You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Zouhair AMAZZAL 9561f5e3dd docs(hole-in-bin) fix format 1 year ago
..
audit docs(hole-in-bin) fix language errors 1 year ago
pictures fix(hole-in-bin) add a new VM with serie of exercices 1 year ago
README.md docs(hole-in-bin) fix format 1 year ago

README.md

Hole-In-Bin

Objective

This exercise is designed to test your skills and understanding of binary exploitation and reverse engineering. You will need to work through a series of binary exploitation challenges using a provided virtual machine.

Setup

  1. Download the virtual machine image hole-in-bin.ova. This image contains all the binaries you will need to exploit.

SHA1: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c

  1. Load the virtual machine image into your virtualization software of choice (e.g., VirtualBox, VMWare).

  2. Login using the provided credentials (username: user, password: user).

You will set up a new VM in the audit session!

The Challenges

Inside the /opt/hole-in-bin directory, you will find a set of binaries (ex00 to ex11) that you need to exploit. Each binary presents a unique challenge and will test different aspects of your knowledge about binary exploitation and reverse engineering. You can find more details in a README.txt file inside each exercise folder.

Your task is to exploit these binaries, following ethical hacking guidelines.

Using a decompiler is forbidden, use a disassembler instead of it!

  • The compiler is used to convert high-level programming language code into machine language code.
  • The assembler converts assembly-level language code into machine language code.

These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.

Submission and audit

Files that must be inside your repository:

  • A README.md file, Which explains all the steps you went through to bypass each exercise.
  • All tools you use, and any scripts you write.

It's forbidden to use external scripts, in the audit you will be asked different questions about the concepts and the practices of this project, prepare yourself!