Skip to content

robalb/tiny-webserver-rce-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
bin
bin
 
 
docs
docs
 
 
Makefile
Makefile
 
 
debug.sh
debug.sh
 
 
debugcmd.txt
debugcmd.txt
 
 
expl_1996.py
expl_1996.py
 
 
expl_all.py
expl_all.py
 
 
expl_canary.py
expl_canary.py
 
 
index.html
index.html
 
 
readme.md
readme.md
 
 
tiny.c
tiny.c
 
 

Repository files navigation

tiny webserver rce exploit

DOI

This is a collection of exploits for a simplified fork of the tiny http webserver https://github.com/shenfeng/tiny-web-server , known to have a buffer overflow.

The goal is to showcase the evolution of memory safety mitigations and exploitation techniques over the years, in a semi-realistic environment.

The webserver has been compiled four times, with increasing levels of memory protections. For every version, I've written an exploit that defeats the mitigations and launches a remote shell:

  • tiny.1996 : no protections. Compiled statically, with an executable stack and no canaries like it's 1996
  • tiny.canary: executable stack, but with stack canaries enabled
  • tiny.nx: both canary and nx protection active
  • tiny.all: all protections active: canary, nx, ASLR, relro

Run the vulnerable web server

strace -f ./bin/tiny.all

Run the exploit

python expl_all.py

Open a debugger at the beginning of the ROP chain

./debug.sh

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages