Page 2 of 4 FirstFirst 1234 LastLast
Results 26 to 50 of 79
  1. #26
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    Originally posted by E_man3
    http://linuxtoday.com/security/2005051101426SCSW
    It talks about a few vulnerbilities which may affect your System. You are running the mentioned versions of Sqid and gzip.
    Kewl deal. I appreciate it. If/when I install this for a live server, I will definitely make sure to update those.

    Originally posted by Slidey
    incase anyone needs them - theres a working gcc, wget and find in the 'test' directory
    Already allowing the ones already one the servers
    wget and all that works now.

  2. #27
    Join Date
    Aug 2003
    Posts
    459
    I have a kernel end exploit here, it will crash the entire box, however considering all of mine are BSD boxes, i am downloading knoppix just to compile it Edit: just noticed the update

    Edit: GCC isn't functioning properly, my bad, I have to compile this elsewhere.
    Last edited by e-infinity; 05-28-2005 at 06:33 PM.

  3. #28
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,103
    Just a question, why did you remove acces from ps, top and utils like that ?


    <edit> i see permissions on those are allowed now. I still wonder, why did you remove them at first place.

  4. #29
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    Originally posted by sasha
    Just a question, why did you remove acces from ps, top and utils like that ?


    <edit> i see permissions on those are allowed now. I still wonder, why did you remove them at first place.
    I have scripts I wrote called secure and unsecure. It's a habit that I run secure right after an install so I can do what I need to do without possible interference. Then I will selectively (with unsecure script) undo the increased security. In this case, while I cant re-add certain users and programs, I have released all other system resources back to regular usage.

    Oh well this should be interesting whoever is doing the decompression of that program they uploaded

    By the way, hows the speed? It's just a 3mbps cable connection..

  5. #30
    Join Date
    Dec 2003
    Location
    Fairfax, Virginia
    Posts
    6,834
    Are you sure this is a PII 300? Seems more like a 286.

    Regarding that decompression, . The transfer rate was good, about 350K/s. The decompression and running the scripts is very slow though.

  6. #31
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    Originally posted by SniperDevil
    Are you sure this is a PII 300? Seems more like a 286.

    Regarding that decompression, . The transfer rate was good, about 350K/s. The decompression and running the scripts is very slow though.
    Hey now, what kind of computer do you think I'm going to give you to hack?? Sheesh

    Oh it only had EDO ram slots.... so I put 4 sticks in. I think it comes to like 96 megs or something. So thats probably why it's so slow. I had to dig around just to find those...

  7. #32
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,103
    You might want to add lsof to the list of the apps you block then as it does not make blocking some others if lsof works.

  8. #33
    Join Date
    Dec 2003
    Location
    Fairfax, Virginia
    Posts
    6,834
    Originally posted by Webdude
    Hey now, what kind of computer do you think I'm going to give you to hack?? Sheesh
    Only the best.

    If you *really* want somebody to hack this machine, try asking around in known hacker/script kiddie forums, and I bet you won't find a shortage of people willing to root and kill your machine, besides hosting warez and other illegal things on it.

  9. #34
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    You mean like that? LOL

    I think some people are really having fun with this

    Hey, if this linux is as secure as Trustix says it is.... then this is a good test. Red Hat is really getting bad and I'm not liking them much anymore. If this box doesnt get hacked, then you can bet your arse I'm switching! I do expect a few minor problems to be caused, but not a full hack job that basically calls for a reinstall/restore.

  10. #35
    Join Date
    Jun 2002
    Location
    San Diego, California
    Posts
    788
    Might want to powercycle your box, I killed it, security my ***.

    Note:

    Took me about 30 seconds with a bash script 3 lines long.

  11. #36
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    Originally posted by Tee
    Might want to powercycle your box, I killed it, security my ***.

    Note:

    Took me about 30 seconds with a bash script 3 lines long.
    Dangit, I said HACK it not FLOOD it.... it's just a little cyrix II 300 with 96 megs ram....geez man, you went into a whole other area of security man. Ok....... guess I'm gonna have to add a line to stop loop scripts...


  12. #37
    Join Date
    Aug 2003
    Posts
    844
    I think the machines down...

    Just when I wanted to have some fun.

