Skip to content

Pwn Style Guide

Jump to bottom Edit New page
raywang edited this page Oct 14, 2018 · 3 revisions

DO: Use the template at https://github.com/TechSecCTF/CTF-pwn-tips/wiki/Pwntools-and-GDB-PwnDBG for remote, local, and gdb.attach. Place local and remote libc offsets in the correct branch.

DO: Separate functions for interacting with a binary

def alloc(size):
  ...

def update(idx, size, content):
  ...
  
def delete(idx):
  ...
  
def view(index):
    return content

DO: For ROP, name your gadgets like pop_rax_ret

DO: Use fit() to craft payloads and objects for ROP or heap

payload = fit({
    0x8: p64(nameptr), # add descriptive comment for each offset name
    0x16: p64(size), # size
    }, filler='A', length=0x40)

DO: Split into two phases — leak and exploit, and print/comment start and end of each phase.

DO: Number and explain each step of exploit in comments.

DO: Number each chunk that you create for heap sploits' Also, add in comment the expected state of the heap before/after each op. Like, where the chunk is served from, what bin it will be placed into, etc.

alloc(0x10) # idx 0, 0x20 fastbin-size
alloc(0x20) # idx 1 0x30 fastbin-size
alloc(0x10) # idx 2

update(1, "AAAAAA")

delete(2) # added to empty 0x30 fastbin

DO: Use one_gadget

Add a custom footer
Add a custom sidebar
Clone this wiki locally