Full Disclosure mailing list archives
Re: New member asking question...
From: n3td3v <xploitable () gmail com>
Date: Fri, 30 Jun 2006 20:20:26 +0100
On 6/30/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Fri, 30 Jun 2006 11:47:37 CDT, "Reynolds, Joseph R" said: > Also, are there any good "Hacking" books that I could read? I have had > a Hackers Tool and Techniques class at school, but all of the programs > are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and I wouldn't call any of these "outdated" - they're still some of the best tools in their categories. > such. I am looking to actually enter systems or find ways to enter > systems and understand the weakness that allows it so I can avoid it > later. It turns out that you don't actually need to be very good at *finding* weaknesses in order to secure against it. All you need is a good grasp of what general classes of vulnerabilities there are, and what they can gain an attacker. If you need to look at actual code, I'd suggest getting a copy of Metasploit, and just *looking* at it. Look at the payloads section, as that will give you a good idea of the sorts of payloads you might get hit with. Then just assume that the Bad Guy has an exploit for any given outward-facing code and resource on your system... If you want to be scared about how many exploits are already out there, look at Nessus or the Packetstormsecurity archives. ;) In order to secure against this, the proper method is: 0) Simply applying all the current patches for your system, and properly configuring it, will go a *long* way. Two good resources: Center for Internet Security (http://www.cisecurity.org) the NSA security guides (http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1) (Basically, these go through all the high-risk issues discussed in 1-4 below, and give you a easy cookbook so you don't have to re-do the research. Disclaimer: I'm one of the perpetrators for the various CIS Unix/Linux guides, so I'm a bit biased.) The two biggest areas those guides don't address in depth are social engineering and abuse of inter-machine trust relationships (if you manage to find a weak password on one box, and then get into a second because there's a file share or SSH key or similar...) 1) Pick a piece of code or resource that an attacker could potentially attack (for instance, your Apache server, or a Windows file share. 2) *ASSUME* that the attacker has a Magic Bullet that can exploit it. You don't need to *find* one, just proceed as if the bad guy did all the hard work and found it. 3) Start looking at ways to mitigate and control the damage. For instance, many "buffer overflow Magic Bullets" can be stopped with "Run Apache with non-exec stack". Many "own the file share Bullets" can be stopped with either "don't export share to world" or "firewall the Windows fileshare ports". And so on. 4) Lather, rinse, repeat for all the attacks you can think of. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Valdis falls into example 2 of my discussion: 2. The guy who went to high school past grades, have friends, socail circles, go out and live a great life. They all of a sudden decide they want to goto university, they goto a computer science course dedicated to ethical hacking, where they learn the in's and out's of hacking corporate infrastructure. They often post to the internet on college computers, showing off skills they've just recently learnt by the lecturer, (Matthew Murphy, *cough*) and get full media coverage by all the major security outlets (*cough* Robert Lemos). This is of course a great mis justice to the real people who dedicate their entire social and educational life to the subject as noted in example 1. Additionally - Theres always going to be a balance between home made hackers (example 1) and manufactured hackers (example 2). Finally - The very fact you've asked the question you've stated leads me to believe you fall into example 2, as someone who falls into example 1 would never post this kind of message to the international WAN security community, respectively. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: New member asking question... Reynolds, Joseph R (Jun 30)
- Re: New member asking question... n3td3v (Jun 30)
- Re: New member asking question... n3td3v (Jun 30)
- Re: New member asking question... Valdis . Kletnieks (Jun 30)
- Re: New member asking question... n3td3v (Jun 30)
- Re: New member asking question... Valdis . Kletnieks (Jun 30)
- Re: New member asking question... J.A. Terranson (Jun 30)
- Re: New member asking question... n3td3v (Jun 30)
- Re: New member asking question... Andrew A (Jun 30)
- Re: New member asking question... Michael Holstein (Jun 30)
- Re: New member asking question... n3td3v (Jun 30)