On 11/27/2015 11:14 PM, Luna Moonbright wrote:
As for it just being old Ubuntu - are the newer EOL versions of Ubuntu (like 9 or 10) still easy to exploit (32 bit/no canaries/no NX) that are easier to get the display drivers to work for?
I can't remember when Ubuntu started supporting canaries. (I haven't done much Ubuntu stuff since Linux Mint 14 (based on 12.10)). There used to be a project called Damn Vulnerable Linux, but it has disappeared. Even their website is gone. A quick web search revealed some possibilities [0], although I have never heard of them personally. Let me know if you find any good intentionally vulnerable distros. You could also download old unsupported Ubuntu releases [1]. (You just need to tweak the repository URLs after install.) Normally, if I want/need a completely out-of-date vulnerable system to poke at, I usually use an old distro (whatever is sitting around) and bite the bullet to figure out what hardware it is looking for. It's trial and error.
Shellshock was awesome, but my favorite exploit is the exploit in fingerd used by the morris worm. So simple - yet so effective. I'm sure us archers can appreciate that.
Thanks!
I have heard of it, but I don't know all the details. I will definitely look up the fingerd exploit. --Kyle [0] http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.html [1] http://old-releases.ubuntu.com/releases/