Most remote exploits (i.e. over a network) use buffer overflow..I said buffer overrun before but, the term is buffer overflow. Thats what I meant when I said elephant... Lets put it this for as long as Unix has been around buffer overruns have been around ....same goes for every other computer out there. You can mitigate it....However that takes processor power...no way round that one.


Basically when a program is executing in memory it sets up memory locations to store various things....including the actual program thats running. As well as sometimes a program will allow you to enter things.....like lets say telnet. So Telnet sets aside space in memory for what the user enters in as the username prompt. So as a malicious user instead of a username I enter 1mb of data and hit return. Now some of that data is actual C code (called a payload) but before the payload is a part called the NOP slede. Telnet goes to write in the "username" into the memory space and ends up overwriting part of itself in memory. The NOP sled is basically a big target. Basically an instruction that says ..no operation here proceed to next operation. So we've overwritten part of the executing program with a large area that say's proceed to next line in code. the idea is that at some point the executing program will try to return to itself in memory and hit the NOP sled. Once it hits the NOP sled it slides all the way down and executes the pay load. Which could be something like open a shell on some port and only allow telnet clients to connect to get a session if they have a teminal type of 733t.

Part of what SELinux does is a input verification ....Meaning as a program should I really take 1mb of user inputted data and also any special codes in that data should be striped out.

The other thing it does is boundary checking in memory. Meaning do I really want that program to overwrite itself in memory.

the draw back to this is of course a performance hit.

I prefer a white back ground. if you used italics or bold tags to make a point it would be readable no matter what anyones preferences were

When do you wanna get together and start compiling our own kernel?

so.... basically its to prevent on the OS side of things, what can be done if you were to name your kid, say, "Robert'); DROP TABLE Students;--", and send him to school, right? stopping malicious code BEFORE it starts

Your right on the money Darth only this is at the kernel level ...especially the memory allocation area. Where DROP TABLE would be more at a the application level. Although input validation or input sanitizing is equally important there as well. However it has to be built into the code that web developer is making. BTW that type of thing DROP TABLE is used in Cross Site Scripting attacks. I QA'd a product that had one.

Basically an attacker would try to access a management web page on the appliance. Something like www.blah.com/GRANT_ALL user fred. Which did nothing but get logged to a file. If the administrator then went to view the log file via the web interface it basically ran that command on the database....

you know, its funny. your conversations just made me remember about breaking into the schools computer system back in the olden days, and how they ran a linux/SQL system here in our town. how horribly easy it was for them to slip up, and made me remember an old comic with that line in it. i always wanted to see what would happen to the school system if it went that far.

Back to topic!

When do we find out who wins? i read it was the 26th - the 28th, MY question is why you, mapes, & mike aren't out there enlisted for the 10k prize!

Although, what REALLY makes me laugh, is that not only do you get the 10k, but also the laptop you hacked.... Why on earth after you hacked it and published HOW, would you even want it? rofl. give me one of th laptop that didn't get hacked into. rofl.

Because I'm not a coder. I can learn and understand complex logical arraignments that are used in let say... network connections or how a file system is actually laid out on a drive(s). I could even detect a possible problem with a process flow....The problem is I could never write/program actually exploit code to take advantage of such a thing. Sigh I guess I should learn some programming language.....

well, you have 12 more months mapes!

Shall we start a Cain's Lair hacking team? :P

I missed the boat on the Programming Languages too. I don't know quite enough to be dangerous and it is a GIANT step to go from where I am to being considered a cracker.

Basically I know enough that when I need a script I can google for some elses work and then change a couple of variables and recompile.

I will state that there is only 1 operating system that is proven to be 100% hack proof. It is OpenVMS. I know the internals of OpenVMS like the back of my hand. I know enough of the other operating systems' internals to state that at the hardware-OS kernel level, they are fundamentally flawed and will always be hackable to a greater or lessor degree. To me, this contest is interesting yet pointless.

I personally know the guys that proved it at DefCon specifically DefCon9:OpenVMS and defcon9.zip

Hey I used to work with the guy's who founded TGV....