padjoy

Finding vulnerabilities

14 posts in this topic

:ninja: hi everyone! can anyone answer my question plz? i just want to know how to find vulnerabilities(or something like that) just like what the title says. if anyone can help me plz reply. :ninja:
0

Share this post


Link to post
Share on other sites

Do you want to search for the vulnerabilities yourself, or do you want to have a website listing them?

0

Share this post


Link to post
Share on other sites

If it's the first, learn assembly and play with fuzzers.

By the way, please don't write plz.

0

Share this post


Link to post
Share on other sites
plz plz plz

You are a funny one aren't you.

So you want to find vulnerabilities... well, let's start at step 1.

You have to use creativeness and think like a programmer... (pretty close definition to what a hacker is).

And like IronGeek said, "If it's the first, learn assembly and play with fuzzers."

Learning assembly will get you really far. But also... you can always just go with trial and error, and input unexpected data... such as nothing at all (blank), very large ammount of data, or a string when it asks for a number, etc.

Also, reading about Buffer Overflow Exploitation, very interesting concept.

Buffer Overflow exploitation is very fun to mess around with, however... it's going to be dead soon.

Edited by ansichart
0

Share this post


Link to post
Share on other sites

Stop, take 12 steps backwards and try to assess what it is you want to do. Say you find a vulnerability, what could you do with it? If you don't know what they are or how to find them, you're not going to know what to do with it. This is not a top-down kind of thing, you can't start with the more complex action and learn your way down. You have to start with the most fundamental and learn your way up. Learn to program (well), then ask yourself this question again.

0

Share this post


Link to post
Share on other sites

This above addvice is what i did before i even thought about looking for vulnerabilities, Now i see vulnerabilities all over the place.

But i do not know if it's just me, but when your new to coding/hacking you want to take addvantage of all these vulnerabilities, but once you have the knowledge and can easy find them, i seem less interested in taking addvantage.

0

Share this post


Link to post
Share on other sites

Start by scan with a port scan to find open port eg is nmap like: nmap 203.65.39.20 -O this will tell you the ports open as well has the OS, next try connecting to the ports that are open like 21(ftp), to connect use telnet : telnet 203.65.39.20 21 this will give you the banner like proftp version 1.2.7 etc, next goto milworn,insecure eg and find a exploit for that port and version, run that exploit, the rest is then up to you

hope it helps

0

Share this post


Link to post
Share on other sites

Here's some advice that I personally think is very good. Instead of looking for vulnerabilities start by learning a scripting language such as PHP, ASP, or Perl. Then read a book like Hacking Web Applications Exposed. Then go on the web and download some free scripts that webamsters used for things like logs, shopping carts, mailing list, etc. These kind of applications are likely written by one person and did not go through a lot of testing. Then play around with Fuzzers and see if you can make the applications crash or do something they're not supposed to. Then read a book or article that teaches you how to write exploit code, shell code, buffer overflows, etc. A good one in my opinion is Hacking: The Art of Exploitation. Download the Metasploit Framework and get familiar with that and how to use it to write exploits. And all of this will probably take you about 6 months to a year to learn and master. and by this time you probably will still not be able to write your own effective exploits. So basically it takes a lot of time, reading, learning, and experimenting. good luck.

0

Share this post


Link to post
Share on other sites

If you attempt to learn a programming language to exploit you probably wont be very good at it. Finding bugs and exploiting them in a byproduct of understanding the language and having a good understanding of the environment that it is in. Most people who learn to exploit don't get this deep level of understanding but instead focus on the surface only learning how to exploit very obvious bugs. When it takes some creativity to actually exploit it they are unable to do so because they only have enough understanding to exploit within specific circumstances.

0

Share this post


Link to post
Share on other sites

Learn C -- Once you've leapt over that hurdle, come back, and ask again.

0

Share this post


Link to post
Share on other sites

I can't even call myself a skiddie its sad. I can't seem to get past the basics in coding ... I feel like I hit a brick wall when it comes to programing. I think its the ADD but I know ( from experience ) if i have a need to learn it I can pick it up most the time quicker then others but sort of bass ackkward ... I hope once I get a entry level security job I can make the jump into hard core perl php etc.

Edited by operat0r
0

Share this post


Link to post
Share on other sites
I can't even call myself a skiddie its sad. I can't seem to get past the basics in coding ... I feel like I hit a brick wall when it comes to programing. I think its the ADD but I know ( from experience ) if i have a need to learn it I can pick it up most the time quicker then others but sort of bass ackkward ... I hope once I get a entry level security job I can make the jump into hard core perl php etc.

People here can help answer your questions about programming, so you should just ask.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now