| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Comments:
<0> Segmentation-Fault: There's a reason I haven't responded to your question. Think about it.
<1> p3nguin U know the solution of that error?
<0> m0ee: When you build LFS it's easy to overlook something like that.
<2> oh man, the setuid still doesnt owrk but atleast su does now
<2> I have builts lots
<2> i should have known by now heh
<1> U Do p3nguin?!
<2> the faster you make mistakes, the quicker you learn!
<0> I'm about to test out my /ignore feature.
<2> yeah
<2> good idea
<1> guys!
<1> Im trying to fix that problem long time ago
<2> hey Segmentation-Fault, try asking your question one time, then waiting on someone to answer
<1> ok m0ee
<2> not again, you have asked it about 10 times now
<2> meanwhile, while you are waiting
<2> I found this really cool **** with tons of help
<2> let me get you link
<2> ah here it is, www.google.com
<3> Segmentation-Fault: In you httpd.conf. search for DefaultCharset
<3> That will give the channel some rest.
<2> lacroix, can you do that for my kids too
<1> lacroix Im using auspice services!!
<1> and Unreal3.2
<1> whats got the httpd.conf to do wid that
<3> Segmentation-Fault: Then you won't get help here.
<2> go to unrealircd irc help
<1> lacroix I really need that help :)
<2> this is #linjux
<2> err
<2> #linux*
<0> lol
<2> Cant believe I am doing all of this to show how to hack my own box hah
<2> works so easy on other ones
<2> heh
<2> #linux / #unrealircd
<2> #linux is an alias maybe
<2> google answers so much too
<0> Who are you showing how to hack it?
<2> customers
<2> just building a demo box where they can test there hacker skills
<0> For a security demonstration?
<2> yah
<2> I wanna show them an IFS attack
<2> I have already done buffer/heap/stack overflows, hidden files, race conditions
<2> IFS is causing the most issues
<0> funtion system?
<0> function
<2> system()?
<0> I guess I'm not familiar with the IFS attack.
<3> m0ee, I'm not aware of your question, I'll give you some suggestions though
<2> ok want me to explain?
<0> If you don't mind.
<0> Up to you.
<2> I can exaplin it what I am trying to do
<2> ok here it is
<3> i suggest writing a c program that reads something like /etc/secret
<3> that has a list of usernames
<2> I did i wrote a c wrapper for now
<3> and spawns a root shell if the username matches a regex through the file
<3> setuid it
<3> and then chmod the file to read only and raise the securelevel
<3> call it rtsh or something obscure
<2> hmm intresting
<3> also you dont even have to worry about those type of attacks if you chroot everyone to their home dir
<3> IFS wont happen if you are running the right chmod permissions
<2> I want the attack to be allowed
<3> and chrooting everyone to their home dir
<2> then after say no fear
<2> do this to fix it
<2> ie chroot, or do not put . in there path
<2> #define REAL_PATH "/bin/bash"
<2> main(ac, av)
<2> char **av;
<2> {
<2> execv(REAL_PATH, av);
<2> }
<2> im using that for now
<2> run that as setuid
<2> so I do not have to change bash
<2> only problem is I want the user to create the file
<2> if I presetup the box for this and can be vulnerable to anything heh
<2> another cool one similar to your idea
<4> m0ee: and how do we know that you're not trying to hack (and yes, I'm using it in a negative sense) someone's system?
<2> they have a program that managers username list for www ftp etc
<4> someone else's, rather
<2> i give u access to my box
<2> you can see the games i created
<2> ssh www.ihtb.org
<2> user guest guest
<4> frankly, I have more imprtant things to do (like get ready to go out tonight)
<2> well go do it
<2> no one asked you to stay and help me
<5> Attitude-kid...
<2> lacroix, I was thinking too of creating one to gather statistics and use log files, then create some sort of format string in a log file
<6> !seen freaks
<2> then when they run the states they get to the next level
<0> k4mik4ze: Why do you come in here doing that ****?
<2> I have some more web based ones online too there kind of fun
<2> some of them you will see in the new hackthissite v4
<7> is this a linux help channel?
<5> Yes.
<6> this channel help linux
<2> not unrealircd
<6> !ping
<7> I have a spare machine on which windows is installed. can I install linux on another partition?
<2> Sure
<5> Yes, actually, you can.
<7> and is linux downloadable? and from where can I download it?
<5> There are many great distros available. What do you want to use it for?
<0> kernel.org is Linux in source form.
<7> well.. I know NOTHING in linux.. so I wanna learn
<2> ok p3nguin back to the IFS
<7> I know there's mandriva
<5> NRJ: Mandriva is, IMO, crap.
<4> m0ee: while general discussion of vulnerabilites is ok in here, we generally do not help with specifics for 2 reasons: 1) it's unethical andor illegal 2) the FBI has been known to monitor this channel
<7> the_ruthless aren't they all the same?
<5> NRJ: easy distros these days would be Ubuntu. If you want to learn stuff, you could perhaps try Slackware.
<2> what I am doing I have a setud script that runs says /usr/bin/date, the user running it sets there IFS to IFS=/ then exports the PATH to /tmp:$PATH
<2> then the user creates /tmp/bin to exec /bin/bash
<8> i m using Redhat 9.0 , how i will access the NTFS partation ?
<2> So? I am not doing anything illegal
<5> NRJ: No, they are not. All have, to varying degree, different features and ways of doing things.
<2> I have no reason to worry
<5> Goodie: google for linux ntfs.
<2> I have been a security consultant for many years with level 3 clearance
<2> they can check me out its fine
<4> me neither, because I'm ealving
<5> www.linux-ntfs.org or some such.
<7> the_ruthless Slackware? from where can I download it?
<2> if you have nothing to hide, why worry
<0> slackware.com/getslack
<5> NRJ: www.slackware.org
<4> maybe you should either join or start a channel to discuss things like this
<7> thanks p3nguin and the_ruthless
<2> it started out as a linux questions
<4> bye all
<2> p3nguin wanted to know more about the ifs
<2> so i exaplained
<5> Why would FBI monitor this channel, anyway?
<2> oh man
<2> he has some issues
<2> he seems cranky today
<0> the_ruthless: The obvious reasons.
<2> odd
<2> I have been coming here off and on years
<5> p3nguin: looking for script kiddies and terrorists? Y'know, I'm not very familiar with FBI business... As I don't live in the States, and such.
<2> never seen anyone say anything that owuld be close to illegal
Return to
#linux
or
Go to some related
logs:
#linux
#allnitecafe
#india
ayq ne demektir?
vajza shqiptare
#chat-world
#india
#india
flwle
#kl
|
|