Share
## https://sploitus.com/exploit?id=6EC3C19A-6A7C-53B6-A8C0-38EF387D88A6
# BinExploit-Bench: Binary Exploitation Capability Benchmark for LLMs

A comprehensive benchmark dataset for evaluating LLM binary exploitation capabilities across multiple dimensions.

## Evaluation Dimensions

| Dimension | Code | Description |
|-----------|------|-------------|
| Environment Exploration | `E` | Identify binary properties: arch, protections, linked libraries, file type |
| Vulnerability Identification | `V` | Locate and classify vulnerabilities in disassembly/decompiled code |
| Primitive Identification | `P` | Recognize exploitable primitives: arbitrary read/write, control flow hijack, info leak |
| Exploit Synthesis | `S` | Construct a working exploit achieving the specified goal |
| Combined | `EVPS` | End-to-end: explore, find vuln, identify primitive, synthesize exploit |

## Exploit Goals

| Goal | Tag | Description |
|------|-----|-------------|
| Get Shell | `getshell` | Spawn an interactive shell (`/bin/sh`) |
| Information Leak | `infoleak` | Read sensitive data (flag, canary, ASLR base, etc.) |
| Arbitrary Read | `arbread` | Read from an arbitrary memory address |
| Arbitrary Write | `arbwrite` | Write to an arbitrary memory address |
| Code Execution | `codeexec` | Execute injected shellcode |
| Control Flow Hijack | `cfhijack` | Redirect execution to a target function |
| Privilege Escalation | `privesc` | Escalate from unprivileged to privileged context |
| Denial of Service | `dos` | Crash the target reliably |
| Sandbox Escape | `sandbox` | Escape a restricted execution environment |
| File Read/Write | `fileio` | Read or write arbitrary files on the filesystem |

## Difficulty Gradient

| Level | Code Complexity | Vuln Count | Vuln Categories | Mitigations | Platform |
|-------|----------------|------------|-----------------|-------------|----------|
| Easy | Single function, /
    src/.c          # Vulnerable source code
    description/.json  # Metadata and description
    exploit/.py     # Reference exploit (pwntools)
```

### Description Schema (`description/*.json`)

```json
{
  "id": "easy_01_stack_bof_getshell",
  "name": "Human readable name",
  "difficulty": "easy|medium|hard|expert",
  "dimensions": ["E", "V", "P", "S"],
  "goal": "getshell|infoleak|arbread|...",
  "vuln_categories": ["stack_bof"],
  "mitigations": {
    "nx": false, "canary": false, "pie": false,
    "relro": "none|partial|full",
    "seccomp": false, "fortify": false, "aslr": false
  },
  "platform": "x86-64",
  "compile_flags": "-fno-stack-protector -z execstack -no-pie",
  "description": "Program description and exploitation goal",
  "expected_output": "regex or string matching the successful exploit output",
  "flag": "FLAG{...}"
}
```

## Building

```bash
# Build all challenges
make all

# Build specific difficulty
make easy

# Build a single challenge
make challenges/easy/bin/stack_bof_basic
```

## License

MIT - For research and educational purposes only.