Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 69

Thread: Hack me.

  1. #21
    Join Date
    Jun 2007
    Location
    The Netherlands
    Beans
    1,279
    Distro
    Ubuntu Development Release

    Re: Hack me.

    There is a way to bypass routers with all ports closed. A lot of people have services running behind a router firewall. bypass the router and you can access and therefore exploit those services.

  2. #22
    Join Date
    Jan 2008
    Beans
    204
    Distro
    Hardy Heron (Ubuntu Development)

    Re: Hack me.

    I think opening up ssh is something a typical user would do.
    ssh allows you to remotely access your computer, it's something I use every single day at work.
    apache is a webserver that allows you to host webpages on your computer, also very common.

    There are less common things that could be opened, such as a VNC server, which like ssh allows you to remotely access your computer, but VNC allows for full graphical use, ie I can view my gnome session at home from my laptop.
    Then of course there are less known services. I run GNUMP3d so I can listen to my entire music library at work even though it's all located on my home pc.

    If there are no open ports, and the user is not doing anything, then you're not getting in.

    In Windows, and more specifically older versions of IE, there were simpler ways to gain remote access. Netbios was open for viewing by default on older Windows distros. IE used to allow all sorts of horribly insecure active X controls. I remember it used to be possible to force a Windows user to download and install a trojan just by visiting a webpage.

    Ubuntu and linux in general is a whole nother ball game. It comes with no ports open by default, and the multiuser setup means that nothing that you as a normal user run is ever going to hurt anything more than your /home folder. (Unless you're an idiot and you're logged in as root)

    If anyone can hack into a default Ubuntu install with no open ports that's behind a router, my hat's off to them; I don't think it's possible. My logic makes sense doesn't it? If it were possible to hack into an Ubuntu machine that had no open ports/services running, then why aren't all our machines compromised right now?

  3. #23
    Join Date
    Jan 2007
    Beans
    1,795

    Re: Hack me.

    Quote Originally Posted by ASULutzy View Post
    Is this a clean Ubuntu install with absolutely no ports open?

    IMO you should make it a more "typical" setup and get ssh going, maybe an apache webserver, VNC server, something. Or else you're just asking people to bang their heads off a wall
    I disagree it should be a default Ubuntu install with all the patches and security updates currently offered to bring it up to date. SSH, VNC services, Apache are not part of the default Ubuntu install.

    They are correct about the router however its not a contest to hack the router.

  4. #24
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Hack me.

    Quote Originally Posted by jrusso2 View Post
    I disagree it should be a default Ubuntu install with all the patches and security updates currently offered to bring it up to date. SSH, VNC services, Apache are not part of the default Ubuntu install.

    They are correct about the router however its not a contest to hack the router.
    Just a reminder though, that with an default ubuntu install and with no serices running, there is zero to no chance of breaking in. I think breaking in was the point here, though.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  5. #25
    Join Date
    Jun 2007
    Location
    The Netherlands
    Beans
    1,279
    Distro
    Ubuntu Development Release

    Re: Hack me.

    Quote Originally Posted by Dr Small View Post
    Just a reminder though, that with an default ubuntu install and with no serices running, there is zero to no chance of breaking in. I think breaking in was the point here, though.
    I seriously disagree. Services provide a more easy way to hack a system. With no services running it is still possible to hack a system, it's just much harder. You can for instance let the owner of the system do something stupid; tempting him/her to visit a rigged webpage with the target machine for instance.

  6. #26
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Hack me.

    Quote Originally Posted by whoop View Post
    I seriously disagree. Services provide a more easy way to hack a system. With no services running it is still possible to hack a system, it's just much harder. You can for instance let the owner of the system do something stupid; tempting him/her to visit a rigged webpage with the target machine for instance.
    That would require social engineering, not hacking. Please provide sufficent evidence that it is possible to hack a system that is without any services. As of yet, I have seen no examples nor know of any.

    It is possible to hack a system without services, only if physical access is to be had on the system.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  7. #27
    Join Date
    Jun 2007
    Location
    The Netherlands
    Beans
    1,279
    Distro
    Ubuntu Development Release

    Re: Hack me.

    Quote Originally Posted by Dr Small View Post
    That would require social engineering, not hacking. Please provide sufficent evidence that it is possible to hack a system that is without any services. As of yet, I have seen no examples nor know of any.

