| Welcome to the 3lue Diamond Clan! If you're seeing this, it means you are viewing the 3DC boards as a guest. This allows you to see a couple of our forums, but you won't be able to post. Please take the time to look through these and, if you like what you see, register. Registration is quick, easy, and free. Once you register, you will be able to see and post in all of the forums, as well as partake in other member-only features such as tournaments. You do not need to register to use our chatroom or participate in our weekly meetups: everyone is welcome! Click here to register for the forums! If you're already a member please log in to your account below: |
- Pages:
- 1
- 2
| Temple of Kraden hacked | |
|---|---|
| Tweet Topic Started: Jul 14 2009, 11:19 AM (1,243 Views) | |
| RyuKenshin | Jul 17 2009, 03:09 AM Post #21 |
|
Holy Prophet of the Wheat Sword to the Almighty Kraden
![]() ![]() ![]() ![]()
|
Honestly, I don't know the details of how it happened, all I know is that Kentington wrenched control back, probably using the same technique used in the first place to take control. |
![]() |
|
| Dark Link | Jul 17 2009, 03:49 AM Post #22 |
![]()
Destroyer of...Stuff!
![]() ![]() ![]() ![]() ![]()
|
inb4 Round 2 Also considering the "hacker" was nothing more than a "script kiddie" I'm betting Teshi on being pretty much dead on right when IPO releases the details lol |
![]() |
|
| js2393 | Jul 17 2009, 03:59 PM Post #23 |
|
3DC member
![]() ![]() ![]() ![]()
|
I had read it and already saw you guys had a hacker to regain control for you. I was just saying that this somewhat sparked an interest in hacking in me in case I decide to make my own forum and someone hacks it. |
![]() |
|
| Alpha | Aug 1 2009, 05:34 AM Post #24 |
|
wat
![]() ![]() ![]() ![]()
|
The hacker must like action movies. I did enjoy Eagle Eye. |
![]() |
|
| RyuKenshin | Aug 2 2009, 08:08 PM Post #25 |
|
Holy Prophet of the Wheat Sword to the Almighty Kraden
![]() ![]() ![]() ![]()
|
This was posted by Kentington, the mastermind behind the recovery. A full accounting of recent events follows, as accurate as our limited information allows. On Monday, Kraden's account was compromised by the hacker Kharybdose, hired by persistent forum troll grim_reapist to grant him control over the board. It was claimed that Kharybdose had used a heretofore unknown Invisionfree exploit to gain control of the board, and all other available information about this hacker - mostly furnished by me, a fellow Cornellian - seemed to indicate that such an act was indeed within his power. Kharybdose, for some unfathomable reason, decided to forgo handing over the board and getting paid until he had run us through several "challenges," the first of which was treating his obnoxious client as a friend. It was decided that we would obey his challenges to buy ourselves some time while I, the least incompetent of our hackers, attempted to discover the exploit he had used and utilize it to reclaim our board and/or report the hole to Invisionfree. In the meantime, important topics would be archived. Much of the Temple population evacuated at this point. We very briefly used Dracobolt's ZetaBoard, the aptly-named DracoBoard, for organization purposes, but the Temple linked to it in several places, and it was soon compromised. We formed a second board, the so-called "Mystery Agency," but Kharybdose sniffed it out almost immediately and used one of many known ZetaBoards weaknesses to gain control. Both boards, along with the Temple, had "cookie stealer" scripts embedded in them - Kharybdose must have known from reading our board and/or talking to Gimmick that such an attack had been tried on us before. Predictably, most of us panicked, and after an idiot or two made up stories about things the cookie stealer couldn't actually do, a virtual abandonment of the ToK ensued. Curiously, grim_reapist himself had also vanished. I will finally let the truth be told; early in this saga, I broke into Reapist's computer and found, of all things, a poorly-typed journal with entries every three or four days. Included was a description of the money he had stolen from his uncle ($5000 in all), complete with account numbers. I anonymously passed this information on to his uncle, and soon after, grim_reapist disappeared. I suppose we can all guess what happened. tongue.gif (Actually, an email from Kharybdose confirmed he was arrested - more on that later) A temporary refuge was established at GameFAQs, on an obscure board referred to as AdB ("Adults do Bong"). Unfortunately, Kharybdose followed us there, too, but did not make a move against the GameFAQs boards, either because he could not or did not see a need to - the latter being fairly likely, since the poor quality of the GameFAQs forum system made it inadequate for establishing anything but a temporary surrogate for the Temple. Meanwhile, Grim and I expended far too much effort following the cookie stealer. A log file was discovered on the site, filled with garbage, and deleted soon after discovery. Scans later confirmed the presence of malware. The cookie stealer script was actually storing the stolen cookies in a MySQL database, and after I (finally) managed an injection attack, I discovered two facts: first, although it had indeed stolen the root admin cookie (which I could have used to regain control of the board, had I been able to crack the password), in place of the password hash was the plaintext string "Nice try." Second, after failing to crack the existing passhashes, I discovered that InvisionFree had started salting them. Neither Kharybdose nor I could obtain any passwords from the stolen cookies, and he almost certainly knew that from the outset. The cookie stealer was an elaborate red herring, designed to waste our time while his plans moved forward. At this point, Ryu (I think) contacted the InvisionFree staff about this situation and told several of us over MSN. Unfortunately, Kharybdose quickly responded to this act, which he shouldn't have known about at all - an email later confirmed that he had gained access to one or more of our computers - by returning the Temple's title and marquee to their former selves and deleting his topics. As best I can figure it, he wasn't genuinely scared of InvisionFree involvement (though he filed a false counter-report anyway) - without our knowledge of the exploit used, he could write the whole thing off as an internal power struggle, or if worst came to worst, crack our board again - but planned another psychological trick. This was taken one step further when, using my account (somehow without changing the password) he claimed to have recovered the boards, starting this very topic. Subsequently. the administrators received an incredibly pompous email promising swift punishment if we failed to complete an as-of-yet unspecified challenge. It was confirmed that Kharybdose knew that grim_reapist had been arrested, and that Kharybdose had not been paid yet. Kharybdose was trying to contact him for a final demand, the "basest, most revolting" submission to him he could think of. In the meantime, we would be punished if we told the members it was all a ruse - which some of our cynical bastards immediately figured out for themselves. tongue.gif Saturos apparently responded in an unfriendly manner and was punished by the banning of his account and the alleged destruction of the Sol Clan, both in Clan Wars and by the hiding of the forum. Curiously, he didn't delete either - I can only imagine he was planning to use them as incentive at some future date. By this point, I had scoured InvisionFree for any possible security holes and found none. Consulting my hacker contacts likewise proved fruitless - Kharybdose had truly lived up to his frightening reputation if he had found such a hole. But it was then that a most unlikely savior appeared - Adnarel suggested that perhaps if we could gain control of the Hotmail address which Kharybdose's account was using, we could gain control of the board. I immediately realized that if we could do so, I could just send a password reset request from the Temple, answer it, and gain control of the root account. Whether Kharybdose had gained control of the forums in this manner or had actually found a security hole was immaterial - this *was* a hole I could exploit. Thanks to Adnarel's simple yet brilliant observation, I set to work. Hotmail itself was all but unassailable, but Windows Live accounts are used for many things. Did you know that it is possible to perform SQL injection over XBox Live? With control of Kharybdose's email account, I sent the password request and gained control of Kraden's account. The rest, as they say, is history. The level of psychological manipulation involved in this affair was quite impressive. From grim_reapist, Kharybdose must have known that our resident computer expert was a Cornellian and could be fully expected to share his frightening reputation with the board. Further, his rapid discovery and takeover of the auxiliary boards confirmed his image as the Big Bad, and when he confronted us with the rebirth of an old fear - a new cookie stealer - we were all too eager to panic. I must confess, I fell for his deceptions twice - first in pursuing the cookie stealer, but more importantly in looking for elaborate InvisionFree exploits rather than the much simpler Hotmail solution. Whatever deception he planned by falsifying the recovery of the boards will never be known, but it does mark the moment when the Kradenettes finally started seeing through his illusions - and with help from Adnarel in piercing the final veil, I was able to finally end Kharybdose's game. I would've typed that as an epic poem portraying me as a Beowulf for the silicon age, but I'm at work now, so bite me. All you need to know is that the banhammer has finally fallen on grim_reapist for all time, and a new age of peace and prosperity can begin. Huzzah! |
![]() |
|
| Bacon&Eggs | Aug 2 2009, 09:17 PM Post #26 |
![]()
The one and only
![]() ![]() ![]() ![]() ![]() ![]()
|
I'm not going to lie, that was pretty cool |
![]() |
|
| Bucsfan | Aug 2 2009, 09:20 PM Post #27 |
![]()
It gives you wings...
