Getting started with Binary Exploitation
Binary exploitation, or pwn, can be a little daunting for new comers. Here you'll have all the tools needed to get you starting, along with a collection of documents and links i found useful. We'll focus on exploiting Linux binaries (ELF), but you can transpose most of it to Windows binaries (PE).
If you've landed here randomly and do not know what the heck is binary exploitation, it is the crafting of exploits that uses programming bugs, usually coming from memory management errors, in order to increase our privileges on our target system. If you've ever heard about buffer overflows, use after free or format string bugs, this is it :)
Before we go on with the tooling, the first thing you'll need is of course a Linux. You can chose the distro you want really, all the tools will be available to you whatever the distro you chose. However my advice would be to pick something you are comfortable with, and with a decent enough wiki, just in case ;)
Now here is the list of tools i personally use and their alternatives i know of:
- gdb
- Python3, pwntools, strace and the binutils suits.
- ropper and rop_gadget
- GEF, PwnDBG, or Peda. Pick one (i use GEF)
- IDA, Ghidra, or other like radare2. Pick one (I use IDA Free)
Once you get these setup, you should be good to try pretty much any ELF pwn exploitation tutorial. Speaking of tutorials, if you are the kind of person that is able to read books, The Art Of Exploitation is a good one to start with. You could also use the resources associated with challenges of platforms such as RootMe.
You'll also find on this website some articles with challenges on how to exploit buffer overflows. (I'm writing them right now :D)