💀 Binary Exploitation (Pwn)

Binary Exploitation (pwn) challenges involve finding and exploiting vulnerabilities in a program, typically to gain a remote shell. Pwn challenges tend to have a higher learning curve than the other categories. A familiar understanding of Linux, C, assembly, are recommended before doing pwn challenges.

The classic pwn challenge is the Stash Smash attack, originally outlined in this forum post

Computerphile has a great video about stack smash attacks here:

Learning Resources

• Learn Assembly and C
  • Comparing C to Machine Language
• Learn about the stack and calling conventions
• LiveOverflow’s Binary Exploitation Playlist - This playlist is an incredible resource for learning binary exploitation, and will walk you through nearly all techniques used in entry-mid level pwn challenges

Practice

• OverTheWire - Bandit - For getting familiar with Linux commands
• OverTheWire - Narnia - For practicing basic binary exploitation
• Exploit Eductation - Phoenix - Introduces exploits of increasing difficulty
• Pico Gym - Archives challenges from past PicoCTF competitions and has great beginner binary exploitation challenges

Must-Have Tools

• Ghidra - for light reverse engineering to find vulnerability
• GDB - for tracing how the program handles your input
• Pwntools - A Python library for Pwn solution scripts. Useful for sending/receiving input, reading memory, and more.