About Raj

Hacking at VSNL

Introduction: Guidelines which will safeguard your system
Cracker/Hacker controls a user's system by sending a file through ICQ
Social Hacking
Hacking the computer system by the use of cookies
Chat with a VSNL Cracker

VSNL Alert!: Hacking at VSNL
Chat with a VSNL Cracker

by Raj Mehta, Bruce Gingery and Peter Doshi --------------------------------------
ICQ Chat Save file
Started on Tue Oct 27 13:55:32 1998
<VSNL Cracker> Hello Dr. Raj:
<roaming raj> hello can you wait a few mins. I am on chat with someone from Bangalore.
<VSNL Cracker> ok.
<roaming raj> ok VSNL Cracker I am here now.
<roaming raj> Am worring about hacking problems that are showing up in India. so I have finish the article on that.
<VSNL Cracker> I know about it, I have done it!!
<roaming raj> what hacking what kind? have you used Back Orfice?
<VSNL Cracker> yup. See there is Back Orifice with butt sniffer. I dnont mean any harm just tried out with friends. IP hiding is imp. for it and you have other stuff like some pluggins which prevent you from getting nuked.
<roaming raj> yes.
<roaming raj> ok can you write about how to pervent it; do stuff on the other side.
<roaming raj> can you write an article about in short as to how to pervent from it.
<VSNL Cracker> I doubt it, firstly time (don't have time) secondly I know about it but I am no pro at it.
<roaming raj> can you write down the points and suggestions as to how to pervent it and links ot the site where these plugins are there. It doesnot matter if you are pro at this point any suggestion is welcome.
<roaming raj> it is something one will have to learn.
<VSNL Cracker> But don't you think you will scare users away from using this wonderful util ICQ just look the way we chat irc can't match it.
<roaming raj> well that is something to evealuate but don't worry about that part.
<roaming raj> well that is second stage
<roaming raj> just now, whatever you know make points and suggestions
<roaming raj> that is all
<roaming raj> see here, we want to help the users to be aware and not get into trouble.
<VSNL Cracker> But I might need to read stuff for it, so give me some time.
<VSNL Cracker> Are you aware of the hacking that goes on i VSNL servers?
<roaming raj> not very much other than the Hackers and divine hackers who posted the stie and had pasword
<roaming raj> but lot of them were really old and silly.
<roaming raj> but I don't know about hte hacking which goes on at vsnl not lately.
<VSNL Cracker> I hope this is not in record. But I have hacked into Delhi,Mumbai,Banglore and I know how to pump out passwords. Now they have become smart and use shadowing and all that stuff. But there are hundreds of ways to break in and get passwords. Though I donot do that. Just fun sake. I have my own TCP/IP acct.
<roaming raj> I would like to make users safe from hacking as much as possible.
<VSNL Cracker> I can help you in that! But still they keep multiple copies of password files and some shadowed some not, also root is easily accesible.
<roaming raj> great.
<VSNL Cracker> I think choosing a weird combination of letters as password makes hacking practically impossible. But it is at the server level that improvemnets in security measures that should take place.
<roaming raj> that is primary requirement.
<roaming raj> any suggestions about that from what you have been able to do?
<roaming raj> yes.
<VSNL Cracker> I said firstly user should choose a password which is not a word in any dictionaries etc.
<VSNL Cracker> then users should not use certain winsock sockets which donot use RSA file encrpt. to store passwords. Like I can go into your system using back orifice and pick the passwrod file and crack it. I have seen it in the 16bit version of Trumpet winsock
<VSNL Cracker> Also not use web utils to check and change passwd.
<roaming raj> but now no one uses trumpet or practically no one.
<roaming raj> mostly win95/98
<VSNL Cracker> I know that, just made a mention. Even DUN is vulnerable. Look up your windows directoy you have these pwl file. its childs play to crack them , But they often contain useless info like your system password. You can't do much with it!!
<VSNL Cracker> .pwl
<roaming raj> pwl file? which direcotry is it in.
<VSNL Cracker> /windows
<roaming raj> ok. I GET IT.
<roaming raj> ok what I wish is if you can give me an outline about how to prevent BO
<roaming raj> and whatever you know not necessarily in depth
<VSNL Cracker> Only Norton Anti-virus catches BO, I can bind that
<roaming raj> which version of Norton Anti virus?
<VSNL Cracker> I guess 2 If i am right.
<VSNL Cracker> the latest one.
<roaming raj> does it work on win98 or it is window95 specific.
<VSNL Cracker> I donno know all this as I donot use any Anti virus, its there on my dad's laptop. I will let you know.
<roaming raj> ok.
<roaming raj> when you say you can bind it you mean you can get around it?
<VSNL Cracker> No I can pick up a small exe file there is this small util which binds BO with any exe so when a user receives the exe he thiks it is some stupid exe but actually it is BO in disguise. Once run it establishes itself.
<VSNL Cracker> But I think the icq guys will come up with some cure for it!!
<roaming raj> I hope so.
<roaming raj> but can you write up what you have said to me so that it will be helpfull espcially with recomandations as to how to prevent the BO via icq and via email?
<VSNL Cracker> This will get time consuming but will try.
<roaming raj> no detailed explantions but just suggestions
<roaming raj> 1,2 .......
<roaming raj> you know what i mean?
<VSNL Cracker> yes.
<roaming raj> ok.
<VSNL Cracker> Sir gotta go I have school tommorow.
<roaming raj> fine.
<roaming raj> ok bye be in touch.
<VSNL Cracker> bye

Copyright © 1996, 1997, 1998 Dr. Raj Mehta. All rights reserved.