-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thanks, this image [1] certainly qualifies as a "intentionally vulnerable" image. The guys at my school have used it pretty extensively for target practice. As for the morris worm the vulnerable function was: a use of gets() directly on a packet that read into the first variable declared in the program (which was, undeniably, a char array). Good ole' buffer overflows. I just watched a talk on Cisco router exploitation from '09 where the speaker went into a description of ROP like it was a fairly unknown subject. Do you know when useing ROP began being common as a mitigation for DEP? As for places that are fairly easy to start learning exploitation I would recommend slackware 10-12. Those are all 32-bit OSs with no DEP and a sloppy pager. This is also a great resource for learning exploitation [2]. If you want to continue this perhaps we could close the "KVM troubles thread" and start an "exploitation general" thread which might pick up a few more guys with additional resources. [0] https://sourceforge.net/projects/metasploitable/ [1] https://opensecuritytraining.info return 0; On 11/29/2015 01:11 AM, Kyle Terrien wrote:
On 11/27/2015 11:14 PM, Luna Moonbright wrote:
As for it just being old Ubuntu - are the newer EOL versions of Ubuntu (like 9 or 10) still easy to exploit (32 bit/no canaries/no NX) that are easier to get the display drivers to work for?
I can't remember when Ubuntu started supporting canaries. (I haven't done much Ubuntu stuff since Linux Mint 14 (based on 12.10)).
There used to be a project called Damn Vulnerable Linux, but it has disappeared. Even their website is gone.
A quick web search revealed some possibilities [0], although I have never heard of them personally. Let me know if you find any good intentionally vulnerable distros.
You could also download old unsupported Ubuntu releases [1]. (You just need to tweak the repository URLs after install.)
Normally, if I want/need a completely out-of-date vulnerable system to poke at, I usually use an old distro (whatever is sitting around) and bite the bullet to figure out what hardware it is looking for. It's trial and error.
Shellshock was awesome, but my favorite exploit is the exploit in fingerd used by the morris worm. So simple - yet so effective. I'm sure us archers can appreciate that.
Thanks!
I have heard of it, but I don't know all the details. I will definitely look up the fingerd exploit.
--Kyle
[0] http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.h tml
[1] http://old-releases.ubuntu.com/releases/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWWx6+AAoJELUNMVVHp9ondn0IAIlgGo2NXPVVXxut6Ow59Y8V aozLmNBCW7wRLUJEgefjJX36nPpT0E5PnIZk4N0YVhhwS/c+js7RVbE1A9aSVp69 5oNfXzaMimx5paFkULC5MrRoT1Au6A2jc/l7XsWtUDtZvfnbr4VTASEIGT0f0N0C 2rboCg/5U9FihXWX+ipJaHfHxHDJxsjJSIAA8qEpYI8K4lSoGYC9q2PXX3O8Jn6I zbPOs69FMkRQsO0YRxhKGuUOLM8B0kfr5olG7ZtAb7kxy+/hJNXN9Ko0ugwVE0JU jWgYMZ+Kt/0FsTymnFRdbz4IZv5U9wmwoazPlyPhIndu4TR7xQMP6PbbKWSlhjE= =xa8Z -----END PGP SIGNATURE-----