Domain: infonexus.com
Stories and comments across the archive that link to infonexus.com.
Comments · 9
-
Why ACs don't run SecurityFocusOh my god, a 1 byte buffer overflow!!! How devastating.
"Buffers can be overflowed, and by overwriting critical data stored in the target process's address space, we can modify its execution flow. This is old news. This article is not much about how to exploit buffer overflows, nor does it explain the vulnerability itself. It just demonstrates it is possible to exploit such a vulnerability even under the worst conditions, like when the target buffer can only be overflowed by one byte."
-- first four sentences of The Frame Pointer Overwrite, Phrack 55
So lets see.. to make an exploit all we need to do is get root and modify that
/etc/security file...You don't need to write the file. In theory, if you can read that byte, you know the know the incorrect address at which code will be executed. When the program that you're exploiting takes input from you, give it input that puts the code you want executed in the location in the buffer that will be jumped to.
So, no, it's not trivially exploitable. But, no, it's probably not something to be summarily ignored.
-
Re:man in the middle is hardThere are two ways of making this "man in the middle" very easy if you have the right access.
Firstly, as mentioned in the article, you can subvert DNS at the initiating end of the chain so that the initiator of the SSH actually talks to the hacker's PC instead of the target; since the hacker is proxying the connection the remote end doesn't matter. Subverting DNS? As easy as adding a line to the hosts file, although access to BIND's files is obviously better.
Secondly, if you have access to the router (see The Default Logins DB), you can redirect traffic through your workstation transparently. There is a nice article on this in the current issue of Phrack for Cisco (and presumably compatible) routers. Everyone trusts a router, remember?
Not trivial, maybe, but it's definately possible to do this in the wild with the right tools if you are determined enough. Remember; most hacks are internal, and most serious hacks are leveraged to increasingly higher levels of priviledge from the original exploit.
-
Bullshit!
i just read through about 1/3 of this treaty. it is really hard to belive that some one is planning on outlawing hammers and nails to build a fence around my house. i build a lot of firewalls for friend and companies, i read bug traq a lot and to take that away from me i can't do my job properly. it takes the people who work on better security and tell them "you guys aren't good enough let the politicians handle it". by the interperation i recieved from this and other related articles i believe that the constitution should just be rewritten and begin like this:
We the people of the Corporations of the United States, in order to form a more perfect coporate union, establish justice, insure coporate tranquility, provide for the coporate defense, promote the general welfare, and secure the monopolistic blessings of liberty to the coporations, do ordain and establish this Constitution for the United States of America.
basically the way i feel is that they are saying "fuck the people, they are just ants anyway". -
Phrack moved here
-
Re:They've only moved
As I write this the links to the issues are broken due to a MySQL error. However, the FTP archives work fine.
-
They've only moved
http://phrack.infonexus.com/
--
I wrote the play & still own the script ... -
Re:Bugtraq
Do you have any idea what a buffer overflow actually is?
Basically, you fill a fixed-size array with enough data so that you overwrite other parts of the program, do some magic (which is somewhat explained here), and then get the program to execute some arbitrary code of your own writing. Developing said code (i.e. actually writing the exploit) generally takes time, and is limited to one software/os/platform/version combination.
This has *no* relation to how the code is initially written.
A program which reads one line of code from the user, saves it to a fixed sized buffer, and then prints it out is vulnerable to a buffer overflow. -
A gram of prevention is worth a Kg of cure....
Try securing your systems BEFORE they get cracked. A good few places to start:
Insecure.org, especially this top 50 security tools page.
SecurityFocus the disseminators of the BUGTRAQ list among others.
Attrition.org, especially their security page.
And of course 2600, the l0pht, and Phrack for the latest tasty street info....
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak -
Similar to old phrack article
A phrack article a few years ago had a cool idea of sending data in the payload field of ICMP packets. Not sure if this was covered in the article, but the phrack article was cool reading.