Pwn 1: Pwn review, Ret2Win

by Jason An

This quarter, we'll be focusing on binary exploitation, also known as "pwn" in the CTF community. We'll study how memory corruption from vulnerabilities like buffer overflows and improper usage of format strings can lead to arbitrary code execution, as well as ways to bypass modern mitigations for said vulnerabilities.

Slides

Challenges

The following challenges in increasing difficulty are deployed to platform.acmcyber.com to practice the concepts covered in the slides.

Intro to Pwn:

Challenge 1 - pwn/pwn0
Challenge 2 - pwn/ret2win
Challenge 3 - pwn/bot
Challenge 4 - pwn/aplet123

ROP:

Challenge 1: pwn/ret2libc
Challenge 2: pwn/ret2libc2
Challenge 3: pwn/sus

Resources

The following resources are great tools for some of the pwn challenges:

GEF: A GDB extension with lots of useful features for pwn.
pwntools: A Python library useful for writing solve scripts.
pwninit: A tool for setting up pwn challenges locally.
xgadget: A tool for finding ROP gadgets.

Psi Beta Rho Wiki

Pwn 1: Pwn review, Ret2Win

Slides

Challenges

Resources