Exploit Exercises is magnificent: nice pre-packed virtual machines with a set of known vulnerabilities to learn various classes of security problem from. Fuzzing you own machines is never any fun, because the likelyhood of finding anything good is infinitesimal, and exploiting is usually harder than fixing, but learning the techniques against a host where you know the exploit will work is really interesting. It even has a nice little flag system where the objective in levelNN is to run
/bin/getflag as user
flagNN, so you know you have done it correctly.
I am having a terrible time doing the exercises, the second one in the first set took me like half an hour to figure out – and there are 20, but it is fun and so good for my brain.
As a useful aside for VirtualBox users, you likely need to switch the virtual machine’s settings from Bridge to NAT networking after importing the OVA, unless you happen to be set up for bridged networking. It complained at me until I did.
– your programming language required you to write useful docs,
– using those docs, it checked your program for mistakes,
– it even used the docs to speed up your program,
– this feature already exists!
And what if it was called static typing.— David van Geest
Unless otherwise noted, this work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.