Compiling Exploits

[Trench_Rot]

Hello all,

I was wondering if anyone had or knew of any tutorials on compiling exploits (properly) in Linux. For example, I would like to experiment with the following exploit posted on FrSIRT.

http://www.frsirt.com/exploits/20060105.ms05-055.c.php

I understand the concept behind making it "go", but I lack the knowledge on how to technically build it and get it running. Some background so I don't get flamed for not knowing programming and asking a question like this... I deal mostly with network security in my job and as a hobby. I haven't had time to really dig into exploit building and/or programming. The main reason I would like to learn the basic knowledge to get an exploit such as this running is so I can do forensic inspection on the network traffic to make (useful) IDS signatures.

Any help, or direction to help would be appreciated. Thank you all.

[the_JinX]

Funny that you mention that url and wanting to compile it on linux..

Code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>

Looking at the includes Microsoft VisualC++ would be a better choice..

But most other exploits would be

Code:

gcc -o exploit exploit.c

And some compile flags (usualy found in the source comments).

Some good exploit writers also break their code slightly to stop scriptkiddies that don't read the comments (or don't understand them) from being able to use the exploit..

My short compiling software on linux tutorial might be helpfull if you have never heard of terms like gcc or make..

[Trench_Rot]

Haha, thanks for pointing that out. Like I said, I don't know much about programming.

Thank you for the quick tip and reference to your tutorial. I'm familiar with compiling open source software. I think I am just getting confused when the software isn't in the usual package I'm used to.

This should get me started.

Thank you.