-
January 25th, 2002, 10:44 AM
#21
Re: grrr........
Originally posted by guerrillase7en
so running easy exploits on webservers that do what there supose to do just have really no if any security isn't really an exploit? no cgi exploits are real exploits? no exploits are real exploits? damn then there is no such thing as an exploit. in your mind.....
Ok..Let me see if I can explain this in a way that you can understand.
1) The original intention of Morpheus is to allow users to share files, ANY kind of files.
2) As long as the user puts the files they want to share in a specific directory and follows directions,
AFAIK you cannot access any other directory other than the shared one. If you can find a way of
accessing a directory that the user is not sharing then THAT would be an exploit.
Just because some idiot users choose to share their entire hard drives and you can access them, it does not mean you
have found an unintended use for the program.
Whereas if you are able to exploit a webserver that has a bug that hasn't been patched, you could say
that you have exploited the admin's laziness/the programmer's incompetence since the specifications
on the server never called for the program to be unable to deal with buffer overflow or whatever means
you would be using to access it.
There is a big difference between what happens with Morpheus and what a true exploit is..and if my explanation or that of the other
posters here telling you don't help you understand...I dont know what else to tell you.
Sheesh!!
Realityisanillusioncreatedbyanalcoholdeficiency.
-
January 25th, 2002, 11:04 AM
#22
Member
Originally posted by Matty_Cross
...Now, if you could upload to their computer through this method... I'd say its an exploit... but you can't....
u can.
so using this to d/l there .passwd file and telnet into root isn't going to give u the power you want inorder for it to be an exploit?
-
January 25th, 2002, 11:08 AM
#23
Member
Re: Re: grrr........
Originally posted by Tortured Spirit
...Whereas if you are able to exploit a webserver that has a bug that hasn't been patched, you could say
that you have exploited the admin's laziness/the programmer's incompetence since the specifications on the server never called for the program to be unable to deal with buffer overflow or whatever means you would be using to access it...
so exploiting a sys admin's stupidity(if they don't chek for security updates) and exploiting a sys user's stupidity(by shareing evrything) isn't the same?
-
January 25th, 2002, 07:44 PM
#24
Re: Re: Re: grrr........
Originally posted by guerrillase7en
so exploiting a sys admin's stupidity(if they don't chek for security updates) and exploiting a sys user's stupidity(by shareing evrything) isn't the same?
Basically, yes. Security updates are released to patch a bug/security hole that was never intended to be there in the first place.
With a P2P program like Morpheus, they original intention of the program was to allow ppl to
share files from a specific directory or directories.
AFAIU, an exploit by definition is finding a way to take advantage of a bug or security hole that
should not exist in the first place.
And that, to me anyway, is the difference.
Realityisanillusioncreatedbyanalcoholdeficiency.
-
January 26th, 2002, 02:14 AM
#25
Member
Re: Re: Re: Re: grrr........
Originally posted by Tortured Spirit
...take advantage of a bug or security hole that should not exist in the first place.
...
it shouldn't allow you to share the holde hard drive/nor let it list *.pwl/.passwd files
that's a security hole that shouldn't exist....
-
January 26th, 2002, 02:25 AM
#26
I came across this..
dunno if it work though...
It's a perl script wich is supposed to be a Kazaa/Morpheus Denial of Service Attack..
(rename .txt to .pl if u wanna try)
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 26th, 2002, 04:09 AM
#27
--------------------------------------------------------------------------------
Originally posted by guerrillase7en
quote:
--------------------------------------------------------------------------------
Originally posted by Matty_Cross
...Now, if you could upload to their computer through this method... I'd say its an exploit... but you can't....
--------------------------------------------------------------------------------
u can.
so using this to d/l there .passwd file and telnet into root isn't going to give u the power you want inorder for it to be an exploit?
--------------------------------------------------------------------------------
Since when can you UPLOAD to their computer through this 'exploit'?
I just re-read the 'exploit' tutorial you posted, nothing about being able to upload up there....
guerrillase7en...
It SHOULD let you share your whole hard-drive.. its is a file SHARING program.. the key word here is SHARING... Have you noticed, that when your using Morpheus, there is a search option to search EVERYTHING? Does it not dawn upon you that this is there because they didn't really want to create a search category for every single type of file?
Its meant to be able to share any type of file.
If a user shares their whole hard drive, that is their choice.... it may not be the best choice, but its their choice.. it isn't an exploit in the software... its doing what it was intented to do....
I personally am going to stop (or at least try to stop) posting to this thread, as I seem to just be repeating myself...
I feel kinda like this...
-Matty_Cross
\"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
But when you\'re good and crazy, hehe, the skies the limit!!\"
-
January 26th, 2002, 04:49 AM
#28
-
January 26th, 2002, 04:54 AM
#29
First off) that is not hacking that is just newbie sh*t
Second) like almost everyone said its only files in your shared folder
Third) You are ******n stupid to even think of this as an exploit
-
January 26th, 2002, 05:08 AM
#30
I personally am going to stop (or at least try to stop) posting to this thread, as I seem to just be repeating myself...
I feel kinda like this... :
Amen !! My post(s) above were my last attempts to explain this..It can't be explained any clearer than has already been. SO I am gonna quit : with these kids and go on...
Realityisanillusioncreatedbyanalcoholdeficiency.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|