Purposely vulnerable ActiveX Control to teach about exploitation in a browser-based environment.
OpenSecurityResearch/FSExploitMe
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
FSExploitMe - By Brad.Antoniewicz@foundstone.com (@brad_anton) A purposely vulnerable ActiveX control for learning exploitation. Everything is browser based to guide the student towards browser exploitation however these vulnerabilities are really in the ActiveX Control, not the browser itself. There are some limitations. For instance, L3HeapSpray() only works on IE8. You'll need a newer heapsray function to complete Lesson 3 on newer browsers. Answers are specifically blank in this release. If you'd like to access them, please contact me and I'll send them to you, assuming you're not one of my students :) FSExploitMe.html - Interface to invoke the various vulns. FSExploitMe.ocx - Main ActiveX Control. From an elevated command prompt, run: regsvr32 /i FSExploitMe.ocx And copy to c:\windows\downloaded program files js/css - To make things pretty - using Foundation. http://foundation.zurb.com/ img - Supporting Images Notes: The Debug and Release versions available with Visual Studio will alter the resulting binary, which will change any hardcoded answers in the labs. Shoutz: This was based off an idea by Dan Guido and those Trail of Bits rock stars :) http://pentest.cryptocity.net/exploitation/
About
Purposely vulnerable ActiveX Control to teach about exploitation in a browser-based environment.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published