Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/redcanaryco/exploit-primitive-playground
https://github.com/redcanaryco/exploit-primitive-playground
Last synced: 7 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/redcanaryco/exploit-primitive-playground
- Owner: redcanaryco
- License: mit
- Created: 2020-12-04T23:55:42.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2022-09-09T18:22:18.000Z (about 2 years ago)
- Last Synced: 2024-03-17T18:32:43.445Z (8 months ago)
- Language: C
- Homepage:
- Size: 25.4 KB
- Stars: 55
- Watchers: 22
- Forks: 14
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Exploit Primitive Platform
Welcome to Red Canary's Exploit Primitive Platform!
This project helps researchers, redteamers, and defenders better understand
exploitation techniques for Linux by providing an intentionally vulnerable service
with ready-to-use exploit primitives like stack-out-of-bounds, arbitrary-write, and
arbitrary-read vulnerabilities.
Using these primitives, you can have your hand at testing, or advancing, attack
techniques like file-less, in-memory remote code execution. This is useful for
advancing the state of the art when it comes to tradecraft, while also enabling
teams to test real-world scenarios to determine if their existing security
investments prevent, detect or even observe these attacks.
# Usage
Build the project.
```bash
make
```
Run the vulnerable service on a non-production system (it’s an exploitable service).
```bash
build/_X86_64/epp LHOST LPORT
```
On the same system, or another system with network connectivity to the target system, run an `example` script to exploit a vulnerability and run untrusted code. For example, to exploit the stack-out-of-bounds and arbitrary read exploits, in order to run execute malicious code entirely in the process memory of the vulnerable service (fileless), run the following command:
```
./examples/remote_command_execution.py RHOST RPORT ~/YOUR_RAW_SHELLCODE
./examples/remote_code_execution.py RHOST RPORT ~/YOUR_RAW_SHELLCODE
```
Note: Raw shellcode can be generated using frameworks like Metasploit (see [here](https://www.offensive-security.com/metasploit-unleashed/generating-payloads/)).
# Contributing
We are open to contributions for both examples and primitives.