Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Need help with starting to learn about exploits.

  1. #11
    Member
    Join Date
    May 2009
    Posts
    102

    Default

    Quote Originally Posted by Lincoln View Post
    A great resource on learning buffer overflows can be found on the BackTrack wiki.

    https://wiki.remote-exploit.org/back...er%20Overflows

    The reversing for newbies is a pretty interesting series of videos. I only downloaded the first one, but the video is meant for you to work along side Ollydbg using specific files that come with the tuts so you can follow step by step.
    There is no substitute for learning it the hard way, every bit of detail. The assembly primer video mentioned about the system organization, but only touched on sort of high level stuffs.

    Ever wonder what a processor is made of? Silicon? Transistors? Logic gates? How about pipelining, dynamic execution, x86 or MMX/SSE3? I'm sure you've heard of all these terms. Ever wonder what they mean? I/O devices, I/O port space, micro controllers, drivers, interrupts, what are they? Registers, instruction pointers, 64bit, x86 ISA, branch prediction, it's cool if you know something about them. Operating systems, boot loader, processes, threads, context switching, user/kernel mode, trap instructions, system calls, dlls, ring 0? Any idea what they are?

    There's so many things to learn. If you're really serious about becoming a l33t h4x0r or a vulnerability researcher someday. Start reading about computers now. Read, read, read... Everything! As in everything about computers! Stop watching youtube videos "how to hack wifi". Get a few of those patterson/hennesy computer architecture books, operating systems books, C programming and assembly. Spend some time reading wikipedia articles, I'm sure you will find a lot of interesting stuffs there. Don't get bored, don't be lazy. You'll be rewarded handsomely someday.

    There is just so many things to learn about computers. I took Information Technology course in college and learned only about 5% of it. Man, I should have started programming when I was just about 6 years old. By the time I reached 12, I could have published several IE exploits already.

  2. #12
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by wif1bust3r View Post
    Man, I should have started programming when I was just about 6 years old. By the time I reached 12, I could have published several IE exploits already.
    Couldn't agree with you more on this statement. My ability to learn has been a lot tougher in my adult life than when I was young (thanks alcohol). I think I've read the same C book 6 times .

    To the OP, there is a ton of information out there, not only on this site but Google will send you to hundreds of links on this topic. I always throw this out there but the Offsec class is another great place to start. The class details from writing exploits to reverse engineering. Check out the course syllabus, worth checking out imo.

  3. #13
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by wif1bust3r View Post
    Start reading about computers now. Read, read, read... Everything! As in everything about computers! Stop watching youtube videos "how to hack wifi". Get a few of those patterson/hennesy computer architecture books, operating systems books, C programming and assembly. Spend some time reading wikipedia articles, I'm sure you will find a lot of interesting stuffs there. Don't get bored, don't be lazy. You'll be rewarded handsomely someday.
    I agree and disagree with this. Read everything? No, don't do that. There's more information out there on computers than anyone could possibly assimilate, you cant learn it all and you shouldn't try to. Reading a lot is important, but you have to read selectively, on subjects that interest you and that will help you get to where you want to go.

    You also cant just read and expect to be any good, you have to DO the work as well. Reading alone achieves nothing. Actually doing what you read about reinforces theoretical knowledge, helps you correct any bad assumptions and fills in gaps in your knowledge. So watching youtube videos CAN be helpful, as long as you make an effort to understand whats being done and you put in effort so you can change or extend the process as required.

    Like you I do wish I had started in this much earlier than I did.

    Back to the main topic, here are some more good references on exploitation (mostly writing exploits) that I found on the weekend

    http://www.corelan.be:8800/index.php...rity/exploits/
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #14
    Member
    Join Date
    May 2009
    Posts
    102

    Default

    Quote Originally Posted by lupin View Post
    I agree and disagree with this. Read everything? No, don't do that. There's more information out there on computers than anyone could possibly assimilate, you cant learn it all and you shouldn't try to. Reading a lot is important, but you have to read selectively, on subjects that interest you and that will help you get to where you want to go.
    Definitely. You don't have to learn how a mouse is manufactured or IEEE drafts Internet standards. Just read about something whenever it interests you. Only those that are related to writing exploits if that's your goal.



    You also cant just read and expect to be any good, you have to DO the work as well. Reading alone achieves nothing. Actually doing what you read about reinforces theoretical knowledge, helps you correct any bad assumptions and fills in gaps in your knowledge.
    Experience of course is also a requirement. Makes me wonder, what if I started programming and learning exploits at 6? But I don't have a system administration or penetration testing experience yet at that time. I probably would not have a clear goal yet. How would I know about metasploit, securityfocus, or backtrack? Perhaps I would just end up hanging out in one of those ccpower channels just like the other kid here who asked how to crack his neighbor's AP to get a free Internet.

  5. #15
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by lupin View Post
    You also cant just read and expect to be any good, you have to DO the work as well. Reading alone achieves nothing. Actually doing what you read about reinforces theoretical knowledge, helps you correct any bad assumptions and fills in gaps in your knowledge.
    To expound on the above not only reading and doing the work, try writing about your findings. It does not have to be here, but a personal blog or heck a notebook and pen works too. Writing tutorials that you can later refer to or if you decide to publish them also concretes your learning. If you can teach someone else to do such things then one can generally say "I have mastered X".
    It also leads to a personal satisfaction knowing that you started with limited or no knowledge on a subject and can the regurgitate it into a form that others can learn from it. Forum member AnActivist has a great thread that shows his learning, and findings that is a great example of what I am talking about.
    Cheers and good luck
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #16
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by archangel.amael View Post
    To expound on the above not only reading and doing the work, try writing about your findings. It does not have to be here, but a personal blog or heck a notebook and pen works too. Writing tutorials that you can later refer to or if you decide to publish them also concretes your learning. If you can teach someone else to do such things then one can generally say "I have mastered X".
    This is a good point, having to write about something you have done or teach it to someone else gives you a different perspective on the topic that can really deepen your understanding of the subject.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #17
    Junior Member DeadlyFoez's Avatar
    Join Date
    Jul 2009
    Posts
    42

    Default

    If this helps you folks understand where I come from, I am a computer repair tech and I started my own business after being laid off from my last job. I am extremely good at what I do. I dont have my A+ or a MSCP yet, but I have enough knowledge to get those without taking the courses, just not enough money. I know it is a WHOLE different world when getting into things like penetration testing. I've been around computers since I was 9, and I'm 28 now. My first computer was a 486/DX 33 Mhz, 2 mb of RAM. I started learning QBasic back then and grasped it very well, but when I try to jump into C or any other language then I am overwhelmed.

    But, I build computers constantly for customers, and can do almost anything that someone asks of me. I do have a very good understanding of many things, just not down to the code and protocol levels.

    Anyone know off the top of their head what the prerequisites are for the offsec course?? Would I need more knowledge than what I already have to take that course and similar courses?

    This is something that I greatly want to do in the future, unfortunately, i have disabled children that require me to put all my free money into treatment for them, which is why I'm trying to learn on my own until I can save money.

    Thank you all for your information. I greatly appreciate it.

  8. #18
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default

    Quote Originally Posted by pingu View Post
    Quote:
    ""I would have figured "manually" or "write my own" meant the same thing.
    Please explain more.""

    Manually using exploits or writing your own are 2 different things.

    Manually using an exploit
    You can download a suitable exploit from milworm and compile it using gcc, then use it against a target. This requires no programming knowledge.

    Writing your own exploit
    This would suggest your finding a new vulnerability and writing Proof of concept code.

    Clearly writing your own exploit can be difficult
    When downloading an exploit and compiling it, in wich directory should I put it for fast-track to find it?

  9. #19
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by DeadlyFoez View Post
    but I have enough knowledge to get those without taking the courses, just not enough money.
    Look for grants and loans online. The work is not easy but it can pay off. There maybe even a program that would help someone like you out based on your familial status.

    but when I try to jump into C or any other language then I am overwhelmed.
    Then maybe learning C is too much right now. Try bash scripting light and easy there are several good guides that will help you along. The beginner and advanced bash scripting guides come to mind. Search google for them. Then move on to something like python or whatever.
    Anyone know off the top of their head what the prerequisites are for the offsec course??
    Check here Information Security - Training Courses Certification There are course syllabi for the courses and these have loads of good information to help you out. Also talk with KMDave here or others on the irc channel, they can help answer specific questions.
    This is something that I greatly want to do in the future, unfortunately, i have disabled children that require me to put all my free money into treatment for them, which is why I'm trying to learn on my own until I can save money.
    I mean not offense here but maybe when you first found out about the above you thought "how will I make it?", or something along those lines. My guess is that so far you have done it and are doing it. So taking courses, and or learning/doing anything else is only a matter of going for it.
    Good luck.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #20
    Junior Member
    Join Date
    Jan 2010
    Posts
    34

    Default

    Listen....

    You must THINK,
    ANYONE CAN LEARN OLD STUFF.

    The exploits that no one knows about are the best. why???

    People who discover new things didn't get taught those things, tho probably how to figure things out.

    Also, if you find yourself getting bored, it probably isn't for you.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •