[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Introduction ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #68 | Release date : 2012-04-14 | Editor : The Phrack Staff
IntroductionThe Phrack Staff
Phrack Prophile on FXThe Phrack Staff
Phrack World NewsTCLH
Linenoisevarious
LoopbackThe Phrack Staff
Android Kernel Rootkitdong-hoon you
Happy Hackinganonymous author
Practical cracking of white-box implementationssysk
Single Process ParasiteCrossbower
Pseudomonarchia jemallocumargp & huku
Infecting loadable kernel modules: kernel versions 2.6.x/3.0.xstyx^
The Art of Exploitation: MS IIS 7.5 Remote Heap Overflowredpantz
The Art of Exploitation: Exploiting VLC, a jemalloc case studyhuku & argp
Secure Function Evaluation vs. Deniability in OTR and similar protocolsgreg
Similarities for Fun and ProfitPouik & G0rfi3ld
Lines in the Sand: Which Side Are You On in the Hacker Class Waranonymous author
Abusing Netlogon to steal an Active Directory's secretsthe p1ckp0ck3t
25 Years of SummerConShmeck
International Scenesvarious
Title : Introduction
Author : The Phrack Staff
                              ==Phrack Inc.==

                Volume 0x0e, Issue 0x44, Phile #0x01 of 0x13

|=-----------------------------------------------------------------------=|
|=-------------------------=[ Introduction ]=----------------------------=|
|=-----------------------------------------------------------------------=|
|=----------------------=[ by the Phrack staff ]=------------------------=|
|=-----------------------------------------------------------------------=|
|=------------------------=[  April 14, 2012  ]=-------------------------=|
|=-----------------------------------------------------------------------=|


              "C is quirky, flawed, and an enormous success."
                                   -- Dennis Ritchie

October 2011, a legend has fallen...

                         _____.______.______._____
                         \`\                   /'/
                          \ |                 | /
                           >|___,____,____,___|<
                          /d$$$P ,ssssssssssss. \
                         /d$$$P ,d$$$$$$$$$$$$$b \
                        <=====w======w======w=====>
                         \ \____> \_____/ <____/ /
                          \_____________________/ pb


Dennis Ritchie, proud father of nothing less than our beloved C language
and UNIX operating system, is gone. While the world has been crying over
the loss of Steve Jobs, little has been written about Dennis' death. Saying
that his inventions influenced the hacking community in a way even he
probably never knew is _not_ an exaggeration. Think about it: how many of
us became hackers because we discovered C, related bugs or UNIX?

Dennis, the world might not be aware of your unbelievable contribution but
we are. Farewell dear friend, may you rest in peace.

                                        -- anonymous bug hunter


                        -----( Dark Thoughts )-----

Today I woke up thinking about the death of this Chinese little girl [1]. I
felt bad. It's true that watching the youtube video was disturbing but
something kept hitting my mind. What if the incident had occurred in my
country?  Would people really have behaved any differently? I have doubts.
Just because a video leaked on the Internet people conveniently blamed
China, a country both controverted and feared.

What if the modern society in general was tending to slowly become amoral
and cold? A proof is that we all watched this video fully aware of its
content. Vicious, aren't we? But not only that. We're also fucking cowards.
Suddenly discovering that there is a darkness hidden inside the very roots
of our society is dramatic. But pretending to ignore the fact that there
are countries in this world where atrocious massacres are part of the daily
life seems fine.

It was written in the US Declaration of Independence that "We hold these
truths to be self-evident, that all men are created equal [...]". How could
that possibly be true? This morning I was at home, healthy, comfortably
sitting in front of my computer screen, with a cup of coffee in hand. A few
minutes later, I was working (or luxuriously pretending to be) to earn
money that I spent in the bar that night with my friends. In the mean time,
not so far away, people were killed, raped, mutilated. The truth is that I
don't even care when I think about it. This morning I was pretending being
concerned for other people, but tonight I don't give a shit anymore.

Something must be wrong.

                                    -- anonymous coward / Phrack


[1] http://www.chinapost.com.tw/china/national-news/2011/10/21/320549/
    Chinese-girl.htm


                      -----( Phrack Issue #68 )-----

Hello Phrackers! How are you guys doing? We hope well. We hope your latest
exploit works reliably (again) and all your bounces are alive and pinging.
We also hope you and your friends still are out of prison, or recently came
out (wink wink). Us, we're doing good. Looks like we did it again and a new
release is here. Ya-hoo.

This release brings you an amazing selection of hacking goodies. We have
two papers on applied cryptanalysis by greg and SysK, an area in which we
hope to see more submissions for the next issues. We are also thrilled
about the return of the Art of Exploitation section. And what a return; we
have for you not one, but two detailed papers demonstrating that
exploitation is indeed an art form. Speaking of exploitation, did you ever
wonder what Firefox, FreeBSD and NetBSD have in common? Read the paper by
argp & huku and find out. Are you hacking Windows' farms? Be sure to check
the p1ckp0ck3t's novel approach of stealing Active Directory password
hashes. Perhaps you prefer malware analysis and identification of malware
families; Pouik and G0rfi3ld have written a paper with a focus on Android
malware that will satisfy you. Android is quickly becoming the standard
mobile platform. I think it's time for an Android/ARM kernel rootkit. Start
from dong-hoon you's paper and hack your own. styx^ continues the kernel
fun with a paper that updates truff's LKM infection techniques to 2.6.x and
3.x Linux kernels. If for whatever reason you're afraid of messing with
your kernels, Crossbower shows you how to create a stealthy userland
backdoor without creating new processes or threads.

We also believe that you will find merit with the two main non technical
papers of this issue. Both address more or less the same topics, but from
two totally different points of view. On one hand, we have an analysis of
how the happiness that hacking brings to all of us can and is corrupted by
the security industry. One the other, a call to all hackers to take a side
between staying true to the spirit of hacking and selling out to the
military intelligence industrial complex. Read them, think about them and
take a side. Remember, "The hottest places in hell are reserved for those
who in times of great moral crisis maintain their neutrality".

Phrack World News is also making a comeback, courtesy of TCLH. In
International Scenes we explore Korea and the past of the Greek scene.
Loopback has increased and we decided to resurrect Linenoise as we had some
tiny but not less interesting submissions. While being eligible for an
issue remains hard, submitting for Linenoise may be an easier way for
people to share tricks in the next issues.

We are proud to have FX prophiled in this epic issue. As an added gift, FX
wrote a eulogy for PH-Neutral, at least in its original form. PH-Neutral,
as all great hacker creations, lives on as long as the hackers behind it
are fueling it with their passion.

Speaking of hacker passion, this issue re-establishes a long lost
connection. Phrack and SummerCon are again bonded on the 25th anniversary
of SummerCon! Shmeck and redpantz, representing SummerCon, contribute two
papers; a history of the conference from its beginning in 1987 to this
year, and of course one of the Art of Exploitation papers.

Believe it or not it was _fucking_ hard to prepare this issue. It's no news
that the mentality of the hacking community has changed, but this time we
had to face multiple deceptions. It's not the first time, however the 
quantity makes this event scary. It demonstrates how rotten and corrupted 
the so-called spirit of some people pretending to be part of the 
underground has become.

There's a time when you realize that you've lost count of the battles you
lost, but you still kinda won enough to keep faith. More importantly, you
realize that you still care. Granted, it's not the deep, mystical and life
changing moment that movies display -- the huge pile of shit you pushed out
of the door just before getting to sleep is still there. It maybe just
stinks a little less.

But we care, hell, we really care about Phrack and what it means. It costs
time and frustration, many battles lost, it faces the two-point-oh
revolution (lots of quality stuff goes into blogs, for immediate
consumption) and the money drop by the security industry, but the
satisfaction of seeing it out again is huge. Yes, we care.

And that's not just because we're a bunch of old farts that stay attached
to the past. We care because it's a constant, maybe feeble but constant,
heartbeat of that world, that community that we grew up and now live in.
You know, that little thing called 'the Underground' that we are proud and
honored to somehow, in part, represent.

We've heard from many corners that 'the Underground' is dead. We'd love to
hear those people describe what the Underground is, then. Sure, things
change, evolve. Laws, computing power, money invested, political links,
technology, every piece moves fast and reshapes the landscape. But if
you're reading these lines today, if you've just finished a 36-hour
coding, hacking marathon, you're keeping it alive.

So thank you, for that. Thank you to the authors for finding the time of
sharing their knowledge. Thank you to anyone that setups a new connection.
Thank you to whomever fights for information and freedom. Thanks crews.

Happy hacking, Phrackers.
You guys are the BEST heartbeat in the world.


                                    -- the Phrack staff


 ______  _     _ ______          ______ _    _      __  _      __   _____
(_____ \| |   | (_____ \   /\   / _____) |  / )   _|  || |_   / /  / ___ \
 _____) ) |__ | |_____) ) /  \ | /     | | / /   (_   ||  _) / /_ ( (   ) )
|  ____/|  __)| (_____ ( / /\ \| |     | |< <     _|  || |_ / __ \ > > < <
| |     | |   | |     | | |__| | \_____| | \ \   (_   ||  _| (__) | (___) )
|_|     |_|   |_|     |_|______|\______)_|  \_)    |__||_|  \____/ \_____/


