Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "wk93"
I had a secondary Gmail account with a really nice short nickname (from the early invite/alpha days), forwarded to another of my mailboxes. It had a weak password, leaked as part of one of the many database leaks.
Eventually I noticed some dude in Brazil started using my Gmail, and he changed the password — but I still got a copy of everything he did through the forwarding rule. I caught him bragging to a friend on how he cracked hashes and stole and sold email accounts and user details in bulk.
He used my account as his main email account. Over the years I saw more and more personal details getting through. Eventually I received a mail with a plaintext password... which he also used for a PayPal account, coupled to a Mastercard.
I used a local website to send him a giant expensive bouquet of flowers with a box of chocolates, using his own PayPal and the default shipping address.
I included a card:
"Congratulations on acquiring my Gmail account, even if I'm 7 years late. Thanks for letting me be such an integral part of your life, for letting me know who you are, what you buy, how much you earn, who your family and friends are and where you live. I've surprised your mother with a cruise ticket as you mentioned on Facebook how sorry you were that you forgot her birthday and couldn't buy her a nice present. She seems like a lovely woman. I've also made a $1000 donation in your name to the EFF, to celebrate our distant friendship"33
I got my wife pregnant despite birth control being used... You could say she *puts on sunglasses* failed the penetration test.
I'll see myself out.14
We have free WiFi access, but you need to login into your personal student account to use it.
Turns out, SQL Injection works.
It gets worse.
Table name "schueler".
Got all data on all students.
Name, address, phone number, passwords in plain.
I reported it using an anonymous email. Partially fixed. Standard quotes now get eacaped. Still, passwords are now MD5.48
(sensitive parts censored)
Friend: Hey, can you hack my (some website) account?
Me: Depends... What's your username?
Friend: (tells username)
Me: (clicks forgot password?)
Friend: I will give $10 if you do it. There is 2 factor authentication enabled.
Me: (silence) Ok.
Website: Please type the class number you were in in 4th grade.
Me: Hey, did you graduated BLAH elementary school?
Me: Ahh, I remember. You moved to BLAH elementary school in what grade?
Me: Hmmm, I don't remember seeing you. What class were you in?
Me: Well, I now remember. Stupid me. (smirks)
Friend: Haha. (continues to play games beside me)
Me: (Types in 8)
Website: We sent you a password to email@example.com
Me: (uhh, heads to example.com and clicks forget password?)
Email: Please type the class number you were in in 4th grade.
Me: (wtf is this, types 8)
Email: Please type the teacher's name when you were in in 4th grade.
Me: What was the teacher's name?
Me: When you were in 4th grade.
Friend: Ahh! John Smith.
Me: Ahh, he was strict, right?
Friend: Yeah (continues to play games again)
Me: (Types in John Smith)
Email: Set a new password.
Me: (Types "youaresostupid")
Me: (copies PLAIN TEXT password from email, logs in to website)
Me: Money plz~
Me: (wtf, then remembers i changed his email password) Fine then.
1. There is 2 factor authentication enabled. : Got it?
2. The website sent plaintext password.
3. He is just pure idiot.
4. I didn't got the money.
5. I am now a h4x0r11
What's the downside of having a "high tech" classroom with Bose speakers and a mid tier PC you say?
So back in highschool we used to have these fancy "corporate" classrooms with speakers, PC and projector setup (plus really comfy chairs). Classrooms were organized in triads next to each other so we usually knew when classes where taking place next to us.
One day I decided to fuck around with teachers, I waited until he/she started class and I remotely blasted music or porn sounds on the third empty classroom and waited until the angry teacher rushed to the classroom then...silence...nothing but an empty classroom.
One day one of the teachers was so pissed because I orchestrated a Vivaldi concert with the 3 classrooms he rushed into ours and took a friend of mine who he had a personal grudge against, I kinda felt bad but not so much after my mate told me that was genius and that we should do it again.13
I realized hacking was about being smart when at 14 i hacked into someones computer by guessing his password on the 2nd try.
The dude loved computers more than me and watched matrix all the time.
So i typed “neo”9
While working support a client calls saying he's being DDoS-ed. The whole team went into high alert. Everyone is checking network traffic but there is no evidence of an attack. The client insists, calls all the way up to our CEO complaining of our incompetence and that he's losing thousands of dollars every second.
I take it on myself to look a little deeper. After some Sherlocking, I find that the client's developers managed to build an infinite loop that makes HTTP requests to localhost. The client was DDoS-ing them selves.
I got no thanks for my competence no apology regarding my incompetence. 😑4
I'm looking always for vulnerabilities in sites or programs.
Funny one was that I found site with movies.
And you had5minutes free and then you needed to login and pay.
Well I found out that the confirmation was happening on client side.
So after little magic.
I exploited the issue watched few movies for free andthenwrote email to them.
After 2 hours got response from them thanking me and that itstotally OK if iwatchedfew movies.
Got premium account for 1 month and 30$.
That was really good day.10
*Working on Friend1's laptop*
*Friend1 leaves and his laptop gets locked unattended*
Friend2: Now what? We need to finish that thing on his laptop..
Me: Let me try..
*Enters Friend1's name*
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P38
Another story on the spirit of wk93. TL;DR I DOS'd the whole campus network for some beers.
In highschool teachers had this blackboard system (a sort of moodle) and we used to have really lazy teachers who only read the PowerPoint presentations and made us take notes. One day I was fed up with their bullshit and figured these lazy ass professors wouldn't "teach" crap as soon as there was no internet connection...so the race was on...
10 minutes before the bell rang a friend and I managed to break in into a computer lab, I booted up Kali and searched for the access points, 3 routers through the building all with CISCO OS.
I figured they had all the default configs, time was running out so I decided to Smurf the three access points with the lab's IP range, scheduled an automatic shutdown in 2 hours and blocked the PC. The bell rang and as predicted, no internet, no class, my friends and I used that free time to go to a bar (on a Monday afternoon).
Funny side note, since the 3 routers were down the whole network collapsed, no cameras, no access control, no faculty network or any network. We kept doing it and every time we did campus security would be desperately searching for someone with a black hoodie.8
We were all 16 once right? When I was 16, my school had a network of Windows 2000 machines. Since I was learning java at the time, I thought learning batch scripting would be fun.
One day I wrote a script that froze input from the mouse and displayed a pop up with a scary “Critical System Error: please correct before data deletion!!”. It also displayed a five minute countdown timer, after which the computer restarted.
I may or may not have replaced the internet explorer icon on the desktop with a link to my program on the entire student lab of computers. Chaos.12
This isn't really a hacking story but it does remind me of something I did as "revenge."
In middle school, this one fool kept bullying me. Always tried to harm me, always tried to insult me, always tried to make me fall during PE.
I hated him a lot, so instead of trying to kill him as planned, I did a harmless little keylogger prank thing.
I installed a keylogger on the school's laptop before class. (I did it during break, and when class started, I placed it on his desk.)
He took the bait, and instead of doing work, he logged onto his social media accounts. Now I had his passwords and everything.
When I went home, I logged onto his social media. I checked his messages so I can get some dirt on him, didn't find much except for the fact he snuck out a few times, and smoked before.
