A Hacker can attack his own community? At the 1st August the site www.backbox.org has been defaced by a group of crackers known under the name of eMP3R0r_TEAM. Their page has been online for about 2 hours before the site has been restored back. This attack has been successfully due to a misconfiguration of the shared server of a well known Italian internet service provider that hosts our pages which is for several days has exposed the home location of thousands of users to attacks by crackers! Fortunately backbox.org was the only site to have been defaced, but has not ruled out that other data has been stolen for future attacks at other sites. Our analysis has identified more than 5000 vulnerable accounts!
As you know BackBox is a community that part of the Free/Open Source Software, simply developing a Linux distribution, and would not have expected such an attack. We do not adhere to any side that would define us as a subject of attack. A hacker has valid reasons to attack a specific entity, would do it for moral principles, ethical and ideological. Assuming that a hacker will never attacked a proper communities in our case we are dealing with a group of unstable that running random attacks as soon as they detect any known vulnerability on any web portal.
Of course even if what happened was truely sad we had not discouraged and not lose heart. After restoring back online our web site we start to investigate to get further information. We have analyzed step by step the entire attack process by reverse and we were able the gathered useful information (including personal detail) about attackers.
The “dreaded” eMP3R0r_TEAM is a group of iranian activists who carry out attacks randomly on whole potential vulnerable web sites by targeting mostly European sites. During our investigation and analysis we were able to obtain the complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity. Just to make you some idea of a character who loves to dress brand, Tissot watches wears expensive, attends ski resorts of Uludag (Turkey) and has some very expensive computer equipment (laptop lenovo generation, etc..). The character that we dealing with is Amir Hosein, born in on 21/10/1983 in Hell (Tehran) Iran. He works full-time on IT security and he seems to be the head of a small team.
Returning to the technical aspects of the attack…
The issue has had dramatic implications for how it was managed by the our ISP. As we talking about a hosting shared in that case the responsibility of what happened is completely belong to ISP. Despite our repeated emails, the ISP has snubbed the entire story by not providing any kind of support and also denying us to access log to our site!
The attack began through one of the website with a Joomla installation insecure that reside on server where our site located. The crackers violating this CMS site and have uploaded a webshell with which they were able to read the backbox.org home directory. Strangely, for several days the home directory of all hosts on the shared server could be navigated easily by any user by allowing them also to read the configuration files. After heaving read the data relating to the installation of our forum (SMF) and using the same webshell they have changed the MySQL database records for the account admin and then getting administrative privileges/access to the forum. By obtaining the highest privileges there were quite easy for them to uploading a backdoor into the home of backbox.org through which they were able to modify the index.php file of our site.
After having confirmed the information above specified, by demonstrating how the data of all users of provider were exposed (and we were doing the entire job for provider), the provider have finally decided to pay attention to us and only after 5 days (since when we have noticed to them this issue) they were able to correct this vulnerabilities by setting correctly privileges for each user on server.
In on of their statement that they sent to us they says that after a careful analysis we have confirmed the vulnerability, which was occurred after an upgrade to a newer version of php. In short, the permissions of the public_html directory of “some accounts” were set up with incorrect values … (?)
The whole event/process is incredible… “a few accounts” as they say, are actually more than 5000 sites hosted on their servers. Since now the provider have no released any official declaration regardin! An “oversight” of this magnitude should be made known as soon as possible in order to give users the ability to backup their data and change the passwords of their sites.
Actually (I mean right now), it seems to be not accessible/readable anymore the user home directories from neighbor/other accounts. That’s why we have decided to release this news after the issue has been fixed. We would like to get further attention of our provider to remain vigilant, it is possible that the crackers are in possession of other information that could compromise the security of the entire server again.
Regarding eMP3R0r_TEAM must be said that they’ve been kindly after all, by not causing big harm. By the way, an attack like this certainly not honored.
That is only the first part of our investigation…
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2011-08-05 23:59:002018-10-20 16:46:32The chronicle of an attack!
The BackBox Linux 2 Artwork Contest is started! Your mission is to create a Wallpaper for BackBox Linux 2. Must be at least 1920px wide in 16:9 and 4:3 aspect ratio and .jpg or .png format. The theme is free but we prefer futuristic environments ispired to fantascientific movies like “Tron Legacy”, with an innovative design and electric colors (blue, black and gray are preferred). Using the BackBox logo is allowed, you can download it from the artworks page of this site.
Other rules:
Submissions not fitting these criteria will be subject to rejection. By submitting, you grant BackBox the right to reproduce your artwork with reasonable attribution in any way we see fit without compensation. We reserve the right not to choose a winner.
Any technique or medium may be used, as long as the final submission is in specified digital format. If you use stock photos, art, etc., make sure it is either public domain or that you own the rights to it.
Submission Deadline:
All submissions must be received by July, 2011
Submit entries to:
info [at] backbox .org
Submission info to include:
Real name or desired nick/handle if any and a title and description of your piece.
Additional Specs:
All entries must be within size parameters listed above. Final entries should be in 300dpi .png or .jpg format. The works can be in .ai or .psd format. Delivery is the responsibility of the entrant, if the entry is too large to email you may post it online for download.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2011-05-26 22:41:002018-10-02 21:38:43BackBox Linux 2 Artwork Contest
The BackBox team is proud to announce the release of BackBox Linux 1.05. BackBox Linux 1.05 features the following upstream components: Ubuntu 10.04, Linux 2.6.32 and Xfce 4.6.1
What’s new
New ISO image (32bit & 64bit)
System upgrade
Performance boost
New look and feel
Improved start menu
Bug fixing
Hacking tools new or updated: Firefox 4, Hydra 6.2, Kismet 2011.03.2, Metasploit Framework 3.6.0, NMap 5.51, SET 1.3.5, SqlMap 0.9, sslstrip 0.8, w3af 1.0-rc5, weevely 0.3, WhatWeb 1.4.7, Wireshark 1.4.5, Zaproxy 1.2, etc.
System requirements
32-bit or 64-bit processor
256 MB of system memory (RAM)
2 GB of disk space for installation
Graphics card capable of 800×600 resolution
CD-ROM drive or USB port
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2011-05-01 16:59:002018-10-02 21:39:15BackBox Linux 1.05 released!
The team is proud to announce the release of backbox-fluxbox package. This release aims to be lean and fast on your desktop. FluxBox should be able to run on older hardware allowing people with weak to mediocre machines to enjoy the awesomeness of BackBox Linux. During the development of this package, our goal was to achieve a very delicate balance between a minimalistic and an easy to use setup which we hope we have done. Now the menu is self-generated, no manual editing… Therefore you can install any tool simply with synaptic or apt-get and the menu will auto rebuild itself. It’s that simple!
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2011-03-18 02:36:002018-10-02 21:39:21BackBox Linux now with FluxBox window manager!
L’esperienza milanese si conclude nel migliore dei modi per i “Jumpin Jester” 4 ragazzi di origine sarda che hanno deciso di partecipare alla quarta edizione dell’ormai noto evento “Cracca al Tesoro”.
Questa edizione ha visto sfidarsi ben 22 squadre per un totale di circa 100 partecipanti provenienti da tutta italia: Trento, Sassari, Varese, Torino, Pistoia, Fidenza e altre città della penisola.
Armati di vistose antenne le squadre hanno dovuto individuare cinque access point apprestati per l’occasione, quindi penetrare nei server ad essi collegati, configurati in modo da poter essere violati in modo più o meno facile. Una sala di controllo riceveva e verificava le avvenute intrusioni, poi stava ai concorrenti reperire indizi per proseguire ed ottenere le istruzioni che facevano guadagnare punti.
I Jumpin Jester equipaggiati appunto con BackBox Linux e sponsorizzati da Akhela hanno ottenuto 36 punti classificandosi cosi secondi alla loro prima partecipazione al CAT (primi i ragazzi di E-Quipe di Torino, terzi i Crackers Salati di Trento). Emilio Pinna, aka norby, studente di ingegneria informatica presso il Politecnico di Torino nonché nostro collaboratore ci ha fatto un breve resoconto della sua esperienza di cui riporto le parti più interessanti.
I 5 access point, sparsi in alcuni negozi della zona di Corso Como, proteggevano due macchine su cui fare breccia con ogni mezzo. La partenza della gara (ore 14.30) è stata abbastanza lenta per tutti… Sia per la difficoltà a trovare gli access point ufficiali, sia per i numerosi burloni che inondavano l’etere di finti beacon al fine di confondere gli avversari. La maggior parte di essi erano protetti con un’inefficace cifratura WEP abbastanza facile da craccare a patto di aver localizzato correttamente la posizione degli access point. Una volta entrati in possesso della password e guadagnati i primi 5 punti, era necessario scoprire velocemente gli IP delle macchine da attaccare. Gli utenti erano separati dalle macchine bersaglio con VLAN proprio per evitare che i partecipanti si attaccassero tra di loro (credendo fossero le macchine target). Motivo di confusione è stato l’uso di netmask /25, al contrario della solita /24, che ha tenuto impegnati i partecipanti meno preparati durante l’host discovery. Altra forma di protezione è stata l’adozione di tecniche per il flood protection che ha complicato e non di poco la mappatura della rete tramite port-scan.
Gli host e le vulnerabilità esposte erano diverse: la prima, con cui tanti si sono confrontati, era un SQL injection sfruttabile in maniera abbastanza banale, ma corredata di un limite di 5 tentativi e di un filtro sul tipo di dato inserito nel form exploitabile. Il filtro era in javascript lato browser e i tentativi venivano contati sul PHP session ID. Lascio a voi immaginare i due semplici passaggi da fare per bypassare queste protezioni. La seconda prova esponeva il codice dei cgi del server per permettere un veloce auditing allo scopo di trovare il giusto punto di attacco. Gli access point successivi al terzo erano protetti da WPA, compito di uno degli organizzatori era il generare il giusto traffico per permettere la cattura dell’handshake su cui fare il bruteforce delle password.
Come al solito la parte più scenografica dell’evento erano le tante squadre corredate di antenne di tutti i tipi, dalle Yagi al lungo tubo omnidirezionale dell’organizzatore Mayhem, dalle alte e pesanti antenne direzionali alle antennine di default incluse nelle schede wireless usb esterne Alpha (usate dalla gran parte dei partecipanti). Le squadre più attrezzate avevano dietro un carrello della spesa che conteneva gruppi di continuità o come nel caso dei Jumpin Jester, una batteria di macchina e un inverter, che hanno permesso di tenere accesi i pc con meno autonomia per tutto il tempo della gara.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2011-03-13 21:13:002018-10-02 21:39:30CAT2011, sul podio la squadra equipaggiata con BackBox!
A meno di una settimana dall’evento, il team di BackBox Linux scende in campo a sostegno di quello che molti definiscono uno degli eventi piu interessanti nel panorama hacker italiano. Come molti di voi sapranno il CAT (cracca al tesoro) è una iniziativa giunta alla sua quarta edizione, quest’anno si svolgerà a Milano e vedrà la partecipazione di tanti appassionati di sicurezza giunti da tutta Italia. Lo scopo del gioco è ottenere l’accesso ai vari sistemi configurati per l’occasione, la squadra che otterrà il punteggio più alto verrà proclamata vincitrice.
Il nostro team, in accordo con gli organizzatori dell’evento, ha deciso di sostenere questa iniziativa al fine di sensibilizzare gli utenti sul tema della sicurezza informatica. Se da un lato un’iniziativa simile mette in evidenza i piu comuni errori di configurazione dall’altro si configura volutamente come un gioco… Sperimentare, confrontarsi, mettersi in discussione è il miglior modo per affrontare queste tematiche non solo da parte dei professionisti ma anche per i semplici appassionati.
Sabato 12 Marzo il team di BackBox Linux sarà a disposizione dei partecipanti per supportare tecnicamente chiunque ne avesse la necessità ma il nostro contributo non si limiterà solo a questo… Cercheremo di tenervi informati su tutto ciò che accade in diretta, Twitter, Facebook e IRC saranno i nostri canali di comunicazione.
