• Stars
    star
    980
  • Rank 46,713 (Top 1.0 %)
  • Language
    C
  • License
    BSD 3-Clause "New...
  • Created over 10 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Vulnerable server used for learning software exploitation

Vulnserver

Check my blog at http://thegreycorner.com/ for more information and updates to this software.

About the software

Vulnserver is a multithreaded Windows based TCP server that listens for client connections on port 9999 (by default) and allows the user to run a number of different commands that are vulnerable to various types of exploitable buffer overflows.

This software is intended mainly as a tool for learning how to find and exploit buffer overflow bugs, and each of the bugs it contains is subtly different from the others, requiring a slightly different approach to be taken when writing the exploit.

Though it does make an attempt to mimic a (simple) legitimate server program this software has no functional use beyond that of acting as an exploit target, and this software should not generally be run by anyone who is not using it as a learning tool.

Compiling the software

Binaries have been provided in this package, however if you wish to compile the software from the provided source files instructions are included in the file COMPILING.txt.

Running the software

To run the software, simply execute vulnserver.exe. The provided essfunc.dll library must be in a location where it can be found by vulnserver.exe - keeping both files in the same directory will usually work fine.

To start the server listening on the default port of 9999, simply run the executable, to use an alternate port, provide the port number as a command line parameter.

Once the software is running, simply connect to it on port 9999 using a command line client like netcat. Issue a HELP command (case sensitive) to see what functions are supported and go from there....

Exploiting Vulnserver

Detailed instructions on how to exploit this software, or example exploit files have not been included with this package - this is to provide a challenge for those who want it and also a disincentive to cheat by peeking at the answer.

If you're stuck, you can refer to the following to get an idea of how to proceed. Some of the following links provide full tutorials that teach the skills necessary to exploit and discover the vulnerabilities in Vulnserver, along with complete walkthroughs for some of the simpler vulnerabilities. In the case of the more difficult issues, some of the links might provide just a hint of how you can proceed...

License

See LICENSE.txt.

Warning

UNDER NO CIRCUMSTANCES SHOULD THIS SOFTWARE BE RUN ON ANY SYSTEM THAT IS CONNECTED TO AN UNTRUSTED NETWORK OR THAT PERFORMS CRITICAL FUNCTIONS. THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGES THAT MAY OCCUR FROM USING THIS SOFTWARE IN THIS OR ANY OTHER MANNER. USE AT YOUR OWN RISK.

More Repositories

1

hlextend

Pure Python hash length extension module
Python
117
star
2

aws_url_signer

POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
Python
58
star
3

pentesting_stuff

A place to store my various pentesting related code thats too small/niche to justify its own repository, and a simple website with notes on pentesting.
Python
31
star
4

breakableflask

Simple vulnearable Flask web application
Python
27
star
5

shellcode

Various shell code I have written
Assembly
16
star
6

CVE-2022-46164-poc

Basic POC exploit for CVE-2022-46164
Python
11
star
7

ad_ldap_dumper

Security focused tool for dumping information from Active Directory via LDAP
Python
8
star
8

ssltest

SSL/TLS cipher testing tool
Perl
8
star
9

pygdbdis

Repository for pygdbdis gdb debugging extensions
Python
6
star
10

offsecfeed

RSS feed of offensive security topics http://thegreycorner.com/offsecfeed/
HTML
5
star
11

openwrt_vpn_control

Simple web interface to allow VPNs to be started and stopped easily
PHP
5
star
12

detectionlab_mod

Files related to my own DetectionLab deployment process
PowerShell
4
star
13

BurpPythonGateway

Uses py4j to make Burp Extender internals available to Python code and interactive interpreters like iPython
Python
4
star
14

CSharpInjectorLibrary

Reference injectable DLL in C# that provides a number of example methods for reproducing various TTPs
C#
3
star
15

absentis

Burp extension for identifying files using names with common variations on existing filenames
Python
3
star
16

stephenbradshaw

Github profile repository
3
star
17

stephenbradshaw.github.io

Website
HTML
3
star
18

CSIG

A Burp plugin that generates Intruder payloads for character set manipulation
Java
2
star
19

aws_helpers

Some helper code for doing things in AWS
Python
1
star
20

testing

Stuff
Python
1
star
21

letsencrypt_dns01_server

DNS Server for DNS01 authorisation
Python
1
star
22

burpextensiontemplates

Template files for quickly creating Burp Suite extensions
Python
1
star