Skip to content
/ exploit-development-step-by-step Public

Learning exploit dev / binary exploitation step by step repo. Starting off with easy to harder challenges with sourcecode.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Vagebondcur/exploit-development-step-by-step

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
explaination
explaination
 
 
solves
solves
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
flag
flag
 
 
setup_glibc.sh
setup_glibc.sh
 
 

Repository files navigation

PWN Practice

A comprehensive collection of binary exploitation challenges for learning and practicing various vulnerability classes and exploitation techniques. Each challenge includes both vulnerable source code and working exploit scripts.

Repository Structure

src/           - Vulnerable C programs (challenges)
solves/        - Python exploit scripts using pwntools
explaination/  - Detailed explanations for each challenge
bin/           - Compiled binaries (generated by make)

Challenge Categories

Basic Buffer Overflows

  • 1_stack.c - Simple ret2win buffer overflow
  • 2_stack.c - Basic shellcode injection
  • 11_stack.c - Advanced buffer overflow techniques
  • 12_stack.c - Complex stack manipulation
  • 13_stack.py - Stack-based challenges (Python)
  • 14_stack.c - Advanced ROP without gadgets

Format String Vulnerabilities

  • 3_stack.c - Format string information disclosure
  • 10_stack.c - Format string GOT overwrite for arbitrary code execution

Return-Oriented Programming (ROP)

  • 4_stack.c - ROP chain construction without memory leaks
  • 5_stack.c - Stack canary bypass with format string leak
  • 7_stack.c - ret2libc with ROP chains
  • 9_stack.c - ret2plt exploitation technique

Advanced Exploitation Techniques

  • 6_stack.c - PIE (Position Independent Executable) bypass
  • 8_stack.c - ASLR (Address Space Layout Randomization) bypass

TODO Challenges (Advanced)

  • 11_stack-TODO.py - ret2csu technique
  • 12_stack-TODO.py - ret2dlresolve exploitation
  • 13_stack-TODO.py - SROP (Sigreturn-Oriented Programming)
  • 14_stack-TODO.py - One gadget exploitation

Building and Running

Compile All Challenges

make

Clean Compiled Binaries

make clean

Run a Challenge

./bin/{challenge_name}

Execute Exploit Script

python3 solves/{challenge_name}.py

Debug with GDB

python3 solves/{challenge_name}.py GDB

Security Mitigations

Most challenges are compiled with security mitigations disabled for educational purposes:

  • No Stack Protection (-fno-stack-protector) - Disables stack canaries
  • Executable Stack (-z execstack) - Allows shellcode execution
  • No PIE (-no-pie) - Fixed memory layout
  • No RELRO (-Wl,-z,norelro) - Writable GOT/PLT

Advanced challenges may enable specific mitigations to demonstrate bypass techniques.

Learning Path

Beginner

  1. Start with 1_stack.c - Basic buffer overflow
  2. Progress to 2_stack.c - Shellcode injection
  3. Learn format strings with 3_stack.c

Intermediate

  1. Master ROP with 4_stack.c
  2. Practice canary bypass with 5_stack.c
  3. Understand PIE bypass with 6_stack.c

Advanced

  1. ret2libc exploitation with given leak 7_stack.c
  2. ASLR bypass techniques with 8_stack.c & 9_stack.c
  3. Advanced format string attacks with 10_stack.c

Documentation

Each challenge includes detailed explanations in the explaination/ directory covering:

  • Vulnerability analysis
  • Exploitation techniques
  • Key learning objectives
  • Step-by-step exploit development

About

Learning exploit dev / binary exploitation step by step repo. Starting off with easy to harder challenges with sourcecode.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages