iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Researching Software to Find Some 0 days
  • Xin
    Posts: 3,251
    So im on a hunt for a 0day in applications software as all ive ever doen before is rewritten exploits, or find 0days in web apps which isnt as fun.

    So post here windows applications that dont currently have any exploits for but should also be fairly easy such as freeware and shareware apps such as mp3 converters, simple file sharing apps etc.
    Xin
  • chroniccommand
    Posts: 1,389
    Lol why don't you look through sources yourself? I was looking through XCHAT source(http://xchat.svn.sourceforge.net/viewvc/xchat/)
    And by looking at just some of the codes, some may be exploitable. For example:
    strcpy (prefs.nick1, username);
    Line 691 of http://xchat.svn.sourceforge.net/viewvc ... iew=markup

    Of course that doesn't mean its exploitable. strcpy doesn't preform bounds checking though, so its not as safe as strncpy. Just look through source and see if you can exploit anything.
  • Xin
    Posts: 3,251
    said:


    Lol why don't you look through sources yourself? I was looking through XCHAT source(http://xchat.svn.sourceforge.net/viewvc/xchat/)
    And by looking at just some of the codes, some may be exploitable. For example:
    strcpy (prefs.nick1, username);
    Line 691 of http://xchat.svn.sourceforge.net/viewvc ... iew=markup

    Of course that doesn't mean its exploitable. strcpy doesn't preform bounds checking though, so its not as safe as strncpy. Just look through source and see if you can exploit anything.


    As i thought we could work on it as a group, i wasnt looking through any sources anyway
    Xin
  • D4rk357
    Posts: 34
    It also depends on your knowledge .. I believe in starting to pawn small applications at first understanding the concepts and working with the exploit building process teaches you a lot more than any tutorial can and then more your way up as good applications are protected with SEH(pawnable i know ) , SAFESEH , ASLR , stack cookies etc .. we hae to build our way up .. i am going through SEH nowadays :) Once i am finished i will write a whitepaper on it
  • Xin
    Posts: 3,251
    said:


    It also depends on your knowledge .. I believe in starting to pawn small applications at first understanding the concepts and working with the exploit building process teaches you a lot more than any tutorial can and then more your way up as good applications are protected with SEH(pawnable i know ) , SAFESEH , ASLR , stack cookies etc .. we hae to build our way up .. i am going through SEH nowadays :) Once i am finished i will write a whitepaper on it



    Yeah im working through the types in the Art of Exploitation,
    Xin
  • chroniccommand
    Posts: 1,389
    And don't just focus on BoF's. Theres format string overflows, off by ones etc. I'll be writing a somewhat simple guide to format strings in a bit.
  • D4rk357
    Posts: 34
    said:


    And don't just focus on BoF's. Theres format string overflows, off by ones etc. I'll be writing a somewhat simple guide to format strings in a bit.



    They all come in the way ..and Off by one is history now according to me as automated code checker tools eliminates its probability ..but again there is no patch to human stupidity :D...and yes i am learning format strings as well :)
  • _st4ck3D*
    Posts: 83
    said:


    Theres format string overflows, off by ones etc. I'll be writing a somewhat simple guide to format strings in a bit.



    I will wait for your guide :)
Add a Comment