Metasploit mailing list archives
A highly newbie question.
From: ryan at westchasetech.com (Ryan Lindfield)
Date: Thu, 22 Nov 2007 09:27:26 -0500
Hello Tzahi, There is a good book called "Hacking, The art of Eploitation" which would be right up your alley.There are a number of papers scattered across the web as well. But for a short quick answer.. Pick up a fuzzer, Peach Fuzz seems to be popular, pick an application that you want to attack, and send it data via different input vectors until the application breaks. Once it breaks, then it's time to use your debugger and see what exactly happened under the hood. I'm sure if you know assembly that you understand the importance EIP and why we want to gain control of it. I would say, for best results pick an obscure application that not many people are using. The idea is that all of your popular applications and services have been combed through by hundreds of people before you. My thought process here is that you'll have the most luck if you select an oddball application that others haven't beaten up to badly yet, and if you're lucky there might be something easy or obvious :) Check the SANS Reading Room for a paper called "Stack Based Overflows: Detect & Exploit" it may be useful to you as well. HTH, Ryan ----- Original Message ----- From: tzahi mltwo To: framework at metasploit.com Sent: Thursday, November 22, 2007 8:11 AM Subject: [framework] A highly newbie question. Hi All, I wish to study the art of hacking. I am a windows kernel drivers developer so i am not new to coding and i know more or less assembly. I am working on a security product. I managed to run and use successfuly Metasploit 2.7 and 3 as a bonnafied script-kiddie :). However, I wish to learn how hacking is being actually done. Taking as a case study the warftpd-user exploit in metasploit i wish to recreate the method in which the original hacker found the exploit. I installed windbg for starters and the first thing that comes to mind, is how to break point on the "USER" command to see what metasploit is doing on the stack. Can anyone refer me to some tutorials or comment on what he would have done to recreate this and how to see what metasploit is doing? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071122/81283991/attachment.htm>
Current thread:
- A highly newbie question. tzahi mltwo (Nov 22)
- A highly newbie question. Ryan Lindfield (Nov 22)
- A highly newbie question. tzahi mltwo (Nov 22)
- A highly newbie question. Jerome Athias (Nov 22)
- A highly newbie question. Pusscat (Nov 26)
- A highly newbie question. Ryan Lindfield (Nov 22)