Best langauge for coding 0day exploits???

[Cylar]

Hello i was wondering what programming langauge is best for coding exploits.

I know this is probably asked alot but people say one thing then another all the time

I know that python is great for coding hacking tools but for 0day exploits its all right was just wondering
if there was another thanks and sorry for the short thread.

[cyberdrifter]

Hello i was wondering what programming langauge is best for coding exploits.

I know this is probably asked alot but people say one thing then another all the time

I know that python is great for coding hacking tools but for 0day exploits its all right was just wondering
if there was another thanks and sorry for the short thread.

For general scripting python is awesome, easy to use and expand on. But it's a higher level language.



For writing 0-day exploits I'd say go with C, since memory management is left mostly to the programmer which means it's usually the one most prone to memory exploits (ie: buffer and stack overflows, etc).

[KingCasra]

You don't code 0day's, you find them and code scripts to exploit them. And I would use Python or Asm

[Phage]

Highly depends on the vulnerability. One wouldn't code an exploit for a SQL injection in ASM.

[Xires]

Highly depends on the vulnerability. One wouldn't code an exploit for a SQL injection in ASM.

Some of us might...just to be dicks. ;-P

@OP:
Historically, you use whatever you deem best to make the exploit as useful as possible.  An exploit coded in C may work wonderfully and quickly, but Python might make it easier to use on a target system.  PHP is fine for something that's quick & dirty but Ruby might be used instead to add it to an existing arsenal.  It really just depends on the situation.

[M4lwar3]

it really depends, but usually python or C++ will be good...

[ISLR]

Python with C_types. Or Pearl.

[kenjoe41]

Python with C_types. Or Pearl.

*Pearl?

[Spacecow]

Python with C_types. Or Pearl.

I love me a fresh pearl install on the open-oyster runtime. I'm so sorry, I just had to. I will go now...

[Plasma]

The answer is simple, its either python or C++. These are the best I know for coding exploits but don't quote me on that because I'm not that experienced with writing exploits.

[sh4d0w_w4tch]

You don't "code the exploit" unless you were putting a backdoor into software.  You find a 0 day vuln. and then write a program that can exploit it in an automated way to reduce the amount of work that pen testers would do themselves.

For example, if there's an SQL injection vulnerability in a WordPress plugin, you might write a Python script that would take  the location of the WordPress installation as input from the user and then automatically send the proper query to the vulnerable page.  It could include a series of options for doing things like dumping user info or creating a web shell.