pwnshop

Reverse Engineering and Exploitation.

Check out my blog, follow me on Twitter and Youtube!

Support the project :

Contents:

• Reverse engineering a simple crackme called “Just see”: writeup
• Reverse engineering a level 1 crackme "Easy_firstCrackme-by-D4RK_FL0W": writeup
• Utility - Object/Executable file to shellcode converter script: code
• Utility - Assembly and link script : code
• Utility - Shellcode testing skeleton generator : code
• Utility - GDB python script template : code
• Exit syscall asm: code
• Write syscall "Hello world!": code
• Execve shellcode (dynamic addressing) code
• Ret2libc exploit for protostar stack6 challenge : code
• Exploit for protostar stack7 challenge (Smallest ROP chain): code
• Exploit for VUPlayer 2.49 (no DEP) local buffer overflow: code, writeup
• Execve shellcode (stack method) : code
• Execve shellcode using RIP relative addressing code
• Password Protected Bind Shell (Linux/x64) code, writeup
• Password Protected Reverse Shell (Linux/x64) code, writeup, Featured in the 1st number of Paged-Out
• XANAX - A custom shellcode encoder written in assembly :
  • encoder code
  • encoder on exploit-db
  • encoder on packetstormsecurity
  • decoder code
  • decoder on exploit-db
  • decoder on packetstormsecurity
  • writeup
• A more generic (and somewhat extensible) encoder skeleton written in Go code
• Gocryper : A custom AES shellcode crypter written in Go code, writeup
• A basic Polimorphic Engine written in Go code, writeup
• Egg-hunter shellcode (Linux/x64) code, writeup
• Password Protected Reverse Shell (Linux/ARMv6)
  • code
  • writeup
  • payload on packetstormsecurity
  • payload on exploit-db
• MalwareTech's String Challenges crackmes: writeup
• MalwareTech's Shellcode Challenges crackmes: writeup
• DEFCON Qualys 2019 : Speedrun-001 exploit (Stack-based bof + ROP): code
• Solution for the crackme "Crackme2-be-D4RK_FL0W" writeup
• Solution for the crackme "Crack3-by-D4RK_FL0W" :
  • Option 1 - Using r2 macros to extract the PIN: code
  • Option 2 - Using GEF and unicorn-engine emulation to bruteforce the PIN: code
  • Blog post exploring both options: writeup
• Utility - r2frida Cheatsheet: writeup
• Solution for the crackme "alien_bin" writeup
• Automated solutions for the crackme "mexican": writeup, script solution 1: carving, script solution 2: patching
• Writeup for the crackme "crackme_by_coulomb" (.net): writeup
• Writeup for the crackme "shadows_registerme" (.net): writeup
• Writeup for the crackme "removemytrial_by_coulomb" (.net): writeup
• Writeup for the crackme "Get The Password": writeup, code (keygen)

Useful links:

Tools:

A non-exhaustive list of tools

• radare2 (+Cutter +r2frida +r2pipe +r2ghidra-dec)
• Ghidra
• x64dbg
• Frida
• gdb (+gdb-dashboard +GEF)
• Valgrind
• Pwntools
• Wireshark
• Binwalk
• strace
• ltrace
• hexdump
• xxd
• rappel
• nasm
• gas
• Unicorn Engine
• IDA
• hexedit
• bless
• Metasploit (https://www.metasploit.com/)

Resources:

There's a LOT of stuff out there. These are just the most useful things I've found so far.

• 💻 Live overflow
• 📖 The shellcoder's handbook
• 💻 Exploit education
• 💻 Gynvael coldwind
• 💻 Azeria labs
• 💻 Phrack
• 💻 Corelan
• 💻 Fuzzysecurity
• 💻 Packetstormsecurity
• 💻 Exploitdb
• 📖 Beginners RE
• 📖 Practical reverse engineering
• 📖 Programming linux anti-reversing techniques
• 📖 Attacking network protocols
• 📖 Penetration testing: A Hands-On introduction to hacking
• 💻 Malware Unicorn
• 📖 Radare2 Book
• 💻 Paged-Out!
• 📖 PoC||GTFO I
• 📖 PoC||GTFO II
• 📖 The IDA Pro Book
• 📖 Hacker Disassembling Uncovered
• 💻 Reverse Engineering Stackexchange