Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis
|http://www.urbandictionary.com/define.php?term=obnosis
(503)754-4452________________________________________________________________From:
[EMAIL PROTECTED]: [EMAIL PROTECTED]: HackFest Series: NOVEMBER HackFest At
ESTRELLA MOUNTAIN on November 15, 2008 Noon Until 3:30Date: Thu, 13 Nov 2008
14:05:40 +0000This month, the HackFest has been moved to Estrella Mountain to
take advantage of a generous offer from Randol L. Larson to use their Lab
facilities.http://www.estrellamountain.eduJoey Prestia ([EMAIL PROTECTED]) will
be supporting the PLUG FEST, as we delve into the exciting area of Linux
Security.Saturday November 15th, 2008 - Noon Until 3:30We will bring targets
for your practical exploits and scanning - and go over the original
presentation materials for each lab - depending on the time
available.Presentation Materials are available for review (if you just found
us) at: http://www.scribd.com/doc/6680231/Hack-FestIt's suggested that people
plan:1) Develop and bring a machine with a good distribution or LiveCD's tested
to work. [THIS MONTH We will have the Estrella Mountain Network and LAB
Machines to use!]2) Social Engineer team members and choose one or two areas to
concentrate on. TEAMS usually always succeed most quickly - as one person
reviews the materials while the other does the lab.Again this is a practical
lab - not a hacking/cracking demonstration.This format is presented for
computer professionals, linux security professionals and linux users and is in
no way an advocation of cracking, disrespect for private property or illegal
activities.A disclaimer signature and email address will be required at the
door.See you all there!Obnosis.com |
http://en.wiktionary.org/wiki/Citations:obnosis
|http://www.urbandictionary.com/define.php?term=obnosis
(503)754-4452________________________________________________________________From:
[EMAIL PROTECTED]: [EMAIL PROTECTED]: RE: HackFest Series: "Is it safe yet" or
SSH Buffer Overflows and You - CHECK YOUR VERSIONSDate: Thu, 30 Oct 2008
15:38:46 +0000SSH Exploits are currently available in various forms:1) General
Stack Based exploits. Also called Boundary Protection BOE's. Check your
version.Most older versions have been
fixed:http://secunia.com/advisories/search/?search=ssh+buffer+overflow2)
Protocol 1 exploits. (Check your Version) configure /etc/ssh/sshd_config to use
Protocol 2.3) Kerberos exploits - authentication when compiled against various
insecure Kerberos. Check your version; these affect older versions of SSH or
unpatched systems.Description of exploit: http://kerneltrap.org/node/1604)
Random PRNG entropy SSL/SSH - announced in 2006 by a team of university
students, this problem with random number generation allows the attacker to
guess the key generation and affected nearly all versions of SSL/SSH -
including routers/switches/firewalls and custom mail applictions.Debian/Ubuntu
descriptions from CERT:http://www.debian.org/security/2008/dsa-1571";
http://www.debian.org/security/2008/dsa-1576";
http://www.ubuntu.com/usn/usn-612-1 http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3 http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-5http://www.ubuntu.com/usn/usn-612-6
http://www.kb.cert.org/vuls/id/9252115) Challenge and Response - allows
escalated privileges upon overflow of the buffer:Description and versions
affected:http://www.juniper.net/security/auto/vulnerabilities/vuln5093.htmlExample
Script that exploits SSH challenge response [see no die there then the
overflow payload?]:http://www.milw0rm.org/exploits/6804BlackHat
Training:http://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-ss-el.htmlMetasploit
(comes setup on BackTrack) includes a few examples for SSH exploit
training:http://www.metasploit.com/NOTE: This information has been
intentionally obfuscated using intellectualism to filter out the less evolved
crackers in favor of providing security tools to responsible professionals
systems hackers [ builders troubleshooters and ethical
users].http://wapedia.mobi/en/Obnosis |
http://en.wiktionary.org/wiki/Citations:obnosis | Obnosis.com
(503)754-4452________________________________> Date: Thu, 30 Oct 2008 00:49:53
-0700> From: [EMAIL PROTECTED]> To: plug-discuss@lists.plug.phoenix.az.us>
Subject: Re: HackFest Series: "Is it safe yet" or SSH Buffer Overflows and
You>> Am 30. Okt, 2008 schwätzte Lisa Kachold so:>>> SSH buffer overflow
exploit - season to taste:>> http://www.milw0rm.org/exploits/6804>> Looks like
this one is exploiting after authenticating as root. I presume> the idea is
that you could auth as someone else and still get root access.>> my $user =
"root";> my $pass = "yahh";>> $ssh2->auth_password($user, $pass) || "[-]
Incorrect credentials\n";>> Was a die left out?>> $ssh2->connect($ip, $port) ||
die "[-] Unable to connect!\n";>>> History:>>>> OpenSSH Challenge Response
Buffer Overflow: http://www.securityfocus.com/bid/5093>>>> Report 2001 -
updated last Nov 05 2007 02:45PM>> Other boundary exploits, kerberos, auth and
encryption exploits and overflows exist making encroachment via SSH trivial.>>
It's been almost a year since the update with no update on the update :(.>>
Everybody was too busy reacting to the debian problem?>> ###> **UPDATE: One of
these issues is trivially exploitable and is still> present in OpenSSH 3.5p1
and 3.4p1. Although these reports have not been> confirmed, administrators are
advised to implement the OpenSSH> privilege-separation feature as a
workaround.> ###>> I'd think the OpenBSD guys would have denied or confirmed
this.>> /me switches back to telnet. ;-)>> ciao,>> der.hans> --> #
http://www.LuftHans.com/ http://www.LuftHans.com/Classes/> # "If I want my
children to work hard, I better be the hardest working> # person they've ever
met. If I want the children to be nice, I better> # be the kindest human being
they've ever met." -- Rafe Esquith________________________________You live life
beyond your PC. So now Windows goes beyond your PC. See
how________________________________You live life beyond your PC. So now Windows
goes beyond your PC. See how________________________________See how Windows®
connects the people, information, and fun that are part of your life Click here
_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
