Vulnerability Development mailing list archives
Re: Techniques for Vulneability discovery
From: "Florian Hobelsberger / BlueScreen" <genius28 () gmx de>
Date: Fri, 5 Apr 2002 14:14:00 +0200
I am not yet to be considered as professional, so don't overweight my way to find things ;) But I mostly use some kind of this procedure: - I take a piece of software - If there is a source code availabe (open source), i usually have a look at it to find logical (like missing examinations of user input etc.) or other programming mistakes (like buffer assignments which could lead to buffer overflows) - if there is no source code availabe, i have a look at the output of the programs and scripts and their behavior. Then i try to find out in mind how it could work (for example: Do some scripts just use simple shell commands ?). Also (like in PHP Scripts) i have a look if it includes other files. Also, just try to insert XSS. - if i don't know anything about it, i just have a try with using "bruteforce" (mostly for buffer overflows). Mostly i do this manually by just sending via pipes or Clipboard a lot of "A"s.To check the clients i open a netcat shell on a specific port or use my (or tSR's ;) own simple software which just sends a lot of "A"s after the client connected or did certain things. - Always have a look what happens then ;) - In the end i / we try to find a way to exploit this ;) We will also write some more scripts and software to automate the process of finding vulnerabilites. Hopefully i could give you some good points. But i am looking forward to hear some more from other people on these lists.... ;) Greetings from Munich, ------------------------------------------------------- BlueScreen / Florian Hobelsberger (UIN: 101782087) Member of: www.IT-Checkpoint.net www.Hackeinsteiger.de www.DvLdW.de ================================================================== To encrypt classified messages, please download and use this PGP-Key: http://www.florian-hobelsberger.de/BlueScreen-PGP-PubKey.txt ==================================================================
Current thread:
- Techniques for Vulneability discovery kaipower (Apr 04)
- RE: Techniques for Vulnerability discovery Oliver Petruzel (Apr 05)
- Re[2]: Techniques for Vulnerability discovery dullien (Apr 06)
- Re[2]: Techniques for Vulnerability discovery dullien (Apr 06)
- RE: Techniques for Vulnerability discovery Leon (Apr 08)
- Re: Techniques for Vulneability discovery Florian Hobelsberger / BlueScreen (Apr 05)
- Re: Techniques for Vulneability discovery Josha Bronson (Apr 05)
- Re: Techniques for Vulneability discovery LS (Apr 05)
- RE: Techniques for Vulneability discovery Pedro Hugo (Apr 05)
- Re: RE: Techniques for Vulneability discovery LS (Apr 08)
- RE: Techniques for Vulneability discovery Pedro Hugo (Apr 05)
- RE: Techniques for Vulneability discovery Marc Maiffret (Apr 05)
- Re: Techniques for Vulneability discovery NoCoNFLiC (Apr 05)
- Re: Techniques for Vulneability discovery 3APA3A (Apr 06)
- Re: Techniques for Vulneability discovery Rafael Anschau (Apr 09)
- Re: Techniques for Vulneability discovery GomoR (Apr 09)
- RE: Techniques for Vulneability discovery David Hawley (Apr 10)
(Thread continues...)
- RE: Techniques for Vulnerability discovery Oliver Petruzel (Apr 05)