Home page logo

pauldotcom logo PaulDotCom mailing list archives

Getting Your Start Because You Got Hacked
From: danny.howerton at gmail.com (Dan Howerton)
Date: Thu, 14 May 2009 14:22:12 -0600

I got my start a little differently than actually getting hacked and I have
Paul, Larry, and Twitchy to thank for getting into Computer Security. About
two and a half years ago I was coming out of high school and I knew I wanted
to start studying computer networks. About a month or two out of high school
someone introduced me to a Podcast  about security with Leo from techtv so I
gave it a shot. It was ok but I thought to myself there has got to be
something more hardcore and technical than this so I started scouring the
web. One of the very first ones I came across was PDC. I downloaded a few
eppisodes and was hooked immediatly and knew that this is what I wanted to
do for a living. I have since been a dedicated listener and fan and am
currently working in a pretty small MSS team for a fairly large company and
I only have pauldotcom and the pauldotcom community to thank for it.

On Thu, May 14, 2009 at 1:02 PM, Jason Wood <tadaka at gmail.com> wrote:

This happened back when I was a jr sysadmin at a fairly large dotcom.  My
wife and I were having a party at our house with several of our friends when
my cell phone went off.  Sure enough, it was the NOC saying that this one
web server kept running out of disk space and they couldn't figure out why.
The operator had cleared out all the temp files he could find, removed a
number of web server logs and some other stuff.  Disk space dropped for
about 30 minutes and then climbed back up over 90%.

My computer was in the living room, so in the middle of the party I logged
into this server and started poking around.  First order of business was to
figure out where the most disk space was being chewed up.
C:\inetpub\ftproot was the culprit.  I looked around the file system and
found video games, music files, warez, etc all over the place.  I checked
the FTP config and saw that it was a default setup with no relation to the
function of the web server.  Anonymous access had full read/write.  At this
point, I was cracking up and asking people at the party if anyone wanted the
latest Britney Spears album.  I had 3-4 people crowded around my PC to watch
what was going on.

I uninstalled the FTP service, cleaned up the disk space and looked at the
FTP logs.  Sure enough, the server had been idle on FTP for weeks, then got
discovered.  In 2 days it went from unknown to very popular.  It also didn't
hurt that there were multiple OC3s coming into the environment.  The users
of the site must have been having a field day.

Wait, I hear people asking, shouldn't the firewall have blocked the FTP
connections?  Well, not if it is set to allow FTP inbound to all servers.
That later got changed too.

Anyhow, it was a completely hilarious experience, particularly since I
didn't setup the server so my pride wasn't at stake.  ;-)

On Thu, May 14, 2009 at 12:43 PM, Joshua Wright <jwright at hasborg.com>wrote:

Hash: SHA1

I was working for Johnson & Wales University and we had a Citrix server
running on NT 3.51.  I was one of the first people who got a cable-modem
at home from Cox Communications, and it rocked!  It rocked so much,
someone else on the LAN discovered my workgroup and host, and connected
to an unprotected share on my Windows 98 machine where he grabbed the
.ica file with a stored password to the Citrix server.  He called me at
home to let me know how r00ted I was, after getting my home phone number
from my wife's resume.doc file.

Yeah, it was pretty painful, but it was my motivator to get into
infosec.  "Wow, that sucks, but at the same time, it's so awesome too"
is the best way I can describe it.

Years later we bumped into each other in Providence, and he told me how
he's been watching my career since he called me that first time.  I
thanked him for his help. :)

- -Josh

Paul Asadoorian wrote:

I'd like to start a new thread where we all share our experiences on how
we got into computer security.  Specifically I want to hear about people
whose boxes got hacked, and sparked a life-long career in infosec.

I may use your story in an upcoming piece I am working on, if I do I
will contact you off-list for permission and such.

Larry, I know you got a good story here ;)



Version: GnuPG v1.4.9 (MingW32)

Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

Dan Howerton
GPG key: 10F5DDA5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090514/62a6d542/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]