Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 22 Aug 2014, 13:49
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Puppy 5.1 hacked into remotely?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [33 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Wed 13 Jul 2011, 05:30    Post subject:  

oh my gosh that attackpup is so beautiful
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 13 Jul 2011, 06:17    Post subject:  

Much appreciated but now we need the computer savvy people among Puppy users to tell us how to protect ourselves.

1. Did you have a router at that time. Did him go through the router then.
2. Or did he lure you to visit some page him had prepared with a Flash thing or
3. did he send you something that had the downloader of something that allowed him to get in?

Was this a vulnerability in the Firefox Flash or something that that program he had paid for used?

I fail to get it.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Wed 13 Jul 2011, 09:00    Post subject:  

It could well have been flash, because both the firefox, chromium that I installed via quickpet, and flash were all out of date at the time I installed them

(firefox has an updater built in that I ran twice to get fully up to date. chromium had to become chrome, and flash needed to be replaced via downloading and replacement in the file-manager)
Back to top
View user's profile Send private message 
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Wed 13 Jul 2011, 09:13    Post subject:  

(I actually know now to go into Puppy Package Manager ("install" desktop icon) and via the Configure Package Manager button, tick the ubuntu repositories (I chose main, multiverse, and universe) and then click the Update button before searching for chrome

I think chrome is in ubuntu lucid main, but I can't remember to tell the truth
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 13 Jul 2011, 09:48    Post subject:  

Hope it is okay that I am a bit at it. I wonder about this

2. Or did he lure you to visit some page him had prepared with a Flash thing or

Suppose you are right about having an older version of Flash.

But that would only work for him if him had his own Blog or server or some place him could place a file on that make use of that Flash vulnerability.

But if it was through the Router then he has to have a program that actually penetrated from outside through the router.

Is it possible now to look in the log of the router if he came that way?

I guess this did happen days or weeks ago. Has he promised to never try again?

Anything you remember can help the Devs to make Puppy better or them tell us what we have to do to make us more secure.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Wed 13 Jul 2011, 18:07    Post subject:  

to answer your questions nooby

>we (mostly he) shared links to gifs, jpegs, and flash
>he does have his own server - he swears by the use of it's vnc passthrough/proxy whatever capabilities and p2p use also
>no I don't log my router's activities (I probably shouldn't be sharing that knowledge I think and should actively log from now on *facepalm*)
>it's all a mystery to me to be honest - how do you get through my router and then my firewall too?
Back to top
View user's profile Send private message 
Karl Godt


Joined: 20 Jun 2010
Posts: 3964
Location: Kiel,Germany

PostPosted: Wed 13 Jul 2011, 19:31    Post subject:  

Code:
busybox-1.18.3 tcpsvd -v 127.0.0.1 100 busybox-1.18.3 ftpd /

can set up a port .

Example : downloading a directory ( little /etc in this case ) :
Code:

cd /mnt/sda9/wget
wget -rv ftp://127.0.0.1:100/etc


But until now I was not able to inject a file with scp or curl .
Back to top
View user's profile Send private message Visit poster's website 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Wed 13 Jul 2011, 21:06    Post subject:  

dru5k1,

Do you run samba? If you opened a folder of pictures to share, maybe translating through a samba-network-neighborhood or such it might have set up an environment that let your friend telnet into the "shared" space on your computer. I don't do samba, so I don't know what permissions are granted in puppy folders through it. But if all he managed was to run in a shared folder as a remote computer... That used to be pretty easy to do. I suppose doing something like that could be called a "hack" if done without permission. It's the kind of entry into a shared-files space that would slow your computer. Samba would be attempting to build a GUI to serve to a remote Windows environment. It should have been using a good deal of your cpu and keeping your net-activity blinky alight, with cpu temp and net Tx up.
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 13 Jul 2011, 21:17    Post subject:  

Thanks Karl for being a CUR Wink
(Puppy spreading Courage Understanding and Reassurance)
rather than a follower of FUD. Smile
Did you 'think of the children'?
http://youtu.be/Qh2sWSVRrmo

That makes perfect sense to me
and also in technical terms seems very easy . . .

Pretty sure I have a static IP address (this is set up by the ISP)
http://whatismyipaddress.com/dynamic-static
Is there an easy way to use a dynamic IP address temporarily
for example if contacting SMERSH (gosh it actually exists)
http://en.wikipedia.org/wiki/SMERSH
or the Linux Users Conspiracy Klub (LUCK) Cool

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11017
Location: Arizona USA

PostPosted: Wed 13 Jul 2011, 23:52    Post subject:  

dru5k1, another question for you: were you running Puppy as root, or as a user with a login at the time your friend broke in?
Back to top
View user's profile Send private message 
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Sun 17 Jul 2011, 22:09    Post subject:  

ok, I was running as root with no samba

just to let you know, I've updated my browser+flash and added
iptables -A INPUT -j DROP
to my /etc/rc.d/rc.firewall script (I figure these are good security measures), also I haven't talked to my friend as much just recently (he was ridding some windows machines of virii last time we spoke), and I haven't had any more intrusions (he just did that for fun, and he'll obviously know that I've got nothing juicy on my computer, so failing aggravating some net-savvy-linuxnet-savvy person I don't see the same incident happening again in the near future *fingers crossed*

(I feel quite confident actually Smile - I asked him to try again, but he declined as he's busy)
Back to top
View user's profile Send private message 
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Sun 17 Jul 2011, 22:21    Post subject:  

looking back over the thread,..

I *wish* I knew how this is done.. as far as I know it costs both money and time to learn though... I'm just an average web browser - it's way out of my league
Back to top
View user's profile Send private message 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Mon 18 Jul 2011, 12:53    Post subject:  

http://www.murga-linux.com/puppy/viewtopic.php?p=543828#543828 wrote:

...
Is there an easy way to use a dynamic IP address temporarily
for example if contacting SMERSH (gosh it actually exists) ...

Supposed to be, the information for curve orientation is a part of the trick.

_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.

Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11017
Location: Arizona USA

PostPosted: Tue 19 Jul 2011, 01:10    Post subject:  

The guy who vandalized the forum a month or so ago used a TOR (anonymizer) server to hide his true IP address. Is that what you mean?
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 4220
Location: Earth

PostPosted: Tue 19 Jul 2011, 17:02    Post subject: This Exploit should be examined by looking at our own PUPs  

Someone mentioned GUI being built by SAMBA.

I don't think that is possible in any current SAMBA. So SAMBA exploits merely would let you "see" files in the shared folder if you got desktop/SAMBA access.

The exploit that the OP seemingly referencing is about gaining access to executes some desktop function.

Althought this hack isn't considered a virus, it does constitute an examination of how the system could or would be used, depending on which access ANY user would do.

And, as many people whose eyes and comments we can put on this, should make for a much better solution.

Now, again, knowing what we currently know about Puppy, with/without a F/W, what is running or available to allow and support access over the LAN/WAN???

Hope this helps

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 3 [33 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0799s ][ Queries: 12 (0.0043s) ][ GZIP on ]