Finding exploits
- Thread starter dotface
- Start date
Asphyxia.Cell
Member
- Aug 13, 2015
- 25
- 28
- 45
There is nothing short of practice that will get you the answers you are seeking unfortunately. The power of having a group of people all talented in certain areas is probably the most important aspect. You were right in saying "guys" we don't usually find the security issues alone. When people team up with multiple skilful backgrounds, experiences and shared knowledge --- you all just openly communicate problems, collectively each person can aid in solving the puzzle in order to bring forward a solution --- a newfound vulnerability or Proof of Concept exploit depending on what the task is. The first step is really just diving straight into the target, swimming in it. Picture the target software like an ocean and you are part of an exploration dive team hunting for any signs of treasure, you must exhaust your efforts in finding the treasure when you see even the smallest of clues which could lead you to spending an hour or more to find out there is no treasure, sometimes you find the treasure quickly and many times the best treasure involves finding a clue, figuring out there is more and a lot of time is spent extracting all of the treasure or carefully creating an example exploit (preferably harmless).
To summarize this, years and years of experience. Countless nights of staying awake until we have passed out and extreme dedication to our passionate field of research is what allows us to find any issues we do find. If there was an easy way to do it, we would gladly share it. It really isn't simple to explain though. It is very dynamic, there is no static way to hunt for what we look for.
I am more experienced with website vulnerabilities for example. That knowledge does actually apply very much to the RFI vulnerability. I am also knowledgeable of how many malicious infecting softwares work, that allows me to know where one would need to place a batch or executable file once a RFI and directory traversal issue are found. At the end of the day, I contributed maybe 20% (not much) to the RFI research. There were 3 others, I won't mention them unless they want to be mentioned.
To summarize this, years and years of experience. Countless nights of staying awake until we have passed out and extreme dedication to our passionate field of research is what allows us to find any issues we do find. If there was an easy way to do it, we would gladly share it. It really isn't simple to explain though. It is very dynamic, there is no static way to hunt for what we look for.
I am more experienced with website vulnerabilities for example. That knowledge does actually apply very much to the RFI vulnerability. I am also knowledgeable of how many malicious infecting softwares work, that allows me to know where one would need to place a batch or executable file once a RFI and directory traversal issue are found. At the end of the day, I contributed maybe 20% (not much) to the RFI research. There were 3 others, I won't mention them unless they want to be mentioned.
dotface
Member
- Sep 12, 2015
- 21
- 13
- 38
- Thread starter
- #5
Sure I understand this, but I guess I'm not the only one who's also interested in this.
I'm sure there are "talented" peoples around but everyone started anywhere and that's my point.
For example I would love to know how you guys found out about the "crash anyone one Server exploit", which tools did you use, which background knowledge I need...where can I start
I'm already into cracking .net applications a bit, well that's actually "no big" deal if it got no protection but I'd love to know how to modify c#/c++ Applications like Teamspeak. Well I played a bit with Hex-Editing and CheatEngine but that's just scratching on the surface I think.
My point is, I want to be a part of this scene, I need tutorials...etc can anyone do this?
I'm sure there are "talented" peoples around but everyone started anywhere and that's my point.
For example I would love to know how you guys found out about the "crash anyone one Server exploit", which tools did you use, which background knowledge I need...where can I start
I'm already into cracking .net applications a bit, well that's actually "no big" deal if it got no protection but I'd love to know how to modify c#/c++ Applications like Teamspeak. Well I played a bit with Hex-Editing and CheatEngine but that's just scratching on the surface I think.
My point is, I want to be a part of this scene, I need tutorials...etc can anyone do this?
Supervisor
Administrator
- Apr 27, 2015
- 1,863
- 2,546
- 335
Well, I think the biggest qualification is interest and curiosity. Ex: You discover an error by accident.. you should then ask yourself. .
So it is all about trial and error. If you give up after the first 30 min, then you won't find anything. The more people you are - the more ideas you have on what to try to exploit the bug. So you can find a bug without any skills necessary. This is basically it. Writing a program to exploit it is only the last step.To wrap it together: Its all teamwork! Before I forget, secrecy to the outside is also important, otherwise your bug will be fixed before you have a working exploit!
Last edited:
0day
Contributor
- Oct 16, 2015
- 140
- 268
- 148
I recommend looking into IDA, OLLYDBG and ReClass. Learning about assembly and why things look the way they do on those crazy dis-assemblers. There is a plethora of information out there my friend. Google by far will always be your best friend, coupled with your desire to learn and a little luck sometimes. It never hurts to have a great background in the computer sciences and a well founded understanding of how programming in itself works. Throughout my career in penetration testing I have also found that understanding how the human mind works and more specifically (how it does not) will always work in your favor. For instance, if you have a specific programming language you like, start looking at your own code, see where you make silly mistakes; start looking at other peoples code, see where they make mistakes.... After a while you start to draw on a pool of what seems like useless knowledge to find that next big thing.
But don't take my word for it, find out yourself!
After all, I am just some random new guy here
Have a great day!
By the way, I sparsely proof read this whole post, please forgive any grammar errors or crazy typos. I'm really tired and quite lazy right now lol.
It never hurts to have a great background in the computer sciences and a well founded understanding of how programming in itself works. Throughout my career in penetration testing I have also found that understanding how the human mind works and more specifically (how it does not) will always work in your favor. For instance, if you have a specific programming language you like, start looking at your own code, see where you make silly mistakes; start looking at other peoples code, see where they make mistakes.... After a while you start to draw on a pool of what seems like useless knowledge to find that next big thing. But don't take my word for it, find out yourself!
After all, I am just some random new guy here
Have a great day!
By the way, I sparsely proof read this whole post, please forgive any grammar errors or crazy typos. I'm really tired and quite lazy right now lol.