Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Jun 2006

    about hack record owner of zone-h.org

    i am talking about the man whose nickname is iskorpitx

    he is a turkish man. me too.

    in last few days he was seen in a tv channel. his face was censored.

    he said, he started to hacking(!) in 2002. he is 45 yrs. old. and he is an accountant.

    i think, he is not a real hacker. his only job is defacing web pages. you can understand it, if you look at zone-h statistics.

    he was using ms windows (in opposition to many hackers). in tv show he opened a command prompt window then he did a dictionary attack to a user&password list with jack the ripper. and he said, "you see, i cracked them all in 7 minutes and 16 seconds."

    is this hacking?

    i think he is only a script kiddie. even, a script kiddie has more knowledge of computers.

    so, i understood, having a high place in hacking statistics's no meaning.

    so, there is no reason to have inferiority complex when you see these hackers(!)

    knowledge is everything.
    let me breath!

  2. #2
    Senior Member
    Join Date
    Mar 2004

    The purpose here is not to defend that guy, but there is simply not enough
    information to say he is "only a script kiddie". Several reasons:

    1. There is usually a discrepancy of what a "real hacker" actually does, and
    what people want to see in a television show. The producers of the show may
    have a clear idea (by watching movies) of what they want to present, or they
    may have asked iskorpitx - what can you do within 10 minutes without having the
    audience getting asleep?

    2. Believing the "news" he was able to deface 21549 sites within one day. I continue your
    assumption that he just used "jack the ripper". With 5 minutes per successful bruteforce crack,
    you will be able to crack 288 sites within 24h. Of course, one might be faster on certain sites,
    but then, there may be sites with a good user/password-set - which lowers the success rate.
    There might be "out-of-the-shell"-tools to do this, and iskorpitx might have done so - but he
    also might have done something better (and this, in parallel): if this defacing has been done
    in 24h by brute-forcing, you are left with 4 seconds per site (on one CPU).

    3. It is not clear at which level the intrusion was performed (root or webserver) as the fact
    that all the 21,549 websites got defaced on a secondary page (site.com/ssfm/isko.htm) it is
    not indicative given the particular Iskorpitx's modus operandi that sees all of his hacks
    performed creating a subpage, regardless the authorization level achieved on the attacked

    Just for the giggles of it

    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #3
    Junior Member
    Join Date
    Jun 2006
    [root@halloween home]$ ./pwn google.com

    I hope it works!

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Hmmm, seems the guy has found a way to make a fast buck?

    As for the number of sites, I wonder if it was some sort of bot army, probing for vulnerable boxes and using an automated script to do the defacing. Also we do not know how long he took to gather his "intelligence"; just the time to carry out the attacks. He might even have had an army of skiddies to help him?

    asb The term "hacker" is rather hard to define these days, to the extent that it is virtually redundant. When I started out, it meant a very skillful and innovative person. I am talking 1970 here

    I think that it is only the growth of the internet that has brough about the negative sense of the word, but I would agree that a "hacker" still knows what they are doing, and a skiddie simply uses tools. However, may of us use tools every day that we would have no idea how to design or program?

    I will pass on some advice from my colleague HTRegz ............... make your Windows password more than 14 characters, then it won't store it in legacy maintenance (vulnerable) mode as well. That is up to 14 characters in two blocks of 7

    Also, pack your password out so it won't fit into a cracking tool.

    For example: 9876543210"Rumeli Hisari"ABCDEFGH$ it will take a VERY long time to crack that, and a dictionary attack it would be totally impossible. The bit between the " is the password that you periodically change.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts