Introduction to Exploit Development

Projects for CCSF

CCSF Project Submission

Each project has "flags". To get credit, capture a full-desktop image with the flag visible and highlighted, including a clock showing the date and time. Email the images to cnit.127sam@gmail.com

To capture a screenshot on a PC, press Shift+PrntScrn, open Paint, and press Ctrl+V.

To capture a screenshot on a Mac, press Shift+Cmd+3

Local Virtual Machines

Only for students without credit cards

ED 10: Kali Virtual Machine  15
ED 21: Windows 2016 Server Virtual Machine  10

I: Command Injection

ED 200: Google Cloud Linux Server  15
ED 101: Essential Linux 15 + 10 extra
ED 102. Command Injection 20 + 40 extra
ED 103: SQL Injection 30 + 155 extra
ED 104: CMD Injection 15 + 25 extra
ED 105: Server Side Template Injection (SSTI) 35 extra
ED 106: PHP-FPM Command Injection 15 extra

II: Binary Exploits for Linux

ED 201: Linux Buffer Overflow With Command Injection  15
ED 202: Linux Buffer Overflow Without Shellcode  40 + 75 extra
ED 203: Linux Buffer Overflow With Listening Shell  15 + 30 extra
ED 204: Exploiting a Format String Vulnerability  20
ED 205: Very Simple Heap Overflow  10 + 20 extra
ED 206: Heap Overflow via Data Overwrite  10 + 35 extra
ED 207: Linux Buffer Overflow with ROP (requires VMware)  15
ED 210: Exploiting a Race Condition  10
ED 220: Intro to 64-bit Assembler  15 + 25 extra

III: Binary Exploits for Windows

ED 300: Windows 2016 Server Cloud Server  15
ED 308: Exploiting "Vulnerable Server" on Windows  25 + 25 extra

     The Wild World of Windows (pdf) · (keynote)

ED 309: Defeating DEP with ROP  20 extra
ED 301: Windows Stack Protection I: Assembly Code  15
ED 302: Windows Stack Protection II: Exploit Without ASLR  15
ED 310: Windows Mitigations  10
ED 318: Exploiting Easy RM to MP3 Converter on Windows with ASLR  30
ED 319: SEH-Based Stack Overflow Exploit  20 + 45 extra
ED 330: C# Dot Net  20 extra
ED 331: Dot Net Reflector  45 extra

IV: ARM Exploits

Recommended

ED 413: ARM Shellcode on the Pi  30 extra
ED 414: Self-Modifying ARM Shellcode on the Pi  20 extra
ED 420: Jailbreaking an iPhone with Checkra.in  15 extra
ED 421: Buffer Overflow on an iPhone  20 extra

Deprecated

ED 401: ARM Stack Overflow Exploit  20
ED 410: Qemu Emulator  20 extra
ED 411: Raspbian in Qemu  15 extra
ED 412: Exploiting Raspbian in Qemu with Shellcode  15 extra

V: Extras

ED 501: Codacy  15 extra
ED 290: Chrome Desktop on a Cloud Linux Server  10 extra
M 110: Genymotion Cloud and ADB  25 extra
Go the Wrong Way CTF  305 extra

ETERNALROMANCE added 6-2-19 5:40 am
China scores archived 6-6-19
Cloud versions added for 201 and 202 7-17-19
More cloud versions added 8-1-19 & 8-3-19
Scores from BHUSA added 8-5-19
Easy MP3 added 8-5-19
Black Hat scores archived and DEF CON image added 8-7-19
Reformatted for CCSF use 8-16-19
Screenshot instructions added 8-19-19
Point total for ED 103 and ED 202c corrected 9-9-19
ED 303 removed 9-16-19
ED 206 added 9-18-19
Point total for ED 310 corrected to 10 9-19-19
ED 203 points split into required and extra 9-26-19
ED 220 added 10-2-19
ED 104 added 10-3-19
ED 319 points corrected 10-9-19
ED 308 extra added 10-10-19
ED 319 extra added 10-11-19
ED 330 & 331 added 10-16-19
ED 105 added 10-20-19
ED 106 added 10-31-19
A 51 added 10-31-19
A 52 & A 53 added 11-3-19
A 54 added 11-4-19
ED 309 added and GO moved to separate page 11-6-19
ED 501 added 11-20-19
ED 290 added 11-21-19
M 110 added 11-23-19
ED 104 points corrected 11-25-19
ED 410-412 added 11-26-19
ED 410 point total corrected 12-9-19
ED 413 added 12-9-19
ED 420 added 12-10-19
ED 414 added 12-11-19
Extra added to ED 413 12-12-19
ED 421 added 12-18-19