Skip to content

Pwn Style Guide

Jump to bottom Edit New page
raywang edited this page Oct 13, 2018 · 3 revisions

DO: Use the template at https://github.com/TechSecCTF/CTF-pwn-tips/wiki/Pwntools-and-GDB-PwnDBG for remote, local, and gdb.attach. Place local and remote libc offsets in the correct branch.

DO: Separate functions for interacting with a binary

def alloc(size):
  ...

def update(idx, size, content):
  ...
  
def delete(idx):
  ...
  
def view(index):
    return content

DO: For ROP, name your gadgets like pop_rax_ret

DO: Use fit() to craft payloads and objects for ROP or heap

payload = fit({
    0x8: p64(nameptr), # add descriptive comment for each offset name
    0x16: p64(size), # size
    }, filler='A', length=0x40)

DO: Split into two phases — leak and exploit, and print/comment start and end of each phase.

DO: Number and explain each step of exploit in comments.

DO: Number each chunk that you create for heap sploits

alloc(10) # idx 0
alloc(20) # idx 1
alloc(10) # idx 2

update(1, "AAAAAA")

delete(2)

DO: Use one_gadget

Add a custom footer
Add a custom sidebar
Clone this wiki locally