Understanding Script Kiddies

Kzip sent us an interesting paper on script kiddies. It basically follows a log of a box being cracked and rooted, and then has tons of IRC logs with the responsible folks. A lot of insight into the mentality, but more important, the novice skill level required to do serious damage to many systems.

my ideas...

[happystink]

There is a buzz when you do something big with a computer, that's sort of like "haha, i actually DID that", which I have felt just when accomplishing non-bad things on the computers, and I think it's the same feeling the kiddies have.

A few months ago I saw a step by step instruction set on how to exploit a machine with the BIND vulnerability, and I have to admit, I was tempted to try it, to see if it'd work. Moreso, I was kind of like "wow, I could do all these steps even though I'm dumb", and I know if I had there would have for sure been a little buzz of delight.

I used to buy beer with fake ID before I was of age, and it was the greatest, there was a total high when it worked. That is sort of script kiddy-like, it's not like I dud anything clever or anything, I just showed the clerk my ID and bought it, but it still felt wicked, and I think that's the thing in play here: It's easy to say "oh those kids don't know anything, what they're doing requires no thought" etc, and it's true (reading these transcripts makes you realize how incredibly dumb they are, it's really sad), but it is irrelevant, because as long as breaking into a box gives them a little buzz and feeling of accomplishment, they aren't going to stop.

p.s. the part where the guy is talking about how fat he is, that is so priceless and hilarious. If it wasn't so pathetic I'd laugh till I cried

Funniest parts

[w00ly_mammoth]

fun replying to myself, but there is some seriously solid witty banter in there.

[ Dick admits he isn't top of the class at creative writing.]

:D1ck :i want some one with good writing skillz
:D1ck ::/
:D1ck :to write About, FAQ
:D1ck :etc

[Here we have a fancy debate on the mission statement. These guys take themselves a tad too seriously.]

:D1ck :is this para write for About
:D1ck :?
:D1ck :K1dd13 came into existance almost a year ago. It was born out of hate and contempt for violence, atrocities and human rights violations against Muslims, specially the affectees in Kashmir. It was precipitated to bring the attention of world leaders and
:Sp07 :?
:D1ck :organizations to the issue in cyberspace which is today the leading source of communication.
:D1ck :is that fair enuff?
:Sp07 :eyah I guess
:Sp07 :I thought it was like a hacking group

[ Our l33t h4x0rs look for profound quotes to adorn their web site]

:Sp07 :what is lahore ?
:D1ck :lahore==city
:D1ck :Sp07 give me a good quote
:Sp07 :I thought it was the whore in french
:Sp07 :ill go get a quote fo you
:D1ck :heh
:D1ck :ok
:Sp07 :I dont know any in my ehad
:Sp07 :hea
:Sp07 :d
:Sp07 :Silence is gold, if nothing better you hold.
:Sp07 :tahts gay
:Sp07 :I heard a quote before
:Sp07 :goes something like "If you want peace, you must prepare for war"
:Sp07 :I herad it in a simpsons episode

[Dick doesn't know what pot is, but tries to look l33t by claiming he has lots of it. Rather Clintonesque admission follows. Spo7 isn't impressed].

:Sp07 :im a pothead
:Sp07 :hehe
:D1ck :oh
:D1ck :what does it mean btw :P
:D1ck :?
:Sp07 :someone who smokes lots of weed
:Sp07 :hahaha
:Sp07 :pot-heads
:Sp07 :pot = weed
:D1ck :oh
:D1ck :i get tons f weed
:D1ck :but
:D1ck :i dont do it
:Sp07 :heh
:Sp07 :not weed in your garden or anything

[Spo7 expresses skepticism about Dick's impressive fluctuations in mass. He tries to get to the bottom of it. Suspenseful stuff, this.]

:Sp07 :how much do you weight?
:D1ck :for real
:D1ck :300 punds
:Sp07 :for real?
:D1ck :yes
:Sp07 :you serious?
:D1ck :for real
:D1ck :
:D1ck :yep
:D1ck ::)
:D1ck :serious
:Sp07 :dont lie
:Sp07 :hehe
:D1ck :i`m FAT
:Sp07 :300 is a lot
:D1ck :as
:D1ck :s
:D1ck ::)
:D1ck :nope i`m 300#$@
:Sp07 :how old are you?
:D1ck :17

:D1ck :dude
:D1ck :4 years back
:Sp07 :H M
:Sp07 :H M
:D1ck :i was 400
:D1ck :and then i lost 200
:Sp07 :DAYUMMMMMMMMM
:Sp07 :you liar
:D1ck :nutriotion
:D1ck :and then
:Sp07 :how can you be 400 pounds when your 13?
:D1ck :I WAS
:Sp07 :you liar
:D1ck :tendency
:D1ck :and
:D1ck :lots of eating
:D1ck :but then i left the diet and excersise
:D1ck :but i`ll loose it again
:D1ck :i`m serious now
:D1ck ::)
:Sp07 :400 is too much for a 13 year old
:D1ck :when i`m serious imake sure to achieve the goal
:Sp07 :maybe like 200 is cool
:Sp07 :but 400
:Sp07 :no way
:D1ck :hahahaha
:Sp07 :200 is still fat but 400 is like a fucking elephant

[Dick has forgotten he has said he smokes weed. A rare occasion when he admits not knowing something follows...]

:D1ck :smoking marjuana is likee 'cool'?
:Sp07 :I GUESS
:Sp07 :ITS FUN
:D1ck :oh
:Sp07 :ITS NOT LIKE SMOKING
:D1ck :it tastes good?

[Dick, ever the crafty one, shocks Spo7 with a clever deceptive move. Spo7 almost has a heart attack, but dick clarifies the situation.]

:Sp07 :IT TAKES ME TO MY OWN WORLD
:Sp07 :MWUHAHAHAHAHA
:D1ck :Ok i disclose my self.
:D1ck :I`m a FED
:Sp07 :??
:Sp07 :OH SHIT
:D1ck :You are busted
:Sp07 :FUCK YOU
:Sp07 :DIE MOTHER FUCKER
:Sp07 :FOR REAL????
:Sp07 :officer
:D1ck :yes.
:Sp07 :suck my dick
:D1ck :dude
:D1ck :relax
:Sp07 :no wonder
:Sp07 :how would a pakistanian know english
:Sp07 :its all clear
:Sp07 :hey
:D1ck :hehe
:Sp07 :your not really a fed right??
:D1ck :y0
:D1ck :?
:Sp07 :dont even joke like that
:D1ck :nope
:D1ck :ok
:Sp07 :MAKES ME FEEL NERVOUS
:D1ck :i`m not a fed
:D1ck :why did u take it so serious?
:Sp07 :I DUNNO

:D1ck :man dont think i`m a fed
:D1ck ::)
:D1ck :i`m a elite hacker

Re:It's pretty simple

[TheCarp]

> Then again, could it be that society implicity
> tells boys that they need to be "macho and
> manly"? Sort of how society tells girls they
> need to be "skinny and beautiful"?

I think its more than that. People always want to blame drug abuse, violence, etc as "the problems" when really, I think they are symptomes of larger, and more fundamental, problems with our societies social structures...specifically they are rotting.

At a start, look at chldren in the US versus other countries. In france or other European countries a 5 year old kid can sit through a formal diner. How many 5 year olds in the US can do the same?

We have stopped teaching our children responsibility and discipline. In fact, we have taught them that they can be irresponsible...its expected of them.

Now as for firearms...they ARE a buzz enhancer in a way. I have used them...holding a gun is a high in and of itself. The realization that YOU now can decided life or death at a whim. Its power.

Does that make them bad? No. It, like anything, is something a person must be taught to control. I have cousins who have owned firearms since they were 11. They are some of the safest people I know with guns. They were taught the simple rules from extremely early ages.

You NEVER point a gun unless you intend to fire it. You NEVER point a gun at a person unless your life is in danger. You ALWAYS treat every gun as if its loaded (even if you have the firing pin in your pocket!). Its all about respect for the power of the tool and for basic life.

It is much harder to aquire discipline later in life than early. Hell I am 22 and just now starting to learn to discipline myself. Its NOT easy. Its a skill that needs to be taught young.

All in all I don't think our society breeds healthy life attitudes. Its a much harder problem to solve than just being reactionary and trying to solve the symptomes (like prohibition of drugs, drunk driving penalties, etc etc) but raising responsible people with healthy life attitudes will solve these at the source.

System cracking is just an extension of adolencent irresponsibility. It is not the problem but the symptom. Catching crackers will no more solve the problem than taking tylanol will get you over your cold faster. (all it does is make you feel better by treating symptoms)

Re:Understanding the kiddies

[Accipiter]

I disagree. Script Kiddies aren't out to explore. They go into systems, and run scripts, root boxes, and they think that makes them a hacker.

So they go around telling their friends "I'm a hax0r! b0w!"

It's about image. They think they can prove themselves to their peers by cracking a box with a canned program. Exploration has nothing to do with it. If they wanted to explore, they would write the programs themselves. But instead, they take the lazy way out, and run a pre-made program.

Laziness and Exploration do NOT go hand in hand.

-- Give him Head? Be a Beacon?

Re:It's pretty simple

[11223]

Looks to me like they got that from somewhere else. They don't actually have those fields memorized, and probly couldn't tell you a damn thing about what those funny greater than signs are doing in that text.

Misconception

[LaNMaN2000]

I think a problem will arise as the media attempts to classify all "black hat" hackers by the actions of these "script kiddies." Even though the vast majority of "damage" is caused by people with little or no computer knowledge just for the "thrill," the script kiddies really pose little significant threat to organizations.

The real danger is those people who have a clearly defined agenda/ideology in mind when the crack/write viruses. After the outbreak of the "ILOVEYOU" virus, I began thinking about a virus that targets a particular organization and compromises *only* their systems (and copies internal documents, deletes files, etc.). Even though it could replicate with each machine it infects, it would seem completely innocuous until it finds computers that identify themselves within the target domain. It could target particular classes of domains (in the case of worms, for example) that would be more likely to be within fewer degrees of separation from the target--preventing widespread outbreak and collateral damage so as to avoid attention and publicity.

Threats like the above are what should frighten corporations and the government. After Oracle's recent attempt to purchase MS trash, the proliferation of corporate espionage has really been brought to the forefront by the media. The damage that could result from the release of proprietary information is far greater than what results when a web server is cracked or an e-mail server taken down. Nonetheless, most organizations have no infrastructure in place to deal with this type of threat. This is where the *real* danger lies.

True, most have no skill what-so-ever. Example...

[dohnut]

Part of my company was "hacked" a while back by a script kiddie. Behind our router I pretty much just use telnet and ftp because it simple, and everyone else is behind a firewall and cannot see the traffic in between the router and firewall. Also, the machines are just test boxes with no vulnerable data in any case.

Well, some people in techsupport set up a linux box outside of the firewall to run seti@home, and left it completely wide open. A script kiddie got to that and fired up a packet sniffer. Then of course, strange things started happening on my test boxes as the script kiddie hacked into mine seeing my plaintext passwords, quite simple.

Why do I say this person has no skill? First, my box was running a firewall, so his IRC server was hitting the wall along with everything else he was trying to do, apparently he did not know how to disable ipchains, and I could see through netstat that he had these apps running. He replaced some apps like "ps", but left many others, like netstat. The old apps along with his packet sniffer and IRC server where moved to /bin/.bin which is pretty easy to find, using, well, "find" looking files modified within a certain time period. He also left a log of him ftping the files from the seti@home box, which is how we tracked that one down in the first place.

Here's the beautiful part. When we found that the seti@home box was the root of all evil, we looked in the /bin/.bin/sniffer directory, or whatever it was called and viewed his sniffer log. Well, guess what it showed besides our plaintext passwords and usernames? His username and password to his ISP as he logged into his own account to get more tools while the sniffer was running. Needless to say we caught up with him.

