[Admin-discuss] VM Hackery.

Conor Farrell lithium at redbrick.dcu.ie
Wed Feb 9 22:20:01 GMT 2011


*bump*

Just wondering if there has been any more thought/work on this?

I was reminded about it after doing a nice challenge at
http://www.boards.ie/vbulletin/showthread.php?t=2056169934

<http://www.boards.ie/vbulletin/showthread.php?t=2056169934>Personally I
learned a lot, so I'd certainly be interested in something in a similar
vein.

Conor

On 20 November 2010 17:24, Richard Dalton <dfens270 at gmail.com> wrote:

> So as a quick pointer I thought I mention some ideas I've had and
> mentioned to nemo as well.
>
> Web based exploits, there are lots, and they're even happening to
> redbrick on a regular basis (failed RFI is blatantly obvious) are very
> easy. From that most CA students and RedBrick/technical people can do
> XSS,XSRF,SQL injections,RFI and the like rather easily. So challenges
> for this could be:
>  steal an admin/users password from a web-app using XSRF
>  upload a shell using RFI or from above
>  SQL injection with mysql mis-configured user to allow file in/out to
> steal passwords
>  password cracking/brute force
>  DOS
> The handy thing about these are that there are alot of attacks using
> web infrastructures, and you don't have to teach c/shellcode and scare
> people off. You also get the classic combination of attacks whereby
> you gradually work your way into a system.
>
> Buffer overflows and shellcode are quite hard
> (DEP/grsec/ASLR/pax/ssp), unless you're totally into the whole secure
> coding challenge, so these are some simple alternatives :-)
>
> On Fri, Nov 19, 2010 at 12:40 PM, nemo <nemo at redbrick.dcu.ie> wrote:
> > I really think this, werdz plan, is the way to go. It seems well thought
> > out and a very realistic way of popularising this across the society.
> > Will reply later when I'm not at work.
> >
> > Looks very promising though.  :)
> >
> > C
> >
> >
> > On Fri, Nov 19, 2010 at 12:13:59PM +0000, Andrew Martin wrote:
> >> On Thu, Nov 18, 2010 at 02:00:43PM +0000, Andrew Martin wrote:
> >> > I love the idea. I know it's been mentioned before, but support++.
> >>
> >> I've been thinking about this a bit more (just mentioned this on IRC to
> >> a few people, might as well put it here too).
> >>
> >> Exploiting holes is *really* hard. And, as Cian pointed out, this could
> >> easily become something that only ex-MSSF types would be bothered
> >> trying. So, I'd suggest the following:
> >>
> >> Two (or even three or four) difficulty levels. The easiest one (or two)
> >> don't actually carry real published vulnerabilities, but we run, for
> >> example, a home-written HTTP server with some blatant buffer overflows
> >> in it (doesn't have to be a full HTTP server, just something that
> >> returns "<h1>hello world</h1>"), maybe a format string hole, etc.
> >>
> >> Next one up might be home written and have harder problems, like
> >> requiring an arc injection or something.
> >>
> >> Then after that we find real software with real holes, which would
> >> obviously be far more complex.
> >>
> >> We leave each 'instance' running for 2 or 3 months. That should give
> >> lots of time to work on one, but it would also mean that there is a
> >> deadline, so if someone starts on something, they're more likely to try
> >> to finish it. If something is there perpetually, there'll never be a
> >> push to finish it. Also, maybe try time them so that each instance ends
> >> during an academically quiet part of the year (i.e. not week 10).
> >>
> >> On top of all this, it would be good to have some sort of online
> >> tutorial on how all this works. Since I can't see Darragh O'Brien giving
> >> us all of his notes, we'll need to put together (or find, if they exist)
> >> some nice tutorials on things like the stack, breaking stuff, etc.
> >> Having them online might make more sense then holding one big tutorial
> >> session during the year, since this is the sort of thing that carries a
> >> large amount of detail in places. If a human face is really needed to
> >> help, maybe a video tutorial would be more appropriate then a face to
> >> face session.
> >>
> >> One of the tutorials could be a walk through of how to attack something
> >> like an echo daemon (MSSF people, think the secure programming
> >> assignment we had at the end of the year).
> >>
> >> Finally, for the really easy levels mentioned earlier, we'd need to make
> >> sure things like Ubuntu's stack protection, NX, etc, are disabled.
> >>
> >> It's a lot of effort, I don't know how well the way I've just described
> >> would work, but if we got it going, it would be fun for anyone trying to
> >> take part.
> >>
> >> What does anyone think? (especially Nemo, since this is your baby)
> >>
> >> -Andrew
> >>
> >>
> >> _______________________________________________
> >> Admin-discuss mailing list
> >> Admin-discuss at lists.redbrick.dcu.ie
> >> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> >
> > --
> > Dorothy Mantooth is a saint!
> >
> > _______________________________________________
> > Admin-discuss mailing list
> > Admin-discuss at lists.redbrick.dcu.ie
> > http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> >
>
> _______________________________________________
> Admin-discuss mailing list
> Admin-discuss at lists.redbrick.dcu.ie
> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>



-- 
Conor Farrell

www.GranCanaria2011.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbrick.dcu.ie/pipermail/admin-discuss/attachments/20110209/d84c1fe4/attachment-0001.html>


More information about the Admin-discuss mailing list