Forum Thread: Can Anyone Make a Tutorial About Exploit Development? And What Is the Best Scripting Language for Hacking?

1) Exploit development is not for super humans, exploit development is just as every else development. Every dev has its concepts. I'd first suggest you to understand what exploits do, then watching someone that does that, and then try it on your own. According to the second question I'd say you didn't try a lot, because when you know how to do things like that, you don't (at least that's my theory).

2)Nowadays hacking website is almost impossible, only the ones who are into it with their soul can find every day new exploits and 0 days, and they are not going to tell you sooner. A lot of websites have XSS vulnerabilities, Javascript bad code, ecc...

But probably not the one you are looking to exploit.

The thing is: when someone discovers a new exploit, the vendors of the product exploited already know that, because 1) it has been published, so someone told them 2) hackers don't earn money just by stealing (well, almost sadly), but selling their exploits or working on closing security holes (what we are trying to do here, I hope).

3)That's easy: most of the Kali Linux tools (correct me if I'm wrong), are written in Python, and python is good because it's a high level programming language (medium-high? it's definitely not low), but has a good handling of memory (is that?). Metasploit modules are written in ruby (as my mind remembers). Last but not least, the old freind C never dies.

Hope this helped.

Thank you Ciuffy. That was a lot of info. I'll keep those in mind.

Is there a place or a book where I can study exploit dev?

I know some about C programming. It's not a scripting language right? so how do people hack by programming with C?

Some days ago I found some interesting book on this, one in particular I'd suggest:
"Gray Hat Python"

Also, if you want to learn more about exploit dev, guides on Metasploit are some of the best resources, see "Metasploit Unleashed" (it's a free guide online, here:http://www.offensive-security.com/metasploit-unleashed/Main_Page), "Metasploit, a penetration tester guide" (book, the key of the Metasploit's doors) and "Metasploit penetration tester's cookbook" (a book synthesis of Metasploit functions, even if OTA always says that there's no cookbook for hackers, and that's true).

For the second question, you are right.

I studied C a long time ago, and haven't tried anything at all about hacking with C, but I'd say that the general definition says everything: "C is general purpose". You can do everything and nothing with C, according to your "C and its libraries" knowledge. Honestly, I don't know any "consistent" example of C hacks programming, because, even if general purpose, IMO its purposes usually stand out in the Local field (but hey, I'm not an expert here, there could be someone screaming "you are totally wrong!" in a reply post soon).

So, If, as it looks like to me, your objective is developing exploits, I'd suggest you to first study and try a lot in your local laboratory (I know that's obvious, but that's what I'm doing everyday right now and learning is SO satisfying ), read books (that's what you asked, so you're going in the right direction), and then try your own, starting form little things like little overflows in programs (fuzzing your own programs for example), then slowly achieving the web domain ;)

Good luck!

Wow that was a huge help! ^^ thanks. I'll take note of these.