Jump to content

Exploit Potential?


hypnotoad

Recommended Posts

I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time.

I don't know anything about exploit development, so i have a question.

How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit.

Link to comment
Share on other sites

I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time.

I don't know anything about exploit development, so i have a question.

How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit.

Well, the BSOD should give you an indication into what file it has a problem with, usually a driver, so that would be your starting point. I know shit about this stuff, but what I do know is that you should look into "fuzzing" and debugging the program to find places in memory to add exploit code. Offensive Security offers courses on this sort of thing and Mati is the guy you would want to learn from as he writes a lot of shell code and does egg hunting for exploits.

http://www.offensive-security.com/

Watch this video: http://www.offensive-security.com/videos/d..._controller.swf

Link to comment
Share on other sites

Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P

Link to comment
Share on other sites

Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P

Yup, it would be a 0day.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...