Mastery Speedruns

OK let's take our various mastery checkpoints and show a demo problem for that skill:

D. Simple BOF with Fixed Win Address

Sunshine Speedrun Chall02: https://github.com/AndyNovo/speedruns/raw/master/chall_02

E. Shellcode with leak provided

Sunshine Speedrun Chall03: https://github.com/AndyNovo/speedruns/raw/master/chall_03

F. Simple ROP chaining

NOTE: hunting for the ideal problem here made me realize that a win-function-less ROP belongs later in this chain... Sorry if this feels out of order.

Zipline: https://github.com/AndyNovo/secsoft/tree/everything/5leap_frog

I wrote one just for today: /ctf PCP17

Interactive PWN School pt. 2

OK I want to make a wide open forum for making sure you're progressing well.

Here is an ANONYMOUS CHAT for asking even if you're a little embarassed:

Say Hi in the Anonymous chat

Potential Topics?:

How to debug a broken payload
How to navigate radare2
How to use pwntools better
How to recognize the offset
How the canary works
What exactly PIE is?
What exactly ASLR is?
I lost you at shellcode
You lost me at ROPgadget
You lost me at address leaking
How arguments work
Why is hacking into a function different than calling a function?
How does linking work?
How do we use dynamic linking to hack a program (PLT/GOT)
What exactly do I do with glibc?
What sort of stuff does printf leak?
How did that %hhn thing work for arbitrary writes?
What's the heap?
When will we move past toy hacks?
What are the secure coding practices that emerge from this stuff?
Anything else you want to ask.

Mastery Speedruns

D. Simple BOF with Fixed Win Address

E. Shellcode with leak provided

F. Simple ROP chaining

G/H. ret2libc

I/K. Use GOT to create a leak then ret2libc

J. Write-What-Where via printf

L. SROP syscall

Interactive PWN School pt. 2

Universe of Problems:

Potential Topics?: