"Hello, you just got owned"

CrackerJacker1 · May 19, 2011

Praise root

setishock · May 19, 2011

Making the jump to 4.1.3 may not at this time be the wisest thing to do. If you read the trouble shooting section at VB com you'll find it still has some serious issues.
Besides they started dicking around with the stylevars in 4.0.8 which break a lot of themes for this version and wreaks havock with some mods.
May be prudent to patch and tighten up security.

Xtreme2damax · May 19, 2011

I've also heard the same thing from other people, at the moment it isn't a wise idea to upgrade to v4.1.3 because it has a lot of issues. Someone I know is familiar with Vbulletin, from what it sounded like some issues are quite serious. The only reason I would upgrade is if v4.1.2 had exploits that were patched on v4.1.3, but it doesn't sound like that is the case.

Legodude522 · May 19, 2011

Good riddance! Glad the site is back up.

JCB1 · May 20, 2011

LukaszR said:
Glad to see we are back online. Was a little worried if CF would be no more

You dont need to worry about that, we will be around for a long time

FORDSVTPARTS · May 20, 2011

This Hacking Just shows how immature some people can be!

7D8 · May 20, 2011

xxPoweredgexx said:
This Hacking Just shows how immature some people can be!

well personally, i don't think its that bad. If the guy hacked in the first time, than would do something like post and say, "Hey, your software is vulnerable at xyz and i just proved it." Than you can respect the guy (sort of).

On another note, it gave us a lot to talk about this week, and i learned more about vBulletin encryption and how easy it really is to crack MD5. So apart from the admins having some work, it was quite the edification for me. Furthermore it gave the site admin, (JCB i think) an insight into some of the vulnerabilities of his own bulletin board.

root · May 20, 2011

tomek said:
well personally, i don't think its that bad. If the guy hacked in the first time, than would do something like post and say, "Hey, your software is vulnerable at xyz and i just proved it." Than you can respect the guy (sort of).

I sort of agree with what you're saying.
I think with a lot of hackers you have to start out as a kid mucking about and having a laugh, that's what sparks interest. (the best example I can come up with is how many people who are electronic engineers started by getting electrocuted, you get hooked on the power and it's capabilities, and then learn how to harness it).

but it's what you do with that power that makes a difference, good hackers (whitehat sense) are the ones who are actively looking for the exploits in software, they are the ones finding the bugs, and reporting them to the developers, not exploiting them in the wild.
bad hackers (blackhat sense) are the kind of guys like these are hack a forum, destroy data etc.
and these guys weren't even that gooder black hat hackers, I mean what sort of decent hackers leave enough information to track them down to their houses?

the funny thing is that in some ways I respect what these guys are doing, if they are serious about being security consultants, then I'd really like to see them progress -there aren't enough good security consultants in this world, sadly due to what they've done here, it's unlikely that they are going to progress on these forums any time soon!

the advice that I'd give to them is this though.
hacking a site then asking for money to fix it is just stupid, all you're doing is making a bad name for your "business". extorting money and leaving a paper trail to your door! now had you done this a different way, marketed yourself as whitehat hackers or penetration testers. you may have been able to agree a price with the admin, and the admin would have invited you to hack their server!
The company I work for do security testing like this, we're paid to do this sort of stuff.

if you really want to do this then this is my advice. (feel free to take it or leave it).
don't hack pages uninvited.
make your home page a web page, with a forum behind it (if you really want a forum) (no business has a forum for a home page).
get yourself a load of test rigs these can be virtual machines and actually try different configurations and hack for yourself, (looking into the details of how premade scripts work for example will give you a useful insight into how the software is put together and how to exploit it).
get yourself some credence, (by this I mean look into standards like ISO2700 or ISO27001 -security or ISO9000/9001 -quality assurance). these are in principal reasonably easy to get. -you just have to prove that you have the knowledge experiences and processes to meet the standards. -they are not difficult to get, and worth a lot to a business.

Then you can go out as real security consultants, earning some real money.

at the end of the day, you guys are 15, with your whole life ahead of you.
doing this kind of crap is reasonably likely to end you up in some kind of trouble, I mean fines, possibly prison, you could have court orders ordering that you're not allowed to use computers or connect to the internet.

do you really want to be flipping burgers because you done some silly stuff as a kid?

On another note, it gave us a lot to talk about this week, and i learned more about vBulletin encryption and how easy it really is to crack MD5. So apart from the admins having some work, it was quite the edification for me. Furthermore it gave the site admin, (JCB i think) an insight into some of the vulnerabilities of his own bulletin board.

This is one of my favourite things about IT, you never stop learning.
i think that a lot of people come into this industry not realising that they will spend the next day of the rest of their lives learning, some new technique, some new technology, some new practise, some new software.

7D8 · May 20, 2011

root said:
...don't hack pages uninvited...

i can't imagine, being 15, what it must feel like, to take over some poor guy's website. The rush would be insane though.

I don't know if you ever Masters of Deception, but there is a whole book about them that I read, and its all about kids hacking into the AT&T network when they were like 15.

After reading this book, it gives a much different perspective of what it means to hack into someone's site. i HIGHLY recommend. I did the audiobook and listen to it on the way to work. It was SO good, i listened to it three times.

Xtreme2damax · May 20, 2011

I understand what is being said about the hackers letting you know that your site is insecure. It wouldn't be too bad if they just replaced a page or left a mark somewhere informing you your site is vulnerable and left it at that. What I don't like is when they start causing damage, such as deleting files, deleting backups, stealing personal information, database and file dumps from the website. Another thing, what happens if your site is vulnerable to an exploit, and there hasn't been a patch released yet? What can you do, it's not like you can do much especially when you can't downgrade to a previous version of the software that doesn't have any exploits, only upgrade to newer versions. :/

"Hello, you just got owned"

CrackerJacker1

Daemon Poster

setishock

Wizard of Wires

Xtreme2damax

Baseband Member

Legodude522

Daemon Poster

JCB1

Daemon Poster

FORDSVTPARTS

In Runtime

7D8

In Runtime

root

Site Team

7D8

In Runtime

Xtreme2damax

Baseband Member

Similar threads