I recently came across a exploit writing tutorial that explained it using a FTP server. I understood it pretty well and feel confident that I could write an exploit for almost any FTP server. I seem to have trouble grasping the concept of fuzzing outside of FTP though.
Am I correct to assume that anything that listens and accepts input has the possibility to be exploited?
P2P programs, Do they accept input? Can they be exploited? I saw one on milw0rm for limewire but it looked more like a malformed http request and forced like a self DoS. Nothing that could return a shell.
Exploiting windows services like NetBIOS, This is what I've personally been struggling with lately. I'm trying to pwn my own box (XP Pro SP2 full updates) and I have shutdown almost every service I could, it has 3 listening ports for TCP 137, 139, and 445. Everytime I try to put the NetBIOS service into ollydbg I get a system error and about 45 seconds before automatic shutdown. I cant use the ipc exploit because it is patched. I believe this was done in sp2. But it would make sense to me that you could overflow the user ID and Password fields if it didn't shutdown windows. Couldn't you run the necessary code to get your reverse shell then use a seperate pointer to redirect NetBIOS back so that it doesn't shutdown?
Is there a fuzzer in BT that knows many different protocols?
What about those UDP ports that seem to be open? I can't seem to find anything that exploits UDP ports. I have found a couple things for TFTP but that would be it. Does nobody even consider using these ports? I know UDP is unreliable so couldn't UDP be used to spawn a listening TCP port?
I'm finding it really hard to get answers to these sort of questions. I'm guessing because of the possibility of damage that could be cause in the wrong hands. If this is too dangerous of information to be spread on a public forum I can get on any type of messenger, IRC, or e-mail if your willing to help me out with this.