Home page logo
/

basics logo Security Basics mailing list archives

Re: Developing an Exploit Code
From: Nick Besant <lists () hwf cc>
Date: Fri, 16 Nov 2007 16:32:42 +0000

Dhruva Sagar wrote:
On Nov 16, 2007 8:29 PM, Dev Null <devj.nullj () gmail com> wrote:
Hello ALL

I am trying to learn how an exploit code is developed. I have googled
for help but
did not arrive at anything useful. What I have is only poc's and
descriptions of vulnerabilities at various places. I would like to
learn how an exploit can be developed looking at a poc. Source of
existing exploits would prove helpful but I could not find anything.
It would really help if somebody can:

1- Point to a resource where I can read something about development of
exploit code.

2- Example source code of some existing vulnerabilities would really help.


There are a lot resources where you can find exploit codes.
This one's one of my favourites, try it : http://milw0rm.com

Regarding development of exploit code, well that's a pretty vague
question...exploit codes are developed just like any other program. If
you know how to program, in any programming language, you shouldn't
find it difficult to learn how to develop exploit codes. Developing an
exploit is the easy part my friend, it's find the vulnerability that
takes the bulk of the effort.

Exploit code simply exploits the vulnerability programmatically...hope
it helps.
Thanks all.

--devj

Developing exploit code is (usually) an iterative process. Once you have a vulnerability - as above, one of the harder parts of the process - you would proceed to write code specifically to exploit that particular vulnerability.

Exploit code is usually developed specifically for a single vulnerability and the process varies in complexity. If you are performing a vulnerability assessment of an application and find some unexpected behaviour, then you would write code to attempt to exploit that specific behaviour; for instance, you may have noticed that a web application returns an unusual error when you send unexpected data, so you write some code to send various types / amounts of data to it to see if you can exploit this behaviour. You then go through the process of refining it until you've got something that actually produces a result, although it's worth noting that not every issue discovered has a corresponding (useful) exploit.

E.g.;
1. Find vulnerability
2. Write some code to start sending data/changing things
3. Test the code
4. Modify the code
5. Repeat 3 and 4 until desired result achieved, patience exhausted, or no further avenues available.

I would suggest as a starter;

-old but still informative "Smashing the stack for fun and profit" (google)
-Update http://www.ethicalhacker.net/content/view/122/2/
-Metasploit

Understanding how vulnerability assessment tools work will also provide you with a place to start (e.g. http://www.darknet.org.uk/2007/01/burp-proxy-burp-suite-attacking-web-applications/)

Are you intending to find your own vulnerabilities to exploit or develop exploits to published vulnerabilities ? If you're finding your own that you only need to work on your target environment, the process is a little simpler - you don't need to worry about environments with slightly different configurations etc.


Nick


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault