Jump to content

Recommended Posts

So we all know that our passwords were compromised. But did you know that your password it publicly posted on the internet? And we were also told that the server was attacked..... But did you know that hak5 was the target?

http://r00tsecurity.org/files/th28gaa1g.txt

Just search hak5, The third one is the start of a nice bit of information.

Sorry if this is a repost, but I thought it needed to be brought up.

Link to post
Share on other sites

Looks like every ones old password is at http://r00tsecurity.org/files/zf05.txt

Not sure what "Passwords reversed through local OpenSSL side channel attacks, or not... we don't want to start another whitehat freakout" means. I guess it's a joke since hak5.org never used SSL... unless it did in a respect that is not related to the forum... except all the passwords are for the forum. I guess it is a joke, as in trying to make the whitehats freak out.

Link to post
Share on other sites
Looks like every ones old password is at http://r00tsecurity.org/files/zf05.txt

Not sure what "Passwords reversed through local OpenSSL side channel attacks, or not... we don't want to start another whitehat freakout" means. I guess it's a joke since hak5.org never used SSL... unless it did in a respect that is not related to the forum... except all the passwords are for the forum. I guess it is a joke, as in trying to make the whitehats freak out.

There is no SSL on hak5.org atm, so that bit is probally crap. IPB just seems to have weak salts.

Link to post
Share on other sites

I thought it a bit interesting that there was no dump_passwords file in /home2/hak5/www/forums. Some thing is a bit of a miss there (obviously added in between the last ls and the command).

Even with weak salts, what are the chances of cracking kNgWva5D3JjbI2 (my old password)?

Link to post
Share on other sites
If you look at the passwords list, some of them have multiple entries with typos - I reckon they were capturing/logging/sniffing/etc the passwords for a while first.

Thats what I was wondering, hence the ssl joke I suppose.

Link to post
Share on other sites

umm to crack that many passwords, with salt, specialy passwords like C5FuR7k-giWBBIwczi5f, its going to take years, also testing a few names against the member list, everyone logged in late july (~20th).

Passwords wernt cracked, IPB was comprimised, and captured the passwords, which kinda leads you to think, how do the mods know its currently not atm?

Link to post
Share on other sites

They were logged in to the server and grabbing passwords in realtime from what I understand. They must have been monitoring it for much longer than people realize, because some people have stated that they hadn't used those passwords in a while and had already changed them before they announced the defacement and zine came out. You will notice the typos of some peoples paswords, and some people with multiple entries, so it seems fair to say, they had installed some sort of logger to grab them in real time, then they collected the data at a later time. Especially when there is no ssl, so any hint it was some side channel ssl attack smells like bullshit to me. I also think that whoever did this, had enough skill to compile the exploit, used it on one of the other sites hosted on the server in order to escalate their privledges to gain access to the entire machine, thus allowing them to do what they did. I don't believe it was a hak5 issue as much as the people who did it were able to get in through one of the other hosted accounts, or may have even been hosting with the server unbeknown to Matt, and used it as a way to compromise the server.

The flaw they used had been out since like May,

// milw0rm.com [2009-05-14]
http://www.milw0rm.com/exploits/8678 so they have probably been watching things long before the defacement took place.
Link to post
Share on other sites
The most hilarious part (aside from mubix) was Darren, every episode

when interviewing the resident tech expert he says "I'll play the idiot here,

explain to me". De Niro better watch out, those acting skills are sharp.

:lol::lol:

Link to post
Share on other sites
Ciri (someone else who hacked hak5's site) at least had some class when he got in.

Don't remember that one, but would be nice to have some little history of hacks against hak5 in the wiki, purely academic and all of course.

Link to post
Share on other sites

Forthcoming?...yeah i'd have to agree with that, for sure. But i'd rather them fix the issue and fully understand what happened, why and make sure that it has a low probability of happening again.

I can certainly understand peoples eagerness to know WTF details, but we're fans not shareholders...i am positive that the hak5 crew feel as violated as we do.

Link to post
Share on other sites
Forthcoming?...yeah i'd have to agree with that, for sure. But i'd rather them fix the issue and fully understand what happened, why and make sure that it has a low probability of happening again.

I can certainly understand peoples eagerness to know WTF details, but we're fans not shareholders...i am positive that the hak5 crew feel as violated as we do.

I don't know that it's entirely for "WTF" reasons... we watch shows on executing the cold boot attack, cracking WiFi, etc, but this is a REAL security breach. You would think that out of anything that's happened, we could use this as a "learnable situation," discussing whats happened, how it was fixed, and how it can be prevented (if it can be prevented).

It sucks, for sure, but the damage is done (literally and figuratively,) the only thing that the group can control after the fact is how they handle the situation. I think at this point it's turning lemons into lemonade for the community.

Link to post
Share on other sites

@sniper7kills and @Sparda

Oh S#it... it's official my username is now our their list. my previous passwords are stored on their database. and hak.5 and other non hak.5 site are attaking some buch of idiots. so i changed my passwords also

IMHO that some 1337 hax0rs want to steal their own personal infomation

Link to post
Share on other sites

I dunno I only use my password for this forum and no where else.

If someone does find it out not much that they can do with it except getting me banned off the forums for posting bad things..

I'm sure mods and admins have proper passwords

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...