Ethical Hacking
Exploit Writing
EC-Council
Copyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objective
� What are exploits?
� Prerequisites for exploit writing
� Purpose of exploit writing
� Types of exploit writing
� What are Proof-of-Concept and Commercial grade exploits?
� Attack methodologies
� Tools for exploit write
� Steps for writing an exploit
� What are the shellcodes
� Types of shellcodes
� How to write a shellcode?
� Tools that help in shellcode development
EC-Council
Copyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
Exploits Overview
Tools for Exploit
Attack Methodologies
Steps for
Exploit Writing
Shellcodes
Steps for
Shellcode Writing
Types of Exploit
Purpose of
Exploit Writing
Prerequisites
Issues Involve
In Shellcode Writing
Steps for
Shellcode Writing
EC-Council
Copyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Exploits Overview
� Exploit is a piece of software
code written to exploit bugs
of an application
� Exploits consists of shellcode
and a piece of code to insert it
in to vulnerable application
EC-Council
Copyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Prerequisites for Writing Exploits and
Shellcodes
� Understanding of programming concepts e.g. C programming
� Understanding of assembly language basics:
• mnemonics
• opcodes
� In-depth knowledge of memory management and addressing
systems
• Stacks
• Heap
• Buffer
• Reference and pointers
• registers
EC-Council
Copyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Purpose of Exploit Writing
� To test the application for existence
of any vulnerability or bug
� To check if the bug is exploitable or
not
� Attackers use exploits to take
adva