[Admin-discuss] VM Hackery.

nemo nemo at redbrick.dcu.ie
Sat Feb 12 17:58:40 GMT 2011


The challenge on boards was a nice intro, should hopefully set something 
up this weekend so we can make a start.

Any ideas or suggestions, let me know.

Kind Regards,
Cathal

On Wed, Feb 09, 2011 at 10:19:53PM +0000, Conor Farrell wrote:
> *bump*
> 
> Just wondering if there has been any more thought/work on this?
> 
> I was reminded about it after doing a nice challenge at
> http://www.boards.ie/vbulletin/showthread.php?t=2056169934
> 
> <http://www.boards.ie/vbulletin/showthread.php?t=2056169934>Personally I
> learned a lot, so I'd certainly be interested in something in a similar
> vein.
> 
> Conor
> 
> On 20 November 2010 17:24, Richard Dalton <dfens270 at gmail.com> wrote:
> 
> > So as a quick pointer I thought I mention some ideas I've had and
> > mentioned to nemo as well.
> >
> > Web based exploits, there are lots, and they're even happening to
> > redbrick on a regular basis (failed RFI is blatantly obvious) are very
> > easy. From that most CA students and RedBrick/technical people can do
> > XSS,XSRF,SQL injections,RFI and the like rather easily. So challenges
> > for this could be:
> >  steal an admin/users password from a web-app using XSRF
> >  upload a shell using RFI or from above
> >  SQL injection with mysql mis-configured user to allow file in/out to
> > steal passwords
> >  password cracking/brute force
> >  DOS
> > The handy thing about these are that there are alot of attacks using
> > web infrastructures, and you don't have to teach c/shellcode and scare
> > people off. You also get the classic combination of attacks whereby
> > you gradually work your way into a system.
> >
> > Buffer overflows and shellcode are quite hard
> > (DEP/grsec/ASLR/pax/ssp), unless you're totally into the whole secure
> > coding challenge, so these are some simple alternatives :-)
> >
> > On Fri, Nov 19, 2010 at 12:40 PM, nemo <nemo at redbrick.dcu.ie> wrote:
> > > I really think this, werdz plan, is the way to go. It seems well thought
> > > out and a very realistic way of popularising this across the society.
> > > Will reply later when I'm not at work.
> > >
> > > Looks very promising though.  :)
> > >
> > > C
> > >
> > >
> > > On Fri, Nov 19, 2010 at 12:13:59PM +0000, Andrew Martin wrote:
> > >> On Thu, Nov 18, 2010 at 02:00:43PM +0000, Andrew Martin wrote:
> > >> > I love the idea. I know it's been mentioned before, but support++.
> > >>
> > >> I've been thinking about this a bit more (just mentioned this on IRC to
> > >> a few people, might as well put it here too).
> > >>
> > >> Exploiting holes is *really* hard. And, as Cian pointed out, this could
> > >> easily become something that only ex-MSSF types would be bothered
> > >> trying. So, I'd suggest the following:
> > >>
> > >> Two (or even three or four) difficulty levels. The easiest one (or two)
> > >> don't actually carry real published vulnerabilities, but we run, for
> > >> example, a home-written HTTP server with some blatant buffer overflows
> > >> in it (doesn't have to be a full HTTP server, just something that
> > >> returns "<h1>hello world</h1>"), maybe a format string hole, etc.
> > >>
> > >> Next one up might be home written and have harder problems, like
> > >> requiring an arc injection or something.
> > >>
> > >> Then after that we find real software with real holes, which would
> > >> obviously be far more complex.
> > >>
> > >> We leave each 'instance' running for 2 or 3 months. That should give
> > >> lots of time to work on one, but it would also mean that there is a
> > >> deadline, so if someone starts on something, they're more likely to try
> > >> to finish it. If something is there perpetually, there'll never be a
> > >> push to finish it. Also, maybe try time them so that each instance ends
> > >> during an academically quiet part of the year (i.e. not week 10).
> > >>
> > >> On top of all this, it would be good to have some sort of online
> > >> tutorial on how all this works. Since I can't see Darragh O'Brien giving
> > >> us all of his notes, we'll need to put together (or find, if they exist)
> > >> some nice tutorials on things like the stack, breaking stuff, etc.
> > >> Having them online might make more sense then holding one big tutorial
> > >> session during the year, since this is the sort of thing that carries a
> > >> large amount of detail in places. If a human face is really needed to
> > >> help, maybe a video tutorial would be more appropriate then a face to
> > >> face session.
> > >>
> > >> One of the tutorials could be a walk through of how to attack something
> > >> like an echo daemon (MSSF people, think the secure programming
> > >> assignment we had at the end of the year).
> > >>
> > >> Finally, for the really easy levels mentioned earlier, we'd need to make
> > >> sure things like Ubuntu's stack protection, NX, etc, are disabled.
> > >>
> > >> It's a lot of effort, I don't know how well the way I've just described
> > >> would work, but if we got it going, it would be fun for anyone trying to
> > >> take part.
> > >>
> > >> What does anyone think? (especially Nemo, since this is your baby)
> > >>
> > >> -Andrew
> > >>
> > >>
> > >> _______________________________________________
> > >> Admin-discuss mailing list
> > >> Admin-discuss at lists.redbrick.dcu.ie
> > >> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> > >
> > > --
> > > Dorothy Mantooth is a saint!
> > >
> > > _______________________________________________
> > > Admin-discuss mailing list
> > > Admin-discuss at lists.redbrick.dcu.ie
> > > http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> > >
> >
> > _______________________________________________
> > Admin-discuss mailing list
> > Admin-discuss at lists.redbrick.dcu.ie
> > http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
> >
> 
> 
> 
> -- 
> Conor Farrell
> 
> www.GranCanaria2011.org

> _______________________________________________
> Admin-discuss mailing list
> Admin-discuss at lists.redbrick.dcu.ie
> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss


-- 
Dorothy Mantooth is a saint!



More information about the Admin-discuss mailing list