Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Wed Nov 13, 2024 6:07 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: General » ARG: Slumberil
Hacking and misc issues
View previous topicView next topic
Page 1 of 1 [11 Posts]  
Author Message
Ehsan
Entrenched

Joined: 09 May 2003
Posts: 992

 		Hacking and misc issues
Further to all the items we found in trash (If you haven't seen it yet, go here and then come back) I was trying to do various things related to nmap and the matrix

obviously the first thing is to look for open parts.. and there are quiete a few which should have been locked down..

Now what I did next is a bit shaky, and I believe we're peeking behind the curtain. I encourage anyone NOT to take this further until we figure out what's going on, if you're new to ARG's please note that it's not right to peek behind the curtain..

--[edited to remove the steps I took]--

So I did a whois on the new website, and apparently it's an alias for slumberil, but the www part of the same server is owned by a real website (a law firm) that's been around since 2000. From there there's a link to a hosting site, so apparently I've only managed to uncover where slumberil is hosted (Could have done it in easier ways!!)

Now it seems to be a dedicated server and I assume the ports were left open by mistake. I did manage to do, and find, other things but for now I'll leave it so nobody does anything 'bad'

If the PM's are reading this, please close any ports you don't want us to play with. The whole nmap thing is just inviting us to try a SSH exploit on yout server, so if the ports stay open, the hacking tools will start running Wink

thoughts?

PostPosted: Mon Jan 10, 2005 12:24 pm
Last edited by Ehsan on Mon Jan 10, 2005 3:56 pm; edited 1 time in total
 View user's profile
 Back to top 
bill
Unfettered


Joined: 25 Sep 2002
Posts: 614
Location: Tampa

 		eep! Shocked They left ssh open AND an ingame login works on it? ssh by itself in not unusual. It's a tool webmasters use regularly to manage their servers. Leaving unprotected accounts like that out in the open is just plain dumb.

Drool Dunce

Any chance the other stuff is ingame?
_________________
Bill
http://deaddrop.us/
Dedicated to Alternate Reality Gaming

PostPosted: Mon Jan 10, 2005 12:51 pm
 View user's profile Visit poster's website Yahoo Messenger
 Back to top 
Ehsan
Entrenched

Joined: 09 May 2003
Posts: 992

 		Just to clarify, the ingame login doesn't work.. if it did, I would say the whole thing is ingame..

PostPosted: Mon Jan 10, 2005 1:09 pm
 View user's profile
 Back to top 
yanka|tage
Guest


 		Re: Hacking and misc issues
Ehsan wrote:
So I did a whois on the new website, and apparently it's an alias for slumberil, but the www part of the same server is owned by a real website (a law firm) that's been around since 2000. From there there's a link to a hosting site, so apparently I've only managed to uncover where slumberil is hosted (Could have done it in easier ways!!)

Oh, I think I know what law firm you're talking about. It was pointed to by some file on the ftp, but they seem to have removed it - or at least, I can't find it anymore (and I know that it was pasted somewhere on xmyth, but I can't find that right now either).

PostPosted: Mon Jan 10, 2005 1:23 pm
 Back to top 
burningsquid
Boot

Joined: 03 Dec 2004
Posts: 16

 		When the nmap references started popping up ingame, I portscanned the site. There's alot of stuff open there that shouldn't be open on a webserver. Poking around, it looked like it wasn't ingame, so i decided to leave it alone.

It is concievable that the PMs intended the server to be fair game for screwing around with, but since they have made absolutly no references to this, i am inclined to leave it alone and stick to things that are obviously ingame.

I would seriously hope that people don't start trying to run exploits unless it is abundantly clear that it is part of the game.

PostPosted: Mon Jan 10, 2005 2:15 pm
 View user's profile
 Back to top 
orphaen
Veteran


Joined: 09 Jan 2005
Posts: 142
Location: southern Louisiana

 		I can link the file from here if you wish, send me an AIM to orphaenx and I'll pop over here and plunk it down.
_________________
Here I am, Paradox Personified.

PostPosted: Mon Jan 10, 2005 5:40 pm
 View user's profile Visit poster's website AIM Address Yahoo Messenger
 ICQ Number 
 Back to top 
simo66
Guest


 		I am tempted to believe that nmap has nothing to do with it as all those files were uploaded in 2005 whereas every bit of evidence before now has indicated that the ingame year is 1999

PostPosted: Mon Jan 10, 2005 7:53 pm
 Back to top 
Clockwork
Greenhorn

Joined: 05 Jan 2005
Posts: 3
simo66 wrote:
nmap ... all those files were uploaded in 2005

the files in http://www.slumberil.com/images/elysium/ and in http://zmail.slumberil.com/images/ are uploaded (last modified) in 2005 and are ingame (at least the zmail.gif is = morse-code zaisv0101)

PostPosted: Mon Jan 10, 2005 8:04 pm
 View user's profile
 Back to top 
orphaen
Veteran


Joined: 09 Jan 2005
Posts: 142
Location: southern Louisiana

 		Those aren't in-game pages though. See the normal background? Smile
_________________
Here I am, Paradox Personified.

PostPosted: Mon Jan 10, 2005 8:16 pm
 View user's profile Visit poster's website AIM Address Yahoo Messenger
 ICQ Number 
 Back to top 
simo66
Guest
orphaen wrote:
Those aren't in-game pages though. See the normal background? Smile


Those are all pages which while esential for running the webpage are not really essential for the arg. I would really pay those little head

PostPosted: Mon Jan 10, 2005 9:39 pm
 Back to top 
AnthraX101
Entrenched

Joined: 18 Mar 2003
Posts: 797

 		Why exactly do you think it's dedicated?

DNSStuff reports 250+ domains share that sever, which would support the large number of services that are running on it. It's also possible that it's some sort of load balancing system, and there really is a single server. I'm just confused as to why you think that's how it is.

You pretty much have to have an SSH server on a server like that, it's one of the few secure ways to administer it.

AnthraX101
_________________
VGhlcmUgaXMgbm8gc3Bvb24u
ll----ll--ll--ll----l---ll---llll---ll--l--ll---llll-ll-l-ll-llll--l-.

PostPosted: Mon Jan 10, 2005 10:06 pm
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 1 of 1 [11 Posts]  
View previous topicView next topic
 Forum index » Archive » Archive: General » ARG: Slumberil
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group