ctf-pwn

Solid

Provides binary exploitation techniques for CTF challenges. Use when you already have a vulnerable native target or service and need to turn memory corruption or low-level primitives into code execution or privilege escalation, such as buffer overflows, format strings, heap bugs, ROP, ret2libc, shellcode, kernel exploitation, seccomp bypass, sandbox escape, or Windows/Linux exploit chains. Do not use it when the main blocker is understanding what the binary does; use reverse engineering first. Do not use it for pure web bugs, disk or packet forensics, or standalone crypto/math challenges.

AI & Automation 2,227 stars 274 forks Updated 4 weeks ago MIT

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# CTF Binary Exploitation (Pwn) Quick reference for binary exploitation (pwn) CTF challenges. Each technique has a one-liner here; see supporting files for full details. ## Prerequisites **Python packages (all platforms):** ```bash pip install pwntools ropper ROPgadget ``` **Linux (apt):** ```bash apt install gdb binutils strace ltrace qemu-system-x86 ``` **macOS (Homebrew):** ```bash brew install gdb binutils qemu ``` **Ruby gems (all platforms):** ```bash gem install one_gadget seccomp-tools ``` **Manual install:** - pwndbg — Linux: [GitHub](https://github.com/pwndbg/pwndbg), macOS: `brew install pwndbg/tap/pwndbg-gdb` - checksec — included with pwntools ## Additional Resources - [overflow-basics.md](overflow-basics.md) - Stack/global buffer overflow, ret2win, canary bypass, canary byte-by-byte brute force on forking servers, struct pointer overwrite, signed integer bypass, hidden gadgets, stride-based OOB read leak, parser stack overflow via unchecked memcpy length with callee-saved register restoration - [rop-and-shellcode.md](rop-and-shellcode.md) - Core ROP chains (ret2libc, syscall ROP, rdx control, shell interaction), ret2csu, bad character XOR bypass, exotic x86 gadgets (BEXTR/XLAT/STOSB/PEXT), stack pivot via xchg rax,esp, sprintf() gadget chaining for bad character bypass, canary XOR epilogue as RDX zeroing gadget, stub_execveat syscall as execve alternative via read() return value - [rop-advanced.md](rop-advanced.md) - Advanced ROP techniques: double stac...

Details

Author
ljagiello
Repository
ljagiello/ctf-skills
Created
3 months ago
Last Updated
4 weeks ago
Language
Python
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

ctf-pwn

Use when solving binary exploitation / pwn CTF challenges — buffer overflows, ROP, format strings, heap, kernel pwn. Provides a decision tree, exploit primitive catalog, and uses pwntools via the run_script(venv="pwntools") MCP path. Triggers on "ctf pwn", "binary exploit", "rop", "buffer overflow", "format string", "heap challenge".

6 Updated today
26zl
AI & Automation Featured

performing-binary-exploitation-analysis

Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library. Covers checksec analysis, gadget discovery with ROPgadget, and exploit development for CTF and authorized security assessments.

12,642 Updated today
mukul975
AI & Automation Solid

ctf-reverse

Provides reverse engineering techniques for CTF challenges. Use when the main job is to understand how a compiled, obfuscated, packed, or virtualized target works before exploiting or solving it, including binaries, APKs, WASM, firmware, custom VMs, bytecode, game clients, malware-like loaders, and anti-debug or anti-analysis logic. Do not use it when the vulnerability is already understood and the remaining task is exploitation; use pwn instead. Do not use it for pure web workflows, log or disk forensics, or standalone crypto problems unless reversing the implementation is the real blocker.

2,227 Updated 4 weeks ago
ljagiello
AI & Automation Solid

pwntools-exploitation-skill

Exploit development automation using pwntools framework

1,034 Updated today
a5c-ai
Web & Frontend Solid

ctf-web

Provides web exploitation techniques for CTF challenges. Use when the target is primarily an HTTP application, API, browser client, template engine, identity flow, or smart-contract frontend/backend surface, including XSS, SQLi, SSTI, SSRF, XXE, JWT, auth bypass, file upload, request smuggling, OAuth/OIDC, SAML, prototype pollution, and similar web bugs. Do not use it for native binary memory corruption, reverse engineering of standalone executables, disk or memory forensics, or pure cryptanalysis unless the web flaw is still the main path to the flag.

2,227 Updated 4 weeks ago
ljagiello