A highly newbie question.

[tzahi.ml2 at gmail.com (tzahi mltwo)]

Thank you for your help!
I already started to read the SANS document, it looks very relevant and
interesting.


On 11/22/07, Ryan Lindfield <ryan at westchasetech.com> wrote:
>  Hello Tzahi,
> There is a good book called "Hacking, The art of Eploitation" which would
> be right up your alley.There are a number of papers scattered across
> the web as well. But for a short quick answer.. Pick up a fuzzer, Peach Fuzz
> seems to be popular, pick an application that you want to attack, and send
> it data via different input vectors until the application breaks. Once it
> breaks, then it's time to use your debugger and see what exactly happened
> under the hood. I'm sure if you know assembly that you understand the
> importance EIP and why we want to gain control of it.
>
> I would say, for best results pick an obscure application that not many
> people are using. The idea is that all of your popular applications and
> services have been combed through by hundreds of people before you. My
> thought process here is that you'll have the most luck if you select an
> oddball application that others haven't beaten up to badly yet, and if
> you're lucky there might be something easy or obvious :)
>
> Check the SANS Reading Room for a paper called "*Stack Based Overflows:
> Detect & Exploit" *it may be useful to you as well.
>
> HTH,
> Ryan
>
>
> ----- Original Message -----
> *From:* tzahi mltwo <tzahi.ml2 at gmail.com>
> *To:* framework at metasploit.com
> *Sent:* Thursday, November 22, 2007 8:11 AM
> *Subject:* [framework] A highly newbie question.
>
>
> Hi All,
> I wish to study the art of hacking.
> I am a windows kernel drivers developer so i am not new to coding and i
> know more or less assembly.
> I am working on a security product.
> I managed to run and use successfuly Metasploit 2.7 and 3 as a bonnafied
> script-kiddie :).
> However, I wish to learn how hacking is being actually done.
> Taking as a case study the warftpd-user exploit in metasploit i wish to
> recreate the method in which the original hacker found the exploit.
> I installed windbg for starters and the first thing that comes to mind, is
> how to break point on the "USER" command to see what metasploit is doing on
> the stack.
> Can anyone refer me to some tutorials or comment on what he would have
> done to recreate this and how to see what metasploit is doing?
>
> Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071122/e43df07c/attachment.htm>