Full Disclosure mailing list archives
RE: Script Kiddies [OT]
From: "Remko Lodder" <remko () elvandar org>
Date: Sat, 31 Jan 2004 00:24:42 +0100
"all i can say is they have to start somewhere" --> That is why my friends and i started Mostly-Harmless, we educate those persons by telling them what is good and what is wrong, so we can convince them script kiddie is not good having knowledge is good, (if u use it properly), so we tend to keep them on the right track, we also offer them hacking things, on our _own_ machines so they can not do any harm. Released exploits are indeed one of the reasons why some kids think it's easy but the most knowledged of us should know that education is our prime target. Cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: full-disclosure-bounces () lists elvandar org [mailto:full-disclosure-bounces () lists elvandar org]Namens vuln Verzonden: vrijdag 30 januari 2004 22:57 Aan: full disclosure Onderwerp: Re: [Full-Disclosure] Script Kiddies [OT] Thats because been a sheep farmer in the australian outback is a lot harder than anything you will probably do in your life. As for the script kiddies... all i can say is they have to start somewhere. They might not write the exploit, but they weren't the ones that made them public for everyone to use. While i personally agree that the term script kiddie is overused, alot of you people are still losing out to these "kids". Starts to make you wonder who the amateurs really are, the people who use exploits without understanding them or people who are to dumb to secure their machines against them. ----- Original Message ----- From: "ktabic" <hh () ktabic co uk> To: <full-disclosure () lists netsys com> Sent: Saturday, January 31, 2004 4:21 AM Subject: Re: [Full-disclosure] Script Kiddies [OT]
Well, I know you should feed the trolls, but anyway... On Fri, 2004-01-30 at 16:23, Uncle Scrotora Balzac wrote:I love hearing security people talk about script kiddies. It's the
funniest
thing to see them walking around with their chests pushed out like
peacocks,
as they scoff the silly little kiddy.Script Kiddie, usually used on this list to refer to a certain set of what could be termed as Blackhats. I sure that most Blackhats however, would be insulted by being included in the same group as Script Kiddies.Funny because 99.9 percent of the people using the term so loosely have no idea how to *really* find vulnerabilities in systems, compromise, gain control, hide their presence, then use it for whatever they want. Hell, a significant percent of those "security
[engineers/professionals/consultants/researchers]"
(circle one) have trouble compiling exploits (if they even know where to find them in the first place), much less figure out offsets, return addresses, etc.. The same exploits those "kiddies" use!! What these
people
don't realize is that the "kiddies" they so affectionately refer to have learned this practice by reading comments, headers, and cryptic help messages in code and scripts. Not by completely out-of-touch and
wickedly
outdated texts like their CISSP study guides, vendor whitepapers, and books by aging whitehat hackers. Irony.Well, from my experience, and time lurking on several IRC channels and a couple of Yahoo chatrooms, 'cause I'm bored and need entertaining, most Script Kiddies wouldn't know a compiler if it jumped up, bit them on the arse and shouted 'I'm a compiler! Compile a program with me!!' let alone know the theory behind a buffer overflow, or even do basic hexidecimal arthmetic. Sadly, all I have even seen is the trade of canned exploits, you know, the ready made executables. There probably are some advanced Script Kiddies out there, that might e able to take an exploit in source code form and make a working exploit, and I've even seen some modified exploits, that might have been the work of Script Kiddies, but I doubt it. You see, the reason a Script Kiddie is called a Script Kiddie, isn't because they can or can't write exploits, but rather they don't understand the basics of target selection, so run their exploits againist every single machine they can. Usually using a script. Hence SCRIPT Kiddie. The only reason the Script Kiddes are even considored a hazard on the 'Net is because of the number of machines they hit, not their technical ability, which, as I pointed out, is pretty much non-exsistant. And it always seems to be to build a botnet. Or a warez server. Maybe the ability to run a program and use and IRC client so you can control the botnet is technically skilled for you, but for most of the readers of this list, thats something they could do while rebooting the mail server, clearing three people computers of viruses, advising the non-IT geek on hardware, and showing the new member of staff how to log on and where Word is and persuading the boss to part with money for the next round of upgrades, while simutaneously reading Full-Disclosure and wondering why the hell they didn't decide on a careers as a sheep farmer in the Australian Outback. Those Blackhats I have talked to that I don't lump in with Script Kiddies, have always thought that being indescriminate in the target selection stage was a waste, and that a DDOS wasn't the aim. ktabic -- www.ktabic.co.uk Many sysadmins won't give you the time of day. Thats what NTP is for. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-disclosure mailing list Full-disclosure () lists elvandar org http://lists.elvandar.org/mailman/listinfo/full-disclosure _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Script Kiddies [OT] Remko Lodder (Jan 30)
- Re: Script Kiddies [OT] qobaiashi (Jan 31)
- <Possible follow-ups>
- Re: Script Kiddies [OT] John Vill (Jan 30)