Code Monkey home page Code Monkey logo

exploit_me's Introduction

Vulnerabilities:

Level 1: Integer overflow
Level 2: Stack overflow
Level 3: Array overflow
Level 4: Off by one
Level 5: Stack cookie
Level 6: Format string
Level 7: Heap overflow
Level 8: Structure redirection / Type confusion
Level 9: Zero pointers
Level 10: Command injection
Level 11: Path Traversal
Level 12: Return oriented programming (ROP)
Level 13: Use-after-free
Level 14: Jump oriented programming (JOP)

Install on Debian/Ubuntu System:

  • Install needed tools on host (Ubuntu)
~$ cd exploit_me
~/exploit_me $ ./scripts/setup.sh
  • Some problems you may meet and their corresponding solutions:
(1) pip or pip3 command not found: sudo apt-get update
(2) Permission denied: sudo chmod +x exploit
(3) ...

Usage hints:

  • See hints.txt for a start.

  • For trying if it works : *** 32-Bit:

    $ ./bin/exploit

    *** 64-Bit:

    $ ./bin/exploit64

  • Example debugging session:

    $ sudo ./scripts/disableaslr.sh

    (Disable aslr, don't run if you want more fun) (Path dir1/dir2 needed in current exploit directory for Path Traversal vulnerability)

    In first terminal:

    *** 32-Bit:

    $ ./bin/arm exploit [levelpassword] [options] &
$ gdb-multiarch ./exploit
pwndbg> set architecture arm

    instead you can also add architecture in .gdbinit as "set architecture arm"

    *** 64-Bit:

    $ ./arm64 exploit64 [levelpassword] [options] &
$ gdb-multiarch ./exploit64
pwndbg> set architecture aarch64

    instead you can also add architecture in .gdbinit as "set architecture aarch64"

    *** Example .gdbinit

    set endian little
#set architecture arm
#set architecture aarch64
target remote :1234

  • GDB Basics:

    Use 
"si" to step into functions or 
"so" to step over functions, 
"info functions" to print all functions,
"p [function]" to print function address and information, if symbols exist
"b [function]" (Example: "b main" to set a breakpoint and "b *0x1234" to set a breakpoint at addr 0x1234, 
"c" to continue program, 
"x/[dwords]x" to print offsets, for example "x/4x 0x1234" and 
"x/[dwords]x $reg" to print register contents, for example "x/4x $sp". 
Using pwndbg, you can use 
"rop" to list rop gadgets, for example "rop --grep 'pop {r3'" to list gadgets which pop values from stack to r3. 
See https://github.com/pwndbg/pwndbg/blob/dev/FEATURES.md for more details !

  • After you've exploited correctly, you will see the password for the next level. So if level2 password would be "Level2": *** 32-Bit:

    $ ./bin/exploit Level2

    *** 64-Bit:

    $ ./bin/exploit64 Level2

exploit_me's People

Contributors

bkerler avatar hazardousparticle avatar lonnywong avatar xumesang avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.