Intro

I recently got a message reminding me that while reverse engineering binaries is somewhat an easy task, as anyone can spend time scrolling in IDA Pro and get used to how binaries are laid out, exploiting vulnerabilities is another serious problem, and it's where the actual hacking gets done.

Said message:

git gud
overthewire.org + root-me.org + io.netgarage.org + pwnable.kr + pwnable.tw + w3challs.com

I recently re-started listening to the market, and as it turns out, while I know how to figure out things out of binaries, to some extent, I have no practical experience in exploiting vulnerabilities. Set aside some old root-me.org streaks of binary challenges which all stopped when stuff got dirtier than bruteforcing offsets in a format string vulnerability (%n was a bad idea as it turns out), I don't know much. Equipped with Jon Erickson's hacking book (https://nostarch.com/hacking2.htm), some time and dedication, we'll surely get somewhere.

I had an old attempt, somewhere, at writing a comprehensive binary exploitation guide. As it turns out, this complex subject requires more than a presomptuous attempt at sorting it out in a single text file.

The plan

One hour invested in pwning challenges every worked day.

Extra rules

• Do not steal time paid by my employer
• Do not use my employer's resources or licenses (hello https://hex-rays.com/ida-free/ )
• Always automate exploitation

Let's go ?