[arch-general] [Solved] KVM troubles

Luna Moonbright luna.moonbright at gmail.com
Sun Nov 29 15:50:22 UTC 2015

Hash: SHA256

Thanks, this image [1] certainly qualifies as a "intentionally
vulnerable" image. The guys at my school have used it pretty
extensively for target practice.

As for the morris worm the vulnerable function was: a use of gets()
directly on a packet that read into the first variable declared in the
program (which was, undeniably, a char array).

Good ole' buffer overflows. I just watched a talk on Cisco router
exploitation from '09 where the speaker went into a description of ROP
like it was a fairly unknown subject. Do you know when useing ROP
began being common as a mitigation for DEP?

As for places that are fairly easy to start learning exploitation I
would recommend slackware 10-12. Those are all 32-bit OSs with no DEP
and a sloppy pager. This is also a great resource for learning
exploitation [2].

If you want to continue this perhaps we could close the "KVM troubles
thread" and start an "exploitation general" thread which might pick
up a few more guys with additional resources.

[0] https://sourceforge.net/projects/metasploitable/
[1] https://opensecuritytraining.info

return 0;

On 11/29/2015 01:11 AM, Kyle Terrien wrote:
> On 11/27/2015 11:14 PM, Luna Moonbright wrote:
>> As for it just being old Ubuntu - are the newer EOL versions of 
>> Ubuntu (like 9 or 10) still easy to exploit  (32 bit/no 
>> canaries/no NX) that are easier to get the display drivers to 
>> work for?
> I can't remember when Ubuntu started supporting canaries.  (I 
> haven't done much Ubuntu stuff since Linux Mint 14 (based on 
> 12.10)).
> There used to be a project called Damn Vulnerable Linux, but it
> has disappeared.  Even their website is gone.
> A quick web search revealed some possibilities [0], although I
> have never heard of them personally.  Let me know if you find any
> good intentionally vulnerable distros.
> You could also download old unsupported Ubuntu releases [1].  (You
>  just need to tweak the repository URLs after install.)
> Normally, if I want/need a completely out-of-date vulnerable system
> to poke at, I usually use an old distro (whatever is sitting
> around) and bite the bullet to figure out what hardware it is
> looking for.  It's trial and error.
>> Shellshock was awesome, but my favorite exploit is the exploit
>> in fingerd used by the morris worm. So simple - yet so effective.
>>  I'm sure us archers can appreciate that.
>> Thanks!
> I have heard of it, but I don't know all the details.  I will 
> definitely look up the fingerd exploit.
> --Kyle
> [0] 
> http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.h
[1] http://old-releases.ubuntu.com/releases/
Version: GnuPG v2


More information about the arch-general mailing list