Home page logo
/

basics logo Security Basics mailing list archives

Re: Developing an Exploit Code
From: "Dev Null" <devj.nullj () gmail com>
Date: Sat, 17 Nov 2007 19:53:34 +0500

Thanks for all the replies. This has really been helpful.

I would also like to get some clarification about the development process of
exploits for various platforms. I believe, the development of an exploit for a
web application /website should entail a different process than the process of
development of an exploit, say, for traditional applications like an ftp server?

Again further details of development of a web exploit should vary with the
underlying code used e.g. java, php, asp, etc?

Thanks for your help.

--devj

On 11/16/07, Nick Besant <lists () hwf cc> wrote:
Dhruva Sagar wrote:
On Nov 16, 2007 8:29 PM, Dev Null <devj.nullj () gmail com> wrote:

Hello ALL

I am trying to learn how an exploit code is developed. I have googled
for help but
did not arrive at anything useful. What I have is only poc's and
descriptions of vulnerabilities at various places. I would like to
learn how an exploit can be developed looking at a poc. Source of
existing exploits would prove helpful but I could not find anything.
It would really help if somebody can:

1- Point to a resource where I can read something about development of
exploit code.

2- Example source code of some existing vulnerabilities would really help.



There are a lot resources where you can find exploit codes.
This one's one of my favourites, try it : http://milw0rm.com

Regarding development of exploit code, well that's a pretty vague
question...exploit codes are developed just like any other program. If
you know how to program, in any programming language, you shouldn't
find it difficult to learn how to develop exploit codes. Developing an
exploit is the easy part my friend, it's find the vulnerability that
takes the bulk of the effort.

Exploit code simply exploits the vulnerability programmatically...hope
it helps.

Thanks all.

--devj


Developing exploit code is (usually) an iterative process.  Once you
have a vulnerability - as above, one of the harder parts of the process
- you would proceed to write code specifically to exploit that
particular vulnerability.

Exploit code is usually developed specifically for a single
vulnerability and the process varies in complexity.  If you are
performing a vulnerability assessment of an application and find some
unexpected behaviour, then you would write code to attempt to exploit
that specific behaviour; for instance, you may have noticed that a web
application returns an unusual error when you send unexpected data, so
you write some code to send various types / amounts of data to it to see
if you can exploit this behaviour.  You then go through the process of
refining it until you've got something that actually produces a result,
although it's worth noting that not every issue discovered has a
corresponding (useful) exploit.

E.g.;
1. Find vulnerability
2. Write some code to start sending data/changing things
3. Test the code
4. Modify the code
5. Repeat 3 and 4 until desired result achieved, patience exhausted, or
no further avenues available.

I would suggest as a starter;

-old but still informative "Smashing the stack for fun and profit" (google)
-Update http://www.ethicalhacker.net/content/view/122/2/
-Metasploit

Understanding how vulnerability assessment tools work will also provide
you with a place to start (e.g.
http://www.darknet.org.uk/2007/01/burp-proxy-burp-suite-attacking-web-applications/)

Are you intending to find your own vulnerabilities to exploit or develop
exploits to published vulnerabilities ?  If you're finding your own that
you only need to work on your target environment, the process is a
little simpler - you don't need to worry about environments with
slightly different configurations etc.


Nick



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]