Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Discovery of Vulnerabilities??

  1. August 13th, 2003, 06:00 PM #11
    Maestr0
    Maestr0 is offline
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    When looking for Win32 vulns MSDN can be a big help much of the OS is documented and learning the MFC has lots of goodies. Most of it involves relentless scouring of .DLL's, disassembling them and then checking all the functions for data validation and sanity checks. Also the use of packet crafters can be handy for creating malformed packets to see how software responds to intentional violations of buffers,data types,etc.


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
    Reply With Quote Reply With Quote
  2. August 13th, 2003, 08:53 PM #12
    alphabetarian
    alphabetarian is offline
    Senior Member
    Join Date
    Jul 2002
    Posts
    117
    Now things are starting to make sense... Thanks Maestr0
    Reply With Quote Reply With Quote
  3. August 13th, 2003, 10:16 PM #13
    Cerveza
    Cerveza is offline
    Banned
    Join Date
    Apr 2003
    Posts
    55
    - Accidentally - for example when a 3rd party company develops a client with a bug in, and discovers that this client bug activates a server bug which is exploitable
    - Source code analysis - the owners of the source or someone else manually or automatically scan the source code for problems
    - "Fuzzers" - these are programs which deliberately throw junk at network servers.
    I would like to add to this list two things:
    - Trial and error
    - Thinking like an attacker

    They are closely related I might add.

    Buffer Overflows are very popular since the (in)famous paper 'smashing the stack....." was released.
    They basicly work like this: put the half empty glass and the half full glass together and add a drop, the glass will overflow.
    Many people are to impatient to just add one drop a time so they drop another glass in the allready full glass and post their overflow to a mailing list like vuln-dev waiting for someone to calculate where the glass gets overflown.

    To think like an attacker you would start for example with something like 'how will i get internet explorer to open calculator when someone browses my site'. You study all code that is available to you, MSDN (like mentioned) Javascript/VB referances and try and try and try. Eventually you will find something (or not).

    To give away a little: set up a site with a WMP player file on it and set your IE to high regarding scripts and stuff.
    Now visit the url that will play the file. Some javascript prompts will pop-up. For example type yes (allow) on the first one and no (deny) on the second one. A pop up will apear telling you a 'stack overflow has occured'.

    Well I hope this has explained a bit
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules