Jump to content
xisto Community

qwijibow

Members
  • Content Count

    1,359
  • Joined

  • Last visited

Everything posted by qwijibow

  1. There is no open source wma9 codec for linux. So to play wma version9's you need the closed source win32 codec. To keep linux distro's open source, they are not included, but can be downloaded from design7/news.html about your DVD, there's nothing linux can do about damaged DVD's Maybe you should try cleaning the lense of your DVD player. the menu thing will be a Knoppix bug. are you sure there not running ? some programs run as daemons (no interface) for example the samba daemon. Gaim works fine, probably a knoppix bug.. Unless you are using an old version and attempting to access yahoo or MSN. Microsoft especially like to randomly tweak the protocol to annoy 3rd party clients, a patch is usually released within a day or so. Linux is easy aslong as you have a little UNIX experiance, and if not, most people learn quite quickly. within a few weeks most people are comfotable compiling applications themselves, within a few months, most people can master custom kernel configureation and compalition.
  2. write a C++ program uses a system call to exectue anouther program, this is very similar to the UNIX way, somthing like a execve(NULL,"/bin/sh",NULL); and compile it statically.then compile it, and dissasemble it with whatever the windows version of objdump is.then you just need to tweak a few addresses, etc etc.load the modified binary code into th buffer, (with as much NOP padding as possable) overflow the return address with a educated guess of what the address of the stack is + the address withing the stack that the buffer lives in. and if you guess right, the code will run, and whatever program you put in the shellcode will run.The theory behind this is quite simple, but doing it requires a good knoledge of ELF binarys (or win32 for windows) and machine code.ALSO, before i attmepted this challenge, i never noticed how different Intel assembly was to AMD assembly.i compiled 3 different binary's to start with, just to look at the difference..g++ -m64 -march=athlon -ggdb -O0 ./main.cpp -o Athlon64_debug_noOptimise.bing++ -m32 -march=athlonXP -ggdb -O0 ./main.cpp -o AthlonXP_32bit_debug_noOptimise.bing++ -m32 -march=pentium -ggdb -O0 ./main.cpp -o pentium_debug_noOptimise.binthe biggest difference i noticed was how the different CPU's passed parameters to functions.
  3. Cool !!! If it helps, i had a little sucess exploiting the linux server i re-compiled and attached to post lucky 13 http://forums.xisto.com/topic/79638-topic/?findpost= in Knoppix 3.3. Knoppix 3.3 was compiled with a un-hardened GCC 3.2 (i used knoppix 3. to compile the above program) Assuming you are going to put the shellcode into the buffer, Part of the problem here is guessing the address of the stack. with such a tiny buffer (20 bytes) there is virtually no space for padding with NOP's Just to test that the server linux server (on knoppix) IS infact hackable i re-compiled with a buffer of 2048 bytes, with shellcode borrowed from "smashing the stack for fun and proffit" With just under 2Killobytes of padding NOP's at the start of the buffer, it was pretty hard to miss, and a bash session was spawned. I would appreciate a tutorial though, i understand a little about assembly / shellcode / buffer overflows, but not quite enough to do this 100% on my own. for example, i can generate shellcode by compiling the exploit as c++, and extracting the correct compiled function with objdump, but the tequniquw of adding a jmp call the the start, and a back call the the end to switch to "relative addressing mode" just goes wwaaaay over my head. If i write anouther challenge, ill have to make it harder, your too good at this
  4. Linux is not windows. http://linux.oneandoneis2.org/LNW.htm This article answers many questions and surgestions that most linux newbies will ask or surgest at one time or anouther, and does so really well. I urge everyone who has taken an anti-linux stand in the Windows vs Linux topic to read this. It has some interesting comparasons between operating systems and cars. foe example, a car driver sits in a traffic jam, and sees a motorbike cruising past between lanes, from this the car drivers think that the motorbike may be better than a car, and attempt to ride one. They then decide to *improve* the bike by adding 4 wheel's to brake quicker, stop the rider from falling off, and stop the rider from having to lean on corners. Move the accelerator and breaks to the feet, move the grar stick to be operated by hand. Add a windscreen, add a roof for when it rains, add a comfortable chair.... oops, its now a motorbike anymore, and can no-longer zip through the traffic
  5. I know, im just putting it into terms everyone can understand.The average kid playing games will look at you funny if you talk about latency.
  6. It is possable though a hub, but you will need one computer to perform all the NAT (network address translation)The computer performing the NAT will either need 2 ethernet cards, or it will need to be running Linux / FreeBSD / UNIX*nix systems like linux can allow a single network card to work like 2 seperate network cards with half the bandwidth.Can windows do this ? i dont think so ?Anyway, Set all the machines on your LAN to use static IP'sOne of the Internet shareing computers's Netowrk cards should be static 192.168.1.1. other computers on your LAN should have similar 192.168.1.X with netmask 255.255.255.0 Gateway 192.168.1.1, and NameServer 192.168.1.1.set the second network card on the shareing machine (or the virtual network card) to use DHCP.and enable NAT and forwarding on the internet connection shareing machine.Provided the the NAT computer is turned on, the other computers wil be able to share its internet connection.If you have an old machine lying around, these are perfect to turn into dedicated NAT routers / proxy's / firewalls.
  7. Under some conditions. a reduction in reserve bandwidth mat cause an increace in latancy ( aka PING / LAG )But its unlikely that your online games will use all available bandwidth, and in this case, latency may not suffer, (but you will have gained nothing from reducing reserved bandwidth)I know this is confusing..but whay im basically saying, in my opinion, removing the reserved bandwidth may cause a slight increace in bandwidth, but when under high load, will cause an increace in lag/ping/latency.Ofcourse the end effect depends on many unknowns, like your ISP, how far away the server is, etc etc etc.Why would Microsoft (who are under stong competition againsed Linux especially in the server market) delibratly reserve a little bandwidth for no reason ?By all means experiment with this setting, try increacing a little / decreacing a little, and watcho how it effects download times, and game ping.its always possable to tweak defaults to better match your unique situation, but i think 0% is a little drastic.
  8. read the posts in this topic. Like myself and others have said, its not worth it.
  9. There are 2 measrurements of network quality, Bandwidth and Latency.Bandwidth = Amount of Data per second to be delivered.Latency = the amount of time it takes a piece of data to reach its destination.Examples.... I carry a hard drive with 200GB or data to my friends house, it takes 100 seconds to carry it there by hand.Bandwidth = 20 Gigabytes per second !!! (Very very very fast compared to internet)Latency = 2 minutes.. (Very very very bad compared to internet) (i walk alot slower than exectricity)Latency and bandwidth are not the same thing you see.If your computer is communicating with the internet slightly slower than its maximum.then the data moves quickly.If you are at bare maximum.. then there can be bursts where data cant be recieved fast enough, and needs to wait in a que at your internet service provider.So for example, you might be able to download web pages slightly faster...but when playing online games, your latency / ping / LAGG can seriously suffer.Microsoft have setup your machine to work best alround, good throughput, and good latency.if you remove reserve bandwidth, then throughput will increace at the cost of latency.
  10. I tried to upload the vunerable linux version of the server, but it seems that Xisto FTP server is down.i have attached it here.OR you can compile your own version provided you have an UN-hardened version of GCC.The version attached here is vunerable to buffer overflows, and i have tested it myself.Easy :)Although the type of attack you can sucessfully use is limited by the 20byte buffer.Maybe i should allow people to re-compile with a bgger MAX constant...
  11. Anouther thing.. i recently setup a hacking challenge, where the task was to hack a server programed by myself that had a deliberate securety hole.. the buffer overflow. while(c = getchar() != EOF) { buffer[n++] = c; } i compiled a windows version with a default compile of windows Visual Studio. and a default compile on my Gentoo GNU/Linux box. then i tried to complete the challenge myself. it took about 2 minutes to overflow the return pointer on the windows version. after an hour working on the linux version, i gave up. it was impossable to overflow the buffer, and overwrite the stack. by default, linux was compiling hardened binaries, with stack randomising protecection. In the real world, if my program had been a real server, the windows version would have been exploited hacked. The linux version, even with this huge gaping porgrammer mistake, would have stayed secure. i dont think the available windows compilers even have this option ???
  12. Yes... MS funded tests often show MS products as being more secure.I hav 2 computers, 1 windows and 1 linux.the linux machine has been runnign nivcely for 3 years, no chashes, no virii, no firewall, no virus scanners. it has never crashed, nor gottan a virus, nor needed re-installing.the windows machine needs de-fragging every month or so, needs constand virus scanner updates, needs re-booting often. and re-installing every 9 months to keep running smoothly.Ok Ok.. a surves of 2 computers is not proof of anything... but ill be sticking with GNU/Linux thanks.
  13. My fabourite part of the announcement was how MS would agreed to give everyone with a stolen copy of XP a free legitimate copy.. (how nice of them)<small print> to recieve your free copy, must fill out a copyright theft form, and rat out whoever gave this to you</small print>LOL.
  14. winFS is just a seach indexing system built ontop of NFTS.the current linux NTFS driver will continue to work, even when MS introduces the winFS patch (if ever)the NTFS driver has been making steady improvements,Last time i used the driver, it was fully ccapable of reading NFTS, and writing was partially supported, but not recomended.Im sure they will crack it soon.The windows machine my family uses bereaks down quite a-lot, and none of them are good at remembering to backup, so i kep windowsXP on Fat32 to i can retrieve homework / emails etc etc.As for the games comment, i didnt think MS made games... I know they bought HALO and sold it as there own (similar to MS-DOS, lol) but i dont think that counts. lol..anyways, lets try to stay on topic.
  15. Nope.. crashing the server is waaay to easy. The first thing to do, is make sure you are sucessfully overflowing the return pointer. load the program into your debugger (i recomend gdb) and run the program with some test date, maybe 100 'A' characters. if you have sucessfully overwritten the return pointer, the return pointer will hold the hexidcimal number 0x45454545 (0x45 hex is 65 dec (the ascii code for A) you can get a print out of the cpu registers at crash time with the command "info registers" the return pointer is stored in the EBP register. next, when you know your sample stream is long enough to overwrite the return pointer, and is doing so sucessfuly, you should work out at exactly what address in your buffer is over wrting the return popinter.. example program... for (unsigned char n=0; n < 10; n++) { cout << c;}// server takes char 10 as end of stream.. miss it out.for (unsigned char n=11; n< 256; n++) { cout << n;} compiled as "test_buffer" and run "test_buffer > payload" now pass the payload to the server, and have a look at what numbers have overflowed into the EBP register. you can use this to work out where you need to place the buffer's address (once you find it) REMEMBER... in the stream, the address is read backwards... so to overflow the address 0xdeadbeef you would need to enter 0xefbeadde That is the first third of this challenge.... the second third is to generate some shellcode.. you can either download pre-compiled shellcode... or you can compile your own, and extract the nessesery parts with the dissasembles "objdump".. for exmaple, compile a function that simply runs the command "execve(command.com)" compile it, extract the shell code, and insert to the start of your buffer. the final part of the challenge, is to find the address of the buffer in the stack... then your final exploit payload will be...... <--some nop's to increace chance of hitting correct address-> <-- shell code--> <-- padding --> <-- stack address of buffer --> The shellcode can be anything you like, most impressive would be shellcode that spawns a dos prompt.. but you may stuggle for space... maybe add "exit(0)" to make the program exit cleanly... maybe make it output "hello world" i found anouther guide if there are still people having trouble with this... http://forums.xisto.com/no_longer_exists/ OHHHH.. and, adfter trying to hack the linux versions myself and failing... i realised i compiled them with my hardened compiler, (that relocates the stack, making stack overflows MUCH more difficult) so use the windows version, this is still vunerable. i will try to re-compile the linux versions without the stack protection. OOPS.... as far as im aware, you have all been using the windows server right ?? LOL. enjoy.
  16. Ahhh Amiga OS.The first Disk operating system i had (DOS, not to be confused with anything whatsoever to do with microsoft) was Amiga Workbench 3.1(before that i had a ZX spectrum, but that wasnt much of an OS, just an interpreter you could use for scripting, and poking machine code into memory, lol.)Those tutorials are more about using UNIX.I know how to use UNIX, i dont know how to use the BSD kernel or package management.for example, i wouldnt have to think twice in linux to load absend usb mouse drivers...modporbe usbcore ohci_hcd ehci_hcd usb_hidand linux kernel would place the device node at /dev/input/mouse1 (or mouse0 if the ps2 mouse driver was omitted or not loaded)but i wouldnt know what drivers to load in BSD kernel, nor how to load them, nor where the kernel would place the device node.also, i lothe sh. and bash doesnt seem to be installed by default in BSD.i need info on the package management systems, and the kernel.google rpovids loads of info on how to use UNIX, but not much on the BSD kernel / package management.thanks anyways.
  17. Recently, i decided that FreeBSD was somthing i wasnted to be able to say i could use, and afdmin comfortably.I was reading several comparasons between GNU/Linux (what i currently use) and f'BSD.Apart from the differences in the Licences, and they way they were developed, and of cource the history, they were very very similar.Ive used and become comfortable with several Linux distro's inclusing Linux From Scratch, Slackware, Gentoo Mandrake, Fedora/Redhat, and maybe a few others, LOL.After becomming comfortable with linux, i started university, where i used SUN's UNIX (Called Solaris)This was easy, I didnt even have to think, my brain stayed in linux mode, and i successfully used solaris UNIX just fine.I wrongly asumed the same would be true for Free BSD UNIX.I downloaded the install CD's for FreeBSD 5.4.Upon choosing what packages to use, i selected The defaults for a USER + X (normal desktop machione with graphical interfaces)I also, selected to use the BSD boot loader on MBR (replacing GRUB)So i was left with a dual booting system, Gentoo GNU/LINUX and FreeBSD.I booted FreeBSD and found myself completely lost.X couldnt start, i found the config file, and tried to open it for editing...nano (not installed)emacs (not installed)vim (not installed)vi (not installed)and completely alien to the package management system, i did not know how to install them.i tried Xorgconfig, which provided the familiar config tool, but i became completely lost again trying to find the device node of my USB mouse...maybe the driver wasnt loaded?oops, the drivers are named differently to Linux....i dont know if usb drivers were loaded, nor how to load more, nor what there are called to load in the first place.without a web browser i couldnt find any online documentation.the man pages helped a little, but not enough.to make things worse, although the FreeBSD loader found my linux partitons, it didnt know how to boot it, and i didnt know how to configure it.Then i did wht i always moan at Linux Newbies for doing... running back to the safe and familiar.. ahhhh get a bg hug from Larry the cow, and Tux the penguin, and GU the.. um... that is that thing ? a moose ? LOLIt seems i need more help getting started with FreeBSD.Are there any guides / tutorials specifically written for GNU/Linux users on learning FreeBSD ?thanks.I doubt ill find a OS i like more that GNU/Linux Gentoo... but if i dont try, ill never know, maybe im a BSD enthusiats who just doesnt know it yet.
  18. only redhat based package managed distro's can properly use RPM's. that is one reason.anouther is that version 1.5 has a 64bit version available.
  19. I assume you are using the perl script through a web server, possably apache ???for securety, apache runs as user "nobody" for securety reasons.nobody doesnt have a /home and so does not have access.this prevents a compromised web server getting access to usernames (stored in /home)nobody DOES have access to /tmp however.you chould change the access rightas to /home, but i would not recomend this.just re-think whatever you are trying to accumplish, and re-design it to work more securely.
  20. google for smashing the stack for fun and profit. all the nfo you need is there. you need a dis-assembler / debugger (gdb for linux or the windows alternative) and a hex-editor to create the payload file. you have already managed to sucessfully smash the stack with a random return address (thus the segfault crash) I would recoment creating a payload file containing byts starting from 0, and up to 255 with a hex editor. then use a debugger (gdb) run through the program execution one step at a time, the step before it crashes, have a look in the cpu register holding the jump to address, if for example the return address has been over written by 45464748 then you know that the return adress (has ben over written by 4 bytes starting from the 46th byte of the payload file. then you would need to work out where you want the program to jump too (maybe the start of the buffer, maybe an address of an envoronment variable holding some executable code.. work out the offsets, and generate a rea payload.. good luck. [EDIT] not exactly, since you cant TYPE machine code, i would recomend you use an assembler (or a c compiler) to make some binary code, save it to a file, and add it to you buffer overflow code with a hex-editor, then pipe the data to the server, will be much easyer that yping it all out. date_server32 < my_payload_file.hex
  21. Im not 100%, but dont all the msn server use the same port (or same range of ports) you may have more luck blocking tcp packets in state NEW to msn server ports. iptables -A FORWARD -p tcp --dport <msn_server_port_range> -m state --state NEW -j DROP
  22. What about KDE-Office ???Does anyone else use that ???
  23. you dont need to install, just gunzip it and execute. it only uses the STD libraries cstdio istream and string, it whould work on any linux distro. (you may need to make the file executable first with chmod +x ./date_sever*.bin) like i said, you can find a step by step guide on how to do this by reading the article "smashing the stack for fun and profit" the article even provides shellcode, the hard part is finding the address of the return pointer, and overwirting it with the correct address, finding the correct offsets, etc etc. If you think this is hard, imagine how hard it is to write buffer overflows for closed source applications like Microsoft windows RPC. (like MSblaster uses) Like i said, this is a very difficult challenge (unless you know the black art of assembly programming) If you have trouble running the linux binary's let me know and i will upload some statically linked ones (guaranteed to work on any linux kernel, even if glibc is missing) or just compile yourself... g++ ./main.cpp -o ./date_server maybe this will be easyer if you turn optimisation off with -O0 as a g++ command... lol. anyways, i only rite hard hacking challenges, i was almost not going to provide the source code, but i like the way the first clue on how to do it is on line 5 ####################################################### EDIT: For you linux users who want to make this even more realistic, and make this pretend server act *almost* like a real server, grab netcat http://netcat.sourceforge.net/ the command... netcat --tcp --listen --local-port=6660 --exec=./date_server32.bin will make date server listen on port 6660 of your local computer, (make sure 6660 is firewalled, just in case) you can then connect to the date server with either ten#lnet or netcat.. telnet 127.0.0.1 6660netcat --tcp 127.0.0.1 6660echo $PAYLOAD | netcat --tcp 127.0.0.1 6660netcat --tcp 127.0.0.1 6660 < payload_file.hex /EDIT ##################################################
  24. ever since i got banned, ive been trying to get netcat to work through the tor network (the randomly annonymous encrypting proxy arrays, but wih no luck, so now im trying to figure out how to use socat... (i HATE telnet, i can never type fast enough and always timeout), i like to be able to script the whole server interaction.cat packet.tcp | netcat --tcp Xisto.com 80 > result.html
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.