RobertClarke/Server Crate back ?

Aldryic C'boas

The Pony
If that's where Robert stopped
That's not where it stopped.  That's what everyone seems to be conveniently overlooking... he didn't just test for vulnerabilities, he DIRECTLY INSTALLED ONE onto Nick's gear.

Anyone who tries to claim that uploading malicious software (such as that lulz.php shit that displays a full DB dump and allows full root access) is pen testing is either STUNNINGLY full of shit, or is incompetent enough that they have absolutely no business in this field. 
 

Nick_A

Provider of the year (2014)
I will not comment on any legal matters at this time. Anyone who has any information to offer for any potential investigations is welcome to email me directly - nick[at]ramnode.com
 

BK_

New Member
I will not comment on any legal matters at this time.
 

Understandable if you can't, but could you comment as to whether or not you are proceeding with legal action towards any of the suspected parties involved?
 

concerto49

New Member
Verified Provider
That's not where it stopped.  That's what everyone seems to be conveniently overlooking... he didn't just test for vulnerabilities, he DIRECTLY INSTALLED ONE onto Nick's gear.

Anyone who tries to claim that uploading malicious software (such as that lulz.php shit that displays a full DB dump and allows full root access) is pen testing is either STUNNINGLY full of shit, or is incompetent enough that they have absolutely no business in this field. 
Agrees. I don't get why everyone is agreeing that hacking is legal and positive. This person hacked RamNode and admitted to it. That is a crime. So if you break into someone's house despite not stealing anything is it still a crime? How do we know what his intentions were? Even if there is currently no evidence pointing to that he didn't do anything malicious he could have and it could have been his intention.

You don't go hacking a provider to see if they are vulnerable. You raise a ticket, alert them of the issue and ask. If you found a bomb on the floor do you try it to see if it explodes? What if your actions (assuming for the benefit of the doubt you don't know what you are doing) deleted everything the provider had?

Trying exploits/hacks on others isn't pen testing. It is pen testing if you are contacted as a proper security auditor to do a check. Is it because this is the Internet? If you had a bazooka and shot down a plane yould go in jail. I doubt your excuse of "I'm only testing if the plane had proper armor" would work for you.
 

mojeda

New Member
Honestly there is absolutely no reason for you to test a host's security in this type of event. If there is a known exploit then you need to:

  1. Not execute the exploit yourself
  2. Notify the host and/or software maker
  3. Not execute the exploit yourself
  4. Move on, let others know.
There is no reason why people should be "testing" the exploit without the host asking for it.
 

Jack

Active Member
Honestly there is absolutely no reason for you to test a host's security in this type of event. If there is a known exploit then you need to:

  1. Not execute the exploit yourself
  2. Notify the host and/or software maker
  3. Not execute the exploit yourself
  4. Move on, let others know.
There is no reason why people should be "testing" the exploit without the host asking for it.
I agree 'testing' the exploit isn't the best idea but how about seeing if the file was there for example? 
 

Mun

Never Forget
I agree 'testing' the exploit isn't the best idea but how about seeing if the file was there for example? 
.... but but but but but I just wanted to leak the whole DB to the internet for lolz........................... :(
 

Jack

Active Member
I'm sure they'd know if it was there (if you notified them).  Therefore there's no reason for you to check yourselves.  
Yes but for example you went to "centralbackup.php" to see if it existed or 404'd...

If exists open ticket/contact with provider if it 404's you didn't think about it further... 

Do you think that is correct or you shouldn't even see if the file exists.. 

I had 2-3 people 

"GET /centralbackup.php HTTP/1.1" 302 0 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15"

"GET /centralbackup.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36"

ect..
 

concerto49

New Member
Verified Provider
Yes but for example you went to "centralbackup.php" to see if it existed or 404'd...

If exists open ticket/contact with provider if it 404's you didn't think about it further... 

Do you think that is correct or you shouldn't even see if the file exists.. 

I had 2-3 people 

"GET /centralbackup.php HTTP/1.1" 302 0 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15"

"GET /centralbackup.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36"

ect..
I don't think you'll get sued for it, but I think it's wrong. I doubt the users reading the exploit knows what happens. IF and what IF going to that URL that's been exploited results in deleting all the hosts data? It would be by accident, but you wouldn't know. Trying out exploits is definitely not the way to go.
 

drmike

100% Tier-1 Gogent
That's not where it stopped.  That's what everyone seems to be conveniently overlooking... he didn't just test for vulnerabilities, he DIRECTLY INSTALLED ONE onto Nick's gear.
 

^ this... is grounds for legal ass kicking.

He used the exploit to confirm.  Refused to stop there and notify RamNode then furthered that by installing hack/exploit/control script.

Yeah, why the delay in filing proper legal charges or bringing a civil lawsuit?
 

mitsuhashi

Member
I've been on a Report ticket going back and forth with bear from WHT on this. Basically, he's aware of the accusations but apparently hasn't seen any concrete evidence that Robert Clarke ran the exploit. If any of you possess evidence, I'd suggest you open up a ticket and send him some, as I'm just a noob that likes being a RamNode customer.
 

Nick_A

Provider of the year (2014)
I've been on a Report ticket going back and forth with bear from WHT on this. Basically, he's aware of the accusations but apparently hasn't seen any concrete evidence that Robert Clarke ran the exploit. If any of you possess evidence, I'd suggest you open up a ticket and send him some, as I'm just a noob that likes being a RamNode customer.
I have sent concrete evidence as of yesterday. Thanks for your support!
 
Top