There are increasing number of bloggers who like to share thier knowledge in exploit especially the topic on how to create and write your own exploit.
In this post, I would like to combine the exploits tutorial that I have came across. This is not the comprehensive collection but at least its a good starting point for exploits beginners.
David Hoelzer tutorial that is intended for application/software developers from SANS Institude. For application/software developers, the overall presentation is meant to explain the basic concept of buffer overflow, how does it occurs, how to exploit it using manual/automation way and create the exploit using metasploit and automate the exploitation process.
The source code of the vulnerable server can be found on his blog.
The video tutorials can be downloaded here
-- Reference: http://www.enclaveforensics.com/Blog/files/e6fb7327cb615688f90fc07656a3880d-28.html
I consider this as intermediate and focus more on the real application exploit. Lupin from The Grey Corner explains exploit from basic to intermediate level with step by step debugging. Here is the summary:
- Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
- SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
- Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
- Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
- Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
-- Reference: http://grey-corner.blogspot.com
Peter Van Eeckhoutte is the first one who started this exploit tutorial (at least he is the first one who has provided most comprehensive guides on exploit development and keeps updating from time to time that I have ever seen).
Peter Van Eeckhoutte
- Exploit writting tutorial part 1:Stack Based Overflows - http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- Exploit writting tutorial part 2: Stack Based Overflows - jumping to shellcode - http://www.corelan.be:8800/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
- Exploit writting tutorial part 3: SEH Based Exploits - http://www.corelan.be:8800/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
- Exploit writting tutorial part 3b: SEH Based Exploits - just another example - http://www.corelan.be:8800/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
- Exploit writting tutorial part 4: From Exploit to Metasploit - The basics - http://www.corelan.be:8800/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
- Exploit writting tutorial part 5: How debugger modules & plugins can speed up basic exploit development - http://www.corelan.be:8800/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
- Exploit writting tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR - http://www.corelan.be:8800/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
- Exploit writting tutorial part 7: Unicode - from 0x00410041 to calc - http://www.corelan.be:8800/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
- Exploit writting tutorial part 8: Win32 Egg Hunting - http://www.corelan.be:8800/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
- Exploit writting tutorial part 9: Introduction to Win32 shellcoding - http://www.corelan.be:8800/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
-- Reference: http://www.corelan.be:8800
If you have any nice exploit tutorials, please feel free to leave a comment here to share with others :)
- Part 5 from grey-corner [24/04/2010]