How to PWN

Whats pwn?

In computer security, a pwn exploit is a technique that takes advantage of bug/vulnerability in software with the goal of taking control of it. By taking controlm of a program you can find sensitive data and even control computers.

This example explains the overall idea of a buffer overflow exploit. This shows the common steps, commands, and code fragments that a hacker might use to execute this exploit.

Workflow of this exploit

• Create a vulnerable program using the C code given
• Send a carefully crafted input that is longer than the buffer.
• Observe what crashes, then adjust the input to control the instruction pointer.
• Replace the extra data with shellcode or a controlled return address.
• Confirm that you can run your own commands through the vulnerable program.

Simple Vulnerable C Program

In a real situation, a hacker might test with a tiny program like this to understand how memory corruption works:

#include <stdio.h>
#include <string.h>

void vulnerable() {
    char buffer[16];
    printf("Enter some text: ");
    gets(buffer); // Dangerous: no bounds checking!
    printf("You entered: %s\n", buffer);
}

int main() {
    vulnerable();
    return 0;
}

Setting up the vulnerable binary (Linux)

Before you learn how to do a buffer overflow like exploit we have to setup our progrm we are going to use

Create The program

$ gcc -fno-stack-protector -z execstack vulntest.c -o vulntest

How to exploit

somebody might create a payload like this to exploit the program.

$ ./vulntest Enter some text: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA

After a crash, the next step is to adjust the input pattern, observe the memory layout with a debugger, and slowly turn the crash into controlled code execution. Every step should be done on systems that you own or have written permission to test.