Exploit Primitive Platform

Welcome to Red Canary's Exploit Primitive Platform!

This project helps researchers, redteamers, and defenders better understand exploitation techniques for Linux by providing an intentionally vulnerable service with ready-to-use exploit primitives like stack-out-of-bounds, arbitrary-write, and arbitrary-read vulnerabilities.

Using these primitives, you can have your hand at testing, or advancing, attack techniques like file-less, in-memory remote code execution. This is useful for advancing the state of the art when it comes to tradecraft, while also enabling teams to test real-world scenarios to determine if their existing security investments prevent, detect or even observe these attacks.

Usage

Build the project.

make

Run the vulnerable service on a non-production system (it’s an exploitable service).

build/_X86_64/epp LHOST LPORT

On the same system, or another system with network connectivity to the target system, run an example script to exploit a vulnerability and run untrusted code. For example, to exploit the stack-out-of-bounds and arbitrary read exploits, in order to run execute malicious code entirely in the process memory of the vulnerable service (fileless), run the following command:

./examples/remote_command_execution.py RHOST RPORT ~/YOUR_RAW_SHELLCODE
./examples/remote_code_execution.py RHOST RPORT ~/YOUR_RAW_SHELLCODE

Note: Raw shellcode can be generated using frameworks like Metasploit (see here).

Contributing

We are open to contributions for both examples and primitives.