No announcement yet.

exploits 'n patches

  • Filter
  • Time
  • Show
Clear All
new posts

  • exploits 'n patches

    I'm really curious..

    How can you find a hole in program, server or what? Is it usualy accidental ? What knowledge you must have to discover a hole? Programming i think.. ?
    And how leet you must be to write a patch ? Or is it easy to write it? (i don't think so)

    And.. i don't have any evil plans! I'm just addicted to asking.. :)
    .: Look, there's two women fucking a polar bear! :.

  • #2
    You have to be super duper "leet" as you put it :)
    DC541 - (linuxscripto) contact


    • #3
      General rule: If its a microshaft product, it has problems....some are worse than others, and although it is not generally acceptable in many forms to do so (always read ToS before you do this) I took the software apart and studied the code, coding since I was young I've spent many years in a few languages that I feel are critical if you wish to learn security, take things apart, and write patches... those are C/C++, assembly, and VB - the rest will fall into place. 0versight had a valid point, learning the OS to the point where you can navigate through the registry without any hesitation is a good start. a good start to C/C++ for newbies is TICPP+ and you can download the book + code examples in many places on the net free of charge.


      • #4
        I won't speak on any matter with authority, but understanding basic programming concepts and examining the source code of programs is always a good start. There are some fairly common exploits made from programs that do not manage and limit their memory properly. Programs that overrun the boundaries of a malloc() memory allocation, touches a memory allocation that has been released by free(), or attempts to read/write to an inaccessible pages resulting in segmentation faults are generally offensive programs that could result in a compromised security of your system. There are several memory debugging tools available that will help you detect these scenarios.

        Patching is most often simply modifying the ill-designed routine to correct the offensive behavior and recompiling.

        As far as windows systems go, an in-depth understanding of system debugging tools like IDA or SoftIce combined with a working knowledge of PE structure, assembler, and hex editing is required to modify routines of an offensive software application resulting in a binary rewrite of the executable.