/InsecureProgramming

Insecure Programming by Example - Teach yourself how buffer overflows, format strings, numeric bugs, and other binary security bugs work and how to exploit them

Primary LanguageC

InsecureProgramming

I originally crafted this exercises for raddy when he was 17? and wanted to learn what a buffer overflow was and how to exploit it. He showed me a few exercises he was doing and they were pretty poor, so we sat down and write some more, and then everytime he finished one, we wrote another. At the time, many people started doing them at Core SDI, among them was riq, who dreamed (really dreamed) a girl coming out of an oasis to tell hime a solution to what today is abo6.c, at the time it was abo5.c, so I had no other choice than write a new abo5.c. And the list kept growing.

The last I wrote is the stack* series, as a sort of introduction to the subject. Starting with stack1.c I believe this comprises a self thought course on exploit writing with a good incremental rhythm.

Of course as protection technologies and operating systems evolved, exploitation techniques changed, and what exercise can be exploited where has also changed, but I believe it's safe to assume all are exploitable on every operating system, because you'll be surprised of the solutions I've seen over time :-)

Too many people told me they enjoyed playing and learning with "the abos", and many people also told me they are still using them, so, here they are... Who says they'll keep evolving?

Order

Though any order is fine, and the last I've made are the stack* series, I belive the following order will smooth your path. Specially up to the numeric examples. Some are more complex than others, even in at the begining. Don't you ever give up!

  • stack*.c - Introductory
  • abo*.c - [Advanced] Buffer Overflows
  • fs*.c - Format Strings
  • n*.c - Numeric
  • e*.c - Esoteric
  • s*.c - Signals
  • sg*.c - Erm... I don't rememeber, heh

Original Source

http://community.coresecurity.com/~gera/InsecureProgramming/ apparently doesn't exist anymore, nore I have anything to do with that company anymore (except its history)