Linux (x86) Exploit Development Series

Posted on by sploitfun

First of all I would like to thank phrack articles, its author and other security researchers for teaching me about different exploit techniques, without whom none of the posts would have been possible!! I firmly believe that always original reference articles are the best place to learn stuffs. But at times we may struggle to understand it because it may be not be linear and it may be outdated too. So to the best of my efforts, here I have just simplified and conglomerated different exploit techniques under one roof, inorder to provide a complete understanding about linux exploit development to beginners!! Any questions, corrections and feedbacks are most welcomed!! Now buckle up, lets get started!! I have divided this tutorial series in to three levels:

Level 1: Basic Vulnerabilities

In this level I will introduce basic vulnerability classes and also lets travel back in time, to learn how linux exploit development was carried back then. To achieve this time travel, with current linux operating system, I have disabled many security protection mechanisms (like ASLR, Stack Canary, NX and PIE). So in a sense this level is kids stuff, no real fun happens!!

  1. Classic Stack Based Buffer Overflow
  2. Integer Overflow
  3. Off-By-One (Stack Based)

Level 2: Bypassing Exploit Mitigation Techniques 

In this level lets get back to current days, to learn how to bypass different exploit mitigation techniques (like ASLR, Stack CanaryNX and PIE). Real fun do happen here!!

  1. Bypassing NX bit using return-to-libc
  2. Bypassing NX bit using chained return-to-libc
  3. Bypasing ASLR
    1. Part I using return-to-plt
    2. Part II using brute force
    3. Part III using GOT overwrite and GOT dereference

Level 3: Heap Vulnerabilities

In this level lets time travel back and forth, to learn about heap memory corruption bugs.

  1. Heap overflow using unlink
  2. Heap overflow using Malloc Maleficarum
  3. Off-By-One (Heap Based)
  4. Use After Free

NOTE: The above list is NOT a complete list. Few more topics needs to be covered up. I am working on it, so expect it to be posted soon!!

25 thoughts on “Linux (x86) Exploit Development Series

  8. Thanks For This Excellent series (Level 3 it’s perfect)

    All in One Pdf :

    Details :
    File : Linux (x86) Exploit Development Series.pdf
    Pages : 164
    Size : 4.1 MB

    CRC-32: d62360f5
    MD4: f839f7d6ccc0c4c61846242a64a448f4
    MD5: 1df6744fe419ca9e584723ad1fa79dd0
    SHA-1: c117208aceded332cea96e0afa4dd33f91314b93

    Download
    http://www.4shared.com/office/kRoeVlaMce/Linux__x86__Exploit_Developmen.html

    Regards
    NO-MERCY

    Like

    Reply

  11. Great articles ! i want to know will you write new articles about x64 program’s exploit .and the analysis of real world’s vulnerability.thanks a lot !

    Like

    Reply

Leave a comment