.

Bug Hunting

<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Fri Sep 02, 2011 4:08 pm

Bug Hunting

Hey Hey Security Folk!

Its friday again and I am seeking something new to get my teeth stuck into.  How rewarding would it be to find a bug in a system which I can redeem money from.  YES yes there's no instant mind zip gaining the knowledge required to get started, but with that said I am looking of a place to start.

I understand there is this little thing called the internet, but in trust that's not how I do it, I want to know the pros thoughts on where to start and where better to do it, none other than my favourite forum.

Thoughts eth peeps?
You Cant Resolve Problems Whilst At WAR!
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sat Sep 03, 2011 11:03 am

Re: Bug Hunting

Big companies have bounty programs, like facebook and google.  You could always sell your bugs to tippingpoint too.

However, you usually bug hunt because its enjoyable not because you'll get rich from it. When you add up the amount of time it takes to find a bug, determine if its exploitable, crafting a reliable exploit......the time adds up big time.
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Sat Sep 03, 2011 11:21 am

Re: Bug Hunting

Hi cd1zz thanks for you input.  They do indeed, am familiar with a lot of the common programs.

Just wondered if there were any bug hunters on here that could push me into the right starting direction.

My comment was that it would be nice to find an 0 day and get paid for it.  I would be doing it for the passion of security, but incentives are as always embraced with open arms.

I really dont see the point of doing something just for the sake of doing it and although I do love money, if this is where my true motivations sat I would probably be gearing my roadmap more towards sales or stock markets.  I just generally fancy trying something new and If i find a new bug, well then it would definitely look good on my CV.
You Cant Resolve Problems Whilst At WAR!
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sat Sep 03, 2011 11:37 am

Re: Bug Hunting

There's also "hatforce.com", and possibly "uTest.com" as well, I'm not sure about uTest, as I haven't tried that fully yet. (I'm only interested in security jobs.) Hatforce.com is fairly new, but so far quite nice. Take a look from time to time, to see if there's any new projects  :)

It sounds more like you should do research instead, write an awesome paper and presentation, then go to some conferences to talk about it and don't get sued too  ;D (Depending on where you live of course.)

If you just want money for 0days, find some very good ones and sell them to e.g., ZDI, and so forth. This requires of course, pretty good skills I'd say as they don't accept all 0days, there's a list of products. (Other sites may accept them though.)

Good luck!
I'm an InterN0T'er
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Mon Sep 05, 2011 7:10 am

Re: Bug Hunting

Hi MaXe.  Thanks very powerful thought! However there's a very long journey ahead, until something like that could even be considered to be brought into play.  I definitely do like the sound of it however.

Good comments.  Good pointers.  Thanks for your time.
You Cant Resolve Problems Whilst At WAR!
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Sep 05, 2011 5:33 pm

Re: Bug Hunting

No problem, it's why I'm around  ;D I should note however, that 99,9% of the work I do is voluntary (free), so don't expect good tips on how to make a lot of money from me, unless you have mad exploit research and development skills, then I know where you should go to  :)

However, ZDI is worth it if you're that good:
http://www.zerodayinitiative.com/about/benefits/

At least, that's my opinion and no I don't have any affiliation with them, but it's one site I would probably sell exploits to if I had any of those they want  ;)
I'm an InterN0T'er
<<

the_Grinch

User avatar

Newbie
Newbie

Posts: 45

Joined: Tue Jan 13, 2009 4:24 pm

Post Mon Sep 05, 2011 9:27 pm

Re: Bug Hunting

Question into the exploit creation, how to you go about doing further testing?  Say I find what I believe is a bug and write the exploit for it.  I can test it on a virtual machine locally, but is that enough of a test?  Obviously, wherever you submit it will test it throughly, but is it possible to test it throughly yourself as well?  In an ethical manner, as it were...
BS-CST Security+

Blog:  http://havewire.blogspot.com/
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Sep 05, 2011 10:41 pm

Re: Bug Hunting

A couple pieces of advice for you:

If its a network exploit, meaning you send some malformed packet across the wire to a victim, make sure you test it by putting your victim and attacker machine on different subnets/IPs. On one of my exploits, the GoldenFTP 4.70 PASS exploit, I saw inconsistent behavior when changing the IPs. Someone else ended up figuring this piece out and making the exploit a bit more reliable. I have only seen this on two exploits I've done, so it's not that common I don't think.

Obviously, wherever you submit it will test it throughly, but is it possible to test it throughly yourself as well?


This is not true. Packetstorm for example will take anything, and not test it at all prior to posting. I have a few exploits on packetstorm that exploit-db did not take for one reason or another. Exploit-db will do some very basic testing, just to make sure your sploit works as advertised.

For further testing, you could design your exploit to work on different OS versions and service packs. Make sure you also reboot everything and run your exploit again etc..... just keep thinking of ways that would break your nice shiny exploit :)
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Sep 06, 2011 12:26 pm

Re: Bug Hunting

cd1zz wrote:Exploit-db will do some very basic testing, just to make sure your sploit works as advertised.


What you say?  ;D (Aybabtu)

I know it isn't directly related to exploit development, in the terms you are referring to, but whenever there is a vBulletin exploit submitted I often do test it very thoroughly and confirm whether it works or not. (Including requisites for it to work.)  :)
I'm an InterN0T'er
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Sep 06, 2011 4:35 pm

Re: Bug Hunting

LOL - what I meant to say is that you guys wont be doing the dirty testing that the author should be doing. I'm certainly not diminishing all the verification that the exploit-db crew does. That is awesome that someone does go through and validate - other sites have a bunch of junk up there :)
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Sep 06, 2011 5:08 pm

Re: Bug Hunting

cd1zz wrote:LOL - what I meant to say is that you guys wont be doing the dirty testing that the author should be doing. I'm certainly not diminishing all the verification that the exploit-db crew does. That is awesome that someone does go through and validate - other sites have a bunch of junk up there :)


Ah  :) I can relate to that, especially with all the sweat and tears from crafting a Proof of Concept for a binary program  ;) Or a really in-depth Web Application exploit that requires multiple vectors to work, but in return could give an attacker shell access  ;D

But yes, you're right that it's rarely they'd do that, unless they want to craft a more reliable exploit, recreate it for fun, or develop an exploit from a DoS PoC  ;)
I'm an InterN0T'er

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software