rainfall

RainFall is another ISO challenge, and the continuation of the project SnowCrash technically, but instead of exploiting and research the vulnerability of a sytem/user, RainFall is specialized in binary exploitation and reasearch of security breaches in binary files.

All the files to exploit are ELF binary. The process is always the same :

1. Test the program
   
2. Decompilation and/or disassembly
   
3. Analyse the code
   
4. Exploit the vulnerability

Basically, reverse engineering.

The reconstruction of the code is a big part of each level : knowing the file you have decomplied AND disassembly, use the right tools, have the right interpretation of the code, and FIND THE BREACH.

This project introduces the exploitation of breaches in files, memory manipulation, running arbritrary code and the importance of how a program must be protected. All the exploits on these levels are classic, but some are very tricky and can breaks your mind. By far, RainFall is better than SnowCrash, but not really funnier to do, you need to learn a lot of things about How a machhine works, or even How the assembly works :

It's a very enriching project.

RainFall can also be an introduction of the language ASM (Assembly) if you never used it before. Sometimes, read the desassembly of a file can be very useful to understand the code and find the breach. After finishing this project and OverRide, continuing with libasm is not a bad idea if the language ASM is interesting you.

I write this README.md after having resolve all the levels with my bro Noah. Even than SnowCrash, each level documents the steps I took to solve the challenge, the tools I used, and even the mistakes I made. I aim to transcribe my logic, and my research, and it's more technical than the previous project.

Virtual Machine Setup

The subject give to us a pdf file with all rules of the project. And an image disk that we have to run with. Personally, I use qemu to run it. But you can use VirtualBox or VMware if you want.

You can view my script to run the virtual machine here.

Just after that, I can connect to my machine with the following command:

➜  ~ ssh level0@127.0.0.1 -p 4242

And for get the files from the virtual machine, I use scp:

➜  ~ scp -P 4242 level0@127.0.0.1:/home/user/level0/level0 /Users/mayoub/Desktop

🚨 SPOILER ZONE 🚨

Summary from level0 to level9 :

• level0 : Introduction to decompilation and disassembly
• level1 : Stack-Based Buffer Overflow - Basic
• level2 : Stack-Based Buffer Overflow - Ret2Libc
• level3 : Format String Vulnerability - 1st method (using python)
• level4 : Format String Vulnerability - 2nd method (using %x and spaces)
• level5 : Format String Vulnerability - PLT overwriting
• level6 : Heap-Based Buffer Overflow - Basic
• level7 : Heap-Based Buffer Overflow - PLT overwriting
• level8 : Breach Exploitation and Memory Manipulation by understanding a decompiled program
• level9 : Shellcode Injection and Memory Manipulation of a binary programmed in C++

Summary from bonus0 to bonus3 :

• bonus0 : Shellcode Injection by environment variables and Stack-Based Buffer Overflow
• bonus1 : Integer Overflow Attack and Stack-Based Buffer Overflow
• bonus2 : Shellcode Injection by environment variables and Stack-Based Buffer Overflow
• bonus3 : Breach Exploitation (This level is a joke ?)

MADE BY TWO REAL BROS :

Noah (noalexan)

Nimpô (mayoub)