getting things straight...

[cyrax]

Goats are sexy

[ June 06, 2002: Message edited by: X11 / BOB ]

[cyrax]

could someone tell me why on IRC there are chat rooms with hundreds to thousands of people trading hacked linux box accounts? i dont see people trading hacked windows boxes

 

[cyrax]

Hey,

I found this on http://www.jimmo.com/Linux-NT_Debate/Security.html

Yes, there are holes in UNIX and Linux. In order to exploit them, you need to either be a UNIX guru or an expert programmer (or both). Anyone can easily exploit the holes in NT.

How come i have seen people root a Linux box by running a single exploit with one command and then type "dir" and that guy says you have to be an expert programmer?!? my my my

[Heru]

Your first two posts make a sort of messed up half sense, I think I'll just ignore those...

You saw someone root a Linux box?  Well if this is true they probably had a somewhat(or perhaps quite) advanced program that they either downloaded or made themselves(meaning they would be an advanced programmer), and chose an insecure target.

I've tried to hack into my Linux box, I just cant do it!  No luck.  While later I tried to hack into my windows box, it was quite easy.  Now keep in mind that they are both connected to the same cable modem and both are protected by software firewall.

[voidmain]

I guess he's never heard of Code Red.  Hell, you only need to hack one Windows box and then they hack themselves from there... All I can say is, I'm sure glad I didn't have any IIS boxes. I would have made a special trip to Redmond to take a nice healthy shit on the lawn.

[cyrax]

Linux exploits.. there everywhere, their also traded for hacked boxes on IRC. i have tested one on my own box , i got it from some guy who had a shell account on my redhat box. i cant remember the filename but it was like s10 or something
all i typed was ./s10 and i was instantly dropped to root. i could even change the pass without knowing it originally!

[cyrax]

If i had a dollar for every linux exploit on this page i would be pretty happy  

http://www.insecure.org/sploits_linux.html

[cyrax]

Voidman, I dont run IIS so i dont have a problem. if i wanna run an ftp i just download bulletproof ftp server. simple

[cyrax]

ahhh voidman havn't you heard of the worm that took down NASA years ago? they were all sun and linux servers + workstations. the IIS boxes dont hack themselves its worm code that just eats its way through the network

[cyrax]

read read

http://www.networkmagazine.com/article/NMG20010518S0001

[hoojchoons]

Are you trying to compare the exploits written for IIS machines to those written for Linux machines? If so, you're sentenced to fail. I don't believe that anyone in here ever claimed that *nix and Linux boxes are "bulletproof". Of course there are vulnerabilities and security holes in every OS but try comparing the time it takes for the latter to be patched in Linux to the time it takes for M$ to patch Windoze holes!

[cloudstrife]

quote:Originally posted by cyrax-:
If i had a dollar for every linux exploit on this page i would be pretty happy    

http://www.insecure.org/sploits_linux.html

For almost every exploit on this page, you must have some programming knowledge.  Also, most of these exploit deal with versions of linux from around '98.

[Master of Reality]

this is a pretty stupid thread... its just cyrax trying to fill a gaping hole of insecurity about linux within hinself.

[voidmain]

All I can say is, none of my Linux servers have ever been hacked, and I have many of them exposed.  *All* of the Windows machines have been hit with viruses and worms more than one time. Linux and BSD are the only machines I expose to the internet and one is up to 479 days of uptime. Let's see, how many Win servers do you have with that sort of record?

[dwar]

quote: could someone tell me why on IRC there are chat rooms with hundreds to thousands of people trading hacked linux box accounts? i dont see people trading hacked windows boxes

You are right, but most of those aren't from core exploits. People run extra programs that have vulnerabilities of their own. Now, compare hundreds to thousands to the thousands to hundered of thousands of hacked windows machines. Unlike UNIX on winblows you gain access to the whole system instead of just the user it was running on. Don't act like winblows doesn't ever get hacked. I've seen multiple irc channels with over 5000-10000 hacked winblows clients. So don't start getting all cocky about things you don't even know what you are talking about.

Winblows is a paradise for worms, virii, and trojans. Think about it, if you were a virus would you want to live in Hawaii, or in a working systemized enviorment such as a big city, where you can't really do what you want.

[ June 01, 2002: Message edited by: dwar ]