Need Some Advice on Exploits!!

This topic has 5 replies, 5 voices, and was last updated 11 years, 5 months ago by goku12205.

Viewing 5 reply threads

Author

Posts
- August 13, 2009 at 9:05 pm #4120
  
  goku12205
  Participant
  
  Alright Hello everyone i’m new to this forum ;D
  Alright my question is Can someone give me a couple of good links
  or some good advice to learn more about exploits, i can find vulnerabilities but how can i exploit those vulnerabilities?
  
  Thank You 🙂 and have a good day!!
- August 13, 2009 at 10:35 pm #26079
  
  Anonymous
  Participant
  
  Someone told me that reading “The Shelcoders Handbook” or “HAcking: The Art of explatation” can get me started, so I am doing that… but if you want to read something online you can start with:
  
  http://insecure.org/stf/smashstack.html
  
  cheers
- August 14, 2009 at 1:19 am #26080
  
  putosusio
  Participant
  
  get metasploit, best of all its free.
- August 14, 2009 at 5:45 am #26081
  
  UNIX
  Participant
  
  Welcome to the forums, goku12205.
  
  What exactly do you mean by finding vulnerabilities? Do you mean it in the way that you know for example how to crash a certain program and would like to know if you can exploit it actually in this way (e.g. bufferoverflow), or that you find vuln. while scanning a network with tools such as nmap?
  
  If you are interested in writing exploits on your own it might be quite hard, depending on your skills so far. There are a couple of books available which focuses on exploits and may interest you:
  
  Writing Security Tools and Exploits
  Hacking: The Art of Exploitation, 2nd Edition
  Chained Exploits: Advanced Hacking Attacks from Start to Finish
  Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
  The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
  
  Smashing the Stack for fun and profit linked by celord is certainly worth a read too.
  
  If you are more interested in the second scenario, using existing exploits for known vulnerabilities, I would recommend to play around with Metasploit in your own lab.
- August 14, 2009 at 4:55 pm #26082
  
  RoleReversal
  Participant
  
  goku12205,
  
  welcome to the forums 😀
  
  The resources provided by Awesec are good, but personally I found them too much to start with exploits, even while reading I felt that exploits were black magic! I’d suggest you take a look at the EH-Net review of Ed Skoudis’ Counter Hack Reloaded, here. It contains a sample chapter from the book, which handily enough covers the low level of exploits. Everyone understands things differently but for me reading that chapter was what allowed me to ‘get’ exploits. After that the more advance/in-depth stuff makes more sense.
  
  Hope this helps
- August 15, 2009 at 12:14 am #26083
  
  goku12205
  Participant
  
  Thank You Everyone for ur good advice and i really apperchate the information thank you again
  
  My best regards to everyone
Author

Posts