-
Own3d by Ston3r
hav u ever been hacked before well it happened to me over the weekend well to my brother by the dood name stoner at
-
Re:Own3d by Ston3r
I don't think you should have put up that link. >
What was the nature of the hack?
-
Re:Own3d by Ston3r
well all i know is that when u boot windows a jpeg image appears own3d by sotn3r well no other programs can be run via gui only in dos mode
-
Re:Own3d by Ston3r
his home pc was hacked?
no firewall?
-
Re:Own3d by Ston3r
yep home pc i deleted the jpeg file now all i see is the blue screen of death
-
Re:Own3d by Ston3r
wow Willy, you need some help there man! Maybe BlackCryptoKnight or Deakie can help.
-
Re:Own3d by Ston3r
well i got the pc to boot to windows i'm guessin the hacker used a worm ntdma.exe or ntdm.exe. WORM_AGOBOT.CN
again i'm just guessing
-
Re:Own3d by Ston3r
If your computer has been compromised, treat it as trashed.
Unless your are capable/motivated enough to have a detailed forensic investigation performed to determine what/how he got in (maybe for legal prosecution), or you have critical data you haven't backed up anywhere else, wipe the machine and set it up again. Restore your data from trusted backed.
Once someone hacks your computer, it's not yours anymore.
You can't even trust the system utilities on it - they could have been trojaned. There could be a rootkit installed.
Implement good preventative controls (firewall, antivirus, patch management), good detective controls (intrusion detection system, file integrity checkers), and good backup and recovery strategies (burn your data to CD or DVD, or archive to other removable storage).
If you really wanna find out what the heck happened, you could play around with the forensic tools on the P.H.L.A.K. distro - Autopsy and The Coroners Toolkit. Learning curve kindof steepish but good learning if you put your mind to it.
Usually though, after a breach, the disk is cloned before any actions are taken. You having deleted the image file has essentially tainted the evidence (which would mess up your case if you were gonna prosecute). After the disk in question is cloned, then any investigative work is done on the clone while the original is kept nice and safe- with Chain of Custody maintained (just like with evidence in regular crime scene).
The thing when doing forensic investigations on disks is that you want to be able to find data that gives you an indication of the sequence of events,timestamps and tactics employed to compromise the machine. You aren't supposed to modify anything. Special tools and utilities are used because some of the regular OS tools like ls dir etc. can actually modify the timestamps (Modify, Access, Create) and throw off the accuracy of the timeline building.
Best bet is to format and re-install Willy :-\
Look's like somebody's server/pc got "reset" - :-\ :-X
-
Re:Own3d by Ston3r
lol lol true i was planning on formattin jus lookin around to see what the heck happened and how , i think a worm/trojan was used the hacker deleted some files and backed up some names the folder xxx when opened my documents in the windows explorer window i think some java was used to write the script. i started backing up some data that will be needed
after that i cleaning house
-
Mar 8, 2004, 10:55 AM
#10
Re:Own3d by Ston3r
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules