Jump to content
xisto Community

qwijibow

Members
  • Content Count

    1,359
  • Joined

  • Last visited

Everything posted by qwijibow

  1. Playstation 3 !reason1: Playstaion 3 has on of those cool new cell processors !reason2: IBM recently send cell porcessor patches to the linux kernel mailing list.reason3: PLaystation3's optional hard disk comes pre-installed with GNU/Linuxreason4: the cell processor in the PS3 benches 2 Terra-flops !!!!!! (for you non techies... a pentium4 3,2Ghz cpu benches about 0.02 terra flops)im getting a PS3, even thought i dont play games... (well, apart from legacy of kain series)
  2. Notice from qwijibow: People who have completed this challenge..... ------------------------ 1: Jipman. no exploit / arbitary code execution, but managed to smash the stack, and "make the server do somthing its not supposed to" whiich counts CONSOLE C:\>date_server_win32 < hax Welcome to DATE server 0.1 This server accepts the following commands [HELP, GET_DAYS, QUIT] COMMAND> the command 'QUIT' closes the connection and exits C:\> -------------------------- Hey guys, in this challenge, you run a pretend server which i have delibratly programmed with a common securety hole. (an unchecked buffer) for securety of your home computer, this server does NOT really listen on the network for connections, it uses stdin stream. run the pretend server program, the porgram will act like a server that you have just telnetted into with the added advantage that the server reads the input as binary. (normally you cannot snd binary data (payloads) through telnet, and most windows machine dont have netcat installed). the server is a date server. here is an xample session.... Your mission, is to hack this server and make it do somthing that it shouldnt. (other than crash, crashing this server is waaay too easy) for example, make the server spawn a DOS prompt.. but anything will do... if you can make it output "hello world" for example, that will count as a sucessfull hack. you will probably need a compiler/debugger and a hexeditor. once you have generated your payload/viral code, you can send it to the server lwith a pipe... for example... echo $viral_code | date_server.exe, or cat payload.bin | date-server this is a very difficult challenge, but you have the added advantage of bein able to examine the server program and sorce code. downloads: Download source code... http://forums.xisto.com/no_longer_exists/ Download server for windows... http://forums.xisto.com/no_longer_exists/ Download server for Linux 32bit... (AMD / Intel) http://forums.xisto.com/no_longer_exists/ Download server for Linux Athlon64... http://forums.xisto.com/no_longer_exists/ GOOD luck. i will be VERY surprised if more than one or 2 people manage this. to prove you suceeded with this challenge you must provide the payload file and specift which of the above 3 servers it works on... OR if you used the source code to compile your own server, you must provide that aswell as the payload. just to make this completely clear,, you cannot alter the source code ! but you can re-compile it (with different flags if you wish, linux versions have been compiled with --debug option already (aswell as -O2 optimisation) ohh, and a hint.. you may want to google for things like "Smashing the stack for fun and profit" knoledge of c++ gdb and maybe a little assembly may be usefull.. but are not neccesserily needed.
  3. In the past 21 years, computer use has changed dramatically. Buzzwords like Multimedia have taken over, then faded. And almost every computer has a network connection. The users have a lot more controll over there computer, and run alot more programs simultaiusly. Yet the Desktop environments has barely changed at all. There's a main porgam launched (the start menu) a few applets, different icons to click, the desktop itself is just a dead square with a picture on it that does nothing but holsd a few icons. There are already quite a few *Next Generation* desktops available, such as Enlightenment, which abandons most of the traditional dsktop components in search of a more functional desktop, but development is slow and these porjects were never accepted by the average users. Ive just been reading about kde 4.x. Its already the #1 desktop for X11 users (BSD's UNIX's Linux) Some of the idea's sound really cool. The desktop itself (wallpaper) will not be 'static' but moveable, It will take full advantage of Xorg's new ability's (where available) such as xDamage, Composte, and the new OpenGL acceleration. have a look, I cant wait till they release the first Alpha. http://forums.xisto.com/no_longer_exists/ edit: Ohh, and thre's some nice concept art, at http://forums.xisto.com/no_longer_exists/ , especially on the forums.
  4. Ive always been tempted to try out FreeBSD.My fave linux distro is Gentoo, mainly because of Portage (which was inspired by the BSD Ports system)could you describe ports to me?how similar is it to gentoo's portage ?for example, when instaling Gentoo, you setup some USE flags...e.g. i have a nvidia graphics card, to i wouldad enable the Nvidia use flag..but i dont have a scanner, so i would dissable the use flag.so when i install software like mplayer, gentoo would optimise mlayer to use openGL acceleragion..and when i compile multimedia, gentoo would optimise by removing dependency's for scanners.to install new software, i would type "emerge <software_name>"how similar is that to BSD ports?
  5. Write a sucessful windows virus, and become one of the hundreds of thousands already in the wild, just anouther brick in the wall. Or write a sucessfull linux virus, and get remembered forever as the person who did it first to linux... i know which one i would consider as having the greatest geek points. Its not that nobody can be bothered to write a linux virus, its just that no-one has managed it yet. Peopl are trying, there are proof of concept linux virii out there, but they just dont work unless they are given passwords, and they dont have the means to sprad.
  6. I think this is because is so much harder writing a virus for linux. (or any UNIX for that matter) In windows, all you need to do ir be able to run "arbituary code". You can do this by finding a buffer overflow exploi in a running network service that is not firewalled, OR you can simply trick a user into clicking a file by senting it as an email, or trick them into downloading somthing, or rick them into visiting a web page that exploits an IE security hole. One you get the abilty to run code on that windows machine, you can potentially own it. you coould patch the kernel, install root kits, anything. In UNIX, the odds are againsed you. First, lets assume you manage to trick a user into running a program (arbituary code) your virus is limited to the access rights of the running user, The virus cannot make system wide changes, it can not even read most config files, it only has write access to the /tmp and $HOME directorys. In other words, the virus can delete your homework (unless you made it read-only) and thats about it. its locked in to the user tohat nmade the mistake, cleaning the virus is as simple as deleting it. The ONLY way that virus could run itself at bootup is by adding itself to that users autorun settings.. removing the virus is very very very easy. so, what if the virus finds its way into a server through an exploit in a server daemon. Daemons run with the privilage "nobody" they dont even have a home directory. Once a virus runs, it cando very very very little, it needs a second exploit called a privilage esculation exploit to do anything. now thats the bare minimum securety... a self respecting sysadmin woul have the server running in a chroot jail. the virus needs to break out of this. the sysadmin may also be using SELinux (securety enhanced) or Hardened Linux. which means the virus would need to cause a buffer overflow, AND a privilage esculation exploit, AND break out of the chroot jil, without doing somthing that SELinux considers unusual behavior for that program. SELinux would the server daemon and all its running porcesses as soon as it attempted to escape the chroot jail. Plus, beause linux is harder to learn, and thereforeits user know a little about linux, they know not to give root access to un-trused software.
  7. DAMNIT ! Jipman, i asked you for help in a PM, then figured out the answer anyways, tried to send you anouther PM to tell you i got it, and not to bother, but i cant because your PM INBOX is full So just so you know, i did answer this 1 all by myself.. add me to your wll of fame Just to proove it, a little segment of code that woont give the answer away to anyone.... yeah so what if this challlenge has been out for months.. im still 3rd where's my bronze medal ? slow and steady wins the race.... lol, i cant believe i didnt get it straight away, i blame jipman for using 456.789 as part of an IP LOL
  8. 1 = execute 2 = write 4 = read. 1+2+4=7 you are setting /dev/null as read/write/execute for all users. the correct access rights for /dev/null are 222. there is no reason to read or execute /dev/null the following code should fix it. chmod 222 /dev/null
  9. Packet crafting....Normally, when you send information over a network, the perating system generates TCP/IP packets containing your data.The packet contains to and from addresses and ports, it contains flags like SYN / ACK.it contians hardware MAC addresses, and lots of other information.when you use telnet, you send a payload (data in text) which your operating system splits into groups, and inserts into packets./ The packets are created by the operating system Kernel.Using packet crafting software like hping2 (http://hping.org/)a user has full controll over the packet.The user can send anything across the network, even if its complete jibberish.You could put a http request into a ping packet.Lets say computer X is behind a router (NAT) and downloading a file from website Y.you could craft a data packet that computer X will think is part of the download from computer Y. corrupting the download, and possably inserting virii code into a download.(this would be very very diffucult however)you han have loads of fun bomarding your firewalls with strange information, and possably find weaknesses, and improve your securety.it seems the hping wikki is down at the moment, but it shows some cool ideas that would allow a completely un-tracable port scan.it even allows you to communicate through the firewall of a compromised machine, by sniffing packets at the hardware level, before they get to your software firewall.
  10. If only it wre that simple ! a few hours after slashdot reported the email, SCO announced that the email was in-accurate. And Still claims that Linux contains UNIX code (which SCO bought the rights to) source: http://downtime.zdnet.com/zdnet/downtime.html This has been going o for years. Countless times in court,the judge has plain and simply said that they already have a copy of the linux kernel, You provide the court with the parts of your source code that you claim linux has coppied. Then SCO just drops the case and runs away. ALL SCO needs to do to win this case, would be to grab an old version of its source code (that Linux allegidly stole) then highlight the parts that are also in a linux version. If Linus really did steal code, then 1: how did he get access to it ? 2: why hasnt SCO provided a court with evidence. Sooner or later, when they lose againsed Linux, i bet you they go after GNU ! then after that, BSD, then Minux, then HURD... there is no end. SCO is a fialed dieing company, that used to work with software, but now spends its time thinking up excuses to sue others. Plus, they recieve quite a lot of funds from Microsoft for some un-known reason. The conspiracy theorists amungst us like to think MS is paying SCO to keep up the allegations as part of there FUD (Fear, uncertainty, doubt) campaid againsed linux... who knows. SCO has nothing to gain, even if they did win. Where is the money going to come from. Does anyone still use SCO UNIX ? I think the only closed source version of UNIX in use now is SUN SOLARIS. And even that now has an Open source version os Solaris 10.
  11. I applied for the Beta testing just before the last major release.But i just never got round to faxing of the form they ask you to sign.Irs tempting, but i just love my gentoo too much
  12. If the computer boots past the initial bios screen, then the MBR is fine.
  13. yea, thats the usual way to compile software.You will porbably need several other packages to compile mplayer yourself, for example, in addition to Xfree86, you will also need Xfree86-devel (the source code to the X server)good luck anyways, its really quite simple.i know mplayer also sipply there own RPM'sthese are probably not tampered with like the ones supplied by redhat are, maybe try those before compiling yourself.
  14. Ahh yes, good point.I always compile my software from source (goooo gentoo).I assume you installed from a pre-compiled binary package ?Redhat are famous for doing thins like removing mp3 support from media players.
  15. ive seen all kinds of crazy formats beeing named as *.avi. run the command file /path/to/your/film.avi I use both Xine and Mplayer (design7/news.html) and they play divX files fine. you will probably find that some closed source propriatry stuff is in there. In which case you will need the windows codecs (win32codecs) which can be downloaded from the mplayer homepage. Linux has its own open source DivX codcs, which may work better than the closed versions. Anyways, post the file output from the code section above.
  16. Not supported by windows or linux ? and Linux hardware support is usually quite similar to the BSD's Solaris's support for hardware is similar to Linux . Unix too. What kind of hardware vendors do you have that make hardware in-compatable with all the major x86 OS's. ??? This simply is not true. First of all, KDE is equally as customisable as WindowsXP, especially using applications such as karamba, and KDE themes. Kwin themes can be created to make any window managers, and the taskbar can be customised, or completely replaced by a karamba theme. Your Screenshot is pretty tame compared to a customised linux desktop. And what happens when you want to customise it surther than you can with themes ? In windows you are stuck, in linux you can use a completely different desktop. to name but a few linux desktops... KDE GNOME WindowMaker BlackBox FluxBox IceWM Enlightenent AmigaWorkBench TWM And in the true spriit of FOSS, you can always code your own desktop, from scratch, or pull in bits you like from all other Desktops. Because of what linux is, Open, Windows, a Closed OS could never be more customisable. But yeah, sometimes, if your unlucky and have exotic hardware made by some company that doesnt even support windows, then yep, its probably not supported out of the box by linux either... (we wont get into coding your own drivers arguemtns.. [just yet, lol]) Widnows and Linux have there strong points. its about choosing whats right for you. I know enough about computers to buy only decent hardware, and i knew how to use *NIX Os's from College. So i had nothing to lose from changing to linux. Only to gain the benifits. But not everyone is in the same position. Its all about Freedom to choose.
  17. Without more info, its hard to say for certain what is wrong, hardware or software.I take it you ned to recover your dads notes ???The easyest way would be to remove the hard disk drive, and place it as a second disk inside a working computer.assuming that the hard disk is not at fault, you should be able to recover the notes.Alternativly, use a rescue boot disk to copy or print the notes.Knoppix would be perfect if you know anyone who has a copy laying around (ask the nerdyest friend you have, lol)When somthing like this happens to somthing like windows98, im affraid the usual backup format reinstall procedure is required.
  18. lol, okay. thats one way of looking at it.anouther car analogy, would be that the GNU/Linux car takes a little longer to learn how to drive, but requires little ot no maintenance.The windows car is easyer to learn to drive, but will need the user to learn mechanics to keep it running smoothly.Im not arguing one way or anouther, im just making the point that the trm "user-friendly" needs to be better defined.GNU/Linux has no auto-tun feature on cd's.this means the user would need to manually start any installation of cd-based software.but it also means better security for those of us who dont think twice before putting un-trused cd's into our machines.I think the porblem with linux's user friendlyness, is too much choice.new users will get confused, to they want XFree or Xorg ? GNOME or KDE.. or both?Konqueror, or Netscape, or Mozilla, or Firefox or Links....but then linux is all about freedom, so i wpuldnt want that to change.Yeah, linux is harder to learn, but thats what seperates linux users from the rest of the nerds :Plol.GNU/Linux spent most of its life as a hacker toy / server / nerd status symbol.its only very recently had attempts made to attract those who are happy sticking wih windows.
  19. Many people say windows is more user friendly.I would dis-agree.Im sure windows is great when its working,but users have to maintain updates, install virus scanners, adware programs, spyware removers, defragment the hard disk, scan for virii.and re-install when the system just grinds to a hault.The number of people ive spoken to who say they need a new computer, that was brand new only 18 months ago is insane.They dont understand that the hardware is fine, its just the Operating system, and a re-install will fix it.how many poepl have wasted £400 on new computers because of virii, spyware, and adware.I have 2 computers, an AMD64 3400+ and an Athlon XP 1800+.I keep the newer one up to date, cutting edge gentoo, always the latest software.But the AthlonXP is still running Slackware 9.Zero system maintenance, no firewalls no virus scanners, no spyware or adware porgrams, no defragmenting.. nothing.i dont do any maintenance on slackware 9. i installed it years ago, and its still running perfectly, just as it did when it was first installed.now THATS ! user friendly.
  20. which can be downloaded at its homepage: http://fgouget.free.fr/sux/
  21. Just click them. Konqueror (the linux equivenlant of Explorer) will open tar archives asf they were standard folders, then you can just drag copy your compressed file. OR just use one of the many kde embeded archive programs. If you use GNU/linux in command line mode, and dont know how to use GNU, then it will seem hard.. its un-fair to compare GNU command line againsed Windows graphical. just try extracting an archive on DOS.
  22. why was this post made invisible ?I dont use vim, but its obviouse whats happening here, vim is trying to load an X interface.in other words, a windowed envoronment for you to type in, rather than the bash command line. But X is correctly refusing to talk to the vim program.This is because X is beeing super paranoid about securety, and only letting one user communicate with it.when you run as super user, X treats you as a different user.In theory, someone else on your network could use X to spy on your keystrokes, and see what you are seeing on your screen.to turn off this security feature, run "xhost +" as the normal user before becoming super user.anouther solution would be to use a command line text editor such as nano, or emacs. (im pretty sure vim has a command line interface too)provided that your X server is NOT listening for connections over the network, OR your firewall is blocking outsidfe access to your X server, then there is no risk in running "xhost +"to test to see if X is listening on the network, run "netstat -npl" and see if Xorg or Xfree86 is listening on port 6000.or make sure your firewall is not set to allow incomming connections to port 6000.
