When some customer reported concern on the openssh version we were using, to assure them we have backported all the security fixes, we had to test with the exploit. First we had to ensure the exploit really works by running it against an unpatched opensshd, and then run it again against a secured one to verify that the patch really works and it is not vulnerable any more. Catch? The first part can be less trivial than we think. The exploit has been written by a brilliant and responsible guy (ought to be, he appears to be working for google).
He introduced a little bug that'll prevent it to work.
So that when the exploit is available in the wild, the script kiddies won't be able to play it. It took me a while to locate the bug and fix it.
Also I realized again how hard it is to read code than writing. And seriously, responsible PoC exploits should have subtle, undocumented, beautiful bug in them to frustrate the script-running juveniles; and at the same time the bug will help serious researchers to understand the code (and fix genuine bugs later).
Yes, I walked the path before, never did post a runnable exploit.
He introduced a little bug that'll prevent it to work.
So that when the exploit is available in the wild, the script kiddies won't be able to play it. It took me a while to locate the bug and fix it.
Also I realized again how hard it is to read code than writing. And seriously, responsible PoC exploits should have subtle, undocumented, beautiful bug in them to frustrate the script-running juveniles; and at the same time the bug will help serious researchers to understand the code (and fix genuine bugs later).
Yes, I walked the path before, never did post a runnable exploit.