Introduction to Exploit Development

Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Outline or highlight the flag in the image
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

I: Command Injection

ED 30: Linux Virtual Machine  15
ED 101: Essential Linux 15 + 10 extra
H 110a: Linux Journey 83 extra
ED 102. Command Injection 20 + 40 extra
ED 103: SQL Injection 30 + 155 extra
ED 104: CMD Injection 15 + 25 extra
ED 105: Server Side Template Injection (SSTI) 35 extra
ED 106: PHP-FPM Command Injection 15 extra

II: Binary Exploits for Linux

ED 201: Linux Buffer Overflow With Command Injection  15
ED 202: Linux Buffer Overflow Without Shellcode  40 + 75 extra
ED 203: Linux Buffer Overflow With Listening Shell  15 + 30 extra
ED 204: Exploiting a Format String Vulnerability  20
ED 205: Very Simple Heap Overflow  10 + 20 extra
ED 206: Heap Overflow via Data Overwrite  10 + 35 extra
ED 207: Linux Buffer Overflow with ROP (requires VMware)  15
ED 210: Exploiting a Race Condition  10 extra
ED 220: Intro to 64-bit Assembler  15 + 25 extra
ED 230: Hardening ELF Binaries  15 extra

III: Binary Exploits for Windows

H 2: Windows 2016 Server Virtual Machine  15
ED 308: Exploiting "Vulnerable Server" on Windows     VM version  25 + 25 extra
ED 309: Defeating DEP with ROP  20 extra
ED 301: Windows Stack Protection I: Assembly Code  15
ED 302: Windows Stack Protection II: Exploit Without ASLR  15
ED 303: Windows Stack Protection III: Limitations of ASLR  15 extra
ED 310: Windows Mitigations  10
ED 318: Exploiting Easy RM to MP3 Converter on Windows with ASLR  30
ED 319: SEH-Based Stack Overflow Exploit · Windows 10 version  20 + 45 extra
ED 330: C# Dot Net  20 extra
ED 331: Dot Net Reflector  45 extra

IV: ARM Exploits

ED 413: ARM Shellcode on the Pi  30 extra
ED 414: Self-Modifying ARM Shellcode on the Pi  20 extra
ED 420: Jailbreaking an iPhone with Checkra.in  15 extra
ED 421: Buffer Overflow on an iPhone  20 extra

V: Extras

R 10: Rust Basics, Overflows, & Injection  35 extra
R 20: Rust Dangling Pointers & Memory Leaks  35 extra

Updated 1-25-21
R 10 & R 20 added 2-23-21
ED 308 updated to use Debian (VM version) 3-22-2021
ED 230 added 4-11-2021
ED 319a added 4-18-2021