CTF Playbook

Binary Exploit / Pwn

Exploit program vulnerability
  1. 1.
    Note :
    • Usually they gave us a binary and a source code of the binary.
    • Whenever you get a file, issuing file command first to it to know what really file is it.
    • You need strong in Assembly Language, computer architecture, C programming (Reverse engineering) and Python language to make script for this challenge!
  2. 2.
    Run checksec check the properties of executable of binary security.
    • Stack Canaries = a secret value placed on the stack which changes every time the program is started. the stack canary is checked and if it appears to be modified, the program exits immeadiately.
    • Nx = stored input or data cannot be executed as code
    • Address Space Layout Randomization (ASLR) = The randomization of the place in memory where the program, shared libraries, the stack, and the heap are.
    • RELRO = makes binary sections read-only.
  3. 3.
    Tools :
    • Pwntool framework
    • Gdb debugger. Peda, pwndbg or gef.
    • Use readelf -a <filename> command. It will displays information about ELF files.
    • Use nm <filename> command to know what symbol being called in the binary.
    • Python
  4. 4.
    Some tips from expert.
  5. 5.
    Function that can lead to bof
    • scanf
    • read
    • strcat
    • fread
    • fgets
    • sprintf
    • strcpy
    • gets
    • memcpy
    • memmove
    • strncpy
    • snprintf
    • strncat