End-to-End Binary Exploitation Training
Course Description
This is another installment of the binary exploitation series of trainings.
You will learn with how to use the Global Offset Table to exploit a vulnerability discovered with Mayhem.
We’re excited to have you join us. We hope you take away even more new fuzzing skills. But moreso, we also hope you come away with a passion for making application security more autonomous.
Agenda
In this course, we will learn more about exploiting binaries with test cases found using Mayhem. At the end of the training, you will be able to:
- Explain What Fuzz Testing Is
- Explain what a "Write-What-Where" vulnerability is
- Inspect the assembly code of your own binaries
- Analyze a target using Mayhem
- Exploit the target using a generated crash file
Prerequisites
You'll need the following packages installed:
python3 gdb curl wget build-essential automake autoconf cmake procps binutils gcc-multilib git unzip
You'll also need to disable ASLR for the demo.
sysctl kernel.randomize_va_space=0
If you want it to persist across reboots:
touch /etc/sysctl.d/01-disable-aslr.conf
echo "kernel.randomize_va_space = 0">/etc/sysctl.d/01-disable-aslr.conf
You'll also need to install GEF:
bash -c "$(curl -fsSL https://gef.blah.cat/sh)"
gdb -q
Finally, make sure you have Mayhem installed:
# Linux CLI
curl --fail -L https://app.mayhem.security/cli/Linux/install.sh | sh
# MacOS CLI
curl --fail -L https://app.mayhem.security/cli/Darwin/install.sh | sh