Customize

What the hack? Get that job done!

Discussion in 'Help Iran Online' started by Unregistered, Jul 7, 2009.

  1. Just a simple question;

    Are there people trying to penetrate the site gerdab.ir to bring it down permanently or to alter it?
    For days now I keep reading about the site being down, up again, etc..
    I don't want to discourage anybody in their efforts, but it's time for the professionals here.
    I understand that providing that kind of information could be sensitive, just a simple yes will do.

    Thank you.
  2. Inter-phase chatter

    I totally agree.

    Tactics on both sides are adapting. Gerdab is completely defensive. The "whirlpool" is full of terrible, horrific psychological nonsense. Recently they have acknowledged they are under intense cyber attack. We are faster, better, bigger, and cheaper. We shall besiege and crumble the whirlpool.

    One's right to free speech ENDS where another's right to life, liberty and pursuit of happiness begins.
    The Gerdab and Basiji mobs have the concept all backwards for some reason. They think they are Gods on earth who can take human rights from people as they see fit. The criminals of the Basiji mob have lost their freedom because they follow the commands of an evil ruling force without question (Nuremburg War Crimes). The Khamedinejad regime has been using language to suppress a peaceful protest movement by calling demonstrators "rioters". Besides lacking tact, they lack respect for peace.
    While Iran's ruling regime should be trying its best to open dialogue with its own people and keeping open the international media dialogue, they have only shown they are not responsible nor humane enough to enter into nuclear talks with us. They have shown that they only care about remaining the enemy of freedom of thought, freedom of religion, freedom of assembly, freedom of association, freedom of expression, and freedom of movement.
    A government that accepts its people's views and protects them is a healthy government. Khamedinejad has shown the opposite- they lie, cheat, and beat to suppress all voices of opposition. They are the big promise breakers, and continue to break the worlds' hearts by suppressing the peoples' voice.
    The result? We have successfully shut down several propaganda branches of the Iranian regime when two conditions have been met: they have shown to be terrorist, and they have been physically hosted within a peace-loving nation of free-thinkers. The terrorist websites are those that contain pictures of the protesters with targets drawn over their faces, encouraging the Basiji mob to hunt the innocent like animals. These sites violate the basic 'terms-of-service' agreements on the hosts because they contain harassment, threats of terror and violence, as well as displaying photos of people used without the subjects' permission. Gerdab has labelled this as 'disrupting the American-style free flow of information'. They have yet to learn that all speech is not protected in the US, nor have they learned to foster the voice of our Persian brothers and sisters.
    Just because an Iranian criminal organization such as the Gerdab considers them enemies of the state, does not mean these people deserve Dictator Khamenei's inhumanity. They deserve our protection. They deserve their voices. Period.

    Anonymous
    Expect us.

  3. Srpska Member

    At the moment we're trying to take it down, not to deface it, because that's easier. That said, after a few days of intermittent success on our part, the bastards seem to have upped their game and gone into some kind of lockdown, because it's getting harder and harder to take it down.

    They've even put a couple of smug little uptime monitors on there to mock us - which may possibly be their biggest mistake, because I don't know about the rest of you guys but I FUCKING RAGED LIKE THE WRATH OF JEHOVAH
  4. Excuse me, but their up all evening so you're not doing a good job (but you're doing the best you can).
    That why I asked for the professionals to step in.
    They're laughing at you with their uptime monitors.
    Let the greyhats do their thing.
    My question was to acknowledge that action from them.
  5. Stacy Member

    People here have asked everyone to ask anyone they know that can take it down to help take it down.

    People are working on it and sometimes it seems they have people with just as much knowledge stopping them.

    It's being worked on, that's all I know.
  6. Let me know when it's happening, just a yes will do.
  7. DeiBellum Member

    The problem with gerdab.ir is that as stated above they have gone completely defensive. I was port-scanning them last night and the only port I could find open was port 80 which is the HTTP port. All the other ports were closed/filtered.
  8. Then, let's start thinking outside the box. Is there a downside/exploitable to going completely on the defensive? What are all the possible ways a website can crash?
  9. Vee Member

    Unfortunantly compromising a host has been made to look easy by hollywood. A fully secure Linux server thats gone into offensive stance under full lockdown and probably now has loadbalancers and Riverhead dos mitigation appliances infront of it isnt the easiest thing to take down.
    As another poster said they basically only have port 80 open. Even that cant be accessed half the time from where I am.

    On a seperate point tho. This would be costing them time and money to maintain. While the people attacking it are probably out doing other things while their scripts run :p
  10. Vee Member

    A new attack vector would be needed.
    e.g.
    Compromise a trusted host.
    Take down support infrastructure e.g. router load balancer, DNS servers
  11. DeiBellum Member

    Well another problem with gerdab is that as stated above it has DOS mitigation online and running. If you spam x many packets per second it will cut your connection. THis is why the Slowloris and LOIC attacks are starting to decrease in efficiency
  12. Vee Member

    Stealth Portmapping still works. But theres not much open

    Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-07-07 22:03 EST
    Interesting ports on 81.12.13.144:
    Not shown: 1678 filtered ports
    PORT STATE SERVICE VERSION
    80/tcp open tcpwrapped
    631/tcp closed ipp
  13. DeiBellum Member

    as I stated, only HTTP is open the rest are closed/filtered :)
  14. it's dangerous to try to attack these sites from inside iran cause the log is being watched and no one knows what would happened! so guys from out side iran try to do something...! any injections or anything....:-"
  15. Vee Member

    Its 100% filtered atm for me now. I wonder if there doing region based filtering on timezones.
  16. no response

    Unfortunately after almost a dozen replies, no answer to my question.
    I guess the pro's need more motivation than glory and justice.
  17. Vee Member

    Yes professionals would be needed.
    Then again there not going to disclose their current activities on a forum either. It would give the admins a chance to patch and mitigate.
  18. That's why I just asked for a simple yes.
    Non given so far.
  19. Stacy Member

    I'm not sure what you are wanting. People are working on it everyday, there is nothing more anyone can tell you right now.

    If you are wanting a simple 'yes' you aren't going to get that while the site is still up. There are many people working on it and they are working hard, if you have some ideas I'm sure they would love to hear them.
  20. Stacy Member

    Vee, please check your pm's, I sent you a link for something.
  21. Okay, I let it rest and just wait until it's down.
    I don't have any ideas other than waking up the professionals to get it done.
    Rather now than tomorrow.

    I've been sending mails to web security companies the last week, asking them to step in and/or give some advice on this site, we'll see what that might bring us.
  22. Stacy Member

    For the site INSIDE Iran it is going to a very, very experienced group to bring it down it seems. It has gone up and down, taken down in very simple ways, but as they posted on that site, they were on to what was going on and they make adjustments and also evidently threatened to report people to the FBI, like anyone in the US cares about that.

    I don't know that anything can legally be done about sites hosted in Iran, I mean the laws are what they want them to be and they put people in jail for no reason. If they will jail people from another country and not care what that country says about it, they aren't going to be pressured by any other country to take that site down.

    Now if you know someone that has the expertise to take this site down, everyone here would LOVE for them to come here and post and join in the fight. So far none of the people have had any egos and they all seem to be helping each other and working together.
  23. I'd just like to point out (before anyone becomes too discouraged) that our efforts may have bought some protesters a little time. If anyone evaded arrest as a result, we've scored quite a victory. We are, after all, up against the resources of a nation-state.

    As for "calling in professionals", why not take a stab at it yourself and perhaps learn a few new tricks in the process. Download metasploit and other commonly available tools. Fumble around. Fail. Who cares? Gerdab's logs must be jammed with attempted hacks, and I doubt many prosecutors would relish the thought of explaining to a judge or jury why your efforts deserve punishment. This is not professional legal advice, mind you, but come on. Point is you might learn something new, and that's a victory right there.

    Is this site not a redoubt of Anonymous, final boss of the internet. Is DDOS all you ever plan to be good for? Why not take this opportunity to learn and adapt? At the very least, we might cause 'em some mild heartburn in the process. What say you?
  24. Srpska Member

    This man speaks truth. What is our profession? Right.
  25. Stacy raises an interesting point. The other day I tried to access FTC to complain about my wonking creditor that refused to back down on its ururious stance. Lo and behold the site is down. I shrugged it off thinking maybe everyone is having my issue and the server is getting clobbered by customers. No way! It turns out North Korea [allegedly] launched a cyber attack against US Federal Government servers!

    My issues revolve around the motivation:
    They know their missiles are too lame, so were they thinking "why not lets use out near infinite bandwidth to f@&% with the US government."?

    Did they think they might like to take the opportunity to counter-attack the US for /i/ran? If so does this mean Long Dong Il and his band of NoKo's are looking to supply the rainians with nuke tech or possibly look towards Ahmedinejad as a possible funding source for nokos own Uranium slave-mining operations, thus creating another potential nuke customer?

    This past weekend opened a whole 'nuther pandoras box if you ax me. And is it me or does it seem to push the doomsday clock a little bit *beyond* midnight.

    Narrow window is narrow.



  26. Srpska Member

    Tinfoil hat is tinfoil.

    My analysis is more simple: The North Koreans found a way to fuck some shit up, so they did it.

    They're not "allied" with Iran in any sense other than that they both hate the West; the probability of them worknig together is very low. And as for NK supplying Iran with nukes: Firstly, there's a big difference between possession and being able to supply, and secondly, why would Iran get them from Iran when it can get them from Pakistan and Russia?

    However, offtopic is also off.
  27. Obvious tips are obvious

    They either need another port open in some fashion (more likely) or they are relying on some HTTP admin interface (less likely). That probing shows just HTTP implies obviously the rest are blocked. That means if they are using another service (FTP, SSH, etc.) it is restricted by IP. You'll have to find the place they are administering it from and compromise the site there (good luck with both).

    Of course, they're using server-side scripting so you could always exploit holes in their logic but anything you know they'll probably know (or find out pretty soon) and that's more or less a game of cat-and-mouse.
    Not a bad idea either, so long as you cover your tracks. Normally, a site like this, under a DDoS, will try to quickly flush out its logs to save space and processing power. Given the Iranian government's stalking of protesters, they're probably trying to log everything. They are actively searching these logs for anyone to prosecute, and that takes labor hours, which costs them money. Each line is something they have to investigate, taking a couple more seconds. You're not only wasting their bandwidth with probes and the like, but you're also wasting other resources by clogging up logs.
  28. Hechicera Member

    You meant from NK when it can get them from Pakistan or Russia.

    Why does everyone forget China?

    Not that I'm suggesting the cyber attacks were from there, but as a supplier of nuclear tech. China has many client states already, and it certainly could use the oil.
  29. Srpska Member

    Yes.
    True. Using a pr0xy in the form of NK would be the cyber equivalent of the Cold War pr0xy wars - enabling China to strike at the US without actually precipitating a war.
  30. Srpska Member

    Suggesting that an HTTP flood is still feasible?

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins