> Guide to (mostly) Harmless Hacking > Vol. 5 Programmers' Series > No. 4: How to Program in C, part 2 > programs on your target computer. For example, in Leshka's sendmail > exploit, the sendmail program is assumed to exist in /usr/sbin/sendmail. > This works fine for a Linux computer. However, on the Sun OS computer I From Leshka's sendmail 8.7-8.8.2 exploit: "for FreeBSD, Linux and maybe other platforms". *MAYBE* other platforms. > His exploit also assumes the command to run the C compiler is "cc". > However, your victim computer may have the GNU C compiler, and it may > require that you give the command "gcc" instead of "cc". A fairly safe assumption since many systems (especially linux) symlink 'cc' to 'gcc' > Another problem is that sometimes hackers purposely cripple their exploit > code in order to keep total idiots from running them. For example, the syn > flood exploit program written by Daemon9 and released in the fall, 1996 > issue of Phrack had a crucial line of code commented out. As Daemon9 told you in email (CCd to me) on "No, you lackwit, I told you STRAIGHT OUT that the code was: 1) Disabled. It has the sendto() call commented out. 2) Crippled. It is a weakened version of the real program. 3) Required a hacked raw sockets interface to run." > Better yet, don't write buffer overflow exploits. As my secret super hacker > friend says, "Overflows have become annoying. Since the screen exploit for > Linux (almost 3 years ago) that's most of what's been coming out. It's Since the 'splitvt' exploit for Linux you mean... Super hacker friend not been around much? > You can go to jail warning: It is illegal to break into a computer even if > you do no harm. The only Uberhackers I know of are so talented, and also so > careful to do no harm, that only another Uberhacker would ever know one had > broken into a computer. But if you are reading this to find out how to Hypocrisy Alert! What did she say?!