This post will demonstrate one of a few ways to deal with small buffer space when exploiting buffer overflows on Windows. This is not a full writeup of the BigHead machine and only demonstrates the initial buffer overflow exploit using the LoadLibrary function.
This autumn FireEye’s FLARE team hosted its third annual Flare-On Challenge. Flare-On is purely reverse engineering based CTF targeting malware analysts and security professionals. This year there were ten challenges and even though all very different, most of them were crypto related.
This post will present my solutions to all the challenges.
Protostar is a Linux VM with a series of exploitation exercises. It has five sections: stack overflows, format strings, heap overflows, network code and 3 final levels with combinations of all the above.
This post contains solutions for the five format string levels.
The Protostar VM is the next progression step after Nebula (Exploit Exercises).
Protostar introduces the following in a friendly way:
The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.
In this post I will detail my attempt at solving the stack levels of this VM.
Ever since I stumbled upon exploit exercises website - I wanted to try the challenges. They have three main exploitable VMs: Nebula, Protostar and Fusion. The order represents the suggested progression path.
The welcome page reads:
exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
Here, I wrote down some of the findings while exploring the Nebula VM.