
Exploit Exercises - luu
https://exploit-exercises.com/
======
wslh
If you like this, try Insecure Programming by example [1].

[1]
[http://community.coresecurity.com/~gera/InsecureProgramming/](http://community.coresecurity.com/~gera/InsecureProgramming/)

------
glitchyme
Love these things! Here's a few I have saved:
[http://overthewire.org/wargames/](http://overthewire.org/wargames/)
[http://smashthestack.org/wargames.html](http://smashthestack.org/wargames.html)
[http://securityoverride.org/challenges/index.php](http://securityoverride.org/challenges/index.php)
And don't forget the CTF games:
[https://ctftime.org/event/list/upcoming/](https://ctftime.org/event/list/upcoming/)

------
killnine
This too [https://www.vulnhub.com/](https://www.vulnhub.com/)

------
dnt404-1
Can you please put the download link in some other services that supports
download resumes (or, possibly torrent)? Google Drive does not seem to support
resume, and, restarting leads to start from byte 1. And, this is because from
where I am based at, 451MB in straight download is not a sane propostion
without resume support.

------
sadfacespacer
Another one for all your keen folk:
[https://pentesterlab.com/exercises/](https://pentesterlab.com/exercises/)

I've personally found them great as introductions for web-pentesting

------
mattstreet
Instructions on how to make the vagrant box:
[https://gitlab.com/mjwhitta/drifter/blob/master/docs/iso_onl...](https://gitlab.com/mjwhitta/drifter/blob/master/docs/iso_onl..).

Or use the ones he's already made until he gets told to take them down:
[https://atlas.hashicorp.com/mjwhitta](https://atlas.hashicorp.com/mjwhitta)

------
rauljara
Perhaps a bit of a noob question: How would you go about running these virutal
machines on OSX? Or should I just be using linux?

Edit: The answer, apparently is virtual box
([https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads))

You need to create a box without a hard drive. When you start the box you
created, it will ask you for a disk image, then you can select the diskimage
from exploit exercises.

------
bndr
Anyone can suggest good books on such topic? With examples, and explanation
why, how etc.

~~~
mdaniel
Related to _selleck_ 's answer, I enjoy the lecturer in these FSU course
videos:

[https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/le...](https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html)

The (minimum) reading list for that class is "Hacking" as well as "The Web
Application Hackers Handbook".

~~~
selleck
Awesome! I did not realize 2014 was posted. I was planning on going through
2013:

[http://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.ht...](http://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html)

In April. The texts for that class are "Hacking" and "Counter Hack Reloaded"

------
cellover
Excellent, thank you very much for sharing this!

------
icholy
This is awesome!

~~~
tekacs
Even for those who know the subject matter, building these VMs as
demonstration is a long and difficult process - this is awesome not least
because it's a huge amount of work by someone. :)

Having seen this I'm tempted to go build Vagrant boxes for these, so they can
be updated and forked more easily.

Unfortunately these don't appear to be licensed, so unless they're declared
open by the author, it'll require starting from scratch.

~~~
newaccountfool
Why not build and then wait for DMCA, if not then it's ok to continue.

~~~
tekacs
Not a bad idea actually.

Although I'd presumably have to be sure that the author is in the USA - or
perhaps myself? (I'm in the UK, for reference)

The domain is WhoisGuard protected either way, so it's hard to be sure.

~~~
voltagex_
From the one blog post about RuxCon, I'd say the author is in Australia. Might
be worth contacting them via [https://ruxcon.org.au/contact-
us/](https://ruxcon.org.au/contact-us/) as the person who made these had
something to do with the CTF in 2012.

~~~
tekacs
Thanks! I'll try that.

------
tux
WOW Thank You! Very useful indeed.

------
curiously
Where would you go after you've compeleted these exercises?

~~~
eugeneionesco
Start exploiting bugs in real software.

~~~
curiously
could you do it after you go through this exercises?

~~~
eugeneionesco
Definitely, after you complete Nebula, Protostar and Fusion(in this order) you
should be able to write exploits for real bugs.

