[arch-general] KVM troubles
Kyle Terrien
kyleterrien at gmail.com
Sun Nov 29 06:11:29 UTC 2015
On 11/27/2015 11:14 PM, Luna Moonbright wrote:
> As for it just being old Ubuntu - are the newer EOL versions of Ubuntu
> (like 9 or 10) still easy to exploit (32 bit/no canaries/no NX) that
> are easier to get the display drivers to work for?
I can't remember when Ubuntu started supporting canaries. (I haven't
done much Ubuntu stuff since Linux Mint 14 (based on 12.10)).
There used to be a project called Damn Vulnerable Linux, but it has
disappeared. Even their website is gone.
A quick web search revealed some possibilities [0], although I have
never heard of them personally. Let me know if you find any good
intentionally vulnerable distros.
You could also download old unsupported Ubuntu releases [1]. (You just
need to tweak the repository URLs after install.)
Normally, if I want/need a completely out-of-date vulnerable system to
poke at, I usually use an old distro (whatever is sitting around) and
bite the bullet to figure out what hardware it is looking for. It's
trial and error.
> Shellshock was awesome, but my favorite exploit is the exploit in
> fingerd used by the morris worm. So simple - yet so effective. I'm
> sure us archers can appreciate that.
>
> Thanks!
I have heard of it, but I don't know all the details. I will definitely
look up the fingerd exploit.
--Kyle
[0] http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.html
[1] http://old-releases.ubuntu.com/releases/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20151128/d8c2f5fe/attachment.asc>
More information about the arch-general
mailing list