Building a Lab to practice Exploit writing(Windows XP x86)

So, this is a thing I found while doing some googling. If you wrote this, I owe you a lot of beer. I redacted the place/username as it was on a less than happy place.

This assumes you have an idea of ASM x86 and general exploitation methods.

Idea with this setup, is that you have a VM of XP SP3 running with the following software and tools installed. You look up the exploits on exploit-db and recreate them.

Start here: I'm designing exploit lab based on WinXP SP3. As for now I have following vulnerabilities/apps:

  1. Simple RET - Ability FTP Server (FTP) - Writeup of Fuzzing + Exploit Dev
  2. Simple RET - FreeFloat FTP (FTP)
  3. Simple RET (harder) - CesarFTP (FTP)
  4. Simple RET - Easy RM to MP3 Converter (.pls)
  5. Simple RET - DL-10 - Need to find copy of
  6. SEH - DVDXPlayer
  7. SEH - Millenium
  8. SEH - Soritong
  9. SEH - mp3nator
  10. SEH - NNM (hard) - Need to find copy of
  11. SEH + UNICODE - ALLPlayer
  12. SEH (difficult) - Winamp

with following tools installed:

  1. WinDBG + MSEC.dll (!load winext\msec.dll) + byakugan (!load byakugan)
  2. Immunity Debugger + mona.py (!mona)
  3. OllyDBG+Plugins(SSEH+OllySnake+AdvancedOlly+OllyHeapVis+Virtual2Physical)
  4. C:\Windows\system32\findjmp2.exe
  5. Cygwin + perl + gdb + gcc...
  6. Python26 (for IDA) + PyDbg - https://code.google.com/p/pydbgr/wiki/HowToInstall
  7. Python27 (for ImmunityDebugger)+pyDbg
  8. lcc-win
  9. Wireshark
  10. Mantra on Chrome (MoC)
  11. Google-Chrome
  12. Microsoft Visual C++ 2008 Express
  13. Nasm
  14. metasploit
  15. Alpha3 (c:\Alpha3)
  16. IDA
  17. Sysinternals (c:\Windows\System32)
  18. Proxifier Edition
  19. Echo Mirage