Relation between RE & exploit development

alexa · February 3, 2021, 1:22pm

hey everyone, hope your good
i just wanted to ask about this topic. although i know that reverse engineering is a must before going into exploitation and exploit writing …
but in case we already know the vulnerability, and we know what is it, from going to places like :
https://www.cvedetails.com/
https://www.exploit-db.com/

https://cve.mitre.org/
https://nvd.nist.gov/
and much more…
can we just pass reverse engineering in this situation ? or even with reference to these websites we still need to reverse engineer something here and there and figure it out ?
it is not discovering a new bug but just exploiting a known one. but if we must learn reverse engineering then what is the most required practice for it (to build exploits for vulnerabilities that are known), since right now i am cracking some challenges on crackmes.one and i don’t think this helps a lot.

thank you guys, and i hope you got the point.

jeff · February 4, 2021, 2:42am

The websites you mentioned contains public exploit for specific versions of certain vulnerable programs, with that being said,
an exploit for program A definitely won’t work for program B or even a different version of program A it self even if they all have the same type of vulnerability, why ? Because when a program slightly changes, some details which are crucial to the exploitation process changes as well, such as stack offsets ( in case you’re doing a stack based buffer overflow ) , or maybe there new code added/taken away to/from the program, or a new protection mechanism was used when compiling that program, and you’ll have reverse it to know what was changed, specially since you won’t always find the source code laying around, and even if you did you still have to debug/reverse it in order to grab addresses and to test your exploit, so yeah learning how to reverse will greatly help you to pwn, as for the other part of the question, I’ll leave it to other people here to answer

alexa · February 4, 2021, 4:09am

much respect man, i appreciate it , although the websites are not just for exploits. there is sometimes a good amount of links/references to people analyzed it (the vulnerability)
or papers about it…
anyways thank for the help i really appreciate it

alexa · February 9, 2021, 4:23am

well… after about a week, no one did replied rather than u, so if you know something to help me get in reverse engineering as a exploiting approach ill appreciate it, or a book that relates between both reverse engineering and exploit development

jeff · February 9, 2021, 10:15am

Hi, I highly encourage you to join the discord channel so you can discuss your questions with more experienced people, it’s a lot more active than here, you’ll find the discord link somewhere in this website

ricksanchez · February 9, 2021, 10:47am

Definitely join our Discord channel for a more dynamic discussion about this topic.

My 2 cents on this topic in addition to what @jeff already said:

Public bug/exploit databases are nice as a reference or to learn about specific bugs. But if you’re trying to develop your own exploit you either need to get good at static code analysis/code audit techniques if you’re targeting OSS (e.g. Linux Kernel, Chrome/ium, …). Alternatively, you more or less need to know how to start reversing the target of choice partially or in full. There is no way around that.
Only if you follow either of those approaches you’ll fully understand your target and uncover new vulnerabilities. Solely relying on the work of others will not get you on top of the game.

Just ask yourself: Would you rather look through these databases each and every day until you find a target + exploit combination that fits your needs or do you want to actively dig into some target to fully grasp its concepts to find potentially cool new stuff?

I’d always go with the latter.

alexa · February 9, 2021, 2:14pm

thank you, i got the point, i really appreciate your help, but is their a book about these topics, i mean relating reverse engineering with exploit development or tutorials that explain how to move from a to b and come up with the exploit . i searched a lot there is a lot but all are old and most of them just explaining buffer overflows. i would prefer a book to read and take notes from, if there any …
again thanks for your help

ricksanchez · February 10, 2021, 6:50am

To my knowledge there is no dedicated book that sets RE and exploit dev into that relation. RE is, from what I gathered, always a prerequisite when talking about exploit dev… I don’t even know if there’s a book about exploit dev in the first place (besides candidates like the Shellcoders handbook, or The Art of Exploitation, which give basic insight into shellcoding, RE and basic exploit techniques).

Your best bet is to start learning RE for the target architecture of choice by reading blog articles, write-ups and playing around with a disassembler/debugger… Eventually you’ll pick up exploit dev naturally if that’s your cup of tea.

alexa · February 10, 2021, 4:09am

thanks for the tip … im cracking some crackmes on https://crackmes.one/ if that will help

ricksanchez · February 10, 2021, 9:11am

Sure! To get started with RE doing crackmes or compiling your own code and checking what disassembly you get to understand the translation process from source → assembly is a valid method.