Entries in Liberty and the pursuit of root (2)


Goot Root?

Why is Linux safer than Windows? Because linux-tpreter hasn't been updated.  That is always a favorite joke I hear among the community.  Today with the update of Metasploit 4.2, I saw a module that I had always ment to check out.  Post Sudo Upgrade on a shell.

Thanks to this module by todb, post/multi/manage/sudo, getting privledge escalation on an Ubuntu host with point, click, pwn!


Goot Root? 




Revolutions and Hackers



I enjoy reading all sorts of things.  Last night I was reading Hackers: Hero's of the Computer Revolution by Steven Levy

In this book, Levy delivers the 7 commandments of the personal computer revolution. 

  1. Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total.
  2. Always yield to the Hands-on Imperative!
  3. All information should be free.
  4. Mistrust authority—promote decentralization.
  5. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race or position.
  6. You can create art and beauty on a computer.
  7. Computers can change your life for the better.

It got me thinking about the colonial times and how the patriots saw something wrong with the world and decided to fight for what they believed were inalienable rights, self-evident and universal.  I also started thinking about the current state of information security.  As a security researchers we find flaws in technology and try to share some Common Sense.  We call them best practices.  We believe that companies will not patch unless it is trivial to exploit the flaws in the system.  We write exploits and PoC not to hurt the world (well most of us) but to help it.  Someone asked me if I go online because of all the "hackers."  I told them I go online knowing it is safe because of the hackers.  Knowing that we as a community police the internet.  In essence, we govern it ourselves.  


1. Access to anything that might teach you something is good.  I have learned more from a n00b then I ever did a ninja.  It wasn't about the information, but the new way of thinking.  We need more new blood.  InfoSec mentors are a great thing.  You get fresh perspective in exchange for sharing some of your knowledge.

2. Hands-On... you can read about writing exploits or hacking but unless you fire up a VM, you are as much a hacker as I am a member of the Delta Force because I read a book about them.  Good News, the ability to learn is available.  Jump in... the only thing stopping you is you.  Interject your ideas and try it.  Be careful though... as Dual Core says, "Yes there is a substance but it is different from addiction."

3. All information should be free... This is the Freedom of Speech.  If we censor new ideas, we only limit ourself and our abilities.  Share your research, don't share stolen databases. 

4. Mistrust Authority-  We are all AAA by our very nature.  The world asks why, hackers say why not!  Trust but verify.  After all, if not for this, we would not have Patch Tuesday!  However do what you can to educate them.

5. Certs have their place, but there is no substitution for knowledge.  I know many people who are smarter than a CISSP and I know a CISSP who asked "what is a shell?"  Read up at Jaded Security about what the CISSP wont teach you.

6.  Computers are extensions of people.  Garbage in- Garbage out.  However add goodness,  brilliance, insight, excellence, ideas and a little pwn-sauce on top and the outcome is limitless.

7.  Computers can change our life for the better.  I know it changed mine!


In the end, we as a community hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Root.

Everyone have a safe 4th of July weekend.

Remember all... Every Revolution begins with a single act of defiance.  Hack the plannet.