Results 1 to 9 of 9

Thread: Owned an Exposed

  1. #1
    Member Krytical's Avatar
    Join Date
    Mar 2010
    Posts
    117

    Default Owned an Exposed

    so, since it happened, do we need to worry about existing backtrack installations? are the ISO's safe? ettercap was mentioned... isn't that included with backtrack? or is all that sure to be safe?

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: Owned an Exposed

    Quote Originally Posted by Krytical View Post
    so, since it happened, do we need to worry about existing backtrack installations? are the ISO's safe? ettercap was mentioned... isn't that included with backtrack? or is all that sure to be safe?
    I think it is legitimate to ask these questions.

    The real question is how will we ever know the answer?

    And should pentesters be worried that they may be injecting backdoors on their customers when doing a pentest?

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Owned an Exposed

    Dont believe every thing you read on the internet. Ettercap may be backdoored by no one has been using that source code from the sourceforge ettercap project for years. Anyway, if you were really worried about it you would open up the code and do a review. Owned and Exposed just wanted to instill a little fear via propaganda and it looks like it worked.

  4. #4
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: Owned an Exposed

    I'm assuming this conversation is related to http://www.exploit-db.com/papers/15823/ but I do not read anything about an ettercap backdoor, other then the fact that sourceforge can be compromised and ettercap is hosted there.

    You would think that the authors of Ettercap, one of the most popular
    whitehat pentesting tools, would know the basics of security.
    Apparently they don't, or they just don't give a shit about what
    happens to their users.

    So, why is their website so insecure? Ettercap's message board is
    hosted at Sourceforge, so they share a server with thousands of other
    customers. Every single customer is able to execute commands and
    access the other project directories. Pretty stupid, eh? You only need
    to find one hole in one hosted site and you can access ALL the project
    databases. Of course that isn't ALoR's fault, it's Sourceforge's
    fault. Regardless, people who care about security and data integrity
    wouldn't use such a shitty provider, would they? To be fair, the
    Ettercap project is dead. Most of the admins have been inactive for a
    few years now, but that is no excuse for such a security mess.
    Especially since the server was compromised some five years ago.

    Just look at the process list, horrible. Even the worst perl bots
    (scax) get access. If such a poorly written bot can own this box,
    everyone can.

    Some good advice to all other people/projects who are using
    Sourceforge: Move. There are enough good alternatives. Yes, I am
    talking to you Vim, get the **** out of there. And to all Ettercap
    users: arp poisoning is *not* hacking. If you want to achieve
    something real, learn the fundamentals and not how to use a GUI. Don't
    sniff the passwords of your friends and call yourself a pentester
    (looking at you firesheep).
    don't worry about me I am msfconsole retarded

  5. #5
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re: Owned an Exposed

    I can't believe you guys got owned!

  6. #6
    Member
    Join Date
    Feb 2010
    Posts
    50

    Default Re: Owned an Exposed

    there is nothing impossible, as long as made by human.
    no systems or anythings in this world are impossible as long as we want to learn.

  7. #7
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re: Owned an Exposed

    Owned and Exposed just wanted to instill a little fear via propaganda and it looks like it worked.
    - based on what I read, it was with good intentions.

  8. #8
    Member Krytical's Avatar
    Join Date
    Mar 2010
    Posts
    117

    Default Re: Owned an Exposed

    I read the whole "zine" and they don't seem like bad people, of course it could be all lies and misinformation to get just such a reaction, but it's all speculation at that point... But I got my answer, nobody has been using the sourceforge code, so it should be fine... Thanks

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Owned an Exposed

    Quote Originally Posted by godcronos View Post
    I can't believe you guys got owned!
    This little attack could hardly be considered "owned" considering they did not get root on any servers.

    As for ettercap I posted recently in the forums several links disproving the claim that ettercap was/is back doored.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. Owned and Exposed - ISSUE no 2
    By trisogono in forum Discussioni Generali
    Replies: 1
    Last Post: 12-31-2010, 07:34 AM
  2. Hacking Linux Exposed
    By phoenix910 in forum OLD Pentesting
    Replies: 7
    Last Post: 11-25-2007, 07:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •