This project contains several attack scenarios that demonstrate various ways of abusing buffer overflow vulnerabilities on an x86 architecture.
The provided scenarios are:
- Classic buffer overflow exploit with shellcode
- Abusing previous function stack frames
- Abusing C++ virtual table pointers
- Return-to-Libc attack
- Bypassing ASLR by leaking GOT addresses
Active protection measures for each of these scenarios are:
| scenario | canary | NX | ASLR |
|---|---|---|---|
| 1 | |||
| 2 | x | ||
| 3 | x | ||
| 4 | x | ||
| 5 | x | x* |
* target program is compiled without PIE
To set up the scenarios and start the VM, from the project root run:
vagrant up
vagrant sshAfter that, the exploits can be executed from each scenario's folder using the provided exploit_p$NUM.sh scripts.
Since ASLR is implemented at the kernel level, the provided VM starts out without that feature enabled. To turn it on for the last scenario, run the following command:
echo 2 | sudo tee /proc/sys/kernel/randomize_va_space
^
(0 - disabled, 2 - enabled)Shellcode used in the first 3 scenarios:
http://shell-storm.org/shellcode/files/shellcode-606.php
Helper tools available in the VM:
https://github.com/longld/peda
https://github.com/JonathanSalwan/ROPgadget