Sunday, March 14, 2010

[TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate

Exploit Writting Tutorial From Basic To Advanced


There are increasing number of bloggers who like to share thier knowledge in exploit especially the topic on how to create and write your own exploit.

In this post, I would like to combine the exploits tutorial that I have came across. This is not the comprehensive collection but at least its a good starting point for exploits beginners.

BASIC

David Hoelzer tutorial that is intended for application/software developers from SANS Institude. For application/software developers, the overall presentation is meant to explain the basic concept of buffer overflow, how does it occurs, how to exploit it using manual/automation way and create the exploit using metasploit and automate the exploitation process.

The source code of the vulnerable server can be found on his blog.

The video tutorials can be downloaded here

-- Reference: http://www.enclaveforensics.com/Blog/files/e6fb7327cb615688f90fc07656a3880d-28.html


INTERMEDIATE

I consider this as intermediate and focus more on the real application exploit. Lupin from The Grey Corner explains exploit from basic to intermediate level with step by step debugging. Here is the summary:
  1. Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
  2. SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
  3. Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html 
  4. Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
  5. Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
 
-- Reference: http://grey-corner.blogspot.com


ADVANCED

Peter Van Eeckhoutte is the first one who started this exploit tutorial (at least he is the first one who has provided most comprehensive guides on exploit development and keeps updating from time to time that I have ever seen).

Peter Van Eeckhoutte

  1. Exploit writting tutorial part 1:Stack Based Overflows - http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
  2. Exploit writting tutorial part 2: Stack Based Overflows - jumping to shellcode - http://www.corelan.be:8800/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
  3. Exploit writting tutorial part 3: SEH Based Exploits - http://www.corelan.be:8800/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
  4. Exploit writting tutorial part 3b: SEH Based Exploits - just another example - http://www.corelan.be:8800/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
  5. Exploit writting tutorial part 4: From Exploit to Metasploit - The basics - http://www.corelan.be:8800/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
  6. Exploit writting tutorial part 5: How debugger modules & plugins can speed up basic exploit development - http://www.corelan.be:8800/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
  7. Exploit writting tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR - http://www.corelan.be:8800/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
  8. Exploit writting tutorial part 7: Unicode - from 0x00410041 to calc - http://www.corelan.be:8800/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
  9. Exploit writting tutorial part 8: Win32 Egg Hunting - http://www.corelan.be:8800/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
  10. Exploit writting tutorial part 9: Introduction to Win32 shellcoding - http://www.corelan.be:8800/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/

-- Reference: http://www.corelan.be:8800


If you have any nice exploit tutorials, please feel free to leave a comment here to share with others :)

Thanks!

Update:
- Part 5 from grey-corner [24/04/2010]

6 comments:

Peter Van Eeckhoutte said...

thanks for the links !
spread the word...
and stay tuned (there is more to come)

I also published a write-up on a 0day vulnerability I recently found
You can find the write-ups on the Offensive Security Blog :
http://www.offensive-security.com/blog/vulndev/quickzip-stack-bof-0day-a-box-of-chocolates/

x9090 said...

Hi Peter,

Thanks for your sharing again.

Lets keep the knowledge free.

Cheers!

x9090

Stephen Bradshaw said...

Thanks for the links x9090!

I have part 5 of the exploit tutorial series posted as well.

Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump

http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html

More are coming soon....

mr_me said...

nice work man, I have a few including a case study on a not so typical unicode vulnerability!

https://net-ninja.net/

Anonymous said...

Nice posts .

Corelan did the best tutorial for exploit development.

Respect to Peter(c0relanc0d3f)


Regards
http://c0nnect3d.blogspot.com

Unknown said...

oh.. nice article. I had learned something interesting with your post. thanks a lot. keep on updating.
http:/www.ecorptrainings.com