Telemark Talk hacked

**cmor** · 12-01-2004, 11:34 PM

Go try it:

http://www.telemarktalk.com/

what it the motivation behind hacking a tele site?

**AltaPowderDaze** · 12-01-2004, 11:36 PM

sounds like someone got kicked off the board and didn't take it too well.

**cj001f** · 12-01-2004, 11:39 PM

just some script kiddies

**gramps** · 12-02-2004, 01:19 AM

They probably think they're the shit right now too. Interesting what makes people tick.

**Trackhead** · 12-02-2004, 01:24 AM

How does that shizz happen?

**edg** · 12-02-2004, 08:37 AM

According to a post on TT it's due to a bug in the PHP. Basically, if the script isn't written securely enough - especially with freely distributed products written in a populat language like PHP - somebody with too much time and a poor sense of morality just sorts through it untill they can find a way to make a small crack... and then those usually gradually get bigger.

The classic on for PHP (from a security prespective) is when simplistic user input -> database linking is used. A usualy one in user/password database connection is to submit the user name and password straight into and SQL statement. However, you can type a password which just returns the SQL statement as true, giving you a small amount of extra access (say, an admin account), which allows you to put in your own backdoors to create further, more damaging access...

Sad stuff

Hope the losers realise it isn't big, amusing, intelligent or in anyway constructive an give it up - especially before they can do too much damage (nobody likes backups

)

Here's a link to a modified file (apparently there's more than one)

edg

**The General** · 12-02-2004, 08:43 AM

Originally Posted by edg

According to a post on TT it's due to a bug in PHP. Basically, if the script isn't written securely enough - especially with freely distributed products written in a populat language like PHP - somebody with too much time and a poor sense of morality just sorts through it untill they can find a way to make a small crack... and then those usually gradually get bigger.

The classic on for PHP (from a security prespective) is when simplistic user input -> database linking is used. A usualy one in user/password database connection is to submit the user name and password straight into and SQL statement. However, you can type a password which just returns the SQL statement as true, giving you a small amount of extra access (say, an admin account), which allows you to put in your own backdoors to create further, more damaging access...

Sad stuff

Hope the losers realise it isn't big, amusing, intelligent or in anyway constructive an give it up - especially before they can do too much damage (nobody likes backups

)

edg

How the hell do people learn to do all of that? Do they just have a bunch of time on their hands? I don't understand computers.......

**Ireallyliketoski2** · 12-02-2004, 10:11 AM

Originally Posted by The General

How the hell do people learn to do all of that? Do they just have a bunch of time on their hands? I don't understand computers.......

That thing that you are typing on is called a 'keyboard', the clicky thing to your right is called a 'mouse'. That's all you need to know. As far as security goes I'm sure the creators of telemarktalk.com weren't concerned with it so they left some open holes and didn't think that people would try to hack their site.

**Lurch** · 12-02-2004, 11:48 AM

Originally Posted by The General

How the hell do people learn to do all of that?

Easy he is most likely btw 13 - 18 and has no chance of getting laid so he spends all of his life in front of his computer trying to convince people that don't know him that he is "133t"

**1080Rider** · 12-02-2004, 04:02 PM

Originally Posted by edg

According to a post on TT it's due to a bug in the PHP. Basically, if the script isn't written securely enough - especially with freely distributed products written in a populat language like PHP - somebody with too much time and a poor sense of morality just sorts through it untill they can find a way to make a small crack... and then those usually gradually get bigger.

The classic on for PHP (from a security prespective) is when simplistic user input -> database linking is used. A usualy one in user/password database connection is to submit the user name and password straight into and SQL statement. However, you can type a password which just returns the SQL statement as true, giving you a small amount of extra access (say, an admin account), which allows you to put in your own backdoors to create further, more damaging access...

Sad stuff

Hope the losers realise it isn't big, amusing, intelligent or in anyway constructive an give it up - especially before they can do too much damage (nobody likes backups

)

Here's a link to a modified file (apparently there's more than one)

edg

Holy shit edg, I have no idea what you just said, you lost me at "according to..." Glad you tech monkey's are around to help us computer idiots out.

**nealric** · 12-03-2004, 12:52 AM

The way most script kiddies work is to pick a vulnerability and then scan for sites that have it. Completely indescriminate.

The problem is, that type of hacking is super simple- anybody could be taught how to do it in a day- but stupid kids pretend like they are some sort of computer genious for doing it.

JR · 12-03-2004, 01:46 AM

Originally Posted by cmor

what it the motivation behind hacking a tele site?

I think they got confused. I'm guessing that they were really doing god's work and trying to attack telemarketers and got a little ahead of themselves. Gifted geeks but really poor spellers.

**Droopy** · 12-03-2004, 02:01 AM

That stuff can make you some money in the long run. Just get good at it, then point out all the flaws a company has and fix it for them.

**Blonde Battleax** · 12-03-2004, 02:29 AM

Originally Posted by JR

I think they got confused. I'm guessing that they were really doing god's work and trying to attack telemarketers and got a little ahead of themselves. Gifted geeks but really poor spellers.

Hmm. God's work? Heh. Maybe, baby.

All's I can say is, much of the "private" info on the internet is hackable, for a price. Sixty bucks, wired to a Vietnamese address, buys lots of info, including email passwords.

**Teletori** · 12-03-2004, 05:53 AM

I can't log on to telemarktalk today... anyone else have this problem??

**Svengali** · 12-03-2004, 05:57 AM

yea, I think those computer dorks killed it! hopefully this place is safe?
I think Mitch is trying to plug the holes before he comes back on line! maybe Big Tim or somebody can keep us up to speed1

**basom** · 12-03-2004, 06:17 AM

Originally Posted by Svengali

..........

**Svengali** · 12-03-2004, 06:28 AM

Hey Basom! one pair is more than enough for me!

**Bricklin69** · 12-03-2004, 10:46 AM

[news flash]North American productivity hits all time highs today![/news flash]

I want my Ttips!!!

**Free Range Lobster** · 12-03-2004, 11:05 AM

Originally Posted by Droopy

That stuff can make you some money in the long run. Just get good at it, then point out all the flaws a company has and fix it for them.

Its not as worthwhile as it was a few years ago, with the patriot act, homeland security and all that bullshit, doing that can get you sued into oblivion with barely any evidence whatsoever. Bugtraq and NTbugtraq are nothing in comparison to what they used to be anymore. People actually have to be careful what they point out and how.

**Lurch** · 12-03-2004, 11:13 AM

Originally Posted by nealric

The way most script kiddies work is to pick a vulnerability and then scan for sites that have it. Completely indescriminate.

The problem is, that type of hacking is super simple- anybody could be taught how to do it in a day- but stupid kids pretend like they are some sort of computer genious for doing it.

I did a Google search on the hackers name and saw that he has hacked a stencil website in the past. He is definitely a script kiddie trying to stroke his ego in any way he can.

**Free Range Lobster** · 12-03-2004, 11:32 AM

Originally Posted by Lurch

I did a Google search on the hackers name and saw that he has hacked a stencil website in the past. He is definitely a script kiddie trying to stroke his ego in any way he can.

pretty typical

probably just searched for "phpbb v2.whatever" in google to find sites that haven't upgraded the core version then tries the script on every single one until he finds one it works on.

gaygaygay

**Endlessseason** · 12-03-2004, 11:44 AM

Originally Posted by JR

I think they got confused. I'm guessing that they were really doing god's work and trying to attack telemarketers and got a little ahead of themselves. Gifted geeks but really poor spellers.

Bwahahahahahaaazahhaahaaaa!!!!!

**Endlessseason** · 12-03-2004, 11:45 AM

Originally Posted by basom

http://www.tetongravity.com/forums/i...ine=1101992049

Thank you, bosom.

...er, basom.

**edg** · 12-03-2004, 11:46 AM

Originally Posted by likwid

pretty typical

probably just searched for "phpbb v2.whatever" in google to find sites that haven't upgraded the core version then tries the script on every single one until he finds one it works on.

gaygaygay

According to Mitch on TT it wasn't the PHP vulnerability that was exploited, but I can imagine the pandemonium resulting for this little slip - think how many PHPBB sites you can find on google

edg

Thread: Telemark Talk hacked

Thread Tools

Rate This Thread

Telemark Talk hacked

Bookmarks

Bookmarks

Posting Permissions

We proudly support: