Practical Binary Exploitation

Exploit Education Phoenix | Practical Binary Exploitation

This is a practical guide on a number of binary exploitation techniques, if you are a binary exploitation noob then this is the guide for you.

ever wanted to learn about reverse engineering but didn’t because it was too hard? there was a lot of advanced material but not much for noobs. Say no more that was me a few months back I am writing this guide from a perspective of a noob, here we will solve a CTF from Exploit Education CTF is called phoenix.

Phoenix Exploit Education

Phoenix is a CTF with 21 challenges for binary exploitation for these challenges we have source code provided on exploit education for each challenge and we learn about different basic memory corruption issues such as buffer overflows, format strings, heap exploitation on a Linux system that does not have any security mitigations enabled. It has 32-bit, 64-bit levels also for both x86 and ARM systems.

Challenges are in categories starting from and in this order.

  • Stack-zero to Stack-six
  • Format-zero to Format-four
  • Heap-zero to Heap-three
  • Net-zero to Net-two
  • Final-zero to Final-two

We’ll setup Pheonix then start solving challenges one by one.

Installing QEMU

Phoenix is given on exploit education in a file system image for Qemu, it is an emulator that emulates the hardware for an image just like a virtual machine. Many may not have heard of it so I’ll go over a basic setup of QEMU.

Linux

For Linux open terminal, it’s as easy as:

sudo apt update
sudo apt install qemu
sudo apt install qemu-system

after installing QEMU then you need to download Pheonix I am using AMD64 version and run these commands :

tar xJf exploit-education-phoenix-amd64-v1.0.0-alpha-3.tar.xz
cd exploit-education-phoenix-amd64/
./boot-exploit-education-phoenix-amd64.sh

Now QEMU image is running you can ssh to the machine as “user” both username and password is user/user and for “root” it’s root/root

ssh -p2222 user@localhost

Window

I’ll be using Linux throughout the guide so I recommend that but if you want you can use qemu on windows also here is a video on how to setup qemu on windows.

After downloading Phoenix from exploit education you can use 7zip or Winrar to unzip the file. Setting this up for windows will take some extra effort as the install script that comes with Phoenix won’t work here although you can create a PowerShell script to do the same thing as that install .sh was doing.

Create a file called boot-exploit-education-phoenix-amd64.ps1 inside exploit-education-phoenix-amd64  folder that you unzipped earlier and in that script paste the code given below make sure the path to qemu-system-x86_64.exe is correct.

boot-exploit-education-phoenix-amd64.ps1
\Program` Files\qemu\qemu-system-x86_64.exe `
    -kernel vmlinuz-4.9.0-8-amd64 `
    -initrd initrd.img-4.9.0-8-amd64 `
    -append "root=/dev/vda1" `
    -m 1024M `
    -netdev user,id=unet,hostfwd=tcp:127.0.0.1:2222-:22 `
    -device virtio-net,netdev=unet `
    -drive file=exploit-education-phoenix-amd64.qcow2,if=virtio,format=qcow2,index=0

Press Shift + Right-click and select open PowerShell here. I have assumed you installed qemu in C:/Program Files/qemu. if you didn’t then just change the path in the script. Now qemu will start Phoenix on your system you can work with qemu’s given GUI or just SSH into Phoenix

For SSH i use CMDER although there are options available for you to choose from Putty or Windows Subsystem for Linux whichever you are comfortable with works.

ssh -p2222 user@localhost

this was how you get Pheonix to get running on your windows machine.

Note

I have written this guide in different modules starting from:-

Or this will be one gigantic blog post and will be hard to follow also you can find all the links to this guide on the guide page or click on the above list to open pages right from here for series Practical Binary Exploitation.

Posts created 29

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top