Author Topic: Oh my I was Hacked (lol)  (Read 10937 times)

0 Members and 1 Guest are viewing this topic.

linux

  • Guest
Oh my I was Hacked (lol)
« on: January 14, 2005, 12:25:53 am »
Uhm...all I can say is..WTF?

This is his current name, but we hacked him a long time ago when he
went by the handle, "Linux[e1]." Well, he obviously may know a bit about
Linux, right? WRONG. This newb thinks he's a hacker or some shit.
Well apparently not, considering how insecure his box was. Let's
take a little look, shall we?

tw0p4ck@stygian:~$ gcc (name snipped).c -o exploit
tw0p4ck@stygian:~$ ./exploit (ip snipped)

(name snipped) 0day remote heap overflow root exploit
by tw0p4ck and BigBoySam!

[~] checking to see if daemon is vulnerable...
  • the daemon is vulnerable!
  • [~] sending evil packets...
    [~] receiving kernel and OS response...
  • response received:
  • Red Hat 9
  • Kernel 2.4.x
  • [~] exploiting (ip snipped)...
  • exploit was successful!
  • [.] dropping to bindshell on port 31337...

    # whoami
    root
    # id
    uid=0(root) gid=0(root) groups=0(root)
    # echo owned ;)
    owned ;)
    # export PS1="\u@\h:\W\\$ "
    root@misery:~# ls -la
    total 28
    drwxr-x---   4 root www-data 4096 2005-01-09 11:23 .
    drwxr-xr-x  13 root root     4096 2005-01-10 11:09 ..
    -rw-------   1 root root      491 2005-01-09 12:20 .bash_history
    -rw-------   1 root root      704 2005-01-09 11:02 .bash_profile
    -rw-------   1 root root     1290 2005-01-09 11:02 .bashrc
    drwx------   2 root root     4096 2005-01-09 11:23 public_html
    drwx------   2 root root     4096 2005-01-09 11:14 .ssh
    root@misery:~# cat .bash_history
    ls
    cd ..
    ls
    touhc 123
    tuoch 123
    touch 123
    pico 123
    cat 123
    cd /etc
    cd ..
    cd /etc
    ./zds
    ./zds
    ./zds
    ./zds
    ./zds
    ./zds
    hexedit zds
    ./zds
    cd $HOME
    wget
    wget
www.qwlkjdakljalk.com
echo hi
cd /var/log
cat syslog
cat syslog.1
pwd
whoami
su misery
screen ./zds
screen
man man
man woman
mount your_mom
ls
cd /home
ls -l
cd ~
cat .bashrc
root@misery:~# uname -a
Linux misery 2.4.18 #1 Wed Nov 1 20:09:22 JST 2004 i686 GNU/Linux
[...cut...]

As you can see, he is not very good at Linux. I find it
ironic that such a dumbass would name himself after Linux, when
in fact he can't even use it! Not only that, but he doesn't
even patch his kernel... haha! I, Tw0p4ck, have obviously owned
this newb, and for what you ask? Only $45, but hey... it was fun!
And I did happen to buy a game with it. Anyways, I took a screenshot
and left a message:

root@misery:~# echo Hacked by tw0p4ck and BigBoySam. A message from the person who
paid us to own your insecure box: d0n7 fuck w1th p30pl3 wh0 4r3 b3773r 7h4n j00
> /etc/motd
root@misery:~# cat /etc/motd
Hacked by tw0p4ck and BigBoySam. A message from the person who
paid us to own your insecure box: d0n7 fuck w1th p30pl3 wh0 4r3 b3773r 7h4n j00

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Oh my I was Hacked (lol)
« Reply #1 on: January 14, 2005, 12:31:45 am »
It's made to look like Metasploit, says iago. It's pathetic, half of that wouldn't work. AND, who runs Red Hat 9?!

Quote
pico 123
cat 123
cd /etc
cd ..
cd /etc
./zds
./zds
./zds
./zds
./zds
./zds
hexedit zds
./zds
cd $HOME
wget
wget www.qwlkjdakljalk.com
echo hi
cd /var/log
cat syslog
cat syslog.1
pwd
whoami
su misery
screen ./zds
screen
man man
man woman
mount your_mom

Looks like they are just learning Linux commands.

http://www.cc.gatech.edu/~kaluskar/unix.html
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Oh my I was Hacked (lol)
« Reply #2 on: January 14, 2005, 12:48:09 am »
Incidentally, they did "cat .bash_history" -- that was whoever owned that machine "learning commands". 

Here is an excerpt from my own!
Quote
iago@Slayer:~$ cat .bash_history  | less
ping www.google.ca
vi LuckySevens.java
ls
rm LuckySevens.java
ssh hitmen
cat /etc/hosts
ssh hitmen
telnet hitmen 22
telnet hitmen 22
ssh iago@hitmen
ssh darkside
exit
javac LuckySevens.java
javac LuckySevens.java
javac LuckySevens.java
javac LuckySevens.java
javac LuckySevens.java
cat /etc/resolv.conf
ssh hitmen
exit
sudo vi /etc/sudoers
java -version
cd javaop
cd projects/
cd c
ls
cd xmms-nowplaying/
ls
vi xmms-playing.c
exit
cd .gaim
cd logs
cd aim
cd iagoishere
cd ckykrazed/
grep http *
cd workspace/Control
ls
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
ls
java -jar SelectPlugins.jar
rm ../Help.jar
java -jar SelectPlugins.jar
java -jar JavaOp2.jar
java -jar SetupBots.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar
java -jar JavaOp2.jar

I'm elite :)

Anyway, post the Windows one, I want to point out the obvious mistakes.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Oh my I was Hacked (lol)
« Reply #3 on: January 14, 2005, 01:03:23 am »
Quote
-----------------------------------------------------------------
Inner@USWest                      |
-----------------------------------------------------------------

 yo this is BigBoySam here to show you the hacking of a faggot every1
hates: Inner. yeahz this kid is like fucking gay n shit and ive been
monitoring him. eventually through some persuasion and manipulation
I w4s able to get Inner's IP address. newayz yeah so i logged on
tw0p4ck's NetBSD box and used our leetest and newest Winbl0wz exploit we have
on Inner.

bigboysam@stygian:~$ gcc (censored).c -o innerisowned
bigboysam@stygian:~$ ./innerisowned (ip cut out)

(censored) - Windows XP Universal Remote Admin Exploit
by tw0p4ck and BigBoySam!

Exploiting remote target...
Sending evil buffer...
Shellcode successfully executed!
Dropping to remote bound cmd.exe on port 18241...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C\Documents and Settings\Inner>dir

 Directory of C:\Documents and Settings\Inner


12/26/2004  01:05 AM    <DIR>          .
12/26/2004  01:05 AM    <DIR>          ..
01/11/2005  01:04 PM    <DIR>          Desktop
11/29/2004  03:40 PM    <DIR>          Favorites
12/29/2004  01:21 PM    <DIR>          My Documents
10/18/2004  01:19 AM    <DIR>          Start Menu
11/07/2004  10:15 AM    <DIR>          WINDOWS
               3 File(s)            985 bytes
               7 Dir(s)  45,233,357,824 bytes free

C:\Documents and Settings\Inner>cd Desktop
C:\Documents and Settings\Inner>echo HACKED BY BIGBOYSAM AND TW0P4CK!! > HACKED.txt

as you can see I owned his box haha. all I did was own it and place a msg
on his desktop. Newayz, i think it sumz that shiz up haha! Btw, we got
offered $125 by one person, $45 by one other, and $70 by another. We
accepted all of them ;). Hooray for us... we got paid a lot 4 somethin
fun!

by3 4 n0w ph4gz!

-----------------

Why wouldn't it go to Desktop when they CD'd to desktop? And why would WINDOWS be in the "Inner" directory? And why in HELL would he have "Inner" as the logon to his Windows machine?
« Last Edit: January 14, 2005, 01:05:03 am by Quik »
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

linux

  • Guest
Re: Oh my I was Hacked (lol)
« Reply #4 on: January 14, 2005, 01:16:06 am »
I don't know if I'm odd, I use my Actual Full name?


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Oh my I was Hacked (lol)
« Reply #5 on: January 14, 2005, 09:33:09 am »
Why wouldn't it go to Desktop when they CD'd to desktop? And why would WINDOWS be in the "Inner" directory? And why in HELL would he have "Inner" as the logon to his Windows machine?

Exactly!

