Penetration Testing mailing list archives
Re: Launching exploits from C
From: "Justin Ferguson" <jnferguson () gmail com>
Date: Thu, 7 Sep 2006 20:02:00 -0700
Hi. Almost all of the whitepapers on the subject are focused on writing exploits in C, but it really doesn't matter what language you write it in- the only important part is that whatever language you write it in can interface with the vulnerable application and get the data where it needs to be in the format it needs to be. What I think you are asking however is for reading material and such that will help you better understand what you're doing exactly when you exploit an application. Naturally of course the original paper is quite good- and by that I am referring to Aleph1's Smashing the Stack for fun & profit, which of course only deals with stack based overflows that overwrite the return address- but it's a great start. When you read this, study how he writes his shellcode, there is a smaller and more efficient manner of accomplishing the same thing however I've always held the theory that it was written this way to further enforce what you were doing exactly. By far, the best writing on these subjects has been phrack, sadly however it's maintainers decided to stop writing it after all these years (or at least push it back underground), although you can find many archives of the long running zine online, a quick google search turned this up http://www.projectgamma.com/archive/zines/phrack/ . You will probably want to start reading them somewhere around phrack 48 or 49, but you should probably at least look at the TOC for earlier ones. Learn C, it will give you a better concept of programming, but don't stop there as soon as you have a good grasp on C learn assembly, it is where the magic happens and it will give you a firm understanding of the various section of memory in a binary image (i.e. .text, .data, .bss, et cetera). If you are feeling frisky, you may even consider learning assembly first as it will help with your comprehension of what is going on in C. Finally, and this is where you will learn the most- at some point stop reading, you don't realize how little you actually understand until you apply it, and even more you will find some items are quite dated and do not work as advertised (i.e. the 'original' heap overflow papers in phrack). By far the best resource for this has been Gera's insecure programming page, http://community.corest.com/~gera/InsecureProgramming/ . Check them out and write exploits for them, you will probably learn the most in abo 2, 3 and 4 at which point you will have a mostly firm grasp of things and at abo9 you stand a good chance of having your mind blown (at least I did). Hopefully this mostly answers your question, if you have more or you end up needing help along the way feel free to email me (within reason of course). I hope that helped some. Best Regards, Justin F. On 7 Sep 2006 21:34:20 -0000, infosecpentests () gmail com <infosecpentests () gmail com> wrote:
I am new to pentesting, I use metasploit and it has been great, I want to learn more on launching exploits that are in C right from C and compiling them and launching them instead of having to use metasploit. Any tutorials out there to launching exploits via python c or other waays other then using a framwork IE metasploit? Thanks@! --Sean ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Launching exploits from C infosecpentests (Sep 07)
- Re: Launching exploits from C mikeiscool (Sep 08)
- Re: Launching exploits from C Justin Ferguson (Sep 08)
- RE: Launching exploits from C Nish Bhalla (Sep 08)
- Re: Launching exploits from C gat0r (Sep 08)