hacknotes

Binary Exploitation (Pwning) Notes

Table of Contents

• Basic Tools
• Advanced Tools
• Docker
• Terminologies
• Exploitation Techniques
• Labs
• Videos and Articles

Basic Tools

• checksec: Analyze security features of binaries.
• gdb: Debug and analyze binary execution.
• pwndbg: GDB extension for exploitation.
• gef: Another GDB extension for binary analysis.
• peda: Python Exploit Development Assistance for GDB.
• radare2: Open-source reverse engineering framework.
• objdump: Disassemble and inspect object files.
• readelf: Retrieve metadata from ELF files.
• patchelf: Modify ELF binaries.
• ltrace and strace: Trace library and system calls.

Advanced Tools

• Pwntools: Exploit development framework.
• ROPgadget: Find ROP gadgets.
• angr: Symbolic execution framework.
• x64dbg: Windows debugging.
• QEMU: Emulator for testing exploits.
• Unicorn Engine: CPU emulator for dynamic analysis.

Docker

• theflash2k/pwn-dev

Terminologies

• Stack Overflow: Overwriting return addresses in stack memory.
• Heap Overflow: Exploiting memory mismanagement in heap.
• Format String Vulnerability: Exploiting uncontrolled format string inputs.
• ROP (Return Oriented Programming): Chaining gadgets to execute arbitrary instructions.
• JOP (Jump Oriented Programming): Similar to ROP but using jump instructions.
• GOT Overwrite: Modifying function pointers in the Global Offset Table to redirect execution.
• PLT Hijacking: Exploiting the Procedure Linkage Table to control execution flow.
• Return to Libc: Calling existing library functions to execute arbitrary code.
• Sandbox Evasion: Bypassing restricted execution environments.

Exploitation Techniques

• Stack-based Buffer Overflow: Overwriting return addresses to hijack execution.
• Heap-based Exploitation: Manipulating dynamic memory allocation for control.
• Integer Overflow: Exploiting arithmetic errors to bypass security checks.
• Format String Exploits: Leaking memory or modifying execution flow via uncontrolled format strings.
• Return to Libc: Calling existing library functions to execute arbitrary code.
• ROP (Return Oriented Programming): Chaining gadgets to execute arbitrary instructions.
• JOP (Jump Oriented Programming): Similar to ROP but using jump instructions.
• GOT Overwrite: Modifying function pointers in the Global Offset Table to redirect execution.
• PLT Hijacking: Exploiting the Procedure Linkage Table to control execution flow.
• Code Injection: Injecting shellcode into a process and executing it.
• Heap Spraying: Filling heap memory with attacker-controlled data to influence exploitation.
• Use-After-Free (UAF): Exploiting dangling pointers after memory deallocation.

Labs

• TryHackMe
  • Intro To Pwntools
  • PWN101
• pwn.college

Videos and Articles

• Live Overflow’s Binary Exploit Playlist on YouTube
• Exploit Education website

This site is open source. Improve this page.