GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → anyaschukin → OverRide

anyaschukin / OverRide

Licence: other
Binary Exploitation and Reverse-Engineering (from assembly into C)

Programming Languages

c
50402 projects - #5 most used programming language
shell
77523 projects

Labels

reverse-engineeringhackinggdbexploitation

Projects that are alternatives of or similar to OverRide

exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (+76.81%)
Mutual labels:  gdb, exploitation
raspberry-pi
Raspberry Pi distribution of Alpha
Stars: ✭ 39 (-43.48%)
Mutual labels:  gdb
bisc
Borrowed Instructions Synthetic Computation
Stars: ✭ 71 (+2.9%)
Mutual labels:  exploitation
gdb-memstr
Generate arbitrary strings out of contents of ELF sections
Stars: ✭ 13 (-81.16%)
Mutual labels:  gdb
gdbundle
Minimalist plugin manager for GDB and LLDB
Stars: ✭ 72 (+4.35%)
Mutual labels:  gdb
DevBrute-A Password Brute Forcer
DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (+31.88%)
Mutual labels:  exploitation
reosploit
A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
Stars: ✭ 89 (+28.99%)
Mutual labels:  exploitation
hello-world-gdb
Simple hello world program for debugging with gdb
Stars: ✭ 29 (-57.97%)
Mutual labels:  gdb
stack-inspector
A gdb command to inspect the size of objects on the stack
Stars: ✭ 57 (-17.39%)
Mutual labels:  gdb
CandyPotato
Pure C++, weaponized, fully automated implementation of RottenPotatoNG
Stars: ✭ 278 (+302.9%)
Mutual labels:  exploitation
gdb-cheatsheet
GDB cheatsheet for reversing binaries
Stars: ✭ 20 (-71.01%)
Mutual labels:  gdb
inthewilddb
Hourly updated database of exploit and exploitation reports
Stars: ✭ 127 (+84.06%)
Mutual labels:  exploitation
NTU-Computer-Security
台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan
Stars: ✭ 293 (+324.64%)
Mutual labels:  exploitation
gdbdump-ruby
Dump C level and Ruby level backtrace from living ruby process or core file using gdb
Stars: ✭ 15 (-78.26%)
Mutual labels:  gdb
contextual
Contextual Bandits in R - simulation and evaluation of Multi-Armed Bandit Policies
Stars: ✭ 72 (+4.35%)
Mutual labels:  exploitation
tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+102.9%)
Mutual labels:  exploitation
asm2cfg
Python command-line tool and GDB extension to view and save x86, ARM and objdump assembly files as control-flow graph (CFG) pdf files
Stars: ✭ 42 (-39.13%)
Mutual labels:  gdb
Hack4Squad
💀 A bash hacking and scanning framework.
Stars: ✭ 45 (-34.78%)
Mutual labels:  exploitation
TheVimIDE
Modern Vim IDE with support for C/C++, Java, Python, Lua, PHP, JavaScript, Ruby and much more ...
Stars: ✭ 33 (-52.17%)
Mutual labels:  gdb
titanm
This repository contains the tools we used in our research on the Google Titan M chip
Stars: ✭ 149 (+115.94%)
Mutual labels:  exploitation
View All Similar Projects ➔

OverRide

Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges.

In the folder for each level you will find:

  • flag - password for next level

  • README.md - how to find password

  • source.c - the reverse engineered binary

  • dissasembly_notes.md - notes on asm

See the subject for more details.

For more gdb & exploitation fun check out the previous project RainFall.

Final Score 125/100

Getting Started

First download from 42 OverRide.iso.

Virtual Machine setup

On Mac OSX, install VirtualBox.

In VirtualBox create a new VM (click new).

  • Name and operating system - Type: Linux, Version: (Oracle 64-bit)

Continue through all the next steps with the default settings:

  • Memory size: 4MB
  • Hard disk: Create a disk now
  • Hard disk file type: VDI(VirtualBox Disk Image)
  • Storage on physical hard disk: Dynamically allocated
  • File size: 12,00GB

Next click Settings > Network > Adapter 1 > Attached to: Bridged Adapter.

Still in settings click Storage > Right of "Controller: IDE", there is a CD icon with a + sign (add optical drive). Click Add Disk Image, and select OverRide.iso.

Click Start to start the VM, once runnning it should show the VM IP address and prompt user to login.

SSH connect

Log in from a separate shell as user level00 with password level00.

ssh level00@{VM_IP} -p 4242

Level Up

As user level00 the goal is to read the password for user level01, found at /home/users/level01/.pass. However, user level00 does not have permissions to read this file.

In the home folder for user level00 is a binary level00 with SUID set and owner level01.

This means when we execute the binary level00, we do so with the permissions of user level01.

We must find a vulnerability in the binary level00 with gdb. Then exploit the vulnerability to run system("/bin/sh"), opening a shell as user level01 where we have permissions to read the password.

cat /home/users/level01/.pass

Then log in as user level01.

su level01

Repeat for each level.

Reverse-engineered binary

For each level, we reverse engineered the original source.c by examining the gdb disassembly of the binary.

Levels Overview

  • 0 - Hardcoded password

  • 1 - Ret2Libc attack

  • 2 - printf() format string attack

  • 3 - Brute force password

  • 4 - gets() stack overflow + Return-to-libc attack

  • 5 - Shellcode in env variable + printf() format string attack

  • 6 - Hash value discoverable with gdb

  • 7 - Ret2Libc Attack on unprotected data table

  • 8 - Binary backs up password via symlink

  • 9 - Off-by-one error

Team

I wrote this project in a team with the super talented @dfinnis.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].