Skip to content

robalb/tiny-webserver-rce-exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tiny webserver rce exploit

DOI

This is a collection of exploits for a simplified fork of the tiny http webserver https://github.com/shenfeng/tiny-web-server , known to have a buffer overflow.

The goal is to showcase the evolution of memory safety mitigations and exploitation techniques over the years, in a semi-realistic environment.

The webserver has been compiled four times, with increasing levels of memory protections. For every version, I've written an exploit that defeats the mitigations and launches a remote shell:

  • tiny.1996 : no protections. Compiled statically, with an executable stack and no canaries like it's 1996
  • tiny.canary: executable stack, but with stack canaries enabled
  • tiny.nx: both canary and nx protection active
  • tiny.all: all protections active: canary, nx, ASLR, relro

Run the vulnerable web server

strace -f ./bin/tiny.all

Run the exploit

python expl_all.py

Open a debugger at the beginning of the ROP chain

./debug.sh

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published