TABLE OF CONTENTS Writing exploits and finding exploitable security vulnerabilities in software first involves understanding the different types of security vulnerabilities that can occur. Software vulnerabilities that lead to exploitable scenarios can be divided into several areas. This chapter focuses on exploits, including format string attacks and race conditions, while the next chapter details more common and vast vulnerabilities such as overflows.
The process of writing exploits is valuable to both researchers and end-user organizations. By having an exploit for a vulnerability, you can quickly demonstrate to upper management the impact of that vulnerability.
Writing exploits first involves identifying and understanding exploitable security vulnerabilities. This means an attacker must either find a new vulnerability or research a public vulnerability. Methods of finding new vulnerabilities include looking for problems in source code, sending unexpected data as input to an application, and studying the application for logic errors. When searching for new vulnerabilities, all areas of attack should be examined, including:
Is source code available?
How many people may have already looked at this source code or program, and who are they?
Is automated vulnerability assessment fuzzing worth the time?
How long will it take to set up a test environment?
If setting up an accurate test environment will take three weeks, your time is likely better spent elsewhere. However, other researchers have probably thought the same thing and therefore it might be the case that no one has adequately looked for exploitable bugs in the software package.
Writing exploits for public...
