fbpx
4.55 out of 5
4.55
10 reviews on Udemy

Hands-on Exploit Development (Advanced)

Learn advanced techniques of creating exploits
Instructor:
Uday Mittal
195 students enrolled
Advanced techniques of creating exploits such as Egg Hunters, ASLR Bypass etc.
Writing Unicode compatible exploits
How to do long and short jumps in exploits
How to do stack pivoting
Fuzzing through Spike, Peach Fuzzer, FilFuzz and BooFuzz
Creating Peach Pits and BooFuzz scripts

This course builds upon my another course, Hands-on Exploit Development.

It will teach you advanced techniques of exploiting a buffer overflow  vulnerability. Egg hunters, ASLR bypass, Stack Pivoting are some of the techniques covered in this course.

It follows the six stages of exploit development and  gives a detailed walk-through of each. Each module starts by identifying  the vulnerability via fuzzing. You’ll learn, server fuzzing  (using Spike) and file format fuzzing (using Peach Fuzzer). It then shows  you how to create a PoC to trigger the vulnerability and convert that  PoC into a working exploit.

Through this course you will get  introduced to various tools such as Immunity Debugger, Mona library for  Immunity Debugger, Metasploit, msfvenom, Spike, Peach Fuzzer and much  more.  This course is designed to be short and concise yet packed with  practical knowledge.

Each video includes learning resources (in  video) and associated files (pdf slides, fuzzing scripts, peach pit python script  etc.). You can just follow along and create a working exploit. It’s that  simple.

Module 1 (Egg Hunters)

1
Introduction

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned: 

Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/

Immunity Debugger: https://www.immunityinc.com/products/debugger/

Mona Library: https://github.com/corelan/mona

Vuln server (target software): https://github.com/stephenbradshaw/vulnserver

Sublime Text Editor: https://www.sublimetext.com/ 

Virtual Box: https://www.virtualbox.org/wiki/Downloads

VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html

Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html

2
Fuzzing

This video gives an overview of fuzzing and then demonstrates how to fuzz a server using Spike fuzzer

3
PoC Creation

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

4
Controlling the execution

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

5
Bad character analysis

In the video, we identify the bad characters which might break our final payload. 

6
Cracking the shell

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 

Module 2 (ASLR Bypass + Stack Pivoting)

1
Introduction

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned: 

Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/

Immunity Debugger: https://www.immunityinc.com/products/debugger/

Mona Library: https://github.com/corelan/mona

Peach Fuzzer: https://sourceforge.net/projects/peachfuzz/

CoolPlayer+ Portable (target software): https://www.exploit-db.com/apps/3279a02f72b3c5ec5870e7b0b19d2305-CoolPlayer219_Bin.zip

Sublime Text Editor: https://www.sublimetext.com/ 

Virtual Box: https://www.virtualbox.org/wiki/Downloads

VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html

Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html


Note: Instead of FileFuzz we'll be using Peach Fuzzer in this module

2
Fuzzing

This video gives an overview of fuzzing and then demonstrates how to fuzz an application using Peach fuzzer

3
PoC Creation

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

4
Bad character analysis

In the video, we identify the bad characters which might break our final payload. 

5
Controlling the execution (ASLR Bypass)

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

6
Controlling the execution (Stack Pivoting)

In this video, we'll enhance the PoC created in the previous part to carve out a long jump via Stack Pivoting. 

7
Cracking the shell

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 

Module 3 (Unicode)

1
Introduction

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned: 

· Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/

· Immunity Debugger: https://www.immunityinc.com/products/debugger/

· Mona Library: https://github.com/corelan/mona

· File Fuzz: https://filefuzz.software.informer.com/2.0/

· Alpha2 Encoder: https://github.com/haxtivitiez/Alpha2-encoder

· Triologic Media Player 8: https://www.exploit-db.com/apps/4e68d370d54180157bf1b578407848f4-triomp8setup.exe

· Sublime Text Editor: https://www.sublimetext.com/

· Virtual Box: https://www.virtualbox.org/wiki/Downloads

· VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html

· Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html

2
Fuzzing

This video gives an overview of fuzzing and then demonstrates how to fuzz an application using File Fuzz

3
PoC Creation

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

4
Controlling the Execution (SEH Overwrite)

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application using SEH overwrite technique

5
Controlling the execution (Aligning register for shellcode)

In this video, we'll enhance the PoC created in the previous part to align a CPU register for the final payload shellcode.

6
Bad character analysis

In the video, we identify the bad characters which might break our final payload. 

7
Cracking the shell

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 


Link to download Alpha2 encoder: https://github.com/haxtivitiez/Alpha2-encoder

Assignment: NetSetMan 4.7.1

1
Develop a working exploit for NetSetMan 4.7.1

Module 4 (Limited Buffer Space / Function Reuse)

1
Introduction

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

2
Fuzzing

This video gives an overview of fuzzing and then demonstrates how to fuzz an application using BooFuzz

3
PoC Creation

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

4
Controlling the execution

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

5
Bad character analysis

In the video, we identify the bad characters which might break our final payload. 

6
Cracking the shell (First-stage payload)

In this video, we will enhance our exploit by developing and integrating the first stage payload  shellcode.

7
Cracking the shell (Second-stage payload)

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 

8
Bonus: BooFuzz Installation

This video covers the installation of BooFuzz, fuzzing framework, on Kali Linux 2018.1 and Microsoft Windows 7 SP1 (32-bit)

You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don`t have an internet connection, some instructors also let their students download course lectures. That`s up to the instructor though, so make sure you get on their good side!
4.6
4.6 out of 5
10 Ratings

Detailed Rating

Stars 5
6
Stars 4
3
Stars 3
0
Stars 2
1
Stars 1
0