Hacker News new | past | comments | ask | show | jobs | submit login
World's worst hacker (hedfors.com)
121 points by ukdm on Feb 2, 2011 | hide | past | favorite | 42 comments



Did anyone else start experiencing physical pain when the hacker accessed the right file in the wrong place for the hundredth time without typing "ls" ONCE?

I had no idea the reflex was so strong, but I almost starting twitching. I caught myself reaching for the keyboard to hammer out "ls -l". What a tragedy.

(I leave it as an exercise to the reader to determine whether the tragedy is the hacker's incompetence or my reflexive neckbeard response to it.)


What got me was

     # rm -rf a.tar
But to be fair, maybe it's not that hair-raising if your only experience is with other people's command prompts.


I felt myself being urged to type on a non-existent keyboard as well. If it was a person near me at the keyboard, I would have felt compelled to tell them to move out of the chair and let me do the work.


Alias "ls -l" to "ll" in your .bash file, it helps :)


I do; I expanded it to "ls -l" for the benefit of other hackers who might not be familiar with the convention. :-)


This reminds me (uh-oh, another neckbeard old-timer story) of the very early days of the ARPAnet when there about 20 nodes or so...

Back then there were free guest accounts on all the systems (mostly TOPS-10 and TENEX systems along with some wierd one-off machines like the UCSB symbolic math system on a 360/65), and we (at HARV-10) had a hacker who'd come in and mess things up.

So the sysadmin (Geoff Steckel) started a logging process that dumped all suspicious incoming telnet connections input to a local TTY (yes, a physical teletypewriter).

We used to gather around the TTY when it started chattering, to watch the hacker at work. Geoff pretty quickly figured out what he was doing and patched our TOPS-10 monitor source.


For those who are interested in the honeypot part of it, have a look at https://code.google.com/p/kippo.

If you're interested in the same and want to display stats about the connection attempts, passwords tried etc. I have developed a "kippo stats" webapp in Perl/Mojolicious, at https://github.com/mfontani/kippo-stats


The site is slow to load for me, but here is the video: http://www.youtube.com/watch?v=oJagxe-Gvpw

Also, this is pretty funny, and seems like it could be the same guy: http://kippo.rpg.fi/playlog/?l=20100316-233121-1847.log



-hacker +script kid. The most emotional part what when Perl was downloaded from the Microsoft site. An excellent display of how dangerous automated exploits can be in the wrong hands. Enabling emotions to run wild without assuming any risks at all. Yay, I got into a box with my script. Yay, I'm going to run a script to packet flood someone. Yay, that was meaningless.

I also enjoy how the tar had a file called "scam." Shows the generation gap in what used to be in a swiss army tar. Bot nets and things of that nature aren't fully utilized to terrorize the infected and targets! They can be used to click ads, send emails, give website hits; oh endless possibilities for MONEY.


He was definitely a script-kiddie though, but 'worst hacker' is kind of over-statement.


Indeed. It sound more like the famous IRC log where a kiddie 'hacks' 127.0.0.1 and ends up with a disco.


Thanks for reminding me of this. I had a good laugh.

http://themostboringblogintheworld.wordpress.com/2006/09/13/...



Bah! Ramzi is my main 1337 h4xX0r man! http://www.youtube.com/watch?v=fDFXaqDf8kk


Can someone translate what's happening for those that can't read this code? :) Thanks


A script kiddie [1] hacks into a computer and goes out of its way to demonstrate its ignorance by doing stupid things like downloading a file, but being unable to locate it or downloading Windows Service Pack on what seems to be a *nix system.

Luckily, the hacked computer wasn't a real computer but a honey pot [2] and everything the script kiddie does is recorded for our amusement.

It's a bit like watching a bank robber sporting a big gun without knowing which way to point it.

[1] http://en.wikipedia.org/wiki/Script_kiddie [2] http://en.wikipedia.org/wiki/Honeypot_%28computing%29


Downloading the Windows Service Pack wasn't pointless, it was to speedtest the machine to see if it was worth continuing the attack.


That makes sense, as there was no attempt to run it.

I guess one should be really careful before calling someones actions stupid. Lesson learned.


A script kiddie got SSH access to this honeypot (system setup to catch this type of activity and log it). He then attempted to download and run various rootkits/hacks/flooders/whatever. He repeatedly tried to change to a non-existant directory, run perl (which wasn't installed), and downloaded a Windows update (pointless on a non-Windows system).

To summarize, a wannabe hacker got access to a system and didn't know what to do.


That was pathetic. He seemed incapable of even remembering the syntax for 'cd'...kids!

I found it curious that he was copy/pasting those wget links so quickly though. THAT part nearly seemed automated. Strange behaviour.


I'd assume the recording process cut out all instances where nothing changed on the screen. All the thinking pauses seem cut out.


There's a replay via telnet that is easier to follow:

telnet 94.255.168.108


Isn't that obvious this is some sort of macro being executed? That makes totally sense for me and explains a lot of things, like:

1) not doing ls commands

2) having rescue plans like trying different directories in case a directory doesn't exist

3) doing instant URL pastes

4) doing stuff in loop

5) acting similarly to a robot

6) [feel free to add more here]


It is not a script, because he mistypes things and hits backspace. Not to mention all the commands that are downright invalid, eg. cd ". "

A script sophisticated enough to replicate the behaviour of a real user at a shell like this would likely actually achieve something.

Anyone clever enough to write a script that does this, wouldn't, because they'd also be clever enough to realise that it's utterly pointless.

The win2k service pack was likely filling the role of "a big file from a fast CDN," for the purposes of testing the machine's connection.


'cd ". "' is valid; it means "set the current directory to the one named [dot][space]".

I assumed it was something he'd seen as a way to sortof-conceal a directory, since it's both hidden and looks a lot like the [dot] directory that you'd expect to find everywhere.


Actually, you guys are both right. Speaking from experience (administrator at a popular webhosting company), he likely a lot of his rootkits macroed, so he can just login to the box, alt+1 (or whatever he has his macro set to) and then pop out. When the macros fail, he demonstrates his lack of actual knowledge of *nix systems and starts acting erratically.


If it was a macro it would get something right. A macro would fail in response to a road block of some sort. This guy just failed at everything.


the guy could be in a hurry. or stoned


Still, this leaves you wondering how someone with such little knowledge of even the most basic Linux commands could ssh in there in the first place. Any idea ?


It was probably via a script just like everything else.


Or a disguised-kiddie which gets very cleverly in but then does very stupid things in order to get caught and get a couple of things:

1. Get others involved by leaving fake tracks. 2. Distract attention. 3. Make you think your honey pot is doing right while some other heavy duty scripts are running on the 'right' direction.


Seems fairly unlikely. I'm gonna go with Occam's Razor on this one.


There are tons of brute force ssh bots. All they do is try every password in their password list. If you want to see one, search for brute force ssh bot on YouTube and watch script kiddies teach other script kiddies how to use them.


Apparently, the 'hacker's web hosting account : http://ely.uv.ro/ was suspended.

Edit: Another would-be hacker: http://www.youtube.com/watch?v=fPypZSZiF3g


He's got nothing on the World's #1 Hacker, Gregory D. Evans. His e-book is awesome. http://www.theregister.co.uk/2010/06/22/worlds_no_1_hacker/


Serious bonus points for the musical score. Anyone know what it is?


It was played at the end of Portal (http://en.wikipedia.org/wiki/Portal_(video_game)). It's also available as a song in Rockband.


I like the "history -c" before logging out, while leaving downloaded files and extracted archives all over the place.

Oh yeah, he's really covered his tracks now...


Wow. That system is locked down tight! You can't even cd into C:\


this guy is tryin' hard !


Oh Russians...

I could just here the steam start to build.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: