MJR Wrote :
I'd certainly still be interested. It would also be nice to be on the sending end of one of these attacks for a change...!
For a change!?!?!......been on the receiving end then? I have. Recently had to completely rebuild a webserver because it had been rooted, trojaned, backdoored etc. There was no way to undo the mess that had been caused. I beleieve it was hacked via a bind overflow.
I've played with toy exploits (sending bad data to web servers to make
them die, etc),
but not buffer overflows.
some of the 'toy' exploits can be very useful. Sending 'apparent' junk in the post data for a .jsp for example can yield excellent results on some badly patched setups. But I have to say, buffer overflows are the most phun! (instant gratification....)
-- MJR
OK, here's the idea, I have some bad builds of programs (anyone remember wu_ftp's vulnerability, I think I've also got some others - DNS Bind for example) so I'm happy to set my machine up as a dodgy ftp / DNS / telnet server and then gain root on it from someone else's machine.
I will also install a backdoor or 2 to show how I would be able to get back in later.
Also a quick overview of the ways you can gain system info to enable you to plan an attack. People are often suprised when they see how much system info they give away for free to anyone who knows where to look (SNMP walk Anyone ?).
Basically I'll set my machine up as a pretty badly secured/patched box with useless services and stuff then show you how to crack it.
I will also bring along some good info in pdf/html/text format for further reading for anyone who is interested. This will probably be the starting point for anyone wanting to get their own box from such condition to a hardened setup.
Finally (if I have time) a little bit of a Snort overview (thats Intrusion Detection not illegal pastimes). I'm not going to touch DOS attacks or that sort of thing because most home users would never be the victim of one (although if your machine get's hacked you could well end up as an unwitting accomplice / launch pad for a future DDOS......)
Cheers all See you soon.
PS (Aside) some of you may remember my post from ages ago asking about development IDEs for Linux. Thanks for the responses. Since then I have used RHIDE extensively (I love it. It's a marvellous trip down memory lane as anyone who knew and loved the Borland Turbo C++ 3.x series will attest) For the past 12 weeks though I've been using Anjuta which can be found on this month's Linux Format CD, although the source download from sourceforge is small enough.( http://anjuta.sourceforge.net interestingly enough) I recommend it wholeheartedly to anyone wanting a nice IDE for C/C++ development on Linux - give it a shot......only at version 0.1.5 but it is excellent. Support it! Still buggy...that's where we come in, find them bugs and report em. (oh! ... use it as well....it does work very well afterall) You could be compiling your own buffer overflows within hours! (Just keep em away from my webservers!!)