EH-Net

Hi there.
I am really busy in these days i can't use this forum like before but i'll be back soon.

Well, i am learning c programming at Harvard unversity cs50 course. After some weeks I've developed some ciphers and ...

Now i know the basics about c. So please let me know if there is any books out there about writing exploits only with c that i can study after this course?

Thank you so much

If you're looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You'll also find numerous exploitation tutorials on Google.

Thanks kojiman. Is it good for beginner like me?

+1 for Hacking:AoE

Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.

Hey, take a look at the "Open Security Training" courses, esp. "Into to Software Exploits" by Corey K., thats a good place to start.

http://opensecuritytraining.info/IntroductionToSoftwareExploits.html

Hey Super kojiman I've bought the book its great man great!! It even teachs C programming language to the audience!! Thanks again.

Man thanks for your answer but i am busy in these days i don't have enough time to learn a super hard programming language called assembly!!!!! but thanks again maybe i'll go for it later.

Goooood!

Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.

is exploits are written in C or not??   

Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.

Well, I don't know assembly :'( so it is not useful for me

You're going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn't mean that assembly isn't involved. More often than not, those are just the deliver mechanism for the exploit. You're going to have to get comfortable working in a debugger and understanding assembly. There's no way around it.

So ture.
I said i have no time to learn assembly for now. I just wanna learn to write some exploits with c then after a while i am going to learn assembly. Its better for me atleast i can write exploits with c

An exploits has two parts: there is a dropper/delivery program that can be written in C, Python, etc.  That is not complicated to write.  The real trick is finding the vulnerability, figuring out how to exploit it and developing the shell code.  You won't be able to do much without learning some assembly.  Without it, you can't customize shell code, debug using gdb/IDA/Olly, or use any non-trivial exploitation technique (e.g. return-into-libc). 

so you wanna say most or its better to say all of exploits are in assembly?

Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn't read it i just read the table of content) but if i am right tell me why it doesn't teach asembly instead of c its harder it needs more time.

Thanks for your help

But don't despair Cyber.spirit, you really don't need to be an assembly guru in order to write exploits. I would say you only need limited knowledge to get you started.

Start with http://www.securitytube.net/groups?operation=view&groupId=6 (http://www.securitytube.net/groups?operation=view&groupId=6) then http://www.securitytube.net/groups?operation=view&groupId=5 (http://www.securitytube.net/groups?operation=view&groupId=5) and you will know more than what you need to write exploits.

What you really need is understand how operating systems work and learning a bit of assembly will help you a lot in understanding the registries, the stack, etc. And again, you really don't need to be good at assembly. Just write a few programs and you will be fine.

For the rest C, python, ruby, perl, etc are, like ajohnson said, only there to help you deliver your shellcode.

Good luck and post your questions!  ;)

Just go through Hacking: AoE and it will make more sense. That book starts with C because you later break those programs down to assembly in a debugger and learn how to exploit them. It sounds complex when you've never done it before, but it becomes "obvious" once you spend some time with it.

AoE is an introduction to exploitation, but doesn't cover trickier exploits. If you've never written an exploit before, this is a good book to start with. However - you'll find that to exploit certain programs you encounter in the wild, you may need to write bits of assembly to get execution flow to hop around memory and eventually hit your shellcode. To do this, you'll need to know assembly.