- 博客(12)
- 收藏
- 关注
RSS订阅原创 The Heap: Once upon a free() - bin 0x17
Heap3This level introduces the Doug Lea Malloc (dlmalloc) and how heap meta data can be modified to change program execution.source code:#include <stdlib.h>#include <unistd.h>#include <string.h>#include <sys/types.h>#incl
2021-02-09 14:48:19
209
原创 The Heap: How do use-after-free exploits work? - bin 0x16
This level examines what can happen when heap pointers are stale.This level is completed when you see the “you have logged in already!” messagesource code:#include <stdlib.h>#include <unistd.h>#include <string.h>#include <sys
2021-01-28 17:55:29
125
原创 The Heap: How to exploit a Heap Overflow - bin 0x15
Heap1This level takes a look at code flow hijacking in data overwrite cases.#include <stdlib.h>#include <unistd.h>#include <string.h>#include <stdio.h>#include <sys/types.h>struct internet { int priority; char *
2021-01-10 19:41:09
128
原创 Format String Exploit and overwrite the Global Offset Table - bin 0x13
Format4format4 looks at one method of redirecting execution in a process.Hints:objdump -TR is your friendsource code:#include <stdlib.h>#include <unistd.h>#include <stdio.h>#include <string.h>int target;void hello().
2021-01-09 00:18:08
171
原创 Global Offset Table (GOT) and Procedure Linkage Table (PLT) - bin 0x12
got
2021-01-07 23:39:30
525
原创 A simple Format String exploit example - bin 0x11
format1This level shows how format strings can be used to modify arbitrary memory locations.Hints: objdump -t is your friend, and your input string lies far up the stack :) (you can use objdump -t to find all symbols fromthe binary)first of all,.
2021-01-07 21:39:05
190
1
原创 Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
stack6Stack6 looks at what happens when you have restrictions on the return address.This level can be done in a couple of ways, such as finding the duplicate of the payload ( objdump -s will help with this), or ret2libc , or even return orientated prog
2021-01-07 16:59:46
198
2
原创 First Exploit! Buffer Overflow with Shellcode - bin 0x0E
stack5Stack5 is a standard buffer overflow, this time introducing shellcode.This level is at /opt/protostar/bin/stack5Hints: at this point in time, it might be easier to use someone elses shellcode if debugging the shellcode, use \xcc (int3...
2021-01-07 01:52:13
187
原创 Buffer Overflows can Redirect Program Execution - bin 0x0D
stack3Stack3 looks at environment variables, and how they can be set, and overwriting function pointers stored on the stack (as a prelude to overwriting the saved EIP)Hints: both gdb and objdump is your friend whenyou determinewhere the win() functio..
2021-01-06 23:44:34
196
原创 Smashing the Stack for Fun and Profit - bin 0x0B
tools:protostar.iso (download:https://exploit.education/protostar/)Protostar introduces the following in a friendly way:Network programming Byte order Handling sockets Stack overflows Format strings Heap overflowsstack0This level introduces .
2021-01-06 17:44:36
146
原创 Uncrackable Programs? Key validation with Algorithm and creating a Keygen - bin 0x07 & 0x08
how to make it uncrackable?the first problem is, that the license key is inside the binary.we can use 'strings license_1' to extract all stings, and we find the key. (or hexdump)our first attempt to make it secure would be not have the key inside by
2021-01-05 22:53:23
109
原创 Simple Tools and Techniques for Reversing a binary - bin 0x06
Episode 0x06Tools:stringshexdumpobjdumpstraceltraceHopper Disassemblerradare2#include <string.h>#include <stdio.h>int main(int argc, char *argv[]) { if(argc==2) { printf("Checking License: %s\n", argv[1]); if(s
2021-01-05 17:28:23
94
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人