How to rm yourself

[mynameistmp]

I'm guessing you also have no way to root me.

[c0n]

I'm guessing you also have no way to root me.

I'm not a bragger.

[iago]

Scr33n0r, stop posting stupid shit in otherwise good threads, please?

Tmp -- It really depends on the implementation.  Yes, that makes it a lot trickier, but I'm rather sure that there's ways to get around it.  I would need more specifics on it.  Perhaps you can do it with a search? Or with randomness? Or by attacking key areas, or using known values?  If I do a malloc() in my shellcode, and base my attack at a certain relative location to that heap address, does that give me access?  I can start searching the heap based on the location that I'm given by malloc() and find an important value that will help me take over the world?  It's all just in theory, it depends on the implementations of everything involved. 

I realize you're trying to inspire argument, "something to think about"-style, so good job.

c0n -- Full disclosure helps security professionals of all kinds.  The same security professionals that are going to be helping me in my career.  If I help out a lot of people, and get my name known, it will be a lot easier to get a job.  That's why I do a lot of volunteer work for whitehats, and I try to make as many friends and become a member of as many groups (in real life, I mean) as I can.  It's all about having work in the future. 

Plus, I greatly enjoy what I do, and I like to see others benefit from it. 

[c0n]

Scr33n0r, stop posting stupid shit in otherwise good threads, please?

Tmp -- It really depends on the implementation.  Yes, that makes it a lot trickier, but I'm rather sure that there's ways to get around it.  I would need more specifics on it.  Perhaps you can do it with a search? Or with randomness? Or by attacking key areas, or using known values?  If I do a malloc() in my shellcode, and base my attack at a certain relative location to that heap address, does that give me access?  I can start searching the heap based on the location that I'm given by malloc() and find an important value that will help me take over the world?  It's all just in theory, it depends on the implementations of everything involved. 

I realize you're trying to inspire argument, "something to think about"-style, so good job.

c0n -- Full disclosure helps security professionals of all kinds.  The same security professionals that are going to be helping me in my career.  If I help out a lot of people, and get my name known, it will be a lot easier to get a job.  That's why I do a lot of volunteer work for whitehats, and I try to make as many friends and become a member of as many groups (in real life, I mean) as I can.  It's all about having work in the future. 

Plus, I greatly enjoy what I do, and I like to see others benefit from it. 

I'm glad we got to a good discussion, rather than a flame war (which we almost got into). In reply to your reply to tmp...
PaX (and grsec (sucks), and other various attempts) randomizes memory locations, so that an attacker trying to guess a location has the chance of 1/2^b, which can work out to millions of possibilities. So your theory does not do that much. Also know that these security modules all have their limitations, and are owned hardcore by blaqhats. I understand why you want to help the security industry (money), but it's hardly a reason to call yourself a hacker. Hackers don't hack for money or fame.

[iago]

You obviously don't know the correct definition of a hacker.

hack·er1   Audio pronunciation of "hacker" ( P )  Pronunciation Key  (hkr)
n. Informal

   1. One who is proficient at using or programming a computer; a computer buff.n 2: someone who plays golf poorly 3: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring tasks [syn: hack, drudge]

I fit well into all of those, especially 2

[c0n]

You obviously don't know the correct definition of a hacker.

hack·er1   Audio pronunciation of "hacker" ( P )  Pronunciation Key  (hkr)
n. Informal

   1. One who is proficient at using or programming a computer; a computer buff.n 2: someone who plays golf poorly 3: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring tasks [syn: hack, drudge]

I fit well into all of those, especially 2

Those are bullshit definitions. You got that from dictionary.com -- as if they'd know. Hackers break into systems. There are no hacker ethics, because you're already breaking the law by hacking a system. Hackers really don't need to care if they do harm to a system.

[Ergot]

You don't always break the law by hacking a system. If you hack your own system, or have permission to, then it's not illegal.

[Joe]

Joe: iago, can I hack Microsoft?
iago: Go ahead.

I have permission, is it legal?

For the record, iago never said that.

[iago]

You obviously don't know the correct definition of a hacker.

hack·er1   Audio pronunciation of "hacker" ( P )  Pronunciation Key  (hkr)
n. Informal

   1. One who is proficient at using or programming a computer; a computer buff.n 2: someone who plays golf poorly 3: a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring tasks [syn: hack, drudge]

I fit well into all of those, especially 2

Those are bullshit definitions. You got that from dictionary.com -- as if they'd know. Hackers break into systems. There are no hacker ethics, because you're already breaking the law by hacking a system. Hackers really don't need to care if they do harm to a system.

No, "crackers" break into systems.  "hackers" are computer experts.  You've fallen victim to the media definition.

[Blaze]

iago is right about the definintions c0n, him being a hacker himself!

[c0n]

iago is right about the definintions c0n, him being a hacker himself!

Nope, that is incorrect.

About the medias definition. It's correct, real hackers do break into systems, because that's what hackers are. They are people who break into systems. Hackers are also computer experts. Computer experts who break into systems. They aren't these so-called 'security enthusiasts' who go around acting like they are elite by going around posting to BugTraq. Blackhats are the only real hackers in this world. Read http://hysteria.sk/chroot/PHC/texts/, and understand what real hackers are, and what whitehats are. If whitehats are hackers, then they are sad excuses for hackers. Greyhat-is-whitehat, there's no such thing as a greyhat. You can't expect yourself to be elite if you post to bugtraq all the time. There are no ethics in real hacking. Whitehats have no way of breaking into patched systems, and that's final.

Since the time hackers were born, even hackers considered themselves to be people who owned systems. Seriously, this is what a hacker is -- someone who breaks into systems. If you guys have ever been in the scene, you'd know this. Everybody in the actual underground calls themselves hackers. But then again, I guess none of you have actually been in it. Especially not whitehats.

[iago]

iago is right about the definintions c0n, him being a hacker himself!

Nope, that is incorrect.

About the medias definition. It's correct, real hackers do break into systems, because that's what hackers are. They are people who break into systems. Hackers are also computer experts. Computer experts who break into systems. They aren't these so-called 'security enthusiasts' who go around acting like they are elite by going around posting to BugTraq. Blackhats are the only real hackers in this world. Read http://hysteria.sk/chroot/PHC/texts/, and understand what real hackers are, and what whitehats are. If whitehats are hackers, then they are sad excuses for hackers. Greyhat-is-whitehat, there's no such thing as a greyhat. You can't expect yourself to be elite if you post to bugtraq all the time. There are no ethics in real hacking. Whitehats have no way of breaking into patched systems, and that's final.

Since the time hackers were born, even hackers considered themselves to be people who owned systems. Seriously, this is what a hacker is -- someone who breaks into systems. If you guys have ever been in the scene, you'd know this. Everybody in the actual underground calls themselves hackers. But then again, I guess none of you have actually been in it. Especially not whitehats.

Well, they're using the word wrong.  Sucks to be them, I guess

I've never personally claimed to be a hacker.  I don't want that kind of image.  I'll admit to being a security expert, or a whitehat.  I know how to hack, but don't.

And even though I'm a whitehat, I can still break into a patched system.  There at at least 2 ways:
1. I can phone the owner or a user, lie to them, and get them to fix me up (social engineering is totally possible).
2. I can scrutinize the software that they're using and find a vulnerability myself.  Why not?  I may be a whitehat, but I know a lot about software vulnerabilities. 


Next question is, how do pen-testers fit in?  I know people who legally attempt to break into systems.  Would you not call that hacking?  Or do you have to have malicious and illegal intentions?

[c0n]

iago is right about the definintions c0n, him being a hacker himself!

Nope, that is incorrect.

About the medias definition. It's correct, real hackers do break into systems, because that's what hackers are. They are people who break into systems. Hackers are also computer experts. Computer experts who break into systems. They aren't these so-called 'security enthusiasts' who go around acting like they are elite by going around posting to BugTraq. Blackhats are the only real hackers in this world. Read http://hysteria.sk/chroot/PHC/texts/, and understand what real hackers are, and what whitehats are. If whitehats are hackers, then they are sad excuses for hackers. Greyhat-is-whitehat, there's no such thing as a greyhat. You can't expect yourself to be elite if you post to bugtraq all the time. There are no ethics in real hacking. Whitehats have no way of breaking into patched systems, and that's final.

Since the time hackers were born, even hackers considered themselves to be people who owned systems. Seriously, this is what a hacker is -- someone who breaks into systems. If you guys have ever been in the scene, you'd know this. Everybody in the actual underground calls themselves hackers. But then again, I guess none of you have actually been in it. Especially not whitehats.

Well, they're using the word wrong.  Sucks to be them, I guess

I've never personally claimed to be a hacker.  I don't want that kind of image.  I'll admit to being a security expert, or a whitehat.  I know how to hack, but don't.

And even though I'm a whitehat, I can still break into a patched system.  There at at least 2 ways:
1. I can phone the owner or a user, lie to them, and get them to fix me up (social engineering is totally possible).
2. I can scrutinize the software that they're using and find a vulnerability myself.  Why not?  I may be a whitehat, but I know a lot about software vulnerabilities. 


Next question is, how do pen-testers fit in?  I know people who legally attempt to break into systems.  Would you not call that hacking?  Or do you have to have malicious and illegal intentions?

Like I said, in hacking there are no ethics. And no, the Phrack High Council (PHC, nothing to do with phrack.org (phrack.org are lame whitehats)) are not using the word wrong. Simply because they could own any system they want, so I'm sure they'd know. Hackers are people who break into systems. If you are a whitehat, you are my enemy, and the enemy of over 300 pr0j3kt m4yh3m supporters who DO know their shit, and I know many of them. Also, if you want to tell PHC that you are a whitehat, and that you disagree with their usage of the word 'hacker', head on over to one of their cells (across many irc networks -- efnet #phrack (which is banned now), ircsnet #phrack, undernet #phrack, and some others). Another would include #msnetworks on an 'unknown network', but that cannot be disclosed, and it's invite-only. That is all, have a nice day.

Later,

c0n (pr0ud supp0rt3r 0f pr0j3kt m4yh3m)

[dx]

Gets a warm feeling that c0n watches fight club too much, and thinks way to highly of himself

[c0n]

Gets a warm feeling that c0n watches fight club too much, and thinks way to highly of himself

I have never watched fight club, but some ideas of Pr0j3kt M4yh3m are from fight club.
I get a warm feeling that darkxir buys too many coke bricks, and snorts them way too much. And no, I don't think too highly of myself. Although, I do think of myself being better than you, a poor and messed up drug addict who spends most of his money on bricks of cocaine. If you don't want me to flame you, then don't reply to things I say, loser. Go back to coke-addicts anonymous.