This repository aim to be a starting point for beginner to pwn. I've made a few challenges for each type of attack I know (only 2 types of attack available right now though).
If you are using a debian based GNU/Linux distribution you can use this setup script.
The recommended tools are :
Additionally you can use :
- ROPgadget
- Objdump (
alias objdump="/usr/bin/objdump -M intel"
)
In this category you will learn how to make ROPchain, if this word doesn't sounds familiar, you may want to read some articles or CTF write-ups about buffer overflow exploitation. The goal in every challenge of this category will be to get a shell.
rop/pwna
The start of the adventure ||Try to
rop/pwnb
Pass the correct argument to win
rop/pwnc
Pass the correct arguments to win
rop/pwnd
Go to the libc system
rop/pwne
Make the execve
syscall and pass it the good string
rop/pwnf
Write '/bin/sh' somewhere to make that system
call useful.
readelf -S the_binary
to find where to write ;)
rop/pwng
The classical ROP without '/bin/sh' and system
call
A few papers on the subject, ordered by reading complexity. These are not mandatory.
- TODO
- TODO