introduce me exploitation books

This topic contains 16 replies, has 6 voices, and was last updated by  superkojiman 6 years, 10 months ago.

  • Author
    Posts
  • #8186
     cyber.spirit 
    Participant

    Hi there.
    I am really busy in these days i can’t use this forum like before but i’ll be back soon.

    Well, i am learning c programming at Harvard unversity cs50 course. After some weeks I’ve developed some ciphers and …

    Now i know the basics about c. So please let me know if there is any books out there about writing exploits only with c that i can study after this course?

    Thank you so much

  • #51744
     superkojiman 
    Participant

    If you’re looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You’ll also find numerous exploitation tutorials on Google.

  • #51745
     cyber.spirit 
    Participant

    @superkojiman wrote:

    If you’re looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You’ll also find numerous exploitation tutorials on Google.

    Thanks kojiman. Is it good for beginner like me?

  • #51746
     dynamik 
    Participant

    +1 for Hacking:AoE

    Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.

  • #51747
     hurtl0cker 
    Participant

    Hey, take a look at the “Open Security Training” courses, esp. “Into to Software Exploits” by Corey K., thats a good place to start.

    http://opensecuritytraining.info/IntroductionToSoftwareExploits.html

  • #51748
     cyber.spirit 
    Participant

    @superkojiman wrote:

    If you’re looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You’ll also find numerous exploitation tutorials on Google.

    Hey Super kojiman I’ve bought the book its great man great!! It even teachs C programming language to the audience!! Thanks again.

  • #51749
     cyber.spirit 
    Participant

    @ajohnson wrote:

    +1 for Hacking:AoE

    Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.

    Man thanks for your answer but i am busy in these days i don’t have enough time to learn a super hard programming language called assembly!!!!! but thanks again maybe i’ll go for it later.

  • #51750
     cyber.spirit 
    Participant

    @hurtl0cker wrote:

    Hey, take a look at the “Open Security Training” courses, esp. “Into to Software Exploits” by Corey K., they are a good place to start.

    http://opensecuritytraining.info/IntroductionToSoftwareExploits.html

    Goooood!

    Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.

    is exploits are written in C or not?? 

  • #51751
     hurtl0cker 
    Participant

    Goooood!

    Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.

    is exploits are written in C or not?? 

    Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.

  • #51752
     cyber.spirit 
    Participant

    @hurtl0cker wrote:

    Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.

    Well, I don’t know assembly :'( so it is not useful for me

  • #51753
     dynamik 
    Participant

    @cyber.spirit wrote:

    Well, I don’t know assembly :'( so it is not useful for me

    You’re going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn’t mean that assembly isn’t involved. More often than not, those are just the deliver mechanism for the exploit. You’re going to have to get comfortable working in a debugger and understanding assembly. There’s no way around it.

  • #51754
     cyber.spirit 
    Participant

    @ajohnson wrote:

    @cyber.spirit wrote:

    Well, I don’t know assembly :'( so it is not useful for me

    You’re going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn’t mean that assembly isn’t involved. More often than not, those are just the deliver mechanism for the exploit. You’re going to have to get comfortable working in a debugger and understanding assembly. There’s no way around it.

    So ture.
    I said i have no time to learn assembly for now. I just wanna learn to write some exploits with c then after a while i am going to learn assembly. Its better for me atleast i can write exploits with c

  • #51755
     unicityd 
    Participant

    I just wanna learn to write some exploits with c

    An exploits has two parts: there is a dropper/delivery program that can be written in C, Python, etc.  That is not complicated to write.  The real trick is finding the vulnerability, figuring out how to exploit it and developing the shell code.  You won’t be able to do much without learning some assembly.  Without it, you can’t customize shell code, debug using gdb/IDA/Olly, or use any non-trivial exploitation technique (e.g. return-into-libc). 

  • #51756
     cyber.spirit 
    Participant

    so you wanna say most or its better to say all of exploits are in assembly?

    Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn’t read it i just read the table of content) but if i am right tell me why it doesn’t teach asembly instead of c its harder it needs more time.

    Thanks for your help

  • #51757
     caissyd 
    Participant

    But don’t despair Cyber.spirit, you really don’t need to be an assembly guru in order to write exploits. I would say you only need limited knowledge to get you started.

    Start with http://www.securitytube.net/groups?operation=view&groupId=6 then http://www.securitytube.net/groups?operation=view&groupId=5 and you will know more than what you need to write exploits.

    What you really need is understand how operating systems work and learning a bit of assembly will help you a lot in understanding the registries, the stack, etc. And again, you really don’t need to be good at assembly. Just write a few programs and you will be fine.

    For the rest C, python, ruby, perl, etc are, like ajohnson said, only there to help you deliver your shellcode.

    Good luck and post your questions!  😉

  • #51758
     dynamik 
    Participant

    @cyber.spirit wrote:

    so you wanna say most or its better to say all of exploits are in assembly?

    Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn’t read it i just read the table of content) but if i am right tell me why it doesn’t teach asembly instead of c its harder it needs more time.

    Thanks for your help

    Just go through Hacking: AoE and it will make more sense. That book starts with C because you later break those programs down to assembly in a debugger and learn how to exploit them. It sounds complex when you’ve never done it before, but it becomes “obvious” once you spend some time with it.

  • #51759
     superkojiman 
    Participant

    AoE is an introduction to exploitation, but doesn’t cover trickier exploits. If you’ve never written an exploit before, this is a good book to start with. However – you’ll find that to exploit certain programs you encounter in the wild, you may need to write bits of assembly to get execution flow to hop around memory and eventually hit your shellcode. To do this, you’ll need to know assembly.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?