r0hi7 / Binexp
Licence: mit
Linux Binary Exploitation
Stars: ✭ 742
Programming Languages
c
50402 projects - #5 most used programming language
Projects that are alternatives of or similar to Binexp
Hacksysextremevulnerabledriver
HackSys Extreme Vulnerable Windows Driver
Stars: ✭ 1,330 (+79.25%)
Mutual labels: exploitation, vulnerabilities
Pakuri
Penetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (-83.15%)
Mutual labels: exploitation, vulnerabilities
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+944.74%)
Mutual labels: exploitation, vulnerabilities
Vulnerable Kext
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
Stars: ✭ 188 (-74.66%)
Mutual labels: exploitation, vulnerabilities
DrGadget
dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>
Stars: ✭ 61 (-91.78%)
Mutual labels: vulnerabilities, exploitation
Exploit me
Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)
Stars: ✭ 665 (-10.38%)
Mutual labels: tutorial, exploitation
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-84.64%)
Mutual labels: exploitation, vulnerabilities
Insecureprogramming
mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/
Stars: ✭ 229 (-69.14%)
Mutual labels: exploitation, vulnerabilities
inthewilddb
Hourly updated database of exploit and exploitation reports
Stars: ✭ 127 (-82.88%)
Mutual labels: vulnerabilities, exploitation
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-91.78%)
Mutual labels: vulnerabilities, exploitation
Exploit Writeups
A collection where my current and future writeups for exploits/CTF will go
Stars: ✭ 676 (-8.89%)
Mutual labels: exploitation, vulnerabilities
Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (-4.31%)
Mutual labels: exploitation
Nodejs Getting Started
A tutorial for creating a complete application using Node.js on Google Cloud Platform
Stars: ✭ 705 (-4.99%)
Mutual labels: tutorial
Expo Crossy Road
🐥🚙 Crossy Road game clone made in Expo (iOS, Android, web), THREE.js, Tween, React Native. 🐔
Stars: ✭ 701 (-5.53%)
Mutual labels: tutorial
Project Based Tutorials In C
A curated list of project-based tutorials in C
Stars: ✭ 7,979 (+975.34%)
Mutual labels: tutorial
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (-1.89%)
Mutual labels: exploitation
Railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
Stars: ✭ 699 (-5.8%)
Mutual labels: vulnerabilities
Network Analysis Made Simple
An introduction to network analysis and applied graph theory using Python and NetworkX
Stars: ✭ 700 (-5.66%)
Mutual labels: tutorial
React Native Web Monorepo
Code sharing between iOS, Android & Web using monorepo
Stars: ✭ 697 (-6.06%)
Mutual labels: tutorial
Binary Exploitation
I have another interesting project @DockerENT, @Trashemail take some time to review it as well.
Any Doubt...? Let's Discuss
Introduction
I am quite passionate about exploiting binary files. The first time when I came across Buffer Overflow(a simple technique of exploitation), then I was not able to implement the same with the same copy of code on my system. The reason for that was there was no consolidated document that would guide me thoroughly to write a perfect exploit payload for the program in case of system changes. Also, there are very few descriptive blogs/tutorials that had helped me exploiting a given binary. I have come up with the consolidation of Modern exploitation techniques (in the form of the tutorial) that will allow you to understand exploitation from scratch.
I will be using vagrant file to set up the system on a virtual box. To do the same in your system follow:
vagrant upvagrant ssh
Topics
-
- Memory Layout of C program.
- ELF binaries.
- Overview of stack during function call.
- Assembly code for the function call and return.
- Concept of
$ebpand$esp. - Executable memory.
-
- How Linux finds the binaries utilis?
- Simple exploit using Linux $PATH variable.
-
- What are stack overflows?
- ASLR (basics), avoiding Stack protection.
- Shellcodes
- Buffer overflow:
- Changing Control of the program to return to some other function
- Shellcode injection in buffer and spawning the shell
-
-
Shellcode injection with ASLR enabled.
- Environment variables.
-
Shellcode injection with ASLR enabled.
-
- Return to Libc attacks.
- Spawning
shellin non executable stack - Stack organization in case
ret2libcattack.
-
- This folder contains the set of questions to exploit binaries on the concept that we have learned so far.
-
- What is format string Vulnerability?
- Seeing the content of stack.
- Writing onto the stack.
- Writing to arbitrary memory location.
-
- GOT
- Overriding GOT entry.
- Spawning shell with format string vuln.
-
- Heaps
- Arena, Bins, Chunks.
- Use after free exploit.
- Double free exploit.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].