Hi all .. I see a great thing in people discovering holes and so on in all sorts of applications .. but how can i check whether the software the victim is running is something that can be exploited. I know my knowledge on this area isn't good but is there more methods than just port scanning and connecting to the open ports ? Thanks in advance Steffen Beck Sign up for your "FREE E-MAIL" @ MADMAIL http://www.madmail.com
On 26 Oct 2000 12:48:30 -0000, you wrote:
I see a great thing in people discovering holes and so on in all sorts of applications .. but how can i check whether the software the victim is running is something that can be exploited. I know my knowledge on this area isn't good but is there more methods than just port scanning and
1st.- Check out the software version the victim is running. This can be achieve by telnetting to the service and read the banner (see my previous post about banners) 2st.- Download source code of the software (ej: qpopper) and audit the code! This is a heavy task and you must learn some C language :-) This is the most common way of looking for bugs 3st.- Write a program for exploiting the previously found (at step 2). There are some automated tools to check the code for common bugs (string copy without the proper bound checking, etc). Also you can launch some other tools directly against the victim daemon, which will enter some garbage as input, too large strings, and so on. Port scanning is frequently used to look for known vulnerable versions of any daemon. These are only a few tips... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (2)
-
RoMaN SoFt / LLFB!!
-
Steffen Beck