Practical 'Hacking' Resources


Buffer Overflow Basics

One of the most commonly occuring security attacks is the 'buffer overflow'. This section describes the basics of buffer, heap, and stack overflows.

Smashing the Stack for Fun and Profit - One of the classic papers by Aleph One
How to write Buffer Overflows - Another classic paper by Mudge
Buffer Overflows - collection of papers on buffer overflows and related topics
Heap, Stack, and Buffer Overflows - another collection

Shellcode Basics

Once the buffer has been overflowed, the attacker needs to supply some code to be executed. This section describes the basics of how to create this 'shellcode'.

Designing Shellcode Demystified
lsd-pl - Writing shellcode for various architectures
Sined - Multi-platform shellcode examples
OpenBSD shellcodes - Shellcode examples for OpenBSD

Port/Vulnerability Scanning

Here is a collection of automated 'scanning' tools that are useful to both attackers and network administrators.

Top 75 Network Security Tools - Top 75 network security tools, according to Fyodor
Nmap - Port scanner (by Fyodor)
Nessus - Vulnerability scanner (by Renaud Deraison)
Nikto - CGI Scanner based on libWhisker (by Rain Forest Puppy)

Exploit Collections

These links contain pre-written exploits, often from underground origins. While these are interesting to look at, I advise taking precautions before running any of these on your machine. Also it's obvious that these, or any exploits, should not be used to break into any machines that don't belong to you.

Packetstorm Security - A reputable place to find advisories, tools, and exploits
Digital Information Society - Collection of tools and exploits
security.nnov.ru - Fairly updated collection of advisories and exploits
Fyodor's Exploit World - Slightly old collection of exploits, from the maker of nmap
Packet-X - Another exploit collection

Wargames

Here's where you can practice what you've learned..   legally!

HackersLab
RootWars Wargames
DataFort Hacking Contest
hack this site!
HH - List of Wargames
List of Wargames
Mod-X
Scan of the Month
Try2Hack
NGSEC security games