Donate to us!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Monday, September 24, 2018
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 153
Guests Online: 148
Members Online: 5

Registered Members: 106700
Newest Member: Edickoff
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

Zero day exploits

The Spanish Gladiator
Member

Your avatar

Posts: 7
Location:
Joined: 30.09.11
Rank:
Uber Elite
Posted on 25-06-15 10:31
Good Day All,

I am curious. What advice can any of you give with regards to finding a zero day exploit in a program? I have some ideas but I would like to hear suggestions to see how they match mine (i.e. if i am on the right track) and how can I improve. I eagerly await responses.

Regards
Author

RE: Zero day exploits

Huitzilopochtli
Member



Posts: 1593
Location:
Joined: 19.02.13
Rank:
God
Posted on 25-06-15 10:44
By "program" are you referring solely to standalone .exe's ?


.
Author

RE: Zero day exploits

The Spanish Gladiator
Member

Your avatar

Posts: 7
Location:
Joined: 30.09.11
Rank:
Uber Elite
Posted on 25-06-15 10:54
any kind of programs software in general
Author

RE: Zero day exploits

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 25-06-15 11:16
Dropped you a PM Thumbs Up


U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Zero day exploits

Huitzilopochtli
Member



Posts: 1593
Location:
Joined: 19.02.13
Rank:
God
Posted on 26-06-15 04:11
You might want to have a look at something like this as well.

http://www.zerodayinitiative.com/about/
Author

RE: Zero day exploits

Rocket_Face
Member

Your avatar

Posts: 11
Location:
Joined: 02.05.17
Rank:
Moderate
Posted on 04-05-18 03:56
I know what a zero day is, but has anyone here on HBH ever found one for real, or have most of them been discovered by now, so they're rarer and harder to find ?

Edited by Rocket_Face on 04-05-18 03:57
Author

RE: Zero day exploits

Futility
Member

Your avatar

Posts: 750
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 06-05-18 16:29
Rocket_Face wrote:
I know what a zero day is, but has anyone here on HBH ever found one for real, or have most of them been discovered by now, so they're rarer and harder to find ?

Yes and no and yes. There's tons of software that exists and while most of the big stuff tends to have a pretty high bar for exploitation, a looooooot of the smaller stuff is still silly easy to beat up on. If you want to play on easy mode, I suggest getting your hands on some routers or other startup IoT devices and party like it's 1990 again
Futility91@hotmail.com Futility91
Author

RE: Zero day exploits

gobzi
Member



Posts: 109
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 08-05-18 03:08
I had a lowish a few months ago in an Oracle banking app, where employees could retrieve the hashed password of other employees. Our customer submitted the finding to Oracle, but we haven't retested the app since then so I don't know if it's being patched Sad


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr
goo.gl/8st1AR
Author

RE: Zero day exploits

Huitzilopochtli
Member



Posts: 1593
Location:
Joined: 19.02.13
Rank:
God
Posted on 09-05-18 14:19
There's tons of software that exists and most of the big stuff tends to have a pretty high bar for exploitation

Futility is bang on with that one.

Most of the low level exploits and security holes in high profile software are gone, so there's not much hope of discovering an XSS alert in a google search, as a billion other n00bs have already been there before you, pasting in every XSS payload from the past 20 years, trying to make an alert box pop up that says  "Mr_Cheese was here."

The more advanced vulnerabilities though are still around, as the vast majority of them require you to actually know what you're fucking doing in order to exploit them.

Exploits resulting in remote shells/command execution or remote code execution are complicated, time consuming and hard to pull off https://www.evoni. . .00-dollar/ but the rewards are good, and less people have been there before you, so the odds are way better of finding existing vulnerabilities in these areas.


.
Author

RE: Zero day exploits

Futility
Member

Your avatar

Posts: 750
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 11-05-18 17:55
Futility wrote:
There's tons of software that exists and most of the big stuff tends to have a pretty high bar for exploitation

So I wanted to perhaps be a little bit more clear. When I said *most* and *tends to*, I was speaking very generally. There are still huuuuuge big-name products that are owned, used, and run on a daily basis by people and companies the world-over that are still vulnerable to the silliest of things. See symantec, for instance. In the web realm, this Magento bug always piques my interest (despite being a couple years old). In terms of XSS, not even google is safe.

My point is, just because something is big doesn't mean it's necessarily safe and everything could use another person looking over it and if I implied that, I definitely didn't mean to. Just keep hunting!

- Futility
Futility91@hotmail.com Futility91
Author

RE: Zero day exploits

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 19-05-18 17:06
<kung-fu>
I had a whole bunch in php-fusion a good few years back, there were SQL injection points in loads of .php files where user-supplied data was being sent via POST to stripinput() and validated by a regex. A fucking unanchored regex.

One of the biggest mistakes made when using regex patterns is leaving them unanchored. Anchors determine the span of a patterns match against an input string. The ‘^‘ anchor matches the beginning of  a line. The ‘$‘ anchor matches the end of a line.

Anyone who uses regexes as part of a security or input validation filter should know that if the pattern is left unanchored,  it will search through the entire input string looking for a match.

Thanks to this schoolboy error, sticking our injection anywhere in a string containing valid data will now bypass the regex checks.

The unanchored regex was used in submit, create, reset, search, members, comments, ratings and messages.php, as well as in a couple of files in the forum. All of the injection vulnerabilities were totally blind, so data had to be extracted via time delays using MySql's sleèp() function.
</kung-fu>

Happy Days.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Zero day exploits

Rocket_Face
Member

Your avatar

Posts: 11
Location:
Joined: 02.05.17
Rank:
Moderate
Posted on 20-05-18 00:29
You need to have a LFI vulnerability to read php source code .
Author

RE: Zero day exploits

Huitzilopochtli
Member



Posts: 1593
Location:
Joined: 19.02.13
Rank:
God
Posted on 20-05-18 15:26
Great post Rocket man, you know your LFI's. +1


.
Author

RE: Zero day exploits

Rocket_Face
Member

Your avatar

Posts: 11
Location:
Joined: 02.05.17
Rank:
Moderate
Posted on 23-05-18 00:01
Thanks dude ! I think I've proved once and for all that I'm not just an idiot.
Author

RE: Zero day exploits

gobzi
Member



Posts: 109
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 23-05-18 11:35
Rocket_Face wrote:
Thanks dude ! I think I've proved once and for all that I'm not just an idiot.


kek


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr
goo.gl/8st1AR
Author

RE: Zero day exploits

Rocket_Face
Member

Your avatar

Posts: 11
Location:
Joined: 02.05.17
Rank:
Moderate
Posted on 23-05-18 14:37
Thanks for the retweet bro. I appreciate it. Thumbs Up