This is a short guide for learning pwning.
-
Learn C/C++ at a decent level and get a better understanding of the following topics:
- Pointers and memory management:
- Compiling and linking
- File descriptors
- Sockets
- Forking and threads
-
Learn Assembly
- https://www.tutorialspoint.com/assembly_programming/
- http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
- Learn differences between 32-bit and 64-bit ASM
- Learn calling conventions for C/C++ using ASM perspective
- Learn how C and ASM work together
-
Now you have enough knowledge to proceed to actual exploits, take this course https://github.com/RPISEC/MBE ; don't focus to much on exercices as some are buggy
-
Watch this https://www.youtube.com/watch?v=iyAyN3GFM7A&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
-
Read those articles: https://ctf101.org/binary-exploitation/overview/ , https://0x00sec.org/t/heap-exploitation-abusing-use-after-free/3580
-
Practice on:
- pwnable.kr
- pwnable.tw
- https://365.csaw.io/
- https://www.hackthebox.eu/home/challenges/Pwn
Before you start to practices on those websites, you should have some knowledge in:
- How calling functions works and how to pass parameters (32bit and 64bit)
- What are EBP/RBP, ESP/RSP, EIP/RIP and what they are used for
- How stack and heap works
- What are the most important ELF sections and what they are used for: text, data, bss, got, plt
- Classic exploits like buffer overflow, GOT rewrite using string format, return oriented programming, how to write shellcode, signal oriented programming, heap exploits
- Mitigation techniques like DEP, ASLR, PIE