[–] rudyfink 17y ago ↗ Wow. Street justice does not fool around. [–] [dead] behe 17y ago ↗ Those are some pretty damn good passwords, too. Just goes to show a good password doesn't mean everything.
[–] [dead] behe 17y ago ↗ Those are some pretty damn good passwords, too. Just goes to show a good password doesn't mean everything.
[–] dchest 17y ago ↗ Summary: he stored all his passwords (for servers, Gmail, Skype, AIM, etc.) in allinfo.txt on his web server. [–] henning 17y ago ↗ Was it because his passwords were so long and complicated that he couldn't remember them? Irony. [–] csomar 17y ago ↗ this happen with me sometimes, i think that no one will think of this file to open or think of its content.Two mistakes he made 1- the file name is easy to guess 2- he allowed file listening in his server [–] dryicerx 17y ago ↗ I asked the guy who did this what the entry point was,The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password... [–] jerryji 17y ago ↗ Cool, that's why it's called HACKER news here :) [–] cliffy 17y ago ↗ You'd think that a self-professed hacker would know about password safes.
[–] henning 17y ago ↗ Was it because his passwords were so long and complicated that he couldn't remember them? Irony.
[–] csomar 17y ago ↗ this happen with me sometimes, i think that no one will think of this file to open or think of its content.Two mistakes he made 1- the file name is easy to guess 2- he allowed file listening in his server [–] dryicerx 17y ago ↗ I asked the guy who did this what the entry point was,The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password... [–] jerryji 17y ago ↗ Cool, that's why it's called HACKER news here :)
[–] dryicerx 17y ago ↗ I asked the guy who did this what the entry point was,The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password... [–] jerryji 17y ago ↗ Cool, that's why it's called HACKER news here :)
[–] bcl 17y ago ↗ Well, there is no way to confirm if the post is really true. Put it sure is funny as hell.Advice to mike, read up on a little project called Gnu Privacy Guard. [–] Sephr 17y ago ↗ Same issue here. I have a ton of my usernames and passwords for services, but I can't confirm if they are true.I wonder what I should do? Oh yeah, it's called logging on with them.
[–] Sephr 17y ago ↗ Same issue here. I have a ton of my usernames and passwords for services, but I can't confirm if they are true.I wonder what I should do? Oh yeah, it's called logging on with them.
11 comments
[ 2.7 ms ] story [ 18.8 ms ] threadTwo mistakes he made 1- the file name is easy to guess 2- he allowed file listening in his server
The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password...
Advice to mike, read up on a little project called Gnu Privacy Guard.
I wonder what I should do? Oh yeah, it's called logging on with them.