Skip to content

Insecure Programming by Example - Teach yourself how buffer overflows, format strings, numeric bugs, and other binary security bugs work and how to exploit them

Notifications You must be signed in to change notification settings

gerasdf/InsecureProgramming

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

InsecureProgramming

I originally crafted this exercises for raddy when he was 17? and wanted to learn what a buffer overflow was and how to exploit it. He showed me a few exercises he was doing and they were pretty poor, so we sat down and write some more, and then everytime he finished one, we wrote another. At the time, many people started doing them at Core SDI, among them was riq, who dreamed (really dreamed) a girl coming out of an oasis to tell hime a solution to what today is abo6.c, at the time it was abo5.c, so I had no other choice than write a new abo5.c. And the list kept growing.

The last I wrote is the stack* series, as a sort of introduction to the subject. Starting with stack1.c I believe this comprises a self thought course on exploit writing with a good incremental rhythm.

Of course as protection technologies and operating systems evolved, exploitation techniques changed, and what exercise can be exploited where has also changed, but I believe it's safe to assume all are exploitable on every operating system, because you'll be surprised of the solutions I've seen over time :-)

Too many people told me they enjoyed playing and learning with "the abos", and many people also told me they are still using them, so, here they are... Who says they'll keep evolving?

Order

Though any order is fine, and the last I've made are the stack* series, I belive the following order will smooth your path. Specially up to the numeric examples. Some are more complex than others, even in at the begining. Don't you ever give up!

  • stack*.c - Introductory
  • abo*.c - [Advanced] Buffer Overflows
  • fs*.c - Format Strings
  • n*.c - Numeric
  • e*.c - Esoteric
  • s*.c - Signals
  • sg*.c - Erm... I don't rememeber, heh

Original Source

http://community.coresecurity.com/~gera/InsecureProgramming/ apparently doesn't exist anymore, nore I have anything to do with that company anymore (except its history)

About

Insecure Programming by Example - Teach yourself how buffer overflows, format strings, numeric bugs, and other binary security bugs work and how to exploit them

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages