The Planet's Most Moronic Hacker

RawGutts writes "This is the story of "bitchchecker" (the hacker) a user who lost it because he thought he had been kicked of an IRC channel by "Elch". The hacker comes back on the channel threatening to hack and ruin Elch's machine, and dares Elch to give his IP address. The address given was 127.0.0.1. "

I'll bet everyone $10

[gowen]

That this is a hoax. It's simply not feasible.

A slightly different twist...

[ChrisPaget]

I call my main work machine "localhost". Confuses the hell out of a surprising number of people and programs...:)

sanity check

[evenprime]

I think everyone who writes sploits should include a small quiz at the front. If the script kiddie is dumb enough to not know that 127.0.0.1 is a loopback address, they should not be allowed to run the sploit.

Re:People

[codepunk]

I can tell you that I know some of the most moronic people in the world that I have set up with linux and they use it everyday without a problem. I also run a manufacturing floor 400+ desktops and get maybe one call a week so take your crap and spout it to somebody that will believe it.

Re:sanity check

[Ecio]

Why shouldnt they be allowed to run the sploit against themselves ? :D

Re:A slightly different twist...

[British]

I didn't want my real name showing on as a subhost, so I changed it to 'firewall'. That worked for a while until the nice IT person told me to change it from the confusion ensuing.

I'll take that bet...

[mykepredko]

I volunteer at a local high school helping a teacher explain introductory programming and interfacing using a Microchip PIC MCU. Last year, we had a kid that told us that he should just be given the credit because he was so good with computers.

The kid was, of course, an idiot. He could never get an assignment done because, in his words, it was too easy and beneath him. A sample assignment that he couldn't do would be to flash an LED once per second by writing an application in C - my version of the program was about 8 lines long.

After a sit down trying to level set him and tell him he wasn't as smart as he thought he was, he berated me and the teacher and told us that he was going to show us how good he was and trash our systems. I told him go for it, as I had a router firewall as well as a software firewall on my PC at home.

He asked for my IP and wrote "127.0.0.1" carefully on his hand.

The school didn't see him for a week and when he came in, he accused me that to stop him from hacking my computer, I hacked his. His parents were pretty agitated because the home computer was trashed and they wanted to bring a lawsuit against me.

We explained to the parents that 127.0.0.1 was the local PC's IP address and any attacks directed against this IP would actually be on the launching computer. We told them to go to a computer store and confirm what we were saying. We never heard back from the parents and the kid never returned to the class.

I've told a few people that if they want to show off how good they are, let's see them hack my computer at 127.0.0.1 over the years (it's in "123 Robot Experiments for the Evil Genius") and 60% of the time they've gotten the joke immediately. For the remainder, except for this one time, everybody else has figured it out before damage was done.

myke

Re:warez.phantom.com

[Anonymous Coward]

$ dig warez.mcc.ac.uk

; <<>> DiG 9.3.1 <<>> warez.mcc.ac.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20043
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;warez.mcc.ac.uk. IN A

;; ANSWER SECTION:
warez.mcc.ac.uk. 3600 IN A 127.0.0.1

;; AUTHORITY SECTION:
mcc.ac.uk. 2895 IN NS utserv.mcc.ac.uk.
mcc.ac.uk. 2895 IN NS curlew.cs.man.ac.uk.
mcc.ac.uk. 2895 IN NS gannet.scg.man.ac.uk.

;; ADDITIONAL SECTION:
utserv.mcc.ac.uk. 2895 IN A 130.88.200.6
curlew.cs.man.ac.uk. 11579 IN A 130.88.13.7
gannet.scg.man.ac.uk. 43500 IN A 130.88.94.110

;; Query time: 201 msec
;; SERVER: 64.182.4.32#53(64.182.4.32)
;; WHEN: Wed Apr 27 07:57:21 2005
;; MSG SIZE rcvd: 186

Re:I'll bet everyone $10

[B3ryllium]

You can netsend with Samba, you know :)

Re:Yes, there are people that dumb

[doublem]

his computer is still running an IRC after half the hard drive is supposedly gone.

If "Program Files" and the System root are in the second half that's being deleted, and it's a delete and not a format, then yes, I can see that happening.

As a matter of fact I have seen this happen before. At a former job, we had a sales guy who insisted on "cleaning up" his hard drive every now and then. In Windows 98 he deleted large swaths of the Windows directory and Program Files, and the system ran for the rest of the day. When he rebooted however, the system was dead.

The same sales guy did it again during the W2K roll out. The users all had admin accounts on their machines (Don't ask, it was because of a political nightmare involving a management staff who thought having less than an administrator account meant they were being treated like children.)

Anyway, he tried to delete the c:\winnt folder, and kept at it while getting error messages about files being in use. He finally called IT when he got tired of "File in use" errors. I got up there and listened politely as he explained what he'd been doing.

"You know of course that Windows 2000 is based on Windows NT, right?"

"Yeah, but I'm not running NT, so I don't need it."

"In Windows 2000, the WINNT folder is the same thing as the Windows directory in 98. Did you notice that you don't have a Windows directory?"

He tried to reboot, and sure enough, the system was dead.

A management meeting ensued where I had to defend "Renaming the Windows directory" on the new Windows 2000 systems. The fact that it's the default name, and that the systems came from Dell that way, meant nothing. The company owner repeatedly told me to "Just rename it, I don't see why you'd have to redo the server."

The moral of the story is of course, that Windows is surprisingly resilient in terms of running as vital system files are deleted from underneath it.

Re:Other fun IP addresses to attack!

[CerebusUS]

Why does everyone always fall back to 127.0.0.1 when trying to mess with people? That whole 127 class is reserved for loopback.

Interestingly, on a windows XP machine the following happens:

Pinging 127.54.34.67 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

While on my Mepis box I get the following:
PING 127.43.54.2 (127.43.54.2): 56 data bytes
64 bytes from 127.43.54.2: icmp_seq=0 ttl=64 time=0.0 ms

Re:Bash.org?

[Anonymous Coward]

DNS entry is still there. xxxx@s1:~$ host warez.mcc.ac.uk warez.mcc.ac.uk has address 127.0.0.1

Re:News?

[Tassach]

This is a chatlog featuring some idiot. The reason this is not funny is simple: there are a million of this guy, and we've all seen it before.

It's funny BECAUSE we've seen it all before.

New recruits have been getting sent out for things like left-handed smoke shifters, buckets of prop wash, pieces of shore line, and similar fool's errands for as long as there have been armies. Gofer jokes [utc.edu] and snipe hunts [answerbag.com] are old as the hills, but it's still funny when you find someone clueless enough to fall for one.

Pranking clueless newbies is a time-honored tradition, and is a necessary rite of passage for the prankee.

The vanity plate NONE

[coyote-san]

Calling a unix system localhost could have interesting repercussions due to the ambiguity when resolving names. (Not every configuration file or app will use '127.0.0.1' or '::1' (iirc) instead of 'localhost'.) Worst case scenario isn't that traffic intended for you is lost, it's traffic intended for internal use by other systems is broadcast and/or their applications mysteriously fail.

The canonical warning tale is probably the genius who got the vanity plate NONE. He routinely parked illegally since the ticket would be issued to NONE and the system would kick it out as uncollectable.

Until one fine day when a clerk noticed that someone had registered a car with that vanity plate. He put 2 and 2 together and our genius got hit with tens of thousands of dollars in fines because his tickets caught up with him... and so did tickets for countless abandoned cars.

I don't know if this is just an urban legend, but it's definitely a good warning against being too cute.

More real-life examples .... moronic lawyers

[taniwha]

Back during the start of the never-ending 'Net vs. Scientology online war the Scientology lawyers went after Keith Henson, they had him in a deposition [whyaretheydead.net] one of the things was that they were trying to find out who was running the ftp server at 127.0.0.1 - seems Keith had joked on usenet about how many of scientology's secrets (probably the space alien stuff) were there, the scientologists had looked there and sure enough they were - Mr Henson was recorded by the court reporter as 'laughing hysterically'

Of course this is the same deposition where they tried to find out the real name of that evil 'majordomo' who was running all those anti-scientology mailing lists

Re:Deleting hard drive

[marcansoft]

The kernel is always in RAM. filtering/NAT is in the kernel. If the HDD driver/subsystem is robust enough, nothing will happen to it if the HDD dies, bar a few gazillion error messages about the HDD on dmesg. Even programs loaded into RAM or cached might still work, since it's not a clean unplug and thus it won't flush or even notice that all access fails. Just loading new data will not work.

I've hotplugged my DVD drive on the ATA bus. No big deal, as long as the computer starts up with it it will let you unplug it with no more problems than a few error messages. Plug back in, and it still works. The ATA interface is very simple, not much can happen if stuff is unplugged. Basically the two problems are the fact that commands will fail (d'oh) and that the outputs are left in an open state and may float around. The latter depends on the controller chip, and the former on the software.

I'll unplug my HDD now, just to see what happens. (same risk as a power failure, and I've yet to see a power failure kill my reiserfs partition.) Note I'm running Xorg and amaroK playing MP3s and a bunch of software. Let's see what happens.

Re:Deleting hard drive

[marcansoft]

Nothing spectacular, really. The music eventually stopped and programs began to freeze. First IRC, then mozilla, then the whole X (and since I couldn't get to the console I had to reboot. SysRq did work though, which proves the kernel was OK)

If I had "rm -rf /"'d it wouldn't even get close to that. Remember inodes aren't removed until their usage drops to zero, so all open files would continue to function. Swap would be OK too. Pretty much everything would work short of opening new programs or trying to load new data.

wha??

[dmiracle]

Now do you realize your privilege? Or do you think that these kids and teachers just chill at the ghetto starbucks and surf the ghetto-net with their ghetto ibooks?

To quote Lil' Flip "you don't know what I been through so don't judge me."

Re:May have been news May 23 of 2001...

[bani]

many of us have experienced the feared "127.0.0.1 hax0r" in real life. for us this is no urban legend.

Re:IPv6 ruining all the fun?

[bani]

even better is to just make a dns entry for that.

and for those "edumucated" leet hax0rs who have learned that 127.0.0.1 = loopback, just make it 127.92.36.148 or something.

leetwarez.somedomain.com -> 127.92.36.148

keep them script kiddies busy for days!