Skip to content

Latest commit

 

History

History
77 lines (59 loc) · 2.93 KB

CONTRIBUTING.md

File metadata and controls

77 lines (59 loc) · 2.93 KB
Raw

Contributing

Thanks for being interested in contributing to this repository. Hope you can learn something doing this.

Writing contributions

To make an contribution to this repository:

  1. Make a fork of this repository.
  2. Make a new branch from the develop branch on your fork.
    • Use a descriptive name to branch, like: add-exploitme999-challenge
  3. Push your new branch to your fork.
  4. Open a pull request using develop as target from your branch.

Submiting your solution

You are able to submit your challenge's solution for this repository on solutions directory. Step by step:

  1. Create directory to your solution named solutions/{challenge}/{github-nick}. Example: solutions/exploitme001/Silva97.
  2. Add your exploit inside this directory with filename solution.{ext}. The file extension could be anyone. Examples: solution.py, solution.sh.
  3. Make your exploit executable adding the shebang and setting the execute permission to file.
  4. Add a README.md and say anything you want about the challenge. And don't forget the author(s) name(s).

The exploit should only print the flag in stdout and no more than it. To check if your solution is working you can run the tests.sh script in the root of this directory. The first argument to script is a filter that could be used to run only your solution. Example:

$ ./tests.sh exploitme001/Silva97

Warning: Your solution will only be merged if this test pass. And keep in mind that the test will randomize the challenge's flag (but will follow the EME{...} format).

Changing an existing challenge

Before change any previous challenge, please think in mind that the challenge should be exploited by the same way and using the same exploits.

If you make a code contribution to challenge (more than fixing typo or anything like that) you are able to add your name to Author(s) list of the challenge.

Making a new challenge

To make a new challenge, please follow the steps:

  1. Copy the template directory to the new challenge's directory.
    • For instance: cp -r template exploitme999
  2. Edit the README.md inside the challenge's directory adding the required informations.
  3. Edit the Makefile inside the challenge's directory as required.
    • Edit the OUTBIN default value.
    • Edit the EME_CHALLENGE_FLAG default value (EME{...}). This is the flag used on challenge by default (if not changed on compile-time);
    • Add new compiler's flags or any other required changes.

Note: You can use any programming language to write the challenge. But remember that using a language other than C or C++ can break the Dockerfile at the root of the repository.

Writing the code

Challenges can also have their code audited (for those who like AppSec), so the code should not have obvious flaws or comments/variable names that hint at the security flaw.

For instance, this is a bad variable name:

char vulnerableBuffer[32];