Telnet

**hoss827** · 10-16-2003, 07:29 AM

Found something interesting on Telnet

. Click start, click run, type telnet. If you're on XP then type "O nssdca.gsfc.nasa.gov 23" without the quotes...I've tried logging in many times, no luck yet. All default usernames and pw's DO NOT work. Anybody cracks this lemme know, i'm a sneaky lil person.

**CarbonCopy** · 10-16-2003, 11:28 AM

Originally Posted by hoss827

Found something interesting on Telnet

. Click start, click run, type telnet. If you're on XP then type "O nssdca.gsfc.nasa.gov 23" without the quotes...I've tried logging in many times, no luck yet. All default usernames and pw's DO NOT work. Anybody cracks this lemme know, i'm a sneaky lil person.

Not sure why someone would want to try to "crack" the password on this server since you can bet they are logging all failed login attempts and brute force attacks. I am sure they have your ** address already so I'd quit playing around while you are ahead. FYI just in case you didn't know what you are attempting to do is illegal.

Peace,

CC

**Money Boss Hustla** · 10-16-2003, 02:47 PM

Spend your time getting pussy, making money, or training.

**navydevildoc** · 10-16-2003, 09:00 PM

Originally Posted by hoss827

Found something interesting on Telnet

. Click start, click run, type telnet. If you're on XP then type "O nssdca.gsfc.nasa.gov 23" without the quotes...I've tried logging in many times, no luck yet. All default usernames and pw's DO NOT work. Anybody cracks this lemme know, i'm a sneaky lil person.

HA!

You know, I work on govm't computer networks for a living, and I hope you know what you are doing is a FELONY. NASA networks, in this case at the Goddard Space Flight Center, are monitored. If they have their shit straight, some IDS box already has seen you trying to connect over and over again. I certainly hope you don't succeed, cuz these people from a place called the FBI are going to come to your house and want to "have a chat" with you if you do.

Just stop now bro. It's not worth it. If you are juvie, even worse. This shit gets tried as an adult almost all of the time, and can seriously impact your life for years to come.

**mass junkie** · 10-16-2003, 09:05 PM

Originally Posted by navydevildoc

HA!

You know, I work on govm't computer networks for a living, and I hope you know what you are doing is a FELONY. NASA networks, in this case at the Goddard Space Flight Center, are monitored. If they have their shit straight, some IDS box already has seen you trying to connect over and over again. I certainly hope you don't succeed, cuz these people from a place called the FBI are going to come to your house and want to "have a chat" with you if you do.

Just stop now bro. It's not worth it. If you are juvie, even worse. This shit gets tried as an adult almost all of the time, and can seriously impact your life for years to come.

Could you imagine the shit stain he would have in his undies if that were to transpire......

**hoss827** · 10-17-2003, 08:00 AM

Damn, I've been trying this for two years...:-x. Its on a UNIX based system so it doesnt record bad logins.

VAX is much better however, they don't record bad logins eiether and they let you know if the username is in the directory or not.

**hoss827** · 10-17-2003, 08:01 AM

Oh, and the first thing I posted was purely fictional.

**CarbonCopy** · 10-17-2003, 11:43 AM

Originally Posted by hoss827

Damn, I've been trying this for two years...:-x. Its on a UNIX based system so it doesnt record bad logins.

VAX is much better however, they don't record bad logins eiether and they let you know if the username is in the directory or not.

LOL it is unix so it doesn't record bad logins? Not sure where you came up with that information...

And how do you know it doesn't record bad login attempts? I am not sure why you would risk messing around with a goverment system, but trust me bro the risk is greater then the reward!

Peace,

CC

***Sicilian30*** · 10-17-2003, 02:20 PM

Originally Posted by CarbonCopy

LOL it is unix so it doesn't record bad logins? Not sure where you came up with that information...

And how do you know it doesn't record bad login attempts? I am not sure why you would risk messing around with a goverment system, but trust me bro the risk is greater then the reward!

Peace,

CC

Oh my agreed 100% here. Unix system are far more sophisticated than that. They can log any user even in some instances far better than Windows Server products. Maybe that is why the Internet still has about 95% of Unix Servers out there, and if a Unix box can not log visitors that would be like saying that you can drive your car with no gas in the tank. With that said,
My Windows 2000 ISA server drops me an email immediately if someone even pings my ** number so I know Unix has some features similar if not better than that. Come on dude be realistic here.

**chicamahomico** · 10-17-2003, 05:09 PM

If its a UNIX based server you can modify the kernel to do whatever you please. You are nuts if you think NASA is running a server with any inportant info on it on a standard flavour of UNIX much less one that accepts remote connections. As for trying to hit someone else's machine being a crime....very tough to prove unless the person confesses. Those of you think the FBI are going to come knockin because someone is attenpting(unsucessfully) a remote connection you are not being realistic IMO. By attempting a striaght up telnet connection with a single port and brute force manual login attemps they are probably spitting their lunces out laughing at him. He doesn't, from the info he posted above, have faintest idea what he is doing and he is probably one of thousands a day who try this.

