Binary Exploitation 1: Intro to Pwn

by Alexander Zhang

Binary exploitation, also known as pwn, is a category of challenges where we gain control over vulnerable programs by exploiting memory safety vulnerabilities. We will learn about basic pwn concepts today and exploit buffer overflow vulnerabilities, where a program can be tricked into writing data past the end of a buffer in memory.

Slides

Challenges

A set of challenges with increasing difficulty are deployed to platform.acmcyber.com to practice the concepts covered in the slides. You can filter for them on the platform by checking "rev" under "Categories", and "week 2" under "week". They are:

pwn/pwn0
pwn/ret2win
pwn/bot
pwn/aplet123

Resources

The following resources are great tools for some of the pwn challenges:

GEF: A GDB extension with lots of useful features for pwn.
pwntools: A Python library useful for writing solve scripts.
pwninit: A tool for setting up pwn challenges locally.