Building a Lab to practice Exploit writing(Windows XP x86)
So, this is a thing I found while doing some googling. If you wrote this, I owe you a lot of beer. I redacted the place/username as it was on a less than happy place.
This assumes you have an idea of ASM x86 and general exploitation methods.
Idea with this setup, is that you have a VM of XP SP3 running with the following software and tools installed. You look up the exploits on exploit-db and recreate them.
Start here: I'm designing exploit lab based on WinXP SP3. As for now I have following vulnerabilities/apps:
- Simple RET - Ability FTP Server (FTP) - Writeup of Fuzzing + Exploit Dev
- Simple RET - FreeFloat FTP (FTP)
- Simple RET (harder) - CesarFTP (FTP)
- Simple RET - Easy RM to MP3 Converter (.pls)
- Simple RET - DL-10 - Need to find copy of
- SEH - DVDXPlayer
- SEH - Millenium
- SEH - Soritong
- SEH - mp3nator
- SEH - NNM (hard) - Need to find copy of
- SEH + UNICODE - ALLPlayer
- SEH (difficult) - Winamp
with following tools installed:
- WinDBG + MSEC.dll (!load winext\msec.dll) + byakugan (!load byakugan)
- Immunity Debugger + mona.py (!mona)
- OllyDBG+Plugins(SSEH+OllySnake+AdvancedOlly+OllyHeapVis+Virtual2Physical)
- C:\Windows\system32\findjmp2.exe
- Cygwin + perl + gdb + gcc...
- Python26 (for IDA) + PyDbg - https://code.google.com/p/pydbgr/wiki/HowToInstall
- Python27 (for ImmunityDebugger)+pyDbg
- lcc-win
- Wireshark
- Mantra on Chrome (MoC)
- Google-Chrome
- Microsoft Visual C++ 2008 Express
- Nasm
- metasploit
- Alpha3 (c:\Alpha3)
- IDA
- Sysinternals (c:\Windows\System32)
- Proxifier Edition
- Echo Mirage