笔者Sud0是Corelan安全组织成员（http://www.corelan.be:8800/index.php/security/corelan-team-members/），刚赢得Offensive Security Exploit weekend（http://www.offensive-security.com/offsec/exploit-weekend/）大赛冠军，这是一场由Offensive Security举办的exploit编写大赛。这项挑战赛以存在漏洞的Foxit Reader软件为目标，每一参赛者都会先得到一份Proof of Concept exploit（https://www.exploit-db.com/exploits/15514），并已明确指出这是个溢出漏洞，可通过控制结构化异常处理记录（structured exception handling record）来获得权限。下面是Offensive Security在其官方博客上公布的信息：
Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all you hardcore exploit developers out there, who want a real challenge an Offsec “Exploit Weekend”.
This is the deal: We provide you with a proof of concept, with EIP handed to you on a golden platter. All you need to do is get a shell….muhahaha. The event will take place next weekend, 13th-14th of November and is open to Offsec alumni only. The first person to send in a working POC with a bindshell payload on port 4444 wins a 32 GB WiFi Ipad!
For more information, check out the Offsec Student forms. If you haven’t signed up for the 1day club forums, send in an email to our orders dept. with your OSID!
- 标 题：Offensive Security Exploit Weekend 赛题详解
- 作 者：riusksk
- 时 间：2011-04-12 20:54:22
- 链 接：http://bbs.pediy.com/showthread.php?t=132256