Exploit Exercises is magnificent: nice pre-packed virtual machines with a set of known vulnerabilities to learn various classes of security problem from. Fuzzing you own machines is never any fun, because the likelyhood of finding anything good is infinitesimal, and exploiting is usually harder than fixing, but learning the techniques against a host where you know the exploit will work is really interesting. It even has a nice little flag system where the objective in levelNN is to run /bin/getflag as user flagNN, so you know you have done it correctly.
I am having a terrible time doing the exercises, the second one in the first set took me like half an hour to figure out – and there are 20, but it is fun and so good for my brain.
As a useful aside for VirtualBox users, you likely need to switch the virtual machine’s settings from Bridge to NAT networking after importing the OVA, unless you happen to be set up for bridged networking. It complained at me until I did.
Web Presence
Page Navigation
Meta
-
Recent Posts
Random Quote
Where most of the users’ time will be spent in routine operation of the product, and where learning is only a small part of the picture, designing for productivity – even if it requires retraining- is often the correct decision.
— Jef RaskinCategories
License
Unless otherwise noted, this work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.