How Exploits are created?

Asked

Viewed 414 times

0

I was researching server security, and I ran into the subject of exploits, I already understood the logic of a DDOS attack and an exploit buffer overflow, but I’m curious about one thing:

How do hackers create an exploit? Type which methods can be used to parse a server on the outside, and which tests are done until confirmation that it works?

What information do they use to program for example using socket or whatever?

1 answer

0


Want to become a Hacker ? lol

To create an exploit you need to find some vulnerability, the breach will be used to create methods that take advantage of the found fault!

In linux usually everything is Opensource, so the flaws are found when analyzing the codes, of course to find Bugs you have to understand how certain method or piece of code works (if you understand the logic, there is chance you imagine how to sabotage lol lol)Imagine if I were to analyze the codes of apache and that somewhere within the code find a variable setting a fixed buffer size for sending within a socket, so what would happen if I could send more data that the socket can read ? would it cause a BufferOverflow ? If it causes the stack to burst in memory I can write a shell code that points to the return address in memory and execute malicious code ? this is how it works, you simply have to find and apply possible situations that are not being handled in the code, so if this is an exploitable bug you will be able to replicate the exploit to be used in all versions of apache where you found the bug, of course if the bug is reported the next version will come with a "patch" closing the huahuahua fault!

More ai you ask me and windows do not have the codes to look, hahaha has a lot of windows kernel code that leaked in the 2000s, many vulnerabilities have been discovered analyzing these pieces of code, of course some bugs can be discovered in brute force, just trying to imagine how something works, moreover when someone wants to go deep even end up performing reverse engineering to understand how logic works, understanding logic you can imagine ways to cause failures and sabotage ...

Remember that the operating systems went through many security problems in the beginning, nowadays they are very mature, I loved the windows95, he looked like a hahaha swiss cheese

  • So the method you are talking about to find flaws and on the basis of trial and error?

  • read the codes if they are opensource, if they are not opensource you can apply reverse engineering, finally know more or less how something works and try on the basis of trial and error ...

  • How do I reverse engineer?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.