it's hard for me... orz
 july keenfield (kizi) <priv kizi gmailcom> |
Saturday, March 29 2008 10:00.16 CDT |
I'm trying to find vulnerablities by using IDA pro or ImmDbg and so on...
but, 6 months has passed... and nothing found. orz.
at first. I list functions which is like fopen, and trace the use of FD returned.
and investigate functions which is like memmove, memcpy, and memory copy operations.
but, all softwares which i debugged use these securely.
this method is not efficient?
Thre result i found is that,
the world is quite secure than i thought.
Comments
 rakish |
Posted: Sunday, March 30 2008 04:56.09 CDT |
|
maybe you need more experience like me, i have started learning RCE almost 3 months ago, 1 week after start learn assembly language for 80x86 architectures... if i'm right we need more time in RCE before jump into that world ... but, anyway, what kind of applications are you analyzing? |
|
 kizi |
Posted: Sunday, March 30 2008 10:06.26 CDT |
|
thanks for your reply. hmm.... ok. i will keep on learning and training RCE. thanks. but, you looks like a skilled reverser. have you really started learning since 3months ago? great! >what kind of applications are you analyzing? i have tried reversing 2 decompress/extract softwares and 5 ActiveX which is called and used from IE like object tag. |
|
 GynvaelColdwind |
Posted: Sunday, March 30 2008 11:07.20 CDT |
| kizi: have You tried fuzzing ?:> | |
 MohammadHosein |
Posted: Sunday, March 30 2008 15:43.15 CDT |
| yes , its better to start with already reported vulns , even better if they have already been exploited . its something usual with activexs these days , also take a look at Axman . as a suggestion , Acrobat Reader is a perfect target ;) | |
|
kizi |
Posted: Monday, March 31 2008 09:51.59 CDT |
|
thaks for replys. GynvaelColdwind, MohammadHosein. i've tried Axman to fuzz ActiveXs. but, nothing found. I often use fuzzer that i wrote or other free fuzzers. and I've found some bugs. but, they are not exploitable. >its better to start with already reported vulns hmm. ok. I will start with already reported vulnerabilities. and take time more to fuzz. |
|
 RabidCicada |
Posted: Monday, March 31 2008 11:16.40 CDT |
|
Kizi. I have to say I'm relatively new also, but logic seems to dictate that you need more than just to manually sift through code. There is simply too much stuff out there. You need to focus on automating code exploitation finding(what I believe you are trying to do). You need to effectively build a tool ecosystem around which you can perform efficient work in your field. You need to have tools that find commonly mis-used code(function calls that are typically mishandled etc). Then you could use many other tools to trace data paths and code coverage. It is not a simple thing to get into. I have not developed such an ecosystem yet. It takes time and insight delivered by experience to become efficient. As MohammadHosein said, it is beasier to re-find already discovered exploits (This will help hone your intuition for finding mishandled code). RE-ing is not for the light of heart, nor for the casual passerby. You have to be curious, commited, and willing to write your own tools (whether building on others or from the ground up). I haven't written my own tools yet. For now I'm content to learn the tools I already have access to and play with code for a game I play (as opposed to look specifically for an internet wide exploit). |
|
| cli3nt | Posted: Wednesday, April 2 2008 08:14.51 CDT |
|
Maybe before you go in the wild you should practice at some hackmes/crackmes. In example pull the plug project or crackmes.de ;) PS. And of course you should be more sticky. What I mean? you should stick to one app/vendor and dig until you find something. Remember: there is something. ALWAYS. |
|
|
kizi |
Posted: Wednesday, April 2 2008 08:37.19 CDT |
|
thanks for replys RabidCicada, cli3nt . thanks! you made me motivaed. I'll keep on keeping on. thousand thanks!!!11123 |
|
| ishikawa | Posted: Wednesday, April 2 2008 09:08.43 CDT |
|
Also maybe you want to see how others discover theirs bugs. Here you can do it (if you didn't done it already :P): http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered http://blog.wslabi.com/2007/09/hitb-2007-ctf-daemon-03-writeup.html |
|
|
kizi |
Posted: Thursday, April 3 2008 06:14.30 CDT |
|
thanks for reply to ishikawa san. I've never read it. thanks! |
|