Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.
We hope you enjoy it!
Username: root
Password: toor
Username: level0
Password: warmup
ROP Primer
----------
This VM is meant as a small introduction to 32-bit return-oriented-programming on Linux. It contains three vulnerable binaries, that must be exploited using ROP.
The machine is built and tested in VirtualBox 4.3.20. It's an Ubuntu 32 bit VM, with ASLR disabled. Useful tools like gdb-peda are installed. A description of the levels, including instructions, can be found on the webserver.
A big shout-out to my team mates of the Vulnhub CTF Team!
@barrebas, March 2015 & June 2015
rop-primer-v0.2.ova:
---------------
MD5: 840c75497f54578497a6e44df2f96047
SHA1: 2cb14d78fd1ff7b5a7895447969fde8ca9c06ef3