Made for CPTC tryouts (2019)
A vulnerable application (vulnApp) and corresponding exploit (exploit.py) used to demonstrate the Mitre Att&ck technique: Exploiting
Remote Services. The vulnerability in this case is not checking the length of the user input.
The attack performed is a buffer overflow and return to libc was used to receive a remote shell to the host running the application.
The exploit targets a x64 version of this binary.
The binary was compiled with the following command line:
gcc -fno-stack-protector -no-pie -o vulnApp vulnApp.c
Additionally, address space layout randomization was turned off on the computer running this application.
Binary was then run with the following command to enable it over the network
socat TCP-LISTEN:8080,reuseaddr,fork EXEC:./vulnApp
Program was run on Ubuntu 18.04.1 LTS x64
Exploit was run from an Ubuntu 18.04.1 LTS x64
0x6b7966 / vulnerablex64binaryandexploit Goto Github PK
View Code? Open in Web Editor NEWThis project forked from bagelpigeon/vulnerablex64binaryandexploit
A demo of a toy vulnerable x64 application and a return to libc exploit associated with it.