[WEB SECURITY] FWD: hi, need help

Date November 17, 2008

I know this is going to seem a bit "mean", but I couldn’t help laughing to myself when I saw this thread in the webappsec mailing list.  I try to follow the list, but seldom (if ever) post to it as I’m just not fast enough, and there are plenty of good people on that list to pick up questions and provide good answers.  I’m not knocking the person that posted this cry for help, but the responses were just amusing.

First off, there’s a cry for help

some hacker has hacked my website. (displaying hacked by turkish hacker), now wht shld i do to retrieve my original website. so please guide me how to get rid of tht

Followed by lots of interesting (and funny) replies.  There’s the usual "remove machine from the network, find how they got in, patch, restore from backup", but that’s not what was making me chuckle.

My favorites are from Billy Hoffman…

Let me help you out with that:

1- SSH into the webserver.
2- sudo rm -rf /
3- type in the root password

I mean, I’m some random person on the Internet you have no way of knowing so obviously it must be good advice.

and from Dain White, which, amongst other recommendations, says to…

2) run around the office screaming and throwing stuff around.
5) scream at the next person that tells you the site is offline, and go get more coffee / tea
7) While that scan is running, now is a good time to update your resume, or review some of the recent applications you’ve received for the (soon to be open position of) system administrator, if you are not the system administrator.
9) if you are lucky enough to find who did it, scream their name at the sky for 10-15 seconds as long and drawn out as you can get, while imagining all sorts of nasty outcomes for their immediate future.
10) look through the server logs to try and nail down exactly which one of the many attempts were successful in getting control over your server. Note the application or service that was unsecured, and who was the brainiac that was to blame. If it was you, run around and scream some more while coming up with a new positioning statement for the top of your resume that starts with ‘While I was employed recently as a Server Administrator, I…’

Looks like a lot of screaming there from Dain :)

In any case, not two days later the same guys is back with another question

I wanna to learn in depth about application security frm scratch, can u help me by giving some good source where i will get a chance to learn about application security.

I guess he wants to know how they managed to get into his system and how to do it himself :D

Category Posted in Fun, Security


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>