Home

Awesome

exploit_me

Very vulnerable ARM/ARM64[AARCH64] application (CTF style exploitation tutorial, portable to other platforms)

(c) B.Kerler 2018-2020

Why:

Some of my friends asked me if I could do some examples of exploitable stuff I've seen in real-world the past years for ARM/ARM64[AARCH64]/others.

So, for training purposes, I thought: Why not :)

Current vulnerabilities:

Level 1: Integer overflow
Level 2: Stack overflow
Level 3: Array overflow
Level 4: Off by one
Level 5: Stack cookie
Level 6: Format string
Level 7: Heap overflow
Level 8: Structure redirection / Type confusion
Level 9: Zero pointers
Level 10: Command injection
Level 11: Path Traversal
Level 12: Return oriented programming (ROP)
Level 13: Use-after-free
Level 14: Jump oriented programming (JOP)

Install on Debian/Ubuntu System:

Download the repo

git clone https://github.com/bkerler/exploit_me

Install needed tools on host (Ubuntu)

~$ cd exploit_me
~/exploit_me $ ./script/setup.sh

Usage hints:

ToDo:

Some referrals to ARM reversing beginners :

License:

MIT License (Share, modify and use as you like, but refer to the original author !)