As you know ISP stands for Internet Service Provider, those guys who let you connect to the Internet, usually over against a particular amount of fee. The title says hack, but it's not really a hack, but a pretty good bug exploit.
It was before a festival, some guys got in trouble for a dirty business (nothing happened after all), but I got acquainted with one of them. He was a real hacker, without the slightest knowledge of programming. He has his own "friends", passwords, programs and money-making prospect (and I'm not talking about working here, it's more like stealing).
He lives close to me, close enough to have the same ISP. He told me that our Internet Service has a bug. Our provider gives dynamic IP (for me became static since I have router and not turning off too often), which I knew about. The trick I didn't knew, was that different IP addresses got different bandwidths. Inside the local network (it's larger than the whole city) there's about 2-5 MB/s speed, outside is 255-500 KB/s. But there are a few IP addresses which got more then 5 MB/s speed outside of the local network.
That was the time he became my costumer. I had programming knowledge, and he had every other. Helped me a lot to create the bot, which search for the owning IP. It was simple: connect, calculate the bandwidth, if it was good enough exit, else disconnect and start over. For connecting and disconnecting I used RasDial, for bandwidth calculation RapidShare. The whole thing was implemented in C#.
A little reference for both of them:
I think the second link is a broken one, or just the server is down temporary, either way I'll post my complete source code:
- RapidShare Upload Class : used for bandwidth calculation. Completely copied from the second site I gave before.
- Main program
- XML template file for user informasion
The program is very simple. I created a file (it's size is 1MB, but it can be changed), which is uploaded each time the bandwidth is calculated. The calculation is simple too, measure the time, and divide the uploaded file's size with it, then convert to KB/s.
To sum up, this wasn't that great of a hack. These IP's would have been allocated for users anyway, and a user could get access manually too, I just created a search bot to speed up the process. And I never taught about telling anyone in charge, I mean who don't wants speed? And why not to use it, if there's already outside somewhere?
If you have a dynamic IP, RasDial with the BotNet presented in the previous post can be used on anonymous voting polls. Vote, change IP and vote again (and do not accept any cookie). Maybe someday I'll create a software for that too. Another use would be brute-forcing logins. It's rustic but impossible to create defense against it. At least I couldn't do it.
But for now, I'll stay on Lamer, and attack it for a few more times.
1 comment:
Highly informative, please continue writing.
Post a Comment