Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Phrack

Posted by michael on from the things-man-wasn't-meant-to-know dept.

Anonymous Coward writes "A new issue of the Phrack Magazine, #60 has been released today. It details some decent technique about kernel exploitation (OpenBSD), Cisco remote exploit, how to backdoor a core bzimage kernel and other stuff. The ascii based magazine is available at phrack.org."

21 of 239 comments (clear)

  1. Re:Phrack. by packeteer · · Score: 4, Informative

    They stopped making their zine a long time ago... some of the ppl frmo F.U.C.K. formed www.attrition.org where you can find all the old copies of F.U.C.K.

    --
    unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
  2. Cool domain by alfaiomega · · Score: 5, Interesting

    The gzipped tarball of Phrack #60 is available at http://www.phrack-dont-give-a-shit-about-dmca.org/ archives/phrack60.tar.gz

    --

    root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!

  3. Re:ASCII by JPriest · · Score: 5, Funny
    "So how is Phrack more "ascii-based" than, oh, say, Slashdot?"

    Because Slashdot is in fucking HTML you nimrod.

    --
    Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
  4. Nostalgia... by alfaiomega · · Score: 5, Interesting

    After looking at Phrack #1 from 1985 I decided that I just have to run
    for i in `seq -w 1 60 | tac`; do wget http://www.phrack.org/archives/phrack$i.tar.gz; done
    and spend this day on reading Phrack issues backwards. It's going to be a hellova nostalgic New Year for me... :_)

    --

    root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!

  5. Traffic Lights by sharph · · Score: 4, Interesting

    Theres an article about hacking traffic lights. Do you think that now that the information is now open to a wide public, we will see traffic lights doing weird things?

    1. Re:Traffic Lights by Phroggy · · Score: 5, Funny

      Theres an article about hacking traffic lights. Do you think that now that the information is now open to a wide public, we will see traffic lights doing weird things?

      No, not really.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    2. Re:Traffic Lights by haunebu · · Score: 3, Informative

      Much easier is to just flash your brights thrice and the photoreceptors (present on top of/within most urban traffic controllers) will assume yours is an emergency vehicle and cycle to green ASAP.

      --

      Blue skies, Barthy Burgers, girls...

  6. Re:I dont mean to bait the flames... by kinnunen · · Score: 5, Insightful

    I have never been a big fan of micheal, but if I he can bring some fresh air in to this stinkhole then more power to him. I've been reading slashdot for several years and I'm pretty damn sick of the endless stream of stories about DMCA, RIAA, MPAA, anything about MS that immediately has a score 5 comment about how unstable windows95 is, how some company in Canada that I've never heard of is doing a linux feasibilty study, a new 1000TB storage technology that will never hit the stores, etc etc. It's always a variation of some basic story that we've already heard a thousand times - the following discussion usually has NO variation. Everyone agrees Jack Valentini is an asshole, and about 50% of readers think MS can go to hell and the other 50% thinks they are just another big corp that sometimes does stuff we don't like but should be tolerated. Even "weird" is an improvement over the same old tired shit.

  7. And fond memories they are! by murky.waters · · Score: 5, Interesting

    I remember back in the day, I was on an internship at a local comp-sci research center. Of course I was only given a lowly user account, actually even worse than that. Anyhow, I had fun exploring Solaris, creating a lot of core dmps mainly, and came about the new issue of phrack.

    I had looked through a few issues before after reading about it in Bruce Sterling's "Hacker Crackdown". I had perused the all-time favorites: how to build a bomb, a gun, how to break into cars, and so on. Back then, phrack was already archieved on the www, but the newest issue was only available as tarball. After lunch break, the admin asked me if had been reading phrack, he refered to it as "hacker stuff"---yes, I said, annoyed about him snooping around.

    But then I actually read the new issue.

    There was an article in it about how to get root on a Solaris workstation, exploiting the availability of FORTH on Sparc machines.

    I was sitting in front of a Solaris workstation.

    I smiled.

    I kept smiling.

    Four days and a lot of experimentation later, the administrator found a new file in his personal TODO directory (yes, he had actually called it that). It read


    *""""""""""""""""""*
    [pHraCK]

    MAYBE YOU SHOULD READ IT, TOO.
    *""""""""""""""""""*

    The link to the phrack article.

    --
    Imagine the Creator as a stand up commedian - and at once the world becomes explicable. -Mencken
    1. Re:And fond memories they are! by The+Tyro · · Score: 5, Interesting

      Yep, Phrack has come to my rescue too.

      Was talking to a systems guy where I was working (where they still use VMS), and inquired why we hadn't migrated to something else... His reply was that VMS had never been hacked.

      Never been hacked?? That piqued my curiousity... fortunately, I knew just where to look (from my misspent youth). A short search of the Phrack archives turned up not one but several VMS hacks. They were mostly social engineering hacks rather than code expoits, but they were legitimate hacks.

      Rather than getting annoyed at an amateur (which I was, and still remain), the systems guy actually read the articles with some interest. The ability to learn something from someone who's clearly your tech inferior, without any ego getting in the way... gotta admire that.

      --
      Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
    2. Re:And fond memories they are! by 0x0d0a · · Score: 5, Insightful

      You know, I hate to say it, but internships pretty much exist to build experience and get some good recommendations. A lot of times, it's your only work experience when hitting industry. Doing anything that could get you a black mark from the company you interned with is...uh...ballsy, to say the least.

      I mean, it seems to have not backfired on you, but...

      --
      May we never see th
  8. Gray hat? by arvindn · · Score: 5, Interesting

    Phrack is perhaps a good example of the line between black hat and white hat "hackers" being blurry. The articles are informative and well-written, and by intelligent people, not your typical 14 yr old cracker on ecstasy who launches DDOS attacks from haX0r'd machines. I've done a compilers course, but still found a lot to learn about compilers from a phrack article on buffer overflows. Also check out the essays at SANS .

