Project 3: Vulnerable Program Laboratory

A collection of intentionally vulnerable programs demonstrating each vulnerability class (stack overflow, heap overflow, format string, integer overflow), with documentation explaining how each can be exploited.

Quick Reference

Attribute Value
Primary Language C
Alternative Languages N/A (must be C for realistic vulns)
Difficulty Level 2: Intermediate
Time Estimate 2 weeks
Knowledge Area Exploit Awareness / Vulnerability Classes
Tooling GCC with security flags disabled, GDB
Prerequisites Basic C, understanding of memory layout

What You Will Build

A collection of intentionally vulnerable programs demonstrating each vulnerability class (stack overflow, heap overflow, format string, integer overflow), with documentation explaining how each can be exploited.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

  • Disabling security features → maps to understanding what each protects
  • Creating exploitable conditions → maps to understanding attacker requirements
  • Documenting exploitation → maps to clear threat model
  • Varying difficulty levels → maps to progressive learning

Key Concepts

  • Stack Buffer Overflow: “Hacking: Art of Exploitation” Ch. 2
  • Format String Exploitation: “Hacking: Art of Exploitation” Ch. 5
  • Heap Exploitation Basics: “The Shellcoder’s Handbook” Ch. 6

Real-World Outcome

vuln-lab/
├── stack/
│   ├── 01_basic_overflow.c       # gets() buffer overflow
│   ├── 02_fixed_offset.c         # Known offset to return address
│   ├── 03_with_canary.c          # Stack canary to bypass
│   ├── 04_aslr_enabled.c         # Need info leak
│   └── README.md                 # Exploitation walkthrough
├── format_string/
│   ├── 01_info_leak.c            # Read stack with %x
│   ├── 02_arbitrary_read.c       # Read any address with %s
│   ├── 03_arbitrary_write.c      # Write with %n
│   └── README.md
├── integer/
│   ├── 01_size_overflow.c        # malloc(n * size) overflow
│   ├── 02_signed_comparison.c    # Negative length bypass
│   └── README.md
├── heap/
│   ├── 01_use_after_free.c       # Dangling pointer
│   ├── 02_double_free.c          # Heap corruption
│   ├── 03_heap_overflow.c        # Overwrite chunk metadata
│   └── README.md
├── Makefile                      # Compile with/without protections
└── solutions/                     # Exploit scripts (for learning)

Implementation Guide

  1. Reproduce the simplest happy-path scenario.
  2. Build the smallest working version of the core feature.
  3. Add input validation and error handling.
  4. Add instrumentation/logging to confirm behavior.
  5. Refactor into clean modules with tests.

Milestones

  • Milestone 1: Minimal working program that runs end-to-end.
  • Milestone 2: Correct outputs for typical inputs.
  • Milestone 3: Robust handling of edge cases.
  • Milestone 4: Clean structure and documented usage.

Validation Checklist

  • Output matches the real-world outcome example
  • Handles invalid inputs safely
  • Provides clear errors and exit codes
  • Repeatable results across runs

References

  • Main guide: LEARN_SECURE_C_AND_EXPLOIT_AWARENESS.md
  • “Hacking: The Art of Exploitation” by Jon Erickson