.

introduce me exploitation books

<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sat Feb 02, 2013 11:20 pm

introduce me exploitation books

Hi there.
I am really busy in these days i can't use this forum like before but i'll be back soon.

Well, i am learning c programming at Harvard unversity cs50 course. After some weeks I've developed some ciphers and ...

Now i know the basics about c. So please let me know if there is any books out there about writing exploits only with c that i can study after this course?

Thank you so much
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Sun Feb 03, 2013 12:09 am

Re: introduce me exploitation books

If you're looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You'll also find numerous exploitation tutorials on Google.
OSCP + OSCE
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Feb 03, 2013 12:15 am

Re: introduce me exploitation books

superkojiman wrote:If you're looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You'll also find numerous exploitation tutorials on Google.


Thanks kojiman. Is it good for beginner like me?
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Feb 03, 2013 3:15 am

Re: introduce me exploitation books

+1 for Hacking:AoE

Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.
The day you stop learning is the day you start becoming obsolete.
<<

hurtl0cker

User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Sun Feb 03, 2013 3:18 am

Re: introduce me exploitation books

Hey, take a look at the "Open Security Training" courses, esp. "Into to Software Exploits" by Corey K., thats a good place to start.

http://opensecuritytraining.info/Introd ... loits.html
Last edited by hurtl0cker on Mon Feb 04, 2013 8:33 am, edited 1 time in total.
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Feb 04, 2013 8:29 am

Re: introduce me exploitation books

superkojiman wrote:If you're looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You'll also find numerous exploitation tutorials on Google.


Hey Super kojiman I've bought the book its great man great!! It even teachs C programming language to the audience!! Thanks again.
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Feb 04, 2013 8:31 am

Re: introduce me exploitation books

ajohnson wrote:+1 for Hacking:AoE

Also hit up SecurityTube for assembly and exploitation instruction. Corelan and The Grey Corner have excellent tutorials as well.


Man thanks for your answer but i am busy in these days i don't have enough time to learn a super hard programming language called assembly!!!!! but thanks again maybe i'll go for it later.
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Feb 04, 2013 8:35 am

Re: introduce me exploitation books

hurtl0cker wrote:Hey, take a look at the "Open Security Training" courses, esp. "Into to Software Exploits" by Corey K., they are a good place to start.

http://opensecuritytraining.info/Introd ... loits.html


Goooood!

Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.

is exploits are written in C or not?? 
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

hurtl0cker

User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Mon Feb 04, 2013 8:39 am

Re: introduce me exploitation books

Goooood!

Thanks i am really more comfortable with videos but its needs a gigantic internet bandwidth but its ok thanks.

is exploits are written in C or not?? 



Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Feb 04, 2013 8:47 am

Re: introduce me exploitation books

hurtl0cker wrote:Open Security Training is like gold given for free but sadly the videos are wayyy tooo gigantic and the classes are in Assembly.


Well, I don't know assembly :'( so it is not useful for me
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Feb 04, 2013 1:46 pm

Re: introduce me exploitation books

Cyber.spirit wrote:Well, I don't know assembly :'( so it is not useful for me


You're going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn't mean that assembly isn't involved. More often than not, those are just the deliver mechanism for the exploit. You're going to have to get comfortable working in a debugger and understanding assembly. There's no way around it.
The day you stop learning is the day you start becoming obsolete.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Feb 04, 2013 3:10 pm

Re: introduce me exploitation books

ajohnson wrote:
Cyber.spirit wrote:Well, I don't know assembly :'( so it is not useful for me


You're going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn't mean that assembly isn't involved. More often than not, those are just the deliver mechanism for the exploit. You're going to have to get comfortable working in a debugger and understanding assembly. There's no way around it.


So ture.
I said i have no time to learn assembly for now. I just wanna learn to write some exploits with c then after a while i am going to learn assembly. Its better for me atleast i can write exploits with c
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

unicityd

User avatar

Full Member
Full Member

Posts: 174

Joined: Wed Sep 03, 2008 5:33 pm

Post Mon Feb 04, 2013 3:44 pm

Re: introduce me exploitation books

I just wanna learn to write some exploits with c


An exploits has two parts: there is a dropper/delivery program that can be written in C, Python, etc.  That is not complicated to write.  The real trick is finding the vulnerability, figuring out how to exploit it and developing the shell code.  You won't be able to do much without learning some assembly.  Without it, you can't customize shell code, debug using gdb/IDA/Olly, or use any non-trivial exploitation technique (e.g. return-into-libc). 
BS in IT: Security, CISSP, CEH. MBA in progress.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 370

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Feb 04, 2013 4:45 pm

Re: introduce me exploitation books

so you wanna say most or its better to say all of exploits are in assembly?

Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn't read it i just read the table of content) but if i am right tell me why it doesn't teach asembly instead of c its harder it needs more time.

Thanks for your help
Last edited by cyber.spirit on Mon Feb 04, 2013 4:48 pm, edited 1 time in total.
CEH - HackingDojo Shodan - CCNA - MCITP - Offensive Security WIFU - LPIC - MTCNA - SECURITY+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Feb 04, 2013 5:49 pm

Re: introduce me exploitation books

But don't despair Cyber.spirit, you really don't need to be an assembly guru in order to write exploits. I would say you only need limited knowledge to get you started.

Start with http://www.securitytube.net/groups?operation=view&groupId=6 then http://www.securitytube.net/groups?operation=view&groupId=5 and you will know more than what you need to write exploits.

What you really need is understand how operating systems work and learning a bit of assembly will help you a lot in understanding the registries, the stack, etc. And again, you really don't need to be good at assembly. Just write a few programs and you will be fine.

For the rest C, python, ruby, perl, etc are, like ajohnson said, only there to help you deliver your shellcode.

Good luck and post your questions!  ;)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
Next

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 4 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software