Dailydave mailing list archives
Re: The long tail of vulnerable operating systems
From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Tue, 13 Nov 2007 10:46:46 -0800
You guys are absolutely right. In the past few years I've seen very few remote exploits that matter but that doesn't mean the old Solaris, AIX and Win2K servers don't exist anymore. So many old PBX systems run UnixWare and are being connected to networks so the phone techs don't have to walk over to the phone room terminal to do adds/deletes. These are vendor supported systems and usually don't get the same treatment that IT puts into the Active Directory, web servers, etc. How many times have we heard from our friendly vendors "We don't support that. If you upgrade the software you'll be in violation and we won't support it." So you firewall it off and poke little holes for the tape admins to monitor the silo from the vendor's Solaris platform that really needs to run sadmind. Web apps are the newest frontier for testing but they're just another layer that is usually finely tuned into the business process. How do you tell the customer their process is flawed or needs improvement because you were able to send an exe-disguised Word doc that was executed by 5% of the company? Hmmm.. On Nov 12, 2007 7:01 AM, Eduardo Tongson <propolice () gmail com> wrote:
With protections like SSP, NX and ASLR on recent operating systems its getting harder to compromise one via overflows. The favorite pwning vectors today are vulnerabilities in web applications and social engineering. I hope the old RedHat with Wu-ftpd holes stays a favorite in CTF competitions. I got my first root with that classic combination. Ed On Nov 12, 2007 7:03 PM, Dave aitel <dave () immunityinc com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So every CTF I've played recently (like the one at CSI last week) has a target set of Windows 2000 and extremely old Linux (say, RedHat 8). I'm pretty sure that on any modern network you don't find a whole lot of either of these. There's always the people who still run NT4 and SCO OpenServer, but you have to look pretty far for them. But yet, no real remote exploits exist for Fedora Core 1, much less 7. Solaris has XFS and a few other remotes, but no one runs Solaris any more except the US Government, that I can tell. Even assuming you see some Solaris or AIX or whatever, you end up being so deep in the network already to find it that you've already got all the passwords and don't need exploits. But old operating systems will continue to live forever in CTF, Iassume.Sort of as a sign of the times, while I was playing CTF on the Windows machine provided, I browsed the web briefly and my machine was immediately taken over by some really annoying spyware. So for the rest of the game I got to spend a lot of time clicking "close" on IE windows that kept popping up. Anyways, if you want to chat about it or grieve the pain of lost 0day, and you live in London then you should come to Immunity Pub Night In London Saturday Nov 24 at 6pm at the Price Arthur 80-82 Eversholt Street. I'll put 200 quid on the bar to help you drown your sorrows. RSVP to admin () immunityinc com! - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHODL5tehAhL0gheoRAr/lAJ0R5KiL+pV4rRfa40rG5jXFhV/cXQCfXXYe P1VlnlQE5Uf6rDxcS2Pn0Zc= =aU96 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The long tail of vulnerable operating systems Dave aitel (Nov 12)
- Re: The long tail of vulnerable operating systems Eduardo Tongson (Nov 12)
- Re: The long tail of vulnerable operating systems Lance M. Havok (Nov 13)
- Re: The long tail of vulnerable operating systems Kurt Grutzmacher (Nov 14)
- Re: The long tail of vulnerable operating systems Sebastian Krahmer (Nov 14)
- Re: The long tail of vulnerable operating systems Lance M. Havok (Nov 15)
- Re: The long tail of vulnerable operating systems Eduardo Tongson (Nov 12)
- Re: The long tail of vulnerable operating systems Dude VanWinkle (Nov 13)
- Re: The long tail of vulnerable operating systems Thomas Ptacek (Nov 13)
- Re: The long tail of vulnerable operating systems Matt Hargett (Nov 15)
- Re: The long tail of vulnerable operating systems Steve Shockley (Nov 13)
- Re: The long tail of vulnerable operating systems Katie M (Nov 13)
- Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)
- Re: The long tail of vulnerable operating systems dan (Nov 15)
- Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 14)
- Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)