Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜
Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.
First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.
Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.
Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.
Dealing with attacks and getting hacked.
Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.
linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)
How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!
One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)
Dealing with different kinds of attacks:
Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.
So yah, hereby :P39 -
While messing around with the Windows WM_NCPAINT message, I forced the WindowProc to return without calling DefWindowProc.
This resulted in interesting effects when pressing mouse buttons down on the right hand side of the title bar. This is on Windows 10.
Bottom part of the image is when I clicked on things and is Windows 9x-XP style. Top part of the image is when the window was deactivated and is Vista/Windows 7 style. Once they appear, the buttons behave as they did (visually - e.g. highlighting) as they did on those versions of Windows.
Just found it funny to see older bits of the Windows UI still hanging around behind the scenes!
3 -
Rant
So a couple months ago, my dad called me to try and solve a problem he was having in his work.
You see, my dad owns a driving school and he was teaching 14 and 15yo kids how to ride mopeds and their theory exams are made in the school's facility, by going to this website of the entity that rules the moped teaching thing. When the time to have the exams came, they couldn't even see the exams and one of the kids had one of his attempts wasted (they had 3 attempts). We mailed and called the entity multiple times, to no avail, as they told us to "check the website, the instructions are all there". They were also trying to get it together but they couldn't. Here's the "funny" part: the software in which the exams were done ran on XP and there was no way in hell we could make it work on our W10 PCs. Not to mention this is a natiowide problem.
We reinstalled Java to v.7.9 (I think...?) as the "instructions" told us, with no results whatsoever.
So my dad decided to call me and asked me to bring a PC that didn't run W10. The closest thing to XP I could think of was my uncle's Toshiba, that had Vista, so I went to his house and grabbed it and drove to my dad's school. Even in compatibility mode, it didn't work. Everyone was in despair LoL. I was even put on the phone with the entity's technician, who didn't know how to solve it either but was trying, as well with our tech guy.
After a bit of running around and crying inside, our secretary remembered we still had a tower on site that ran XP. We went for the thing and connected it and booted it up. After reinstalling Java and setting security to "medium" (required), and meddling with zoom (the window was too small to show the whole exam and if the window showed up before we set the zoom to 75% or so we couldn't choose the answers) it was finally set to do the exams.
I've never felt so relieved for solving tech stuff LoL. It took me 3h to get it done and I feel it would have been easier if we had remembered about the tower earlier but oh well what can one do.8 -
Our team talking with a Mr. KnowItAll...
Mr. KIA: What concerns me about this huge system transference is that the devs won't give us the JS scripts files decompiled.
Mr. KIA again: I'm also concerned about Win XP end of support...
Us seeing each other: WTF is going on?!? Where are the hidden funny cameras...
A tip:
If you wanna pretend you know it all...you'll fail...
A humble dev never get humilliated1 -
@dfox Wouldn't it be better if there were limited amount of push notifications if user haven't seen the previous ones yet? I commented on some popular rant and when I got to a stable connection, the phone vibrated like crazy for at least 15s :D It was awesome btw.1
-
The moment I knew I wanted to be a dev was very early in life, but I didn't realize it until I had gotten out of high school. My parents gave me my first computer when I was like 8 and it was my grandfather's old Windows 95 PC. I loved to play the Army Men game with the plastic figures like from Toy Story. I also tinkered around and found out how Word and some of the other programs worked. About two years later, I got his old Windows 98 PC. I continued to play around in Windows and discover some nuances of the operating system. My parents had a Windows XP machine at the time and they called me in every time they needed help. I got on their computer from time to time to use the Internet, where I discovered so many cool things. In junior high, we were forced to take a typing course where I honed my typing skills through playing games. I soon was able to easily complete all of the challenges. To understand my persona, you must know that I was bullied throughout elementary and high school. I was "the nerd" of our class and I wore that badge even with all of the negative energy that it came with. I received constant criticism, ridiculed for being intelligent (my paycheck isn't too funny now, is it losers?). I didn't care, though, my mission has and always will be to show them their wrong doing. I actually can't wait to have a reunion just to see how UNSUCCESSFUL they are. My parents didn't like my interest in gaming and technology either, but that's a rant for another day. After junior high, I wasn't exposed to much else until I got to college four years ago, where I took Fundamentals Of Computing. My professor was a true nerd (major Zelda fanatic), and he taught us how to program in Python. I began to love being able to create something literally out of nothing. He opened my eyes to a world where there was order and I could have control in a world where I've never had any control in before. Since then, I've only began to love my profession more and more. This is truly what I was born to do.
-
Best prank of me? I think: Making a screenshot of the desktop and setting it as the desktop background. It was funny to watch people trying to move the items. We also locked the screen and moved the unlock window almost out of view (windows xp). They tried opening the browser or the start menu, nothing worked...1
Top Tags
Weekly Rant
View