Exploits

General technological topics without their own forum go here

Exploits

Post by ChaosXIII on Fri Mar 19, 2010 9:15 pm
([msg=37107]see Exploits[/msg])

I have not done much research into exploits. I know of the existence of exploit databases such as milw0rm. But what programs are out there to apply them (I have recently been reprimanded for mentioning the use of metasploit.) I admit though that metasploit is incredibly noobish and very limited. What else is out there?
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: Exploits

Post by TravisAlan on Fri Mar 19, 2010 9:25 pm
([msg=37110]see Re: Exploits[/msg])

Write your own code based on an observed insecurity. It is the based way.
TravisAlan
New User
New User
 
Posts: 25
Joined: Sat Dec 12, 2009 9:19 pm
Blog: View Blog (0)


Re: Exploits

Post by ChaosXIII on Fri Mar 19, 2010 9:29 pm
([msg=37112]see Re: Exploits[/msg])

I mean how are they implemented. Just a block of code is useless. what do you do with the exploits. I know of metasploit but what else is there?
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: Exploits

Post by UNL2009 on Fri Mar 19, 2010 9:34 pm
([msg=37113]see Re: Exploits[/msg])

You find an exploit, and if you found one, you most likely know why its an exploit. And if you know why its exploit-able, then you'll surely know how to exploit it. Implementing it into code or some type of process to go about it is the hardest thing...
UNL2009
New User
New User
 
Posts: 22
Joined: Sun Sep 07, 2008 2:32 pm
Blog: View Blog (0)


Re: Exploits

Post by TravisAlan on Fri Mar 19, 2010 9:39 pm
([msg=37116]see Re: Exploits[/msg])

You can do a vast majority of all "hacking" with no 3rd party software other than an OS and web browser.
Some things you might want to check out could be Blurp, WebScarab, or Nmap. You could also read through older posts and articles to receive more detailed information from multiple users over a period of time. HTS also hosts several good articles on the basics. If you do notice a vulnerability in the wild without the tools to automate your testing then you should learn a programming language and write a bespoken script to help you out. Writing your own code often provides a very powerful tool because of how customized it is for your purposes. You could just test it through your web browser but if it involves sending many custom requests and monotonous variable manipulation then you will want help.
TravisAlan
New User
New User
 
Posts: 25
Joined: Sat Dec 12, 2009 9:19 pm
Blog: View Blog (0)


Re: Exploits

Post by sanddbox on Fri Mar 19, 2010 10:25 pm
([msg=37119]see Re: Exploits[/msg])

These are just my instincts, but I'm pretty sure the above posters are all just making shit up as they go along.

If you find code on something like milw0rm, then you'd figure out what language it is, compile it (assuming it's a compiled language), and run it.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2344
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Exploits

Post by UNL2009 on Fri Mar 19, 2010 10:37 pm
([msg=37120]see Re: Exploits[/msg])

sanddbox wrote:These are just my instincts, but I'm pretty sure the above posters are all just making shit up as they go along.

lol. Thanks <3.

imo most people that come across flaws in a system won't even know what to do with them. So if you're searching for one, you're going to have a much better clue on what's going on and why it occurs.
UNL2009
New User
New User
 
Posts: 22
Joined: Sun Sep 07, 2008 2:32 pm
Blog: View Blog (0)


Re: Exploits

Post by insomaniacal on Sat Mar 20, 2010 7:48 am
([msg=37123]see Re: Exploits[/msg])

Sannddox hit the nail on the head. You download the source, modify whatever variables you need to in order to fit your purpose, compile or run depending on the language, and cross your fingers.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Exploits

Post by ChaosXIII on Sat Mar 20, 2010 12:31 pm
([msg=37126]see Re: Exploits[/msg])

Ah i see. ty. That's the reason that metasploit is so horrible. You just have the exploit as is and it is not customizable at all. Yeah i would defiantly prefer having full access to the code and be able to tailor it exactly to my situation.
Whats the most common language used in exploits? so i can brush up on said code. Or is it just a wide range? What ever, it gives me a chance to expand my coding knowledge.
Last edited by ChaosXIII on Sat Mar 20, 2010 12:42 pm, edited 1 time in total.
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: Exploits

Post by sanddbox on Sat Mar 20, 2010 12:36 pm
([msg=37127]see Re: Exploits[/msg])

ChaosXIII wrote:Ah i see. ty. That's the reason that metasploit is so horrible. You just have the exploit as is and it is not customizable at all. Yeah i would defiantly prefer having full access to the code and be able to tailor it exactly to my situation.
Whats the most common language used in exploits, so i can brush up on said code. Or is it just a wide range. What ever, it gives me a chance to expand my coding knowledge.


It really depends on the type of exploit. If it's shellcode, it'll be assembly, but if it's a remote exploit it can vary.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2344
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests