[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] RE: Isecom.org ideahamster.org and the hackerhighschool.org
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] RE: Isecom.org ideahamster.org and the hackerhighschool.org
- From: robert@xxxxxxxxxxxxxxxx
- Date: Tue, 30 Nov 2004 15:24:22 -0800
Pedro Andujar (crg@xxxxxxxxxxxxxx)@Tue, 30 Nov 2004 06:45:16 -0800:
> Pen-tester like hacking:
> 1) read bugtraq.
> 2) get the las published exploit.
> 3) do some changes (1 or 2 lines ... or change credits of the xpl
> is enough).
> 4) ./exploit host
While this may be CEH compliant.. it is not OSSTMM compliant :).
Also it's a total fabrication of what you actually did. You actually exploited
a PHP problem in the forums. Some of your humor would be funny and even
appreciated if you had enough Ethics to be honest. I guess you can't even
qualify as a CEH. Oh well, maybe you could study up and pass the CISSP.
> tar xvzf freebsdlocal0day-donotdistributed-suppliedby-divineint.tgz
> make freebsdlocal0day-donotdistributed-suppliedby-divineint
> uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
> 5(operator), 20(staff), 31(guest)
Hehe .. wouldn't it be fun if we all could just make believe that things really
happened? It certainly would be a lot easier that way.
Pedro, you know, with all of that desire with the right mentoring, you may even
become useful someday. Until you can learn to be honest about your findings
however, I suggest staying out of the lime light.
Robert
--
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert@xxxxxxxxxxxxxxxx
M - (949) 394-2033
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html