Ogenstad.net

n3m0 arrived at work a bit late, 8:18 AM. Only 18 minutes, that’s not bad. No one seemed to care anymore when he showed up so he was usually late. When he started at the company things had been really busy but the last few months things had been quite slow which gave n3m0 the opportunity to work with on his own projects.

“Whoa, what happened to you?” Thomas asked with a perky voice. I can’t imagine how he can sound so happy when working here, n3m0 thought. He knew from experience that if he ignored Thomas he would just press on.
“I was playing World of Warcraft again,” n3m0 muttered.
“Didn’t catch the hockey then?”
“No”
“Pity, was a great game.”
“No, I missed it.”

After a few more questions Thomas found someone else to bother. n3m0 unlocked his computer, checked the work email and opened the Help Desk application used by the company. Boring, boring, he scanned through the requests, nothing important, he thought. The requests could wait until later, one of them was so stupid that he laughed out loud.

That caught Thomas attention and he started walking over with his do-you-have-a-joke-to-share face. Thomas turned when n3m0 picked up the phone and pretended to make a call. Instead he opened up Notepad++ and loaded the asp file from his usb stick.

n3m0 was so tired that his ability to code suffered and it took a lot of coffee and close to two hours to get the script to work as he wanted. Not wanting to hack from work he figured he could take care of a few requests. He reprogrammed his telephone so he wouldn’t be unavailable anymore and tabbed to the Help Desk application.

Even though n3m0 only did any actual work half of the time he was there, he still was the guy in help desk who closed the most requests.

During the afternoon the only thing that kept n3m0 from falling asleep was the phone which kept ringing.

When the work day was over and n3m0 finally came home, he was still tired but since he had waited all day he figured he could sleep later.

n3m0 surfed to the Regal-Pens website. Time for some hacking.

[tags]security, stories, fiction[/tags]

n3m0 had the victims lined up, from about 20 companies he was about to single out the “lucky one”. Some of them had their websites at web hotels so they were more or less useless. The administrators of the web hotels would probably notice if some extra 15 Gb appeared on their servers and the customers would have a quota limit of much less than that.

n3m0 was looking for a website hosted in-house by its owners. After a lot of interruptions, some more noodles, searches through whois records and dns queries n3m0 was down to six targets.

The next step was to test the Internet connections of the companies. In the end he settled for one company and had two others as backup if things didn’t go as planned.

Regal-Pens were a company selling fine pencils, pens, ink bottles and other writing tools. n3m0 couldn’t remember when he had used a pencil the last time (not counting the ones in Gimp), he didn’t even know if he had an ordinary pen anymore. Why would anyone want to use those? n3m0 did a search on his hard drive after an mp3 with the Flintstone’s theme, he didn’t find one. The urge to fire up a torrent client was overwhelming but n3m0 managed to stay focused at the task at hand.

With the mark set it was time to set up a test environment. Instead of downloading music he started up VMware Server and began to install a Windows Server guest. While the unattended installation proceeded, n3m0 started to look for a suitable asp script that he could use; ages ago he had written a file called n3m0-was-here.asp. He grabbed the file but renamed it nomad.asp. The script basically downloaded and ran netcat.

*BEEP* *BEEP *BEEP*

n3m0 jumped high in his chair as the alarm clock came alive. It showed 6:45 AM.

Shit, not again. Not for the first time n3m0 had been up all night, it was time to go to his real job. For the last 16 months n3m0 had been employed as a member of a help desk department. The salary was barely enough to live on and the job was painfully boring but the plan had never been to stay on the help desk crew.

n3m0 smelled his arm pit. Oh, bad bad bad, he pulled his nose away in disgust. He grabbed an usb stick and copied the asp script to it. Then he headed for the shower.

There wasn’t any breakfast to speak of in his apartment and he seemed to be out of toothpaste. Looking in the mirror before walking out he saw an exhausted young man staring back at him. It was going to be a long day.

[tags]security, stories, fiction[/tags]

n3m0 had managed to boil his noodles for fifteen minutes instead of the recommended three; it didn’t improve their taste. Unsatisfied by his meal n3m0 sat down at his computer again. After reading his feeds he got back to work.

He came across an advisory for ShowRoom.Asp 3.4.x, marked with the magic words, System Access from Remote. It had been discovered well over half a year ago, apparently the developers had been quick in releasing a patch and labeled it ShowRoom.Asp 3.5. Good for them, n3m0 thought. After surfing the website where ShowRoom.Asp was hosted he found a downloadable zip file of the vulnerable version, he also downloaded the patched release so he could see what had changed.

According to the Readme file, ShowRoom.Asp was a piece of software made it easy for companies to show their products on their website. It was kind of like a cms but just for a small part of the website. The users could sort their products into different categories and describe their products, upload an image and assign a price to the products.

Coding aside, the design just appalled n3m0. I bet it’s even worse when you view the page in a browser, n3m0 shuddered. As he had guessed the problem was concerning sql injection, the developers seemed aware that they should do input validation but had missed to check it on a request.querystring value.

The impact was that you could log on to the site as admin without using a password, there you added a new product but instead of uploading an image you could upload an asp page of your own choice. In the newer version input validation had been fixed and the upload mechanism only allowed .gif .jpg and .bmp.

A decently configured Windows box should prevent this, n3m0 thought as he was becoming more familiar with the code. On the other hand people who make an effort with the configuration usually don’t leave their systems vulnerable six months after the advisory is issued.

n3m0 had enough to start looking for a victim, he tabbed to his Firefox window and did a Google search; “powered by ShowRoom.Asp 3.4”

Results 1 – 10 of about 120 for “powered by ShowRoom.Asp 3.4”. (0.40 seconds)

Two words popped into n3m0’s mind when he saw the search results; Road Kill.

[tags]security, stories, fiction[/tags]

While working, n3m0 didn’t think much of hunger. Placebo’s Black Market Music album was going on repeat in XMMS, all thoughts of poker had been replaced by pie charts colored blue and red. n3m0 liked those, mmm, system access. He was browsing through the advisories at Secunia, more specifically the historical advisories. What n3m0 wanted wasn’t a fancy new exploit. A new exploit would give him access but that wasn’t enough; his client would want to stay for a while after setting up the site. No, it’s better with an old ‘sploit, n3m0 thought. Going after the clueless would insure that his client had a better chance of sticking around after gaining access.

n3m0’s irc windows started blinking and immediately caught his attention. As usual n3m0 was distracted from what he was doing, he was seldom able to stick to one task long, there was always a new email, instant message, chat session or rss feed.

– orin – did he call you? 🙂
– n3m0 – yup
– orion – hilarious, sorry for that thought you’d like a laugh
– n3m0 – hehe, yeah he was a bit strange
– orion – no shit, so what did you say?
– n3m0 – I told him I’d do it, you know cash problems
– orion – lol, you must have a serious cash problem
– n3m0 – things have been slow
– orion – but still for $2100 with that time frame you should have told him to get lost
– n3m0 – $2100?!? He said $800 to me.
– orion – lmao!! you crack me up, what you’ve never seen Life of Brian?
– n3m0 – he didn’t seem like the haggling type…
– orion – Did you try? Man you’ve better get your act together
– n3m0 – jesus christ
– orion – lol or the flying spaghetti monster
– n3m0 – har har, where did you find that guy anyway?
– orion – so you’re doing it for $800?
– n3m0 – I need the money
– orion – I didn’t find the guy, M3m3th referred him to me, don’t know where he came from
– n3m0 – how much did he offer to pay M3m3th?
– orion – well nothing, M3m3th told him to piss off, that he didn’t deal with that shit. Funny M3m3th never struck me as someone with a lot of morale
– n3m0 – have any idea of what kind of site this guy is setting up?
– orion – I’m not really sure but it sounded like it was some sort of porn site

[tags]security, stories[/tags]

“Define ‘considered illegal'”, n3m0 didn’t think much of laws but he was curious by nature.
“You know some people are against freedom of speech. Look at the way things are handled in China, I don’t like that.”
“So you want to free Tibet or what?”
“I’ll be honest with you. I don’t care too much for Tibet.”
“Don’t worry I won’t throw the first stone,” n3m0 didn’t even know where Tibet was let alone cared for what happened there. “But if it’s not Tibet, what kind of files are we talking about?”

“You don’t really want to know, let’s call it entertainment media.”
Yeah right, entertainment media, n3m0 started to think the caller had been right; it might be better not to know.
“Fine, so where do you want your files?” n3m0 asked, ready to type some more notes.
“At the moment the web site is running ASP, so a Windows server would be good.”
“You already have a web site?” n3m0 was confused.

“Well due to the delicate nature of my content I have to keep moving around, you see I’m a bit of a nomad.” n3m0 got the mental picture of someone riding a camel.
“Why don’t you use Perl?” he asked.
“What?” the caller could have sounded confused but n3m0 couldn’t tell with the voice distortion.
“Never mind, it was a joke. What are your requirements and more importantly how much will you pay me?”
“I need a site which has a decent Internet connection, around 15 Gb of storage. And I want it in nine days. I ‘m moving in a fortnight and I want things to be in place. I will pay you 800 dollars.”
“800 bucks, are you mad?” n3m0 couldn’t believe this guy, he used to be paid a lot more.
“Perhaps a bit, but that is my final offer. If you want to haggle the only way I’ll go is down.”

n3m0’s head was filled with thoughts of Ramen noodles and poker. I’ll win this time, I have to.
“So what’s it going to be?” the called pressed.
“I’ll do it.”
“Excellent, so I’ll call you in say five days?”
“Sure, talk to you later” n3m0 hung up the phone. It was time to go shopping.

[tags]security, stories[/tags]