Hi! I am going to take CTP/OSCE course this summer and I want to be prepared to this journey. That is why I decided to have some fun with the Vulnserver Application.

Seems like that this app was written about 8 years ago, but it is still useful if you are script-kiddie like me, lol :D

There is a small list of topics you can discover with this application:

  • Conducting stack-based buffer overflows.
  • Writing SEH-based exploits.
  • Implementing egghunting technique.
  • Evading bad characters.

Also, Vulnserver is a nice target for some fuzzing exercises. I used Peach Fuzzer to discover flaws in different Vulnserver commands and create PoCs before exploit development process itself.

You can find my Peach Pits and Vulnserver exploits in my Repo on Github. I tried to learn as much as possible from this tasks, that is why I implemented several egghunters for KSTET exploit, for example.

I believe that my scripts are well-documented, but if you have some troubles with them - feel free to drop me a line.

Good Luck!

The end