  23. are you sure cdrom/x11-base contains distfiles, and not just ebuilds ? ive never used the full cd, so im not sure where it keeps distfiles. Anyways, assuming you are correct there.. you need to use the -R option with the copy command. by default, cp will copy one file, if you want it to copy a while fiolder and its sub folders use "cp -R source destination" the -R stands for recursive. if you ever need to know more about a command, type "man <command>" e..g "man cp" an you will be given a that commands documentation. When in the Linux console (not graphical mode) the best way to scroll, is to pipe the output into a scroll program. are you familiar with the pipe ? the symbol is the verticle line character | it takes the output of the left command, and uses it aas input for the right command. so, if you want to list some folders, with the ls command, but there are so many files and folders that it scrolls of the screen, then pipe the ls command into the scroll command "less" examples... ls | lesscat /very/big/file.txt | less (cat prints the contents of a text file)emerge -pv gnome | less you can then scroll the output with the up and down arrow keys on your keyboard. In the old days, almsot every complicated task (like generating PDF files) was done by pipeing several smaller more simple programs together. its quite fun in a geeky kind of way... example, you need to find a file with the words "hello" and "world" in it. but hello and world can be in any order, and you dont have a hard drive searching poogram like "locate" installed... you can pipe the ls command, or find command, into a pattern matching command (called grep) and then maybe even scroll the results. find $HOME | grep hello | grep world | less
  24. the --usepkg switch tells gentoo to use a pre-compiled x11. maybe you only have the x11 source code in /distfiles/ try again without --usepkg, maybe gentoo will be able to compile xorg-x11. normally i would be more specific, but ive just tried an emerge x11, and gentoo assumes you mean xorg-x11 which is the correct assumption. Gentoo is vry good at resolving dependencies, if you tell it to emerge gnome, it will know what else it needs, and what order to do it in. unlike KDE, GNOME is made up of many many optional modules. you can either emerge the ones you want, or use a pre-defined default. here are the gnome programs in portage chris@marla ~ $ ls /usr/portage/gnome-base/bonobo gail gnome-applets gnome-keyring gnome-mime-data gnome-vfs libghttp libgnomeprint librsvg orbitbonobo-activation gconf gnome-common gnome-libs gnome-panel gnome-volume-manager libglade libgnomeprintui metadata.xmlcontrol-center gdm gnome-core gnome-light gnome-print libbonobo libgnome libgnomeui nautiluseel gnome gnome-desktop gnome-menus gnome-session libbonoboui libgnomecanvas libgtop oafchris@marla ~ $ ls /usr/portage/gnome-extra/at-spi gal gnome-art gnome-pim gtop libgda metadata.xml zenitybattstat gcalctool gnome-audio gnome-swallow gucharmap libgnomedb nautilus-cd-burnerbonobo-conf gconf-editor gnome-db gnome-system-monitor guppi libgsf power-appletbug-buddy gcursor gnome-games gnome-utils gxmms libgtkhtml quick-lounge-appletdrwright gdesklets-core gnome-games-extra-data gnome-vfs-extras hal-device-manager lock-keys-applet shermans-aquariumevolution-data-server glibwww gnome-media gnome2-user-docs hardware-monitor medusa users-guideevolution-webcal gnobog gnome-network gtkhtml libgail-gnome merlin-cpufire yelp i would recoment that for your first install, you let gentoo do most of the work, and go for a default gnome setup by emerging gnome. and always the the -pv switch before doing it for real. -pv stands for pretend verbose. i will tell you what it will do, and in what order it will do it. e.g. emerge -pv x11 the verbose option tells emerge to give exttra information. it will give a download size, because you dont have internet connection, you need every download size to be 0. e.g. marla ~ # emerge -pv x11These are the packages that I would merge, in order:Calculating dependencies ...done![ebuild R ] x11-base/xorg-x11-6.8.2-r1 (-3dfx) (-3dnow) +bitmap-fonts -cjk -debug -dlloader -dmx -doc +font-server -hardened -insecure-drivers -ipv6 -minimal (-mmx) +nls +opengl +pam -sdk (-sse) -static +truetype-fonts +type1-fonts (-uclibc) -xprint +xv 45,105 kBTotal size of downloads: 45,105 kB so... in more simple words.... emerge -pv gnome if any download sizes are NOT 0, you will need to copy them manually into the disfiles folder, making sure you copy the correct version. they may be on your gentoo cd ? if not you will need to download them, from a gentoo server. hope this helps, Gentoo is a great distro, but it does assume you have internet.
  25. sorry, ive lost the link, but here's part of it i saved.
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.