|
| 1 | +# 🧨 Return-to-libc Attack Lab |
| 2 | + |
| 3 | +> A deep dive into bypassing non-executable stack protections using Return-to-libc attacks. |
| 4 | +> 🔐 Learn how attackers leverage system libraries instead of injecting shellcode. |
| 5 | +
|
| 6 | +--- |
| 7 | + |
| 8 | +## 📚 Overview |
| 9 | + |
| 10 | +The **Return-to-libc attack** is a powerful exploit technique used when direct shellcode execution is blocked by modern OS protections. Instead of injecting code, attackers redirect execution to existing library functions like `system()` to gain shell access. |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +## 🎯 Objective |
| 15 | + |
| 16 | +Gain hands-on experience with: |
| 17 | +- ✅ Buffer overflow vulnerabilities |
| 18 | +- ✅ Stack memory layout & calling conventions |
| 19 | +- ✅ Return-to-libc exploit construction |
| 20 | +- ✅ Linux-based mitigation techniques |
| 21 | + |
| 22 | +--- |
| 23 | + |
| 24 | +## 🛠️ Lab Environment |
| 25 | + |
| 26 | +| Tool/Tech | Version/Info | |
| 27 | +|---------------------|--------------------------| |
| 28 | +| OS | Ubuntu 20.04 (32-bit preferred) | |
| 29 | +| Compiler | `gcc` with `-fno-stack-protector -z execstack` | |
| 30 | +| Debugger | `gdb` with `peda` plugin | |
| 31 | +| Tools | `readelf`, `objdump`, `python` | |
| 32 | + |
| 33 | +--- |
| 34 | + |
| 35 | +## 🧪 Topics Covered |
| 36 | + |
| 37 | +- 💥 Buffer Overflow Vulnerability |
| 38 | +- 🧵 Stack Layout & Function Frames |
| 39 | +- 🚫 Non-executable Stack Protections |
| 40 | +- 🔄 Return-to-libc Technique |
| 41 | +- 🧩 Basics of Return-Oriented Programming (ROP) |
| 42 | + |
| 43 | +--- |
| 44 | + |
| 45 | +## 📁 Project Structure |
| 46 | + |
| 47 | +```bash |
| 48 | +return-to-libc-lab/ |
| 49 | +├── vulnerable.c # Program containing buffer overflow |
| 50 | +├── Makefile # Compilation instructions |
| 51 | +├── exploit.py # (Optional) Payload automation script |
| 52 | +└── README.md # Project overview and guide |
0 commit comments