{"id":21229840,"url":"https://github.com/sleleu/override","last_synced_at":"2025-03-15T02:16:14.410Z","repository":{"id":216874714,"uuid":"742448140","full_name":"Sleleu/override","owner":"Sleleu","description":"This project is the continuation of RainFall with the aim of learning the exploitation of binary (elf type).","archived":false,"fork":false,"pushed_at":"2024-04-07T12:48:02.000Z","size":44,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-21T18:11:24.353Z","etag":null,"topics":["42","binary-exploitation","buffer-overflow","cybersecurity"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sleleu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-12T13:58:18.000Z","updated_at":"2024-04-07T18:48:50.000Z","dependencies_parsed_at":"2024-01-13T11:08:00.745Z","dependency_job_id":"e4ba28ba-983f-462a-aaa8-3bb97d82fd12","html_url":"https://github.com/Sleleu/override","commit_stats":null,"previous_names":["sleleu/override"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sleleu%2Foverride","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sleleu%2Foverride/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sleleu%2Foverride/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sleleu%2Foverride/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sleleu","download_url":"https://codeload.github.com/Sleleu/override/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243672487,"owners_count":20328768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["42","binary-exploitation","buffer-overflow","cybersecurity"],"created_at":"2024-11-20T23:29:55.607Z","updated_at":"2025-03-15T02:16:14.390Z","avatar_url":"https://github.com/Sleleu.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# About this project\n\nThis is a cybersecurity project of 42 school, following in the footsteps of the [snow-crash](https://github.com/Sleleu/snow_crash) and [rainfall](https://github.com/Sleleu/rainfall) projects, aims to familiarize oneself with binary exploitation.\n\nSeveral notions are covered in this project, including:\n\n- Basics of reverse engineering\n- Understanding of the different protections\n- Stack buffer overflow\n- Format string attack vulnerabilities\n- Ret2libc attack\n\nThis project is presented in the form of a VM with 10 levels available. Each level contains a binary in the user's /home directory. The objective is to exploit this binary in order to progress to the next level.\n\n![035486413](https://github.com/Sleleu/override/assets/93100775/abdc211a-b49e-4b05-8db9-4fcccc83a61d)\n\n\nEach level should have a folder containing:\n\n- **The flag** that allows access to the user of the next level\n- **Source code obtained** from the decompiled executable, providing a better understanding of the binary's structure to be exploited\n- **A walkthrough describing the steps** to successfully exploit it\n\nMany challenges, after identifying how to exploit the vulnerability through the debugger, assembly instructions, and decompiled code, will look like this:\n\n```bash\n(python -c \"print('A' * 76 + '\\\\x44\\\\x84\\\\x04\\\\x08')\"; cat) | ./binary \u003c== poof 💣\nGood... Wait what? \u003c== 💀\nwhoami\nlevelup\ncat /home/user/levelup/.pass\n{flag} \u003c== 🚩\n```\n\n# Resources\n\nHere are some resources that can be helpful:\n\n### Find offset\n\n- https://projects.jason-rush.com/tools/buffer-overflow-eip-offset-string-generator/\n\n### Online decompiler\n\n- https://dogbolt.org/\n\n### Shellcode used\n\n- https://shell-storm.org/shellcode/files/shellcode-811.html\n- https://shell-storm.org/shellcode/files/shellcode-752.html\n\n### Buffer overflow basics\n\n- https://beta.hackndo.com/buffer-overflow/\n- https://www.root-me.org/fr/Documentation/Applicatif/Debordement-de-tampon-dans-la-pile\n- [https://repository.root-me.org/Exploitation - Système/Unix/FR - Stack Bug - Exploitation avancee de buffer overflow.pdf](https://repository.root-me.org/Exploitation%20-%20Syst%C3%A8me/Unix/FR%20-%20Stack%20Bug%20-%20Exploitation%20avancee%20de%20buffer%20overflow.pdf)\n- https://www.youtube.com/watch?v=u-OZQkv2ebw (king)\n\n### Assembly basics\n\n- http://www2.ift.ulaval.ca/~marchand/ift17583/Supplement2.pdf\n\n### Format string attack\n\n- https://www.unilim.fr/pages_perso/patrick.poulingeas/Enseignements/2004_2005/Master1/FormatString.pdf\n- [https://repo.zenk-security.com/Techniques d.attaques . Failles/Les failles Format String.pdf](https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/Les%20failles%20Format%20String.pdf)\n- https://www.re-xe.com/format-string-bugs/\n- https://lettieri.iet.unipi.it/hacking/format-strings.pdf (format string attack in 64 bytes architecture)\n\n### Got overwrite\n\n- https://ctf101.org/binary-exploitation/what-is-the-got/\n- https://axcheron.github.io/exploit-101-format-strings/#code-execution-redirect\n\n### Ret2libc\n\n- https://beta.hackndo.com/retour-a-la-libc/\n- https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/return-to-libc-ret2libc\n- https://css.csail.mit.edu/6.858/2019/readings/return-to-libc.pdf\n- https://www.exploit-db.com/docs/english/28553-linux-classic-return-to-libc-\u0026-return-to-libc-chaining-tutorial.pdf\n\n\n### Protections\n\n- https://beta.hackndo.com/technique-du-canari-bypass/\n- https://www.bases-hacking.org/aslr-nx.html\n- https://connect.ed-diamond.com/MISC/misc-062/la-securite-applicative-sous-linux\n- https://lettieri.iet.unipi.it/hacking/aslr-pie.pdf\n- https://stackoverflow.com/questions/54747917/difference-between-aslr-and-pie\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsleleu%2Foverride","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsleleu%2Foverride","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsleleu%2Foverride/lists"}