THE ARM IoT EXPLOIT LABORATORY - Damn Vulnerable ARM Router (DVAR)
DVAR is an emulated Linux based ARM router running a vulnerable web server
that you can sharpen your ARM stack overflow skills with.
DVAR runs in the tinysploitARM VMWare VM under a fully emulated QEMU ARM
Simply extract the ZIP file and launch the VM via tinysploitARM.vmx.
After starting up, the VM's IP address and default URL shall be displayed
on the console. Using your host computer's browser, navigate to the URL and
follow the instructions and clues. The virtual network adapter is set to
Your goal is to write a working stack overflow exploit for the web server
running on the DVAR tinysploitARM target.
DVAR started as an optional preparatory exercise for the ARM IoT Exploit Lab.
UPCOMING ARM IoT EXPLOIT LABORATORY TRAINING
RECON Brussels 2018 (4 day) January 29-Feb 1
Offensivecon Berlin 2018 (4 day) February 12-15
Cansecwest Vancouver 2018 (4 day) March 10-13
SyScan360 Singapore 2018 (4 day) March 18-21
If you are new to the world of ARM exploitation, I highly recommend Azeria's
excellent tutorials on ARM Assembly, ARM Shellcode and the basics of ARM
https://azeria-labs.com/ Twitter: @Fox0x01
And these are three general purpose concepts oriented tutorials that every
systems enthusiast must know:
Operating Systems - A Primer:
How Functions Work:
Introduction to Debuggers:
EXPLOIT LABORATORY BLOG: