EvilZone

Hacking and Security => Hacking and Security => : Traitor4000 September 05, 2013, 04:20:55 AM

: Exploit Writing
: Traitor4000 September 05, 2013, 04:20:55 AM

So i apologize that I am asking so many questions and not posting tutorials or thigns like that. Quite frankly I dont think im at a point where I shouls be teaching much to anyone because my information is spotty at best. So i can only hope others who have similar questions can learn from this as well. So for those of us who are at a point with your chosen language that you can write exploits Fist a. What is your process in writing an exploit (I figure you setup a test enviroment) then what I wouldnt know were to start even if I where fully comfortable with C. How so you identify parts of the softwarethat might be vulnerable. b. This is similar but what is your mindset (tought process) when your writing an exploit because it is different then writing a program. (Im sure both of these questons have opinionated answers because everyone might have a process that works for them).
-Note didnt really know what section to put this in

: Re: Exploit Writing
: Z3R0 September 05, 2013, 02:07:11 PM

I'll just drop these right here....:P

:

http://evilzone.org/video-tutorials/exploit-series-part-1-(intro)/
http://evilzone.org/video-tutorials/exploit-series-part-2-(1st-segment)/
http://evilzone.org/video-tutorials/exploit-series-part-2-(2nd-segment)/
http://evilzone.org/video-tutorials/exploit-series-part-3/
http://evilzone.org/video-tutorials/exploit-series-part-4/
http://evilzone.org/video-tutorials/exploit-series-part-5-(1st-segment)/
http://evilzone.org/video-tutorials/exploit-series-part-5/
Keep in mind, these videos are NOT all-inclusive, but they're enough to give you a general idea of how to start.

: Re: Exploit Writing
: RedBullAddicted September 05, 2013, 02:17:16 PM

In addition to what m0rph suggested:

https://www.corelan.be/index.php/articles/
- A lot of well-written exploit writting tutorials

http://evilzone.org/ebooks/t11265/msg62918/#msg62918
- By far the best book I know about the topic

Cheers,
RBA

: Re: Exploit Writing
: chapp September 05, 2013, 05:27:39 PM

If interested I could write up an article of the process of writing an exploit, and not just your simple stack-based buffer overflow.


I'm currently thinking of writing up a small introduction to ARM exploitation and writing ARM shellcode. This could potentially lead to a generic exploit article and afterwards applying it to an example in both ARM and x86.


Edit: This would be focused on a Linux environment, as I'm still in the learning phase when it comes to Windows.