April 18th, 2003, 06:59 PM
When a group discovers exploits they usually put out code to use it. How does one use this? EXplain the whole exploit thing please.
"Where the tree of knowledge stands, there is always paradise": thus speak the oldest and the youngest serpents.
- Friedrich Nietzsche
April 18th, 2003, 09:29 PM
I got a 404 when going to that site, but let me explain anyway.
The exploits' codes that are released better show the vulnerable person and developers what part of their system/program is messed up. That way they can patch that hole so that the same things do not work again. However, you do not _use_ the exploits, or at least you don't ask about those here. If anything, using them should only be to test your own or a friends' security, and then to fix it.
April 19th, 2003, 06:05 AM
First - You'll find that the vast majority of exploits are meant to be launched from a UNIX box (including Linux, *BSD, etc.) reguardless of the target host. Most written in C will compile with ....
% make progname (where progname is the name of the file minus the .c extension).
For example if you have a C source file named rpcexploit.c, you would do...
% make rpcexploit
-- OR ---
You can do one of the following...
% cc -o rpcexploit rpcexploit.c -lcrypt
% gcc -o rpcexploit rpcexploit.c -lcrypt
(Note: the -lcrypt argument may not be required, but generally does not produce an error )
Second - Lauching the compiled program can be done with one of the following on most UNIX's
--- or ----
The latter is more common on BSD and Linux systems because they typically do not include the current directory (.) in
the $PATH, which is more secure.
Third - Most exploits have some type of compile and usage instructions along with additional notes in the header of the file.
Fourth - If you are going to get into security programming where exploits are concerned you should grab a free UNIX clone like one the BSD's or Linux, and learn C, Perl, and AT&T Assmebler as well as socket and kernel programming. Without
this knowledge reguardless of which side of the Force you are on, you will be little more than a scrippt kiddie not matter what your intentions.
Fifth - As I am certain most people will tell you here at A.O.; only use these exploits on systems that belong to you. And more improtantaly they should not be reachable by any computers outside your network. In the begining until you have learned more about exploits, and programming you will have no idea what the code you are using does, and even if you use it on a system with the owners permission you may be opening them up to 'Real - Hackers' which would no doubt be unwelcome.
Sixth - There are a ton of security sites on the internet including this one. In my personal opinion though, you should head over to http://packetstormsecurity.nl/ and read everything they have that interests you and from there your knowledge should be deep enough to begin refining your interests.
Last - I hope that you will use your new found knowledge to imrpove security for those less fortunate in their knowledge and understanding, and become an advocate of internet privacy.
If you are inclined to do illegal hacking, I would highly recomment that you read Everything a hacker needs to know about getting busted - by Agent Steel which lays out the cold hard facts about getting busted prior to doing ANYTHING.
Hope that helps
Get OpenSolaris http://www.opensolaris.org/
April 19th, 2003, 06:30 AM
Hjack said: "When a group discovers exploits they usually put out code to use it. How does one use this? Explain the whole exploit thing please." Since I got a 404 on the site im assumeing it has some open source exploits. So you wanna know how to use it? Well if its nothing but code... first put the code into a text editor or whatever you would normally use to place your code then compile it with a compiler for whatever language its done in. How you use them really deppends on what OS, what type of exploits, & (ect).