Re: Techniques for Vulneability discovery

["Florian Hobelsberger / BlueScreen" <genius28 () gmx de>]

I am not yet to be considered as professional, so don't overweight my way to
find things ;)

But I mostly use some kind of this procedure:
- I take a piece of software
- If there is a source code availabe (open source), i  usually have a look
at it to find logical (like missing examinations of user input etc.) or
other programming mistakes (like buffer assignments which could lead to
buffer overflows)
- if there is no source code availabe, i have a look at the output of the
programs and scripts and their behavior. Then i try to find out in mind how
it could work (for example: Do some scripts just use simple shell commands
?). Also (like in  PHP Scripts) i have a look if it includes other files.
Also, just try to insert XSS.
- if i don't know anything about it, i just have a try with using
"bruteforce" (mostly for buffer overflows). Mostly i do this manually by
just sending via pipes or Clipboard a lot of "A"s.To check the clients i
open a netcat shell on a specific port or use my (or tSR's ;) own simple
software which just sends a lot of "A"s after the client connected or did
certain things.
- Always have a look what happens then ;)
- In the end i / we try to find a way to exploit this ;)

We will also write some more scripts and software to automate the process of
finding vulnerabilites.

Hopefully i could give you some good points. But i am looking forward to
hear some more from other people on these lists.... ;)

Greetings from Munich,

-------------------------------------------------------
BlueScreen / Florian Hobelsberger (UIN: 101782087)
Member of:
www.IT-Checkpoint.net
www.Hackeinsteiger.de
www.DvLdW.de

==================================================================
To encrypt classified messages, please download and use this PGP-Key:

http://www.florian-hobelsberger.de/BlueScreen-PGP-PubKey.txt
==================================================================