Anonymous hackers - how dey do dat?

Discussion in 'Computer Security' started by RayLopez99, Dec 10, 2010.

  1. Yeah, Dustin why not do all the work for this lazy bastard.

    Ari Silverstein, Dec 16, 2010
    1. Advertisements

  2. RayLopez99

    Dustin Guest

    Depending on how you achieve the buffer overflow; you're intended
    instructions *may* get executed. It's not a guarantee. Google likely has
    many user friendly explanations for a buffer overflow situation. I'd
    recommend reading one or two articles and come back if you have specific
    questions on it. They are runtime errors; thanks to (imo) poorly written
    code. IE: lacking a string check to ensure the data your fixing to put in
    the buffer will fit.

    Hackers are generally only very weakly motivated by conventional rewards
    such as social approval or money. They tend to be attracted by
    challenges and excited by interesting toys, and to judge the interest of
    work or other activities in terms of the challenges offered and the toys
    they get to play with.
    Dustin, Dec 16, 2010
    1. Advertisements

  3. RayLopez99

    Dustin Guest

    To be honest, I'm of the mindset that you need to have done your homework
    as best as you could before asking general questions about the subject.
    IE: you would already know the answer and then you can ask specific
    questions you might not know, AND, you'll understand my and others
    replies to them. I'm not trying to come across as a wiseass or anything
    like that nor do I intend to insult you.

    Hackers are generally only very weakly motivated by conventional rewards
    such as social approval or money. They tend to be attracted by
    challenges and excited by interesting toys, and to judge the interest of
    work or other activities in terms of the challenges offered and the toys
    they get to play with.
    Dustin, Dec 16, 2010
  4. Another program running along might eventually hit the code that
    corrupted their memory space and run it, but it would have to hit that
    code right at its starting point. If you lead in to the starting point
    with NOPs it provides a bigger surface and a greater likelihood that the
    program flow (when it is its turn to run) steps into the corrupted area.
    The NOPs act like a sled sliding the execution path right up into the
    malicious code's starting point. While the NOP doesn't actually do
    anything, the instruction pointer will still be incremented.
    FromTheRafters, Dec 16, 2010
  5. I stand corrected.

    I was trying to point out that execution of the malicious code's payload
    is not guaranteed - sometimes just a DoS and sometimes more.
    FromTheRafters, Dec 16, 2010
  6. Nope.
    "When the Sicilians put out a contract, it's usually limited to the
    continental United States, or maybe Canada or Mexico. But with the
    Corsicans, it's international. They'll go anywhere. There's an old
    Corsican proverb: 'If you want revenge and you act within 20 years,
    you're acting in haste.' " ~Lou Conein
    Ari Silverstein, Dec 16, 2010
  7. RayLopez99

    RayLopez99 Guest

    All you do is "laugh out loud" like the loudmouth crazy you are. LOL.

    RayLopez99, Dec 16, 2010
  8. RayLopez99

    RayLopez99 Guest

    You sound knowledgeable. Or you're a good faker. In either event,
    what language would this virus stuff be running at, what API? Is this
    some Javascript, or something unique to Adobe's API (whatever language
    they use, probably Java or some variant), or is this virus stuff based
    on the Windows API that back in the days I played around with in the
    MFC, or all of the above or something else? Perhaps this virus stuff
    is done in assembly language, or IL pseudocode for .NET that is
    injected in with the good code? It's all very confusing how such
    apparently piggybacking is done, especially since at least with .NET
    all assemblies are cryptographically signed so you cannot introduce (I
    think) bogus or extraneous executables with your package.

    RayLopez99, Dec 16, 2010
  9. You are correct, I miswrote. :eek:(

    My point was that the overflow does not *always* cause an immediate
    result, nor does it guarantee a particular result.
    FromTheRafters, Dec 16, 2010
  10. Yep.
    If you really must fellate me,
    Though the thought appalls;
    Remember work the shaft
    And cup the balls.
    Ari Silverstein, Dec 16, 2010
  11. But I'm not a lazy bastard who comes to Usenet with his mouth open
    ready to suck any wiener that will do my work for me.

    Btw, chin, wipe, drool, RL. lol
    Ari Silverstein, Dec 16, 2010
  12. RayLopez99

    RayLopez99 Guest

    No, this stuff is harder than it sounds.
    But how does it get there? That's the question. Simple example: I
    have malware, I pretend it's something good and ask the end user to
    install it on their machine. End user complies. The malware installs
    itself with the user's permission. The user clicks on the malware
    icon. Malware launches. Malware reformats user's hard drive. That's
    straightforward. But what this thread is about is a user using their
    browser and/or giving permission to a hacker group to try and
    penetrate their machine, and without doing more, the machine being
    taken over by a virus/bot/vector/something bad. How dey do dat?

    From the (Metasploit) Megasploit entry for Wikipedia, which you
    thoughtfully provided:

    The basic steps for exploiting a system using the Framework include -
    Choosing and configuring an exploit (code that enters a target system
    by taking advantage of one of its bugs; about 300 different exploits
    for Windows, Unix/Linux and Mac OS X systems are included);
    Checking whether the intended target system is susceptible to the
    chosen exploit (optional);
    Choosing and configuring a payload (code that will be executed on the
    target system upon successful entry, for instance a remote shell or a
    VNC server);
    Choosing the encoding technique to encode the payload so that the
    intrusion-prevention system (IPS) will not catch the encoded payload;
    Executing the exploit.
    This modularity of allowing to combine any exploit with any payload is
    the major advantage of the Framework: it facilitates the tasks of
    attackers, exploit writers, and payload writers.

    Notice the step "Choosing the encoding technique"--that's important.
    Exploiting bugs is also interesting "about 300".
    OK, DEP, Johnny DEP. Learned something new.
    Do you think Adobe's javascript is less secure than Microsoft's
    Silverlight, which is a .NET platform? I would like to think so.
    Like I say, .NET cryptographically signs all assemblies.
    Thanks, about Metasploit.

    RayLopez99, Dec 17, 2010
  13. RayLopez99

    RayLopez99 Guest

    "But", butt boi? So you admit you are a loudmouth?

    Now here's a conundrum for you, Ari. You are not superstitious are
    you? Surely you don't believe in curses? So I place a Balkan curse
    on your head. Check the header on this post if you don't believe it's
    coming from the Balkans. By the reading of this post something bad
    will happen to you within the next 12 months, like a serious car
    accident resulting in death, fatal cancer, or financial ruin leading
    to suicide, unless you reply to this thread.

    So you're in a bind Ari. If you reply to this thread, you let the
    whole world know that you believe in this "nonsense". Your
    credibility as a rational person is shot (more than it already is).
    Yet if you don't reply...

    Ball is in your court Ari.

    RayLopez99, Dec 17, 2010
  14. No that's your asshole, now roll back over and quit making a fool out
    of yourself.
    Ari Silverstein, Dec 17, 2010
  15. RayLopez99

    vince Guest

    Uh, "ant" you do realize you are being TROLLED. It's your time waste
    it if you want with this gabardine dick stroker.
    vince, Dec 17, 2010
  16. RayLopez99

    RayLopez99 Guest

    Ah, very wise. You did reply, because you are afraid of the curse.
    Good choice.

    Just keep in mind one thing however: though you're off the hook--for
    now--the very fact you believe means I own you. At any time I can
    invoke the curse again.

    So you are dismissed and free to go little man--for now.

    RayLopez99, Dec 17, 2010
  17. RayLopez99

    RayLopez99 Guest

    OK, so you are hanging your hat on javascript. Fair enough.

    Right. I think the easiest kind of malware to propagate.
    Right. So answer the subthread: you think javascript is insecure
    then? Noted.

    Yes. Encrypted zip files. But again it would presumably rely on the
    Javascript downloading them, opening them, installing them. I would
    image most AV programs should detect that.
    Script = java. Noted again.
    So .NET is immune from such attacks. Java is the evil enabler. Noted.

    RayLopez99, Dec 17, 2010
  18. From: "vince" <>

    | Uh, "ant" you do realize you are being TROLLED. It's your time waste
    | it if you want with this gabardine dick stroker.

    He's not being trolled.

    Ray is "thick" as a brick and can't overcome his own thought processes.
    David H. Lipman, Dec 17, 2010
  19. RayLopez99

    RayLopez99 Guest

    Doublespeak noted. "Guns don't kill people, people do".
    YOU don't understand. The issue is "encoding technique" that evades
    the IPS. Got that?
    Nothing is always.

    MAY? That's your rebuttal? Like I said, .NET is immune (largely--so
    there's my fudge) from such attack.
    OK. VBscript--I don't know if .NET uses this or not, but I would
    imagine the VB module does, but not sure about the C# module.

    RayLopez99, Dec 18, 2010
  20. RayLopez99

    RayLopez99 Guest

    You're dumb as shit.

    Still promoting that malware you wrote? Get over it.

    RayLopez99, Dec 18, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.