l33t hax0r strikes political campaign website... Film at 11.
I went to Phoenix last weekend for three reasons:
- to see my parents and brothers
- to get a haircut
- to go to a political fundraiser dinner being held at my folks' house.
I love seeing my parents. I could easily go to PHX for a week and do nothing but stay at their house and have the best time imaginable. My brothers... well, let's say that we're closer than "normal" brothers. I feel safe saying that. We were/are a close family. Maybe too close, as far as SO's are concerned. Maybe. Life is best when tempered with moderation. A little of everything certainly sounds fine by me. Anyway, back to the point: I wanted to see my family, I needed a haircut,
badly (I'm the guy on the right), and I wanted to see Sheriff Joe and
The Candidate.
An aside: I also heard that Joe Foss was to be there, and I've
always wanted to meet him. I was a big Marine warplane fan as a kid. Seriously. I was an avid Baa Baa Black Sheep fan (I even have -- somewhere -- an autographed picture of
Dirk Blocker), and built every warplane model I could find. I once got to sit in a Corsair, a Zero, a Hellcat, a Helldiver, a P-38, a P-51, and many other WWII aircraft at an airshow when I was 14. My grandfather (himself a Korean War 82
nd Airborne veteran) got all of us kids "backstage passes". I even met Maj. Boyington and the man who shot him down (whose name I have very regrettably forgotten). They had a little airshow mock battle going on. I liked those planes more than girls, you know? But anyway, Gen. Foss and my dad are bird hunting buddies, yet I've never met the man. Bummer for me. I wanted to ask him things. Politely, of course. But I also wanted to see everyone, including The Candidate.
The Candidate is an unnamed person who is running for an unnamed office. A big office, though. If he wins, he'll be the kind of guy who could seriously reduce the sentence of a grand theft verdict, you know? Good to at least have met. And my parents had all these Republican bigwigs at their house. And I'm generally unkempt. I was the
Libertarian in the Midst. It was fun. I ought to make a movie.
So I've made the short story very long. Brevity is not my strong point. So then the issue at hand:
[wee@lazlo wee]$ sudo nmap -P0 -O XX.XX.XXX.XX
Password:
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on (XX.XXX.XXX.XX):
(The 1527 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
80/tcp open http
135/tcp filtered loc-srv
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
161/tcp open snmp
162/tcp open snmptrap
443/tcp open https
1025/tcp open listen
1026/tcp open nterm
1032/tcp open iad3
5631/tcp open pcanywheredata
5800/tcp open vnc
5900/tcp open vnc
Remote OS guesses: Windows Me or Windows 2000 RC1
Nmap run completed -- 1 IP address (1 host up) scanned in 19 seconds
That's what I found about 90 seconds after The Candidate announce what his web site's URL was and I ran in and booted Colin off my mom's PC. Why so soon? Well, one of the people there was a guy who did John McCain's website for the presidential thing. The Candidate announced that this guy "invented political campaign websites" and was "a genius". I thought he was fairly snobby. I mean, candidates have had web sites before this smug arsehole, right? Sure! Then it dawned on me that this guy was basking in the limelight of a guy who does artwork for a living, not network/host security. He should no more be worried about the physical server his web-art is on than Rafael would have been worried that someone might steal his paints. He deals with the content -- not the medium, not the transport layer.
But the fact remains: someone, somewhere set up a Windows 2000 HTTP server. They downloaded no patches nor close any holes. They installed VNC. They installed PCAnywhere. (I wonder if maybe one doesn't work and why?) They have other stuff running. They plugged in a CAT5 cable. It's all bad.
(For the laypeople in the audience: The Candidate's web server is the kind of box that 14 year old
script kiddies cream their pants over. Left alone, that machine will eventually -- and very shortly -- be cracked into. Automatic scanning tools will find it and the kiddie will get admin privileges. It is an eventuality.)
So I bring this up while everyone is leaving my parent's house. I do it quietly. See, that web dude they love is on loan. And if he leaves because I say that his site sucks and is going to get hacked, then he'll leave. The Candidate knows that he only does content, but he's worried about embarrassment. I say "Well, someone should worry about security. It's very common for teenaged (and other) crackers to take over a machine and use it for hosting pornography downloads. Would The Candidate like it if the papers ran a story that started: "While graphically and contextually appealing, the real draw to The Candidate's website is the illegal pornography downloads placed there by crackers of every nationality..."?
Safe to say that The Candidate freaked. Badly. I was
seriously trying to play it down, too. It's not like I can make money off him by claiming he'll get hacked or anything. Shit, if I thought there was money to be made, I'd send him to The Grout. I don't need the headache. Nor the support issue. I don't like people calling me at all hours asking for work help. There's a
reason I never became an admin.
I mailed off the results to the campaign manager. I actually told him to install
Tiny Personal Firewall. I first mentioned a Cisco-based hardware solution, but then realized that I would always have to support it (and couldn't). Not good. Anyone can work with a software firewall, right? It works, right? Point and click: "deny all except web". It works enough, anyway. I did my part to save The Candidate some money and hassle. Likely he won't get hacked.
Although I really wanted to tell Grout what The Candidate's IP address was. It would have been funny to show The Candidate a directory listing of C: before he left my parents' house... :-)