Exploits simple linux bof challenges involving alsr, nx and to some extend format strings. You can let it get you a shell or specify a win function that is called.

• The program expects a local installation of libcdatabase in /home/user/tools/libcdatabase. To run local exploits make sure you add your local libc to libcdatabase (32-bit & 64-bit versions). Also in ~/tools you need a clone of ROPgadget (used for static binary exploitation).

• In order to run challenges from hackthebox directly you have to have a '.api_key' file in your home directory containing your api key.

The examples assume you create a 'work' subdirectory in the project folder where you copy the target binary into and run the program from.

Exploit local binary:

python ../ropstar.py ropme

Run hackthebox challenge (this required a '.api_key' file in your home directory containing the api key in order to submit the flag)

python ../ropstar.py ropme -rhost docker.hackthebox.eu -rport 47184 -cid 8

• A lot, this a just a PoC

• canaries
• pie
• input from other sources than stdin (arg, file, network..)

• myapp (hackthebox)
• Ropme (hackthebox)
• Ropmev2 (hackthebox)
• Garbage (hackthebox)
• Bof (https://github.com/TechSecCTF/pwn_challs)
• Rop (https://github.com/TechSecCTF/pwn_challs)
• gimme-your-shell 32-bit & 64-bit (https://github.com/InsecurityAsso/inshack-2019)
• pwn1, pwn2, pwn3 (https://github.com/mishrasunny174/encrypt-ctf)
• speedrun-002 (defcon quals 2019, oooverflow.io)
• ropeasy_updated (https://hackable.ca/)
• buffer-overflow-1, buffer-overflow-2, gets (https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/binary-exploitation/#authenticate)