Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What would you do if you've compromised root access to servers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What would you do if you've compromised root access to servers

Lets keep the ethic bullshit out of this thread.
What would you do?

«13

Comments

  • NeoonNeoon Community Contributor, Veteran
    edited July 2015

    Notify them, if they dont care, make it Public/Sell it or keep it for yourself.

  • perennateperennate Member, Host Rep
    edited July 2015

    Notify the owner of the server, apologize to them, and explain how to fix the issue.

    What would you do @gupici?

    Thanked by 2gupici netomx
  • TrafficTraffic Member
    edited July 2015

    Infinity580 said: Depends if a Provider tells you, or you noticed it before they do.

    You misunderstood his question.

    @perennate said:
    Notify the owner of the server, apologize to them, and explain how to fix the issue.

    ...only to get yelled at and insulted. Almost everytime I tried to help someone to fix their systems' vulnerabilities I ended up being the bad guy.

  • jarjar Patron Provider, Top Host, Veteran

    @perennate said:
    Notify the owner of the server, apologize to them, and explain how to fix the issue.

    This, only I would add "anonymously through a seemingly infinite web of VPNs" since I would have now broken federal law by actively seeking to compromise someone else's system without their consent ;)

  • gupicigupici Member

    unlimited VPN, what else?

  • NekkiNekki Veteran

    @gupici said:
    Lets keep the ethic bullshit out of this thread.
    What would you do?

    Hentai@Home

    Thanked by 1netomx
  • rm -rf /

  • NomadNomad Member

    Without the ethic bullshit?

    Well... I'ld be cautious to not leave any fingerprints. Try hacking the other passwords of the admin, gather info about him and wait till I have a use for him/server.

    Thanked by 1gupici
  • raindog308raindog308 Administrator, Veteran

    @gupici said:
    Lets keep the ethic bullshit out of this thread.

    You're classy.

  • Multiple VPNS to the server, then leave a huge sign when he logs in saying you have been hacked now figure out how dumb ass. Yes I know this not the specific "right way" to do this, but it will get his attention in a hurry. It might also make him figure out where the hell his security is lacking and fix it. Then again who knows with people today.

  • ehabehab Member

    nothing .... don't do it again, no one gets away with it every time ....

    Thanked by 1ricardo
  • Karma is a bitch btw.

    Thanked by 2coolice adxn
  • How about notifying the owner of the server? Maybe run "exit"?

    Thanked by 1netomx
  • DamianDamian Member

    Are you in my base killing my dudes?

  • NomadNomad Member
    edited July 2015

    @HostMyBytes said:
    How about notifying the owner of the server? Maybe run "exit"?

    Err...

    gupici said: Lets keep the ethic bullshit out of this thread.

  • gupicigupici Member
    edited July 2015

    @HostMyBytes said:

    thats definitely one of many options, yes.

  • Force them to change password at next login?

    chage -d 0 root

  • nothing. at most, create a file they know shouldnt be there. log out.

  • ClouviderClouvider Member, Patron Provider

    Why would you compromise someone's server?

    You reckon it is illegal, right ?

  • AmitzAmitz Member
    edited July 2015

    Imagine it's your servers. And then just do what you want others to do in that situation. Ethical problem solved. Shit that you throw into fans always comes back one day in life. Just don't throw shit into fans and life is your friend.

    Do the Kant, man!
    https://en.m.wikipedia.org/wiki/Categorical_imperative

    Thanked by 3perennate coolice Pwner
  • Become a multimillionaire by selling access on h4ckf0rumz for $0.50 per user account.

  • deadbeefdeadbeef Member
    edited July 2015

    @Clouvider said:
    You reckon it is illegal, right ?

    Well, as some guy said around 2300 years ago (no kidding), "it's only illegal if they catch you".

  • deadbeefdeadbeef Member
    edited July 2015

    @Amitz said:
    Shit that you throw into fans always comes back one day in life.

    Very curious as to how do you know that. I understand it if it's part of your religion (formal or not). If it's not, let's see some hard data.

    Thanked by 1gupici
  • AmitzAmitz Member

    I have thrown a lot of shit into fans during the 40+ years of my life. Some (like me) learn things the hard way. ;-)

    Thanked by 1deadbeef
  • @Amitz said:
    I have thrown a lot of shit into fans during the 40+ years of my life. Some (like me) learn things the hard way. ;-)

    "anectodal stories open to interpretation". Not my cup of science, but thanks for the response!

    Thanked by 1gupici
  • gupicigupici Member

    @deadbeef said:

    man of science.

    Thanked by 1deadbeef
  • SetsuraSetsura Member
    edited July 2015

    @Nekki said:
    Hentai@Home

    Wow look at this guy. This is clearly the most dastardly response here.

    As for my answer, probably just look for anything interesting, like maybe private keys to other servers. Since we're assuming you already are in, you can probably assume whoever owns whatever server you're in wasn't very smart and left a hole for you to get in, so I'd probably roll the dice and add my own user for future uses.

    Thanked by 1gupici
  • 4n0nx4n0nx Member

    You probably didn't use Tor, so just do nothing. Otherwise maybe https://en.wikipedia.org/wiki/Website_defacement (just deface without damage)

  • KuJoeKuJoe Member, Host Rep

    Patch it. Back in high school I would regularly patch other peoples forums when 0-days were released. :)

    Thanked by 1inthecloudblog
  • @KuJoe said:
    Patch it. Back in high school I would regularly patch other peoples forums when 0-days were released. :)

    Or patch the high shool system :)

Sign In or Register to comment.