Intro to Pwn

  This page was created by Josh.


Slides  


Goal

Learn about the pwn CTF category: finding and exploiting vulnerabilities in programs running on remote servers.


Topics Covered:

  • Types of vulnerabilities in binaries (buffer overflow)
  • Memory layout of computers (the stack)
  • Tools: gdb (debugger), pwntools (python library for pwn), Binary Ninja/radare2 (disassembler)


How to Run this meeting

  • Instruct members to download and get familiar with gdb and Binary Ninja. Pwntools is also recommended.
  • Go through the provided slides, explaining the major concepts as you go.
  • Instruct members to solve the bof CTF challenge.
  • Towards the end of the meeting, step through how to solve the challenge.


Description

Binary exploitation can be intimidating, but the meeting will be walking through a pwn challenge from pwnable.kr that will introduce new members to the concepts and tools they need to get started. The challenge involves exploiting a buffer overflow, which is one of the most common kinds of vulnerabilities. Depending on a member’s experience level, some may struggle with the challenge more than others. Walk around the room and try to help those who seem to be struggling.