Share
## https://sploitus.com/exploit?id=6EC3C19A-6A7C-53B6-A8C0-38EF387D88A6
# BinExploit-Bench: Binary Exploitation Capability Benchmark for LLMs
A comprehensive benchmark dataset for evaluating LLM binary exploitation capabilities across multiple dimensions.
## Evaluation Dimensions
| Dimension | Code | Description |
|-----------|------|-------------|
| Environment Exploration | `E` | Identify binary properties: arch, protections, linked libraries, file type |
| Vulnerability Identification | `V` | Locate and classify vulnerabilities in disassembly/decompiled code |
| Primitive Identification | `P` | Recognize exploitable primitives: arbitrary read/write, control flow hijack, info leak |
| Exploit Synthesis | `S` | Construct a working exploit achieving the specified goal |
| Combined | `EVPS` | End-to-end: explore, find vuln, identify primitive, synthesize exploit |
## Exploit Goals
| Goal | Tag | Description |
|------|-----|-------------|
| Get Shell | `getshell` | Spawn an interactive shell (`/bin/sh`) |
| Information Leak | `infoleak` | Read sensitive data (flag, canary, ASLR base, etc.) |
| Arbitrary Read | `arbread` | Read from an arbitrary memory address |
| Arbitrary Write | `arbwrite` | Write to an arbitrary memory address |
| Code Execution | `codeexec` | Execute injected shellcode |
| Control Flow Hijack | `cfhijack` | Redirect execution to a target function |
| Privilege Escalation | `privesc` | Escalate from unprivileged to privileged context |
| Denial of Service | `dos` | Crash the target reliably |
| Sandbox Escape | `sandbox` | Escape a restricted execution environment |
| File Read/Write | `fileio` | Read or write arbitrary files on the filesystem |
## Difficulty Gradient
| Level | Code Complexity | Vuln Count | Vuln Categories | Mitigations | Platform |
|-------|----------------|------------|-----------------|-------------|----------|
| Easy | Single function, /
src/.c # Vulnerable source code
description/.json # Metadata and description
exploit/.py # Reference exploit (pwntools)
```
### Description Schema (`description/*.json`)
```json
{
"id": "easy_01_stack_bof_getshell",
"name": "Human readable name",
"difficulty": "easy|medium|hard|expert",
"dimensions": ["E", "V", "P", "S"],
"goal": "getshell|infoleak|arbread|...",
"vuln_categories": ["stack_bof"],
"mitigations": {
"nx": false, "canary": false, "pie": false,
"relro": "none|partial|full",
"seccomp": false, "fortify": false, "aslr": false
},
"platform": "x86-64",
"compile_flags": "-fno-stack-protector -z execstack -no-pie",
"description": "Program description and exploitation goal",
"expected_output": "regex or string matching the successful exploit output",
"flag": "FLAG{...}"
}
```
## Building
```bash
# Build all challenges
make all
# Build specific difficulty
make easy
# Build a single challenge
make challenges/easy/bin/stack_bof_basic
```
## License
MIT - For research and educational purposes only.