Slashdot Mirror
The Planet's Most Moronic Hacker
RawGutts writes "This is the story of "bitchchecker" (the hacker) a user who lost it because he thought he had been kicked of an IRC channel by "Elch". The hacker comes back on the channel threatening to hack and ruin Elch's machine, and dares Elch to give his IP address.
The address given was 127.0.0.1. "
Sounds rather familiar to me...
Wasn't this a Dilbert strip from a while back featuring Alice as the sysadmin.....??
It is the same reason for my URL I gibe http://localhost:8080 figuring some one will see that port 8080 is open on there system (probably from a failed attempt to get apache working) and start hacking it. If sucessfull they broke into their computer. As for the most moronic hacker I have seen worse threates. Like "My Dad owns the internet and he will have you band, then you will be sorry"
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Here is a cache:
Something nice I read on www.stophiphop.de (got pointed there by a comment on www.macguardians.de) is this nice story of a hacker: http://www.beast.mos-worlds.de/modules/new...php?s toryid=184 (site might be down, quite a lot of people are reading this).
In case you don't speak german (just as this hacker), I've tried a little translation to english. I might have made some spelling errors, but the original spelling wasn't perfect either. The guy really said "buy buy" in the german version. I've posted this on the forum on http://www.desertcombat.com before, so if this looks familiar, might be the same. I've corrected some mistakes and put the < > back to the right version (The DC forum does not support them). All censoring was done by this particular forum here.
Notice that in germany we get DST earlier than in the US.
The story starts (I'm shortcutting here) with an [Please control your cussing] insulting everyone on the IRC channel. Most people there believed it was rather funny, but it got even more funny. For information: The dangerous hacker is called bitchchecker and the one being hacked and original author of the comments, who is talking here, is known as Elch. 127.0.0.1 is always the IP-adress of the computer you're currently using, any request there will return to your computer.
QUOTE
* bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
* bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> why do you kick me
<bitchchecker> can't you discus normally
<bitchchecker> answer!
<Elch> we didn't kick you
<Elch> you had a ping timeout: * bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
<bitchchecker> what ping man
<bitchchecker> the timing of my pc is right
<bitchchecker> i even have dst
<bitchchecker> you banned me
<bitchchecker> amit it you son of a bitch
<HopperHunter|afk> LOL
<HopperHunter|afk> shit you're stupid, DST^^
<bitchchecker> shut your mouth WE HAVE DST!
<bitchchecker> for two weaks already
<bitchchecker> when you start your pc there is a message from windows that DST is applied.
<Elch> You're a real computer expert
<bitchchecker> shut up i hack you
<Elch> ok, i'm quiet, hope you don't show us how good a hacker you are ^^
<bitchchecker> tell me your network number man then you're dead
<Elch> Eh, it's 129.0.0.1
<Elch> or maybe 127.0.0.1
<Elch> yes exactly that's it: 127.0.0.1 I'm waiting for you great attack
<bitchchecker> in five minutes your hard drive is deleted
<Elch> Now I'm frightened
<bitchchecker> shut up you'll be gone
<bitchchecker> i have a program where i enter your ip and you're dead
<bitchchecker> say goodbye
<Elch> to whom?
<bitchchecker> to you man
<bitchchecker> buy buy
<Elch> I'm shivering thinking about such great Hack0rs like you
* bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) Quit (Ping timeout#)
What happened is clear: That guy entered his own IP-Adress in his mighty Hack-Tool and crashed his own PC. This way, the attack on my PC was a failure. I was already starting to think that I did not have to worry, but a good hacker never calls it a day. Two minutes later he returned.
QUOTE
* bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> dude be happy my pc crashed otherwise you'd be gone
<Metanot> lol
<Elch> bitchchecker: Then try hacking me again... I still have the same IP: 127.0.0.1
<bitchchecker> you're so stupid man
<bitchchecker> say buy buy
<Metanot> ah, [Please control your cussing] off
<bitchchecker> buy buy elch
* bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) Quit (Ping timeout#)
There was
this story has been out for a while and let's face it, this isn't real. While it's funny, it's just not real.
Come on...
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Does anybody know what happened to Miranda? Will she and AJ ever come together?
the article was VERY slow when i looked, so i'm mirroring it here
k er .htm
http://www.georgiagrrl.pwp.blueyonder.co.uk/hac
As you slide down the bannisters of life, may the splinters never point the wrong way
It's in the "It's Funny, Laugh" section. It's newsworthy in a section whose purpose is to make people laugh.
Cheers,
Ian
quotes
More quotes
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
No, darn it all to heck, this person is not the planet's most moronic hacker He is the planet's most moronic cracker.
--
What short sigs we have -
One hundred and twenty chars!
Too short for haiku.
Originally in German.
The whole point of the story is that someone actually fell for the ancient joke.. I've seen the 127.0.0.1 gag a million times here on slashdot, but I still laughed out loud at this, because it looks like someone was stupid enough to actually fall for it.
Of course, the story could be a hoax, but that's not obviously the case, and would be a very different thing from the story being boring because it's repeating an old joke.
Not having personally communicated with a script kiddy, it entertains me greatly to think that some of them might be so utterly braindead as to fall for the 127.0.0.1 gag.
"The Milliard Gargantubrain? A mere abacus - mention it not."
Mod parent down.
The feature your talking about is called "Strike Back" and what it does is send some email, do a port scan, some other shit. It does not, in face, "attack" anything in a meaningful way. It is just a colorful phrase.
http://bash.org/?119969
http://bash.org/?83489
http://bash.org/?38640
http://bash.org/?7658
http://bash.org/?7229
http://bash.org/?11701
xkcd.com - a webcomic of mathematics, love, and language.
It's possible believe it or not. Several years ago I was copying my Windows directory to another drive because I was formatting my old one and wanted to take my time and pick any settings that I didn't want to lose (this way I made sure I didn't forget everything, and hard drive space wasn't an issue). I accidently clicked cut and didn't notice and after about an hour and a half the system suddenly began gagging and dieing. I was on AIM and all of a sudden my font turned arabic and then expanded to a seamingly impossible resolution. I realized my mistake and tried to abort the operation but to no avail. I'm ashamed to admit the event actually transpired, but yes, your system can chug along for a while as your files get trashed. And quite frankly, I wouldn't be surprised if it did happen
Oh, I think it is real. There are a lot of clueless wannabe script kiddies out there who are too idiotic to know what 127.0.0.1 is
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
IRC is not RL :)
While I have not actually ever used it, I believe iptables for the Linux kernel has a module that can basically turn the firewall into a mirror, swapping the source and destination fields in the IP header and bouncing it back to the originator. It doesn't do any special tasks such as port scanning or anything. However, it is not recommended to use this particular module as it simply increases the flood of packets that you wind up sending down your line. It also makes your firewall far more useful as a reflector for a distributed attack on someone else, without even needing to break into your machine to do it.
I once got a story posted on my personal webpage by some guy who was complaining that he was being attacked by my computer on an IRC channel. I was like "I'm running OpenBSD, that's ridiculous."
/etc/pf.conf made the last rules allow everything, and then slapped on a big system immutable on it.
/etc/pf.conf before even getting the story, I was like, well easy enough to fix that. Now write out to disk. Hm... write-protected... well, just override that. What do you MEAN denied? I'M FREAKING ROOT!
Then I started finding evidence. You know, that was the first time I'd ever heard about the system immutable flag in OpenBSD. They screwed with my
So, when I actually had noticed the problem with my
Now, I system immutable flag all my important files that I don't want to change if some script kiddy does happen to get into my OpenBSD box.
I am unamerican, and proud of it!
It means the entire 127.x.x.x block is loopback addresses, not just 127.0.0.1
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
man ping
See the -p option.
The ping protocol says that the remote end should echo back the same data payload (usually defaults to 56 bytes in a specific pattern) to help detect data-dependant network problems during testing.
The windows ping doesn't seem to have an equivalent option.
Nope, he's actually right. And the problem wasn't really limited only to winmodems, even some regular hardware modems used to do this.
They would monitor the raw character stream, waiting for special sequences. The +++ sequence was used to break out of "data mode" and enter back into "command mode", and the ATH0 command following it means to hangup the line.
Braindamaged? You bet.
There was of course an AT command to disable this prefix character, but many modems had it enabled by default. Oh the fun those of us with properly initialized modems had... if you think slashdot trolling is bad, imagine going into an IRC channel (or even a local BBS chatroom), typing +++ATH0 in the main channel and watching 2/3 of the people drop like flies.
This guy using an ICMP packet with a +++ATH0 payload is just a variation on the theme, since he was aiming at a single target.
I guess if you were dealing with a total moron n00b script kiddie you could expect him to be running W2K or XP and it would work anyhow, and if not, you could just blame it on your l33t firewall.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
There is no real consensus on how this is "supposed" to work. The entire 127/8 is reserved for loopback purposes, but that doesn't mean it *must be* associated with the loopback device:
C:\Documents and Settings\kutulu>ver
Microsoft Windows XP [Version 5.1.2600]
C:\Documents and Settings\kutulu>ping 127.0.0.2
Pinging 127.0.0.2 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time1ms TTL=128
Reply from 127.0.0.1: bytes=32 time1ms TTL=128
kutulu@system1:~$ uname -rs
Linux 2.4.28
kutulu@system1:~$ ping 127.0.0.2
PING 127.0.0.2 (127.0.0.2): 56 octets data
64 octets from 127.0.0.2: icmp_seq=0 ttl=64 time=0.0 ms
64 octets from 127.0.0.2: icmp_seq=1 ttl=64 time=0.0 ms
kutulu@system2:~$ uname -rs
FreeBSD 5.4-PRERELEASE
kutulu@system2:~$ ping 127.0.0.2
PING 127.0.0.2 (127.0.0.2): 56 data bytes
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
Never, EVER, underestimate human stupidity.
If you still are underestimating it, work for a couple of days at a tech support line, and come back.
Yeah, and notice how windowz doesn't even have a sequence number on their pings? On third generation (or more) OS's, you'd think they would add such a feature that has been in the unix world for decades...
The entire 127/8 is reserved for loopback purposes
:-)
Actually, 128 is not reserved for that purpose. Consider this:
Nah, he was using 127/8 as a netblock representation. saying 127/8 is equivalent to saying 127.0.0.0/255.0.0.0, just as saying 192.168/16 is shorthand for 192.168.0.0/255.255.0.0
I didn't realize that some of the unices out there didn't respond to the other loopback IPs, though.
Slashdot. Hopefully everyone gets to learn something (relatively useless) today
.. of CIDR notation.
I, for one, would like to welcome you to 1994.
Wrong. Read the RFC. The whole 127 is reserved, but only 127.0.0.1 is loopback.
:-)
bzzzzt. Time for an Anonymous coward to also learn something relatively useless today
according to RFC 1166:
The class A network number 127 is assigned the "loopback" function, that is, a datagram sent by a higher level protocol to a network 127 address should loop back inside the host. No datagram "sent" to a network 127 address should ever appear on any network anywhere.
Source: http://www.faqs.org/rfcs/rfc1166.html
It was "NO PLATE" and according to snopes.com it's true. http://www.snopes.com/autos/law/noplate.asp
Sounds like *you* need to reread it ... you're obviously a Windows user, because otherwise, you'd know that ' dd if=/dev/zero of=/dev/hda ' is a command that will wipe the disk - NOT a defrag command.
Now go eat a big slice of that humble pie...
When I was 13, I used to be in a hacking group known as ViRii on Undernet.
//raw NOTICE VictimsNick : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1)
Around that time (early to mid 90s), there were several hacker group wars going on Undernet. I remember the +++ATH0 exploit among many dozens of other exploits at the time.
In mIRC, you could do:
And their modem would hangup/reset.
There was a guy name VallaH i knew in my hacker group. He was the one who original discovered The Ping of Death in Windows 95. He also wrote jolt.c and many others. He was among the first people to find remote exploits in Windows 95. (Microsoft actually hired him that year to work on Windows NT network security, I was quite jealous at the time). The funny thing is, he only designed it to nuke Windows, but it also worked on early Linux 2.0 kernels, solaris and mac (since they all used mainly the same BSD tcpip code i'm guessing)
Vallah later lost his job at Microsoft due to his hacking past/present i'm guessing.
Quoted from this archived email:
"My friend, I will call him Vallah. Lost his job at Microsoft working on network interoperability(sp?) for Windows 2000 when the FBI showed up with a warrent for the files on his machine at work. He has still not been charged with anything and most likely wont be... again, mainly becuase he hasn't done anything. Guilty by association and an infamous past."
I wasnt a hacker myself, more of a wannabe (script kiddie) hacker. I mainly just nuked other people on IRC and did channel takeovers, etc.. The fun lasted until I was around 15 (i'm now 22). Alot of the more serious hackers I was associated with ended up getting caught by the FBI. I have literally hundreds of old hacking stories from my early days with IRC. (Note that i'm now into computer security, not destructive behaviours like hacking).
I have one other story about a guy I knew around my age by the name of XaiL. He was 13 at the time, and he hacked nasa.gov using an old phf exploit. I used to talk to him on the phone long distance, he was a funny guy, sounded like a girl, he hadn't even started puberty by the sound of his voice. I do admit that the only hacking I ever did was using this same phf technique, long since patched. I'm not proud of my early days as a destructive script kiddie hacker, but at the time, it was so much fun.
I also had a very small part in writing the mIRC script known as 7th Sphere (my code was included in the last release, version 3.0, not the previous 2.666). At the time it was a hugely popular "war" script used by script kiddies to nuke, flood, do channel takeovers and many other evil deeds on IRC servers. It came with programs made by Rhad using VB, most notably was "click.exe", a program that let you instantly "nuke" any victim. If you do a google search for click.exe or "Rhadware", you will get the idea of how evil his programs were.
Of course, the +++ escape should obviously only ever work on the sent data, so the NO CARRIER hack could only work with ridiculously stupid modem firmware.
That's why you use ping. The victim machine sends the +++ATH0^M in the reply packet.
An FTP server is not a website. I'll give you the benefit of the doubt that you're just a newb and not an an AC troll...
So, you're saying if I told one 1337 kiddie to go get some warez at ftp.fbi.gov I'd be promoting a DOS attack? Because that is all I did, just using a name that is a DNS alias to that server. I somehow don't think the FBI would put a server on a public network with an accessible FTP daemon that could not handle an occassional connection from a moron or 2.
I have a feeling I've just been trolled though.
The Master (Angelo Rossitto) in Mad Max Beyond Thunderdome, "Not shit, energy!"