PWN (Binary Exploitation)
PWNing is the subtle art of manipulating the execution of a given binary from what it originally intended, into something a little more devious.
GDB (GNU Debugger)
GDB is an essential tool when attacking a binary.
GDB allows you to step through each instruction executed during execution of the program.
At the same time you can read/edit memory and execute any function.
The only proper way to use GDB is with Peda, a plugin to make life easier.
Visually seeing all the assembly code of a program and an expanded exeuction flow makes PWNing much easier.
Although Binary Ninja costs money, there is a free trial and it is well worth the money.
Radare is a free alternative to Binary Ninja that also has some functional overlap with GDB.
Ida Pro is the $16,000 (no joke) all-in-one "hey look I can do everything" tool.
I'm just putting it here for the lolz.
Defuse is an online tool that allows you to assemble/disassemble assembly-code/hex bytes at will.
This is very useful when working with writing shellcode.
Assembly code can seem very foreign at times. This site aims to alleviate some of that by showing exactly what each line of code translates to in assembly.
You also have the option to translate to different architectures such as: x86, x86-64, mips, arm etc.
- GDB Cheat Sheet
Although beneficial for learning, most people do not write their own shellcode.
Instead they use sites like this (also Shellstorm ).
This site is a plethera of shellcode ranging from every specification you can think of.
amd64 Calling Conventions
As you progress through pwning, many challenge creators will opt to use amd64 (64bit) over x86 (32bit).
This changes much of pwning and this is a quick reference sheet for the calling conventions and register purposes.
Syscalls are a way for a program to execute a kernel-level operation such as read, write, open, (and our favorite) execve.
You will probably not see syscalls used during execution unless you are dealing with shellcode.
When writing your own shellcode, setting up registes for syscalls can be a real pain.
This site is a reference for each linux syscall and the setup necessary for proper execution.
Live Overflow is a great site for learning PWNing and Reverse Engineering.
There are many tutorials/videos that will go through the basics of assembly, vulnerabilities, and many more core concepts surrounding binaries.
Fuzz Security provides loads of writeups over many different CTF PWN challenges as well as many other tutorials on exploitation.
This site shows many writeups for high-level PWNing challenges.
Pwnable is a Wargames site dedicated to just pwning.
Several of our challenges have come straight from them because they are so well done.
Pwnable does very well in giving you exposure to different attacks on programs as well as widening your problem solving skills.