EvilZone

Other => Found it on the Webs => : geXXos November 15, 2012, 07:08:57 PM

: Exploit Exercises-virtual machines
: geXXos November 15, 2012, 07:08:57 PM

You may find this helpful


http://exploit-exercises.com/ (http://exploit-exercises.com/)

exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering.

: Re: Exploit Exercises-virtual machines
: Corrupted_Fear November 15, 2012, 08:06:33 PM

Very nice find, this will be useful when I have time to kill. +1 for you.

: Re: Exploit Exercises-virtual machines
: geXXos November 15, 2012, 08:25:49 PM

Thank you, i'm trying Nebula 01, it  gives you some C code, which has a bug in it which i try to exploit, but ....but :)

: Re: Exploit Exercises-virtual machines
: Corrupted_Fear November 15, 2012, 08:43:34 PM

stack overflow? or just an issue in the code?

: Re: Exploit Exercises-virtual machines
: geXXos November 15, 2012, 09:33:49 PM

It must be something with the echo calling.

:

#include <stdlib.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <stdio.h>
 


int main(int argc, char **argv, char **envp)
{
 gid_t gid;
 uid_t uid;
 gid = getegid();
 uid = geteuid();
 
 setresgid(gid, gid, gid);
 setresuid(uid, uid, uid);
 
 system("/usr/bin/env echo and now what?");
}

: Re: Exploit Exercises-virtual machines
: Axon November 17, 2012, 02:05:08 AM

This looks interesting, thanks