Advertisement
joemccray

Exploit Dev Quiz

Dec 12th, 2019
729
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.31 KB | None | 0 0
  1. #######################################################
  2. # Open the following web links below as tabs #
  3. # For each web link answer all of the questions below #
  4. #######################################################
  5. https://www.exploit-db.com/exploits/46762
  6. https://www.exploit-db.com/exploits/46070
  7. https://www.exploit-db.com/exploits/40713
  8. https://www.exploit-db.com/exploits/46458
  9. https://www.exploit-db.com/exploits/40712
  10. https://www.exploit-db.com/exploits/40714
  11. https://www.exploit-db.com/exploits/40680
  12. https://www.exploit-db.com/exploits/40673
  13. https://www.exploit-db.com/exploits/40681
  14. https://www.exploit-db.com/exploits/37731
  15. https://www.exploit-db.com/exploits/31254
  16. https://www.exploit-db.com/exploits/31255
  17. https://www.exploit-db.com/exploits/27703
  18. https://www.exploit-db.com/exploits/27277
  19. https://www.exploit-db.com/exploits/26495
  20. https://www.exploit-db.com/exploits/24557
  21. https://www.exploit-db.com/exploits/39417
  22. https://www.exploit-db.com/exploits/23243
  23.  
  24.  
  25.  
  26. ###############################
  27. ###################### # Class Exploit Dev Quiz Task # ######################
  28. ###############################
  29.  
  30.  
  31. EID number:
  32.  
  33. 1. Vulnerable Software Info
  34. a- Target Product Name
  35. b- Target Software version
  36. c- Available for download on exploit-db.com
  37.  
  38.  
  39. 2. Target platform
  40. a- OS Name (ex: Windows XP)
  41. b- Service pack (ex: SP3)
  42. c- Language pack (ex: English)
  43.  
  44.  
  45. 3. Exploit info
  46. a- modules imported (ex: sys, re, os)
  47. b- application entry point (ex: TRUN)
  48. c- distance to EIP (ex: 2006)
  49. d- how is code redirection done (ex: JMP ESP, JMP ESI)
  50. e- number of NOPs (ex: 10 * \x90 = 10 NOPs)
  51. f- length of shellcode (ex: 368)
  52. g- bad characters (ex: \x0a\x00\x0d)
  53. h- is the target ip hard-coded
  54. i- what does the shellcode do (ex: bind shell, reverse shell, calc)
  55. j- what is the total buffer length
  56. k- does the exploit do anything to ensure the buffer doesn't exceed a certain length
  57. l- Is this a server side or client-side exploit
  58.  
  59.  
  60.  
  61.  
  62. ######################################
  63. # Exploit Development Scoring System #
  64. ######################################
  65.  
  66. 1. Comments
  67. -----------
  68. 1a. Has detailed comments (1 point)
  69. 1b. Comments target app info (1 point)
  70. 1c. Comments target platform info (1 point)
  71. 1d. Comments protocol or file spec info (1 point)
  72. 1e. Comments program redirection info (1 point)
  73. 1f. Comments shellcode info (1 point)
  74.  
  75.  
  76. 2. Modules/Libraries
  77. --------------------
  78. 2a. Uses correct modules/libraries to properly interact with protocol or file type (1 point)
  79.  
  80.  
  81. 3. Program redirection
  82. ----------------------
  83. 3a. Use correct program redirection (JMP ESP, CALL ESP, PUSH ESP; RET) from the correct platform for stable program code redirection
  84.  
  85. 4. Shellcode
  86. ------------
  87. 4a. Tests for bad characters (1 point)
  88. 4b. Tests for maximum length of payload (1 point)
  89.  
  90. 5. Exploit stability
  91. --------------------
  92. 5a. Use NOPS correctly
  93. 5b. Maps to protocol or file spec correctly
  94. 5c. Uses a stack shift if applicable
  95. 5c. Uses correct EXITFUNC for stability (1 point)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement