[arch-general] [Solved] KVM troubles
luna.moonbright at gmail.com
Sun Nov 29 15:50:22 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Thanks, this image  certainly qualifies as a "intentionally
vulnerable" image. The guys at my school have used it pretty
extensively for target practice.
As for the morris worm the vulnerable function was: a use of gets()
directly on a packet that read into the first variable declared in the
program (which was, undeniably, a char array).
Good ole' buffer overflows. I just watched a talk on Cisco router
exploitation from '09 where the speaker went into a description of ROP
like it was a fairly unknown subject. Do you know when useing ROP
began being common as a mitigation for DEP?
As for places that are fairly easy to start learning exploitation I
would recommend slackware 10-12. Those are all 32-bit OSs with no DEP
and a sloppy pager. This is also a great resource for learning
If you want to continue this perhaps we could close the "KVM troubles
thread" and start an "exploitation general" thread which might pick
up a few more guys with additional resources.
On 11/29/2015 01:11 AM, Kyle Terrien wrote:
> On 11/27/2015 11:14 PM, Luna Moonbright wrote:
>> As for it just being old Ubuntu - are the newer EOL versions of
>> Ubuntu (like 9 or 10) still easy to exploit (32 bit/no
>> canaries/no NX) that are easier to get the display drivers to
>> work for?
> I can't remember when Ubuntu started supporting canaries. (I
> haven't done much Ubuntu stuff since Linux Mint 14 (based on
> There used to be a project called Damn Vulnerable Linux, but it
> has disappeared. Even their website is gone.
> A quick web search revealed some possibilities , although I
> have never heard of them personally. Let me know if you find any
> good intentionally vulnerable distros.
> You could also download old unsupported Ubuntu releases . (You
> just need to tweak the repository URLs after install.)
> Normally, if I want/need a completely out-of-date vulnerable system
> to poke at, I usually use an old distro (whatever is sitting
> around) and bite the bullet to figure out what hardware it is
> looking for. It's trial and error.
>> Shellshock was awesome, but my favorite exploit is the exploit
>> in fingerd used by the morris worm. So simple - yet so effective.
>> I'm sure us archers can appreciate that.
> I have heard of it, but I don't know all the details. I will
> definitely look up the fingerd exploit.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the arch-general