Protostar
After becoming familiar with binary exploitation principles through my Microcorruption series, we can begin practicing with more "real-world" examples. For this, I'll begin with a walkthrough of the Protostar exercises presented through exploit-exercises.com. The challenge here is to exploit familiar vulnerabilities (stack, format string, and heap) using a VM with an older version of Debian Linux installed that has not compiled its programs with any sort of modern exploit mitigation.
To get started, first download the ISO for Protostar from the downloads page of the site. Then, you'll want to download a VM software if you don't have one already. I use VMWare Workstation, which is free to use.
Lastly, if you're new to the Linux console or are otherwise not very comfortable with it, I recommend spending some time learning some of the more basic commands.
Here are my writeups, along with the topics introduced:
0x00 - Stack0 - stack buffer overflow to modify variables
0x01 - Stack1
0x02 - Stack2 - using Python to generate payloads; setting environment variables
0x03 - Stack3
0x04 - Stack4 - stack buffer overflow to modify return addresses and redirect code execution
0x05 - Stack5 - injecting shellcode and executing from the stack
0x06 - Stack6 - bypassing DEP with ret2libc
0x07 - Stack7 - return-oriented programming introduction
0x08 - Net0 - sending and receiving input using sockets
0x09 - Net1
0x0A - Net2
0x0B - Heap0 - heap buffer overflow to modify variables
0x0C - Heap1 - overwriting allocator internals for an arbitrary write
0x0D - Heap2 - "use-after-free" heap vulnerability
0x0E - Heap3 pt 1 - deep dive into glibc malloc internals and source code
0x0F - Heap3 pt 2
0x10 - Format0 - stack buffer overflow via format string vulnerability
0x11 - Format1 - writing to arbitrary address using format string vulnerability
0x12 - Format2
0x13 - Format3 - writing large values (32-bit addresses) to an arbitrary address
0x14 - Format4
0x15 - Final0 - putting it all together for a remote shell bind
0x16 - Final1 - remote format string vulnerability
To get started, first download the ISO for Protostar from the downloads page of the site. Then, you'll want to download a VM software if you don't have one already. I use VMWare Workstation, which is free to use.
Lastly, if you're new to the Linux console or are otherwise not very comfortable with it, I recommend spending some time learning some of the more basic commands.
Here are my writeups, along with the topics introduced:
0x00 - Stack0 - stack buffer overflow to modify variables
0x01 - Stack1
0x02 - Stack2 - using Python to generate payloads; setting environment variables
0x03 - Stack3
0x04 - Stack4 - stack buffer overflow to modify return addresses and redirect code execution
0x05 - Stack5 - injecting shellcode and executing from the stack
0x06 - Stack6 - bypassing DEP with ret2libc
0x07 - Stack7 - return-oriented programming introduction
0x08 - Net0 - sending and receiving input using sockets
0x09 - Net1
0x0A - Net2
0x0B - Heap0 - heap buffer overflow to modify variables
0x0C - Heap1 - overwriting allocator internals for an arbitrary write
0x0D - Heap2 - "use-after-free" heap vulnerability
0x0E - Heap3 pt 1 - deep dive into glibc malloc internals and source code
0x0F - Heap3 pt 2
0x10 - Format0 - stack buffer overflow via format string vulnerability
0x11 - Format1 - writing to arbitrary address using format string vulnerability
0x12 - Format2
0x13 - Format3 - writing large values (32-bit addresses) to an arbitrary address
0x14 - Format4
0x15 - Final0 - putting it all together for a remote shell bind
0x16 - Final1 - remote format string vulnerability