Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Launching exploits from C
From: "Justin Ferguson" <jnferguson () gmail com>
Date: Thu, 7 Sep 2006 20:02:00 -0700

Hi.

Almost all of the whitepapers on the subject are focused on writing
exploits in C, but it really doesn't matter what language you write it
in- the only important part is that whatever language you write it in
can interface with the vulnerable application and get the data where
it needs to be in the format it needs to be.

What I think you are asking however is for reading material and such
that will help you better understand what you're doing exactly when
you exploit an application. Naturally of course the original paper is
quite good- and by that I am referring to Aleph1's Smashing the Stack
for fun & profit, which of course only deals with stack based
overflows that overwrite the return address- but it's a great start.
When you read this, study how he writes his shellcode, there is a
smaller and more efficient manner of accomplishing the same thing
however I've always held the theory that it was written this way to
further enforce what you were doing exactly.

By far, the best writing on these subjects has been phrack, sadly
however it's maintainers decided to stop writing it after all these
years (or at least push it back underground), although you can find
many archives of the long running zine online, a quick google search
turned this up http://www.projectgamma.com/archive/zines/phrack/ . You
will probably want to start reading them somewhere around phrack 48 or
49, but you should probably at least look at the TOC for earlier ones.

Learn C, it will give you a better concept of programming, but don't
stop there as soon as you have a good grasp on C learn assembly, it is
where the magic happens and it will give you a firm understanding of
the various section of memory in a binary image (i.e. .text, .data,
.bss, et cetera). If you are feeling frisky, you may even consider
learning assembly first as it will help with your comprehension of
what is going on in C.

Finally, and this is where you will learn the most- at some point stop
reading, you don't realize how little you actually understand until
you apply it, and even more you will find some items are quite dated
and do not work as advertised (i.e. the 'original' heap overflow
papers in phrack). By far the best resource for this has been Gera's
insecure programming page,
http://community.corest.com/~gera/InsecureProgramming/ . Check them
out and write exploits for them, you will probably learn the most in
abo 2, 3 and 4 at which point you will have a mostly firm grasp of
things and at abo9 you stand a good chance of having your mind blown
(at least I did).

Hopefully this mostly answers your question, if you have more or you
end up needing help along the way feel free to email me (within reason
of course). I hope that helped some.

Best Regards,

Justin F.

On 7 Sep 2006 21:34:20 -0000, infosecpentests () gmail com
<infosecpentests () gmail com> wrote:
I am new to pentesting, I use metasploit and it has been great, I want to learn more on launching exploits that are in 
C right from C and compiling them and launching them instead of having to use metasploit. Any tutorials out there to 
launching exploits via python c or other waays other then using a framwork IE metasploit?


Thanks () !


--Sean

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]