Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

A highly newbie question.

From: ryan at westchasetech.com (Ryan Lindfield)
Date: Thu, 22 Nov 2007 09:27:26 -0500
Hello Tzahi,
There is a good book called "Hacking, The art of Eploitation" which would be right up your alley.There are a number of 
papers scattered across the web as well. But for a short quick answer.. Pick up a fuzzer, Peach Fuzz seems to be 
popular, pick an application that you want to attack, and send it data via different input vectors until the 
application breaks. Once it breaks, then it's time to use your debugger and see what exactly happened under the hood. 
I'm sure if you know assembly that you understand the importance EIP and why we want to gain control of it.

I would say, for best results pick an obscure application that not many people are using. The idea is that all of your 
popular applications and services have been combed through by hundreds of people before you. My thought process here is 
that you'll have the most luck if you select an oddball application that others haven't beaten up to badly yet, and if 
you're lucky there might be something easy or obvious :)

Check the SANS Reading Room for a paper called "Stack Based Overflows: Detect & Exploit" it may be useful to you as 
well.

HTH,
Ryan

  ----- Original Message ----- 
  From: tzahi mltwo 
  To: framework at metasploit.com 
  Sent: Thursday, November 22, 2007 8:11 AM
  Subject: [framework] A highly newbie question.


  Hi All,
  I wish to study the art of hacking. 
  I am a windows kernel drivers developer so i am not new to coding and i know more or less assembly.
  I am working on a security product.
  I managed to run and use successfuly Metasploit 2.7 and 3 as a bonnafied script-kiddie :).
  However, I wish to learn how hacking is being actually done.
  Taking as a case study the warftpd-user exploit in metasploit i wish to recreate the method in which the original 
hacker found the exploit.
  I installed windbg for starters and the first thing that comes to mind, is how to break point on the "USER" command 
to see what metasploit is doing on the stack.
  Can anyone refer me to some tutorials or comment on what he would have done to recreate this and how to see what 
metasploit is doing?

  Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071122/81283991/attachment.htm>
Previous By Date Next
Previous By Thread Next

Current thread: