Exploit Research

Exploit Research
In the past it was relatively difficult for someone to find exploits as
most sources for this kind of information were underground, where
existence was passed on by word-of-mouth and severely limited in
scope. As time went on, the relevant BBS’s were then replaced by
Internet communication systems such as News groups, the web and
Internet Relay Chat which were publicly accessible and do not require
too much technical knowledge to access.
Web servers and FTP sites
The web is an excellent resource for people searching for exploit code
and sites such as www.hack.co.za, packetstorm.securify.com and
www.rootshell.com have been created specifically to facilitate their
needs.
Let us say, for example, we have just activated our BugTraq pager
(available at www.securityfocus.com) and it has identified a new hole
in RedHat Linux that can be used to compromise root by a local user.
Within a matter of hours the code to exploit the feature will more than
likely be available at a site like www.hack.co.za, one can simply open a
web browser to the site and check the new releases section. The code
can then be downloaded, compiled and then executed on the system.
Not only do sites show new exploit releases, but many archive old
exploit code too, such as the FTP server at ftp.technotronic.com. Here,
all of the programs are categorised into sections by operating system
and distribution. If, for example, we wish to find exploit code for the
old RPC statd problem in SunOS. We simply open up an FTP session to
ftp://ftp.technotronic.com, CD to the UNIX directory, CD to the SunOS
directory and the exploit is readily available for download.