Don't like this style? Click here to change it! blue.css
OK, so we have been turning C into x86 and recognizing patterns.
The job today is to understand what really happens as a CPU runs a program and to learn the most important (basic) instructions and what they do.
Also I'm loving this Godbolt compiler explorer: https://godbolt.org/z/q9anfY8je
The general setup of a PWN problem is like this:
A vulnerable binary is running on a remote server on an exposed port.
On that server is intel we want to get (in CTFs it is a file named
flag.txt or some hidden string formatted
Solving a PWN problem has these steps:
The goal is to cause the program to jump off the normal rails and execute forbidden code.
So steps 2 and 3 are the most interesting for us and while every problem is different the things we're looking for are basically this:
Essentially every exploit will answer those 3 parts throughout this course.
Early on, we will turn off the address randomization so you can ignore question 2, and for the first quarter of the class
the answer to question 1 is simply, "at a
But I wanted to take the time to give you a framework that contextualizes everything else.
OK so now let's introduce my favorite command-line reversing program:
Compile a simple C program and run
r2 -Ad a.out then
db main then
Now you can navigate around using j and k, go into a command menu with
: make a step with
s or step over with
Let's look together at how registers work, how the instruction pointer moves, how the intruction addresses work, and see the above instructions in action.
You win when you can predict what will happen then see it happen.
Find the flags: This GitHub Repo has crackme0x00a crackme0x00b and crackme0x01, solve them.
Here are some binaries from real CTFs of the recent past: