This post will demonstrate one of a few ways to deal with small buffer space when exploiting buffer overflows on Windows. This is not a full writeup of the BigHead machine and only demonstrates the initial buffer overflow exploit using the LoadLibrary function.
Protostar is a Linux VM with a series of exploitation exercises. It has five sections: stack overflows, format strings, heap overflows, network code and 3 final levels with combinations of all the above.
This post contains solutions for the five format string levels.
The Protostar VM is the next progression step after Nebula (Exploit Exercises).
Protostar introduces the following in a friendly way:
The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.
In this post I will detail my attempt at solving the stack levels of this VM.
Ever since I stumbled upon exploit exercises website - I wanted to try the challenges. They have three main exploitable VMs: Nebula, Protostar and Fusion. The order represents the suggested progression path.
The welcome page reads:
exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
Here, I wrote down some of the findings while exploring the Nebula VM.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.