• Welcome to Valhalla Legends Archive.
 

What does this mean?

Started by BaDDBLooD, October 20, 2004, 09:16 PM

Previous topic - Next topic

Skywing

Quote from: iago on October 22, 2004, 07:06 AM
Well, Windows default install without a firewall vs. Linux (good distro) default install without a firewall, Windows has about 6 ports open whereas Linux has 1 (ssh). 

But  in any case, yes, it works best if you're unpatched.  But I wouldn't be awfully surprised if there are unknown exploits (particularely in Windows 2000 -- don't forget that XP SP2 was 300mb of mostly unannounced security fixes that Windows 2000 and Windows NT don't get).

My point is, it's not nearly as impossible during a game that it is in a channel or over a non-direct-connect AIM session.
Actually, some of the Linux distributions released around Windows XP had quite a few probllems with that (e.g. Red Hat, I believe).

iago

I should have specifically said "Good" linux distros, defined as "Slackware" :)

Yeah, Red Hat (and Kde) have Microsoft Fever. :(
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Kp

Quote from: Skywing on October 23, 2004, 02:03 AM
Quote from: iago on October 22, 2004, 07:06 AM
Well, Windows default install without a firewall vs. Linux (good distro) default install without a firewall, Windows has about 6 ports open whereas Linux has 1 (ssh). 

But  in any case, yes, it works best if you're unpatched.  But I wouldn't be awfully surprised if there are unknown exploits (particularely in Windows 2000 -- don't forget that XP SP2 was 300mb of mostly unannounced security fixes that Windows 2000 and Windows NT don't get).

My point is, it's not nearly as impossible during a game that it is in a channel or over a non-direct-connect AIM session.
Actually, some of the Linux distributions released around Windows XP had quite a few probllems with that (e.g. Red Hat, I believe).

Without contesting that, I'd like to reiterate that you can get a Linux system down to the state iago described without using a firewall, but I've never heard of a way to close some of Windows default ports without horribly crippling the system.  If there is such a way, please share. :)
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Thing

QuoteWithout contesting that, I'd like to reiterate that you can get a Linux system down to the state iago described without using a firewall, but I've never heard of a way to close some of Windows default ports without horribly crippling the system.  If there is such a way, please share.

http://www.idrci.net/

Their packet filter kicks ass.  I typically install and configure it before I connect a Winders box to the Internet.
That sucking sound you hear is my bandwidth.

Kp

Quote from: Thing on October 23, 2004, 01:19 PMhttp://www.idrci.net/
Their packet filter kicks ass.  I typically install and configure it before I connect a Winders box to the Internet.

Neat, and thanks.  But my question was aimed at a defense achievable without firewalling/filtering the box. :)
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

quasi-modo

Would someone explain how one would go about sending something to someone by just knowing their ip fi their system is not patched? I am confused as to how that all works? Would you do it through buffer overflow? Maybe my definition of buffer overflow is screwed up....
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Newby

If the port is open, you can get right in. Your definition of buffer overflow is truly FUBAR.
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

quasi-modo

#22
well how would one go about getting in through an open port? I am not a leet haxor....  :(
*note: This is not a dumb 'how do you hack' question. I do not need a step by step. I just want a sort of understanding of what happens. I feel it would be beneficial to know.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Kp

Quote from: quasi-modo on October 24, 2004, 09:41 PMwell how would one go about getting in through an open port? I am not a leet haxor....  :(
*note: This is not a dumb 'how do you hack' question. I do not need a step by step. I just want a sort of understanding of what happens. I feel it would be beneficial to know.

First, confirm that the victim is running an exploitable service.  Connect to that service and interact with it in the normal manner, except for the exploitable message(s).  A service is exploitable if there are one or more messages which it does not validate fully.  For instance, if it trusts you not to send too big a message, handling for that message is exploitable.  Violate that trust by sending a huge message, and its buffer will overflow.  Data following the buffer will be replaced with part of your message.  Depending on the circumstances and how seriously you overflowed it (one byte vs. one kbyte, for instance), the effects may range from negligible to service crash to remote control.  The last case is what is generally classified as "remote code execution", and occurs when the buffer is near enough to the procedure's return address that your data replaces the return address.  Thus, when the processing code returns, it returns to a location of your choosing.  If this ultimately causes it to return to your message as code, it will then run your message with its privileges.  At this time, the process is doing your bidding.  Malicious users capitalize on this to have it perform actions such as creation of adminsitrative accounts or download/install of more powerful malware.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Grok


iago

To put it simply, to "hack" somebody with a buffer overflow, you send them machine code and trick them into running it.

Kp's definition is excellent, but more technical :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MisJudged

Im just wondering how you came to see that? Did you whisper him?

quasi-modo

Then I was right to begin with, you use buffer overflow.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

iago

Quote from: quasi-modo on October 25, 2004, 07:33 AM
Then I was right to begin with, you use buffer overflow.

You can exploit things other than buffer overflows, however.  Like I said, you need to inject code and get them to run it.  You can do:
- Buffer Overflow
- Heap Overflow (much more difficult to run arbitrary code)
- Format string vulnerability

And probably many others.  A buffer overflow is only one of many possible vulnerabilities
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Adron

Quote from: iago on October 25, 2004, 07:05 AM
To put it simply, to "hack" somebody with a buffer overflow, you send them machine code and trick them into running it.

Kp's definition is excellent, but more technical :)

You don't actually trick them into running it. You trick their machine into running it. Tricking them into running it would be one of the common scam / dialer / popup things.

|