Well I have several questions to ask about this. How do people find exploits in a software program? do they just sit there and read over the code of it and try to figure out what can go wrong or is there some secret to it? What programs are used to find exploits in software?
finding exploits in a program
Started by
hidden_user
, Mar 04 2008 11:12 PM
6 replies to this topic
#1
hidden_user
-
- Members
-
- 13 posts
I broke 10 posts and all I got was this lousy title!
Posted 04 March 2008 - 11:12 PM
#2
livinded
-
- Agents of the Revolution
-
- 1,942 posts
Dangerous free thinker
- Location:~/
Posted 04 March 2008 - 11:53 PM
It depends on what you are looking for a vulnerability in and what kind of vulnerability. When you have source available, it is one of the ways that they can be found by not the only. One of the choices is fuzzing which is attempting to try unexpected input which the program may not handle correctly. Sometimes bugs are found just through normal use and they can later be confirmed as being exploitable. If you really want to understand how to find and exploit vulnerabilities, I'd suggest learning as much as you can about programming as it really is the only way to do so.
#3
teque
-
- Members
-
- 5 posts
Will I break 10 posts?
Posted 05 March 2008 - 02:38 PM
Some programs - Disassemblers (IDA Pro), Decompilers, Hex Editors, Resource Viewers, some Hacking Tools (check out http://sectools.org/), and on and on...
Consider looking into reverse engineering. Books such as "Reversing: Secrets of Reverse Engineering" and "
Hacking: The Art of Exploitation" -- these will cover things on how to identify structures, routines, etc.
Also, you may want to check out Fravia's labyrinth of knowledge at fravia.com
teque
Consider looking into reverse engineering. Books such as "Reversing: Secrets of Reverse Engineering" and "
Hacking: The Art of Exploitation" -- these will cover things on how to identify structures, routines, etc.
Also, you may want to check out Fravia's labyrinth of knowledge at fravia.com
teque
#4
hidden_user
-
- Members
-
- 13 posts
I broke 10 posts and all I got was this lousy title!
Posted 06 March 2008 - 06:44 PM
I got a friend of mine to lend me Reversing: Secrets of Reverse Engineering and it is really good and teaches you ASM as well. It shows lots of different ways to reverse engineer programs. thanks for the help.
#5
nullkraft
-
- Binrev Financier
-
- 284 posts
SUP3R 31337 P1MP
- Location:Think Heisenberg uncertainty principle.
Posted 13 March 2008 - 08:27 PM
Not much of a secret but it will take a bit of study. Look at the article from Phrack called "Smashing the stack for fun and profit." It's a timeless classic.
#6
JimmyRidge
-
- Members
-
- 40 posts
DDP Fan club member
- Location:513
Posted 06 April 2008 - 05:07 AM
howbout fuzzing?
#7
Poetic-Justice
-
- Members
-
- 70 posts
The phorce is with me!
Posted 06 April 2008 - 05:58 AM
http://yestoi.haktst...ngineering.html
There's a pretty good tutorial here, and read the books he suggests.
There's a pretty good tutorial here, and read the books he suggests.
BinRev is hosted by the great people at Lunarpages!
