Exploit Writing
Writing exploits is considered difficult and something that requires a great deal of effort. I had this similar notion in mind; which was unfortunately what people kept telling me. Things like you need to know how to code really well, u need to know in-depth assembly blah blah blah…Not very true..Read on…
How difficult is it ?
Well the basic prequisites would be to know a bit of coding, dont get scared just the basic stuff. Pick one of the scripting languages like Perl or Python coz they’r really easy. You need to get some understanding of x86 memory architecture: heap,stack,registers etc. Most exploits are targeted at Windows as most of the bugs that researchers find exist in Windows. So check out windows memory internals also. Having knowledge of assembly language is certainly a plus but you will pick it up IMO when you start writing exploits. Also ensure you have a proper understanding of Buffer Overflows in general. Read Smashing the Stack for Fun and Profit by Aleph One (http://www.phrack.com/issues.html?issue=49&id=14) which appeared in Phrack Magazine Issue 49, although old is still one of the best resources out there.
Why write exploits ?
You’r conducting a pen-test or you’r a security researcher and you need to reliably exploit a particular vulnerability you have found. Publically available exploits may not be properly coded. Most exploits for example use return addresses and these addresses differ from one OS/service pack to another. So you cant just fire away a public exploit and crash your client’s servers. Making your own exploit also means that you can embed your own choice of payload (Msfpayload in Metasploit helps here)
Lab requirements ?
Ideally my choice would be to have a Linux based machine such as Back-Track (attacker) with a text editor and ur language of choice installed. The victim machine (for remote exploits) can be a virtual machine running windows in VMware,VirtualBox etc. You may need to write local exploits on the victim machine so perl/python etc may have be installed there as well. You will also need Debuggers (Olly or Immunity dbg’s are the best) and the vulnerable software installed. Your final exploit is just basically a long string so once you become a pro all you really need is a text editor to make that string.
How to learn ?
There is a lot of stuff now on the Internet. It wasnt the case earlier but many researchers have published tutorials,videos etc on how to write reliable exploits using various techniques. One of the best places you can start is to look at corelanc0d3r’s blog on writing exploits : http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/It’s very detailed and presented really simple. Anybody can pick this up. But the important thing is you get your hands dirty by checking out all the stuff on your own. Another resource on the internet is the exploit writing class videos by Dino Dai Zovi :http://pentest.cryptocity.net/exploitation/ Dino is a well know researcher and his video is pretty basic and is a good place to start for beginners. There are also many videos avaliable on Securitytube : http://securitytube.net/ It’s a site started by Vivek Ramachandran and has loads of info on Assembly,buffer overflows primers etc and lots of other info-sec related topics. This by no means are the complete set of resources available on the internet. Google and you’ll find a ton of info on writing exploits.
What Courses ?
Offensive security’s OSCP course is really a great course but only covers a small portion on how to write exploits.
They do have advanced courses so check that out too: http://www.offensive-security.com/
What to read ?
Finally do some reading. The Shellcoder’s handbook is a really good book so check it out. Others include : Hacking – The Art of Exploitation, 2nd Edition ,The Art of Assembly Language by Randall Hyde, Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton etc.
I hope this info has helped…if your a n00b at writing exploits this should help you fight your way to writing
exploits on your own. So all the best !
reference:http://psychsec.wordpress.com/2010/06/05/exploit-writing/
How difficult is it ?
Well the basic prequisites would be to know a bit of coding, dont get scared just the basic stuff. Pick one of the scripting languages like Perl or Python coz they’r really easy. You need to get some understanding of x86 memory architecture: heap,stack,registers etc. Most exploits are targeted at Windows as most of the bugs that researchers find exist in Windows. So check out windows memory internals also. Having knowledge of assembly language is certainly a plus but you will pick it up IMO when you start writing exploits. Also ensure you have a proper understanding of Buffer Overflows in general. Read Smashing the Stack for Fun and Profit by Aleph One (http://www.phrack.com/issues.html?issue=49&id=14) which appeared in Phrack Magazine Issue 49, although old is still one of the best resources out there.
Why write exploits ?
You’r conducting a pen-test or you’r a security researcher and you need to reliably exploit a particular vulnerability you have found. Publically available exploits may not be properly coded. Most exploits for example use return addresses and these addresses differ from one OS/service pack to another. So you cant just fire away a public exploit and crash your client’s servers. Making your own exploit also means that you can embed your own choice of payload (Msfpayload in Metasploit helps here)
Lab requirements ?
Ideally my choice would be to have a Linux based machine such as Back-Track (attacker) with a text editor and ur language of choice installed. The victim machine (for remote exploits) can be a virtual machine running windows in VMware,VirtualBox etc. You may need to write local exploits on the victim machine so perl/python etc may have be installed there as well. You will also need Debuggers (Olly or Immunity dbg’s are the best) and the vulnerable software installed. Your final exploit is just basically a long string so once you become a pro all you really need is a text editor to make that string.
How to learn ?
There is a lot of stuff now on the Internet. It wasnt the case earlier but many researchers have published tutorials,videos etc on how to write reliable exploits using various techniques. One of the best places you can start is to look at corelanc0d3r’s blog on writing exploits : http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/It’s very detailed and presented really simple. Anybody can pick this up. But the important thing is you get your hands dirty by checking out all the stuff on your own. Another resource on the internet is the exploit writing class videos by Dino Dai Zovi :http://pentest.cryptocity.net/exploitation/ Dino is a well know researcher and his video is pretty basic and is a good place to start for beginners. There are also many videos avaliable on Securitytube : http://securitytube.net/ It’s a site started by Vivek Ramachandran and has loads of info on Assembly,buffer overflows primers etc and lots of other info-sec related topics. This by no means are the complete set of resources available on the internet. Google and you’ll find a ton of info on writing exploits.
What Courses ?
Offensive security’s OSCP course is really a great course but only covers a small portion on how to write exploits.
They do have advanced courses so check that out too: http://www.offensive-security.com/
What to read ?
Finally do some reading. The Shellcoder’s handbook is a really good book so check it out. Others include : Hacking – The Art of Exploitation, 2nd Edition ,The Art of Assembly Language by Randall Hyde, Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton etc.
I hope this info has helped…if your a n00b at writing exploits this should help you fight your way to writing
exploits on your own. So all the best !
reference:http://psychsec.wordpress.com/2010/06/05/exploit-writing/
