Binary Exploitation Toolkit
Level up your pwnage. A complete guide to the Binary Exploitation Toolkit: featuring top-tier tools for debugging, disassembling, and scripting modern memory exploits.
Arsenal
Ghidra
Ghidra is a free, open-source software reverse engineering (SRE) framework developed by the NSA, released in 2019. It enables security professionals and malware analysts to disassemble, decompile, and analyze compiled code such as malware or binary files without running them. It is available on GitHub.
It can also be installed via apt package manager on various linux distributions. On Kali it can be insalled with sudo apt install ghidra.
Resouces
- Ghidra PY. A python ghira file that automated ghidra launching steps for you.
GDB Debuggers
GDB (GNU Debugger) is a powerful, open-source command-line tool used to debug programs written in C, C++, Go, and other compiled languages on Unix-like systems. It allows developers to monitor, control, and analyze the execution of a program, making it essential for detecting crashes, inspecting memory, and fixing bug.
- PWNDBG is a GDB and LLDB plug-in that makes debugging suck less.
- Peda - Python Exploit Development Assistance for GDB.
- GEF is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB.
Resources
CheckSec Binary Analysis
Checksec is a widely used tool, originally a bash script by Tobias Klein, designed to quickly check the security properties and mitigation technologies of Linux executables (e.g., PIE, RELRO, Canaries, ASLR, Fortify Source) and the kernel.
1
2
3
4
5
# APT
sudo apt install checksec
# DNF
sudo dnf install checksec
PWNINIT
PWNINIT is a command-line utility used in CTF (Capture The Flag) binary exploitation challenges. It downloads the matching liner, patches the binary to use correct libc/linker, ensures your local environment matches remote.
Ropper
Ropper is a powerful, Python-based command-line tool used in cybersecurity for binary analysis and finding Return-Oriented Programming (ROP) gadgets.
Library
ROP Gadgets
ROP gadgets are short, executable instruction sequences (e.g., pop eax; ret) already present within a binary or its libraries, typically ending with a ret instruction. Attackers use these to bypass non-executable memory defenses (DEP/NX) by chaining their addresses to build a ROP chain. This allows executing arbitrary code without injecting new code.
Little-Endian
Little endian is a method of storing multi-byte data where the least significant byte (LSB)—the “little end”—is stored at the lowest memory address. Subsequent bytes are stored in increasing memory addresses, essentially reversing the byte order compared to how humans read numbers. It is the dominant format used by Intel (x86/x64) and ARM processors.
Resources
- Guide to Binary Exploitation izzy.sh.