Exploitation Primitives

CSE 598 - Spring 2024

Prior modules introduced specific vulnerabilities or exploitation techniques that can be used to gain the ability to read, write, or influence control flow. These types of exploits can be categorized into exploitation primitives:

Arbitrary Read
Arbitrary Write
Arbitrary Call

This module explores how to create and leverage reusable exploitation primitives.

These primitives will need to be repeatedly used to "pivot" around memory. This "pivoting" can turn a pointer leak into almost any memory address a skilled hacker desires.

Lectures and Reading

A short read on some methods used in pivoting around memory.

Challenges

Create and use arbitrary read primitives to read from the .bss.

Create and use arbitrary read primitives to read from a thread's heap.

Create and use arbitrary read primitives to read from a thread's stack.

Create and use arbitrary read primitives to read from the .bss, now with PIE.

Create and use arbitrary read primitives to read from the environment.

Create and use arbitrary read primitives to read from the main heap.

Create and use arbitrary read/write primitives to obtain the flag.

Create and use arbitrary read/write primitives with less control of the heap.

Create and use arbitrary read/write primitives with less control of the heap II.

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank		Hacker	Badges		Score

Exploitation Primitives

CSE 598 - Spring 2024

Lectures and Reading

Advanced Exploitation: Introduction

Advanced Exploitation: Heap Address Disclosure via Race Conditions

Advanced Exploitation: In-Memory Forensics

Advanced Exploitation: Exploit Primitives

Advanced Exploitation: End-to-End Pwnage

Class - Robert - 2024.02.20

Office Hours - Robert - 2024.02.23

Further Reading

Challenges

level1.0

level1.1

level2.0

level2.1

level3.0

level3.1

level4.0

level4.1

level5.0

level5.1

level6.0

level6.1

level7.0

level7.1

level8.0

level8.1

level9.0

level9.1

level10.0

level10.1

30-Day Scoreboard:

Exploitation Primitives

CSE 598 - Spring 2024

Lectures and Reading

Advanced Exploitation: Introduction

Advanced Exploitation: Introduction

Advanced Exploitation: Heap Address Disclosure via Race Conditions

Advanced Exploitation: Heap Address Disclosure via Race Conditions

Advanced Exploitation: In-Memory Forensics

Advanced Exploitation: In-Memory Forensics

Advanced Exploitation: Exploit Primitives

Advanced Exploitation: Exploit Primitives

Advanced Exploitation: End-to-End Pwnage

Advanced Exploitation: End-to-End Pwnage

Class - Robert - 2024.02.20

Class - Robert - 2024.02.20

Office Hours - Robert - 2024.02.23

Office Hours - Robert - 2024.02.23

Further Reading

Further Reading

Challenges

level1.0 92 solves

level1.0

level1.1 89 solves

level1.1

level2.0 85 solves

level2.0

level2.1 85 solves

level2.1

level3.0 79 solves

level3.0

level3.1 77 solves

level3.1

level4.0 74 solves

level4.0

level4.1 71 solves

level4.1

level5.0 77 solves

level5.0

level5.1 74 solves

level5.1

level6.0 77 solves

level6.0

level6.1 75 solves

level6.1

level7.0 77 solves

level7.0

level7.1 76 solves

level7.1

level8.0 69 solves

level8.0

level8.1 70 solves

level8.1

level9.0 63 solves

level9.0

level9.1 61 solves

level9.1

level10.0 66 solves

level10.0

level10.1 65 solves

level10.1

30-Day Scoreboard: