Government Security
Network Security Resources

Jump to content


How Can I Discover An Exploit?

  • Please log in to reply
6 replies to this topic

#1 DrVictor



  • Members
  • 11 posts

Posted 04 January 2011 - 03:24 PM

I read alot about exploits, and i wanna know how can one do the "exploiting".
what i do know is that it will be really hard Posted Image.
Knowledge is Power!

#2 aelphaeis_mangarae



  • Sergeant Major
  • 973 posts

Posted 04 January 2011 - 05:53 PM

The answer to your question is quite simple, you must understand and study what is it you are trying to exploit.
Then read up on exploitation of what you are specifically trying to exploit to get some idea of how other people have done it then go from there.

If your planning on exploiting web application vulnerabilities for example then you need to have a good knowledge of PHP, ASP.NET (C#), SQL, Databasing, Javascript and web application technologies. If you think your going to be able to do some decent exploitation (any more than mediocre stuff) with out knowledge and understanding of what you are trying to do then forget it. There are plenty of papers on most of the publicly known types of vulnerabilities that you can learn from.

#3 Edu


    First Sergeant

  • Members
  • 2,269 posts

Posted 05 January 2011 - 07:06 AM

the best is always to begin with the simple and easier stuff. Vulns like XSS, SQL injections in websites that are not popular and the programmers doesnt put security as a priority are usually easier and more likely to contain vulns. you can use vulnerability scanners that automate the job for you, so you can understand what has been found, why the vuln exists and how you can exploit that.

Finding and exploiting vulnerabilities in Operating systems and softwares can be harder, but the impact is usually much greater. you need to understand how both the software and the Operating system where it is installed work, how their security is implemented, what you could do to bypass it and finally know the common types of vulnerabilities such as buffer overflows and perform research to try and find a vulnerability in the program. Within this kind of vuln, usually the program will freeze and eventually crash, and that could be a potential indicator that you found an exploitable vuln. After that you will have to overcome both operating system and software specific security measures to preotect against successfull exploitation of vulnerabilities. These protections usually blocks code execution so you can only crash the affected software upon exploiting a vuln, so that you would need to bypass them. Luckily people shared articles on how to defeat the protections. Just remember that public stuff usually gets known by Vendors and they eventually patch their system/softwares.

You should get yourself some vulnerable applications and a working exploit code (if the application has been patched, get the version that is still vulnerable) to see what happens, how it happens and what has been done to successfully exploit the vuln. that is a good start too ;) - Secumania security blog.

Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for members only! click here to get it!

#4 DrVictor



  • Members
  • 11 posts

Posted 05 January 2011 - 12:06 PM

thnX, i start by learning PHP and ASP.NET, and at the same time i'll exploit vulnerable Apps just to get a little knowledge about how the scenario of exploiting goes.
Knowledge is Power!

#5 infiltrator


    Staff Sergeant

  • Sergeant Major
  • 421 posts

Posted 09 January 2011 - 05:39 PM

i don't know if you have heard of this book, but apparently its good.

Hacking: The Art of Exploitation.

#6 bonarez


    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 10 January 2011 - 09:51 AM

i don't know if you have heard of this book, but apparently its good.

I have the first print of this book. It's very good but it does not cover webapp pentesting. Still a very good read on buffer overflows, ret2libc, formatstrings.. stuff like that. Good intro into encryption too.

Come to think of it I think I'll buy latest print, should be interesting enough.
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#7 DrVictor



  • Members
  • 11 posts

Posted 11 January 2011 - 12:49 PM

Wow thnx Posted Image. i love those kind of books!
Knowledge is Power!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users