Git Product home page Git Product logo

bug-hunting-101's Introduction

bug-hunting-101

What is this?

This repository is to help new-comers (like ourselves) of binary bug huting area to improve their skills.

Currently, the gap between CTF and real world bug hunting can be quite huge. And this repository is our attempt to solve that problem by porting the real world bug hunting to small exercises.

CVEs are selected out and setup in a certain scene, your goal is to repeat the process of finding such vulnerabilities out.

Intro

We have prepared 3 levels. Each level provides excersises with different difficulties:

  • Level 1: Details of the CVEs are provided to help you from "re-discovering" the original vulnerability. Reports like this are provided. So this should be the easiest level.
  • Level 2: the details will be emitted. But to narrow down, information about which part of the project contains such vulnerability will be provided. For example, if the bug is about ANGEL (module of the Chromium project), the information about the file will be provided. Most of the time, the path to the patch file should help that.
  • Level 3: quite like level 2, but need PoC and exploit (optional)

LEVEL 1

Exercise No. CVEs Target
LEVEl_1/exercise_1 CVE-2020-6542 Chrome WebGL
LEVEl_1/exercise_2 CVE-2020-6463 Chrome ANGLE
LEVEl_1/exercise_3 CVE-2020-16005 ANGLE
LEVEl_1/exercise_4 CVE-2021-21204 Chrome Blink
LEVEl_1/exercise_5 CVE-2021-21203 Blink
LEVEl_1/exercise_6 CVE-2021-21188 Blink
LEVEl_1/exercise_7 CVE-2021-30565 V8 GC

LEVEL 2

Exercise No. CVEs Target
LEVEL_2/exercise_1 CVE-2021-21128 Blink
LEVEL_2/exercise_2 CVE-2021-21122 Blink
LEVEL_2/exercise_3 CVE-2021-21112 Blink
LEVEL_2/exercise_4 CVE-2021-30565 Chrome Tab
LEVEL_2/exercise_5 CVE-2021-21159 Tab
LEVEL_2/exercise_6 CVE-2021-21190 Chrome pdfium
LEVEL_2/exercise_7 CVE-2020-6422 Blink

LEVEL 3

Exercise No. CVEs Target
LEVEl_3/exercise_1 CVE-2021-21226 navigation_predictor
LEVEl_3/exercise_2 CVE-2021-21224 V8
LEVEl_3/exercise_3 CVE-2021-21223 mojo
LEVEl_3/exercise_4 CVE-2021-21207 IndexDB
LEVEl_3/exercise_5 CVE-2021-21202 extensions
LEVEl_3/exercise_6 CVE-2021-21198 IPC
LEVEl_3/exercise_7 CVE-2021-21155 Tab

Original Author

How to contribute

Writing your exercise follow this format.

bug-hunting-101's People

Contributors

escapingbug avatar fengjixuchui avatar limesss avatar ret2ddme avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.