Bugtraq mailing list archives

Exploit writing tutorials

From: Peter Van Eeckhoutte <peter.ve () corelan be>
Date: Tue, 10 Nov 2009 23:26:09 +0100

Hi all,

Just wanted to share the following links/tutorials on writing windows (stack based) exploits :

* Stack based overflows (direct RET overwrite) :
(Tutorial Part 1)
http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

* Jumping to shellcode :
(Tutorial Part 2)
http://www.corelan.be:8800/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/

* Stack based overflows - SEH
(Tutorial Part 3)
http://www.corelan.be:8800/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/

* Stack based overflows - SEH part 2
(Tutorial Part 3b)
http://www.corelan.be:8800/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/

* Writing Metasploit exploits
(Tutorial Part 4)
http://www.corelan.be:8800/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/

* Using debuggers to speed up exploit development
(Tutorial Part 5)
http://www.corelan.be:8800/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/

* Bypassing Stack Cookies, Safeseh, NX/DEP and ASLR
(Tutorial Part 6)
http://www.corelan.be:8800/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/

* Writing stack based unicode exploits
(Tutorials Part 7)
http://www.corelan.be:8800/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/



____________________________________________________

Peter Van Eeckhoutte
peter.ve () corelan be
____________________________________________________

My Blog : http://www.corelan.be:8800 (IPv4 and IPv6)
Twitter : http://www.twitter.com/corelanc0d3r
RIPE Handle PVE50-RIPE
a.k.a. c0d3r/c0d3rZ/corelanc0d3r on various forums
____________________________________________________



This transmission is intended only for use by the intended recipient(s).  If you are not an intended recipient you 
should not read, disclose, copy, circulate or in any other way use the information contained in this transmission.  The 
information contained in this transmission may be confidential and/or privileged.  If you have received this 
transmission in error, please notify the sender immediately and delete this transmission including any attachments.

Current thread:

Exploit writing tutorials Peter Van Eeckhoutte (Nov 12)
- Message not available
  - RE: Exploit writing tutorials Peter Van Eeckhoutte (Nov 12)