Posted by: surfshacktito | June 24, 2011

New Leaks

Aloha little cuz’s! It’s been a while since we have posted! The surf shack has had alot of customers so we were busy cookin up on Mr. Dink’s new grill that he was able to afford through insurance! I’m pretty sure Eruanna knows about this grill! Anyways, it has been brought to our attention that we were mentioned on altdeath.com! We would like to thank that little cuz for leaking those awesome topics! Here are a few more leaks that were most likely not seen:

Now Mr. Dink wishes to take the rest of this post in his own hands!

Leak #1 – Staff forum Devil Hunter:
http://image.bayimg.com/kaijmaadm.jpg

As you can see, Eruanna is noting this down, I hope she is as she brought something of mine down back in 97′.

(This image specifically was by our spy, we’d like to thank you for this one! And the many other ones we will release eventually!)

Leak #2 – Eruanna PM to Torr Samaho regarding a hacked build
http://image.bayimg.com/kaijoaadm.jpg

Eruanna wants a hacked build of Skulltag with a wallhack in it! She wants to catch and burn those cheaters to the ground, just like what she did to my grill back in 97′!

Leak #3 – Kirb editing posts in Purgatory
http://image.bayimg.com/laijgaadm.jpg

Eruanna didn’t like mods editing the post and says they can’t handle the power. Just like how she couldn’t handle the power of my awesome now gone 97′ grill.

Leak #4 – Eruanna wants puke to be for server admins only
http://image.bayimg.com/laijhaadm.jpg

TL;DR don’t really care. All I care about is my poor 97′ grill that is now in some junkyard thanks to this bitch.

Leak #5 – Tiger’s Constant Reporting
http://image.bayimg.com/laijnaadm.jpg

Zap610 is starting to get annoyed. I’m starting to constantly remember my grill in 97′.

And without further ado, here is Tiger on all this:
http://image.bayimg.com/laijpaadm.jpg

That is all for now! Expect many more leaks in the future. Expect many more staff leaks, alot of IRC logs from staff land, and much much more!

EDIT: Also, if you have a request to see something leaked from that index page that was posted on altdeath, post on their forum cuz’s, not here as I won’t really read them.

(PS: As the ancient Hawaiian’s used to say: A bird who flies crooked has a hard time coming home!)

Advertisements
Posted by: surfshacktito | May 30, 2011

Clearing up

Aloha little cuz’s! Today I’m going to be clearing up some of the confusion and or statements made by various people that has been directed to my attention! Most of the ones here are most likely to be wrong, funny, or just me bashing those cuz’s!

Let’s start, shall we?

Zap610: “It isn’t a matter of “easily hackable” so much as how hard these hackers try. I guarantee you if these same people targeted ZDoom it would be hacked just the same.”

Ah no little cuz, we don’t want to attack ZDoom. We have no reason to!

Zhs2: “The only problem of the matter here is finding people butthurt enough to do so. 12 year old script kiddies that got kicked out of a clan/invited scorn upon themselves by equally mature skulltag members/felt harrassed by the community in general?”

Definition of script kiddie: Uses tools written by hackers without understanding what they do or how they work. Will be helpless to proceed if the tools don’t work automatically and immediately – are incapable of fixing any issues themselves without someone showing them how (perhaps in excruciating detail). Expect people to be impressed that they can crack WEP or own an unpatched and unprotected Windows box using autopwn in Metasploit. Are the subjects of derision of real hackers.

Definition of hacker: Likes to find ways to use systems to their fullest extent, in ways perhaps not intended by their designers. From a security perspective – they understand the way systems work on a detailed level and can find and exploit vulnerabilities via their own effort, as well as write tools to automate the exploitation of the vulnerabilities. They love to learn, to understand and to challenge themselves intellectually, and they appreciate elegant solutions.

That’s right folks! This exploit we have been using on phpBB3 is… gasp! Our own? Learn the difference between script kiddies and hackers little cuz! Major difference!

mandolore: “Most of the furries most be crying about this”

Now that’s something that made me laugh, it’s probably true! Those cuz’s must be crying.

Synert: “Am I the only one who actually finds this funny? I’ve also now lost all confidence in phpBB’s security.”

Nah little cuz, we find this funny too! phpBB’s security is much better than VBul, SMF, and IPB anyways! Or if you prefer to use a not much known forum software!

tm512: “It is perhaps the largest and most used piece of forum software out there. Of course there are going to be exploits.”

That’s true little cuz! There are no pub exploits though, so little skids don’t get their hands on them! As for priv8 exploits…. let’s just say there’s a good amount 😉

AlexMax: “it’s not phpBB’s fault when you don’t update or use an insecure plugin. phpBB3 is a ground-up rewrite anyway, it’s got a really nice security record.”

Ding ding ding. This little cuz is correct. Although, updating wouldn’t made a difference. And it does have a good security record for all the little cuz’s out there who use it!

Konar6: “ST is peaking in popularity and that by itself makes it a prime target. Or were Codeimp’s attacks on ZDaemon in its better times forgotten? And why doesn’t it happen to Odamex? Is it hack-proof, or is it because noone would bother?”

No no no little cuz. That is not why it’s a target! But if you think so. Also that little cuz’s attacks on ZDaemon were not forgotten and were epic! And as for Odamex, no reason to attack those cuz’s!

Blzut3: “Also to clear up concerns with phpBB’s security, I’m fairly sure none of the “hacks” since we were running phpBB 2 (remember the santy worm?) were due to actual forum software vulnerabilities.”

Well then little cuz, I’m fairly sure that you are indeed an idiot! Let me repeat this just for you Blzut3: There will always be vulnerabilities, no matter how much you deny it 🙂

Xenaero: “This is disappointing, honestly. Might be a good idea to not use phpBB anymore. I’ve brought this up in the past but it seems a bit more valid now. Be it that it will not prevent hacking entirely is moot, it is certainly a better option and should be seriously considered.”

ST Staff, listen to this cuz! He’s a smart man! Don’t let the fatman stop you from changing software! Be free cuz’s!

Xenaero: “Basically just reset your pass and never change it from the password the email gives you. You’re safe forever.”

Little cuz, no no no that won’t work! That just makes it easier to crack!

Spam205: “At least the message on the wiki reminded me that I hadn’t watched Rocket Power in about 7-8 years.”

I’m glad you liked our message little cuz!

UnTrustable: “I would wish hacking like this would be a crime by law and people could more easely track down who really did this.”

I would wish little cuz’s like you would stop being morons and learn proper grammar and english! Plus, no one cares about this forum, little cuz.

ConflagratedCanine: “Let’s not devote time and resources to catch rapists, murderers, and arsonists; No let’s fret over some small forum that nobody cares about.”

Now that’s another funny post! This little cuz knows what he’s saying!

Eruanna: “After the most recent hack we decided to remove all board mods. Right now this is sitting on a stock, 100% unmodified phpbb3. The possibility that any of the mods had security exploits is actually rather low but in order to decrease the chances of another hack happening again we decided to try a vanilla phpbb3 to see how well it would hold.”

Little cuz, you still failed! At least try harder if you are going to stop us! Also we all know that you are clearly upset and hurt deep down inside! (At least that’s what my source has been telling me o_O)

ConflagratedCanine: “In a word: Nobody gives a fuck.”

True dat little cuz!

Eruanna: TL;DR post

See ConflagratedCanine’s response above ^

Eruanna: “We do have solid reasons to believe that they have the forum DB and are using that to “brute force” passwords. Already 3 accounts have been cracked.”

Rivecoder: “The forum’s use phpBB3’s hashing scheme, which is very strong. It includes a salt and a time-intensive hash operation (MD5 repeat thousands of times) to defend against rainbow tables.”

Contradiction much? If it’s a very strong hashing mechanism, then how are we supposedly brute forcing passwords? I’ll let you two cuz’s figure this one out!

NukeR: “So does that mean my forum will be safe? They run on phpBB 3.0.8 (latest)”

Yes little cuz, we don’t care about other forums. This exploit won’t get out anywhere either, so you are good 🙂

And that’s a wrap for today! More might come in the future, who knows!

PS: As the ancient Hawaiian’s used to say: If you aren’t an Hawaiian, then you are gay!

Posted by: surfshacktito | May 29, 2011

Aloha world!

NOTE TO ST STAFF: If you guys switch Forum software, we swear that we will stop what we are doing little cuzzes!

Aloha cuz’s! This is a blog dedicated for leaks on Skulltag! Thanks to our little cuz in Skulltag Staff, they are sending us images in the private lands of Skulltag. We only have one image for now, but it will fill up over time as our little cuz have sent us many in the past which have gone unnoticed but will eventually be unearthed and no longer swept under the carpet!

Here is Leak #1: http://image.bayimg.com/gainfaadf.jpg

Thanks to this image, we now know that there is a “private” forum somewhere on the internet. Where? It could be on ST.com, ST.net, god knows where. It also mentions that there is an offtopic area which is to confuse us. But little cuz’s: that will not work anyways. Gee, if it’s only for the staff, what does that tell you? Yeah sure, it’s completely offtopic and foolproof guys. What morons. If I had to take a guess, it’s probably just staff land moved to new forums so that in the event the main forums get hacked, they have a dumb backup which probably will get hacked in time as well. Also, it will fail regardless. The forum post count (If it’s hidden then nevermind.) won’t match the total post count in the statistics you boneheads!

Leak #2 is a PM between Tiger and Metalhead! I don’t know the background behind this one, but it’s still pretty funny!

Tiger:
——————————
Regards to the some of the most recent events, I’d figure it is time to for me to share my thoughts on these matters. With the leaking information shows disloyalty and compromises SkullTag’s security from the executable engine to site protocols; moreover, not only will this strain development relationships, but security in itself is now and should be in question in full regards.

Some low-guarded holes that should be back tracked immediately:
* Old compromised password break-in’s [Not fully a Hijacked account, yet]
* Check all of the staffs (even retired users with special permissions) IPv4 addresses or even better MAC addresses if possible (as IPv4 can be altered with a simple hack), and assure that there was no intrusion. If a possible intrusion is found, don’t alarm the detect account owner until it is fully investigated further. Force them to change their key on the forums and other services on ST. However, if this continues the user is feeding information and should be blacklisted from special resources.
* Forum or Server Back Door [Silent Script Kiddie break-ins]
* A possibility that the forums might have a breach of security from a ‘Back Door’ that is giving our friends the advantage to exploit on the forums.

If incase a user is suspected of feeding leaked information tactics on revealing the answer will seem ‘unprofessional’ depending on how you wish todo this. Imagen their is a group rabbits or larger animals like bears that you want capture with a cage trap. First, you must plan how this trap will work and besure you can catch them without giving attention to yourself nor alarming them. Second, besure you that the ‘bait’ used will lure them to the trap. Thirdly, once a rabbit or rabbits is underneath that trap you made, you instantly let the cage drop on them, and you have dinner. [I’ am a visual person, so hopefully you guys are caught up with me on this]
So meaning, with the resources like the Liberty Doom Forums, ST ED (USER_Page:The_Mailman), and the Cheaters Forum board should be kept as part of the trap techniques, and lure them with an intensive information as like for example ‘fake’ code that will disable the aimbot or wallhack. However, keep in mind that this trap will most likely only work once. So the selected ‘groups’ of rabbits you want to use is your choice.

I remember a PM that I made to MetalHead and I think Eruanna aswell a while ago that seemed to leak over to the Liberty Doom Forums; I have my suspicions on the forums having a back door or said users (and even mine perhaps) might have been compromised. However, this was before SkullTag returned to Brad Carney’s server.

I hope this helps you guys in some degree in ending this massive conflict.

——————————

Little cuz, you think way beyond the normal. Whoever did all that damage must have really got you out of your cage! Cuz, this is Skulltag forums, not Sony! How do you check the MAC addresses online? I’m very curious as to how that would work!

Metal:
——————————
Don’t PM me anymore Skulltag bullshit. I don’t want to see it. The one you want to talk to here is just Cyber. Torr is busy with Dev stuff and Eru and I are retired. Let them make their little dramatic pages, I don’t give a flying cunt fuck. I quit to get AWAY and stop having to read that garbage. Whoever is leaking info, well I dunno, that’s not my problem anymore. This whole piece of shit source port is no longer my problem. I hope it fucking dies.
——————————

And this is acompletely unedited PM! As you can see, Metal lashes out on Tiger and calls a port SHE used to admin (and still does heh.) a “shit source port” and she hopes it “fucking dies”. I wonder how Torr and Carn feel about their source port that they’ve worked on for years be called a “shit source port” by their own administrator! This little cuz needs to chillout and needs to take a surf on the ocean!

Also just to know little cuz’s, having an unmodded board won’t do anything for you! This exploit works perfectly on ALL versions of phpBB3! Modded or not, you will not escape the tiki wrath of Tito the great shack worker! (PS: Learn to take suggestions from others. I think I recall seeing someone mention that you should convert forums. Listen to that guy next time, smart person.)

Anyways that’s enough leaks for now! Hope you cuz’s enjoy this!

PS: As the ancient Hawaiian’s used to say: A rock is only as strong as it’s size!

Categories