I changed his profile picture to some cringy anime thing and messaged one of his friends (the one who always copied my test answers in History and would steal my homework) and I said, "tell --- that if he doesn't stop being an asshole, I'll do worse than "hack" his social media."
It freaked them both out a bit, but didn't change their behavior, which is a shame because my threat was empty. It's not like I was able to do anything more than that in middle school. To this day, they still have no idea who did that.
This was about 4 years ago.17
During a penetration test, I was dropped off in a Navy SEAL Ranger Black Hawk helicopter on the top of a 300 story building. I repelled to the 150th floor with fishing line, carved out a window, and installed Kali on the office door knob. I then typed out l337 HTML code in notepad and gained access to the mainframe. Then, some guy named John McClane wouldn't stop asking me for advice as I roped down the elevator shaft cable. I then walked outside, got my shoe shined, and the CEOs daughter came up to me saying she wants to take me to dinner because I'm the most l337 of the l337.11
My last wk93 story, the time we discovered school faculty was spying on students and we uncovered student's deepest secrets.
I call it, kiddiegate.
So if you've read my past rants you've noticed I did some pretty childish and reckless stuff with my highschool's systems when I was younger, but nothing compares to this thing.
After resetting the sysadmin account pwd on some machines it occurred to me I could write a keylogger to capture teachers Moodle accounts and so on, I decided to try it out on a regular lab computer first.
Imagine my surprise when I found a hidden keylogger already installed! I couldn't believe it but then I thought, what if other PC's have it? So I recruited my mates and teached them the process to check if a PC had been infected...ALL PCs were, over 30 computers we checked had been logging for over 3 months! That damn sysadmin! >:[
We were shocked and angry, but then I thought "hey. . . My work has been done for me, better take advantage"
So we did, we extracted each log and then removed it from the PCs along with the keyloggers. There were hundreds of records and then one day we started snooping into the fb accounts of some students (we shouldn't have) we uncovered so many nasty, shocking secrets...
One of the school's lady's man had a drunk one nighter with one of our gay friends, the most secluded and shy guy was sexting like crazy with 15 chicks at the same time, things like that...we promised to never say a word and deleted the logs.
After that we didn't do much and continued highschool as every teenage minor should, getting drunk and avoiding responsibilities, though we could never see many of our classmates the same way. The sysadmin was fired shortly after I graduated, no reason was stablished.
I want to clear out we were minors and laws in my country weren't clearly stablished at the time plus no harm was ever done. I don't condone hacking or any kind of illegal activity, just thought I'd share.6
Talking to Best Buy customer support live chat trying to price match using friend’s laptop.
Typed in “<b>Hello</b>”
Oh cool.. it comes out as bold. Let’s get a scary as fuck screamer gif and img src it.
Me: *Posts picture*
Me: *Waits a few seconds*
Me: “Did you see that picture?”
Support: “No. Sir, could you tell me the item you want to price match?”
Me: “Okay hold on.”
Me: “Did you see that?”
Friend: “Dude stop.”
I push my friend away since I’m on his Best Buy account.
Me: “Did you see a pop up?”
Me: “Okay okay hold on.”
You have left the chat.10
Tl;dr: owning and pranking other people with a wireless mouse is hacking and illegal.
Okay, so I wanted to fuck around with some people one day so I decide to bring a usb wireless mouse to my secondary school.
My first target was my science teacher (was a bitch). I got into class before everyone else and plugged in the small usb receiver then sat down and pretended as if nothing had happened. The lesson starts and here is where the fun begins. Her screen is projected onto a whiteboard so I could see what she was doing. Under the table I had my mouse and every time she tried clicking a dialogue, I would move the mouse ever so slightly so she would miss. After a couple of times, she started to get suspicious, maybe even slightly paranoid; my friend keked. I never got found out by that teacher.
Fast forward to next lesson: I already planted the receiver in my next victims pc. The victim was a bitch I hated so much at the time. She would used to bully me to an extent and was a loud noisy bitch. I really didn't like the person. I digress. When the time was right, I went to her folder, highlighted all her files, right click, hover over delete. But I wasn't so shallow to delete her stuff. That's not the person I am. I guess it was more of a threat really. But the teacher saw what was going on and she saw my wireless mouse and connected 2 and 2 together. She called the behaviour people, removed the reciever and the mouse from me.
Within a few minutes, I was in a room on my own talking to this woman talking about how hacking is bad/illegal and she knows I'm into it etc. But I wasn't hacking? I did no damage and was pulling a prank. Bitch didn't listen to me. She made me sign this document which said that if I fuck around with computers, I could be expelled and I won't be allowed to use to computers again or use them with many restrictions.
I didn't really care. To this day, I still don't have my mouse back. :(7
One of our teachers developed a website for our university about three years ago. That was something like assignments management system + social network + schedule, everything in the world as one website.
It seemed like he didn't put any code escaping at all. Injected a block of CSS that made the entire page slowly fade away when some user tried to look at my page. Other teachers stared at it as if it was pure magic, doubting their sanity.
Still isn't fixed btw :)6
Decompiled a .exe from a program that was written in Visual Basic 6.
Got a public server IP, username and Password that was hardcoded in the program.
Found out it was a SQL Server. I've now got full access to the server.
I want to tell the company about this, but I'm afraid I might get sued. Any advice?12
My first unintentional "hack" was in middle school, I had been programming for a couple years already and I was really bored.
My school had blocked facebook, twitter and so on because most students are lazy and think everything revolves around their "descrete" cleavage picture's likes. Any way, I thought most would be naive and desperate enough to fall into a "Facebook unblocked" app at the desktop, the program was fairly simple just a mimicking FB page done on C# ASP that saved user and passwords in an encrypted file.
I distributed it in around 5 computers and by the end of the month I had over 60 accounts, and what did I do? I used it to post a gay relationship between two of my friends on fb (one had a gf), it was dumb but boy did I laughed, after that I erased everything as it didn't seem so important.3
This is from my days of running a rather large (for its time) Minecraft server. A few of our best admins were given access to the server console. For extra security, we also had a second login stage in-game using a command (in case their accounts were compromised). We even had a fairly strict password strength policy.
But all of that was defeated by a slightly too stiff SHIFT key. See, in-game commands were typed in chat, prefixed with a slash -- SHIFT+7 on German-ish keyboards. And so, when logging in, one of our head admins didn't realize his SHIFT key didn't register and proudly broadcast to the server "[Admin] username: 7login hisPasswordHere".
This was immediately noticed by the owner of a 'rival' server who was trying to copy some cool thing that we had. He jumped onto the console that he found in an nmap scan a week prior (a scan that I detected and he denied), promoted himself to admin and proceeded to wreak havoc.
I got a call, 10-ish minutes later, that "everything was literally on fire". I immediately rolled everything back (half-hourly backups ftw) and killed the console just in case.
The best part was the Skype call with that admin that followed. I wasn't too angry, but I did want him to suffer a little, so I didn't immediately tell him that we had good backups. He thought he'd brought the downfall of our server. I'm pretty sure he cried.5
It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.
The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.
Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.
At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.
To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.
The decrypt program stayed running for one week until it finds the password we did want: the root.
We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.
Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.
After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.
We just deleted our account with root powers, logged in as student and pretended everything was normal.
End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.
We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.
We really have fun remembering this "adventure". :)
PS: the admin formatted all the servers to fix the mess. They had plenty of servers.4
My brother: “There’s no way you can remove games from my computer!”
Me: “Oh really?”
Bro: “Yes! I got password on Windows!”
He didn’t knew I had remote control setup on my PC... So I hid games on his PC6
The company i work for has a jenkins server (for people that don't know jenkins, it's an automated build service that gets the latest git updates, pulls them and then builds, tests and deploys it)
Because it builds the software, people were scared to update it so we were running version 1.x for a long time, even when an exploit was found... Ooh boy did they learn from that...
The jenkins server had a hidden crypto miner running for about 5 days...
I don't know why we don't have detectors for that stuff... (like cpu load being high for 15 minutes)
I even tried to strengthen our security... You know basic stuff LIKE NOT SAVING PASSWORDS TO A GOOGLE SPREADSHEET! 😠
But they shoved it asside because they didn't have time... I tried multiple times but in the end i just gave up...13
My private Email Account got hacked when I was in school, and they sent out a mail with something along the lines of "hey, you should really use this product to lose weight, it is great" to all of my contacts. Many of them ignored it, some of them called me to inform me about the issue (the worst part was, long after I used 2fa and changed passwords regularly, they still had my name and contact list, so they just made email adresses that looked like mine and continued to send out spam to my contacts). Anyway, one teacher of mine didn't know that this was a scam and was insulted because I regularly sent emails about her losing weight. And as if the whole situaion, which I couldn't do anything about, wasn't bad enough, my parents and I had do have a 1h conversation (which ended up in me explaining how those hacks work, and luckily she understood, but still). Never again. I prefer those fake ms support guys that call me over this every day.7
A friend (also a colleague) of mine had hacked the password of his manager's Netflix account 😆
Well, can't call it as "hacking" in 2018 when you can sneak into an idle laptop and view stored passwords in Chrome.
Now this Netflix account works as a "charitable trust" and more than 30 people are aware of the password 😆18
School has default router username and password. And it's not just a shitty tp-link router. It runs linux.
Made a simple reverse shell and I have a fully functional linux computer. Not really a hack, but it's sad.
Soon to get to the school server!3
Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.
At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.
Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/
Then I found about over 50 infected files with the malware code.
Cleaned and finished my job.
No one else knows that I did a lot of hard job.2
So it turns out that the company I work for uses and develops for Linux just because, I quote, "IT'S IMMUNE TO VIRUSES!!!".
Even if our systems are not connected to the internet (and never will be) and protected by armed guards.
I am stunned.6
A few weeks before, my neighbor came to me saying his wifi is hacked and someone is abusing it.
So I tried the wifi and found out there is no password. And the one who was abusing a simple open wifi was me XD.
So I set a password for her and disabled wps. But hopefully no one (expect devrant) will know I used that much bandwidth.2
So, an introduction story from a few years ago.
Our school had a scheme where you paid for a crappy netbook (think 2012 Atom processor) which they installed Windows 7 professional along with their standard monitoring software. Needless to say, it ran slower than molasses with the inadequate 1 gig of RAM.
So I went to boot from an SD card, but was prompted for a password.
So irritated me removes the hard drive and runs ophcrack against password file. One local admin with a very short password: 966 (posting since I know they don't use it any more).
I try the password as the BIOS password and I'm in like Flynn. After trying a few distros out, I settle on Puppy Linux and go in to school the following day, happy knowing that this overpriced n chine could actually be used for work.
Just out of interest, I try the password on a friend's netbook. It works. The entire domain had images with an active local admin with a 3 digit password.
The only hacked sites I had to fix were running on ... [prepare your stomach] ... Joomla.
I'm not sure if there is even one single solid developer for Joomla. This shit piece has more vulnerabilities than a crack hobo infested with pest-ebola-hyperAIDS.
The sites were full of hidden viagra and pr0n ads and links so the crawlers would list them.
Luckily for me, I was able to pursuade the clients in all 3 cases to build a new site from scratch on a different CMS.2
My personal website was, and still is being, attacked by a massive botnet attempting to gain access to my server. How I secured it? Fail2ban and only ssh keys. 1000+ IP addresses banned so far.6
The best hack in history is surely the one from the mystic "bitchchecker":
https://ubuntuforums.org/showthread... (too long to paste here)
He's a true master6
So... I was using my laptop one day and randomly my mouse started spazzing out, I thought maybe it's broken or something so I paused the video I was watching and waited for a couple of seconds, soon after I played the video, my mouse started moving around again, closing windows and opening up different things. I got so scared I shut my laptop down before it could open anything else.
A few minutes later I turn it back on and everything looks fine, I thought whatever that was all about is probably gone, had to double check my security settings etc. and let it be for now.
A few days later I found out that it was actually my dad, in the next room trying to hook up his Bluetooth mouse to his iMac which for some reason got connected to my laptop instead. He was moving it around trying to see whether or not it's working, thus the spazzing out of it on my screen...lmao boy I felt so relieved after that 😂
~not really a hack however it gave me a good laugh2
First company I worked for, built around 40 websites with Drupal 7...in only a year (don't know if it's a lot for today's standards, but I was one guy doing everything). Of course I didn't have the time to keep updating everything and I continually insisted to the boss that we need more people if we are going to expand. Of course he kept telling me to keep working harder and that I "got this". Well, after a year a couple of websites got defaced, you know the usual stuff if you've been around for some time. Felt pretty bad at the time, it was a similar feeling to having your car stolen or something.
Anyways, fast forward about 2 years, started working on another company, and well...this one was on another level. They had a total of around 40 websites, with about 10 of them being Joomla 1.5 installations (Dear Lord have mercy on my soul(the security vulnerabilities from these websites only, were greater than Spiderman's responsibilities)) and the others where WordPress websites, all that ON A SINGLE VPS, I mean, come on... Websites being defaced on the daily, pharma-hacks everywhere, server exploding from malware queing about 90k of spam emails on the outbox, server downtime for maintenance happening almost weekly, hosting company mailing me on the daily about the next malware detection adventure etc. Other than that, the guy that I was replacing, was not giving a single fuck. He was like, "dude it's all good here, everything works just fine and all you have to do is keep the clients happy and shit". Sometimes, I hate myself for being too caring and responsible back then.
I'm still having nightmares of that place. Both that office and that VPS.
So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.
I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".
What I did?
I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.
Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.
Moral of lesson: make sure your IT secures everything in place.1
Not really hacking, but my roommate says otherwise. So we share a router in the apartment and I’m the only one that really knows how to access it, so of course I change the password and tell no one (not like they’ll try to get in anyway).
Occasionally set roommate likes to get blackout and play music very loud at 2am. To be petty, on those occasions I set up an RPi Zero to connect to the WiFi, restart it, and sleep for a minute, and repeat. He’s still convinced we are getting DDOSd, and suspects nothing.
