Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/blakley/binary-exploitation

Binary Game & Tutorial on how to use Python to brute force and exploit input in a binary.
https://github.com/blakley/binary-exploitation

binary-exploitation c ctf-challenges gdb python-gdb python3

Last synced: 3 months ago
JSON representation

Binary Game & Tutorial on how to use Python to brute force and exploit input in a binary.

Awesome Lists containing this project

README 

        
#  Binary Exploitation



A tutorial on using Python to test various input in an executable

Run the executable and try to solve it yourself. Complete the solver to finish levels 2 through 5!



[![solver.gif](https://s6.gifyu.com/images/solver.gif)](https://gifyu.com/image/y1Bb)



## Included



* Blakley's Game: The binary game that you can download and try to beat

* A custom python solver for level 1 of the game



## Dependencies



Have both GDB and Python installed then install the following

```

$ pip install gdb

```



## Working with the custom Python Solver



* Navigate to the /src directory

* run the following:

* `gdb ./game`

* `source solver.py`

* `start`



## Understanding the Python Solver



The purpose of the solver is to show you how you can use the gdb module in Python, to brute force input within an executable.

However, there are more effective ways to complete each level in the game. Namely, you can simply use gdb, set breakpoints, and step through the 

assembly to understand the code and retrieve the input that's expected. 



Nonetheless, there exists some situations where testing multiple values is the best method. This is shown in level 3 of the game.

Level 3: Password Guessing, asks you to input my "not so secure" secure password to continue. The best approach here would be to use a password list and feed the program

each password until you've solved the level.



Let's take a look at how this is achieved:

* To start, we need to register our custom `gdb` command. In our Python script, we've created a command `start` that will run our `Level_1`

  function solver. 



* Next, Let's take a look at the Level_1 Solver. We first set a few breakpoints to know if we've successfully found the answer. 

  - (line 14 of solver.py) `gdb.execute('b failed')` Here we set a breakpoint at a point where we know our input has failed

  - (line 15 of solver.py) `gdb.execute(b level_2)` Here we set a breakpoint at where we know our input was correct and we are moving to the next level.



With our breakpoints set, we can now feed the binary answers until a breakpoint is hit.



* Next we can move to pass input to the binary.

  - We will use a `file` that we'll call `answers.txt`. This will contain our answers, separated by a newline, for each level.

  - We open the file in python and loop through the list of inputs we are testing. Then, we append and run the program with each input.

  - After testing single input, we call a function `test()` that will execute the command `gdb.execute("info b 2", False, True)

    This command determines if the breakpoint we set for a successful input was hit. If it is, then we know we've found the answer.



## Deployment

To run the game, open up a unix shell and run the following

```

$ chmod +x game

$ ./game

```