11:52 Story of my first break | |
BackgroundOnce at the dawn of the domestic Internet when modems were great administrators - bearded, FIDO - alive, computers - slow browser - IE, instead of provider - N, and to have to dial in modem pool for half an hour ... well a long time ago, at the end of the last millennium I studied in school.The fact that in our corner of the bear an opportunity to connect to the Internet, in principle - has been a grand event of regional scale. It was expensive, it was painfully slow and difficult, but it was. Like I said, I studied while at school. I must admit to digital Drugs I hooked early. It all began quite innocently in the fifth grade with the apparatus Elektronika MS 0511 "and the language BASIC. Nothing seems to be no signs of trouble. But even then, having written a couple of his first simple program and then port them to the personal home clone of the ZX-Spectrum (this machine, the fruit of the genius of Soviet engineers in electronics, in general deserves a separate review thick), I had a clear idea what I would do after school and the university. To be honest, the way it eventually happened. Then there was a severe Assembler, elegant, Delphi, C concise ... and then I graduated from high school B-) finish with a nostalgic introduction and proceed directly to the story. How it all began can write very much and long, but better than some other time. Who we areTeacher Information doted on our gang. With the different classes of the average secondary school district had accumulated a dozen people, which was enough to organize circle of computer science. By the time (and it was, if I'm not mistaken, 97'y year) in school was brought brand new shiny Pentium I with a clock speed of 166MHz, 64Mb RAM, OS Win95 in a quantity of four units and one modem.One. Modem! Then we come to know FIDO. We were delighted that it was possible to freely exchange information on the board and ehah. We were on the crest of a wave. Then, of course, we have tasted and Win98 with his [J3QQ4 ...], and possibilities of digital video and many other things. But, I think it is possible to work in the network finally seated us on the mouse-keyboard needle. "Hacking"With the advent of PCs in my house came the Internet. No, it did not come, but rather crawled.Constantly busy modem pool, remote connection every half hour, the speed of 20Kbit instead claimed fifty - that's something with which encountered. And, of course, price. Prices were just a space in comparison with what we have now. Something like the first time saved FIDO, but only two hours a day - while it had seemed very small. Internet service provider, only at that time was N. Clever "marketing" provider came up with two clever system of fair obtaining money from public services. In both cases, the drug internet was issued in batches. In the first case, a person for a fixed amount of money to buy an envelope, in which were treasured username and password on a fixed number of hours - five, ten or twenty. In the second case it was necessary to register in the billing system, buy a card at the N-ную amount of Russian money and use it to replenish svezhezaregistrirovanny account. After all these simple manipulations dials modem pool avtorizuemsya with their registration information and enjoy the regular portion of the information of heroin to the exhaustion of the balance sheet. Especially for those who have the registration data has not yet been, or the balance is zero round clever admin has been provided for a guest login, to which a person is not allowed on private office user. Now that's service! In principle, the more something and did not have anything for a happy life. Everyone was happy, cards and envelopes were sold in stalls all the "Press" and post offices, there were no signs of trouble. I do not know one if I was curious enough and whether more people at that time with the necessary level of computer literacy ... in general by comparing all the things that I had at that time, I spent some analysis. And I had not so much - have accumulated a triple envelope and a dozen cards of 100 and 500 rubles. In general, sparsely, but even that was enough for what would be simple to break, now I would but as children and did not mention. With the envelope it was pretty obvious. Username and password consisted of a combination of the Latin alphabet and numbers and to generate the random number generator. Bruteforce deal was absolutely pointless. With the cards are all turned out to be a lot easier. Brief brainstorming session showed that the 13-digit consists of 4 digits of its nominal value and a 9-digit card code directly. And in a private office, you can check a card balance. Normal POST-form, without authorization. Only on pin-code. Turing test, as you can imagine, then, too, were not very common. Modem dialer is (guest login is terminated after 15 minutes connection), a script that parses the server's response and wrote them in the log was written during the day. What else is necessary to begin the script kiddisu? Free phone! To put night was the first cycle of inspection. In the morning my arms were about 50 PINs hundred-ruble cards. Flushed with success I went to school, where after school in the study of informatics somewhat modernized the logic of the script. The next night was put a second cycle, which brought together about two hundred rooms. As a result, I am actively form bruteforce check the balance for five days. The culmination of thea child, I was smart and knew that if there is the slightest suspicion in my direction, will give me a phone number with giblets.That is why, as well as because of the outbreak intensified paranoia, on the sixth day of the attack, I stopped its activity, and after another two days, cleaned all traces of your own computer went to the central post office, where I found the admin responsible for the modem pool and gave him all the collected codes, and pointed to the vulnerability, in exchange for what he agreed to close the deal "on-quiet." He does not really smile to deal with their bosses, and I do not particularly want to deal with the police. As a result, the evening of the form is no longer worked, and some time later to check the card balance was necessary to enter her room and, in addition, according to rumors, all the queries were written in the server logs. Check the way it or not I have somehow decided not to:) EpilogueThen I became a student and became a kink at least fun to do, but for some reason the first time I remember most . On what happened during my student days I had as a write, if the mood.Now I am an ordinary programmer, engaged in the development of Web applications and is interested in security issues. Was this a way to use then before me, whether the company has suffered from this loss - it's me know. In general, all ended well and my data is no admin or "hacker" was not affected) Instead of the PSPost a long time ago pylilsya in the drafts and all the way was not possible to publish it.Situation and all the characters, of course, are fictional. Any coincidence with real facts and faces a random coincidence:) | |
|
| |
| Total comments: 0 | |