I think i started back in 2006-06-02 looking for exploit's,I didn't realy understand much back then.So had a little play with html tag's:D.And came across the (marquee) Denial of Service Exploit for fire fox.
After that i started to look into exploiting http server's with overly long http request's nothing new and found a few dos exploit's.Then i think i started to look into client application's.Then came across the xfire client dos exploit.This is where i thought i was getting some where.
Then i started testing local file for buffer over flow's after reading about marsu advisory's,And come across the opera torrent file dos exploit.But didn't look into it as much as i should have and idefence took the hint and started looking into the bit torrent protocol of opera ,And took credit for a buffer over flow in the opera client when parsing malformed torrent header's ,Strange coz i had only released the dos a few weeks earlyer.So from that point i releaseid if i was going to test software test it to the full.Then i came across a buffer over flow in MagicISO,I was not in full control of the eip register i tried every one who i heard about just sending them random email's asking for help.And vade79/v9 v9@fakehalo decided he would try and help me,He wrote the first advisory with poc code describing haw he got the cue file to execute shell code.
I then relized hey ill test UltraISO then came across a standard buffer over flow,And was able to execute shell code wrote my first real exploit.
why the application crashed and what can we do with the bug.
I've thought many time's im going to give up and just before im about to give up i came across vulnerability's if you put 100% into exploit development and don't give up you will succeed it's not if it's when.
But i was in the security related subject's for over 7 year's now started as a skiddy lol,Every one got to start some where and got bored easy with skiddying about and wanted to learn more and decided the right way to go was exploit development.
I think if you want to be a hacker it's not about downloading other people's exploits and just compile and run.Its about finding your own 0day and using it.
I've wrote a little list that alway's help's me..
1).Chose software look for information read the read me lol.
2).Put it through ida pro or some other disassembler.
3).Look at the part's of the program which take user input any file or protocol.If it data readable data and you understand what it is doing you might be able to extend the buffer.
4).Always's have a debugger attached to the process when testing.
5).If you do come across a buffer over flow be prepared to write a poc code to help reinact the bug or exception.
6).Write fully working exploit and release.!
Be prepared to get into trouble,Like last month i managed to get access to a hosting company's admin login through using a google dork id been thinking about for a while.So be prepared on haw far you want to go with hacking it can get you into some serious trouble if you go to far.When i got access to the web hosting panel i had access to 41 thousand + host's,I had to do the right thing and notify the web hosting company so i did i've added the talk i had with the guy from the hosting company.
{Transcript.}
Pete: hi
security advisor: hi
security advisor: could i talk to the guy in charge please
security advisor: Of the whole company
Pete: Well, please let me know your issue
security advisor: I've got some very important information\
Pete: let me know
security advisor: nvrmm im not sure what is ur position im in a funny position i've come across some very important stuff to do with your company
Pete: Please let us the know that stuff so we can assist you further
security advisor: Yes but im affraid of haw can i put this any action being taken against me if you understand .>
security advisor: I dont think it's a case of haw u can assist me it's haw i can help you m8
security advisor: Ok there has been a breach in your security for a start im only here to let you know i have no intention in causing any harm or any thing
Pete: Please let me know the exact issue
security advisor: well i was able to acsess all your domain's all 41741
security advisor: Im trying to do the right thing i hope you understand
security advisor: hello are you still there
Pete: yes
Pete: Please go ahead
security advisor: Would any action or any form of any thing what would get me in trouble happen ive not done any thing to any thing in company.
security advisor: You have to understand i dont want any trouble from this i just wanted to inform you but i was advised it could get me in trouble
Pete: ok
security advisor: Ok you need to change the admin pannel password for the hosting here is the password i was able to get from google on some one else site
security advisor:
https://resellers.ipowerweb.com/panel/index username: +++++ password : ++++
security advisor: That's what was in the file
security advisor: i can try and find the site it was hosted on so you guys can get it removed
security advisor: Do you understand what im saying now m8
Pete: thsank you
Pete: thank you for the update
Pete: We will change the password
security advisor: that is ok i just didnt want it falling into the wrog hand's you recognise the password and user name
security advisor: that would have been a masive breach to your customer's and sensitive information nothing has been changed
Pete: We appreciate your concerns for us
security advisor: Loool goood im pleased i was able to help m8 it feel's good to help some one out you guys have been very lucky
Pete: I am updating this issue to My Admins now, We are all thankful to you and appreciate your concerns for us
security advisor: np take care m8 i have no idea haw they were on some one web site but they were so just change the password and username all should be good ..
Pete: I would appreciate if you let me know a google link
security advisor: I will have to find it give me 2 min's the file was called
security advisor: *****.doc
Pete: ok, thanks
security advisor: there was some more info in the file but im not sure if it's connected with your web site
Pete: please provide us..let me check if this some ex emploee
You are not currently in a chat session.
You are not currently in a chat session.
I had pulled 2 dbx file's of the hosting company's site.Which contained customer's scanned personal detail's credit card detail's driving license and loads of other detail's which they had took for id.And sent them through email.They all got destroyed after.