Re: Developing an Exploit Code

["Dev Null" <devj.nullj () gmail com>]

Thanks for all the replies. This has really been helpful.

I would also like to get some clarification about the development process of
exploits for various platforms. I believe, the development of an exploit for a
web application /website should entail a different process than the process of
development of an exploit, say, for traditional applications like an ftp server?

Again further details of development of a web exploit should vary with the
underlying code used e.g. java, php, asp, etc?

Thanks for your help.

--devj

On 11/16/07, Nick Besant <lists () hwf cc> wrote:
> Dhruva Sagar wrote:
> > On Nov 16, 2007 8:29 PM, Dev Null <devj.nullj () gmail com> wrote:
> >
> > > Hello ALL
> > >
> > > I am trying to learn how an exploit code is developed. I have googled
> > > for help but
> > > did not arrive at anything useful. What I have is only poc's and
> > > descriptions of vulnerabilities at various places. I would like to
> > > learn how an exploit can be developed looking at a poc. Source of
> > > existing exploits would prove helpful but I could not find anything.
> > > It would really help if somebody can:
> > >
> > > 1- Point to a resource where I can read something about development of
> > > exploit code.
> > >
> > > 2- Example source code of some existing vulnerabilities would really help.
> >
> > There are a lot resources where you can find exploit codes.
> > This one's one of my favourites, try it : http://milw0rm.com
> >
> > Regarding development of exploit code, well that's a pretty vague
> > question...exploit codes are developed just like any other program. If
> > you know how to program, in any programming language, you shouldn't
> > find it difficult to learn how to develop exploit codes. Developing an
> > exploit is the easy part my friend, it's find the vulnerability that
> > takes the bulk of the effort.
> >
> > Exploit code simply exploits the vulnerability programmatically...hope
> > it helps.
> >
> > > Thanks all.
> > >
> > > --devj
>
> Developing exploit code is (usually) an iterative process.  Once you
> have a vulnerability - as above, one of the harder parts of the process
> - you would proceed to write code specifically to exploit that
> particular vulnerability.
>
> Exploit code is usually developed specifically for a single
> vulnerability and the process varies in complexity.  If you are
> performing a vulnerability assessment of an application and find some
> unexpected behaviour, then you would write code to attempt to exploit
> that specific behaviour; for instance, you may have noticed that a web
> application returns an unusual error when you send unexpected data, so
> you write some code to send various types / amounts of data to it to see
> if you can exploit this behaviour.  You then go through the process of
> refining it until you've got something that actually produces a result,
> although it's worth noting that not every issue discovered has a
> corresponding (useful) exploit.
>
> E.g.;
> 1. Find vulnerability
> 2. Write some code to start sending data/changing things
> 3. Test the code
> 4. Modify the code
> 5. Repeat 3 and 4 until desired result achieved, patience exhausted, or
> no further avenues available.
>
> I would suggest as a starter;
>
> -old but still informative "Smashing the stack for fun and profit" (google)
> -Update http://www.ethicalhacker.net/content/view/122/2/
> -Metasploit
>
> Understanding how vulnerability assessment tools work will also provide
> you with a place to start (e.g.
> http://www.darknet.org.uk/2007/01/burp-proxy-burp-suite-attacking-web-applications/)
>
> Are you intending to find your own vulnerabilities to exploit or develop
> exploits to published vulnerabilities ?  If you're finding your own that
> you only need to work on your target environment, the process is a
> little simpler - you don't need to worry about environments with
> slightly different configurations etc.
>
>
> Nick