hi!

plz help me, ima newbie in exploiting, i need help, class, you are master in exploiting, plz say me where gets requests in exploits, i.e. in LSASS exploit, RPC DCOM EXPloit etc.. where exploiters gets req to send, they are sniffing it?? with what? and how?

i need your help, plz help, w8in' help

no pb , we are all noobs anyway.
When I was advanced noob into this like you, I was trying to understand all those exploiting stuff without real results, because I was trying to jump a step like you wich was to learn C.
So I have took SFind sources, learned C with it , (coded a new one by the way :D) and I came back on exploitation, and all was so easier to learn with C understanding. ALl that to say that you need to understand the basics of the C at least to do this, I m not saying that exploitation = C, but today, most papers, tutorials , are referring to the C, wich is I think the langage #1.

And once you understand the C, I recommand you to read "The Shellcoder's Handbook" by aitel,mehta,hassel,litchfield and cie.

Else to find req like you say, yeah the #1 tool I guess is Ethereal, you sniff between client <=> server, nor you identify wich protocol is running on the port as NDMP, RPC, SSL etc , and you look around the correct requests possible, nor harder, you debug the service, you send a large amount of datas to the ports and you debug steps at steps how the buffer is processed, nor you reverse engineer a patch released to go back to the vulnerable service and so on, t go back to the vuln, etc...

And once you understand the C, I recommand you to read "The Shellcoder's Handbook" by aitel,mehta,hassel,litchfield and cie.


Im working on the C part atm:P 1.August im starting as a System Administrator at a school(only apprentice), and when i was on the interview, the guy told me that there is alot of sparetime around winter time. He suggested that i got myself some hobby that i can do when im waiting for something to do at work:P My plan is to learn C\C++ and then later learn how Exploiting works and how to find bugs. I have already started on the C part of my plan, and i want to start get ready for the next part. sooo...

Anybody has a link for a ebook version of: "The Shellcoder's Handbook" ?

no there is no ebook of it nor it's a warez and you won't get it here.

no there is no ebook of it nor it's a warez and you won't get it here.
Guess im going to the used book store to see if im lucky then, my pay the next year will suck since im only a apprentice...

(havent checked the price on it yet:P but i bet its expensive :P)

no there is no ebook of it nor it's a warez and you won't get it here.
Guess im going to the used book store to see if im lucky then, my pay the next year will suck since im only a apprentice...

(havent checked the price on it yet:P but i bet its expensive :P)
You can get it for $31.50 on amazon :D
Maybe u can find it cheaper on other stores (online/real)
But it looks like it worths every penny

http://www.amazon.com/exec/obidos/tg/si ... 16-6576048 (http://www.amazon.com/exec/obidos/tg/sim-explorer/explore-items/-/0764544683/0/101/1/none/purchase/ref%3Dpd%5Fsxp%5Fr0/002-0769416-6576048)

On the same site as eXowle posted you also have "Hacking: The Art of Exploitation" by Jon Erickson. I recently saw this book in a shop, I did not actually read it but took a quick look at it.
It seemed to cover the basics pretty well (also more advanced functions)

do you read the rules?

no there is no ebook of it nor it's a warez and you won't get it here.


well there is one which published secretly and few people who really need this has it . in 95% countries you can easily go to a bookshop and request .
but in 5% there is no chance to buy such a book , so like the famous proverb " every instinct has an answer in our world" there should be an answer for people who need these thingz and dont have access to them .
this ebook(which doesnt have even a public ebook version) is counted as "warez!" , so "Dont bother me by your PMs"

have fun and go spend your money in the right way and respect the rulz !! :wink: