root
/
public
mirror of https://github.com/01-edu/public.git
8
9
Fork 0
Code Issues 2 Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5680 Commits
73 Branches
1 Tag
315 MiB
 
 
 
 
 
 
Tree: 0830838bfe
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0830838bfe'
${ noResults }
public/subjects/cybersecurity/hole-in-bin/README.md

2.5 KiB
Raw Blame History escape_control_characters

Hole-In-Bin

Objective

This exercise is designed to test your skills and understanding of binary exploitation and reverse engineering. You will need to work through a series of binary exploitation challenges using a provided virtual machine.

Setup

  1. Download the virtual machine image hole-in-bin.ova. For machine running with Apple Silicon CPU or ARM architecture (e.g. M1, M2 ...) use the following hole-in-bin.utm.zip. This image contains all the binaries you will need to exploit.

SHA1 for hole-in-bin.ova: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c SHA1 for hole-in-bin.utm.zip: fc93533b2054d10d03b09d53c223e57bf7ac7b62

  1. Load the virtual machine image into your virtualization software of choice (e.g., VirtualBox, VMWare).

  2. Login using the provided credentials (username: user, password: user).

You will set up a new VM in the audit session!

The Challenges

Inside the /opt/hole-in-bin directory, you will find a set of binaries (ex00 to ex11) that you need to exploit. Each binary presents a unique challenge and will test different aspects of your knowledge about binary exploitation and reverse engineering. You can find more details in a README.txt file inside each exercise folder.

Your task is to exploit these binaries, following ethical hacking guidelines.

Using a decompiler is forbidden, use a disassembler instead of it!

  • The compiler is used to convert high-level programming language code into machine language code.
  • The assembler converts assembly-level language code into machine language code.

These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.

Submission and audit

Files that must be inside your repository:

  • A README.md file, Which explains all the steps you went through to bypass each exercise.
  • All tools you use, and any scripts you write.

It's forbidden to use external scripts, in the audit you will be asked different questions about the concepts and the practices of this project, prepare yourself!