| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by terom 1790 days ago

Based on links in the other hackernews thread, it was quick-formatted, but a filesystem containing qemu disk images was recovered: [1]

The YouTube video is in French without English CC subtitles, but there's screenshots of exploring what I assume would be one of the qcow images: [2]

* 03:59 `/root/.ssh` with SSH id_rsa (private) keys, (public) authorized_keys and (hashed) known_hosts

* 07:14 server binaries

* 08:42 server logs

* 12:59 AWS/S3 secret access keys

* 13:33 Source code... in QBASIC ?! must be very valuable legacy code :D

* 17:30 brute-forcing the ssh known_hosts

* etc

[1] https://mobile.twitter.com/Micode/status/1395640486715662336

[2] https://www.youtube.com/watch?v=xf_cKTlOYLo

3 comments

TonyTrapp 1790 days ago

Note: QB64 (which is mentioned in the video) is a modern-day reimplementation of QBasic. It doesn't have to be legacy. Some people still prefer using Basic as their "scripting language" for quick tasks where other people would be using Python or JS these days.

link

alyandon 1790 days ago

Although I never cared much for the language itself, I continued to write small programs in QB for many years because of its ability to produce an EXE file that ran in DOS and Windows without any dependencies.

link

ChrisArchitect 1790 days ago

Other thread mentioned: https://news.ycombinator.com/item?id=27957471

link

rasz 1790 days ago

>it was quick-formatted

are there OSes that perform quick format without issuing TRIM command to the SSD? TRIM would vanish the data in less than 15 minutes.

link

djrogers 1790 days ago

Yes, 15 minutes is not 'quick' by most standards - quick formats take seconds, not minutes.

link

rasz 1789 days ago

up to ~15 minutes is not the time it takes to quick format, its the number Iv seen during testing of TRIM, the time it took to internally erase translation table after format command.

There should be NO DATA on the drive if it was really formatted on OS supporting TRIM.

link

fomine3 1789 days ago

I believe parted won't issue TRIM for whole disk/partition after erasing partition table or partition. Possibly mkfs.xfs issues TRIM? I don't know.

Anyway, what they should at least is just issue `blkdiscard /dev/sdb`, or betterly Secure Erase (on SATA) or Sanitize (on NVMe).

link