Re: New member asking question...

[n3td3v <xploitable () gmail com>]

On 6/30/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
> On Fri, 30 Jun 2006 11:47:37 CDT, "Reynolds, Joseph R" said:
>
> > Also, are there any good "Hacking" books that I could read?  I have had
> > a Hackers Tool and Techniques class at school, but all of the programs
> > are very outdated, like l0phtcrack, JTR, ethereal or wireshark, and
>
> I wouldn't call any of these "outdated" - they're still some of the best
> tools in their categories.
>
> > such.  I am looking to actually enter systems or find ways to enter
> > systems and understand the weakness that allows it so I can avoid it
> > later.
>
> It turns out that you don't actually need to be very good at *finding*
> weaknesses in order to secure against it.  All you need is a good grasp
> of what general classes of vulnerabilities there are, and what they can gain
> an attacker.  If you need to look at actual code, I'd suggest getting a
> copy of Metasploit, and just *looking* at it.  Look at the payloads section,
> as that will give you a good idea of the sorts of payloads you might get
> hit with.  Then just assume that the Bad Guy has an exploit for any given
> outward-facing code and resource on your system...
>
> If you want to be scared about how many exploits are already out there,
> look at Nessus or the Packetstormsecurity archives. ;)
>
> In order to secure against this, the proper method is:
>
> 0) Simply applying all the current patches for your system, and properly
> configuring it, will go a *long* way.  Two good resources:
>
> Center for Internet Security (http://www.cisecurity.org)
> the NSA security guides (http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1)
>
> (Basically, these go through all the high-risk issues discussed in 1-4 below,
> and give you a easy cookbook so you don't have to re-do the research.
> Disclaimer: I'm one of the perpetrators for the various CIS Unix/Linux guides,
> so I'm a bit biased.)
>
> The two biggest areas those guides don't address in depth are social engineering
> and abuse of inter-machine trust relationships (if you manage to find a
> weak password on one box, and then get into a second because there's a
> file share or SSH key or similar...)
>
> 1) Pick a piece of code or resource that an attacker could potentially attack
> (for instance, your Apache server, or a Windows file share.
>
> 2) *ASSUME* that the attacker has a Magic Bullet that can exploit it.  You
> don't need to *find* one, just proceed as if the bad guy did all the hard work
> and found it.
>
> 3) Start looking at ways to mitigate and control the damage.  For instance,
> many "buffer overflow Magic Bullets" can be stopped with "Run Apache with
> non-exec stack".  Many "own the file share Bullets" can be stopped with either
> "don't export share to world" or "firewall the Windows fileshare ports". And so
> on.
>
> 4) Lather, rinse, repeat for all the attacks you can think of.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Valdis falls into example 2 of my discussion:

2. The guy who went to high school past grades, have friends, socail
circles, go out and live a great life.


They all of a sudden decide they want to goto university, they goto a
computer science course dedicated to ethical hacking, where they learn
the in's and out's of hacking corporate infrastructure. They often
post to the internet on college computers, showing off skills they've
just recently learnt by the lecturer, (Matthew Murphy, *cough*) and
get full media coverage by all the major security outlets (*cough*
Robert Lemos). This is of course a great mis justice to the real
people who dedicate their entire social and educational life to the
subject as noted in example 1.


Additionally - Theres always going to be a balance between home made
hackers (example 1) and manufactured hackers (example 2).


Finally - The very fact you've asked the question you've stated leads
me to believe you fall into example 2, as someone who falls into
example 1 would never post this kind of message to the international
WAN security community, respectively.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/