[Plug-security] Exploitable Virtual Target Builders Wanted

Sun Aug 18 07:31:49 MST 2013

Sure Mark,

Yes, the system will be completely breakable - and no longer a production
box.  You will setup exploits (like ssh and web systems - modules or
php/mysql that we know are easily pwned).

You can copy your image to our server (see below):

On Sat, Aug 17, 2013 at 9:02 PM, Mark Phillips
<mark at phillipsmarketing.biz>wrote:

> Lisa,
>
> I have an older Debian production server on Linode. Would you be breaking
> it? I will be back in town on Monday. Can we talk then?
>
You've got two options to use this image (which can be copied) on ESXi:

*1) With VMware Converter (many prerequisites)*:

It depends on the version of Linux running at Linode and the type of
destination you are using.

Since our destination is an ESX/ESXi host, we're in luck. [If we were
wanting to use VMware Server, VMware Workstation, or VMware Player there
would be no joy due to how the Linux P2V process works by using a helper VM.

BTW LILO is not supported.  LVM volumes will be converted to basic volumes.

For the conversion itself, we need to have port 22 and 443 on your source
open and your destination over the internet or a VPN.  I can open ports as
needed in the rack.

See the VMware vCenter Converter Standalone 4.x User's
Guide<http://www.vmware.com/pdf/convsa_43_guide.pdf>

*Without VMware Converter (no point and click GUI, no support):*

Set up a VM with identical specs to your Linode box in terms of vCPUs, RAM,
disk layout, and OS.

Do a netcat/block copy of your Linode box devices.

Destination:

nc -l -p 9001 | dd of=/dev/sda

Source:

dd if=/dev/sda | nc <target-system-ip> 9001

The Conshell Linux P2V <http://conshell.net/wiki/index.php/Linux_P2V> is a
good resource for problems, preparation and other advice using this method.

I am available via Skype as obn0sis.

> On Aug 17, 2013 3:11 PM, "Lisa Kachold" <lisakachold at obnosis.com> wrote:
>
>> We have a great ESXi server running in the DeVry Rack if you have a
>> virtual host to present to the community for public exploit?
>>
>> This is especially great because you don't have to stand up and talk if
>> you don't want to.  We will assign it an IP and let them at it.
>>
>> It IS especially nice when we expose why the system was exploitable after
>> and what small systems changes would have made it rock solid secure, but
>> you don't have to do that if you don't want to; we have a whole community
>> of security professionals willing to talk on those subjects.
>>
>> But just think how fun it is to build insecure systems?  Hundreds of
>> thousands of web developers and hosting shops do it every day?
>>
>>
>> Contact me for details if interested!
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com/c/>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Plug-security mailing list  -  Plug-security at lists.phxlinux.org
>> To change settings or unsubscribe:
>> http://lists.phxlinux.org/mailman/listinfo/plug-security
>>
>>
> _______________________________________________
> Plug-security mailing list  -  Plug-security at lists.phxlinux.org
> To change settings or unsubscribe:
> http://lists.phxlinux.org/mailman/listinfo/plug-security
>
>

-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/c/>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20130818/5dff37fa/attachment-0001.html>