Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Phrack

Posted by michael on from the things-man-wasn't-meant-to-know dept.

Anonymous Coward writes "A new issue of the Phrack Magazine, #60 has been released today. It details some decent technique about kernel exploitation (OpenBSD), Cisco remote exploit, how to backdoor a core bzimage kernel and other stuff. The ascii based magazine is available at phrack.org."

12 of 239 comments (clear)

  1. Cool domain by alfaiomega · · Score: 5, Interesting

    The gzipped tarball of Phrack #60 is available at http://www.phrack-dont-give-a-shit-about-dmca.org/ archives/phrack60.tar.gz

    --

    root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!

  2. Re:ASCII by JPriest · · Score: 5, Funny
    "So how is Phrack more "ascii-based" than, oh, say, Slashdot?"

    Because Slashdot is in fucking HTML you nimrod.

    --
    Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
  3. Nostalgia... by alfaiomega · · Score: 5, Interesting

    After looking at Phrack #1 from 1985 I decided that I just have to run
    for i in `seq -w 1 60 | tac`; do wget http://www.phrack.org/archives/phrack$i.tar.gz; done
    and spend this day on reading Phrack issues backwards. It's going to be a hellova nostalgic New Year for me... :_)

    --

    root@aio:~# nmap -sX -iR -p1- # Ho, ho, ho! Merry Xmas, everyone!

  4. Re:I dont mean to bait the flames... by kinnunen · · Score: 5, Insightful

    I have never been a big fan of micheal, but if I he can bring some fresh air in to this stinkhole then more power to him. I've been reading slashdot for several years and I'm pretty damn sick of the endless stream of stories about DMCA, RIAA, MPAA, anything about MS that immediately has a score 5 comment about how unstable windows95 is, how some company in Canada that I've never heard of is doing a linux feasibilty study, a new 1000TB storage technology that will never hit the stores, etc etc. It's always a variation of some basic story that we've already heard a thousand times - the following discussion usually has NO variation. Everyone agrees Jack Valentini is an asshole, and about 50% of readers think MS can go to hell and the other 50% thinks they are just another big corp that sometimes does stuff we don't like but should be tolerated. Even "weird" is an improvement over the same old tired shit.

  5. And fond memories they are! by murky.waters · · Score: 5, Interesting

    I remember back in the day, I was on an internship at a local comp-sci research center. Of course I was only given a lowly user account, actually even worse than that. Anyhow, I had fun exploring Solaris, creating a lot of core dmps mainly, and came about the new issue of phrack.

    I had looked through a few issues before after reading about it in Bruce Sterling's "Hacker Crackdown". I had perused the all-time favorites: how to build a bomb, a gun, how to break into cars, and so on. Back then, phrack was already archieved on the www, but the newest issue was only available as tarball. After lunch break, the admin asked me if had been reading phrack, he refered to it as "hacker stuff"---yes, I said, annoyed about him snooping around.

    But then I actually read the new issue.

    There was an article in it about how to get root on a Solaris workstation, exploiting the availability of FORTH on Sparc machines.

    I was sitting in front of a Solaris workstation.

    I smiled.

    I kept smiling.

    Four days and a lot of experimentation later, the administrator found a new file in his personal TODO directory (yes, he had actually called it that). It read


    *""""""""""""""""""*
    [pHraCK]

    MAYBE YOU SHOULD READ IT, TOO.
    *""""""""""""""""""*

    The link to the phrack article.

    --
    Imagine the Creator as a stand up commedian - and at once the world becomes explicable. -Mencken
    1. Re:And fond memories they are! by The+Tyro · · Score: 5, Interesting

      Yep, Phrack has come to my rescue too.

      Was talking to a systems guy where I was working (where they still use VMS), and inquired why we hadn't migrated to something else... His reply was that VMS had never been hacked.

      Never been hacked?? That piqued my curiousity... fortunately, I knew just where to look (from my misspent youth). A short search of the Phrack archives turned up not one but several VMS hacks. They were mostly social engineering hacks rather than code expoits, but they were legitimate hacks.

      Rather than getting annoyed at an amateur (which I was, and still remain), the systems guy actually read the articles with some interest. The ability to learn something from someone who's clearly your tech inferior, without any ego getting in the way... gotta admire that.

      --
      Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
    2. Re:And fond memories they are! by 0x0d0a · · Score: 5, Insightful

      You know, I hate to say it, but internships pretty much exist to build experience and get some good recommendations. A lot of times, it's your only work experience when hitting industry. Doing anything that could get you a black mark from the company you interned with is...uh...ballsy, to say the least.

      I mean, it seems to have not backfired on you, but...

      --
      May we never see th
  6. Gray hat? by arvindn · · Score: 5, Interesting

    Phrack is perhaps a good example of the line between black hat and white hat "hackers" being blurry. The articles are informative and well-written, and by intelligent people, not your typical 14 yr old cracker on ecstasy who launches DDOS attacks from haX0r'd machines. I've done a compilers course, but still found a lot to learn about compilers from a phrack article on buffer overflows. Also check out the essays at SANS .

    1. Re:Gray hat? by SuperDuG · · Score: 5, Informative
      I think the one thing that people need to get out of their heads is the common misconception of a "black hat hacker or cracker". The terminology is quite specific as:

      - "sript kiddie" refers to someone with little or no maturity that uses an automated exploit scan program that makes hacks a matter of happenstance if anything else.

      - "cracker" is one step higher from a script kiddie as this is a person who actually has a target in mind, but is not randomly screening. Usually a cracker will gain access by acquring a password (hence cracker). There are many ways to do this, but the more calculated attacks are usually by a cracker that is persistent.

      - "black hat hackers" these are the guys you rarely hear about as they're main goal in life is to be where they shouldn't be and make sure that they're the only ones that know what they are doing. This is the sexiest of illegal hackers as these are the types that actually get into the "unbreakable" systems and really do know their shit. These people work for the government usually (and not just American) and some are even employed without wanting to be (part of a plea bargain). These are the type of people that you want to not be interested in your system as with a certain amount of time they will get into your system.

      I'm not implying you don't know this, I was meerly trying to elaborate further on your post. And not everything these "Evil Hackers" do is all that bad. Many "script kiddie" tools are useful in testing your own systems for holes or exploits, if you have the same toys as they do, they can't beat you.

      Grey hats are where most all computer type people belong, where we all usually do good, but we do know some tricks of the trade. Like an automechanic who knows how to hotwire a car or jimmy a lock open, does that make him a criminal? Same goes for anyone who is a professional locksmith (make the best theives?), doctors (make the best killers?), and bomb squad officiers (make the best bomb builders?). The joy of being a grey hat is knowing enough to protect yourself because you've been there before.

      Case-In-Point ... the most secure server is one that is unplugged and buried in the middle of the earth, and that's still questionable.

      --
      Ignore the "p2p is theft" trolls, they're just uninformed
  7. Re:Traffic Lights by Phroggy · · Score: 5, Funny

    Theres an article about hacking traffic lights. Do you think that now that the information is now open to a wide public, we will see traffic lights doing weird things?

    No, not really.

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  8. OpenBSD vulnerability has been fixed in August by OttoM · · Score: 5, Informative
    Patches for OpenBSD 3.0 and 3.1 were submitted August 11, 2002. OpenBSD 3.2 was released with the patched code. See errata page.

    While interesting, the article describes a vulnerability that already has been fixed.

  9. read Kevin Mitnick's story by r5t8i6y3 · · Score: 5, Informative

    this, IMHO, is the most valuable information in Phrack 60:

    Kevin Mitnick wrote a book, "The Art of Deception". The first chapter
    has been deleted by the publisher at the last minute. It's available
    on the internet:
    http://www.wired.com/news/culture/0,1284,56187,00. html
    http://littlegreenguy.fateback.com/chapter1/Chapte r%201%20-%20Banned%20Edition.doc

    [i linked this Phrack quote because Slash adds a space character to strings that wordwrap - can anyone tell me how to prevent this from happening?]