September 20, 2012 at 10:45 am #7910manoj9372Participant
I got some doubts running in my mind ,so as usual i decided to post here.
I just finished my ccna,i had a tought when i am doing my ccna,
There are lots of local exploits being published for operating systems like linux and windows throught the year.
i)But the amount of bugs(local exploitation bugs such as an bof,stack offerflow,race condition bla bla) i had seen for the cisco ios is very rare,it is just an proprietary operating system
why there isn’t many such bugs for cisco ios ?
ii) i dont know what kind of security features make it special,as far as i have searched i had seen some presentations by fx phenoelit other than that i couldn’t find any promising materials regarding that ,for me it looks like an area which wasn’t explored much(just my personal view,correct me if i am wrong),why is this ?
iii)is there any materials for understanding the internal ios implementations and things ?
Next question is about how to structure my learning towards local exploitation?
here are the things i had done till now
i)studied operating systems concepts book by “operating system concepts silberschatz” till chapter 14(at least 3 times,so i feel i am ok with the os theory part)
ii)i feel i had good basic understanding about networks,i had completed ccna and rhce training.
iii)regarding coding i am just a novice,i just know what are things and for what it is used(just having some theoretical knowledge)
iv)have basic understanding of web-application technologies and attcks
1)i want some advice from you guys (just another guy asking this 1000th time)how can i continue from here to become good in writing local exploits and reverse engg?
2)what are the things i should start from here like learning processor,assembly,h/w etc.,i don’t know in which order i should begin,hope some one will clarify me..
September 20, 2012 at 12:26 pm #49990sh4d0wmanPPParticipant
No comment on the Cisco side but I am a bit on the same path as you. So I will share my methods with you but first I will tell a bit of my background so you can compare it to yours:
I grew up with an Amiga, played games on MS-DOS + Windows and when internet became popular my attention shifted to information security. I’m now 30 years old and the past 8 years I have hold the following positions: first-line support, system/network administration (Windows, Citrix, OS/400, Cisco) and finally security officer (risk assessment, policy/procedure writing, vuln. assessment/pentesting).
Exploit writing has always amazed me and had something mystical about it. I see it as the top of the security chain, since without these people breaking security is a lot harder. It consists of two phases: find a vulnerability, write a working exploit.
Right now I am trying to plan a good way to reach my goal. These are the steps I will take:
1: Research the various types of bugs that lead to vulnerabilites: (heap/stack buffer overflow, off-by-one, use after free, etc). When you understand these, the next step is to recognize them in a specific technology/implementation.
2 Pick a technology: Operating Systems (32vs64 bit, local vs remote), Smart-phones/Tablets, Embedded Hardware (printers, networked devices). Since they are all very different from eachother you need to focus all your effort on 1 technology in my opinion.
3: Read, read, read: learn the language, uncover how things truly work. Use books, system documentation, research from fellow peers.
4: Finding vulnerabilities: debugging/RE tool usage (gdb is pain in the *ss if you are used to GUI’s hehe), fuzzing, dissect patches, read published exploits and see what part it targeted and how it works, look for buffer overflow exploits and see if you can modify them to remote/local code execution, check if a vulnerability in a similar technology exists in ours as well. E.g. browser bug on OS also on smartphone?
5: Exploitation Phase: learn a scripting language to automate things, low level programming (assembly), metasploit (if you want to port your exploits to it), shellcoding + bad char identification + encoding, protection evasion (DEP, ASLR, EMET on windows)
1 Wikipedia has a nice overview of the various types of programming vulnerabilities: http://en.wikipedia.org/wiki/Software_bug
2 Read the book: A Bughunters Diary to see how people do vulnerability analysis
3 IO challenges at smashthestack.org They give you vulnerable sourcecode, spot what is wrong and exploit it. Very difficult when you start but very rewarding when you write your first exploit from scratch.
4 Specific information for Windows exploit writing: https://www.corelan.be/
5 Watch on securitytube: Assembly for Linux or Windows, GNU Debugger, Exploit Research, Linux Format String/BoF, consider the Python Scripting Class
That is a bit of info of the top of my head. If you update your post with the specific technology or OS you like to exploit it is easier to give more specific resources.
September 20, 2012 at 5:39 pm #49991manoj9372Participant
Thanks sh4d0wmanPP for your reply,
i dont have experience to my name as of now,
And i don’t have any plans or road maps in my mind,
what i am felt after reading the os book is understanding the theory part isn’t a big deal,i am much more interested in enrolling myself in some sort of LINUX/GNU programming course which covers from the basic of os development to kernel and driver development modules,
which i believe is the most essential part,because what ever the OS it is,as a exploiter we just need to jump from user mode to kernel mode,that would be our aim,
And people are saying you need to understand compilers,assembly language etc,i am not sure in which order i should learn it ???
What i am feeling now is i am looking for some non-programming related articles for understanding the very very basics of the reverse engineering,example like the one available in this forum.(just to create some interest myself)
when comes to finding ,coding and exploiting the local exploits which is the most preferred language being used ? i know there is python,c and others,i don’t know which would be best for the novice like me.
Thanks for the resources ;D
And i am much more interested in learning exploitation for windows and linux.
If you have the same interest as of me,why can’t we learn together ?
i would be happy to have some person with same interest as of me,
if you are interested send me a pm.
And do you have any road map like resources for “how to become an reverse engg”,that would help me a lot ;D
September 20, 2012 at 6:53 pm #49992shadowzeroParticipant
You can get away with writing basic exploits with basic knowledge of C and assembler, and some python or perl. If you’re new to programming, python is a good start. Read up on assembler in the background and once you’re familiar with python, start learning some C.
Get yourself a copy of Windows XP to practice on:
Here are some resources to start with:
I want to link you to Joe McCray’s slides from his presentation on exploit research for those just starting out, but it looks like the slides and videos aren’t up yet. In any case, they’ll probably end up here: http://www.slideshare.net/joemccray
September 20, 2012 at 10:08 pm #49993dynamikParticipant
There are vulnerabilities in IOS and other Cisco technologies: http://web.nvd.nist.gov/view/vuln/search-results?query=cisco&search_type=all&cves=on
Multiple lows, mediums, and highs were disclosed as recent as four days ago.
In addition to the resources above, I’d also recommend starting with the SecurityTube assembly and exploit development primers: http://www.securitytube.net/groups?operation=viewall&groupId=0
I’ll also recommend Joe’s presentation as a good starting point for exploit development: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9240.msg51669/topicseen,1/ It should answer a lot of your questions. The recording and slides were supposed to be up around 24 hours afterwards, but I haven’t seen them yet.
September 25, 2012 at 12:53 pm #49994GromicParticipant
Another great resource to get started with exploit, assembler & co is opensecuritytraining http://opensecuritytraining.info/Training.html
I found them a couple of days ago and already did their Intro x86 class, which I really liked a lot.
Haven’t seen them mentioned anywhere here on EHN yet, so I thought I share the link for anybody who wants to get started with assembly, exploits, rootkits and other fun stuff.
Their youtube channel is located here: http://www.youtube.com/user/OpenSecurityTraining/videos?flow=grid&view=1
- You must be logged in to reply to this topic.