Hacking at VSNL
Hacking at VSNL
Chat with a VSNL Cracker
by Raj Mehta, Bruce Gingery and Peter Doshi
ICQ Chat Save file
Started on Tue Oct 27 13:55:32 1998
<VSNL Cracker> Hello Dr. Raj:
<roaming raj> hello can you wait a few mins. I am on chat with someone
<VSNL Cracker> ok.
<roaming raj> ok VSNL Cracker I am here now.
<roaming raj> Am worring about hacking problems that are showing up in
India. so I have finish the article on that.
<VSNL Cracker> I know about it, I have done it!!
<roaming raj> what hacking what kind? have you used Back Orfice?
<VSNL Cracker> yup. See there is Back Orifice with butt sniffer. I
dnont mean any harm just tried
out with friends. IP hiding is imp. for it and you have other stuff
like some pluggins which prevent you from getting nuked.
<roaming raj> yes.
<roaming raj> ok can you write about how to pervent it; do stuff on
the other side.
<roaming raj> can you write an article about in short as to how to
pervent from it.
<VSNL Cracker> I doubt it, firstly time (don't have time) secondly I
know about it but I am no pro at it.
<roaming raj> can you write down the points and suggestions as to how
to pervent it and links ot the site where these plugins are there. It
doesnot matter if you are pro at this point any suggestion is welcome.
<roaming raj> it is something one will have to learn.
<VSNL Cracker> But don't you think you will scare users away from using
this wonderful util ICQ just look the way we chat irc can't match it.
<roaming raj> well that is something to evealuate but don't worry
about that part.
<roaming raj> well that is second stage
<roaming raj> just now, whatever you know make points and suggestions
<roaming raj> that is all
<roaming raj> see here, we want to help the users to be aware and not
get into trouble.
<VSNL Cracker> But I might need to read stuff for it, so give me some
<VSNL Cracker> Are you aware of the hacking that goes on i VSNL
<roaming raj> not very much other than the Hackers and divine hackers
who posted the stie and had pasword
<roaming raj> but lot of them were really old and silly.
<roaming raj> but I don't know about hte hacking which goes on at vsnl
<VSNL Cracker> I hope this is not in record. But I have hacked into
Delhi,Mumbai,Banglore and I know how to pump out passwords. Now they
have become smart and use shadowing and all that stuff. But there are
hundreds of ways to break in and get passwords. Though I donot do
that. Just fun sake. I have my own TCP/IP acct.
<roaming raj> I would like to make users safe from hacking as much as
<VSNL Cracker> I can help you in that! But still they keep multiple
copies of password files and some shadowed some not, also root is
<roaming raj> great.
<VSNL Cracker> I think choosing a weird combination of letters as
password makes hacking practically impossible. But it is at the server
level that improvemnets in security measures that should take place.
<roaming raj> that is primary requirement.
<roaming raj> any suggestions about that from what you have been able
<roaming raj> yes.
<VSNL Cracker> I said firstly user should choose a password which is
not a word in any dictionaries etc.
<VSNL Cracker> then users should not use certain winsock sockets which
donot use RSA file encrpt. to store passwords. Like I can go into your
system using back orifice and pick the passwrod file and crack it. I
have seen it in the 16bit version of Trumpet winsock
<VSNL Cracker> Also not use web utils to check and change passwd.
<roaming raj> but now no one uses trumpet or practically no one.
<roaming raj> mostly win95/98
<VSNL Cracker> I know that, just made a mention. Even DUN is
vulnerable. Look up your windows directoy you have these pwl file. its
childs play to crack them , But they often contain useless info like
your system password. You can't do much with it!!
<VSNL Cracker> .pwl
<roaming raj> pwl file? which direcotry is it in.
<VSNL Cracker> /windows
<roaming raj> ok. I GET IT.
<roaming raj> ok what I wish is if you can give me an outline about
how to prevent BO
<roaming raj> and whatever you know not necessarily in depth
<VSNL Cracker> Only Norton Anti-virus catches BO, I can bind that
<roaming raj> which version of Norton Anti virus?
<VSNL Cracker> I guess 2 If i am right.
<VSNL Cracker> the latest one.
<roaming raj> does it work on win98 or it is window95 specific.
<VSNL Cracker> I donno know all this as I donot use any Anti virus, its
there on my dad's laptop. I will let you know.
<roaming raj> ok.
<roaming raj> when you say you can bind it you mean you can get around
<VSNL Cracker> No I can pick up a small exe file there is this small
util which binds BO with any exe so when a user receives the exe he
thiks it is some stupid exe but actually it is BO in disguise. Once
run it establishes itself.
<VSNL Cracker> But I think the icq guys will come up with some cure for
<roaming raj> I hope so.
<roaming raj> but can you write up what you have said to me so that it
will be helpfull espcially with recomandations as to how to prevent
the BO via icq and via email?
<VSNL Cracker> This will get time consuming but will try.
<roaming raj> no detailed explantions but just suggestions
<roaming raj> 1,2 .......
<roaming raj> you know what i mean?
<VSNL Cracker> yes.
<roaming raj> ok.
<VSNL Cracker> Sir gotta go I have school tommorow.
<roaming raj> fine.
<roaming raj> ok bye be in touch.
<VSNL Cracker> bye