GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ewimberley → Advancedmemorychallenges

ewimberley / Advancedmemorychallenges

Licence: gpl-2.0
Advanced buffer overflow and memory corruption security challenges

Labels

securitycybersecuritymemory-hacking

Projects that are alternatives of or similar to Advancedmemorychallenges

Information Security
A place where I can create, collect and share tooling, resources and knowledge about information security.
Stars: ✭ 135 (-22.41%)
Mutual labels:  cybersecurity
Powershell Red Team
Collection of PowerShell functions a Red Teamer may use to collect data from a machine
Stars: ✭ 155 (-10.92%)
Mutual labels:  cybersecurity
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-4.6%)
Mutual labels:  cybersecurity
Misp Dashboard
A dashboard for a real-time overview of threat intelligence from MISP instances
Stars: ✭ 142 (-18.39%)
Mutual labels:  cybersecurity
Hackercamp
Enine boyuna siber güvenlik
Stars: ✭ 149 (-14.37%)
Mutual labels:  cybersecurity
Slack Watchman
Monitoring your Slack workspaces for sensitive information
Stars: ✭ 159 (-8.62%)
Mutual labels:  cybersecurity
Jiff
JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
Stars: ✭ 131 (-24.71%)
Mutual labels:  cybersecurity
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-1.15%)
Mutual labels:  cybersecurity
Sharp
An anti-ARP-spoofing application software that use active and passive scanning methods to detect and remove any ARP-spoofer from the network.
Stars: ✭ 150 (-13.79%)
Mutual labels:  cybersecurity
Cyberprobe
Capturing, analysing and responding to cyber attacks
Stars: ✭ 162 (-6.9%)
Mutual labels:  cybersecurity
Opencti
Authors
Stars: ✭ 2,165 (+1144.25%)
Mutual labels:  cybersecurity
Dontclickshit
Як не стати кібер-жертвою
Stars: ✭ 149 (-14.37%)
Mutual labels:  cybersecurity
Python Honeypot
OWASP Honeypot, Automated Deception Framework.
Stars: ✭ 160 (-8.05%)
Mutual labels:  cybersecurity
Personal Security Checklist
🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021
Stars: ✭ 2,388 (+1272.41%)
Mutual labels:  cybersecurity
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-2.87%)
Mutual labels:  cybersecurity
Karton
Distributed malware processing framework based on Python, Redis and MinIO.
Stars: ✭ 134 (-22.99%)
Mutual labels:  cybersecurity
Scylla
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Stars: ✭ 154 (-11.49%)
Mutual labels:  cybersecurity
Magicpad
MagicPad is an encryption suite for beginners. It is designed to be run standalone via the browser or executable (Electron).
Stars: ✭ 174 (+0%)
Mutual labels:  cybersecurity
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+1256.9%)
Mutual labels:  cybersecurity
Drizzledumper
drizzleDumper是一款基于内存搜索的Android脱壳工具。
Stars: ✭ 2,002 (+1050.57%)
Mutual labels:  memory-hacking
View All Similar Projects ➔

AdvancedMemoryChallenges

Advanced buffer overflow and memory corruption challenges.

INSTRUCTIONS:

  1. Install gcc 4.8 or above (I recommend a late version of Ubuntu. I haven't really tested these on CentOS, but they should work. All other systems and all bets are off.)
  2. Run the command "make" in the main project directory
  3. Try to get each program to pop a shell (or change the control flow to your advantage in some way) without modifying the source code. You can try to execute some shell code, but that's the old boring way to do things. Look for something else.
  4. Profit?

For some spoilers read:

http://packetstormsecurity.com/files/121751/Modern-Overflow-Targets.html

or

http://packetstormsecurity.com/files/123977/Bypassing-AddressSanitizer.html

Spoilers below!

Hints and Challenge Description

  1. Stack Objects - Did you know you could put objects on the stack? -fstack-protector-all prevents you from writing over the stored instruction pointer, but that doesn't mean it prevents all buffer overflows on the stack. Just don't write over the canary...

  2. Heap Objects - Overflowing is a little bit different on the heap. Metadata checks will test the linked list pointers used to maintain allocations. If you free/delete after a heap overflow on modern clib you're likely to get a segfault.

  3. Canary Conundrums - Oh no! The target is on the other side of a canary from the vulnerable buffer! When function a returns there's bound to be a segfault. If function a returns...

  4. Integer Behavior - Hmm, it looks like there's some careful sanitization on that integer input. How does that ALU thing work again? Plus, this was compiled with AddressSanitizer. One wrong byte and it'll be a segfault.

  5. Heap Havoc - In the real world the heap is constantly changing. Challenge number 2 is pretty trivial compared to this one.

  6. AddressSanitizer Woes - AddressSanitizer is extremely carefully thought out. It was very challenging to balance improved security without breaking backwards compatibility. Sometimes, all it takes is a few corrupted bytes to pop a shell. That's good, because AddressSanitizer doesn't give you all that many bytes to work with.

More to come later...

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].