Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Tue Nov 19, 2024 10:36 am
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: Cloverfield (1-18-08) » Cloverfield: General / Updates
[SPEC] Hacking Slusho
View previous topicView next topic
Page 2 of 4 [49 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Author Message
MAXIMUS
Guest


 		LMFAO!!!!

PostPosted: Mon Jul 30, 2007 4:07 am
 Back to top 
IronJ146
Unfettered


Joined: 29 Jul 2007
Posts: 634
Location: Atlanta, Georgia, United States

 		Re: Ahhh yeah....Picture it.
tinag222 wrote:
Your honor, the defense would like to call Josh to the stand.....


Josh: Your honor, it's like this. See in the future there will be this bitchin party for Rob - er, he's like our main dude see, but then there's this thunderous roar and stuff's exploding and they saw it, it's alive, it's huge....and it rips the head off the Statue and everything! But the tshirt guy might work for slusho since slusho up on his shirt has a website see so we had to go hack into it to find out why the fish thinks of cheese and the donkey - or horse, no donkey thinks about blue oven mits...and the monkey is there now at slusho, and the pictures you can flip over have messages and we only hacked into it because they wanted us to so we can warn Rob and Beth because else they're all gonna die, New York is gonna die and we were trying to save the world from the parasite collosal monstrous monster thingie! Seee?????



Judge Reading: We the jury, in the case of the People vs Josh find the defendant guilty............

Judge Sentencing: It is the opinion of the court that you be remanded to the state psychiatric center until such time as 25 years have been completed, including full psychological evaluations....

Now I ask ya....ask yourself: is it really worth it dude? Razz


Honestly, the worth may actually increase if we get to see these kinds of courtroom antics. I'd pay to sit in the court and watch...oops I said the "P" word, I bet the viral marketing alone could get you the money from paramount to pay the whole process off...

PostPosted: Mon Jul 30, 2007 4:18 am
 View user's profile Visit poster's website AIM Address
 Back to top 
tinag222
Unfettered

Joined: 27 Feb 2007
Posts: 521
Location: Here, Now

 		Point taken.

But that's only if Josh resides anywhere but Arkansas or one of our lovely ass backwards redneck states where they'd probably find him a cellmate named Honey.

PostPosted: Mon Jul 30, 2007 4:45 am
 View user's profile Yahoo Messenger
 Back to top 
kevrock
Unfettered


Joined: 26 Jul 2007
Posts: 320

 		Re: Hacking Slusho
Nodice wrote:
Ok huge nerd here, found all of you guys after goggling slusho.

I was wondering if anyone tried digging a bit deeper to see if those who are controlling slusho might have left clues in the code, or perhaps made a mistake somewhere down the line.

I apologize if one of you has already done this but here is what i've uncovered so far. I've not really found any thing interesting yet, but maybe one of you can see something I'm missing.

Slusho is housed at Godaddy with 3069 other sites on its server.

Server traces to secureserver.net a Godaddy domain linking to WildWestDomains, a godaddy company.

Server is running Apache 1.3.33 (Possible security flaws as 1.3.37 is the latest) Thought here would be getting a list of all content on the server.

Flash:

Debugging the flash files: Main.swf, Loading movieclip:

I will post the debugs later, nothing really interesting found.

Mainloads the site map found:

http://www.slusho.jp/xml/siteMap.xml


Trout

I am certified in the computer security industry, and professionally do vulnerability scans and penetration tests for a living.

As a word of warning, please be very careful out there. This stuff should not be toyed with.

Aside from the obvious ruining the game for everyone else, it can outright be unethical and illegal.

Anything more than knocking on doors is where you can get in trouble. You should basically draw the line at simple footprinting: http://en.wikipedia.org/wiki/Footprinting

But be careful as even doing port scan and ping sweep can get you in trouble. A lot of ISPs can shut you down simply for doing them from yoru home PC. Stick w/ the tools they recommend on the front page.

Think of it this way; you should be able to open a fresh browser window, type in whatever URL, and get to the content in 30 secs or less w/out using any other applications. If it requires more skill than that, then you are in dangerous water.

It is one thing for someone to leave a hidden URL, and let's say another photo is viewable a day before it's supposed to go live. It's an entirely different thing to actual penetrate the web server, and let's say access a FTP share w/ a weak password and download pictures.

Even a post as simple as saying "Hey, let's hack so and so!" can be problematic. What if they DO get hacked? Who do you think they are going to track down first?

If you guys have any questions on this stuff, I'll happily answer them. Feel free to PM me.

PostPosted: Mon Jul 30, 2007 10:31 am
 View user's profile
 Back to top 
Nighthawk
I Have 100 Cats and Smell of Wee


Joined: 14 Jul 2007
Posts: 4751
Location: Miami, Florida, USA, Earth

 		Guess a DoS is out of the question then, eh? Wink

PostPosted: Mon Jul 30, 2007 11:21 am
 View user's profile Visit poster's website
 Back to top 
catherwood-offline
Guest


 		NOB RUTEF ORCING
The first post in this thread really wasn't about hacking, but what I would have called "deconstructing" the website. Documenting the directory structure, finding a hidden page (like if you see an image called large02.jpg, try varients on that pattern), etc., are good ARGing techniques. These are not hacking, but what has been proposed since that initial post has crossed that line. I didn't change the topic line, because that's now what's up for debate. I hope that debate is settled -- solve the puzzles, don't take apart the toy.

PostPosted: Mon Jul 30, 2007 11:55 am
 Back to top 
Josh
Boot

Joined: 29 Jul 2007
Posts: 27

 		hahah id rather go to a psych ward then prison anyday
lol i dont think id be very much of a badass in jail

PostPosted: Mon Jul 30, 2007 12:06 pm
 View user's profile
 Back to top 
GenoSin
Guest


 		Re: Hacking Slusho
Re: Hacking Slusho
I have already done a full analysis on the actionscript used in slusho.jp's flash website. I decompiled all of the main pages(slush.jp/swf/name.swf) and found nothing of any interest. The only thing that i did find was that the horse is in fact a Donkey. I also decompiled the 1-18-08.com images and found nothing there either. The only clues these sites give us are visual, not scripted.

PostPosted: Mon Jul 30, 2007 1:46 pm
 Back to top 
Helo
Decorated


Joined: 28 Jul 2007
Posts: 210
Location: Los Angeles
Quote:
Even a post as simple as saying "Hey, let's hack so and so!" can be problematic. What if they DO get hacked? Who do you think they are going to track down first?


That is exactly my point. What's a better idea:

1. Waiting for the movie to come out and having a kick-ass two hours;
2. Spending a few years in PMITA (definition of acronym here) prison?

You can make the call on that one.
_________________
..::Drumwaster's Rants::..

"Which Lo Pan? The little old basket case on wheels or the ten foot tall roadblock?"- Jack Burton

PostPosted: Tue Jul 31, 2007 9:51 am
 View user's profile Visit poster's website
 Back to top 
Jikuim
Greenhorn

Joined: 31 Jul 2007
Posts: 9

 		Just a little input on my part.
Satoshi has been confirmed as a working username to log into the FTP.

We're all under the impression that Slusho is viral marketting, and nothing is real.

None of the history is real, and, I would assume that Satoshi is probably the cousin of Ganu, according to the history, the japanese naming, and it just makes sense.

That being the case, Satoshi isn't a real person, yet is used as a username for the FTP log in?

I can see hacking the "ADMIN" account being a scary thing, but the name Satoshi is too coincidental.

Why even have a username created that is listed on the site, if it's just viral marketting. Why not allow no logins like the 1-18-08 site? I can't see anyone being sent to jail for attempting to gain access through guessing the password for the Satoshi username. If it WAS illegal, I can see a real staff member reassuring everyone it's not neccessary. These people aren't out to sue us...

PostPosted: Tue Jul 31, 2007 7:09 pm
 View user's profile
 Back to top 
EmmanuelGoldstein
Decorated


Joined: 20 Oct 2004
Posts: 281
Jikuim wrote:
Just a little input on my part.
Satoshi has been confirmed as a working username to log into the FTP.


It's been confirmed where?
_________________
Secure Email: emmanuelgoldstein42SPLATgmail.com
PGP Key: 0x7AC953AA

PostPosted: Tue Jul 31, 2007 7:14 pm
 View user's profile
 Back to top 
Jikuim
Greenhorn

Joined: 31 Jul 2007
Posts: 9

 		It works?
I thought someone had a screencap of.. something or other... just a second, I'll try it.

PostPosted: Tue Jul 31, 2007 7:17 pm
 View user's profile
 Back to top 
Nighthawk
I Have 100 Cats and Smell of Wee


Joined: 14 Jul 2007
Posts: 4751
Location: Miami, Florida, USA, Earth

 		The "Satoshi" account probably works because it's an account with an EMAIL ADDRESS.

I do not think that any game would promote hacking an FTP site. Don't do it.

PostPosted: Tue Jul 31, 2007 7:18 pm
 View user's profile Visit poster's website
 Back to top 
EmmanuelGoldstein
Decorated


Joined: 20 Oct 2004
Posts: 281
Jikuim wrote:
It works?
I thought someone had a screencap of.. something or other... just a second, I'll try it.


No, it doesn't work.

Quote:
Connected to slusho.jp.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 17 of 50 allowed.
220-Local time is now 16:21. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
Name (ftp.slusho.jp:beans): SLUSHOISMADEOFPEOPLE
331 User SLUSHOISMADEOFPEOPLE OK. Password required
Password:
530 Login authentication failed
Login failed.
.

No matter what you put in, it will says User <username> OK, its so people can't brute force valid accounts by seeing what says OK and what says NOT A USER.
_________________
Secure Email: emmanuelgoldstein42SPLATgmail.com
PGP Key: 0x7AC953AA

PostPosted: Tue Jul 31, 2007 7:22 pm
 View user's profile
 Back to top 
kevrock
Unfettered


Joined: 26 Jul 2007
Posts: 320
Jikuim wrote:
I can't see anyone being sent to jail for attempting to gain access through guessing the password for the Satoshi username. If it WAS illegal, I can see a real staff member reassuring everyone it's not neccessary. These people aren't out to sue us...


It doesn't matter how weak their security is, it's still illegal.

Use any of these as reference...

* ACCESS DEVICE FRAUD. 18 U.S.C. § 1029. Fraud and related activity in connection with access devices.

* COMPUTER FRAUD AND ABUSE ACT. 18 U.S.C. § 1030. Fraud and related activity in connection with computers.

* CAN-SPAM ACT. 18 U.S.C. § 1037. Fraud and related activity in connection with electronic mail.

* EXTORTION AND THREATS. 18 U.S.C. § 875. EXTORTION and THREATS. Interstate communications.

* IDENTITY THEFT AND ASSUMPTION DETERRENCE ACT of 1998. 18 U.S.C. § 1028. Fraud and related activity in connection with identification documents, authentication features, and information.

* WIRE FRAUD. 18 U.S.C. § 1343. Fraud by wire, radio, or television.

* No Electronic Theft ("NET") Act. 17 U.S.C. § 506. Criminal Offenses. (criminal copyright infringement)

* DMCA . 17 U.S.C. § 1201. Circumvention of copyright protection systems.

* Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. (STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS)

* Trade Secrets Act. 18 U.S.C. § 1832. Theft of trade secrets.

* Economic Espionage Act. 18 U.S.C. § 1831. Economic Espionage.

PostPosted: Tue Jul 31, 2007 7:24 pm
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 2 of 4 [49 Posts]   Goto page: Previous 1, 2, 3, 4 Next
View previous topicView next topic
 Forum index » Archive » Archive: Cloverfield (1-18-08) » Cloverfield: General / Updates
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group