1. Exploiting Stack Overflows
Refer to chapter 3 of the EXP-301 syllabus.
1.1. Local Exploits
1.2. Remote Exploits
- Vulnserver TRUN
- Brainpan
- DoStackBufferOverflowGood
- FreeFloat FTP Server 1.0
- PCMan FTP Server 2.0.7
- MiniShare 1.4.1
2. Exploiting SEH Overflows
Refer to chapter 4 of the EXP-301 syllabus.
2.1. Local Exploits
- FTPShell Server v6.80
- 10-Strike Network Inventory Explorer 8.65
- 10-Strike Network Scanner v3.0
- Millenium MP3 Studio 2.0
- Free MP3 CD Ripper 2.6
- Easy CD DVD Copy v1.3.24
- Zip-n-Go v4.9
- Boxoft Audio Converter 2.3.0
- Easy AVI DivX Converter 1.2.24
- My Video Converter 1.5.24
- VeryPDF Image2PDF Converter
- eZip Wizard 3.0
- ASX to MP3 converter 3.1.2.1
- DVD X Player Pro v5.5
2.2. Remote Exploits
- Vulnserver GMON
- EFS Easy Chat Server 3.1
- Disk Sorter Enterprise 9.5.12
- Easy File Sharing Web Server 7.2
- freeFTPd 1.0.10
- FathFTP 1.8
- File Sharing Wizard 1.5.0
- httpdx 0.5b - FTP Server
- freeSSHd 1.2.1
- Easy Address Book Web Server 1.6
3. Overcoming Space Restrictions: Egghunters
Refer to chapter 6 of the EXP-301 syllabus.
3.1. Local Exploits
- docPrint Pro 8.0
- Foxit Reader 4.1.1
- Audacity 1.2
- MiniShare 1.5.5
- Free MP3 CD Ripper 2.8
- Base64 Decoder 1.1.2
- Frigate Professional 3.36.0.9
- CoolPlayer+ Portable 2.19.6
- KiTTY Portable 0.65.0.2p
- IP-Tools 2.5
3.2. Remote Exploits
- Vulnserver GTER
- Vulnserver GMON
- Vulnserver KSTET
- Easy File Sharing Web Server 7.2
- Xitami Web Server 2.5
- TFTP Server 1.4
- MinaliC WebServer 2.0.0
- Sysax 5.53
- Sysax Multi Server 5.52
- Savant Web Server 3.1
- WorldMail IMAPd 3.0
4. Creating Custom Shellcode
Refer to chapter 7 of the EXP-301 syllabus.
4.1. Local Exploits
- GoldWave 5.70
- CodeBlocks 17.12
- Quick Zip v4.60.019
- SysGauge Pro v4.6.12
- Audio Converter 8.1
- Foxit Reader 4.1.1
4.2. Remote Exploits
- Vulnserver LTER
- Vulnserver HTER
5. Stack Overflows and DEP Bypass
Refer to chapter 9 of the EXP-301 syllabus.
5.1. Local Exploits
- ASX to MP3 converter 3.1.2.1 + DEP
- VUPlayer 2.49 + DEP
- DVD X Player Pro v5.5 + DEP
5.2. Remote Exploits
- Vulnserver TRUN + DEP
6. Stack Overflows and ASLR Bypass
Refer to chapter 10 of the EXP-301 syllabus.
7. Format String Specifier Attack
Refer to chapters 11 & 12 of the EXP-301 syllabus.
7.1. Remote Exploits
- Easy Address Book Web Server 1.2
- Magic Winmail Server 2.3
- ComSndFTP 1.3.7 Beta
- XM Easy Personal FTP Server 5.30
- BolinTech DreamFTP Server 1.02