What these people are thinking is beyond me. Maybe I'm just paranoid, but if would ever do something like this, I'd make sure I knew my sh*t and even then odds are you will still leave some sort of trail. So, people must be right, they really must not see any consequence in committing these acts. And then they brag about it like it took skill to type ./hack 192.168.1.1. I mean as soon as you set up an IRC server to brag about your instruction following skills, you've lost all respect as a "hacker" as far as I'm concerned.

The problem: root

[Animats]

Sigh. Why, after 20 years of this crap, does UNIX still have set-UID to root? Why are minor daemons running as root, ever? Why should something like BIND, which only needs to access a few files and sockets, have significant privileges? Why is there "root" at all?

Secure systems don't have "root."

Re:Understanding the kiddies

[FascDot+Killed+My+Pr]

You are right about the sense of unreality. But I don't think you are right about the curiosity.

My belief is that some people categorize the world into two groups: "People who are stupider than me" and "People who are smarter than me". These kiddies like to have as many entries as possible in list A and as few as possible in list B.

What does this explain and how?

They don't try to understand what they are doing. They can't admit to themselves that there are people smarter than themselves who could teach them about, say, TCP/IP. So they use scripts the found on the net and pretend to themselves that "I could have created this."

It also explains the motivation: If you break into someone's system, you have proved that person is on list A. The reasoning is: "Their automated defenses didn't keep out my automated attack, therefore I am smarter than they are." This is flawed, of course, but we already know the kiddies are a little...dim.
--

Re:amusing...

[Emil+Brink]

Heh. Reminds me of a day at work a couple of months ago, when a colleagues' box was hacked into. The h4xx0r kid had run some kind of rootkit (although I'm not sure the box was actually rooted, but some kind of prepackaged kit was used), which cleaned out all the logs. Except, of course, for that tricky, well-hidden, hard-to-find, sneaky, known-by-gurus-only one known as .bash_history! ;^)

It was quite cool to see which commands had been run, etc. I think he actually started up an IRC server on the box, probably to serve warez... That, and the ObPortscan of course. ;^) Our local nettech archived the contents of the kid's account down on a couple of floppies and did a reinstall. Some day, when I'm sufficiently bored, I think I'll ask him for those disks. Might learn something useful. ;^)

Um. cut ... paste

[Moderation+abuser]

Nah, they've no idea what they're doing. You could replace them with an expect script and be more effective. Automate the whole process.

Basically the moral is, take care of basic security. Get rid of stuff you don't need on the box. Use tcpd. stop and comment out all unneeded services from inetd.conf.

Just take basic security measures.

amusing...

[mirko]

Seen that ?
ftp> get sun2.tar
200 PORT command successful.
150 Opening ASCII mode data connection for 'sun2.tar' (1720320 bytes).
No comments... ;-)
--

Understanding the kiddies

[11223]

Here's why the kiddies do what they do:

Ever sat down at a box somebody's given you an account on and just poked around to see how it's organized? That's part of the script kiddie feeling - it's partly about exploring the system, seeing what you can do.

But there's something more behind that - it's a feeling of inconsequenciality (sp?!?) - that those boxen they're poking with are inconsequential to them and immaterial - they don't actually exist in their mind!

That's the problem that faces the sysadmin - the kiddies feel that you do not exist, and therefore it's okay to go off and exploit these systems! To counter that, if you ever catch a kiddie on your system (logged in), don't just boot him off. 'talk' him. Make sure he knows that there are people behind these machines, and that they're not just machines to be played with.

H0\/\/ \/\/3 D00 I7!

[idistrust]

\/\/3 7yp3 a11 l337. 7h47'5 7h3 7R1ck.

