Skip to content
/ binary-explotation-writeups-pico Public

Personal project exploiting PicoCTF binary challenges to develop vulnerability research and reverse engineering skills.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oleglazari/binary-explotation-writeups-pico

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

125 Commits
.vscode
.vscode
 
 
Basic-File-Exploit-Medium
Basic-File-Exploit-Medium
 
 
Buffer-Overflow-0-medium
Buffer-Overflow-0-medium
 
 
Buffer-Overflow-1-medium
Buffer-Overflow-1-medium
 
 
Echo-Valley-medium
Echo-Valley-medium
 
 
Format-String-0-esay
Format-String-0-esay
 
 
Format-String-1-medium
Format-String-1-medium
 
 
Format-String-2-medium
Format-String-2-medium
 
 
Format-String-3-medium
Format-String-3-medium
 
 
Hash-Only-1-medium
Hash-Only-1-medium
 
 
Hash-Only-2-medium
Hash-Only-2-medium
 
 
Heap-0-easy
Heap-0-easy
 
 
Heap-1-medium
Heap-1-medium
 
 
Heap-2-medium
Heap-2-medium
 
 
Heap-3-medium
Heap-3-medium
 
 
PIE-TIME-2-medium
PIE-TIME-2-medium
 
 
PIE-writeup-easy
PIE-writeup-easy
 
 
RPS-medium
RPS-medium
 
 
Stonks-medium
Stonks-medium
 
 
VNE-medium
VNE-medium
 
 
babygame01-medium
babygame01-medium
 
 
buffer-overflow-2-medium
buffer-overflow-2-medium
 
 
clutter-overflow-medium
clutter-overflow-medium
 
 
filtered-shellcode-hard-b
filtered-shellcode-hard-b
 
 
flag-leak-medium
flag-leak-medium
 
 
guessing-game-medium
guessing-game-medium
 
 
handoff-hard-u
handoff-hard-u
 
 
hijacking-medium-remote
hijacking-medium-remote
 
 
local-target-medium
local-target-medium
 
 
picker-iv-medium
picker-iv-medium
 
 
ropfu-hard-b
ropfu-hard-b
 
 
solfire-hard-u/solfire
solfire-hard-u/solfire
 
 
two-sum-medium
two-sum-medium
 
 
x-sixty-what-medium
x-sixty-what-medium
 
 
.gitignore
.gitignore
 
 
GEF-cheatsheet.md
GEF-cheatsheet.md
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
issue.md
issue.md
 
 
what_to_look_for.md
what_to_look_for.md
 
 

Repository files navigation

Binary Analysis and Exploitation of PicoCTF Challenges

Personal project exploiting PicoCTF binary challenges to develop vulnerability research and reverse engineering skills.

Disclaimer

This repository contains writeups, exploit scripts, and research based solely on educational Capture The Flag (CTF) challenges, primarily from picoCTF.
All binaries involved are intentionally vulnerable and executed in sandboxed environments.
No real-world software, services, or systems were targeted.
This work is strictly for ethical skill development and legal, academic purposes.
I do not condone or engage in any unauthorized or malicious activity.

Important Note

Each challenge folder is structured to include the relevant binary and its corresponding exploit.py script, where applicable.
If a folder does not include an exploit.py, it's either:

  • A trivial challenge not requiring a custom exploit, or
  • A challenge that was hosted on PicoCTF's remote servers, where local exploitation wasn’t possible.

What I'm Learning

Reverse Engineering

  • Static analysis with Ghidra and IDA
  • Dynamic debugging with GDB
  • Assembly code analysis (x86/x64)

Binary Exploitation

  • Buffer overflows and format strings
  • ROP chains and memory corruption
  • Environment manipulation and path injection
  • Shell escapes from restricted environments

Tools Used

  • Disassemblers: Ghidra, objdump, readelf
  • Debuggers: GDB, PEDA
  • Scripting: Python, pwntools
  • Analysis: checksec, ROPgadget, strings

Repository Structure

├── Hash-Only-1-medium/     # PATH injection challenge
│   ├── writeup.md
│   └── flaghasher
├── Hash-Only-2-medium/     # Sequel with auto-execution
│   ├── writeup.md
│   └── flaghasher
├── Format-String-0-easy/   # Format string vulnerability
│   ├── writeup.md
│   └── binary
├── Heap-0-easy/           # Heap exploitation basics
│   ├── writeup.md
│   └── binary
├── PIE-writeup-easy/      # Position Independent Executable
│   ├── writeup.md
│   └── binary
├── exploit.py             # Pwntools exploit template/learning
└── GEF-cheatsheet.md      # GDB Enhanced Features reference

Challenges Completed

  • Hash-Only Series: PATH hijacking and binary substitution
  • Format String: Arbitrary read/write primitives
  • Heap Exploitation: Basic heap manipulation
  • PIE Bypass: Position Independent Executable analysis

Skills Demonstrated

  • Finding and exploiting binary vulnerabilities
  • Reverse engineering unknown binaries
  • Writing reliable exploit code
  • Clear technical documentation

About

Personal project exploiting PicoCTF binary challenges to develop vulnerability research and reverse engineering skills.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages