[arch-general] [Solved] KVM troubles

[Luna Moonbright]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thanks, this image [1] certainly qualifies as a "intentionally
vulnerable" image. The guys at my school have used it pretty
extensively for target practice.

As for the morris worm the vulnerable function was: a use of gets()
directly on a packet that read into the first variable declared in the
program (which was, undeniably, a char array).

Good ole' buffer overflows. I just watched a talk on Cisco router
exploitation from '09 where the speaker went into a description of ROP
like it was a fairly unknown subject. Do you know when useing ROP
began being common as a mitigation for DEP?

As for places that are fairly easy to start learning exploitation I
would recommend slackware 10-12. Those are all 32-bit OSs with no DEP
and a sloppy pager. This is also a great resource for learning
exploitation [2].

If you want to continue this perhaps we could close the "KVM troubles
thread" and start an "exploitation general" thread which might pick
up a few more guys with additional resources.


[0] https://sourceforge.net/projects/metasploitable/
[1] https://opensecuritytraining.info

return 0;

On 11/29/2015 01:11 AM, Kyle Terrien wrote:
> On 11/27/2015 11:14 PM, Luna Moonbright wrote:
>> As for it just being old Ubuntu - are the newer EOL versions of 
>> Ubuntu (like 9 or 10) still easy to exploit  (32 bit/no 
>> canaries/no NX) that are easier to get the display drivers to 
>> work for?
> 
> I can't remember when Ubuntu started supporting canaries.  (I 
> haven't done much Ubuntu stuff since Linux Mint 14 (based on 
> 12.10)).
> 
> There used to be a project called Damn Vulnerable Linux, but it
> has disappeared.  Even their website is gone.
> 
> A quick web search revealed some possibilities [0], although I
> have never heard of them personally.  Let me know if you find any
> good intentionally vulnerable distros.
> 
> You could also download old unsupported Ubuntu releases [1].  (You
>  just need to tweak the repository URLs after install.)
> 
> Normally, if I want/need a completely out-of-date vulnerable system
> to poke at, I usually use an old distro (whatever is sitting
> around) and bite the bullet to figure out what hardware it is
> looking for.  It's trial and error.
> 
>> Shellshock was awesome, but my favorite exploit is the exploit
>> in fingerd used by the morris worm. So simple - yet so effective.
>>  I'm sure us archers can appreciate that.
>> 
>> Thanks!
> 
> I have heard of it, but I don't know all the details.  I will 
> definitely look up the fingerd exploit.
> 
> --Kyle
> 
> [0] 
> http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.h
tml
>
>
>
> 
[1] http://old-releases.ubuntu.com/releases/
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWWx6+AAoJELUNMVVHp9ondn0IAIlgGo2NXPVVXxut6Ow59Y8V
aozLmNBCW7wRLUJEgefjJX36nPpT0E5PnIZk4N0YVhhwS/c+js7RVbE1A9aSVp69
5oNfXzaMimx5paFkULC5MrRoT1Au6A2jc/l7XsWtUDtZvfnbr4VTASEIGT0f0N0C
2rboCg/5U9FihXWX+ipJaHfHxHDJxsjJSIAA8qEpYI8K4lSoGYC9q2PXX3O8Jn6I
zbPOs69FMkRQsO0YRxhKGuUOLM8B0kfr5olG7ZtAb7kxy+/hJNXN9Ko0ugwVE0JU
jWgYMZ+Kt/0FsTymnFRdbz4IZv5U9wmwoazPlyPhIndu4TR7xQMP6PbbKWSlhjE=
=xa8Z
-----END PGP SIGNATURE-----