Reason I don’t just set parental controls - he gets more frustrated when the WiFi appears for 10secs, the music is just about to start and shuts off again. So he gives up quicker. Otherwise, he resets the router and I have to set up everything from the start.3
someone did xss on one of my websites.
i didnt bother to secure anything on the website because i was marketing to dumb kids.
So in the 2nd grade of middle school.our classes had computers with projectors and teachers would present on them. At that time I was still a beginner in programming and knew some basic cmd commands, so before our teacher had come to class I went to the computer desk, opened cmd and then executed this command “shutdown -s -t 36000” which basically shutdowns the pc after 36000 milliseconds and then the teacher came to class and started explaining us a new lesson on a power point and half way through the power point the pc suddenly shutdowns and the class got wild. and no one admitted who did it so all the teacher did is to say” who ever did it pls don’t do it again”. Like wow...😂😂😂4
Wrote a python reverse shell thing to fuck with my friends in class. Wrote a bunch of payloads to do things like, open CD drives, close focused process, and my favorite: blue screen computer. The last one made for a fun exam day. 😃4
When I was 14 or so, we had acces to some computers during break. I went through each and every one of them, rebooted into Safe Mode (yeah, Windows), logged in as admin with no password, and gave admin powers to my account (each student had one, at least). Then, installed a keylogger and one of those "trojaans" that let me remote terminal, keyboard and mouse control to all the PCs (I had tried telnet server, but this was soo much easier).
Then came the fun.
"Why does the start menu keep opening by itself?"
"Why is the CD tray opening and closing on its own?"
Then I found out social media passwords like (translated from spanish) "bigdicks". Never used them, because I considered myself one of the gray hatted. I did it just for the fun.2
NUKE IT FROM ORBIT. It was when i was doing an assignment with my roommate, i was compiling something on my pi and ran netstat afterwards for no reason. I had an ssh-connection from china (logged in too). The pi was shutdown ASAP, i salvaged everything i needed from the sd and dd'ed raspbian on the disk again.
Turns out you were able to login via root (i thought i disabled it) with the password i set (root...). I learned from this, now external logins are only allowed via private key and i have fail2ban set up3
he: checkout my crazy FUD hack (a token stealer which turned out to be far more malicious than i anticipated)
me: executes it (yes in a VM)
windows defender: lemme delet this
he: ooh i forgot the word stub in there. microsoft detects that lemme fix that sends new file
me: here we go aga..
ms defender: nononono virus 117% delet this
he: i forgot it still!!
later i deactivated ms defender and analysed the traffic of the vm. in addition to stealing my fake tokens he also tried to read my Firefox/chrome history, IP.
when i asked him (2 days later) what this was all about in his "educational only" "token stealer" he threatened to
a) publish my IP
b) publish my browser history and with that my real name and address
b.0) when i asked him for proof he said he knows that my real name is "Roman Gräf" and i live in Frankfurt. (btw i do live in Frankfurt and that is in the profile of the discord server where he found me and i have the same username on discord as i have here)
c) to kill my machine and all my projects
got bored, blocked him, shut VM down.1
When I was about 13, I opened up command prompt on Windows, and changed the color of it to green then ran the tree command. So, not thinking of anything, this was in the library in front of about 60 people and 2 teachers.
All others saw was green text going down fast, and instantly presumed that I was hacking since they knew I was into coding and finding exploits, and just knew how to use a computer better than them in simple terms (HACKER MAN). Thus this lead to me getting sent to the principal's office... I almost got suspended cause I ran the tree command in green.
Two questions for me remain unanswered, that I would love to know. What would've happened if command prompt was printing text in red. Another question becomes, what would've happened if people saw me pinging Google or some popular site.5
Some years ago our company site was hosted by a prick who knew nothing and started to pretend the server got a virus or whatever.
I tested their server and figured out they did not have any firewall policies going on like mitigation of ssh brute force.
It was at this time I learned about SYN flood, and boy I flooded that port 80 of them.
The company site went down for as long as I wanted.
It was great because now we manage it in house and never had a problem anymore.
It started with the customer calling and saying they were experiencing some delays in our system. I talked to a 3rd party and they confirmed that messages between our systems would suddenly stop. We talked several times and I spent the whole day investigating and found nothing. Then at about 7 in the evening I get a mail from the customer who says the problems stopped when the ddos attack was over..... WHAT FUCKING DDOS ATTACK!?!?
How i managed to change the admin password from school's computer (which ran Windows 7)
Well, back in the days in highschool, i was really bored by what teachers taught us and i always loved to hack things whenever i got acces to. This happened one year ago, when i was in my senior year in high-school.
Each Tuesday, at the end of the schedule, we got no classroom left so for a whole year, we had to move into a class which literally had a ton of computers (that actually worked, despite my expectations)
All of the PCs were an i3-i5, not-so-fancy, with a 1080i displays and Windows 7, *cough* while our Computer Science classrooms had ~Intel Celeron~ and ~Windows Vista~. Cool, huh?
All of them were password protected, and i didn't get access to the password from Administrator.
In my experience, each time i was in the login screen in Windows, if i pressed too many times Left Shift, it led to a warning. After digging for some search, i learnt that that warning was shown by a hc.exe file in the C:/Windows/... (and some random path; it's been a year since i worked with this; since then, i ran Linux all the way, haha). So this made me think i could trigger some action, which i'm gonna describe later in the story.
So i had a smart hack: if i don't know the password, i'm gonna reset it. Restarting the PC too many times, and pressing the restart button right before the boot screen loads up. Repeating this, led to a nice Blue screen which opened to Startup Repair. So i clicked Startup Repair, obviously, the PC didn't have any problems that Startup Repair could detect, so each time it gave a nice clickable path to a file which contained a ton of logs about the Recovery itself. Click it opened Notepad with ADMINISTATOR RIGHTS.
Holy f***. I clicked File > Open, then i browsed through the C:/ disk while the name of the window said: "Administrator: ..." (i was really sure i have administrator rights)
FINE! What next? Remember that hc.exe file? I made a copy of it, "hc - Copy.exe" (meh), deleted hc.exe, then i copied cmd.exe and renamed it to hc.exe. Clever?
Rebooting, hoping this would work...
Log in screen shown. I have pressed Left Shift so fast and in the end... CMD OPENED! WITH ADMINISTRATOR RIGHTS.
Holy f*** x2.
I fast-googled how to change a password in CMD, and i found out that i can do that using "net user" to list the accounts, and "net user [account name] *" to change the password.
"Type a password for the user: " prompted, changed the password, could log in as Administrator.
And all of this, just so i could install a LAMPP, a code editor and make a clone of my projects to work there because i was really bored by what the teachers taught me in high-school.
Funny note: A few weeks later i have found out the password have been changed again, so i repeated the process and everything run smoothly. I kinda' don't know how they didn't manage to find out who did this. But it was worth it, i could work on my projects while at school. Haha.4
So to start off this happened today while I was at school.
Each student gets a netbook for school and the amount of restrictions put in place are probably up to government spec. Well I brought in my personal netbook and a flash drive with a few distros of Linux on it on it to mess with during study hall(all on my own hardware).
I told my friend that about it and said I doubted it would boot because the bios is password protected and the IT guy probably removed external drives from the boot list but let him use it anyway.
5 minutes later he is showing me his screen with Ubuntu running on it, I was freaking out some and asked for it back and he gave it back to me.
About a minute later he shows me his screen. All black with white text shooting down it saying windows disk integrity check or something like that. All I see is "file xyz deleted" and was freaking out even more. I just sat there for the next 20 minutes thinking of how to explain this to the IT guy and hopefully get in less trouble.
Finally after the longest 20 minutes of my life as a student I see the windows 7 boot screen appear. Probably the one time I actually wanted to see it honestly but I was so happy to see the end of the situation.
Sorry this was so long but I hope it's fine for a first post here, I've been putting it off but after this decided to finally post.3
We had a kind of "computer club" back in a year. (AG in germany). The teacher left us (4 nerdy geeks) alone for a few minutes because he had to check on something.
He was still logged in with his IT-teacher account.
After a minute of reseach and a few little commands, we had our own school network admin account.
They still haven't removed (probably not even discovered) the account.
Sadly, the localgroup admin didn't have the highest rights..1
A few years ago I found a public AWS S3 bucket owned by a fortune 500 company containing a database dump backup with all of their users unsalted md5 hashed passwords.
I didn't report it because I don't want to get sued or charged. I don't know whether it's still public or not.6
Not hacking per se, but I noticed an email floating between ISP and director about radius server login details, promptly saved for future reference.
One day noticed someone downloading mucho dataro... Pissed me off, interrupting my video stream.
Logged into radius server, blocked MAC address.1
Not a hack but more of an orchestrated attack. It was high school and our computer labs ran windows and all of them were connected to a central server. Now i had just learnt about windows api and how it can be used to check the space available on a disk. So i wrote a small script to to write chunks of 5mb files in the directory where TURBO C++ was installed and let it run till the system ran out of space.
Then in the spirit of conspiracy i added the said script to the central node and asked everyone in the lab to copy it locally and execute.
Then a few days later, the poor lab incharge corners me and say who added the ms91.dll file(do not remember the exact name😐). I said that it is a standard Microsoft dll and also how would I know. Then he goes on saying how he had to reinstall windows on all computers. At first I felt sorry but then the spirit of satan rose in me and I denied any responsibility about it and returned back to class where each of my classmates had a good laugh about it. 😂😂
When I left school I decided to apply for a junior dev role. I received a call back later that day and they tried to sell me access to some course with the promise of a job afterwords. They gave me a website to visit to find more information.
I Googled the company and found that it was as I suspected a scam and that they had been praying on the jobless for sometime.
So, I played around on the site they told me to visit for a while and found a rather simple SQLI. I managed to pull the admin email/password (which they stored as plain text) the email address belonged to a Gmail account.
I tried the password for the Gmail account turns out the account belongs to the person running the scam. I find an email from the hosting account and you guessed it the password was the same.
I pulled the site down and replaced it with a picture of the person running the scam along with his name and the words "I'm a dirty scammer".
Then I sent all the info to the police (he'd been running a few others scams too) not sure what that lead to I didn't hear anything back.1
Only touching the topic slightly:
In my school time we had a windows domain where everyone would login to on every computer. You also had a small private storage accessible as network share that would be mapped to a drive letter so everyone could find it. The whole folder containing the private subfolders of everyone was shared so you could see all names but they were only accessible to the owner.
At some point, though, I tried opening them again but this time I could see the contents. That was quite unexpected so I tried reading some generic file which also worked without problems. Even the write command went through successfully. Beginning to grasp the severity of the misconfiguration I verified with other userfolders and even borrowed the account of someone else.
Skipping the "report a problem" form, which would have been read at at least in the next couple hours but I figured this was too serious, I went straight to the admin and told him what I found. You can't believe how quickly he ran off to the admin room to have a look/fix the permissions.
Not much of a story but about 2 years ago, I had just got to the mall (at its opening time so many shops were still closed). While walking through to find a place to eat while my mother went grocery shopping, my phone started buzzing. Upon checking; it had hundreds of notifications and emails. Our production server was malfunctioning.
Not much that I had to do, but I ran around to find a computer store to use their model computers to see what was happening.
However, while the problem was fixed, I did notice how friendly Mac stores were as opposed to windows dealers that day. Windows dealers did not allow me to use the computers while the Mac store connected me to wifi and allowed me all the time needed to fix my issue. 👀
TLDR: Find a website that requires a subscription but doesn't check their cookies' integrity, now I'm on a website for free.
>wonder if it's possible to intercept browser data
>find that none of these really fit me
>go to youtube, search how to intercept POST data
>find something called BurpSuite
>Totally what I was looking for
>start testing BurpSuite on devrant
>I can see all the data that's being passed around
>wonder if I can use it on a website where my subscription recently ended.
>try changing my details without actually inputting anything into the website's form
>send the data to the server
>refresh the page
>Huh what's this?
>must be a userID
>increment it by 1 and change some more details
>refresh the page
>didn't work 😐
>Hmmm, let's try forwarding the data to the browser after incrementing the uid
>can see the details of a different user
>except I see his details are the details I had entered previously
>begin incrementing and decrementing the uid
>realize that the uid is hooked up to my browsers local cookie
>can see every user's details just by changing my cookie's uid
>Wonder if it's possible to make the uid persistent without having to enter it in every time
>look up cookie manipulator
>go back to website
>examine current uid
>it's my uid
>change it to a different number
>refresh the webpage
>IT FUCKING WORKED
>MFW I realize this website doesn't check for cookie integrity
>MFW I wonder if there are other websites that are this fucking lazy!!!
>MFW they won't fix it because it would require extra work.
>MFuckingFW they tell me not to do it again in the future
>realize that since they aren't going to fix it I'll just put myself on another person's subscription.5
So my story has some little backstory.
I got into computers and technology because of my dad. He was very enthusiastic when I was little and when I grew older and started my apprenticeship as a software developer he was really proud. Note that he never learned anything like that. He just loved computers and games.
Now to the story itself.
I learned more and more, also about networking and came to the conclusion that our slow internet and rare internet problems probably come from stock/weird configurations. But my dads proud probably told him thats a thing he still has to do as the dad. But it annoyed me so much that I booted into kali linux, loaded an exploit to get the web admin passwort and cracked it within a minute. 😎
Finally I was able to configure everything correctly ( channels were spammed from neighbours so I switched to very unused and the disturbions got less ).
TL;DR: Dad didnt want me to configure our router and didnt give me the admin password, so I booted Kali Linux and used an exploit to get it myself 😎😎3
I guess that counts? Some of the local burger kings once had an online game they advertised, where you could win free burgers if you are the first on the highscore (the other 2 places got some sort of coupons for cheaper meals), turned out there was a score submit bug you could abuse after finishing a game (me and a colleague noticed, while trying to find some sort of bug), when I reported it they didnt care (didn't get any response, maybe spam filtered?), so I got us some free burgers, scanned in the receipt and send it again, they paniced or just realized you can generate any amount of free burgers for the time of the game being online, took down the game for a day or two, sent me a short email thanking me, thats it.4
Not a Story about an actual hack, but a story about people being dumb and using hacks as an excuse.
A few weeks ago my little cousin would reach out to me because "his Account was hacked...". Supposedly his League of Legends account was hacked by a guy of his own age (14) and this guy was boasting about it.
So i asked the usual things: "Has the email account been hijacked? Did anyone know about details to your acvount access? Etc..."
Turns out that one if his "friends" knew his password and username, but suppsedly erased these Informationen. And that was the part i didn't buy.
This was the point where he lost. Just because i am a programmer does not mean i can retrieve an account he lost because of a dumb mistake that could have easily been avoided. And that guy who was boasting about hacking LoL Account was coincidentally freinds with the friend who had the user credentials and password.
Moral of the Story? The biggest security weakness is almost always the user or a human in between...
A bit different than wk93, but still connected and a fun story.
Back in high school when it began to digitalize everything, so began our teachers journey with technology. We, as IT class were into these things, but as far as I can say, others in the school including both teachers and students were like cave mans when it came to IT.
Most of them kept the different wifi networks password on the windows desktop, in a file 'wifipassword.txt'. When we were on robotics seminar, we had to use a teacher's laptop. The wifi network was incredibly fast and powerful,, yet so poorly configured that even the configuration page user/pass was the default admin/admin, because the IT admin wasn't the most skilled one.
We got the idea to sell the password of the wifi network to other students. Not much, for about 1 dollar a week. The customer came to us, we took the phone, took note of the MAC address, entered the password, and if the guy were to stop paying every week, we just blacklisted that MAC on the next robotics course.
Went well for months, until a new sysadmin came and immediately found it out, we were almost fired from the school, but my principal realized how awesome this idea was. You may say that we were assholes, and partially that is true, I'd rather say we made use of our knowledge.2
Last time client got hacked...we just could not get rid of the malware...it replicated itself short after deletion.
Ended up creating the same files with zero content and setting them read only.
Not clean, but enough to sleep.2
This was a while back. I was hosting a site at a hosting company's 'vps'. I had 1gig for the mysql databases. Problem is, for some reason the server didnt let me have more than 300mbs including everything (there were some videos on the site). I contacted them and they only replied that its ok on their end. Okay, makes sense. So i opened ssh and started looking for the problem. After a bit, i figured out that my site is hosted on a 1tb drive and i could see all the other partitions. Meaning they just slapped a bunch of users data on the same drive. So i wrote an assembly program to offset the mysql files by ~500 mbs. Turns out that put me in an unoccupied 100gb partition and the site was still working properly. So i offset everything to there and i had a 100gb vps for like $5.2
Just found out some of our smaller sites (wp) have been hit with a shell...
In fucking January.
My colleagues didn't think to tell me this.
They figured someone must have had the pass or something and started posting about Viagra...
No. It's the fucking ico vuln...
I hate work right now.
This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.1
A teacher thought that I was hacking the school once because I was making something with python on the school computer.3
At my high school we had these laptop carts in every room. Occasionally the teacher would have everyone in the class grab a laptop from the cart and work on homework or class work or whatever. Well I always used this time to mess with my classmates. Firstly since these were windows computers it was super easily to gain access of the computers local administrator account. From there, I would uninstall the student version of LAN School (which is a program for the teachers to monitor the students computers) and install the teacher version. From there all I had to do was open the program and have complete control of all my classmates computers. I could remotely control there computers, black all there screens or even use the programs keylogger to get passwords. I never used this for more then messing with my friends but it was always a good laugh between my buddies and I. So suprised the teachers never found out.1
I placed a Virus Found pop-up message at all the schools computer and run the program at start when I was at High School. It was fun :)3
I once made a super computer play tic tac toe until it understood the futility of nuclear deterrence. Oh yeah, and I guessed my neighbors wifi password once in college. 😎6
I've never been hacked - not that I know of :D - and never "hacked" someone else.
(Sure, I did some things in high school to circumvent certain restrictions but nothing worth mentioning whatsoever.)
But all these rants that I read so far have me wondering if I shouldn't simply setup a honeypot sometime when I'm about to be really bored just to have some fun. Then again, I don't have time to be bored. :/1
Another story of mine is when me and my friends were playing games in the school library. I decided to fuck around on windows XP file systems to see what I could find. After clicking around for a bit, I found a way to access all of the student files in my year, with full access privileges.
What ended up happening was that my friends figured it out too, many of them changing files and writing messages for the other people in our class. After writing messages to each other and leaving messages to students here and there, I decided that it probably should be a good idea to report this.
The response at the IT room wasn't like the woman's response (bitch from last rant). They were like "Cool, thanks." The fix happened immediately and I wasn't really told off. It was a good day c:
TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.
The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...
So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.
After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...
I guess I learnt how to properly secure a server from this attack 💪3
Because I own http://grnail.co.uk and http://hotrnail.co.uk (which I bought to prevent scammers having access to them), I often get emails about peoples' accounts. I could do a password reset and own these accounts, but of course, I don't.
However, today I started getting passport scans and personal details from Syria...2
Well, seeing as I deal with a fair few WP sites I have quite a few tales of this but they're never very fun.
Thankfully I set up a few traffic monitoring tools so I can watch whatever is happening when we have a live site and over the past few months there have been a LOT of attempted crypto-mining hacks.
It's basically people trying to abuse the xmlrpc function in WP to send malicious code and install it if it runs. Thankfully it's easy enough to block because they all use the same sort of instance to run the attack. It's always Windows 7 using Firefox 40 for some reason...
Just the usual brute force attempts to login and simultaneous attempts to abuse the xmlrpc. Nothing fun... yet.2
My boss did not care about making things secure in our early development stage, even though I told him several times.
After 1 day our elastic search cluster was filled with random crappy data.
Fix: Apply security schemes provided by AWS1
There was a competition being run by a large bank in the Netherlands. The competition involved playing a simple game on Facebook to win prizes. After discovering that much of the game logic was client-sided, I used a combination of cheat engine to speed up the clock and auto mouse clicker to keep the games restarting. Turns out I was able to play several thousand games in a few minutes.4
I went to uni for CompSci with knowing no prior knowledge.
In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.
Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷♂️.
And that's when I learned the importance of changing your root password.
Not really a hack but still worth telling:
I was working in the QA team for a big project. I tried to do some automation when I realized some radio button behaved weird... out of curiosity I checked the source and saw that there was a hidden option for a unimplemented payment option.
I was like: Let’s see how the system behaves if I just submit that form with that hidden value...
Well I was very surprised when I received the email that my order has been processed successfully.
During the investigation we found out that this bug was in prod for over two years. And it requires a one liner executed in the browsers console to skip the payment.
It was kind of a big deal and although I was (and am) still a trainee (in apprenticeship) I got invited to meet up with the client and the bosses.
It was kind of a door opener! After that they trusted me more. I have more responsibility, more interesting tasks and more client contact ever since.
To make a long story short:
Validate everything on the server side ;-)1
Not much of a haxk, just a stupid thing that works.
In my hs videogame programming class, the teacher has this program called LANSchool (most of you have heard of it) which he used to restrict apps/browsers to the point of uselessness . He didn't (and still doesn't) know anything about the stuff he 'teaches', most is tought by TAs.
Here's the dumb part: he WHITELISTED APPS. A friend, one of the TAs, figured out that if you rename something 'Google Chrome', lanschool wouldn't care. So I got Chromium (for unblocked internet) and switched its blue icons in the exe for original chrome icons, then renamed it 'Google Chrime'. Woo.
LANSchool is such a bad program (you can even unblock a site by spamming the F key for refresh).
The teacher did, and still does, treat the TAs like trash. He's a babysitter while students listen to online vids and the TAs.2
Old unused military satellite to make international calls free. Local tv station to leak episodes. 4500 hosts zombie net with autoreplicant bots that scans for vulnerability to populate the net to do distributed denial of service attacks. Jumper on the neighborhood cabin to redirect the school's call for being absent, an older friend pretended to be my father.
It all started when I commited my server password without noticing...
TL;DR: Reinstalled the server, delete + recreated the git repository 😢8
It was more of "Hate story" with a guy whose mere presence would irritate me very much. He was also close to the girl I liked a bit (not very huge crush or something).
So he was very active on two of his social networks one being fb and second directly connected to fb so basically getting hold of fb would mean that I could control his other one too.
It was Oct 2016 and that time you could easily hack an account using social hacking (not asking OTP out something mere details did it for few accounts).
I hacked his account and wrote curse words and all. As I had already changed the email and password, he couldn't till date retrieve it.
However as he reported to fb, his account was held and I could no longer access it but till then everything was over.
I couldn't still spot him on FB or the other social network.
And this was one of the most evil act I have performed in my life.1
Hacking the parental control software parents which limited the access to 70 minutes a day.
The only thing I had to do was not clicking OK on the message box which was shown whenever I logged in. It was a model dialog which blocked everything else...1
Years ago I was working in local cinema as a student job from time to time and used to sleep after shifts at my uncle's. Uncle did not had internet but there were so many wlans all around. Since I had nothing to do for hours after shift, I downloaded Backtrack linux at home, made live dvd of it and saved a two articles of "how to hack wifi" to text files.
It took me 4 hours to break WEP, since I was total lame, and it was the only one WEP around. They also had mac restrictions set to router, so I changed my mac address to one of their devices, logged in to router and added our mac address. For my uncle it was complete magic but since he is total geek to linux he liked it.
Fast forward weeks later. When I came to my uncle's house he was downloading like ton of linux distributions. Literally each one. Gigabytes of data. I told him not to do so because sooner or later neighbour will notice, but he did not care. Guess what, he notices, probably slow internet and (maybe) bigger bills, I do not know, but owner just changed protocol to WPA2, not changing password. So the story continued for almost 2 years. Felt a bit sorry for neighbour but did not expect such an outcome. I just wanted to watch youtube videos and scroll social networks, keeping low profile so no one notice.1
I feel like 75% of stories here are about high schools. Maybe it’s because of the younger user base but also I think school security is beyond woeful.
I can’t even tell if my school just botched the setup or if the vendor thought it’d be a sick joke but we had software that the teacher would use to remotely look at everyone doing work but we found that if you press the help button it opens the same window where you see everyone’s desktops and can mess with them (how trivial, I know).4
Some years ago... And some xp less.
An old WordPress installation was attacked and our server was sending thousands of spam mails.
I found out that there was a line of code in the top of every php file. And I removed these files.
The problem was that
1) I was copying this fcking line to new files because I was thinking it was my code.
2) I found a Linux command to detect all these files and I removed them one by one. In every file. Many many files.
Just yesterday I fixed the game "Industry Giant 1", so that it can be played on 64bit systems. By updating necessary API changes within the. exe assembly instructions. Then i had to take the last avilable patch for the game (1.35) appart since it only works on the non-gold edition, which resultet in more assemly fixing. This was the most hacky thing i had to do in order to get a game running.
x64dbg saved my weekend. 😉
I really wish I had worked somewhere that was hacked, so as to know how it was done, how it was found out, and what measures were taken, from the inside.
The problem is that I worked at a lot, and big places. We were never successfully attacked or hacked as far as I know. Was our security so good, that nobody succeeded? Or was it so bad, that we didn't even notice?
I hacked my friend's laptop when i was 12. Entered the password as BATMAN because his lockscreen wallpaper was BATMAN😅😂😂3
I never had to deal with an attack.
At least, I don't know about it. My firewall couldn't detect anything.
I wish I could have experienced something like that tbh *sob*2
This is another high school story. mostly because i’m in high school.
like most schools we have horrible forced passwords. Our school recently purchased microsoft 365. which means we all use outlook for our emails. the logins for our district follow the sand format.
s + first five of last name (x’s for missing letters) + first letter of your first name + the last three of your student id.
so for example Sean Peterson 456705 would be speters705. since we have outlook we can look up a persons name and get their email which gives you the last three of their password. All passwords start with a 4 and most are followed by a five so you pretty much can get 5 out of the 6 numbers in their password.
so to mess with my friends i signed into all of their accounts and messed with their emails so they thought they were getting random emails. and then i made word documents on all of their accounts and just pretty much messed with all of their school stuff.
so that’s my “hacking” story. my district doesn’t allow you to change your password so i’m pretty much stuck. pls help.4
When I was in first year I told my classmates that I can change their grades on our web portal. I changed their online grades then send them the screenshots. When all I did was changed their grade using Inspect Element. They were amazed.
PS. Didn't know that they're also sending the screenshots to their parents.2
Me and my friend sitting in Lab
Me - Dude I am not able to install simulator in this PC, it's asking for some password
Friend - Try typing random password, admin123, admin000, admin0, admin etc.
Me: (After 10+ attempts) Not working :(
Friend: (Saying to faculty) Mam what's the password for this PC, I need to install simulator.
Mam: Wait, Computer specialist will come and do it for you
** Waiting for 10 min **
Specialist came and starts installing it one by one. After 3 min
Specialist: (After realizing that he can't install it for all 50+ PC's)
Everyone select Administrator account, and press enter, then you will be able to download it.
Me and my friend staring at each other laughing so hard ... !
After 1 month, the password is still same :P
Fun fact: It is Technical Campus.3
I was asked to update the whole confidential, financial database by exporting it as excel, and using Macros to edit its content. Much akin to adding one extra attribute per row.
The truth is, the table originally had 6.3k records. After updating and putting the data back to NoSQL database again, I realized I ended up creating 7k rows of data. Yet it works just perfect !
*HAILS TO ALMIGHTY FOR THE MIRACLE*
Sometimes, I still wonder where did those effin 700 rows come from, even after I skipped an excel while uploading2
So a couple years back, when I was still in high school, I was staying away from home, in hostel. Frankly, the hostel building had no connection to internet, but there was this wifi network from the school across the road which had pretty good signal.
My roommate and I didn’t have the password and we thought it wouldn’t be okay to just go and ask for it, and since both of us were pretty keen on computers at that point we thought we should hack into it!
After a good bit of googling (on our phone data) we found a way that might work. The next day, at school, he got Backtrack 3 on a usb stick :^)
We got it running on one of our laptops and left it to brute force the WiFi network overnight. In the morning we found out that the process had completed in a mere 6 hours and we had the network password. The router settings dashboard also had the default password.
While this is one of the most hackerlike things I’ve ever done and it felt absolutely awesome, I want to point out just how important it is to have secure passwords. Who knows, maybe your wifi network will get hacked into by 2 high schoolers tomorrow :^) There’s a lot of nasty things you can do by having access to a wifi network, even though we didn’t care much about them at that point.
PS: 3 months after the act we had cable connected to our building and we never used the school wifi network again
Also, no, the school across the road was not the school we went to.3
I already wrote this story in the comments to some other rant, still it's pretty funny.
So, i was modding my wii u by messing with system files, the only way to do this is to run an homebrew that hosts an ftp server so you can connect with your pc, the thing is, this server was not protected and allowed anonymous login, not an issue if you have a firewall.
BUT i had this console in the DMZ on the router for online play.
~You can see where this is going~
While doing stuff from my pc i started seeing a lot of entries on the console's log and i didn't understand why, i thought filezilla was doing some shit so i closed it but the log was still going, then i realized and quickly shut the server down.
Then i disabled the DMZ and went back to check what happened (unfortunately the log was only shown on screen and not saved, by closing the server i lost it) so looks like the attacker uploaded a lot of files with random names in pretty much every folder.
Due to the random names, I don't know which are system files and which attacker's files so i just kept them there. And today they should still be there.
What if the attacker also stole some files, he was hoping to get photos or valuable documents, but just got the console's system files and he thought something along the lines of "wtf is even this".
Also, how likely is that an ip scanner script gets to my ip in the 5 minutes i run the server, and (on the attacker side) how likely is to hack a server just to find out that's a wii u (the least successful console in the last generation)...
Moral of the story: double check your firewall if you are going to run an unprotected server.
That's it, stay safe :P2
Not really hacking, but every time I work from home(a couple times a week), in lieu of using my company's VPN, I connect to the company network with an SSH reverse tunnel. To make this possible, I wrote a port knocker that runs in a tmux session on a server inside the network. It tries to connect to a high-numbered port on my home machine, and if successful it opens the reverse tunnel. At home, I manually run a script that opens that port and informs me when the reverse tunnel is established.
Then I open an SSH socks5 proxy and use that in my Firefox dev edition, which I use entirely for work.
This is actually much easier than using the actual VPN.
Oh, Only 1 bug. exterminate.
Inserted 100 rows of wrong data into tables in a Loop.
RaspberryPi Burnt due to electrical feedback from the sensors.
Android phone froze.
Wow. I still have my sensors fine though.
Since I’ve started this new job (Restaurant Server) I haven’t had much time to code and it’s annoying.3
I know I'm a bit late with this, but I thought I'd share it anyway.
A few years ago me and my friend were messing around in computer class and I decided to look at the network devices.
I couldn't believe, what I saw. All of the school security cameras were there, and the best part: when I connected to their ip addresses, they were just showing the live feed, no password or anything.
I didn't really do anything with it since I couldn't think of any great ideas and it has since been fixed.
Technically not hacking but still somewhat related.
Once I found out an unprotected folder in my school which is used to store sensitive data.
It was open to any administrator there.
We copied the Question Papers, Edited the attendance, and Even changed the Marks.
We were able to extract photos of students from the database and retrieve stored passwords
It was one of the tiring day after work and all I wanted to go back and sleep. Which is what I did that day. I woke up the next morning with missed called from the office.
It would mean something broke and people needed everyone on call. I went to the office to enquire and was told that our requirement portal was getting huge amount of traffic on the web server. Apparently everyone thought that it was being DDOSed. All the network and tech "architects" came in to participate all excited about it.
Some rogue IPs were detected. People tried blocking it all at night.
Eventually after hours it was found that the load balancer was malfunctioning and other traffic was legit.
P. S: I do not know the details of the issue. Please dont ask.
In the old days "hacking" was used for just about any coding, or "computer programming" as it was called back then. There was even a programming magazine called "Hacker", which had nothing to do with the "malevolous programming" that the word "hacker" has become to mean.5
When I am asked, I say create a password that is a phrase and enter it as you might see it in a book.
Passowrd: Hey you, stay away from my computer!
According to https://howsecureismypassword.net/:
3 SEXDECILLION YEARS
And it's pretty easy to actually remember.3
not exactly a hack but i started a prank war between us ( helpdesk team) and the pc team by pranking one of them with nirsoft and psexec.
at first he didnt really realize why his browser crashes and his cdrom opens and closes randomly.
It’s really easy to gain administrative access on unencrypted windows machines with a single usb. You know what’s also easy? Extracting admin passwords with mimikatz.
Edit: this was back in 5th grade2
My company has an default user for external people and two wifi networks, on for the company itself and on for the employees. both wifis have an shit of an firewall(more than once were wikipedia blocked). I found out that the internal wifi allowed the default user and had some outgoing ports open, i set up an vpn and now i can use what i want without being blocked.
I have two stories one as a victim and one as a "hacker"
Victim story: I did an installation on a research center a few years ago and the servers where directly connected to the internet. The next day I did see that someone from China had logged in...i did a clean install immediately.
Hacker story: I did help a friend of mine once for a uni project (lamp/ftp server) . While we were setting up our server, we checked the servers of the students that had finished their project and had them online. We obtained the password for the FTP server (it was available for the teacher to check) so ftped to the machine and there was no jail for the FTP.... I searched for joomla config and found the password for the database...
I leave the rest to your imagination...
I don't know if this really counts as a hacking experience, but many a time have i opened up the Chrome OS Developer Shell on our school Chrome devices and changed the color using the customization window to green on a black background, and then ran dmesg or top around view of other people so i could just laugh at their surprise when they thought i was "Hacking".1
Since I started my routine of checking bug logs every morning, I've had 2 instances where a website vulnerability scanner was run against a production website and generated over 2,000 Coldfusion errors.
At the time, I was super nervous about the apparent hack attempt, and hyped that the attackers never actually got in. It's nice to know that despite the various errors indicating vulnerable / breakable code, they were ultimately unsuccessful. I know now that a determined attacker could probably have wrecked our production websites. Since then I've made a ton of security-related updates and I'm actually thankful for the script kiddie getting my attention with that scan.
PS. We're now building a website for a local security company who is going to work with us to pen test the site when it's finished! Gulp.4
Not really a story about getting hacked, more like a story about my stupidity lol.
I had a friend whom at the time was taking a Computer Science course. And I had the basic daily-use computer knowledge, aka almost none. I was also very naive.
We were playing Maple Story and suddenly everytime I wrote something in the chat a 0 would appear in between some letters. I honestly thought he was messing around with my computer because earlier he had sent me a file through MSN.
So I told him several times to stop and he insisted that he wasn't doing anything.
A few minutes later, when I was finally able to stop laughing, I looked down to the keyboard and realized that the 0 key was stuck... I began laughing even harder.
I don't hack because I'm no hacker. I was hacked by a scammer on my old PC which I took apart... I don't use it anymore though