Setting up the VM, how to connect to it with ssh, what setuid binaries are and how the levels work. Watch this if you are a complete beginner.
Note: Protostar is not made by me and most of the content here is copied from https://exploit-exercises.com/protostar/.
I simply added additional descriptions and referenced my videos.
Protostar introduces the following in a friendly way:
The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.
In order to make this as easy as possible to introduce Address Space Layout Randomization and Non-Executable memory has been disabled. If you are interested in covering ASLR and NX memory, please see the Fusion page.
Downloads are available from the download page: https://exploit-exercises.com/download/
Default username and passwords:
Once the virtual machine has booted, you are able to log in as the "user" account with the password "user" (without the quotes).
The levels to be exploited can be found in the
For debugging the final levels, you can log in as root with password "godmode" (without the quotes)
/proc/sys/kernel/core_pattern is set to
/tmp/core.%s.%e.%p. This means that instead of the general
./core file you get, it will be in a different directory and different file name.