[Plug] ÈÝìá: Re: Remote Exploits & Remote Control

Dimitris Bousis baf0c at yahoo.com
Wed Jan 16 12:56:43 EET 2008


Hey guyz , endiaferon to topic gia to security exw kai gw asxoli8ei ligo me auto . Den xreiazetai pisteuw na grafei kapoios extra kwdikas , mias kai boroume na vroume palies ekdoseis apo gnwstous buggy servers (Squiremail , Apache) i alla apps.Kata ti gnwmi mou pantws 8a borouse prwta na ginei mia genikoteri syzitisi gia to security (IDS,viruses,cross site,klp klp) prin boume se kapoio ergastirio kai arxizoume na deixnoume . Kalo tha itan vevaia epeidi to 8ema security einai megalo na min perioristei se mia mono synantisi alla na ginei enas kyklos synantisewn . Vevaia auto apaitei xrono kai me tin exetastiki pou akolou8ei o xronos ligosteuei epikindina :p . An tha thelate pantws na to synexisoume to thema count me in ;-) . bye

Markos <markaki2002 at yahoo.gr> wrote: Óõãíþìç ãéá ôï êáèõóôåñéìÝíï ôçò áðÜíôçóçò. Ëïéðïí, ðüôå íá ôï êáíïíßóïõìå?

ith --- <advent.cloud.strife at gmail.com> Ýãñáøå:   Exodas kapoia empeiria sto 8ema mporw na boh8hsw se oti 8elete.
btw security den einai mono "remote" exploits / "remote" control  alla kai local kai malista se local epipedo (blepe priviledge escalation )  mporun na eksetastoun pio eukola se arxiko stadio ( bl buf-stack overflows ) 
gia arxh diabaste to smashing the stack for fun and profit tou aleph1 sto phrack 49
 kalh bibliografia kata th gnwmh mu einai ta :
  hacking : the art of exploitation 
  writing security tools and exploits ( syngress ) 
  professional assembly ( richard blum )
( fusika auta ta 3 einai kapoia apo ta polla akoma aksiologa books tou tomea )

kalo 8a einai na uparxei kai mia sxetikh  empeiria me tools opws to gdb 
kai assemblers ( nasm, gas ) 

epishs mporw na sas kanw parousiash gia man in the middle attacks me arp cache poisoning
me proof of concept paradeigma ( apo th stigmh pou 8a exume local diktuo kai >= 3 pc )
(meta den 8a eu8unomai omws gia ti eidous xrhsh 8a kanete sto knowledge ;)  ) 

  Óôéò 9/1/2008, Markos <markaki2002 at yahoo.gr> Ýãñáøå:  Michael Iatrou wrote:
> When the date was Wednesday 09 January 2008, Markos wrote:
>
>
>> Ôï îÝñù üôé åéíáé Üêõñï ôï èÝìá áõôü ìå ôçí plug áëëá ç plug äåí åéíáé
>> ìüíï ðáñïõóéÜóåéò
>>
>
> Èá Ýëåãá üôé äåí åßíáé êáèüëïõ Üêõñï: ç áóöÜëåéá åßíáé áðü ôá ÷áñáêôçñéóôéêÜ
> ãéá ôï ïðïßï  üëïé ïé ëéíïõîÜäåò åßíáé ðåñÞöáíïé. Ïé ìåèïäïëïãßåò ãéá
> ó÷åäßáóç êáé õëïðïßçóç security-aware åöáñìïãþí, åßíáé ðÜíôá åðßêáéñåò. 
> Áíôßóôïé÷á, ïé ôå÷íéêÝò ãéá åýñåóç êáé "áîéïðïßçóç" ðñïâëçìÜôùí áóöáëåßáò
> âïçèÜåé óôç âåëôéóôïðïßçóç ôùí ðñïáíáöåñèÝíôùí ìåèïäïëïãéþí.
>
>
>> ÅðåéäÞ ôï åñãáóôçñéï êÜôù ìÝíåé êåíï, áí êÜðïéïò ãíùñßæåé ôßðïôá ó÷åôéêÜ 
>> ìå remote exploits & remote procedure calls & remote control ãåíéêÜ
>> ìðïñïýìå íá ðÜìå êÜôù óôï åñãáóôÞñéï ìßá ìÝñá íá óõæçôÞóïõìå ðåñé ôïõ
>> èÝìáôïò.
>>
>
> Áõôü ìðïñåß íá ãßíåé êáé óôá ðëáßóéá ðñïãñáììáôéóìÝíçò óõíÜíôçóçò, áëëÜ, 
> íáé, äçëþíù êé åãþ fan ôçò éäÝáò!
>
>
>> ÖõóéêÜ êáé äåí Ý÷ù óêïðü íá êÜíù êÜôé êáêï ( :P ) áðëÜ èÝëù íá
>> äþ ðþò êÜðïéïò áíôéëáìâÜíåôáé üôé õðÜñ÷ïõí ôñýðåò áóöáëåßáò, ðþò ãßíåôáé
>> íá ôéò åêìåôáëåõôåß êáé ðùò ãéíåôáé íá ôéò  êëåßóåé.
>>
>
> ¸÷ïõí Ýíá ó÷åôéêü event óôçí ÁèÞíá:
> http://rainbow.cs.unipi.gr/projects/oss/wiki/EventSix 
>
> Åðßóçò, ôï phrack åßíáé Ýíá êëáóóéêü óçìåßï áíáöïñÜò ãéá ôï Üèëçìá:
> http://www.phrack.org/
>
>
Ðïëý ùñáßá . ×áßñïìáé ãéá ôá ëåãüìåíá óïõ. Äåí îÝñù êáôá ðüóï èá 
âïçèÞóåé óå ðñïãñáììáôéóìÝíç óõíÜíôçóç áõôü äéüôé èá ðñÝðåé íá ãéíåé ìéá
ðáñïõóßáóç ôïõ èÝìáôïò áëëÜ êõñßùò íá õðÜñ÷ïõí êáé ðñáãìáôéêÝò åöáñìïãÝò
óå "åêìåôÜëåõóç êáé êëåßóéìï" êåíþí áóöáëåßáò. Áõôü èÝëåé áñêåôÞ þñá ãé 
áõôü êáé åßðá íá ôá ðïýìå êÜðïéá óôéãìÞ óôï åñãáóôÞñéï üóïé èåëïõìå. Èá
ìðïñïõóå íá ãñáöôåé áðï êÜðïéïí ðïõ îÝñåé åíá ìéêñü ðñïãñáììáôÜêé 10
ãñáììþí ( ìðïñåé íá ëÝù êáé âëáêåßåò áëëÜ äåí îÝñù ) ìå êåíÜ áóöáëåßáò 
êáé ôñýðåò ðïõ èá äåßîïõìå (äåßîåôå ;P ) ðùò ôéò åêìåôáëåõüìáóôå êáé ðþò
ôéò ìðáëþíïõìå  áíôßóôïé÷á
Áí êÜðïéïò Ý÷åé ôçí ôå÷íïãíùóßá ãéá êÜôé ôÝôïéï èá Þôáí ðïëý êáëï.
Ìé÷Üëç åóý Ý÷åéò éäÝá áðï áõôÜ íá êÜíåéò ìéá ìßíé 
åéóáãùãÞ-ðåñéãñáöç-åðßäåéîç?


ÌÜñêïò

--
Personal Project Page : http://hwoarang.silverarrow.gr


--
Patras Linux User Group mailing list


-- 
Patras Linux User Group mailing list


Markos I. Chandras 
Student Of Electrical and Computer Engineering 
University Of Patras           

---------------------------------
  ×ñçóéìïðïéåßôå Yahoo!
  ÂáñåèÞêáôå ôá åíï÷ëçôéêÜ ìçíý ìáôá (spam); Ôï Yahoo! Mail äéáèÝôåé ôçí êáëýôåñç äõíáôÞ ðñïóôáóßá êáôÜ ôùí åíï÷ëçôéêþí ìçíõìÜôùí 
  http://login.yahoo.com/config/mail?.intl=gr 
-- 
Patras Linux User Group mailing list

       
---------------------------------
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hellug.gr/pipermail/plug/attachments/20080116/0b895e16/attachment.htm>


More information about the Plug mailing list