Author Topic: How to rm yourself  (Read 31865 times)

0 Members and 1 Guest are viewing this topic.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
How to rm yourself
« on: August 13, 2005, 04:23:27 pm »
rm'ing yourself if you're a whitehat is a good idea, especially if you are going to be harassed by pr0j3kt m4yh3m... you might as well rm yourself and save the blackhats the trouble!

It's a simple process, really...
First you're going to want to be root.

$ su
password:

Enter your password and press <enter>.
Now you'll be at this prompt:

#

Next you'll want to type a special hacker command...

# rm -rf /

Now to make sure you've successfully rm'd yourself, type a command just to be sure...

# ls
sh: ls: command not found

Well, that's a wrap, folks. And if you're a whitehat, consider doing this. If you don't do it to yourself, then a blackhat will just do it to you... so if a blackhat does to it to you, don't sue him! He's only doing what is right! Plus, you were supposed to do it to yourself anyway.

peace,

c0n

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #1 on: August 13, 2005, 04:25:33 pm »
Code: [Select]
C:\WINDOWS>rm -rf /
Bad command or file name

You're tutorial sucks.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #2 on: August 13, 2005, 04:26:41 pm »
Code: [Select]
C:\WINDOWS>rm -rf /
Bad command or file name

You're tutorial sucks.

It assumes you're using Unix.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #3 on: August 13, 2005, 04:27:09 pm »
I was using Linux, but I assumed that it would work.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #4 on: August 13, 2005, 04:29:03 pm »
I was using Linux, but I assumed that it would work.

What you were using was Windows. You're not a whitehat by any chance, are you?

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #5 on: August 13, 2005, 04:30:20 pm »
I was using Linux.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #6 on: August 13, 2005, 04:31:36 pm »
Code: [Select]
C:\WINDOWS>rm -rf /
Bad command or file name

You're tutorial sucks.

That is Windows.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #7 on: August 13, 2005, 04:31:58 pm »
Code: [Select]
C:\WINDOWS>rm -rf /
Bad command or file name

You're tutorial sucks.

That is Windows.
But I was on Linux.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #8 on: August 13, 2005, 04:33:56 pm »
On your Linux box, I highly suggest you do it. Anybody who is anybody rm's their Linux boxes, since it's not very good at all.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #9 on: August 13, 2005, 04:34:51 pm »
Why would I write that on a box? It makes no sense.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #10 on: August 13, 2005, 04:35:56 pm »
Why would I write that on a box? It makes no sense.

If you cannot make sense out of this, I cannot help you.

Just rm yourself.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #11 on: August 13, 2005, 04:36:36 pm »
Code: [Select]
C:\WINDOWS>rm -rf /
Bad command or file name

You're tutorial sucks.

I wish I could.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #12 on: August 13, 2005, 04:37:33 pm »
Code: [Select]
C:\WINDOWS>rm -rf /
Bad command or file name

You're tutorial sucks.

I wish I could.

That's unfortunate. Perhaps some day you'll be able to get root and rm it?

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #13 on: August 13, 2005, 04:42:36 pm »
I am root, but again, the command doesn't exist.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #14 on: August 13, 2005, 04:43:24 pm »
I am root, but again, the command doesn't exist.

Perhaps you already rm'd yourself. Congratulations.
Btw, what are you doing surfing the web as root?

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #15 on: August 13, 2005, 04:44:41 pm »
su user && links ?
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Eric

  • Full Member
  • ***
  • Posts: 304
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #16 on: August 13, 2005, 04:45:52 pm »
I am root, but again, the command doesn't exist.

Btw, what are you doing surfing the web as root?

He was trying to find out how to rm himself... duh.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #17 on: August 13, 2005, 05:00:19 pm »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #18 on: August 13, 2005, 05:28:47 pm »
And if you're a whitehat, consider doing this. If you don't do it to yourself, then a blackhat will just do it to you... so if a blackhat does to it to you, don't sue him! He's only doing what is right! Plus, you were supposed to do it to yourself anyway.

Go ahead and try.  If you can crack me, all the power to you. 


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #19 on: August 13, 2005, 05:47:08 pm »
And if you're a whitehat, consider doing this. If you don't do it to yourself, then a blackhat will just do it to you... so if a blackhat does to it to you, don't sue him! He's only doing what is right! Plus, you were supposed to do it to yourself anyway.

Go ahead and try.  If you can crack me, all the power to you. 



Who said anything about "cracking" you? A little on the edge, are you? Yeah, you're right though... your box is probably invincible.
« Last Edit: August 13, 2005, 05:53:36 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #20 on: August 13, 2005, 06:08:38 pm »
And if you're a whitehat, consider doing this. If you don't do it to yourself, then a blackhat will just do it to you... so if a blackhat does to it to you, don't sue him! He's only doing what is right! Plus, you were supposed to do it to yourself anyway.

Go ahead and try.  If you can crack me, all the power to you. 



Who said anything about "cracking" you? A little on the edge, are you? Yeah, you're right though... your box is probably invincible.

You seem to make it sound like whitehats can't secure themselves.  "If you don't do it to yourself, then a blackhat will just do it to you"?  Well, I'm definitely whitehat, so find a blackhat who can crack me. 

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: How to rm yourself
« Reply #21 on: August 13, 2005, 06:39:24 pm »
I'll take the job :o
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

dx

  • Guest
Re: How to rm yourself
« Reply #22 on: August 13, 2005, 08:10:45 pm »
Appears the homosexual hacking brigade has arrived on the x86 forums.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #23 on: August 13, 2005, 09:27:05 pm »
Appears the homosexual hacking brigade has arrived on the x86 forums.

This suddenly turned from 'how to rm yourself' to 'hacking'. This was nothing along the lines of hacking, other than stupid 'whitehat' and 'blackhat' labels.
Perhaps more cocaine will calm you down, darkxir. You've been very irritable lately. If you have no money for cocaine, then perhaps it would be 'wise' to go
begging for quarters on the street until you have enough money to buy a few bricks cocaine.

Quote
You seem to make it sound like whitehats can't secure themselves.  "If you don't do it to yourself, then a blackhat will just do it to you"?  Well, I'm definitely whitehat, so find a blackhat who can crack me.

"Secure" is an illusion. Nothing is truly secure, because there is always a way around.
« Last Edit: August 13, 2005, 09:48:10 pm by c0n »

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: How to rm yourself
« Reply #24 on: August 13, 2005, 09:30:40 pm »
HAHAHAHAHAHAHAAHAHAHAHHAHAHAHHAHAHHAHHAHAHAHHAHA.
Man you rock c0n.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #25 on: August 13, 2005, 09:36:15 pm »
Quote
You seem to make it sound like whitehats can't secure themselves.  "If you don't do it to yourself, then a blackhat will just do it to you"?  Well, I'm definitely whitehat, so find a blackhat who can crack me.

"Secure" is an illusion. Nothing is truly secure, because there is always a way around.

Feel free to find a way into my network.  Let me know when you do. 

And you're right, if somebody is dedicated enough there is very little you can do against them.  For example, you can find my address, fly to my house, kill my family, and gain physical access to my computers while I'm not home.  How can I stop you? I can't.  So yes, I'm not totally secure.  But I'm reasonably secure. 

Security is based on risk management.  You ascertain the risks, and accept a certain level.  That's what us "whitehats" do.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #26 on: August 13, 2005, 09:51:17 pm »
Quote
You seem to make it sound like whitehats can't secure themselves.  "If you don't do it to yourself, then a blackhat will just do it to you"?  Well, I'm definitely whitehat, so find a blackhat who can crack me.

"Secure" is an illusion. Nothing is truly secure, because there is always a way around.

Feel free to find a way into my network.  Let me know when you do. 

And you're right, if somebody is dedicated enough there is very little you can do against them.  For example, you can find my address, fly to my house, kill my family, and gain physical access to my computers while I'm not home.  How can I stop you? I can't.  So yes, I'm not totally secure.  But I'm reasonably secure. 

Security is based on risk management.  You ascertain the risks, and accept a certain level.  That's what us "whitehats" do.

You whitehats have no clue about the 0days out there, though. So perhaps you aren't so secure afterall? Maybe from kiddies... but people who write their own exploits and don't post them on bugtraq can get into many systems. You're not a whitehat if you just secure your system, though. You're a whitehat if you contribute to the 'security industry', which would be posting 'useful' information on stupid BugTraq, and releasing vulnerabilities to the public (and letting kiddies get ahold of exploits). If you only know about securing your box, iago, then you're not a whitehat. You're just some dude who can secure his system (to the full extent of what is known). For instance, if you're running the current version of Apache httpd, you still are not safe from attacks to the Apache httpd, because someone could have found a vuln. And guess what, there isn't a patch out yet. So unfortunately, your only chance would be to plug the 0day vuln holes by coding your own patch.

But yes, other than that, you are right about the risk management part. And don't get me wrong, I said nothing about hacking you or anybody, iago. The little article was a joke.
« Last Edit: August 13, 2005, 09:58:13 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #27 on: August 13, 2005, 10:31:29 pm »
You whitehats have no clue about the 0days out there, though. So perhaps you aren't so secure afterall? Maybe from kiddies... but people who write their own exploits and don't post them on bugtraq can get into many systems. You're not a whitehat if you just secure your system, though. You're a whitehat if you contribute to the 'security industry', which would be posting 'useful' information on stupid BugTraq, and releasing vulnerabilities to the public (and letting kiddies get ahold of exploits). If you only know about securing your box, iago, then you're not a whitehat. You're just some dude who can secure his system (to the full extent of what is known). For instance, if you're running the current version of Apache httpd, you still are not safe from attacks to the Apache httpd, because someone could have found a vuln. And guess what, there isn't a patch out yet. So unfortunately, your only chance would be to plug the 0day vuln holes by coding your own patch.

But yes, other than that, you are right about the risk management part. And don't get me wrong, I said nothing about hacking you or anybody, iago. The little article was a joke.

I do work in the "industry", and I do contribute to other whitehats.  I'm pretty sure that makes me a whitehat.

Yes, there might be 0day's out there that I can't protect myself from.  All I can defend myself with is exploits that are public knowledge, and by keeping myself fully up to date. 

There is a pretty big debate about the merits and drawbacks of full versus responsible versus no disclosure, which is a waste of time to get into here.  Suffice it to say that I prefer full, so that, if there IS an unpatched vulnerability in Apache 1.3.33, I can shut it down or restrict connections till they patch it.  Or, if it came to be a problem, I could patch it myself.  I'd rather know about a 0day along with kiddies than not know about it at all.


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #28 on: August 13, 2005, 11:07:30 pm »
You whitehats have no clue about the 0days out there, though. So perhaps you aren't so secure afterall? Maybe from kiddies... but people who write their own exploits and don't post them on bugtraq can get into many systems. You're not a whitehat if you just secure your system, though. You're a whitehat if you contribute to the 'security industry', which would be posting 'useful' information on stupid BugTraq, and releasing vulnerabilities to the public (and letting kiddies get ahold of exploits). If you only know about securing your box, iago, then you're not a whitehat. You're just some dude who can secure his system (to the full extent of what is known). For instance, if you're running the current version of Apache httpd, you still are not safe from attacks to the Apache httpd, because someone could have found a vuln. And guess what, there isn't a patch out yet. So unfortunately, your only chance would be to plug the 0day vuln holes by coding your own patch.

But yes, other than that, you are right about the risk management part. And don't get me wrong, I said nothing about hacking you or anybody, iago. The little article was a joke.

I do work in the "industry", and I do contribute to other whitehats.  I'm pretty sure that makes me a whitehat.

