This topic contains 16 replies, has 6 voices, and was last updated by superkojiman 6 years, 10 months ago.
-
AuthorPosts
-
February 3, 2013 at 4:20 am #8186
Hi there.
I am really busy in these days i can’t use this forum like before but i’ll be back soon.Well, i am learning c programming at Harvard unversity cs50 course. After some weeks I’ve developed some ciphers and …
Now i know the basics about c. So please let me know if there is any books out there about writing exploits only with c that i can study after this course?
Thank you so much
-
February 3, 2013 at 5:09 am #51744
If you’re looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You’ll also find numerous exploitation tutorials on Google.
-
February 3, 2013 at 5:15 am #51745
@superkojiman wrote:
If you’re looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You’ll also find numerous exploitation tutorials on Google.
Thanks kojiman. Is it good for beginner like me?
-
February 3, 2013 at 8:15 am #51746
+1 for Hacking:AoE
Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.
-
February 3, 2013 at 8:18 am #51747
Hey, take a look at the “Open Security Training” courses, esp. “Into to Software Exploits” by Corey K., thats a good place to start.
http://opensecuritytraining.info/IntroductionToSoftwareExploits.html
-
February 4, 2013 at 1:29 pm #51748
@superkojiman wrote:
If you’re looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You’ll also find numerous exploitation tutorials on Google.
Hey Super kojiman I’ve bought the book its great man great!! It even teachs C programming language to the audience!! Thanks again.
-
February 4, 2013 at 1:31 pm #51749
@ajohnson wrote:
+1 for Hacking:AoE
Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.
Man thanks for your answer but i am busy in these days i don’t have enough time to learn a super hard programming language called assembly!!!!! but thanks again maybe i’ll go for it later.
-
February 4, 2013 at 1:35 pm #51750
@hurtl0cker wrote:
Hey, take a look at the “Open Security Training” courses, esp. “Into to Software Exploits” by Corey K., they are a good place to start.
http://opensecuritytraining.info/IntroductionToSoftwareExploits.html
Goooood!
Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.
is exploits are written in C or not??
-
February 4, 2013 at 1:39 pm #51751
Goooood!
Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.
is exploits are written in C or not??
Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.
-
February 4, 2013 at 1:47 pm #51752
@hurtl0cker wrote:
Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.
Well, I don’t know assembly :'( so it is not useful for me
-
February 4, 2013 at 6:46 pm #51753
@cyber.spirit wrote:
Well, I don’t know assembly :'( so it is not useful for me
You’re going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn’t mean that assembly isn’t involved. More often than not, those are just the deliver mechanism for the exploit. You’re going to have to get comfortable working in a debugger and understanding assembly. There’s no way around it.
-
February 4, 2013 at 8:10 pm #51754
@ajohnson wrote:
@cyber.spirit wrote:
Well, I don’t know assembly :'( so it is not useful for me
You’re going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn’t mean that assembly isn’t involved. More often than not, those are just the deliver mechanism for the exploit. You’re going to have to get comfortable working in a debugger and understanding assembly. There’s no way around it.
So ture.
I said i have no time to learn assembly for now. I just wanna learn to write some exploits with c then after a while i am going to learn assembly. Its better for me atleast i can write exploits with c -
February 4, 2013 at 8:44 pm #51755
I just wanna learn to write some exploits with c
An exploits has two parts: there is a dropper/delivery program that can be written in C, Python, etc. That is not complicated to write. The real trick is finding the vulnerability, figuring out how to exploit it and developing the shell code. You won’t be able to do much without learning some assembly. Without it, you can’t customize shell code, debug using gdb/IDA/Olly, or use any non-trivial exploitation technique (e.g. return-into-libc).
-
February 4, 2013 at 9:45 pm #51756
so you wanna say most or its better to say all of exploits are in assembly?
Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn’t read it i just read the table of content) but if i am right tell me why it doesn’t teach asembly instead of c its harder it needs more time.
Thanks for your help
-
February 4, 2013 at 10:49 pm #51757
But don’t despair Cyber.spirit, you really don’t need to be an assembly guru in order to write exploits. I would say you only need limited knowledge to get you started.
Start with http://www.securitytube.net/groups?operation=view&groupId=6 then http://www.securitytube.net/groups?operation=view&groupId=5 and you will know more than what you need to write exploits.
What you really need is understand how operating systems work and learning a bit of assembly will help you a lot in understanding the registries, the stack, etc. And again, you really don’t need to be good at assembly. Just write a few programs and you will be fine.
For the rest C, python, ruby, perl, etc are, like ajohnson said, only there to help you deliver your shellcode.
Good luck and post your questions! 😉
-
February 4, 2013 at 10:53 pm #51758
@cyber.spirit wrote:
so you wanna say most or its better to say all of exploits are in assembly?
Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn’t read it i just read the table of content) but if i am right tell me why it doesn’t teach asembly instead of c its harder it needs more time.
Thanks for your help
Just go through Hacking: AoE and it will make more sense. That book starts with C because you later break those programs down to assembly in a debugger and learn how to exploit them. It sounds complex when you’ve never done it before, but it becomes “obvious” once you spend some time with it.
-
February 4, 2013 at 11:13 pm #51759
AoE is an introduction to exploitation, but doesn’t cover trickier exploits. If you’ve never written an exploit before, this is a good book to start with. However – you’ll find that to exploit certain programs you encounter in the wild, you may need to write bits of assembly to get execution flow to hop around memory and eventually hit your shellcode. To do this, you’ll need to know assembly.
-
AuthorPosts
You must be logged in to reply to this topic.