Fuzzing is an important part of looking for vulnerabilities. Spike still seems to be the popular fuzzer. Many people think writing your own exploit code is extremely difficult and you must be a programming wiz. Thats no longer true since the advent of fuzzers. You do need to understand windows memory and cpu registries and some assembly instructions. You dont really need to write a lot of code because there exists well written shell code that you can just copy and paste and edit as needed !
You find an app that you want to test and then run it. Run a debugger and then your fuzzer. If the program crashes, your in luck. At that point you begin to review your debugger and look for cpu registries after the crash. Find the area where you can insert your shell and create your exploit. You're trying to push the buffer to except your code. Well, there is a bit more to it than that but most of it is really just understanding things like binary trees and there are auto scripts available to help with this. Your basically looking for the address to insert your shell code. If you understand where to point your shell code, you can just about copy and paste everything and then edit it to point where it needs to go.
This is all depends on the program having vulnerable code and the its getting harder to find really easily exploitable programs. If you are starting to learn you should find an old version of a program and play with it, one that was known for having a lot of holes. Once you do find that you have found an exploit that works and is stable, its like finding gold. Its an awesome feeling. Of course you have to remember that many others are out there testing the same software with the same fuzzer if you are using Spike so dont think you are the only one with that exploit, lol. It eventually gets out because people are always trading their exploits to get others or they have to brag ,etc and the vulnerable code is corrected sooner or later, which is good.
Last edited by Kev on Sun Jul 15, 2007 1:23 pm, edited 1 time in total.