Puppy 5.1 hacked into remotely?

For discussions about security.
Message
Author
User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#21 Post by dru5k1 »

to answer your questions nooby

>we (mostly he) shared links to gifs, jpegs, and flash
>he does have his own server - he swears by the use of it's vnc passthrough/proxy whatever capabilities and p2p use also
>no I don't log my router's activities (I probably shouldn't be sharing that knowledge I think and should actively log from now on *facepalm*)
>it's all a mystery to me to be honest - how do you get through my router and then my firewall too?

User avatar
Karl Godt
Posts: 4199
Joined: Sun 20 Jun 2010, 13:52
Location: Kiel,Germany

#22 Post by Karl Godt »

Code: Select all

busybox-1.18.3 tcpsvd -v 127.0.0.1 100 busybox-1.18.3 ftpd /
can set up a port .

Example : downloading a directory ( little /etc in this case ) :

Code: Select all

cd /mnt/sda9/wget
wget -rv ftp://127.0.0.1:100/etc
But until now I was not able to inject a file with scp or curl .

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#23 Post by CLAM01 »

dru5k1,

Do you run samba? If you opened a folder of pictures to share, maybe translating through a samba-network-neighborhood or such it might have set up an environment that let your friend telnet into the "shared" space on your computer. I don't do samba, so I don't know what permissions are granted in puppy folders through it. But if all he managed was to run in a shared folder as a remote computer... That used to be pretty easy to do. I suppose doing something like that could be called a "hack" if done without permission. It's the kind of entry into a shared-files space that would slow your computer. Samba would be attempting to build a GUI to serve to a remote Windows environment. It should have been using a good deal of your cpu and keeping your net-activity blinky alight, with cpu temp and net Tx up.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#24 Post by Lobster »

Thanks Karl for being a CUR :wink:
(Puppy spreading Courage Understanding and Reassurance)
rather than a follower of FUD. :)
Did you 'think of the children'?
http://youtu.be/Qh2sWSVRrmo

That makes perfect sense to me
and also in technical terms seems very easy . . .

Pretty sure I have a static IP address (this is set up by the ISP)
http://whatismyipaddress.com/dynamic-static
Is there an easy way to use a dynamic IP address temporarily
for example if contacting SMERSH (gosh it actually exists)
http://en.wikipedia.org/wiki/SMERSH
or the Linux Users Conspiracy Klub (LUCK) 8)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#25 Post by Flash »

dru5k1, another question for you: were you running Puppy as root, or as a user with a login at the time your friend broke in?

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#26 Post by dru5k1 »

ok, I was running as root with no samba

just to let you know, I've updated my browser+flash and added
iptables -A INPUT -j DROP
to my /etc/rc.d/rc.firewall script (I figure these are good security measures), also I haven't talked to my friend as much just recently (he was ridding some windows machines of virii last time we spoke), and I haven't had any more intrusions (he just did that for fun, and he'll obviously know that I've got nothing juicy on my computer, so failing aggravating some net-savvy-linuxnet-savvy person I don't see the same incident happening again in the near future *fingers crossed*

(I feel quite confident actually :) - I asked him to try again, but he declined as he's busy)

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#27 Post by dru5k1 »

looking back over the thread,..

I *wish* I knew how this is done.. as far as I know it costs both money and time to learn though... I'm just an average web browser - it's way out of my league

postfs1

#28 Post by postfs1 »

To reedit up to date.
Last edited by postfs1 on Mon 28 Mar 2016, 00:50, edited 1 time in total.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#29 Post by Flash »

The guy who vandalized the forum a month or so ago used a TOR (anonymizer) server to hide his true IP address. Is that what you mean?

gcmartin

This Exploit should be examined by looking at our own PUPs

#30 Post by gcmartin »

Someone mentioned GUI being built by SAMBA.

I don't think that is possible in any current SAMBA. So SAMBA exploits merely would let you "see" files in the shared folder if you got desktop/SAMBA access.

The exploit that the OP seemingly referencing is about gaining access to executes some desktop function.

Althought this hack isn't considered a virus, it does constitute an examination of how the system could or would be used, depending on which access ANY user would do.

And, as many people whose eyes and comments we can put on this, should make for a much better solution.

Now, again, knowing what we currently know about Puppy, with/without a F/W, what is running or available to allow and support access over the LAN/WAN???

Hope this helps

User avatar
puppyluvr
Posts: 3470
Joined: Sun 06 Jan 2008, 23:14
Location: Chickasha Oklahoma
Contact:

#31 Post by puppyluvr »

:D Hello,
1. Do you have your firewall on??
2. Do you have any tangible evidence he had access to your system, or did he just slow it down?
3. Would you like to pay him back?
8)
Close the Windows, and open your eyes, to a whole new world
I am Lead Dog of the
Puppy Linux Users Group on Facebook
Join us!

Puppy since 2.15CE...

gcmartin

Syslog/Syslogd/syslog-ng

#32 Post by gcmartin »

Anyone know if its described somewhere how to properly implement syslog/syslog-ng in a modern PUP?

Thanks in advance

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#33 Post by nubc »

He's a bit of a joking snobby guy, only saying that the my browser was too old
Like he told you, it was probably a browser exploit. Try adding Ad Block Plus and a script stopper/blocker. Check Tuuxxx's Classic Pup 2.14X for a Flash blocker.

Post Reply