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Oh my I was Hacked (lol)
« Reply #6 on: January 14, 2005, 11:16:40 am »
I'm confused. Someone summarize what happened. :/
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Oh my I was Hacked (lol)
« Reply #7 on: January 14, 2005, 12:46:12 pm »
All those quotes are from some website who claims they hacked people and blahblahblah.  I dunno, maybe somebody should post the quote here.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline wires

  • Pwnage
  • x86
  • Hero Member
  • *****
  • Posts: 1103
  • cocaine is fun!
    • View Profile
    • Weapon Of Mass Destruction
Re: Oh my I was Hacked (lol)
« Reply #9 on: January 14, 2005, 07:11:28 pm »
Lol. :P

Quote
11. List of Lame Faggots
------------------------

y0 th3ze r 4ll th3 ppl 7h3 bn3t 4x3 ph34lz iz r33ly g4y, 4nd
n33dz 2 b3 4x3d ;). 1ph j00 r 0n th1z l1st, th3n pr3p4r3 j00r53lph,
b3cauz3 4 b0un7y h4z b33n 5eT 0n j00, 0r w3 juzT ph33l j00 5h00d
g1t 4x3d.

*snip*
Op Forge@USEast

linux

  • Guest
Re: Oh my I was Hacked (lol)
« Reply #10 on: January 14, 2005, 07:38:06 pm »
..Do they realize NO ONE types like that...except them? [FLAME] Bigboysam and tw0p4ck have been crowned the residental battle.net idiots. [/FLAME]

Offline Mythix

  • The Dude
  • x86
  • Hero Member
  • *****
  • Posts: 1569
  • Victory
    • View Profile
    • Dark-Wire
Re: Oh my I was Hacked (lol)
« Reply #11 on: January 14, 2005, 10:34:44 pm »
wow.

Code: [Select]
/dev/hda3 / ext2 defaults 1 1
none /dev/pts devpts mode=0620 0 0
/dev/hda4 /home ext2 defaults 1 2
/mnt/cdrom /mnt/cdrom supermount fs=iso9660,dev=/dev/cdrom 0 0
/mnt/floppy /mnt/floppy supermount fs=vfat,dev=/dev/fd0 0 0
/mnt/zip /mnt/zip supermount fs=vfat,dev=/dev/zip 0 0
none /proc proc defaults 0 0
/dev/hdb2 /usr ext2 defaults 1 2
/dev/hdb5 swap swap defaults 0 0

HOLY CRAP IT HAXED HIS HD
Philosophy, n. A route of many roads leading from nowhere to nothing.

- Ambrose Bierce


Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Oh my I was Hacked (lol)
« Reply #12 on: January 14, 2005, 11:10:46 pm »
Wrong about the WINDOWS dir comment, everyone.

Quote
C:\Documents and Settings\[snip]>dir
 Volume in drive C has no label.
 Volume Serial Number is C860-LALA

 Directory of C:\Documents and Settings\[snip]

11/27/2004  01:51 PM    <DIR>          .
11/27/2004  01:51 PM    <DIR>          ..
04/22/2003  04:40 PM    <DIR>          .javaws
08/27/2003  06:12 AM                 0 Botmail.txt
08/27/2003  06:12 AM               137 Config.ini
08/27/2003  06:12 AM                 0 Database.txt
11/25/2004  09:27 AM    <DIR>          Desktop
11/11/2004  10:47 AM    <DIR>          Favorites
08/27/2003  06:12 AM                 0 LastSeen.txt
12/23/2004  07:33 PM    <DIR>          My Documents
08/27/2003  06:12 AM               177 Options.ini
08/27/2003  06:12 AM                64 Settings.ini
03/23/2003  09:32 AM    <DIR>          Start Menu
11/27/2004  01:51 PM    <DIR>          VSWebCache
04/21/2003  10:10 AM    <DIR>          WINDOWS
               6 File(s)            378 bytes
               9 Dir(s)  14,040,182,784 bytes free

C:\Documents and Settings\[snip]>
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Oh my I was Hacked (lol)
« Reply #13 on: January 15, 2005, 12:19:41 am »
Explain, please.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Krazed

  • x86
  • Hero Member
  • *****
  • Posts: 1822
    • View Profile
Re: Oh my I was Hacked (lol)
« Reply #14 on: January 15, 2005, 11:55:32 am »
WINDOWS is in the home directory, atleast on XP it is. I just verified this with my brothers laptop, I'll upload the screenshot when I get unlazy.
It is good to be good, but it is better to be lucky.