![]() ![]() ![]() ![]()
|
woah |
![]() |
|
| sirkibble2 | Aug 2 2009, 10:02 PM Post #28 |
![]()
3DC regular
![]() ![]() ![]() ![]() ![]()
|
Epic indeed. Trumps all our petty takeovers. lol |
![]() |
|
| Pure$killz | Aug 3 2009, 06:50 AM Post #29 |
|
The voice you dread
![]() ![]() ![]() ![]() ![]()
|
that is a pretty awesome story |
![]() |
|
| phoenix | Aug 3 2009, 12:04 PM Post #30 |
![]()
Administrator
![]() ![]() ![]() ![]() ![]() ![]()
|
So he took over Kraden's email account via Kraden's hotmail account, either by hacking or cracking, then setting up some false leads... |
![]() |
|
| RyuKenshin | Aug 3 2009, 08:29 PM Post #31 |
|
Holy Prophet of the Wheat Sword to the Almighty Kraden
![]() ![]() ![]() ![]()
|
Essentially, yes. It worked for a while, but we finally saw through them. He also stopped caring because his client got arrested, hence why he allowed us to actually retake it. He did come back, retaking the Kraden account to say a few things, but he didn't do any damage that time. |
![]() |
|
| phoenix | Aug 3 2009, 09:36 PM Post #32 |
![]()
Administrator
![]() ![]() ![]() ![]() ![]() ![]()
|
Time to change Kraden's email from Hotmail to something a lot more secure, no? |
![]() |
|
| RyuKenshin | Aug 4 2009, 12:57 AM Post #33 |
|
Holy Prophet of the Wheat Sword to the Almighty Kraden
![]() ![]() ![]() ![]()
|
Already have. |
![]() |
|
| Shade_Daeori_Vylaar | Aug 4 2009, 09:47 PM Post #34 |
![]()
Tyrant by choice
![]() ![]() ![]() ![]()
|
well when push comes to shove, strategic shoving can come into play, and strategy is my speciality, so i have stored a good plan incase something like this happens again.... that is, if it can be done. |
![]() |
|
| phoenix | Aug 4 2009, 11:29 PM Post #35 |
![]()
Administrator
![]() ![]() ![]() ![]() ![]() ![]()
|
What? |
![]() |
|
| Shade_Daeori_Vylaar | Aug 5 2009, 03:14 AM Post #36 |
![]()
Tyrant by choice
![]() ![]() ![]() ![]()
|
basically set up a decoy admin (a normal member without admin powers) then the hacker would access a member account while a duplicate account witha different email address is made, then the hacker would use the member account to try adn take over when, in reality, the real admins would immidiately ban the old acount and I.P. block the last person to sign on as the account (the i.p. block is the if it would work part) |
![]() |
|
| Big G | Aug 5 2009, 05:33 AM Post #37 |
![]()
3DC member
![]() ![]() ![]() ![]()
|
I'm discombobulated....... |
![]() |
|
| Dark Link | Aug 5 2009, 02:47 PM Post #38 |
![]()
Destroyer of...Stuff!
![]() ![]() ![]() ![]() ![]()
|
The problem is, it's not that hard to figure out what account is the root admin account and hack that one, which is what the hacker did. He figured out that Kraden was the root admin and hacked that account, because what's the point in hacking a different admin account if the root can just temp ban it? |
![]() |
|
| Shade_Daeori_Vylaar | Aug 5 2009, 02:53 PM Post #39 |
![]()
Tyrant by choice
![]() ![]() ![]() ![]()
|
your point is well made DL, and quite a good arguement, however my plan would go on the fact that said hacker would never have been to the forum we would stage this from, meaning he wouldn't really have a clue who the root admin would be... so it's still an effective plan, as long as things are done properly, not to mention it would require the real admins to change their color to a member color while still keeping their adminship |
![]() |
|
| RyuKenshin | Aug 5 2009, 10:12 PM Post #40 |
|
Holy Prophet of the Wheat Sword to the Almighty Kraden
![]() ![]() ![]() ![]()
|
Root admin = Account number 1. Can't change that. |
![]() |
|
| « Previous Topic · Random Discussion · Next Topic » |
- Pages:
- 1
- 2










![]](http://z1.ifrm.com/static/1/pip_r.png)




Glad to know you guys have your own hacker on your side! Good luck






8:19 PM Jul 10