June 21st, 2006, 04:30 PM
about hack record owner of zone-h.org
i am talking about the man whose nickname is iskorpitx
he is a turkish man. me too.
in last few days he was seen in a tv channel. his face was censored.
he said, he started to hacking(!) in 2002. he is 45 yrs. old. and he is an accountant.
i think, he is not a real hacker. his only job is defacing web pages. you can understand it, if you look at zone-h statistics.
he was using ms windows (in opposition to many hackers). in tv show he opened a command prompt window then he did a dictionary attack to a user&password list with jack the ripper. and he said, "you see, i cracked them all in 7 minutes and 16 seconds."
is this hacking?
i think he is only a script kiddie. even, a script kiddie has more knowledge of computers.
so, i understood, having a high place in hacking statistics's no meaning.
so, there is no reason to have inferiority complex when you see these hackers(!)
knowledge is everything.
June 21st, 2006, 06:58 PM
The purpose here is not to defend that guy, but there is simply not enough
information to say he is "only a script kiddie". Several reasons:
1. There is usually a discrepancy of what a "real hacker" actually does, and
what people want to see in a television show. The producers of the show may
have a clear idea (by watching movies) of what they want to present, or they
may have asked iskorpitx - what can you do within 10 minutes without having the
audience getting asleep?
2. Believing the "news" he was able to deface 21549 sites within one day. I continue your
assumption that he just used "jack the ripper". With 5 minutes per successful bruteforce crack,
you will be able to crack 288 sites within 24h. Of course, one might be faster on certain sites,
but then, there may be sites with a good user/password-set - which lowers the success rate.
There might be "out-of-the-shell"-tools to do this, and iskorpitx might have done so - but he
also might have done something better (and this, in parallel): if this defacing has been done
in 24h by brute-forcing, you are left with 4 seconds per site (on one CPU).
3. It is not clear at which level the intrusion was performed (root or webserver) as the fact
that all the 21,549 websites got defaced on a secondary page (site.com/ssfm/isko.htm) it is
not indicative given the particular Iskorpitx's modus operandi that sees all of his hacks
performed creating a subpage, regardless the authorization level achieved on the attacked
Just for the giggles of it
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
June 27th, 2006, 06:17 PM
[root@halloween home]$ ./pwn google.com
I hope it works!
June 27th, 2006, 07:02 PM
Hmmm, seems the guy has found a way to make a fast buck?
As for the number of sites, I wonder if it was some sort of bot army, probing for vulnerable boxes and using an automated script to do the defacing. Also we do not know how long he took to gather his "intelligence"; just the time to carry out the attacks. He might even have had an army of skiddies to help him?
asb The term "hacker" is rather hard to define these days, to the extent that it is virtually redundant. When I started out, it meant a very skillful and innovative person. I am talking 1970 here
I think that it is only the growth of the internet that has brough about the negative sense of the word, but I would agree that a "hacker" still knows what they are doing, and a skiddie simply uses tools. However, may of us use tools every day that we would have no idea how to design or program?
I will pass on some advice from my colleague HTRegz ............... make your Windows password more than 14 characters, then it won't store it in legacy maintenance (vulnerable) mode as well. That is up to 14 characters in two blocks of 7
Also, pack your password out so it won't fit into a cracking tool.
For example: £9876543210"Rumeli Hisari"ABCDEFGH$ it will take a VERY long time to crack that, and a dictionary attack it would be totally impossible. The bit between the " is the password that you periodically change.