: http://www.altria.com/ October 24th: http://philipmorrisusa.com/ October 25th: http://pmi.com/ October 26th: http://www.johnmiddletonco.com/ October 27th: http://www.lorillard.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HOIC Booster Scripts Altria Booster: http://pastebin.com/Zx5Gqu6E Camel Booster: http://pastebin.com/QbDYxHSR JohnMiddleton Booster: http://pastebin.com/fibSqGKt L&M Booster: http://pastebin.com/ZV62sgzj Lorillard Booster: http://pastebin.com/fpybW7NV Marlboro Booster: http://pastebin.com/X09p2tbA Newport Booster: http://pastebin.com/FgCVYU0F PhilipMorris USA Booster: http://pastebin.com/Nnn8zvXA PhilipMorris International Booster: http://pastebin.com/r02ZBiPz RJRT Booster: http://pastebin.com/YnaTsJCa ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **WebHive Request URLs** *Camel* Image URL: https://camel.tobaccopleasure.com/assets/images/camel99_logo.png iFrame URL: http://www.camel.com/ ------------------------------------------------------------------------ ------ *Marlboro* iFrame URL: https://www.marlboro.com/ ------------------------------------------------------------------------ ------ *L&M* iFrame URL: http://www.lm.com/ ------------------------------------------------------------------------ ------ *Newport* Image URL: http://m.newport-pleasure.com/Content/lor-themes/images/lookup_forgot_pi n/P2.CustomerID_art.png iFrame URL: http://www.newport-pleasure.com/ ------------------------------------------------------------------------ ------ *Altria* Image URL: http://www.altria.com/en/cms/Home/SlideShow/Images/LargeImage/federalReg Tobacco_large.png.aspx iFrame URL: http://www.altria.com/ ------------------------------------------------------------------------ ------ *RJRT* Image URL: http://rjrt.com/images/home-bottom-graphic.jpg iFrame URL: http://rjrt.com/ ------------------------------------------------------------------------ ------ *PhilipMorris USA* Image URL: http://www.philipmorrisusa.com/en/cms/Home/images/hp_icon_tobacco.jpg.as px iFrame URL: http://philipmorrisusa.com/ ------------------------------------------------------------------------ ------ *Lorillard* Image URL: http://www.lorillard.com/wp-content/uploads/2011/04/promo.jpg iFrame URL: http://www.lorillard.com/ ------------------------------------------------------------------------ ------ *PhilipMorris International* Image URL: http://www.pmi.com/SiteCollectionImages/acc.bnr_about_us.jpg iFrame URL: http://pmi.com/ ------------------------------------------------------------------------ ------ *JohnMiddleton Company* Image URL: http://www.johnmiddletonco.com/en/cms/Company/About_Middleton/photo_over view2.jpg.aspx iFrame URL: http://www.johnmiddletonco.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pastebin.com Tools & Applications iPhone/iPad Windows Firefox Chrome WebOS Android Mac Opera Click.to UNIX WinPhone create new paste | api | trends | users | faq | tools | domains center | privacy | contact | stats | go pro Follow us: pastebin on facebook | pastebin on twitter | pastebin in the news Some friends: hostshut | hostlogr | w3patrol | cute pictures Pastebin v3.1 rendered in: 0.008 seconds #OpGr0wHous3 It has come to our attention that tobacco agencies/tobacco company's have been feeding fuel to the fire as far as keeping this safe plant we know and love called cannabis illegal for years. It is our time now to show them who is the boss and that we are not afraid to show action. This is NOT A THREAT! It's a promise! We are asking all anonymous hacktivists to help join the party! There will be 10 days of DDoS attacks on 10 different tobacco sites/agencies. Starting October 18th 2012 -- October 27th 2012. Each day we will be attacking a new site. Every night at 8:00pm EST (Eastern Standard Time) We will Fire our Laz0rs towards a specific site/agency. Check down below for more details on attack dates. **IMPORTANT** If you do plan on helping with the attack, please make sure you are using a VPN & make sure your DNS is not leaking when DDoSing!!! DO NOT USE LOIC!!! Use HOIC and the WebHive!!! Also HOIC is pointless without booster scripts so please use a booster script for the specific site we are attacking!!! (Links Below) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **How To Use HOIC** If your using an older computer with little ram or weak processors. Set the thread count for 2 or 3. If you are using a newer computer with a good amount of ram and processors. Set the thread count for 4 or 5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **DNS Leak Check** Once you have set up your VPN. Go to the DNS Leak Checker Link down below and check to see if your DNS is leaking. If you see anything that has your ISP (Internet Service Provider) then your DNS IS LEAKING!!! (Which can be very bad!!) If you DO NOT see anything with your ISP then your DNS is NOT Leaking! (Which is good!!) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **How to use HOIC Booster Scripts** Just copy and paste the code into any text editor an save it as a .hoic file. (You can name the booster whatever you want as long as it is a .hoic extension!!) Then take the booster script an drag it into the same folder HOIC is in. Then when you are ready to attack the a specific site. Find the booster meant for that specific site an you should be set to fire! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tools & Goodies Here's a bunch of links for tools for the attack and TuTs as well as the WebHive URL. **(HOIC download link is in the "Tools & Goodies" paste)** Tools & Goodies: http://pastebin.com/hRbrhKyd VPN TuT/Download: http://pastebin.com/mYZRpQ1A WebHive: http://pastehtml.com/view/cdvr011a5.html WebHive TuT: http://pastebin.com/BbEfifwA DNS Leak Checker: http://www.dnsleaktest.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **ATTACK DATES!!!** October 18th: http://www.camel.com/ October 19th: http://www.lm.com/ October 20th: http://www.marlboro.com/ October 21st: http://www.newport-pleasure.com/ October 22nd: http://www.rjrt.com/ October 23rd: http://www.altria.com/ October 24th: http://philipmorrisusa.com/ October 25th: http://pmi.com/ October 26th: http://www.johnmiddletonco.com/ October 27th: http://www.lorillard.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HOIC Booster Scripts Altria Booster: http://pastebin.com/Zx5Gqu6E Camel Booster: http://pastebin.com/QbDYxHSR JohnMiddleton Booster: http://pastebin.com/fibSqGKt L&M Booster: http://pastebin.com/ZV62sgzj Lorillard Booster: http://pastebin.com/fpybW7NV Marlboro Booster: http://pastebin.com/X09p2tbA Newport Booster: http://pastebin.com/FgCVYU0F PhilipMorris USA Booster: http://pastebin.com/Nnn8zvXA PhilipMorris International Booster: http://pastebin.com/r02ZBiPz RJRT Booster: http://pastebin.com/YnaTsJCa ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **WebHive Request URLs** *Camel* Image URL: https://camel.tobaccopleasure.com/assets/images/camel99_logo.png iFrame URL: http://www.camel.com/ ------------------------------------------------------------------------ ------ *Marlboro* iFrame URL: https://www.marlboro.com/ ------------------------------------------------------------------------ ------ *L&M* iFrame URL: http://www.lm.com/ ------------------------------------------------------------------------ ------ *Newport* Image URL: http://m.newport-pleasure.com/Content/lor-themes/images/lookup_forgot_pi n/P2.CustomerID_art.png iFrame URL: http://www.newport-pleasure.com/ ------------------------------------------------------------------------ ------ *Altria* Image URL: http://www.altria.com/en/cms/Home/SlideShow/Images/LargeImage/federalReg Tobacco_large.png.aspx iFrame URL: http://www.altria.com/ ------------------------------------------------------------------------ ------ *RJRT* Image URL: http://rjrt.com/images/home-bottom-graphic.jpg iFrame URL: http://rjrt.com/ ------------------------------------------------------------------------ ------ *PhilipMorris USA* Image URL: http://www.philipmorrisusa.com/en/cms/Home/images/hp_icon_tobacco.jpg.as px iFrame URL: http://philipmorrisusa.com/ ------------------------------------------------------------------------ ------ *Lorillard* Image URL: http://www.lorillard.com/wp-content/uploads/2011/04/promo.jpg iFrame URL: http://www.lorillard.com/ ------------------------------------------------------------------------ ------ *PhilipMorris International* Image URL: http://www.pmi.com/SiteCollectionImages/acc.bnr_about_us.jpg iFrame URL: http://pmi.com/ ------------------------------------------------------------------------ ------ *JohnMiddleton Company* Image URL: http://www.johnmiddletonco.com/en/cms/Company/About_Middleton/photo_over view2.jpg.aspx iFrame URL: http://www.johnmiddletonco.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also on a lighter note, Weather.gov got hacked, and etc/passwd file was wide open. ( XSS, and other attack) http://thehackernews.com/2012/10/sensitive-server-info-leaked-from.html# sthash.VnI105YC.dpbs Looks like the digital Pearl Habor is starting up just in time for the holidays... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
