Announcement

Collapse
No announcement yet.

Hackers vs. Windows, Mac, Linux next week in big-money contest

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Most remote exploits (i.e. over a network) use buffer overflow..I said buffer overrun before but, the term is buffer overflow. Thats what I meant when I said elephant... Lets put it this for as long as Unix has been around buffer overruns have been around ....same goes for every other computer out there. You can mitigate it....However that takes processor power...no way round that one.


    Basically when a program is executing in memory it sets up memory locations to store various things....including the actual program thats running. As well as sometimes a program will allow you to enter things.....like lets say telnet. So Telnet sets aside space in memory for what the user enters in as the username prompt. So as a malicious user instead of a username I enter 1mb of data and hit return. Now some of that data is actual C code (called a payload) but before the payload is a part called the NOP slede. Telnet goes to write in the "username" into the memory space and ends up overwriting part of itself in memory. The NOP sled is basically a big target. Basically an instruction that says ..no operation here proceed to next operation. So we've overwritten part of the executing program with a large area that say's proceed to next line in code. the idea is that at some point the executing program will try to return to itself in memory and hit the NOP sled. Once it hits the NOP sled it slides all the way down and executes the pay load. Which could be something like open a shell on some port and only allow telnet clients to connect to get a session if they have a teminal type of 733t.

    Part of what SELinux does is a input verification ....Meaning as a program should I really take 1mb of user inputted data and also any special codes in that data should be striped out.

    The other thing it does is boundary checking in memory. Meaning do I really want that program to overwrite itself in memory.

    the draw back to this is of course a performance hit.

    Comment


      #17
      Originally posted by -IRC-MIKE View Post
      LoL.. in another thread someone else said the same thing about me using blue .... and they were using the dark colors in the forums. Go to the bottom of THIS Page and on the left hand side change it from "---Sub Blue" to "----Sub Charcoal" and I think you'll like that better.

      I prefer a white back ground. if you used italics or bold tags to make a point it would be readable no matter what anyones preferences were

      Comment


        #18
        Originally posted by mapes View Post
        Most remote exploits (i.e. over a network) use buffer overflow..I said buffer overrun before but, the term is buffer overflow. Thats what I meant when I said elephant... Lets put it this for as long as Unix has been around buffer overruns have been around ....same goes for every other computer out there. You can mitigate it....However that takes processor power...no way round that one.


        Basically when a program is executing in memory it sets up memory locations to store various things....including the actual program thats running. As well as sometimes a program will allow you to enter things.....like lets say telnet. So Telnet sets aside space in memory for what the user enters in as the username prompt. So as a malicious user instead of a username I enter 1mb of data and hit return. Now some of that data is actual C code (called a payload) but before the payload is a part called the NOP slede. Telnet goes to write in the "username" into the memory space and ends up overwriting part of itself in memory. The NOP sled is basically a big target. Basically an instruction that says ..no operation here proceed to next operation. So we've overwritten part of the executing program with a large area that say's proceed to next line in code. the idea is that at some point the executing program will try to return to itself in memory and hit the NOP sled. Once it hits the NOP sled it slides all the way down and executes the pay load. Which could be something like open a shell on some port and only allow telnet clients to connect to get a session if they have a teminal type of 733t.

        Part of what SELinux does is a input verification ....Meaning as a program should I really take 1mb of user inputted data and also any special codes in that data should be striped out.

        The other thing it does is boundary checking in memory. Meaning do I really want that program to overwrite itself in memory.

        the draw back to this is of course a performance hit.

        When do you wanna get together and start compiling our own kernel?

        Comment


          #19
          Originally posted by mapes View Post
          Part of what SELinux does is a input verification.
          so.... basically its to prevent on the OS side of things, what can be done if you were to name your kid, say, "Robert'); DROP TABLE Students;--", and send him to school, right? stopping malicious code BEFORE it starts

          Comment


            #20
            Originally posted by darth_nevus View Post
            so.... basically its to prevent on the OS side of things, what can be done if you were to name your kid, say, "Robert'); DROP TABLE Students;--", and send him to school, right? stopping malicious code BEFORE it starts
            Your right on the money Darth only this is at the kernel level ...especially the memory allocation area. Where DROP TABLE would be more at a the application level. Although input validation or input sanitizing is equally important there as well. However it has to be built into the code that web developer is making. BTW that type of thing DROP TABLE is used in Cross Site Scripting attacks. I QA'd a product that had one.

            Basically an attacker would try to access a management web page on the appliance. Something like www.blah.com/GRANT_ALL user fred. Which did nothing but get logged to a file. If the administrator then went to view the log file via the web interface it basically ran that command on the database....

