I need a list of machines (retired or activate) with which I can practice for buffer overflow vulnerabilities, ranked from easiest to most difficult “i.e. simple, require fuzzing, with bad chars, with ASR… etc”
sneaky : easy ROP
enterprise : medium RET2LIB
fortress overflown : easy
Thanks for posting this, didnt know I was interested in this until I saw this post haha
October
@Waffles said:
Thanks for posting this, didnt know I was interested in this until I saw this post haha
I’m with you on that one… I’ll have to keep tabs on this discussion.
@peek thanks…
For whoever is interested, here’s the current ranked list “ranked by difficulty of overflow-from easiest to hardest”:
1-Sneaky
2-Enterprise
3-October
4-Jail
5-Node
Edits and additions are welcome…
Calamity should be on that list too!
Correct, and it ranks right at the top.
New list:
1-Sneaky
2-Enterprise
3-Jail
4-October
5-Node
6-Calamity
For those who want to learn, you can start by doing a simple BoF on your machine:
then you can go down the list starting with sneaky.
1 Like
I need some general advise . Using vulnerable applications to perform BO .
OTW Leviathan is a good place to get some early exposure to things like strace: OverTheWire: Leviathan not exactly BO dev, but core stuff that comes in handy leading up to it.
Corelan has a pretty good tutorial series covering a good range of topic levels from simple trampolining to SEH and ASLR evasion: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
Thank you !
If you want to learn binary exploitation, practice on pwnable.tw or pwnable.kr. HackTheBox isn’t the best place for that.
Has no one here completed Ellingson? It has a really cool ROP. That I’d put on the medium to upper end.
BigHead if you prefer Win32.
It brings a tear to my eye thay you guys are so helpful. I need to prepare for my OSCP and I am terrible with buffer overflows.
Thank you. :,)