Exploit-Challenges Logo

Exploit-Challenges

0
Free
Updated 11 March 2025
Visit Website

Here are a collection of vulnerable ARM binaries designed for beginner vulnerability researchers & exploit developers to play around with and test their skills! These binaries are all built as ARMv7 Mach-O executables (unless specified otherwise) so it is recommended that you use a 32bit jailbroken iOS device with radare2 or another debugging utility installed to test them. ARM 32-bit: - roplevel1: simple introduction to Return Oriented Programming with a simple objective - roplevel2: same idea as level 1 but with a new objective - roplevel3: more advanced use of ROP - roplevel4: dealing with ASLR (infoleak) - roplevel5: same as lvl4 but requires exploitation of format string vuln for the info leak - roplevel6: execute ROP chain by making use of a stack pivot - roplevel7: off-by-one vulnerability Heap 32-bit: - heaplevel1: simple heap based overflow example - heaplevel2: Use-After-Free exploit - heaplevel3: double free() ARM 64-bit: - roplevel1-64: 64-bit version of roplevel1 - roplevel6-64: 64-bit version of roplevel6 Help & Guidance: Write-ups/explanations on some of the binaries can be found on the creator's YouTube channel or in their book 'Beginner's Guide'

FEATURES

SIMILAR TOOLS

A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.

A penetration testing tool that focuses on web browser exploitation

High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.

Collection of URLs for vulnerable web applications and systems for cybersecurity practice.

A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.

A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.

GNU/Linux Wireless distribution for security testing with XFCE desktop environment.

A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.

A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved