hypnotoad Posted March 14, 2010 Posted March 14, 2010 I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time. I don't know anything about exploit development, so i have a question. How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit. Quote
digip Posted March 15, 2010 Posted March 15, 2010 I have just found a persistent, reproducible, bug for a chat client on Windows 7 starter that causes a BSoD every time. I don't know anything about exploit development, so i have a question. How should I go about exploring the potential of turning this into an exploit, and if there is, how does one create an exploit. Well, the BSOD should give you an indication into what file it has a problem with, usually a driver, so that would be your starting point. I know shit about this stuff, but what I do know is that you should look into "fuzzing" and debugging the program to find places in memory to add exploit code. Offensive Security offers courses on this sort of thing and Mati is the guy you would want to learn from as he writes a lot of shell code and does egg hunting for exploits. http://www.offensive-security.com/ Watch this video: http://www.offensive-security.com/videos/d..._controller.swf Quote
H@L0_F00 Posted March 15, 2010 Posted March 15, 2010 I don't think fuzzing will be necessary since the bug is reproduceable already Quote
mubix Posted March 15, 2010 Posted March 15, 2010 Here is a quick link to some tutorials on how to progress: http://www.room362.com/mubixlinks/2009/12/...g-tutorial.html Quote
hypnotoad Posted March 15, 2010 Author Posted March 15, 2010 thanks guys. Any recommendations on a good fuzzing utility for win 7. Or is it something I would be better of doing by hand? What would be the pro's/con's of each? Quote
dr0p Posted March 15, 2010 Posted March 15, 2010 Well since you already got it to crash, fuzzing isn't necessary. Attach Olly or another debugger to whatever it is that's crashing and see what actually goes down... Quote
H@L0_F00 Posted March 16, 2010 Posted March 16, 2010 You need to debug the crash and see if any arbitrary code can be run from it. Quote
hypnotoad Posted March 16, 2010 Author Posted March 16, 2010 Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P Quote
dr0p Posted March 17, 2010 Posted March 17, 2010 Thanks for all the info guys, I'm going to play with this a lot more to see what I can come up with. I have found no reference to this bug on the dev's website, so.... if I manage to turn this into an exploit... would it be 0day? coz that would be cool :P Yup, it would be a 0day. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.