🏳️
The CTF Recipes
  • Introduction
  • Cryptography
    • Introduction
    • General knowledge
      • Encoding
        • Character encoding
          • ASCII
          • Unicode
          • UTF-8
        • Data encoding
          • Base16
          • Base32
          • Base64
      • Maths
        • Modular arithmetic
          • Greatest Common Divisor
          • Fermat's little theorem
          • Quadratic residues
          • Tonelli-Shanks
          • Chinese Remainder Theorem
          • Modular binomial
      • Padding
        • PKCS#7
    • Misc
      • XOR
    • Mono-alphabetic substitution
      • Index of coincidence
      • frequency analysis
      • Well known algorithms
        • πŸ”΄Scytale
        • πŸ”΄ROT
        • πŸ”΄Polybe
        • πŸ”΄Vigenere
        • πŸ”΄Pigpen cipher
        • πŸ”΄Affine cipher
    • Symmetric Cryptography
      • AES
        • Block Encryption procedure
          • Byte Substitution
          • Shift Row
          • Mix Column
          • Add Key
          • Key Expansion / Key Schedule
        • Mode of Operation
          • ECB
            • Block shuffling
              • Challenge example
            • ECB Oracle
              • Challenge example
          • CBC
            • Bit flipping
              • Challenge example
            • Padding oracle
              • Challenge example
          • OFB
            • Key stream reconstruction
            • Encrypt to Uncrypt
  • πŸ› οΈPwn
    • General knowledge
      • STACK
        • Variables storage
        • Stack frame
      • PLT and GOT
      • HEAP
        • HEAP operations
        • Chunk
        • Bins
        • Chunk allocation and reallocation
      • Syscall
    • Architectures
      • aarch32
        • Registers
        • Instruction set
        • Calling convention
      • aarch64
        • Registers
        • Instruction set
        • Calling convention
      • mips32
        • Registers
        • Instruction set
        • Calling convention
      • mips64
        • Registers
        • Instruction set
        • Calling convention
      • x86 / x64
        • Registers
        • Instruction set
        • Calling convention
    • Stack exploitation
      • Stack Buffer Overflow
        • Dangerous functions
          • gets
          • memcpy
          • sprintf
          • strcat
          • strcpy
        • Basics
          • Challenge example
        • Instruction pointer Overwrite
          • Challenge example
        • De Bruijn Sequences
        • Stack reading
          • Challenge example
      • Format string
        • Dangerous functions
          • printf
          • fprintf
        • Placeholder
        • Data Leak
          • Challenge example
        • Data modification
          • Challenge example
      • Arbitrary code execution
        • Shellcode
        • ret2reg
        • Code reuse attack
          • Ret2plt
          • Ret2dlresolve
          • GOT Overwrite
          • Ret2LibC
          • Leaking LibC
          • Ret2csu
          • Return Oriented Programming - ROP
          • Sigreturn Oriented Programming - SROP
          • Blind Return Oriented Programming - BROP
            • Challenge example
          • πŸ”΄Call Oriented Programming - COP
          • πŸ”΄Jump Oriented Programming - JOP
          • One gadget
        • Stack pivoting
    • πŸ› οΈHeap exploitation
      • Heap overflow
        • Challenge example
      • Use after free
        • Challenge example
      • πŸ› οΈDouble free
      • πŸ”΄Unlink exploit
    • Protections
      • Stack Canaries
      • No eXecute
      • PIE
      • ASLR
      • RELRO
    • Integer overflow
Powered by GitBook
On this page
  • Memory Segmentation
  • Registers
  • Addresses (Endianness)
  1. Pwn

General knowledge

Pwn refers to the exploitation of a vulnerability in a binary to gain access to sensitive data or gain unauthorized control over the service.

Memory Segmentation

There is several segment into process memory :

  • RESERVED : the "Reserved" section is at the first address of the memory (0x00000000). It contains the operating system's kernel and other important system components, such as device drivers.

  • TXT : the ".txt" section (also known as the "code segment") is a portion of memory that is reserved for storing the instructions that are executed by a program. This section of memory is typically located in the read-only portion of a process's memory.

  • PLT: the ".plt" section ( also known as the "Procesdure Linkage Table") is a table of entries that contain the address of the code for dynamically linked functions. When a program calls a dynamically linked function, it first calls the function in the .plt, which performs the necessary steps to locate the actual function and transfer control to it.

  • GOT: the ".got" section (also known as the "Global Offset Table") is a table of entries that contain the actual address of dynamically linked functions and variables. The .plt uses the .got to find the actual address of the function or variable when it is needed. The .got is typically used to store the address of functions and variables that are defined in shared libraries and are not known at compile time.

  • DATA : the ".data" section (also known as the "data segment") is a portion of memory that is reserved for storing global and static variables that are initialized at runtime. This section of memory is used to store the initial values for these variables, which are then used by the program when it is executed.

  • BSS: the ".bss" section (also known as the "uninitialized data segment") is a portion of memory that is reserved for storing global and static variables that are not initialized at runtime. This section of memory is used to store the initial values for these variables, which are then used by the program when it is executed.

  • HEAP : the heap is a region of memory that is used for dynamic memory allocation. It is called the heap because it is typically an unregulated space in memory where blocks of memory can be allocated and freed in any order.

  • LINKS : the "links" section (also known as the "dynamic linking" section) is a portion of memory that is used to store the code and data for dynamically linked libraries. These libraries are external code and data files that are linked to a program at runtime, rather than at compile time.

  • STACK : the stack is a region of memory that is used for storing local variables and function parameters. It is called the stack because it is organized as a last-in, first-out (LIFO) data structure, meaning that the last item to be added to the stack is the first one to be removed.

Segment | Address                          | Contents
--------|----------------------------------|-----------------------------------------
Reserved| 0x00000000                       | Program entry point, interrupt vectors
--------|----------------------------------|-----------------------------------------
.txt    | 0xYYYYYYYY (Platform-dependent)  | instructions executed by the program
--------|----------------------------------|-----------------------------------------
.plt    |                                  | Procesdure Linkage Table
--------|----------------------------------|-----------------------------------------
.got    |                                  | Global Offset Table
--------|----------------------------------|-----------------------------------------
.Data   |                                  | Global variables, static variables
--------|----------------------------------|-----------------------------------------
.bss    |                                  | Global variables, static variables
--------|----------------------------------|-----------------------------------------
HEAP    |               |                  | Dynamically allocated memory
        |               v                  |
--------|----------------------------------|-----------------------------------------
Free    |                                  | free memory area used for stack 
memory  |                                  | and heap growth
--------|----------------------------------|-----------------------------------------
LINKS   |                                  | External libraries and functions
--------|----------------------------------|-----------------------------------------
Free    |                                  | free memory area used for stack
memory  |                                  | and heap growth
--------|----------------------------------|-----------------------------------------
STACK   |               ^                  | Local variables, function params
        |               |                  |
        | 0xffffffff                       | 
--------|----------------------------------|-----------------------------------------

Registers

Registers are special memory locations that are built into the central processing unit (CPU). They are used to store data and instructions that are currently being used by the CPU, and they provide a high-speed storage area that can be accessed quickly and efficiently.

Registers are much faster to access than main memory (RAM), which means that they are essential for the efficient execution of a computer's instructions. Most CPUs have a small number of registers (usually between 8 and 128), and these registers are used for a variety of different purposes. For example, some registers are used to store the current instruction being executed by the CPU, while others are used to store the results of arithmetic and logical operations.

Addresses (Endianness)

Addresses are represented in different ways in memory. It’s called endianness.

Address
Little Endian
Big Endian

0xAABBCCDD

0xDDCCBBAA

0xAABBCCDD

0x1234ABCD

0xCDAB3412

0x1234ABCD

PreviousEncrypt to UncryptNextSTACK

Last updated 2 years ago

πŸ› οΈ