Username: 
Password: 
Restrict session to IP 

WeChall got hacked back then

Global Rank: 227
Totalscore: 94364
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 288d




Last Seen: 3d 9h
The User is Offline
WeChall got hacked back then
Google/translate2Thank You!6Good Post!0Bad Post! link
Hello,

Today i wanna tell three little stories when WeChall got hacked.

========================================================

Event#1 Infernal

WeChall was always open source. Not free as in beer, but open and transparent.
It was vastly inspired by TBS, and most users were from TBS.

There was one particular user, who turned blackhat, and became kinda enemy of the community.
On Day#2 after launch... He studied the source,... and wiped all users.

The vuln was easy to spot:
The admin permissions was detected via the username.

- Gizmore (with a capital G back then)
- Kender (still with caps)
- Inferno (did not even register!)

So the blackhat simply registered as Inferno and deleted all users one by one via the crude admin panel.
All five users hit the dust, but the site recovered quickly with 6 and more users.
No Big Deal, but a quite fun story.

==================================================================================

Event#2 Social pwnage

There were two users, let's call them Alice and Bob, who were involved here.

So, assume Bob just tried to link the site 3564020356 as the user Alice.
A mail got send to Alice, who did not really read it, and just clicked the linking link in it...
TaDa... Bob gained massive points with low effort.

Funny! Smile

==================================================================================

Event#3 Faux pas

This was the most known and serious event in the history of WeChall.
I was working on the WeChall and GWF3 codebase locally, and had imported a backup from the live site.
Somehow, i forgot to protect my protected/ folder, which also held backups from the live site.
I showed my current work to a user on irc.german-elite.net and he discovered the db backup in his experiments.
He downloaded it, but promised to delete the backup.
This happened maybe in 2012, i and think i wrote about it in the forum already back then.

So this was the only real bad event that happened to wechall.net server.

=========================================================================

Happy Challenging!
- gizmore
The geeks shall inherit the properties and methods of object earth.
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 550 times.