RE: Launching exploits from C

From: Nish Bhalla (nish@securitycompass.com)
Date: Fri Sep 08 2006 - 15:39:19 EDT


I am not sure if you are looking to learn on how to write exploits, if you
are Security Forest has a list of good articles on how to write exploits /
modify exploits to get them to compile and run. Also I had written a series
of articles on writing stack based exploits for windows available from our
website under resources section.

Nish.

Nishchal Bhalla
Founder, Security Compass
http://www.securitycompass.com

 
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Justin Ferguson
Sent: Thursday, September 07, 2006 11:02 PM
To: infosecpentests@gmail.com
Cc: pen-test@securityfocus.com
Subject: Re: Launching exploits from C

Hi.

Almost all of the whitepapers on the subject are focused on writing exploits
in C, but it really doesn't matter what language you write it
in- the only important part is that whatever language you write it in can
interface with the vulnerable application and get the data where it needs to
be in the format it needs to be.

What I think you are asking however is for reading material and such that
will help you better understand what you're doing exactly when you exploit
an application. Naturally of course the original paper is quite good- and by
that I am referring to Aleph1's Smashing the Stack for fun & profit, which
of course only deals with stack based overflows that overwrite the return
address- but it's a great start.
When you read this, study how he writes his shellcode, there is a smaller
and more efficient manner of accomplishing the same thing however I've
always held the theory that it was written this way to further enforce what
you were doing exactly.

By far, the best writing on these subjects has been phrack, sadly however
it's maintainers decided to stop writing it after all these years (or at
least push it back underground), although you can find many archives of the
long running zine online, a quick google search turned this up
http://www.projectgamma.com/archive/zines/phrack/ . You will probably want
to start reading them somewhere around phrack 48 or 49, but you should
probably at least look at the TOC for earlier ones.

Learn C, it will give you a better concept of programming, but don't stop
there as soon as you have a good grasp on C learn assembly, it is where the
magic happens and it will give you a firm understanding of the various
section of memory in a binary image (i.e. .text, .data, .bss, et cetera). If
you are feeling frisky, you may even consider learning assembly first as it
will help with your comprehension of what is going on in C.

Finally, and this is where you will learn the most- at some point stop
reading, you don't realize how little you actually understand until you
apply it, and even more you will find some items are quite dated and do not
work as advertised (i.e. the 'original' heap overflow papers in phrack). By
far the best resource for this has been Gera's insecure programming page,
http://community.corest.com/~gera/InsecureProgramming/ . Check them out and
write exploits for them, you will probably learn the most in abo 2, 3 and 4
at which point you will have a mostly firm grasp of things and at abo9 you
stand a good chance of having your mind blown (at least I did).

Hopefully this mostly answers your question, if you have more or you end up
needing help along the way feel free to email me (within reason of course).
I hope that helped some.

Best Regards,

Justin F.

On 7 Sep 2006 21:34:20 -0000, infosecpentests@gmail.com
<infosecpentests@gmail.com> wrote:
> I am new to pentesting, I use metasploit and it has been great, I want to
learn more on launching exploits that are in C right from C and compiling
them and launching them instead of having to use metasploit. Any tutorials
out there to launching exploits via python c or other waays other then using
a framwork IE metasploit?
>
>
> Thanks@!
>
>
> --Sean
>
> ----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ----------------------------------------------------------------------
> --
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:55 EDT