I came across Gera's Insecure Programming Challenges a couple of weeks ago and decided to work on them. Thus far, I have gone through all the Warming Up and Advanced Buffer Overflows challenges. Unfortunately, a few of them could only be completed on older OSes or on non-x86 machines. Nevertheless, they provided a good opportunity for me to practice ROP, to bypass ASLR and non-executable stacks on newer Linux OSes.
A couple of days ago, I also came across exploit-exercises.com. They provide 3 different virtual machines, each with challenges of varying difficulty. According to the website, they are, in order of difficulty: Nebula, Protostar and Fusion.
I have since completed Levels 0 to 16 on Nebula, getting shells for the targeted flagXX user on each level. I will probably do a write-up on Level 16 soon.
So far, most of the challenges are interesting, and I can't wait to try out Protostar and Fusion.
No comments:
Post a Comment