More from The Hacking of America...
There you have it. Script kiddies are often driven by jealousy,
suspicion, pride, rivalry; a desire to taunt, bully, or get revenge;
a thirst for power; motivated by greed or arrogance. In other
words, they are pretty much like the rest of us, only maybe a
bit more open about their motivations.
So how do how script kiddies break in? As you may have noticed,
these are the people you read about in the news, the ones who
deface and shut down web sites. Since this is such a big deal
with reporters, let's explode the myth that these vandals are
geniuses.
In 2001 a weaknesses in the Windows Internet Information Services
Server (IIS) made headlines over and over again. First the Code
Red worm took advantage of it, then Code Red II, then Nimda.
These were virus-like programs that spread from computer to computer
without human assistance. They propagated so fast that, within
hours of the release of each of these, they took over every computer
on the Internet that was vulnerable to them. It got so bad that
on Sept. 18, 2001, US Attorney General John Ashcroft held a press
conference to assure a jittery nation that Osama bin Laden was
NOT behind the Nimda worm.
Code Red II and Nimda were especially dangerous because they
altered over 100,000 Windows NT and Windows 2000 Internet web
servers and personal computers to allow any stranger to log into
them and exercise total control. We'll never know how many serious
criminals took advantage of those worms to steal credit card
information and confidential company information.
The original discoveries by Ryan Permeh and Marc Maiffret
(of Eeye Digital Security, http://www.eeye.com) of the break-in
opportunity exploited by these worms definitely took intelligence.
The writing of the worms that exploited such weaknesses also
took lots of brains. However, once discovered, and once someone
wrote out the exact instructions in a way that anyone could understand,
and shared them around, all it took to run this exploit was an
account on America Online.
A Script Kiddie Remote Exploit
Here's an example of how a script kiddie can use simple instructions
to break into and deface a web site. This script works on Windows
2000 Server or Professional upgraded to Service Pack 2, as long
as they don't have the upgrade to IIS needed to prevent this
exploit. At one time millions of computers were vulnerable to
this attack.
I'm only making this trick public because the massive attacks
of 2001 using this exploit have pretty much ensured that all
Windows 2000 computers are now fixed. However, if you want a
little fun, you can set up a Windows 2000 computer without the
IIS upgrade and try this out. Note that if you have Windows 2000
Professional, you must enable the Personal Web Server for this
to work. In Windows 2000 Server you should run the IIS service,
which is the same as the Professional version's Personal Web
Server. (Go figure. Some marketing guy must have decided to call
the same webserver a different name on each product.)
Also, this exploit depends on the kind of web browser you
run. This is because this attack depends on how a browser interprets
the commands you type into the location window. I've found a
lot of browsers that work, and others that don't, for example
some versions of Internet Explorer and Netscape for Linux. So
if this doesn't work using one browser, try another. (To read
the rest, see the book.)
Read about The Hacking of America at Amazon.com
--->>
Buy a copy of The Hacking
of America, autographed by Carolyn Meinel -->>
