-
learn about exploits
Ok here is the deal...all these months i have been rtfming a lot..i am really interested in security of networks but so far i never tried to do sth more than reading and...scanning a couple of ip's...i think i should learn more things concerning the use of exploits and other ways to bypass systems not for playing or revenging but in order to learn more about security.. i constantly patch my linux box,i use firewall but i know nothing practical about the bypassing of firewalls so that i am able to take countermeasures..hope you get me...i have an old pentium I and a new pentium IV.. should i use them for experimenting ? and how exactly shall i do that (this is not a lame questino just a question of smb that tries to put into practise things he learnt without doing sth illegal)... and also how could i experiment on taking action remotely (bypassing firewalls.footprinting) without doing anything illegal? I hope you help me....
PS: i am not a scriptkiddie,haxxor,etc...see my posts
PS2: :confused:
PS3:i repeat it:i just want to learn in order to become better..i dont have other intentions :cool:
-
check these links for more info:
http://neworder.box.sk/
http://www.packetstormsecurity.org/
there are dozens more, but these will have something interesting for you, i think...
-
Do you know c?
A common exploit found are buffer overflows, if you have a grasp of c and computer architecture you could actually practice this. Im not sure how much of a value it would be to you. Its not like you can go thourgh your system find out all the process running, look at all there source codes, and determine if your system is safe. The only real value is if you are a coder and you want to make safe and secure programs, you will learn what not to do. Or if your a code auditor.
If your just wanted to know what the best way to protect you really need to understand the complete architecture of your network. Start with the firewall. You need to know this one like the back of your hand as it is usually the first line of defense.
-
Foa thanks...ok i just started learning c..concerning buffer overflows...i only know theoretically things...is there any good tute about how they specifically work?
PS:i checked the pages..a lot of stuff to read!thanks...
-
GOOGLE -> "Smashing the stack for fun and profit"
GOOGLE -> "core-sec abo paper"
The first one is a really good paper that walks you through exploiting a simple buffer overflow, the second one goes into more advanced techniques.
-
I recommend you surfing around on www.phrack.org a bit. There they have articles (such as the Smashing the stack for fun and profit).
Its also a good place to learn the theory behind things as opposed to just downloading script kiddie tools from random h4x0r sites.
-
thanks for links i just read them....now getting a bit more indepth....can i ask also sth else? I read about a new vulnerability in linux kernel concerning also my box...is thre anything i can do generally but waiting for suse to make a patch????thanks again for replies...:D
-
I would advise you to learn a programing language as well.
Perlscript/Perl/C/c++/Vb/Delphi/Cgi/Etc.
There are alot of exploits, That I have wrote utilizing "cgi".
There alot of tools for implenmenting expliots as well.
-
I learn programming that is not the deal...what i needed was to see some source codes and how they work...now things are better i think...:D
PS:could you PM your exploit in cgi????That would be of great assistance....
-
http://www.securiteam.com/exploits/archive.html
http://www.hoobie.net/security/exploits/
http://www.k-otik.com/exploits/
http://www.netsys.com/cgi-bin/listfiles.cgi?c=3
http://www.outpost9.com/exploits/
http://www.phreak.org/html/exploits.shtml
http://www.linux-sec.net/Exploits/ (links to various exploit sites)
That is only a small fraction produced from a simple Google search of "exploits"
You could even refine the search to get results more specific to what you want to find.
Google is your best friend.
There are TONS of exploits there, all with source code (most of them anyways).
Have fun :)
Remember to keep it legal.
Later,
mjk