Introduction to Exploit Development

Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Outline or highlight the flag in the image
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

I: Command Injection

ED 30: Linux Virtual Machine  15
ED 101: Essential Linux 15 + 10 extra
H 110a: Linux Journey 83 extra
ED 102. Command Injection 20 + 40 extra
ED 103: SQL Injection 30 + 155 extra
ED 104: CMD Injection 15 + 25 extra
ED 105: Server Side Template Injection (SSTI) 35 extra
ED 106: PHP-FPM Command Injection 15 extra

II: Binary Exploits for Linux

ED 201: Linux Buffer Overflow With Command Injection  15
ED 202: Linux Buffer Overflow Without Shellcode  40 + 75 extra
ED 203: Linux Buffer Overflow With Listening Shell  15 + 30 extra
ED 204: Exploiting a Format String Vulnerability  20
ED 205: Very Simple Heap Overflow  10 + 20 extra
ED 206: Heap Overflow via Data Overwrite  10 + 35 extra
ED 207: Linux Buffer Overflow with ROP (requires VMware)  15
ED 210: Exploiting a Race Condition  10 extra
ED 220: Intro to 64-bit Assembler  15 + 25 extra
ED 230: Hardening ELF Binaries  15 extra

III: Binary Exploits for Windows

ED 32: Windows 10 Virtual Machine (recommended)  15 extra
H 2: Windows 2016 Server Virtual Machine (not recommended)  15
 
ED 308: Exploiting "Vulnerable Server" on Windows     Google Cloud version  25 + 25 extra
ED 309: Defeating DEP with ROP  20 extra
ED 301: Windows Stack Protection I: Assembly Code  15
ED 302: Windows Stack Protection II: Exploit Without ASLR  15
ED 303: Windows Stack Protection III: Limitations of ASLR  15 extra
ED 310: Windows Mitigations  10 extra
ED 318: Exploiting Easy RM to MP3 Converter on Windows with ASLR  30 exta
ED 319: SEH-Based Stack Overflow Exploit · Windows 10 version  20 + 45 extra
ED 330: C# Dot Net  20 extra
ED 331: Dot Net Reflector  45 extra
ED 340: Making Custom Shellcode  20 extra

IV: ARM Exploits

ED 413: ARM Shellcode on the Pi  30 extra
ED 414: Self-Modifying ARM Shellcode on the Pi  20 extra
ED 420: Jailbreaking an iPhone with Checkra.in  15 extra
ED 421: Buffer Overflow on an iPhone  20 extra

V: Extras

R 10: Rust Basics, Overflows, & Injection  35 extra
R 20: Rust Dangling Pointers & Memory Leaks  35 extra

Assembly Language

Don't submit these projects in Canvas; use the scoring system below

Enter Flags · Scoreboard

ASM 100: Basics  69 extra
ASM 104: Bases & Printing  40 extra
ASM 105: ASCII  20 extra
ASM 110: Gdb  30 extra
ASM 120: Files  55 extra
ASM 200: Caesar Cipher  35 extra
ASM 210: XOR  20 extra
Scores archived 10-5-2021

Updated 1-25-21
R 10 & R 20 added 2-23-21
ED 308 updated to use Debian (VM version) 3-22-2021
ED 230 added 4-11-2021
ED 319a added 4-18-2021
ED 310 and 318 marked extra 1-13-22
ASM CTF and automated scoreboard added 1-25-22
ED 204-6 updated to Python 3 2-22-22
ED 32 added 3-12-22
ED 308, 301, 302, 303 updated to Windows 10 and Python 3, where applicable 3-14-22
ED 319 Windows 10 version updated to Python 3 on 4-4-22
ED 340 added 4-21-22
ED 330 updated 4-26-22

Scoreboard · Submit Flags · Scores from 127 S22