برگزیده های پرشین تولز

ه ک ر ایرانی کومودو خود را نشان داد!

Cleeev

Registered User
تاریخ عضویت
6 ژانویه 2010
نوشته‌ها
1,245
لایک‌ها
790
محل سکونت
on the edge of a super-massive black-hole
ه ک ر وبسایت Comodo امضا کننده گواهی های دیجیتالی اینترنت طی پیامی ارتباط خود با ارت ش سای بری ایران و همچنین جهت دار بودن این حمله را تکذیب کرد. او در ابتدای پیام٬ خود را یک ه ک ر مستقل٬ با با توانایی و تجربه "۱۰۰۰ ه ک ر" معرفی کرده و در ادامه برای اثبات صحت ادعایش در مورد ه ک کردن سایت کمودو اطلاعات فنی دقیق و محرمانه ای از جمله اسم پایگاه داده٬ نام کاربری٬ رمز ورودی و همچنین بخشهایی از کد نرم افزار امضا کننده( در بخش نظرات) این شرکت را فاش کرده. او در ادامه این پیام به ارائه تاریخچه ای کوتاه در مورد فعالیتهای گذشته اش در رابطه با جعل گواهی های دیجیتالی و سپس چگونگی ورودش به سرورهای کمودو و جعل این گواهی ها با رخنه به سرورهای این شرکت می پردازد.
- پایان نقل قول

ه ک ر ایرانی ای که ادعا میکنه فردی هستش که اندازه 1000 ه کر چیز میز بلده و کومودو و امضای گواهینامه های امنیتیشو ه ک کرده با رمز مقدس "جانم فدای ..." خودش را به جهانیان معرفی کرده...!!

باز خوردها :

http://erratasec.blogspot.com/2011/03/comodo-hacker-releases-his-manifesto.html

http://nakedsecurity.sophos.com/2011/03/27/comodo-hacker-outs-himself-claims-no-relation-to-iranian-cyber-army/

http://www.google.com/search?q=comodo+hacker+iranian

مصاحبه با ComodoHacker
http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html


http://erratasec.blogspot.com/2011/03/verifying-comodo-hackers-key.html

http://www.adminsehow.com/2011/03/a-response-to-comodohacker/

ترجمه

پیگیر اخبار حملات اخیر به کومودو و به دست آوردن دسترسی به سیستم شان برای امضای گواهینامه ها بودم. امروز متوجه شدم هکر برخی توضیحات و نظرات در مورد حمله خود داده و ادعاهای مزخرفی کرده که تصمیم به نوشتن یک پاسخ به او کردم:

اول از همه ادعا کردی که جوان 21 ساله ای، شوخی میکنی؟ هدف این حمله برای ایجاد گواهینامه توسط کومودو برای mail.google.com و login.yahoo.com و غیره که فقط می تواند برای انجام حملاتی استفاده کرد اگر دسترسی به زیرساخت های اینترنت در ایران داشته باشی. این گواهینامه ها هیچ استفاده دیگری ندارد! چرا یک بچه 21 ساله می خواهد اینکار را بکند؟ اگر دنبال تعدادی گواهینامه امضاء شده هستی ( هیچ جا هم نمیتونی ازش استفاده کنی با فرضی که به ساختار اینترنت ایران دسترسی نداری) دفعه بعد به من ایمیل بزن، من هر چی گواهینامه بخوای برات امضا میکنم و میفرسم برات. کاملا واضحه که این حمله با همکاری دولت ایران، **** پاسداران و ارتش سایبری که دسترسی به زیرساخت های ایینترنت در ایران را دارند انجام شده.

دوم من باهات موافقم که کار قابل توجهی کردی. این نشان از بودجه هنگفت شما و اندازه سازمان تبهکارانه شما برای پیدا کردن حفره های امنیتی در اینترنت است. اما شما هیچ چیز اساسی و جدی در اینترنت را بخطر ننداخته اید! آیا فکر می کنی همان فوت و فن که در مردم ایران استفاده میکنی (منظورم رجز خوانی و خالی بندی در مورد قدرتتان ) در مورد جهان هم کارسازه؟ در واقع زمانی که من 21 سالم بود خیلی بهتر تو (کل سازمان تبهکارانه شما) می تونستم انجام دهم. :) می توانم برات سند ادعا بفرسم اگر دوست دارید.

چون شما گواهینامه های یاهو و گوگل را جعل کردین، بسیاری از مردم فکر می کنند که سیستم های این شرکت ها را هک و امنیت آنها به خطر افتاده! اما افراد حرفه ای می دانند که هیچ ربطی به گوگل یا یاهو یا امنیت سیستم های آنها ندارد. سیستم های این شرکت ها همه سالم و امن و دست نخورده هستند.

تنها کسی که باید سرزنش شود کومودو و شریک ایتالیایی آنها است به خاطر ضعف سیستم امنیتی شان و من مطمئن هستم آنها در حال حاضر درگیر جوابگویی در مورد این مشکل با مقامات هستند.

سوم حرف از شکستن RSA 2048 و کلید هاش و ... زدی. این فقط منو به خنده وا میداره. شما حتی نمی توانید RSA با کلید 16 بیتی را بشکنید. :)

اگر شما تا به حال همچین قدرتی داشتین نیاز به تولید گواهینامه جعلی نداشتید، شما این گواهینامه های جعلی را ساختید چون نمی توانید ترافیک رمز شده در ایران را رمزگشایی کنید! شما به گواهینامه جعلی نیاز دارید برای انجام حمله تان. این خود نشان میدهد که چقدر ضعیف هستید. بنابراین در مورد قدرت خودتان رجز خوانی نکنید همه ما می دانیم چیزی که گفتی دروغ بزرگ است.

چهارم فرض کنیم به کومودو برای امضای گواهینامه های جعلی دسترسی پیدا کردید، من فکر می کنم هیچ دستاورد بزرگتری برای شما نداره ! می دانید چه اتفاقی می افتد؟ در کمتر از 24 ساعت همه مرورگرهای اصلی نرم افزار خود را بروز رسانی کردند و گواهی نامه جعلی لغو شدند. به همین سادگی. بنابراین من به شما توصیه میکنم به اتلاف وقت خود بر روی راه حل های بهتر بپردازید.

پنجم من شخصا می خواهم از شما بابت انجام این کار تشکر کنم. آنچه کرده اید تا به حال هیچ سود برای شما نداشته و فقط چهره واقعی خود را به دنیا نشان دادید. من قصد ندارم سیاسی در این پست بنویسم، اما این پست مزایای زیادی برای امنیت اینترنت دارد. من مطمئنم مقامات در حال حاضر در اجرای روش های امن تر و ایمن برای تولید گواهینامه و چک برای لغو گواهینامه های جعلی هستند. متشکرم.

و در آخر می خواهم با مردم ایران صحبت کنم. آنها تنها تلاش برای وحشت شما دارند. آنها هیچ چیزی جدی در اینترنت را به خطر ننداخته اند. این حمله نشان می دهد که آنها هیچ چیزی در دست ندارند. این گواهینامها ی جعلی نمی تواند مورد استفاده قرار گیرد برای رمزگشایی ارتباطات رمز شده. همیشه *** استفاده کنید برای ارتباط و استفاده از ایمیل های اتصالات رمز شده، جی میل بهترین است. همچنین همیشه آخرین نسخه از گوگل کروم ، فایرفاکس برای مرور وب استفاده کنید. هرگز اینترنت اکسپلورر استفاده نکنید! حتی نسخه 9. و شما محفوظ خواهد ماند.

(من: Opera از همه امن تره چون خودش گواهینامه ها رو داخلی چک نمیکنه بلکه همه گواهینامه های امنیتی رو در جا با یه دیتابیس کاملاً به روز آنلاین چک میکنه که در این امر منحصر به فرده و دور زدنش تقریباً غیرممکنه)

http://www.balatarin.com/permlink/2011/3/29/2432343

هکر کومودو: طعم سکوت در برابر استاکس نت را بچشید (استاکس نته معلومه بدجور سوزونده انقدر پول خرج کردن و تلاش کردن آخرش عند قدرتشون همین چهار تا گواهینامه بوده که همه ـشونم بلوکه شدن و حفره هایی که ازشون نفوذ کرده به کومودو هم همگی ترمیم شدن... یکی سریع بره آبو بیاره بریزیم اونجا دمای سوزش بالاس شدید)
http://alef.ir/1388/content/view/98932/


طرف های جر و بحث تا این لحظه :

به نظر میاد این فرد به شدت چند سایت (به خصوص لینک اول که گذاشتم کاملاً معلومه که فرد مربوطه به شدت زیر نظر داردش) و کامنتا رو زیر نظر داره و تک تک میخونه و به خصوص بازخوردای توییتری چون بسیاری از چیزایی که گفته مربوط به توییت ها هستن...

http://twitter.com/ioerror

http://twitter.com/ErrataRob


--------------

پیام ها تا این لحظه :

این فرد با اکانتی در pastebin بیانیاتش رو منتشر میکنه به نام ComodoHacker به این آدرس :

http://pastebin.com/u/ComodoHacker

گفته ها و شنیده ها حاکی از اینه که اکانت این فرد در توییتر از این قراره:
http://twitter.com/ichsunx



پیام اول :

A message from Comodo Hacker

Hello

I'm writing this to the world, so you'll know more about me..

At first I want to give some points, so you'll be sure I'm the hacker:

I hacked Comodo from InstantSSL.it, their CEO's e-mail address [email protected]
Their Comodo username/password was: user: gtadmin password: [trimmed]
Their DB name was: globaltrust and instantsslcms

GlobalTrust.it had a dll called TrustDLL.dll for handling Comodo requests, they had resellers and their url was:
http://www.globaltrust.it/reseller_admin/

Enough said, huh? Yes, enough said, someone who should know already knows...Am I right Mr. Abdulhayoglu?

Anyway, at first I should mention we have no relation to Iranian Cyber Army, we don't change DNSes, we

just hack and own.

I see Comodo CEO and others wrote that it was a managed attack, it was a planned attack, a group of

cyber criminals did it, etc. etc. etc.

Let me explain:

a) I'm not a group of hacker, I'm single hacker with experience of 1000 hackers, I'm single programmer with

experience of 1000 programmers, I'm single planner/project manager with experience of 1000 project

managers, so you are right, it's managed by a group of hackers, but it was only I with experience of 1000

hackers.

b) It was not really a managed hack. At first I decided to hack RSA algorithm, I did too much

investigation on SSL protocol, tried to find an algorithm for factoring integer, analyzed existing algorithms, for now I was not

able to do so, at least not yet, but I know it's not impossible and I'll prove it, anyway... I saw

that there is easier ways of doing it, like hacking a CA. I was looking to hack some CAs like Thawthe,

Verisign, Comodo, etc. I found some small vulnerabilities in their servers, but it wasn't enough to

gain access to server and sign my CSRs. During my search about InstantSSL of Comodo which signs CSRs immediately I found

InstantSSL.it which was doing it's job under control of Comodo.

After a little try, I analyzed their web server and easily (easy for me, so hard for others) I got FULL access on the server, after a little investigation on their

server, I found out that TrustDll.dll takes care of signing. It was coded in C# (ASP.NET).

I decompiled the DLL and I found username/password of their GeoTrust and Comodo reseller account.

GeoTrust reseller URL was not working, it was in ADTP.cs. Then I found out their Comodo account works

and Comodo URL is active. I logged into Comodo account and I saw I have right of signing using APIs. I

had no idea of APIs and how it works. I wrote a code for signing my CSRs using POST request to those

APIs, I learned their APIs so FAST and their TrustDLL.DLL was too old and was not working properly, it doesn't send all needed parameters,

it wasn't enough for signing a CSR. As I said, I rewrote the code for !AutoApplySSL and !PickUpSSL
APIs, first API returns OrderID of placed Order and second API returns entire signed

certificate if you pass OrderID from previous call. I learned all these stuff, re-wrote the code and

generated CSR for those sites all in about 10-15 minutes. I wasn't ready for these type of APIs, these

type of CSR generation, API calling, etc. But I did it very very fast.

Anyway, I know you are really shocked about my knowledge, my skill, my speed, my expertise and entire attack.

