Learn about the pwn CTF category: finding and exploiting vulnerabilities in programs running on remote servers.
- Types of vulnerabilities in binaries (buffer overflow)
- Memory layout of computers (the stack)
- Tools: gdb (debugger), pwntools (python library for pwn), Binary Ninja/radare2 (disassembler)
How to Run this meeting
- Instruct members to download and get familiar with gdb and Binary Ninja. Pwntools is also recommended.
- Go through the provided slides, explaining the major concepts as you go.
- Instruct members to solve the bof CTF challenge.
- Towards the end of the meeting, step through how to solve the challenge.
Binary exploitation can be intimidating, but the meeting will be walking through a pwn challenge from pwnable.kr that will introduce new members to the concepts and tools they need to get started. The challenge involves exploiting a buffer overflow, which is one of the most common kinds of vulnerabilities. Depending on a member’s experience level, some may struggle with the challenge more than others. Walk around the room and try to help those who seem to be struggling.