Enjoy your new knowledge everyone.

t00 1337 4 U

[S�gnal+ll]

:D1ck! :do this 'df'
:D1ck! :and paste me
:D1ck! :and then df -k
:J4n3! :wait
:J4n3! :.Filesystem 1k-blocks Used Available Use% Mounted on
:J4n3! :./dev/hda8 1935132 878956 957780 48% /
:J4n3! :./dev/hda7 23302 2650 19449 12% /boot
:J4n3! :./dev/hda1 2064032 1230496 833536 60% /mnt
:D1ck! :oki
:D1ck! :mkdir /win; mount -t vfat /dev/hda2 /win
:D1ck! :wait, what is /dev/hda7
:D1ck! :?
:J4n3! :linux swap partition
:D1ck! :ok

hmm... without my r00tkit, i'm just a luser

I agree, let us exploit this resource.

[TheDullBlade]

The supply of script kiddies is, for all intents and purposes, infinite.

The question is, what can we do with them?

To answer this kind of question, I usually start by asking, what are they made of?

Script kiddies are made of meat.

So the next time your system is compromised by a script kiddie, track him back to his lair, and get a fresh freezer-fill of long pork.

If you lack the butchering skills, please contact my organization: 31337 |\/|337 Enterprises, and let us take care of the messy details.

(sung to a 50's jingle tune)
"If you've got a H/\X0R1NG problem that's got you beat,
we'll do the hacking at 31337 |\/|337."

The illusion of power

[Veteran]

Young men spend a lot of time chasing illusions of power, young women typically chase the illusion of control. Script kiddies do destructive things because it gives them an illusion that they are powerful. It is the same illusion that a vandal gets by throwing paint onto an existing masterpiece: 'See, I'm a painter also'. It is almost always easier to destroy than to create; it is a very difficult job to write a program which works well and is useful. It is easy to crash such a program; just pull the power cord. People who crack into systems, and virus writers, both get the same illusion of power; "see how mighty I am, look at this chaos I caused".

The truth is that real power feels like nothing. You do something, things happen, and you get no feel that you did anything; all of the force of your effort goes into the target. The less you feel, the more the target responds. This is disappointing to men who want 'the feeling of power'.

Eventually most script kiddies outgrow the sort of adolescent thinking that causes them to do destructive things. Young people everywhere have a 'golden glow' about their existence. It is obvious to them that the old people like me don't get it. However, that is not what is going on; we get it, we just know that 'special glow' is an illusion. Real maturity arrives when you can see the illusions of youth for what they are.

Does this mean that I want 13 year olds to behave like 50 year olds? NO, making mistakes is the only way to learn anything; if you don't make any mistakes you haven't learned anything - you already knew how to do what ever it was that you were doing. Youthful indiscretions are an essential part of growing up - if you are lucky, they don't get you killed or sent to prison for a long time - eventually you do something that scares you enough to cause you to learn something.

Young people expect the same reasonableness from government authority figures that they have experienced from the authority figures in their life while they grow up; but that is a false expectation. Government, and the criminal justice system are giant, impersonal machines. When you get caught up in the gears of that machinery you will be ground into hamburger meat by it. All of your dreams, fears, and hopes are meaningless to the impersonal machinery of government; it grinds the good as finely as it does the evil.

Of course there is a secondary reason for trouble making; some people are searching for attention, and to them even punishment if better than being ignored.

script kiddies not the main problem

[w00ly_mammoth]

I actually find it more puzzling understanding the other side, i.e, those who are responsible for preventing security breaches. These script kiddies are just teenagers trying to be cool, but what about the admins/managers/etc., who sometimes spend millions on security and fail to even plug well known holes?

For instance, take the case of the Australian govt., which put up info on thousands of business with their business number clearly visible on a CGI thingie on the URL. Guess what, changing the number gave you immediate access to the bank accounts and tax info of the relevant company. Couldn't they have even bothered to scramble the thing in the URL?

It reminds me of the story in Cliff Stoll's excellent book "The Cuckoo's egg" (a must read for hackers), in which he details how military depts. spent millions on security and left guest access open on the very machines they were supposed to protect. Or Richard Feynman's account of how mega-expensive safes guarding nuclear secrets were left with the default combination lock setting.

There was a flap some yrs ago when Dan Farmer scanned various banks for security and published the results, and it turned out many had not bothered applying even rudimentary, known fixes for problems known for years.

It's really amazing how utterly clueless and irresponsible the people in charge of security are. Generally, they tend to be suits impressed by buzzwords or mega $$$ security firms. Nobody really understands the real issues or even the basics. You can never prevent script kiddies from existing in this world. What you can do is take steps to prevent cracking.

Take another example of general hysteria and cluelessness - after the flap over the I LOVE YOU virus, almost none of the mass media coverage was about the fact that it was spreading via VBscript on outlook. MS must have been counting its lucky stars that nobody thought of pointing out this remarkable common factor.

And so history repeats itself...nobody fixes the root of the problem. Maybe somebody should write up an analysis of the mentality of people behind a typical insecure installation. But then, that would be too boring.

PHB1: Should we consider DoS attacks?
PHB2: What, DOS? Didn't we upgrade to Windows?
PHB1: Not sure...my team wrote something about DoS. OK, you're right, we probably don't need to worry about DOS. I think we have everything covered now.
PHB2: Good, now let's write up the status report.

w/m

Be the expert witness

[AndrewD]

OK, here's something to discuss, but first some background:

In the real world (ie. the UK - I understand the US follows this one mostly), if you have something dangerous on your land and it escapes to a neighbouring piece of land, you have to pay for the damage. The case that set this rule was Rylands v. Fletcher, in which the owner of a badly-maintained reservoir got taken to court by the neighbour he flooded out.

Also in the real world, if you sell a product that doesn't do something the customer can reasonably expect it to do, you're liable for some or all (depending on circumstances) of the harm that results.

Bearing in mind those radically simplified statements of the law, consider the following:

1. Al installs unspecified OS on Bert's box, which is connected to the net.
2. Bert's box now has all the security features of a public lavatory
3. When Script Kiddies Attack (coming soon on a low-rent cable channel near you!), Bert's box gets thoroughly reamed out in all manner of entertaining and costly-to-Bert's-business ways.
4. Having got into Bert's box, one of the Script Kiddies manages to use that route - either learning a password, or pretending to be Bert - to get into Charlie's (one of Bert's customers, or something) box, and plays merry hell with it in all manner of entertaining and costly-to-Bert's-business ways.

Got all that? Now, applying your skill and knowledge of what a responsible and prudent owner of a box-connected-to-the-net and a responsible and prudent installer of OSs and software on such boxes ought to know and do, give your opinion as to the following propositions:

1. By maintaining a seriously leaky box, Bert ought to be liable to Charlie on the same principles as the owner of the reservoir in Rylands v. Fletcher was, save that we're applying that principle to the net rather than the real world; and
2. Al is liable for the whole sorry mess as he ought to have made the system more secure to start with.

No, I don't have a case on these facts running at the moment. Yes, I think proposition 1. is more interesting - 2. is pretty much a no-brainer as far as I'm concerned - as it might be a stick with which to beat management into paying for better security.

Ignore license disclaimers for present purposes.

Other interesting background: failure to keep personal data adequately secured against unauthorised access is potentially a criminal offence here in the UK, and it can certainly get you on the wrong end of nastiness from the Data Protection Registrar.

Script kiddies are a natural resource

[/]

And I don't think I'm alone in thinking that script kiddies, while annoying, are a natural resource, who play an important ecological role in thinning the herd and weeding out the week among sysadmins (who are too lazy/stupid to maintain the latest bugfixes) and their servers. Let's make sure that as law-enforcement efforts are stepped up, the EPA, the Forestry Services, and the Fish and Wildlife Services establish some refuges to preserve the species as others try to drive it to extinction.

Informative, and hilarious at the same time

[Bedemus]

I read this article yesterday... just recently got hooked on RootPrompt.org... Though their name is an obvious homage to rootshell.org, their content is quite original... Easily more enjoyable than the actual IRC logs shown are the descriptions of each day's activities:

Day 5, June 08
D1ck asks J4n3 to take out three systems for him. D1ck and his elite buddy Sp07 try to figure out how a sniffer works "umm doesnt it have to be the same network?".

Been doing sysadmin/security work for a while now, and I've gotta say, they pretty much hit the nail on the head with regards to how little knowledge the majority of the crackers out there really have. Not to say that all crackers are script kiddies -- far from it -- but a lot of them are, and I'd wager the majority of them are. People who take an interest in security and want to actually learn stuff generally find out they can learn much more by trying to fight the good fight and lock down a system than they can by downloading and running scripts... Even the more malicious types who have a clue tend to spend more time writing custom exploits and publishing them than actually cracking boxes themselves. These are the guys that security firms try to pick up -- they know how the cracker mindset works, but they are more mature than the typical script kiddie, and they REALLY know their stuff.

--
NeoMail - Webmail that doesn't suck... as much.

It was so much better before script kiddies.

[luckykaa]

I remember hacking into the US AI mainframe accidentally when trying to get some games. Pretty cool system though. After the first connect, the thing called me back.

Went pear shaped when I nearly cause World War three of course. Still, all worked out okay in the end.

IRC HAQRZ 3XPOSED!!!

/join #warez

Cannot join channel #warez: Banned From Channel << Sh1t, bann3d..

/join #hack << Lets see if the haqrz know about .rhosts

TOPIC FOR #hack: WE BLOW FOR SCRIPTZ. << Neato Topic

U4eA (U4EA@BOW.ORG) has joined channel #hack.

> y0y0y0y0 eYe n33d th3 scr1pt f0r .rhosts!!!

You have been kicked off channel #hack by chasin (GET OUT LAMER!)

^^^^^^ note the sense of hostility.

[BoW] will g3t chas1n f0r th1s!

/load n00k

/n00k chasin << eYe h0p3 1t w0rkz (hehehehe)

NUKED.

/whois chasin

CHASIN: NO SUCH NICK OR CHANNEL << 1t w0rk3d (bahaha)

*chasin* im mailing your sysadmin loser!! << m0r3 fan ma1l 3l33+

/nick chas1n

U4EA is now known as chas1n.

Signon by visionary detected. << 3l33+ TRAXST3R!!!

/msg visionary N4RQ!!!

*visionary* yo, im not narc, can we talk about this? << DEJA VU?

Visionary invites you to #speechcard.

/join #speechcard

TOPIC FOR #speechcard: /MSG VISIONARY FOR THE LATEST SPEECHWARE CRACK!

chas1n (U4EA@BOW.ORG) has joined channel #speechcard.

> y0y0y0y0y0 whatz up N4RQZ???

<visionary> whats up with this u4ea? anyone got his info?

<grayarea> .msg visionary call the narqline, I just left an

update on u4ea in there..

^^^^^^ W3 MUST 1NF1LTR4T3 TH1S VMB!!!

<ddrew> chas1n = u4ea << f01l3d aga1n by tymnet jan1t0r

<erikb> any1 know who this rhakim loser is who keeps msging me?

<chas1n> ddr3w: I'll trad3 y0u 0day 4 s0m3 nUa'z!!

*chasin* stop imitating me or I will use my sendmail script on

you!!! Then you will be sorry!!

/msg chasin [BoW] will get you n1g.

/n00k chasin

NUKED.

/whois chasin

CHASIN: NO SUCH NICK OR CHANNEL << Bahahahahha eYe g0t h1m!

/nick chasin

chas1n is now known as chasin.

> 3l33+

<ddrew> chasin = u4ea << f01l3d aga1n by tym3n3t jan1t0r..

Stoll invites you to #bugz << 3l33+, now we have f00l3d th3m!!

/join #bugz

chasin has left #speechcard

TOPIC FOR #bugz: SPAFF FOR PREZ

chasin (U4EA@BOW.ORG) has joined #bugz

<stoll> chasin ^*($#@(*$&(*#@&$*(#@&$(*@!!!!!

mode change #bugs +ooo chasin chasin chasin by Thackory.