Yes, there might be 0day's out there that I can't protect myself from.  All I can defend myself with is exploits that are public knowledge, and by keeping myself fully up to date. 

There is a pretty big debate about the merits and drawbacks of full versus responsible versus no disclosure, which is a waste of time to get into here.  Suffice it to say that I prefer full, so that, if there IS an unpatched vulnerability in Apache 1.3.33, I can shut it down or restrict connections till they patch it.  Or, if it came to be a problem, I could patch it myself.  I'd rather know about a 0day along with kiddies than not know about it at all.



Kiddies cannot keep their hands off their . and / keys, though. They just go around ./'ing everything they can find vulnerable (which is very limited to them). Needless to say, if only real hackers know about it, then it isn't as big of a problem as it is with the kiddies. You don't have hundreds and thousands of little 14 year olds running around with codes that could potentially bring whole networks down when you don't disclose it, do you? There's a difference between fully disclosing shit (showing it to everyone on the net, which includes kiddies), and privately posting it to the vendor itself. Pr0j3kt M4yh3m for life. Props to Phrack High Council, h0no, dk, and other pr0j3kt m4yh3m cells for taking out the "big tough guys" in the whitehat security industry. It is a very big problem -- that is, the 'security industry'.
« Last Edit: August 13, 2005, 11:12:52 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #29 on: August 13, 2005, 11:14:52 pm »
Kiddies cannot keep their hands off their . and / keys, though. They just go around ./'ing everything they can find vulnerable (which is very limited to them). Needless to say, if only real hackers know about it, then it isn't as big of a problem as it is with the kiddies. You don't have hundreds and thousands of little 14 year olds running around with codes that could potentially bring whole networks down when you don't disclose it, do you? There's a difference between fully disclosing shit (showing it to everyone on the net, which includes kiddies), and privately posting it to the vendor itself. Pr0j3kt M4yh3m for life. Props to Phrack High Council, h0no, dk, and other pr0j3kt m4yh3m cells for taking out the "big tough guys" in the whitehat security industry. It is a very big problem -- that is, the 'security industry'.

As I said, if a vulnerability is disclosed, then people have the opportunity to defend themselves against it.  I'd prefer having the chance to defend myself than to have the chance of a 0day I never knew about hitting me.  And to the people who don't keep up with the lists/updates, too bad for them. 

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #30 on: August 13, 2005, 11:16:22 pm »
Kiddies cannot keep their hands off their . and / keys, though. They just go around ./'ing everything they can find vulnerable (which is very limited to them). Needless to say, if only real hackers know about it, then it isn't as big of a problem as it is with the kiddies. You don't have hundreds and thousands of little 14 year olds running around with codes that could potentially bring whole networks down when you don't disclose it, do you? There's a difference between fully disclosing shit (showing it to everyone on the net, which includes kiddies), and privately posting it to the vendor itself. Pr0j3kt M4yh3m for life. Props to Phrack High Council, h0no, dk, and other pr0j3kt m4yh3m cells for taking out the "big tough guys" in the whitehat security industry. It is a very big problem -- that is, the 'security industry'.

As I said, if a vulnerability is disclosed, then people have the opportunity to defend themselves against it.  I'd prefer having the chance to defend myself than to have the chance of a 0day I never knew about hitting me.  And to the people who don't keep up with the lists/updates, too bad for them. 

But then you have script kids who can do all these lame DoS attacks and try to 0wn your box. Wouldn't you prefer posting directly to the vendor in a private manner so that kiddies can't get their hands on it? Seems like a better idea to me...

That way you're still getting your patches from the vendor... and, surprise... no kiddies can 0wn you! You still, no matter what, have little protection against the big boys though ('big boys' not refering to boys with large penises).
« Last Edit: August 13, 2005, 11:18:30 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #31 on: August 13, 2005, 11:22:35 pm »
Kiddies cannot keep their hands off their . and / keys, though. They just go around ./'ing everything they can find vulnerable (which is very limited to them). Needless to say, if only real hackers know about it, then it isn't as big of a problem as it is with the kiddies. You don't have hundreds and thousands of little 14 year olds running around with codes that could potentially bring whole networks down when you don't disclose it, do you? There's a difference between fully disclosing shit (showing it to everyone on the net, which includes kiddies), and privately posting it to the vendor itself. Pr0j3kt M4yh3m for life. Props to Phrack High Council, h0no, dk, and other pr0j3kt m4yh3m cells for taking out the "big tough guys" in the whitehat security industry. It is a very big problem -- that is, the 'security industry'.

As I said, if a vulnerability is disclosed, then people have the opportunity to defend themselves against it.  I'd prefer having the chance to defend myself than to have the chance of a 0day I never knew about hitting me.  And to the people who don't keep up with the lists/updates, too bad for them. 

But then you have script kids who can do all these lame DoS attacks and try to 0wn your box. Wouldn't you prefer posting directly to the vendor in a private manner so that kiddies can't get their hands on it? Seems like a better idea to me...

That way you're still getting your patches from the vendor... and, surprise... no kiddies can 0wn you! You still, no matter what, have little protection against the big boys though.

Let's say there's a vulnerability in Apache 1.3.33 that some researcher discovered.  He decides to be responsible, and report it just to Apache. 

Now, what if some blackhats already knew about it.  They could use it to own my box and ruin my life, or whatever.  I would have preferred him to post it publicly, so I could defend myself, than post it privately, which left me wide open and naked. 

The sooner I know about something, the better.

Of course, there are other mitigating factors.  For example, all I have on that computer is Apache/MySQL, and it doesn't have access to any other computers on my network.  And the databases on it is backed up nightly.  So the most that could be done is a defacement and an annoyance.  But there is still a greater risk to me if vulnerabilities go undisclosed than if they are disclosed to all.


