Exploit Exercises for Security Researchers
Infrastructure to create multi architecture environments with a collection of vulnerable binaries
ch00 - Stack Buffer Overflow
ch01 - Stack Buffer Overflow
ch02 - Stack Buffer Overflow
ch03 - Return Oriented Programming
ch04 - Buffer Overflow
ch05 - Format String
ch06 - Shellcode
ch07 - Return Oriented Programming
ch08 - Return Oriented Programming
ch09 - Return Oriented Programming
ch10 - Shellcode
ch11 - Heap Buffer Overflow
ch12 - Use After Free
ch00 - Stack Buffer Overflow
ch01 - Stack Buffer Overflow
ch02 - Stack Buffer Overflow
ch03 - Return Oriented Programming
ch04 - Buffer Overflow
ch05 - Format String
ch06 - Shellcode
ch07 - Return Oriented Programming
ch08 - Shellcode
ch09 - Heap Buffer Overflow
ch10 - Use After Free
Python 2.7
Docker
Example to generate i386 environment with ssh service on port 20000
git clone https://github.com/eLoopWoo/zenysec-exercises.git
cd zenysec-exercises
python main.py -d exercises-i386 -ca -r -p 20000 -a i386 -as no
Example to generate arm32v7 environment with ssh service on port 20000
git clone https://github.com/eLoopWoo/zenysec-exercises.git
cd zenysec-exercises
python main.py -d exercises-arm32v7 -ca -r -p 20000 -a arm32v7 -as no
The goal is to login via a basic user "exercise" and escalate privileges to a second user "exercise_root" and read the contents of a protected "flag" file. ( challenge name, user and password are equal in basic users )
Example for exercise ch00
user: ch00
password: ch00
user: ch00_root
password: default (unknown)
Compiled binaries located under "binaries" directory
Sources located under "exercises-architecture" directory (architecture dependant)
- Add more exercises ( integer, timing, heap corruption... )
- Add exercises with different malloc implementations ( glibc, jemalloc... )
- Add more architectures ( mips, risc-v, amd64... )
Create issues with the specific problem. Any further questions or requests Tweet me @tomereyz
- Tomer Eyzenberg - Initial work - eLoopWoo