> Beyond pure operations, IRC was also a social space with its own culture, rituals, and hierarchy. You proved yourself by sharing information, by having access to tools before others did, by being present when something interesting happened. The channels were chaotic, frequently toxic, and also a brutal apprenticeship in network security for anyone who could not afford a conference ticket. Many people who are now respected professionals in DFIR, threat intelligence, and red teaming learned the fundamentals there.
toxic indeed - I somehow ended up in IRC channels as a curious, lonely ten year old with a computer and parents that frequently confined me to my room with nothing but a computer, an internet connection (which they thought could only be used for email), and books. One of my more formative experiences was getting my pc pwned, getting so upset about it, I resolved to learn everything I could get my hands about it in my teens. Never got super far as some did, but that curiosity sparked in me a drive that has lasted nearly 30 years now.
The best thing when someone sent me a sub7 or BO dropper, was to immediately rename the extension (so I wouldn't accidentally execute it), then open it up in a file viewer and skip to the end. Both programs just appended their configuration variables to the end of the executable file.
Which meant I now knew what port and password the sender was expecting to connect to me with.
However, most of them were skids, and had inadvertently executed their own dropper on their own machine at some point. And I knew their IP from the DCC.
Which meant I now knew what port and password to connect back to them with...
I'm sure language issues motivated the choice but I think this would be a lot more pleasant to read in your own voice and not in an LLMs. It reads pretty slick and magaziney.
Oh man, this is all one solid block of "I remember that!" nostalgia. For example, in the late 90s I volunteered in a DALNet support channel, helping people diagnose and remove exactly those infections. [0]
We had a hard policy of never going "I'll connect to it and remove it for you." Sure, it could be quicker, but it would also be legally problematic, especially if the person seeking help was actually an impersonator.
[0] I admit, I harmlessly pranked one very close friend with a CD-ROM tray that kept moving "on its own". And pointed out some weak passwords to school IT...
I wish I did something valuable. Instead I spent most of my time writing kick scripts for #warfactory pretending I was some l33t coder... I still have some of those scripts saved somewhere!
Netbus was everywhere. I would just scan random subnets and find open servers. I had one file bundled with a subseven server that somehow got passed around extensively to the point that I was constantly getting ICQ notifications of people being online that I had no idea who they were.
One of my favorite tools though was the Munga Bunga HTTP brute forcer. Uncovered tons of awesome hidden parts of websites.
Also the trick where you could specify a domaing like https://freemoneygiveaway.hotmail.com@192.168.1.1 or whatever and people would think it was some legitimate Hotmail thing and dump in their credentials.
I read Hacking Exposed around that time period. Up until then, my only "hacking" experience was with AOHell and everything that came along with that. It was interesting, but I wasn't really into the idea of trying to use CreditWiz to increase my odds of prison time. (I was a kid, I thought everything would lead to prison). Back Orifice just seemed like a great sysadmin tool!
I remember looking up, or maybe even using? Back Orifice in the high school library, and the librarian being somewhat scandalized by the logo, thinking I was looking at porn.
I hoped to see more coverage of progz and punters. BlackIce. hackers.com used to have a cool section with all of these tools from attrition, cdc. Packetstorm security back in the day. Good times.
toxic indeed - I somehow ended up in IRC channels as a curious, lonely ten year old with a computer and parents that frequently confined me to my room with nothing but a computer, an internet connection (which they thought could only be used for email), and books. One of my more formative experiences was getting my pc pwned, getting so upset about it, I resolved to learn everything I could get my hands about it in my teens. Never got super far as some did, but that curiosity sparked in me a drive that has lasted nearly 30 years now.
Which meant I now knew what port and password the sender was expecting to connect to me with.
However, most of them were skids, and had inadvertently executed their own dropper on their own machine at some point. And I knew their IP from the DCC.
Which meant I now knew what port and password to connect back to them with...
We had a hard policy of never going "I'll connect to it and remove it for you." Sure, it could be quicker, but it would also be legally problematic, especially if the person seeking help was actually an impersonator.
[0] I admit, I harmlessly pranked one very close friend with a CD-ROM tray that kept moving "on its own". And pointed out some weak passwords to school IT...
One of my favorite tools though was the Munga Bunga HTTP brute forcer. Uncovered tons of awesome hidden parts of websites.
Also the trick where you could specify a domaing like https://freemoneygiveaway.hotmail.com@192.168.1.1 or whatever and people would think it was some legitimate Hotmail thing and dump in their credentials.
edit: Ahh, EFF privacy badger. Turned it off and now I know what you're talking about. With it on I didn't see anything :)
https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
https://youtube.com/playlist?list=PLC2FCB2871C396459&si=stCC...
I’m not even sure why I had them as a kid, I never managed to actually use them.