Here in the CodeCave I run a large Dark Net and report my findings to my Twitter followers. If you are not familiar with darknettin' this is the practice of having servers out on the Internet for bait to allow hackers to hack them. Folks do this for many different reasons but my reason is to learn the latest and greatest methods in use on the net today to break into networks.
Many times these servers are just trashed out. Hackers try to destroy them if they are discovered. I had a major exploit found in my FireFox add-in FlashGot. A hacker got in and trashed my system and then changed the password of the root account. Now this is a big deal since I need to log on to that server to gather the data to learn from this attack. Now what? I remembered a little physical access trick I learned a few years back at Linux users group conf from a guru. It works like this:
- Boot the system and get to the GRUB screen. I moved the arrow key so I did not go into normal boot mode.
- Select the version and hit the "E" key to edit the kernel
- Arrow key to the line that begins with Kernel and hit the "E" key
- At the GRUB Edit line, I just simply append the load string with a number 1. So it looks like this:
grub edit>/vmlinuz-2.5.9-22.DRnetsmp ro root=LABEL=/ rhgb quiet 1
- Now hit ENTER and B and the system will boot up into single user mode
- Newcastle time!!! A simple:
sh-2.5# passwd
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
I got in and grabbed the data and released the forensics to the open source community. I think that is a great example of how we learn from each other. Users groups are a great place but also are open blog postings. Hey, share your knowledge here! Got any good tips and tricks we can all learn from?
Jimmy Ray
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering and is a licensed professional engineer in Wisconsin.
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Hate to nitpick...
...but:
No. A "bait server" is a specific type of honeypot.
A darknet is typically defined as a trust-based virtual private network (darknets are almost always VPNs that use public infrastructure, simply because darknetters don't usually have money, time, or wherewithal to lay their own cabling from node to node). In a true darknet, all nodes on the network explicitely trust all other nodes. The term is mostly used with regard to file-sharing.
Reply to Switch
That is true and you are correct. Truthfully Darknet is really the project name of the sensornet we all participate in Worldwide. We are all Star Wars geeks also, so our thought was what would the network on the Dark Star be called, and the Darknet was adopted. I certainly should have been more clear on that. Good call
Thank you for the feedback
Jimmy Ray
Seriously?
NONE of you are Star Wars geeks if ANY of you thought about the network on the "Dark Star"!
Death Star anyone?
Cracker x Hacker confusion
Hi
It would be good if crackers were not referred to as hackers.
You see, the guy who came out with the grub tip is a hacker. The one who cracked the server is a cracker.
Cheers.
E.Lutz
Post new comment