Binary Exploit / Pwn

Exploit program vulnerability
  1. Note :

    • Usually they gave us a binary and a source code of the binary.

    • Whenever you get a file, issuing file command first to it to know what really file is it.

    • You need strong in Assembly Language, computer architecture, C programming (Reverse engineering) and Python language to make script for this challenge!

  2. Run checksec check the properties of executable of binary security.

    • Stack Canaries = a secret value placed on the stack which changes every time the program is started. the stack canary is checked and if it appears to be modified, the program exits immeadiately.

    • Nx = stored input or data cannot be executed as code

    • Address Space Layout Randomization (ASLR) = The randomization of the place in memory where the program, shared libraries, the stack, and the heap are.

    • RELRO = makes binary sections read-only.

  3. Tools :

    • Pwntool framework

    • Gdb debugger. Peda, pwndbg or gef.

    • Use readelf -a <filename> command. It will displays information about ELF files.

    • Use nm <filename> command to know what symbol being called in the binary.

    • Python

  4. Some tips from expert.

  5. Function that can lead to bof

    • scanf

    • read

    • strcat

    • fread

    • fgets

    • sprintf

    • strcpy

    • gets

    • memcpy

    • memmove

    • strncpy

    • snprintf

    • strncat