On 11/27/2015 11:14 PM, Luna Moonbright wrote: > As for it just being old Ubuntu - are the newer EOL versions of Ubuntu > (like 9 or 10) still easy to exploit (32 bit/no canaries/no NX) that > are easier to get the display drivers to work for? I can't remember when Ubuntu started supporting canaries. (I haven't done much Ubuntu stuff since Linux Mint 14 (based on 12.10)). There used to be a project called Damn Vulnerable Linux, but it has disappeared. Even their website is gone. A quick web search revealed some possibilities [0], although I have never heard of them personally. Let me know if you find any good intentionally vulnerable distros. You could also download old unsupported Ubuntu releases [1]. (You just need to tweak the repository URLs after install.) Normally, if I want/need a completely out-of-date vulnerable system to poke at, I usually use an old distro (whatever is sitting around) and bite the bullet to figure out what hardware it is looking for. It's trial and error. > Shellshock was awesome, but my favorite exploit is the exploit in > fingerd used by the morris worm. So simple - yet so effective. I'm > sure us archers can appreciate that. > > Thanks! I have heard of it, but I don't know all the details. I will definitely look up the fingerd exploit. --Kyle [0] http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.html [1] http://old-releases.ubuntu.com/releases/
Attachment:
signature.asc
Description: OpenPGP digital signature
