NMRC button

Simple Nomad's Blog

sep 2005 | oct 2005 | nov 2005 | dec 2005 | jan 2006 | feb 2006 | mar 2006 |  apr 2006 | may 2006 | jun 2006 | jan 2007 | feb 2007 | aug 2007 | sep 2007 | nov 2007

12Nov2007 - A Different Kind of Script Kiddie

Ok I occassionally see something really really stupid happen in IRC (I know that probably seems redundant, but I am talking about extremely stupid behavior from people who should know better), and this one in particular I feel I should comment on. It is those ridiculous dick-waving sysinfo scripts. The person running the script runs it and it spits out all of this system information to the channel the person is on, so EVERYONE knows how big and badass their computer is. If you didn't know, sysinfo scripts are (usually) perl scripts, or some mIRC script that return a bunch of system information and spew it out into the current IRC channel.

There are two reasons this is extremely stupid. Number one, it is one of the most self-centered and egotistical things you can do on IRC. Who gives a shit about this information except the guy running the script? And this leads me to the second reason -- it is a massive security risk. You never see this type of bullshit on hacker channels. I am not talking about some efnet n00b channel, I am talking about real hacker channels where the guys in the channel do security for a living (black or white hat). That is because it gives out way too much information that could be used against the idiot splashing all this sensitive info in the first place.

As an attacker, particularly an attacker who might have a 0 day or two, knowing the exact OS or the exact version of software on the target certainly helps in attack planning. Let's look at some real-world examples cut and pasted in from actual people in a channel I was idling on: 

SysInfo: Linux 2.6.22-14-generic |  Intel(R) Pentium(R) 4 CPU 2.66GHz 2665.856
 MHz | MemFree: 97/496M [||||||||||] | Diskspace: 452.68G Free: 314.83G | Upti
me: 3 hrs 18 mins 1 sec  | Load: 0.28 0.13 0.18  | Vpenis: 156 cm @ 1280x1024
(32 bpp) | eth0: In: 123.54M Out: 7.62M

First off, we know that the OS is Ubuntu, throwing 2.6.22-14-generic into Google immediately makes that apparent. The person has probably not loaded up their own custom kernel, because if they had they would have certainly given some goofy name to it -- this is a person running a sysinfo script, remember? And Vpenis? This is some additional vanity bullshit value which allows dipshits to compare their computers to other dipshits with some stupid algorithm -- think bogomips with additional values added in related to non sequitors like disk size. Anyone who measures Vpenis is NOT paying attention to security as much as they should be.

So what does this mean? Well, while Ubuntu does not come with any services listening by default, any service added later is open to the world. That is right, Ubuntu has no firewall running by default. This means that a quick portscan may find crap Mr. Vpenis loaded up for whatever reason and forgot to turn off. Is this person patching regularly? Watch for whenever Ubuntu releases a new kernel and see if the kernel version updates. If you have any kind of attack that is dependent on a statically compiled kernel -- remote, or local in case you get limited access on the box and need to elevate privleges -- knowing the exact kernel version beforehand can be a huge timesaver. If your attack is a one-shot attack, where you get an address wrong and end up with a kernel panic, this bit of info from the sysinfo script can help ensure you get the sweet spot every time. Of course even if they have a firewall running, it doesn't mean they are invulnerable to a client-side attack (more on this in a minute).

It can be just as bad for Windows users as well (yes another real one): 

OS: WinXP Professional 5.1 Service Pack 2 (Build #2600) CPU: Intel Pentium III
, 1.73 GHz Video: Plug and Play Monitor on Mobile Intel(R) 945GM Express Chips
et Family (1280x800x32bpp 60Hz) Sound: Conexant HD Audio output Memory: Used:
320/502MB Uptime: 2w 5h 12m 52s HD: [C:] 3.55/80.50 GB [D:PRESARIO_RP] 1.35/11
.62 GB Connection: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport @ 54.0
Mbps (Rec: 2767.16MB Sent: 3855.44MB)

Ok, we have 32bit Windows XP Pro SP2. From the D:PRESARIO_RP we know this is a Compaq computer, loaded up with the original OEM disks. This means a large number of Compaq OEM crapola utilities loaded on, many with such things as ActiveX controls that could be manipulated with client-side attacks. And IRC was made for client-side attacks -- how many links get posted to IRC for others to go look at? When you couple this with potential browser flaws -- some 0day, some publicly disclosed but not yet patched -- and you have a disaster waiting to happen. Every bit of detail could mean something. Got video card or sound card info? The utilities included with it could have vulnerable chunks of code. Maybe not code I can access directly, but getting them to visit a web page I control might allow me to still exploit it.

So sysinfo script kiddies, on behalf of hackers everywhere, please, PLEASE continue to use these inane piece of shit scripts that help tell the world exactly how to compromise you.

09Nov2007 - Our epic Halloween party

How does one judge a Halloween party? On how long it lasted? How many guests got arrested? How many guests got laid? Well on those counts alone, we had a successful party on October 27th as the party lasted 20 hours (8pm until the last guests left at 4pm the next day), one arrested (just spent the night in the drunk tank) and two got laid (yes we had a hook-up between a couple of guests at the party). So yes a successful party. However the new standard for judging how good a party is is how weird the "lost and found" is after the party.

Our lost and found consisted of a pair of oversized Elvis glasses, a curly-haired wig, a pill box with a couple of anti-depressants, a bonnet, Playboy bunny ears, 1 female knee-high sock, a 12 inch long 2 inch thick dildo, and a Black and Decker cordless drill. Actually it is not truly a lost and found as we know who most of the stuff belongs to, but seeing it all piled up on the coach while we were cleaning was rather weird.

For the first two hours we had a psychic giving readings (palm and Tarot), our infamous Dead Bar was manned by two bartenders (the most popular liquor was Vodka, we went through a ton of it), we had our decorations everywhere, we set up a tent in the backyard as a hooka as well as a gazebo, fog machines, strobes, etc etc etc.

We had the usual best male and best female costume contests, as well as our classic "who am I" game. The "who am I" game involves everyone getting a sticker on their back with the name of a famous person, living or dead, real or fictional, and asking other people yes or no questions about who it is. If you eventually guess who it is, you move the sticker to the front and get another one. We played it for about half an hour -- it is a great game for people to get to know each other.

But the best game was this relay race game done Survivor style. First off, we had everyone who wanted to play to divide up onto teams of 5. We had 5 teams playing. With more than a few drinks in everyone, it was obvious from the commotion and yelling this was going to be fun. First round was the classic "pass the orange" relay. Each team had to pass an orange from teammate to teammate holding the orange under the chin without using hands. Top three teams were to move on. When we explained the rules, the one all-guy team got pissed ("dammit I told you we should have got some chicks on our team!").

The second game we asked for a volunteer from each team to come forward. We had three volunteers. Then we asked for a second volunteer from each team, and three more people stepped forward. We gave the first three some string and we held up a plastic container of Fruit Loops. Then we announced the rules -- the first person had to string ten Fruit Loops on the string to make a necklace and then put it on. The second person had to eat the Fruit Loops without using their hands, top two teams move on. 6 people looked around with their jaws hanging open, and 30 or so people instantly cracked up. When we started, one industrious volunteer grabbed a handfull of Fruit Loops, bent down and stuck then on the floor so they could thread them onto the string quicker. Her partner started yelling "what in the fuck are you doing? I got to eat those!" Very nice tactic, their team did finish first.

Finally the last two teams were faced with the final challenge. The entire team could play, and we warned them that they would have to cooperate with each other to prevent brain freeze. They all looked at each other with everyone else laughing. Then we brought out the popsicles. These weren't ordinary popsicles, they were made with Black Cherry Kool-aid and they were shaped like erections. That's right, we used an ice cock mold and had made two bright red and obscenely erect penises out of Kool-aid on wooden sticks. GO!

There is nothing funnier than watching your friends (especially the guys) gooble down cocksicles. Yelling. Screaming. People laughing to the point of tears. Guys on the losing team saying "damn, I gobbled cock for nothing".

A word about the cock mold. We had already made about a dozen regular ice cocks out of water, and had one of the bartenders randomly put the ice cocks in drinks for laughs (helmet up, nice bobbing effect). Originally the last round was going to be a cock bobbing contest in a big vat of water, but we decided people bobbing for ice cocks while drunk could end up as one of those odd news stories that every morning radio talk show talks about. While it would be classic, I don't think someone drowning while bobbing for cock would make for a really nice epitaph. Believe it or not, the cock bobbing idea was my wife's, not me. We originally were going to use dildos but were not sure if they would float. I contacted a friend who works for a video pr0n producer, who asked around at work and it was determined that silicon dildos do not float (too dense), the plastic jelly ones also would probably not work, and they were the ones who recommended ice. So a big thanks to the pr0n industry!

BTW there were prizes for each games -- DVDs, keychains, and massive bragging rights. A massively successful party.