**navydevildoc** · 10-18-2003, 11:29 AM

Something you all need to remember is that most of the time Intrusion Detection Systems (IDS) are not based on the box itself, but rather watch *all* the traffic coming in and out of a network. So, when you do something retarded like a port scan on a system, it sees that, logs it, and if it's set up right, will automatically change an ACL somewhere to just block you from the entire network.

As far as the FBI, they wouldn't care unless he actually made it on to the box. Unsuccessful attempts get logged, no one worries about it too much if he isn't getting in. If he gets on, and the box is something halfway important, then yes, the FBI shows up. Not some SWAT team raid or anything retarded like that, but a pair of agents show up to scare you a little...

Oh, and as far as VMS and UNIX logging or not logging attempts, you are out of your mind if you think they dont.... every Unix system I have seen as well as OpenVMS log unsuccessful attempts out of the box. The problem is the sysadmin that does care and feeding probably never checks the logs.

***Sicilian30*** · 10-18-2003, 05:42 PM

Agreed with both of you here. My ISA server itself detects DNS and many other types of intrusions, as well as DOS attacks and Ping of death attacks. My logs are send directly via email to me immediately, I even have software that can page me when something like this happens.
So anyone who says that UNix servers can't detect things such as this, is very nieve. I agree Navy here, most system admins don't check their logs very often. that is why I have them sent via email to me, so that I am forced to at least look at them.

**CarbonCopy** · 10-18-2003, 08:13 PM

I think you guys are underestimating what action the goverment would/could take in this matter. A good friend of mine was actually arrested by police and escorted off his college campus for doing similar activity to a goverment computer system. I agree with you that what hoss827 is attempting to do isn't anything that doesn't happen 10000x per day to that server. However, we can't say he isn't being watched or that his ISP hasn't been notified of his activity. He has been trying to gain access for over a year, so I would tend to believe that his ISP and NASA are both aware of this users hack attempts. Granted, they have most likely dismissed him as more of a nuisance then threat, but that doesn't mean they aren't watching him. Also, we can't say this server doesn't contain critical data, because we don't know. Gaining access to a machine just to get "in" isn't usually the goal of a hacker. The goal of a hacker is to gain and collect information once the target machine is compromised in the most discrete manor possible. The information the hacker collects is then used to embed himself/herself deeper into the system or network, thus allowing for higher levels of access and more systems to compromise. Sadly, a lazy sysadmin is a hacker's dream because they neglect their duties, either from a lack of knowledge or out of pure laziness. IMO those are both poor excuses and could be corrected through education and training. What I am writing isn't to flame or bash what anyone has said in the post, but more to bring to light the sad state of modern network and computer systems. You would think that most organizations would be better protected with all the events that have happened in the last 10 years. Anyway, I am rambling now, but hoss827 quit messing around with that system this isn't amuture night. BTW I believe hoss827 was referring to VAX/NetBSD which is is the port of NetBSD to DEC VAX computers.

Peace,

CC

**navydevildoc** · 10-18-2003, 11:51 PM

Originally Posted by CarbonCopy

BTW I believe hoss827 was referring to VAX/NetBSD which is is the port of NetBSD to DEC VAX computers.

I wonder if that's true, since that VAX (or their children, the AlphaServer) are getting pretty rare these days, and any running VMS (the original VAX OS) instead of Tru64 Unix are even rarer. I shouldn't be suprised that NetBSD runs on it tho, should I?

I think my toaster has a NetBSD port.....

**CarbonCopy** · 10-19-2003, 03:15 AM

Originally Posted by navydevildoc

I shouldn't be suprised that NetBSD runs on it tho, should I?

I think my toaster has a NetBSD port.....

hahahah!

Isn't that the truth!

**hoss827** · 10-20-2003, 07:25 AM

Nice...

**hoss827** · 10-20-2003, 07:26 AM

BTW I change two another ISP every two months, and if not I at least create a new account with the service. They've probably noticed what I've been doing, but have probably laughed at me for brute force attempts.

**critter** · 10-22-2003, 06:12 PM

Originally Posted by hoss827

Damn, I've been trying this for two years...:-x. Its on a UNIX based system so it doesnt record bad logins.

VAX is much better however, they don't record bad logins eiether and they let you know if the username is in the directory or not.

I would bet money they log failed attempts.. linux would be in /var/log/secure or /var/log/messages by default-- they can have it go someone else if they specify and i would assume log files are kept on different servers in this case... hopefully you arent as stupid as you come across and you go through open proxy servers around the world.. if you want something to brute force you can take a look at THC-Hydra , their web address is http://www.thc.org

***Sicilian30*** · 10-27-2003, 09:20 PM

I am not big on Vax machines or Unix, but I did think Vax machines were a bit old, I can remember those 8 or so years ago.
I am a Microsoft guy myself. course guess I would have to be when I am certified by them, for them, and have to sell their products. LOL.
Now I am not saying that unix or linux or Vax servers are better or worse than MS servers. But I do know unix/linix have been around longer, and they are still used (especially Unix) for about 90% of the servers still out on the web today. got to count for something.