Forum Thread: How Are Vulnerabilities Found and Fixed?

Hi everyone, I'm new here,

I've read many of master OTW's posts relating to cyber security and hacking. And have only recently (as in today) decided to get an account at WonderHowTo's website to ask questions and learn here.

To my main question,

I've seen in many of OTW's tutorial posts about finding exploits/vulnerabilities from searching metasploit. But I've always wanted to know how the exploits/vulnerabilities were found in the first place, and how are they fixed when found.

Can someone answer my question?
thank you

7 Responses

To give you a simple answer.

A lot of vulnerabilities are found through reading code and finding flaws within it. It's patched by correcting the code.

This is why programming skills are a necessity with what we do.

ghost_

Can you give me an example?
(preferably one that has already been patched)
So I will know what type of things to look for and what I should do to fix them?

The IRC smiley backdoor on Unreal IRC (I think it was unreal) It was code actually added and not noticed that was a huge vulnerability.

A great example of bad coding is the heartbleed bug which was using code that wasn't secure. I don't know if there is a null-byte article of it.

hi i use this for all want to know how we find exploits and bugs in program first imagine a program like a body and imagine hacker as doctor so when a doctor see a body he can say he is sick or not and if he is sick how to fix body its exactly what happen when hacker / programmer see a sick code ( means some thing is wrong) for example lets say in codes mr x dies but after 4 lines it again use mr x ( it was stupid example but hey you get point :D)

thats all i can say in comment if want to know i made vedio about it in my channel : https://www.youtube.com/watch?v=XQlBGI5NQPc

You usually have 2 scenarios: white box testing or black box testing.

White box means you can have the source code at disposal. It may be a free software, something you kind find on github or sourceforge or similar. You read the source and look for particular vulnerable functions used, how user input are handled, how memory is allocated and freed.

Black box means you have a proprietary application (like a windows component or a program like Autocad, Photoshop etc..), and you don't have the source. You will have to play with the program inputs and try to find a function that handles user inputs in a unexpected way.

An example with the latter is called 'fuzzing'. It's an automated technique that sends random inputs into an application trying to trigger a crash (trying different charsets, input length, ... ). Let's say the application expects an input of max1024 bytes and we send more... Program will crash because it allocated less memory that what's supplied from user. Such crash is caught by a debugger (let's call it Ollydgb), that makes you see the program stack (memory) at the moment of crash. If you are able to overwrite some register, let's say EIP, you can hijack the flow of the program and point it to an area filled with attacker supplied instructions (a shellcode), resulting in program compromise. This is the case of a buffer overflow (read: "Smashing the stack for fun an profit").

Patches are usually easy to make when you understand where the flawed code is. But the more complicate is the project, the more complicate it gets to patch, especially when they are not simple BoF like the example before.

Really, it's a long way to learn how this stuff works, but there are a lot of keywords in my posts that can hint you to the right direction.

Happy debugging !

Thanks for the info!

Share Your Thoughts

  • Hot
  • Active