Jump to content

Recommended Posts

Posted

I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time.

I don't know anything about exploit development, so i have a question.

How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit.

Posted
I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time.

I don't know anything about exploit development, so i have a question.

How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit.

Well, the BSOD should give you an indication into what file it has a problem with, usually a driver, so that would be your starting point. I know shit about this stuff, but what I do know is that you should look into "fuzzing" and debugging the program to find places in memory to add exploit code. Offensive Security offers courses on this sort of thing and Mati is the guy you would want to learn from as he writes a lot of shell code and does egg hunting for exploits.

http://www.offensive-security.com/

Watch this video: http://www.offensive-security.com/videos/d..._controller.swf

Posted

thanks guys.

Any recommendations on a good fuzzing utility for win 7. Or is it something I would be better of doing by hand?

What would be the pro's/con's of each?

Posted

Well since you already got it to crash, fuzzing isn't necessary. Attach Olly or another debugger to whatever it is that's crashing and see what actually goes down...

Posted

Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P

Posted
Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P

Yup, it would be a 0day.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...