Jump to content

Creating Exploits


Recommended Posts

Hey, I'm interested in creating exploits from scratch as a bit of a hobby. I'm a software developer and I do a bit of testing and production debugging on a daily basis. So this involves taking memory dumps and slogging through them etc.

I've always been interested in computer security so this seems like a natural fit for me. I'd also like to eventually get a job production debugging and need to work on my unmanaged code debugging (all the stuff thus far has been .net).

I'm looking for some general information on how to approach the creation of an exploit.

I suppose I could write a program with a known bug in it myself and test that, but for the sake of argument lets say I wanted to test QuickTime.

So far what I've done is create a fuzzer that randomly flips bits in a h264 video. My next step is to create a tool to script QuickTime to connect over and over to this service. I may also do the same on the iphone.

What I'd then like to do is record memory snapshots whenever QuickTime crashes, and work backwards from this snapshot in order to try and inject a payload. I was thinking about researching pageheap.exe, and using it to ensure it crashes right at the point of failure. I was also thinking about using ADPlus to capture the actual crash. Then I'd go through the dump with windbg. I'd then be looking at areas of the heap where my crash could be exploitable and try to 'spray' those areas with malicious code.

Of course never having actually done this before I'm sure it's a lot harder than it sounds. Can any of you guys give me some advice on what tools to research, or some tutorials where people have created exploits? Has anyone here done something similar? Did you follow the same basic process (fuzzing, analyzing dumps, spraying heap)?

Thanks for any info.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...