Skip to content

aleksa2808/buffer-overflow-exploits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
scenario1
scenario1
 
 
scenario2
scenario2
 
 
scenario3
scenario3
 
 
scenario4
scenario4
 
 
scenario5
scenario5
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 

Repository files navigation

buffer-overflow-exploits

This project contains several attack scenarios that demonstrate various ways of abusing buffer overflow vulnerabilities on an x86 architecture.

The provided scenarios are:

  1. Classic buffer overflow exploit with shellcode
  2. Abusing previous function stack frames
  3. Abusing C++ virtual table pointers
  4. Return-to-Libc attack
  5. Bypassing ASLR by leaking GOT addresses

Active protection measures for each of these scenarios are:

scenario canary NX ASLR
1
2 x
3 x
4 x
5 x x*

* target program is compiled without PIE

Usage

To set up the scenarios and start the VM, from the project root run:

vagrant up
vagrant ssh

After that, the exploits can be executed from each scenario's folder using the provided exploit_p$NUM.sh scripts.

Turning ASLR on/off

Since ASLR is implemented at the kernel level, the provided VM starts out without that feature enabled. To turn it on for the last scenario, run the following command:

echo 2 | sudo tee /proc/sys/kernel/randomize_va_space
     ^
(0 - disabled, 2 - enabled)

References

Shellcode used in the first 3 scenarios:
http://shell-storm.org/shellcode/files/shellcode-606.php

Helper tools available in the VM:
https://github.com/longld/peda
https://github.com/JonathanSalwan/ROPgadget

About

Exploitable VM for learning about buffer overflow attacks

Topics

c cpp exploit-exercises binary-exploitation buffer-overflow

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages