Damned Vulnerable Windows Application
In line with the other "Damned vulnerable" series of binaries, this is a demonstration of software vulnerabilities in a Windows desktop application, which lead to exploits. Currently, the following vulnerabilities are demonstrated:
- Stack buffer overrun -- (ASLR, DEP, Stack checks disabled)
- ROP ------------------- (ASLR, Stack checks disabled. DEP enabled)
- Integer overflow ------ (ASLR, DEP, Stack checks disabled)
- Virtual pointer ------- (ASLR, DEP, Stack checks disabled)
Feel free to use the code in trainings and other legal purposes.
Shellcode used: https://github.com/peterferrie/win-exec-calc-shellcode
Usage:
- Clone the repo locally
- Launch DVWA\DVWA.sln (Visual studio 2017)
- Build the solution in Release mode. This will generate all the executables in DVWA\Release folder.
- Copy *.bin from DVWA\Exploit folder to DVWA\Release folder
- From commandline, navigate to DVWA\Release folder
- Execute Exploit.exe