Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: How Shall I learn Exploitation Techniques? Share/Save - My123World.Com!

  1. #1
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744

    How Shall I learn Exploitation Techniques?

    Hello Everyone!

    I believe the question been asked in the Subject falls under the same category when a newbie asks "How Shall I learn Hacking Techniques?".

    Here is an attempt to share with you all few tips and guidelines to begin the Exploitation venture.
    * Possibility is high that many geeks here would not agree fully with me, but that's the beauty of hacking domain...everyone learns in his own way!

    1. Do I need to know programming?: It's always good to have programming experience in hacking domain. Same applies to exploitation techniques as well, but not mandatory. Even without having programming experience you would be able to climb up few ladders.

    But to reach at a good level, you definitely need to learn programming.
    Reason: Who will find the vulnerability for you at the first stage?
    Answer: Fuzzing tools, Source code review, Reverse Engineering.

    Out of above stated 3 techniques to find vulnerabilities, only Fuzzing using available tools is the option for those who can not code. Moreover later on you'll find that available fuzzing tools are not meeting your requirements and you need to code something of your own!

    Conclusion: Programming skills are mandatory to become a good vulnerability researcher and exploit developer. Btw, now-a-days Python is hackers first choice. C, Perl are other few choices.

    2. OK, anyway I wish to taste the exploitation techniques:
    a) Do I need to know assembly? Oh man that scares me!!!

    Here I would seriously suggest to learn basic 8086 Assembly programming if you wanna go a long way learning exploitation techniques. If you simple wish to somehow manage to list your name once on some exploit database site, don't learn assembly.

    Reason: Don't you consider "shellcode" to be a part of exploit? Yeah I agree that metasploit is the best to generate them but it's all shellcodes get detected by AV's.
    Knowledge of assembly programming would help you in the following:
    1. Coding your own shellcodes, be them the simple ones or polymorphic shellcodes.
    2. Disassembling codes
    3. Reverse Engineering
    4. To get an inside view of how programs work, the state of registers, memory, stack, heap at the every step of flow of your program. And believe me, analyzing registers, stack, memory etc. is the most fascinating part.

    Enough being said to justify the points, lets proceed with the resource you should grab and start with in sequence:
    1. Assembly for Hackers Primer Video Series by Vivek Ramachandran
    The best series to start with to build up basics. It covers the following:
    a) Basics of registers, stack, memory etc
    b) Basics of using GDB (GNU DeBugger)
    c) Basics of the program flow and how the program execution effects the state of registers, stack etc.
    d) Basics of stack over flow exploits etc.
    Grab it from security tube.

    2. Programming from the Ground Up - by Jonathan Bartlett
    Reading first 100 pages serve the purpose and would be enough for a good start. Grab it for free on internet.
    The best thing about this book is that it's not biased towards Win32 Assembly or Linux Assembly. Instead the way the author has presented the programs/codes in this book gives you a deeper understanding of the activities (state of stack, registers) going on behind the curtains.
    Here I would like to mention that most of the tutorials you'll find on Win32 Assembly focuses on the development of GUI programs on windows and not on the internal state of various memory components

    3. 15 First Dates With Assembly Programming - by b0nd
    Might be a good one for revising the concepts and practice more assembly coding.

    3. Being covered the first two steps, you can proceed either with developing shellcode techniques or exploitation techniques.

    For both of them you need to follow a deep rabbit hole.

    I would like to list down few good resources for them:
    a) Exploitation Techniques series by Peter Van Eeckhoutte. An awesome series of tutorials which are easy to understand and practice with.
    http://www.corelan.be:8800/index.php/articles/

    b) The Art of Exploitation Part 1 and Part 2

    c) The Shellcoders Handbook Part 1 and Part 2

    d) Past, Present, Future of Windows Exploitation
    http://www.abysssec.com/blog/2010/05...-exploitation/ is a good resource of all the famous/popular and good articles on exploitation.

    e) From 0x90 to 0x4c454554, a journey into exploitation.
    Awesome Resoucres from scratch to Dive Deeper in rabbit hole to Learn Exploitation (Updated by Punter).

    http://myne-us.blogspot.com/2010/08/...rney-into.html

    f) Smashing the Stack in 2010 (Updated by Punter)
    http://5d4a.wordpress.com/2010/08/02...stack-in-2010/

    Few More Updates from (Updated by Punter)
    http://myne-us.blogspot.com/2010/08/...rney-into.html

    g) Getting a little deeper into BOF
    Parallel Learning #4To the end of the course and beyond)
    Find old exploits on Exploit-db download them, test them, rewrite them, understand them.

    [video]Exploitation from cryptocity.net
    Buffer overflow protection
    Wikipedia Executable space protextion
    Wikipedia DEP
    Wikipedia ASLR
    Purdue.edu: Canary Bit
    Corelan T6
    Bypassing Hardware based DEP
    Corelan T7
    Corelan T8
    Corelan T10
    Virtual Worlds - Real Exploits

    [GAME]Smash the stack wargaming network

    h) Heap overflow
    rm -rf / on heap overflow
    w00w00 on heap overflow
    [book][Book]Shellcoder's Handbook Ch4&5
    h-online A heap of Risk
    [video]Defcon 15 remedial Heap Overflows
    heap overflow: ancient art of unlink seduction
    Memory corruptions part II -- heap

    [book]Read the rest of Shellcoder's Handbook

    i) Exploit listing sites
    Exploit-DB
    Injector
    CVE Details
    Packetstorm
    CERT
    Mitre
    National Vulnerability Database

    (bonus: site that lists types of vulnerabilties and info)
    Common Weakness Enumberation

    The links and sources would never end and hence we would keep on adding them.

    So do you dare to exploit now!

    Remember: "Everyone Starts from Scratch"
    Last edited by b0nd; 08-23-2010 at 08:17 AM. Reason: Merged Punter's updates on the same, keeping all links in single post
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  2. #2
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Good , bond why don't you make this little more big and write a e-book-> "Starting hacking form A-Z"
    Hacking Is a Matter of Time Knowledge and Patience

  3. #3
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2
    gr8 post mate

  4. #4
    InfoSec Consultant the_empty's Avatar
    Join Date
    Jul 2010
    Location
    the blue no-where
    Posts
    155
    Blog Entries
    2
    that is something really beautiful. With a strong guideline like this we shall BOOST ourselves.... really nice share
    ACCESS is GOD

  5. #5

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    Hire a Hacker by the Night and Hire a Chief Security Officer (CSO) by the Day.

  6. #6
    as usual great share b0nd bro

  7. #7
    b0nd s post are always awesome

  8. #8
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    exhaustive and excellent collection of links ...
    thanx for this gr8 share !
    In the world of 0s and 1s, are you a zero or The One !

  9. #9
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    A table of references >>
    References to vulnerability exploitation stuff.

    * 1. How to use this wiki
    o 1.1. Required knowledge
    o 1.2. What to start with
    o 1.3. Actual vs outdated topics
    o 1.4. Types of references
    * 2. Exploiting vulnerabilities
    o 2.1. Stack overflow
    o 2.2. Heap exploitation
    o 2.3. Return oriented attacks
    o 2.4. Integer vulnerabilities
    o 2.5. Format strings
    o 2.6. Other cases
    * 3. Bypassing filters, mitigations and other limitations
    * 4. Shellcode writing
    * 5. Tools and projects
    * 6. Uncategorized
    * 7. Other collections, wiki's, etc.
    * 8. Posters and other graphics
    http://code.google.com/p/it-sec-cata...i/Exploitation
    In the world of 0s and 1s, are you a zero or The One !

  10. #10
    did anybody tried to look into Fuzzers? If not, then please start doing that. Its the best way to find an exploit in an application/...etc.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •