Binary Exploitation, commonly known as binex or pwn, is finding and exploiting vulnerabilities inside a binary (executable running process) to abuse the program's intended function.
Abusing the program can lead to many favorable results for an exploit developer, including reading sensitive information, writing malicious information to program memory, changing the code executed by the program, or popping a shell on the host machine. We do this by taking advantage of how the program handles memory, processes our input, and ignores certain protections.
In the context of CTF competitions, or the Screener, our objectives are one of two:
win() function that yields us a flag, a string of characters that serves as a token to prove you successfully controlled executionflag.txt file and submit it to get credit.The most difficult part of binary exploitation challenges is enumerating the binary's vulnerabilities. This is a practiced skill that takes time to master. However, throughout this section, I aim to ensure you can identify each vulnerability, understand why it's vulnerable, and craft payloads that abuse it.
We need a debugger and a program to send payloads to the binary for these challenges. In the second walk-through, we'll discuss why we need the latter.
For the debugger, I highly recommend gdb for new users. An alternative is radare2, which provides more details but is much more challenging to use. I recommend taking the time to master gdb (and it's extension gef) to make solving these challenges easier.
For the program to send information to the binary, we'll start using the Python pwntools library. We have a Pwntools Guide if you've never used Pwntools before.