Dear readers,

We are happy to present you with the third edition of Starter-Kit Project. We continue supplying you with the articles on the basics of hacking and exploiting. Although we realeased StarterKit Compendium (can be found here: https://hakin9.org/ exploiting-for-beginners-exploiting-software-compendium/) only two weeks ago, we decided to go on with the topic and provide you with some more articles on that. All the articles published here are written by professionals who want to teach you exploiting techniques step-by-step. We are sure that after reading this publication you will master the art of exploiting software and that this art will come in handy. The articles address various topics among which you will find Metasploit, Reverse Engineering or Basic Exploiting Techniques.


Metasploit for Exploits Development: The Tools Inside The Framework
By Guglielmo Scaiola, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA

A lot of people use Metasploit to gain access to hosts and networks; sometimes in an ethical manner, and sometimes not. In some cases the operation is very simple. If you like the GUI versions, Rapid 7 professional or Armitage, for example, the attack is like a point and exploit activity. The post exploitation task and the pivoting are very simple, but not everyone knows the fact that the framework was developed for ALL of the exploit lifecycle. You start with fuzzing tools and end with usable and integrated modules. Today I want to point my focus to this second aspect of the framework.

A Quick Reference to Metasploit Framework
By Abhinav Singh, the author of “Metasploit penetration testing cookbook”

Metasploit is currently the most widely used and recommended penetration testing framework. The reason, which makes Metasploit so popular, is the wide range of tasks that it can perform to ease the work of penetration testing. Let’s start with a quick introduction to the framework and various terminologies related to it.

NMAP and Metasploit for MS-SQL Auditing
By Jose Ruiz, an IT instructor and Microsoft Certified Trainer teaching courses for both Microsoft and CompTIA certifications, a college professor

NMAP is the best network scanner tool that you can find, period. Also, Metasploit is the #2 security tool today according to sectools.org so it’s a must for any security professional. Both tools can help you find flaws that are present in your systems before the bad guys do. In this article we will learn how to use NMAP and Metasploit to scan and exploit an MS-SQL Server, as a bonus we will see how easy it is to set up an automated log to record your findings, so your reporting duties are a lot easier.


An Introduction to Exploiting Software
By Claudio Varini, a Ph.D in Computer Science from the University of Bielefeld

Software is basically a sequence of commands that are executed in the order the human programmer intended. However, humans are not perfect and software can contain bugs. A bug is a non-intended code sequence or a condition that someone never thought of when programming. A common bug is the off-by-one error. It essentially happens when programmers miscount by one. A famous off-by-one error was present in OpenSSH, a terminal-based software for secure communication.

A Beginners’ Guide to Software Exploitation
By Deepanshu Khanna, Linux Security Expert, Penetration Tester at “Prediqnous – Cyber Security & IT Intelligence”

In the world of IT (Information Technology) Security, software exploitation remains one of the leading hacker’s techniques over the past many years. This has actually led to the discovery of many attacks like BUFFER OVERFLOW, REVERSE ENGINEERING, XSS (Cross Site Scripting), Format String, and many more on the list. Now this paper has actually been divided into two parts. Part I explains the complete execution of stack overflow in which the defined size of the memory will be crashed and in Part II the backened part is shown with the help of a debugger GDB – GNU Debugger. This paper is generally being made for beginners so that they can have an initiation step into the field of software exploitation.

Software Exploits (ShellCode)

Software exploits are commands that take advantage of bugs or vulnerabilities in programs that cause unexpected behavior to occur. With this, attackers could gain control of information systems and try escalating their privilege after circumventing the control mechanisms. In this article we would delve into software exploits focusing on shell code. Shell code is a code used in exploiting software vulnerabilities via payloads which typically start as a command shell from which the attacker can control the compromised system. Shell codes are written in machine code. Shell code can be local or remote.

Exploiting Software
By Zain Ur Rehman, Malware Analysis, Vulnerability Examination/Exploitation, Reverse Engineering, Information Systems, Event Management, Data Leak Prevention, Encryption, Unified Thread Management, Intrusion Prevention and Multi-layered Security Solutions Expert

Software has become the main life stream of any system. Their use is crucial to organizations for integrity of their information and execution of work flow. Usually organizations have their software heavily modified or customized for their specific requirements. Before moving on to exploitation one must understand why software tends to go bad. First, software has complicated and complex lines of code. Even after Quality Assurance testing, there can be a number of bugs because there can be millions of lines of code.


Reverse Engineering – Debugging Fundamentals
By Eran Goldstein, the founder of Frogteam|Security, the creator and developer of “Total Cyber Security – TCS”

The debugger concept and purpose is to test and troubleshoot another written program. Whether the debugger is a simple script, tool or a more complex computer program the idea is to utilize it in order see and verify the functionality of the “target” program / application in such a form that one can see and understand via the debugger what is happening while the “target” program / application runs and especially when it stops.



April 19, 2022
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.