Re: [Full-disclosure] New member asking question...
> Finally - The very fact you've asked the question you've stated leads > me to believe you fall into example 2, as someone who falls into > example 1 would never post this kind of message to the international > WAN security community, respectively. The "international WAN security community"? Is that related to the Military Industrial Complex? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
On Fri, 30 Jun 2006 20:20:26 BST, n3td3v said: > Valdis falls into example 2 of my discussion: > > 2. The guy who went to high school past grades, have friends, socail > circles, go out and live a great life. Don't presume to be sure over which example I'm more like. Also, you seem to be convinced that there's a binary distinction, and that nobody can be a member of both groups at once. Also, note the context of the original question: > > systems and understand the weakness that allows it so I can avoid it > > later. The skillset of a good defender (who is trying to "avoid it later") is quite different from the skillset of a good attacker. Now, if he had been asking how to be a good attacker, he'd have gotten a different list of suggestions... pgpGaUCKHabvd.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
I have been reading the posts over the past few weeks, and am wondering how the heck you guy discover these vulnerabilities. Granted, I am still very new to the IS world, but I cannot begin to understand how you discover weaknesses. After reading these posts, the explanation always makes since, but are you guys actively seeking weaknesses, or just happen to come across them? Learn how things are *supposed* to work (for example, write your own webserver in C), then intentionally throw broken requests at it. Eventually you'll find a result you *didn't* expect, and that's what you should investigate. Knowing *what* is broken is never as important as *why*. As mentioned by another, learning to dream in C, and understanding asm go a *long* way. Oh .. and one more note .. practice on your own stuff. It's easy to get arrested in the process of learning if you're not careful. When you get good at it, play nice and adhere to the rules of "responsible disclosure" (search the archives for lengthy threads on this seperate issue) /mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
On 6/30/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: On Fri, 30 Jun 2006 11:47:37 CDT, "Reynolds, Joseph R" said: > Also, are there any good "Hacking" books that I could read? I have had > a Hackers Tool and Techniques class at school, but all of the programs > are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and I wouldn't call any of these "outdated" - they're still some of the best tools in their categories. > such. I am looking to actually enter systems or find ways to enter > systems and understand the weakness that allows it so I can avoid it > later. It turns out that you don't actually need to be very good at *finding* weaknesses in order to secure against it. All you need is a good grasp of what general classes of vulnerabilities there are, and what they can gain an attacker. If you need to look at actual code, I'd suggest getting a copy of Metasploit, and just *looking* at it. Look at the payloads section, as that will give you a good idea of the sorts of payloads you might get hit with. Then just assume that the Bad Guy has an exploit for any given outward-facing code and resource on your system... If you want to be scared about how many exploits are already out there, look at Nessus or the Packetstormsecurity archives. ;) In order to secure against this, the proper method is: 0) Simply applying all the current patches for your system, and properly configuring it, will go a *long* way. Two good resources: Center for Internet Security (http://www.cisecurity.org) the NSA security guides (http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1) (Basically, these go through all the high-risk issues discussed in 1-4 below, and give you a easy cookbook so you don't have to re-do the research. Disclaimer: I'm one of the perpetrators for the various CIS Unix/Linux guides, so I'm a bit biased.) The two biggest areas those guides don't address in depth are social engineering and abuse of inter-machine trust relationships (if you manage to find a weak password on one box, and then get into a second because there's a file share or SSH key or similar...) 1) Pick a piece of code or resource that an attacker could potentially attack (for instance, your Apache server, or a Windows file share. 2) *ASSUME* that the attacker has a Magic Bullet that can exploit it. You don't need to *find* one, just proceed as if the bad guy did all the hard work and found it. 3) Start looking at ways to mitigate and control the damage. For instance, many "buffer overflow Magic Bullets" can be stopped with "Run Apache with non-exec stack". Many "own the file share Bullets" can be stopped with either "don't export share to world" or "firewall the Windows fileshare ports". And so on. 4) Lather, rinse, repeat for all the attacks you can think of. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Valdis falls into example 2 of my discussion: 2. The guy who went to high school past grades, have friends, socail circles, go out and live a great life. They all of a sudden decide they want to goto university, they goto a computer science course dedicated to ethical hacking, where they learn the in's and out's of hacking corporate infrastructure. They often post to the internet on college computers, showing off skills they've just recently learnt by the lecturer, (Matthew Murphy, *cough*) and get full media coverage by all the major security outlets (*cough* Robert Lemos). This is of course a great mis justice to the real people who dedicate their entire social and educational life to the subject as noted in example 1. Additionally - Theres always going to be a balance between home made hackers (example 1) and manufactured hackers (example 2). Finally - The very fact you've asked the question you've stated leads me to believe you fall into example 2, as someone who falls into example 1 would never post this kind of message to the international WAN security community, respectively. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
Master C, assembler on your architecture of choice, perl or python, _javascript_, and sql. Then memorize the intricacies of most major network protocols.Sometime before you are done you will start to understand the entire spectrum of application and protocol vulnerabilities. On 6/30/06, Reynolds, Joseph R <[EMAIL PROTECTED]> wrote: Question for everyone on the board?I have been reading the posts over the past few weeks, and am wonderinghow the heck you guy discover these vulnerabilities. Granted, I amstill very new to the IS world, but I cannot begin to understand how you discover weaknesses. After reading these posts, the explanation alwaysmakes since, but are you guys actively seeking weaknesses, or justhappen to come across them?Also, are there any good "Hacking" books that I could read? I have had a Hackers Tool and Techniques class at school, but all of the programsare very outdated, like l0phtcrack, JTR, ethereal or wireshark, andsuch. I am looking to actually enter systems or find ways to entersystems and understand the weakness that allows it so I can avoid it later.Thanks everyone.Joseph K. ReynoldsSystems Support Analyst - IntermediateEnterprise Rent-A-CarEmail JR Reynolds314-512-2370___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
On Fri, 30 Jun 2006 11:47:37 CDT, "Reynolds, Joseph R" said: > Also, are there any good "Hacking" books that I could read? I have had > a Hackers Tool and Techniques class at school, but all of the programs > are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and I wouldn't call any of these "outdated" - they're still some of the best tools in their categories. > such. I am looking to actually enter systems or find ways to enter > systems and understand the weakness that allows it so I can avoid it > later. It turns out that you don't actually need to be very good at *finding* weaknesses in order to secure against it. All you need is a good grasp of what general classes of vulnerabilities there are, and what they can gain an attacker. If you need to look at actual code, I'd suggest getting a copy of Metasploit, and just *looking* at it. Look at the payloads section, as that will give you a good idea of the sorts of payloads you might get hit with. Then just assume that the Bad Guy has an exploit for any given outward-facing code and resource on your system... If you want to be scared about how many exploits are already out there, look at Nessus or the Packetstormsecurity archives. ;) In order to secure against this, the proper method is: 0) Simply applying all the current patches for your system, and properly configuring it, will go a *long* way. Two good resources: Center for Internet Security (http://www.cisecurity.org) the NSA security guides (http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1) (Basically, these go through all the high-risk issues discussed in 1-4 below, and give you a easy cookbook so you don't have to re-do the research. Disclaimer: I'm one of the perpetrators for the various CIS Unix/Linux guides, so I'm a bit biased.) The two biggest areas those guides don't address in depth are social engineering and abuse of inter-machine trust relationships (if you manage to find a weak password on one box, and then get into a second because there's a file share or SSH key or similar...) 1) Pick a piece of code or resource that an attacker could potentially attack (for instance, your Apache server, or a Windows file share. 2) *ASSUME* that the attacker has a Magic Bullet that can exploit it. You don't need to *find* one, just proceed as if the bad guy did all the hard work and found it. 3) Start looking at ways to mitigate and control the damage. For instance, many "buffer overflow Magic Bullets" can be stopped with "Run Apache with non-exec stack". Many "own the file share Bullets" can be stopped with either "don't export share to world" or "firewall the Windows fileshare ports". And so on. 4) Lather, rinse, repeat for all the attacks you can think of. pgpADwmgTBIhK.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
On 6/30/06, n3td3v <[EMAIL PROTECTED]> wrote: Finally - The very fact you've asked the question you've stated leads me to believe you fall into example 2, as someone who falls into example 2 would never post this kind of message to the international WAN security community, respectively. Correction: as someone who falls into example 1 would never post this kind of message to the international WAN security community, respectively. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New member asking question...
On 6/30/06, Reynolds, Joseph R <[EMAIL PROTECTED]> wrote: Question for everyone on the board? I have been reading the posts over the past few weeks, and am wondering how the heck you guy discover these vulnerabilities. Granted, I am still very new to the IS world, but I cannot begin to understand how you discover weaknesses. After reading these posts, the explanation always makes since, but are you guys actively seeking weaknesses, or just happen to come across them? Also, are there any good "Hacking" books that I could read? I have had a Hackers Tool and Techniques class at school, but all of the programs are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and such. I am looking to actually enter systems or find ways to enter systems and understand the weakness that allows it so I can avoid it later. Thanks everyone. Joseph K. Reynolds Systems Support Analyst - Intermediate Enterprise Rent-A-Car Email JR Reynolds 314-512-2370 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Two kinds of hackers: 1. Homemade hackers, typically loners with social problems who spend their time infront of computers to feed their social stimulation via the international wide area network. They have so much free time that they've learned how to hack on their own steam. Because of the lack of social background, advanced users in this group, have the time to discover and research ground breaking security and penetration techniques of major vendors, with a real threat to the single mom and retired couple commmity, as well as a threat to corporate and government interests. 2. The guy who went to high school past grades, have friends, socail circles, go out and live a great life. They all of a sudden decide they want to goto university, they goto a computer science course dedicated to ethical hacking, where they learn the in's and out's of hacking corporate infrastructure. They often post to the internet on college computers, showing off skills they've just recently learnt by the lecturer, (Matthew Murphy, *cough*) and get full media coverage by all the major security outlets (*cough* Robert Lemos). This is of course a great mis justice to the real people who dedicate their entire social and educational life to the subject as noted in example 1. Additionally - Theres always going to be a balance between home made hackers (example 1) and manufactured hackers (example 2). Finally - The very fact you've asked the question you've stated leads me to believe you fall into example 2, as someone who falls into example 2 would never post this kind of message to the international WAN security community, respectively. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] New member asking question...
Question for everyone on the board? I have been reading the posts over the past few weeks, and am wondering how the heck you guy discover these vulnerabilities. Granted, I am still very new to the IS world, but I cannot begin to understand how you discover weaknesses. After reading these posts, the explanation always makes since, but are you guys actively seeking weaknesses, or just happen to come across them? Also, are there any good "Hacking" books that I could read? I have had a Hackers Tool and Techniques class at school, but all of the programs are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and such. I am looking to actually enter systems or find ways to enter systems and understand the weakness that allows it so I can avoid it later. Thanks everyone. Joseph K. Reynolds Systems Support Analyst - Intermediate Enterprise Rent-A-Car Email JR Reynolds 314-512-2370 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