    It is possible to hack a system without services, only if physical access is to be had on the system.
    Me thinks social engineering is a part of hacking.
    I think it's quite simple: if all ports are closed you cannot access the system directly, unless there is some flaw in the technology that is keeping the ports closed. In the situation of "all ports closed" the preferred method is accessing the system from the inside out. Hacking from the inside out often requires some social engineering. Especially when you have a specific target.
    It often does not even require direct communication. Somebody could even post a link in this thread, hoping that the target system will visit it.

    Hell, you can even open up ports of a router/firewall with some html/javascript code...
    Last edited by whoop; May 22nd, 2008 at 04:41 AM.

  8. #28
    Join Date
    Jan 2007
    Beans
    1,795

    Re: Hack me.

    Quote Originally Posted by Dr Small View Post
    There is ARP poisoning (which 2point0 knows more about than I do) and XSS. Both, I thought had to be done on the network end. Unless a port is open and a service is listening on it, an attacker can not get in, as far as I know.

    Opening a port does not only increase the chance, but makes it possible to exploit or bruteforce. Otherwise, I don't think it is possible.
    Thats why the first day no one hacked any of the operating systems. It was not until other applications were added that they were hacked.

    A known unfixed exploit in safari was used which the hacker had set up an exploit on his website to exploit this vulnerability that he knew about in advance.

  9. #29
    Join Date
    Sep 2006
    Location
    Chicago
    Beans
    355

    Re: Hack me.

    I haven't port scanned anything, but based upon what I have read here is the deal:

    To hack a system that 100% has no ports facing the internet i.e. open, it needs to be an application or client-side exploit. For example, I would need to get you to visit a malicious website that could hijack your browser and somehow allow me to execute arbitrary code on your box.

    Would that make it hacking or just user stupidity in clicking unverified links? (This was how the Mac was compromised, via a client-side browser exploit, probably related to http://secunia.com/advisories/29483/ Careful, might be an obfuscated URL and I just ninja'ed your computurz! just kidding, click it)

    Secondly, let's say you did open SSH on your box and/or router, why in God's name would anyone publish a remote no-auth access exploit? 1) that exploit can be sold for BIG money, 2) that exploit could be used to compromise much more valuable systems. Any cracker that manages to find an exploit of that magnitude either sells it or keeps it locked down and very private.

    Unfortunately I believe your expectations of proving your system (in)security are unrealistic. The fact of the matter is that no one really cares about rooting a home user's box, the real targets that people look for are misconfigured virtual hosts, vulnerable PHP code, improperly handled CGI scripts and countless more. You don't have any PHP code to exploit if you have a stone cold "virgin" install, see where this is going? For the most part, the only people that hit up desktop machines are botnet herders looking for (usually) machines that can easily be identified as vulnerable or talentless children who just got their hands on Metasploit. This goes back to my original point, if you have no services to exploit, then the attack is reliant on your own stupidity or tricking you into installing a malicious package or getting you to run an application which will allow a hostile attacker to gain control of your system. In this case, your scenario is simply not condusive to a head on attack.

    Then there is a question of how you define being hacked. A DDOS can knock your connectivity but it isn't rooting the system, so is it 'less' of a hack? Surely if you define a malicious hack as a disruption of any normal service or system function then a DDoS attack is legitimate. If you define it as someone being able to root your desktop, not to sound rude...but who cares?

    And to answer your other question about pwn2own and why no one hit the Ubuntu box...well, the other machines were Vista and Mac. Vista is known to be insecure and the Mac...it's a mac, again, who cares? As *nix servers make up a significant portion of the internet backbone, an attacker would be smart to NOT reveal they have the ability to automagically dominate a system remotely. Furthermore, Ubuntu has the largest portion of Linux desktops in which case a remote exploit is far more valuable when kept private.

    Personally, if I could access any Ubuntu box with some ubermagical pwnz0r exploit the last thing I would do is make it public knowledge but that's just me.
    Last edited by The Tronyx; May 22nd, 2008 at 08:06 AM.
    UbuntuBeginnersTeam
    UbuntuSecurity
    Blawg
    Questions pertaining to "stealthed" ports kind of make me LOL IRL

  10. #30
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: Hack me.

    Quote Originally Posted by yaztromo View Post
    My feeling is that having no open ports is not like having a room with no doors.
    That's exactly what it's like. No open ports, no services, no way in.

    Packets are still coming in to the system and the kernel has to look at them in some way, even if to just determine there is no service on the requested port. Since a directly connected machine will examine all data before disregarding it I still feel there are many things a skilled hacker can do to try and trip up a system with no services running.
    Wouldn't that be an attack on the kernel's tcp stack? The worst outcome might be a kernel crash but no access to the box.
    Brian.

Page 3 of 7 FirstFirst 12345 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •