Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: ulTRAX@webtv.net HACKINGS GREATEST BLUNDERS I'm still waiting for some post from a few hours ago to come on the board. They dealt with one of the big blunders in WTV hacking history... where we had all he pieces of the puzzle and yet we did not put them together in the right way to have a breakthrough. I'm talking about the IP:port/file method. I'll repost when the other posts come up so I can C&P and fill in some gaps..
Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: ulTRAX@webtv.net Re: BLUNDERS: http://IP:port/file If any of you have actually read the main intro to my site you know one of my goals was to prevent us from having to "reinvent the wheel". The following is a case history of why having an archive is important.. to prevent such monumental blunders. During the Great Tricks Breakin of Aug 98 we got our first glimpse of the Client:ShowServices list. It had the IPs and ports for all of WTV's services. Since we also had the URL, we could revisit it. It was around that time that I realized we could get kicked back to login by putting a http:// in front of the IP:port. Since the servers were responding, it had to mean we were on the right track. Three days after, Mattman built on that and speculated that maybe the file name could be added to the end to look like: http://IP:port/file. This all happened the Friday after the breakin. But apparently, in all the excitement and with all the discoveries... the idea was lost without being tested. This was not Matt's fault... all the members of the group forgot about it. Hence the blunder. Two months later, Sabrina77 reposted an old URL that was part of the Fall 97 Upgrade letter. TipTup then posted on some weird results he got trying to access that VideoFlash demo. Something to the effect http://realaudio-1.alma.webtv.net could not find the page. The last URL http://realaudio-1.alma.webtv.net:1696/movies/measurements.mpg even had a different file name! This was the first time we had actually seen the DNS name plus the port and a file name. Some discussion and old posts on this can be found at http://members.tripod.com/ulTRICK/archive/ip.html All this was pointing towards something new and forced us to revisit the whole idea of http://IP:port/file At that time Matt tried the http://IP:port/login and got some weird TXT results. But for once we weren't being kicked back to login. He then tried http://IP:port/willie and accessed Killer Willie. ECW immediately tried http://IP:port/willie using some IPs found in Tricks and found that the Tricks pages on other services were just regular web pages. This lead to the realization that the "world was awash with willies" LOL Anyway, this story is a classic example reinventing the wheel.. and how two months were wasted because no one was asking the right questions.
Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: ulTRAX@webtv.net Re: BLUNDERS: http://IP:port/file What also should be noted in this "case history" is that discoveries are typically never made in isolation. Usually the person to make some breakthrough is just the person to put the last piece in the jigsaw puzzle... work done by others. It's akin to a baseball game where sometimes the person getting the last run is credited with winning the game, yet we all know that the game was one though a combination of ALL the pitching, hitting, fielding, as well as the weakness of the opposition. Question is: how do you make the process efficient? I believe working in well-balanced teams is critical to quick progress... as is having a source of info... be it the team, a site, or a NG. It's called synergy: where the whole is greater than the sum of its parts. Critical to that process is having enough info and interaction with others to be able to formulate good questions.. which can lead to good answers.
Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: ulTRAX@webtv.net Re: BLUNDERS: Plus1 HD Files I have a copy of an old post dated 2-1-98 from REDIX... one of the people behind the WTV-MADNESS site. At that time he said he had found the file://disk/browser directory.. as well as some subdirectories file://disk/browser/tv/ file://disk/browser/tv/listings For reasons unknown, this was never exploited (I know I could not get to them at the time) yet it should have started a massive effort to explore the then new Plus1. It wasn't until a year later that this whole topic was revisited... this time because of eat_meimacookie.
Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: GrimIo@webtv.net (g™ / rimio) Re: BLUNDERS: Plus1 HD/ROM Files (ulTRAX) So who should be rightfully credited with finding how to access/decode files/directories? REDIX or cookie? There are whole sections of our box such as the file://rom/Test/ and file://rom/Phone/ directories that probably 1 in 50 people here have ever heard of. If you ask me, I think it's the right time to release all the files that Eric Mac found. I'll post them later. Someone on WebTV had found the exact same files on his Dish-Player along with the screen saver file with his own method a few months _before_ Eric did. The screen saver was something "afterdark". He had even found phone numbers for head offices at Microsoft code named after "The Flintstones" characters. If you're reading this, would you like to post your findings?
Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: ulTRAX@webtv.net Re: BLUNDERS: Plus1 HD/ROM Files (grim) It would seem that REDXI has to get some of the credit... He either was a VERY good guesser or was the first to actually realize the jibberish were subdirectory names. I remember writing him at the time but don't remember if he repsonded. The only response I ever got out of my box at the time was the HD would come on. These were the days when the HD did NOT run constantly. At the time, since I could not access anything, I assumed that's how he knew he found the subdirectories.... by guessing names and listening for the HD to come on.
Group: alt.discuss.webtv.hacking Date: Mon, Apr 10, 2000 From: ulTRAX@webtv.net Re: BLUNDERS: romcache images While the Classic1 had a nice link based Image directory, the Plus1 did not. But in late April someone found file://romcache//index.html It gave the similar jibberish list we get today... but seemingly shorter. I still have my printout of that directory and now that we're clued into decoding it, I have to wonder why we didn't at the time. Also in April 98 TipTup announced he had found 600-800 WTV URLs. But back then Tip was a newbie and pretty out to lunch. Carrying on a conversation with him trying to get concrete about any of his often wild claims was an exercise in pure frustration. He later changed his story to 1/100th the original but still never proved anything. So, we're left again with a situation that it took almost 10-12 months before the ROMCACHE index was revisited and decoded. Since the old URL brings me to the same index as the new URL, it's pretty obvious WNI has been adding to the image collection. But there are some images that may have been deleted. Maybe I'll put up a page.