Re: Developing an Exploit Code

[Nick Besant <lists () hwf cc>]

Dhruva Sagar wrote:
> On Nov 16, 2007 8:29 PM, Dev Null <devj.nullj () gmail com> wrote:
>   
> > Hello ALL
> >
> > I am trying to learn how an exploit code is developed. I have googled
> > for help but
> > did not arrive at anything useful. What I have is only poc's and
> > descriptions of vulnerabilities at various places. I would like to
> > learn how an exploit can be developed looking at a poc. Source of
> > existing exploits would prove helpful but I could not find anything.
> > It would really help if somebody can:
> >
> > 1- Point to a resource where I can read something about development of
> > exploit code.
> >
> > 2- Example source code of some existing vulnerabilities would really help.
> >
> >     
>
> There are a lot resources where you can find exploit codes.
> This one's one of my favourites, try it : http://milw0rm.com
>
> Regarding development of exploit code, well that's a pretty vague
> question...exploit codes are developed just like any other program. If
> you know how to program, in any programming language, you shouldn't
> find it difficult to learn how to develop exploit codes. Developing an
> exploit is the easy part my friend, it's find the vulnerability that
> takes the bulk of the effort.
>
> Exploit code simply exploits the vulnerability programmatically...hope
> it helps.
>   
> > Thanks all.
> >
> > --devj
> >     

Developing exploit code is (usually) an iterative process.  Once you 
have a vulnerability - as above, one of the harder parts of the process 
- you would proceed to write code specifically to exploit that 
particular vulnerability.

Exploit code is usually developed specifically for a single 
vulnerability and the process varies in complexity.  If you are 
performing a vulnerability assessment of an application and find some 
unexpected behaviour, then you would write code to attempt to exploit 
that specific behaviour; for instance, you may have noticed that a web 
application returns an unusual error when you send unexpected data, so 
you write some code to send various types / amounts of data to it to see 
if you can exploit this behaviour.  You then go through the process of 
refining it until you've got something that actually produces a result, 
although it's worth noting that not every issue discovered has a 
corresponding (useful) exploit.

E.g.;
1. Find vulnerability
2. Write some code to start sending data/changing things
3. Test the code
4. Modify the code
5. Repeat 3 and 4 until desired result achieved, patience exhausted, or 
no further avenues available.

I would suggest as a starter;

-old but still informative "Smashing the stack for fun and profit" (google)
-Update http://www.ethicalhacker.net/content/view/122/2/
-Metasploit

Understanding how vulnerability assessment tools work will also provide 
you with a place to start (e.g. 
http://www.darknet.org.uk/2007/01/burp-proxy-burp-suite-attacking-web-applications/)

Are you intending to find your own vulnerabilities to exploit or develop 
exploits to published vulnerabilities ?  If you're finding your own that 
you only need to work on your target environment, the process is a 
little simpler - you don't need to worry about environments with 
slightly different configurations etc.


Nick