A partire da questa iniziativa il nostro team e gli stessi promotori del CAT contano di lavorare insieme al fine di promuovere ed incentivare iniziative simili il cui scopo è unire le varie realtà italiane del settore.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2011-03-07 12:38:002018-10-02 21:40:1712 Mar, BackBox Linux @ CAT2011
The chronicle of an attack!
/in NewsA Hacker can attack his own community? At the 1st August the site www.backbox.org has been defaced by a group of crackers known under the name of eMP3R0r_TEAM. Their page has been online for about 2 hours before the site has been restored back. This attack has been successfully due to a misconfiguration of the shared server of a well known Italian internet service provider that hosts our pages which is for several days has exposed the home location of thousands of users to attacks by crackers! Fortunately backbox.org was the only site to have been defaced, but has not ruled out that other data has been stolen for future attacks at other sites. Our analysis has identified more than 5000 vulnerable accounts!
As you know BackBox is a community that part of the Free/Open Source Software, simply developing a Linux distribution, and would not have expected such an attack. We do not adhere to any side that would define us as a subject of attack. A hacker has valid reasons to attack a specific entity, would do it for moral principles, ethical and ideological. Assuming that a hacker will never attacked a proper communities in our case we are dealing with a group of unstable that running random attacks as soon as they detect any known vulnerability on any web portal.
Of course even if what happened was truely sad we had not discouraged and not lose heart. After restoring back online our web site we start to investigate to get further information. We have analyzed step by step the entire attack process by reverse and we were able the gathered useful information (including personal detail) about attackers.
The “dreaded” eMP3R0r_TEAM is a group of iranian activists who carry out attacks randomly on whole potential vulnerable web sites by targeting mostly European sites. During our investigation and analysis we were able to obtain the complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity. Just to make you some idea of a character who loves to dress brand, Tissot watches wears expensive, attends ski resorts of Uludag (Turkey) and has some very expensive computer equipment (laptop lenovo generation, etc..). The character that we dealing with is Amir Hosein, born in on 21/10/1983 in Hell (Tehran) Iran. He works full-time on IT security and he seems to be the head of a small team.
Returning to the technical aspects of the attack…
The issue has had dramatic implications for how it was managed by the our ISP. As we talking about a hosting shared in that case the responsibility of what happened is completely belong to ISP. Despite our repeated emails, the ISP has snubbed the entire story by not providing any kind of support and also denying us to access log to our site!
The attack began through one of the website with a Joomla installation insecure that reside on server where our site located. The crackers violating this CMS site and have uploaded a webshell with which they were able to read the backbox.org home directory. Strangely, for several days the home directory of all hosts on the shared server could be navigated easily by any user by allowing them also to read the configuration files. After heaving read the data relating to the installation of our forum (SMF) and using the same webshell they have changed the MySQL database records for the account admin and then getting administrative privileges/access to the forum. By obtaining the highest privileges there were quite easy for them to uploading a backdoor into the home of backbox.org through which they were able to modify the index.php file of our site.
After having confirmed the information above specified, by demonstrating how the data of all users of provider were exposed (and we were doing the entire job for provider), the provider have finally decided to pay attention to us and only after 5 days (since when we have noticed to them this issue) they were able to correct this vulnerabilities by setting correctly privileges for each user on server.
In on of their statement that they sent to us they says that after a careful analysis we have confirmed the vulnerability, which was occurred after an upgrade to a newer version of php. In short, the permissions of the public_html directory of “some accounts” were set up with incorrect values … (?)
The whole event/process is incredible… “a few accounts” as they say, are actually more than 5000 sites hosted on their servers. Since now the provider have no released any official declaration regardin! An “oversight” of this magnitude should be made known as soon as possible in order to give users the ability to backup their data and change the passwords of their sites.
Actually (I mean right now), it seems to be not accessible/readable anymore the user home directories from neighbor/other accounts. That’s why we have decided to release this news after the issue has been fixed. We would like to get further attention of our provider to remain vigilant, it is possible that the crackers are in possession of other information that could compromise the security of the entire server again.
Regarding eMP3R0r_TEAM must be said that they’ve been kindly after all, by not causing big harm. By the way, an attack like this certainly not honored.
That is only the first part of our investigation…
BackBox Linux 2 Artwork Contest
/in ReleasesThe BackBox Linux 2 Artwork Contest is started! Your mission is to create a Wallpaper for BackBox Linux 2. Must be at least 1920px wide in 16:9 and 4:3 aspect ratio and .jpg or .png format. The theme is free but we prefer futuristic environments ispired to fantascientific movies like “Tron Legacy”, with an innovative design and electric colors (blue, black and gray are preferred). Using the BackBox logo is allowed, you can download it from the artworks page of this site.
Other rules:
Submissions not fitting these criteria will be subject to rejection. By submitting, you grant BackBox the right to reproduce your artwork with reasonable attribution in any way we see fit without compensation. We reserve the right not to choose a winner.
Any technique or medium may be used, as long as the final submission is in specified digital format. If you use stock photos, art, etc., make sure it is either public domain or that you own the rights to it.
Submission Deadline:
All submissions must be received by July, 2011
Submit entries to:
info [at] backbox .org
Submission info to include:
Real name or desired nick/handle if any and a title and description of your piece.
Additional Specs:
All entries must be within size parameters listed above. Final entries should be in 300dpi .png or .jpg format. The works can be in .ai or .psd format. Delivery is the responsibility of the entrant, if the entry is too large to email you may post it online for download.
BackBox Linux 1.05 released!
/in ReleasesThe BackBox team is proud to announce the release of BackBox Linux 1.05. BackBox Linux 1.05 features the following upstream components: Ubuntu 10.04, Linux 2.6.32 and Xfce 4.6.1
What’s new
System requirements
BackBox Linux now with FluxBox window manager!
/in NewsThe team is proud to announce the release of backbox-fluxbox package. This release aims to be lean and fast on your desktop. FluxBox should be able to run on older hardware allowing people with weak to mediocre machines to enjoy the awesomeness of BackBox Linux. During the development of this package, our goal was to achieve a very delicate balance between a minimalistic and an easy to use setup which we hope we have done. Now the menu is self-generated, no manual editing… Therefore you can install any tool simply with synaptic or apt-get and the menu will auto rebuild itself. It’s that simple!
CAT2011, sul podio la squadra equipaggiata con BackBox!
/in NewsL’esperienza milanese si conclude nel migliore dei modi per i “Jumpin Jester” 4 ragazzi di origine sarda che hanno deciso di partecipare alla quarta edizione dell’ormai noto evento “Cracca al Tesoro”.
Questa edizione ha visto sfidarsi ben 22 squadre per un totale di circa 100 partecipanti provenienti da tutta italia: Trento, Sassari, Varese, Torino, Pistoia, Fidenza e altre città della penisola.
Armati di vistose antenne le squadre hanno dovuto individuare cinque access point apprestati per l’occasione, quindi penetrare nei server ad essi collegati, configurati in modo da poter essere violati in modo più o meno facile. Una sala di controllo riceveva e verificava le avvenute intrusioni, poi stava ai concorrenti reperire indizi per proseguire ed ottenere le istruzioni che facevano guadagnare punti.
I Jumpin Jester equipaggiati appunto con BackBox Linux e sponsorizzati da Akhela hanno ottenuto 36 punti classificandosi cosi secondi alla loro prima partecipazione al CAT (primi i ragazzi di E-Quipe di Torino, terzi i Crackers Salati di Trento). Emilio Pinna, aka norby, studente di ingegneria informatica presso il Politecnico di Torino nonché nostro collaboratore ci ha fatto un breve resoconto della sua esperienza di cui riporto le parti più interessanti.
I 5 access point, sparsi in alcuni negozi della zona di Corso Como, proteggevano due macchine su cui fare breccia con ogni mezzo. La partenza della gara (ore 14.30) è stata abbastanza lenta per tutti… Sia per la difficoltà a trovare gli access point ufficiali, sia per i numerosi burloni che inondavano l’etere di finti beacon al fine di confondere gli avversari. La maggior parte di essi erano protetti con un’inefficace cifratura WEP abbastanza facile da craccare a patto di aver localizzato correttamente la posizione degli access point. Una volta entrati in possesso della password e guadagnati i primi 5 punti, era necessario scoprire velocemente gli IP delle macchine da attaccare. Gli utenti erano separati dalle macchine bersaglio con VLAN proprio per evitare che i partecipanti si attaccassero tra di loro (credendo fossero le macchine target). Motivo di confusione è stato l’uso di netmask /25, al contrario della solita /24, che ha tenuto impegnati i partecipanti meno preparati durante l’host discovery. Altra forma di protezione è stata l’adozione di tecniche per il flood protection che ha complicato e non di poco la mappatura della rete tramite port-scan.
Gli host e le vulnerabilità esposte erano diverse: la prima, con cui tanti si sono confrontati, era un SQL injection sfruttabile in maniera abbastanza banale, ma corredata di un limite di 5 tentativi e di un filtro sul tipo di dato inserito nel form exploitabile. Il filtro era in javascript lato browser e i tentativi venivano contati sul PHP session ID. Lascio a voi immaginare i due semplici passaggi da fare per bypassare queste protezioni. La seconda prova esponeva il codice dei cgi del server per permettere un veloce auditing allo scopo di trovare il giusto punto di attacco. Gli access point successivi al terzo erano protetti da WPA, compito di uno degli organizzatori era il generare il giusto traffico per permettere la cattura dell’handshake su cui fare il bruteforce delle password.
Come al solito la parte più scenografica dell’evento erano le tante squadre corredate di antenne di tutti i tipi, dalle Yagi al lungo tubo omnidirezionale dell’organizzatore Mayhem, dalle alte e pesanti antenne direzionali alle antennine di default incluse nelle schede wireless usb esterne Alpha (usate dalla gran parte dei partecipanti). Le squadre più attrezzate avevano dietro un carrello della spesa che conteneva gruppi di continuità o come nel caso dei Jumpin Jester, una batteria di macchina e un inverter, che hanno permesso di tenere accesi i pc con meno autonomia per tutto il tempo della gara.
12 Mar, BackBox Linux @ CAT2011
/in NewsA meno di una settimana dall’evento, il team di BackBox Linux scende in campo a sostegno di quello che molti definiscono uno degli eventi piu interessanti nel panorama hacker italiano. Come molti di voi sapranno il CAT (cracca al tesoro) è una iniziativa giunta alla sua quarta edizione, quest’anno si svolgerà a Milano e vedrà la partecipazione di tanti appassionati di sicurezza giunti da tutta Italia. Lo scopo del gioco è ottenere l’accesso ai vari sistemi configurati per l’occasione, la squadra che otterrà il punteggio più alto verrà proclamata vincitrice.
Il nostro team, in accordo con gli organizzatori dell’evento, ha deciso di sostenere questa iniziativa al fine di sensibilizzare gli utenti sul tema della sicurezza informatica. Se da un lato un’iniziativa simile mette in evidenza i piu comuni errori di configurazione dall’altro si configura volutamente come un gioco… Sperimentare, confrontarsi, mettersi in discussione è il miglior modo per affrontare queste tematiche non solo da parte dei professionisti ma anche per i semplici appassionati.
Sabato 12 Marzo il team di BackBox Linux sarà a disposizione dei partecipanti per supportare tecnicamente chiunque ne avesse la necessità ma il nostro contributo non si limiterà solo a questo… Cercheremo di tenervi informati su tutto ciò che accade in diretta, Twitter, Facebook e IRC saranno i nostri canali di comunicazione.
A partire da questa iniziativa il nostro team e gli stessi promotori del CAT contano di lavorare insieme al fine di promuovere ed incentivare iniziative simili il cui scopo è unire le varie realtà italiane del settore.