{"id":17383492,"url":"https://github.com/aasthayadav/compsecattacklabs","last_synced_at":"2025-08-21T20:33:40.896Z","repository":{"id":202685999,"uuid":"109319802","full_name":"aasthayadav/CompSecAttackLabs","owner":"aasthayadav","description":"Contains Attack labs ","archived":false,"fork":false,"pushed_at":"2019-01-31T15:38:35.000Z","size":24606,"stargazers_count":151,"open_issues_count":0,"forks_count":81,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-12-11T11:10:16.978Z","etag":null,"topics":["attacks","c","security-vulnerability","shellcode","socket-programming"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aasthayadav.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-11-02T21:16:59.000Z","updated_at":"2024-10-24T03:03:00.000Z","dependencies_parsed_at":"2023-10-25T02:15:10.479Z","dependency_job_id":null,"html_url":"https://github.com/aasthayadav/CompSecAttackLabs","commit_stats":null,"previous_names":["aasthayadav/compsecattacklabs"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aasthayadav%2FCompSecAttackLabs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aasthayadav%2FCompSecAttackLabs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aasthayadav%2FCompSecAttackLabs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aasthayadav%2FCompSecAttackLabs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aasthayadav","download_url":"https://codeload.github.com/aasthayadav/CompSecAttackLabs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230532451,"owners_count":18240792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attacks","c","security-vulnerability","shellcode","socket-programming"],"created_at":"2024-10-16T07:42:56.760Z","updated_at":"2024-12-20T04:08:26.235Z","avatar_url":"https://github.com/aasthayadav.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OWASP Top 10 and common Attacks\n\nThese attack labs cover some of the most common vulnerabilties in general software. They show how attacks work in exploiting these vulnerabilities.\n\n## Table of Contents\n\n- [Installation and Setup](#install)\n- [Motivation](#motivation)\n- [List of Attacks](#attacks)\n- [Key Learnings](#learning)\n- [References](#references)\n\n## Installation and Setup\n\nStep 1: Create a new VM in Virtual Box. \u003cbr\u003e\nStep 2: Download the image SEEDUbuntu-16.04-32bit.zip from [here](http://jupiter.syr.edu/seed/images/16_04_v3/SEEDUbuntu-16.04-32bit.zip). \u003cbr\u003e\nStep 3: Use the Virtual Machine Hard Disk file to setup your VM. \u003cbr\u003e\nStep 4: Configure the VM. \u003cbr\u003e\n\n## Motivation\n\nThe labs were completed as a part of the coursework in Computer Security (CSE643) at Syracuse University. The course is well structured to understand the concepts of Computer Security. \u003cbr\u003e\n\n## List of Attacks\n\n1. **Environment Variable and Set-UID Vulnerability**\u003cbr\u003e\nDescription: Understanding how environment variables affect the behavior of Set-UID programs, which are usually privileged programs.\n\n2. **Buffer Overflow Vulnerability**\u003cbr\u003e\nDescription: The task is to develop a scheme to exploit the buffer overflow vulnerability and finally gain the root privilege.\n\n3. **Return-to-libc attack**\u003cbr\u003e\nDescription: There exists a variant of buffer-overflow attack called the return-to-libc attack, which does not need an executable stack; it does not even use \nshell code. Instead, it causes the vulnerable program to jump to some existing code, such as the system() function in the libc library, \nwhich is already loaded into the memory. The task is to develop a return-to-libc attack to exploit the vulnerability and finally to \ngain the root privilege.\n\n4. **Shellshock Attack**\u003cbr\u003e\nDescription: In this attack we launched the shellshoch attack on a remote web server and then gained the reverse shell by exploiting the vulnerability.\n\n5. **Race Condition Vulnerability**\u003cbr\u003e\nDescription: A race condition occurs when multiple processes access and manipulate the same data concurrently, and the outcome of the\nexecution depends on the particular order in which the access takes place. If a privileged program has a\nrace-condition vulnerability, attackers can run a parallel process to “race” against the privileged program,\nwith an intention to change the behaviors of the program. The task is to exploit the vulnerability and gan root privilege.\n\n6. **Dirty COW Attack**\u003cbr\u003e\nDescription: A case of Race condition vulnerability which affected Linux-based operating systems and Android. We launch this attack to modify /etc/passwd file.\n\n7. **Format String Vulnerability**\u003cbr\u003e\nDescription: The format-string vulnerability\nis caused by code like printf(user input), where the contents of variable of user input\nis provided by users. When this program is running with privileges (e.g., Set-UID program), this printf\nstatement becomes dangerous, because it can lead to one of the following consequences: (1) crash the\nprogram, (2) read from an arbitrary memory place, and (3) modify the values of in an arbitrary memory\nplace. The last consequence is very dangerous because it can allow users to modify internal variables of a\nprivileged program, and thus change the behavior of the program. The task is to develop\na scheme to exploit the vulnerability.\n\n8. **Cross Site Request Forgery Attack**\u003cbr\u003e\nDescription: In this lab, we will be attacking a social networking web application using the CSRF attack. The\nopen-source social networking application called Elgg has countermeasures against CSRF, but we have\nturned them off for the purpose of this lab.\n\n9. **Cross Site Scripting Attack**\u003cbr\u003e\nDescription: In this lab, we need to exploit\nthis vulnerability to launch an XSS attack on the modified Elgg, in a way that is similar to what Samy\nKamkar did to MySpace in 2005 through the notorious Samy worm. The ultimate goal of this attack is to\nspread an XSS worm among the users, such that whoever views an infected user profile will be infected, and\nwhoever is infected will add you (i.e., the attacker) to his/her friend list.\n\n10. **SQL injection Attack**\u003cbr\u003e\nDescription: In this lab, we have created a web application that is vulnerable to the SQL injection attack. Our web\napplication includes the common mistakes made by many web developers. Our goal is to find ways to\nexploit the SQL injection vulnerabilities, demonstrate the damage that can be achieved by the attack, and\nmaster the techniques that can help defend against such type of attacks.\n\n11. **Android Repackaging Attack**\u003cbr\u003e\nDescription: Repackaging attack is a very common type of attacks on Android devices. In such an attack, attackers\nmodify a popular app downloaded from app markets, reverse engineer the app, add some malicious payloads,\nand then upload the modified app to app markets. Users can be easily fooled, because it is hard to notice\nthe difference between the modified app and the original app. Once the modified apps are installed, the\nmalicious code inside can conduct attacks, usually in the background. We gain hands-on experience on the Android Repackaging attack.\n\n12. **Android Device Rooting Attack**\u003cbr\u003e\nDescription: The objective of this lab is two-fold. First, through this lab, we will get familiar with the process\nof device rooting and understand why certain steps are needed. Many people can root Android devices, but\nnot many people fully understand why things have to be done in a particular way. Second, the entire rooting\nmechanism involves many pieces of knowledge about the Android system and operating system in general,\nso it serves as a great vehicle for students to gain such in-depth system knowledge. In this lab, we will ask\nstudents to develop a complete rooting package from scratch, and demonstrate how to use the package to\nroot the Android VM provided by us.\n\n\n\n\n## Key Learnings\n\n- These attack labs gives us the idea of fundamental principles of computer system security, including authentication, access control,\ncapability, security policies, sandbox, software vulnerabilities, and web security.\n\n- Identifying the vulnerabilities and exploit them. Further work on countermeasures as a security solution to the problem.\n\n```\nReferences\n\n1. http://www.cis.syr.edu/~wedu/Teaching/CompSec/labs.html\n2. Computer Security: A Hands-on Approach by Wenliang Du \n```\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faasthayadav%2Fcompsecattacklabs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faasthayadav%2Fcompsecattacklabs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faasthayadav%2Fcompsecattacklabs/lists"}