138 lines
6.6 KiB
Plaintext
138 lines
6.6 KiB
Plaintext
|
Episode: 2988
|
||
|
|
Title: HPR2988: A tale of two hackers in the same system
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2988/hpr2988.mp3
|
||
|
|
Transcribed: 2025-10-24 14:21:41
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
This is Hacker Public Radio Episode 2988 for Wednesday 15 January 2020.
|
||
|
|
Today's show is entitled, A Tale of Two Hackers in the Same System.
|
||
|
|
It is hosted by SIGFLOB
|
||
|
|
and is about nine minutes long
|
||
|
|
and carries an explicit flag. The summer is
|
||
|
|
Xhacking and Modem stuff. Quote-
|
||
|
|
This episode of HPR is brought to you by archive.org.
|
||
|
|
Support universal access to all knowledge
|
||
|
|
by heading over to archive.org forward slash donate.
|
||
|
|
Music
|
||
|
|
Hello everyone. My name is SIGFLOB
|
||
|
|
and you are listening to another edition of Hacker Public Radio.
|
||
|
|
In this edition, I'll be talking about a tale.
|
||
|
|
A tale of two hackers in the same system should be fun.
|
||
|
|
Before I talk about it, though, I would like to have some housekeeping with some news.
|
||
|
|
Episode HPR Episode 2592
|
||
|
|
Tech Talk with Allison
|
||
|
|
Well, Allison is no longer with us.
|
||
|
|
She jumped off a bridge about a year ago
|
||
|
|
and it's all very sad.
|
||
|
|
And so, yeah, they're not with us anywhere.
|
||
|
|
They got cremated. I went to their, I guess, wake or whatever.
|
||
|
|
And I'm not, I'm not made of stone, right?
|
||
|
|
So I cried so fucking much during that period of time.
|
||
|
|
But now I'm kind of over it as long as I don't remember.
|
||
|
|
Remind myself of Fern and whatnot.
|
||
|
|
Anyway, that out of the way.
|
||
|
|
A tale of two hackers in the same system.
|
||
|
|
I went to the library.
|
||
|
|
I lived in Washington County in Minnesota when I was a kid.
|
||
|
|
And the library had these wise terminals like on tables all over the place.
|
||
|
|
I don't know, like maybe five wise terminals in the library.
|
||
|
|
And they were connected as it turns out to an AIX machine.
|
||
|
|
Excuse me.
|
||
|
|
AIX being IBM's Unix operating system as far as I know.
|
||
|
|
So, I talked to, I was talking, I brought this up with the library.
|
||
|
|
And I don't remember what I said exactly.
|
||
|
|
I knew this is before the popularity of AOL and and
|
||
|
|
Compuserve and Prodigy and those things.
|
||
|
|
But she's like, yeah, you can, you can dial into the, you can dial into our system
|
||
|
|
through the phone.
|
||
|
|
So, I think the system they used at the library.
|
||
|
|
It was called dial pack or something like that.
|
||
|
|
And so I dialed the, the modem number when I got home that she gave me.
|
||
|
|
And slow and behold, it just logs in a dial pack.
|
||
|
|
With, with one thing, you do have to log in with a user name and a password.
|
||
|
|
Both of which I was told just log in is library, library.
|
||
|
|
And that seems to work.
|
||
|
|
So, that's kind of neat.
|
||
|
|
I figured out later that you can run links from the dial pack thing.
|
||
|
|
And so that was cool.
|
||
|
|
Like going to, to websites text only.
|
||
|
|
For those of you who don't know links, it's a program Unix program that allows you to
|
||
|
|
browse websites with just text, text only.
|
||
|
|
So, yeah, so run links and there's this little thing about links you can press G.
|
||
|
|
And you can type in tell net colon slash slash and address.
|
||
|
|
And it will tell net to that address, which is pretty cool.
|
||
|
|
So, I heard about this, this service called grex.org, which has Unix shows.
|
||
|
|
And so I eventually like, I, I don't know how I got the account exactly,
|
||
|
|
but I had an account after a while.
|
||
|
|
And so I had this grex account, which is pretty neat.
|
||
|
|
I kind of think the thing about Unix back then, they had a couple of commands,
|
||
|
|
SX and RX, which sent X modem files, files through X modem.
|
||
|
|
Or we see files through X modem, which is pretty cool.
