A Challenge to the Naysayers

[siamhie]

But post 42 has one. Three, two, one, GO!

siamhie gets out of bed way too early if the time of the snapshot is anything to go by.

I think it was one of those mornings where I thought I might as well do something while making a pot of coffee

[siamhie]

But post 42 has one. Three, two, one, GO!

I'm not seeing anything different in my QSI from everyone else who posts theirs. What do you see?

[aika]

Here is my QSI:

Code: Select all

System:
  Kernel: 6.6.12-1-liquorix-amd64 [6.6-16~mx23ahs] ...

=> https://www.cvedetails.com/version/1756 ... .6-16.html
=> https://www.cvedetails.com/vulnerabilit ... .6.12.html
If you know the exact kernel version, you can easily find some CVE's for selecting appropriate Metasploit modules.

[DukeComposed]

If you know the exact kernel version, you can easily find some CVE's for selecting appropriate Metasploit modules.

OK. Then what?

Thirty years ago the most common way for home users to connect to the Internet was over PPP: you plugged a phone line into your computer and authenticated against your local ISP. That ISP would assign you an IP address and that was how you'd get to yahoo.com or GeoCities or your AngelFire page. A fun way to knock someone offline was to use a freeware utility called WinNuke, which exploited a widespread Windows 95 kernel bug on, if I remember it correctly, 135/tcp. It might have been 138/tcp. If you knew someone's IP address, it was highly probable you could invoke a blue screen of death on their PC remotely. There was no way to prevent this, unless you downloaded and installed the free version of the third-party ZoneAlarm packet filter utility.

That was thirty years ago.

Similar issues plagued Windows until Windows XP Service Pack 2, which enabled a packet filter by default.

That was over twenty years ago.

Let's say I know your exact kernel version. Let's say I grab your QSI and build an identical system I can use for target practice. Let's say I craft a functional Metasploit payload to do something nefarious on any machine with that configuration.

OK. Then what?

I'd still have to know your IP address. Let's say I buy the MX Linux forum server's ISP, or bribe the sysadmin. OK, now I can match your forums logins to an IP address. Mwah-ha-ha!

OK. Then what?

I'd still have to deliver that payload. These days people don't use dial-up anymore. They typically end up buying or renting an always-on cable modem from their ISP and that modem acts as a gateway, which gives the home user internal NAT addresses which the cable modem forwards to the ISP and then to the Internet at large.

OK. Then what?

In order for me to do mean, nasty things to your machine, which I can absolutely do thanks to Metasploit and the QSI you've proffered, I would still need to figure out how to get your cable modem to forward the malicious packets to your machine. if that were easy to do, Russian bots would be doing it constantly.

OK. Then what?

If you're running MX 23 (or later, I presume), your firewall is enabled by default, so some random kernel vulnerability on a local port that's listening on 0.0.0.0 for no good reason wouldn't even be an option unless you've explicitly allowed it in the firewall and forwarded it correctly in the cable modem config. (This assumes I haven't found out how to remotely enable god mode on your modem. If I do, I'll prove it by making the front lights blink messages to you like "CALL YOUR MOM" in Morse code[0].)

I could set up a honeytrap. I could build a website and entice you to visit it somehow. Possibly by purchasing advertising on the MX Linux forum ISP I just bought. When you visit it, I could exploit your browser to load malware onto it. Except your QSI doesn't divulge which browser you use, so I really could have just started at buying the ISP and looked at your user agent info and gone from there. The info in your QSI isn't even a relevant factor now.

OK. Then what?

Then we have to start realizing that in the 21st century basic endpoint protections prevent the kind of shell popping that we all were taught was perilously easy in the 1980s and 1990s where if anyone knew your IP they could completely destroy your life, livelihood, and peace of mind. A dedicated attacker is not going to hang out on a volunteer forum waiting for FunkyDude22 to slip up and share his kernel version because he has an NVIDIA driver complaint just so they can maybe someday get his bank's login creds if they play their cards juuust right. I think a lot of people are having "I'm the Main Character" Syndrome and are worried about laser-focused spearphishing attacks by a Mossad-class adversary purely from providing generic, anonymized diagnostic details on an anonymous Linux forum in a day and age when they're far more likely to get an unsolicited text message from "Alice" or "Jessica" that can end up emptying out their bank account.

As a wise man once said many decades ago, "If the Mossad want to get you, they're gonna get you and there's nothing you can do about it." Don't post your QSI if you don't want to post. That's fine. The easiest way to do that is to not ask for free help here in the first place.

[0] -.-. ._ _... _... / -.-- --- -.. ._. / -- --- -- is "CABB YODR MOM". No one said this was an exact science.

[aika]

... OK. Then what?

I'd still have to know your IP address ...

Which I could easily read using JavaScript+PHP after attracting you to my homepage

For example, I don't use a cable modem and my active firewall keeps 2 ports open for LinPhone.

... A dedicated attacker is not going to hang out on a volunteer forum waiting for FunkyDude22 to slip up and share his kernel version ...

But maybe FunkyDude22 had over 2000 posts in another Linux forum and doesn't want to be detected via QSI? QSI could only be displayed visibly for forum members, similar to image attachments.

[DukeComposed]

I'd still have to know your IP address ...

Which I could easily read using JavaScript+PHP after attracting you to my homepage

Sigh... I'll take "Didn't Bother Reading the Whole Thing" for $200.

Bozo bit hereby flipped.

[aika]

... I'll take "Didn't Bother Reading the Whole Thing" for $200 ...

I took the trouble to install the Firefox add-on "DeepL-translator" for your English irony . But a woman who was an amateur radio operator in her youth has no problems with Morse code.

[Eadwine Rose]

But post 42 has one. Three, two, one, GO!

I'm not seeing anything different in my QSI from everyone else who posts theirs. What do you see?

I think you missed my intent, which was pointing out your QSI for people to get back on topic.


Looks like this topic has outlived its usefulness, and is therefore now closed.