Slashdot Mirror

Beyond HOPE was held in the beautiful Puck Building, was much larger than HOPE, and left 2600's finances in utter disarray. The intended hookup with HIP didn't get past the one guy who had a blinkenlight that people in Holland could control. Which was still pretty cool. We got to go for free to a show at the lost-but-not-forgotten Coney Island High on St. Mark's Place in the East Village, and to the Hell's Kitchen club the Octagon. I still have vivid memories of Cap'n Crunch working the dance floor. Much too vivid. Red Balaclava's discussion of the Metrocard made the front page of the New York Times. The social engineering panel was a great success, including a brilliant hack of the Astor Place K-Mart. The Beyond HOPE bumper sticker was a brilliant parody of the NYNEX logo, cut and colored to fit exactly over telephone booth signs...if one so desired.

H2K, in Hotel Pennsylvania, bumped up the price from $20 to $40 (so the $50 raise is quite reasonable, though I agree it's depressing). It was a madhouse. There was an entire room of dumb terminals glowing orange in the dark, kiddies poking and prodding through everything, some launching genetic algorithms to fork-spawn-kill the network. The best panel, by far, was from the Dutch lockpickers, who will be returning to H2K2. The CDC's presentation was beyond silly. Highly entertaining but genuinely incomprehensible. RMS even made a stealth appearance.

I'm going to be helping set up H2K2 and will be shilling my new book Technomanifestos shamelessly, with a nice 57" LED display I picked up recently and will probably try to raffle off.

The other event that weekend which is a must is the art-happening/rave-to-end-all-raves out in Long Island City in Queens, in 90,000! sq.ft. of an abandoned power plant...two thousand two--note it's damn cheap for that kind of event.

All in all, it promises to be an excellent weekend. New York City is just about all it's cracked up to be...I mean hacked up.

--Adam Brate (ab@adambrate.com)

All the functionality of Back Orifice, now with animations!

[1]

[2]

Introduction

Exploiting the buffer overflow takes patience, knowledge, skill, and imagination. I can not teach you patience, and I can can not clear your mind. I will however, give you the tools and concepts required to build your own exploits for buffer overflow bugs in the Windows 95, 98 and NT operating systems.

http://www.cultdeadcow.com/cDc_files/cDc-351/page1 . tml

I have read that one good thing about Java is that it does not rely on pointers for memory management. Is that true?

Also, I recently have begun a C++ class and on the subject of pointers, the textbook says this:

Never dereference the "NULL" pointer.

Well, after reading that, I decided that -- being a total programming geek after all :) -- the VERY FIRST THING I wanted to try to do was to "dereference" this NULL pointer.

Unfortunately, the textbook did not go into detail about how this could be accomplished -- no surprise there.

So can someone tell me what the probably outcomes of dereferncing &NULL would be? Is it really as dangerous as the book's author suggests?

(It occurred to me that it might have a similar effect to something that I read about a while, back -- "Tao of Windows Buffer Overflow" -- this article. )

So does anyone here know how to "dereference the NULL pointer"?

I would appreciate some detailed sample code.

If I am going to dereference *NULL, I want to make sure that I am doing it the correct way.

The Cult of the Dead Cow spun off L0pht Heavy Industries, a security consultancy, which then changed its name to @Stake. @Stake is well-respected, and produces good papers on the the theory and practice of security holes. But then, so did CdC.

The Cult of the Dead Cow spun off L0pht Heavy Industries, a security consultancy, which then changed its name to @Stake. @Stake is well-respected, and produces good papers on the the theory and practice of security holes. But then, so did CdC.

The Cult of the Dead Cow spun off L0pht Heavy Industries, a security consultancy, which then changed its name to @Stake. @Stake is well-respected, and produces good papers on the the theory and practice of security holes. But then, so did CdC.

Easy... Try the project (named peek a booty) website.
You can also go visit the Hacktivismo one, or the cDc one...
Enjoy!

So we intend to re-architect Back Orifice
from the ground up. There will be absolutely no
shared code between the two projects,
in order to skirt detection by commercial
antivirus packages. The code will remain
totally secret. The software will never
surface publicly. And it will be far
more stealthy than anything we have ever
released, demoed, or publicly discussed.

Our definition of hacktivism is, "using technology to advance human rights through electronic media."

You might not know it from reading the manifesto, but cDc and Hactivismo have actually been working on a product called Peekabooty that allows users to sneak through the firewalls that oppressive regimes set up to restrict access to the Internet.

Hacktivism chooses open code, mostly.

Peekabooty is open source under the GPL but the FAQ advises people who would like to do testing: "You should have enough equipment to run at least three nodes, which means three MS Windows machines (we are in the process of porting it to Linux). You should also be skilled with tracing through code using Visual C++ or your own favorite debugger."

the main challenge for hackers is to keep focused on the goal of liberating the Internet.

There seems to have been some kind of falling out between cDc and Hactivismo over Peekabooty. The lead developer Paul Baranowski (aka Drunken Master) said he has "decided to sever ties with the Hacktivismo group but he will continue to develop the Peekabooty app. Occasionally developers can't find the environment they need to do their best work and now is one such time."

The cure sounds worse than the disease. As I read this story I thought it was a bad joke.

THE CULT OF THE DEAD COW OFFERS A HELPING HAND IN AMERICA'S TIME OF NEED

This hyprocritical line caught my eye:

So we intend to re-architect Back Orifice
from the ground up. There will be absolutely no
shared code between the two projects,
in order to skirt detection by commercial
antivirus packages. The code will remain
totally secret. The software will never
surface publicly. And it will be far
more stealthy than anything we have ever
released, demoed, or publicly discussed.

Yeah, yeah, yeah, we like Open Source for everyone except for us - because we know better. Save it for the newspapers, Oxblood.

The cure sounds worse than the disease. As I read this story I thought it was a bad joke.

THE CULT OF THE DEAD COW OFFERS A HELPING HAND IN AMERICA'S TIME OF NEED

This hyprocritical line caught my eye:

So we intend to re-architect Back Orifice
from the ground up. There will be absolutely no
shared code between the two projects,
in order to skirt detection by commercial
antivirus packages. The code will remain
totally secret. The software will never
surface publicly. And it will be far
more stealthy than anything we have ever
released, demoed, or publicly discussed.

Yeah, yeah, yeah, we like Open Source for everyone except for us - because we know better. Save it for the newspapers, Oxblood.

Their real reason for doing this is more likely related to cDc's well known Back Orrifice.

It claimed to be a remote administration tool to compete with MS's Back Office, despite it's more common malicious use, and detection as a trojan app by most antivirus manufacturers.

How feasible would it be for someone to take a computer and have it do nothing but pattern-matching through all the source code in a typical Linux distribution, looking specifically for problem areas like these?

For longer answer, read this:

• Secure Programming: Buffer Overflow by David Wheeler
• Smashing The Stack For Fun And Profit by Aleph One
• Buffer Overruns, whats the real story? by Lefty
• Finding and exploiting programs with buffer overflows by Prym
• Stack Smashing Security Vulnerabilities by Nathan Smith
• Buffer Overflows by The FreeBSD Documentation Project
• Linux/ix86 buffer overflows by Willy Tarreau
• SunOS 4.1/Sparc buffer overflows by Willy Tarreau
• The Tao of Windows Buffer Overflow
• Buffer Overflows: Why, How and Prevention by Nicole LaRock Decker

So, are you telling that the cult of the dead cow is behind all this?

You conspirance theorist. :)

on this same thought line, has anyone else been over to cDc lately? They're offering to develop for the government the next generation of BackOrrifice to supplant Magic Lantern. Funny but some of their ideas are pretty good...

Things will change, try to grab a hold of the changing net and follow along with it.

---on a side note I have my own website running on port 80 and 81 because I have AT&T cable modem which is STILL blocking port 80! So I am right there with you on using different port numbers.

I think that the point is precisely that it is possible to form a request that overruns the available buffer. What's after the buffer? Something. Maybe something important.

I'm not an expert on doing this, but I know a little assembly, and it is quite feasible to do this remotely, with no access to the server. It is even possible to make something "useful" happen (like getting a remote root shell) if you have the same binary available to play with (and a debugger and a lot of free time).

For a general overview of how this sort of thing is done see this page. (Note that there is nothing disgusting on this site. Just some ASCII cows and some screen shots of windows crashing. Well, maybe kind of disgusting.)

-Peter

This same question came up with Back Office vs. Back Orifice. Because Microsoft was a "respectable" company (and because it costs money), antivirus companies decided that Back Office was a legit remote network administration tool. However, when the "hacker group" cult of the dead cow released Back Orifice, the antivirus vendors decided that, even though Back Office could do everything that Back Orifice did, because it was free and not released by a corporation it should be classified as a trojan.

So, besides magic lantern, you could have the SMS part of Back Office installed, too. And with its weak encryption, it's a greater security risk than BO2K.

More BO2k docs and info

NTCrash does more than make random calls; it stores what it's doing before it tries it, and after the reboot, avoids doing that again. So after a while, and many crashes, you accumulate a log of new vulnerabilities.

There are later variations on that theme which find more subtle holes. Rather than just making random calls, it's more useful to permute valid calls slightly. That's been tried successfully.

The classic paper on this subject is The Tao of Windows Buffer Overflow, from the Cult of the Dead Cow.

Considering that all this was known five years ago, there's no excuse for Microsoft products having any buffer overflow vulnerabilities. This falls between "gross negligence" and "reckless endangerment". Where's the plaintiff's bar when you need them?

In many municipalities it's illegal to posess 'burgulary tools' which condist of such things as vary large screw drivers, and other comonly available items. Generally the laws are envorced in cases where a specific selection of multiple burgulary tools are posessed by one person.

Does this mean that I can posess BackOrafice but if I posess backOrafice and an installation of Snort or something, then I'm a hacker rather than a System Administrator? Where would such a line be drawn?

--CTH

--

You might be interested in this. From who else, but the CDC.

If your refering to the rocket car Darwin award, here's the true story.

Ah, they're keeping at it.

Actually, no. It would have been funnier that way, too, given all the dead cows we've been seeing lately. And in context, cDc makes more sense than CDC anyway. I mean, the Centres for Disease Control in satire on /.?! Come on!

The next thing you know, they'll be telling us the l0pht is just really a tony apartment.

While we're on the subject of BBS nostalgia, check out Remembrance of Things Past, an excellent Cult of the Dead Cow T-File from 1998.

Well, the Cult of the Dead Cow makes something called Back Orifice that I hear works pretty well... you'd never know it's there!

Wassup with this... 1) Were you even alive when that SNIPPET of the Hacker's manifesto was written? 2) Do you know who wrote that manifesto or what it is REALLY called? 3) Do you know where it was originally posted and where to find it today? C'mon, child, if you're gonna do something, do it right... Answers: 1)No 2)"The Conscience of a Hacker" by The Mentor 3) cDc BBS Click here to see it NOW! KGB Kenny, once again stopping the spread of FUD (Fear Uncertainty and Doubt) Now, just so y'all don't think I'm a newbie, i'm not, for security sakes, I deleted my old /. account and created this one.

That reminds of the good ole
Cult Of The Dead Cow. Gives Back Orifices to the milk of some of the above cows.

L0pht Heavy Industries
Cult of the dead cow
Happyhacker.org
Infiltration.org
hackers.com
Hacker news
attrition.org
AntiOnline
AntiCode
phrack
2600
Many of these pages contain arhives that have documents on cracking networks and such.
Vast documents on cracking NT servers.
A few of these are not really related but fun any how.
And the archives also contain many documents on system defence.
-----
If my facts are wrong then tell me. I don't mind.

Next time include the reference.

Next time include the reference.

Next time include the reference.

I'm amazed that people are still using the old unchecked C library functions. There are checked versions for all of them. I stopped using the unchecked versions in the early 1980s. As was suggested in 1995, it's time to pull all those functions out of the standard library and move them to something called "deprecated". The open-source community should try this; it would break lots of programs at compile time, but they'd be easy to fix. And you've got the source.

That doesn't mean the whole story is or isn't a fraud (although it seems weird that someone would put so much effort into writing the story if it wasn't true), but it has definitely been around a while and been mirrored various places.

OK, sorry to burst your bubbles here, but this is a few years old, and this guy seems to have ripped it from the cDc (Cult of the Dead Cow) now, personally, I think the cDc should get credit for this story, since they are the original 'posters' of this pile of flaming boo-hah. (did I say that?) But I digress.. anyway.. Here's the ORIGINAL text/html http://www.cultdeadcow.com/cDc_files/ cDc-363/ Rock on cDc and all you dead cow lovers out there!
!ooM moo, mo-fuckah Moo!

so is the website a fraud or what?

unc_

So what we have is source with bugs, but a situation where any blackhat hacker can run grep/sed/awk/perl/etc on it to look for trivial bugs. If this same source were closed, it _would_ raise the bar for creating a viable exploit significantly.

Searching for basic exploits can be hilariously easy. Read the CDC's Tao of Buffer Overflows All you have to do is input a bunch of text into a field and see if the program breaks. Not much harder than grep sprintf or scanf.

Well... it IS pretty sick... but if it helps any, it's just Cult of the Dead Cow stuff, with the names changed. The original has been sitting on the web for years now, at, er, let's see here... [looks] http://www.cultdeadcow.com/cDc_files/cDc-0018.txt.

[GASP!] Napster SENT the COMPLETE location of the file!!!!
Does this mean that there is a way to coax the client to offer up ANY file?

Hrm.... I can just picture Cult of the Dead Cow writing a BO plug-in for Napster, allowing you to download any file off of a windows box.

:-)

Is this a cheap way to expand your RAM, upload via smell to your own brain?

Better leave the room when you empty your recycle bin. And you don't want to leave those core dumps lying around, they can really stink.

Now I'm really going to avoid cDc. BO get's hardcore nasty.

Smelling search-voyeur is a bit like walking through a dorm... "What on earth was that smell?"

It might save some time when you're trying to pick up on IRC... "You don't smell like a blonde 18/F/Paris"

The banner ads? Hmmm, smells like KFC. Now I'm hungry.

Personally, I love the fresh-leather aroma of a "Your Apache install worked!" page.

But I'll really be looking forward to the olfactory upgrade to Fractint - THAT would be beauty.

To exploit them, read The Tao of Buffer Overflow, a well-written tutorial on how to crack a system that has a buffer overflow.

It's a real problem. All the safer languages that were fast (Modula, Pascal, Ada) have died off. C++ was on the right track until the Standard Template Library came out with its unsafe iterators; now there are whole new classes of holes.

Sorry for the rant. I used to work on secure operating systems, and things aren't getting better; they're getting worse. What passes for "secure systems" today is pathetic.

hmm...this reminds me of something I saw at cDc a while ago

Here's something remotely related...

You're making an artificial distinction here. Many people who circumvent computer security enjoy spending a lot of time programming. I'd consider the Cult of the Dead Cow a hacker group, and they certainly do their share of programming. I find no problem with categorizing Alan Cox, the Cult of the Dead Cow, Richard Stallman, and L0pht Heavy Industries as hackers. They all are.

Microsoft does have a product that allows remote admin of a windows machine. It can hide itself so that there is no visible sign of it running from the console. I believe that is it called SMS. The cDc used this as a rebuttal to anti virus vendors putting bo2k in their databases. I would get you an URL but www.cultdeadcow.com seems to be suffering from the /. effect right now.

You could also consider VNC or Norton's PC Anywhere to be hacking tools because they allow remote access to a computer. Since VNC is GPLed anyone can remove the icon that appears on the system tray to make it effetivley invisible to the user.

Right, cause there's only one way to do something, and that's the right way. And phrack's not it. right? Or maybe you should try reading an issue or two. If you're concerned with only reading serious stuff, try something fairly recent (and dont even think about cult of the dead cow). I dont remember the issues off hand, but there was an article about hardening multiuser linux systems, and then a followup about freeBSD that actually provided kernel (and maybe user space prog?) patches. There are some (a very few?) people who believe that understanding a problem is as important, if not more important, than fixing it....

So America Online and MicroSoft are fighting over instant messaging. I think AOL is in the right here though. To access the AOL Instant Messenger users, the user must provide his AOL screen name and password to the MicroSoft software. It doesn't take a rocket science to surmise that this could potentially expose sensitive AOL information to MicroSoft. This could also expose other unintended holes to the outside world. I'm willing to bet there will be a cease and desist or a lawsuit filed by the end of the week. To me what MicroSoft is doing is no different than what they accuse the creators of BackOrifice of doing:

http://www.cultdeadcow.com/news/pr1 9990719.html

The case for Yahoo! and Prodigy is somewhat different since they used AOL's publicly posted information to gain access to the IM features of AOL. I disagree with what AOL has done to them and do agree that there should be an Instant Messaging standard but it's not MicroSoft's place to enforce it by hacking around AOL's security. What MicroSoft is doing is hacking, plain and simple.

"The lie, Mr. Mulder, is most convincingly hidden between two truths."

-sunking

I don't know, the good folks at cDc are constantly saying that they published the first e-zine, since 1984 or something. Anyways, I had completely forgotten about it but the Hackers' Manifesto should be included. That's some powerful reading.

-gocubs