Protostar

Setting up the VM, how to connect to it with ssh, what setuid binaries are and how the levels work. Watch this if you are a complete beginner.

This video introduces http://exploit-exercises.com, how to connect to the VM with ssh and explains what setuid binaries are.

Note: Protostar is not made by me and most of the content here is copied from https://exploit-exercises.com/protostar/.
I simply added additional descriptions and referenced my videos.

Protostar introduces the following in a friendly way:

  • Network programming
  • Byte order
  • Handling sockets
  • Stack overflows
  • Format strings
  • Heap overflows

The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.

In order to make this as easy as possible to introduce Address Space Layout Randomization and Non-Executable memory has been disabled. If you are interested in covering ASLR and NX memory, please see the Fusion page.

Download

Downloads are available from the download page: https://exploit-exercises.com/download/

Getting started

Default username and passwords:
user:user
root:godmode

Once the virtual machine has booted, you are able to log in as the "user" account with the password "user" (without the quotes).
The levels to be exploited can be found in the /opt/protostar/bin directory.
For debugging the final levels, you can log in as root with password "godmode" (without the quotes)

Core Files

README! The /proc/sys/kernel/core_pattern is set to /tmp/core.%s.%e.%p. This means that instead of the general ./core file you get, it will be in a different directory and different file name.