Polish Your Binary Exploitation Skill With WAR Games - Protostar challenges

Posted by Suraj Singh on April 03, 2018 · 3 mins read
Hello Guys,

Welcome again to my blog.

Today, I am going to share with you a very interesting concept. If you are a beginner in exploitation/reverse Engineering then this can help you in learning new exploitation skills with fun.

Note: Protostar is not made by me and most of the content here is copied from https://exploit-exercises.com/protostar/.

I simply Just trying to make every concept more interesting and knowledgeable for my audience.

What is Protostar?

Ans.  Protostar is a Name of CTF Level, Based On Binary Exploitation looks like a WAR Game Where Various Sub-Levels Are Created For Players And Players Needed To Clear all of them One By One. And its All credit goes to Exploit-exercise.com.

How To Play With Protostar Game.

Ans. First Of All, You Need To Download vulnerable Virtual Machine provided by exploit-exercise.com, Which contains all various vulnerable files, tools, and settings to make an extremely vulnerable environment best for beginners training.  After Downloading Just Fire Up That vulnerable machine In Virtual Box With NAT Network Or bridge Network or choose any setting as your requirement.
To Make User Interface more Easy To Operate, You can connect that vulnerable machine via SSH client.
Use Exploit-exercise Protostar Manuals For Walt-through Hints And Level Informations.

For Downloading Virtual Box. click here
For Downloading Protostar.    click here

More Information Provided By Exploit-Exercise

Protostar introduces the following in a readersly way:

  • Network programming
  • Byte order
  • Handling sockets
  • Stack overflows
  • Format strings
  • Heap Overflows

The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.

In order to make this as easy as possible to introduce Address Space Layout Randomization and Non-Executable memory has been disabled. If you are interested in covering ASLR and NX memory, please see the Fusion page.


Downloads are available from the download page: https://exploit-exercises.com/download/

Getting started

Default username and passwords:

user: user

root: godmode

Once the virtual machine has booted, you are able to log in as the "user" account with the password "user" (without the quotes).

The levels to be exploited can be found in the /opt/protostar/bin directory.
For debugging the final levels, you can log in as root with password "godmode" (without the quotes)

Core Files

README! The /proc/sys/kernel/core_pattern is set to /tmp/core.%s.%e.%p. This means that instead of the general ./core file you get, it will be in a different directory and different file name.