A case study in binary reverse engineering and exploitation on a Linux system. For each level a binary is provided without source code. The goal to figure out how the binary works, find the vulnerability, and craft an exploit that escalates our privileges to that of the binaries owner to proceed to the next level. The project covers a range of vulnerability classes: logic bugs, memory corruption, format string attacks, shellcoding, and anti-debug bypass. Every level folder has a 'walkthrough.pdf' with the full solution.
| Level | Technique |
|---|---|
| level00 | Spot a hardcoded password by reading the binary |
| level01 | Overflow a stack buffer to overwrite the return address |
| level02 | Exploit an uncontrolled format string to leak values off the stack |
| level03 | Reverse engineer an XOR-based check and compute the correct input |
| level04 | Write shellcode that avoids a blocked syscall enforced by a parent process via ptrace |
| level05 | Use a format string vulnerability to overwrite a GOT entry and hijack control flow |
| level06 | Reproduce a custom hashing algorithm to generate a valid serial, bypassing an anti-debug check |
| level07 | Abuse an unchecked array index to write past a buffer and corrupt the return address |
| level08 | Exploit a format string passed through argv deep inside a helper function |