Hax0ring, Explained

Sources (which have been recorded I may add), have explained part of the hacking.

We should all know ChIkEn AtE mY dOnUtS by now, a member of the GMC, and an admin on the G-Java forums, not a particularly an “esteemed” member, reputation hasn’t been that good ever since he began his forum posting. He has been involved (indirectly) in the hacking situation, to what extent is being examined further, please read on.

[ THIS IS A NOTICE ADDED AFTER THIS ARTICLE WAS POSTED: ChIkEn AtE mY dOnUtS was not involved in anyway with the ‘hacking’ situation]

Now there are two theories to how this started, both from different sources, so be warned obviously one of them isn’t true.

Theory 1:

Theory 2: The hacker used a MySQL injection security hole on the forums and managed to “break in”, he signed up with the username _admin and set the password as admin. He then modified the database to set his user status to be that of an Administrator of he foum.

Now, where does CAMD fall into this? Well apparently he was conversing with a friend on his instant messenger and arrived upon a message a friend had sent…

D00D! LOGIN AS admin_ AND USE admin AS THE PASS!!!11111

Now, given CAMD’s personality, it’s not unusual his curiosity would take over and he would actually try to login, I don’t blame him, I may have done the same if I was in his situation.

Now then here we have CAMD logged into the GMC as an admin… knowing his reputation, the question is:
1) Is he guilty of being the hacker
2) Is he guilty of being part of the hacking
3) Is he completely innocent (most likely)
4) Is he a witness that should have tried to stop the hacker
5) Is he making this story up as a cover for himself

How can we prove what did and did not happen after this? Logs… they leave traces of information yes, but as far as I know, IPB (the forum software the GMC uses) cannot verify who did what (for example change forum templates/mass email) if multiple people were using the same account. I do not think CAMD had a motive to hack the forums, nor do I think he was capable of doing the damage on his own, but I can’t help think he was in some way responsible for letting everything happen.

I know if I logged into that account, sitting there in CAMD’s shoes, amazed at the power he had been mistakenly been given… I would probably have done the following (ability to think quick and act responsibly)

1) Close down the board and leave a “We are currently experiencing some minor technical difficulties, please visit again in an hour or so. GM Staff.” to try and prevent anything from happening, or having users exposed to viruses, or potentially dangerous topics for whatever reason.
2) Change the password to the account (the most obvious issue… atleast by changing the password to the account, anyone else with it shouldn’t be able to access it anymore)
3) Go to the secret forum and post a topic explaining everything that’s happening, why I closed the board, what is going on, who gave me the user-name and password and how much danger I think the GMC could be in.
4) I’d also email, pm and try to contact any administrator possible, and go on gmchat to try and contact chronic immediately.

OK I told you what I know, and what is my personal opinion, now you do the same, comment please!

Advertisements

84 Responses

  1. who ever posted this is pretty accurate

    but still, the person who gave me the password i don’t think was the hacker either

    since the password was wayyyyyy to easy, he figured it out (but why would he even try???)
    anyways, his MSN is unknown-studio@hotmail.com

    anyways, it was impossible for me to stop the hacker, due to the account was banned the second i logged in.

    i love the GMC, i spend wayyyy to much time there, i would NEVER hack it.

    i am trying my hardest to try to help find the hacker.

  2. CAMD doesn’t have the knowledge to hack into the forums… so all this talk of yours is bullshit…

  3. P.S., i never got actually in the GMC with that account, it was banned before i did

  4. I completely agree with whoever wrote this article. CAMD was someone I suspected from the beginning.

  5. Fox-NL is correct, im too dumb for IPB

    not long ago i was trying to make a mod for my forum, so i opened th index.php page…

    O..M…G…

    it is VERY hard to understand

  6. I don’t know about the whole deal. Accusations isn’t a good start. Like Fox-NL said, he doesn’t have that much skills to doing that. It’s not good news, I don’t mind the part of how the hacker hacked it theroies though. Chiken’s attitude is off at times, but his an alright guy.

    Thats all I got to say. I don’t think it is him.

  7. This didn’t affect me too much. Besides… it’s probably the person who you least expect it to be. For all you know, it could be me or roach.

  8. I found out the password to the -Admin user!

    Chicken Ate my doughnuts dident do it though..i dident do it either..

    it started with CAMD telling me that some guy made an acount named Admin_ or something..and i found the users password, but the server was meintenance when i found it out though..

    and CAMD posted on hes forum THE UGMC that hes password was admin
    because i told him.

    and again. i dident hack the gmc -_-
    and again again..if camd did hack the forum he wouldt be so stupid to post the password, because then everybody knew he was the one who hacked gmc.

    Unknown.

  9. Unknown and I did not hack the GMC
    all we did was figure out the admin_’s user and pass.

  10. My question is WHO IN THE RIGHT MIND HACK THE GMC so many people use it. Does he/she just want to make people mad?

  11. P.S.

    the account was banned when i logged in

    so i couldn’lt even see the main page.

  12. What is it good for to hack the GMC?
    The hacker doesn’t have any rational reason for doing this, only the pure evil madness 😦

  13. okey so he hacked the gmc just for an signature…lol

    everybody think i did it but then again:
    i allmost dont know a shit about php and mysql
    all i c in the index file of an ibf is %Y!#&”/ i cant even read the code lol :S

    And heres some guidelines:

    The hacker must have:

    Uniq skills with PHP and MYSQL.
    And
    Awesome skills with Invission forums.

  14. There is one thing that doesn’t match. That only happens when someone lies.

  15. Oops. Perhaps not…

    “Roach (a well know GMC user, know for mostly for his DLL creations) apparently found out CAMD had access to this account and reported him to chronic at first notice.”

    Who banned the admin account? Was it before or after Roach told chronic?

  16. Theory 1 = bullcrap. The admin_ account was made May 4th, way after the server move.

    And another thing, News is facts, not theory. If you post a theory and people buy in to it, then it just spreads to things like this.

    If you do not have facts, then keep them to yourself.

  17. I’de love to see any proof on this, it sounds a little flaky. Anyways, because of this it seems CAMDs reputation will go way down.

  18. Chronic probably knows the answers to my questions. Would like to hear them. 😉

  19. Just a little comment.

    Whoever did it most likely just used the admin_ account to take over.
    No injections or anything of that nature.

    If Mark didnt fix the password afterwards then aparently this is all his fault.
    -Steve

  20. I dont think mark created that account.

    1. Why would he?, he allready got an admin account.
    2. He would proberly make an much more advanced password.

  21. Hmm, when you look at all the different things CAMD and Unknown say to explain himself… it doesn’t add up.

    First off, You can’t log into Banned user accounts.

    Secondly, What could Unknown’s intent possibly be when trying to guess the _admin account’s password? What kind of motive would that be? And, if it really WAS already banned when CAMD logged into it… why would Unknown be trying to guess the password of a banned account?

    Indeed, the defense that Unknown and CAMD are “too dumb” to mess around with an Invision Power Board proves that they themselves did not create this account’s powers, it does NOT prove that they did not put the iframe in and use the board mass-mailer to send out the virus-laden message. Both of these things would be QUITE simple to do using the IPB administrator interface.

    Also, the fact that Mark Overmars’ account was broken into later places suspicion on Unknown – he did guess the password of an admin account before, only to have it banned – what would stop him from guessing Mark’s password as well?

    Of course, without any hard evidence, we can’t conclusively prove anything here.

  22. … you can still attempt to login to the account

    but you will reach a “Your not allowed to access this page” mabobber.

    and i dunno why unknown guessed a banned user’s password.

  23. “Logs… they leave traces of information yes, but as far as I know, IPB (the forum software the GMC uses) cannot verify who did what (for example change forum templates/mass email) if multiple people were using the same account.”

    Wow, that logging system needs some serious work.

    As for the hacking… I couldn’t care less, and theory one is likely not true, seeing as Chronic said it was registered only a few days ago.

  24. maybe they can view the hackers ip :O???

    lol

    and ‘Admin’ is the default password for an admin. so that was the first thing i tryed :\

  25. I don’t have any suspicions regarding anybody in particular, but I don’t think Professor Overmars would leave an adminstator’s account just lying around with an extremely simple password, especially when users can browse the member lists… if I saw an _admin account, I’d be a bit suspicious of its intents/purposes.

