learn about exploits

Printable View

March 3rd, 2004, 08:47 PM
tyfon

learn about exploits

Ok here is the deal...all these months i have been rtfming a lot..i am really interested in security of networks but so far i never tried to do sth more than reading and...scanning a couple of ip's...i think i should learn more things concerning the use of exploits and other ways to bypass systems not for playing or revenging but in order to learn more about security.. i constantly patch my linux box,i use firewall but i know nothing practical about the bypassing of firewalls so that i am able to take countermeasures..hope you get me...i have an old pentium I and a new pentium IV.. should i use them for experimenting ? and how exactly shall i do that (this is not a lame questino just a question of smb that tries to put into practise things he learnt without doing sth illegal)... and also how could i experiment on taking action remotely (bypassing firewalls.footprinting) without doing anything illegal? I hope you help me....
PS: i am not a scriptkiddie,haxxor,etc...see my posts
PS2: :confused:
PS3:i repeat it:i just want to learn in order to become better..i dont have other intentions :cool:
March 3rd, 2004, 09:45 PM
lepricaun

check these links for more info:
http://neworder.box.sk/
http://www.packetstormsecurity.org/

there are dozens more, but these will have something interesting for you, i think...
March 3rd, 2004, 11:58 PM
S3cur|ty4ng31

Do you know c?

A common exploit found are buffer overflows, if you have a grasp of c and computer architecture you could actually practice this. Im not sure how much of a value it would be to you. Its not like you can go thourgh your system find out all the process running, look at all there source codes, and determine if your system is safe. The only real value is if you are a coder and you want to make safe and secure programs, you will learn what not to do. Or if your a code auditor.

If your just wanted to know what the best way to protect you really need to understand the complete architecture of your network. Start with the firewall. You need to know this one like the back of your hand as it is usually the first line of defense.
March 4th, 2004, 01:11 PM
tyfon

Foa thanks...ok i just started learning c..concerning buffer overflows...i only know theoretically things...is there any good tute about how they specifically work?
PS:i checked the pages..a lot of stuff to read!thanks...
March 4th, 2004, 06:22 PM
S3cur|ty4ng31

GOOGLE -> "Smashing the stack for fun and profit"
GOOGLE -> "core-sec abo paper"

The first one is a really good paper that walks you through exploiting a simple buffer overflow, the second one goes into more advanced techniques.
March 4th, 2004, 06:41 PM
HDD

I recommend you surfing around on www.phrack.org a bit. There they have articles (such as the Smashing the stack for fun and profit).
Its also a good place to learn the theory behind things as opposed to just downloading script kiddie tools from random h4x0r sites.
March 5th, 2004, 05:44 PM
tyfon

thanks for links i just read them....now getting a bit more indepth....can i ask also sth else? I read about a new vulnerability in linux kernel concerning also my box...is thre anything i can do generally but waiting for suse to make a patch????thanks again for replies...:D
March 13th, 2004, 11:17 PM
WarTux

I would advise you to learn a programing language as well.
Perlscript/Perl/C/c++/Vb/Delphi/Cgi/Etc.
There are alot of exploits, That I have wrote utilizing "cgi".
There alot of tools for implenmenting expliots as well.
March 15th, 2004, 03:16 AM
tyfon

I learn programming that is not the deal...what i needed was to see some source codes and how they work...now things are better i think...:D
PS:could you PM your exploit in cgi????That would be of great assistance....
March 15th, 2004, 05:03 AM
mjk

http://www.securiteam.com/exploits/archive.html
http://www.hoobie.net/security/exploits/
http://www.k-otik.com/exploits/
http://www.netsys.com/cgi-bin/listfiles.cgi?c=3
http://www.outpost9.com/exploits/
http://www.phreak.org/html/exploits.shtml
http://www.linux-sec.net/Exploits/ (links to various exploit sites)

That is only a small fraction produced from a simple Google search of "exploits"

You could even refine the search to get results more specific to what you want to find.

Google is your best friend.

There are TONS of exploits there, all with source code (most of them anyways).

Have fun :)

Remember to keep it legal.

Later,

mjk
March 15th, 2004, 05:30 AM
UpperCell

Another good thing you could do is focus on learning the basics of how firewalls/packets/IDS etc work, so you can get an idea of how to get around them. Same thing with systems. if you want to learn to attack something. Learn everything you can about it. Focus on using the common things. You don't need to memorize the entire man page for goodness sake, all you need are the juicy, useful options. You can glean those from tutorials and such often. On the other hand, it's often good to focus on exploiting the less used, more abscure, and thus less scrutinized aspects of systems. Focusing on the exact parts you wish to attack. This is most convenient on Linux and the like of course, as you can view the source.

That's only if breaking into stuff is your goal though. If you can settle for being deffensive then there's nothing wrong with just downloading the Sigs from Snort and Symantec, and the patches from the vendors, following basic security practices, and running stuff like nessus and nikto against your systems regularly. Reading stuff like Hacking Exposed is something you can do if you want to get a tad more advanced. If you want some great advice from the masters on how to do what your attempting here's some Great Info (look for 'stepping into a security career' question) the and the interesting Hacker How-To. It is really all good advice.
March 16th, 2004, 12:19 AM
tyfon

Ok thanks uppercell i will read these docs......also thanks for advice on what to keep in mind when securing my box...i am running suse for a couple of monhts ad still trying to learn the ropes...:D...cheers
March 16th, 2004, 01:35 AM
th3>kLuTz

learning resources

hey there, I, like you have been rtfming for a while. I have 2 books that I will recomend because they help you learn the "hows and whys" of the exploits. Granted, the info in these books can be used for evil, but if you read and put to practice the "security side" of these books, they can teach you a lot. I have read both books cover to cover and have learned alot. The first book, is "Hacking Exposed -- 4th edition" and the second is "The Anti-hacker Toolkit" Both very good books and worth the money and time spent to learn... I hope that helps.

--th3>KluTz
March 18th, 2004, 06:41 PM
tyfon

...ehemmmm...do you know if i could find these books....for free?????Dont blame me but i cannot afford this kind of money....or could you maybe suggest some other (free) e-books? (on the particular topic pls of how exploits work because i have read so far many papers on hackin general)
Thanks in advance
(feel free to PM)
April 19th, 2004, 06:14 PM
counterspell

Phrack rocks. Buffer overflows are the best exploits, in my opinion. You put 'em together yourself, rather than using random "1337" DoS and stuff other people put together.