Sciencemadness Discussion Board
Not logged in [Login ]
Go To Bottom

Printable Version  
 Pages:  1  2  
Author: Subject: Sciencemadness hax0red!
Organikum
resurrected
*****




Posts: 2339
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: frustrated

[*] posted on 9-4-2004 at 02:43


Agreed, it could have come worse and probably it would have come worse so I am glad we have an friendly hacker here at work. (friendly to us at least ;) ).
You friendly hacker may please understand that nevertheless you being friendly, most people are not overly enthusiastic about what you performed here, ok?

So lets settle this and realize we have been quite lucky and lets hope we will be as lucky in future. :)

Its in the nature of these things that a board like this cannot be secured by no means - the only existing workaround is to have always an administrator online who takes the machine from the net as soon something "suspicious" happens (like the HIVE does). But I see no need here at ScienceMadness for this, backups often are sufficent.

And friendly hacker dont forget, there are not only friendly boards and admins out there in this evil jungle named The Internet, so take care not to get stuck in a honeypot. But I guess its "no risk no fun"?

ORG




Irgendwas is ja immer
View user's profile View All Posts By User
vulture
Forum Gatekeeper
*****




Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline

Mood: No Mood

[*] posted on 9-4-2004 at 04:37


Hack XMBs own support forum and make a statement. Hacking us just caused trouble and annoyance.

Like XMB cares what happens to Sciencemadness...




One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.
View user's profile View All Posts By User
Ramiel
Vicious like a ferret
***




Posts: 484
Registered: 19-8-2002
Location: Room at the Back, Australia
Member Is Offline

Mood: Semi-demented

[*] posted on 9-4-2004 at 17:58


I notice that the names of the users are typed out manually. Interesting.

I don't know much about h4x0ring and computer security, so just bear with me. I logged in during the magic time period of vunerability via cookies, after arriving directly at http://www.sciencemadness.org/talk/today.php (and yes, I type that into IE each time), but my name doesn't appear on the list. As I said, I'm not too clued up on computer security, so I don't know if this is significant.

Three cheers for the Board admins, Polverone especially it seems.

Sincerely
-Ramiel




Caveat Orator
View user's profile View All Posts By User This user has MSN Messenger
chemoleo
Biochemicus Energeticus
*****




Posts: 3005
Registered: 23-7-2003
Location: England Germany
Member Is Offline

Mood: crystalline

[*] posted on 9-4-2004 at 19:38


Something doesn't smell right here.

Indeed, I noticed too that the names were typed in by hand (due to differences in upper/lower cases, i.e. he writes T_Pyro, but it is t_Pyro). Isn't that a remarkable effort in the age of 'copy & paste', particularly where the alleged hacker had it all in a little list, with usernames & PW, in an electronic file?
This could be explained by him checking the memberlist, to see who last visited, and simply typing off names. Would be easy to check out who was online during the hacker period. So maybe he doesn't have our passwords after all (that is, our old ones), and is needlessly taking credit...

Then, I have to question abnormal's posts, too. For one thing, isn't he Quantum's friend, from totse? I am referring to this thread http://www.sciencemadness.org/talk/viewthread.php?tid=1805

Quote:

Glad you took my advise!

I invited abnormal989 over here from the totse forum after he posted a thread similar to this one. Hopefully he will grow into a full fledged chemist

Abnormal989: Its good you came over here as there are many people smarter than me here that can help you by giving you tips and ideas or by you searching old posts.



Quantum, did you not point out to the totse abnormal that his account was compromised? That he may have to register a new account (in case he can't use his old one) to confirm indeed his account was compromised? Of course, this is providing he's not the hacker himself, and the two abnormals are one person...

I am not trying to turn this into a witch hunt, or accuse people needlessly- and from the posting style it seems there are two abnormals.

Nonetheless, maybe the admins could check the IP's of abnormals initial post, and the IP's of the last two posts. I guess they will be different. The hacker IP should be interesting, and maybe the basis for a counter hack attack ... similar to what Mega proposed when roguesci got hacked... not that I think this is a good idea.


At last, to that proud benevolent hacker who means it all so well, and unwillingly of course pissed off a whole load of people, wasted lots of time, and has to get a life-
I hope this is the first and last time you try this (sadly i know it won't).

Unlike others, I don't think how great you are for not doing more to us (and yes I lack gratitude), instead I think you are a FUCKHEAD for disrupting a genuine and great board like this, which in its very character is unique in the internet.
Next time waste your time on a neonazi/similar forum, at least I would accept that as an excuse.

Edit: It's not normally in my character to swear at people, but I couldnt help myself :(

[Edited on 10-4-2004 by chemoleo]




Never Stop to Begin, and Never Begin to Stop...
Tolerance is good. But not with the intolerant! (Wilhelm Busch)
View user's profile View All Posts By User
Quantum
Hazard to Others
***




Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline

Mood: Interested

[*] posted on 9-4-2004 at 21:13


I saw Abnormal's post over at Totse in the 'Bad Ideas' forum surrounded by such gems as 'Stealing a chicken A serious question':(:P

Here is his post: http://www.totse.com/bbs/Forum7/HTML/008406.html

I posted a link over here hoping he could ask his question here and not be dragged down by idiots.

I think you(Abnormal) should post a new topic in BB at Totse called "MSDB hacker' and include a sentence if you want. it will get locked but I/others here can see it and know that you here and you there are one in the same.

I did not tell abnormal over at tose because I had forgoten already about posting the link over here. I hope he is not the hacker but an admin can check IPs and logs I guess.

Quanutum

Edit: This gave me a good excuse to get my 100th post without post whoring!:D

[Edited on 10-4-2004 by Quantum]




What if, what is isn\'t true?
View user's profile View All Posts By User
Alchemist
Hazard to Self
**




Posts: 93
Registered: 22-6-2002
Location: Hostton Texas
Member Is Offline

Mood: No Mood

[*] posted on 9-4-2004 at 21:44
Different account today


chemoleo, you mentioned me "typing in things by hand". Well I didn't. They were indeed all in a neat little list, but due to the length I decided not to flood my post with usernames. Also, since I had to delete the passwords beside them, it wasn't much touble to include a comma and a space. The reason some have differences in cases in some usernames is simple, it's because they aren't case sensitive, so even if you type your username, changing a few caps to small and vice versa, it'll still work, and that's exactly what happened here.

Now, why oh why would the real abnormal989 confess to hacking this forum through his own username? I'm not really abnormal989, as I said before I just used his username because he hadn't changed his password yet. Besides, the admins can just check out the login sessinon IP addresses, the last 3 will NOT match the older ones. And as for the use of the new IPs for a "counter hack attack", I am truly sorry chemoleo but you live in a dream world. Anyway, leave it up to the admins, they'll realize what I'm talking about.

Oh, disclosed is something that might interest you:

vulture | VTZUfMdoa
chemoleo | bowle
chemoleo | abspasfrac
Polverone | c1ndy
Quantum | smiley
Quantum | cran28Nix@Oclcok!#

Those are the login attempts of 4 people I'm quite sure have changed their password since the attack. I think that's proof enough I didn't copy this stuff from anywhere. I even included Quantums' extra-lengthy password, cracked via the dual quantum computers sitting in my basement :P.

Oh yes, for your information chemoleo, it only took 5 minutes to set things up here, so I didn't waste too much time, but many thanks for your kind concern. I'd really just LOVE to start a swearing match with you, but unfortunately I have better things to do.

Thanks for listening again, and I can explain in detail how the hack worked to the admins, if they'd really like to know.

P.S.: vulture: I very much agree, XMB should be punished for making a good-looking but extremely bugged forum and hardly ever repairing it properly. And we're working on that too, don't worry ;).
View user's profile View All Posts By User
The_Davster
A pnictogen
*******




Posts: 2861
Registered: 18-11-2003
Member Is Offline

Mood: .

[*] posted on 9-4-2004 at 21:49


Why is there 2 different passwords for the same user. Old and new ones?
View user's profile View All Posts By User
Hermes_Trismegistus
National Hazard
****




Posts: 602
Registered: 27-11-2003
Location: Greece, Ancient
Member Is Offline

Mood: conformation:ga

[*] posted on 9-4-2004 at 23:38
oh god.


I see this has gone from downhill to under ground.

Even old Professor Hardwigg knew when to turn back.:(




Arguing on the internet is like running in the special olympics; even if you win: you\'re still retarded.
View user's profile View All Posts By User
vulture
Forum Gatekeeper
*****




Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline

Mood: No Mood

[*] posted on 10-4-2004 at 01:13


I'm using the adventureMedia black&yellow color scheme for the board, but since yesterday all text except the links gone white. Did I accidently activate a hotkey or is this another bug?

I'm not going to swear at mister hacker, I just advise him to use concentrated nitric acid as a cooling fluid for his überPC.

[Edited on 10-4-2004 by vulture]




One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.
View user's profile View All Posts By User
Organikum
resurrected
*****




Posts: 2339
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: frustrated

[*] posted on 10-4-2004 at 02:00


In short:
- this is the friendly hacker who hacked this board.
- this is not a skript kiddie as a skript kiddie would have gone hysteric by now.
- the admins should use the offer to get the hack explained.

regards
ORG




Irgendwas is ja immer
View user's profile View All Posts By User
Quantum
Hazard to Others
***




Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline

Mood: Interested

[*] posted on 10-4-2004 at 05:37


I hope Mr.Hacker can't get pgp keys this easily!:o

He can't be cracking the passwords as it would take a loooonnng time for my second one. He must have some sort of way to intercept them before they are md5sumed.

My hat is off to the skill of the benign hacker. Still I wish you would not post my new(er) password. Other people could see it and harm my account while I was away.

Edit: Back hacking wouldn't work for this guy; he is bouncing off a few proxies I bet.

[Edited on 10-4-2004 by Quantum]




What if, what is isn\'t true?
View user's profile View All Posts By User
Eliteforum
National Hazard
****




Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline

Mood: Enjoying the journey

[*] posted on 10-4-2004 at 06:35


Lamer.



All that glitters isn't gold.
View user's profile View All Posts By User This user has MSN Messenger
All Chemist
Harmless
*




Posts: 2
Registered: 5-4-2004
Location: Dresdon
Member Is Offline

Mood: exccentric

[*] posted on 10-4-2004 at 07:42


I already changed my password like you asked. And now u use my account once more. I don't appreciate having to change my password from the origonal to 'Px94sn0Fgi' to some other guf. Now, decist, or i will be forced to unleash my world splitting Super-Sayan Fireball and kill everyone to get you.



He who howls at teh moon.
View user's profile View All Posts By User This user has MSN Messenger
Organikum
resurrected
*****




Posts: 2339
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: frustrated

[*] posted on 10-4-2004 at 08:37


Quote:

He who howls at teh moon.


tis sounds like mei favorit mOOnMoNSTa....




Irgendwas is ja immer
View user's profile View All Posts By User
Hermes_Trismegistus
National Hazard
****




Posts: 602
Registered: 27-11-2003
Location: Greece, Ancient
Member Is Offline

Mood: conformation:ga

smile.gif posted on 10-4-2004 at 10:00
Using poor Orgi to post has much more flair than using Newbie's


Hello Mr. Hacker, I'd like to ask you a couple questions if you don't mind.

Would you please U2U with an email addy?

Hermes




Arguing on the internet is like running in the special olympics; even if you win: you\'re still retarded.
View user's profile View All Posts By User
Organikum
resurrected
*****




Posts: 2339
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: frustrated

[*] posted on 10-4-2004 at 10:33


you got something wrong Hermes, up to now my name wasnt (ab)used.
View user's profile View All Posts By User
Hermes_Trismegistus
National Hazard
****




Posts: 602
Registered: 27-11-2003
Location: Greece, Ancient
Member Is Offline

Mood: conformation:ga

[*] posted on 10-4-2004 at 10:55


Quote:
Originally posted by Organikum
In short:
- this is the friendly hacker who hacked this board.


My mistake, I hadn't seen your sig at the bottom at first glance, and was confused.

Who is the friendly hacker?




Arguing on the internet is like running in the special olympics; even if you win: you\'re still retarded.
View user's profile View All Posts By User
Organikum
resurrected
*****




Posts: 2339
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: frustrated

[*] posted on 10-4-2004 at 11:20


yes thats unclear I admit.

I was referring to chemoleos claim that the person posting here isnt the one who hacked the board - ok?
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 10-4-2004 at 11:20
attention Sir Haxalot


Quote:
Thanks for listening again, and I can explain in detail how the hack worked to the admins, if they'd really like to know.

This I would like to know.

Do you know of any vulnerabilities in XMB 1.8 SP3, or just what has already been published about 1.8 SP2 and earlier?

[Edited on 4-10-2004 by Polverone]




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
Alchemist
Hazard to Self
**




Posts: 93
Registered: 22-6-2002
Location: Hostton Texas
Member Is Offline

Mood: No Mood

[*] posted on 11-4-2004 at 12:52


Ok, first off: Who I am doesn't really matter, and I'm only using different usernames to stop people from thinking that the owner of the username is the real hacker. Neither abnormal989 nor Alchemist is the hacker, they just haven't changed their passwords yet. Also, I didn't expect I'd be posting this often, maybe I should just make a new username to rid myself of the trouble...

Anyway, Quantum: You are right, there's no possible way your 18-digit password can be cracked. Trying all possible combinations of a-z, A-Z, 0-9 and only 4 extra symbols for an 8-digit password would take approximately 11.4 years, assuming a brute force speed of 1000000 passwords per second. The admins know I didn't just get the md5 passwords, that would be too hard to trace anyway.

Now, I'll explain briefly what happened so that everyone interested can comprehend how it worked and the admins will be able to recognise such attacks with ease in the future. With some standard SQL injection (injecting sql statements into a php script by fooling the script to run them), you can easily obtain the md5 hash of any users' password. Using that you can spoof your cookie and login as the owner of the username, for instance the administrator. This allows you to do pretty much anything you want within the confines of the forum, but by no means can you learn the password.

However, you can modify the templates that are loaded in specific pages. Specifically, the header template, which is used in all pages, was modified to redirect the user to the misc.php?action=login page, whose template was modified to redirect the user to another page, where a php script stored the username and password and sent the user back to the main forum website, logged in. That is basically how it worked.

Polverone: Funny you should mention that, because XMB 1.8 SP3 DOES have some vulnerabilities, and so does XMB 1.9. Even the version they're using over at the XMB website is vulnerable, but to a different kind of SQL injection we haven't been able to fully exploit yet. But I promise if anything comes up you'll be among the first to know (and by that I mean i'll e-mail you or u2u or whatever, not that I'll hack the forum all over again :P).
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 11-4-2004 at 15:10


It seems like a much more subtle attack would be possible, if you can execute arbitrary SQL commands. I.E. couldn't you modify the login page to store plaintext usernames/passwords in new entries in the database, and later use another command to retrieve all the stored pairs? An attack like that wouldn't need redirection to another site, and would be very subtle indeed if you just let logins naturally expire and be re-entered. But I don't know exactly what you can accomplish, even after having it explained.



PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
Blind Angel
National Hazard
****




Posts: 845
Registered: 24-11-2002
Location: Québec
Member Is Offline

Mood: Meh!

[*] posted on 11-4-2004 at 15:49


My question is: From where were you able to inject the SQL statement, for the rest it's not a big deal.
View user's profile View All Posts By User This user has MSN Messenger
axehandle
Free Radical
*****




Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline

Mood: horny

[*] posted on 12-4-2004 at 07:12
warning


When I tried to enter the profile editing section using mozilla, I got a popup with the text "Select a username to be used entering this forum", and a field with my email adress listed twice.

Is this related to the upgrade or is it another crack?




My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35

\"Verbing nouns weirds the language!\"
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 12-4-2004 at 07:18
neither


It's a Mozilla thing. Delete one of the saved user/password combinations, using Password Manager.



PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
axehandle
Free Radical
*****




Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline

Mood: horny

[*] posted on 12-4-2004 at 08:20
silly me


Mozilla must have stored both the old and the new password, and instead of behaving logically I became paranoid. Thanks for not saying out loud that I'm an idiot though, Polverone.

There. I said it myself.

Edit: As a side note, I managed to cast aluminum on my charred wooden table, gripping the handle of the crucible with a towel. I was lucky I wore gloves. The towel, as well as the table under the SS mold, caught fire. Big time. *cough* *cough*


[Edited on 2004-4-12 by axehandle]

[Edited on 2004-4-12 by axehandle]




My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35

\"Verbing nouns weirds the language!\"
View user's profile View All Posts By User
 Pages:  1  2  

  Go To Top