Ech0's Blog

Binary Exploitation


Below you fill find my binary exploitation learning notes, the easier challenges are at the top, and the further down you go, the more we dig into advanced concepts.

Template Page

Ech0

Preparing the Tools

  1. Installing gdb gef
  2. Installing py pwntools
  3. Installing GHIDRA
  • |
  • |
  • |

Ech0

1) Beginner Reversing

The basics of reversing with simple to understand examples

  1. ✅ Strings
  2. ✅ Helithumper RE
  3. ✅ CSAW 2019 Beleaf
  • | grep strings chmod
  • | ghidra, pointers, scanf, puts, arrays, hexa to ascii
  • | ghidra, pointers, arrays, functions

Ech0

2) Stack Buffer Overflows

These are the most common binary exploits, they are there because of insecure functions that do not set a limit to user input, allowing the user to overwrite other memory registers.

  1. ✅ CSAW 2018 Quals boi
  2. ✅ TAMU 2019 pwn1
  3. ✅ TW 2017 Just Do It!
  4. ✅ CSAW 2016 Warmup
  5. ✅ CSAW 2018 Get it
  6. ✅ TUCTF 2017 Vulnchat
  • | gbof variable, db-gef,elf, little endian, ghidra, offsets
  • | bof variable
  • | bof variable
  • | bof callfunction
  • | bof callfunction
  • | bof callfunction

Ech0

Assembly x86_64

As i hit the shellcode buffer overflow binary challenges, i realized that i needed assembly skills, so this is a simple introduction to modern intel Assembly for the x86_64 (64bits) architecture. We make use of the syscalls used to communicate with the Linux Kernel:

  1. ✅ Hello World
  2. ✅ Hello World Explained
  3. ✅ Jumps, Calls
  4. ✅ User Input
  5. ✅ Math Operations
  6. ✅ Reading / Writing Files
  7. ✅ Spawning a shell

Ech0

2) Stack Buffer Overflows (Part 2)
  1. ✅ CSAW 2017 Pilot
  2. ✅ Tamu 2019 pwn3
  3. ✅ Tuctf 2018 shella-easy
  4. ✅ BKP 2016 calc
  5. ✅ DCQuals 2019 speed
  6. ✅ DCQuals 2016 feed
  7. ✅ CSAW 2019 babyboi
  8. ✅ CSAW 2017 SVC
  9. ✅ FB 2019 Overfloat
  10. ✅ hs 2019 storytime
  11. ✅ UTC 2019 shellme
  • | bof shellcode
  • | bof shellcode
  • | bof shellcode
  • | bof ROP Chain, ROP Gadgets
  • | bof ROP Chain, ROP Gadgets
  • | bof ROP Chain, ROP Gadgets
  • | bof dynamic
  • | bof dynamic
  • | bof dynamic
  • | bof dynamic
  • | bof dynamic

Ech0

3) Bad Seed
  1. ✅ h3 time
  2. ✅ hsctf 2019 tux talk
  3. ✅ Sunshine 17 Prepared
  • | time seed
  • | time seed
  • | time seed

Ech0

4) String Formatting
  • |

Ech0

5) Array Indexing
  • |

Ech0

6) Z3 + Symbolic Execution (angr)
  • |

Ech0

7) Ret2System
  • |

Ech0

8) Partial Overwrite
  • |

Ech0

9)Scrop + Stack Pivot
  • |

Ech0

10) Ret2csu + shellcoding
  • |