You may watch the old 2019 videos, but please move on to using Docker and Docker Pwnboxes beginning with Lecture #19.


The PDF Book is in the resources section.


Note, to address issues broken exploits and exercises and of incompatible versions of Linux, Linux Kernels, Linux Architectures, I have decided to resurrect old exploits that have been broken by upgrades by packaging them into docker containers using its platform emulation feature and locking the exploitable binary to specific versions of Linux containers. This will let me put LibHTTPD 1.2 and Crossfire back as exercises.

Platform emulation allows you to run any application by a supported platform and architecture. Meaning you can run exploitable binaries on a 64-bit Linux VM, with the Docker container pretending its a 32-bit machine.

Right now it is in a testing phase (from what I have heard, Docker platform emulation works on Linux Virtual Machines, Raspberry Pis, but apparently not Mac OS X). I would like feedback if platform emulation did not work for you, in reviving exploitable binaries by putting up a question in the QA Section. Please post your Linux VM version that has docker.io installed.

With this setup, you can run ANY version of Linux, including in a virtual machine (preferred), install Docker on it, and then run a pwnbox, which contains ALL of the tools that you need to exploit the binary (gdb, gef, peda, tmux, netcat). Furthermore the following changes will be implemented

  1. You will be taught in BOTH Python 2.7 and Python 3+ (its not my choice, Python 2.7 was the choice language in 2019 but Python 3 has now been adopted and Python 2.7 is deprecated, yet exploit-db.com still has many exploits written in Python 2.7, penetration testers are forced to learn both)

  2. You will no longer be constrained to reverse bytes for Little-Endian architectures, instead you will be taught how to use struct.pack methods for 32-bit and 64-bit exploitation, as it will really be convenient when you are being taught manual ROP-chaining

  3. 64-bit exploitation has been introduced. You will be taught the simple ret2libc ROP-chain attack, as well as the ret2libc ROP-chain and stack-canary bypass attack, eventually learning how to disable NX/DEP manually and bypass ASLR on Linux machines. You will NOT use the mona.py ROP-chaining module. You will be taught manually.

My original videos will still remain up (as it was originally written in Python 2.7), but please skip right to the Docker exercises to have exploitable binaries, which now uses Python 3+.