            Comment


              #21
              you know, its funny. your conversations just made me remember about breaking into the schools computer system back in the olden days, and how they ran a linux/SQL system here in our town. how horribly easy it was for them to slip up, and made me remember an old comic with that line in it. i always wanted to see what would happen to the school system if it went that far.

              Back to topic!

              When do we find out who wins? i read it was the 26th - the 28th, MY question is why you, mapes, & mike aren't out there enlisted for the 10k prize!

              Although, what REALLY makes me laugh, is that not only do you get the 10k, but also the laptop you hacked.... Why on earth after you hacked it and published HOW, would you even want it? rofl. give me one of th laptop that didn't get hacked into. rofl.

              Comment


                #22
                Originally posted by darth_nevus View Post
                When do we find out who wins? i read it was the 26th - the 28th, MY question is why you, mapes, & mike aren't out there enlisted for the 10k prize!
                .

                Because I'm not a coder. I can learn and understand complex logical arraignments that are used in let say... network connections or how a file system is actually laid out on a drive(s). I could even detect a possible problem with a process flow....The problem is I could never write/program actually exploit code to take advantage of such a thing. Sigh I guess I should learn some programming language.....

                Comment


                  #23
                  well, you have 12 more months mapes!

                  Comment


                    #24
                    Shall we start a Cain's Lair hacking team? :P
                    [img]http://img.photobucket.com/albums/v337/Igorod/troopdod.jpg[/img]
                    [url=http://profile.xfire.com/trooper110][img]http://miniprofile.xfire.com/bg/co/type/1/trooper110.png[/img][/url]

                    Comment


                      #25
                      I missed the boat on the Programming Languages too. I don't know quite enough to be dangerous and it is a GIANT step to go from where I am to being considered a cracker.

                      Comment


                        #26
                        Basically I know enough that when I need a script I can google for some elses work and then change a couple of variables and recompile.

                        Comment


                          #27
                          I will state that there is only 1 operating system that is proven to be 100% hack proof. It is OpenVMS. I know the internals of OpenVMS like the back of my hand. I know enough of the other operating systems' internals to state that at the hardware-OS kernel level, they are fundamentally flawed and will always be hackable to a greater or lessor degree. To me, this contest is interesting yet pointless.

                          I personally know the guys that proved it at DefCon specifically DefCon9:OpenVMS and defcon9.zip
                          [url=http://profile.xfire.com/nomadicus][img]http://miniprofile.xfire.com/bg/sf/type/0/nomadicus.png[/img][/url]

                          Comment


                            #28
                            Originally posted by Nomadicus View Post
                            I will state that there is only 1 operating system that is proven to be 100% hack proof. It is OpenVMS. I know the internals of OpenVMS like the back of my hand. I know enough of the other operating systems' internals to state that at the hardware-OS kernel level, they are fundamentally flawed and will always be hackable to a greater or lessor degree. To me, this contest is interesting yet pointless.

                            I personally know the guys that proved it at DefCon specifically DefCon9:OpenVMS and defcon9.zip
                            Hey I used to work with the guy's who founded TGV....

                            Comment

                            Cain's Lair Forums Statistics

                            Collapse

                            Topics: 26,187   Posts: 269,850   Members: 6,183   Active Members: 6
                            Welcome to our newest member, Fermin13Q.

                            Today's Birthdays

                            Collapse

                            There are no members with birthdays today.

                            Top Active Users

                            Collapse

                            There are no top active users.

                            More Posts

                            Collapse

                            • Reply to Hi guys!
                              by Evil_T0NY {CLR}
                              I've been Alpha and will be Beta testing the Delta Force game. It's been really getting good reviews! Definitely a good Battlefield feel to it like the...
                              14 Nov 2024, 08:50 PM
                            • Reply to Hope your all OK over there
                              by Apache Warrior
                              We had 17 inches of rain from the storm on November 7, 2024.
                              Apache
                              11 Nov 2024, 07:55 AM
                            • Reply to Hope your all OK over there
                              by Sirex
                              Aye, I'm inclined to agree with that lmao
                              Gone are the days of warm summers and snow filled winters here, nothing but rain and wind for 8mths of...
                              10 Nov 2024, 08:53 PM
                            • Reply to Hope your all OK over there
                              by Apache Warrior
                              Now we have had a lot of flooding in this area and there are still a lot of houses that have not been repaired. Must be the apocalypse.
                              ...
                              8 Nov 2024, 09:23 AM
                            Working...
                            X