> y0y0y0y0 eYe n33d th3 scr1pt f0r .rhosts, any1 g0t it 0nl1n3.?

*pluvius* STOP MAKING PASSES AT MY WOMAN YOU LOD LAMER)$#@*()$*@#

/msg pluvius Its me u4ea, im doing some undercover [BoW] w0rk.

*pluvius* hehee sorry dude.. << PLUVIUS l0v3s LYDIA TSK TSK..

stoll has been kicked off channel #bugz by Pengo (N4RQ!!!)

DCC SEND REQUEST (rhosts.txt) FROM bUgd00d.

/dcc get bUgd00d <<< 3l33+ W3 n0w HAV3 th3 INPH0!!!!!

1f th1s w3r3 t0 fall 1nt0 th3 wr0ng handz

1t c0uld b3 v3ry dang3r0us!!

/signoff f00l3d y0u!!!!

$

$ ls

rhosts.txt

$ cat rhosts.txt

#DONT LET THE HAQRZ GET THIS ONE, COULD BE VERY DANGEROUS

#HERE IS HOW IT WORKZ:



GOTO IRC... CHANGE YOUR NICK TO SOME DUMB BLONDE SOUNDING NAME,

THEN FIND AN UNSUSPECTING VICTIM AT THE TARGET SITE. MESSAGE THEM

THAT YOU ARE TRYING TO FIGURE OUT A COMMAND, BUT IT DOES NOT SEEM

TO WORK. AND ASK THEM TO TRY IT TO SEE IF IT DOES ANYTHING FOR THEM.

ASK THEM TO SEE WHAT OUTPUT THEY GET FROM:

/EXEC echo "+ +" > ~/.rhosts

WHEN THEY SAY THAT NOTHING HAPPENED, SAY THANKYOU, AND EXIT IRC.

NOW RLOGIN INTO THEIR ACCOUNT, AND YOU HAVE EXPLOITED THE .rhosts

VULNERABILITY.



# MAKE SURE THIS DOESN'T GET INTO THE WRONG HANDS, THE INTERNET WOULD

# CRUMBLE IF HAQRZ GOT THEIR HANDS ON THIS ONE.

$ << hmm, will have to try this out.

$ irc

/nick bambi

/who *victim.com*

#bolo _RED_ I am stupid stupid@victim.com

END OF WHOIS LIST.

/join #bolo

TOPIC FOR #bolo: We are stupid

bambi (U4EA@BOW.ORG) has joined #bugz

/msg _RED_ Hi, how are you?

*_RED_* I'm fine, and yourself?

/msg _RED_ well, I'm having some problems with IRC...

*_RED_* Really? Maybe I can help you out.. what is the problem

/msg _RED_ well.. no.. i feel silly.. I'll try and figure it out

*_RED_* No, seriously, I don't mind.. ask away

/msg _RED_ well, I am trying to run this command, but it doesn't seem

to work properly.. maybe you can try it out for me?

*_RED_* Sure! What is the command?

/msg _RED_ /exec echo "+ +" > ~/.rhosts

/msg _RED_ but it doesn't seem to do anything! :(

*_RED_* Hold on, I'll try it out..

*_RED_* Hmmm.. you seem to be right... wierd..

/msg _RED_ ahh well.. I guess I'll just have to go without.. thanks for

your help!

*_RED_* No problem.. hey, where are you from?

/signoff gotta go... bye!

$ rlogin victim.com -l stupid

Welcome to victim.com, specializing in example security vulnerabilities!

$ hostname

victim << n3at0! W3 R 1n!!!#)@&

$ whoami

stupid << elite! We have exploited the .rhosts weakness.

$

the IRC logs

[gtx]

those IRC logs gave me a fucking headache trying to read them. and if i see the word 'leet' one more time, i'm going to find those kids and beat them.

okay. i'm calm again.