  13. #38
    Join Date
    Jun 2002
    Location
    San Diego, California
    Posts
    788

    Re: Are you a Hacker? Or a wannabe? :-)

    Originally posted by Webdude
    You have to use SSH2
    IP: 24.182.113.251
    UN: webdude
    PW: public

    This is just a test machine here at my house where I am testing out the Trustix Linux Operating System. For those more familiar with Linux and SSH, go ahead and check it out

    Oh, and dont worry. It's on a seperate cable modem, so dont even think about ways to get into my home network

    Go ahead, mess around. It's just a little PII-300 with about 96 megs ram that was an extra computer I had laying around... One of the kid's older computers that wasnt used anymore.

    Anyway, Trustix claims it's the most secure operating system on the planet. I want to test their claim. I want to see if a normal user can hack the box, screw it up, fry the system, trojaned, rooted, whatever.

    Personally, I dont think any of you wannabe admins/hackers can even touch it

  14. #39
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    No, I was messing with limits in /etc/profile
    I messed up and had to go into rescue to fix what I screwed up...

    machine is back up till it gets flooded again. To bad none of you seem to be able to actually "hack" it

  15. #40
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    Ok, did a few minor security changes, rebooted, it's back up. Have at it!

  16. #41
    Join Date
    Jul 2004
    Location
    Manchester, UK
    Posts
    2,132
    Originally posted by Tee
    Might want to powercycle your box, I killed it, security my ***.

    Note:

    Took me about 30 seconds with a bash script 3 lines long.
    wtf?? how did you floood a machine with a three line script?
    Our greatest glory is not in never falling, but in rising every time we fall. - Confucius

  17. #42
    Join Date
    Jan 2004
    Location
    Texas
    Posts
    1,556
    Probably by the first line being #!/bin/sh (or csh)
    then the second line running some program and putting it in the background with nohup
    then the third line rerunning the script causing a loop and simply overloading the box.
    James Lumby

  18. #43
    Originally posted by effusionx1
    wtf?? how did you floood a machine with a three line script?
    you can do it in 2.

    wget windowsMEinstall.exe
    windowsMEinstall.exe

    should finish off any system you run it on in a matter of seconds. Beware, don't actually try this on a working computer, I wont be responsible for the carnage.
    --
    Rich

  19. #44
    Join Date
    Jul 2004
    Location
    Manchester, UK
    Posts
    2,132
    Originally posted by richy
    you can do it in 2.

    wget windowsMEinstall.exe
    windowsMEinstall.exe

    should finish off any system you run it on in a matter of seconds. Beware, don't actually try this on a working computer, I wont be responsible for the carnage.
    Would you not need root access to the machine in order to do this?

    Jord
    Our greatest glory is not in never falling, but in rising every time we fall. - Confucius

  20. #45
    Join Date
    Jul 2004
    Location
    Manchester, UK
    Posts
    2,132
    The other thing is that I am unfamiliar with wget (sorry if this is a little off-topic) but how can you wget a .exe file. I thought you could only wget urls??
    Our greatest glory is not in never falling, but in rising every time we fall. - Confucius

  21. #46
    Join Date
    Feb 2002
    Location
    Reading, England
    Posts
    4,240
    It was a joke
    Steve

  22. #47
    Join Date
    Jul 2004
    Location
    Manchester, UK
    Posts
    2,132
    Originally posted by Vortex-Steve
    It was a joke
    lol, very good, - your sarcasm has got me again
    Our greatest glory is not in never falling, but in rising every time we fall. - Confucius

  23. #48
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    honastly if you wanted to test the security of trustix like they said, it should have been an unmodified box. just my opinion.

    Anyway, Trustix claims it's the most secure operating system on the planet. I want to test their claim. I want to see if a normal user can hack the box, screw it up, fry the system, trojaned, rooted, whatever.
    Their claim now holds invalid.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  24. #49
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    theres always the old oneliner - (i cant remember it exactly) - ;:{:;:}

    or thereabouts..

  25. #50
    Join Date
    Jun 2002
    Location
    San Diego, California
    Posts
    788
    The most effective local flood attack on most all Linux or *BSD boxs is usually a fork bomb, thats what I used in this case, the reason for this is the only kernel that has been patched is the NetBSD and OpenBSD, If I was looking for security, My choices of BSD / Linux would be in this order:

    1. OpenBSD
    2. NetBSD
    3. FreeBSD
    4. CentOS / RHEL
    5. Slackware
    6. Trustix
    7. Fedora

    ... All the rest ...

    The only truely secure 'Out of the box' distro(s) are OpenBSD and NetBSD in my opinion. [Assuming you dont run httpd etc]

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •