[arch-general] KVM troubles

Kyle Terrien kyleterrien at gmail.com
Sun Nov 29 06:11:29 UTC 2015


On 11/27/2015 11:14 PM, Luna Moonbright wrote:
> As for it just being old Ubuntu - are the newer EOL versions of Ubuntu
> (like 9 or 10) still easy to exploit  (32 bit/no canaries/no NX) that
> are easier to get the display drivers to work for?

I can't remember when Ubuntu started supporting canaries.  (I haven't
done much Ubuntu stuff since Linux Mint 14 (based on 12.10)).

There used to be a project called Damn Vulnerable Linux, but it has
disappeared.  Even their website is gone.

A quick web search revealed some possibilities [0], although I have
never heard of them personally.  Let me know if you find any good
intentionally vulnerable distros.

You could also download old unsupported Ubuntu releases [1].  (You just
need to tweak the repository URLs after install.)

Normally, if I want/need a completely out-of-date vulnerable system to
poke at, I usually use an old distro (whatever is sitting around) and
bite the bullet to figure out what hardware it is looking for.  It's
trial and error.

> Shellshock was awesome, but my favorite exploit is the exploit in
> fingerd used by the morris worm. So simple - yet so effective. I'm
> sure us archers can appreciate that.
> 
> Thanks!

I have heard of it, but I don't know all the details.  I will definitely
look up the fingerd exploit.

--Kyle

[0] http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.html
[1] http://old-releases.ubuntu.com/releases/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20151128/d8c2f5fe/attachment.asc>


More information about the arch-general mailing list