R3X, resources and what else?

[etirini18]

Hello friends, my name is etirini and I wanted to thank for your downloads, these have really helped me when trying to understand some things... but there is something that I still don't know:
I'm using a program called R3X (It scans an IP range to show the PC's which have shared folders) well...I find them and I can use those folders as if those were mine. But the thing I want to know is that if there is another program to find bugs or things to exploit in those computers....
thanks a lot for your answers...
Etirini18

[bad_brain]

Hey etirini...
A pretty comfy way to scan for vulnerabilities is GFI Languard, the program scans for missing patches too for example. But the success depends on the target computer, a well configured firewall will block all requests, but that´s the same with every scanning program.
You can get it here:
http://www.gfi.com/downloads/downloads. ... NSS&lid=en
key should be no problem....

[etirini18]

well I'v already downloaded the software you posted. Thanks a lot for your help. But I'd be needing one more thing.....do you know where I can find the ways to exploit something (I mean...I find X (any) bug WHAT should I do with this bug HOW do I know how to exploit it...)
Thanks a lot...
etirini18

[bad_brain]

Exploiting a bug depends on two things: Luck and your knowledge of the programming language, no program will/can do this work for you.
I mean, if a program should be able to find an exploit the security leak must already be documented so it can be identified by the program,right?
So you can only use known exploits with programs like Metasploit or exploit a bug by "simply" testing and trying....

Here´s a funny bug for example:

Code: Select all

<img src="picture.jpg" width="9999999" height="9999999">

Causes a bluescreen on IE,Firefox, Mozilla and Netscape under XP SP2.

What I want you to show with this example is that a bug don´t mean automatically that it can be exploited too...