Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Isecom.org ideahamster.org and the hackerhighschool.org
From: robert () dyadsecurity com
Date: Tue, 30 Nov 2004 15:24:22 -0800

Pedro Andujar (crg () digitalsec net)@Tue, 30 Nov 2004 06:45:16 -0800:
Pen-tester like hacking:
1) read bugtraq.
2) get the las published exploit.
3) do some changes (1 or 2 lines ... or change credits of the xpl
is enough).
4) ./exploit host

While this may be CEH compliant.. it is not OSSTMM compliant :).

Also it's a total fabrication of what you actually did.  You actually exploited a PHP problem in the forums.  Some of 
your humor would be funny and even appreciated if you had enough Ethics to be honest.  I guess you can't even qualify 
as a CEH.  Oh well, maybe you could study up and pass the CISSP.

tar xvzf freebsdlocal0day-donotdistributed-suppliedby-divineint.tgz
make freebsdlocal0day-donotdistributed-suppliedby-divineint
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)

Hehe .. wouldn't it be fun if we all could just make believe that things really happened?  It certainly would be a lot 
easier that way.

Pedro, you know, with all of that desire with the right mentoring, you may even become useful someday.  Until you can 
learn to be honest about your findings however, I suggest staying out of the lime light.


Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]