    1. Re:Gray hat? by SuperDuG · · Score: 5, Informative
      I think the one thing that people need to get out of their heads is the common misconception of a "black hat hacker or cracker". The terminology is quite specific as:

      - "sript kiddie" refers to someone with little or no maturity that uses an automated exploit scan program that makes hacks a matter of happenstance if anything else.

      - "cracker" is one step higher from a script kiddie as this is a person who actually has a target in mind, but is not randomly screening. Usually a cracker will gain access by acquring a password (hence cracker). There are many ways to do this, but the more calculated attacks are usually by a cracker that is persistent.

      - "black hat hackers" these are the guys you rarely hear about as they're main goal in life is to be where they shouldn't be and make sure that they're the only ones that know what they are doing. This is the sexiest of illegal hackers as these are the types that actually get into the "unbreakable" systems and really do know their shit. These people work for the government usually (and not just American) and some are even employed without wanting to be (part of a plea bargain). These are the type of people that you want to not be interested in your system as with a certain amount of time they will get into your system.

      I'm not implying you don't know this, I was meerly trying to elaborate further on your post. And not everything these "Evil Hackers" do is all that bad. Many "script kiddie" tools are useful in testing your own systems for holes or exploits, if you have the same toys as they do, they can't beat you.

      Grey hats are where most all computer type people belong, where we all usually do good, but we do know some tricks of the trade. Like an automechanic who knows how to hotwire a car or jimmy a lock open, does that make him a criminal? Same goes for anyone who is a professional locksmith (make the best theives?), doctors (make the best killers?), and bomb squad officiers (make the best bomb builders?). The joy of being a grey hat is knowing enough to protect yourself because you've been there before.

      Case-In-Point ... the most secure server is one that is unplugged and buried in the middle of the earth, and that's still questionable.

      --
      Ignore the "p2p is theft" trolls, they're just uninformed
  9. actually by commodoresloat · · Score: 4, Funny

    I recall a story in an old 2600 about someone who managed to get caught hacking not traffic lights but those signs on freeways with giant LEDs telling people there is a traffic jam or whatever. Seems this guy changed the text to read "FUCK YOU ALL." Pretty funny, and relatively harmless, imho. But yeah it's not the same as messing with a traffic light, which could be really dangerous.

  10. Re:yikes by thogard · · Score: 3, Informative

    There is very little you can do with trafic lights. Most of them use physical relay lock outs to keep two of the signals going green in different directions at the same time. About all that could be done that could cause a problem is dropping the yellow time to close to zero but there should be a minium time for that as well. Other than that, you've got exactly the same risk as when the power goes out. Too bad in that case most people think they have the right of way on the main road and no company has been smart enough to put in some battery backed flashing LED's to hint to people that its tuned into a 4 way stop. Of course 99% of all intersections with traffic lights could be replaced with round-abouts and increase saftey but that won't ever happen.

  11. Re:Phrack. by gir · · Score: 4, Informative

    What do you mean they don't make them like they used to?

    Surprisingly enough, the textfile scene is quite alive!

    Both www.textscene.com and scene.textfiles.com do what they can to stay on top of the newest tfiles.

    --
    stupid advertisement .sig
    www.angstmonster.org
  12. OpenBSD vulnerability has been fixed in August by OttoM · · Score: 5, Informative
    Patches for OpenBSD 3.0 and 3.1 were submitted August 11, 2002. OpenBSD 3.2 was released with the patched code. See errata page.

    While interesting, the article describes a vulnerability that already has been fixed.

    1. Re:OpenBSD vulnerability has been fixed in August by MrScience · · Score: 4, Informative

      What makes the article interesting is that the person describes in detail how to exploit a discovered buffer-overrun vulnerability. The OpenBSD flaw was just an example.

      --

      You quitting proves that the karma kap worked. The most annoying of the whores shut up. --CmdrTaco

  13. Oh thanks. And... by Pedrito · · Score: 3, Offtopic

    A new issue of the Phrack Magazine, #60 has been released today

    And the latest Computer Shopper is on the newstands. Just wanted to make sure no slashdotter let that one get by them.

  14. It's the old dichotomy between freedom and. . . by kfg · · Score: 3, Insightful

    license. When some people say "free" what they mean is without responsibility or repercussion. I believe in the gedanken that your right to swing your arms about ends at the tip of my nose.

    Some people find this "restriction" intollerable. What's interesting is that these people often go on and on about their "rights" if you do anything to them.

    Well, a good many of them grow out of that eventually, and the ones that don't we just call assholes.

    Power always needs to be tempered with restraint, and the more power the more restraint.

    As Ghandi once pointed out nonviolence is not weakness, indeed, the weak cannot be nonviolent. Only the strong, and only in proportion to their strength.

    One can only be free in proportion to one's sense of responsibility.

    Otherwise you're just some punk kid that a bunch of people with freedom are going to beat the crap out of in a back alley some day in the hopes that it'll jar something loose and you start to "get it."

    KFG

  15. read Kevin Mitnick's story by r5t8i6y3 · · Score: 5, Informative

    this, IMHO, is the most valuable information in Phrack 60:

    Kevin Mitnick wrote a book, "The Art of Deception". The first chapter
    has been deleted by the publisher at the last minute. It's available
    on the internet:
    http://www.wired.com/news/culture/0,1284,56187,00. html
    http://littlegreenguy.fateback.com/chapter1/Chapte r%201%20-%20Banned%20Edition.doc

    [i linked this Phrack quote because Slash adds a space character to strings that wordwrap - can anyone tell me how to prevent this from happening?]