  26. Oops forgot to add this to my last comment:

    “Whoever did it most likely just used the admin_ account to take over.
    No injections or anything of that nature.”

    Didn’t the hacked post AS Mark Overmars (using Mark’s account)? Therefore, there must have been a SQL injection because IPB doesn’t permit you to see others’ passwords.

    (correct me if I’m wrong).

  27. Its sad, because im sure we will not get the forums back for some time. I hope we do, Im bored already.

  28. Just a question, was there a member on the GMC called maxiz?
    Cos one of the hackers posts was “Make maxiz a sig or he will hack this forum!!!! He’s a g00d hacker if you make him a sig/banner that he likes he will leave alone!!”
    If so, then there is probably a good chance it was him.

  29. also, I remember seeing a group called “GMC MemberX” in the members list. There was an account named “dameged_test” or something like that. could this have anything to do with it.

  30. I dunno, But this sucks!!!!!

  31. *who did it, or how it was done….

  32. Cynical, at least on some forums, you can change people’s passwords when you’re an admin. (you can’t see the current ones, though)

    With admin powers, the hacker could’ve just changed Mark’s password to ‘cheese’ and log in with it.

    I’m not 100% sure that’s the deal with these boards, but I would assume that’s how it happened.

  33. Want my theory? It was a ‘bot.
    I’m sorry, I love Mr. Overmars and GM, but anyone who leaves their password as “admin” deserves what they get.

  34. I think I’ll have to agree with the last post

  35. I seriously doubt he did, only some dumbass would.

  36. Well, I don’t exactly go to GMC, but I heard about this and found this link. Since I have a board that uses IPB as software, allow me to offer my view of this.
    First off, logs do show what members do which, but in this type of event it still wouldn’t help most people. Access to one admin level account gives the right to change passwords to other accounts. Therefore, if this admin account had root priviledges, anyone using it could have changed this overmar fellow’s pass and accessed that way. That also kinda screws up the logs, since it puts into question which members were online validly and not being hacked by the person with access.
    So there’s an easy answer to 2 questions, assuming of course this account was root admin and not just a basic admin (root admin is the only one that could change other admin account pass’). The main question stems from: How was this admin_ account created? Good or bad purposes? Doesn’t seem likely the password would be that straitforward.
    In fact, I don’t recall admin accounts under IPB software even having a ‘default’ password to begin with during an install. They have a php script which you upload, then secure when you’re done setting up the forum. The subsequent results are your admin account, which if I remember right you choose the password for during the install, and the default admin account that automatically posts a welcome to ipb message, and should be deleted right afterwards. Then the php file for install is supposed to be either secured or deleted, and a bunch of other files are supposed to be given secured read and write permissions so that noone without the ftp access can access or modify them in any way.
    In other words, the only thing I can picture having a ‘default’ password is the automatically created ‘welcome to ipb’ one that’s supposed to be deleted after the board is installed. I don’t even remember that being admin level. So I call into question Unknown’s statement: “and ‘Admin’ is the default password for an admin. so that was the first thing i tryed :\
    Please elaborate.

    =+=gildedlink [zfgc member, referred here from a topic on zfgc]

  37. Has Mark already replied or put a comment about the hacked forum anywhere?

  38. Not that I can see, tell me if you see one though.

  39. “and ‘Admin’ is the default password for an admin. so that was the first thing i tryed :\

    Regardless, why were you trying to get into the account anyways?

  40. https://gmnews.wordpress.com/2006/03/23/smarty-accidently-banned/

    Read my comments……..

    Right now my website The Spammer’s Takeout is hard at work trying to get this back in order…..
    The only thing is, I have been contacting the staff of the GMC telling them that someone HAS BEEN PLANNING on hacking the GMC, and they pushed it away saying I have nothing to worry about.

    This is something that was posted by one of my Combats on TST:

    “THE GMC IS GOING TO BE HACKED AND ALL MEMBERS’ IP’S WILL BE HARVESTED AND SOLD TO OTHER HACKERS. PLEASE DONT ASK FOR DETAILS! The guy doing it says he has the GMC staff on his side so we can’t trust mods and admins. we need to report him he is using a proxy so he might even be who me and admiral first thought who he was (once again don’t ask because if that is true then we cant tell anyone) but seriously we have to take him down”

    Is was eventually passed off as a hoax.

    Welp… mabye next time ppl will listen.

  41. And dont think any of us from TST did it. Why ya think we’d tell the admins about it.

    Again and again I have said this — (Below)

    It was a damned SQL Injection! So says one of the best —best friends in the world.

    This is very bad for the GMC. It will take forever to get it back.

    But luckily the new patch Mark has set up has very good security (Friend says).

    Whatever you do, DO NOT reactivate the forum! You will delete ALL of the logs!

  42. In refrence to what AADude7 said…

    TST(The Spammer’s Takeout) has beed working on this(please read my above comment) for the past few months, I contacted Smarty and was told it was nothing to worry about.

    Also in refrence to what one of the Combats on TST said, one of the staff could of been in on it(read all my comments in https://gmnews.wordpress.com/2006/03/23/smarty-accidently-banned/ ).

    Then taking the GMC down would of been cake.

  43. “maybe they can view the hackers ip :O???”
    Excactly what I was thinking. Just trace the IP, and problem solved. Just figure out which user uses that IP. I personally think it was MAxis.

  44. But that won’t work if the hacker has a dynamic IP…

  45. maybe he doesent have an dynamic ip 😛

    anyways i would add more sicuraties(lol bad english!!)
    and some sort of an backup program or something

  46. Anyone hear of a proxy 😛

    I doubt any hacker would hack a forum without using a proxy.

  47. I agree, Afew people can use about 30 proxies, try tracing that.

  48. I believe Mark plans on blocking proxys now, he did express you shouldn’t be using them, and if you continue to do so, he’ll disallow and proxy access to the forums.. But how do you detect whether its a proxy visitor or a genuine one?

  49. i just want to know when they will put the GMC back up and running
    does anybody know the answer to that question?
    will they start out a-new?

    i dont really carer who or how anybody hacked the GMC,i just am concerned when it will be back up
    im sure many of us feal that way

  50. Putting it back up right now will be a BAD IDEA! Once the forum is re-actavated all of the logs will be earased. So far some of the people at TST contacted Mark Overmars, bacause we have a way to find the hacker. But, all evadace of the hacking will be gone once the GMC is re-actavated.

    Which is bad.

  51. you seem to have a point there

    but what kind of person would want to do something as horrible as hacking the GMC!?

  52. THE MOST IMPORTANT thing to know is that the forum was/is so weak for exploits that it could be cracked by anyone. The GMC was not hacked, only cracked. The techniques used to get access to the GMC was based on cracking the system, it has not anything to do with hacking.

    The GMC uses IPB 2.0.4 that has over 11 exploits (atleast what I have found). One of the exploits is very dangerous, because it can give you full access to the root and the whole MySQL. IPB 2.0.4 version has an CALLHOME and BACK exploits that will allow a cracker to overflow a login authorization and IPB license checks. The cracker could have also unlicensed the GMC.

    WHAT SHOULD MARK DO? Mark should buy/update the newest IPB, version 2.1.6. The newest version have no such exploits than the Mark’s current one. Mark should always update his forums to up to date, because the GMC is way too huge. Once the IPB has been updated, no one will crack anything again, unless a cracker guesses passwords or something stupid like that.

    -KaiZuSellgren-

  53. in refrence to what finland games said, read all my comments in the other blog, it said why they would crack it:
    ——————————————-
    Admiral Refuge Says:

    March 24th, 2006 at 1:41 pm
    Flashback, I already said that. Through you did bring up a good point, crackers pose as hacker, and like to call themselves hackers. Through, I remember this one hacker said something that forever would bash the cracking community:
    “A cracker is only as good as his tools, yet a hacker is only as good as his mind. The cracker may use a password cracker, but I will always think of them as noobs with computer. A hacker’s greatest tool is the mind, in which can be deadly. The so called “tools” of a cracker are limited, once they get outdated, they need a newer version, thus risking more incrimination data stored on his computer. But the mind has unlimited possibility and will never run out dated. Remember this, For the limited tools, it is possible for something to be un-crack able, but nothing is un-hack able.”

    But back on subject, I really think something big is going to happed to the GMC, what are we going to do?

    ———————————————–

    “Admiral Refuge Says:

    March 26th, 2006 at 10:24 pm
    I cant post the link to the picture cause it has
    W
    T
    F
    in it. GMC has 2 spam topics in the Finished Game section.

    This seems to of let off alittle, but what if someone is planing an attack??

    ———————————————

    I said some more stuff too, but nobody listened.

    and read this: https://gmnews.wordpress.com/2006/03/23/smarty-accidently-banned/#comment-38

    KaiZuSellgren, you have a great point. I agree with that. The correct tearm really, is Black Hat, though I useally call them crackers.

  54. I don’t think it was because he wanted a new sig, cuz in an admin account he could get his own, I think the cracker was trying to frame “maxis” or whatever

  55. Wont read all that, but it has to be someone who’s more advanced with viruses, cause you guys said there was some virus attached. I dont think any of these guys can do that. And there were lot more attacks than this one, I doub it’s a n00b’s job.

  56. Anyone can make a virus. Just download a program for it!

    The cracker was probably a little script kiddy trying to test out what he/she can do.

  57. Admiral Refuge, yes, the Black Hat who is calling him/her self probably a hacker. That’s the usual situation.

  58. Warning: This post contains false information, please disregard it,

    GMNews

    CAMD may have something to do with this and his "father," SleepinJohnnyFish could have the motive. A simple whois search of domain that the virus (the one that was mass e-mailed) showed that the server owner was someone named Jason, who lives in Pennsylvania. If I'm not mistaken, SJF is someone named Jason, who lives in Pennsylvania, and is frequently furious with the administration at the GMC.

  59. CAMD’s story makes no sense. Why would someone just randomly message him, and give him the username and password? This does not sit well.

  60. “Unknown” wouldnt harm the GMC in any way (I know him), and also, it wouldnt be “CAMD”, cause he’s (or he’s acting) too immature for this. Understand that some people earn money from distributing someone’s viruses. I’m guessing they just saw a forum with lots of users, and thought it would be a good hit. But that sounds too simple to be true. From what I’ve red in the “Smarty gets banned” topic, it’s much more wierd and complicated.

  61. You cant ip trace a users ip address and trace it back directly to them as it will go to the ISP whois query.

  62. SektorZ, why would someone who wants their virus to spread among a forum log in as the admin and start posting as Mark Overmars?

    Darahbi, you cannot trace a user, but you can find out the info of the person who registered the domain from which the trojan is coming from. You don’t need to do a whois for the PERSON, but the DOMAIN. The domain (TRAFFDOLLARS.BIZ ) leads back to one Jason Coffman, from Pennsylvania, US. Since the download was located in a directory on the server that was very close to the root (http://traffdollars.biz/dl/loadadv598.exe), it suggests that whoever did this did not try to hide the download from the server’s operator… and is probably THE server operator.

    Try doing a whois on the server I listed above (the same one from the mass trojan email) and you will see.

  63. “SektorZ, why would someone who wants their virus to spread among a forum log in as the admin and start posting as Mark Overmars?”

    Didnt know about that. But that’s probably becouse lots of people made it to the admin cp.

  64. “Friend of the GMC”, I don’t know who the fuck you think you are, but neither my son nor I had anything to do with the hacking. Not only are you accusing us of something wrongfully and without evidence, but you also are using false evidence yourself to promote your idea.

    My name is not Jason, nor is there any reason to believe my name is Jason. My name is Drew. Remember that; Maybe it’ll save you from making an ass out of yourself next time.

