Exploit Dev Quiz

1. #######################################################
2. # Open the following web links below as tabs #
3. # For each web link answer all of the questions below #
4. #######################################################
5. https://www.exploit-db.com/exploits/46762
6. https://www.exploit-db.com/exploits/46070
7. https://www.exploit-db.com/exploits/40713
8. https://www.exploit-db.com/exploits/46458
9. https://www.exploit-db.com/exploits/40712
10. https://www.exploit-db.com/exploits/40714
11. https://www.exploit-db.com/exploits/40680
12. https://www.exploit-db.com/exploits/40673
13. https://www.exploit-db.com/exploits/40681
14. https://www.exploit-db.com/exploits/37731
15. https://www.exploit-db.com/exploits/31254
16. https://www.exploit-db.com/exploits/31255
17. https://www.exploit-db.com/exploits/27703
18. https://www.exploit-db.com/exploits/27277
19. https://www.exploit-db.com/exploits/26495
20. https://www.exploit-db.com/exploits/24557
21. https://www.exploit-db.com/exploits/39417
22. https://www.exploit-db.com/exploits/23243
23.  
24.  
25.  
26. ###############################
27. ###################### # Class Exploit Dev Quiz Task # ######################
28. ###############################
29.  
30.  
31. EID number:
32.  
33. 1. Vulnerable Software Info
34. a- Target Product Name
35. b- Target Software version
36. c- Available for download on exploit-db.com
37.  
38.  
39. 2. Target platform
40. a- OS Name (ex: Windows XP)
41. b- Service pack (ex: SP3)
42. c- Language pack (ex: English)
43.  
44.  
45. 3. Exploit info
46. a- modules imported (ex: sys, re, os)
47. b- application entry point (ex: TRUN)
48. c- distance to EIP (ex: 2006)
49. d- how is code redirection done (ex: JMP ESP, JMP ESI)
50. e- number of NOPs (ex: 10 * \x90 = 10 NOPs)
51. f- length of shellcode (ex: 368)
52. g- bad characters (ex: \x0a\x00\x0d)
53. h- is the target ip hard-coded
54. i- what does the shellcode do (ex: bind shell, reverse shell, calc)
55. j- what is the total buffer length
56. k- does the exploit do anything to ensure the buffer doesn't exceed a certain length
57. l- Is this a server side or client-side exploit
58.  
59.  
60.  
61.  
62. ######################################
63. # Exploit Development Scoring System #
64. ######################################
65.  
66. 1. Comments
67. -----------
68. 1a. Has detailed comments (1 point)
69. 1b. Comments target app info (1 point)
70. 1c. Comments target platform info (1 point)
71. 1d. Comments protocol or file spec info (1 point)
72. 1e. Comments program redirection info (1 point)
73. 1f. Comments shellcode info (1 point)
74.  
75.  
76. 2. Modules/Libraries
77. --------------------
78. 2a. Uses correct modules/libraries to properly interact with protocol or file type (1 point)
79.  
80.  
81. 3. Program redirection
82. ----------------------
83. 3a. Use correct program redirection (JMP ESP, CALL ESP, PUSH ESP; RET) from the correct platform for stable program code redirection
84.  
85. 4. Shellcode
86. ------------
87. 4a. Tests for bad characters (1 point)
88. 4b. Tests for maximum length of payload (1 point)
89.  
90. 5. Exploit stability
91. --------------------
92. 5a. Use NOPS correctly
93. 5b. Maps to protocol or file spec correctly
94. 5c. Uses a stack shift if applicable
95. 5c. Uses correct EXITFUNC for stability (1 point)