Skip to content
Guide to buffer overflows
Python C Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bof
bof2
bof3
bof4
bof5
bof6
.gitignore
README.md

README.md

how2bof

Guide to buffer overflows, binaries that can be used to practice BufferOverFlows. All these binaries are 32bit. Compiled on Ubuntu 16.04

You probably arrive here because you're interested in learning to hack. Hopefully this repo contains information that is useful in your pursuit. Another resource I can highly recommend is LiveOverflow. He has a real gift for explaining the underlying technical principles.

Level 1

This challenge was taken directly from the pwnable.kr challenge "bof". This is a great starting point for learning about buffer overflows.

Level 2

This challenge requires you to overwrite the return pointer on the stack. Can you get shell?

Level 3

This challenge requires you to set up the stack correctly to pass arguments to the system function. Are you up for the challenge?

Level 4

Similar to bof3, but strings won't be as readily available, can you still get shell?

Level 5

Introduction into ASLR, and using return to libc (ret2libc) for popping a shell.

Level 6

Building on the last level, this introduces the concept of stack cookies/sentinels/guards and requires leaking several values yourself by using FSB.


Essential Tools:

pwntools. Please head over there and look up how to install this excellent python module.

It is also recommended that you use something to make the use of GDB a bit 'friendlier'. I would recommend using one of the following:

After putting these challenges together I found: https://github.com/bert88sta/how2exploit_binary Take a look at his repo and very similar information there (plus more) ;)

You can’t perform that action at this time.