-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thanks, this image [1] certainly qualifies as a "intentionally vulnerable" image. The guys at my school have used it pretty extensively for target practice. As for the morris worm the vulnerable function was: a use of gets() directly on a packet that read into the first variable declared in the program (which was, undeniably, a char array). Good ole' buffer overflows. I just watched a talk on Cisco router exploitation from '09 where the speaker went into a description of ROP like it was a fairly unknown subject. Do you know when useing ROP began being common as a mitigation for DEP? As for places that are fairly easy to start learning exploitation I would recommend slackware 10-12. Those are all 32-bit OSs with no DEP and a sloppy pager. This is also a great resource for learning exploitation [2]. If you want to continue this perhaps we could close the "KVM troubles thread" and start an "exploitation general" thread which might pick up a few more guys with additional resources. [0] https://sourceforge.net/projects/metasploitable/ [1] https://opensecuritytraining.info return 0; On 11/29/2015 01:11 AM, Kyle Terrien wrote: > On 11/27/2015 11:14 PM, Luna Moonbright wrote: >> As for it just being old Ubuntu - are the newer EOL versions of >> Ubuntu (like 9 or 10) still easy to exploit (32 bit/no >> canaries/no NX) that are easier to get the display drivers to >> work for? > > I can't remember when Ubuntu started supporting canaries. (I > haven't done much Ubuntu stuff since Linux Mint 14 (based on > 12.10)). > > There used to be a project called Damn Vulnerable Linux, but it > has disappeared. Even their website is gone. > > A quick web search revealed some possibilities [0], although I > have never heard of them personally. Let me know if you find any > good intentionally vulnerable distros. > > You could also download old unsupported Ubuntu releases [1]. (You > just need to tweak the repository URLs after install.) > > Normally, if I want/need a completely out-of-date vulnerable system > to poke at, I usually use an old distro (whatever is sitting > around) and bite the bullet to figure out what hardware it is > looking for. It's trial and error. > >> Shellshock was awesome, but my favorite exploit is the exploit >> in fingerd used by the morris worm. So simple - yet so effective. >> I'm sure us archers can appreciate that. >> >> Thanks! > > I have heard of it, but I don't know all the details. I will > definitely look up the fingerd exploit. > > --Kyle > > [0] > http://www.101hacker.com/2013/03/5-vulnerable-distros-for-practicing.h tml > > > > [1] http://old-releases.ubuntu.com/releases/ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWWx6+AAoJELUNMVVHp9ondn0IAIlgGo2NXPVVXxut6Ow59Y8V aozLmNBCW7wRLUJEgefjJX36nPpT0E5PnIZk4N0YVhhwS/c+js7RVbE1A9aSVp69 5oNfXzaMimx5paFkULC5MrRoT1Au6A2jc/l7XsWtUDtZvfnbr4VTASEIGT0f0N0C 2rboCg/5U9FihXWX+ipJaHfHxHDJxsjJSIAA8qEpYI8K4lSoGYC9q2PXX3O8Jn6I zbPOs69FMkRQsO0YRxhKGuUOLM8B0kfr5olG7ZtAb7kxy+/hJNXN9Ko0ugwVE0JU jWgYMZ+Kt/0FsTymnFRdbz4IZv5U9wmwoazPlyPhIndu4TR7xQMP6PbbKWSlhjE= =xa8Z -----END PGP SIGNATURE-----
