Making a system/program vulnerable to exploits

Question

I have been looking quite a bit into exploiting recently. I have been googling alot and i managed to find DVL (Damn Vulnerable Linux) and Metasploitable but for some reason the exploits i scan them to have (with Nessus) do not really work. So now i have decided to try on a smaller scale.. I was wondering if anyone knows how to write a vulnerable program for Windows (potentially buffer overflow prone?) in maybe C or even ruby (im not sure about this one since it is an interpreted language) that can be exploited in ruby or python?

Any input would be greatly appreciated regarding this "project" :-)

Thanks in advance,

Phil Baker

See http://stackoverflow.com/questions/2081281/how-to-conduct-buffer-overflow-in-php-python . — Brian, Feb 04 '11 at 15:39

score 0 · Accepted Answer · answered Feb 04 '11 at 15:39

0

In Ruby an easy way to make a system vulnerable is by running text input from users in an eval.

bad_code = "system('rm -rf /users')"
eval(bad_code)

answered Feb 04 '11 at 15:39

Thanks for the example! How would i be able to exploit this? Let's say from a script? – Phil Baker Feb 04 '11 at 16:00

score 0 · Answer 2 · answered Feb 04 '11 at 17:26

0

One that I like alot:

%0|%0

It just hangs up system, and then you need to restart :)

Here you go an Python code bit for it:

os.system('%0|%0')

It also works on linux:

os.system(':(){ :|:& };:')

Oh, also there another alternative, that works on both OS'es:

import os

while True:
     os.fork()

answered Feb 04 '11 at 17:26

nagisa

720
5
11

Thanks for the contribution nagisa :) But i was looking for a way to execute arbitrary code through a vulnerability in a program or script.. Do you know how to do that? – Phil Baker Feb 04 '11 at 17:43

Making a system/program vulnerable to exploits

2 Answers2