Forum Thread: I Found a Zero Day

->Hello, I came here on advice on what to do after finding a zero day for a program for windows.
->It gets the exploiter admin rights and is remote.

->I haven't written an exploit yet, due to not having any information on how the exploited software works, my knowledge of this vulnerability is bare minimum, I only know that I managed to overflow the memory somewhere.

->Would it be possible for me to sell this information about the vulnerability or should I first actually develop an exploit and then sell it.

->I am not entirely sure what kind of vulnerability it is but I think it is a buffer overflow(no idea if it is heap or stack). How can I find out details of the memory and develop an exploit for it. I know how to write exploits but the software is closed source and I got nothing to look at.

12 Responses

How do you know it gives you admin rights, when you later imply you haven't yet written the exploit? Or is this something you are willing to make, because that would be a bit too much to answer right here. OTW has a lot of very good articles on writing exploits so I suggest you follow those first, before you start offering your exploits that you have / haven't made (?) on the market.

I know it gives admin rights because to has to run with admin rights. It wont work without having admin rights

You didn't find a zero day you 've just found a vulnerability

You 've just found a vulnerability without telling us how you did this(methods etc)

How do you think that is buffer overflow and you are not sure?You didn't test It? I mean It is a buffer overflow vulnerability or It isn't.

A vulnerability doesn't always drives to exploitation

If you send to someone an email and tell him that you know about a vulnerability without proof of concept and without knowing what exactly is the vulnerability he will not take you seriously.

Mind alluding to what the program is?

I agree. You did NOT find a zero day. All you found is a vulnerability.

"I haven't written an exploit yet, due to not having any information on how the exploited software works, my knowledge of this vulnerability is bare minimum, I only know that I managed to overflow the memory somewhere."

If you know nothing about the exploited software, how do you know if it has admin rights or is remote?

You did NOT find a 0day, you just found an overflow, which in most cases means nothing (unless you develop more on it).

-Phoenix750

Thanks so I know I overflowed the buffer. I know it has admin rights because in order to work must run with admin privelages. I understand that this is just a vulneribility but should I be able to develop an exploit for it? Is there a possibility that investing time into this would not be beneficial(meaning that this vulnerability may not be exploitable)

I sended you a message with my skype so we can figure it out and maybe develop an exploit

Since you said it has to run with admin privileges, I doubt it to be beneficial. First, of course, if I were you, I'd search the vulnerability and an exploit database, and if it isn't there, then I'd think on developing an exploit. Just a time-saver.

But, a good way to know it would be to scan the exploit with some AVs. For that though, you'd want to make the exploit. But it's a good way to decide if it'd be beneficial. Things get a bit confusing here, so I'd say,

If you are fairly sure it will work well, then go ahead.

-The Joker

what do you meen by scanning the exploit when he hasn't made the exploit yet

Share Your Thoughts

  • Hot
  • Active