HackFest Series: NOVEMBER HackFest At ESTRELLA MOUNTAIN on November 16, 2008 Noon Until 3:30

blake gonterman gnunixguy at gmail.com
Wed Nov 5 15:39:54 MST 2008



November 16th is a sunday iirc

On Nov 4, 2008 2:30 PM, "Lisa Kachold" <lisakachold at obnosis.com> wrote:

This month, the HackFest has been moved to Estrella Mountain to take 
advantage of a generous offer from Randol L. Larson to use their Lab 
facilities.
http://www.estrellamountain.edu

Joey Prestia (joey at linuxamd.com) will be supporting the PLUG FEST, as we 
delve into the exciting area of Linux Security.  
Saturday November 16th, 2008 - Noon Until 3:30

We will bring targets for your practical exploits and scanning - and go over 
the original presentation materials for each lab - depending on the time 
available.
Presentation Materials are available for review if you just found us at: 
http://www.scribd.com/doc/6680231/Hack-Fest

It's suggested that people plan:

1) Develop and bring a machine with a good distribution or LiveCD's tested 
to work.
2) Social Engineer team members and choose one or two areas to concentrate 
on.  TEAMS usually always win most quickly -  as one person reviews the 
materials while the other does the lab.   

Again this is a practical lab - not a hacking/cracking demonstration.

This format is presented for computer professionals, linux security 
professionals and linux users and is in no way an advocation of cracking, 
disrespect for private property or illegal activities.
A disclaimer signature and email address will be required at the door.

See you all there!

Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis | 
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
------------------------------
------------------------------
From: lisakachold at obnosis.com
To: plug-discuss at lists.plug.phoenix.az.us
Subject: RE: HackFest Series: "Is it safe yet" or SSH Buffer Overflows and 
You - CHECK YOUR VERSIONS
Date: Thu, 30 Oct 2008 15:38:46 +0000

SSH Exploits are currently available in various forms:

1) General Stack Based exploits.  Also called Boundary Protection BOE's.  
Check your version.
Most older versions have been fixed:
http://secunia.com/advisories/search/?search=ssh+buffer+overflow

2) Protocol 1 exploits. (Check your Version) configure /etc/ssh/sshd_config 
to use Protocol 2.

3) Kerberos exploits - authentication when compiled against various insecure 
Kerberos. Check your version; these affect older versions of SSH or 
unpatched systems.
Description of exploit: http://kerneltrap.org/node/160

4) Random PRNG entropy SSL/SSH - announced in 2006 by a team of university 
students, this problem with random number generation allows the attacker to 
guess the key generation and affected nearly all versions of SSL/SSH - 
including routers/switches/firewalls and custom mail applictions.
Debian/Ubuntu descriptions from CERT:
http://www.debian.org/security/2008/dsa-1571" 
http://www.debian.org/security/2008/dsa-1576" 
http://www.ubuntu.com/usn/usn-612-1 http://www.ubuntu.com/usn/usn-612-2 
http://www.ubuntu.com/usn/usn-612-3 http://www.ubuntu.com/usn/usn-612-4 
http://www.ubuntu.com/usn/usn-612-5
http://www.ubuntu.com/usn/usn-612-6 http://www.kb.cert.org/vuls/id/925211 

5) Challenge and Response - allows escalated privileges upon overflow of the 
buffer:
Description and versions affected:

http://www.juniper.net/security/auto/vulnerabilities/vuln5093.html

Example Script that exploits SSH challenge response [see no die there then 
the overflow payload?]:

http://www.milw0rm.org/exploits/6804

BlackHat Training:

http://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-ss-el.html

Metasploit (comes setup on BackTrack) includes a few examples for SSH 
exploit training:

http://www.metasploit.com/ 

NOTE: This information has been intentionally obfuscated using 
intellectualism to filter out the less evolved crackers in favor of 
providing security tools to responsible professionals systems hackers [<sic> 
builders troubleshooters and ethical users].  

http://wapedia.mobi/en/Obnosis |  
http://en.wiktionary.org/wiki/Citations:obnosis | Obnosis.com (503)754-4452
------------------------------
> Date: Thu, 30 Oct 2008 00:49:53 -0700
> From: PLUGd at LuftHans.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: HackFest Series: "Is it safe yet" or SSH Buffer Overflows and 
You
> 
> Am 30. Okt, 2008 schwätzte Lisa Kachold so:
> 
> > SSH buffer overflow exploit - season to taste:
> > http://www.milw0rm.org/exploits/6804
> 
> Looks like this one is exploiting after authenticating as root. I presume
> the idea is that you could auth as someone else and still get root access.
> 
> my $user = "root";
> my $pass = "yahh";
> 
> $ssh2->auth_password($user, $pass) || "[-] Incorrect credentials\n";
> 
> Was a die left out?
> 
> $ssh2->connect($ip, $port) || die "[-] Unable to connect!\n";
> 
> > History:
> >
> > OpenSSH Challenge Response Buffer Overflow: 
http://www.securityfocus.com/bid/5093
> >
> > Report 2001 - updated last Nov 05 2007 02:45PM
> > Other boundary exploits, kerberos, auth and encryption exploits and 
overflows exist making encroachment via SSH trivial.
> 
> It's been almost a year since the update with no update on the update :(.
> 
> Everybody was too busy reacting to the debian problem?
> 
> ###
> **UPDATE: One of these issues is trivially exploitable and is still
> present in OpenSSH 3.5p1 and 3.4p1. Although these reports have not been
> confirmed, administrators are advised to implement the OpenSSH
> privilege-separation feature as a workaround.
> ###
> 
> I'd think the OpenBSD guys would have denied or confirmed this.
> 
> /me switches back to telnet. ;-)
> 
> ciao,
> 
> der.hans
> -- 
> # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
> # "If I want my children to work hard, I better be the hardest working
> # person they've ever met. If I want the children to be nice, I better
> # be the kindest human being they've ever met." -- Rafe Esquith

------------------------------
You live life beyond your PC. So now Windows goes beyond your PC. See how<http://clk.atdmt.com/MRT/go/115298556/direct/01/> 
------------------------------
You live life beyond your PC. So now Windows goes beyond your PC. See how<http://clk.atdmt.com/MRT/go/115298556/direct/01/>

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081105/bcd4c58d/attachment.htm 


More information about the PLUG-discuss mailing list