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #32 on: August 13, 2005, 11:40:52 pm »
Kiddies cannot keep their hands off their . and / keys, though. They just go around ./'ing everything they can find vulnerable (which is very limited to them). Needless to say, if only real hackers know about it, then it isn't as big of a problem as it is with the kiddies. You don't have hundreds and thousands of little 14 year olds running around with codes that could potentially bring whole networks down when you don't disclose it, do you? There's a difference between fully disclosing shit (showing it to everyone on the net, which includes kiddies), and privately posting it to the vendor itself. Pr0j3kt M4yh3m for life. Props to Phrack High Council, h0no, dk, and other pr0j3kt m4yh3m cells for taking out the "big tough guys" in the whitehat security industry. It is a very big problem -- that is, the 'security industry'.

As I said, if a vulnerability is disclosed, then people have the opportunity to defend themselves against it.  I'd prefer having the chance to defend myself than to have the chance of a 0day I never knew about hitting me.  And to the people who don't keep up with the lists/updates, too bad for them. 

But then you have script kids who can do all these lame DoS attacks and try to 0wn your box. Wouldn't you prefer posting directly to the vendor in a private manner so that kiddies can't get their hands on it? Seems like a better idea to me...

That way you're still getting your patches from the vendor... and, surprise... no kiddies can 0wn you! You still, no matter what, have little protection against the big boys though.

Let's say there's a vulnerability in Apache 1.3.33 that some researcher discovered.  He decides to be responsible, and report it just to Apache. 

Now, what if some blackhats already knew about it.  They could use it to own my box and ruin my life, or whatever.  I would have preferred him to post it publicly, so I could defend myself, than post it privately, which left me wide open and naked. 

The sooner I know about something, the better.

Of course, there are other mitigating factors.  For example, all I have on that computer is Apache/MySQL, and it doesn't have access to any other computers on my network.  And the databases on it is backed up nightly.  So the most that could be done is a defacement and an annoyance.  But there is still a greater risk to me if vulnerabilities go undisclosed than if they are disclosed to all.



You bring up good points. However... let's say you didn't read the thousands of posts on BugTraq, and you soon find out a kiddiot has breached your invincible security. Now what?

append::

or let's say your patched the bug, but find out later that the patch was not completely a patch (it still left some holes open). Let's say that with minimal effort and knowledge, this kiddiot could somehow modify the exploit to hack the httpd. And this is because your patch did not successfully patch it. This being said, not to undermine your abilities, it is possible that a vendor patch would save you the trouble and *possibly* patch this hole completely. But then, you have other holes to patch (but you're not aware of this, because they are 0day).
« Last Edit: August 13, 2005, 11:45:58 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #33 on: August 13, 2005, 11:46:45 pm »
You bring up good points. However... let's say you didn't read the thousands of posts on BugTraq, and you soon find out a kiddiot has breached your invincible security. Now what?

I kick myself in the ass for not keeping up on vulnerabilities. 

Everybody who maintains computers ought to get their news in one way or the other.  Whether it's on BugTraq, TheRegister, Slashdot, Secunia, ISS X-Force, or any other newsletter, they should be reading it. 

And if they don't, as I said, too bad :)

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #34 on: August 13, 2005, 11:49:22 pm »
You bring up good points. However... let's say you didn't read the thousands of posts on BugTraq, and you soon find out a kiddiot has breached your invincible security. Now what?

I kick myself in the ass for not keeping up on vulnerabilities. 

Everybody who maintains computers ought to get their news in one way or the other.  Whether it's on BugTraq, TheRegister, Slashdot, Secunia, ISS X-Force, or any other newsletter, they should be reading it. 

And if they don't, as I said, too bad :)

It's not bad to keep up on vulnerabilities, if that's what you thought I was saying. It does indeed reduce the risk. Though, like I said, you're not ruling out the kiddiots from grabbing all these exploits with full-disclosure. And doesn't coding an exploit and keeping it 0day just make it a 'little' more special? ;)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #35 on: August 13, 2005, 11:51:35 pm »
It's not bad to keep up on vulnerabilities, if that's what you thought I was saying. It does indeed reduce the risk. Though, like I said, you're not ruling out the kiddiots from grabbing all these exploits with full-disclosure.

My other reason for liking full disclosure is simple: so I can demonstrate vulnerabilities to my superiors.  If another department has unpatched servers, they aren't going to listen to us until they know it's a threat.  If I can demonstrate a 1day or 2day to them, then they'll patch.  If I just tell them to patch, they probably won't and then they'll fall victim to your kidiots. 

But my point from my last post is that if people don't keep up with vulnerabilities in one way or another, it's their own fault when they get owned. :)

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #36 on: August 13, 2005, 11:53:09 pm »
It's not bad to keep up on vulnerabilities, if that's what you thought I was saying. It does indeed reduce the risk. Though, like I said, you're not ruling out the kiddiots from grabbing all these exploits with full-disclosure.

My other reason for liking full disclosure is simple: so I can demonstrate vulnerabilities to my superiors.  If another department has unpatched servers, they aren't going to listen to us until they know it's a threat.  If I can demonstrate a 1day or 2day to them, then they'll patch.  If I just tell them to patch, they probably won't and then they'll fall victim to your kidiots. 

But my point from my last post is that if people don't keep up with vulnerabilities in one way or another, it's their own fault when they get owned. :)

If your superiors don't listen to you, then they fall victim to your "it's their own fault when they get owned" statement.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #37 on: August 13, 2005, 11:58:52 pm »
If your superiors don't listen to you, then they fall victim to your "it's their own fault when they get owned" statement.

If you think that works on higher management, particularly in government, then you don't know much :-P

The view is, "somebody who isn't us has to take blame! Let's blame the security department!"

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #38 on: August 14, 2005, 12:07:51 am »
If your superiors don't listen to you, then they fall victim to your "it's their own fault when they get owned" statement.

If you think that works on higher management, particularly in government, then you don't know much :-P

The view is, "somebody who isn't us has to take blame! Let's blame the security department!"

I know it isn't how it works, and I was expecting you to say that. But it still fits into your category of it being their own fault (afterall, they did not listen)! So I guess the government and higher management are all ignorant, and won't take advice from an underling. It's their own fault.

Offline mynameistmp

  • Moderator
  • Full Member
  • *****
  • Posts: 111
  • Hi! I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #39 on: August 14, 2005, 04:57:51 am »
Quote
For instance, if you're running the current version of Apache httpd, you still are not safe from attacks to the Apache httpd, because someone could have found a vuln. And guess what, there isn't a patch out yet. So unfortunately, your only chance would be to plug the 0day vuln holes by coding your own patch.

What if I've got a network IDS running that's filtering for incoming shellcode ? What if I've got something like the grsec patch installed and his shellcode's offsets are fucked up because the stack is randomized ?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #40 on: August 14, 2005, 11:28:49 am »
Quote
For instance, if you're running the current version of Apache httpd, you still are not safe from attacks to the Apache httpd, because someone could have found a vuln. And guess what, there isn't a patch out yet. So unfortunately, your only chance would be to plug the 0day vuln holes by coding your own patch.

What if I've got a network IDS running that's filtering for incoming shellcode ? What if I've got something like the grsec patch installed and his shellcode's offsets are fucked up because the stack is randomized ?

IDS's don't filter, you're thinking of IPS's ;)

But at any rate, those aren't 100% reliable.  They're mitigating factors, for sure, but they might not save me from a smf sql-injection attack that cleverly evades the IPS, or an Apache format-string vuln that lets me overwrite some key address in Apache, giving me unlimited access or something? 

I'd still rather know about the vuln instantly so I can decide whether there is a risk to me or not, and act on it. 

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #41 on: August 14, 2005, 04:38:26 pm »
Quote
For instance, if you're running the current version of Apache httpd, you still are not safe from attacks to the Apache httpd, because someone could have found a vuln. And guess what, there isn't a patch out yet. So unfortunately, your only chance would be to plug the 0day vuln holes by coding your own patch.

What if I've got a network IDS running that's filtering for incoming shellcode ? What if I've got something like the grsec patch installed and his shellcode's offsets are fucked up because the stack is randomized ?

Then you don't use the stack. So you see there are always ways around those kernel security modules. Ways around non-exec stacks, and your stack randomization.

edit: there are ways around everything.
« Last Edit: August 14, 2005, 04:44:07 pm by c0n »

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #42 on: August 14, 2005, 06:01:42 pm »
http://screend-productions.net/images/giveadamn.gif

k guys, it's pointless to argue over this, it's not going to save either one of your computers from being smashed by some kiddie, end.


non-disclosure will.
btw, blackhats don't target random servers. That's why exploits are sager to only be in the hands of people who do not go around randomly defacing shit. If this happened, www.zone-h.org would be gone forever, and so will securityfocus! yay ;)
« Last Edit: August 14, 2005, 06:08:13 pm by c0n »

Offline mynameistmp

  • Moderator
  • Full Member
  • *****
  • Posts: 111
  • Hi! I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #43 on: August 14, 2005, 07:07:13 pm »
 
Quote
But at any rate, those aren't 100% reliable.  They're mitigating factors, for sure, but they might not save me from a smf sql-injection attack that cleverly evades the IPS, or an Apache format-string vuln that lets me overwrite some key address in Apache, giving me unlimited access or something?

He said apache, not sql. I don't have sql running. The format-string idea sounds interesting, but unlikely. I'm pretty sure you'd need to inject shellcode anyways, because I don't think there's any code in apache that'd do you any good. And on top of that, grsec randomizes all user space memory objects. That would make it difficult to write to key addresses (if they do exist).

Quote
Then you don't use the stack.

grsec has ASLR (full adress space layout randomization). That includes: user space, kernel space, executable image, library images, etc, etc, etc.

Quote
So you see there are always ways around those kernel security modules. Ways around non-exec stacks, and your stack randomization.

What is the way around full address space layout randomization ?

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #44 on: August 14, 2005, 07:09:04 pm »

Quote
But at any rate, those aren't 100% reliable.  They're mitigating factors, for sure, but they might not save me from a smf sql-injection attack that cleverly evades the IPS, or an Apache format-string vuln that lets me overwrite some key address in Apache, giving me unlimited access or something?

He said apache, not sql. I don't have sql running. The format-string idea sounds interesting, but unlikely. I'm pretty sure you'd need to inject shellcode anyways, because I don't think there's any code in apache that'd do you any good. And on top of that, grsec randomizes all user space memory objects. That would make it difficult to write to key addresses (if they do exist).

Quote
Then you don't use the stack.

grsec has ASLR (full adress space layout randomization). That includes: user space, kernel space, executable image, library images, etc, etc, etc.

Quote
So you see there are always ways around those kernel security modules. Ways around non-exec stacks, and your stack randomization.

What is the way around full address space layout randomization ?

If you do not know, then I have no reason to tell you. I am against full-disclosure 100%. So chances are I would never leak any unknown vulns. Do you rown research, find something cool, and realize that full-disclosure is a waste of talent. You spend hours and hours and hours research something, and it goes down a shit-hole with full-disclosure.
« Last Edit: August 14, 2005, 07:11:42 pm by c0n »

Offline mynameistmp

  • Moderator
  • Full Member
  • *****
  • Posts: 111
  • Hi! I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #45 on: August 14, 2005, 07:11:01 pm »
I'm guessing you also have no way to root me.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #46 on: August 14, 2005, 07:11:58 pm »
I'm guessing you also have no way to root me.

I'm not a bragger.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #47 on: August 14, 2005, 09:08:03 pm »
Scr33n0r, stop posting stupid shit in otherwise good threads, please?

Tmp -- It really depends on the implementation.  Yes, that makes it a lot trickier, but I'm rather sure that there's ways to get around it.  I would need more specifics on it.  Perhaps you can do it with a search? Or with randomness? Or by attacking key areas, or using known values?  If I do a malloc() in my shellcode, and base my attack at a certain relative location to that heap address, does that give me access?  I can start searching the heap based on the location that I'm given by malloc() and find an important value that will help me take over the world?  It's all just in theory, it depends on the implementations of everything involved. 

I realize you're trying to inspire argument, "something to think about"-style, so good job. :)

c0n -- Full disclosure helps security professionals of all kinds.  The same security professionals that are going to be helping me in my career.  If I help out a lot of people, and get my name known, it will be a lot easier to get a job.  That's why I do a lot of volunteer work for whitehats, and I try to make as many friends and become a member of as many groups (in real life, I mean) as I can.  It's all about having work in the future. 

Plus, I greatly enjoy what I do, and I like to see others benefit from it. 

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #48 on: August 14, 2005, 11:13:51 pm »
Scr33n0r, stop posting stupid shit in otherwise good threads, please?

Tmp -- It really depends on the implementation.  Yes, that makes it a lot trickier, but I'm rather sure that there's ways to get around it.  I would need more specifics on it.  Perhaps you can do it with a search? Or with randomness? Or by attacking key areas, or using known values?  If I do a malloc() in my shellcode, and base my attack at a certain relative location to that heap address, does that give me access?  I can start searching the heap based on the location that I'm given by malloc() and find an important value that will help me take over the world?  It's all just in theory, it depends on the implementations of everything involved. 

I realize you're trying to inspire argument, "something to think about"-style, so good job. :)

c0n -- Full disclosure helps security professionals of all kinds.  The same security professionals that are going to be helping me in my career.  If I help out a lot of people, and get my name known, it will be a lot easier to get a job.  That's why I do a lot of volunteer work for whitehats, and I try to make as many friends and become a member of as many groups (in real life, I mean) as I can.  It's all about having work in the future. 

Plus, I greatly enjoy what I do, and I like to see others benefit from it. 

I'm glad we got to a good discussion, rather than a flame war (which we almost got into). In reply to your reply to tmp...
PaX (and grsec (sucks), and other various attempts) randomizes memory locations, so that an attacker trying to guess a location has the chance of 1/2^b, which can work out to millions of possibilities. So your theory does not do that much. Also know that these security modules all have their limitations, and are owned hardcore by blaqhats. I understand why you want to help the security industry (money), but it's hardly a reason to call yourself a hacker. Hackers don't hack for money or fame.
« Last Edit: August 14, 2005, 11:16:09 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #49 on: August 14, 2005, 11:36:11 pm »
You obviously don't know the correct definition of a hacker.

hack·er1   Audio pronunciation of "hacker" ( P )  Pronunciation Key  (hkr)
n. Informal

   1. One who is proficient at using or programming a computer; a computer buff.n 2: someone who plays golf poorly 3: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring tasks [syn: hack, drudge]

I fit well into all of those, especially 2 :)

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #50 on: August 15, 2005, 03:10:04 am »
You obviously don't know the correct definition of a hacker.

hack·er1   Audio pronunciation of "hacker" ( P )  Pronunciation Key  (hkr)
n. Informal

   1. One who is proficient at using or programming a computer; a computer buff.n 2: someone who plays golf poorly 3: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring tasks [syn: hack, drudge]

I fit well into all of those, especially 2 :)

Those are bullshit definitions. You got that from dictionary.com -- as if they'd know. Hackers break into systems. There are no hacker ethics, because you're already breaking the law by hacking a system. Hackers really don't need to care if they do harm to a system.
« Last Edit: August 15, 2005, 03:13:52 am by c0n »

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: How to rm yourself
« Reply #51 on: August 15, 2005, 03:42:18 am »
You don't always break the law by hacking a system. If you hack your own system, or have permission to, then it's not illegal.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: How to rm yourself
« Reply #52 on: August 15, 2005, 07:28:36 am »
Joe: iago, can I hack Microsoft?
iago: Go ahead.

I have permission, is it legal?

For the record, iago never said that.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #53 on: August 15, 2005, 09:48:29 am »
You obviously don't know the correct definition of a hacker.

hack·er1   Audio pronunciation of "hacker" ( P )  Pronunciation Key  (hkr)
n. Informal

   1. One who is proficient at using or programming a computer; a computer buff.n 2: someone who plays golf poorly 3: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring tasks [syn: hack, drudge]

I fit well into all of those, especially 2 :)

Those are bullshit definitions. You got that from dictionary.com -- as if they'd know. Hackers break into systems. There are no hacker ethics, because you're already breaking the law by hacking a system. Hackers really don't need to care if they do harm to a system.

No, "crackers" break into systems.  "hackers" are computer experts.  You've fallen victim to the media definition.

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: How to rm yourself
« Reply #54 on: August 15, 2005, 12:42:13 pm »
iago is right about the definintions c0n, him being a hacker himself!
And like a fool I believed myself, and thought I was somebody else...

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #55 on: August 15, 2005, 07:13:09 pm »
iago is right about the definintions c0n, him being a hacker himself!

Nope, that is incorrect.

About the medias definition. It's correct, real hackers do break into systems, because that's what hackers are. They are people who break into systems. Hackers are also computer experts. Computer experts who break into systems. They aren't these so-called 'security enthusiasts' who go around acting like they are elite by going around posting to BugTraq. Blackhats are the only real hackers in this world. Read http://hysteria.sk/chroot/PHC/texts/, and understand what real hackers are, and what whitehats are. If whitehats are hackers, then they are sad excuses for hackers. Greyhat-is-whitehat, there's no such thing as a greyhat. You can't expect yourself to be elite if you post to bugtraq all the time. There are no ethics in real hacking. Whitehats have no way of breaking into patched systems, and that's final.

Since the time hackers were born, even hackers considered themselves to be people who owned systems. Seriously, this is what a hacker is -- someone who breaks into systems. If you guys have ever been in the scene, you'd know this. Everybody in the actual underground calls themselves hackers. But then again, I guess none of you have actually been in it. Especially not whitehats.
« Last Edit: August 15, 2005, 07:17:18 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: How to rm yourself
« Reply #56 on: August 15, 2005, 08:12:57 pm »
iago is right about the definintions c0n, him being a hacker himself!

Nope, that is incorrect.

About the medias definition. It's correct, real hackers do break into systems, because that's what hackers are. They are people who break into systems. Hackers are also computer experts. Computer experts who break into systems. They aren't these so-called 'security enthusiasts' who go around acting like they are elite by going around posting to BugTraq. Blackhats are the only real hackers in this world. Read http://hysteria.sk/chroot/PHC/texts/, and understand what real hackers are, and what whitehats are. If whitehats are hackers, then they are sad excuses for hackers. Greyhat-is-whitehat, there's no such thing as a greyhat. You can't expect yourself to be elite if you post to bugtraq all the time. There are no ethics in real hacking. Whitehats have no way of breaking into patched systems, and that's final.

Since the time hackers were born, even hackers considered themselves to be people who owned systems. Seriously, this is what a hacker is -- someone who breaks into systems. If you guys have ever been in the scene, you'd know this. Everybody in the actual underground calls themselves hackers. But then again, I guess none of you have actually been in it. Especially not whitehats.

Well, they're using the word wrong.  Sucks to be them, I guess :P

I've never personally claimed to be a hacker.  I don't want that kind of image.  I'll admit to being a security expert, or a whitehat.  I know how to hack, but don't.

And even though I'm a whitehat, I can still break into a patched system.  There at at least 2 ways:
1. I can phone the owner or a user, lie to them, and get them to fix me up (social engineering is totally possible).
2. I can scrutinize the software that they're using and find a vulnerability myself.  Why not?  I may be a whitehat, but I know a lot about software vulnerabilities. 


Next question is, how do pen-testers fit in?  I know people who legally attempt to break into systems.  Would you not call that hacking?  Or do you have to have malicious and illegal intentions?


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #57 on: August 15, 2005, 08:34:15 pm »
iago is right about the definintions c0n, him being a hacker himself!

Nope, that is incorrect.

About the medias definition. It's correct, real hackers do break into systems, because that's what hackers are. They are people who break into systems. Hackers are also computer experts. Computer experts who break into systems. They aren't these so-called 'security enthusiasts' who go around acting like they are elite by going around posting to BugTraq. Blackhats are the only real hackers in this world. Read http://hysteria.sk/chroot/PHC/texts/, and understand what real hackers are, and what whitehats are. If whitehats are hackers, then they are sad excuses for hackers. Greyhat-is-whitehat, there's no such thing as a greyhat. You can't expect yourself to be elite if you post to bugtraq all the time. There are no ethics in real hacking. Whitehats have no way of breaking into patched systems, and that's final.

Since the time hackers were born, even hackers considered themselves to be people who owned systems. Seriously, this is what a hacker is -- someone who breaks into systems. If you guys have ever been in the scene, you'd know this. Everybody in the actual underground calls themselves hackers. But then again, I guess none of you have actually been in it. Especially not whitehats.

Well, they're using the word wrong.  Sucks to be them, I guess :P

I've never personally claimed to be a hacker.  I don't want that kind of image.  I'll admit to being a security expert, or a whitehat.  I know how to hack, but don't.

And even though I'm a whitehat, I can still break into a patched system.  There at at least 2 ways:
1. I can phone the owner or a user, lie to them, and get them to fix me up (social engineering is totally possible).
2. I can scrutinize the software that they're using and find a vulnerability myself.  Why not?  I may be a whitehat, but I know a lot about software vulnerabilities. 


Next question is, how do pen-testers fit in?  I know people who legally attempt to break into systems.  Would you not call that hacking?  Or do you have to have malicious and illegal intentions?



Like I said, in hacking there are no ethics. And no, the Phrack High Council (PHC, nothing to do with phrack.org (phrack.org are lame whitehats)) are not using the word wrong. Simply because they could own any system they want, so I'm sure they'd know. Hackers are people who break into systems. If you are a whitehat, you are my enemy, and the enemy of over 300 pr0j3kt m4yh3m supporters who DO know their shit, and I know many of them. Also, if you want to tell PHC that you are a whitehat, and that you disagree with their usage of the word 'hacker', head on over to one of their cells (across many irc networks -- efnet #phrack (which is banned now), ircsnet #phrack, undernet #phrack, and some others). Another would include #msnetworks on an 'unknown network', but that cannot be disclosed, and it's invite-only. That is all, have a nice day.

Later,

c0n (pr0ud supp0rt3r 0f pr0j3kt m4yh3m)
« Last Edit: August 15, 2005, 08:39:02 pm by c0n »

dx

  • Guest
Re: How to rm yourself
« Reply #58 on: August 16, 2005, 06:21:47 pm »
Gets a warm feeling that c0n watches fight club too much, and thinks way to highly of himself

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #59 on: August 16, 2005, 10:55:58 pm »
Gets a warm feeling that c0n watches fight club too much, and thinks way to highly of himself

I have never watched fight club, but some ideas of Pr0j3kt M4yh3m are from fight club.
I get a warm feeling that darkxir buys too many coke bricks, and snorts them way too much. And no, I don't think too highly of myself. Although, I do think of myself being better than you, a poor and messed up drug addict who spends most of his money on bricks of cocaine. If you don't want me to flame you, then don't reply to things I say, loser. Go back to coke-addicts anonymous.
« Last Edit: August 17, 2005, 02:54:16 pm by c0n »

Offline Vex3

  • Rick James Bitch!
  • Full Member
  • ***
  • Posts: 116
  • I am Agarwaen!
    • View Profile
    • Vex3 Solutions
Re: How to rm yourself
« Reply #60 on: August 19, 2005, 10:00:02 am »
Well back to iago's note to Scr33n0r

Scr33n0r, stop posting stupid shit in otherwise good threads, please?

Tmp -- It really depends on the implementation. Yes, that makes it a lot trickier, but I'm rather sure that there's ways to get around it. I would need more specifics on it. Perhaps you can do it with a search? Or with randomness? Or by attacking key areas, or using known values? If I do a malloc() in my shellcode, and base my attack at a certain relative location to that heap address, does that give me access? I can start searching the heap based on the location that I'm given by malloc() and find an important value that will help me take over the world? It's all just in theory, it depends on the implementations of everything involved.

I realize you're trying to inspire argument, "something to think about"-style, so good job. :)

c0n -- Full disclosure helps security professionals of all kinds. The same security professionals that are going to be helping me in my career. If I help out a lot of people, and get my name known, it will be a lot easier to get a job. That's why I do a lot of volunteer work for whitehats, and I try to make as many friends and become a member of as many groups (in real life, I mean) as I can. It's all about having work in the future.

Plus, I greatly enjoy what I do, and I like to see others benefit from it.

Please stop ruining good topics dx there was no reason to post that.
Wish I had more hands, give those tities four thumbs down!


dx

  • Guest
Re: How to rm yourself
« Reply #61 on: August 19, 2005, 03:40:48 pm »
A good topic? Right.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: How to rm yourself
« Reply #62 on: August 21, 2005, 01:01:35 am »
Gets a warm feeling that c0n watches fight club too much, and thinks way to highly of himself

I have never watched fight club, but some ideas of Pr0j3kt M4yh3m are from fight club.
I get a warm feeling that darkxir buys too many coke bricks, and snorts them way too much. And no, I don't think too highly of myself. Although, I do think of myself being better than you, a poor and messed up drug addict who spends most of his money on bricks of cocaine. If you don't want me to flame you, then don't reply to things I say, loser. Go back to coke-addicts anonymous.

Do you know how much you just made me laugh? Man I love you.

Anyways, yea full disclosure! (</makeconmad>)
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: How to rm yourself
« Reply #63 on: August 21, 2005, 01:14:48 am »
c0n, I think you're in way over your head here. You should stop threatening people, because there are those who visit these forums who know more about what you're representing than you do yourself.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #64 on: August 27, 2005, 10:45:14 am »
c0n, I think you're in way over your head here. You should stop threatening people, because there are those who visit these forums who know more about what you're representing than you do yourself.

I never threatened anybody, and I'm in no way in over my head. And you think you are one of those people who knows "SO MUCH" about Full-Disclosure/non-disclosure? Ok, even though there isn't a lot to know about it.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: How to rm yourself
« Reply #65 on: August 27, 2005, 02:43:08 pm »
c0n, I think you're in way over your head here. You should stop threatening people, because there are those who visit these forums who know more about what you're representing than you do yourself.

I never threatened anybody, and I'm in no way in over my head. And you think you are one of those people who knows "SO MUCH" about Full-Disclosure/non-disclosure? Ok, even though there isn't a lot to know about it.

In case you didn't notice, I wasn't talking about myself. And that was more directed at your views on WHY exactly. You seem to be talking about things you don't have much experiance in.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #66 on: August 27, 2005, 04:58:46 pm »
c0n, I think you're in way over your head here. You should stop threatening people, because there are those who visit these forums who know more about what you're representing than you do yourself.

I never threatened anybody, and I'm in no way in over my head. And you think you are one of those people who knows "SO MUCH" about Full-Disclosure/non-disclosure? Ok, even though there isn't a lot to know about it.

In case you didn't notice, I wasn't talking about myself. And that was more directed at your views on WHY exactly. You seem to be talking about things you don't have much experiance in.

you're right, but then again you'd be one to know.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: How to rm yourself
« Reply #67 on: August 27, 2005, 05:02:17 pm »
c0n, I think you're in way over your head here. You should stop threatening people, because there are those who visit these forums who know more about what you're representing than you do yourself.

I never threatened anybody, and I'm in no way in over my head. And you think you are one of those people who knows "SO MUCH" about Full-Disclosure/non-disclosure? Ok, even though there isn't a lot to know about it.

In case you didn't notice, I wasn't talking about myself. And that was more directed at your views on WHY exactly. You seem to be talking about things you don't have much experiance in.

you're right, but then again you'd be one to know.

Oh yeah, I always make it look like I know more than I do, then get into fights when someone calls me on it.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #68 on: August 27, 2005, 05:10:16 pm »
c0n, I think you're in way over your head here. You should stop threatening people, because there are those who visit these forums who know more about what you're representing than you do yourself.

I never threatened anybody, and I'm in no way in over my head. And you think you are one of those people who knows "SO MUCH" about Full-Disclosure/non-disclosure? Ok, even though there isn't a lot to know about it.

In case you didn't notice, I wasn't talking about myself. And that was more directed at your views on WHY exactly. You seem to be talking about things you don't have much experiance in.

you're right, but then again you'd be one to know.

Oh yeah, I always make it look like I know more than I do, then get into fights when someone calls me on it.

what i was trying to say is that you know what i know, and the extent to my knowledge, so therefore you are one to judge me.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: How to rm yourself
« Reply #69 on: August 27, 2005, 05:13:56 pm »
All that I know is that you seem to be arguing your point poorly, which is usually a sign of not knowing enough about the subject.

I really don't think I want to argue this more. Bring something to the table in this thread, something that betters ANYTHING in the community, or don't post in it at all.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #70 on: August 27, 2005, 05:14:37 pm »
All that I know is that you seem to be arguing your point poorly, which is usually a sign of not knowing enough about the subject.

hehehe. there is not much to know about non-disclosure or full-disclosure, other than the people who read full-disclosure mailing lists and believe it are whitehatz, and da non-disclosure peepz are da blaqhatz

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: How to rm yourself
« Reply #71 on: August 27, 2005, 05:25:21 pm »
anywayz, eye found this thread awesome. it was such a gr8 way to troll, lololz