    As for my supposed motive to hurt GMC, yes.. I’ve stated many times that I do not like the GMC for some special reasons. Mark my words: If I wanted GMC to be down, it would be down, and it wouldn’t come back (at least not with the posts intact)

  65. and speaking on legal terms, Section 2, Point 6 of the wordpress (this blog’s sponsoring administration) legal agreement clearly states that any content posted must meet the following terms:

    “the Content is not obscene or libelous, and does not violate the privacy or publicity rights of any third party;”
    —–

    WordPress has removed blogs due to things posted on them by visitors before and would again if this was reported.

    Do not continue these actions against my family or myself. I will not hesitate to report your actions if this continues.

  66. Warning: This post may contain false information, please disregard it,

    GMNews

    CAMD is not your son. You speak of graduating high school in posts on the GMC, which do not date back that far, probably 1-2 years old. That would place you in the 18-20 age range. Since most people become able to have children at about the age 13-15, your "son" could only be about 7 years old, maximum. Do you want to try to convince me that CAMD is 7 years old? Stop these foolish games.

  67. I have gone into this too many times to mention, and you wouldn’t be worth my time to explain seeing as you are too thick to accept it anyway, but I am not the youth I made myself out to be earlier, and yes, I am Ryan’s father.

    You are querying why I have not atacked GMC? Perhaps because I do not want it to go down? I have never indicated that I wanted GMC to go down. Please, try to prove me wrong on that one. I would love to see whatever evidence you think you have on that.

    As for your indication that I am the hacker, you are not utilizing the criminal act commonly referred to as Defamation of Character. This blog keeps getting easier and easier to report for deletion. Try to think about how many people here know you in some other way, and will know that it is your fault that this site is removed. Would you like to continue making a fool of yourself?

  68. and for the record, I don’t know what the hell everyone keeps saying it for, but I have never once defended my son from a moderator punishing him. I never try to get him out of trouble he gets into. He is old enough to deal with his own consequences, and I don’t get involved. Where do you all get off spouting this garbage?

  69. I think it must be rumors.

  70. Well, posting rumors under the name “news” is never a good idea.

  71. You’re not old enough and he’s not young enough, case closed.

    Stop your tyraids already. Maybe you are not the hacker? Maybe you are. there is definitely enough proof on this forum alone to prove you’re one of the biggest, whiniest babies this side of the internet. Stop crying.

  72. Why can’t anyone belive sleepinjohnnyfish?
    You don’t know him,
    how do you know how old he is?(Just look at my name, just a while ago i was 14, now i am 33!)
    b.t.p. Blaming people for hacking isn’t going to get you anywhere,
    cuz it’s aready back up!

  73. *The FORUM is back up*

  74. “Friend of the GMC,” that post of yours gets in my list of top ten most hippocrital posts of all time. Just a note.

    … I am horribly sorry. I could not resist clicking the Submit Comment button after writing this.

  75. FOTG, you obviously don’t know my real age, so you might as well just shut the fuck up and go home. I no longer care whetehr or not you believe me, as I see no point in continuing this. The only proof I could give you would be a picture of me with Ryan, but that would undermine the entire point of me previously making myself out to be a child. I don’t want people seeing a picture of me because with age comes judgement. Suddenly if I act out, I’m considered a bad parent. If I stand up for Ryan, suddenly it’s because Im his father and not because I just think he didn’t do anything wrong.

    So this argument is over. You are wrong. I am right. Get over it.

  76. Sure. What parent would post about this kind of stuff, on a place their child visits, with that kind of language? Sit down, and shut up, loser.

  77. Erm… I do not think that kids are all of a sudden harmed by seeing a four letter combination… But thats just me.

  78. Neither do I, but any responsible parent would not knowingly or willfully expose their child to that kind of language.

  79. FFS! the only reason that CAMD is an part of this is because
    he told ME that an user named Admin_ was registrated and he was an admin..

    I went to gmc and i typed in Admin_ and the password: admin ..

    i told CAMD the password , but the forum was in meintenance and the admin_ was banned…

    ME , CAMD , SleepinJohnnyFish diden’t hack the GMC..

    -Unknown

    ___________________________

  80. Doesn’t anyone realize how easy it is, to just try a login name and pass(like _admin _admin)? and maybe it wasn’t even that!

  81. Hi

    Very interesting information! Thanks!

    G’night

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: