1337 H4x0r

burnzie

burnzie

Newbie
Joined
Jul 8, 2003
Messages
3,487
Reaction score
0
Ok sorry for the gay title

i am wondering on the legal complications of what im about to tell you.

We were at school today, one of our assignments is a web page we have to update to the net through ftp. we spoted one of the guys opening his files from ftp, without a password.

we copied down the web address and tried it, sure enough we were able to get in. Ha, ok we can use his account in which he paid for for free. he thought it was pretty bad so we emailed the isp that runs his account as to why there is no passwords or security.

we got a reply basicly saying its our own problem and if we get hacked, change the user name. Assholes

so we desided to nose around, we changed the user name to 'Users'... seconds later we were presented with EVERYONES accounts.

Ok so we can view, change, delete, upload anyones files on the server. and sure enough, upload our own folders with whatever we want for free.

Hmmm... if there is no security on this, what about there website

sure enough, the site name as a user name brings up ALL there files on the server, along with their website...

this could be fun. we can now change there website to whatever we want, but we also found user account databases, that with the right program, we could get into...

how could you run an ISP with NO SECURITY

there is nothing, its not even hacking, its just viewing what they openly put up on the net.

could we get into trouble for using there server for uploading files when they provide no security, nothnig saying we cant use it?

im not gonna post a link because 1 i could get banned (im not sure of the stance HL2.net takes with this) and 2 i dont want it over run before we are finished playing :p


maybe when we're done.
 
Well, are you sure you have permission to edit files? It's one thing to be able to view the said files, but you might have to auth with a password before beign able to change anything on their server

Either way, that sounds really.. sad. It's illegal, still. Just as is taking a car with the door open and engine running
 
i dont have permition, but someone deleated some guys website and i uploaded a some files.

we could wipe out the main website if we wanted to

so we can,

but when you put it in the car term, i can see your point bout it being illegal
 
You deleted someone's entire site? You utter twat.
 
Varsity said:
You deleted someone's entire site? You utter twat.
Click to expand...

i didnt do it but its the fact that we shouldnt be able to. were just gonna showem a thing or two about internet security.

but free ftp isnt so bad
 
just keep mailing them telling them how bad the security is...
 
maybe put up a big banner on the website telling them how bad it is...
 
But doing that is also illegal as even though they have lax security its still classed as hacking.
 
Shuzer said:
It's illegal, still. Just as is taking a car with the door open and engine running
Click to expand...

Oooh, spot on their son. I would suggest you contact those responsible and let them know in a polite and appreciative manner that they have some severe security holes. highlight those weaknesses and then ask if there is any chance of some free web space in return. I'd certainly appreciate someone highlighting security risks and would happily reward them with a little web space if they went about it amicably.
 
weerat said:
Oooh, spot on their son. I would suggest you contact those responsible and let them know in a polite and appreciative manner that they have some severe security holes. highlight those weaknesses and then ask if there is any chance of some free web space in return. I'd certainly appreciate someone highlighting security risks and would happily reward them with a little web space if they went about it amicably.
Click to expand...

they didnt seem to care about there security holes, the only thing we didnt tell them was that we had accsess to their website, and they were quite rude about it.
 
[Matt] said:
But doing that is also illegal as even though they have lax security its still classed as hacking.
Click to expand...

there was no hacking involved,

its like if i post this

ftp.*******.net\users (everyones account)
or
ftp.*******.net\******(ISP name) give you accsess to the entire server

but your right, im not gonna do anything myself, but the guys at tafe wouldnt think twice about it.

if somthing funny happens ill post
 
Eh, not sure what the laws are over in Oz, but I think here having security that lax allowing anyone to view anyone elses user details would be illegal under the data protection act.

So, email the government :p
 
Eejit said:
Eh, not sure what the laws are over in Oz, but I think here having security that lax allowing anyone to view anyone elses user details would be illegal under the data protection act.

So, email the government :p
Click to expand...

good thought...hmmm

:cheers:
 
Just put some mildly offensive material on there and spread a link around on goverment and education sites....

That ought to get a reaction.....
 
crabcakes66 said:
Just put some mildly offensive material on there and spread a link around on goverment and education sites....

That ought to get a reaction.....
Click to expand...

risky... but i like it


lol :D
 
burnzie said:
they didnt seem to care about there security holes, the only thing we didnt tell them was that we had accsess to their website, and they were quite rude about it.
Click to expand...

Well sod it then, if they were rude I'd just have a little fun, nothing too destructive. In fact, that gets me thinking. Why not see how many times you can hack/alter there website without making it obvious. Just slip a rude word in here or there to look like a typo. Photoshop a tiny picture of Gordon Freeman in the background of an image. Just see how many minor, innofensive things you can do and keep a record of them. It's be interesting to see how long you can keep doing it without them realising.
 
Nice idea weerat... he could gradually transform it into a Half-life 2 fansite, slowly adding links, screenshots and backgrounds... :eek:

At some stage send them an email saying "All your ISP are belong to us"
 
Such a poorly structured company would probably have no legal documentation stating that intefering with other peoples files is strictly prohibited and punishable - although in a court of law it could be ruled that you knew what you were doing was malicious (viewing other peoples files which they thought to be private) - and you'd get sent down under the computer misuse act (pretty much a global law held by most countries).
 
Now I think about it, it could be them trying to catch out wannabe hackers like yourself (no offence, I know you aren't doing it to cause damage).

What, it could be! :p
 
What part of stumbling onto a server with no access restrictions at all involves hacking? If this were the case it's a stupid way to go about it, they'd catch a few thousand innocent people and ban them from computers for life.
 
OMG! Hax them! Or you could just not tell them and use it as a free ftp site :)
 
Eejit said:
Nice idea weerat... he could gradually transform it into a Half-life 2 fansite, slowly adding links, screenshots and backgrounds... :eek:

At some stage send them an email saying "All your ISP are belong to us"
Click to expand...


lol, thats the best yet
 
Varsity said:
Now I think about it, it could be them trying to catch out wannabe hackers like yourself (no offence, I know you aren't doing it to cause damage).

What, it could be! :p
Click to expand...

i wouldnt know the first thing about hacking, and we weren't trying either
 
I like the slow transformation. Be sure that you dont do anything from a home IP or anything though. walk into random place and do that. Or mask ya ip somehow. That would be hacking :p
 
FragBait0 said:
I like the slow transformation. Be sure that you dont do anything from a home IP or anything though. walk into random place and do that. Or mask ya ip somehow. That would be hacking :p
Click to expand...

public library sounds good, or the computers at school with no login
 
I like the slow transformation. Be sure that you dont do anything from a home IP or anything though. walk into random place and do that. Or mask ya ip somehow. That would be hacking :p
 
I wouldnt change anything at all. I am serious, they might not take kindly to it.



I would probably send them a couple of emails, letters or contact them by any other means.

If they didnt listen the most I would do would be to upload a document to everyones acounts pointing out that the security was so bad on their server that anyone can get in and place documents like that one and just as easily remove them.

That would get them overwhelmed with angry people asking why. And it would either force them to act or loose them alot of business. Either way it would teach them a leson.
 
I wouldn't contact them even to let them know about their vulnerabilities... just stay off the servers completely and hope they dont notice your intrusions in their logs...

even white-hats get sent down for poking their noses in, it's all in the computer misuse act.
 
I think the right thing to do would be to notify them with details of the security breach. But then, I suppose personally I'd have a little fun first!

You dont necessarily need to use a library computer etc, I reccomend an anonymizer or anonymous proxy, there's loads around... http://www.misterprivacy.com/begin_anonymous_surfing.htm is a good example of an online one for websites (wont work for FTP, TCP connections etc). Do a google search for "free anonymous proxies" or something similar for the real deal - masks your IP address totally! :)
 
marksmanHL2 :) said:
I wouldnt change anything at all. I am serious, they might not take kindly to it.



I would probably send them a couple of emails, letters or contact them by any other means.

If they didnt listen the most I would do would be to upload a document to everyones acounts pointing out that the security was so bad on their server that anyone can get in and place documents like that one and just as easily remove them.

That would get them overwhelmed with angry people asking why. And it would either force them to act or loose them alot of business. Either way it would teach them a leson.
Click to expand...


i think that's definately the best idea. they might not care themselves at first, but paying customers who leave/threaten to leave will certainly get them thinking. but i wouldn't change/delete anything from anyone's website. You could get into big trouble that way.
 
Post the website on a message board and let an army of geeks take care of the problem...
 
You must log in or register to reply here.

Similar threads

Krynn72
You guys, what the **** is up.
Replies
11
Views
2K
Tollbooth Willie
Tollbooth Willie
Lizardizzle
  • Poll
A proposition: ValveTime Half-Life 1 co-op event
Replies
5
Views
1K
Tollbooth Willie
Tollbooth Willie
B
Site security update (March 6, 2017)
Replies
1
Views
17K
*?snah!#
*?snah!#
MFL
Fascinating look at the ongoing psychological evolution of flat hieirarchies.
Replies
2
Views
2K
Tollbooth Willie
Tollbooth Willie
B
Marc Laidlaw releases Half-Life 2: Episode Three's plot
Replies
32
Views
39K
BabyHeadCrab
BabyHeadCrab
Back
Top