forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
5_linux_stack_bof.xml
169 lines (153 loc) · 6.67 KB
/
5_linux_stack_bof.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Writing Exploits: Linux and Stack-smashing Buffer Overflows</name>
<author>Thomas Shaw</author>
<description>
# Introduction
Buffer overflows are a common security issue that can be exploited to gain unauthorized access to a system or execute malicious code. In this lab you will delve deeper into the world of buffer overflow vulnerabilities, this time on Linux systems, expanding upon the skills learned in the previous lab. The exercises will cover both manual exploitation techniques and the development of Metasploit exploits, while introducing Capture The Flag (CTF) challenges of increasing complexity. By the end of this lab, you will have a deeper understanding of exploit development, honing your skills in identifying and exploiting buffer overflows on both Windows and Linux, further enriching your knowledge in the world of cybersecurity.
Throughout this lab, you will learn how to identify and exploit buffer overflow vulnerabilities in Linux applications. You will start by manually causing buffer overflows, identifying memory addresses, and understanding the significance of these addresses. Subsequently, you will create Metasploit exploit modules to automate the exploitation process. The lab includes Capture The Flag (CTF) challenges, where you will create and deplou attacks to gain shell access to complete specific objectives. The challenges will require you to jump to existing code, inject your own shellcode, and tackle varying levels of complexity. By the end of this lab, you will have a solid grasp of exploit development and practical experience in exploiting buffer overflow vulnerabilities on Linux systems.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1wgxLYHkdeLknRcbzZY73xZt36TWExuu-lfIJhRuHE-I/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>advanced</difficulty>
<CyBOK KA="SS" topic="Categories of Vulnerabilities">
<keyword>memory management vulnerabilities</keyword>
<keyword>Stack smashing buffer overflows</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Attacks and exploitation">
<keyword>EXPLOITATION</keyword>
<keyword>EXPLOITATION FRAMEWORKS</keyword>
<keyword>Exploit development</keyword>
<keyword>Metasploit Framework development</keyword>
</CyBOK>
<video>
<title>Threat modeling using STRIDE and Attack Trees</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/oi_CfBe_umU</url>
<type>lecture-prerecorded</type>
<CyBOK KA="SSL" topic="Prescriptive Processes">
<keyword>Microsoft SDL</keyword>
</CyBOK>
<CyBOK KA="RMG" topic="THREAT ANALYSIS">
<keyword>THREAT MODEL</keyword>
<keyword>ATTACK TREES</keyword>
</CyBOK>
</video>
<video>
<title>STRIDE Threat Modeling using Microsoft Threat Modeling Tool</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/Wry2get_RRc</url>
<type>demo-prerecorded</type>
<CyBOK KA="SSL" topic="Prescriptive Processes">
<keyword>Microsoft SDL</keyword>
</CyBOK>
<CyBOK KA="RMG" topic="THREAT ANALYSIS">
<keyword>THREAT MODEL</keyword>
<keyword>ATTACK TREES</keyword>
</CyBOK>
</video>
<system>
<system_name>metactf_desktop</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<input into_datastore="IP_addresses">
<!-- 0 metactf_desktop -->
<value>172.16.0.2</value>
<!-- 1 kali -->
<value>172.16.0.3</value>
</input>
<!-- <utility module_path=".*/reversing_tools"/>-->
<!-- <utility module_path=".*/ghidra"/>-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts" into_datastore="account">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">account</datastore>
</input>
<input into="accounts">
<datastore>account</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/edb_debugger"/>
<utility module_path=".*/reversing_tools"/>
<utility module_path=".*/disable_aslr"/>
<utility module_path=".*/metactf">
<input into="account">
<datastore>account</datastore>
</input>
<input into="challenge_list">
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_sse/SSE/Ch_simple_BOF_1</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_sse/SSE/Ch_simple_BOF_2</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_sse/SSE/Ch_simple_BOF_3</value>
</input>
</generator>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>kali</system_name>
<base distro="Kali" name="MSF"/>
<utility module_path=".*/handy_cli_tools"/>
<!-- <utility module_path=".*/reversing_tools"/> -->
<utility module_path=".*/nmap"/>
<utility module_path=".*/metasploit_framework"/>
<!-- <utility module_path=".*/ghidra"/>-->
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>