I have seen many articles on how to deface this website or that one... but never seen much on whats happens after web-sites are defaced. I am no admin but got to know a few things from here and there. Just thought of putting all those things together...
Let me put it down in the form of a small story.
Once upon a time a company by name Lazyadmin.ltd had hosted its website "Stupidsecurity.com" for their clients. It had a large number of visitors and also the company had a great reputaion. Now one fine day, one hacker/craker broke into their site and defaced the site. Their admin turned out to be my friend. He met me after two days of that incident and narrated me what all he had to face last two days and is still facing. He was really stressed out. The site was defaced by a hacker by nickname boss_dk.
I did a bit of research and inquired here and there and found out that he was Mr.Dino KUmar(so the nick boss_dk). He turned out to be my old school friend. I luckily had his cell number and quickly called him up.I asked him if he can meet me. He agreed. Accordingly we met and had the
following conversations.
QUOTE
####################Start######################
w0lf(myself): Hi buddy
boss_dk:Hi man wolfie..howz life..mine fine n roking n urs? speak speak speak...
w0lf:huh? allow me to speak...
boss_dk:okok
w0lf:I am fine. Leave aside all those things. I actually called you up for some serious discussions.
boss_dk:Yaa tell me man. go ahead , dont be shy...
w0lf:huh? Ok listen. Do you know hacking?
boss_dk:yaa. Its cool
w0lf:I know.Are you by nick boss_dk?
boss_dk:Yaa. cool nick na
w0lf:hmm. Heard about you. You defaced Stupidsecurity.com
boss_dk:yaa. I wanna be no.1
w0lf:ok fine. Do you know their admin was my friend...good friend.
boss_dk:ooh!!! Soory man. But i just defaced his index page.I didnt steal or alter anything. tell him to chillx
w0lf:Do you think he can do that? Are you sure?
boss_dk:Means?
w0lf:I will let you know.One customer notified the company about the defacement.My friend, server admin(can be a web master also) was notified about it.
boss_dk:ok
w0lf:His heart jumped out of his ribs. He quickly informed his manager.He feared his job the most as he was the person who will questionable. He was responsible for webserver security.He knew this was because of his weak password or unpatched/not upgraded box.
boss_dk:ok
w0lf:On hearing this, manager's heart jumped out of his ribs for he feared his job. He had to answer to top management.Oh hell!!!what to do? whats next??? He is puzzled as to whom should he contact first??? He knew his relations were quite nice with VP. He calls him and updates him the same.
boss_dk:hmmmm. next?
w0lf:On hearing it, VP's heart jumps out of his ribs.He creates a havoc and calls for Hr,and the Director of Engineering or some highly profeesional technical staff.They plan a meeting immediately and decide whether the site should be up or should be made offline. Simultaneously Vp or some other fellow called CEO and informed him.
boss_dk:oohh
w0lf:Next they decide whether they should contact Cypercops immediately? The answer was Yes.They wanted to punish the intruder. They dont want to let him roam free...
boss_dk:O man... Are they planning to hang me?
w0lf:Let me finsh boss_dk.
boss_dk:okok
w0lf:All this time my friend was however digging all his systems, log files and whatever he can to find how the intruder succeeded or what damage he has done to the system.
boss_dk:hey i told you right? I just replaced that index.html
w0lf:Admin found the same thing and reported it to the manager. But manager was not ready to take risk.He wanted admin to check every single system in the network and block any possible ways to intrude again.Admin had been give n just 1 hour.
boss_dk:Only 1 hr??? Oh God...
w0lf:Yaa. He had tremondous pressure to pull out. I would have fainted if i had to face same circumtances.
boss_dk:Same here
w0lf:He does a comprehensive audit. He tries to do it neatly and properly in an hour.He has to do it PERFECTLy. lawyers and Cybercops get there and gather aroung admin, Discuss with him what are the clues, where are the logs.. You were smart enough to delete much of the trace...
boss_dk:Yeah baby.. i rock
w0lf:I know.Even admin had to bang his head against the rock.
boss_dk:oops
w0lf:After 2 days of total pressure, the site is restored back with all latest patches.They had to spend around 1000 $ to fortify their site more. At the end of the day they now assure each other that chances of being intruded again are very less...(their belief...Even they are not sure, but just to satisfy themselves)
boss_dk:ooh christ!!! I have not though of all this stuffs before. Man i am sorry.
w0lf:Haha this is the simplest procedure, if they would have found trojan/backdoor then you can imagine the condition of the admin.
boss_dk:Poor fellow. Now i really pity him.
w0lf:So i request you not to deface any website for funsake.
boss_dk:But i want to be number one. What should...
w0lf:Ok listen .There are other ways round. You can inform the admin/webmaster about the bug. He will thank you for that. After he has patched that you just post it some-where to boast about yourself. If you yourself have found a bug/vulnerability, you can report it to respective vendors and only after it has been patched disclose it in some famous mailing list etc. The fame which you will earn that way will also earn respect for you.
boss_dk:Thanks w0lfie you really opened my eyes. You rock buddy!!!
w0lf:I know
####################Stop######################
w0lf(myself): Hi buddy
boss_dk:Hi man wolfie..howz life..mine fine n roking n urs? speak speak speak...
w0lf:huh? allow me to speak...
boss_dk:okok
w0lf:I am fine. Leave aside all those things. I actually called you up for some serious discussions.
boss_dk:Yaa tell me man. go ahead , dont be shy...
w0lf:huh? Ok listen. Do you know hacking?
boss_dk:yaa. Its cool
w0lf:I know.Are you by nick boss_dk?
boss_dk:Yaa. cool nick na
w0lf:hmm. Heard about you. You defaced Stupidsecurity.com
boss_dk:yaa. I wanna be no.1
w0lf:ok fine. Do you know their admin was my friend...good friend.
boss_dk:ooh!!! Soory man. But i just defaced his index page.I didnt steal or alter anything. tell him to chillx
w0lf:Do you think he can do that? Are you sure?
boss_dk:Means?
w0lf:I will let you know.One customer notified the company about the defacement.My friend, server admin(can be a web master also) was notified about it.
boss_dk:ok
w0lf:His heart jumped out of his ribs. He quickly informed his manager.He feared his job the most as he was the person who will questionable. He was responsible for webserver security.He knew this was because of his weak password or unpatched/not upgraded box.
boss_dk:ok
w0lf:On hearing this, manager's heart jumped out of his ribs for he feared his job. He had to answer to top management.Oh hell!!!what to do? whats next??? He is puzzled as to whom should he contact first??? He knew his relations were quite nice with VP. He calls him and updates him the same.
boss_dk:hmmmm. next?
w0lf:On hearing it, VP's heart jumps out of his ribs.He creates a havoc and calls for Hr,and the Director of Engineering or some highly profeesional technical staff.They plan a meeting immediately and decide whether the site should be up or should be made offline. Simultaneously Vp or some other fellow called CEO and informed him.
boss_dk:oohh
w0lf:Next they decide whether they should contact Cypercops immediately? The answer was Yes.They wanted to punish the intruder. They dont want to let him roam free...
boss_dk:O man... Are they planning to hang me?
w0lf:Let me finsh boss_dk.
boss_dk:okok
w0lf:All this time my friend was however digging all his systems, log files and whatever he can to find how the intruder succeeded or what damage he has done to the system.
boss_dk:hey i told you right? I just replaced that index.html
w0lf:Admin found the same thing and reported it to the manager. But manager was not ready to take risk.He wanted admin to check every single system in the network and block any possible ways to intrude again.Admin had been give n just 1 hour.
boss_dk:Only 1 hr??? Oh God...
w0lf:Yaa. He had tremondous pressure to pull out. I would have fainted if i had to face same circumtances.
boss_dk:Same here
w0lf:He does a comprehensive audit. He tries to do it neatly and properly in an hour.He has to do it PERFECTLy. lawyers and Cybercops get there and gather aroung admin, Discuss with him what are the clues, where are the logs.. You were smart enough to delete much of the trace...
boss_dk:Yeah baby.. i rock
w0lf:I know.Even admin had to bang his head against the rock.
boss_dk:oops
w0lf:After 2 days of total pressure, the site is restored back with all latest patches.They had to spend around 1000 $ to fortify their site more. At the end of the day they now assure each other that chances of being intruded again are very less...(their belief...Even they are not sure, but just to satisfy themselves)
boss_dk:ooh christ!!! I have not though of all this stuffs before. Man i am sorry.
w0lf:Haha this is the simplest procedure, if they would have found trojan/backdoor then you can imagine the condition of the admin.
boss_dk:Poor fellow. Now i really pity him.
w0lf:So i request you not to deface any website for funsake.
boss_dk:But i want to be number one. What should...
w0lf:Ok listen .There are other ways round. You can inform the admin/webmaster about the bug. He will thank you for that. After he has patched that you just post it some-where to boast about yourself. If you yourself have found a bug/vulnerability, you can report it to respective vendors and only after it has been patched disclose it in some famous mailing list etc. The fame which you will earn that way will also earn respect for you.
boss_dk:Thanks w0lfie you really opened my eyes. You rock buddy!!!
w0lf:I know
####################Stop######################
x---------------------A piece of advice-----------------x
Ok guys... i hope i have explained it clearly. What i wanted is to make a few script kiddies out there (who have earned a bad name for HACKER community) realise that probabaly company is spending millons of dollars and significant time to face the consequences of this simple attack.
You are doing no great job nor any gal will offer to have sex with you for that. But just for fun... an admin and the whole of comapny had to ...... Just think about it.My friend boss_dk has now improved and i expect the same from other kiddies.
I know i have written it in a bit childish way...thats because this article is meant for childish people doing such childish act!!!
x---------------------------------------------------------x
Hacker Will Be Punished Sevierly If Caught And Will Be Jailled For More Then 7 Years Becarefull
