I am not yet to be considered as professional, so don't overweight my way to find things ;) But I mostly use some kind of this procedure: - I take a piece of software - If there is a source code availabe (open source), i usually have a look at it to find logical (like missing examinations of user input etc.) or other programming mistakes (like buffer assignments which could lead to buffer overflows) - if there is no source code availabe, i have a look at the output of the programs and scripts and their behavior. Then i try to find out in mind how it could work (for example: Do some scripts just use simple shell commands ?). Also (like in PHP Scripts) i have a look if it includes other files. Also, just try to insert XSS. - if i don't know anything about it, i just have a try with using "bruteforce" (mostly for buffer overflows). Mostly i do this manually by just sending via pipes or Clipboard a lot of "A"s.To check the clients i open a netcat shell on a specific port or use my (or tSR's ;) own simple software which just sends a lot of "A"s after the client connected or did certain things. - Always have a look what happens then ;) - In the end i / we try to find a way to exploit this ;) We will also write some more scripts and software to automate the process of finding vulnerabilites. Hopefully i could give you some good points. But i am looking forward to hear some more from other people on these lists.... ;) Greetings from Munich, ------------------------------------------------------- BlueScreen / Florian Hobelsberger (UIN: 101782087) Member of: www.IT-Checkpoint.net www.Hackeinsteiger.de www.DvLdW.de ================================================================== To encrypt classified messages, please download and use this PGP-Key: http://www.florian-hobelsberger.de/BlueScreen-PGP-PubKey.txt ==================================================================
This archive was generated by hypermail 2b30 : Fri Apr 05 2002 - 14:35:07 PST