                 - By the community, for the community. -


$ cat p68/index.txt

<--------------------------( Table of Contents )-------------------------->

 0x01  Introduction ...................................... Phrack Staff

 0x02  Phrack Prophile on FX ............................. Phrack Staff

 0x03  Phrack World News ................................. TCLH

 0x04  Linenoise ......................................... various

 0x05  Loopback .......................................... Phrack Staff

 0x06  Android Linux Kernel Rootkit ...................... dong-hoon you

 0x07  Happy Hacking ..................................... Anonymous

 0x08  Practical cracking of white-box implementations ... SysK

 0x09  Single Process Parasite ........................... Crossbower

 0x0a  Pseudomonarchia jemallocum ........................ argp & huku

 0x0b  Infecting loadable kernel modules ................. styx^

 0x0c  The Art of Exploitation:
       MS IIS 7.5 Remote Heap Overflow ................... redpantz

 0x0d  The Art of Exploitation:
       Exploiting VLC, a jemalloc case study ............. huku & argp

 0x0e  Secure Function Evaluation vs. Deniability in OTR
       and similar protocols ............................. greg

 0x0f  Similarities for Fun and Profit ................... Pouik & G0rfi3ld

 0x10  Lines in the Sand: Which Side Are You On in the
       Hacker Class War .................................. Anonymous

 0x11  Abusing Netlogon to steal an Active Directory's
       secrets ........................................... the p1ckp0ck3t
 
 0x12  25 Years of SummerCon ............................. Shmeck

 0x13  International Scenes .............................. various

<------------------------------------------------------------------------->


                    -----( GreetZ for issue #68 )-----

    - FX:                            epicness personified
    - herm1t:                        you have our support
    - TCLH:                          for everything
    - x82:                           deepest apologies for the 1 year wait
    - anonymous authors:             best part of this issue
    - sysk:                          keep submitting man!
    - redpantz & Shmeck:             Phrack and SummerCon bonded again
    - greg:                          schooling Alice and Bob
    - Crossbower:                    parasite zoologist
    - the p1ckp0ck3t:                be wary or he will get your hashes
    - huku & argp:                   the scourge of memory allocators
    - styx^:                         yes we are hardcore reviewers
    - Pouik & G0rfi3ld:              who the hell is G0rfi3ld??? ;>
    - scene phile writers:           you have big balls guyz
    - linenoise writers:             Eva you're soooooooo cute :3
    - our generous hoster:           a contribution not forgotten ;)
    - z4ppy, ender:                  external reviews are paid in beers
    - b3n:                           too bad we didn't use your stuff
    - No greetz, no thankz to:       you know who you are :<

       And of course many thanks to the loopback contributors :')


                  -----( Phrack Magazine's policy )-----

phrack:~# head -n 22 /usr/include/std-disclaimer.h
/*
 *  All information in Phrack Magazine is, to the best of the ability of
 *  the editors and contributors, truthful and accurate.  When possible,
 *  all facts are checked, all code is compiled.  However, we are not
 *  omniscient (hell, we don't even get paid).  It is entirely possible
 *  something contained within this publication is incorrect in some way.
 *  If this is the case, please drop us some email so that we can correct
 *  it in a future issue.
 *
 *
 *  Also, keep in mind that Phrack Magazine accepts no responsibility for
 *  the entirely stupid (or illegal) things people may do with the
 *  information contained herein.  Phrack is a compendium of knowledge,
 *  wisdom, wit, and sass.  We neither advocate, condone nor participate
 *  in any sort of illicit behavior.  But we will sit back and watch.
 *
 *
 *  Lastly, it bears mentioning that the opinions that may be expressed in
 *  the articles of Phrack Magazine are intellectual property of their
 *  authors.
 *  These opinions do not necessarily represent those of the Phrack Staff.
 */

                  -----( Contact Phrack Magazine )-----


            <  Editors           : staff[at]phrack{dot}org   >
            >  Submissions       : staff[at]phrack{dot}org   <
            <  Commentary        : loopback[@]phrack{dot}org >
            >  Phrack World News : pwned[at]phrack{dot}org   <


    Submissions may be encrypted with the following PGP key:
    (Hint: Always use the PGP key from the latest issue)


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PHRACK

mQGiBEucoWIRBACFnpCCYMYBX0ygl3LrH+WWMl/g6WZxxwLM2IT65gXCuvOEbLHR
/OdZ5T7Z6sO4O5b0EWkk5pa1Z8egNp44+Fn+ExI78cv7ML9ffw1WEAS+raQwvN2w
0WUsfztWHZqPf4HMefX92pv+1kVcio/b0aRT5lRbvD7IdYLrtYb0V7RYGwCgi6Or
dJ5iN+YVDMx8lkUICI8kPxcD/1aHZqCzFx7lI//4OtZQN0ndP1OEH+C7GDfYWi4P
DcLNlF812h1qyJf3QCs93PQR+fu7XWAIyyo5rLHpFfuU29ZZH1Oe0VR6pLJTas2Z
zXNdU48Bhj1uf4Xv0NaAYlQ5ffIJ4a37uIKYRn28sOwH/7P8VGD7K7EZn3MMyewo
aPPsA/4ylQtKkaPB9iTKUlimy5ZZorPwzhNliEbIanCGfePgPz02QMG8gnId40/o
luE0YK1GnUbIMOb6LzI2A5EuQxzGrWzDGOM3uLDLzJtBCg8oKFrUoRVu1dnPEqc/
NQzRYjRK8R8DoDa/QZgyn19pXx4oQ3tAldI4dAQ022ajUhEoobQfUGhyYWNrIFN0
YWZmIDxzdGFmZkBwaHJhY2sub3JnPohgBBMRAgAgBQJLnKFiAhsDBgsJCAcDAgQV
AggDBBYCAwECHgECF4AACgkQxgxUfYgthE7RagCeL/XirVrcUzgKBrJGcvo0xjIE
YlkAoIBqC2GuYJrXxPO/KaJtXglJjd7zuQQNBEucoWIQEADrU+2GAZbWbTElblRp
/MyoUNHm0gxOo7afqVdQe8epub/waQD1bnE+VucI7ncmQWUdD0qkkyzaXlFDlvId
LYh/dMu4/h+nTyuCLNqoycqvf1k8Dax6QOADq0BZlM5lGTL6VOBnCitWCvgYCmLO
aPO1bacJlNx0/cpWKe+YELlZss7Q+o4SBvDOyX8B78eEs62dbRAudubFQ/tjQd3z
cXZOSli9Du9DAa2vzk8tq1c6RAs0NY4KxBu+6VW/lxvGt3iNRlFQAdya6Kx3fhog
zVjkt3OOgNDJ6u/9zYbMbtjtoFqSIJDR4DhZ9NbS57nuTkJqh0GDVOtxfKcc8QxH
wyYiH47M9znHFtHHvT0PzGc2Fl8s3EUFvlXZUW3ikcFbkyqTgnseqv5k9YQ8FDHX
IvBVpj8nqLi3CBADy8z2gy5r4TryV3sfOlTT40r0GtiG3Weeb0wuMj5+hr303zgN
/aH+ps8JvL0TeyXjsDMcTCF1fHSIxPJouSWjOkFMrumAg/rikdn3+dPCCowcLKvQ
isYC60yKEhcYvUDiKKzXrGyM/38Kp/73RA9ZLQ3VjCSX550UCU46hF6u6Qzbd5Jk
T8WesPYqz4jpPzlF1MbaVki4+g5myTR8y1IIarX08mk6l+1YZyjjzmlhKyhdaIiI
QY4uv3EYYFDHiyd0/3ZBfkz62wADBQ//bVf698IFhoLHeCG3USyl/rHyjVUatsCx
ZCwPlWEGzR+RP3XdqwoeFZNA4hXYy3Qr1vJSytbCRDYOK2Rp3Eos1Gncqp3KbUhQ
ZRBxGNbhskZ7VHOvBHIIZ7QU3TDnWLDlWs9oha8zv9XWEmaBmCjBtmRwunphwdv2
O7JpqLbW45l/WAas6CuRi+VxXllQPM2nKX9JwzyWlvnU3QayO+JJwH5bfeW0Wz53
wqMBJz9hvVaClfAzwEnPnWQxxgA6j7S9AuEv7NRLZsC6nHyGwB7vFfL4dCKt4cer
gYOk5RjhHVNuLJSLhVWRfcxymPRKg07harb9adrPcjJ7fCKXN1oPCcacG0O6vcTb
k58MTzs3CShJ58iqVczU6ssGiVNFmfnTrYiHXXvo/+36c+TizwoXJD7CNGDc+8C0
IxKsZbxgvpFuyRRwrzr3PpecY0I2cWZ7wN3WtFZkDi5OtsIKTXHOozmddhAwxqGK
eURB/yI/4L7t2Kh2EaVOyRbXNa4hwPbqbFiofihjKQ1fFsYCUUW0CAOaXu14QrrC
IepRMQ2tabrYCfyNuLL3JwUFKinXs6SrFcSiWkr9Cpay7Ozx5QosV8YKpn6ojejE
H3Xc0RNF/wjYczOSA6547AzrnS8jkVTV2WIJ5g1ExvSxIozlHU5Dcyn5faftz++y
ZMHT0Ds1FMGISQQYEQIACQUCS5yhYgIbDAAKCRDGDFR9iC2ETsN0AJ9D3ArYTLnd
lvUoDsu23bN4bf7gHwCfUGDsUSAWE/G7xQaBuB50qXecJPo=
=cK7U
-----END PGP PUBLIC KEY BLOCK-----

                            -----( EOF )-----
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.