Skip to content

4ZM/exploit_workshop

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

There are two programs, bomb.c and server.c.

The program bomb.c runs locally and accepts input on stdin. It should
be straight forward to exploit.

The program server.c is a network server that listens for input on
port 1337. Exploiting this program will take some more effort.

There are three versions compiled for each program:
_nx_ : Non executable stack (NX) and _nonx_ with executable stack.
_can_ : With stack canaries and _nocan_ without canaries.

*_nonx_nocan is the easiest to exploit.
*_nx_nocan is trickier, but shouldn't be impossible.(1)
*_nx_can is hard. Might be impossible.

(1) If libc is in ASCII armored memory space. I.e. mapped into
 addresses containing a 0-byte. Then the _nx_ versions are much harder
 (impossible?) to exploit.

Run make aslr-off to turn off ASLR (duh!). Turn it back on with make
aslr-on. You will have to be root to do this.

Exploiting with ASLR turned on is really, really hard.

Don't forget to set up a firewall before experimenting with
this. Block (at least) port 1337.

The helper program wheres_the_stack_at can be run to get a hint on
where the stack will be for your program. By running it multiple
times it can also be used to verify that you have turned ASLR on or
off.

About

Sample programs for the Exploit Workshop II

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published