lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: mr.bill.bilano at (Billy B. Bilano)
Subject: Severe exploit found, all UNIX are affected!


Bad news today. Oh my goodness! I am in a tizzy-fit over this! I am such 
an expert at system administrating but even the best of us fall from 
glory now and then. And let me tell you, this is one time I believe 
somebody got the best of me... and that somebody is a fellow named Charles!

It all started when my big OpenBSD box took a dumper and I got paged. So 
I get into the bank and start to look around and I poke and prod the box 
and then I log into it and run the appropriate debug tools (ls, ps, top, 
cut, etc. -- pun not intended). I notice, at long last, that the console 
messages were not lying... the hard drive was indeed full! (you can 
never be too sure about that sort of thing as everybody will agree)

The offending file was the previous administrator (Stan, who got fired 
when I became IT director because he was a puss and always joked about 
beer and had a picture of some baby looking at teats saying "lunch" on 
his cube wall -- that offended me as a larger man). So his old 
administrator account has a huge mail spoolball that is taking up 80% of 
the drive! Holy crappers! So I logged in as "stan" and used his password 
he gave me in exchange for his severance package. I typed "mail" hoping 
to see if this would let me view his mail and it did -- thankgod! What I 
saw scared the holy mole dickens out of me...

Thousands of emails! As I started reading them, I realized the full 
extent of what is, without a doubt, going to become known as the biggest 
and most notorious hack in the history of the Internet!

Northcutt better take out that section about the Mitnik attack in that 
terrible book he is always rehasing with only a spit-shine and fancy new 
cover because here comes something leaner and meaner! (I have re-bought 
that nut's book eight times and it is always the same old cruft over and 
over but there wont be a ninth purchase, you bet your pink pajamas!) 
Someone needs to tell him that SANS is not the MANS! LOL!

This is BIG, folks! The mails... there were big ones and small ones and 
they all had one thing in common: they were from a person who would soon 
be determined to be a master hacker who has obviously infiltrated the 
bank's system long ago, before I even canned Stan (he was such a chump 
and always lost his wallet because he wore those baggy hacker pants).

It seems that this black head hacker, named Charlie Root, has been busy 
alright... Every night, like clockwork, he sends me a few emails that 
contain the most intimate of details about the server! Drive space, 
logins, users I've created and removed, and more! I think he is trying 
to extort money from the bank!

I was scared to hell to raise any red alarms at the bank so I started to 
look around and I believe I found out who this Charlie Root person 
really is:

It seems that old Chinski used to play baseball for the Brown Cubs back 
in his youth. Clearly, from reading about his shoddy career, he was 
washed up as his stats are terrible by modern standards and he retired 
from the game in 1970! Now, as is abundantly clear, he has reached a 
desperate point in his life and is now devoting his time to taking over 
the world's infrastructure and trying to do phishy things and extort 
money from gallant administrators like myself.

I looked into the front directory on my server and saw a folder called 
"root"! OMGF! I dove into his folder and saw all kinds of hacker files 
(like some thinger called ".bash_history" which seems to contain a list 
of commands he uses to take over the system, and ".forward" which 
contains Stan's email address). There were also tarballers for other 
things that look like old log backups! Incredible! I tried to delete 
some of these trojan files but it said I could not! I did some more 
looking around and found another startling fact: Charlie Root has 
changed my shell! It is not sh like it should be, it has been set to 
"stsh" which it certainly some kind of backdoor hacker tool to capture 
my strokes!

Normally I would just reboot the server but this time, since I was at 
lunch, I decided to play around with my EMACKS script on my new Sun 
6800's and, by chance, I saw that almost every file on the system was 
already owned by the "root" fellow! He has the guile to call himself 
"Super-User!" when I fingered (LOL) his account! We have only had these 
systems for a little over a month and this Charlie Root has already 
taken over every UNIX server in the bank!

This may be the end of our company if I cannot get this hacker out of 
our systems and expunge the network of this wretched "root" Chinski 
thing. I will not bow to his extortion attempts!

Someone please tell me what I should do next!

P.S. My bloglog has more background info and stuff about Chinski's 
involvement in Y2000K... <>

Mr. Billy B. Bilano, MSCE, CCNA
Expert Sysadmin Since 2003!

Powered by blists - more mailing lists