That's OK, all of it was so easy for me, I did more important things I can't talk about, so if you have to

worry, you can worry... I should mention my age is 21

Let's back to reason of posting this message.

I'm talking to the world, so listen carefully:

When USA and Israel creates Stuxnet, nobody talks about it, nobody blamed, nothing happened at all,

so when I sign certificates nothing should happen, I say that, when I sign certificates nothing should

happen. It's a simple deal.

I heard that some stupids tried to ask about it from Iran's ambassador in UN, really? How smartass you are?
Where were you when Stuxnet created by Israel and USA with millions of dollar budget, with access to SCADA systems and Nuclear softwares? Why no one asked a question from Israel and USA ambassador to UN?
So you can't ask about SSL situtation from my ambassador, I answer your question about situtation: "Ask about Stuxnet from USA and Israel", this is your answer, so don't waste my Iran's ambassador's worthy time.

When USA and Isrel can read my emails in Yahoo, Hotmail, Skype, Gmail, etc. without any simple

little problem, when they can spy using Echelon, I can do anything I can. It's a simple rule. You do,

I do, that's all. You stop, I don't stop. It's a rule, rule #1 (My Rules as I rule to internet, you should know it

already...)

Rule#2: So why all the world worried, internet shocked and all writers write about it, but nobody

writes about Stuxnet anymore? Nobody writes about HAARP, nobody writes about Echelon... So nobody

should write about SSL certificates.

Rule#3: Anyone inside Iran with problems, from fake green movement to all MKO members and two faced

terrorists, should afraid of me personally. I won't let anyone inside Iran, harm people of Iran, harm

my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President, as I live, you

won't be able to do so. as I live, you don't have privacy in internet, you don't have security in

digital world, just wait and see...By the way, you already have seen it or you are blind, is there any larger target than a CA in internet?

Rule#4: Comodo and other CAs in the world: Never think you are safe, never think you can rule the

internet, ruling the world with a 256 digit number which nobody can find it's 2 prime factors (you think so), I'll show

you how someone in my age can rule the digital world, how your assumptions are wrong, you already understood it, huh?

Rule#5: To microsoft, mozilla and chrome who updated their softwares as soon as instructions came from

CIA. You are my targets too. Why Stuxnet's Printer vulnerability patched after 2 years? Because it was

needed in Stuxnet? So you'll learn sometimes you have to close your eyes on some stuff in internet,

you'll learn... You'll understand... I'll bring equality in internet. My orders will equal to CIA orders,

lol ;)

Rule#6: I'm a GHOST

Rule#7: I'm unstoppable, so afraid if you should afraid, worry if you should worry.

My message to people who have problem with Islamic Republic of Iran, SSL and RSA certificates are broken, I did it one time, make sure I'll do it again, but this time nobody will notice it.
I see some people suggests using VPNs, some people suggests TOR, some other suggests UltraSurf, etc. Are you sure you are safe using those? RSA 2048 was not able to resist in front of me, do you think UltraSurf can?

If you was doing a dirty business in internet inside Iran, I suggest you to quit your job, listen to sound of most of people of Iran, otherwise you'll be in a big trouble, also you can leave digital world
and return to using abacus.

A message in Persian: Janam Fadaye Rahbar
http://pastebin.com/74KXCaEZ


پیام دوم :

Another proof of Hack from Comodo Hacker

Some stupids still doesn't believe I pwned the Comodo, here is another proof for tiny brains who can't believe:

Here is part of decompiled TrustDLL of Comodo partner:

ClassName: ASCR
Language: C#

Code:

کد:
namespace TrustDll

{
		
		#region Namespace Import Declarations
		
			using System.Collections.Specialized;
			using System.IO;
			using System.Net;
			using System.Runtime.InteropServices;
			using System;
			using System.Web;
			
		#endregion
		
	public class ASCR
	
	{
		
		#region Fields
			private string login;
			private int numberOfTries;
			private string password;
			private string url;
			private string url_nos;
		#endregion
		
		#region Constructors
		
			public ASCR ()
			
			{
				this.url = "https://secure.comodo.net/products/";
				this.url_nos = "https://secure.comodo.net/products/";
				this.login = "gtadmin";
				this.password = "TRIMMEDIT";
				this.numberOfTries = 5;
			}
			
		#endregion
		
		#region Methods
		
			public HttpWebResponse CCC_Collection_Page (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string string1 = data.ToString ();
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url_nos + "collectCustomClientCert")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse CCC_Collection_Page_NET (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string string1 = data.ToString ();
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url_nos + "download/CollectCCC")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse CCC_SignUp_Page (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string string1 = data.ToString ();
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url + "!applyCustomClientCert")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse Cert_Generation (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string[] stringArray1 = new string[] { "loginName0x03d", this.login.ToString (), "&loginPassword0x03d", this.password.ToString (), "&", data.ToString () };
				string string1 = string.Concat (stringArray1);
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url + "!AutoApplySSL")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse CSR_Validation (string CSR, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string string1 = ("csr0x03d" + HttpContext.Current.Server.UrlEncode (CSR) + "&responseFormat0x03d0&showErrorCodes0x03dY&showErrorMessages0x03dY&showFieldNames0x03dY&showEmpt"
				+ "yFields0x03dY&showCN0x03dY&showAddress0x03dY&showPublicKey0x03dY&showKeySize0x03dY&showCSR0x03dY&product"
				+ "0x03d24&countryNameType0x03dFULL");
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url + "!DecodeCSR")));
						httpWebRequest1.Headers.Add ("Accept-Charset", "ISO-8859-1");
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebRequest1.Timeout = 10000;
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse CSR_Validation_All (string CSR, int product, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				object[] objectArray1 = new object[] { "csr0x03d", HttpContext.Current.Server.UrlEncode (CSR), "&responseFormat0x03d0&showErrorCodes0x03dY&showErrorMessages0x03dY&showFieldNames0x03dY&showEmpt"
				+ "yFields0x03dY&showCN0x03dY&showAddress0x03dY&showPublicKey0x03dY&showKeySize0x03dY&showCSR0x03dY&product"
				+ "0x03d", product, "&countryNameType0x03dFULL" };
				string string1 = string.Concat (objectArray1);
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url + "!DecodeCSR")));
						httpWebRequest1.Headers.Add ("Accept-Charset", "ISO-8859-1");
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebRequest1.Timeout = 10000;
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse SSL_PickUp (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string[] stringArray1 = new string[] { "loginName0x03d", this.login.ToString (), "&loginPassword0x03d", this.password.ToString (), "&", data.ToString () };
				string string1 = string.Concat (stringArray1);
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url_nos + "download/CollectSSL")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse SSL_Reissue (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string[] stringArray1 = new string[] { "loginName0x03d", this.login.ToString (), "&loginPassword0x03d", this.password.ToString (), "&", data.ToString () };
				string string1 = string.Concat (stringArray1);
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url + "!AutoReplaceSSL")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
			public HttpWebResponse SSL_Revoke (string data, out string response)
			
			{
				HttpWebRequest httpWebRequest1;
				HttpWebResponse httpWebResponse1;
				response = "";
				int i1 = 0;
				string[] stringArray1 = new string[] { "loginName0x03d", this.login.ToString (), "&loginPassword0x03d", this.password.ToString (), "&", data.ToString () };
				string string1 = string.Concat (stringArray1);
				while (i1 < this.numberOfTries)
				{
					try
					{
						httpWebRequest1 = ((HttpWebRequest) WebRequest.Create ((this.url + "!AutoRevokeSSL")));
						httpWebRequest1.Timeout = 10000;
						httpWebRequest1.Method = "POST";
						httpWebRequest1.ContentType = "application/x-www-form-urlencoded";
						httpWebRequest1.ContentLength = ((long) string1.Length);
						using (StreamWriter streamWriter1 = new StreamWriter (httpWebRequest1.GetRequestStream ()))
						{
							streamWriter1.Write (string1);
							streamWriter1.Close ();
						}
						httpWebResponse1 = ((HttpWebResponse) httpWebRequest1.GetResponse ());
						response = new StreamReader (httpWebResponse1.GetResponseStream ()).ReadToEnd ();
						httpWebResponse1.Close ();
						return httpWebResponse1;
					}
					catch (Exception)
					{
						i1++;
					}
				}
				return null;
			}
			
		#endregion
	}
	
}

Enough said?​
http://pastebin.com/DBDqm6Km


پیام سوم :

Just Another proof from Comodo Hacker

Some stupids in internet still cannot understand I'm behind the attack on SSL, talks about their small understandings about my hack and makes me nervous.

Why you can't understand? What's your problem? If you have Psychological or mental problems, don't write your ideas in internet, just surf, ok?

Here is another proof:
http://www.multiupload.com/TGDP99CJLH

I uploaded JUST 1 table of their ENTIRE database which I own.

Also ask Comodo about my hack, ask them what I did to them. Let me tell you what I did:

I was logged into their server via RDP (remote desktop), they detected me and via hardware firewall, they added allowed IP for RDP, so I was no longer able to login via RDP.

But I got UI control in their server just 2 days later (bypassed that firewall, I'm sure roberto is shocked about it :p), then I logged in via roberto franchini's user/pass, then I formatted their external backup HDD, it was LG with backup of all files inside it. I formatted it.

Then I stopped IIS, deleted all logs, not normal delete which could be recovered with recovery tools, I deleted it with secure delete method and infact I wiped them.

Then I noticed another backup in another drive, I deleted ALL files of it with secure wiping method also and I left this session open with a notepad message in their desktop with this text: "SURPRISE!"

What more I should say?

Stop talking about who was behind it, it's already proven.

Some people says, Microsoft wasn't aware of issue to patch Printer vulnerability. It's simply wrong, it was in a security magazine, you never saw this:
http://www.computerworld.com/s/arti...rms_it_missed_Stuxnet_print_spooler_zero_day_

Some others said I don't know about RSA, it's impossible to hack RSA, etc. etc. etc.
Never judge so fast, never write anything you think in your head in internet, most of my daily work focuses on encryption algorithms, differential cryptanalysis, inventing new methods of attacks on encryption algorithms, creating new secure encryption algorithms (symmetric and asymmetric), creating secure hash algorithm, I told you, I can't talk about other things I did, I don't see any use for it just giving away my work and causing more updates. So simply keep your mouth shut and wait. I already created my own encryption protocol, from asymmetric algorithm (for key exchange) to symmetric algorithm for encrypting data to my own hash algorithm to sign encrypted algorithms. You are so far from knowing about me...

Some others says APIs was easy, it was all documented, everything was inside DLL so what I did about re-writing APIs, a person with experience of 1000 programmers had problems with APIs, LOL.
Do you know how many codes I wrote in C++ and Assembly language? Do you know how much work I did in reversing Skype and it's undisclosed protocol? Man! I create my own APIs, from web SOAP XML APIs to windows DLLs with exports.
I said I wasn't aware of !ApplySSL API and other needed APIs like PickUpSSL and others.
I found that out when I was already logged into Comodo Partner's account and I was sure they'll notice me soon, so I had to do my job fast.
TrustDLL.dll was too old, it's last modify date was end of 2007, APIs of Comodo was changed and a lot of more crucial parameters was added, they wasn't using TrustDLL anymore, as far as I understood, they was doing processing and authenticating orders and signing CSRs manually. They had not too much order in last years, about 1 order per 4-5 days for example. So don't worry, I'm aware of APIs ;)

Some other said I'm not religious, "Janam Fadaye Rahbar" is political, not religious, you are simply wrong. No need to explain more.

Some others said I said too much about myself and enjoyed myself too much, if you were did same thing, wouldn't you enjoy like me? :))

Again my message to green movement (so little part of Iran) and two faced terrorists like MKO members inside Iran, never think UltraSurf, VPNs, SSLs, TOR will rescue you... My name will be your curse. You are all in a big trouble if you don't exit your job. Don't believe, try it. From now, just try it. Your friend will post about you in balatarin as you'll not be able to do so after being caught.

Short message to Jacob Appelbaum, stick in your business, stop appearing as a person who worry too much for some counted green movement and MKO members in Iran, I know your TOR traffic directly goes to CIA, just know you and your software are my target.

Enough said, huh? Let's think more before writing stuff...​
http://pastebin.com/CvGXyfiJ


پیام چهارم :

Comodo Hacker: Mozilla Cert Released

For some real dumbs, I bet they don't have IQ above 75, WHO STILL thinks I'm not the hacker, here is mozilla addon's certificate, check it's serial with one published on all the internet:

http://www.multiupload.com/J9I8NFWPT0

I really worry about you guys (people who still have doubts) even for surfing in internet, have you ever visited a doctor?

Private key for above certificate:
http://www.multiupload.com/SI4FKWJ5KY

@ioerror, when I say you have relations with intelligence agencies and you pass traffic, I have my reasons: http://bit.ly/dK0oB5 #comodogate


Thanks to Robert Graham for pointing out that private key is encrypted with a passphrase, here is private key without passphrase, I don't want to give away my passphare:




کد:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAq8ZtNvMVc3iDc850hdWu7LLw4CQfE4O4IKy7mv6Iu6uhHQsf
RQCqSbc1Nwxq70dMudG+41cSBI2Sx7bsAby22seBOCCtcoXmDvyBbAetaHY4xUTX
zMZKxZc+ZPRR5vB+suxW9yWCTUmYyxaY3SPxiZHRF5dAmSbW4qIrXt+9ifIbGlMt
zFBBetA9KgxVcBQB6VhJEHoLk4KL4R7tOoAQgs6WijTwzNfTubRQh1VUCbidQihV
AOWMNVS/3SWRRrcN5V2DqOWL+4TkPK522sRDK1t0C/i+XWjxeFu1zn3xXZlA2sru
OIFQvpihbLgkrfOvjA/XESgshBhMfbXZjzC1GwIDAQABAoIBAQCJoijaEXWLmvFA
thiZL7jEATCNd4PK4AyFacG8E9w8+uzR15qLcFgBTqF95R49cNSiQtP/VkGikkkc
ao25aprcu2PnNA+lpnHKajnM9G3WOHuOXHXIps08es3MmBKTxvjNph6cUlqQULrz
Zry+29DpmIN/snpY/EzLNIMptn4o6xnsjAIgJDpQfFKQztxdmZU6S6eVVn0mJ5cx
q+8TTjStaMbh+Yy73s+rcaCXzL7yqWDb1l5oQJ/DMYNfufY6lcLgZUMwFxYKjCFN
ScAPCiXFUKTzY3Hy1Z4tLndFxipyEPywDep1TB2nMb+F3OOXUs3z+kKVjGFaGnLZ
591n3x3hAoGBAOOgsb4QybjHh9+CxhUkfsqcztGGdaiI3U5R1qefXL7R47qCWfGc
FKdoJh3JwJzHEDX68ZmHz9dPhSXw6YrlLblCi6U/3g7BOMme5KRZKBTjHFo7O9II
B0laE5ISRH4OccsOC3XUf9XBkm8szzEBj95DgzB0QydPL4jp7NY0h0QrAoGBAMEv
jEFkr/JCRe2RWUSx/a1WT/DHnVLMnDb/FryN2M1fAerpMYNUc2rnndjp2cYbsGLs
cSF6Xecm3mUGqn8Y5r8QqBwxCp5OunCFCXEJvkiU3NSs8oskCsB8QJ6vk3qmauUK
jClX91heSCigwhC2t+1txnF290m/y0T46EfqOSrRAoGAUlyVk4D9jEdeCWiHBaVj
3ynnx3ZQYj/LW4hPE+2coErPjG+X3c0sx/nuOL8EW3XHjtCS1IuIj45tTfIifqg3
6B2E67D1Rv9w7br5XeIIl64pVxixp2hSQp8+D49eiwHs+JzHVsYhzxUwR9u9yCyZ
gsGI2WJn3fRP7ck+ca8l9msCgYB4B2Hec3+6RqEKBSfwvaI+44TRtkSyYDyjEwT+
bCeLGn+ng/Hmhj8b6gKx9kH/i86g+AUmZtAXQZgmLukaBM/BYMkCkxnk2EeQh6gh
Goumrw8x+K7N8rvXcpv3vGEmcGW0H0SMn4In3pR44cER/2Tx2SXV87Obl9Xk6b3w
iL+yMQKBgFjXcmiBW8lw3l2CaVckd/1SzrT80AfRpMT9vafurxe+iAhl9SDAdoZe
3RlshoItDQLW1ROlkLhM7Pdq/XZvLRm128hiIGKTDBnxtfN8TKAg+V7V+/TTfdqv
8jq7epvZsq5vjOC1FZh2gOhf50QwpqDJktjdyka1sPiBKQSoxfbZ
-----END RSA PRIVATE KEY-----
http://pastebin.com/X8znzPWH


پیام پنجم :

Response to comments from ComodoHacker

I got a lot of messages and responses with different ideas and I thought it's time to response all of them:

a) "He (referring to me) is so self proud and bluffs about RSA", etc.
Yes, maybe I wrote too much good words about myself, but none of them was wrong. Just I was too happy about my work, maybe I wrote more than what I should.

About RSA. Some people who have no idea about encryption and encryption protocols says that it's all wrong, I'm lying, it's impossible, etc.

I should say that about last 6 years of my life had been spent on encryption and cryptanalysis, I cryptanalysis all type of encryption algorithms, I don't want to talk about details of research and my work, just know that when people in blackhat presented A5/1 rainbow table, that was too funny for me, such huge database with problem of frequency hopping remaining unresolved, means nothing. A5/1 could be broken easier with solution to frequency hopping in so reasonable time. Just in addition I should say, I program for ARM and AVR processors. Find it's relation and get what you should get. Forget it if you don't understand relation. There is really much more to say on my cryptanalysis work, but there is no use as more updates will come to corrupt my work.

Anyway, yes, you are right I didn't broke RSA, but I'm in it's way, current algorithm I own (for integer factorization) is far far faster than others like Pollard's. I just don't focus on integer factoring, also I work on cryptanalysis RSA itself, yes, I didn't found a way YET, but even if find I won't publish it, just I'll use it. I hope RSA stuff keep close after this comment.

b) "If he already broke UltraSurf or TOR, why he was looking for breaking RSA or stealing certificates?"

- Good point, even if you break UltraSurf or TOR, you can't intercept HTTPS traffic without them.

c) "Comodo hack was so easy, Italian reseller was insecure, hack was nothing, it's trivial, simple hack, ..." etc.

- First of all, for some people, if you split the moon in the half, it's nothing, they'll say you are a good magician, that's all, like what people said to our Prophet when he actually did it.

Anyway, for whom who is not like people I mentioned above, it's not so simple hack, it took me time, I hacked a lot of resellers, but I found out that most of CAs verify customers in their own way. After a lot of research and talking as a customer to CAs, I found out there is possible potential in Comodo, I saw resellers can't verify customers, but Comodo partners can, I hacked so much Comodo reseller account, but all of them was not able to use ApplySSL API. They was able to use only OrderSSL API (I learned these stuff after I owned instantssl.it) Anyway... From listed resellers of Comodo, I owned 3 of them, not only Italian one, but I interested more in Italian brach because they had too many codes, works, domains, (globaltrust, cybertech, instantssl, etc.) so I thought they are more tied with Comodo.
After breach in insantssl.it, as you know default IIS configuration doesn't let you to do so much thing, getting SYSTEM (highest level in windows OS, like root in *nix) shell from that server with all updates installed and AVG Anti-Virus wasn't easy.
After that I even installed keylogger on their server and I was monitoring administrators who logged in, keylogger was mine which bypasses all AV and Firewalls (including Kaspersky heuristic engine to Comodo Internet Security). So do not try to make it look simple.


d) He's connected to somewhere, he's not alone, he's not 21 years old, he's not from Iran, his english is good, his english is bad, ..........

- You don't deserve an actual answer, just I repeat, I'm from Iran, acting alone, work and research on cryptography daily, I don't care ideas about my english. That's all

At the end, I want to say my message to world leaders with problems with Iran and Iranian people:

1) So counted green movement people in Iran isn't most of Iran, so when Obama says I'm with Iranian young community, I should say as Iranian young simply I hate you and I'm not with you, at least 90% of youngs in Iran will tell you same thing, it's not my sentence. But you have bad advisors, they report you wrong details, maybe you would think better if you have better advisors.

2) To Ashton and others who do their best to stop Iranian nuclear program, to Israel who send terrorist to my country to terror my country's nuclear scientist (http://www.presstv.com/detail/153576.html), these type of works would not help you, you even can't stop me, there is a lot of more computer scientist in Iran, when you don't hear about our works inside Iran, that's simple, we don't share our findings as there is no use for us about sharing, so don't think Iran is so simple country, behind today's technology, you are far stronger then them, etc.
Iran will do it's job about nuclear program, as it's simple right of each nation. Instead of struggling and obeying a fake regime's orders 22,072 km area (sum of area of some cities in Iran) and 63 years back, join Iranian people with 1000s years of civilization. Only loser of this fight is you.
If a person in my age reached this level of expertise and knowledge keep the rest of olders and scientist in different areas like Physics, Chemistry, Math and Technology.

Let's have a better world by not obeying 63 years old fake regime. That's all I have to share with you right now.

Anyone interested in talk? Contact me at: ichsun [at sign goes here] ymail [put a dot here] com
http://pastebin.com/kkPzzGKW


پیام ششم :

PROBLEM OF WORLD: MISSING EQUALITY

Some authorities thinks they rule the world, like USA and Israel, they think digital world totally belongs to them, they are simply wrong. Let me tell you some examples with references:


----------------------------------------------------------------------------------

a) Microsoft Patches Stuxnet worm about 2 years later. They say they MISSED! it:
http://www.computerworld.com/s/arti...rms_it_missed_Stuxnet_print_spooler_zero_day_

How come they MISS! Stuxnet bug, but they issue an update within some days for my digital certificates?

MISSING EQUALITY 1

----------------------------------------------------------------------------------

b) FBI cannot see/find/detect/catch HBGary CEO for spreading malware in Middle East for movie themes: http://english.aljazeera.net/indepth/opinion/2011/03/20113981026464808.html

But they try to catch me in miles away from USA?

MISSING EQUALITY 2

----------------------------------------------------------------------------------

c) No one asked a single question from USA or Israel authorities, even level 5 authorities about Stuxnet malware, why they afforded millions of dollars for destroying a nuclear facility in Iran, what would have happened if they were successful in their mission, nothing at all (there is no reference/link for something that doesn't exists)

But they tried to ask questions about Comodo attack which ONLY I was behind it from my country's ambassador.

MISSING EQUALITY 3

----------------------------------------------------------------------------------

d) USA and Israel owns a lot of nuclear war heads:
http://www.reuters.com/article/2010/05/03/us-nuclear-treaty-usa-arsenal-idUSTRE64251X20100503

Israel owns most of dangerous weapons of the world:
http://en.wikipedia.org/wiki/Israel_and_weapons_of_mass_destruction

USA used nuclear bombs one time: HIROSHIMA

No one talks about it, no one research about Israel's hidden nuclear activities, no one talk about their warheads.

But ALL THE WORLD try to stop Iran's nuclear enrichment program which is ONLY for producing energy: http://news.xinhuanet.com/english2010/world/2010-11/24/c_13620854.htm

MISSING EQUALITY 4

----------------------------------------------------------------------------------

e) USA builds HAARP, they can create earthquakes, destroy world or a part of it, nobody asks why? No any single question.
They build Echelon, they can spy on all signals of world, nobody asks why? What do you want to do with it? Why you afford billion of budget on it? Can't you afford it for building something useful for your country's people?

Nobody worries, no problem exists at all. No question, no answer at all.

But when my country's army builds a new missile, all press writes about it and all gets worried. What's your problem? Why do you worry? What's the matter? All the world countries own missiles, they are for protecting a country. It's simple.

MISSING EQUALITY 5

----------------------------------------------------------------------------------

You see? There is so much thing to be fixed in the world, when nobody tries to solve this problem, I'll try. I'll try to solve such problems in my own method, as much as I can. I can't do anything on nuclear stuff, but how about digital world?

I'll do anything I want, anything I can in digital world and nobody should talk about it, I'll bring equality in my own method in my field. Wait for it...

Hope to have a world full of equality for all
http://pastebin.com/a30b9kPF

--------------

عجب صاندیث درصد بالایی تزریق کرده ها...
490gy9c.gif


--------------

پ.ن.: مدیرا لطفاً پاک نکنین؛ موردی نداره که هیچ چیزیم مستقیماً اشاره نشده حتی لغات حساسیت زا هم جدا نوشته شدن :(

پ.ن.2: این پست به مرور اگه بیانیه جدیدی داد طرف و یا اخباری بود به این رنگ آپدیت میشه
 
Last edited:

MD66

Registered User
تاریخ عضویت
13 جولای 2008
نوشته‌ها
2,669
لایک‌ها
208
محل سکونت
400 City
الهی شکر....
حالا چرا ه ک ر رو سوا نوشتی؟:D
 

Cleeev

Registered User
تاریخ عضویت
6 ژانویه 2010
نوشته‌ها
1,245
لایک‌ها
790
محل سکونت
on the edge of a super-massive black-hole
اصولاً یک انسان از هک کردن و بدست آوردن گواهینامه های امنیتی و امضاهای دیجیتال شرکتی مثل Comodo چه هدفی میتونه داشته باشه...؟

به چه دردش میخوره...؟ اگه اینطور که میگه "ارتباطی با ارت ش سای بری و دولت ج.ا.ا نداره و کاملاً خودجوش و تهنا تهنا" :)rolleyes:) این کارو کرده، خوب این گواهینامه های امنیتی واقعاً به چه دردش میخورن...؟ اصلاً چیزی که نمیتونه ازشون استفاده ای ببره به چه دردش میخورن...؟

یه همچین حمله ای در این سطح که صد درصد طرف تنها نبوده، فقط و فقط میتونه کار یه دولت/ISP یا در کل جایی باشه که ترافیک اینترنت از زیر دستاش عبور میکنن تا بتونه با این گواهینامه های امنیتی که دزدیده، اطلاعات مردم رو بدزده...

یعنی انقدر که عقل ناقص و تن علیل من جواب میده این فقط به درد دولت میخوره که man in the middle (فردی در میان راه) رو اجرا کنه و مثلاً شما میرید تو سایت جیمیل، کسی که ترافیک اینترنت کشور دستشهمیاد این گواهینامه و امضای دیجیتال دزدیده شده رو به مرورگر شما قالب میکنه و بعد یا شما رو به سایت دروغین میفرسته و یا اطلاعاتی که وارد میکنین رو میدزده...

حالا این ه کر تهنا و بی کس و بدون هیچ وابستگی (آخی دلم کباب شد) که هیچ ترافیک اینترنتی توی دستاش نیست واقعاً اینا به چه کارش میان...؟ اینا فقط به درد یه حکو مت و دولت تروریست میخورن که میخواد خون ملتشو بکنه تو کاسه و دهن مردم کشور خودشو به .. بده و اطلاعاتشونو بدزده تا بعد واسه مدرک و بعدشم اعدام افراد ازشون استفاده کنه...!

عمو اگه ه کر واقعی ای ما خودمون ذغالیم ما رو سیاه نکن دیگه ما ایرانیا رو نمیتونی سر کار بزاری که وابسته به فلانیا نیستی... برو عمو... برو واقعاً نام ایران رو بردی بالای سکوهای افتخار... برو خوش باش ترکوندی ایران و ایرانی رو خار و ذلیل میکنی برو خوش باش و عقده معروفیتت رو ارضا کن... واقعاً چه هدفی داری از خدمت کورکورانه به اربابانت...؟

الهی شکر....
حالا چرا ه ک ر رو سوا نوشتی؟:D

شکر قند روغن برنج... کوپنشو خریداریم... :p

اون ه کرم یه عادت ماهانه ـس که اینطوری بنویسیم میگن برای سلامت صاحاب بچه ـم بهتره دیگه عادت کردیم... البته فایده نداره میدونم و پیدا میشه...

پ.ن.: میگم کار و زندگی نداری صب/ظر/شب همیشه آنلاینی هر تاپیکی زده میشه میای فتنه میکنی اولین پستو میدی تا پستا رو منحرف کنی عامل صهیونیسم پدرسوخته... :p

کیــــــــــه؟
 
Last edited:

Cleeev

Registered User
تاریخ عضویت
6 ژانویه 2010
نوشته‌ها
1,245
لایک‌ها
790
محل سکونت
on the edge of a super-massive black-hole
از طرز تفکرش قشنگ معلومه که "اصلاً وابسته به هیشکی نیست" و "اصلاً تعالیم بس یج توی مخش قوطه ور نیستن"...

e) Green movement is nothing in Iran, just some young gangs with stones and woods in hand attacks people and stores and break glasses and burns garbages some often, if they had any ideology or anything to talk about, they were already said it. They just makes problem for normal people, their heads are connected to western gov. and intelligence services, so absolutely I hate them. They are my target, I already decrypted most of protocols they use to encrypt their data (thing that already all try to do), I won't let anyone inside Iran to disturb Iranian people, I say to them again, you have no privacy in internet, be careful​

میگم اینهمه ملت تو خیابونا و اون سه میلیون که شماها تو خوابتونم نمیبینید بدون اتوبوس و ساندیس بتونین بیشتر از 10-20 هزار نفر جمع کنین چه برسه به سه میلیون خودجوش، همه اینا یه مشت جوون gang هستن با چوب و چماق میزنن شیشه خورد میکنن...؟ من یه سری ویدئوهایی دارم که شما اونجا پهنای باند خوبم بهت مقتی دادن قیلترم که نیست برو نیگا کن روی یوتوب یه عده ای با لباس پلیس میزنن کلی اموال مردم و عمومی رو درب و داغون میکنن...!

واسه اون بخش if they had any ideology or anything to talk about, they were already said it یه چی بگو بگنجه مگه اجازه دادی بیان حرفشونو بزنن تنها کارتون به گلوله بستن بود...!

واسه قسمت آخرم که میگی I won't let anyone inside Iran to disturb Iranian people میگم این دو سال اخیر که صد و خورده ای انسان هوطنت بیگناه تو خیابونا و زندونای شما کشته شدن کجا بودی که نذاری مردم ایران اسیب ببینن...؟ تو این 30 سال و هزاران کشته و اعدام کجا بودی...؟!!

به راستی که برو کی . . . عقده مشهوریت یه کار کردی انقدر جوگیر شدی عقده ها به شدت فوران کردن...!
 

Omen_booster

Registered User
تاریخ عضویت
3 آگوست 2007
نوشته‌ها
104
لایک‌ها
12
محل سکونت
Sydney
I should mention we have no relation to Iranian Cyber Army, we don't change DNSes

اين چند نفره؟يه نفره؟:f34r:
 

Cleeev

Registered User
تاریخ عضویت
6 ژانویه 2010
نوشته‌ها
1,245
لایک‌ها
790
محل سکونت
on the edge of a super-massive black-hole
I should mention we have no relation to Iranian Cyber Army, we don't change DNSes

اين چند نفره؟يه نفره؟:f34r:

طرف مشکل شخصیتی/روانی داره یه جا میگه we یه جا دیگه میگه :

I'm not a group of hacker, I'm single hacker with experience of 1000 hackers, I'm single programmer with experience of 1000 programmers, I'm single planner/project manager with experience of 1000 project managers, so you are right, it's managed by a group of hackers, but it was only I with experience of 1000 hackers
!!!

انگلیسیش خیلی عالیه... :lol:

فکر کنم چند نفرن هر کدوم یه تیکه رو مینویسن اون تیکه ها که انگلیسیش خوبه کار برادر رانی خوره و این تیکه ها کار برادر ته صاندیث خوره... :f34r:

تیکه های ضد استکباریشم حتماً کار کارمان جنف زاده ـس از فغانسه پرتش کردن اومده داره به استکبار فحش میده...
 

Love_life

Registered User
تاریخ عضویت
10 فوریه 2010
نوشته‌ها
3,809
لایک‌ها
975
محل سکونت
دور نیست
از قصد با انگلیسی بد نوشتن ! خیالتون راحت ! این کار یه تیم هست که همه جوره تامین شده باشند تا این کار هارو بکنند
 

parsaweb

Registered User
تاریخ عضویت
17 اکتبر 2010
نوشته‌ها
3,106
لایک‌ها
7,758
هر کی که هستن واقعا کارشون رو خوب بلدن
 

mehdi_08

Registered User
تاریخ عضویت
16 آگوست 2008
نوشته‌ها
616
لایک‌ها
82
محل سکونت
کرمانشاه
بابا یارو رو دست کم نگیرین
ان ه ک که کردن کار بس دشواریه
 

mohsenshahbazi

همکار بازنشسته
کاربر فعال
تاریخ عضویت
21 ژوئن 2004
نوشته‌ها
4,025
لایک‌ها
3,825
محل سکونت
اصفهان
این که چه کسی هست مشخصه و معلومه ..چون روش کارش تابلو هست ... حدود ۱سال پیش یه نفر یه دومین به اسم gmailupgrade یا همچین چیزی ثبت کرد و شاید یکی از بزرگترین فیشینگ های جیمیل رو انجام داد که تو خیلی فروم های بزرگ و شلوغ تاپیک مربوط به این خطر مهم شد . اون یه روند خاصی برای کارش داشت که مشابه همین حرکت ه ک کردن ca هست . ( البته میدونم که این کار اساسش فیشینگ نبوده اما کاربردش برای فیشینگ هست )

در مورد متونی هم که منتشر میکنه . متن اولی که معلومه دیکته شده است . اما پیام های بعدی که داده مشخصه که تیم / شخصی که پشت این ماجرا'ست از این وضعیتی اطلاع رسانی اصلا راضی نیست .

ضمن این که حتما نباید یه ISP یا گیت وی داشته باشه طرف ... کافیه یه سرور v p n شلوغ داشته باشه . یا تعداد زیادی زامبی که dns شون رو دست گرفته باشه .
 

Mohsen Khan

Registered User
تاریخ عضویت
11 فوریه 2007
نوشته‌ها
2,223
لایک‌ها
299
اصلا چه دلیلی داره یک هکر بیاد برای کارش مصاحبه کنه ؟
 

7_f_7

Registered User
تاریخ عضویت
26 دسامبر 2010
نوشته‌ها
1,759
لایک‌ها
255
سن
41
محل سکونت
کرج
میگه 21 سالش هم هست :eek:
 

brainsore

Registered User
تاریخ عضویت
1 مارس 2008
نوشته‌ها
5,886
لایک‌ها
3,189
محل سکونت
دور
توییتر را چه طوری باز کرده؟ مگه استفاده از اینترنت آزاد تو ایران جرم نیست؟ اگه قانونه که برای همه است. ای لعنت... بابا جان این همه کشور، این همه جا، این همه جامعه، صاف باید تو همین خراب شده با این وضع قهقرایی به دنیا بیایم و بزرگ بشیم؟!
 
Last edited:

E=MC²

کاربر تازه وارد
تاریخ عضویت
12 دسامبر 2010
نوشته‌ها
123
لایک‌ها
2
محل سکونت
تهران
چندتا سوتي بزرگ در نوشتن پيام انگليسي داشته كه نشون ميده احتمالا هكر يا هكرها صانديص خور هستند :D (چون معمولا صانديص بهره هوشي رو پايين مياره و كند ذهني ايجاد ميكنه و در نتيجه يادگيري يه زبان خارجي سخت ميشه و از طرف ديگه زبان رسمي حزب صانديصم عربي مي باشد :D)

But it was Only I with experience ...
كه كاملا مشخصه كه از نظر گرامي اشتباهه :happy: همچنين جمله بندي خيلي ساده و در حد انگليسي دوم راهنماييه... اگه يه تيم هكر حرفه اي بودن، اونقدر دانش داشتن كه حداقل انگليسي رو خوب بلد باشن (چون سورس مطالب شبكه و امنيت و هك اكثرشون انگليسي هستند) :D

يه رگه هايي از صحبت هاي حش (حسين شريعتمداري) هم توش ديده ميشه... جالبه... دليل گردش اينترنت نيست جاذبه... صانديصه كه اينترنتو ميچرخونه جالبه :d
 
بالا