ctf-pwn
Comprehensive binary exploitation reference covering stack overflows, ROP chains, heap attacks, kernel pwn, and advanced CTF techniques.
- Covers 50+ exploitation techniques including buffer overflows, format strings, ROP/ret2libc, heap vulnerabilities (House of Orange/Spirit/Lore, tcache stashing unlink), UAF, race conditions, and seccomp bypass
- Includes kernel exploitation (modprobe_path, tty_struct kROP, userfaultfd, KASLR/KPTI bypass, SLUB heap spray) and Windows SEH overwrite with VirtualAlloc ROP
- Provides quick decision trees for protection bypass (PIE/RELRO/NX/canary), gadget finding, and exploit chain construction with code patterns for common scenarios
- Organized into 11 supporting markdown files covering basics, ROP/shellcode, advanced techniques, format strings, kernel methods, and sandbox escape with real CTF examples
CTF Binary Exploitation (Pwn)
Quick reference for binary exploitation (pwn) CTF challenges. Each technique has a one-liner here; see supporting files for full details.
Prerequisites
Python packages (all platforms):
pip install pwntools ropper ROPgadget
Linux (apt):
apt install gdb binutils strace ltrace qemu-system-x86
macOS (Homebrew):
brew install gdb binutils qemu
More from ljagiello/ctf-skills
ctf-reverse
Provides reverse engineering techniques for CTF challenges. Use when the main job is to understand how a compiled, obfuscated, packed, or virtualized target works before exploiting or solving it, including binaries, APKs, WASM, firmware, custom VMs, bytecode, game clients, malware-like loaders, and anti-debug or anti-analysis logic. Do not use it when the vulnerability is already understood and the remaining task is exploitation; use pwn instead. Do not use it for pure web workflows, log or disk forensics, or standalone crypto problems unless reversing the implementation is the real blocker.
3.7Kctf-web
Provides web exploitation techniques for CTF challenges. Use when the target is primarily an HTTP application, API, browser client, template engine, identity flow, or smart-contract frontend/backend surface, including XSS, SQLi, SSTI, SSRF, XXE, JWT, auth bypass, file upload, request smuggling, OAuth/OIDC, SAML, prototype pollution, and similar web bugs. Do not use it for native binary memory corruption, reverse engineering of standalone executables, disk or memory forensics, or pure cryptanalysis unless the web flaw is still the main path to the flag.
3.5Kctf-crypto
Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.
3.3Kctf-osint
Provides open source intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, DNS records, username enumeration, reverse image search, Google dorking, Wayback Machine, Tor relays, FEC filings, or identifying unknown data like hashes and coordinates.
3.2Kctf-forensics
Provides digital forensics and signal analysis techniques for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, cryptocurrency transactions, steganography, PDF analysis, Windows registry, Volatility, PCAP, Docker images, coredumps, side-channel power traces, DTMF audio spectrograms, packet timing analysis, CD audio disc images, or recovering deleted files and credentials.
3.2Kctf-misc
Provides miscellaneous CTF challenge techniques for problems that do not cleanly fit the main categories. Use for encoding puzzles, pyjails, bash jails, RF/SDR, DNS oddities, unicode tricks, esoteric languages, QR or audio puzzles, constraint solving, game theory, unusual sandbox escapes, and hybrid logic puzzles. Prefer a more specific skill first when the challenge is mainly web, pwn, reverse, forensics, malware, OSINT, or crypto. Treat this as the fallback skill for genuine cross-category or edge-case challenges, not the default starting point.
3.2K