Skip to content

Latest commit

 

History

History
69 lines (62 loc) · 6.32 KB

README.md

File metadata and controls

69 lines (62 loc) · 6.32 KB

CTF / Hacking Practice

  • Multiple choice-based source code review

boxes

Machines Difficulty Write-up Vulnerabilities
Luke Medium Read
SwagShop Easy Read
JSON Medium Read
Zetta Hard Read
Scavenger Hard Read Whois SQLi, Rootkit, Exim SMTP 4.8.9 Exploit
Postman Easy Read Redis Service Abuse, Webmin CVE 2019-12840
Registry Hard Read Docker Registry API, Restic backups
Mango Medium Read NoSQL Injection, SUID Abuse (GTFobins)
Obscurity Medium Read Python Web Server
Forest Easy Read AS-REP Roasting, Exchange AD Exploitation
Blunder Easy Read Bludit CMS Exploit, Sudo Bypass
Cache Medium Read OpenEMR, SQLi, Memcached, Doker
Mischief Insane Read SNMP, IPv6, ICMP Info Leak, Systemd-run
Tabby Easy Read LFI, Tomcat, zip2john, LXD, Container
Valentine Easy Read OpenSSL, Heartbleed, Tmux
Bounty Easy Read Web.config RCE, Juicy Potato
Frolic Easy Read Frackzip, playSMS RCE, ret2libc
Previse Easy Read PHP EAR Vulnerability, Command Injection, Path Injection Prevesc
Love Easy Read SSRF, Voting System 1.0 RCE (Authenticated Upload Arbitrary FIle), AlwaysInstallElevated Registry Key Privesc

challenges

Web Challenge Difficulty
Emdee Five for Life Easy Write-up

Protostar Walkthrough (Exploit Exercise)

Module Link Note
Stack0 Stack BOF Intro Basic buffer overflow abusing gets() function
Stack1 Stack BOF Basic1 Basic buffer overflow abusing strcpy() function
Stack2 Stack BOF Basic2 Basic buffer overflow abusing strcpy() function
Stack3 Stack BOF Basic3 Basic buffer overflow abusing gets() function
Stack4 Stack BOF Basic4 Basic buffer overflow abusing gets() function
Stack5 Stack BOF Shellcode Stack-based buffer overflow to get a root shell
Stack6 Stack BOF ret2libc Stack-based bufferoverflow + ret2libc
Stack7 Stack BOF ret2.text Stack-based bufferoverflow + ret2.text
Format0 Format String Exploit Intro Intro to Format String vulnerability
Format1 Format String Basic1 Basic Format String Exploit
Format2 Format String Basic2 Basic Format String Exploit (4-byte Write)
Format3 Format String Basic3 Basic Format String Exploit (4/2/1-byte Write)
Format4 Format String Exploit: GOT Format String Exploit overwriting the entry of GOT

Vulnserver (Binary Exploitation)

Series Link Command Vulnerability Note
Part 1 Read N/A N/A Lab Setup
Part 2 Read TRUN EIP Overwrite
Part 3 Read GMON SEH Overwrite + Short JMP + Egghunter
Part 4 Read KSTET EIP Overwrite + Short JMP + Egghunter
Part 5 Read HTER EIP Overwrite + Restricted Characters + Manual Offset Finding
Part 6 Read GTER EIP Overwrite + Socket Reuse Exploit
Part 7 Read LTER SEH Overwrite + Restricted Characters + Encoded Payloads

Resources