.

My story.

<<

Dave

Newbie
Newbie

Posts: 4

Joined: Mon Aug 31, 2009 6:45 pm

Post Mon Aug 31, 2009 7:58 pm

My story.

Well... First of all, please don't make fun of me. I'm new to these forums as you see, but I hope I can fit here, and, who knows, make some friendships, that would be the best.

Well, I'm in a period of my life in which no one can help me except one of you guys, because I don't know what to do. I'm 16, and this is my story.

It has all started when I was 13. For the first time I got internet on my own computer, and there was everything very strange to me. I've learned to surf, I "got a life" in the virtual world, I got a moderator position on a warez forum. I think the hacking started in there. As any newbie started, I've met prorat and got to know with it. Not really breaking into other peoples computers. Actually, I only did it once, had my fun and disconnected. Then  I've continued to learn, simple things as HTML and PHP... And then, the phishing came... Some accounts phished and sold.. Made it almost for a year I think... In the meanwhile, I got bored of everything, I got "divorced" from hacking a few months, when I discover something at my school. A program called DeepFreeze that just wouldn't let you do anything. I searched and read a lot about it on the internet. The producers of it thought it was so good that they offered a prize to whoever was able to crack it. And it was. But it was just something out of my control. I couldn't learn if I wasn't able to know where the information was. So, downloaded a CD and cracked it by there, removing the password... It wasn't so much fun that way. The, did other script kiddie stuff, some admin passwords on Windows XP cracked on the school library, all that. But one day I used a simple method I've learned to search Admin Panels on websites, by just adding "admin.php" and others to the main website adress. The funny thing was, and this was when the real thing started, my high schools site had that. Something like "site.com/admin.php" no passwords, no security at all, right into the admin panel. I wasn't able to believe. My school also had some e-mail adresses provided by a main company that serves the schools, I did that on their website and I was able to acess most of the usernames and passwords used by schools to acess. I contacted the website explaining what I found there and they thank me. I felt good. A really good feeling. And so, I needed more. I had to have more acess to more stuff at my school. Because if such a failure was hapening in their website, then what else could I have acess? So, I got the e-mail and I phished the vice-director of my school. Clean shot, said and done. And currently have, and more plenty of other services that the school use, conversations she was with other directors and presidents. I got acess to plenty of stuff, plenty of password to sites that I shouldn't even know that they existed. But I want more. I want to prove them that their security is as bad as it can get. In the meanwhile, I notest something in the bar. So, the things worked like this: You go to the bar, you buy the ticket for the product you want, you go to the place you are served and you trade the ticket for the product, so, one day I notested the cash registers name and model, I gathered some money with other 3 friends, I bought a machine equal to the school, bough a ticket to each thing they had at school and I've programmed the cash register machine. We could eat for free at school, and nobody was knowing about nothing. Another thing triggered my attention, the coke machines. Ohh, old coke machines. I've tried the sooo old codes like 4-2-3-1, acessed the machines menu... Boring. I've searched on the internet how their lock worked, what was it, and how could be broken. They mostly use tubular locks, made in the 30s. It was a major breatrough because they were very good at the time, and very resistent to lockpicking. But... Found some ways to get over it. There was a tool capable of opening any tubular lock, which was this:

http://www.tubularpick.com/

But obviously it was too damn expensive to me. Bought some tubular locks and keys on eBay and made something like this:

http://www.youtube.com/watch?v=Rnbv8wfFICA

So, there was a coke machine at the gym, but there was always some employee in there. So we wait for some tournaments day at the gym, football, basquetball, whatever, as long as there was many people in there. I got closed to the machine while some friends covered me and opened the machine with sucess. Took a (not really good) photo, closed the machine and got off.

Next, the wireless networks in the school. Both students and teachers networks were encrypted with WEP. So, what was that, and how could it be cracked? We discover that the students could have acess to their network, but not so easily. They had to go with their laptop to the network manager, providing their MAC Adress and give them their laptop so he could enter the password. So, it had MAC Adress filtering. How to solve thing, how to hack it? My laptop doesn't have PCMCIA, only Express slots. So, made some money and bought something on eBay that did the same but being USB. With the monitor mode and packet injection. After some days (and nights) trying to find a correct way to crack my own network, I finally made it and never got so happy. So, went to school ready to crack theirs. Got a MAC Adress from a friend of mine which I used to sucessfully crack the students network and having acess. Now, the teachers network got cracked too. The security breach was that the "multimedia cars" as they call it on school, portable PCs with projectors with Internet connection, thad acess to the Teachers network. So, in one class, some friends distracted my teacher while another wrote on the CMD some comands I told and I wrote down the MAC Adress used by the machine. On the next break, the network had been cracked. Photos were taken to prove it, passwords were kept. I have also developped interest with cracking reall apps, software, as I am an administrator of a Warez forum in my country, and that's why I have studied assembly, read some courses about how to work with Olly Debugger, and was able to sucessfully crack 3 apps. I know it is not enough, but I had so much fun doing it, and I gave jumps of hapinness when I finally cracked each one lol. We've done almost everything. But I think it is still not enough...
I got one more year left at school. And I don't know what to do. I want to know, though, what do you guys think of me and of who I am and what I've done. Am I a script Kiddie? What can I improve? Well... Sorry guys for the big big text, but well it actually made me feel better to let this out and tell someone.

I would really, really apreciate some coments of experienced people. Thank you.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Mon Aug 31, 2009 8:31 pm

Re: My story.

About the story... well honestly I don't care much.  :/  Sorry, but that's what comes to mind as I read it here from work.  As for "where to go from here" I would suggest deciding what you want to do with your life.  If you want to be a computer security professional, stick around, check out the site some more, and read through the 'getting started' sections that are in the forum.  It sounds like you have a basic start on hacking, a mentality of wanting to learn more about things, and such. 

My suggestion, get a hold of a good TCP/IP book, learn how things flow over the wire (or air) and why.  Work on networking knowledge, some programming languages, and keep getting experience and working on getting certs.

Last tip, don't screw with peoples networks, machines, or locks without their permission, if you want to be part of this group.  If you want to do that, there are other groups more suitable.  I hope that was mildly useful, but if not, c'este la vie. 
"Bad.. Good?  I'm the guy with the gun"
<<

Dave

Newbie
Newbie

Posts: 4

Joined: Mon Aug 31, 2009 6:45 pm

Post Mon Aug 31, 2009 8:39 pm

Re: My story.

Thank you for your reply and your words. I will do it and thank you for the tip, would appreciate more. :)

And about the breaking and lockpicking, well, we don't stole anything, we (maybe me the most) just wanted to prove and test the security of the machine. Hey... This means something, right?

Image

:)

Thanks.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Sep 01, 2009 12:40 am

Re: My story.

Dave wrote:[...]
And about the breaking and lockpicking, well, we don't stole anything, we (maybe me the most) just wanted to prove and test the security of the machine. [...]


Which is still illegal.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Sep 01, 2009 2:59 am

Re: My story.

Dave,

welcome to the site. Don't take previous comments to heart and put you off learning more. You ask for advice and the best advice anyone could provide would be that which can keep you out of prison.

Lockpicking is an interesting skill, one which can be legitmately employed by a security professional (and one I'd admit I struggling to get the hang of). But there are plenty of ways to practice lockpicking without picking locks belonging to others. And you can still prove insecurities with some portable practice gear, plus if you can scare people by picking a practice lock you can then get permission to attempt the real thing.

Likewise wireless security can be fun to play with, but again I've found it relatively simple and inexpensive to setup a test lab for legal testing. And again after discussing the attack vectors and my capabilitie have been asked by a few to 'have a go' at their wireless networks. As well as being legal, you can't beat the look an a network admins face as he watches his WEP/WPA key appear before his eyes :)

If you really want to learn, stick around. Plenty of knowledgable folks around here willing to provide assistance if you can do some leg work and go about things the right way. Don (and others) often point out 'if you give a little, you can gain alot'.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Sep 01, 2009 7:19 am

Re: My story.

There are some great sites out there that allow you to practice exploits anything from rooting a box, SQL injecting a web app, or a complete pen test.  You can break anything you want, learn something, and not cause any damage.  There are tons of links to them in these forums.
~~~~~~~~~~~~~~
Ketchup
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Sep 01, 2009 7:19 am

Re: My story.

I really don't know how you guys formulated your replies to this. Not one time did I see Dave post that he was interested in going into security. It more appears he wants to know what else he can do to prove he has "skillz." Please correct me if I'm wrong...

Dave: My advice? Don't do illegal things.
<<

Dave

Newbie
Newbie

Posts: 4

Joined: Mon Aug 31, 2009 6:45 pm

Post Tue Sep 01, 2009 9:30 am

Re: My story.

I am interested in security. I've read some books, Mitnick's books, The Code Book by Simon Sigh, I love cyphers, crypting. The things we did were only because we were bored. It was a way to, somehow, give some color to our lives. It was never our intention to hurt anyone or anything in any way. We had acess to tests, exams, teachers computers, the website itself, and never did anything bad to any of them. So, no skills were proved. It was benign hacking. And I will study and stick around here. Have a book that g00d_4sh told me to read, "Understanding TCP/IP: A clear and comprehensive guide to TCP", have a CEH course, 9 DVDs ready to study. One thing at a time.
Last edited by Dave on Tue Sep 01, 2009 9:33 am, edited 1 time in total.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Sep 01, 2009 10:09 am

Re: My story.

Yes, I understand that you're interested in security. I got that part from your story.

If you're interested in going into security, as a career field and as a professional, then I would suggest you heed the advice of the group here and discontinue any illegal activities - to start.

Sounds like you've got a plan to follow past that. Good luck.
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Tue Sep 01, 2009 11:00 am

Re: My story.

I want to know, though, what do you guys think of me and of who I am and what I've done. Am I a script Kiddie? What can I improve? Well... Sorry guys for the big big text, but well it actually made me feel better to let this out and tell someone.


Well you are what you are and that’s your identify. I am not going to comment on your identify part. But I don’t think you are a script kiddie. You took the first step of coming out of all the illegal things by posting about yourself here and asking what next. So as all the above members suggested, stick around, share and learn, and always be on the ethical / legal / safe side. Always remember one thing – it is very easy to break a thing, but really difficult to protect it and requires some real talent too.

Happy and Safe Hacking :)
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

enzo

User avatar

Newbie
Newbie

Posts: 15

Joined: Mon Aug 31, 2009 8:10 am

Post Tue Sep 01, 2009 3:31 pm

Re: My story.

Love the glider sticker, heh, you have a friend in me.. :D
Why geeks like computers: unzip, strip, touch, finger, grep, mount, fsck, more, yes, fsck, fsck, fsck, umount, sleep.

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software