************************************************
************************************************

Unfortunately, this site has restricted functionality as this browser does not support the HTML button formaction attribute.

Unfortunately, this site has restricted functionality as this browser has HTML web storage turned off.

1 of 2 files porter
  • Text / Community drama
  • Porter, Vort, writer credits
[+] Configuration Copy text
[ Fri May 8 16:06:39 CDT 1998 ] Ok, many people have been asking me about the UC <-> vOrt situation. This is just a "quick 'n dirty" write-up about what happened from *my* perspective. Do with this information as you wish. First, UC is not down right now because of vort. Vort never harmed any servers. He may have "hacked" into them, but didn't do any harm. From my recollection, up until the other day when Dray told me he spoke to vort and said I "challenged" him to hack UC, the very first time I ever recall chatting with vort was 5/5/98 (vort.log) -- As you see here: ===[ vort.log ]================================================================ IRC log started Tue May 5 13:29 *** Lastlog: *** vORt ([email protected]*.harvard.edu) has joined channel #nutmeg *** Mode change "+v vORt" on channel #Nutmeg by UC [[email protected]*.harvard.edu] (6d23h3m50s) hi port [[email protected]*.harvard.edu] (6d23h3m51s) you there? [*vort*] sup [[email protected]*.harvard.edu] (6d23h10m17s) looks like now its not secure enough [*vort*] huh? [[email protected]*.harvard.edu] (6d23h11m29s) well i can take care about the site security [*vort*] whatcha mean? [*vort*] what are you talking about :) [[email protected]*.harvard.edu] (6d23h13m26s) um, everyone who knows unix really good, can i hack UC, i'm just doing anti-hackers protection and so on :) [[email protected]*.harvard.edu] (6d23h13m49s) too many sites died because of that [*vort*] oh, I see... so you say uc's security sucks? [[email protected]*.harvard.edu] (6d23h14m19s) yep [*vort*] why is that? [[email protected]*.harvard.edu] (6d23h15m17s) donno, maybe noone cares about it :) [*vort*] so point out something on uc that is insecure about it... [[email protected]*.harvard.edu] (6d23h15m56s) you want me to give you a proof? [*vort*] sure [[email protected]*.harvard.edu] (6d23h16m29s) okay [[email protected]*.harvard.edu] (6d23h16m42s) Copyright 1992, 1993, 1994, 1995, 1996 Berkeley Software Design, Inc. [[email protected]*.harvard.edu] (6d23h16m42s) Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 [[email protected]*.harvard.edu] (6d23h16m42s) The Regents of the University of California. All rights reserved. [[email protected]*.harvard.edu] (6d23h16m42s) BSDI BSD/OS 2.1 Kernel #10: Tue Feb 4 18:02:07 CST 1997 [[email protected]*.harvard.edu] (6d23h16m42s) =====================[ * Technologies, Inc. ]========================= [[email protected]*.harvard.edu] (6d23h16m42s) * Voice: 630-705-5678 [[email protected]*.harvard.edu] (6d23h16m51s) * Sales: [email protected]*.com [[email protected]*.harvard.edu] (6d23h16m51s) * Support: [email protected]*.com [[email protected]*.harvard.edu] (6d23h16m51s) =========== [[email protected]*.harvard.edu] (6d23h16m51s) you see? [[email protected]*.harvard.edu] (6d23h17m3s) thats wrogley's welcome msg [*vort*] true... [*vort*] so which bug ya use on that one? :) [[email protected]*.harvard.edu] (6d23h17m27s) wrigley's err [*vort*] FYI, that isn't UC btw. [[email protected]*.harvard.edu] (6d23h17m44s) it is my own secret :) [[email protected]*.harvard.edu] (6d23h17m51s) i know [[email protected]*.harvard.edu] (6d23h18m) uc is ng.*.com [[email protected]*.harvard.edu] (6d23h18m8s) right? [*vort*] very good. [*vort*] you know nslookup. :) [[email protected]*.harvard.edu] (6d23h18m20s) :) [[email protected]*.harvard.edu] (6d23h18m47s) nope, not nslookup [[email protected]*.harvard.edu] (6d23h18m51s) something else :) [*vort*] uhhuh. [[email protected]*.harvard.edu] (6d23h20m55s) ok, so you want me to secure it? because i know for sure, someone will try to hack it and success [*vort*] Tell me this... [*vort*] you just got in... big deal... [*vort*] What UID were you? [[email protected]*.harvard.edu] (6d23h22m9s) 0 [[email protected]*.harvard.edu] (6d23h22m20s) aka root [*vort*] ok I just created a file in /root... Tell me what it is. [[email protected]*.harvard.edu] (6d23h23m35s) im not near my computer, so i cant login anywhere :) [[email protected]*.harvard.edu] (6d23h23m40s) i'm in inet cafe now [*vort*] Well, when you get near your computer then -- Check it out and email me the results. [[email protected]*.harvard.edu] (6d23h24m32s) okay [[email protected]*.harvard.edu] (6d23h25m27s) anyhow, i were there :) [*vort*] ok then. [*vort*] so? :) [[email protected]*.harvard.edu] (6d23h28m6s) it means everyone could.. [[email protected]*.harvard.edu] (6d23h28m55s) ok, gotta go, ttyl [*vort*] I'm sure... there are so many holes I left open on wrigley anyhow. I haven't had time to fix them. [*vort*] later *#nutmeg* vORt is away: bbl [BX-MsgLog On] *** End of Lastlog *** Window LOG is OFF IRC log ended Tue May 5 13:30 =============================================================================== I don't remember speaking to vort at any time previous to the above. Just the other day when dray was trying to figure out more information from vort, vort said that I told him UC was unhackable and challenged him to hack into it. I'm not one to say that a system is *completely* 100% unhackable, as I know perfectly well that nothing is 100% secure. If anything, maybe I said something to the effect of "UC is secure right now, it's fine," but certainly not expecting him to go ahead and try hacking into it. But during our conversation above is where I wanted him to show me something that he in fact did get into UC. (Afterall, why should I waste my time with someone who claims they've gotten into the system with they in fact haven't?) The proof that he showed me was the following email: =============================================================================== Delivered-To: [email protected]*.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Wed, 06 May 1998 06:13:42 +0400 To: [email protected]*.com From: vORt <[email protected]> Subject: here's some proofs you wanted to see :) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-UIDL: db789210675a0d17b07248553e3aa903 Hello, take a look.. : Linux 2.0.33 ng.* i686 unknown [BEGIN] /root $ drwxr-x--x 7 root wheel 1024 May 3 2027 . drwxr-xr-x 21 root root 1024 May 3 2027 .. -rw-r--r-- 1 root root 433 Sep 27 1993 .Xdefaults -rw-r--r-- 1 root root 438 Sep 27 1993 .Xmodmap -rw-r--r-- 1 root root 0 Dec 29 20:09 .addressbook -rw-r--r-- 1 root root 2285 Dec 29 20:09 .addressbook.lu -rw-r--r-- 1 root root 6879 May 5 17:25 .bash_history lrwxrwxrwx 1 root root 24 Feb 28 11:00 .exrc -> /home/local/porter/.exrc -rw-r--r-- 1 root root 48 Sep 10 1996 .less -rw-r--r-- 1 root root 114 May 7 1993 .lesskey -rw-r--r-- 1 root root 114 May 7 1993 .lessrc drwxr-xr-x 2 root root 1024 Mar 28 23:13 .ncftp -rw-r--r-- 1 root root 10327 Dec 29 20:09 .pinerc -rw-r--r-- 1 root root 183 Apr 22 15:57 .profile drwxr-xr-x 2 root root 1024 Dec 24 10:14 .seyon drwx------ 2 root root 1024 Dec 25 04:16 .ssh drwxr-xr-x 2 root root 1024 Jan 12 13:05 News drwx------ 2 root root 1024 Dec 29 20:09 mail [END] [BEGIN] /home/local/porter $ ls -la total 86 drwx------ 13 porter wheel 1024 Apr 30 04:18 . drwxr-xr-x 10 root root 1024 Apr 23 00:14 .. drwx------ 2 porter warez 1024 Dec 19 04:23 .BitchX -rw------- 1 porter wheel 600 Jul 1 1997 .bash_aliases -rw-r--r-- 1 porter wheel 5349 May 5 13:16 .bash_history -rw-r--r-- 1 porter wheel 583 Mar 10 22:04 .bash_profile -rw-r--r-- 1 porter wheel 1865 Jan 30 20:52 .bashrc drwx------ 2 porter warez 1024 Feb 24 03:03 .elm -rw-r--r-- 1 porter warez 68 Jul 2 1997 .exrc -rw-r--r-- 1 porter wheel 34 Jul 1 1997 .less -rw-r--r-- 1 porter wheel 114 Jul 1 1997 .lessrc -rw-r--r-- 1 porter warez 15 Apr 19 01:54 .logout -rw------- 1 porter warez 0 Apr 11 01:58 .mc.hot -rw-r--r-- 1 porter warez 0 Apr 11 01:58 .mc.ini drwxr-xr-x 2 porter warez 1024 Apr 18 23:36 .ncftp -rw------- 1 porter warez 209 Dec 11 14:09 .ncrecent -rw-r--r-- 1 porter warez 0 Mar 1 09:56 .noident -rw-r--r-- 1 porter warez 7222 Feb 24 03:48 .pine-debug1 -rw-r--r-- 1 porter warez 7222 Feb 24 03:42 .pine-debug2 -rw-r--r-- 1 porter warez 7683 Feb 24 03:32 .pine-debug3 -rw-r--r-- 1 porter warez 7010 Feb 24 03:25 .pine-debug4 -rw-r--r-- 1 porter warez 10398 Feb 24 03:48 .pinerc -rw------- 1 porter warez 17 Feb 24 03:49 .qmail -rw------- 1 porter warez 17 Feb 24 03:49 .qmail-default -rw------- 1 porter warez 47 Nov 17 09:48 .shosts drwxr-xr-x 2 porter warez 1024 Jul 11 1997 .ssh drwxr-xr-x 2 porter warez 1024 Feb 18 02:30 bin drwxr-xr-x 3 porter warez 1024 Aug 28 1997 bots drwx------ 2 porter warez 1024 Feb 24 03:25 mail -rw-r--r-- 1 porter warez 7042 Oct 7 1997 ps.shit -rw-r--r-- 1 porter warez 5723 Oct 7 1997 ps.shit2 drwxr-xr-x 2 porter warez 1024 Apr 7 14:33 src drwx------ 3 porter warez 1024 May 4 2027 tmp drwxr-xr-x 8 porter warez 1024 Apr 22 13:09 work drwx--x--x 4 porter warez 1024 Sep 10 1997 xnet [END] here is listing of two dirs - /root as i promise and your home dir :) and here is a quote of shadow file, its just a sample, dont want to include it all : [] <snip>:R6cIPcqioM1kc:10021:0:99999:14::: <snip>:!NOPASSWORD:9778:0:99999:14::: [] enough i think :) well, your word? .. .vORt =============================================================================== After the above email, I really got.... "annoyed" ... I checked into the stuff above and it was all accurate. Here's the scoop... If you read vort3.log, you'll already see part of how he got in. He first hacked into Dray's professor's lab server at school. Since dray had a .shosts on wrigley (Similar to .rhosts, but for ssh (SecureSHell)) with his lab computer's address, vort was easily able to ssh in without it asking for a password. Then, since dray also had a .shosts on UC's box, he was able to ssh directly over to UC (Yet again without a password). Once on UC, he used one of the MANY Linux exploits to get root access. (I didn't bother wasting my time worrying about fixing security holes in Linux; Afterall, there are only about 5 people that have shell access on UC and all of them I trust not to hack it anyways) So... The conclusion? Well, I guess Dray spoke with vort the other day and, according to dray, everything is somewhat cleared up (People will have to ask dray for more info about that part of it). It, however, still doesn't change how I feel about this whole incident. I suppose one of the "heavy" points in this was that vort didn't ask if he could hack into the system, he went ahead and did it on his own without permission. Don't get me wrong, though, "good job vort!" He successfully got in, but still... Without asking for permission. BTW - On a side note... Another mishap I heard was that vort hacked a siege shell and stole a release. After getting more into the facts I hear that it used to be RSS's shell previously and he accidentally took it. [ Fri May 8 17:02:33 CDT 1998 ] Ok, I just spoke with vort... I was trying to remember the VERY first time I spoke with him about this. Here's a cap: ===[ vort4.log ]=============================================================== IRC log started Fri May 8 17:04 *** Lastlog: [*vort*] you there? [[email protected]*.kth.se] (15h4m16s) yep [[email protected]*.kth.se] (15h4m17s) hi [*vort*] I'm trying to think back when the first time you approached me regarding security or sumn on uc... [*vort*] did you originally approach me asking if we need someone to do security on uc or sumn? [*vort*] and I said something like "no it's fine right now, thanks anyways"?? [[email protected]*.kth.se] (15h5m21s) yep, it was like that [*vort*] but I never really said "go ahead and hack it, I dare you" did I... :) [[email protected]*.kth.se] (15h6m5s) nope [[email protected]*.kth.se] (15h6m8s) :) [*vort*] or "I challenge ya" heh. [[email protected]*.kth.se] (15h6m16s) right [*vort*] ok thought so... thanks [[email protected]*.kth.se] (15h6m28s) you said its seecure enough [*vort*] yea... I somewhat remember now.. [[email protected]*.kth.se] (15h6m58s) then i came back and showed you some proves [*vort*] yea, and that was a few days ago right? [*vort*] 5/5/98 to be precise :) [[email protected]*.kth.se] (15h7m27s) yeah [*vort*] ok just making sure. [*vort*] I got tons of people asking me wtf happened n stuff. *** Window LOG is OFF IRC log ended Fri May 8 17:04 =============================================================================== Sooooooooo.... Anyways.... I guess this text file was all that "quick 'n dirty" as I thought it would be. I hope I detailed it enough for people to make their own decisions as to any possible consequences. I'm neutral right now. :) Any questions/comments, please lemme know. (Porter)
80x273 Font
80