I want to know how I can make a exploit get gain remove access to a computer using a port / service. I don't not know we're I should start like what coding language would be best for this. Please help me
- thanks in advance
Forum Thread: How Do I Make a Exploit
- Hot
- Active
-
Forum Thread:
Gaining Access into the Victim's Whatsapp on Android
12
Replies
4 days ago -
Forum Thread:
Whatsapp Hack?
19
Replies
4 days ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
1 wk ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
3 wks ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
3 wks ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
2 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
2 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
2 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
3 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
3 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
3 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
3 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
3 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
4 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
4 mo ago -
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
5 mo ago -
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
6 mo ago -
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
6 mo ago -
Forum Thread:
How to Hack School Website
11
Replies
6 mo ago -
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
6 mo ago
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
Hack Like a Pro:
Reconnaissance with Recon-Ng, Part 1 (Getting Started)
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Target Bluetooth Devices with Bettercap
-
How To:
Find Passwords in Exposed Log Files with Google Dorks
-
How To:
Brute-Force FTP Credentials & Get Server Access
-
How To:
Gain Complete Control of Any Android Phone with the AhMyth RAT
-
How To:
Dox Anyone
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
Hack Like a Pro:
How to Scan for Vulnerabilities with Nessus
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Enumerate SMB with Enum4linux & Smbclient
-
How To:
Get Root with Metasploit's Local Exploit Suggester
-
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
-
How To:
Make Your Own Bad USB
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
4 Responses
Python, Perl, Java, C
but how would go I about started to make one
Okay, well, be in for a long run, as exploit development is not an easy task.
FIRST: find a vulnerability for the service, either using an exploit database or making your own. If you can't find an already made vulnerability that works, here are the steps to finding a 0day:
Step 1: get a copy of the service
Step 2: disassemble the service, then try reverse engineering(matching assembly code to high level code.) or try finding vulnerability in assembly
Step 3: after you reverse engineering the code, find a vulnerability. This can take form of a stack or integer overflow, along with design flaws.
Step 4: after finding the vulnerability, write the exploit, here are a few tips:
any scripting language will do, be it C, or something else.
the basic layout of a buffer overflow exploit is this:
padding+return address+nops+shellcode
the padding is just junk, meant to push the return address to the EIP. Generally, you want to have padding from the first byte of data after the buffer to the address before the EIP. Second, you put the return address. This address is SUPPOSED to overwrite the EIP. Generally, it is in the sea of NOPS. The next component is the NOP sled. This is a large chunk of instructions that tell the machine to "do nothing." These are required, as memory addresses are pretty hard to pinpoint. I like putting 200 NOPS behind the shell code. Last, is the shellcode. This is ultimately what is going to give you shell. Integrating your own backdoor or shell code is preferred, but if you can't do that, then one already made will do fine. This is generally the process.
Thank's
Share Your Thoughts