Dailydave mailing list archives
Re: phpbb.com hacked...
From: Martin Zember <martin.zember () matfyz cz>
Date: Sat, 28 Feb 2009 03:06:13 +0100
And here is the other post. Not technical anymore. Only some sort of a self-interview. ------ Hacked PHPBB(dot)COM Thursday, February 12, 2009 Aftermath <http://hackedphpbb.blogspot.com/2009/02/aftermath.html> So phpbb.com is backup, congrats it only took a week to prove that I didn?t modify anything. But it sounds like they are still investigating on their old server and are running on a temp one. This is pointless as I can not be caught. So I am going to try and answer a few questions, (there may be an interview in the future) *Why did you do it*: already stated, boredom? To see if I could make a change to an upcoming release package. *Why did you release what you released*: To prove that the site was compromised *Why didn't you email the staff/post on the forums like a good hacker should do*: Because they would have patched the system and nothing more would have come from it, no thank you Mr. Wonderful. *Why are you such a script kiddy*: I used an exploit off milw0rm, so what? I found phpbb.com, not some scanner; I found the log files to include so code could be ran. I found the salt/hash. I found a way to include my avatar/uploaded files. Nothing was automated. *Why didn't you leave a calling sign/handle/team name*: First reason, because I didn?t want any sort of credit for it. Second so I couldn?t be traced. *Why did it take you so long:* I work for a living. And in one of phpbb.com server configurations, they have filters that excluding remote files. Also it took a while to locate a writable directory on phpbb.com not just a temp or server directory. This was only really achieved when I was able to alter the layout using the Admin panel. *Am I going to enjoy jail*: That is a funny one; all evidence has been removed on my end. All hard drives have been wiped, multiple times. Also the wireless network has been patched; I have flown back to my home country, and destroyed my network card (replaced with a new one). So good luck finding me, and on top of that good luck extraditing to USA, as my country doesn't have extradition laws with the US. *Have the admins offered you a job*: No they have not, nor would I wont one. I have tried to contact staff, about the break-in, but no one would respond. *The admins didn't get a chance to patch, why hack them*: the only damage that was done before the patch was downloading 160,000 user names and passwords to try and crack, which turned in to the 40,000 released to the public. The only damage after the patch was compromising the admin account, reading the forums, dumping the user table, and dropping the mail list table and user table. So I could have been locked out, if the admins had been on top of their patches. But I would place a bet that they wouldn't have know they were running un-patched until someone told them. *Am I sorry*: I am sorry it has taken the admins this long, I am sorry I released the names and phone numbers of the staff. Thanks for reading, and keep checking back here for the interview that should be coming down the pipes. Posted by Hacked PHPBB(dot)com at 1:48 AM <http://hackedphpbb.blogspot.com/2009/02/aftermath.html> 8 comments <http://hackedphpbb.blogspot.com/2009/02/aftermath.html#comments> <http://www.blogger.com/post-edit.g?blogID=3546060595490394543&postID=7275309739870507466> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- phpbb.com hacked... Dave Aitel (Feb 04)
- Re: phpbb.com hacked... Robert Graham (Feb 06)
- Re: phpbb.com hacked... Jeremie Le Hen (Feb 27)
- Re: phpbb.com hacked... Ary Kokos (Feb 27)
- Re: phpbb.com hacked... Martin Zember (Feb 27)
- Re: phpbb.com hacked... Ary Kokos (Feb 27)
- <Possible follow-ups>
- Re: phpbb.com hacked... Robert Graham (Feb 07)
- Re: phpbb.com hacked... Juha-Matti Laurio (Feb 27)
- Re: phpbb.com hacked... Fyodor (Feb 27)