|
||
|
|
But yeah, those aren't, and on Unix anymore.
|
||
|
|
So, at least the major BSDs and the, the Linux distros.
|
||
|
|
So, yeah, so I played around with that for a while, and that was a lot of fun.
|
||
|
|
And then maybe a month later, I found out that this is misconfigured the IX machine.
|
||
|
|
If you just hang up and you call back, you will be at the same place you were when you hung up.
|
||
|
|
Like, the modem does not, the modem does not hang up into AX, A I X is,
|
||
|
|
IX is a perspective, but so, all right.
|
||
|
|
So, I, I teleted it to my grex account, and I wrote a little message,
|
||
|
|
and then I hung up the, the, the, the phone line, and I dialed right back.
|
||
|
|
And there I was in the same editor that I exited, and I can look over what I wrote, right?
|
||
|
|
So, that's pretty cool.
|
||
|
|
What I decided to do was to write a login simulator.
|
||
|
|
So, I would, um, side login, and I, I go, I connect to my grex account,
|
||
|
|
then I'd run in my login simulator.
|
||
|
|
So, the next person logs in, uh, just sees a login prompt, and, uh,
|
||
|
|
for their username and their password.
|
||
|
|
And I would have that information, because they're talking to me, and, um,
|
||
|
|
on this window, okay, there were most, mostly people are just dialing into the library,
|
||
|
|
with the library library username and password.
|
||
|
|
So, nothing special.
|
||
|
|
So, I decided to, um, port scan it for whatever reason.
|
||
|
|
I think this host's name is Washington.lib.mn.us.
|
||
|
|
I could be mistaken, but anyway, um, whoa, what was I saying?
|
||
|
|
Yeah, so I decided to port scan it for whatever reason.
|
||
|
|
And, uh, I found a root shell.
|
||
|
|
I'm one of the, I'm one of the ports.
|
||
|
|
And my, my immediate thought was, there's another hacker in here,
|
||
|
|
which is very possible, um, that another hacker left this behind.
|
||
|
|
So, that was awesome.
|
||
|
|
I, I logged in.
|
||
|
|
Uh, the very first thing I did was create another user account,
|
||
|
|
and, uh, puts, um, in iNATD, in the, the iNATD min configuration file on, in Etsy,
|
||
|
|
which I don't think there is there anymore.
|
||
|
|
I, I put, it's, it's, it's, it's, um, it's a system iNATD,
|
||
|
|
is a system where in which you can run programs in the standard day and in standard out,
|
||
|
|
are sent over the web.
|
||
|
|
So, so I had a running, uh, root shell from that.
|
||
|
|
So, I would, I, I put the root shell on another, another IP.
|
||
|
|
And I'm like, oh, this is awesome.
|
||
|
|
And so, I hung up and I, I connected to my port through, um, iNATD,
|
||
|
|
and it's, it, it was successful.
|
||
|
|
It worked.
|
||
|
|
And that only lasted for a week.
|
||
|
|
And then all the, the, uh, the, the, the shells disappeared.
|
||
|
|
My modifications to the configuration file disappeared.
|
||
|
|
My user that I added disappeared.
|
||
|
|
So that was sad.
|
||
|
|
But, um, yeah.
|
||
|
|
So that's my, my story.
|
||
|
|
It's, uh, six minutes, about seven minutes here.
|
||
|
|
Take care everyone.
|
||
|
|
Thank you for listening.
|
||
|
|
Bye-bye.
|
||
|
|
You've been listening to HackerPublic Radio as HackerPublicRadio.org.
|
||
|
|
We are a community podcast network that releases shows every weekday
|
||
|
|
and Monday through Friday.
|
||
|
|
Today's show, like all our shows, was contributed by an HBR listener like yourself.
|
||
|
|
If you ever thought of recording a podcast, then click on our contribute ring
|
||
|
|
to find out how easy it will be.
|
||
|
|
HackerPublic Radio was founded by the digital dog pound
|
||
|
|
and the infonanonicon computer club,
|
||
|
|
and is part of the binary revolution at bmf.com.
|
||
|
|
If you have comments on today's show, please email the host directly,
|
||
|
|
leave a comment on the website or record a follow-up episode yourself.
|
||
|
|
Unless otherwise stated, today's show is released under a creative comments,
|
||
|
|
attribution, share-like, 3.0 license.
|