Exploits

I want to preface this by saying that i keep up the CCC hacker ethics. Never did i invade the privacy of other people, gained an unfair advantage or financial gains with my exploits. They were all for fun. Because i could. They are not intentional, or part of a plan, or some kind of self expression. It was probably more like boredom, opportunity, playing and exploring. And mostly a lack of security measures.

I have some strong memories of some of my exploits. But who knows for how long. So i made this. I keep it to the cool ones (no B2K, WinNuke or bind remote exploits from packetstormsecurity perl IRC botnets), and more than 20 years ago.

Who’s wearing the suits now, The Mentor. Who’s wearing it now…

late 90’s

Elementary school had a few computers, with Windows 3.11 and/or Windows 95.

On a saturday where i had to stay longer as punishment, i was able to login into the computer by something like escaping the login dialog by opening the file explorer through the help dialog, copying the guest profile to the admin, and then starting windows manually. Like a Citrix breakout. Just wanted to be at a computer.

Shortly before leaving elementary school and before y2k, i planted a logic bomb on a few school computers, which made them unbootable after a certain date. A good friend of mine one year below me had to fix the computers after the logic bombs went off one year later. y2k was blamed. He was a hero.

Parents had a 486 with Windows, and 56k Internet. I used a program which unobfuscated text in password dialogs (like hunter2). Had a target pointer which could be pulled to the window with the password. I gained the internet password (“m****"), and from then on connected to the internet with their account with my 28.8k i got from somewhere. Hello, Internet. Later i did a dedicated router with an old pc running Linux. Caching usenet, and web with wwwoffle.

Defaced xxxxx24.ch. FTP server with anonymous login with full write. Thanks warez scene.

Defaced jxxxx.ch. WWW Backup directory found with Nikto ("/bak1”), containing DB dump with (plaintext?) passwords. Logged into the CMS and left a public simpson reference (“can jesus make a burito so hot in the microwave so that he himself cannot eat it anymore?” yes I still laugh about it).

Compromised the website of a famous swiss music club. Automated password brute force on their backend CMS. Got access to the salary of their DJs (3-4 figures per gig). I remember much prefering doing this than going to the actual club.

A friend was creating music, and uploading to a website where amateurs can publish their songs, and rate each other. Trivial to do XSS. Wrote a script so that every visitor of my friend’s profile had a chance to auto upvote one of his songs. If i remember correctly, it worked partially.

Scanned our ISP’s IP ranges for open SMB shares. One had a large MP3 collection, and was also writeable. We left a message. Something stupid.

early 2000

A middle school math teacher made some very rudimentary learning “games” for class himself, semi Web 2.0. It was possible to gain high scores, which were like from 1-8000 points, with 3800 the effective maximum possible. I somehow modified the HTTP POST with the score to the maximum (ZAP? Developer Console? I dont remember). For the high scores, the name was “ the ”, so i used “jack the hacker”, in reference of “john the ripper” password cracker, and the impossible 8000 score.
Next lesson, the teacher asked if did the “cheating”, which i obviously denied. He then asked me how it would be possible to do something like this, whereas i explained him in great detail how one would do it. Smart man. Web hacking was becoming the main thing, and a large part of my work at one of my first jobs, and ever after since.

The password of the school server was “cpq64”, i assume cpq is short for Compaq, the computer company. I had a Compaq. It was multimedia! I once had access to the room for school work, probably extracting it by rebooting into a “hacking” CD which recovered the windows NT passwords. Physical security is important.

We had WEP Wifi. Most websites didnt have SSL for the login (if at all). I had a Linux laptop with the right drivers and Wifi chipset on a PCMCIA card, so during studying hours i sniffed whatever i could. There was some kind of tool which somehow detected the password fields in HTTP responses, and automagically spew out passwords. One such password was something like “the 1 and only real 1”. I enjoyed inserting the passwords of my peers in normal day to day conversations with them. Teached me about the necessity of encryption everywhere, all the time.

Some of us had a competition for seti@home. Every publicly accessible and unattended or quickly compromisable computer became a part of it. It was tough to keep up. Useful knowledge for Blockchain mining later.

maybe 2004

We got Matlab. It was a CD. Had to install it, but didnt run without the CD (copy protection?). I hated CDs. I cracked the Linux version. It mostly just needed the first 20MB of some files of the CD, and some small patches. Announced the crack on the Uni forum. Some months/years later when i once googled “matlab crack”, the website of my crack was still the first result. It dawned on me that i enjoyed cracking Matlab way more than doing Linear Algebra with it, and also spent more time on the former.

Assorted

My first order over the internet was actually the official Intel X86 CPU specifications. Three books. Intel had a website where they said they will send you a copy via Mail (not Email). So i inserted my address and forgot about it. I was underage and didnt have a credit card, but wouldnt think of ordering something with money over the internet ever anyway. It was too new. Days later a Fedex packet arrived, which surprised my parents. Intel really did send it, for free, to another continent. Pretty fresh of them. Would have been before 2003.

I spent all my money on harddisks. I had a Linux, and later FreeBSD fileserver with up to 8 disks. Always a welcome sight at a LAN party. The 100Mbit and later 1gbit bandwith was never enough, so i had a second 3com NIC’s installed. Not realizing that two NIC’s in the same network dont really help, as outgoing traffic gets routed through always the same interface (the first one), not the one where the traffic is coming from. Ouch.

Me, too, created 3 figure telephone costs once or twice because of BBS. They were in a neighbouring country.