I want to know how I can make a exploit get gain remove access to a computer using a port / service. I don't not know we're I should start like what coding language would be best for this. Please help me
- thanks in advance
I want to know how I can make a exploit get gain remove access to a computer using a port / service. I don't not know we're I should start like what coding language would be best for this. Please help me
4 Responses
Python, Perl, Java, C
but how would go I about started to make one
Okay, well, be in for a long run, as exploit development is not an easy task.
FIRST: find a vulnerability for the service, either using an exploit database or making your own. If you can't find an already made vulnerability that works, here are the steps to finding a 0day:
Step 1: get a copy of the service
Step 2: disassemble the service, then try reverse engineering(matching assembly code to high level code.) or try finding vulnerability in assembly
Step 3: after you reverse engineering the code, find a vulnerability. This can take form of a stack or integer overflow, along with design flaws.
Step 4: after finding the vulnerability, write the exploit, here are a few tips:
any scripting language will do, be it C, or something else.
the basic layout of a buffer overflow exploit is this:
padding+return address+nops+shellcode
the padding is just junk, meant to push the return address to the EIP. Generally, you want to have padding from the first byte of data after the buffer to the address before the EIP. Second, you put the return address. This address is SUPPOSED to overwrite the EIP. Generally, it is in the sea of NOPS. The next component is the NOP sled. This is a large chunk of instructions that tell the machine to "do nothing." These are required, as memory addresses are pretty hard to pinpoint. I like putting 200 NOPS behind the shell code. Last, is the shellcode. This is ultimately what is going to give you shell. Integrating your own backdoor or shell code is preferred, but if you can't do that, then one already made will do fine. This is generally the process.
Thank's
Share Your Thoughts