forked from 4ZM/exploit_workshop
-
Notifications
You must be signed in to change notification settings - Fork 0
Sparvnastet/exploit_workshop
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
There are two programs, bomb.c and server.c. The program bomb.c runs locally and accepts input on stdin. It should be straight forward to exploit. The program server.c is a network server that listens for input on port 1337. Exploiting this program will take some more effort. There are three versions compiled for each program: _nx_ : Non executable stack (NX) and _nonx_ with executable stack. _can_ : With stack canaries and _nocan_ without canaries. *_nonx_nocan is the easiest to exploit. *_nx_nocan is trickier, but shouldn't be impossible.(1) *_nx_can is hard. Might be impossible. (1) If libc is in ASCII armored memory space. I.e. mapped into addresses containing a 0-byte. Then the _nx_ versions are much harder (impossible?) to exploit. Run make aslr-off to turn off ASLR (duh!). Turn it back on with make aslr-on. You will have to be root to do this. Exploiting with ASLR turned on is really, really hard. Don't forget to set up a firewall before experimenting with this. Block (at least) port 1337. The helper program wheres_the_stack_at can be run to get a hint on where the stack will be for your program. By running it multiple times it can also be used to verify that you have turned ASLR on or off.
About
Sample programs for the Exploit Workshop II
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 93.1%
- Ruby 6.9%