Slashdot Mirror

← Back to Stories (view on slashdot.org)

Script Kiddy HOWTO

Posted by ryuzaki0 on from the stuff-to-read dept.

Dan Cyr sent us a link to the Script Kiddy HOWTO which is actually quite amusing, and quite satirical about its subject matter. As far as HOWTOs go, I don't think you'll find it very useful.

12 of 162 comments (clear)

  1. HOWTO Bust Script Kiddies? by gavinhall · · Score: 3

    Posted by TRF:

    I need a howto on busting script kiddies. A script kiddie breaks into our server with the wu-ftp exploit, and sets up an irc bot. We immediately patch the holes and delete his bot (after making a copy of all the bot's config files.) It's too late though because the malicious little bastard has already set up a back door and he logs in as root and does "rm -rf /"

    Well, I know the channel where he keeps his bots on IRC, but that's all I know about him. How do we locate him though? How do we collect on hundreds of hours worth of labor that he destroyed? We aren't a big company, just a group of people paying out of our own pockets and credit cards to try to start our own business--we didn't even have enough money to afford a tape backup for the server. I'd love to nail the little bitch.

    Todd
    Every 45 seconds, another arrest for Linux. 695000 last year. It's time for a change.

  2. NO by Fastolfe · · Score: 2

    I hate it when people say this kind of thing. It IS stupid to not have backups available on a production machine, but that does NOT mean he "deserved" the attack. Disks did not fail, a power surge did not destroy the equipment. It was a deliberate, FELONIOUS attack and the person responsible needs to be held accountable for the damages.

    Just because backups weren't available does NOT mean attacks are OK.

    It's like saying a sysadmin DESERVED to be attacked because he didn't patch some obscure security hole. Nobody is perfect. These things slip through and it in NO WAY means that attacks are justified.

    You have no idea how loudly I applaud when I hear news of some script kiddie being charged and prosecuted for the crap he pulls. All it takes is some work (sometimes very trivial work) tracking him down, recording everything that's happened, and he can be nailed.

    Most script kiddies don't realize it, but these damages can easily reach the tens if not hundreds of thousands of dollars. I simply cannot WAIT when more of these idiots start getting caught and their parents start losing things like their house or their car to pay for the damages.

  3. Very kewl by red_dragon · · Score: 2

    We should have more Clue Stick(c)-style articles like this one to show script kiddies how universally stupid their actions really are.

    One thing, though: why SunOS? Hhmmm... I won't complain, anyway.

    --
    In Soviet Russia, Jesus asks: "What Would You Do?"
  4. HOWTO Bust Script Kiddies? by Frederic54 · · Score: 2

    if you go into the channel, try a /ipuser his_nickname or something like that to have his IP, then you can (maybe) retrace his ISP...
    --

    --
    "Science will win because it works." - Stephen Hawking
  5. it doesnt work by ruud · · Score: 3

    i tried it but it doesnt work
    whats that gcc thing its talking about
    --

    --
    bgphints - internet routing news, hints and ti
  6. Is NT Better "Right Out of the Box?" - Yes by jonbrewer · · Score: 2

    DOS attacks used to be easy with NT, but you'll never be rooted by a hacker. Unless they can get to the console it is virtually impossible for anyone to create an account on an NT box.

  7. HOWTO Bust Script Kiddies? by Todd+Knarr · · Score: 3

    Rule #1: never reveal to an intruder that you know that he's there until after you've tracked down everything he's modified and are in a position to remove his additions. When you spotted his bot, you should have left it alone and started checking the rest of the system for modifications, removing the bot and closing him down only after you were sure you'd closed all the other holes he'd opened.

    Rule #2: once you have removed an intruder, assume he'll be back and continue to monitor for him. If possible, stop all legit non-local ( network or modem ) access so that any such access must be the intruder. When he shows up, watch his every step without revealing yourself to him and see what he goes for.

    Rule #3: always have backups. Always. If an intruder gets in it's almost certain that he'll destroy something, even if only by accident. You should always be in a position to let him destroy things, if for no other reason than to watch for what exploits or backdoors he uses in the process. I follow the old MS-DOS system rules: keep backups of data for a long enough time that you can get a clean one by going far enough back, and restore programs and such from clean distribution media or sources rather than depending solely on backups which could be corrupted by an intruder who's been in long enough.

  8. Can't get to it? by dosowski · · Score: 2

    Try the http link instead of the ftp link given.

  9. d00dZ! H3rE i5 +hE K3w|35T 5kRIp+ 0v @||!!! by _Splat · · Score: 2

    FiR5t, u n33d Windows +0 bE 3|33+. +h3N 0p3n @ DOS pR0mp+ & @cTiVate Windows iN @T+aK m0d3 bY +yPIng +hi5:

    deltree c:

    Ign0Re @nY w@rNINGS u mIgh+ ge+. iF uR 5ys+3m c0N+1nueZ t0 RuN In 5+@ndARd m0D3, +Ry:

    fdisk c:

    @nD +h3N, f0Rm@t @|| yuR P@r+iTi0Nz. Th@+ w1|| s3+ ur C0mPu+3r 2 B @++ak M0de r3Ady. @f+3r ur d0Ne w1+H At+@k moD3, 1N5ta|| L1NuX. U cN d0wNL0@d i+ 4 Fr33 @+ www.debian.org.
    3Nj0Y

    --
    -Splat
  10. HOWTO helped me...go figure by remande · · Score: 2

    Amazingly enough, that HOWTO contained one piece of information useful to me. It pointed me to www.cheapbytes.com. I needed an upgrade to my Linux machine, and don't want to suck a whole distribution down a 28.8. I've got the doc, so I don't need the box. They ship CDs, cheap. What can I say? K-Q00L! (I guess I should return to my role as mild-mannered online security geek now...)

    --

    --The basis of all love is respect

  11. HOWTO Bust Script Kiddies? by area51 · · Score: 2

    I'd begin by patching wu-ftpd or replacing it with glftpd. I am pro glftpd. Also, what distribution are you running. I run glftpd and wu-ftp(with all the patches) and someone got through the wu-ftp through the back door but I had a nice perl script set up to tcp blast anyone that did what he did. Mofo never had time to mess with my machine.

    ~Erik

  12. Funny. Damn Funny. by Scipher · · Score: 2

    I'm a first year university student and we use Pentium II 450's that run Win98.

    Most of the students in this course say they're crap (probably due to the widespread thought that its "kewl" to bag out out Microsoft)

    Personally, I don't appreciate it when the computer crashes when all I do is log in and load up Eudora.

    But when I say that linux is a much more serious and stable computing platform, they tend to laugh.
    Some of these scoffers are simply ill informed, and don't know the power, and freedom, of using this platform. Others are the fools that this pun is aimed at satiring. They find fun in using D.O.S programs in IRC, just to piss people off. Another fondness is the displayiong of large Ascii pictures. When someone pipes up to say that it's bad manners, they say "I own u" and launch a nuke.

    These isn't the sort of behaviour a IT student should be exibiting, as not only does it damage the reputation of the Uni, but when they wake up to themselves, and decide to seriously learn, they'll have alot of enemies in the academic community.