Bug Hunting

Viewing 10 reply threads
  • Author
    Posts
    • #6751
      delusion
      Participant

      Hey Hey Security Folk!

      Its friday again and I am seeking something new to get my teeth stuck into.  How rewarding would it be to find a bug in a system which I can redeem money from.  YES yes there’s no instant mind zip gaining the knowledge required to get started, but with that said I am looking of a place to start.

      I understand there is this little thing called the internet, but in trust that’s not how I do it, I want to know the pros thoughts on where to start and where better to do it, none other than my favourite forum.

      Thoughts eth peeps?

    • #41889
      cd1zz
      Participant

      Big companies have bounty programs, like facebook and google.  You could always sell your bugs to tippingpoint too.

      However, you usually bug hunt because its enjoyable not because you’ll get rich from it. When you add up the amount of time it takes to find a bug, determine if its exploitable, crafting a reliable exploit……the time adds up big time.

    • #41890
      delusion
      Participant

      Hi cd1zz thanks for you input.  They do indeed, am familiar with a lot of the common programs.

      Just wondered if there were any bug hunters on here that could push me into the right starting direction.

      My comment was that it would be nice to find an 0 day and get paid for it.  I would be doing it for the passion of security, but incentives are as always embraced with open arms.

      I really dont see the point of doing something just for the sake of doing it and although I do love money, if this is where my true motivations sat I would probably be gearing my roadmap more towards sales or stock markets.  I just generally fancy trying something new and If i find a new bug, well then it would definitely look good on my CV.

    • #41891
      MaXe
      Participant

      There’s also “hatforce.com”, and possibly “uTest.com” as well, I’m not sure about uTest, as I haven’t tried that fully yet. (I’m only interested in security jobs.) Hatforce.com is fairly new, but so far quite nice. Take a look from time to time, to see if there’s any new projects  🙂

      It sounds more like you should do research instead, write an awesome paper and presentation, then go to some conferences to talk about it and don’t get sued too  ;D (Depending on where you live of course.)

      If you just want money for 0days, find some very good ones and sell them to e.g., ZDI, and so forth. This requires of course, pretty good skills I’d say as they don’t accept all 0days, there’s a list of products. (Other sites may accept them though.)

      Good luck!

    • #41892
      delusion
      Participant

      Hi MaXe.  Thanks very powerful thought! However there’s a very long journey ahead, until something like that could even be considered to be brought into play.  I definitely do like the sound of it however.

      Good comments.  Good pointers.  Thanks for your time.

    • #41893
      MaXe
      Participant

      No problem, it’s why I’m around  ;D I should note however, that 99,9% of the work I do is voluntary (free), so don’t expect good tips on how to make a lot of money from me, unless you have mad exploit research and development skills, then I know where you should go to  🙂

      However, ZDI is worth it if you’re that good:
      http://www.zerodayinitiative.com/about/benefits/

      At least, that’s my opinion and no I don’t have any affiliation with them, but it’s one site I would probably sell exploits to if I had any of those they want  😉

    • #41894
      the_Grinch
      Participant

      Question into the exploit creation, how to you go about doing further testing?  Say I find what I believe is a bug and write the exploit for it.  I can test it on a virtual machine locally, but is that enough of a test?  Obviously, wherever you submit it will test it throughly, but is it possible to test it throughly yourself as well?  In an ethical manner, as it were…

    • #41895
      cd1zz
      Participant

      A couple pieces of advice for you:

      If its a network exploit, meaning you send some malformed packet across the wire to a victim, make sure you test it by putting your victim and attacker machine on different subnets/IPs. On one of my exploits, the GoldenFTP 4.70 PASS exploit, I saw inconsistent behavior when changing the IPs. Someone else ended up figuring this piece out and making the exploit a bit more reliable. I have only seen this on two exploits I’ve done, so it’s not that common I don’t think.

      Obviously, wherever you submit it will test it throughly, but is it possible to test it throughly yourself as well?

      This is not true. Packetstorm for example will take anything, and not test it at all prior to posting. I have a few exploits on packetstorm that exploit-db did not take for one reason or another. Exploit-db will do some very basic testing, just to make sure your sploit works as advertised.

      For further testing, you could design your exploit to work on different OS versions and service packs. Make sure you also reboot everything and run your exploit again etc….. just keep thinking of ways that would break your nice shiny exploit 🙂

    • #41896
      MaXe
      Participant

      @cd1zz wrote:

      Exploit-db will do some very basic testing, just to make sure your sploit works as advertised.

      What you say?  ;D (Aybabtu)

      I know it isn’t directly related to exploit development, in the terms you are referring to, but whenever there is a vBulletin exploit submitted I often do test it very thoroughly and confirm whether it works or not. (Including requisites for it to work.)  🙂

    • #41897
      cd1zz
      Participant

      LOL – what I meant to say is that you guys wont be doing the dirty testing that the author should be doing. I’m certainly not diminishing all the verification that the exploit-db crew does. That is awesome that someone does go through and validate – other sites have a bunch of junk up there 🙂

    • #41898
      MaXe
      Participant

      @cd1zz wrote:

      LOL – what I meant to say is that you guys wont be doing the dirty testing that the author should be doing. I’m certainly not diminishing all the verification that the exploit-db crew does. That is awesome that someone does go through and validate – other sites have a bunch of junk up there 🙂

      Ah  🙂 I can relate to that, especially with all the sweat and tears from crafting a Proof of Concept for a binary program  😉 Or a really in-depth Web Application exploit that requires multiple vectors to work, but in return could give an attacker shell access  ;D

      But yes, you’re right that it’s rarely they’d do that, unless they want to craft a more reliable exploit, recreate it for fun, or develop an exploit from a DoS PoC  😉

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?