Metasploitable 3 (Linux): An Exploitation Guide

The Metasploitable virtual machine is an intentionally vulnerable image designed for testing security tools and demonstrating common vulnerabilities. Version 3 of this virtual machine is available in both Ubuntu and Windows forms. They can be set up using Vagrant and are available on GitHub and ship with even more vulnerabilities than Metasploitable 1 and 2. The virtual machines are compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable’s network interfaces are bound to the “private network” configuration in Vagrant (VirtualBox users may need to change this to NAT Network), and the images should never be exposed to a hostile network.

Continue reading

Exploit Development: Stack Buffer Overflow

A stack buffer overflow occurs when a program writes more data to the stack than what is allocated to the buffer. This results in the extra data overwriting possibly important data in stack and causing the program to crash or to execute arbitrary code by possibly overwriting the instruction pointer and hence being able to redirect the execution flow of the program.
I used Evan’s debugger to demonstrate the buffer overflow on Kali Linux.
Continue reading