/buffer-overflow-exploits

Exploitable VM for learning about buffer overflow attacks

Primary LanguagePython

buffer-overflow-exploits

This project contains several attack scenarios that demonstrate various ways of abusing buffer overflow vulnerabilities on an x86 architecture.

The provided scenarios are:

  1. Classic buffer overflow exploit with shellcode
  2. Abusing previous function stack frames
  3. Abusing C++ virtual table pointers
  4. Return-to-Libc attack
  5. Bypassing ASLR by leaking GOT addresses

Active protection measures for each of these scenarios are:

scenario canary NX ASLR
1
2 x
3 x
4 x
5 x x*

* target program is compiled without PIE

Usage

To set up the scenarios and start the VM, from the project root run:

vagrant up
vagrant ssh

After that, the exploits can be executed from each scenario's folder using the provided exploit_p$NUM.sh scripts.

Turning ASLR on/off

Since ASLR is implemented at the kernel level, the provided VM starts out without that feature enabled. To turn it on for the last scenario, run the following command:

echo 2 | sudo tee /proc/sys/kernel/randomize_va_space
     ^
(0 - disabled, 2 - enabled)

References

Shellcode used in the first 3 scenarios:
http://shell-storm.org/shellcode/files/shellcode-606.php

Helper tools available in the VM:
https://github.com/longld/peda
https://github.com/JonathanSalwan/ROPgadget