pwn-exploit
SKILL.md
Pwn Exploit
Overview
This skill provides structured access to binary exploitation techniques organized by vulnerability type. It serves as a reference guide for developing exploits, understanding attack vectors, and navigating CTF-Wiki documentation.
Quick Start
Identify the vulnerability type in your target binary and navigate to the corresponding reference:
- Stack overflow → See Stack Overflow Reference
- Format string → See Format String Reference
- Heap corruption → See Heap Exploitation Reference
- Integer overflow → See Integer Overflow Reference
Exploitation Workflow
1. Vulnerability Analysis
Use static/dynamic analysis tools to identify:
- Memory corruption vulnerabilities
- Unsafe function calls
- Missing input validation
- Protection mechanisms (ASLR, NX, PIE, stack canary)
2. Technique Selection
Choose exploitation technique based on:
- Vulnerability type (stack overflow, heap overflow, format string, etc.)
- Available gadgets (ROP, ret2libc, system calls)
- Mitigations present (bypass NX with ROP, bypass ASLR with leaks)
- Constraints (limited buffer size, character restrictions)
3. Exploit Development
Follow reference documentation for specific technique:
- Understand the underlying mechanism
- Identify required primitives (read, write, execute)
- Build payload step by step
- Test and iterate
Common Exploit Primitives
Information Leak
- Libc leak: Use
puts,printf, orwritefunctions to leak libc addresses - Binary leak: Leak PIE base using GOT entries
- Stack leak: Leak canary or stack addresses
Control Flow Hijack
- Ret2libc: Return to libc functions (system, execve)
- ROP: Chain ROP gadgets for arbitrary execution
- One-byte writes: Modify GOT entries, hook functions
Memory Write
- Arbitrary write: Use fastbin, unsorted bin, or format string writes
- Pointer hijacking: Overwrite function pointers, vtable pointers
Tool Integration
Common tools for exploitation development:
- pwntools: Python framework for exploit development
- ROPgadget: Find ROP gadgets in binaries
- one_gadget: Find execve("/bin/sh", ...) in libc
- checksec: Analyze binary protections
References
Detailed technique documentation is organized by category:
| Category | Reference File |
|---|---|
| Stack Overflow | stack-overflow.md |
| Format String | format-string.md |
| Heap Exploitation | heap-exploitation.md |
| Integer Overflow | integer-overflow.md |
When to Use This Skill
Use this skill when:
- Analyzing CTF challenges involving pwn vulnerabilities
- Developing binary exploits for Linux targets
- Learning exploitation techniques and understanding attack vectors
- Debugging memory corruption in vulnerable programs
- Bypassing security mitigations (ASLR, NX, PIE, stack canary)
Weekly Installs
5
Repository
xuziqiang98/my-skillsFirst Seen
Feb 5, 2026
Security Audits
Installed on
opencode5
gemini-cli5
replit5
claude-code5
github-copilot5
codex5