Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Phrack Magazine issue 53

Phrack Magazine issue 53



|Views: 519|Likes:
Published by jmuzz
Phrack Magazine from phrack.org . For the text version it's best to get it from the source.
Phrack Magazine from phrack.org . For the text version it's best to get it from the source.

More info:

Published by: jmuzz on May 09, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less





---[ Phrack Magazine Volume 8, Issue 53 July 8, 1998, article 01 of 15-------------------------[ P H R A C K 5 3 I N D E X--------[ Rumble in the MumbleMore than 6 months have passed since our last offering. My most humble,sincere and heartfelt apologies. At long last, here we are. Better late thennever, that's what I always say. Unless of course, the late version sucks,then I just like to disavow it entirely. Well, here we go again. AnotherPhrack issue to glorify behavior which would otherwise be classified associopathic or frankly psychotic (according to Mich Kabay). More of what youwant, more of what you need. Technical articles on fanatically enticingtopics, lines and lines of glorious source, another gut-busting installment ofLoopback, and of course, the News. Mammas, don't let your babies grow up tobe hackers. Or hookers for that matter.Alright. Let's get down to business. Let's talk remote attack paradigms.Remote attack paradigms can fall into one of two types, based off of thestandard client/server communication paradigm (we are glossing over anyextensions to the model like client to client or server to server stuff). Thetwo attack types are client to server (server-centric) and server to client(client-centric). Server-centric attacks are well known, understand anddocumented. Client-centric attacks are an area that is often overlooked, butis definitely fertile ground for exploitation. Below we look at both.----[ Server-CentricityHistorically, the vast majority of remote attacks have been server-centric.Server-centric, in this scope, refers to attacks that target server (or daemon)programs. A common (and frequently reoccurring) example is sendmail. Theattack targets a server (the sendmail daemon) and approximates a client (theexploit program). There are several reasons why this has been the trend:- Server programs typically run with elevated privileges. Serverprograms usually require certain system resources or access to specialfiles that necessitate privilege elevation (of course we know thisdoesn't have to be the case; have a look at POSIX 6). A successfulcompromise could very well mean access to the target system at that(higher) privilege level.- Discretion is the attacker's whim. The client/server message paradigmspecifies that a server provides a service that a client may request.Servers exist to process clientele requests. As per this model, theattacker (client) makes a request (attack) to any server offeringthe service and may do so at any point.- Client codebase is usually simple. Dumb client, smart server. Theimpact of this is two-fold. The fact that server code tends to bemore complex means that it is tougher to audit from a securitystand-point. The fact that client code is typically smaller and lesscomplex means that exploitation code development time is reduced.- Code reuse in exploitation programs. Client-based exploitation code
bases are often quite similar. Code such as packet generators andbuffer overflow eggs are often reused. This further cuts down ondevelopment time and also reduces required sophistication on the partof the exploit writer.All of these make server-centric attacks enticing. The ability toselectively choose a program to attack running with elevated privileges andquickly write up exploit code for it is a powerful combination. It is easy tosee why this paradigm has perpetuated itself so successfully. However, upuntil recently it seems another potentially lucrative area of exploitation hasgone all but overlooked.----[ Client-CentricityAn often neglected area of exploitation is the exact reverse of the above:client-centricity. Client-centric attacks target client programs (duh). Thetypes of programs in this category include: web browsers (which have seen morethen their share of vulnerabilities) remote access programs, DNS resolvers andIRC clients (to name a few). The benefits of this attack model are as follows:- Automated (non-discretionary) attacks. We know that, under theprevious paradigm, the attacker has complete autonomy over who s/heattacks. The benefit there is obvious. However, non-discretionaryattacking implies that the attacker doesn't even have to be aroundwhen the attack takes place. The attacker can set up the servercontaining the exploit and actually go do something useful (tm).- Wide dispersement. With client-centric attacks you can gain a wideraudience. If a server contains a popular service, people from all overwill seek it out. Popular websites are constantly bombarded withclientele. Another consideration: server programs often run infiltered environments. It may not be possible for an attacker toconnect to a server. This is rarely the case in client-centricattacks.- Client codebase not developed with security in mind. If you thinkserver code is bad, you should see some client code. Memory leaks andstack overruns are all too common.- Largely an untapped resource. There are so many wonderful holeswaiting to be discovered. Judging at how successful people have beenin finding and exploiting holes in server code, it goes to figure thatthe same success can be had in client code. In fact, if you take intoaccount the fact that the codebase is largely unaudited from asecurity perspective, the yields should be high.For all the above reasons, people wanting to find security holes shouldbe definitely be looking at client programs. Now go break telnet.Enjoy the magazine. It is by and for the hacking community. Period.-- Editor in Chief ----------------[ route-- Phrack World News --------------[ disorder-- Phrack Publicity ---------------[ dangergirl-- Phrack Librarian ---------------[ loadammo
-- Soother of Typographical Chaos -[ snocrash-- Hi! I'm an idiot! -------------[ Carolyn P. Meinel-- The Justice-less Files ---------[ Kevin D. Mitnick (www.kevinmitnick.com)-------- Elite --------------------> Solar Designer-- More money than God ------------[ The former SNI-- Tom P. and Tim N. -------------[ Cool as ice, hot as lava.-- Official Phrack Song -----------[ KMFDM/Megalomaniac-- Official Phrack Tattoo artist --[ C. Nalla Smith-- Shout Outs and Thank Yous ------[ haskell, mudge, loadammo, nihilis, daveg,-----------------------------------| halflife, snocrash, apk, solar designer,-----------------------------------| kore, alhambra, nihil, sluggo, Datastorm,-----------------------------------| aleph1, drwho, silitekPhrack Magazine V. 8, #53, xx xx, 1998. ISSN 1068-1035Contents Copyright (c) 1998 Phrack Magazine. All Rights Reserved. Nothingmay be reproduced in whole or in part without written permission from theeditor in chief. Phrack Magazine is made available quarterly to the public,free of charge. Go nuts people.Contact Phrack Magazine-----------------------Submissions: phrackedit@phrack.comCommentary: loopback@phrack.comEditor in Chief: route@phrack.comPublicist: dangergrl@phrack.comPhrack World News: disorder@phrack.comSubmissions to the above email address may be encrypted with the following key:-----BEGIN PGP PUBLIC KEY BLOCK-----Version: 2.6.2mQENAzMgU6YAAAEH/1/Kc1KrcUIyL5RBEVeD82JM9skWn60HBzy25FvR6QRYF8uWibPDuf3ecgGezQHM0/bDuQfxeOXDihqXQNZzXf02RuS/Au0yiILKqGGfqxxP88/OvgEDrxu4vKpHBMYTE/Gh6u8QtcqfPYkrfFzJADzPEnPI7zw7ACAnXM5F+8+elt2j0njg68iA8ms7W5f0AOcRXEXfCznxVTk470JAIsx76+2aPs9mpIFOB2f8u7xPKg+WDDJ2wTS1vXzPsmsGJt1UypmitKBQYvJrrsLtTQ9FRavflvCpCWKiwCGIngIKt3yG/v/uQb3qagZ3kiYr3nUJ+ULklSwej+lrReIdqYEABRG0GjxwaHJhY2tlZGl0QGluZm9uZXh1cy5jb20+tA9QaHJhY2sgTWFnYXppbmU==1iyt-----END PGP PUBLIC KEY BLOCK-----As always, ENCRYPTED SUBSCRIPTION REQUESTS WILL BE IGNORED. Phrack goes outplaintext. You certainly can subscribe in plaintext.phrack:~# head -20 /usr/include/std-disclaimer.h/** All information in Phrack Magazine is, to the best of the ability of the* editors and contributors, truthful and accurate. When possible, all facts* are checked, all code is compiled. However, we are not omniscient (hell,* we don't even get paid). It is entirely possible something contained* within this publication is incorrect in some way. If this is the case,* please drop us some email so that we can correct it in a future issue.*** Also, keep in mind that Phrack Magazine accepts no responsibility for the* entirely stupid (or illegal) things people may do with the information* contained here-in. Phrack is a compendium of knowledge, wisdom, wit, and

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->