Binary Exploitation
Below you fill find my binary exploitation learning notes, the easier challenges are at the top, and the further down you go, the more we dig into advanced concepts.
Preparing the Tools
1) Beginner Reversing
The basics of reversing with simple to understand examples
- ✅ Strings
- ✅ Helithumper RE
-
| grep strings chmod
- | ghidra, pointers, scanf, puts, arrays, hexa to ascii
- | ghidra, pointers, arrays, functions
2) Stack Buffer Overflows
These are the most common binary exploits, they are there because of insecure functions that do not set a limit to user input, allowing the user to overwrite other memory registers.
- ✅ CSAW 2018 Quals boi
- ✅ TAMU 2019 pwn1
- ✅ TW 2017 Just Do It!
- ✅ CSAW 2016 Warmup
- ✅ CSAW 2018 Get it
-
| gbof variable, db-gef,elf, little endian, ghidra, offsets
- | bof variable
- | bof variable
- | bof callfunction
- | bof callfunction
- | bof callfunction
Assembly x86_64
As i hit the shellcode buffer overflow binary challenges, i realized that i needed assembly skills, so this is a simple introduction to modern intel Assembly for the x86_64 (64bits) architecture. We make use of the syscalls used to communicate with the Linux Kernel:
- ✅ Hello World
- ✅ Hello World Explained
- ✅ Jumps, Calls
- ✅ User Input
- ✅ Math Operations
- ✅ Reading / Writing Files
- ✅ Spawning a shell
2) Stack Buffer Overflows (Part 2)
- ✅ CSAW 2017 Pilot
- ✅ Tamu 2019 pwn3
- ✅ Tuctf 2018 shella-easy
- ✅ BKP 2016 calc
- ✅ DCQuals 2019 speed
- ✅ DCQuals 2016 feed
- ✅ CSAW 2019 babyboi
- ✅ CSAW 2017 SVC
- ✅ FB 2019 Overfloat
- ✅ hs 2019 storytime
-
| bof shellcode
- | bof shellcode
- | bof shellcode
- | bof ROP Chain, ROP Gadgets
- | bof ROP Chain, ROP Gadgets
- | bof ROP Chain, ROP Gadgets
- | bof dynamic
- | bof dynamic
- | bof dynamic
- | bof dynamic
- | bof dynamic
3) Bad Seed
- ✅ h3 time
- ✅ hsctf 2019 tux talk
-
| time seed
- | time seed
- | time seed
Nihilist
8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o
7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8 Donate XMR to Nihilist: